From 504b0ae2b9d4b849385ef5283e8a97034047ed09 Mon Sep 17 00:00:00 2001 From: aet Date: Thu, 21 Mar 2002 14:05:24 +0000 Subject: [PATCH] Merge configure.ac stuff from SCIDI, needs some cleanups Add missing functions Replace log_message{x}() calls with fprintf, for now Everything compiles with vanilla opensc tree, yet untested. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@363 c6295689-39f2-0310-b995-f0e70906c6a9 --- Makefile.am | 2 +- configure.in | 515 +++++++++++++++++++++++++++++++++++++--- src/pam/Makefile.am | 6 +- src/pam/pam_opensc.c | 48 +++- src/pam/pam_support.c | 32 +-- src/scam/Makefile.am | 2 +- src/scam/p15_eid.c | 22 +- src/scam/p15_ldap.c | 22 +- src/scam/scam.c | 2 + src/scldap/scldap.c | 55 +++-- src/scldap/test-ldap.c | 2 +- src/scrandom/scrandom.c | 30 +-- src/sia/Makefile.am | 6 +- 13 files changed, 615 insertions(+), 129 deletions(-) diff --git a/Makefile.am b/Makefile.am index 1857d742..f79965b9 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,6 +1,6 @@ ## Makefile.am -- Process this file with automake to produce Makefile.in -SUBDIRS = . aclocal src docs +SUBDIRS = . aclocal docs src EXTRA_DIST = CodingStyle bootstrap diff --git a/configure.in b/configure.in index 274197eb..7602f10b 100644 --- a/configure.in +++ b/configure.in @@ -75,8 +75,6 @@ case "$host" in blibpath="/usr/lib:/lib:/usr/local/lib" fi ;; -*-*-linux*) - ;; esac dnl Allow user to specify flags @@ -118,6 +116,10 @@ AC_PROG_CPP AC_PROG_INSTALL AC_PROG_LN_S AC_PROG_MAKE_SET +AM_PROG_LEX +AC_PATH_PROG(TEST_MINUS_S_SH, bash) +AC_PATH_PROG(TEST_MINUS_S_SH, ksh) +AC_PATH_PROG(TEST_MINUS_S_SH, sh) dnl Special check for pthread support. ACX_PTHREAD( @@ -138,10 +140,12 @@ dnl Automatically update the libtool script if it becomes out-of-date. dnl Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS([errno.h fcntl.h malloc.h stdlib.h string.h sys/time.h unistd.h syslog.h getopt.h security/pam_appl.h security/_pam_macros.h readline/readline.h]) +AC_HEADER_SYS_WAIT +AC_CHECK_HEADERS([errno.h fcntl.h malloc.h stdlib.h string.h sys/time.h unistd.h syslog.h utmp.h getopt.h ecurity/pam_appl.h security/_pam_macros.h readline/readline.h]) dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST +AC_TYPE_UID_T AC_TYPE_SIZE_T AC_HEADER_TIME @@ -157,12 +161,14 @@ AC_FUNC_MALLOC AC_FUNC_MEMCMP AC_FUNC_STAT AC_FUNC_VPRINTF -AC_CHECK_FUNCS([getpass gettimeofday memset mkdir strdup strerror]) +AC_CHECK_FUNCS([getpass gettimeofday memset mkdir strdup strerror setutent]) dnl C Compiler features AC_C_INLINE if test "$GCC" = "yes"; then - CFLAGS="$CFLAGS -Wall -Werror" + CFLAGS="$CFLAGS -Wall" +# Disabled until lex-parse.l doesn't give us a warning +# -Werror fi dnl OS specific options @@ -256,6 +262,197 @@ if (test ! -z "$ac_cv_commondir" && test "x$ac_cv_commondir" != "x(system)") ; t fi fi +AC_SUBST(LIBDL) +AC_CHECK_LIB(dl, dlopen, [LIBDL="$LIBDL -ldl" ac_cv_func_dlopen_ldl=yes], ac_cv_func_dlopen_ldl=no) + +AC_SUBST(LIBREADLINE) +# libreadline will also need libtermcap on some OSes +saved_LIBS="$LIBS" +for add in "" "-ltermcap"; do + if test "X$add" != "X"; then + AC_MSG_CHECKING([whether -lreadline requires $add]) + fi + LIBS="$saved_LIBS $add" + unset ac_cv_lib_readline_readline + AC_CHECK_LIB(readline, readline, [ + LIBREADLINE="-lreadline $add" + ac_cv_func_readline_lreadline=yes + ], ac_cv_func_readline_lreadline=no) + test "$ac_cv_func_readline_lreadline" = yes && break +done + +LIBS="$LIBS $LIBREADLINE" +AC_CHECK_FUNCS(readline) +LIBS="$saved_LIBS" + +# +# We check for various libraries +# - SysVr4 style of "-lsocket" at first (unless in libc) +# The hallmark is connect() routine (we presume) +# +AC_SUBST(LIBSOCKET)dnl +ac_cv_libsocket_both=1 +AC_CHECK_FUNC(connect, ac_cv_libsocket_both=0) +AC_CHECK_FUNC(gethostbyname, ac_cv_libsocket_both=0) +if test "$ac_cv_libsocket_both" = 1 ; then + # Check cache + if test "$ac_cv_func_socket_lsocket" = yes ; then + AC_MSG_RESULT([need -lsocket library (cached)]) + LIBSOCKET="-lsocket" + if test "$ac_cv_func_gethostbyname_lnsl" = yes ; then + LIBSOCKET="-lsocket -lnsl" + fi + else + # Well, will this work ? SysVR4, but not Sun Solaris ? + AC_CHECK_LIB(socket, connect, [LIBSOCKET="-lsocket" + ac_cv_func_socket_lsocket=yes], + ac_cv_func_socket_lsocket=no) + if test "$ac_cv_func_socket_lsocket" = yes ; then + t_oldLibs="$LIBS" + LIBS="$LIBS -lsocket $LIBRESOLV" + AC_TRY_LINK([],[gethostbyname();], ,[ + LIBS="$LIBS -lnsl" # Add this Solaris library.. + AC_TRY_LINK([],[gethostbyname();],[ + LIBSOCKET="-lsocket -lnsl" + ac_cv_func_gethostbyname_lnsl=yes + ], [ + AC_MSG_ERROR([Weird, '$LIBS' not enough to find gethostbyname() ?!]) + ]) + ]) + LIBS="$t_oldLibs" + fi + fi +fi + +AC_SUBST(LIBRESOLV)dnl +if test "x$LIBRESOLV" = "x"; then + # Ok, No -lresolv, is this enough for the _res to appear ? + t_oldLibs="$LIBS" + LIBS="$LIBS $LIBSOCKET" + ac_cv_var__res_options=no + # This following is for IRIX6.4, and I sincerely hope it + # will not fail on other systems... It did! It did! + # Many systems don't have idemponent headers, they need specific + # includes before latter ones, or the latter ones won't be successful... + AC_TRY_LINK([#include +#include +#include +#include +#include ], + [_res.options = RES_INIT;], + ac_cv_var__res_options=yes); + if test "$ac_cv_var__res_options" != "yes"; then + LIBRESOLV="-lresolv" + fi + LIBS="$t_oldLibs" +fi + +# See about the routines that possibly exist at the libraries.. +LIBS="$t_oldLibs $LIBSOCKET" +AC_CHECK_FUNCS(socket socketpair) +LIBS="$t_oldLibs" + +if test "$ac_cv_func_socket" = no -a "$LIBSOCKET" != ""; then + LIBS="$LIBS $LIBSOCKET" + AC_TRY_LINK([],[socket();], ac_cv_func_socket=yes) + if test $ac_cv_func_socket = yes; then + AC_DEFINE(HAVE_SOCKET, 1, [Have socket]) + fi + LIBS="$t_oldLibs" +fi +if test "$ac_cv_func_socketpair" = no -a "$LIBSOCKET" != ""; then + LIBS="$LIBS $LIBSOCKET" + AC_TRY_LINK([],[socketpair();], ac_cv_func_socketpair=yes) + if test $ac_cv_func_socketpair = yes; then + AC_DEFINE(HAVE_SOCKETPAIR, 1, [Have socketpair]) + fi + LIBS="$t_oldLibs" +fi + +# Always link lib{socket,nsl,resolv) if found, sigh. +LIBS="$LIBS $LIBSOCKET $LIBRESOLV" + +AC_ARG_WITH(flex-dir, + [ --with-flex-dir=PATH Specify path to flex installation], + [ + if test "x$withval" != "xno" ; then + tryflexdir=$withval + fi + ] +) + +saved_LDFLAGS="$LDFLAGS" +saved_CPPFLAGS="$CPPFLAGS" +AC_SUBST(LIBFL) +AC_CACHE_CHECK([for flex directory], ac_cv_flexdir, [ + for flexdir in $tryflexdir "" /usr/local/flex /usr/lib/flex /usr/local/flex /usr/lib/flex /usr/local /usr/pkg /opt /opt/flex ; do + # Skip directories if they don't exist + if test ! -z "$flexdir" -a ! -d "$flexdir" ; then + continue; + fi + + LIBFL="-lfl" + CPPFLAGS="$saved_CPPFLAGS" + LDFLAGS="$saved_LDFLAGS" + if test ! -z "$flexdir" -a "x$flexdir" != "x/usr"; then + # Try to use $flexdir/lib if it exists, otherwise + # $flexdir + if test -d "$flexdir/lib" ; then + LDFLAGS="-L$flexdir/lib $saved_LDFLAGS" + if test ! -z "$need_dash_r" ; then + LDFLAGS="-R$flexdir/lib $LDFLAGS" + fi + else + LDFLAGS="-L$flexdir $saved_LDFLAGS" + if test ! -z "$need_dash_r" ; then + LDFLAGS="-R$flexdir $LDFLAGS" + fi + fi + # Try to use $flexdir/include if it exists, otherwise + # $flexdir + if test -d "$flexdir/include" ; then + CPPFLAGS="-I$flexdir/include $saved_CPPFLAGS" + else + CPPFLAGS="-I$flexdir $saved_CPPFLAGS" + fi + fi + break; + done + + if test -z "$flexdir" ; then + flexdir="(system)" + fi + + ac_cv_flexdir=$flexdir +]) + +if (test ! -z "$ac_cv_flexdir" && test "x$ac_cv_flexdir" != "x(system)") ; then + dnl Need to recover flexdir - test above runs in subshell + flexdir=$ac_cv_flexdir + if test ! -z "$flexdir" -a "x$flexdir" != "x/usr"; then + # Try to use $flexdir/lib if it exists, otherwise + # $flexdir + if test -d "$flexdir/lib" ; then + LDFLAGS="-L$flexdir/lib $saved_LDFLAGS" + if test ! -z "$need_dash_r" ; then + LDFLAGS="-R$flexdir/lib $LDFLAGS" + fi + else + LDFLAGS="-L$flexdir $saved_LDFLAGS" + if test ! -z "$need_dash_r" ; then + LDFLAGS="-R$flexdir $LDFLAGS" + fi + fi + # Try to use $flexdir/include if it exists, otherwise + # $flexdir + if test -d "$flexdir/include" ; then + CPPFLAGS="-I$flexdir/include $saved_CPPFLAGS" + else + CPPFLAGS="-I$flexdir $saved_CPPFLAGS" + fi + fi +fi + AC_SUBST(CFLAGS_PCSC) AC_SUBST(LIBPCSC) LIBPCSC="-lpcsclite" @@ -312,29 +509,6 @@ fi LIBS="$saved_LIBS" AM_CONDITIONAL(HAVE_PCSCLITE, test "x$ac_cv_lib_pcsclite_SCardEstablishContext" = "xyes") -AC_SUBST(LIBDL) -AC_CHECK_LIB(dl, dlopen, [LIBDL="$LIBDL -ldl" ac_cv_func_dlopen_ldl=yes], ac_cv_func_dlopen_ldl=no) - -AC_SUBST(LIBREADLINE) -# libreadline will also need libtermcap on some OSes -saved_LIBS="$LIBS" -for add in "" "-ltermcap"; do - if test "X$add" != "X"; then - AC_MSG_CHECKING([whether -lreadline requires $add]) - fi - LIBS="$saved_LIBS $add" - unset ac_cv_lib_readline_readline - AC_CHECK_LIB(readline, readline, [ - LIBREADLINE="-lreadline $add" - ac_cv_func_readline_lreadline=yes - ], ac_cv_func_readline_lreadline=no) - test "$ac_cv_func_readline_lreadline" = yes && break -done - -LIBS="$LIBS $LIBREADLINE" -AC_CHECK_FUNCS(readline) -LIBS="$saved_LIBS" - dnl The big search for OpenSSL AC_ARG_WITH(ssl-dir, [ --with-ssl-dir=PATH Specify path to OpenSSL installation], @@ -453,6 +627,85 @@ if test "x$SSL_MSG" = "xyes" ; then fi AM_CONDITIONAL(HAVE_SSL, test "x$SSL_MSG" = "xyes") +AC_ARG_WITH(pam-dir, + [ --with-pam-dir=PATH Specify path for PAM installation libraries], + [ + if test "x$withval" != "xno" ; then + trypamdir=$withval + fi + ] +) + +saved_LDFLAGS="$LDFLAGS" +saved_CPPFLAGS="$CPPFLAGS" +AC_CACHE_CHECK([for pam directory], ac_cv_pamdir, [ + for pamdir in $trypamdir "" /usr/local /usr/pkg /opt ; do + # Skip directories if they don't exist + if test ! -z "$pamdir" -a ! -d "$pamdir" ; then + continue; + fi + + CPPFLAGS="$saved_CPPFLAGS" + LDFLAGS="$saved_LDFLAGS" + if test ! -z "$pamdir" -a "x$pamdir" != "x/usr"; then + # Try to use $pamdir/lib if it exists, otherwise + # $pamdir + if test -d "$pamdir/lib" ; then + LDFLAGS="-L$pamdir/lib $saved_LDFLAGS" + if test ! -z "$need_dash_r" ; then + LDFLAGS="-R$pamdir/lib $LDFLAGS" + fi + else + LDFLAGS="-L$pamdir $saved_LDFLAGS" + if test ! -z "$need_dash_r" ; then + LDFLAGS="-R$pamdir $LDFLAGS" + fi + fi + # Try to use $pamdir/include if it exists, otherwise + # $pamdir + if test -d "$pamdir/include" ; then + CPPFLAGS="-I$pamdir/include $saved_CPPFLAGS" + else + CPPFLAGS="-I$pamdir $saved_CPPFLAGS" + fi + fi + break; + done + + if test -z "$pamdir" ; then + pamdir="(system)" + fi + + ac_cv_pamdir=$pamdir +]) + +if (test ! -z "$ac_cv_pamdir" && test "x$ac_cv_pamdir" != "x(system)") ; then + dnl Need to recover pamdir - test above runs in subshell + pamdir=$ac_cv_pamdir + if test ! -z "$pamdir" -a "x$pamdir" != "x/usr"; then + # Try to use $pamdir/lib if it exists, otherwise + # $pamdir + if test -d "$pamdir/lib" ; then + LDFLAGS="-L$pamdir/lib $saved_LDFLAGS" + if test ! -z "$need_dash_r" ; then + LDFLAGS="-R$pamdir/lib $LDFLAGS" + fi + else + LDFLAGS="-L$pamdir $saved_LDFLAGS" + if test ! -z "$need_dash_r" ; then + LDFLAGS="-R$pamdir $LDFLAGS" + fi + fi + # Try to use $pamdir/include if it exists, otherwise + # $pamdir + if test -d "$pamdir/include" ; then + CPPFLAGS="-I$pamdir/include $saved_CPPFLAGS" + else + CPPFLAGS="-I$pamdir $saved_CPPFLAGS" + fi + fi +fi + dnl Check for PAM libs PAM_MSG="no" no_pam="" @@ -505,6 +758,162 @@ LIBS="$saved_LIBS" AM_CONDITIONAL(HAVE_PAM, test "x$PAM_MSG" = "xyes") AM_CONDITIONAL(HAVE_PAM_AND_SSL, test "x$PAM_MSG" = "xyes" -a "x$SSL_MSG" = "xyes") +dnl Check for SIA libs +AC_SUBST(LIBSIA) +SIA_MSG="no" +no_osfsia="" +AC_MSG_CHECKING([SIA support]) +AC_ARG_WITH(osfsia, + [ --with-osfsia Enable Digital Unix SIA], + [ + if test "x$withval" = "xno" ; then + AC_MSG_RESULT(disabled) + no_osfsia=1 + fi + ], +) +if test -z "$no_osfsia" ; then + if test -f /etc/sia/matrix.conf; then + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_OSF_SIA, 1, [Have Digital Unix SIA]) + LIBSIA="$LIBSIA -lsecurity -ldb -lm -laud" + SIA_MSG="yes" + else + AC_MSG_RESULT(no) + fi +fi + +AM_CONDITIONAL(HAVE_SIA, test "x$SIA_MSG" = "xyes") + +# Check for user-specified random device, otherwise check /dev/urandom +AC_ARG_WITH(random, + [ --with-random=FILE read entropy from FILE (default=/dev/urandom)], + [ + if test "x$withval" != "xno" ; then + RANDOM_POOL="$withval"; + AC_DEFINE_UNQUOTED(RANDOM_POOL, "$RANDOM_POOL", [Location of random number pool]) + fi + ], + [ + # Check for random device + AC_CHECK_FILE("/dev/urandom", + [ + RANDOM_POOL="/dev/urandom"; + AC_SUBST(RANDOM_POOL) + AC_DEFINE_UNQUOTED(RANDOM_POOL, "$RANDOM_POOL", [Location of random number pool]) + ] + ) + ] +) + +# Check for PRNGD/EGD pool file +AC_ARG_WITH(prngd-port, + [ --with-prngd-port=PORT read entropy from PRNGD/EGD localhost:PORT], + [ + if test ! -z "$withval" -a "x$withval" != "xno" ; then + PRNGD_PORT="$withval" + AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT, [Port number of PRNGD/EGD random number socket]) + fi + ] +) + +# Check for PRNGD/EGD pool file +AC_ARG_WITH(prngd-socket, + [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], + [ + if test "x$withval" != "xno" ; then + PRNGD_SOCKET="$withval" + AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET", [Location of PRNGD/EGD random number socket]) + fi + ], + [ + # Check for existing socket only if we don't have a random device already + if test -z "$RANDOM_POOL" ; then + AC_MSG_CHECKING(for PRNGD/EGD socket) + # Insert other locations here + for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy /tmp/entropy; do + if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then + PRNGD_SOCKET="$sock" + AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET", [Location of PRNGD/EGD random number socket]) + break; + fi + done + if test ! -z "$PRNGD_SOCKET" ; then + AC_MSG_RESULT($PRNGD_SOCKET) + else + AC_MSG_RESULT(not found) + fi + fi + ] +) + +### BEGIN LDAP SPECIFIC OPTIONS +dnl ldap autoconf magic partly taken from pam_ldap + +dnl --enable-ldap option. +AC_ARG_ENABLE(ldap, +[ --enable-ldap enable use of LDAP for authentication. [default=yes]], + , enable_ldap=yes) +AC_ARG_ENABLE(ssl, [ --disable-ssl disable SSL/TSL support for ldap]) +AC_ARG_WITH(ldap-lib, [ --with-ldap-lib=type select ldap library [auto|netscape5|netscape4|netscape3|umich|openldap]]) +AC_ARG_WITH(ldap-dir, [ --with-ldap-dir=DIR base directory of ldap SDK]) + +AC_SUBST(LIBLDAP) +LDAP_MSG="no" +if (test x$enable_ldap = xyes); then + if test -n "$with_ldap_dir"; then + CPPFLAGS="$CPPFLAGS -I$with_ldap_dir/include" + LDFLAGS="$LDFLAGS -L$with_ldap_dir/lib" + case "$target_os" in + solaris*) LDFLAGS="$LDFLAGS -Wl,-R$with_ldap_dir/lib" ;; + *) LDFLAGS="$LDFLAGS -Wl,-rpath,$with_ldap_dir/lib" ;; + esac + fi + + AC_CHECK_HEADERS(lber.h ldap.h ldap_ssl.h) + + dnl check which ldap library we have + if test -z "$with_ldap_lib"; then + with_ldap_lib=auto + fi + + if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = umich -o $with_ldap_lib = openldap \); then + AC_CHECK_LIB(lber, ber_init, LIBLDAP="-llber $LIBLDAP" found_lber_lib=yes) + saved_LIBS="$LIBS" + LIBS="$LIBS $LIBLDAP" + AC_CHECK_LIB(ldap, ldap_search, LIBLDAP="-lldap $LIBLDAP" found_ldap_lib=yes) + LIBS="$saved_LIBS" + fi + if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape5 \); then + AC_CHECK_LIB(ldap50, ldap_search, LIBLDAP="-lldap50 -lssldap50 -lssl3 -lnss3 -lnspr4 -lprldap50 -lplc4 -lplds4 $LIBLDAP" found_ldap_lib=yes need_pthread=true,, -lpthread) + fi + if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape4 \); then + AC_CHECK_LIB(ldapssl41, ldap_search, LIBLDAP="-lldapssl41 -lplc3 -lplds3 -lnspr3 $LIBLDAP" found_ldap_lib=yes need_pthread=true,, -lpthread) + if test -z "$found_ldap_lib"; then + AC_CHECK_LIB(ldapssl40, ldap_search, LIBLDAP="-lldapssl40 $LIBLDAP" found_ldap_lib=yes need_pthread=true,, -lpthread) + fi + fi + if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape3 \); then + AC_CHECK_LIB(ldapssl30, ldap_search, LIBLDAP="-lldapssl30 $LIBLDAP" found_ldap_lib=yes need_pthread=true,, -lpthread) + fi + + if test -n "$found_ldap_lib"; then + AC_DEFINE(LDAP_REFERRALS,1,[This is needed for the native Solaris LDAP SDK]) + AC_DEFINE(HAVE_LDAP, 1, [Use LDAP for authentication etc.]) + LDAP_MSG="yes" + + saved_LIBS="$LIBS" + LIBS="$LIBS $LIBLDAP" + AC_CHECK_FUNCS(ldap_init) + if test "$enable_ssl" \!= "no"; then + AC_CHECK_FUNCS(ldapssl_init ldap_start_tls_s ldap_pvt_tls_set_option) + fi + LIBS="$saved_LIBS" + fi +fi +AM_CONDITIONAL(HAVE_LDAP, test "x$LDAP_MSG" = "xyes") +### END LDAP SPECIFIC OPTIONS + dnl Enable/disable debugging messages. AC_ARG_ENABLE(debug, [ --enable-debug enable debug messages. [default=no]], @@ -513,6 +922,20 @@ if (test x$enable_debug = xyes); then AC_DEFINE(DEBUG, 1, [Enable debug messages.]) fi +if test "x$prefix" = xNONE; then + prefix=$ac_default_prefix +fi + +AC_SUBST(LIBSCCONF) +LIBSCCONF="\${top_srcdir}/src/scconf/libscconf.la" +AC_SUBST(LIBSCLDAP) +LIBSCLDAP="\${top_srcdir}/src/scldap/libscldap.la" +AC_SUBST(LIBSCRANDOM) +LIBSCRANDOM="\${top_srcdir}/src/scrandom/libscrandom.la" + +scldap_etc_path=`eval echo ${sysconfdir}` ; scldap_etc_path=`eval echo ${scldap_etc_path}` +AC_DEFINE_UNQUOTED(SCLDAP_ETC_PATH_CUSTOM, "$scldap_etc_path", [etc path for scldap]) + AC_SUBST(CFLAGS_OPENSC) CFLAGS_OPENSC="-I\${top_srcdir}/src/libopensc" AC_SUBST(LIBOPENSC) @@ -537,19 +960,40 @@ src/openssh/Makefile src/pam/Makefile src/pkcs11/Makefile src/pkcs11/rsaref/Makefile +src/scam/Makefile +src/scconf/Makefile +src/scldap/Makefile +src/scldap/etc/Makefile +src/scrandom/Makefile +src/sia/Makefile src/tests/Makefile src/tools/Makefile ]) +if test ! -z "$RANDOM_POOL" ; then + RAND_MSG="device ($RANDOM_POOL)" +else + if test ! -z "$PRNGD_PORT" ; then + RAND_MSG="PRNGD/EGD (port localhost:$PRNGD_PORT)" + elif test ! -z "$PRNGD_SOCKET" ; then + RAND_MSG="PRNGD/EGD (socket $PRNGD_SOCKET)" + else + RAND_MSG="Builtin kluge" + BUILTIN_RNG=1 + fi +fi + dnl Someone please show me a better way :) A=`eval echo ${prefix}` ; A=`eval echo ${A}` B=`eval echo ${bindir}` ; B=`eval echo ${B}` +C=`eval echo ${sysconfdir}` ; C=`eval echo ${C}` echo "" echo "OpenSC has been configured with the following options" echo "" echo "User binaries: ${B}" +echo "Configuration files: ${C}" echo "" echo "Host: ${host}" @@ -560,7 +1004,18 @@ echo "Linker flags: ${LDFLAGS}" echo "Libraries: ${LIBS}" echo "" -echo "OpenSSL support: ${SSL_MSG}" -echo "PAM support: ${PAM_MSG}" +echo "Random number collection: ${RAND_MSG}" +echo "OpenSSL support: ${SSL_MSG}" +echo "LDAP support: ${LDAP_MSG}" +echo "PAM support: ${PAM_MSG}" +echo "SIA support: ${SIA_MSG}" echo "" + +if test ! -z "$BUILTIN_RNG" ; then + echo "WARNING: you are using the builtin random number service." + echo "The random number service is very simple and is only" + echo "intended for testing purposes. Please request your OS" + echo "vendor to include /dev/random in future versions of" + echo "their OS. Or use PRNGD/EGD instead, your choice." +fi diff --git a/src/pam/Makefile.am b/src/pam/Makefile.am index 53ce7d5e..378fe036 100644 --- a/src/pam/Makefile.am +++ b/src/pam/Makefile.am @@ -2,7 +2,7 @@ libdir = ${prefix}/lib/security -INCLUDES = @CFLAGS_PCSC@ @CFLAGS_SSP@ @CFLAGS_OPENSC@ -I../scam -I../scconf -I../scrandom -I../scldap +INCLUDES = @CFLAGS_PCSC@ @CFLAGS_OPENSC@ -I../scam -I../scconf -I../scrandom -I../scldap if HAVE_LDAP LDAP_LTLIBS = @LIBSCLDAP@ @@ -10,9 +10,9 @@ else LDAP_LTLIBS = endif -LDFLAGS = @LDFLAGS@ @LIBDL@ @LIBSCRANDOM@ $(LDAP_LTLIBS) @LIBCRYPTO@ @LIBSSP@ @LIBOPENSC@ @LIBPAM@ +LDFLAGS = @LDFLAGS@ @LIBDL@ @LIBSCRANDOM@ $(LDAP_LTLIBS) @LIBCRYPTO@ @LIBOPENSC@ @LIBPAM@ -AUTHSRC = ../scam/scam.c ../scam/scam.h ../scam/sp.c ../scam/p15_eid.c ../scam/p15_ldap.c +AUTHSRC = ../scam/scam.c ../scam/scam.h ../scam/p15_eid.c ../scam/p15_ldap.c SRC = $(AUTHSRC) pam_opensc.c pam_support.c pam_support.h if HAVE_PAM_AND_SSL diff --git a/src/pam/pam_opensc.c b/src/pam/pam_opensc.c index 6ffdebd0..f3e6f894 100644 --- a/src/pam/pam_opensc.c +++ b/src/pam/pam_opensc.c @@ -28,6 +28,12 @@ #include #include #include +#include +#include +#ifdef HAVE_UTMP_H +#include +#endif +#include #include "scam.h" #define PAM_SM_AUTH @@ -38,6 +44,41 @@ static int scam_method = 0; static char *auth_method = NULL; +/* + * Because getlogin() is braindead and sometimes it just + * doesn't work, we reimplement it here. + */ +static char *get_login(void) +{ + char *user = NULL; +#ifdef HAVE_SETUTENT + struct utmp *ut = NULL, line; + static char curr_user[sizeof(ut->ut_user) + 4]; + char *curr_tty = NULL; + + curr_tty = ttyname(0); + if (curr_tty) { + curr_tty += 5; + setutent(); + strncpy(line.ut_line, curr_tty, sizeof line.ut_line); + if ((ut = getutline(&line))) { + strncpy(curr_user, ut->ut_user, sizeof(ut->ut_user)); + user = curr_user; + } + endutent(); + } +#else + user = getlogin(); +#endif +#if 1 + if (!user) { + struct passwd *pw_user = getpwuid(geteuid()); + user = pw_user->pw_name; + } +#endif + return user; +} + static void usage(void) { int i; @@ -159,7 +200,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, con /* No remote logins allowed through xdm */ if ((!strcmp(service, "xdm") && strcmp(tty, ":0"))) { - log_message("User %s (tty %s) tried remote login through service %s, permission denied.\n", user, tty, service); + char buf[256]; + + snprintf(buf, 256, "User %s (tty %s) tried remote login through service %s, permission denied.\n", user, tty, service); + opensc_pam_log(LOG_NOTICE, pamh, buf); scam_deinit(scam_method); return PAM_PERM_DENIED; } @@ -231,7 +275,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc, opensc_pam_log(LOG_CRIT, pamh, "open_session - scam_open_session failed\n"); return PAM_SESSION_ERR; } - opensc_pam_log(LOG_INFO, pamh, "session opened for user %s by %s(uid=%d)\n", user, GetLogin() == NULL ? "" : GetLogin(), getuid()); + opensc_pam_log(LOG_INFO, pamh, "session opened for user %s by %s(uid=%d)\n", user, get_login() == NULL ? "" : get_login(), getuid()); return PAM_SUCCESS; } diff --git a/src/pam/pam_support.c b/src/pam/pam_support.c index d69bb4b9..1decb42e 100644 --- a/src/pam/pam_support.c +++ b/src/pam/pam_support.c @@ -25,6 +25,7 @@ #endif #include #include +#include #include #include #include "pam_support.h" @@ -60,16 +61,12 @@ int converse(pam_handle_t * pamh, int ctrl, int nargs int retval; struct pam_conv *conv; - log_messagex(L_DEBUG, "begin to converse"); - retval = pam_get_item(pamh, PAM_CONV, (PAM_CONST void **) &conv); if (retval == PAM_SUCCESS) { retval = conv->conv(nargs, (PAM_CONST struct pam_message **) message ,response, conv->appdata_ptr); - log_messagex(L_DEBUG, "returned from application's conversation function"); - if (retval != PAM_SUCCESS && on(OPENSC_DEBUG, ctrl)) { opensc_pam_log(LOG_DEBUG, pamh, "conversation failure [%s]" ,pam_strerror(pamh, retval)); @@ -79,8 +76,6 @@ int converse(pam_handle_t * pamh, int ctrl, int nargs ,"couldn't obtain conversation function [%s]" ,pam_strerror(pamh, retval)); } - log_messagex(L_DEBUG, "ready to return from module conversation"); - return retval; /* propagate error status */ } @@ -140,36 +135,28 @@ int _set_ctrl(pam_handle_t * pamh, int flags, char **auth_method, int argc, cons { unsigned int ctrl; - log_messagex(L_DEBUG, "called."); - ctrl = OPENSC_DEFAULTS; /* the default selection of options */ /* set some flags manually */ if (getuid() == 0 && !(flags & PAM_CHANGE_EXPIRED_AUTHTOK)) { - log_messagex(L_DEBUG, "IAMROOT"); set(OPENSC__IAMROOT, ctrl); } if (flags & PAM_UPDATE_AUTHTOK) { - log_messagex(L_DEBUG, "UPDATE_AUTHTOK"); set(OPENSC__UPDATE, ctrl); } if (flags & PAM_PRELIM_CHECK) { - log_messagex(L_DEBUG, "PRELIM_CHECK"); set(OPENSC__PRELIM, ctrl); } if (flags & PAM_DISALLOW_NULL_AUTHTOK) { - log_messagex(L_DEBUG, "DISALLOW_NULL_AUTHTOK"); set(OPENSC__NONULL, ctrl); } if (flags & PAM_SILENT) { - log_messagex(L_DEBUG, "SILENT"); set(OPENSC__QUIET, ctrl); } /* now parse the arguments to this module */ while (argc-- > 0) { int j; - log_messagex(L_DEBUG, "pam_opensc arg: %s", *argv); for (j = 0; j < OPENSC_CTRLS_; ++j) { if (opensc_args[j].token && !strncmp(*argv, opensc_args[j].token, strlen(opensc_args[j].token))) { @@ -204,8 +191,6 @@ int _set_ctrl(pam_handle_t * pamh, int flags, char **auth_method, int argc, cons set(OPENSC_DEBUG, ctrl); } /* return the set of flags */ - - log_messagex(L_DEBUG, "done."); #if 0 print_ctrl(ctrl); #endif @@ -232,18 +217,9 @@ int _read_password(pam_handle_t * pamh ,PAM_CONST char *data_name ,PAM_CONST char **pass) { - int authtok_flag; - int retval; - PAM_CONST char *item; - char *token; - - log_messagex(L_DEBUG, "called"); - - /* - * make sure nothing inappropriate gets returned - */ - - *pass = token = NULL; + int authtok_flag, retval; + PAM_CONST char *item = NULL; + char *token = NULL; /* * which authentication token are we getting? diff --git a/src/scam/Makefile.am b/src/scam/Makefile.am index e1e2caa4..f0b659d7 100644 --- a/src/scam/Makefile.am +++ b/src/scam/Makefile.am @@ -1,3 +1,3 @@ # Process this file with automake to create Makefile.in -EXTRA_DIST = scam.c scam.h sp.c p15_eid.c p15_ldap.c +EXTRA_DIST = scam.c scam.h p15_eid.c p15_ldap.c diff --git a/src/scam/p15_eid.c b/src/scam/p15_eid.c index fc507013..904c6502 100644 --- a/src/scam/p15_eid.c +++ b/src/scam/p15_eid.c @@ -144,14 +144,14 @@ int p15_eid_init(int argc, const char **argv) } if (!reader_name) { for (i = 0; i < ctx->reader_count; i++) { - log_message("Reader #%d - %s%s\n", i + 1, ctx->reader[i]->name, reader == i ? " (*)" : ""); + printf("Reader #%d - %s%s\n", i + 1, ctx->reader[i]->name, reader == i ? " (*)" : ""); } } else { for (i = 0; i < ctx->reader_count; i++) { if ((strlen(reader_name) < strlen(ctx->reader[i]->name))) { if (!strncmp(reader_name, ctx->reader[i]->name, strlen(reader_name))) { reader = i; - log_message("Reader #%d - %s selected\n", i + 1, ctx->reader[reader]->name); + printf("Reader #%d - %s selected\n", i + 1, ctx->reader[reader]->name); break; } } @@ -382,29 +382,31 @@ void p15_eid_deinit(void) int p15_eid_open_session(int argc, const char **argv, const char *user) { struct passwd *userstr = NULL; +#ifdef PCSCLITE_SERVER_PATH uid_t useruid = 65534, uid = 65534; gid_t gid = 65534; int r; +#endif if (!user) { - log_messagex(L_DEBUG, "No user.\n"); + scam_fw_p15_eid.printmsg("No user.\n"); return SCAM_FAILED; } userstr = getpwnam(user); if (!userstr) { - log_messagex(L_DEBUG, "Can't get user structure. (%s)", user); + scam_fw_p15_eid.printmsg("Can't get user structure. (%s)", user); return SCAM_FAILED; } +#ifdef PCSCLITE_SERVER_PATH useruid = userstr->pw_uid; r = GetIdentity(&uid, &gid); if (r < 0) { scam_fw_p15_eid.logmsg("Could not get uid/gid for pcscd.\n"); return SCAM_FAILED; } -#ifdef PCSCLITE_SERVER_PATH r = chown(PCSCLITE_SERVER_PATH, useruid, gid); if (r < 0) { - log_messagex(L_DEBUG, "Opening session failed, cannot chown socket to user %.", user); + scam_fw_p15_eid.printmsg("Opening session failed, cannot chown socket to user %.", user); return SCAM_FAILED; } #endif @@ -413,23 +415,25 @@ int p15_eid_open_session(int argc, const char **argv, const char *user) int p15_eid_close_session(int argc, const char **argv, const char *user) { +#ifdef PCSCLITE_SERVER_PATH uid_t uid = 65534; gid_t gid = 65534; int r; +#endif if (!user) { - log_messagex(L_DEBUG, "No user.\n"); + scam_fw_p15_eid.printmsg("No user.\n"); return SCAM_FAILED; } +#ifdef PCSCLITE_SERVER_PATH r = GetIdentity(&uid, &gid); if (r < 0) { scam_fw_p15_eid.logmsg("Could not get uid/gid for pcscd.\n"); return SCAM_FAILED; } -#ifdef PCSCLITE_SERVER_PATH r = chown(PCSCLITE_SERVER_PATH, uid, gid); if (r < 0) { - log_messagex(L_DEBUG, "Closing session failed, cannot chown socket to smartcard user."); + scam_fw_p15_eid.printmsg("Closing session failed, cannot chown socket to smartcard user."); return SCAM_SUCCESS; } r = CleanupClientSockets(); diff --git a/src/scam/p15_ldap.c b/src/scam/p15_ldap.c index 5adab23a..5799a522 100644 --- a/src/scam/p15_ldap.c +++ b/src/scam/p15_ldap.c @@ -145,14 +145,14 @@ int p15_ldap_init(int argc, const char **argv) } if (!reader_name) { for (i = 0; i < ctx->reader_count; i++) { - log_message("Reader #%d - %s%s\n", i + 1, ctx->reader[i]->name, reader == i ? " (*)" : ""); + printf("Reader #%d - %s%s\n", i + 1, ctx->reader[i]->name, reader == i ? " (*)" : ""); } } else { for (i = 0; i < ctx->reader_count; i++) { if ((strlen(reader_name) < strlen(ctx->reader[i]->name))) { if (!strncmp(reader_name, ctx->reader[i]->name, strlen(reader_name))) { reader = i; - log_message("Reader #%d - %s selected\n", i + 1, ctx->reader[reader]->name); + printf("Reader #%d - %s selected\n", i + 1, ctx->reader[reader]->name); break; } } @@ -318,29 +318,31 @@ void p15_ldap_deinit(void) int p15_ldap_open_session(int argc, const char **argv, const char *user) { struct passwd *userstr = NULL; +#ifdef PCSCLITE_SERVER_PATH uid_t useruid = 65534, uid = 65534; gid_t gid = 65534; int r; +#endif if (!user) { - log_messagex(L_DEBUG, "No user.\n"); + scam_fw_p15_ldap.printmsg("No user.\n"); return SCAM_FAILED; } userstr = getpwnam(user); if (!userstr) { - log_messagex(L_DEBUG, "Can't get user structure. (%s)", user); + scam_fw_p15_ldap.printmsg("Can't get user structure. (%s)", user); return SCAM_FAILED; } +#ifdef PCSCLITE_SERVER_PATH useruid = userstr->pw_uid; r = GetIdentity(&uid, &gid); if (r < 0) { scam_fw_p15_ldap.logmsg("Could not get uid/gid for pcscd.\n"); return SCAM_FAILED; } -#ifdef PCSCLITE_SERVER_PATH r = chown(PCSCLITE_SERVER_PATH, useruid, gid); if (r < 0) { - log_messagex(L_DEBUG, "Opening session failed, cannot chown socket to user %.", user); + scam_fw_p15_ldap.printmsg("Opening session failed, cannot chown socket to user %.", user); return SCAM_FAILED; } #endif @@ -349,23 +351,25 @@ int p15_ldap_open_session(int argc, const char **argv, const char *user) int p15_ldap_close_session(int argc, const char **argv, const char *user) { +#ifdef PCSCLITE_SERVER_PATH uid_t uid = 65534; gid_t gid = 65534; int r; +#endif if (!user) { - log_messagex(L_DEBUG, "No user.\n"); + scam_fw_p15_ldap.printmsg("No user.\n"); return SCAM_FAILED; } +#ifdef PCSCLITE_SERVER_PATH r = GetIdentity(&uid, &gid); if (r < 0) { scam_fw_p15_ldap.logmsg("Could not get uid/gid for pcscd.\n"); return SCAM_FAILED; } -#ifdef PCSCLITE_SERVER_PATH r = chown(PCSCLITE_SERVER_PATH, uid, gid); if (r < 0) { - log_messagex(L_DEBUG, "Closing session failed, cannot chown socket to smartcard user."); + scam_fw_p15_ldap.printmsg("Closing session failed, cannot chown socket to smartcard user."); return SCAM_SUCCESS; } r = CleanupClientSockets(); diff --git a/src/scam/scam.c b/src/scam/scam.c index 82d7e576..50b3a6ac 100644 --- a/src/scam/scam.c +++ b/src/scam/scam.c @@ -32,7 +32,9 @@ struct scam_framework_ops *scam_frameworks[] = { +#ifdef HAVE_SCIDI &scam_fw_sp, +#endif #ifndef HAVE_LDAP &scam_fw_p15_eid, &scam_fw_p15_ldap, diff --git a/src/scldap/scldap.c b/src/scldap/scldap.c index 830a4021..b78ed36b 100644 --- a/src/scldap/scldap.c +++ b/src/scldap/scldap.c @@ -165,7 +165,8 @@ void scldap_show_parameters(scldap_context * ctx) { int i, j; - CHECK_CTX_VOID(ctx); + if (!ctx) + return; for (i = 0; i < ctx->entries; i++) { if (ctx->entry[i].entry) { printf("[%i]->entry=%s\n", i, ctx->entry[i].entry); @@ -187,7 +188,8 @@ void scldap_free_parameters(scldap_context * ctx) { int i, j; - CHECK_CTX_VOID(ctx); + if (!ctx) + return; if (ctx) { for (i = 0; i < ctx->entries; i++) { if (ctx->entry[i].entry) { @@ -245,13 +247,8 @@ void scldap_parse_arguments(scldap_context ** ctx, int argc, const char **argv) scldap_context *ptr = *ctx; int i; - CHECK_CTX_VOID(ptr); - - if (argc < 0) + if (!ptr || !argv || argc < 0) return; - if (!argv) - return; - for (i = 0; i < argc; i++) { if (argv[i][0] == '-') { char *optarg = (char *) argv[i + 1]; @@ -346,7 +343,8 @@ int scldap_add_entry(scldap_context * ctx, const char *entry) { int i; - CHECK_CTX(ctx, 0); + if (!ctx) + return 0; if (entry) { for (i = 0; i < ctx->entries; i++) { if (!ctx->entry[i].entry) { @@ -372,7 +370,8 @@ int scldap_get_entry(scldap_context * ctx, const char *entry) { int i; - CHECK_CTX(ctx, 0); + if (!ctx) + return 0; if (entry) { for (i = 0; i < ctx->entries; i++) { if (ctx->entry[i].entry) { @@ -389,7 +388,8 @@ void scldap_set_entry(scldap_context * ctx, const char *entry) { int i; - CHECK_CTX_VOID(ctx); + if (!ctx) + return; if (entry) { for (i = 0; i < ctx->entries; i++) { if (ctx->entry[i].entry) { @@ -406,7 +406,8 @@ void scldap_remove_entry(scldap_context * ctx, const char *entry) { int i, j; - CHECK_CTX_VOID(ctx); + if (!ctx) + return; if (entry) { for (i = 0; i < ctx->entries; i++) { if (ctx->entry[i].entry) { @@ -455,7 +456,8 @@ void scldap_remove_entry(scldap_context * ctx, const char *entry) int scldap_is_valid_url(const char *url) { - CHECK_CTX(url, 0); + if (!url) + return 0; return ldap_is_ldap_url((char *) url); } @@ -472,56 +474,56 @@ int scldap_url_to_entry(scldap_context * ctx, const char *entry, const char *url switch (rv) { #ifdef LDAP_URL_ERR_BADSCHEME case LDAP_URL_ERR_BADSCHEME: - log_messagex(L_DEBUG, "Not an LDAP URL: %s", url); + fprintf(stderr, "Not an LDAP URL: %s", url); break; #endif #ifdef LDAP_URL_ERR_BADENCLOSURE case LDAP_URL_ERR_BADENCLOSURE: - log_messagex(L_DEBUG, "Bad Enclosure in URL: %s", url); + fprintf(stderr, "Bad enclosure in URL: %s", url); break; #endif #ifdef LDAP_URL_ERR_BADURL case LDAP_URL_ERR_BADURL: - log_messagex(L_DEBUG, "Bad URL: %s", url); + fprintf(stderr, "Bad URL: %s", url); break; #endif #ifdef LDAP_URL_ERR_BADHOST case LDAP_URL_ERR_BADHOST: - log_messagex(L_DEBUG, "Host is invalid in URL: %s", url); + fprintf(stderr, "Host is invalid in URL: %s", url); break; #endif #ifdef LDAP_URL_ERR_BADATTRS case LDAP_URL_ERR_BADATTRS: - log_messagex(L_DEBUG, "Attributes are invalid in URL: %s", url); + fprintf(stderr, "Attributes are invalid in URL: %s", url); break; #endif #ifdef LDAP_URL_ERR_BADSCOPE case LDAP_URL_ERR_BADSCOPE: - log_messagex(L_DEBUG, "Scope is invalid in URL: %s", url); + fprintf(stderr, "Scope is invalid in URL: %s", url); break; #endif #ifdef LDAP_URL_ERR_BADFILTER case LDAP_URL_ERR_BADFILTER: - log_messagex(L_DEBUG, "Filter is invalid in URL: %s", url); + fprintf(stderr, "Filter is invalid in URL: %s", url); break; #endif #ifdef LDAP_URL_ERR_BADEXTS case LDAP_URL_ERR_BADEXTS: - log_messagex(L_DEBUG, "Extensions are invalid in URL: %s", url); + fprintf(stderr, "Extensions are invalid in URL: %s", url); break; #endif #ifdef LDAP_URL_ERR_MEM case LDAP_URL_ERR_MEM: - log_messagex(L_DEBUG, "Out of memory parsing URL: %s", url); + fprintf(stderr, "Out of memory parsing URL: %s", url); break; #endif #ifdef LDAP_URL_ERR_PARAM case LDAP_URL_ERR_PARAM: - log_messagex(L_DEBUG, "bad parameter parsing URL: %s", url); + fprintf(stderr, "Bad parameter parsing URL: %s", url); break; #endif default: - log_messagex(L_DEBUG, "Unknown error %d parsing URL: %s", rv, url); + fprintf(stderr, "Unknown error %d parsing URL: %s", rv, url); break; } return -1; @@ -706,7 +708,6 @@ static void scldap_get_result(LDAP * ld, LDAPMessage * res, scldap_param_entry * result->results++; \ result->result = (scldap_result_entry *) realloc(result->result, (result->results + 2) * sizeof(scldap_result_entry)); \ memset(&result->result[result->results], 0, sizeof(scldap_result_entry)); \ - log_messagex(L_DEBUG, "ADD: %s[%li]\n", result->result[result->results].name, result->result[result->results].datalen); \ } \ } if (attrsonly) { @@ -721,7 +722,6 @@ static void scldap_get_result(LDAP * ld, LDAPMessage * res, scldap_param_entry * } } else if ((bvals = ldap_get_values_len(ld, res, name))) { for (i = 0; bvals[i]; i++) { - log_messagex(L_DEBUG, "scldap_get_result: %s[%li]\n", name, bvals[i]->bv_len); if (param->numattrs) { for (j = 0; j < param->numattrs; j++) { if (!strncasecmp(param->attributes[j], name, strlen(param->attributes[j]))) { @@ -802,7 +802,7 @@ int scldap_search(scldap_context * ctx, const char *entry, return -1; } if (pattern) - log_messagex(L_DEBUG, "pattern: %s\n", pattern); + fprintf(stderr, "pattern: %s\n", pattern); if (ldap_search(ld, ctx->entry[entrynum].base, ctx->entry[entrynum].scope, pattern, ctx->entry[entrynum].attributes, ctx->entry[entrynum].attrsonly) == -1) { ldap_perror(ld, "ldap_search"); if (pattern) @@ -856,7 +856,6 @@ void scldap_free_result(scldap_result * result) { int i; - CHECK_CTX_VOID(result); if (result) { for (i = 0; i < result->results; i++) { if (result->result[i].name) { diff --git a/src/scldap/test-ldap.c b/src/scldap/test-ldap.c index 187748f4..adf099cd 100644 --- a/src/scldap/test-ldap.c +++ b/src/scldap/test-ldap.c @@ -146,7 +146,7 @@ int main(int argc, char **argv) if (verbose > 2) scldap_show_parameters(lctx); if (scldap_search(lctx, entry, &lresult, 0, searchword) < 0) { - log_message("scldap_search failed.\n"); + fprintf(stderr, "scldap_search failed.\n"); scldap_free_parameters(lctx); return 1; } diff --git a/src/scrandom/scrandom.c b/src/scrandom/scrandom.c index c3407c58..a99814fa 100644 --- a/src/scrandom/scrandom.c +++ b/src/scrandom/scrandom.c @@ -22,6 +22,7 @@ #ifdef HAVE_CONFIG_H #include #endif +#include #include #include #include @@ -31,7 +32,9 @@ #include #include #include +#ifdef HAVE_OPENSSL #include +#endif static ssize_t atomicio(ssize_t(*f) (), int fd, void *_s, size_t n) { @@ -111,12 +114,12 @@ static int scrandom_get_bytes(unsigned char *buf, int len) #if defined(RANDOM_POOL) fd = open(RANDOM_POOL, O_RDONLY); if (fd == -1) { - log_message("Couldn't open random pool \"%s\": %s\n", + fprintf(stderr, "Couldn't open random pool \"%s\": %s\n", RANDOM_POOL, strerror(errno)); return 0; } if (atomicio(read, fd, buf, len) != len) { - log_message("Couldn't read from random pool \"%s\": %s\n", + fprintf(stderr, "Couldn't read from random pool \"%s\": %s\n", RANDOM_POOL, strerror(errno)); close(fd); return 0; @@ -132,11 +135,11 @@ static int scrandom_get_bytes(unsigned char *buf, int len) memset(&addr, '\0', sizeof(addr)); /* Sanity checks */ if (sizeof(PRNGD_SOCKET) > sizeof(addr.sun_path)) { - log_message("Random pool path is too long"); + fprintf(stderr, "Random pool path is too long"); return 0; } if (len > 255) { - log_message("Too many bytes to read from PRNGD"); + fprintf(stderr, "Too many bytes to read from PRNGD"); return 0; } addr.sun_family = AF_UNIX; @@ -148,11 +151,11 @@ static int scrandom_get_bytes(unsigned char *buf, int len) reopen: fd = socket(addr.sun_family, SOCK_STREAM, 0); if (fd == -1) { - log_message("Couldn't create AF_UNIX socket: %s\n", strerror(errno)); + fprintf(stderr, "Couldn't create AF_UNIX socket: %s\n", strerror(errno)); goto done; } if (connect(fd, (struct sockaddr *) &addr, addr_len) == -1) { - log_message("Couldn't connect to PRNGD socket \"%s\": %s\n", + fprintf(stderr, "Couldn't connect to PRNGD socket \"%s\": %s\n", addr.sun_path, strerror(errno)); goto done; } @@ -166,7 +169,7 @@ static int scrandom_get_bytes(unsigned char *buf, int len) errors++; goto reopen; } - log_message("Couldn't write to PRNGD socket: %s\n", + fprintf(stderr, "Couldn't write to PRNGD socket: %s\n", strerror(errno)); goto done; } @@ -176,7 +179,7 @@ static int scrandom_get_bytes(unsigned char *buf, int len) errors++; goto reopen; } - log_message("Couldn't read from PRNGD socket: %s\n", + fprintf(stderr, "Couldn't read from PRNGD socket: %s\n", strerror(errno)); goto done; } @@ -204,11 +207,11 @@ static int scrandom_get_bytes(unsigned char *buf, int len) reopen: fd = socket(addr.sin_family, SOCK_STREAM, 0); if (fd == -1) { - log_message("Couldn't create AF_INET socket: %s\n", strerror(errno)); + fprintf(stderr, "Couldn't create AF_INET socket: %s\n", strerror(errno)); goto done; } if (connect(fd, (struct sockaddr *) &addr, addr_len) == -1) { - log_message("Couldn't connect to PRNGD port %d: %s\n", + fprintf(stderr, "Couldn't connect to PRNGD port %d: %s\n", PRNGD_PORT, strerror(errno)); goto done; } @@ -222,7 +225,7 @@ static int scrandom_get_bytes(unsigned char *buf, int len) errors++; goto reopen; } - log_message("Couldn't write to PRNGD socket: %s\n", + fprintf(stderr, "Couldn't write to PRNGD socket: %s\n", strerror(errno)); goto done; } @@ -232,7 +235,7 @@ static int scrandom_get_bytes(unsigned char *buf, int len) errors++; goto reopen; } - log_message("Couldn't read from PRNGD socket: %s\n", + fprintf(stderr, "Couldn't read from PRNGD socket: %s\n", strerror(errno)); goto done; } @@ -257,10 +260,9 @@ static int scrandom_seed_generator(void) #ifdef HAVE_OPENSSL unsigned char buf[32]; - log_messagex(L_DEBUG, "Seeding random number generator"); if (!scrandom_get_bytes(buf, sizeof(buf))) { if (!RAND_status()) { - log_message("Entropy collection failed and entropy exhausted"); + fprintf(stderr, "Entropy collection failed and entropy exhausted\n"); return 0; } } else { diff --git a/src/sia/Makefile.am b/src/sia/Makefile.am index 676f55b9..52e93e74 100644 --- a/src/sia/Makefile.am +++ b/src/sia/Makefile.am @@ -2,7 +2,7 @@ libdir = ${prefix}/lib/security -INCLUDES = @CFLAGS_PCSC@ @CFLAGS_SSP@ @CFLAGS_OPENSC@ -I../scam -I../scconf -I../scrandom -I../scldap +INCLUDES = @CFLAGS_PCSC@ @CFLAGS_OPENSC@ -I../scam -I../scconf -I../scrandom -I../scldap if HAVE_LDAP LDAP_LTLIBS = @LIBSCLDAP@ @@ -10,9 +10,9 @@ else LDAP_LTLIBS = endif -LDFLAGS = @LDFLAGS@ @LIBDL@ @LIBSCRANDOM@ $(LDAP_LTLIBS) @LIBSSP@ @LIBOPENSC@ +LDFLAGS = @LDFLAGS@ @LIBDL@ @LIBSCRANDOM@ $(LDAP_LTLIBS) @LIBOPENSC@ -AUTHSRC = ../scam/scam.c ../scam/scam.h ../scam/sp.c ../scam/p15_eid.c ../scam/p15_ldap.c +AUTHSRC = ../scam/scam.c ../scam/scam.h ../scam/p15_eid.c ../scam/p15_ldap.c SRC = $(AUTHSRC) sia_opensc.c sia_support.c sia_support.h if HAVE_SIA