Merge configure.ac stuff from SCIDI, needs some cleanups
Add missing functions Replace log_message{x}() calls with fprintf, for now Everything compiles with vanilla opensc tree, yet untested. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@363 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
dc50994696
commit
504b0ae2b9
@ -1,6 +1,6 @@
|
|||||||
## Makefile.am -- Process this file with automake to produce Makefile.in
|
## Makefile.am -- Process this file with automake to produce Makefile.in
|
||||||
|
|
||||||
SUBDIRS = . aclocal src docs
|
SUBDIRS = . aclocal docs src
|
||||||
|
|
||||||
EXTRA_DIST = CodingStyle bootstrap
|
EXTRA_DIST = CodingStyle bootstrap
|
||||||
|
|
||||||
|
511
configure.in
511
configure.in
@ -75,8 +75,6 @@ case "$host" in
|
|||||||
blibpath="/usr/lib:/lib:/usr/local/lib"
|
blibpath="/usr/lib:/lib:/usr/local/lib"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
*-*-linux*)
|
|
||||||
;;
|
|
||||||
esac
|
esac
|
||||||
|
|
||||||
dnl Allow user to specify flags
|
dnl Allow user to specify flags
|
||||||
@ -118,6 +116,10 @@ AC_PROG_CPP
|
|||||||
AC_PROG_INSTALL
|
AC_PROG_INSTALL
|
||||||
AC_PROG_LN_S
|
AC_PROG_LN_S
|
||||||
AC_PROG_MAKE_SET
|
AC_PROG_MAKE_SET
|
||||||
|
AM_PROG_LEX
|
||||||
|
AC_PATH_PROG(TEST_MINUS_S_SH, bash)
|
||||||
|
AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
|
||||||
|
AC_PATH_PROG(TEST_MINUS_S_SH, sh)
|
||||||
|
|
||||||
dnl Special check for pthread support.
|
dnl Special check for pthread support.
|
||||||
ACX_PTHREAD(
|
ACX_PTHREAD(
|
||||||
@ -138,10 +140,12 @@ dnl Automatically update the libtool script if it becomes out-of-date.
|
|||||||
|
|
||||||
dnl Checks for header files.
|
dnl Checks for header files.
|
||||||
AC_HEADER_STDC
|
AC_HEADER_STDC
|
||||||
AC_CHECK_HEADERS([errno.h fcntl.h malloc.h stdlib.h string.h sys/time.h unistd.h syslog.h getopt.h security/pam_appl.h security/_pam_macros.h readline/readline.h])
|
AC_HEADER_SYS_WAIT
|
||||||
|
AC_CHECK_HEADERS([errno.h fcntl.h malloc.h stdlib.h string.h sys/time.h unistd.h syslog.h utmp.h getopt.h ecurity/pam_appl.h security/_pam_macros.h readline/readline.h])
|
||||||
|
|
||||||
dnl Checks for typedefs, structures, and compiler characteristics.
|
dnl Checks for typedefs, structures, and compiler characteristics.
|
||||||
AC_C_CONST
|
AC_C_CONST
|
||||||
|
AC_TYPE_UID_T
|
||||||
AC_TYPE_SIZE_T
|
AC_TYPE_SIZE_T
|
||||||
AC_HEADER_TIME
|
AC_HEADER_TIME
|
||||||
|
|
||||||
@ -157,12 +161,14 @@ AC_FUNC_MALLOC
|
|||||||
AC_FUNC_MEMCMP
|
AC_FUNC_MEMCMP
|
||||||
AC_FUNC_STAT
|
AC_FUNC_STAT
|
||||||
AC_FUNC_VPRINTF
|
AC_FUNC_VPRINTF
|
||||||
AC_CHECK_FUNCS([getpass gettimeofday memset mkdir strdup strerror])
|
AC_CHECK_FUNCS([getpass gettimeofday memset mkdir strdup strerror setutent])
|
||||||
|
|
||||||
dnl C Compiler features
|
dnl C Compiler features
|
||||||
AC_C_INLINE
|
AC_C_INLINE
|
||||||
if test "$GCC" = "yes"; then
|
if test "$GCC" = "yes"; then
|
||||||
CFLAGS="$CFLAGS -Wall -Werror"
|
CFLAGS="$CFLAGS -Wall"
|
||||||
|
# Disabled until lex-parse.l doesn't give us a warning
|
||||||
|
# -Werror
|
||||||
fi
|
fi
|
||||||
|
|
||||||
dnl OS specific options
|
dnl OS specific options
|
||||||
@ -256,6 +262,197 @@ if (test ! -z "$ac_cv_commondir" && test "x$ac_cv_commondir" != "x(system)") ; t
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
AC_SUBST(LIBDL)
|
||||||
|
AC_CHECK_LIB(dl, dlopen, [LIBDL="$LIBDL -ldl" ac_cv_func_dlopen_ldl=yes], ac_cv_func_dlopen_ldl=no)
|
||||||
|
|
||||||
|
AC_SUBST(LIBREADLINE)
|
||||||
|
# libreadline will also need libtermcap on some OSes
|
||||||
|
saved_LIBS="$LIBS"
|
||||||
|
for add in "" "-ltermcap"; do
|
||||||
|
if test "X$add" != "X"; then
|
||||||
|
AC_MSG_CHECKING([whether -lreadline requires $add])
|
||||||
|
fi
|
||||||
|
LIBS="$saved_LIBS $add"
|
||||||
|
unset ac_cv_lib_readline_readline
|
||||||
|
AC_CHECK_LIB(readline, readline, [
|
||||||
|
LIBREADLINE="-lreadline $add"
|
||||||
|
ac_cv_func_readline_lreadline=yes
|
||||||
|
], ac_cv_func_readline_lreadline=no)
|
||||||
|
test "$ac_cv_func_readline_lreadline" = yes && break
|
||||||
|
done
|
||||||
|
|
||||||
|
LIBS="$LIBS $LIBREADLINE"
|
||||||
|
AC_CHECK_FUNCS(readline)
|
||||||
|
LIBS="$saved_LIBS"
|
||||||
|
|
||||||
|
#
|
||||||
|
# We check for various libraries
|
||||||
|
# - SysVr4 style of "-lsocket" at first (unless in libc)
|
||||||
|
# The hallmark is connect() routine (we presume)
|
||||||
|
#
|
||||||
|
AC_SUBST(LIBSOCKET)dnl
|
||||||
|
ac_cv_libsocket_both=1
|
||||||
|
AC_CHECK_FUNC(connect, ac_cv_libsocket_both=0)
|
||||||
|
AC_CHECK_FUNC(gethostbyname, ac_cv_libsocket_both=0)
|
||||||
|
if test "$ac_cv_libsocket_both" = 1 ; then
|
||||||
|
# Check cache
|
||||||
|
if test "$ac_cv_func_socket_lsocket" = yes ; then
|
||||||
|
AC_MSG_RESULT([need -lsocket library (cached)])
|
||||||
|
LIBSOCKET="-lsocket"
|
||||||
|
if test "$ac_cv_func_gethostbyname_lnsl" = yes ; then
|
||||||
|
LIBSOCKET="-lsocket -lnsl"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
# Well, will this work ? SysVR4, but not Sun Solaris ?
|
||||||
|
AC_CHECK_LIB(socket, connect, [LIBSOCKET="-lsocket"
|
||||||
|
ac_cv_func_socket_lsocket=yes],
|
||||||
|
ac_cv_func_socket_lsocket=no)
|
||||||
|
if test "$ac_cv_func_socket_lsocket" = yes ; then
|
||||||
|
t_oldLibs="$LIBS"
|
||||||
|
LIBS="$LIBS -lsocket $LIBRESOLV"
|
||||||
|
AC_TRY_LINK([],[gethostbyname();], ,[
|
||||||
|
LIBS="$LIBS -lnsl" # Add this Solaris library..
|
||||||
|
AC_TRY_LINK([],[gethostbyname();],[
|
||||||
|
LIBSOCKET="-lsocket -lnsl"
|
||||||
|
ac_cv_func_gethostbyname_lnsl=yes
|
||||||
|
], [
|
||||||
|
AC_MSG_ERROR([Weird, '$LIBS' not enough to find gethostbyname() ?!])
|
||||||
|
])
|
||||||
|
])
|
||||||
|
LIBS="$t_oldLibs"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
AC_SUBST(LIBRESOLV)dnl
|
||||||
|
if test "x$LIBRESOLV" = "x"; then
|
||||||
|
# Ok, No -lresolv, is this enough for the _res to appear ?
|
||||||
|
t_oldLibs="$LIBS"
|
||||||
|
LIBS="$LIBS $LIBSOCKET"
|
||||||
|
ac_cv_var__res_options=no
|
||||||
|
# This following is for IRIX6.4, and I sincerely hope it
|
||||||
|
# will not fail on other systems... It did! It did!
|
||||||
|
# Many systems don't have idemponent headers, they need specific
|
||||||
|
# includes before latter ones, or the latter ones won't be successful...
|
||||||
|
AC_TRY_LINK([#include <sys/types.h>
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#include <netinet/in.h>
|
||||||
|
#include <arpa/nameser.h>
|
||||||
|
#include <resolv.h>],
|
||||||
|
[_res.options = RES_INIT;],
|
||||||
|
ac_cv_var__res_options=yes);
|
||||||
|
if test "$ac_cv_var__res_options" != "yes"; then
|
||||||
|
LIBRESOLV="-lresolv"
|
||||||
|
fi
|
||||||
|
LIBS="$t_oldLibs"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# See about the routines that possibly exist at the libraries..
|
||||||
|
LIBS="$t_oldLibs $LIBSOCKET"
|
||||||
|
AC_CHECK_FUNCS(socket socketpair)
|
||||||
|
LIBS="$t_oldLibs"
|
||||||
|
|
||||||
|
if test "$ac_cv_func_socket" = no -a "$LIBSOCKET" != ""; then
|
||||||
|
LIBS="$LIBS $LIBSOCKET"
|
||||||
|
AC_TRY_LINK([],[socket();], ac_cv_func_socket=yes)
|
||||||
|
if test $ac_cv_func_socket = yes; then
|
||||||
|
AC_DEFINE(HAVE_SOCKET, 1, [Have socket])
|
||||||
|
fi
|
||||||
|
LIBS="$t_oldLibs"
|
||||||
|
fi
|
||||||
|
if test "$ac_cv_func_socketpair" = no -a "$LIBSOCKET" != ""; then
|
||||||
|
LIBS="$LIBS $LIBSOCKET"
|
||||||
|
AC_TRY_LINK([],[socketpair();], ac_cv_func_socketpair=yes)
|
||||||
|
if test $ac_cv_func_socketpair = yes; then
|
||||||
|
AC_DEFINE(HAVE_SOCKETPAIR, 1, [Have socketpair])
|
||||||
|
fi
|
||||||
|
LIBS="$t_oldLibs"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Always link lib{socket,nsl,resolv) if found, sigh.
|
||||||
|
LIBS="$LIBS $LIBSOCKET $LIBRESOLV"
|
||||||
|
|
||||||
|
AC_ARG_WITH(flex-dir,
|
||||||
|
[ --with-flex-dir=PATH Specify path to flex installation],
|
||||||
|
[
|
||||||
|
if test "x$withval" != "xno" ; then
|
||||||
|
tryflexdir=$withval
|
||||||
|
fi
|
||||||
|
]
|
||||||
|
)
|
||||||
|
|
||||||
|
saved_LDFLAGS="$LDFLAGS"
|
||||||
|
saved_CPPFLAGS="$CPPFLAGS"
|
||||||
|
AC_SUBST(LIBFL)
|
||||||
|
AC_CACHE_CHECK([for flex directory], ac_cv_flexdir, [
|
||||||
|
for flexdir in $tryflexdir "" /usr/local/flex /usr/lib/flex /usr/local/flex /usr/lib/flex /usr/local /usr/pkg /opt /opt/flex ; do
|
||||||
|
# Skip directories if they don't exist
|
||||||
|
if test ! -z "$flexdir" -a ! -d "$flexdir" ; then
|
||||||
|
continue;
|
||||||
|
fi
|
||||||
|
|
||||||
|
LIBFL="-lfl"
|
||||||
|
CPPFLAGS="$saved_CPPFLAGS"
|
||||||
|
LDFLAGS="$saved_LDFLAGS"
|
||||||
|
if test ! -z "$flexdir" -a "x$flexdir" != "x/usr"; then
|
||||||
|
# Try to use $flexdir/lib if it exists, otherwise
|
||||||
|
# $flexdir
|
||||||
|
if test -d "$flexdir/lib" ; then
|
||||||
|
LDFLAGS="-L$flexdir/lib $saved_LDFLAGS"
|
||||||
|
if test ! -z "$need_dash_r" ; then
|
||||||
|
LDFLAGS="-R$flexdir/lib $LDFLAGS"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
LDFLAGS="-L$flexdir $saved_LDFLAGS"
|
||||||
|
if test ! -z "$need_dash_r" ; then
|
||||||
|
LDFLAGS="-R$flexdir $LDFLAGS"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
# Try to use $flexdir/include if it exists, otherwise
|
||||||
|
# $flexdir
|
||||||
|
if test -d "$flexdir/include" ; then
|
||||||
|
CPPFLAGS="-I$flexdir/include $saved_CPPFLAGS"
|
||||||
|
else
|
||||||
|
CPPFLAGS="-I$flexdir $saved_CPPFLAGS"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
break;
|
||||||
|
done
|
||||||
|
|
||||||
|
if test -z "$flexdir" ; then
|
||||||
|
flexdir="(system)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
ac_cv_flexdir=$flexdir
|
||||||
|
])
|
||||||
|
|
||||||
|
if (test ! -z "$ac_cv_flexdir" && test "x$ac_cv_flexdir" != "x(system)") ; then
|
||||||
|
dnl Need to recover flexdir - test above runs in subshell
|
||||||
|
flexdir=$ac_cv_flexdir
|
||||||
|
if test ! -z "$flexdir" -a "x$flexdir" != "x/usr"; then
|
||||||
|
# Try to use $flexdir/lib if it exists, otherwise
|
||||||
|
# $flexdir
|
||||||
|
if test -d "$flexdir/lib" ; then
|
||||||
|
LDFLAGS="-L$flexdir/lib $saved_LDFLAGS"
|
||||||
|
if test ! -z "$need_dash_r" ; then
|
||||||
|
LDFLAGS="-R$flexdir/lib $LDFLAGS"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
LDFLAGS="-L$flexdir $saved_LDFLAGS"
|
||||||
|
if test ! -z "$need_dash_r" ; then
|
||||||
|
LDFLAGS="-R$flexdir $LDFLAGS"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
# Try to use $flexdir/include if it exists, otherwise
|
||||||
|
# $flexdir
|
||||||
|
if test -d "$flexdir/include" ; then
|
||||||
|
CPPFLAGS="-I$flexdir/include $saved_CPPFLAGS"
|
||||||
|
else
|
||||||
|
CPPFLAGS="-I$flexdir $saved_CPPFLAGS"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
AC_SUBST(CFLAGS_PCSC)
|
AC_SUBST(CFLAGS_PCSC)
|
||||||
AC_SUBST(LIBPCSC)
|
AC_SUBST(LIBPCSC)
|
||||||
LIBPCSC="-lpcsclite"
|
LIBPCSC="-lpcsclite"
|
||||||
@ -312,29 +509,6 @@ fi
|
|||||||
LIBS="$saved_LIBS"
|
LIBS="$saved_LIBS"
|
||||||
AM_CONDITIONAL(HAVE_PCSCLITE, test "x$ac_cv_lib_pcsclite_SCardEstablishContext" = "xyes")
|
AM_CONDITIONAL(HAVE_PCSCLITE, test "x$ac_cv_lib_pcsclite_SCardEstablishContext" = "xyes")
|
||||||
|
|
||||||
AC_SUBST(LIBDL)
|
|
||||||
AC_CHECK_LIB(dl, dlopen, [LIBDL="$LIBDL -ldl" ac_cv_func_dlopen_ldl=yes], ac_cv_func_dlopen_ldl=no)
|
|
||||||
|
|
||||||
AC_SUBST(LIBREADLINE)
|
|
||||||
# libreadline will also need libtermcap on some OSes
|
|
||||||
saved_LIBS="$LIBS"
|
|
||||||
for add in "" "-ltermcap"; do
|
|
||||||
if test "X$add" != "X"; then
|
|
||||||
AC_MSG_CHECKING([whether -lreadline requires $add])
|
|
||||||
fi
|
|
||||||
LIBS="$saved_LIBS $add"
|
|
||||||
unset ac_cv_lib_readline_readline
|
|
||||||
AC_CHECK_LIB(readline, readline, [
|
|
||||||
LIBREADLINE="-lreadline $add"
|
|
||||||
ac_cv_func_readline_lreadline=yes
|
|
||||||
], ac_cv_func_readline_lreadline=no)
|
|
||||||
test "$ac_cv_func_readline_lreadline" = yes && break
|
|
||||||
done
|
|
||||||
|
|
||||||
LIBS="$LIBS $LIBREADLINE"
|
|
||||||
AC_CHECK_FUNCS(readline)
|
|
||||||
LIBS="$saved_LIBS"
|
|
||||||
|
|
||||||
dnl The big search for OpenSSL
|
dnl The big search for OpenSSL
|
||||||
AC_ARG_WITH(ssl-dir,
|
AC_ARG_WITH(ssl-dir,
|
||||||
[ --with-ssl-dir=PATH Specify path to OpenSSL installation],
|
[ --with-ssl-dir=PATH Specify path to OpenSSL installation],
|
||||||
@ -453,6 +627,85 @@ if test "x$SSL_MSG" = "xyes" ; then
|
|||||||
fi
|
fi
|
||||||
AM_CONDITIONAL(HAVE_SSL, test "x$SSL_MSG" = "xyes")
|
AM_CONDITIONAL(HAVE_SSL, test "x$SSL_MSG" = "xyes")
|
||||||
|
|
||||||
|
AC_ARG_WITH(pam-dir,
|
||||||
|
[ --with-pam-dir=PATH Specify path for PAM installation libraries],
|
||||||
|
[
|
||||||
|
if test "x$withval" != "xno" ; then
|
||||||
|
trypamdir=$withval
|
||||||
|
fi
|
||||||
|
]
|
||||||
|
)
|
||||||
|
|
||||||
|
saved_LDFLAGS="$LDFLAGS"
|
||||||
|
saved_CPPFLAGS="$CPPFLAGS"
|
||||||
|
AC_CACHE_CHECK([for pam directory], ac_cv_pamdir, [
|
||||||
|
for pamdir in $trypamdir "" /usr/local /usr/pkg /opt ; do
|
||||||
|
# Skip directories if they don't exist
|
||||||
|
if test ! -z "$pamdir" -a ! -d "$pamdir" ; then
|
||||||
|
continue;
|
||||||
|
fi
|
||||||
|
|
||||||
|
CPPFLAGS="$saved_CPPFLAGS"
|
||||||
|
LDFLAGS="$saved_LDFLAGS"
|
||||||
|
if test ! -z "$pamdir" -a "x$pamdir" != "x/usr"; then
|
||||||
|
# Try to use $pamdir/lib if it exists, otherwise
|
||||||
|
# $pamdir
|
||||||
|
if test -d "$pamdir/lib" ; then
|
||||||
|
LDFLAGS="-L$pamdir/lib $saved_LDFLAGS"
|
||||||
|
if test ! -z "$need_dash_r" ; then
|
||||||
|
LDFLAGS="-R$pamdir/lib $LDFLAGS"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
LDFLAGS="-L$pamdir $saved_LDFLAGS"
|
||||||
|
if test ! -z "$need_dash_r" ; then
|
||||||
|
LDFLAGS="-R$pamdir $LDFLAGS"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
# Try to use $pamdir/include if it exists, otherwise
|
||||||
|
# $pamdir
|
||||||
|
if test -d "$pamdir/include" ; then
|
||||||
|
CPPFLAGS="-I$pamdir/include $saved_CPPFLAGS"
|
||||||
|
else
|
||||||
|
CPPFLAGS="-I$pamdir $saved_CPPFLAGS"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
break;
|
||||||
|
done
|
||||||
|
|
||||||
|
if test -z "$pamdir" ; then
|
||||||
|
pamdir="(system)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
ac_cv_pamdir=$pamdir
|
||||||
|
])
|
||||||
|
|
||||||
|
if (test ! -z "$ac_cv_pamdir" && test "x$ac_cv_pamdir" != "x(system)") ; then
|
||||||
|
dnl Need to recover pamdir - test above runs in subshell
|
||||||
|
pamdir=$ac_cv_pamdir
|
||||||
|
if test ! -z "$pamdir" -a "x$pamdir" != "x/usr"; then
|
||||||
|
# Try to use $pamdir/lib if it exists, otherwise
|
||||||
|
# $pamdir
|
||||||
|
if test -d "$pamdir/lib" ; then
|
||||||
|
LDFLAGS="-L$pamdir/lib $saved_LDFLAGS"
|
||||||
|
if test ! -z "$need_dash_r" ; then
|
||||||
|
LDFLAGS="-R$pamdir/lib $LDFLAGS"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
LDFLAGS="-L$pamdir $saved_LDFLAGS"
|
||||||
|
if test ! -z "$need_dash_r" ; then
|
||||||
|
LDFLAGS="-R$pamdir $LDFLAGS"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
# Try to use $pamdir/include if it exists, otherwise
|
||||||
|
# $pamdir
|
||||||
|
if test -d "$pamdir/include" ; then
|
||||||
|
CPPFLAGS="-I$pamdir/include $saved_CPPFLAGS"
|
||||||
|
else
|
||||||
|
CPPFLAGS="-I$pamdir $saved_CPPFLAGS"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
dnl Check for PAM libs
|
dnl Check for PAM libs
|
||||||
PAM_MSG="no"
|
PAM_MSG="no"
|
||||||
no_pam=""
|
no_pam=""
|
||||||
@ -505,6 +758,162 @@ LIBS="$saved_LIBS"
|
|||||||
AM_CONDITIONAL(HAVE_PAM, test "x$PAM_MSG" = "xyes")
|
AM_CONDITIONAL(HAVE_PAM, test "x$PAM_MSG" = "xyes")
|
||||||
AM_CONDITIONAL(HAVE_PAM_AND_SSL, test "x$PAM_MSG" = "xyes" -a "x$SSL_MSG" = "xyes")
|
AM_CONDITIONAL(HAVE_PAM_AND_SSL, test "x$PAM_MSG" = "xyes" -a "x$SSL_MSG" = "xyes")
|
||||||
|
|
||||||
|
dnl Check for SIA libs
|
||||||
|
AC_SUBST(LIBSIA)
|
||||||
|
SIA_MSG="no"
|
||||||
|
no_osfsia=""
|
||||||
|
AC_MSG_CHECKING([SIA support])
|
||||||
|
AC_ARG_WITH(osfsia,
|
||||||
|
[ --with-osfsia Enable Digital Unix SIA],
|
||||||
|
[
|
||||||
|
if test "x$withval" = "xno" ; then
|
||||||
|
AC_MSG_RESULT(disabled)
|
||||||
|
no_osfsia=1
|
||||||
|
fi
|
||||||
|
],
|
||||||
|
)
|
||||||
|
if test -z "$no_osfsia" ; then
|
||||||
|
if test -f /etc/sia/matrix.conf; then
|
||||||
|
AC_MSG_RESULT(yes)
|
||||||
|
AC_DEFINE(HAVE_OSF_SIA, 1, [Have Digital Unix SIA])
|
||||||
|
LIBSIA="$LIBSIA -lsecurity -ldb -lm -laud"
|
||||||
|
SIA_MSG="yes"
|
||||||
|
else
|
||||||
|
AC_MSG_RESULT(no)
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
AM_CONDITIONAL(HAVE_SIA, test "x$SIA_MSG" = "xyes")
|
||||||
|
|
||||||
|
# Check for user-specified random device, otherwise check /dev/urandom
|
||||||
|
AC_ARG_WITH(random,
|
||||||
|
[ --with-random=FILE read entropy from FILE (default=/dev/urandom)],
|
||||||
|
[
|
||||||
|
if test "x$withval" != "xno" ; then
|
||||||
|
RANDOM_POOL="$withval";
|
||||||
|
AC_DEFINE_UNQUOTED(RANDOM_POOL, "$RANDOM_POOL", [Location of random number pool])
|
||||||
|
fi
|
||||||
|
],
|
||||||
|
[
|
||||||
|
# Check for random device
|
||||||
|
AC_CHECK_FILE("/dev/urandom",
|
||||||
|
[
|
||||||
|
RANDOM_POOL="/dev/urandom";
|
||||||
|
AC_SUBST(RANDOM_POOL)
|
||||||
|
AC_DEFINE_UNQUOTED(RANDOM_POOL, "$RANDOM_POOL", [Location of random number pool])
|
||||||
|
]
|
||||||
|
)
|
||||||
|
]
|
||||||
|
)
|
||||||
|
|
||||||
|
# Check for PRNGD/EGD pool file
|
||||||
|
AC_ARG_WITH(prngd-port,
|
||||||
|
[ --with-prngd-port=PORT read entropy from PRNGD/EGD localhost:PORT],
|
||||||
|
[
|
||||||
|
if test ! -z "$withval" -a "x$withval" != "xno" ; then
|
||||||
|
PRNGD_PORT="$withval"
|
||||||
|
AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT, [Port number of PRNGD/EGD random number socket])
|
||||||
|
fi
|
||||||
|
]
|
||||||
|
)
|
||||||
|
|
||||||
|
# Check for PRNGD/EGD pool file
|
||||||
|
AC_ARG_WITH(prngd-socket,
|
||||||
|
[ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
|
||||||
|
[
|
||||||
|
if test "x$withval" != "xno" ; then
|
||||||
|
PRNGD_SOCKET="$withval"
|
||||||
|
AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET", [Location of PRNGD/EGD random number socket])
|
||||||
|
fi
|
||||||
|
],
|
||||||
|
[
|
||||||
|
# Check for existing socket only if we don't have a random device already
|
||||||
|
if test -z "$RANDOM_POOL" ; then
|
||||||
|
AC_MSG_CHECKING(for PRNGD/EGD socket)
|
||||||
|
# Insert other locations here
|
||||||
|
for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy /tmp/entropy; do
|
||||||
|
if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
|
||||||
|
PRNGD_SOCKET="$sock"
|
||||||
|
AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET", [Location of PRNGD/EGD random number socket])
|
||||||
|
break;
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
if test ! -z "$PRNGD_SOCKET" ; then
|
||||||
|
AC_MSG_RESULT($PRNGD_SOCKET)
|
||||||
|
else
|
||||||
|
AC_MSG_RESULT(not found)
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
]
|
||||||
|
)
|
||||||
|
|
||||||
|
### BEGIN LDAP SPECIFIC OPTIONS
|
||||||
|
dnl ldap autoconf magic partly taken from pam_ldap
|
||||||
|
|
||||||
|
dnl --enable-ldap option.
|
||||||
|
AC_ARG_ENABLE(ldap,
|
||||||
|
[ --enable-ldap enable use of LDAP for authentication. [default=yes]],
|
||||||
|
, enable_ldap=yes)
|
||||||
|
AC_ARG_ENABLE(ssl, [ --disable-ssl disable SSL/TSL support for ldap])
|
||||||
|
AC_ARG_WITH(ldap-lib, [ --with-ldap-lib=type select ldap library [auto|netscape5|netscape4|netscape3|umich|openldap]])
|
||||||
|
AC_ARG_WITH(ldap-dir, [ --with-ldap-dir=DIR base directory of ldap SDK])
|
||||||
|
|
||||||
|
AC_SUBST(LIBLDAP)
|
||||||
|
LDAP_MSG="no"
|
||||||
|
if (test x$enable_ldap = xyes); then
|
||||||
|
if test -n "$with_ldap_dir"; then
|
||||||
|
CPPFLAGS="$CPPFLAGS -I$with_ldap_dir/include"
|
||||||
|
LDFLAGS="$LDFLAGS -L$with_ldap_dir/lib"
|
||||||
|
case "$target_os" in
|
||||||
|
solaris*) LDFLAGS="$LDFLAGS -Wl,-R$with_ldap_dir/lib" ;;
|
||||||
|
*) LDFLAGS="$LDFLAGS -Wl,-rpath,$with_ldap_dir/lib" ;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
|
||||||
|
AC_CHECK_HEADERS(lber.h ldap.h ldap_ssl.h)
|
||||||
|
|
||||||
|
dnl check which ldap library we have
|
||||||
|
if test -z "$with_ldap_lib"; then
|
||||||
|
with_ldap_lib=auto
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = umich -o $with_ldap_lib = openldap \); then
|
||||||
|
AC_CHECK_LIB(lber, ber_init, LIBLDAP="-llber $LIBLDAP" found_lber_lib=yes)
|
||||||
|
saved_LIBS="$LIBS"
|
||||||
|
LIBS="$LIBS $LIBLDAP"
|
||||||
|
AC_CHECK_LIB(ldap, ldap_search, LIBLDAP="-lldap $LIBLDAP" found_ldap_lib=yes)
|
||||||
|
LIBS="$saved_LIBS"
|
||||||
|
fi
|
||||||
|
if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape5 \); then
|
||||||
|
AC_CHECK_LIB(ldap50, ldap_search, LIBLDAP="-lldap50 -lssldap50 -lssl3 -lnss3 -lnspr4 -lprldap50 -lplc4 -lplds4 $LIBLDAP" found_ldap_lib=yes need_pthread=true,, -lpthread)
|
||||||
|
fi
|
||||||
|
if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape4 \); then
|
||||||
|
AC_CHECK_LIB(ldapssl41, ldap_search, LIBLDAP="-lldapssl41 -lplc3 -lplds3 -lnspr3 $LIBLDAP" found_ldap_lib=yes need_pthread=true,, -lpthread)
|
||||||
|
if test -z "$found_ldap_lib"; then
|
||||||
|
AC_CHECK_LIB(ldapssl40, ldap_search, LIBLDAP="-lldapssl40 $LIBLDAP" found_ldap_lib=yes need_pthread=true,, -lpthread)
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape3 \); then
|
||||||
|
AC_CHECK_LIB(ldapssl30, ldap_search, LIBLDAP="-lldapssl30 $LIBLDAP" found_ldap_lib=yes need_pthread=true,, -lpthread)
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test -n "$found_ldap_lib"; then
|
||||||
|
AC_DEFINE(LDAP_REFERRALS,1,[This is needed for the native Solaris LDAP SDK])
|
||||||
|
AC_DEFINE(HAVE_LDAP, 1, [Use LDAP for authentication etc.])
|
||||||
|
LDAP_MSG="yes"
|
||||||
|
|
||||||
|
saved_LIBS="$LIBS"
|
||||||
|
LIBS="$LIBS $LIBLDAP"
|
||||||
|
AC_CHECK_FUNCS(ldap_init)
|
||||||
|
if test "$enable_ssl" \!= "no"; then
|
||||||
|
AC_CHECK_FUNCS(ldapssl_init ldap_start_tls_s ldap_pvt_tls_set_option)
|
||||||
|
fi
|
||||||
|
LIBS="$saved_LIBS"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
AM_CONDITIONAL(HAVE_LDAP, test "x$LDAP_MSG" = "xyes")
|
||||||
|
### END LDAP SPECIFIC OPTIONS
|
||||||
|
|
||||||
dnl Enable/disable debugging messages.
|
dnl Enable/disable debugging messages.
|
||||||
AC_ARG_ENABLE(debug,
|
AC_ARG_ENABLE(debug,
|
||||||
[ --enable-debug enable debug messages. [default=no]],
|
[ --enable-debug enable debug messages. [default=no]],
|
||||||
@ -513,6 +922,20 @@ if (test x$enable_debug = xyes); then
|
|||||||
AC_DEFINE(DEBUG, 1, [Enable debug messages.])
|
AC_DEFINE(DEBUG, 1, [Enable debug messages.])
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if test "x$prefix" = xNONE; then
|
||||||
|
prefix=$ac_default_prefix
|
||||||
|
fi
|
||||||
|
|
||||||
|
AC_SUBST(LIBSCCONF)
|
||||||
|
LIBSCCONF="\${top_srcdir}/src/scconf/libscconf.la"
|
||||||
|
AC_SUBST(LIBSCLDAP)
|
||||||
|
LIBSCLDAP="\${top_srcdir}/src/scldap/libscldap.la"
|
||||||
|
AC_SUBST(LIBSCRANDOM)
|
||||||
|
LIBSCRANDOM="\${top_srcdir}/src/scrandom/libscrandom.la"
|
||||||
|
|
||||||
|
scldap_etc_path=`eval echo ${sysconfdir}` ; scldap_etc_path=`eval echo ${scldap_etc_path}`
|
||||||
|
AC_DEFINE_UNQUOTED(SCLDAP_ETC_PATH_CUSTOM, "$scldap_etc_path", [etc path for scldap])
|
||||||
|
|
||||||
AC_SUBST(CFLAGS_OPENSC)
|
AC_SUBST(CFLAGS_OPENSC)
|
||||||
CFLAGS_OPENSC="-I\${top_srcdir}/src/libopensc"
|
CFLAGS_OPENSC="-I\${top_srcdir}/src/libopensc"
|
||||||
AC_SUBST(LIBOPENSC)
|
AC_SUBST(LIBOPENSC)
|
||||||
@ -537,19 +960,40 @@ src/openssh/Makefile
|
|||||||
src/pam/Makefile
|
src/pam/Makefile
|
||||||
src/pkcs11/Makefile
|
src/pkcs11/Makefile
|
||||||
src/pkcs11/rsaref/Makefile
|
src/pkcs11/rsaref/Makefile
|
||||||
|
src/scam/Makefile
|
||||||
|
src/scconf/Makefile
|
||||||
|
src/scldap/Makefile
|
||||||
|
src/scldap/etc/Makefile
|
||||||
|
src/scrandom/Makefile
|
||||||
|
src/sia/Makefile
|
||||||
src/tests/Makefile
|
src/tests/Makefile
|
||||||
src/tools/Makefile
|
src/tools/Makefile
|
||||||
])
|
])
|
||||||
|
|
||||||
|
if test ! -z "$RANDOM_POOL" ; then
|
||||||
|
RAND_MSG="device ($RANDOM_POOL)"
|
||||||
|
else
|
||||||
|
if test ! -z "$PRNGD_PORT" ; then
|
||||||
|
RAND_MSG="PRNGD/EGD (port localhost:$PRNGD_PORT)"
|
||||||
|
elif test ! -z "$PRNGD_SOCKET" ; then
|
||||||
|
RAND_MSG="PRNGD/EGD (socket $PRNGD_SOCKET)"
|
||||||
|
else
|
||||||
|
RAND_MSG="Builtin kluge"
|
||||||
|
BUILTIN_RNG=1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
dnl Someone please show me a better way :)
|
dnl Someone please show me a better way :)
|
||||||
A=`eval echo ${prefix}` ; A=`eval echo ${A}`
|
A=`eval echo ${prefix}` ; A=`eval echo ${A}`
|
||||||
B=`eval echo ${bindir}` ; B=`eval echo ${B}`
|
B=`eval echo ${bindir}` ; B=`eval echo ${B}`
|
||||||
|
C=`eval echo ${sysconfdir}` ; C=`eval echo ${C}`
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "OpenSC has been configured with the following options"
|
echo "OpenSC has been configured with the following options"
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "User binaries: ${B}"
|
echo "User binaries: ${B}"
|
||||||
|
echo "Configuration files: ${C}"
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "Host: ${host}"
|
echo "Host: ${host}"
|
||||||
@ -560,7 +1004,18 @@ echo "Linker flags: ${LDFLAGS}"
|
|||||||
echo "Libraries: ${LIBS}"
|
echo "Libraries: ${LIBS}"
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
|
echo "Random number collection: ${RAND_MSG}"
|
||||||
echo "OpenSSL support: ${SSL_MSG}"
|
echo "OpenSSL support: ${SSL_MSG}"
|
||||||
|
echo "LDAP support: ${LDAP_MSG}"
|
||||||
echo "PAM support: ${PAM_MSG}"
|
echo "PAM support: ${PAM_MSG}"
|
||||||
|
echo "SIA support: ${SIA_MSG}"
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
|
if test ! -z "$BUILTIN_RNG" ; then
|
||||||
|
echo "WARNING: you are using the builtin random number service."
|
||||||
|
echo "The random number service is very simple and is only"
|
||||||
|
echo "intended for testing purposes. Please request your OS"
|
||||||
|
echo "vendor to include /dev/random in future versions of"
|
||||||
|
echo "their OS. Or use PRNGD/EGD instead, your choice."
|
||||||
|
fi
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
libdir = ${prefix}/lib/security
|
libdir = ${prefix}/lib/security
|
||||||
|
|
||||||
INCLUDES = @CFLAGS_PCSC@ @CFLAGS_SSP@ @CFLAGS_OPENSC@ -I../scam -I../scconf -I../scrandom -I../scldap
|
INCLUDES = @CFLAGS_PCSC@ @CFLAGS_OPENSC@ -I../scam -I../scconf -I../scrandom -I../scldap
|
||||||
|
|
||||||
if HAVE_LDAP
|
if HAVE_LDAP
|
||||||
LDAP_LTLIBS = @LIBSCLDAP@
|
LDAP_LTLIBS = @LIBSCLDAP@
|
||||||
@ -10,9 +10,9 @@ else
|
|||||||
LDAP_LTLIBS =
|
LDAP_LTLIBS =
|
||||||
endif
|
endif
|
||||||
|
|
||||||
LDFLAGS = @LDFLAGS@ @LIBDL@ @LIBSCRANDOM@ $(LDAP_LTLIBS) @LIBCRYPTO@ @LIBSSP@ @LIBOPENSC@ @LIBPAM@
|
LDFLAGS = @LDFLAGS@ @LIBDL@ @LIBSCRANDOM@ $(LDAP_LTLIBS) @LIBCRYPTO@ @LIBOPENSC@ @LIBPAM@
|
||||||
|
|
||||||
AUTHSRC = ../scam/scam.c ../scam/scam.h ../scam/sp.c ../scam/p15_eid.c ../scam/p15_ldap.c
|
AUTHSRC = ../scam/scam.c ../scam/scam.h ../scam/p15_eid.c ../scam/p15_ldap.c
|
||||||
SRC = $(AUTHSRC) pam_opensc.c pam_support.c pam_support.h
|
SRC = $(AUTHSRC) pam_opensc.c pam_support.c pam_support.h
|
||||||
|
|
||||||
if HAVE_PAM_AND_SSL
|
if HAVE_PAM_AND_SSL
|
||||||
|
@ -28,6 +28,12 @@
|
|||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
|
#include <pwd.h>
|
||||||
|
#include <grp.h>
|
||||||
|
#ifdef HAVE_UTMP_H
|
||||||
|
#include <utmp.h>
|
||||||
|
#endif
|
||||||
|
#include <sys/types.h>
|
||||||
#include "scam.h"
|
#include "scam.h"
|
||||||
|
|
||||||
#define PAM_SM_AUTH
|
#define PAM_SM_AUTH
|
||||||
@ -38,6 +44,41 @@
|
|||||||
static int scam_method = 0;
|
static int scam_method = 0;
|
||||||
static char *auth_method = NULL;
|
static char *auth_method = NULL;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Because getlogin() is braindead and sometimes it just
|
||||||
|
* doesn't work, we reimplement it here.
|
||||||
|
*/
|
||||||
|
static char *get_login(void)
|
||||||
|
{
|
||||||
|
char *user = NULL;
|
||||||
|
#ifdef HAVE_SETUTENT
|
||||||
|
struct utmp *ut = NULL, line;
|
||||||
|
static char curr_user[sizeof(ut->ut_user) + 4];
|
||||||
|
char *curr_tty = NULL;
|
||||||
|
|
||||||
|
curr_tty = ttyname(0);
|
||||||
|
if (curr_tty) {
|
||||||
|
curr_tty += 5;
|
||||||
|
setutent();
|
||||||
|
strncpy(line.ut_line, curr_tty, sizeof line.ut_line);
|
||||||
|
if ((ut = getutline(&line))) {
|
||||||
|
strncpy(curr_user, ut->ut_user, sizeof(ut->ut_user));
|
||||||
|
user = curr_user;
|
||||||
|
}
|
||||||
|
endutent();
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
user = getlogin();
|
||||||
|
#endif
|
||||||
|
#if 1
|
||||||
|
if (!user) {
|
||||||
|
struct passwd *pw_user = getpwuid(geteuid());
|
||||||
|
user = pw_user->pw_name;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
return user;
|
||||||
|
}
|
||||||
|
|
||||||
static void usage(void)
|
static void usage(void)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
@ -159,7 +200,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, con
|
|||||||
/* No remote logins allowed through xdm */
|
/* No remote logins allowed through xdm */
|
||||||
if ((!strcmp(service, "xdm") &&
|
if ((!strcmp(service, "xdm") &&
|
||||||
strcmp(tty, ":0"))) {
|
strcmp(tty, ":0"))) {
|
||||||
log_message("User %s (tty %s) tried remote login through service %s, permission denied.\n", user, tty, service);
|
char buf[256];
|
||||||
|
|
||||||
|
snprintf(buf, 256, "User %s (tty %s) tried remote login through service %s, permission denied.\n", user, tty, service);
|
||||||
|
opensc_pam_log(LOG_NOTICE, pamh, buf);
|
||||||
scam_deinit(scam_method);
|
scam_deinit(scam_method);
|
||||||
return PAM_PERM_DENIED;
|
return PAM_PERM_DENIED;
|
||||||
}
|
}
|
||||||
@ -231,7 +275,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc,
|
|||||||
opensc_pam_log(LOG_CRIT, pamh, "open_session - scam_open_session failed\n");
|
opensc_pam_log(LOG_CRIT, pamh, "open_session - scam_open_session failed\n");
|
||||||
return PAM_SESSION_ERR;
|
return PAM_SESSION_ERR;
|
||||||
}
|
}
|
||||||
opensc_pam_log(LOG_INFO, pamh, "session opened for user %s by %s(uid=%d)\n", user, GetLogin() == NULL ? "" : GetLogin(), getuid());
|
opensc_pam_log(LOG_INFO, pamh, "session opened for user %s by %s(uid=%d)\n", user, get_login() == NULL ? "" : get_login(), getuid());
|
||||||
return PAM_SUCCESS;
|
return PAM_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -25,6 +25,7 @@
|
|||||||
#endif
|
#endif
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
#include <stdarg.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include "pam_support.h"
|
#include "pam_support.h"
|
||||||
@ -60,16 +61,12 @@ int converse(pam_handle_t * pamh, int ctrl, int nargs
|
|||||||
int retval;
|
int retval;
|
||||||
struct pam_conv *conv;
|
struct pam_conv *conv;
|
||||||
|
|
||||||
log_messagex(L_DEBUG, "begin to converse");
|
|
||||||
|
|
||||||
retval = pam_get_item(pamh, PAM_CONV, (PAM_CONST void **) &conv);
|
retval = pam_get_item(pamh, PAM_CONV, (PAM_CONST void **) &conv);
|
||||||
if (retval == PAM_SUCCESS) {
|
if (retval == PAM_SUCCESS) {
|
||||||
|
|
||||||
retval = conv->conv(nargs, (PAM_CONST struct pam_message **) message
|
retval = conv->conv(nargs, (PAM_CONST struct pam_message **) message
|
||||||
,response, conv->appdata_ptr);
|
,response, conv->appdata_ptr);
|
||||||
|
|
||||||
log_messagex(L_DEBUG, "returned from application's conversation function");
|
|
||||||
|
|
||||||
if (retval != PAM_SUCCESS && on(OPENSC_DEBUG, ctrl)) {
|
if (retval != PAM_SUCCESS && on(OPENSC_DEBUG, ctrl)) {
|
||||||
opensc_pam_log(LOG_DEBUG, pamh, "conversation failure [%s]"
|
opensc_pam_log(LOG_DEBUG, pamh, "conversation failure [%s]"
|
||||||
,pam_strerror(pamh, retval));
|
,pam_strerror(pamh, retval));
|
||||||
@ -79,8 +76,6 @@ int converse(pam_handle_t * pamh, int ctrl, int nargs
|
|||||||
,"couldn't obtain conversation function [%s]"
|
,"couldn't obtain conversation function [%s]"
|
||||||
,pam_strerror(pamh, retval));
|
,pam_strerror(pamh, retval));
|
||||||
}
|
}
|
||||||
log_messagex(L_DEBUG, "ready to return from module conversation");
|
|
||||||
|
|
||||||
return retval; /* propagate error status */
|
return retval; /* propagate error status */
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -140,36 +135,28 @@ int _set_ctrl(pam_handle_t * pamh, int flags, char **auth_method, int argc, cons
|
|||||||
{
|
{
|
||||||
unsigned int ctrl;
|
unsigned int ctrl;
|
||||||
|
|
||||||
log_messagex(L_DEBUG, "called.");
|
|
||||||
|
|
||||||
ctrl = OPENSC_DEFAULTS; /* the default selection of options */
|
ctrl = OPENSC_DEFAULTS; /* the default selection of options */
|
||||||
|
|
||||||
/* set some flags manually */
|
/* set some flags manually */
|
||||||
if (getuid() == 0 && !(flags & PAM_CHANGE_EXPIRED_AUTHTOK)) {
|
if (getuid() == 0 && !(flags & PAM_CHANGE_EXPIRED_AUTHTOK)) {
|
||||||
log_messagex(L_DEBUG, "IAMROOT");
|
|
||||||
set(OPENSC__IAMROOT, ctrl);
|
set(OPENSC__IAMROOT, ctrl);
|
||||||
}
|
}
|
||||||
if (flags & PAM_UPDATE_AUTHTOK) {
|
if (flags & PAM_UPDATE_AUTHTOK) {
|
||||||
log_messagex(L_DEBUG, "UPDATE_AUTHTOK");
|
|
||||||
set(OPENSC__UPDATE, ctrl);
|
set(OPENSC__UPDATE, ctrl);
|
||||||
}
|
}
|
||||||
if (flags & PAM_PRELIM_CHECK) {
|
if (flags & PAM_PRELIM_CHECK) {
|
||||||
log_messagex(L_DEBUG, "PRELIM_CHECK");
|
|
||||||
set(OPENSC__PRELIM, ctrl);
|
set(OPENSC__PRELIM, ctrl);
|
||||||
}
|
}
|
||||||
if (flags & PAM_DISALLOW_NULL_AUTHTOK) {
|
if (flags & PAM_DISALLOW_NULL_AUTHTOK) {
|
||||||
log_messagex(L_DEBUG, "DISALLOW_NULL_AUTHTOK");
|
|
||||||
set(OPENSC__NONULL, ctrl);
|
set(OPENSC__NONULL, ctrl);
|
||||||
}
|
}
|
||||||
if (flags & PAM_SILENT) {
|
if (flags & PAM_SILENT) {
|
||||||
log_messagex(L_DEBUG, "SILENT");
|
|
||||||
set(OPENSC__QUIET, ctrl);
|
set(OPENSC__QUIET, ctrl);
|
||||||
}
|
}
|
||||||
/* now parse the arguments to this module */
|
/* now parse the arguments to this module */
|
||||||
while (argc-- > 0) {
|
while (argc-- > 0) {
|
||||||
int j;
|
int j;
|
||||||
|
|
||||||
log_messagex(L_DEBUG, "pam_opensc arg: %s", *argv);
|
|
||||||
for (j = 0; j < OPENSC_CTRLS_; ++j) {
|
for (j = 0; j < OPENSC_CTRLS_; ++j) {
|
||||||
if (opensc_args[j].token
|
if (opensc_args[j].token
|
||||||
&& !strncmp(*argv, opensc_args[j].token, strlen(opensc_args[j].token))) {
|
&& !strncmp(*argv, opensc_args[j].token, strlen(opensc_args[j].token))) {
|
||||||
@ -204,8 +191,6 @@ int _set_ctrl(pam_handle_t * pamh, int flags, char **auth_method, int argc, cons
|
|||||||
set(OPENSC_DEBUG, ctrl);
|
set(OPENSC_DEBUG, ctrl);
|
||||||
}
|
}
|
||||||
/* return the set of flags */
|
/* return the set of flags */
|
||||||
|
|
||||||
log_messagex(L_DEBUG, "done.");
|
|
||||||
#if 0
|
#if 0
|
||||||
print_ctrl(ctrl);
|
print_ctrl(ctrl);
|
||||||
#endif
|
#endif
|
||||||
@ -232,18 +217,9 @@ int _read_password(pam_handle_t * pamh
|
|||||||
,PAM_CONST char *data_name
|
,PAM_CONST char *data_name
|
||||||
,PAM_CONST char **pass)
|
,PAM_CONST char **pass)
|
||||||
{
|
{
|
||||||
int authtok_flag;
|
int authtok_flag, retval;
|
||||||
int retval;
|
PAM_CONST char *item = NULL;
|
||||||
PAM_CONST char *item;
|
char *token = NULL;
|
||||||
char *token;
|
|
||||||
|
|
||||||
log_messagex(L_DEBUG, "called");
|
|
||||||
|
|
||||||
/*
|
|
||||||
* make sure nothing inappropriate gets returned
|
|
||||||
*/
|
|
||||||
|
|
||||||
*pass = token = NULL;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* which authentication token are we getting?
|
* which authentication token are we getting?
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
# Process this file with automake to create Makefile.in
|
# Process this file with automake to create Makefile.in
|
||||||
|
|
||||||
EXTRA_DIST = scam.c scam.h sp.c p15_eid.c p15_ldap.c
|
EXTRA_DIST = scam.c scam.h p15_eid.c p15_ldap.c
|
||||||
|
@ -144,14 +144,14 @@ int p15_eid_init(int argc, const char **argv)
|
|||||||
}
|
}
|
||||||
if (!reader_name) {
|
if (!reader_name) {
|
||||||
for (i = 0; i < ctx->reader_count; i++) {
|
for (i = 0; i < ctx->reader_count; i++) {
|
||||||
log_message("Reader #%d - %s%s\n", i + 1, ctx->reader[i]->name, reader == i ? " (*)" : "");
|
printf("Reader #%d - %s%s\n", i + 1, ctx->reader[i]->name, reader == i ? " (*)" : "");
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
for (i = 0; i < ctx->reader_count; i++) {
|
for (i = 0; i < ctx->reader_count; i++) {
|
||||||
if ((strlen(reader_name) < strlen(ctx->reader[i]->name))) {
|
if ((strlen(reader_name) < strlen(ctx->reader[i]->name))) {
|
||||||
if (!strncmp(reader_name, ctx->reader[i]->name, strlen(reader_name))) {
|
if (!strncmp(reader_name, ctx->reader[i]->name, strlen(reader_name))) {
|
||||||
reader = i;
|
reader = i;
|
||||||
log_message("Reader #%d - %s selected\n", i + 1, ctx->reader[reader]->name);
|
printf("Reader #%d - %s selected\n", i + 1, ctx->reader[reader]->name);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -382,29 +382,31 @@ void p15_eid_deinit(void)
|
|||||||
int p15_eid_open_session(int argc, const char **argv, const char *user)
|
int p15_eid_open_session(int argc, const char **argv, const char *user)
|
||||||
{
|
{
|
||||||
struct passwd *userstr = NULL;
|
struct passwd *userstr = NULL;
|
||||||
|
#ifdef PCSCLITE_SERVER_PATH
|
||||||
uid_t useruid = 65534, uid = 65534;
|
uid_t useruid = 65534, uid = 65534;
|
||||||
gid_t gid = 65534;
|
gid_t gid = 65534;
|
||||||
int r;
|
int r;
|
||||||
|
#endif
|
||||||
|
|
||||||
if (!user) {
|
if (!user) {
|
||||||
log_messagex(L_DEBUG, "No user.\n");
|
scam_fw_p15_eid.printmsg("No user.\n");
|
||||||
return SCAM_FAILED;
|
return SCAM_FAILED;
|
||||||
}
|
}
|
||||||
userstr = getpwnam(user);
|
userstr = getpwnam(user);
|
||||||
if (!userstr) {
|
if (!userstr) {
|
||||||
log_messagex(L_DEBUG, "Can't get user structure. (%s)", user);
|
scam_fw_p15_eid.printmsg("Can't get user structure. (%s)", user);
|
||||||
return SCAM_FAILED;
|
return SCAM_FAILED;
|
||||||
}
|
}
|
||||||
|
#ifdef PCSCLITE_SERVER_PATH
|
||||||
useruid = userstr->pw_uid;
|
useruid = userstr->pw_uid;
|
||||||
r = GetIdentity(&uid, &gid);
|
r = GetIdentity(&uid, &gid);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
scam_fw_p15_eid.logmsg("Could not get uid/gid for pcscd.\n");
|
scam_fw_p15_eid.logmsg("Could not get uid/gid for pcscd.\n");
|
||||||
return SCAM_FAILED;
|
return SCAM_FAILED;
|
||||||
}
|
}
|
||||||
#ifdef PCSCLITE_SERVER_PATH
|
|
||||||
r = chown(PCSCLITE_SERVER_PATH, useruid, gid);
|
r = chown(PCSCLITE_SERVER_PATH, useruid, gid);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_messagex(L_DEBUG, "Opening session failed, cannot chown socket to user %.", user);
|
scam_fw_p15_eid.printmsg("Opening session failed, cannot chown socket to user %.", user);
|
||||||
return SCAM_FAILED;
|
return SCAM_FAILED;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -413,23 +415,25 @@ int p15_eid_open_session(int argc, const char **argv, const char *user)
|
|||||||
|
|
||||||
int p15_eid_close_session(int argc, const char **argv, const char *user)
|
int p15_eid_close_session(int argc, const char **argv, const char *user)
|
||||||
{
|
{
|
||||||
|
#ifdef PCSCLITE_SERVER_PATH
|
||||||
uid_t uid = 65534;
|
uid_t uid = 65534;
|
||||||
gid_t gid = 65534;
|
gid_t gid = 65534;
|
||||||
int r;
|
int r;
|
||||||
|
#endif
|
||||||
|
|
||||||
if (!user) {
|
if (!user) {
|
||||||
log_messagex(L_DEBUG, "No user.\n");
|
scam_fw_p15_eid.printmsg("No user.\n");
|
||||||
return SCAM_FAILED;
|
return SCAM_FAILED;
|
||||||
}
|
}
|
||||||
|
#ifdef PCSCLITE_SERVER_PATH
|
||||||
r = GetIdentity(&uid, &gid);
|
r = GetIdentity(&uid, &gid);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
scam_fw_p15_eid.logmsg("Could not get uid/gid for pcscd.\n");
|
scam_fw_p15_eid.logmsg("Could not get uid/gid for pcscd.\n");
|
||||||
return SCAM_FAILED;
|
return SCAM_FAILED;
|
||||||
}
|
}
|
||||||
#ifdef PCSCLITE_SERVER_PATH
|
|
||||||
r = chown(PCSCLITE_SERVER_PATH, uid, gid);
|
r = chown(PCSCLITE_SERVER_PATH, uid, gid);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_messagex(L_DEBUG, "Closing session failed, cannot chown socket to smartcard user.");
|
scam_fw_p15_eid.printmsg("Closing session failed, cannot chown socket to smartcard user.");
|
||||||
return SCAM_SUCCESS;
|
return SCAM_SUCCESS;
|
||||||
}
|
}
|
||||||
r = CleanupClientSockets();
|
r = CleanupClientSockets();
|
||||||
|
@ -145,14 +145,14 @@ int p15_ldap_init(int argc, const char **argv)
|
|||||||
}
|
}
|
||||||
if (!reader_name) {
|
if (!reader_name) {
|
||||||
for (i = 0; i < ctx->reader_count; i++) {
|
for (i = 0; i < ctx->reader_count; i++) {
|
||||||
log_message("Reader #%d - %s%s\n", i + 1, ctx->reader[i]->name, reader == i ? " (*)" : "");
|
printf("Reader #%d - %s%s\n", i + 1, ctx->reader[i]->name, reader == i ? " (*)" : "");
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
for (i = 0; i < ctx->reader_count; i++) {
|
for (i = 0; i < ctx->reader_count; i++) {
|
||||||
if ((strlen(reader_name) < strlen(ctx->reader[i]->name))) {
|
if ((strlen(reader_name) < strlen(ctx->reader[i]->name))) {
|
||||||
if (!strncmp(reader_name, ctx->reader[i]->name, strlen(reader_name))) {
|
if (!strncmp(reader_name, ctx->reader[i]->name, strlen(reader_name))) {
|
||||||
reader = i;
|
reader = i;
|
||||||
log_message("Reader #%d - %s selected\n", i + 1, ctx->reader[reader]->name);
|
printf("Reader #%d - %s selected\n", i + 1, ctx->reader[reader]->name);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -318,29 +318,31 @@ void p15_ldap_deinit(void)
|
|||||||
int p15_ldap_open_session(int argc, const char **argv, const char *user)
|
int p15_ldap_open_session(int argc, const char **argv, const char *user)
|
||||||
{
|
{
|
||||||
struct passwd *userstr = NULL;
|
struct passwd *userstr = NULL;
|
||||||
|
#ifdef PCSCLITE_SERVER_PATH
|
||||||
uid_t useruid = 65534, uid = 65534;
|
uid_t useruid = 65534, uid = 65534;
|
||||||
gid_t gid = 65534;
|
gid_t gid = 65534;
|
||||||
int r;
|
int r;
|
||||||
|
#endif
|
||||||
|
|
||||||
if (!user) {
|
if (!user) {
|
||||||
log_messagex(L_DEBUG, "No user.\n");
|
scam_fw_p15_ldap.printmsg("No user.\n");
|
||||||
return SCAM_FAILED;
|
return SCAM_FAILED;
|
||||||
}
|
}
|
||||||
userstr = getpwnam(user);
|
userstr = getpwnam(user);
|
||||||
if (!userstr) {
|
if (!userstr) {
|
||||||
log_messagex(L_DEBUG, "Can't get user structure. (%s)", user);
|
scam_fw_p15_ldap.printmsg("Can't get user structure. (%s)", user);
|
||||||
return SCAM_FAILED;
|
return SCAM_FAILED;
|
||||||
}
|
}
|
||||||
|
#ifdef PCSCLITE_SERVER_PATH
|
||||||
useruid = userstr->pw_uid;
|
useruid = userstr->pw_uid;
|
||||||
r = GetIdentity(&uid, &gid);
|
r = GetIdentity(&uid, &gid);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
scam_fw_p15_ldap.logmsg("Could not get uid/gid for pcscd.\n");
|
scam_fw_p15_ldap.logmsg("Could not get uid/gid for pcscd.\n");
|
||||||
return SCAM_FAILED;
|
return SCAM_FAILED;
|
||||||
}
|
}
|
||||||
#ifdef PCSCLITE_SERVER_PATH
|
|
||||||
r = chown(PCSCLITE_SERVER_PATH, useruid, gid);
|
r = chown(PCSCLITE_SERVER_PATH, useruid, gid);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_messagex(L_DEBUG, "Opening session failed, cannot chown socket to user %.", user);
|
scam_fw_p15_ldap.printmsg("Opening session failed, cannot chown socket to user %.", user);
|
||||||
return SCAM_FAILED;
|
return SCAM_FAILED;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -349,23 +351,25 @@ int p15_ldap_open_session(int argc, const char **argv, const char *user)
|
|||||||
|
|
||||||
int p15_ldap_close_session(int argc, const char **argv, const char *user)
|
int p15_ldap_close_session(int argc, const char **argv, const char *user)
|
||||||
{
|
{
|
||||||
|
#ifdef PCSCLITE_SERVER_PATH
|
||||||
uid_t uid = 65534;
|
uid_t uid = 65534;
|
||||||
gid_t gid = 65534;
|
gid_t gid = 65534;
|
||||||
int r;
|
int r;
|
||||||
|
#endif
|
||||||
|
|
||||||
if (!user) {
|
if (!user) {
|
||||||
log_messagex(L_DEBUG, "No user.\n");
|
scam_fw_p15_ldap.printmsg("No user.\n");
|
||||||
return SCAM_FAILED;
|
return SCAM_FAILED;
|
||||||
}
|
}
|
||||||
|
#ifdef PCSCLITE_SERVER_PATH
|
||||||
r = GetIdentity(&uid, &gid);
|
r = GetIdentity(&uid, &gid);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
scam_fw_p15_ldap.logmsg("Could not get uid/gid for pcscd.\n");
|
scam_fw_p15_ldap.logmsg("Could not get uid/gid for pcscd.\n");
|
||||||
return SCAM_FAILED;
|
return SCAM_FAILED;
|
||||||
}
|
}
|
||||||
#ifdef PCSCLITE_SERVER_PATH
|
|
||||||
r = chown(PCSCLITE_SERVER_PATH, uid, gid);
|
r = chown(PCSCLITE_SERVER_PATH, uid, gid);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_messagex(L_DEBUG, "Closing session failed, cannot chown socket to smartcard user.");
|
scam_fw_p15_ldap.printmsg("Closing session failed, cannot chown socket to smartcard user.");
|
||||||
return SCAM_SUCCESS;
|
return SCAM_SUCCESS;
|
||||||
}
|
}
|
||||||
r = CleanupClientSockets();
|
r = CleanupClientSockets();
|
||||||
|
@ -32,7 +32,9 @@
|
|||||||
|
|
||||||
struct scam_framework_ops *scam_frameworks[] =
|
struct scam_framework_ops *scam_frameworks[] =
|
||||||
{
|
{
|
||||||
|
#ifdef HAVE_SCIDI
|
||||||
&scam_fw_sp,
|
&scam_fw_sp,
|
||||||
|
#endif
|
||||||
#ifndef HAVE_LDAP
|
#ifndef HAVE_LDAP
|
||||||
&scam_fw_p15_eid,
|
&scam_fw_p15_eid,
|
||||||
&scam_fw_p15_ldap,
|
&scam_fw_p15_ldap,
|
||||||
|
@ -165,7 +165,8 @@ void scldap_show_parameters(scldap_context * ctx)
|
|||||||
{
|
{
|
||||||
int i, j;
|
int i, j;
|
||||||
|
|
||||||
CHECK_CTX_VOID(ctx);
|
if (!ctx)
|
||||||
|
return;
|
||||||
for (i = 0; i < ctx->entries; i++) {
|
for (i = 0; i < ctx->entries; i++) {
|
||||||
if (ctx->entry[i].entry) {
|
if (ctx->entry[i].entry) {
|
||||||
printf("[%i]->entry=%s\n", i, ctx->entry[i].entry);
|
printf("[%i]->entry=%s\n", i, ctx->entry[i].entry);
|
||||||
@ -187,7 +188,8 @@ void scldap_free_parameters(scldap_context * ctx)
|
|||||||
{
|
{
|
||||||
int i, j;
|
int i, j;
|
||||||
|
|
||||||
CHECK_CTX_VOID(ctx);
|
if (!ctx)
|
||||||
|
return;
|
||||||
if (ctx) {
|
if (ctx) {
|
||||||
for (i = 0; i < ctx->entries; i++) {
|
for (i = 0; i < ctx->entries; i++) {
|
||||||
if (ctx->entry[i].entry) {
|
if (ctx->entry[i].entry) {
|
||||||
@ -245,13 +247,8 @@ void scldap_parse_arguments(scldap_context ** ctx, int argc, const char **argv)
|
|||||||
scldap_context *ptr = *ctx;
|
scldap_context *ptr = *ctx;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
CHECK_CTX_VOID(ptr);
|
if (!ptr || !argv || argc < 0)
|
||||||
|
|
||||||
if (argc < 0)
|
|
||||||
return;
|
return;
|
||||||
if (!argv)
|
|
||||||
return;
|
|
||||||
|
|
||||||
for (i = 0; i < argc; i++) {
|
for (i = 0; i < argc; i++) {
|
||||||
if (argv[i][0] == '-') {
|
if (argv[i][0] == '-') {
|
||||||
char *optarg = (char *) argv[i + 1];
|
char *optarg = (char *) argv[i + 1];
|
||||||
@ -346,7 +343,8 @@ int scldap_add_entry(scldap_context * ctx, const char *entry)
|
|||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
CHECK_CTX(ctx, 0);
|
if (!ctx)
|
||||||
|
return 0;
|
||||||
if (entry) {
|
if (entry) {
|
||||||
for (i = 0; i < ctx->entries; i++) {
|
for (i = 0; i < ctx->entries; i++) {
|
||||||
if (!ctx->entry[i].entry) {
|
if (!ctx->entry[i].entry) {
|
||||||
@ -372,7 +370,8 @@ int scldap_get_entry(scldap_context * ctx, const char *entry)
|
|||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
CHECK_CTX(ctx, 0);
|
if (!ctx)
|
||||||
|
return 0;
|
||||||
if (entry) {
|
if (entry) {
|
||||||
for (i = 0; i < ctx->entries; i++) {
|
for (i = 0; i < ctx->entries; i++) {
|
||||||
if (ctx->entry[i].entry) {
|
if (ctx->entry[i].entry) {
|
||||||
@ -389,7 +388,8 @@ void scldap_set_entry(scldap_context * ctx, const char *entry)
|
|||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
CHECK_CTX_VOID(ctx);
|
if (!ctx)
|
||||||
|
return;
|
||||||
if (entry) {
|
if (entry) {
|
||||||
for (i = 0; i < ctx->entries; i++) {
|
for (i = 0; i < ctx->entries; i++) {
|
||||||
if (ctx->entry[i].entry) {
|
if (ctx->entry[i].entry) {
|
||||||
@ -406,7 +406,8 @@ void scldap_remove_entry(scldap_context * ctx, const char *entry)
|
|||||||
{
|
{
|
||||||
int i, j;
|
int i, j;
|
||||||
|
|
||||||
CHECK_CTX_VOID(ctx);
|
if (!ctx)
|
||||||
|
return;
|
||||||
if (entry) {
|
if (entry) {
|
||||||
for (i = 0; i < ctx->entries; i++) {
|
for (i = 0; i < ctx->entries; i++) {
|
||||||
if (ctx->entry[i].entry) {
|
if (ctx->entry[i].entry) {
|
||||||
@ -455,7 +456,8 @@ void scldap_remove_entry(scldap_context * ctx, const char *entry)
|
|||||||
|
|
||||||
int scldap_is_valid_url(const char *url)
|
int scldap_is_valid_url(const char *url)
|
||||||
{
|
{
|
||||||
CHECK_CTX(url, 0);
|
if (!url)
|
||||||
|
return 0;
|
||||||
return ldap_is_ldap_url((char *) url);
|
return ldap_is_ldap_url((char *) url);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -472,56 +474,56 @@ int scldap_url_to_entry(scldap_context * ctx, const char *entry, const char *url
|
|||||||
switch (rv) {
|
switch (rv) {
|
||||||
#ifdef LDAP_URL_ERR_BADSCHEME
|
#ifdef LDAP_URL_ERR_BADSCHEME
|
||||||
case LDAP_URL_ERR_BADSCHEME:
|
case LDAP_URL_ERR_BADSCHEME:
|
||||||
log_messagex(L_DEBUG, "Not an LDAP URL: %s", url);
|
fprintf(stderr, "Not an LDAP URL: %s", url);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#ifdef LDAP_URL_ERR_BADENCLOSURE
|
#ifdef LDAP_URL_ERR_BADENCLOSURE
|
||||||
case LDAP_URL_ERR_BADENCLOSURE:
|
case LDAP_URL_ERR_BADENCLOSURE:
|
||||||
log_messagex(L_DEBUG, "Bad Enclosure in URL: %s", url);
|
fprintf(stderr, "Bad enclosure in URL: %s", url);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#ifdef LDAP_URL_ERR_BADURL
|
#ifdef LDAP_URL_ERR_BADURL
|
||||||
case LDAP_URL_ERR_BADURL:
|
case LDAP_URL_ERR_BADURL:
|
||||||
log_messagex(L_DEBUG, "Bad URL: %s", url);
|
fprintf(stderr, "Bad URL: %s", url);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#ifdef LDAP_URL_ERR_BADHOST
|
#ifdef LDAP_URL_ERR_BADHOST
|
||||||
case LDAP_URL_ERR_BADHOST:
|
case LDAP_URL_ERR_BADHOST:
|
||||||
log_messagex(L_DEBUG, "Host is invalid in URL: %s", url);
|
fprintf(stderr, "Host is invalid in URL: %s", url);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#ifdef LDAP_URL_ERR_BADATTRS
|
#ifdef LDAP_URL_ERR_BADATTRS
|
||||||
case LDAP_URL_ERR_BADATTRS:
|
case LDAP_URL_ERR_BADATTRS:
|
||||||
log_messagex(L_DEBUG, "Attributes are invalid in URL: %s", url);
|
fprintf(stderr, "Attributes are invalid in URL: %s", url);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#ifdef LDAP_URL_ERR_BADSCOPE
|
#ifdef LDAP_URL_ERR_BADSCOPE
|
||||||
case LDAP_URL_ERR_BADSCOPE:
|
case LDAP_URL_ERR_BADSCOPE:
|
||||||
log_messagex(L_DEBUG, "Scope is invalid in URL: %s", url);
|
fprintf(stderr, "Scope is invalid in URL: %s", url);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#ifdef LDAP_URL_ERR_BADFILTER
|
#ifdef LDAP_URL_ERR_BADFILTER
|
||||||
case LDAP_URL_ERR_BADFILTER:
|
case LDAP_URL_ERR_BADFILTER:
|
||||||
log_messagex(L_DEBUG, "Filter is invalid in URL: %s", url);
|
fprintf(stderr, "Filter is invalid in URL: %s", url);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#ifdef LDAP_URL_ERR_BADEXTS
|
#ifdef LDAP_URL_ERR_BADEXTS
|
||||||
case LDAP_URL_ERR_BADEXTS:
|
case LDAP_URL_ERR_BADEXTS:
|
||||||
log_messagex(L_DEBUG, "Extensions are invalid in URL: %s", url);
|
fprintf(stderr, "Extensions are invalid in URL: %s", url);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#ifdef LDAP_URL_ERR_MEM
|
#ifdef LDAP_URL_ERR_MEM
|
||||||
case LDAP_URL_ERR_MEM:
|
case LDAP_URL_ERR_MEM:
|
||||||
log_messagex(L_DEBUG, "Out of memory parsing URL: %s", url);
|
fprintf(stderr, "Out of memory parsing URL: %s", url);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#ifdef LDAP_URL_ERR_PARAM
|
#ifdef LDAP_URL_ERR_PARAM
|
||||||
case LDAP_URL_ERR_PARAM:
|
case LDAP_URL_ERR_PARAM:
|
||||||
log_messagex(L_DEBUG, "bad parameter parsing URL: %s", url);
|
fprintf(stderr, "Bad parameter parsing URL: %s", url);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
default:
|
default:
|
||||||
log_messagex(L_DEBUG, "Unknown error %d parsing URL: %s", rv, url);
|
fprintf(stderr, "Unknown error %d parsing URL: %s", rv, url);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
return -1;
|
return -1;
|
||||||
@ -706,7 +708,6 @@ static void scldap_get_result(LDAP * ld, LDAPMessage * res, scldap_param_entry *
|
|||||||
result->results++; \
|
result->results++; \
|
||||||
result->result = (scldap_result_entry *) realloc(result->result, (result->results + 2) * sizeof(scldap_result_entry)); \
|
result->result = (scldap_result_entry *) realloc(result->result, (result->results + 2) * sizeof(scldap_result_entry)); \
|
||||||
memset(&result->result[result->results], 0, sizeof(scldap_result_entry)); \
|
memset(&result->result[result->results], 0, sizeof(scldap_result_entry)); \
|
||||||
log_messagex(L_DEBUG, "ADD: %s[%li]\n", result->result[result->results].name, result->result[result->results].datalen); \
|
|
||||||
} \
|
} \
|
||||||
}
|
}
|
||||||
if (attrsonly) {
|
if (attrsonly) {
|
||||||
@ -721,7 +722,6 @@ static void scldap_get_result(LDAP * ld, LDAPMessage * res, scldap_param_entry *
|
|||||||
}
|
}
|
||||||
} else if ((bvals = ldap_get_values_len(ld, res, name))) {
|
} else if ((bvals = ldap_get_values_len(ld, res, name))) {
|
||||||
for (i = 0; bvals[i]; i++) {
|
for (i = 0; bvals[i]; i++) {
|
||||||
log_messagex(L_DEBUG, "scldap_get_result: %s[%li]\n", name, bvals[i]->bv_len);
|
|
||||||
if (param->numattrs) {
|
if (param->numattrs) {
|
||||||
for (j = 0; j < param->numattrs; j++) {
|
for (j = 0; j < param->numattrs; j++) {
|
||||||
if (!strncasecmp(param->attributes[j], name, strlen(param->attributes[j]))) {
|
if (!strncasecmp(param->attributes[j], name, strlen(param->attributes[j]))) {
|
||||||
@ -802,7 +802,7 @@ int scldap_search(scldap_context * ctx, const char *entry,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (pattern)
|
if (pattern)
|
||||||
log_messagex(L_DEBUG, "pattern: %s\n", pattern);
|
fprintf(stderr, "pattern: %s\n", pattern);
|
||||||
if (ldap_search(ld, ctx->entry[entrynum].base, ctx->entry[entrynum].scope, pattern, ctx->entry[entrynum].attributes, ctx->entry[entrynum].attrsonly) == -1) {
|
if (ldap_search(ld, ctx->entry[entrynum].base, ctx->entry[entrynum].scope, pattern, ctx->entry[entrynum].attributes, ctx->entry[entrynum].attrsonly) == -1) {
|
||||||
ldap_perror(ld, "ldap_search");
|
ldap_perror(ld, "ldap_search");
|
||||||
if (pattern)
|
if (pattern)
|
||||||
@ -856,7 +856,6 @@ void scldap_free_result(scldap_result * result)
|
|||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
CHECK_CTX_VOID(result);
|
|
||||||
if (result) {
|
if (result) {
|
||||||
for (i = 0; i < result->results; i++) {
|
for (i = 0; i < result->results; i++) {
|
||||||
if (result->result[i].name) {
|
if (result->result[i].name) {
|
||||||
|
@ -146,7 +146,7 @@ int main(int argc, char **argv)
|
|||||||
if (verbose > 2)
|
if (verbose > 2)
|
||||||
scldap_show_parameters(lctx);
|
scldap_show_parameters(lctx);
|
||||||
if (scldap_search(lctx, entry, &lresult, 0, searchword) < 0) {
|
if (scldap_search(lctx, entry, &lresult, 0, searchword) < 0) {
|
||||||
log_message("scldap_search failed.\n");
|
fprintf(stderr, "scldap_search failed.\n");
|
||||||
scldap_free_parameters(lctx);
|
scldap_free_parameters(lctx);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
@ -22,6 +22,7 @@
|
|||||||
#ifdef HAVE_CONFIG_H
|
#ifdef HAVE_CONFIG_H
|
||||||
#include <config.h>
|
#include <config.h>
|
||||||
#endif
|
#endif
|
||||||
|
#include <stdio.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
@ -31,7 +32,9 @@
|
|||||||
#include <sys/un.h>
|
#include <sys/un.h>
|
||||||
#include <sys/socket.h>
|
#include <sys/socket.h>
|
||||||
#include <netinet/in.h>
|
#include <netinet/in.h>
|
||||||
|
#ifdef HAVE_OPENSSL
|
||||||
#include <openssl/rand.h>
|
#include <openssl/rand.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
static ssize_t atomicio(ssize_t(*f) (), int fd, void *_s, size_t n)
|
static ssize_t atomicio(ssize_t(*f) (), int fd, void *_s, size_t n)
|
||||||
{
|
{
|
||||||
@ -111,12 +114,12 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
|
|||||||
#if defined(RANDOM_POOL)
|
#if defined(RANDOM_POOL)
|
||||||
fd = open(RANDOM_POOL, O_RDONLY);
|
fd = open(RANDOM_POOL, O_RDONLY);
|
||||||
if (fd == -1) {
|
if (fd == -1) {
|
||||||
log_message("Couldn't open random pool \"%s\": %s\n",
|
fprintf(stderr, "Couldn't open random pool \"%s\": %s\n",
|
||||||
RANDOM_POOL, strerror(errno));
|
RANDOM_POOL, strerror(errno));
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (atomicio(read, fd, buf, len) != len) {
|
if (atomicio(read, fd, buf, len) != len) {
|
||||||
log_message("Couldn't read from random pool \"%s\": %s\n",
|
fprintf(stderr, "Couldn't read from random pool \"%s\": %s\n",
|
||||||
RANDOM_POOL, strerror(errno));
|
RANDOM_POOL, strerror(errno));
|
||||||
close(fd);
|
close(fd);
|
||||||
return 0;
|
return 0;
|
||||||
@ -132,11 +135,11 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
|
|||||||
memset(&addr, '\0', sizeof(addr));
|
memset(&addr, '\0', sizeof(addr));
|
||||||
/* Sanity checks */
|
/* Sanity checks */
|
||||||
if (sizeof(PRNGD_SOCKET) > sizeof(addr.sun_path)) {
|
if (sizeof(PRNGD_SOCKET) > sizeof(addr.sun_path)) {
|
||||||
log_message("Random pool path is too long");
|
fprintf(stderr, "Random pool path is too long");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (len > 255) {
|
if (len > 255) {
|
||||||
log_message("Too many bytes to read from PRNGD");
|
fprintf(stderr, "Too many bytes to read from PRNGD");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
addr.sun_family = AF_UNIX;
|
addr.sun_family = AF_UNIX;
|
||||||
@ -148,11 +151,11 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
|
|||||||
reopen:
|
reopen:
|
||||||
fd = socket(addr.sun_family, SOCK_STREAM, 0);
|
fd = socket(addr.sun_family, SOCK_STREAM, 0);
|
||||||
if (fd == -1) {
|
if (fd == -1) {
|
||||||
log_message("Couldn't create AF_UNIX socket: %s\n", strerror(errno));
|
fprintf(stderr, "Couldn't create AF_UNIX socket: %s\n", strerror(errno));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
if (connect(fd, (struct sockaddr *) &addr, addr_len) == -1) {
|
if (connect(fd, (struct sockaddr *) &addr, addr_len) == -1) {
|
||||||
log_message("Couldn't connect to PRNGD socket \"%s\": %s\n",
|
fprintf(stderr, "Couldn't connect to PRNGD socket \"%s\": %s\n",
|
||||||
addr.sun_path, strerror(errno));
|
addr.sun_path, strerror(errno));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
@ -166,7 +169,7 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
|
|||||||
errors++;
|
errors++;
|
||||||
goto reopen;
|
goto reopen;
|
||||||
}
|
}
|
||||||
log_message("Couldn't write to PRNGD socket: %s\n",
|
fprintf(stderr, "Couldn't write to PRNGD socket: %s\n",
|
||||||
strerror(errno));
|
strerror(errno));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
@ -176,7 +179,7 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
|
|||||||
errors++;
|
errors++;
|
||||||
goto reopen;
|
goto reopen;
|
||||||
}
|
}
|
||||||
log_message("Couldn't read from PRNGD socket: %s\n",
|
fprintf(stderr, "Couldn't read from PRNGD socket: %s\n",
|
||||||
strerror(errno));
|
strerror(errno));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
@ -204,11 +207,11 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
|
|||||||
reopen:
|
reopen:
|
||||||
fd = socket(addr.sin_family, SOCK_STREAM, 0);
|
fd = socket(addr.sin_family, SOCK_STREAM, 0);
|
||||||
if (fd == -1) {
|
if (fd == -1) {
|
||||||
log_message("Couldn't create AF_INET socket: %s\n", strerror(errno));
|
fprintf(stderr, "Couldn't create AF_INET socket: %s\n", strerror(errno));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
if (connect(fd, (struct sockaddr *) &addr, addr_len) == -1) {
|
if (connect(fd, (struct sockaddr *) &addr, addr_len) == -1) {
|
||||||
log_message("Couldn't connect to PRNGD port %d: %s\n",
|
fprintf(stderr, "Couldn't connect to PRNGD port %d: %s\n",
|
||||||
PRNGD_PORT, strerror(errno));
|
PRNGD_PORT, strerror(errno));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
@ -222,7 +225,7 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
|
|||||||
errors++;
|
errors++;
|
||||||
goto reopen;
|
goto reopen;
|
||||||
}
|
}
|
||||||
log_message("Couldn't write to PRNGD socket: %s\n",
|
fprintf(stderr, "Couldn't write to PRNGD socket: %s\n",
|
||||||
strerror(errno));
|
strerror(errno));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
@ -232,7 +235,7 @@ static int scrandom_get_bytes(unsigned char *buf, int len)
|
|||||||
errors++;
|
errors++;
|
||||||
goto reopen;
|
goto reopen;
|
||||||
}
|
}
|
||||||
log_message("Couldn't read from PRNGD socket: %s\n",
|
fprintf(stderr, "Couldn't read from PRNGD socket: %s\n",
|
||||||
strerror(errno));
|
strerror(errno));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
@ -257,10 +260,9 @@ static int scrandom_seed_generator(void)
|
|||||||
#ifdef HAVE_OPENSSL
|
#ifdef HAVE_OPENSSL
|
||||||
unsigned char buf[32];
|
unsigned char buf[32];
|
||||||
|
|
||||||
log_messagex(L_DEBUG, "Seeding random number generator");
|
|
||||||
if (!scrandom_get_bytes(buf, sizeof(buf))) {
|
if (!scrandom_get_bytes(buf, sizeof(buf))) {
|
||||||
if (!RAND_status()) {
|
if (!RAND_status()) {
|
||||||
log_message("Entropy collection failed and entropy exhausted");
|
fprintf(stderr, "Entropy collection failed and entropy exhausted\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
libdir = ${prefix}/lib/security
|
libdir = ${prefix}/lib/security
|
||||||
|
|
||||||
INCLUDES = @CFLAGS_PCSC@ @CFLAGS_SSP@ @CFLAGS_OPENSC@ -I../scam -I../scconf -I../scrandom -I../scldap
|
INCLUDES = @CFLAGS_PCSC@ @CFLAGS_OPENSC@ -I../scam -I../scconf -I../scrandom -I../scldap
|
||||||
|
|
||||||
if HAVE_LDAP
|
if HAVE_LDAP
|
||||||
LDAP_LTLIBS = @LIBSCLDAP@
|
LDAP_LTLIBS = @LIBSCLDAP@
|
||||||
@ -10,9 +10,9 @@ else
|
|||||||
LDAP_LTLIBS =
|
LDAP_LTLIBS =
|
||||||
endif
|
endif
|
||||||
|
|
||||||
LDFLAGS = @LDFLAGS@ @LIBDL@ @LIBSCRANDOM@ $(LDAP_LTLIBS) @LIBSSP@ @LIBOPENSC@
|
LDFLAGS = @LDFLAGS@ @LIBDL@ @LIBSCRANDOM@ $(LDAP_LTLIBS) @LIBOPENSC@
|
||||||
|
|
||||||
AUTHSRC = ../scam/scam.c ../scam/scam.h ../scam/sp.c ../scam/p15_eid.c ../scam/p15_ldap.c
|
AUTHSRC = ../scam/scam.c ../scam/scam.h ../scam/p15_eid.c ../scam/p15_ldap.c
|
||||||
SRC = $(AUTHSRC) sia_opensc.c sia_support.c sia_support.h
|
SRC = $(AUTHSRC) sia_opensc.c sia_support.c sia_support.h
|
||||||
|
|
||||||
if HAVE_SIA
|
if HAVE_SIA
|
||||||
|
Loading…
Reference in New Issue
Block a user