diff options
Diffstat (limited to 'server')
40 files changed, 7397 insertions, 5 deletions
diff --git a/server/Makefile.am b/server/Makefile.am index 21ae79ae3..eeb8cfef6 100644 --- a/server/Makefile.am +++ b/server/Makefile.am @@ -17,6 +17,8 @@ sssdapiplugindir = $(sssdconfdir)/sssd.api.d dbusintrospectdir = $(datarootdir)/sssd/introspect dbuspolicydir = $(sysconfdir)/dbus-1/system.d localedir = @localedir@ +nsslibdir = @nsslibdir@ +pamlibdir = $(nsslibdir)/security dbpath = @dbpath@ pluginpath = @pluginpath@ @@ -179,6 +181,7 @@ AM_CPPFLAGS = -Wall \ -Iinclude \ -I.. \ -I$(srcdir)/include \ + -I$(srcdir)/sss_client \ -Iinclude \ -I. \ $(POPT_CFLAGS) \ @@ -619,6 +622,42 @@ stress_tests_SOURCES = \ stress_tests_LDADD = \ $(SSSD_LIBS) +noinst_PROGRAMS = pam_test_client +pam_test_client_SOURCES = sss_client/pam_test_client.c +pam_test_client_LDFLAGS = -lpam -lpam_misc + +#################### +# Client Libraries # +#################### + +nsslib_LTLIBRARIES = libnss_sss.la +libnss_sss_la_SOURCES = \ + sss_client/common.c \ + sss_client/passwd.c \ + sss_client/group.c \ + sss_client/sss_cli.h +libnss_sss_la_LDFLAGS = \ + -module \ + -version-info 2:0:0 \ + -Wl,--version-script,$(srcdir)/sss_client/sss_nss.exports + +pamlib_LTLIBRARIES = pam_sss.la +pam_sss_la_SOURCES = \ + sss_client/pam_sss.c \ + sss_client/common.c \ + sss_client/sss_cli.h \ + sss_client/sss_pam_macros.h + +pam_sss_la_LDFLAGS = \ + -lpam \ + -module \ + -avoid-version \ + -Wl,--version-script,$(srcdir)/sss_client/sss_pam.exports + +dist_noinst_DATA += \ + sss_client/sss_nss.exports \ + sss_client/sss_pam.exports + #################### # Plugin Libraries # #################### @@ -799,7 +838,7 @@ dist_man_MANS = man/sss_useradd.8 man/sss_userdel.8 man/sss_usermod.8 \ man/sss_groupadd.8 man/sss_groupdel.8 man/sss_groupmod.8 \ man/sssd.8 man/sssd.conf.5 man/sssd-ldap.5 man/sssd-krb5.5 \ man/sssd-ipa.5 man/sssd_krb5_locator_plugin.8 \ - man/sss_groupshow.8 + man/sss_groupshow.8 sss_client/man/pam_sss.8 SUFFIXES = .1.xml .1 .3.xml .3 .5.xml .5 .8.xml .8 .1.xml.1: @@ -881,6 +920,11 @@ install-exec-hook: installsssddirs fi mkdir -p doc $(DESTDIR)/$(docdir); cp -a doc $(DESTDIR)/$(docdir)/ +install-data-hook: + rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \ + $(DESTDIR)/$(nsslibdir)/libnss_sss.so + mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 + uninstall-hook: if [ -f $(abs_builddir)/config/.files ]; then \ cat $(abs_builddir)/config/.files | xargs -iq rm -f $(DESTDIR)/q; \ diff --git a/server/configure.ac b/server/configure.ac index f24debb69..4198ee952 100644 --- a/server/configure.ac +++ b/server/configure.ac @@ -43,6 +43,19 @@ AC_CHECK_TYPES([errno_t], [], [], [[#include <errno.h>]]) m4_include([build_macros.m4]) BUILD_WITH_SHARED_BUILD_DIR +#Check for PAM headers +AC_CHECK_HEADERS([security/pam_appl.h security/pam_misc.h security/pam_modules.h], + [AC_CHECK_LIB(pam, pam_get_item, [ PAM_LIBS="-lpam" ], [AC_MSG_ERROR([PAM must support pam_get_item])])], + [AC_MSG_ERROR([PAM development libraries not installed])] +) + +#Set the NSS library install path +AC_ARG_ENABLE([nsslibdir], [AS_HELP_STRING([--enable-nsslibdir], + [Where to install nss libraries ($libdir)])], + [nsslibdir=$enableval], + [nsslibdir=$libdir]) +AC_SUBST(nsslibdir) + m4_include(conf_macros.m4) WITH_DB_PATH WITH_PLUGIN_PATH diff --git a/server/po/POTFILES.in b/server/po/POTFILES.in index 2dacfe8bb..e317161f0 100644 --- a/server/po/POTFILES.in +++ b/server/po/POTFILES.in @@ -9,3 +9,8 @@ tools/tools_util.h tools/sss_useradd.c tools/sss_groupadd.c tools/sss_usermod.c +sss_client/common.c +sss_client/group.c +sss_client/pam_sss.c +sss_client/pam_test_client.c +sss_client/passwd.c diff --git a/server/providers/data_provider.h b/server/providers/data_provider.h index c52466238..76ba4cffb 100644 --- a/server/providers/data_provider.h +++ b/server/providers/data_provider.h @@ -34,7 +34,7 @@ #include "dbus/dbus.h" #include "sbus/sssd_dbus.h" #include "sbus/sbus_client.h" -#include "../sss_client/sss_cli.h" +#include "sss_client/sss_cli.h" #define DATA_PROVIDER_VERSION 0x0001 #define DATA_PROVIDER_SERVICE_NAME "dp" diff --git a/server/responder/common/responder.h b/server/responder/common/responder.h index 9294f4022..ea6ba5831 100644 --- a/server/responder/common/responder.h +++ b/server/responder/common/responder.h @@ -31,7 +31,7 @@ #include "ldb.h" #include "dhash.h" #include "sbus/sssd_dbus.h" -#include "../sss_client/sss_cli.h" +#include "sss_client/sss_cli.h" extern hash_table_t *dp_requests; diff --git a/server/responder/common/responder_packet.h b/server/responder/common/responder_packet.h index e98707a63..2bfdc8a32 100644 --- a/server/responder/common/responder_packet.h +++ b/server/responder/common/responder_packet.h @@ -22,7 +22,7 @@ #ifndef __SSSSRV_PACKET_H__ #define __SSSSRV_PACKET_H__ -#include "../sss_client/sss_cli.h" +#include "sss_client/sss_cli.h" #define SSS_PACKET_MAX_RECV_SIZE 1024 diff --git a/server/sss_client/Makefile.am b/server/sss_client/Makefile.am new file mode 100644 index 000000000..b430af6b7 --- /dev/null +++ b/server/sss_client/Makefile.am @@ -0,0 +1,88 @@ +SUBDIRS = po + +pipepath=@pipepath@ +localedir = @localedir@ + +topdir=. +AM_CPPFLAGS = \ + -I$(topdir) \ + -DLOCALEDIR=\"$(localedir)\" \ + -DSSS_NSS_SOCKET_NAME=\"$(pipepath)/nss\" \ + -DSSS_PAM_SOCKET_NAME=\"$(pipepath)/pam\" \ + -DSSS_PAM_PRIV_SOCKET_NAME=\"$(pipepath)/private/pam\" +ACLOCAL_AMFLAGS = -I m4 + +AM_CFLAGS = +if WANT_AUX_INFO + AM_CFLAGS += -aux-info $@.X +endif + +if HAVE_GCC + AM_CFLAGS += -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith \ + -Wcast-qual -Wcast-align -Wwrite-strings +endif + +nsslibdir = @nsslibdir@ +pamlibdir = $(nsslibdir)/security + +nsslib_LTLIBRARIES = libnss_sss.la +pamlib_LTLIBRARIES = pam_sss.la + +libnss_sss_la_SOURCES = \ + common.c \ + passwd.c \ + group.c \ + sss_cli.h +libnss_sss_la_LDFLAGS = \ + -module \ + -version-info 2:0:0 \ + -Wl,--version-script,$(srcdir)/sss_nss.exports + +pam_sss_la_SOURCES = \ + pam_sss.c \ + common.c \ + sss_cli.h \ + sss_pam_macros.h + +pam_sss_la_LDFLAGS = \ + -lpam \ + -module \ + -avoid-version \ + -Wl,--version-script,$(srcdir)/sss_pam.exports + +noinst_PROGRAMS = pam_test_client +pam_test_client_SOURCES = pam_test_client.c +pam_test_client_LDFLAGS = -lpam -lpam_misc + + +EXTRA_DIST = build/config.rpath +dist_noinst_DATA = \ + sss_nss.exports \ + sss_pam.exports \ + m4 + +install-data-hook: + rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \ + $(DESTDIR)/$(nsslibdir)/libnss_sss.so + mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 + +############ +# MANPAGES # +############ + +#Special Rules: +export SGML_CATALOG_FILES +DOCBOOK_XSLT = http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl +XMLLINT_FLAGS = --catalogs --postvalid --nonet --xinclude --noout +XSLTPROC_FLAGS = --catalogs --xinclude --nonet + +dist_man_MANS = man/pam_sss.8 + +SUFFIXES = .8.xml .8 +.8.xml.8: + $(XMLLINT) $(XMLLINT_FLAGS) $< + $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< +CLEANFILES = *.X + +tests: all $(check_PROGRAMS) + diff --git a/server/sss_client/autogen.sh b/server/sss_client/autogen.sh new file mode 100755 index 000000000..bf84eeee1 --- /dev/null +++ b/server/sss_client/autogen.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +rm -rf autom4te.cache +rm -f configure config.h.in + +IPATHS="-I libreplace -I lib/replace -I ../libreplace -I ../replace" +autoconf $IPATHS || exit 1 +autoheader $IPATHS || exit 1 + +rm -rf autom4te.cache + +echo "Now run ./configure and then make." +exit 0 + diff --git a/server/sss_client/common.c b/server/sss_client/common.c new file mode 100644 index 000000000..6732c24fc --- /dev/null +++ b/server/sss_client/common.c @@ -0,0 +1,669 @@ +/* + * System Security Services Daemon. NSS client interface + * + * Copyright (C) Simo Sorce 2007 + * + * Winbind derived code: + * Copyright (C) Tim Potter 2000 + * Copyright (C) Andrew Tridgell 2000 + * Copyright (C) Andrew Bartlett 2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include <nss.h> +#include <security/pam_modules.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/un.h> +#include <sys/stat.h> +#include <unistd.h> +#include <stdlib.h> +#include <stdint.h> +#include <string.h> +#include <fcntl.h> +#include <poll.h> +#include "sss_cli.h" + +/* common functions */ + +int sss_cli_sd = -1; /* the sss client socket descriptor */ + +static void sss_cli_close_socket(void) +{ + if (sss_cli_sd != -1) { + close(sss_cli_sd); + sss_cli_sd = -1; + } +} + +/* Requests: + * + * byte 0-3: 32bit unsigned with length (the complete packet length: 0 to X) + * byte 4-7: 32bit unsigned with command code + * byte 8-11: 32bit unsigned (reserved) + * byte 12-15: 32bit unsigned (reserved) + * byte 16-X: (optional) request structure associated to the command code used + */ +static enum nss_status sss_nss_send_req(enum sss_cli_command cmd, + struct sss_cli_req_data *rd, + int *errnop) +{ + uint32_t header[4]; + size_t datasent; + + header[0] = SSS_NSS_HEADER_SIZE + (rd?rd->len:0); + header[1] = cmd; + header[2] = 0; + header[3] = 0; + + datasent = 0; + + while (datasent < header[0]) { + struct pollfd pfd; + int rdsent; + int res, error; + + *errnop = 0; + pfd.fd = sss_cli_sd; + pfd.events = POLLOUT; + + do { + errno = 0; + res = poll(&pfd, 1, SSS_CLI_SOCKET_TIMEOUT); + error = errno; + + /* If error is EINTR here, we'll try again + * If it's any other error, we'll catch it + * below. + */ + } while (error == EINTR); + + switch (res) { + case -1: + *errnop = error; + break; + case 0: + *errnop = ETIME; + break; + case 1: + if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { + *errnop = EPIPE; + } + if (!(pfd.revents & POLLOUT)) { + *errnop = EBUSY; + } + break; + default: /* more than one avail ?? */ + *errnop = EBADF; + break; + } + if (*errnop) { + sss_cli_close_socket(); + return NSS_STATUS_UNAVAIL; + } + + if (datasent < SSS_NSS_HEADER_SIZE) { + res = write(sss_cli_sd, + (char *)header + datasent, + SSS_NSS_HEADER_SIZE - datasent); + } else { + rdsent = datasent - SSS_NSS_HEADER_SIZE; + res = write(sss_cli_sd, + (const char *)rd->data + rdsent, + rd->len - rdsent); + } + + if ((res == -1) || (res == 0)) { + + /* Write failed */ + sss_cli_close_socket(); + *errnop = errno; + return NSS_STATUS_UNAVAIL; + } + + datasent += res; + } + + return NSS_STATUS_SUCCESS; +} + +/* Replies: + * + * byte 0-3: 32bit unsigned with length (the complete packet length: 0 to X) + * byte 4-7: 32bit unsigned with command code + * byte 8-11: 32bit unsigned with the request status (server errno) + * byte 12-15: 32bit unsigned (reserved) + * byte 16-X: (optional) reply structure associated to the command code used + */ + +static enum nss_status sss_nss_recv_rep(enum sss_cli_command cmd, + uint8_t **buf, int *len, + int *errnop) +{ + uint32_t header[4]; + size_t datarecv; + + header[0] = SSS_NSS_HEADER_SIZE; /* unitl we know the real lenght */ + header[1] = 0; + header[2] = 0; + header[3] = 0; + + datarecv = 0; + *buf = NULL; + *len = 0; + *errnop = 0; + + while (datarecv < header[0]) { + struct pollfd pfd; + int bufrecv; + int res, error; + + pfd.fd = sss_cli_sd; + pfd.events = POLLIN; + + do { + errno = 0; + res = poll(&pfd, 1, SSS_CLI_SOCKET_TIMEOUT); + error = errno; + + /* If error is EINTR here, we'll try again + * If it's any other error, we'll catch it + * below. + */ + } while (error == EINTR); + + switch (res) { + case -1: + *errnop = error; + break; + case 0: + *errnop = ETIME; + break; + case 1: + if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { + *errnop = EPIPE; + } + if (!(pfd.revents & POLLIN)) { + *errnop = EBUSY; + } + break; + default: /* more than one avail ?? */ + *errnop = EBADF; + break; + } + if (*errnop) { + sss_cli_close_socket(); + return NSS_STATUS_UNAVAIL; + } + + if (datarecv < SSS_NSS_HEADER_SIZE) { + res = read(sss_cli_sd, + (char *)header + datarecv, + SSS_NSS_HEADER_SIZE - datarecv); + } else { + bufrecv = datarecv - SSS_NSS_HEADER_SIZE; + res = read(sss_cli_sd, + (char *)(*buf) + bufrecv, + header[0] - datarecv); + } + + if ((res == -1) || (res == 0)) { + + /* Read failed. I think the only useful thing + * we can do here is just return -1 and fail + * since the transaction has failed half way + * through. */ + + sss_cli_close_socket(); + *errnop = errno; + return NSS_STATUS_UNAVAIL; + } + + datarecv += res; + + if (datarecv == SSS_NSS_HEADER_SIZE && *len == 0) { + /* at this point recv buf is not yet + * allocated and the header has just + * been read, do checks and proceed */ + if (header[2] != 0) { + /* server side error */ + sss_cli_close_socket(); + *errnop = header[2]; + if (*errnop == EAGAIN) { + return NSS_STATUS_TRYAGAIN; + } else { + return NSS_STATUS_UNAVAIL; + } + } + if (header[1] != cmd) { + /* wrong command id */ + sss_cli_close_socket(); + *errnop = EBADMSG; + return NSS_STATUS_UNAVAIL; + } + if (header[0] > SSS_NSS_HEADER_SIZE) { + *len = header[0] - SSS_NSS_HEADER_SIZE; + *buf = malloc(*len); + if (!*buf) { + sss_cli_close_socket(); + *errnop = ENOMEM; + return NSS_STATUS_UNAVAIL; + } + } + } + } + + return NSS_STATUS_SUCCESS; +} + +/* this function will check command codes match and returned length is ok */ +/* repbuf and replen report only the data section not the header */ +static enum nss_status sss_nss_make_request_nochecks( + enum sss_cli_command cmd, + struct sss_cli_req_data *rd, + uint8_t **repbuf, size_t *replen, + int *errnop) +{ + enum nss_status ret; + uint8_t *buf = NULL; + int len = 0; + + /* send data */ + ret = sss_nss_send_req(cmd, rd, errnop); + if (ret != NSS_STATUS_SUCCESS) { + return ret; + } + + /* data sent, now get reply */ + ret = sss_nss_recv_rep(cmd, &buf, &len, errnop); + if (ret != NSS_STATUS_SUCCESS) { + return ret; + } + + /* we got through, now we have the custom data in buf if any, + * return it if requested */ + if (repbuf && buf) { + *repbuf = buf; + if (replen) { + *replen = len; + } + } else { + free(buf); + if (replen) { + *replen = 0; + } + } + + return NSS_STATUS_SUCCESS; +} + +/* GET_VERSION Reply: + * 0-3: 32bit unsigned version number + */ + +static int sss_nss_check_version(const char *socket_name) +{ + uint8_t *repbuf; + size_t replen; + enum nss_status nret; + int errnop; + int res = NSS_STATUS_UNAVAIL; + uint32_t expected_version; + struct sss_cli_req_data req; + + if (strcmp(socket_name, SSS_NSS_SOCKET_NAME) == 0) { + expected_version = SSS_NSS_PROTOCOL_VERSION; + } else if (strcmp(socket_name, SSS_PAM_SOCKET_NAME) == 0 || + strcmp(socket_name, SSS_PAM_PRIV_SOCKET_NAME) == 0) { + expected_version = SSS_PAM_PROTOCOL_VERSION; + } else { + return NSS_STATUS_UNAVAIL; + } + + req.len = sizeof(expected_version); + req.data = &expected_version; + + nret = sss_nss_make_request_nochecks(SSS_GET_VERSION, &req, + &repbuf, &replen, &errnop); + if (nret != NSS_STATUS_SUCCESS) { + return nret; + } + + if (!repbuf) { + return res; + } + + if (((uint32_t *)repbuf)[0] == expected_version) { + res = NSS_STATUS_SUCCESS; + } + + free(repbuf); + return res; +} + +/* this 2 functions are adapted from samba3 winbinbd's wb_common.c */ + +/* Make sure socket handle isn't stdin (0), stdout(1) or stderr(2) by setting + * the limit to 3 */ +#define RECURSION_LIMIT 3 + +static int make_nonstd_fd_internals(int fd, int limit) +{ + int new_fd; + if (fd >= 0 && fd <= 2) { +#ifdef F_DUPFD + if ((new_fd = fcntl(fd, F_DUPFD, 3)) == -1) { + return -1; + } + /* Paranoia */ + if (new_fd < 3) { + close(new_fd); + return -1; + } + close(fd); + return new_fd; +#else + if (limit <= 0) + return -1; + + new_fd = dup(fd); + if (new_fd == -1) + return -1; + + /* use the program stack to hold our list of FDs to close */ + new_fd = make_nonstd_fd_internals(new_fd, limit - 1); + close(fd); + return new_fd; +#endif + } + return fd; +} + +/**************************************************************************** + Set a fd into blocking/nonblocking mode. Uses POSIX O_NONBLOCK if available, + else + if SYSV use O_NDELAY + if BSD use FNDELAY + Set close on exec also. +****************************************************************************/ + +static int make_safe_fd(int fd) +{ + int result, flags; + int new_fd = make_nonstd_fd_internals(fd, RECURSION_LIMIT); + if (new_fd == -1) { + close(fd); + return -1; + } + + /* Socket should be nonblocking. */ +#ifdef O_NONBLOCK +#define FLAG_TO_SET O_NONBLOCK +#else +#ifdef SYSV +#define FLAG_TO_SET O_NDELAY +#else /* BSD */ +#define FLAG_TO_SET FNDELAY +#endif +#endif + + if ((flags = fcntl(new_fd, F_GETFL)) == -1) { + close(new_fd); + return -1; + } + + flags |= FLAG_TO_SET; + if (fcntl(new_fd, F_SETFL, flags) == -1) { + close(new_fd); + return -1; + } + +#undef FLAG_TO_SET + + /* Socket should be closed on exec() */ +#ifdef FD_CLOEXEC + result = flags = fcntl(new_fd, F_GETFD, 0); + if (flags >= 0) { + flags |= FD_CLOEXEC; + result = fcntl( new_fd, F_SETFD, flags ); + } + if (result < 0) { + close(new_fd); + return -1; + } +#endif + return new_fd; +} + +static int sss_nss_open_socket(int *errnop, const char *socket_name) +{ + struct sockaddr_un nssaddr; + int inprogress = 1; + int wait_time, sleep_time; + int sd; + + memset(&nssaddr, 0, sizeof(struct sockaddr_un)); + nssaddr.sun_family = AF_UNIX; + strncpy(nssaddr.sun_path, socket_name, + strlen(socket_name) + 1); + + sd = socket(AF_UNIX, SOCK_STREAM, 0); + if (sd == -1) { + *errnop = errno; + return -1; + } + + /* set as non-blocking, close on exec, and make sure standard + * descriptors are not used */ + sd = make_safe_fd(sd); + if (sd == -1) { + *errnop = errno; + return -1; + } + + /* this piece is adapted from winbind client code */ + wait_time = 0; + sleep_time = 0; + while(inprogress) { + int connect_errno = 0; + socklen_t errnosize; + struct timeval tv; + fd_set w_fds; + int ret; + + wait_time += sleep_time; + + ret = connect(sd, (struct sockaddr *)&nssaddr, + sizeof(nssaddr)); + if (ret == 0) { + return sd; + } + + switch(errno) { + case EINPROGRESS: + FD_ZERO(&w_fds); + FD_SET(sd, &w_fds); + tv.tv_sec = SSS_CLI_SOCKET_TIMEOUT - wait_time; + tv.tv_usec = 0; + + ret = select(sd + 1, NULL, &w_fds, NULL, &tv); + + if (ret > 0) { + errnosize = sizeof(connect_errno); + ret = getsockopt(sd, SOL_SOCKET, SO_ERROR, + &connect_errno, &errnosize); + if (ret >= 0 && connect_errno == 0) { + return sd; + } + } + wait_time += SSS_CLI_SOCKET_TIMEOUT; + break; + case EAGAIN: + if (wait_time < SSS_CLI_SOCKET_TIMEOUT) { + sleep_time = rand() % 2 + 1; + sleep(sleep_time); + } + break; + default: + *errnop = errno; + inprogress = 0; + break; + } + + if (wait_time >= SSS_CLI_SOCKET_TIMEOUT) { + inprogress = 0; + } + } + + /* if we get here connect() failed or we timed out */ + + close(sd); + return -1; +} + +static enum sss_status sss_cli_check_socket(int *errnop, const char *socket_name) +{ + static pid_t mypid; + int mysd; + + if (getpid() != mypid) { + sss_cli_close_socket(); + mypid = getpid(); + } + + /* check if the socket has been closed on the other side */ + if (sss_cli_sd != -1) { + struct pollfd pfd; + int res, error; + + *errnop = 0; + pfd.fd = sss_cli_sd; + pfd.events = POLLIN | POLLOUT; + + do { + errno = 0; + res = poll(&pfd, 1, SSS_CLI_SOCKET_TIMEOUT); + error = errno; + + /* If error is EINTR here, we'll try again + * If it's any other error, we'll catch it + * below. + */ + } while (error == EINTR); + + switch (res) { + case -1: + *errnop = error; + break; + case 0: + *errnop = ETIME; + break; + case 1: + if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { + *errnop = EPIPE; + } + if (!(pfd.revents & (POLLIN | POLLOUT))) { + *errnop = EBUSY; + } + break; + default: /* more than one avail ?? */ + *errnop = EBADF; + break; + } + if (*errnop) { + sss_cli_close_socket(); + return SSS_STATUS_UNAVAIL; + } + + return SSS_STATUS_SUCCESS; + } + + mysd = sss_nss_open_socket(errnop, socket_name); + if (mysd == -1) { + return SSS_STATUS_UNAVAIL; + } + + sss_cli_sd = mysd; + + if (sss_nss_check_version(socket_name) == NSS_STATUS_SUCCESS) { + return SSS_STATUS_SUCCESS; + } + + sss_cli_close_socket(); + *errnop = EFAULT; + return SSS_STATUS_UNAVAIL; +} + +/* this function will check command codes match and returned length is ok */ +/* repbuf and replen report only the data section not the header */ +enum nss_status sss_nss_make_request(enum sss_cli_command cmd, + struct sss_cli_req_data *rd, + uint8_t **repbuf, size_t *replen, + int *errnop) +{ + enum nss_status ret; + char *envval; + + /* avoid looping in the nss daemon */ + envval = getenv("_SSS_LOOPS"); + if (envval && strcmp(envval, "NO") == 0) { + return NSS_STATUS_NOTFOUND; + } + + ret = sss_cli_check_socket(errnop, SSS_NSS_SOCKET_NAME); + if (ret != SSS_STATUS_SUCCESS) { + return NSS_STATUS_UNAVAIL; + } + + return sss_nss_make_request_nochecks(cmd, rd, repbuf, replen, errnop); +} + +int sss_pam_make_request(enum sss_cli_command cmd, + struct sss_cli_req_data *rd, + uint8_t **repbuf, size_t *replen, + int *errnop) +{ + int ret; + char *envval; + struct stat stat_buf; + + /* avoid looping in the pam daemon */ + envval = getenv("_SSS_LOOPS"); + if (envval && strcmp(envval, "NO") == 0) { + return PAM_SERVICE_ERR; + } + + /* only root shall use the privileged pipe */ + if (getuid() == 0 && getgid() == 0) { + ret = stat(SSS_PAM_PRIV_SOCKET_NAME, &stat_buf); + if (ret != 0) return PAM_SERVICE_ERR; + if ( ! (stat_buf.st_uid == 0 && + stat_buf.st_gid == 0 && + (stat_buf.st_mode&(S_IFSOCK|S_IRUSR|S_IWUSR)) == stat_buf.st_mode)) { + return PAM_SERVICE_ERR; + } + + ret = sss_cli_check_socket(errnop, SSS_PAM_PRIV_SOCKET_NAME); + } else { + ret = sss_cli_check_socket(errnop, SSS_PAM_SOCKET_NAME); + } + if (ret != NSS_STATUS_SUCCESS) { + return PAM_SERVICE_ERR; + } + + return sss_nss_make_request_nochecks(cmd, rd, repbuf, replen, errnop); +} diff --git a/server/sss_client/conf_macros.m4 b/server/sss_client/conf_macros.m4 new file mode 100644 index 000000000..cff961bc8 --- /dev/null +++ b/server/sss_client/conf_macros.m4 @@ -0,0 +1,52 @@ +AC_DEFUN([BUILD_WITH_AUX_INFO], + [ AC_ARG_WITH([aux-info], + [AC_HELP_STRING([--with-aux-info], + [Build with -aux-info output])]) + ]) +AM_CONDITIONAL([WANT_AUX_INFO], [test x$with_aux_info = xyes]) + +AC_DEFUN([WITH_PIPE_PATH], + [ AC_ARG_WITH([pipe-path], + [AC_HELP_STRING([--with-pipe-path=PATH], + [Where to store pipe files for the SSSD interconnects [/var/lib/sss/pipes]] + ) + ] + ) + config_pipepath="\"VARDIR\"/lib/sss/pipes" + pipepath="${localstatedir}/lib/sss/pipes" + if test x"$with_pipe_path" != x; then + config_pipepath=$with_pipe_path + pipepath=$with_pipe_path + fi + AC_SUBST(pipepath) + AC_DEFINE_UNQUOTED(PIPE_PATH, "$config_pipepath", [Where to store pipe files for the SSSD interconnects]) + ]) +AC_DEFUN([WITH_MANPAGES], + [ AC_ARG_WITH([manpages], + [AC_HELP_STRING([--with-manpages], + [Whether to regenerate man pages from DocBook sources [yes]] + ) + ], + [], + with_manpages=yes + ) + if test x"$with_manpages" == xyes; then + HAVE_MANPAGES=1 + AC_SUBST(HAVE_MANPAGES) + fi + ]) +AM_CONDITIONAL([BUILD_MANPAGES], [test x$with_manpages = xyes]) + +AC_DEFUN([WITH_XML_CATALOG], + [ AC_ARG_WITH([xml-catalog-path], + [AC_HELP_STRING([--with-xml-catalog-path=PATH], + [Where to look for XML catalog [/etc/xml/catalog]] + ) + ] + ) + SGML_CATALOG_FILES="/etc/xml/catalog" + if test x"$with_xml_catalog_path" != x; then + SGML_CATALOG_FILES="$with_xml_catalog_path" + fi + AC_SUBST([SGML_CATALOG_FILES]) + ]) diff --git a/server/sss_client/config.guess b/server/sss_client/config.guess new file mode 100755 index 000000000..354dbe175 --- /dev/null +++ b/server/sss_client/config.guess @@ -0,0 +1,1464 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. + +timestamp='2005-08-03' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + + +# Originally written by Per Bothner <per@bothner.com>. +# Please send patches to <config-patches@gnu.org>. Submit a context +# diff and a properly formatted ChangeLog entry. +# +# This script attempts to guess a canonical system name similar to +# config.sub. If it succeeds, it prints the system name on stdout, and +# exits with 0. Otherwise, it exits with 1. +# +# The plan is that this can be called by configure scripts if you +# don't specify an explicit build system type. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to <config-patches@gnu.org>." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +trap 'exit 1' 1 2 15 + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# Portable tmp directory creation inspired by the Autoconf team. + +set_cc_for_build=' +trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +: ${TMPDIR=/tmp} ; + { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; +dummy=$tmp/dummy ; +tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; +case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int x;" > $dummy.c ; + for c in cc gcc c89 c99 ; do + if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then + CC_FOR_BUILD="$c"; break ; + fi ; + done ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +esac ; set_cc_for_build= ;' + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + case "${UNAME_MACHINE_ARCH}" in + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently, or will in the future. + case "${UNAME_MACHINE_ARCH}" in + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + eval $set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep __ELF__ >/dev/null + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # The OS release + # Debian GNU/NetBSD machines have a different userland, and + # thus, need a distinct triplet. However, they do not need + # kernel version information, so it can be replaced with a + # suitable tag, in the style of linux-gnu. + case "${UNAME_VERSION}" in + Debian*) + release='-gnu' + ;; + *) + release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + ;; + esac + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} + exit ;; + *:ekkoBSD:*:*) + echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} + exit ;; + macppc:MirBSD:*:*) + echo powerppc-unknown-mirbsd${UNAME_RELEASE} + exit ;; + *:MirBSD:*:*) + echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} + exit ;; + alpha:OSF1:*:*) + case $UNAME_RELEASE in + *4.0) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + ;; + *5.*) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + ;; + esac + # According to Compaq, /usr/sbin/psrinfo has been available on + # OSF/1 and Tru64 systems produced since 1995. I hope that + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` + case "$ALPHA_CPU_TYPE" in + "EV4 (21064)") + UNAME_MACHINE="alpha" ;; + "EV4.5 (21064)") + UNAME_MACHINE="alpha" ;; + "LCA4 (21066/21068)") + UNAME_MACHINE="alpha" ;; + "EV5 (21164)") + UNAME_MACHINE="alphaev5" ;; + "EV5.6 (21164A)") + UNAME_MACHINE="alphaev56" ;; + "EV5.6 (21164PC)") + UNAME_MACHINE="alphapca56" ;; + "EV5.7 (21164PC)") + UNAME_MACHINE="alphapca57" ;; + "EV6 (21264)") + UNAME_MACHINE="alphaev6" ;; + "EV6.7 (21264A)") + UNAME_MACHINE="alphaev67" ;; + "EV6.8CB (21264C)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8AL (21264B)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8CX (21264D)") + UNAME_MACHINE="alphaev68" ;; + "EV6.9A (21264/EV69A)") + UNAME_MACHINE="alphaev69" ;; + "EV7 (21364)") + UNAME_MACHINE="alphaev7" ;; + "EV7.9 (21364A)") + UNAME_MACHINE="alphaev79" ;; + esac + # A Pn.n version is a patched version. + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + exit ;; + Alpha\ *:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # Should we change UNAME_MACHINE based on the output of uname instead + # of the specific Alpha model? + echo alpha-pc-interix + exit ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit ;; + *:[Aa]miga[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-amigaos + exit ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-morphos + exit ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit ;; + *:z/VM:*:*) + echo s390-ibm-zvmoe + exit ;; + *:OS400:*:*) + echo powerpc-ibm-os400 + exit ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit ;; + arm:riscos:*:*|arm:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit ;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit ;; + DRS?6000:unix:4.0:6*) + echo sparc-icl-nx6 + exit ;; + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) + case `/usr/bin/uname -p` in + sparc) echo sparc-icl-nx7; exit ;; + esac ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + i86pc:SunOS:5.*:*) + echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos${UNAME_RELEASE} + ;; + sun4) + echo sparc-sun-sunos${UNAME_RELEASE} + ;; + esac + exit ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint${UNAME_RELEASE} + exit ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint${UNAME_RELEASE} + exit ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint${UNAME_RELEASE} + exit ;; + m68k:machten:*:*) + echo m68k-apple-machten${UNAME_RELEASE} + exit ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix${UNAME_RELEASE} + exit ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c +#ifdef __cplusplus +#include <stdio.h> /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && + dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`$dummy $dummyarg` && + { echo "$SYSTEM_NAME"; exit; } + echo mips-mips-riscos${UNAME_RELEASE} + exit ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ + [ ${TARGET_BINARY_INTERFACE}x = x ] + then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else + echo i586-dg-dgux${UNAME_RELEASE} + fi + exit ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + exit ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include <sys/systemcfg.h> + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` + then + echo "$SYSTEM_NAME" + else + echo rs6000-ibm-aix3.2.5 + fi + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit ;; + *:AIX:*:[45]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; + '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "${HP_ARCH}" = "" ]; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + + #define _HPUX_SOURCE + #include <stdlib.h> + #include <unistd.h> + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac + if [ ${HP_ARCH} = "hppa2.0w" ] + then + eval $set_cc_for_build + + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler + # generating 64-bit code. GNU and HP use different nomenclature: + # + # $ CC_FOR_BUILD=cc ./config.guess + # => hppa2.0w-hp-hpux11.23 + # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess + # => hppa64-hp-hpux11.23 + + if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + grep __LP64__ >/dev/null + then + HP_ARCH="hppa2.0w" + else + HP_ARCH="hppa64" + fi + fi + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux${HPUX_REV} + exit ;; + 3050*:HI-UX:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include <unistd.h> + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } + echo unknown-hitachi-hiuxwe2 + exit ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + *:UNICOS/mp:*:*) + echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + 5000:UNIX_System_V:4.*:*) + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi${UNAME_RELEASE} + exit ;; + *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit ;; + *:FreeBSD:*:*) + echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit ;; + i*:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit ;; + i*:windows32*:*) + # uname -m includes "-pc" on this system. + echo ${UNAME_MACHINE}-mingw32 + exit ;; + i*:PW*:*) + echo ${UNAME_MACHINE}-pc-pw32 + exit ;; + x86:Interix*:[34]*) + echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//' + exit ;; + [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) + echo i${UNAME_MACHINE}-pc-mks + exit ;; + i*:Windows_NT*:* | Pentium*:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we + # UNAME_MACHINE based on the output of uname instead of i386? + echo i586-pc-interix + exit ;; + i*:UWIN*:*) + echo ${UNAME_MACHINE}-pc-uwin + exit ;; + amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) + echo x86_64-unknown-cygwin + exit ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin + exit ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + *:GNU:*:*) + # the GNU system + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + exit ;; + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit ;; + arm*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + cris:Linux:*:*) + echo cris-axis-linux-gnu + exit ;; + crisv32:Linux:*:*) + echo crisv32-axis-linux-gnu + exit ;; + frv:Linux:*:*) + echo frv-unknown-linux-gnu + exit ;; + ia64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + m32r*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + m68*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + mips:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef mips + #undef mipsel + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=mipsel + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=mips + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + ;; + mips64:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef mips64 + #undef mips64el + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=mips64el + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=mips64 + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + ;; + or32:Linux:*:*) + echo or32-unknown-linux-gnu + exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu + exit ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu + exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-gnu ;; + PA8*) echo hppa2.0-unknown-linux-gnu ;; + *) echo hppa-unknown-linux-gnu ;; + esac + exit ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu + exit ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo ${UNAME_MACHINE}-ibm-linux + exit ;; + sh64*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + sh*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + x86_64:Linux:*:*) + echo x86_64-unknown-linux-gnu + exit ;; + i*86:Linux:*:*) + # The BFD linker knows what the default object file format is, so + # first see if it will tell us. cd to the root directory to prevent + # problems with other programs or directories called `ld' in the path. + # Set LC_ALL=C to ensure ld outputs messages in English. + ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ + | sed -ne '/supported targets:/!d + s/[ ][ ]*/ /g + s/.*supported targets: *// + s/ .*// + p'` + case "$ld_supported_targets" in + elf32-i386) + TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" + ;; + a.out-i386-linux) + echo "${UNAME_MACHINE}-pc-linux-gnuaout" + exit ;; + coff-i386) + echo "${UNAME_MACHINE}-pc-linux-gnucoff" + exit ;; + "") + # Either a pre-BFD a.out linker (linux-gnuoldld) or + # one that does not give us useful --help. + echo "${UNAME_MACHINE}-pc-linux-gnuoldld" + exit ;; + esac + # Determine whether the default compiler is a.out or elf + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include <features.h> + #ifdef __ELF__ + # ifdef __GLIBC__ + # if __GLIBC__ >= 2 + LIBC=gnu + # else + LIBC=gnulibc1 + # endif + # else + LIBC=gnulibc1 + # endif + #else + #ifdef __INTEL_COMPILER + LIBC=gnu + #else + LIBC=gnuaout + #endif + #endif + #ifdef __dietlibc__ + LIBC=dietlibc + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` + test x"${LIBC}" != x && { + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + exit + } + test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } + ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + exit ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo ${UNAME_MACHINE}-pc-os2-emx + exit ;; + i*86:XTS-300:*:STOP) + echo ${UNAME_MACHINE}-unknown-stop + exit ;; + i*86:atheos:*:*) + echo ${UNAME_MACHINE}-unknown-atheos + exit ;; + i*86:syllable:*:*) + echo ${UNAME_MACHINE}-pc-syllable + exit ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit ;; + i*86:*DOS:*:*) + echo ${UNAME_MACHINE}-pc-msdosdjgpp + exit ;; + i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) + UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + fi + exit ;; + i*86:*:5:[678]*) + # UnixWare 7.x, OpenUNIX and OpenServer 6. + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + exit ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name` + echo ${UNAME_MACHINE}-pc-isc$UNAME_REL + elif /bin/uname -X 2>/dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i386. + echo i386-pc-msdosdjgpp + exit ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit ;; + M680?0:D-NIX:5.3:*) + echo m68k-diab-dnix + exit ;; + M68*:*:R3V[5678]*:*) + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4; exit; } ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + echo powerpc-unknown-lynxos${UNAME_RELEASE} + exit ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says <Richard.M.Bartel@ccMail.Census.GOV> + echo i586-unisys-sysv4 + exit ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes <hewes@openmarket.com>. + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit ;; + i*86:VOS:*:*) + # From Paul.Green@stratus.com. + echo ${UNAME_MACHINE}-stratus-vos + exit ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux${UNAME_RELEASE} + exit ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux${UNAME_RELEASE} + exit ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} + exit ;; + *:Rhapsody:*:*) + echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + exit ;; + *:Darwin:*:*) + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown + case $UNAME_PROCESSOR in + *86) UNAME_PROCESSOR=i686 ;; + unknown) UNAME_PROCESSOR=powerpc ;; + esac + echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + exit ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = "x86"; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + exit ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit ;; + NSE-?:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk${UNAME_RELEASE} + exit ;; + NSR-?:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk${UNAME_RELEASE} + exit ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit ;; + DS/*:UNIX_System_V:*:*) + echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + exit ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + if test "$cputype" = "386"; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo ${UNAME_MACHINE}-unknown-plan9 + exit ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit ;; + SEI:*:*:SEIUX) + echo mips-sei-seiux${UNAME_RELEASE} + exit ;; + *:DragonFly:*:*) + echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit ;; + *:*VMS:*:*) + UNAME_MACHINE=`(uname -p) 2>/dev/null` + case "${UNAME_MACHINE}" in + A*) echo alpha-dec-vms ; exit ;; + I*) echo ia64-dec-vms ; exit ;; + V*) echo vax-dec-vms ; exit ;; + esac ;; + *:XENIX:*:SysV) + echo i386-pc-xenix + exit ;; + i*86:skyos:*:*) + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + exit ;; +esac + +#echo '(No uname command or uname output not recognized.)' 1>&2 +#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 + +eval $set_cc_for_build +cat >$dummy.c <<EOF +#ifdef _SEQUENT_ +# include <sys/types.h> +# include <sys/utsname.h> +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include <sys/param.h> + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix\n"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +# if !defined (ultrix) +# include <sys/param.h> +# if defined (BSD) +# if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +# else +# if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# endif +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# else + printf ("vax-dec-ultrix\n"); exit (0); +# endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit ;; + c34*) + echo c34-convex-bsd + exit ;; + c38*) + echo c38-convex-bsd + exit ;; + c4*) + echo c4-convex-bsd + exit ;; + esac +fi + +cat >&2 <<EOF +$0: unable to guess system type + +This script, last modified $timestamp, has failed to recognize +the operating system you are using. It is advised that you +download the most up to date version of the config scripts from + + http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess +and + http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub + +If the version you run ($0) is already up to date, please +send the following data and any information you think might be +pertinent to <config-patches@gnu.org> in order to provide the needed +information to handle your system. + +config.guess timestamp = $timestamp + +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = ${UNAME_MACHINE} +UNAME_RELEASE = ${UNAME_RELEASE} +UNAME_SYSTEM = ${UNAME_SYSTEM} +UNAME_VERSION = ${UNAME_VERSION} +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/server/sss_client/config.sub b/server/sss_client/config.sub new file mode 100755 index 000000000..23cd6fd75 --- /dev/null +++ b/server/sss_client/config.sub @@ -0,0 +1,1577 @@ +#! /bin/sh +# Configuration validation subroutine script. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. + +timestamp='2005-07-08' + +# This file is (in principle) common to ALL GNU software. +# The presence of a machine in this file suggests that SOME GNU software +# can handle that machine. It does not imply ALL GNU software can. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + + +# Please send patches to <config-patches@gnu.org>. Submit a context +# diff and a properly formatted ChangeLog entry. +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS + $0 [OPTION] ALIAS + +Canonicalize a configuration name. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to <config-patches@gnu.org>." + +version="\ +GNU config.sub ($timestamp) + +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo $1 + exit ;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \ + kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple | -axis | -knuth | -cray) + os= + basic_machine=$1 + ;; + -sim | -cisco | -oki | -wec | -winbond) + os= + basic_machine=$1 + ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco5) + os=-sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -udk*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ + | bfin \ + | c4x | clipper \ + | d10v | d30v | dlx | dsp16xx \ + | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | i370 | i860 | i960 | ia64 \ + | ip2k | iq2000 \ + | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ + | mips64vr | mips64vrel \ + | mips64orion | mips64orionel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mips64vr5900 | mips64vr5900el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ + | ms1 \ + | msp430 \ + | ns16k | ns32k \ + | or32 \ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ + | pyramid \ + | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ + | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \ + | sparcv8 | sparcv9 | sparcv9b \ + | strongarm \ + | tahoe | thumb | tic4x | tic80 | tron \ + | v850 | v850e \ + | we32k \ + | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \ + | z8k) + basic_machine=$basic_machine-unknown + ;; + m32c) + basic_machine=$basic_machine-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12) + # Motorola 68HC11/12. + basic_machine=$basic_machine-unknown + os=-none + ;; + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + ;; + + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i*86 | x86_64) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* \ + | bfin-* | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ + | clipper-* | craynv-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | elxsi-* \ + | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* | iq2000-* \ + | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | maxq-* | mcore-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ + | mips64vr-* | mips64vrel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* \ + | mips64vr5000-* | mips64vr5000el-* \ + | mips64vr5900-* | mips64vr5900el-* \ + | mipsisa32-* | mipsisa32el-* \ + | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa64-* | mipsisa64el-* \ + | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipstx39-* | mipstx39el-* \ + | mmix-* \ + | ms1-* \ + | msp430-* \ + | none-* | np1-* | ns16k-* | ns32k-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ + | pyramid-* \ + | romp-* | rs6000-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \ + | sparclite-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ + | tahoe-* | thumb-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tron-* \ + | v850-* | v850e-* | vax-* \ + | we32k-* \ + | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \ + | xstormy16-* | xtensa-* \ + | ymp-* \ + | z8k-*) + ;; + m32c-*) + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-unknown + os=-bsd + ;; + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + abacus) + basic_machine=abacus-unknown + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amd64) + basic_machine=x86_64-pc + ;; + amd64-*) + basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-unknown + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + c90) + basic_machine=c90-cray + os=-unicos + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | j90) + basic_machine=j90-cray + os=-unicos + ;; + craynv) + basic_machine=craynv-cray + os=-unicosmp + ;; + cr16c) + basic_machine=cr16c-unknown + os=-elf + ;; + crds | unos) + basic_machine=m68k-crds + ;; + crisv32 | crisv32-* | etraxfs*) + basic_machine=crisv32-axis + ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; + crx) + basic_machine=crx-unknown + os=-elf + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + decsystem10* | dec10*) + basic_machine=pdp10-dec + os=-tops10 + ;; + decsystem20* | dec20*) + basic_machine=pdp10-dec + os=-tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + djgpp) + basic_machine=i586-pc + os=-msdosdjgpp + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + go32) + basic_machine=i386-pc + os=-go32 + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + basic_machine=hppa1.1-hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; +# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i*86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i*86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i*86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + i386-vsta | vsta) + basic_machine=i386-unknown + os=-vsta + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 + ;; + miniframe) + basic_machine=m68000-convergent + ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + morphos) + basic_machine=powerpc-unknown + os=-morphos + ;; + msdos) + basic_machine=i386-pc + os=-msdos + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + necv70) + basic_machine=v70-nec + os=-sysv + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; + np1) + basic_machine=np1-gould + ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + op50n-* | op60c-*) + basic_machine=hppa1.1-oki + os=-proelf + ;; + openrisc | openrisc-*) + basic_machine=or32-unknown + ;; + os400) + basic_machine=powerpc-ibm + os=-os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pentium | p5 | k5 | k6 | nexgen | viac3) + basic_machine=i586-pc + ;; + pentiumpro | p6 | 6x86 | athlon | athlon_*) + basic_machine=i686-pc + ;; + pentiumii | pentium2 | pentiumiii | pentium3) + basic_machine=i686-pc + ;; + pentium4) + basic_machine=i786-pc + ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-* | 6x86-* | athlon-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentium4-*) + basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=power-ibm + ;; + ppc) basic_machine=powerpc-unknown + ;; + ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64) basic_machine=powerpc64-unknown + ;; + ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64le | powerpc64little | ppc64-le | powerpc64-little) + basic_machine=powerpc64le-unknown + ;; + ppc64le-* | powerpc64little-*) + basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + pw32) + basic_machine=i586-unknown + os=-pw32 + ;; + rom68k) + basic_machine=m68k-rom68k + os=-coff + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + s390 | s390-*) + basic_machine=s390-ibm + ;; + s390x | s390x-*) + basic_machine=s390x-ibm + ;; + sa29200) + basic_machine=a29k-amd + os=-udi + ;; + sb1) + basic_machine=mipsisa64sb1-unknown + ;; + sb1el) + basic_machine=mipsisa64sb1el-unknown + ;; + sei) + basic_machine=mips-sei + os=-seiux + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sh64) + basic_machine=sh64-unknown + ;; + sparclite-wrs | simso-wrs) + basic_machine=sparclite-wrs + os=-vxworks + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + st2000) + basic_machine=m68k-tandem + ;; + stratus) + basic_machine=i860-stratus + os=-sysv4 + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + sv1) + basic_machine=sv1-cray + os=-unicos + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + t3e) + basic_machine=alphaev5-cray + os=-unicos + ;; + t90) + basic_machine=t90-cray + os=-unicos + ;; + tic54x | c54x*) + basic_machine=tic54x-unknown + os=-coff + ;; + tic55x | c55x*) + basic_machine=tic55x-unknown + os=-coff + ;; + tic6x | c6x*) + basic_machine=tic6x-unknown + os=-coff + ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; + toad1) + basic_machine=pdp10-xkl + os=-tops20 + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + tpf) + basic_machine=s390x-ibm + os=-tpf + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=-none + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + w65*) + basic_machine=w65-wdc + os=-none + ;; + w89k-*) + basic_machine=hppa1.1-winbond + os=-proelf + ;; + xbox) + basic_machine=i686-pc + os=-mingw32 + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + ymp) + basic_machine=ymp-cray + os=-unicos + ;; + z8k-*-coff) + basic_machine=z8k-unknown + os=-sim + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + w89k) + basic_machine=hppa1.1-winbond + ;; + op50n) + basic_machine=hppa1.1-oki + ;; + op60c) + basic_machine=hppa1.1-oki + ;; + romp) + basic_machine=romp-ibm + ;; + mmix) + basic_machine=mmix-knuth + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp10) + # there are many clones, so DEC is not a safe bet + basic_machine=pdp10-unknown + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) + basic_machine=sh-unknown + ;; + sparc | sparcv8 | sparcv9 | sparcv9b) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + mac | mpw | mac-mpw) + basic_machine=m68k-apple + ;; + pmac | pmac-mpw) + basic_machine=powerpc-apple + ;; + *-unknown) + # Make sure to match an already-canonicalized machine name. + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -svr4*) + os=-sysv4 + ;; + -unixware*) + os=-sysv4.2uw + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* \ + | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ + | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ + | -skyos* | -haiku*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -qnx*) + case $basic_machine in + x86-* | i*86-*) + ;; + *) + os=-nto$os + ;; + esac + ;; + -nto-qnx*) + ;; + -nto*) + os=`echo $os | sed -e 's|nto|nto-qnx|'` + ;; + -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo $os | sed -e 's|mac|macos|'` + ;; + -linux-dietlibc) + os=-linux-dietlibc + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -opened*) + os=-openedition + ;; + -os400*) + os=-os400 + ;; + -wince*) + os=-wince + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -atheos*) + os=-atheos + ;; + -syllable*) + os=-syllable + ;; + -386bsd) + os=-bsd + ;; + -ctix* | -uts*) + os=-sysv + ;; + -nova*) + os=-rtmk-nova + ;; + -ns2 ) + os=-nextstep2 + ;; + -nsk*) + os=-nsk + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -tpf*) + os=-tpf + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -ose*) + os=-ose + ;; + -es1800*) + os=-ose + ;; + -xenix) + os=-xenix + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; + -aros*) + os=-aros + ;; + -kaos*) + os=-kaos + ;; + -zvmoe) + os=-zvmoe + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + *-acorn) + os=-riscix1.2 + ;; + arm*-rebel) + os=-linux + ;; + arm*-semi) + os=-aout + ;; + c4x-* | tic4x-*) + os=-coff + ;; + # This must come before the *-dec entry. + pdp10-*) + os=-tops20 + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + # This also exists in the configure program, but was not the + # default. + # os=-sunos4 + ;; + m68*-cisco) + os=-aout + ;; + mips*-cisco) + os=-elf + ;; + mips*-*) + os=-elf + ;; + or32-*) + os=-coff + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-be) + os=-beos + ;; + *-haiku) + os=-haiku + ;; + *-ibm) + os=-aix + ;; + *-knuth) + os=-mmixware + ;; + *-wec) + os=-proelf + ;; + *-winbond) + os=-proelf + ;; + *-oki) + os=-proelf + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigaos + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f30[01]-fujitsu | f700-fujitsu) + os=-uxpv + ;; + *-rom68k) + os=-coff + ;; + *-*bug) + os=-coff + ;; + *-apple) + os=-macos + ;; + *-atari*) + os=-mint + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -aix*) + vendor=ibm + ;; + -beos*) + vendor=be + ;; + -hpux*) + vendor=hp + ;; + -mpeix*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs* | -opened*) + vendor=ibm + ;; + -os400*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -tpf*) + vendor=ibm + ;; + -vxsim* | -vxworks* | -windiss*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + -hms*) + vendor=hitachi + ;; + -mpw* | -macos*) + vendor=apple + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + vendor=atari + ;; + -vos*) + vendor=stratus + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os +exit + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/server/sss_client/configure.ac b/server/sss_client/configure.ac new file mode 100644 index 000000000..c32bb6fd6 --- /dev/null +++ b/server/sss_client/configure.ac @@ -0,0 +1,54 @@ +AC_PREREQ(2.50) +m4_include([../version.m4]) +AC_INIT([sss_client], + VERSION_NUMBER, + [sssd-devel@lists.fedorahosted.org]) +AC_CONFIG_SRCDIR([common.c]) +AC_CONFIG_HEADER(config.h) +AC_CONFIG_AUX_DIR([build]) +AM_INIT_AUTOMAKE([-Wall foreign subdir-objects]) +AM_PROG_CC_C_O +AC_DISABLE_STATIC +AC_PROG_LIBTOOL +AC_CONFIG_MACRO_DIR([m4]) +AM_GNU_GETTEXT([external]) +AM_GNU_GETTEXT_VERSION([0.14]) + +AM_CONDITIONAL([HAVE_GCC], [test "$ac_cv_prog_gcc" = yes]) + +AC_CHECK_TYPES([errno_t], [], [], [[#include <errno.h>]]) + +m4_pattern_allow([AM_SILENT_RULES]) +AM_SILENT_RULES + +AC_SUBST(PAM_LIBS) + +#Check for PAM headers +AC_CHECK_HEADERS([security/pam_appl.h security/pam_misc.h security/pam_modules.h], + [AC_CHECK_LIB(pam, pam_get_item, [ PAM_LIBS="-lpam" ], [AC_MSG_ERROR([PAM must support pam_get_item])])], + [AC_MSG_ERROR([PAM development libraries not installed])] +) + +#Set the NSS library install path +AC_ARG_ENABLE([nsslibdir], [AS_HELP_STRING([--enable-nsslibdir], + [Where to install nss libraries ($libdir)])], + [nsslibdir=$enableval], + [nsslibdir=$libdir]) +AC_SUBST(nsslibdir) + +m4_include([conf_macros.m4]) +BUILD_WITH_AUX_INFO +WITH_PIPE_PATH +WITH_MANPAGES +WITH_XML_CATALOG + +m4_include([external/docbook.m4]) +if test x$HAVE_MANPAGES != x; then + CHECK_XML_TOOLS + CHECK_STYLESHEET([$SGML_CATALOG_FILES], + [http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl], + [Docbook XSL templates]) +fi + +AC_CONFIG_FILES([Makefile po/Makefile.in]) +AC_OUTPUT diff --git a/server/sss_client/external/docbook.m4 b/server/sss_client/external/docbook.m4 new file mode 100644 index 000000000..cae89feb1 --- /dev/null +++ b/server/sss_client/external/docbook.m4 @@ -0,0 +1,35 @@ +dnl Checks for tools needed to generate manual pages +AC_DEFUN([CHECK_XML_TOOLS], +[ + AC_PATH_PROG([XSLTPROC], [xsltproc]) + if test ! -x "$XSLTPROC"; then + AC_MSG_ERROR([Could not find xsltproc]) + fi + + AC_PATH_PROG([XMLLINT], [xmllint]) + if test ! -x "$XMLLINT"; then + AC_MSG_ERROR([Could not find xmllint]) + fi + + AC_PATH_PROG([XMLCATALOG], [xmlcatalog]) + if test ! -x "$XMLCATALOG"; then + AC_MSG_ERROR([Could not find xmlcatalog]) + fi +]) + +dnl Usage: +dnl CHECK_STYLESHEET_URI(FILE, URI, [FRIENDLY-NAME]) +dnl Checks if the XML catalog given by FILE exists and +dnl if a particular URI appears in the XML catalog +AC_DEFUN([CHECK_STYLESHEET], +[ + AC_CHECK_FILE($1, [], [AC_MSG_ERROR([could not find XML catalog])]) + + AC_MSG_CHECKING([for ifelse([$3],,[$2],[$3]) in XML catalog]) + if AC_RUN_LOG([$XMLCATALOG --noout "$1" "$2" >&2]); then + AC_MSG_RESULT([yes]) + else + AC_MSG_ERROR([could not find ifelse([$3],,[$2],[$3]) in XML catalog]) + fi +]) + diff --git a/server/sss_client/group.c b/server/sss_client/group.c new file mode 100644 index 000000000..675b8b71e --- /dev/null +++ b/server/sss_client/group.c @@ -0,0 +1,435 @@ +/* + * System Security Services Daemon. NSS client interface + * + * Copyright (C) Simo Sorce 2007 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* GROUP database NSS interface */ + +#include <nss.h> +#include <errno.h> +#include <sys/types.h> +#include <unistd.h> +#include <stdlib.h> +#include <stdint.h> +#include <string.h> +#include "sss_cli.h" + +static struct sss_nss_getgrent_data { + size_t len; + size_t ptr; + uint8_t *data; +} sss_nss_getgrent_data; + +static void sss_nss_getgrent_data_clean(void) { + + if (sss_nss_getgrent_data.data != NULL) { + free(sss_nss_getgrent_data.data); + sss_nss_getgrent_data.data = NULL; + } + sss_nss_getgrent_data.len = 0; + sss_nss_getgrent_data.ptr = 0; +} + +/* GETGRNAM Request: + * + * 0-X: string with name + * + * GERTGRGID Request: + * + * 0-7: 32bit number with gid + * + * INITGROUPS Request: + * + * 0-3: 32bit number with gid + * 4-7: 32bit unsigned with max num of entries + * + * Replies: + * + * 0-3: 32bit unsigned number of results + * 4-7: 32bit unsigned (reserved/padding) + * For each result (64bit padded ?): + * 0-3: 32bit number gid + * 4-7: 32bit unsigned number of members + * 8-X: sequence of 0 terminated strings (name, passwd, mem..) + * + * FIXME: do we need to pad so that each result is 32 bit aligned ? + */ +struct sss_nss_gr_rep { + struct group *result; + char *buffer; + size_t buflen; +}; + +static int sss_nss_getgr_readrep(struct sss_nss_gr_rep *pr, + uint8_t *buf, size_t *len) +{ + size_t i, l, slen, ptmem; + ssize_t dlen; + char *sbuf; + uint32_t mem_num; + + if (*len < 11) { /* not enough space for data, bad packet */ + return EBADMSG; + } + + pr->result->gr_gid = ((uint32_t *)buf)[0]; + mem_num = ((uint32_t *)buf)[1]; + + sbuf = (char *)&buf[8]; + slen = *len - 8; + dlen = pr->buflen; + + pr->result->gr_name = &(pr->buffer[0]); + i = 0; + while (slen > i && dlen > 0) { + pr->buffer[i] = sbuf[i]; + if (pr->buffer[i] == '\0') break; + i++; + dlen--; + } + if (slen <= i) { /* premature end of buf */ + return EBADMSG; + } + if (dlen <= 0) { /* not enough memory */ + return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ + } + i++; + dlen--; + + pr->result->gr_passwd = &(pr->buffer[i]); + while (slen > i && dlen > 0) { + pr->buffer[i] = sbuf[i]; + if (pr->buffer[i] == '\0') break; + i++; + dlen--; + } + if (slen <= i) { /* premature end of buf */ + return EBADMSG; + } + if (dlen <= 0) { /* not enough memory */ + return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ + } + i++; + dlen--; + + /* now members */ + pr->result->gr_mem = (char **)&(pr->buffer[i]); + ptmem = sizeof(char *) * (mem_num + 1); + if (ptmem > dlen) { + return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ + } + dlen -= ptmem; + ptmem += i; + pr->result->gr_mem[mem_num] = NULL; /* terminate array */ + + for (l = 0; l < mem_num; l++) { + pr->result->gr_mem[l] = &(pr->buffer[ptmem]); + while ((slen > i) && (dlen > 0)) { + pr->buffer[ptmem] = sbuf[i]; + if (pr->buffer[ptmem] == '\0') break; + i++; + dlen--; + ptmem++; + } + if (slen <= i) { /* premature end of buf */ + return EBADMSG; + } + if (dlen <= 0) { /* not enough memory */ + return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ + } + i++; + dlen--; + ptmem++; + } + + *len = slen -i; + return 0; +} + +/* INITGROUP Reply: + * + * 0-3: 32bit unsigned number of results + * 4-7: 32bit unsigned (reserved/padding) + * For each result: + * 0-4: 32bit number with gid + */ + + +enum nss_status _nss_sss_initgroups_dyn(const char *user, gid_t group, + long int *start, long int *size, + gid_t **groups, long int limit, + int *errnop) +{ + struct sss_cli_req_data rd; + uint8_t *repbuf; + size_t replen; + enum nss_status nret; + uint32_t *rbuf; + uint32_t num_ret; + long int l, max_ret; + + rd.len = strlen(user) +1; + rd.data = user; + + nret = sss_nss_make_request(SSS_NSS_INITGR, &rd, + &repbuf, &replen, errnop); + if (nret != NSS_STATUS_SUCCESS) { + return nret; + } + + /* no results if not found */ + num_ret = ((uint32_t *)repbuf)[0]; + if (num_ret == 0) { + free(repbuf); + return NSS_STATUS_NOTFOUND; + } + max_ret = num_ret; + + /* check we have enough space in the buffer */ + if ((*size - *start) < num_ret) { + long int newsize; + gid_t *newgroups; + + newsize = *size + num_ret; + if ((limit > 0) && (newsize > limit)) { + newsize = limit; + max_ret = newsize - *start; + } + + newgroups = (gid_t *)realloc((*groups), newsize * sizeof(**groups)); + if (!newgroups) { + *errnop = ENOMEM; + free(repbuf); + return NSS_STATUS_TRYAGAIN; + } + *groups = newgroups; + *size = newsize; + } + + rbuf = &((uint32_t *)repbuf)[2]; + for (l = 0; l < max_ret; l++) { + (*groups)[*start] = rbuf[l]; + *start += 1; + } + + return NSS_STATUS_SUCCESS; +} + + +enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result, + char *buffer, size_t buflen, int *errnop) +{ + struct sss_cli_req_data rd; + struct sss_nss_gr_rep grrep; + uint8_t *repbuf; + size_t replen, len; + enum nss_status nret; + int ret; + + /* Caught once glibc passing in buffer == 0x0 */ + if (!buffer || !buflen) return ERANGE; + + rd.len = strlen(name) + 1; + rd.data = name; + + nret = sss_nss_make_request(SSS_NSS_GETGRNAM, &rd, + &repbuf, &replen, errnop); + if (nret != NSS_STATUS_SUCCESS) { + return nret; + } + + grrep.result = result; + grrep.buffer = buffer; + grrep.buflen = buflen; + + /* no results if not found */ + if (((uint32_t *)repbuf)[0] == 0) { + free(repbuf); + return NSS_STATUS_NOTFOUND; + } + + /* only 1 result is accepted for this function */ + if (((uint32_t *)repbuf)[0] != 1) { + *errnop = EBADMSG; + return NSS_STATUS_TRYAGAIN; + } + + len = replen - 8; + ret = sss_nss_getgr_readrep(&grrep, repbuf+8, &len); + free(repbuf); + if (ret) { + *errnop = ret; + return NSS_STATUS_TRYAGAIN; + } + + return NSS_STATUS_SUCCESS; +} + +enum nss_status _nss_sss_getgrgid_r(gid_t gid, struct group *result, + char *buffer, size_t buflen, int *errnop) +{ + struct sss_cli_req_data rd; + struct sss_nss_gr_rep grrep; + uint8_t *repbuf; + size_t replen, len; + enum nss_status nret; + uint32_t group_gid; + int ret; + + /* Caught once glibc passing in buffer == 0x0 */ + if (!buffer || !buflen) return ERANGE; + + group_gid = gid; + rd.len = sizeof(uint32_t); + rd.data = &group_gid; + + nret = sss_nss_make_request(SSS_NSS_GETGRGID, &rd, + &repbuf, &replen, errnop); + if (nret != NSS_STATUS_SUCCESS) { + return nret; + } + + grrep.result = result; + grrep.buffer = buffer; + grrep.buflen = buflen; + + /* no results if not found */ + if (((uint32_t *)repbuf)[0] == 0) { + free(repbuf); + return NSS_STATUS_NOTFOUND; + } + + /* only 1 result is accepted for this function */ + if (((uint32_t *)repbuf)[0] != 1) { + *errnop = EBADMSG; + return NSS_STATUS_TRYAGAIN; + } + + len = replen - 8; + ret = sss_nss_getgr_readrep(&grrep, repbuf+8, &len); + free(repbuf); + if (ret) { + *errnop = ret; + return NSS_STATUS_TRYAGAIN; + } + + return NSS_STATUS_SUCCESS; +} + +enum nss_status _nss_sss_setgrent(void) +{ + enum nss_status nret; + int errnop; + + /* make sure we do not have leftovers, and release memory */ + sss_nss_getgrent_data_clean(); + + nret = sss_nss_make_request(SSS_NSS_SETGRENT, + NULL, NULL, NULL, &errnop); + if (nret != NSS_STATUS_SUCCESS) { + errno = errnop; + return nret; + } + + return NSS_STATUS_SUCCESS; +} + +enum nss_status _nss_sss_getgrent_r(struct group *result, + char *buffer, size_t buflen, int *errnop) +{ + struct sss_cli_req_data rd; + struct sss_nss_gr_rep grrep; + uint8_t *repbuf; + size_t replen; + enum nss_status nret; + uint32_t num_entries; + int ret; + + /* Caught once glibc passing in buffer == 0x0 */ + if (!buffer || !buflen) return ERANGE; + + /* if there are leftovers return the next one */ + if (sss_nss_getgrent_data.data != NULL && + sss_nss_getgrent_data.ptr < sss_nss_getgrent_data.len) { + + repbuf = (uint8_t *)sss_nss_getgrent_data.data + + sss_nss_getgrent_data.ptr; + replen = sss_nss_getgrent_data.len - + sss_nss_getgrent_data.ptr; + + grrep.result = result; + grrep.buffer = buffer; + grrep.buflen = buflen; + + ret = sss_nss_getgr_readrep(&grrep, repbuf, &replen); + if (ret) { + *errnop = ret; + return NSS_STATUS_TRYAGAIN; + } + + /* advance buffer pointer */ + sss_nss_getgrent_data.ptr = sss_nss_getgrent_data.len - replen; + + return NSS_STATUS_SUCCESS; + } + + /* release memory if any */ + sss_nss_getgrent_data_clean(); + + /* retrieve no more than SSS_NSS_MAX_ENTRIES at a time */ + num_entries = SSS_NSS_MAX_ENTRIES; + rd.len = sizeof(uint32_t); + rd.data = &num_entries; + + nret = sss_nss_make_request(SSS_NSS_GETGRENT, &rd, + &repbuf, &replen, errnop); + if (nret != NSS_STATUS_SUCCESS) { + return nret; + } + + /* no results if not found */ + if ((((uint32_t *)repbuf)[0] == 0) || (replen - 8 == 0)) { + free(repbuf); + return NSS_STATUS_NOTFOUND; + } + + sss_nss_getgrent_data.data = repbuf; + sss_nss_getgrent_data.len = replen; + sss_nss_getgrent_data.ptr = 8; /* skip metadata fields */ + + /* call again ourselves, this will return the first result */ + return _nss_sss_getgrent_r(result, buffer, buflen, errnop); +} + +enum nss_status _nss_sss_endgrent(void) +{ + enum nss_status nret; + int errnop; + + /* make sure we do not have leftovers, and release memory */ + sss_nss_getgrent_data_clean(); + + nret = sss_nss_make_request(SSS_NSS_ENDGRENT, + NULL, NULL, NULL, &errnop); + if (nret != NSS_STATUS_SUCCESS) { + errno = errnop; + return nret; + } + + return NSS_STATUS_SUCCESS; +} diff --git a/server/sss_client/install-sh b/server/sss_client/install-sh new file mode 100755 index 000000000..58719246f --- /dev/null +++ b/server/sss_client/install-sh @@ -0,0 +1,238 @@ +#! /bin/sh +# +# install - install a program, script, or datafile +# This comes from X11R5. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. +# + + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +transformbasename="" +transform_arg="" +instcmd="$mvprog" +chmodcmd="$chmodprog 0755" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src="" +dst="" +dir_arg="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + -t=*) transformarg=`echo $1 | sed 's/-t=//'` + shift + continue;; + + -b=*) transformbasename=`echo $1 | sed 's/-b=//'` + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + # this colon is to work around a 386BSD /bin/sh bug + : + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +else + true +fi + +if [ x"$dir_arg" != x ]; then + dst=$src + src="" + + if [ -d $dst ]; then + instcmd=: + else + instcmd=mkdir + fi +else + +# Waiting for this to be detected by the "$instcmd $src $dsttmp" command +# might cause directories to be created, which would be especially bad +# if $src (and thus $dsttmp) contains '*'. + + if [ -f $src -o -d $src ] + then + true + else + echo "install: $src does not exist" + exit 1 + fi + + if [ x"$dst" = x ] + then + echo "install: no destination specified" + exit 1 + else + true + fi + +# If destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + + if [ -d $dst ] + then + dst="$dst"/`basename $src` + else + true + fi +fi + +## this sed command emulates the dirname command +dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` + +# Make sure that the destination directory exists. +# this part is taken from Noah Friedman's mkinstalldirs script + +# Skip lots of stat calls in the usual case. +if [ ! -d "$dstdir" ]; then +defaultIFS=' +' +IFS="${IFS-${defaultIFS}}" + +oIFS="${IFS}" +# Some sh's can't handle IFS=/ for some reason. +IFS='%' +set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` +IFS="${oIFS}" + +pathcomp='' + +while [ $# -ne 0 ] ; do + pathcomp="${pathcomp}${1}" + shift + + if [ ! -d "${pathcomp}" ] ; + then + $mkdirprog "${pathcomp}" + else + true + fi + + pathcomp="${pathcomp}/" +done +fi + +if [ x"$dir_arg" != x ] +then + $doit $instcmd $dst && + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi +else + +# If we're going to rename the final executable, determine the name now. + + if [ x"$transformarg" = x ] + then + dstfile=`basename $dst` + else + dstfile=`basename $dst $transformbasename | + sed $transformarg`$transformbasename + fi + +# don't allow the sed command to completely eliminate the filename + + if [ x"$dstfile" = x ] + then + dstfile=`basename $dst` + else + true + fi + +# Make a temp file name in the proper directory. + + dsttmp=$dstdir/#inst.$$# + +# Move or copy the file name to the temp name + + $doit $instcmd $src $dsttmp && + + trap "rm -f ${dsttmp}" 0 && + +# and set any options; do chmod last to preserve setuid bits + +# If any of these fail, we abort the whole thing. If we want to +# ignore errors from any of these, just make sure not to ignore +# errors from the above "$doit $instcmd $src $dsttmp" command. + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && + +# Now rename the file to the real destination. + + $doit $rmcmd -f $dstdir/$dstfile && + $doit $mvcmd $dsttmp $dstdir/$dstfile + +fi && + + +exit 0 diff --git a/server/sss_client/m4/.dir b/server/sss_client/m4/.dir new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/server/sss_client/m4/.dir diff --git a/server/sss_client/man/pam_sss.8.xml b/server/sss_client/man/pam_sss.8.xml new file mode 100644 index 000000000..f6ac9f477 --- /dev/null +++ b/server/sss_client/man/pam_sss.8.xml @@ -0,0 +1,97 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN" +"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> +<reference> +<title>SSSD Manual pages</title> +<refentry> + <refentryinfo> + <productname>SSSD</productname> + <orgname>The SSSD upstream - http://fedorahosted.org/sssd</orgname> + </refentryinfo> + + <refmeta> + <refentrytitle>pam_sss</refentrytitle> + <manvolnum>8</manvolnum> + </refmeta> + + <refnamediv id='name'> + <refname>pam_sss</refname> + <refpurpose>PAM module for SSSD</refpurpose> + </refnamediv> + + <refsynopsisdiv id='synopsis'> + <cmdsynopsis> + <command>pam_sss.so</command> + <arg choice='opt'> + <replaceable>forward_pass</replaceable> + </arg> + <arg choice='opt'> + <replaceable>use_first_pass</replaceable> + </arg> + <arg choice='opt'> + <replaceable>use_authtok</replaceable> + </arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1 id='description'> + <title>DESCRIPTION</title> + <para><command>pam_sss.so</command> is the PAM interface to the System + Security Services daemon (SSSD). Errors and results are logged through + <command>syslog(3)</command> with the LOG_AUTHPRIV facility.</para> + </refsect1> + + <refsect1 id='options'> + <title>OPTIONS</title> + <variablelist remap='IP'> + <varlistentry> + <term> + <option>forward_pass</option> + </term> + <listitem> + <para>If <option>forward_pass</option> is set the entered + password is put on the stack for other PAM modules to use. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>use_first_pass</option> + </term> + <listitem> + <para>The argument use_first_pass forces the module to use + a previous stacked modules password and will never prompt + the user - if no password is available or the password is + not appropriate, the user will be denied access.</para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>use_authtok</option> + </term> + <listitem> + <para>When password changing enforce the module to set the + new password to the one provided by a previously stacked + password module.</para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='module_types_provides'> + <title>MODULE TYPES PROVIDED</title> + <para>All module types (<option>account</option>, <option>auth</option>, + <option>password</option> and <option>session</option>) are provided. + </para> + </refsect1> + + <refsect1 id='see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> +</refentry> +</reference> diff --git a/server/sss_client/pam_sss.c b/server/sss_client/pam_sss.c new file mode 100644 index 000000000..8a1e3129a --- /dev/null +++ b/server/sss_client/pam_sss.c @@ -0,0 +1,1166 @@ +/* + Authors: + Sumit Bose <sbose@redhat.com> + + Copyright (C) 2009 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#define PAM_SM_AUTH +#define PAM_SM_ACCOUNT +#define PAM_SM_SESSION +#define PAM_SM_PASSWORD + +#include <sys/types.h> +#include <unistd.h> +#include <stdlib.h> +#include <stdint.h> +#include <stdio.h> +#include <syslog.h> +#include <time.h> + +#include <security/pam_modules.h> +#include <security/pam_ext.h> +#include <security/pam_modutil.h> +#include "sss_pam_macros.h" + +#include "sss_cli.h" + +#include <libintl.h> +#define _(STRING) dgettext (PACKAGE, STRING) +#include "config.h" + +#define FLAGS_USE_FIRST_PASS (1 << 0) +#define FLAGS_FORWARD_PASS (1 << 1) +#define FLAGS_USE_AUTHTOK (1 << 2) + +struct pam_items { + const char* pam_service; + const char* pam_user; + const char* pam_tty; + const char* pam_ruser; + const char* pam_rhost; + char* pam_authtok; + char* pam_newauthtok; + const char* pamstack_authtok; + const char* pamstack_oldauthtok; + size_t pam_service_size; + size_t pam_user_size; + size_t pam_tty_size; + size_t pam_ruser_size; + size_t pam_rhost_size; + int pam_authtok_type; + size_t pam_authtok_size; + int pam_newauthtok_type; + size_t pam_newauthtok_size; + pid_t cli_pid; + const char *login_name; +}; + +#define DEBUG_MGS_LEN 1024 +#define MAX_AUTHTOK_SIZE (1024*1024) +#define CHECK_AND_RETURN_PI_STRING(s) ((s != NULL && *s != '\0')? s : "(not available)") + +static void logger(pam_handle_t *pamh, int level, const char *fmt, ...) { + va_list ap; + + va_start(ap, fmt); + +#ifdef DEBUG + va_list apd; + char debug_msg[DEBUG_MGS_LEN]; + int ret; + va_copy(apd, ap); + + ret = vsnprintf(debug_msg, DEBUG_MGS_LEN, fmt, apd); + if (ret >= DEBUG_MGS_LEN) { + D(("the following message is truncated: %s", debug_msg)); + } else if (ret < 0) { + D(("vsnprintf failed to format debug message!")); + } else { + D((debug_msg)); + } + + va_end(apd); +#endif + + pam_vsyslog(pamh, LOG_AUTHPRIV|level, fmt, ap); + + va_end(ap); +} + + +static size_t add_authtok_item(enum pam_item_type type, + enum sss_authtok_type authtok_type, + const char *tok, const size_t size, + uint8_t *buf) { + size_t rp=0; + uint32_t c; + + if (tok == NULL) return 0; + + c = type; + memcpy(&buf[rp], &c, sizeof(uint32_t)); + rp += sizeof(uint32_t); + + c = size + sizeof(uint32_t); + memcpy(&buf[rp], &c, sizeof(uint32_t)); + rp += sizeof(uint32_t); + + c = authtok_type; + memcpy(&buf[rp], &c, sizeof(uint32_t)); + rp += sizeof(uint32_t); + + memcpy(&buf[rp], tok, size); + rp += size; + + return rp; +} + + +static size_t add_uint32_t_item(enum pam_item_type type, const uint32_t val, + uint8_t *buf) { + size_t rp=0; + uint32_t c; + + c = type; + memcpy(&buf[rp], &c, sizeof(uint32_t)); + rp += sizeof(uint32_t); + + c = sizeof(uint32_t); + memcpy(&buf[rp], &c, sizeof(uint32_t)); + rp += sizeof(uint32_t); + + c = val; + memcpy(&buf[rp], &c, sizeof(uint32_t)); + rp += sizeof(uint32_t); + + return rp; +} + +static size_t add_string_item(enum pam_item_type type, const char *str, + const size_t size, uint8_t *buf) { + size_t rp=0; + uint32_t c; + + if (str == NULL || *str == '\0') return 0; + + c = type; + memcpy(&buf[rp], &c, sizeof(uint32_t)); + rp += sizeof(uint32_t); + + c = size; + memcpy(&buf[rp], &c, sizeof(uint32_t)); + rp += sizeof(uint32_t); + + memcpy(&buf[rp], str, size); + rp += size; + + return rp; +} + +static void overwrite_and_free_authtoks(struct pam_items *pi) +{ + if (pi->pam_authtok != NULL) { + _pam_overwrite_n((void *)pi->pam_authtok, pi->pam_authtok_size); + free((void *)pi->pam_authtok); + pi->pam_authtok = NULL; + } + + if (pi->pam_newauthtok != NULL) { + _pam_overwrite_n((void *)pi->pam_newauthtok, pi->pam_newauthtok_size); + free((void *)pi->pam_newauthtok); + pi->pam_newauthtok = NULL; + } +} + +static int pack_message_v3(struct pam_items *pi, size_t *size, + uint8_t **buffer) { + int len; + uint8_t *buf; + int rp; + uint32_t terminator = SSS_END_OF_PAM_REQUEST; + + len = sizeof(uint32_t) + + 2*sizeof(uint32_t) + pi->pam_user_size + + sizeof(uint32_t); + len += *pi->pam_service != '\0' ? + 2*sizeof(uint32_t) + pi->pam_service_size : 0; + len += *pi->pam_tty != '\0' ? + 2*sizeof(uint32_t) + pi->pam_tty_size : 0; + len += *pi->pam_ruser != '\0' ? + 2*sizeof(uint32_t) + pi->pam_ruser_size : 0; + len += *pi->pam_rhost != '\0' ? + 2*sizeof(uint32_t) + pi->pam_rhost_size : 0; + len += pi->pam_authtok != NULL ? + 3*sizeof(uint32_t) + pi->pam_authtok_size : 0; + len += pi->pam_newauthtok != NULL ? + 3*sizeof(uint32_t) + pi->pam_newauthtok_size : 0; + len += 3*sizeof(uint32_t); /* cli_pid */ + + buf = malloc(len); + if (buf == NULL) { + D(("malloc failed.")); + return PAM_BUF_ERR; + } + + rp = 0; + ((uint32_t *)(&buf[rp]))[0] = SSS_START_OF_PAM_REQUEST; + rp += sizeof(uint32_t); + + rp += add_string_item(SSS_PAM_ITEM_USER, pi->pam_user, pi->pam_user_size, + &buf[rp]); + + rp += add_string_item(SSS_PAM_ITEM_SERVICE, pi->pam_service, + pi->pam_service_size, &buf[rp]); + + rp += add_string_item(SSS_PAM_ITEM_TTY, pi->pam_tty, pi->pam_tty_size, + &buf[rp]); + + rp += add_string_item(SSS_PAM_ITEM_RUSER, pi->pam_ruser, pi->pam_ruser_size, + &buf[rp]); + + rp += add_string_item(SSS_PAM_ITEM_RHOST, pi->pam_rhost, pi->pam_rhost_size, + &buf[rp]); + + rp += add_uint32_t_item(SSS_PAM_ITEM_CLI_PID, (uint32_t) pi->cli_pid, + &buf[rp]); + + rp += add_authtok_item(SSS_PAM_ITEM_AUTHTOK, pi->pam_authtok_type, + pi->pam_authtok, pi->pam_authtok_size, &buf[rp]); + + rp += add_authtok_item(SSS_PAM_ITEM_NEWAUTHTOK, pi->pam_newauthtok_type, + pi->pam_newauthtok, pi->pam_newauthtok_size, + &buf[rp]); + + memcpy(&buf[rp], &terminator, sizeof(uint32_t)); + rp += sizeof(uint32_t); + + if (rp != len) { + D(("error during packet creation.")); + return PAM_BUF_ERR; + } + + *size = len; + *buffer = buf; + + return 0; +} + +static int null_strcmp(const char *s1, const char *s2) { + if (s1 == NULL && s2 == NULL) return 0; + if (s1 == NULL && s2 != NULL) return -1; + if (s1 != NULL && s2 == NULL) return 1; + return strcmp(s1, s2); +} + +enum { + SSS_PAM_CONV_DONE = 0, + SSS_PAM_CONV_STD, + SSS_PAM_CONV_REENTER, +}; + +static int do_pam_conversation(pam_handle_t *pamh, const int msg_style, + const char *msg, + const char *reenter_msg, + char **answer) +{ + int ret; + int state = SSS_PAM_CONV_STD; + struct pam_conv *conv; + struct pam_message *mesg[1]; + struct pam_response *resp=NULL; + + if ((msg_style == PAM_TEXT_INFO || msg_style == PAM_ERROR_MSG) && + msg == NULL) return PAM_SYSTEM_ERR; + + if ((msg_style == PAM_PROMPT_ECHO_OFF || + msg_style == PAM_PROMPT_ECHO_ON) && + (msg == NULL || answer == NULL)) return PAM_SYSTEM_ERR; + + if (msg_style == PAM_TEXT_INFO || msg_style == PAM_ERROR_MSG) { + logger(pamh, LOG_INFO, "User %s message: %s", + msg_style == PAM_TEXT_INFO ? "info" : "error", + msg); + } + + ret=pam_get_item(pamh, PAM_CONV, (const void **) &conv); + if (ret != PAM_SUCCESS) return ret; + + do { + mesg[0] = malloc(sizeof(struct pam_message)); + if (mesg[0] == NULL) { + D(("Malloc failed.")); + return PAM_SYSTEM_ERR; + } + + mesg[0]->msg_style = msg_style; + if (state == SSS_PAM_CONV_REENTER) { + mesg[0]->msg = reenter_msg; + } else { + mesg[0]->msg = msg; + } + + ret=conv->conv(1, (const struct pam_message **) mesg, &resp, + conv->appdata_ptr); + free(mesg[0]); + if (ret != PAM_SUCCESS) { + D(("Conversation failure: %s.", pam_strerror(pamh,ret))); + return ret; + } + + if (msg_style == PAM_PROMPT_ECHO_OFF || + msg_style == PAM_PROMPT_ECHO_ON) { + if (resp == NULL) { + D(("response expected, but resp==NULL")); + return PAM_SYSTEM_ERR; + } + + if (state == SSS_PAM_CONV_REENTER) { + if (null_strcmp(*answer, resp[0].resp) != 0) { + logger(pamh, LOG_NOTICE, "Passwords do not match."); + _pam_overwrite((void *)resp[0].resp); + free(resp[0].resp); + if (*answer != NULL) { + _pam_overwrite((void *)*answer); + free(*answer); + *answer = NULL; + } + ret = do_pam_conversation(pamh, PAM_ERROR_MSG, + _("Passwords do not match"), + NULL, NULL); + if (ret != PAM_SUCCESS) { + D(("do_pam_conversation failed.")); + return PAM_SYSTEM_ERR; + } + return PAM_CRED_ERR; + } + _pam_overwrite((void *)resp[0].resp); + free(resp[0].resp); + } else { + if (resp[0].resp == NULL) { + D(("Empty password")); + *answer = NULL; + } else { + *answer = strndup(resp[0].resp, MAX_AUTHTOK_SIZE); + _pam_overwrite((void *)resp[0].resp); + free(resp[0].resp); + if(*answer == NULL) { + D(("strndup failed")); + return PAM_BUF_ERR; + } + } + } + free(resp); + resp = NULL; + } + + if (reenter_msg != NULL && state == SSS_PAM_CONV_STD) { + state = SSS_PAM_CONV_REENTER; + } else { + state = SSS_PAM_CONV_DONE; + } + } while (state != SSS_PAM_CONV_DONE); + + return PAM_SUCCESS; +} + +static int user_info_offline_auth(pam_handle_t *pamh, size_t buflen, + uint8_t *buf) +{ + int ret; + long long expire_date; + struct tm tm; + char expire_str[128]; + char user_msg[256]; + + expire_str[0] = '\0'; + + if (buflen != sizeof(uint32_t) + sizeof(long long)) { + D(("User info response data has the wrong size")); + return PAM_BUF_ERR; + } + + memcpy(&expire_date, buf + sizeof(uint32_t), sizeof(long long)); + + if (expire_date > 0) { + if (localtime_r((time_t *) &expire_date, &tm) != NULL) { + ret = strftime(expire_str, sizeof(expire_str), "%c", &tm); + if (ret == 0) { + D(("strftime failed.")); + expire_str[0] = '\0'; + } + } else { + D(("localtime_r failed")); + } + } + + ret = snprintf(user_msg, sizeof(user_msg), "%s%s%s.", + _("Offline authentication"), + expire_str[0] ? _(", your cached password will expire at: ") : "", + expire_str[0] ? expire_str : ""); + if (ret < 0 || ret >= sizeof(user_msg)) { + D(("snprintf failed.")); + return PAM_SYSTEM_ERR; + } + + ret = do_pam_conversation(pamh, PAM_TEXT_INFO, user_msg, NULL, NULL); + if (ret != PAM_SUCCESS) { + D(("do_pam_conversation failed.")); + return PAM_SYSTEM_ERR; + } + + return PAM_SUCCESS; +} + +static int user_info_offline_auth_delayed(pam_handle_t *pamh, size_t buflen, + uint8_t *buf) +{ + int ret; + long long delayed_until; + struct tm tm; + char delay_str[128]; + char user_msg[256]; + + delay_str[0] = '\0'; + + if (buflen != sizeof(uint32_t) + sizeof(long long)) { + D(("User info response data has the wrong size")); + return PAM_BUF_ERR; + } + + memcpy(&delayed_until, buf + sizeof(uint32_t), sizeof(long long)); + + if (delayed_until <= 0) { + D(("User info response data has an invalid value")); + return PAM_BUF_ERR; + } + + if (localtime_r((time_t *) &delayed_until, &tm) != NULL) { + ret = strftime(delay_str, sizeof(delay_str), "%c", &tm); + if (ret == 0) { + D(("strftime failed.")); + delay_str[0] = '\0'; + } + } else { + D(("localtime_r failed")); + } + + ret = snprintf(user_msg, sizeof(user_msg), "%s%s.", + _("Offline authentication, authentication is denied until: "), + delay_str); + if (ret < 0 || ret >= sizeof(user_msg)) { + D(("snprintf failed.")); + return PAM_SYSTEM_ERR; + } + + ret = do_pam_conversation(pamh, PAM_TEXT_INFO, user_msg, NULL, NULL); + if (ret != PAM_SUCCESS) { + D(("do_pam_conversation failed.")); + return PAM_SYSTEM_ERR; + } + + return PAM_SUCCESS; +} + +static int user_info_offline_chpass(pam_handle_t *pamh, size_t buflen, + uint8_t *buf) +{ + int ret; + + if (buflen != sizeof(uint32_t)) { + D(("User info response data has the wrong size")); + return PAM_BUF_ERR; + } + + ret = do_pam_conversation(pamh, PAM_TEXT_INFO, + _("System is offline, password change not possible"), + NULL, NULL); + if (ret != PAM_SUCCESS) { + D(("do_pam_conversation failed.")); + return PAM_SYSTEM_ERR; + } + + return PAM_SUCCESS; +} + +static int user_info_chpass_error(pam_handle_t *pamh, size_t buflen, + uint8_t *buf) +{ + int ret; + uint32_t msg_len; + char user_msg[256]; + + if (buflen < 2* sizeof(uint32_t)) { + D(("User info response data is too short")); + return PAM_BUF_ERR; + } + + memcpy(&msg_len, buf + sizeof(uint32_t), sizeof(uint32_t)); + + if (buflen != 2* sizeof(uint32_t) + msg_len) { + D(("User info response data has the wrong size")); + return PAM_BUF_ERR; + } + + ret = snprintf(user_msg, sizeof(user_msg), "%s%s%.*s", + _("Password change failed. "), + msg_len > 0 ? _("Server message: ") : "", + msg_len, + msg_len > 0 ? (char *)(buf + 2 * sizeof(uint32_t)) : "" ); + if (ret < 0 || ret >= sizeof(user_msg)) { + D(("snprintf failed.")); + return PAM_SYSTEM_ERR; + } + + ret = do_pam_conversation(pamh, PAM_TEXT_INFO, user_msg, NULL, NULL); + if (ret != PAM_SUCCESS) { + D(("do_pam_conversation failed.")); + return PAM_SYSTEM_ERR; + } + + return PAM_SUCCESS; +} + + +static int eval_user_info_response(pam_handle_t *pamh, size_t buflen, + uint8_t *buf) +{ + int ret; + uint32_t type; + + if (buflen < sizeof(uint32_t)) { + D(("User info response data is too short")); + return PAM_BUF_ERR; + } + + memcpy(&type, buf, sizeof(uint32_t)); + + switch(type) { + case SSS_PAM_USER_INFO_OFFLINE_AUTH: + ret = user_info_offline_auth(pamh, buflen, buf); + break; + case SSS_PAM_USER_INFO_OFFLINE_AUTH_DELAYED: + ret = user_info_offline_auth_delayed(pamh, buflen, buf); + break; + case SSS_PAM_USER_INFO_OFFLINE_CHPASS: + ret = user_info_offline_chpass(pamh, buflen, buf); + break; + case SSS_PAM_USER_INFO_CHPASS_ERROR: + ret = user_info_chpass_error(pamh, buflen, buf); + break; + default: + D(("Unknown user info type [%d]", type)); + ret = PAM_SYSTEM_ERR; + } + + return ret; +} + +static int eval_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf) +{ + int ret; + size_t p=0; + char *env_item; + int32_t c; + int32_t type; + int32_t len; + int32_t pam_status; + + if (buflen < (2*sizeof(int32_t))) { + D(("response buffer is too small")); + return PAM_BUF_ERR; + } + + memcpy(&pam_status, buf+p, sizeof(int32_t)); + p += sizeof(int32_t); + + + memcpy(&c, buf+p, sizeof(int32_t)); + p += sizeof(int32_t); + + while(c>0) { + if (buflen < (p+2*sizeof(int32_t))) { + D(("response buffer is too small")); + return PAM_BUF_ERR; + } + + memcpy(&type, buf+p, sizeof(int32_t)); + p += sizeof(int32_t); + + memcpy(&len, buf+p, sizeof(int32_t)); + p += sizeof(int32_t); + + if (buflen < (p + len)) { + D(("response buffer is too small")); + return PAM_BUF_ERR; + } + + switch(type) { + case SSS_PAM_SYSTEM_INFO: + if (buf[p + (len -1)] != '\0') { + D(("user info does not end with \\0.")); + break; + } + logger(pamh, LOG_INFO, "system info: [%s]", &buf[p]); + break; + case SSS_PAM_DOMAIN_NAME: + D(("domain name: [%s]", &buf[p])); + break; + case SSS_ENV_ITEM: + case SSS_PAM_ENV_ITEM: + case SSS_ALL_ENV_ITEM: + if (buf[p + (len -1)] != '\0') { + D(("env item does not end with \\0.")); + break; + } + + D(("env item: [%s]", &buf[p])); + if (type == SSS_PAM_ENV_ITEM || type == SSS_ALL_ENV_ITEM) { + ret = pam_putenv(pamh, (char *)&buf[p]); + if (ret != PAM_SUCCESS) { + D(("pam_putenv failed.")); + break; + } + } + + if (type == SSS_ENV_ITEM || type == SSS_ALL_ENV_ITEM) { + env_item = strdup((char *)&buf[p]); + if (env_item == NULL) { + D(("strdup failed")); + break; + } + ret = putenv(env_item); + if (ret == -1) { + D(("putenv failed.")); + break; + } + } + break; + case SSS_PAM_USER_INFO: + ret = eval_user_info_response(pamh, len, &buf[p]); + if (ret != PAM_SUCCESS) { + D(("eval_user_info_response failed")); + } + break; + default: + D(("Unknown response type [%d]", type)); + } + p += len; + + --c; + } + + return PAM_SUCCESS; +} + +static int get_pam_items(pam_handle_t *pamh, struct pam_items *pi) +{ + int ret; + + pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY; + pi->pam_authtok = NULL; + pi->pam_authtok_size = 0; + pi->pam_newauthtok_type = SSS_AUTHTOK_TYPE_EMPTY; + pi->pam_newauthtok = NULL; + pi->pam_newauthtok_size = 0; + + ret = pam_get_item(pamh, PAM_SERVICE, (const void **) &(pi->pam_service)); + if (ret != PAM_SUCCESS) return ret; + if (pi->pam_service == NULL) pi->pam_service=""; + pi->pam_service_size=strlen(pi->pam_service)+1; + + ret = pam_get_item(pamh, PAM_USER, (const void **) &(pi->pam_user)); + if (ret != PAM_SUCCESS) return ret; + if (pi->pam_user == NULL) { + D(("No user found, aborting.")); + return PAM_BAD_ITEM; + } + if (strcmp(pi->pam_user, "root") == 0) { + D(("pam_sss will not handle root.")); + return PAM_USER_UNKNOWN; + } + pi->pam_user_size=strlen(pi->pam_user)+1; + + + ret = pam_get_item(pamh, PAM_TTY, (const void **) &(pi->pam_tty)); + if (ret != PAM_SUCCESS) return ret; + if (pi->pam_tty == NULL) pi->pam_tty=""; + pi->pam_tty_size=strlen(pi->pam_tty)+1; + + ret = pam_get_item(pamh, PAM_RUSER, (const void **) &(pi->pam_ruser)); + if (ret != PAM_SUCCESS) return ret; + if (pi->pam_ruser == NULL) pi->pam_ruser=""; + pi->pam_ruser_size=strlen(pi->pam_ruser)+1; + + ret = pam_get_item(pamh, PAM_RHOST, (const void **) &(pi->pam_rhost)); + if (ret != PAM_SUCCESS) return ret; + if (pi->pam_rhost == NULL) pi->pam_rhost=""; + pi->pam_rhost_size=strlen(pi->pam_rhost)+1; + + ret = pam_get_item(pamh, PAM_AUTHTOK, + (const void **) &(pi->pamstack_authtok)); + if (ret != PAM_SUCCESS) return ret; + if (pi->pamstack_authtok == NULL) pi->pamstack_authtok=""; + + ret = pam_get_item(pamh, PAM_OLDAUTHTOK, + (const void **) &(pi->pamstack_oldauthtok)); + if (ret != PAM_SUCCESS) return ret; + if (pi->pamstack_oldauthtok == NULL) pi->pamstack_oldauthtok=""; + + pi->cli_pid = getpid(); + + pi->login_name = pam_modutil_getlogin(pamh); + if (pi->login_name == NULL) pi->login_name=""; + + return PAM_SUCCESS; +} + +static void print_pam_items(struct pam_items *pi) +{ + if (pi == NULL) return; + + D(("Service: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_service))); + D(("User: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_user))); + D(("Tty: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_tty))); + D(("Ruser: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_ruser))); + D(("Rhost: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_rhost))); + D(("Pamstack_Authtok: %s", + CHECK_AND_RETURN_PI_STRING(pi->pamstack_authtok))); + D(("Pamstack_Oldauthtok: %s", + CHECK_AND_RETURN_PI_STRING(pi->pamstack_oldauthtok))); + D(("Authtok: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_authtok))); + D(("Newauthtok: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_newauthtok))); + D(("Cli_PID: %d", pi->cli_pid)); +} + +static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi, + enum sss_cli_command task) +{ + int ret; + int errnop; + struct sss_cli_req_data rd; + uint8_t *buf = NULL; + uint8_t *repbuf = NULL; + size_t replen; + int pam_status = PAM_SYSTEM_ERR; + + print_pam_items(pi); + + ret = pack_message_v3(pi, &rd.len, &buf); + if (ret != 0) { + D(("pack_message failed.")); + pam_status = PAM_SYSTEM_ERR; + goto done; + } + rd.data = buf; + + ret = sss_pam_make_request(task, &rd, &repbuf, &replen, &errnop); + + if (ret != NSS_STATUS_SUCCESS) { + logger(pamh, LOG_ERR, "Request to sssd failed."); + pam_status = PAM_SYSTEM_ERR; + goto done; + } + +/* FIXME: add an end signature */ + if (replen < (2*sizeof(int32_t))) { + D(("response not in expected format.")); + pam_status = PAM_SYSTEM_ERR; + goto done; + } + + pam_status = ((int32_t *)repbuf)[0]; + ret = eval_response(pamh, replen, repbuf); + if (ret != PAM_SUCCESS) { + D(("eval_response failed.")); + pam_status = ret; + goto done; + } + + switch (task) { + case SSS_PAM_AUTHENTICATE: + logger(pamh, (pam_status == PAM_SUCCESS ? LOG_INFO : LOG_NOTICE), + "authentication %s; logname=%s uid=%lu euid=%d tty=%s " + "ruser=%s rhost=%s user=%s", + pam_status == PAM_SUCCESS ? "success" : "failure", + pi->login_name, getuid(), (unsigned long) geteuid(), + pi->pam_tty, pi->pam_ruser, pi->pam_rhost, pi->pam_user); + if (pam_status != PAM_SUCCESS) { + logger(pamh, LOG_NOTICE, "received for user %s: %d (%s)", + pi->pam_user, pam_status, + pam_strerror(pamh,pam_status)); + } + break; + case SSS_PAM_CHAUTHTOK_PRELIM: + if (pam_status != PAM_SUCCESS) { + logger(pamh, LOG_NOTICE, + "Authentication failed for user %s: %d (%s)", + pi->pam_user, pam_status, + pam_strerror(pamh,pam_status)); + } + break; + case SSS_PAM_CHAUTHTOK: + if (pam_status != PAM_SUCCESS) { + logger(pamh, LOG_NOTICE, + "Password change failed for user %s: %d (%s)", + pi->pam_user, pam_status, + pam_strerror(pamh,pam_status)); + } + break; + case SSS_PAM_ACCT_MGMT: + if (pam_status != PAM_SUCCESS) { + logger(pamh, LOG_NOTICE, + "Access denied for user %s: %d (%s)", + pi->pam_user, pam_status, + pam_strerror(pamh,pam_status)); + } + break; + case SSS_PAM_SETCRED: + case SSS_PAM_OPEN_SESSION: + case SSS_PAM_CLOSE_SESSION: + break; + default: + D(("Illegal task [%d]", task)); + return PAM_SYSTEM_ERR; + } + +done: + if (buf != NULL ) { + _pam_overwrite_n((void *)buf, rd.len); + free(buf); + } + free(repbuf); + + return pam_status; +} + +static int prompt_password(pam_handle_t *pamh, struct pam_items *pi) +{ + int ret; + char *answer = NULL; + + ret = do_pam_conversation(pamh, PAM_PROMPT_ECHO_OFF, _("Password: "), + NULL, &answer); + if (ret != PAM_SUCCESS) { + D(("do_pam_conversation failed.")); + return ret; + } + + if (answer == NULL) { + pi->pam_authtok = NULL; + pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY; + pi->pam_authtok_size=0; + } else { + pi->pam_authtok = strdup(answer); + _pam_overwrite((void *)answer); + free(answer); + answer=NULL; + if (pi->pam_authtok == NULL) { + return PAM_BUF_ERR; + } + pi->pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD; + pi->pam_authtok_size=strlen(pi->pam_authtok); + } + + return PAM_SUCCESS; +} + +static int prompt_new_password(pam_handle_t *pamh, struct pam_items *pi) +{ + int ret; + char *answer = NULL; + + ret = do_pam_conversation(pamh, PAM_PROMPT_ECHO_OFF, + _("New Password: "), + _("Reenter new Password: "), + &answer); + if (ret != PAM_SUCCESS) { + D(("do_pam_conversation failed.")); + return ret; + } + if (answer == NULL) { + pi->pam_newauthtok = NULL; + pi->pam_newauthtok_type = SSS_AUTHTOK_TYPE_EMPTY; + pi->pam_newauthtok_size=0; + } else { + pi->pam_newauthtok = strdup(answer); + _pam_overwrite((void *)answer); + free(answer); + answer=NULL; + if (pi->pam_newauthtok == NULL) { + return PAM_BUF_ERR; + } + pi->pam_newauthtok_type = SSS_AUTHTOK_TYPE_PASSWORD; + pi->pam_newauthtok_size=strlen(pi->pam_newauthtok); + } + + return PAM_SUCCESS; +} + +static void eval_argv(pam_handle_t *pamh, int argc, const char **argv, + uint32_t *flags) +{ + for (; argc-- > 0; ++argv) { + if (strcmp(*argv, "forward_pass") == 0) { + *flags |= FLAGS_FORWARD_PASS; + } else if (strcmp(*argv, "use_first_pass") == 0) { + *flags |= FLAGS_USE_FIRST_PASS; + } else if (strcmp(*argv, "use_authtok") == 0) { + *flags |= FLAGS_USE_AUTHTOK; + } else { + logger(pamh, LOG_WARNING, "unknown option: %s", *argv); + } + } + + return; +} + +static int get_authtok_for_authentication(pam_handle_t *pamh, + struct pam_items *pi, + uint32_t flags) +{ + int ret; + + if (flags & FLAGS_USE_FIRST_PASS) { + pi->pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD; + pi->pam_authtok = strdup(pi->pamstack_authtok); + if (pi->pam_authtok == NULL) { + D(("option use_first_pass set, but no password found")); + return PAM_BUF_ERR; + } + pi->pam_authtok_size = strlen(pi->pam_authtok); + } else { + ret = prompt_password(pamh, pi); + if (ret != PAM_SUCCESS) { + D(("failed to get password from user")); + return ret; + } + + if (flags & FLAGS_FORWARD_PASS) { + ret = pam_set_item(pamh, PAM_AUTHTOK, pi->pam_authtok); + if (ret != PAM_SUCCESS) { + D(("Failed to set PAM_AUTHTOK [%s], " + "authtok may not be available for other modules", + pam_strerror(pamh,ret))); + } + } + } + + return PAM_SUCCESS; +} + +static int get_authtok_for_password_change(pam_handle_t *pamh, + struct pam_items *pi, + uint32_t flags, + int pam_flags) +{ + int ret; + + /* we query for the old password during PAM_PRELIM_CHECK to make + * pam_sss work e.g. with pam_cracklib */ + if (pam_flags & PAM_PRELIM_CHECK) { + if (getuid() != 0 && !(flags & FLAGS_USE_FIRST_PASS)) { + ret = prompt_password(pamh, pi); + if (ret != PAM_SUCCESS) { + D(("failed to get password from user")); + return ret; + } + + ret = pam_set_item(pamh, PAM_OLDAUTHTOK, pi->pam_authtok); + if (ret != PAM_SUCCESS) { + D(("Failed to set PAM_OLDAUTHTOK [%s], " + "oldauthtok may not be available", + pam_strerror(pamh,ret))); + return ret; + } + } + + return PAM_SUCCESS; + } + + if (pi->pamstack_oldauthtok == NULL) { + if (getuid() != 0) { + D(("no password found for chauthtok")); + return PAM_BUF_ERR; + } else { + pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY; + pi->pam_authtok = NULL; + pi->pam_authtok_size = 0; + } + } else { + pi->pam_authtok = strdup(pi->pamstack_oldauthtok); + pi->pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD; + pi->pam_authtok_size = strlen(pi->pam_authtok); + } + + if (flags & FLAGS_USE_AUTHTOK) { + pi->pam_newauthtok_type = SSS_AUTHTOK_TYPE_PASSWORD; + pi->pam_newauthtok = strdup(pi->pamstack_authtok); + if (pi->pam_newauthtok == NULL) { + D(("option use_authtok set, but no new password found")); + return PAM_BUF_ERR; + } + pi->pam_newauthtok_size = strlen(pi->pam_newauthtok); + } else { + ret = prompt_new_password(pamh, pi); + if (ret != PAM_SUCCESS) { + D(("failed to get new password from user")); + return ret; + } + + if (flags & FLAGS_FORWARD_PASS) { + ret = pam_set_item(pamh, PAM_AUTHTOK, pi->pam_newauthtok); + if (ret != PAM_SUCCESS) { + D(("Failed to set PAM_AUTHTOK [%s], " + "oldauthtok may not be available", + pam_strerror(pamh,ret))); + } + } + } + + return PAM_SUCCESS; +} + +static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh, + int pam_flags, int argc, const char **argv) +{ + int ret; + struct pam_items pi; + uint32_t flags = 0; + + bindtextdomain(PACKAGE, LOCALEDIR); + + D(("Hello pam_sssd: %d", task)); + + eval_argv(pamh, argc, argv, &flags); + + ret = get_pam_items(pamh, &pi); + if (ret != PAM_SUCCESS) { + D(("get items returned error: %s", pam_strerror(pamh,ret))); + return ret; + } + + + switch(task) { + case SSS_PAM_AUTHENTICATE: + ret = get_authtok_for_authentication(pamh, &pi, flags); + if (ret != PAM_SUCCESS) { + D(("failed to get authentication token: %s", + pam_strerror(pamh, ret))); + return ret; + } + break; + case SSS_PAM_CHAUTHTOK: + ret = get_authtok_for_password_change(pamh, &pi, flags, pam_flags); + if (ret != PAM_SUCCESS) { + D(("failed to get tokens for password change: %s", + pam_strerror(pamh, ret))); + return ret; + } + if (pam_flags & PAM_PRELIM_CHECK) { + task = SSS_PAM_CHAUTHTOK_PRELIM; + } + break; + case SSS_PAM_ACCT_MGMT: + case SSS_PAM_SETCRED: + case SSS_PAM_OPEN_SESSION: + case SSS_PAM_CLOSE_SESSION: + break; + default: + D(("Illegal task [%d]", task)); + return PAM_SYSTEM_ERR; + } + + ret = send_and_receive(pamh, &pi, task); + + if (ret == PAM_AUTHTOK_EXPIRED && task == SSS_PAM_AUTHENTICATE) { + D(("Authtoken expired, trying to change it")); + ret = do_pam_conversation(pamh, PAM_ERROR_MSG, + _("Password has expired."), NULL, NULL); + if (ret != PAM_SUCCESS) { + D(("do_pam_conversation failed.")); + return PAM_SYSTEM_ERR; + } + + pi.pamstack_oldauthtok = pi.pam_authtok; + ret = get_authtok_for_password_change(pamh, &pi, flags, pam_flags); + if (ret != PAM_SUCCESS) { + D(("failed to get tokens for password change: %s", + pam_strerror(pamh, ret))); + return ret; + } + + ret = send_and_receive(pamh, &pi, SSS_PAM_CHAUTHTOK); + } + + overwrite_and_free_authtoks(&pi); + + return ret; +} + +PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, + const char **argv ) +{ + return pam_sss(SSS_PAM_AUTHENTICATE, pamh, flags, argc, argv); +} + + +PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, + const char **argv ) +{ + return pam_sss(SSS_PAM_SETCRED, pamh, flags, argc, argv); +} + +PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, + const char **argv ) +{ + return pam_sss(SSS_PAM_ACCT_MGMT, pamh, flags, argc, argv); +} + +PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, + const char **argv ) +{ + return pam_sss(SSS_PAM_CHAUTHTOK, pamh, flags, argc, argv); +} + +PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, + const char **argv ) +{ + return pam_sss(SSS_PAM_OPEN_SESSION, pamh, flags, argc, argv); +} + +PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, + const char **argv ) +{ + return pam_sss(SSS_PAM_CLOSE_SESSION, pamh, flags, argc, argv); +} + + +#ifdef PAM_STATIC + +/* static module data */ + +struct pam_module _pam_sssd_modstruct ={ + "pam_sssd", + pam_sm_authenticate, + pam_sm_setcred, + pam_sm_acct_mgmt, + pam_sm_open_session, + pam_sm_close_session, + pam_sm_chauthtok +}; + +#endif diff --git a/server/sss_client/pam_test_client.c b/server/sss_client/pam_test_client.c new file mode 100644 index 000000000..a088981bc --- /dev/null +++ b/server/sss_client/pam_test_client.c @@ -0,0 +1,95 @@ +/* + Authors: + Sumit Bose <sbose@redhat.com> + + Copyright (C) 2009 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <unistd.h> + +#include <security/pam_appl.h> +#include <security/pam_misc.h> + +static struct pam_conv conv = { + misc_conv, + NULL +}; + +int main(int argc, char *argv[]) { + + pam_handle_t *pamh; + char *user; + char *action; + int ret; + + if (argc == 1) { + fprintf(stderr, "missing action and user name, using default\n"); + action = strdup("auth"); + user = strdup("dummy"); + } else if (argc == 2) { + fprintf(stdout, "using first argument as action and default user name\n"); + action = strdup(argv[1]); + user = strdup("dummy"); + } else { + action = strdup(argv[1]); + user = strdup(argv[2]); + } + + fprintf(stdout, "action: %s\nuser: %s\n", action,user); + + ret = pam_start("sss_test", user, &conv, &pamh); + if (ret != PAM_SUCCESS) { + fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, ret)); + return 1; + } + + if ( strncmp(action, "auth", 4)== 0 ) { + fprintf(stdout, "testing pam_authenticate\n"); + ret = pam_authenticate(pamh, 0); + fprintf(stderr, "pam_authenticate: %s\n", pam_strerror(pamh, ret)); + } else if ( strncmp(action, "chau", 4)== 0 ) { + fprintf(stdout, "testing pam_chauthtok\n"); + ret = pam_chauthtok(pamh, 0); + fprintf(stderr, "pam_chauthtok: %s\n", pam_strerror(pamh, ret)); + } else if ( strncmp(action, "acct", 4)== 0 ) { + fprintf(stdout, "testing pam_acct_mgmt\n"); + ret = pam_acct_mgmt(pamh, 0); + fprintf(stderr, "pam_acct_mgmt: %s\n", pam_strerror(pamh, ret)); + } else if ( strncmp(action, "setc", 4)== 0 ) { + fprintf(stdout, "testing pam_setcred\n"); + ret = pam_setcred(pamh, 0); + fprintf(stderr, "pam_setcred: %d[%s]\n", ret, pam_strerror(pamh, ret)); + } else if ( strncmp(action, "open", 4)== 0 ) { + fprintf(stdout, "testing pam_open_session\n"); + ret = pam_open_session(pamh, 0); + fprintf(stderr, "pam_open_session: %s\n", pam_strerror(pamh, ret)); + } else if ( strncmp(action, "clos", 4)== 0 ) { + fprintf(stdout, "testing pam_close_session\n"); + ret = pam_close_session(pamh, 0); + fprintf(stderr, "pam_close_session: %s\n", pam_strerror(pamh, ret)); + } else { + fprintf(stderr, "unknown action\n"); + } + + pam_end(pamh, ret); + + return 0; +} diff --git a/server/sss_client/passwd.c b/server/sss_client/passwd.c new file mode 100644 index 000000000..0d70b6843 --- /dev/null +++ b/server/sss_client/passwd.c @@ -0,0 +1,373 @@ +/* + * System Security Services Daemon. NSS client interface + * + * Copyright (C) Simo Sorce 2007 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* PASSWD database NSS interface */ + +#include <nss.h> +#include <errno.h> +#include <sys/types.h> +#include <unistd.h> +#include <stdlib.h> +#include <stdint.h> +#include <string.h> +#include "sss_cli.h" + +static struct sss_nss_getpwent_data { + size_t len; + size_t ptr; + uint8_t *data; +} sss_nss_getpwent_data; + +static void sss_nss_getpwent_data_clean(void) { + + if (sss_nss_getpwent_data.data != NULL) { + free(sss_nss_getpwent_data.data); + sss_nss_getpwent_data.data = NULL; + } + sss_nss_getpwent_data.len = 0; + sss_nss_getpwent_data.ptr = 0; +} + +/* GETPWNAM Request: + * + * 0-X: string with name + * + * GERTPWUID Request: + * + * 0-3: 32bit number with uid + * + * Replies: + * + * 0-3: 32bit unsigned number of results + * 4-7: 32bit unsigned (reserved/padding) + * For each result: + * 0-3: 32bit number uid + * 4-7: 32bit number gid + * 8-X: sequence of 5, 0 terminated, strings (name, passwd, gecos, dir, shell) + */ + +struct sss_nss_pw_rep { + struct passwd *result; + char *buffer; + size_t buflen; +}; + +static int sss_nss_getpw_readrep(struct sss_nss_pw_rep *pr, + uint8_t *buf, size_t *len) +{ + size_t i, slen, dlen; + char *sbuf; + + if (*len < 13) { /* not enough space for data, bad packet */ + return EBADMSG; + } + + pr->result->pw_uid = ((uint32_t *)buf)[0]; + pr->result->pw_gid = ((uint32_t *)buf)[1]; + + sbuf = (char *)&buf[8]; + slen = *len - 8; + dlen = pr->buflen; + + i = 0; + pr->result->pw_name = &(pr->buffer[i]); + while (slen > i && dlen > 0) { + pr->buffer[i] = sbuf[i]; + if (pr->buffer[i] == '\0') break; + i++; + dlen--; + } + if (slen <= i) { /* premature end of buf */ + return EBADMSG; + } + if (dlen <= 0) { /* not enough memory */ + return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ + } + i++; + dlen--; + + pr->result->pw_passwd = &(pr->buffer[i]); + while (slen > i && dlen > 0) { + pr->buffer[i] = sbuf[i]; + if (pr->buffer[i] == '\0') break; + i++; + dlen--; + } + if (slen <= i) { /* premature end of buf */ + return EBADMSG; + } + if (dlen <= 0) { /* not enough memory */ + return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ + } + i++; + dlen--; + + pr->result->pw_gecos = &(pr->buffer[i]); + while (slen > i && dlen > 0) { + pr->buffer[i] = sbuf[i]; + if (pr->buffer[i] == '\0') break; + i++; + dlen--; + } + if (slen <= i) { /* premature end of buf */ + return EBADMSG; + } + if (dlen <= 0) { /* not enough memory */ + return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ + } + i++; + dlen--; + + pr->result->pw_dir = &(pr->buffer[i]); + while (slen > i && dlen > 0) { + pr->buffer[i] = sbuf[i]; + if (pr->buffer[i] == '\0') break; + i++; + dlen--; + } + if (slen <= i) { /* premature end of buf */ + return EBADMSG; + } + if (dlen <= 0) { /* not enough memory */ + return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ + } + i++; + dlen--; + + pr->result->pw_shell = &(pr->buffer[i]); + while (slen > i && dlen > 0) { + pr->buffer[i] = sbuf[i]; + if (pr->buffer[i] == '\0') break; + i++; + dlen--; + } + if (slen <= i) { /* premature end of buf */ + return EBADMSG; + } + if (dlen <= 0) { /* not enough memory */ + return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ + } + + *len = slen -i -1; + + return 0; +} + +enum nss_status _nss_sss_getpwnam_r(const char *name, struct passwd *result, + char *buffer, size_t buflen, int *errnop) +{ + struct sss_cli_req_data rd; + struct sss_nss_pw_rep pwrep; + uint8_t *repbuf; + size_t replen, len; + enum nss_status nret; + int ret; + + /* Caught once glibc passing in buffer == 0x0 */ + if (!buffer || !buflen) return ERANGE; + + rd.len = strlen(name) + 1; + rd.data = name; + + nret = sss_nss_make_request(SSS_NSS_GETPWNAM, &rd, + &repbuf, &replen, errnop); + if (nret != NSS_STATUS_SUCCESS) { + return nret; + } + + pwrep.result = result; + pwrep.buffer = buffer; + pwrep.buflen = buflen; + + /* no results if not found */ + if (((uint32_t *)repbuf)[0] == 0) { + free(repbuf); + return NSS_STATUS_NOTFOUND; + } + + /* only 1 result is accepted for this function */ + if (((uint32_t *)repbuf)[0] != 1) { + *errnop = EBADMSG; + return NSS_STATUS_TRYAGAIN; + } + + len = replen - 8; + ret = sss_nss_getpw_readrep(&pwrep, repbuf+8, &len); + free(repbuf); + if (ret) { + *errnop = ret; + return NSS_STATUS_TRYAGAIN; + } + + return NSS_STATUS_SUCCESS; +} + +enum nss_status _nss_sss_getpwuid_r(uid_t uid, struct passwd *result, + char *buffer, size_t buflen, int *errnop) +{ + struct sss_cli_req_data rd; + struct sss_nss_pw_rep pwrep; + uint8_t *repbuf; + size_t replen, len; + enum nss_status nret; + uint32_t user_uid; + int ret; + + /* Caught once glibc passing in buffer == 0x0 */ + if (!buffer || !buflen) return ERANGE; + + user_uid = uid; + rd.len = sizeof(uint32_t); + rd.data = &user_uid; + + nret = sss_nss_make_request(SSS_NSS_GETPWUID, &rd, + &repbuf, &replen, errnop); + if (nret != NSS_STATUS_SUCCESS) { + return nret; + } + + pwrep.result = result; + pwrep.buffer = buffer; + pwrep.buflen = buflen; + + /* no results if not found */ + if (((uint32_t *)repbuf)[0] == 0) { + free(repbuf); + return NSS_STATUS_NOTFOUND; + } + + /* only 1 result is accepted for this function */ + if (((uint32_t *)repbuf)[0] != 1) { + *errnop = EBADMSG; + return NSS_STATUS_TRYAGAIN; + } + + len = replen - 8; + ret = sss_nss_getpw_readrep(&pwrep, repbuf+8, &len); + free(repbuf); + if (ret) { + *errnop = ret; + return NSS_STATUS_TRYAGAIN; + } + + return NSS_STATUS_SUCCESS; +} + +enum nss_status _nss_sss_setpwent(void) +{ + enum nss_status nret; + int errnop; + + /* make sure we do not have leftovers, and release memory */ + sss_nss_getpwent_data_clean(); + + nret = sss_nss_make_request(SSS_NSS_SETPWENT, + NULL, NULL, NULL, &errnop); + if (nret != NSS_STATUS_SUCCESS) { + errno = errnop; + return nret; + } + + return NSS_STATUS_SUCCESS; +} + +enum nss_status _nss_sss_getpwent_r(struct passwd *result, + char *buffer, size_t buflen, + int *errnop) +{ + struct sss_cli_req_data rd; + struct sss_nss_pw_rep pwrep; + uint8_t *repbuf; + size_t replen; + enum nss_status nret; + uint32_t num_entries; + int ret; + + /* Caught once glibc passing in buffer == 0x0 */ + if (!buffer || !buflen) return ERANGE; + + /* if there are leftovers return the next one */ + if (sss_nss_getpwent_data.data != NULL && + sss_nss_getpwent_data.ptr < sss_nss_getpwent_data.len) { + + repbuf = sss_nss_getpwent_data.data + sss_nss_getpwent_data.ptr; + replen = sss_nss_getpwent_data.len - sss_nss_getpwent_data.ptr; + + pwrep.result = result; + pwrep.buffer = buffer; + pwrep.buflen = buflen; + + ret = sss_nss_getpw_readrep(&pwrep, repbuf, &replen); + if (ret) { + *errnop = ret; + return NSS_STATUS_TRYAGAIN; + } + + /* advance buffer pointer */ + sss_nss_getpwent_data.ptr = sss_nss_getpwent_data.len - replen; + + return NSS_STATUS_SUCCESS; + } + + /* release memory if any */ + sss_nss_getpwent_data_clean(); + + /* retrieve no more than SSS_NSS_MAX_ENTRIES at a time */ + num_entries = SSS_NSS_MAX_ENTRIES; + rd.len = sizeof(uint32_t); + rd.data = &num_entries; + + nret = sss_nss_make_request(SSS_NSS_GETPWENT, &rd, + &repbuf, &replen, errnop); + if (nret != NSS_STATUS_SUCCESS) { + return nret; + } + + /* no results if not found */ + if ((((uint32_t *)repbuf)[0] == 0) || (replen - 8 == 0)) { + free(repbuf); + return NSS_STATUS_NOTFOUND; + } + + sss_nss_getpwent_data.data = repbuf; + sss_nss_getpwent_data.len = replen; + sss_nss_getpwent_data.ptr = 8; /* skip metadata fields */ + + /* call again ourselves, this will return the first result */ + return _nss_sss_getpwent_r(result, buffer, buflen, errnop); +} + +enum nss_status _nss_sss_endpwent(void) +{ + enum nss_status nret; + int errnop; + + /* make sure we do not have leftovers, and release memory */ + sss_nss_getpwent_data_clean(); + + nret = sss_nss_make_request(SSS_NSS_ENDPWENT, + NULL, NULL, NULL, &errnop); + if (nret != NSS_STATUS_SUCCESS) { + errno = errnop; + return nret; + } + + return NSS_STATUS_SUCCESS; +} diff --git a/server/sss_client/po/LINGUAS b/server/sss_client/po/LINGUAS new file mode 100644 index 000000000..123c64cac --- /dev/null +++ b/server/sss_client/po/LINGUAS @@ -0,0 +1,10 @@ +es +pl +fr +it +ja +nl +pt +de +sv + diff --git a/server/sss_client/po/Makevars b/server/sss_client/po/Makevars new file mode 100644 index 000000000..1c2ad2ba3 --- /dev/null +++ b/server/sss_client/po/Makevars @@ -0,0 +1,41 @@ +# Makefile variables for PO directory in any package using GNU gettext. + +# Usually the message domain is the same as the package name. +DOMAIN = $(PACKAGE) + +# These two variables depend on the location of this directory. +subdir = po +top_builddir = .. + +# These options get passed to xgettext. +XGETTEXT_OPTIONS = --keyword=_ --keyword=N_ + +# This is the copyright holder that gets inserted into the header of the +# $(DOMAIN).pot file. Set this to the copyright holder of the surrounding +# package. (Note that the msgstr strings, extracted from the package's +# sources, belong to the copyright holder of the package.) Translators are +# expected to transfer the copyright for their translations to this person +# or entity, or to disclaim their copyright. The empty string stands for +# the public domain; in this case the translators are expected to disclaim +# their copyright. +COPYRIGHT_HOLDER = Red Hat, Inc. + +# This is the email address or URL to which the translators shall report +# bugs in the untranslated strings: +# - Strings which are not entire sentences, see the maintainer guidelines +# in the GNU gettext documentation, section 'Preparing Strings'. +# - Strings which use unclear terms or require additional context to be +# understood. +# - Strings which make invalid assumptions about notation of date, time or +# money. +# - Pluralisation problems. +# - Incorrect English spelling. +# - Incorrect formatting. +# It can be your email address, or a mailing list address where translators +# can write to without being subscribed, or the URL of a web page through +# which the translators can contact you. +MSGID_BUGS_ADDRESS = sssd-devel@lists.fedorahosted.org + +# This is the list of locale categories, beyond LC_MESSAGES, for which the +# message catalogs shall be used. It is usually empty. +EXTRA_LOCALE_CATEGORIES = diff --git a/server/sss_client/po/POTFILES.in b/server/sss_client/po/POTFILES.in new file mode 100644 index 000000000..feeb0049c --- /dev/null +++ b/server/sss_client/po/POTFILES.in @@ -0,0 +1,6 @@ +# List of source files which contain translatable strings. +common.c +group.c +pam_sss.c +pam_test_client.c +passwd.c diff --git a/server/sss_client/po/de.po b/server/sss_client/po/de.po new file mode 100644 index 000000000..68f344266 --- /dev/null +++ b/server/sss_client/po/de.po @@ -0,0 +1,46 @@ +# German translation of SSSd client. +# Copyright (C) 2009 Red Hat, Inc. +# This file is distributed under the same license as the sssd package. +# +# Fabian Affolter <fab@fedoraproject.org>, 2009. +# +msgid "" +msgstr "" +"Project-Id-Version: SSSD Client\n" +"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +"POT-Creation-Date: 2010-02-05 09:37-0500\n" +"PO-Revision-Date: 2009-12-09 11:18+0100\n" +"Last-Translator: Fabian Affolter <fab@fedoraproject.org>\n" +"Language-Team: German <fedora-trans-de@redhat.com>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: German\n" + +#: pam_sss.c:336 +msgid "Passwords do not match" +msgstr "Passwörter stimmen nicht überein" + +#: pam_sss.c:405 +msgid "Offline authentication" +msgstr "" + +#: pam_sss.c:406 +msgid ", your cached password will expire at: " +msgstr "" + +#: pam_sss.c:730 +msgid "Password: " +msgstr "Passwort: " + +#: pam_sss.c:762 +msgid "New Password: " +msgstr "Neues Passwort: " + +#: pam_sss.c:763 +msgid "Reenter new Password: " +msgstr "Neues Passwort noch einmal eingeben: " + +#: pam_sss.c:967 +msgid "Password has expired." +msgstr "Passwort ist abgelaufen." diff --git a/server/sss_client/po/es.po b/server/sss_client/po/es.po new file mode 100644 index 000000000..be67efe3b --- /dev/null +++ b/server/sss_client/po/es.po @@ -0,0 +1,46 @@ +# English translations for sss_client package. +# Copyright (C) 2009 Red Hat, Inc. +# This file is distributed under the same license as the sss_client package. +# Automatically generated, 2009. +# +msgid "" +msgstr "" +"Project-Id-Version: sss_client 0.4.0\n" +"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +"POT-Creation-Date: 2010-02-05 09:37-0500\n" +"PO-Revision-Date: 2009-12-08 15:37-0300\n" +"Last-Translator: Domingo Becker <domingobecker@gmail.com>\n" +"Language-Team: Transifex Spanish\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Poedit-Language: Spanish\n" + +#: pam_sss.c:336 +msgid "Passwords do not match" +msgstr "Las contraseñas no coinciden" + +#: pam_sss.c:405 +msgid "Offline authentication" +msgstr "" + +#: pam_sss.c:406 +msgid ", your cached password will expire at: " +msgstr "" + +#: pam_sss.c:730 +msgid "Password: " +msgstr "Contraseña: " + +#: pam_sss.c:762 +msgid "New Password: " +msgstr "Nueva contraseña: " + +#: pam_sss.c:763 +msgid "Reenter new Password: " +msgstr "Reingrese la contraseña nueva:" + +#: pam_sss.c:967 +msgid "Password has expired." +msgstr "La contraseña ha expirado." diff --git a/server/sss_client/po/fr.po b/server/sss_client/po/fr.po new file mode 100644 index 000000000..657e3f403 --- /dev/null +++ b/server/sss_client/po/fr.po @@ -0,0 +1,44 @@ +# French translation of SSS Client +# Copyright (C) 2009 Red Hat, Inc. +# This file is distributed under the same license as the SSSD package. +# Pablo Martin-Gomez <pablo.martin-gomez@laposte.net>, 2009. +# +msgid "" +msgstr "" +"Project-Id-Version: fr\n" +"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +"POT-Creation-Date: 2010-02-05 09:37-0500\n" +"PO-Revision-Date: 2009-11-17 21:05+0100\n" +"Last-Translator: Pablo Martin-Gomez <pablo.martin-gomez@laposte.net>\n" +"Language-Team: Français <fedora-trans-fr@redhat.com>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#: pam_sss.c:336 +msgid "Passwords do not match" +msgstr "Les mots de passe ne correspondent pas" + +#: pam_sss.c:405 +msgid "Offline authentication" +msgstr "" + +#: pam_sss.c:406 +msgid ", your cached password will expire at: " +msgstr "" + +#: pam_sss.c:730 +msgid "Password: " +msgstr "Mot de passe : " + +#: pam_sss.c:762 +msgid "New Password: " +msgstr "Nouveau mot de passe : " + +#: pam_sss.c:763 +msgid "Reenter new Password: " +msgstr "Retaper le nouveau mot de passe : " + +#: pam_sss.c:967 +msgid "Password has expired." +msgstr "Le mot de passe a expiré." diff --git a/server/sss_client/po/it.po b/server/sss_client/po/it.po new file mode 100644 index 000000000..a78bb2435 --- /dev/null +++ b/server/sss_client/po/it.po @@ -0,0 +1,47 @@ +# Italian translations for sss_client package. +# Copyright (C) 2009 Red Hat, Inc. +# This file is distributed under the same license as the sss_client package. +# Marina Latini <deneb.alphacygni@gmail.com>, 2009. +# +msgid "" +msgstr "" +"Project-Id-Version: it\n" +"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +"POT-Creation-Date: 2010-02-05 09:37-0500\n" +"PO-Revision-Date: \n" +"Last-Translator: Marina Latini <deneb.alphacygni@gmail.com>\n" +"Language-Team: Italian <fedora-trans-it@redhat.com>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Italian\n" +"X-Poedit-Country: ITALY\n" +"X-Poedit-SourceCharset: utf-8\n" + +#: pam_sss.c:336 +msgid "Passwords do not match" +msgstr "Le password non coincidono" + +#: pam_sss.c:405 +msgid "Offline authentication" +msgstr "" + +#: pam_sss.c:406 +msgid ", your cached password will expire at: " +msgstr "" + +#: pam_sss.c:730 +msgid "Password: " +msgstr "Password: " + +#: pam_sss.c:762 +msgid "New Password: " +msgstr "Nuova password: " + +#: pam_sss.c:763 +msgid "Reenter new Password: " +msgstr "reinserire la nuova password: " + +#: pam_sss.c:967 +msgid "Password has expired." +msgstr "La password è scaduta." diff --git a/server/sss_client/po/ja.po b/server/sss_client/po/ja.po new file mode 100644 index 000000000..527815b96 --- /dev/null +++ b/server/sss_client/po/ja.po @@ -0,0 +1,46 @@ +# translation of sss_client_ja.po to Japanese +# Copyright (C) YEAR Red Hat, Inc. +# This file is distributed under the same license as the PACKAGE package. +# +# Noriko Mizumoto <noriko@fedoraproject.org>, 2009. +msgid "" +msgstr "" +"Project-Id-Version: sss_client_ja\n" +"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +"POT-Creation-Date: 2010-02-05 09:37-0500\n" +"PO-Revision-Date: 2009-11-18 09:47+1000\n" +"Last-Translator: Noriko Mizumoto <noriko@fedoraproject.org>\n" +"Language-Team: Japanese <fedora-trans-ja@redhat.com>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: pam_sss.c:336 +msgid "Passwords do not match" +msgstr "" + +#: pam_sss.c:405 +msgid "Offline authentication" +msgstr "" + +#: pam_sss.c:406 +msgid ", your cached password will expire at: " +msgstr "" + +#: pam_sss.c:730 +msgid "Password: " +msgstr "" + +#: pam_sss.c:762 +msgid "New Password: " +msgstr "" + +#: pam_sss.c:763 +msgid "Reenter new Password: " +msgstr "" + +#: pam_sss.c:967 +msgid "Password has expired." +msgstr "" diff --git a/server/sss_client/po/nl.po b/server/sss_client/po/nl.po new file mode 100644 index 000000000..5c2d39719 --- /dev/null +++ b/server/sss_client/po/nl.po @@ -0,0 +1,46 @@ +# translation of sssd.master.sss_client.po to Dutch +# Copyright (C) YEAR Red Hat, Inc. +# This file is distributed under the same license as the PACKAGE package. +# +# Richard van der Luit <nippur@fedoraproject.org>, 2009. +msgid "" +msgstr "" +"Project-Id-Version: sssd.master.sss_client\n" +"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +"POT-Creation-Date: 2010-02-05 09:37-0500\n" +"PO-Revision-Date: 2009-11-19 13:14+0100\n" +"Last-Translator: Richard van der Luit <nippur@fedoraproject.org>\n" +"Language-Team: Dutch <nl@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: pam_sss.c:336 +msgid "Passwords do not match" +msgstr "Wachtwoorden komen niet overeen" + +#: pam_sss.c:405 +msgid "Offline authentication" +msgstr "" + +#: pam_sss.c:406 +msgid ", your cached password will expire at: " +msgstr "" + +#: pam_sss.c:730 +msgid "Password: " +msgstr "Wachtwoord: " + +#: pam_sss.c:762 +msgid "New Password: " +msgstr "Nieuw Wachtwoord: " + +#: pam_sss.c:763 +msgid "Reenter new Password: " +msgstr "Voer nieuw wachtwoord nogmaals in: " + +#: pam_sss.c:967 +msgid "Password has expired." +msgstr "Wachtwoord is verlopen." diff --git a/server/sss_client/po/pl.po b/server/sss_client/po/pl.po new file mode 100644 index 000000000..c8b1b479c --- /dev/null +++ b/server/sss_client/po/pl.po @@ -0,0 +1,42 @@ +# translation of pl.po to Polish +# Piotr Drąg <piotrdrag@gmail.com>, 2009. +# +msgid "" +msgstr "" +"Project-Id-Version: pl\n" +"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +"POT-Creation-Date: 2010-02-05 09:37-0500\n" +"PO-Revision-Date: 2010-02-06 01:00+0100\n" +"Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n" +"Language-Team: Polish <trans-pl@lists.fedoraproject.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#: pam_sss.c:336 +msgid "Passwords do not match" +msgstr "Hasła nie zgadzają się" + +#: pam_sss.c:405 +msgid "Offline authentication" +msgstr "Uwierzytelnienie w trybie offline" + +#: pam_sss.c:406 +msgid ", your cached password will expire at: " +msgstr ", hasło w pamięci podręcznej wygaśnie za: " + +#: pam_sss.c:730 +msgid "Password: " +msgstr "Hasło: " + +#: pam_sss.c:762 +msgid "New Password: " +msgstr "Nowe hasło: " + +#: pam_sss.c:763 +msgid "Reenter new Password: " +msgstr "Proszę ponownie podać nowe hasło: " + +#: pam_sss.c:967 +msgid "Password has expired." +msgstr "Hasło wygasło." diff --git a/server/sss_client/po/pt.po b/server/sss_client/po/pt.po new file mode 100644 index 000000000..9fd869020 --- /dev/null +++ b/server/sss_client/po/pt.po @@ -0,0 +1,46 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Red Hat, Inc. +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: sssd.master.sss_client\n" +"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +"POT-Creation-Date: 2010-02-05 09:37-0500\n" +"PO-Revision-Date: 2009-12-08 17:32+0100\n" +"Last-Translator: Rui Gouveia <rui.gouveia@globaltek.pt>\n" +"Language-Team: PT <fedora-trans-pt@redhat.com>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Portuguese\n" +"X-Poedit-Country: PORTUGAL\n" + +#: pam_sss.c:336 +msgid "Passwords do not match" +msgstr "Senhas não coincidem" + +#: pam_sss.c:405 +msgid "Offline authentication" +msgstr "" + +#: pam_sss.c:406 +msgid ", your cached password will expire at: " +msgstr "" + +#: pam_sss.c:730 +msgid "Password: " +msgstr "Senha: " + +#: pam_sss.c:762 +msgid "New Password: " +msgstr "Nova Senha: " + +#: pam_sss.c:763 +msgid "Reenter new Password: " +msgstr "Digite a senha novamente: " + +#: pam_sss.c:967 +msgid "Password has expired." +msgstr "Senha expirou." diff --git a/server/sss_client/po/sss_client.pot b/server/sss_client/po/sss_client.pot new file mode 100644 index 000000000..6d8e2a67c --- /dev/null +++ b/server/sss_client/po/sss_client.pot @@ -0,0 +1,45 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Red Hat, Inc. +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +"POT-Creation-Date: 2010-02-05 09:37-0500\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: pam_sss.c:336 +msgid "Passwords do not match" +msgstr "" + +#: pam_sss.c:405 +msgid "Offline authentication" +msgstr "" + +#: pam_sss.c:406 +msgid ", your cached password will expire at: " +msgstr "" + +#: pam_sss.c:730 +msgid "Password: " +msgstr "" + +#: pam_sss.c:762 +msgid "New Password: " +msgstr "" + +#: pam_sss.c:763 +msgid "Reenter new Password: " +msgstr "" + +#: pam_sss.c:967 +msgid "Password has expired." +msgstr "" diff --git a/server/sss_client/po/sv.po b/server/sss_client/po/sv.po new file mode 100644 index 000000000..32c45e1aa --- /dev/null +++ b/server/sss_client/po/sv.po @@ -0,0 +1,44 @@ +# Swedish messages for sssd client. +# Copyright 2009 Red Hat, Inc. +# This file is distributed under the same license as the sssd package. +# Göran Uddeborg <goeran@uddeborg.se>, 2009. +# +msgid "" +msgstr "" +"Project-Id-Version: sss_client\n" +"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" +"POT-Creation-Date: 2010-02-05 09:37-0500\n" +"PO-Revision-Date: 2009-12-09 20:52+0100\n" +"Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n" +"Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#: pam_sss.c:336 +msgid "Passwords do not match" +msgstr "Lösenorden stämmer inte överens" + +#: pam_sss.c:405 +msgid "Offline authentication" +msgstr "" + +#: pam_sss.c:406 +msgid ", your cached password will expire at: " +msgstr "" + +#: pam_sss.c:730 +msgid "Password: " +msgstr "Lösenord: " + +#: pam_sss.c:762 +msgid "New Password: " +msgstr "Nytt lösenord: " + +#: pam_sss.c:763 +msgid "Reenter new Password: " +msgstr "Skriv det nya lösenordet igen: " + +#: pam_sss.c:967 +msgid "Password has expired." +msgstr "Lösenordet har gått ut." diff --git a/server/sss_client/protos.h b/server/sss_client/protos.h new file mode 100644 index 000000000..adb0b7bb7 --- /dev/null +++ b/server/sss_client/protos.h @@ -0,0 +1,137 @@ +/* + * System Security Services Daemon. NSS Interface + * + * Copyright (C) Simo Sorce 2007 + * + * You can used this header file in any way you see fit provided copyright + * notices are preserved. + * + */ + +#if 0 +/* SHADOW database NSS interface */ +enum nss_status _nss_sss_getspnam_r(const char *name, struct spwd *result, + char *buffer, size_t buflen, int *errnop); +enum nss_status _nss_sss_setspent(void); +enum nss_status _nss_sss_getspent_r(struct spwd *result, + char *buffer, size_t buflen, int *errnop); +enum nss_status _nss_sss_endspent(void); + + +/* HOSTS database NSS interface */ +enum nss_status _nss_sss_gethostbyname_r(const char *name, + struct hostent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_gethostbyname2_r(const char *name, int af, + struct hostent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_gethostbyaddr_r(const void *addr, socklen_t len, + int af, struct hostent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_sethostent(void); +enum nss_status _nss_sss_gethostent_r(struct hostent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_endhostent(void); + +/* NETGROUP database NSS interface */ +enum nss_status _nss_sss_setnetgrent(const char *netgroup, + struct __netgrent *result); +enum nss_status _nss_sss_getnetgrent_r(struct __netgrent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_ldap_endnetgrent(void); +/* too bad innetgr is currently implemented as an iteration over + * {set|get|end}netgroup ... */ + +/* NETWORKS database NSS interface */ +enum nss_status _nss_sss_getnetbyname_r(const char *name, + struct netent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_getnetbyaddr_r(uint32_t addr, int af, + struct netent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_setnetent(void); +enum nss_status _nss_sss_getnetent_r(struct netent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_endnetent(void); + + +/* PROTOCOLS database NSS interface */ +enum nss_status _nss_sss_getprotobyname_r(const char *name, + struct protoent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_getprotobynumber_r(int number, + struct protoent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_setprotoent(void); +enum nss_status _nss_sss_getprotoent_r(struct protoent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_endprotoent(void); + +/* SERVICES database NSS interface */ +enum nss_status _nss_sss_getservbyname_r(const char *name, + const char *protocol, + struct servent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_getservbyport_r(int port, const char *protocol, + struct servent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_setservent(void); +enum nss_status _nss_sss_getservent_r(struct servent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_endservent(void); + +/* ALIASES database NSS interface */ +enum nss_status _nss_sss_getaliasbyname_r(const char *name, + struct aliasent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_setaliasent(void); +enum nss_status _nss_sss_getaliasent_r(struct aliasent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_endaliasent(void); + +/* ETHERS database NSS interface */ +enum nss_status _nss_sss_gethostton_r(const char *name, + struct etherent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_getntohost_r(const struct ether_addr *addr, + struct etherent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_setetherent(void); +enum nss_status _nss_sss_getetherent_r(struct etherent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_endetherent(void); + +/* RPC database NSS interface */ +enum nss_status _nss_sss_getrpcbyname_r(const char *name, + struct rpcent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_getrpcbynumber_r(int number, struct rpcent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_setrpcent(void); +enum nss_status _nss_sss_getrpcent_r(struct rpcent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_endrpcent(void); + +#endif diff --git a/server/sss_client/sss_cli.h b/server/sss_client/sss_cli.h new file mode 100644 index 000000000..7e9a81ff3 --- /dev/null +++ b/server/sss_client/sss_cli.h @@ -0,0 +1,220 @@ +/* + * System Security Services Daemon. Client Interface for NSS and PAM. + * + * Copyright (C) Simo Sorce 2007 + * + * You can used this header file in any way you see fit provided copyright + * notices are preserved. + * + */ + +#ifndef _SSSCLI_H +#define _SSSCLI_H + +#include <nss.h> +#include <pwd.h> +#include <grp.h> + +#ifndef HAVE_ERRNO_T +#define HAVE_ERRNO_T +typedef int errno_t; +#endif + +#define SSS_NSS_PROTOCOL_VERSION 1 +#define SSS_PAM_PROTOCOL_VERSION 3 + +enum sss_cli_command { +/* null */ + SSS_CLI_NULL = 0x0000, + +/* version */ + SSS_GET_VERSION = 0x0001, + +/* passwd */ + + SSS_NSS_GETPWNAM = 0x0011, + SSS_NSS_GETPWUID = 0x0012, + SSS_NSS_SETPWENT = 0x0013, + SSS_NSS_GETPWENT = 0x0014, + SSS_NSS_ENDPWENT = 0x0015, + +/* group */ + + SSS_NSS_GETGRNAM = 0x0021, + SSS_NSS_GETGRGID = 0x0022, + SSS_NSS_SETGRENT = 0x0023, + SSS_NSS_GETGRENT = 0x0024, + SSS_NSS_ENDGRENT = 0x0025, + SSS_NSS_INITGR = 0x0026, + +#if 0 +/* aliases */ + + SSS_NSS_GETALIASBYNAME = 0x0031, + SSS_NSS_GETALIASBYPORT = 0x0032, + SSS_NSS_SETALIASENT = 0x0033, + SSS_NSS_GETALIASENT = 0x0034, + SSS_NSS_ENDALIASENT = 0x0035, + +/* ethers */ + + SSS_NSS_GETHOSTTON = 0x0041, + SSS_NSS_GETNTOHOST = 0x0042, + SSS_NSS_SETETHERENT = 0x0043, + SSS_NSS_GETETHERENT = 0x0044, + SSS_NSS_ENDETHERENT = 0x0045, + +/* hosts */ + + SSS_NSS_GETHOSTBYNAME = 0x0051, + SSS_NSS_GETHOSTBYNAME2 = 0x0052, + SSS_NSS_GETHOSTBYADDR = 0x0053, + SSS_NSS_SETHOSTENT = 0x0054, + SSS_NSS_GETHOSTENT = 0x0055, + SSS_NSS_ENDHOSTENT = 0x0056, + +/* netgroup */ + + SSS_NSS_SETNETGRENT = 0x0061, + SSS_NSS_GETNETGRENT = 0x0062, + SSS_NSS_ENDNETGRENT = 0x0063, + /* SSS_NSS_INNETGR = 0x0064, */ + +/* networks */ + + SSS_NSS_GETNETBYNAME = 0x0071, + SSS_NSS_GETNETBYADDR = 0x0072, + SSS_NSS_SETNETENT = 0x0073, + SSS_NSS_GETNETENT = 0x0074, + SSS_NSS_ENDNETENT = 0x0075, + +/* protocols */ + + SSS_NSS_GETPROTOBYNAME = 0x0081, + SSS_NSS_GETPROTOBYNUM = 0x0082, + SSS_NSS_SETPROTOENT = 0x0083, + SSS_NSS_GETPROTOENT = 0x0084, + SSS_NSS_ENDPROTOENT = 0x0085, + +/* rpc */ + + SSS_NSS_GETRPCBYNAME = 0x0091, + SSS_NSS_GETRPCBYNUM = 0x0092, + SSS_NSS_SETRPCENT = 0x0093, + SSS_NSS_GETRPCENT = 0x0094, + SSS_NSS_ENDRPCENT = 0x0095, + +/* services */ + + SSS_NSS_GETSERVBYNAME = 0x00A1, + SSS_NSS_GETSERVBYPORT = 0x00A2, + SSS_NSS_SETSERVENT = 0x00A3, + SSS_NSS_GETSERVENT = 0x00A4, + SSS_NSS_ENDSERVENT = 0x00A5, + +/* shadow */ + + SSS_NSS_GETSPNAM = 0x00B1, + SSS_NSS_GETSPUID = 0x00B2, + SSS_NSS_SETSPENT = 0x00B3, + SSS_NSS_GETSPENT = 0x00B4, + SSS_NSS_ENDSPENT = 0x00B5, +#endif + +/* PAM related calls */ + SSS_PAM_AUTHENTICATE = 0x00F1, + SSS_PAM_SETCRED = 0x00F2, + SSS_PAM_ACCT_MGMT = 0x00F3, + SSS_PAM_OPEN_SESSION = 0x00F4, + SSS_PAM_CLOSE_SESSION = 0x00F5, + SSS_PAM_CHAUTHTOK = 0x00F6, + SSS_PAM_CHAUTHTOK_PRELIM = 0x00F7, + +}; + +enum sss_authtok_type { + SSS_AUTHTOK_TYPE_EMPTY = 0x0000, + SSS_AUTHTOK_TYPE_PASSWORD = 0x0001, +}; + +#define SSS_START_OF_PAM_REQUEST 0x4d415049 +#define SSS_END_OF_PAM_REQUEST 0x4950414d + +enum pam_item_type { + SSS_PAM_ITEM_EMPTY = 0x0000, + SSS_PAM_ITEM_USER, + SSS_PAM_ITEM_SERVICE, + SSS_PAM_ITEM_TTY, + SSS_PAM_ITEM_RUSER, + SSS_PAM_ITEM_RHOST, + SSS_PAM_ITEM_AUTHTOK, + SSS_PAM_ITEM_NEWAUTHTOK, + SSS_PAM_ITEM_CLI_LOCALE, + SSS_PAM_ITEM_CLI_PID, +}; + +#define SSS_NSS_MAX_ENTRIES 256 +#define SSS_NSS_HEADER_SIZE (sizeof(uint32_t) * 4) +struct sss_cli_req_data { + size_t len; + const void *data; +}; + +/* this is in milliseconds, wait up to 300 seconds */ +#define SSS_CLI_SOCKET_TIMEOUT 300000 + +enum sss_status { + SSS_STATUS_UNAVAIL, + SSS_STATUS_SUCCESS +}; + +enum response_type { + SSS_PAM_SYSTEM_INFO = 0x01, + SSS_PAM_DOMAIN_NAME, + SSS_PAM_ENV_ITEM, /* only pam environment */ + SSS_ENV_ITEM, /* only user environment */ + SSS_ALL_ENV_ITEM, /* pam and user environment */ + SSS_PAM_USER_INFO +}; + +enum user_info_type { + SSS_PAM_USER_INFO_OFFLINE_AUTH = 0x01, + SSS_PAM_USER_INFO_OFFLINE_AUTH_DELAYED, + SSS_PAM_USER_INFO_OFFLINE_CHPASS, + SSS_PAM_USER_INFO_CHPASS_ERROR +}; + +enum nss_status sss_nss_make_request(enum sss_cli_command cmd, + struct sss_cli_req_data *rd, + uint8_t **repbuf, size_t *replen, + int *errnop); + +int sss_pam_make_request(enum sss_cli_command cmd, + struct sss_cli_req_data *rd, + uint8_t **repbuf, size_t *replen, + int *errnop); + +#endif /* _SSSCLI_H */ + +#if 0 + +/* GETSPNAM Request: + * + * 0-X: string with name + * + * Replies: + * + * 0-3: 32bit unsigned number of results + * 4-7: 32bit unsigned (reserved/padding) + * For each result: + * 0-7: 64bit unsigned with Date of last change + * 8-15: 64bit unsigned with Min #days between changes + * 16-23: 64bit unsigned with Max #days between changes + * 24-31: 64bit unsigned with #days before pwd expires + * 32-39: 64bit unsigned with #days after pwd expires until account is disabled + * 40-47: 64bit unsigned with expiration date in days since 1970-01-01 + * 48-55: 64bit unsigned (flags/reserved) + * 56-X: sequence of 2, 0 terminated, strings (name, pwd) 64bit padded + */ +#endif + diff --git a/server/sss_client/sss_nss.exports b/server/sss_client/sss_nss.exports new file mode 100644 index 000000000..bcc6b10e1 --- /dev/null +++ b/server/sss_client/sss_nss.exports @@ -0,0 +1,73 @@ +EXPORTED { + + # public functions + global: + + _nss_sss_getpwnam_r; + _nss_sss_getpwuid_r; + _nss_sss_setpwent; + _nss_sss_getpwent_r; + _nss_sss_endpwent; + + _nss_sss_getgrnam_r; + _nss_sss_getgrgid_r; + _nss_sss_setgrent; + _nss_sss_getgrent_r; + _nss_sss_endgrent; + _nss_sss_initgroups_dyn; + + #_nss_sss_getaliasbyname_r; + #_nss_sss_setaliasent; + #_nss_sss_getaliasent_r; + #_nss_sss_endaliasent; + + #_nss_sss_gethostton_r; + #_nss_sss_getntohost_r; + #_nss_sss_setetherent; + #_nss_sss_getetherent_r; + #_nss_sss_endetherent; + + #_nss_sss_gethostbyname_r; + #_nss_sss_gethostbyname2_r; + #_nss_sss_gethostbyaddr_r; + #_nss_sss_sethostent; + #_nss_sss_gethostent_r; + #_nss_sss_endhostent; + + #_nss_sss_setnetgrent; + #_nss_sss_getnetgrent_r; + #_nss_sss_endnetgrent; + + #_nss_sss_getnetbyname_r; + #_nss_sss_getnetbyaddr_r; + #_nss_sss_setnetent; + #_nss_sss_getnetent_r; + #_nss_sss_endnetent; + + #_nss_sss_getprotobyname_r; + #_nss_sss_getprotobynumber_r; + #_nss_sss_setprotoent; + #_nss_sss_getprotoent_r; + #_nss_sss_endprotoent; + + #_nss_sss_getrpcbyname_r; + #_nss_sss_getrpcbynumber_r; + #_nss_sss_setrpcent; + #_nss_sss_getrpcent_r; + #_nss_sss_endrpcent; + + #_nss_sss_getservbyname_r; + #_nss_sss_getservbyport_r; + #_nss_sss_setservent; + #_nss_sss_getservent_r; + #_nss_sss_endservent; + + #_nss_sss_getspnam_r; + #_nss_sss_setspent; + #_nss_sss_getspent_r; + #_nss_sss_endspent; + + # everything else is local + local: + *; +}; diff --git a/server/sss_client/sss_pam.exports b/server/sss_client/sss_pam.exports new file mode 100644 index 000000000..9afa106be --- /dev/null +++ b/server/sss_client/sss_pam.exports @@ -0,0 +1,4 @@ +{ + global: + *; +}; diff --git a/server/sss_client/sss_pam_macros.h b/server/sss_client/sss_pam_macros.h new file mode 100644 index 000000000..5277acd0f --- /dev/null +++ b/server/sss_client/sss_pam_macros.h @@ -0,0 +1,30 @@ +/* + * System Security Services Daemon. Client Interface for NSS and PAM. + * + * Copyright (C) Stephen Gallagher 2009 + * + * You can used this header file in any way you see fit provided copyright + * notices are preserved. + * + */ + +#ifndef _SSS_PAM_MACROS_H +#define _SSS_PAM_MACROS_H + +/* Older versions of the pam development headers do not include the + * _pam_overwrite_n(n,x) macro. This implementation is copied from + * the Fedora 11 _pam_macros.h. + */ +#include <security/_pam_macros.h> +#ifndef _pam_overwrite_n +#define _pam_overwrite_n(x,n) \ +do { \ + register char *__xx__; \ + register unsigned int __i__ = 0; \ + if ((__xx__=(x))) \ + for (;__i__<n; __i__++) \ + __xx__[__i__] = 0; \ +} while (0) +#endif /* _pam_overwrite_n */ + +#endif /* _SSS_PAM_MACROS_H */ diff --git a/server/util/user_info_msg.c b/server/util/user_info_msg.c index 1886537a4..547e3bb74 100644 --- a/server/util/user_info_msg.c +++ b/server/util/user_info_msg.c @@ -23,7 +23,7 @@ */ #include "util/util.h" -#include "../sss_client/sss_cli.h" +#include "sss_client/sss_cli.h" errno_t pack_user_info_chpass_error(TALLOC_CTX *mem_ctx, const char *user_error_message, |