summaryrefslogtreecommitdiffstats
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/Makefile.am46
-rw-r--r--server/configure.ac13
-rw-r--r--server/po/POTFILES.in5
-rw-r--r--server/providers/data_provider.h2
-rw-r--r--server/responder/common/responder.h2
-rw-r--r--server/responder/common/responder_packet.h2
-rw-r--r--server/sss_client/Makefile.am88
-rwxr-xr-xserver/sss_client/autogen.sh14
-rw-r--r--server/sss_client/common.c669
-rw-r--r--server/sss_client/conf_macros.m452
-rwxr-xr-xserver/sss_client/config.guess1464
-rwxr-xr-xserver/sss_client/config.sub1577
-rw-r--r--server/sss_client/configure.ac54
-rw-r--r--server/sss_client/external/docbook.m435
-rw-r--r--server/sss_client/group.c435
-rwxr-xr-xserver/sss_client/install-sh238
-rw-r--r--server/sss_client/m4/.dir0
-rw-r--r--server/sss_client/man/pam_sss.8.xml97
-rw-r--r--server/sss_client/pam_sss.c1166
-rw-r--r--server/sss_client/pam_test_client.c95
-rw-r--r--server/sss_client/passwd.c373
-rw-r--r--server/sss_client/po/LINGUAS10
-rw-r--r--server/sss_client/po/Makevars41
-rw-r--r--server/sss_client/po/POTFILES.in6
-rw-r--r--server/sss_client/po/de.po46
-rw-r--r--server/sss_client/po/es.po46
-rw-r--r--server/sss_client/po/fr.po44
-rw-r--r--server/sss_client/po/it.po47
-rw-r--r--server/sss_client/po/ja.po46
-rw-r--r--server/sss_client/po/nl.po46
-rw-r--r--server/sss_client/po/pl.po42
-rw-r--r--server/sss_client/po/pt.po46
-rw-r--r--server/sss_client/po/sss_client.pot45
-rw-r--r--server/sss_client/po/sv.po44
-rw-r--r--server/sss_client/protos.h137
-rw-r--r--server/sss_client/sss_cli.h220
-rw-r--r--server/sss_client/sss_nss.exports73
-rw-r--r--server/sss_client/sss_pam.exports4
-rw-r--r--server/sss_client/sss_pam_macros.h30
-rw-r--r--server/util/user_info_msg.c2
40 files changed, 7397 insertions, 5 deletions
diff --git a/server/Makefile.am b/server/Makefile.am
index 21ae79ae3..eeb8cfef6 100644
--- a/server/Makefile.am
+++ b/server/Makefile.am
@@ -17,6 +17,8 @@ sssdapiplugindir = $(sssdconfdir)/sssd.api.d
dbusintrospectdir = $(datarootdir)/sssd/introspect
dbuspolicydir = $(sysconfdir)/dbus-1/system.d
localedir = @localedir@
+nsslibdir = @nsslibdir@
+pamlibdir = $(nsslibdir)/security
dbpath = @dbpath@
pluginpath = @pluginpath@
@@ -179,6 +181,7 @@ AM_CPPFLAGS = -Wall \
-Iinclude \
-I.. \
-I$(srcdir)/include \
+ -I$(srcdir)/sss_client \
-Iinclude \
-I. \
$(POPT_CFLAGS) \
@@ -619,6 +622,42 @@ stress_tests_SOURCES = \
stress_tests_LDADD = \
$(SSSD_LIBS)
+noinst_PROGRAMS = pam_test_client
+pam_test_client_SOURCES = sss_client/pam_test_client.c
+pam_test_client_LDFLAGS = -lpam -lpam_misc
+
+####################
+# Client Libraries #
+####################
+
+nsslib_LTLIBRARIES = libnss_sss.la
+libnss_sss_la_SOURCES = \
+ sss_client/common.c \
+ sss_client/passwd.c \
+ sss_client/group.c \
+ sss_client/sss_cli.h
+libnss_sss_la_LDFLAGS = \
+ -module \
+ -version-info 2:0:0 \
+ -Wl,--version-script,$(srcdir)/sss_client/sss_nss.exports
+
+pamlib_LTLIBRARIES = pam_sss.la
+pam_sss_la_SOURCES = \
+ sss_client/pam_sss.c \
+ sss_client/common.c \
+ sss_client/sss_cli.h \
+ sss_client/sss_pam_macros.h
+
+pam_sss_la_LDFLAGS = \
+ -lpam \
+ -module \
+ -avoid-version \
+ -Wl,--version-script,$(srcdir)/sss_client/sss_pam.exports
+
+dist_noinst_DATA += \
+ sss_client/sss_nss.exports \
+ sss_client/sss_pam.exports
+
####################
# Plugin Libraries #
####################
@@ -799,7 +838,7 @@ dist_man_MANS = man/sss_useradd.8 man/sss_userdel.8 man/sss_usermod.8 \
man/sss_groupadd.8 man/sss_groupdel.8 man/sss_groupmod.8 \
man/sssd.8 man/sssd.conf.5 man/sssd-ldap.5 man/sssd-krb5.5 \
man/sssd-ipa.5 man/sssd_krb5_locator_plugin.8 \
- man/sss_groupshow.8
+ man/sss_groupshow.8 sss_client/man/pam_sss.8
SUFFIXES = .1.xml .1 .3.xml .3 .5.xml .5 .8.xml .8
.1.xml.1:
@@ -881,6 +920,11 @@ install-exec-hook: installsssddirs
fi
mkdir -p doc $(DESTDIR)/$(docdir); cp -a doc $(DESTDIR)/$(docdir)/
+install-data-hook:
+ rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \
+ $(DESTDIR)/$(nsslibdir)/libnss_sss.so
+ mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2
+
uninstall-hook:
if [ -f $(abs_builddir)/config/.files ]; then \
cat $(abs_builddir)/config/.files | xargs -iq rm -f $(DESTDIR)/q; \
diff --git a/server/configure.ac b/server/configure.ac
index f24debb69..4198ee952 100644
--- a/server/configure.ac
+++ b/server/configure.ac
@@ -43,6 +43,19 @@ AC_CHECK_TYPES([errno_t], [], [], [[#include <errno.h>]])
m4_include([build_macros.m4])
BUILD_WITH_SHARED_BUILD_DIR
+#Check for PAM headers
+AC_CHECK_HEADERS([security/pam_appl.h security/pam_misc.h security/pam_modules.h],
+ [AC_CHECK_LIB(pam, pam_get_item, [ PAM_LIBS="-lpam" ], [AC_MSG_ERROR([PAM must support pam_get_item])])],
+ [AC_MSG_ERROR([PAM development libraries not installed])]
+)
+
+#Set the NSS library install path
+AC_ARG_ENABLE([nsslibdir], [AS_HELP_STRING([--enable-nsslibdir],
+ [Where to install nss libraries ($libdir)])],
+ [nsslibdir=$enableval],
+ [nsslibdir=$libdir])
+AC_SUBST(nsslibdir)
+
m4_include(conf_macros.m4)
WITH_DB_PATH
WITH_PLUGIN_PATH
diff --git a/server/po/POTFILES.in b/server/po/POTFILES.in
index 2dacfe8bb..e317161f0 100644
--- a/server/po/POTFILES.in
+++ b/server/po/POTFILES.in
@@ -9,3 +9,8 @@ tools/tools_util.h
tools/sss_useradd.c
tools/sss_groupadd.c
tools/sss_usermod.c
+sss_client/common.c
+sss_client/group.c
+sss_client/pam_sss.c
+sss_client/pam_test_client.c
+sss_client/passwd.c
diff --git a/server/providers/data_provider.h b/server/providers/data_provider.h
index c52466238..76ba4cffb 100644
--- a/server/providers/data_provider.h
+++ b/server/providers/data_provider.h
@@ -34,7 +34,7 @@
#include "dbus/dbus.h"
#include "sbus/sssd_dbus.h"
#include "sbus/sbus_client.h"
-#include "../sss_client/sss_cli.h"
+#include "sss_client/sss_cli.h"
#define DATA_PROVIDER_VERSION 0x0001
#define DATA_PROVIDER_SERVICE_NAME "dp"
diff --git a/server/responder/common/responder.h b/server/responder/common/responder.h
index 9294f4022..ea6ba5831 100644
--- a/server/responder/common/responder.h
+++ b/server/responder/common/responder.h
@@ -31,7 +31,7 @@
#include "ldb.h"
#include "dhash.h"
#include "sbus/sssd_dbus.h"
-#include "../sss_client/sss_cli.h"
+#include "sss_client/sss_cli.h"
extern hash_table_t *dp_requests;
diff --git a/server/responder/common/responder_packet.h b/server/responder/common/responder_packet.h
index e98707a63..2bfdc8a32 100644
--- a/server/responder/common/responder_packet.h
+++ b/server/responder/common/responder_packet.h
@@ -22,7 +22,7 @@
#ifndef __SSSSRV_PACKET_H__
#define __SSSSRV_PACKET_H__
-#include "../sss_client/sss_cli.h"
+#include "sss_client/sss_cli.h"
#define SSS_PACKET_MAX_RECV_SIZE 1024
diff --git a/server/sss_client/Makefile.am b/server/sss_client/Makefile.am
new file mode 100644
index 000000000..b430af6b7
--- /dev/null
+++ b/server/sss_client/Makefile.am
@@ -0,0 +1,88 @@
+SUBDIRS = po
+
+pipepath=@pipepath@
+localedir = @localedir@
+
+topdir=.
+AM_CPPFLAGS = \
+ -I$(topdir) \
+ -DLOCALEDIR=\"$(localedir)\" \
+ -DSSS_NSS_SOCKET_NAME=\"$(pipepath)/nss\" \
+ -DSSS_PAM_SOCKET_NAME=\"$(pipepath)/pam\" \
+ -DSSS_PAM_PRIV_SOCKET_NAME=\"$(pipepath)/private/pam\"
+ACLOCAL_AMFLAGS = -I m4
+
+AM_CFLAGS =
+if WANT_AUX_INFO
+ AM_CFLAGS += -aux-info $@.X
+endif
+
+if HAVE_GCC
+ AM_CFLAGS += -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith \
+ -Wcast-qual -Wcast-align -Wwrite-strings
+endif
+
+nsslibdir = @nsslibdir@
+pamlibdir = $(nsslibdir)/security
+
+nsslib_LTLIBRARIES = libnss_sss.la
+pamlib_LTLIBRARIES = pam_sss.la
+
+libnss_sss_la_SOURCES = \
+ common.c \
+ passwd.c \
+ group.c \
+ sss_cli.h
+libnss_sss_la_LDFLAGS = \
+ -module \
+ -version-info 2:0:0 \
+ -Wl,--version-script,$(srcdir)/sss_nss.exports
+
+pam_sss_la_SOURCES = \
+ pam_sss.c \
+ common.c \
+ sss_cli.h \
+ sss_pam_macros.h
+
+pam_sss_la_LDFLAGS = \
+ -lpam \
+ -module \
+ -avoid-version \
+ -Wl,--version-script,$(srcdir)/sss_pam.exports
+
+noinst_PROGRAMS = pam_test_client
+pam_test_client_SOURCES = pam_test_client.c
+pam_test_client_LDFLAGS = -lpam -lpam_misc
+
+
+EXTRA_DIST = build/config.rpath
+dist_noinst_DATA = \
+ sss_nss.exports \
+ sss_pam.exports \
+ m4
+
+install-data-hook:
+ rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \
+ $(DESTDIR)/$(nsslibdir)/libnss_sss.so
+ mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2
+
+############
+# MANPAGES #
+############
+
+#Special Rules:
+export SGML_CATALOG_FILES
+DOCBOOK_XSLT = http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl
+XMLLINT_FLAGS = --catalogs --postvalid --nonet --xinclude --noout
+XSLTPROC_FLAGS = --catalogs --xinclude --nonet
+
+dist_man_MANS = man/pam_sss.8
+
+SUFFIXES = .8.xml .8
+.8.xml.8:
+ $(XMLLINT) $(XMLLINT_FLAGS) $<
+ $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $<
+CLEANFILES = *.X
+
+tests: all $(check_PROGRAMS)
+
diff --git a/server/sss_client/autogen.sh b/server/sss_client/autogen.sh
new file mode 100755
index 000000000..bf84eeee1
--- /dev/null
+++ b/server/sss_client/autogen.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+rm -rf autom4te.cache
+rm -f configure config.h.in
+
+IPATHS="-I libreplace -I lib/replace -I ../libreplace -I ../replace"
+autoconf $IPATHS || exit 1
+autoheader $IPATHS || exit 1
+
+rm -rf autom4te.cache
+
+echo "Now run ./configure and then make."
+exit 0
+
diff --git a/server/sss_client/common.c b/server/sss_client/common.c
new file mode 100644
index 000000000..6732c24fc
--- /dev/null
+++ b/server/sss_client/common.c
@@ -0,0 +1,669 @@
+/*
+ * System Security Services Daemon. NSS client interface
+ *
+ * Copyright (C) Simo Sorce 2007
+ *
+ * Winbind derived code:
+ * Copyright (C) Tim Potter 2000
+ * Copyright (C) Andrew Tridgell 2000
+ * Copyright (C) Andrew Bartlett 2002
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include <nss.h>
+#include <security/pam_modules.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include <fcntl.h>
+#include <poll.h>
+#include "sss_cli.h"
+
+/* common functions */
+
+int sss_cli_sd = -1; /* the sss client socket descriptor */
+
+static void sss_cli_close_socket(void)
+{
+ if (sss_cli_sd != -1) {
+ close(sss_cli_sd);
+ sss_cli_sd = -1;
+ }
+}
+
+/* Requests:
+ *
+ * byte 0-3: 32bit unsigned with length (the complete packet length: 0 to X)
+ * byte 4-7: 32bit unsigned with command code
+ * byte 8-11: 32bit unsigned (reserved)
+ * byte 12-15: 32bit unsigned (reserved)
+ * byte 16-X: (optional) request structure associated to the command code used
+ */
+static enum nss_status sss_nss_send_req(enum sss_cli_command cmd,
+ struct sss_cli_req_data *rd,
+ int *errnop)
+{
+ uint32_t header[4];
+ size_t datasent;
+
+ header[0] = SSS_NSS_HEADER_SIZE + (rd?rd->len:0);
+ header[1] = cmd;
+ header[2] = 0;
+ header[3] = 0;
+
+ datasent = 0;
+
+ while (datasent < header[0]) {
+ struct pollfd pfd;
+ int rdsent;
+ int res, error;
+
+ *errnop = 0;
+ pfd.fd = sss_cli_sd;
+ pfd.events = POLLOUT;
+
+ do {
+ errno = 0;
+ res = poll(&pfd, 1, SSS_CLI_SOCKET_TIMEOUT);
+ error = errno;
+
+ /* If error is EINTR here, we'll try again
+ * If it's any other error, we'll catch it
+ * below.
+ */
+ } while (error == EINTR);
+
+ switch (res) {
+ case -1:
+ *errnop = error;
+ break;
+ case 0:
+ *errnop = ETIME;
+ break;
+ case 1:
+ if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
+ *errnop = EPIPE;
+ }
+ if (!(pfd.revents & POLLOUT)) {
+ *errnop = EBUSY;
+ }
+ break;
+ default: /* more than one avail ?? */
+ *errnop = EBADF;
+ break;
+ }
+ if (*errnop) {
+ sss_cli_close_socket();
+ return NSS_STATUS_UNAVAIL;
+ }
+
+ if (datasent < SSS_NSS_HEADER_SIZE) {
+ res = write(sss_cli_sd,
+ (char *)header + datasent,
+ SSS_NSS_HEADER_SIZE - datasent);
+ } else {
+ rdsent = datasent - SSS_NSS_HEADER_SIZE;
+ res = write(sss_cli_sd,
+ (const char *)rd->data + rdsent,
+ rd->len - rdsent);
+ }
+
+ if ((res == -1) || (res == 0)) {
+
+ /* Write failed */
+ sss_cli_close_socket();
+ *errnop = errno;
+ return NSS_STATUS_UNAVAIL;
+ }
+
+ datasent += res;
+ }
+
+ return NSS_STATUS_SUCCESS;
+}
+
+/* Replies:
+ *
+ * byte 0-3: 32bit unsigned with length (the complete packet length: 0 to X)
+ * byte 4-7: 32bit unsigned with command code
+ * byte 8-11: 32bit unsigned with the request status (server errno)
+ * byte 12-15: 32bit unsigned (reserved)
+ * byte 16-X: (optional) reply structure associated to the command code used
+ */
+
+static enum nss_status sss_nss_recv_rep(enum sss_cli_command cmd,
+ uint8_t **buf, int *len,
+ int *errnop)
+{
+ uint32_t header[4];
+ size_t datarecv;
+
+ header[0] = SSS_NSS_HEADER_SIZE; /* unitl we know the real lenght */
+ header[1] = 0;
+ header[2] = 0;
+ header[3] = 0;
+
+ datarecv = 0;
+ *buf = NULL;
+ *len = 0;
+ *errnop = 0;
+
+ while (datarecv < header[0]) {
+ struct pollfd pfd;
+ int bufrecv;
+ int res, error;
+
+ pfd.fd = sss_cli_sd;
+ pfd.events = POLLIN;
+
+ do {
+ errno = 0;
+ res = poll(&pfd, 1, SSS_CLI_SOCKET_TIMEOUT);
+ error = errno;
+
+ /* If error is EINTR here, we'll try again
+ * If it's any other error, we'll catch it
+ * below.
+ */
+ } while (error == EINTR);
+
+ switch (res) {
+ case -1:
+ *errnop = error;
+ break;
+ case 0:
+ *errnop = ETIME;
+ break;
+ case 1:
+ if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
+ *errnop = EPIPE;
+ }
+ if (!(pfd.revents & POLLIN)) {
+ *errnop = EBUSY;
+ }
+ break;
+ default: /* more than one avail ?? */
+ *errnop = EBADF;
+ break;
+ }
+ if (*errnop) {
+ sss_cli_close_socket();
+ return NSS_STATUS_UNAVAIL;
+ }
+
+ if (datarecv < SSS_NSS_HEADER_SIZE) {
+ res = read(sss_cli_sd,
+ (char *)header + datarecv,
+ SSS_NSS_HEADER_SIZE - datarecv);
+ } else {
+ bufrecv = datarecv - SSS_NSS_HEADER_SIZE;
+ res = read(sss_cli_sd,
+ (char *)(*buf) + bufrecv,
+ header[0] - datarecv);
+ }
+
+ if ((res == -1) || (res == 0)) {
+
+ /* Read failed. I think the only useful thing
+ * we can do here is just return -1 and fail
+ * since the transaction has failed half way
+ * through. */
+
+ sss_cli_close_socket();
+ *errnop = errno;
+ return NSS_STATUS_UNAVAIL;
+ }
+
+ datarecv += res;
+
+ if (datarecv == SSS_NSS_HEADER_SIZE && *len == 0) {
+ /* at this point recv buf is not yet
+ * allocated and the header has just
+ * been read, do checks and proceed */
+ if (header[2] != 0) {
+ /* server side error */
+ sss_cli_close_socket();
+ *errnop = header[2];
+ if (*errnop == EAGAIN) {
+ return NSS_STATUS_TRYAGAIN;
+ } else {
+ return NSS_STATUS_UNAVAIL;
+ }
+ }
+ if (header[1] != cmd) {
+ /* wrong command id */
+ sss_cli_close_socket();
+ *errnop = EBADMSG;
+ return NSS_STATUS_UNAVAIL;
+ }
+ if (header[0] > SSS_NSS_HEADER_SIZE) {
+ *len = header[0] - SSS_NSS_HEADER_SIZE;
+ *buf = malloc(*len);
+ if (!*buf) {
+ sss_cli_close_socket();
+ *errnop = ENOMEM;
+ return NSS_STATUS_UNAVAIL;
+ }
+ }
+ }
+ }
+
+ return NSS_STATUS_SUCCESS;
+}
+
+/* this function will check command codes match and returned length is ok */
+/* repbuf and replen report only the data section not the header */
+static enum nss_status sss_nss_make_request_nochecks(
+ enum sss_cli_command cmd,
+ struct sss_cli_req_data *rd,
+ uint8_t **repbuf, size_t *replen,
+ int *errnop)
+{
+ enum nss_status ret;
+ uint8_t *buf = NULL;
+ int len = 0;
+
+ /* send data */
+ ret = sss_nss_send_req(cmd, rd, errnop);
+ if (ret != NSS_STATUS_SUCCESS) {
+ return ret;
+ }
+
+ /* data sent, now get reply */
+ ret = sss_nss_recv_rep(cmd, &buf, &len, errnop);
+ if (ret != NSS_STATUS_SUCCESS) {
+ return ret;
+ }
+
+ /* we got through, now we have the custom data in buf if any,
+ * return it if requested */
+ if (repbuf && buf) {
+ *repbuf = buf;
+ if (replen) {
+ *replen = len;
+ }
+ } else {
+ free(buf);
+ if (replen) {
+ *replen = 0;
+ }
+ }
+
+ return NSS_STATUS_SUCCESS;
+}
+
+/* GET_VERSION Reply:
+ * 0-3: 32bit unsigned version number
+ */
+
+static int sss_nss_check_version(const char *socket_name)
+{
+ uint8_t *repbuf;
+ size_t replen;
+ enum nss_status nret;
+ int errnop;
+ int res = NSS_STATUS_UNAVAIL;
+ uint32_t expected_version;
+ struct sss_cli_req_data req;
+
+ if (strcmp(socket_name, SSS_NSS_SOCKET_NAME) == 0) {
+ expected_version = SSS_NSS_PROTOCOL_VERSION;
+ } else if (strcmp(socket_name, SSS_PAM_SOCKET_NAME) == 0 ||
+ strcmp(socket_name, SSS_PAM_PRIV_SOCKET_NAME) == 0) {
+ expected_version = SSS_PAM_PROTOCOL_VERSION;
+ } else {
+ return NSS_STATUS_UNAVAIL;
+ }
+
+ req.len = sizeof(expected_version);
+ req.data = &expected_version;
+
+ nret = sss_nss_make_request_nochecks(SSS_GET_VERSION, &req,
+ &repbuf, &replen, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ return nret;
+ }
+
+ if (!repbuf) {
+ return res;
+ }
+
+ if (((uint32_t *)repbuf)[0] == expected_version) {
+ res = NSS_STATUS_SUCCESS;
+ }
+
+ free(repbuf);
+ return res;
+}
+
+/* this 2 functions are adapted from samba3 winbinbd's wb_common.c */
+
+/* Make sure socket handle isn't stdin (0), stdout(1) or stderr(2) by setting
+ * the limit to 3 */
+#define RECURSION_LIMIT 3
+
+static int make_nonstd_fd_internals(int fd, int limit)
+{
+ int new_fd;
+ if (fd >= 0 && fd <= 2) {
+#ifdef F_DUPFD
+ if ((new_fd = fcntl(fd, F_DUPFD, 3)) == -1) {
+ return -1;
+ }
+ /* Paranoia */
+ if (new_fd < 3) {
+ close(new_fd);
+ return -1;
+ }
+ close(fd);
+ return new_fd;
+#else
+ if (limit <= 0)
+ return -1;
+
+ new_fd = dup(fd);
+ if (new_fd == -1)
+ return -1;
+
+ /* use the program stack to hold our list of FDs to close */
+ new_fd = make_nonstd_fd_internals(new_fd, limit - 1);
+ close(fd);
+ return new_fd;
+#endif
+ }
+ return fd;
+}
+
+/****************************************************************************
+ Set a fd into blocking/nonblocking mode. Uses POSIX O_NONBLOCK if available,
+ else
+ if SYSV use O_NDELAY
+ if BSD use FNDELAY
+ Set close on exec also.
+****************************************************************************/
+
+static int make_safe_fd(int fd)
+{
+ int result, flags;
+ int new_fd = make_nonstd_fd_internals(fd, RECURSION_LIMIT);
+ if (new_fd == -1) {
+ close(fd);
+ return -1;
+ }
+
+ /* Socket should be nonblocking. */
+#ifdef O_NONBLOCK
+#define FLAG_TO_SET O_NONBLOCK
+#else
+#ifdef SYSV
+#define FLAG_TO_SET O_NDELAY
+#else /* BSD */
+#define FLAG_TO_SET FNDELAY
+#endif
+#endif
+
+ if ((flags = fcntl(new_fd, F_GETFL)) == -1) {
+ close(new_fd);
+ return -1;
+ }
+
+ flags |= FLAG_TO_SET;
+ if (fcntl(new_fd, F_SETFL, flags) == -1) {
+ close(new_fd);
+ return -1;
+ }
+
+#undef FLAG_TO_SET
+
+ /* Socket should be closed on exec() */
+#ifdef FD_CLOEXEC
+ result = flags = fcntl(new_fd, F_GETFD, 0);
+ if (flags >= 0) {
+ flags |= FD_CLOEXEC;
+ result = fcntl( new_fd, F_SETFD, flags );
+ }
+ if (result < 0) {
+ close(new_fd);
+ return -1;
+ }
+#endif
+ return new_fd;
+}
+
+static int sss_nss_open_socket(int *errnop, const char *socket_name)
+{
+ struct sockaddr_un nssaddr;
+ int inprogress = 1;
+ int wait_time, sleep_time;
+ int sd;
+
+ memset(&nssaddr, 0, sizeof(struct sockaddr_un));
+ nssaddr.sun_family = AF_UNIX;
+ strncpy(nssaddr.sun_path, socket_name,
+ strlen(socket_name) + 1);
+
+ sd = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (sd == -1) {
+ *errnop = errno;
+ return -1;
+ }
+
+ /* set as non-blocking, close on exec, and make sure standard
+ * descriptors are not used */
+ sd = make_safe_fd(sd);
+ if (sd == -1) {
+ *errnop = errno;
+ return -1;
+ }
+
+ /* this piece is adapted from winbind client code */
+ wait_time = 0;
+ sleep_time = 0;
+ while(inprogress) {
+ int connect_errno = 0;
+ socklen_t errnosize;
+ struct timeval tv;
+ fd_set w_fds;
+ int ret;
+
+ wait_time += sleep_time;
+
+ ret = connect(sd, (struct sockaddr *)&nssaddr,
+ sizeof(nssaddr));
+ if (ret == 0) {
+ return sd;
+ }
+
+ switch(errno) {
+ case EINPROGRESS:
+ FD_ZERO(&w_fds);
+ FD_SET(sd, &w_fds);
+ tv.tv_sec = SSS_CLI_SOCKET_TIMEOUT - wait_time;
+ tv.tv_usec = 0;
+
+ ret = select(sd + 1, NULL, &w_fds, NULL, &tv);
+
+ if (ret > 0) {
+ errnosize = sizeof(connect_errno);
+ ret = getsockopt(sd, SOL_SOCKET, SO_ERROR,
+ &connect_errno, &errnosize);
+ if (ret >= 0 && connect_errno == 0) {
+ return sd;
+ }
+ }
+ wait_time += SSS_CLI_SOCKET_TIMEOUT;
+ break;
+ case EAGAIN:
+ if (wait_time < SSS_CLI_SOCKET_TIMEOUT) {
+ sleep_time = rand() % 2 + 1;
+ sleep(sleep_time);
+ }
+ break;
+ default:
+ *errnop = errno;
+ inprogress = 0;
+ break;
+ }
+
+ if (wait_time >= SSS_CLI_SOCKET_TIMEOUT) {
+ inprogress = 0;
+ }
+ }
+
+ /* if we get here connect() failed or we timed out */
+
+ close(sd);
+ return -1;
+}
+
+static enum sss_status sss_cli_check_socket(int *errnop, const char *socket_name)
+{
+ static pid_t mypid;
+ int mysd;
+
+ if (getpid() != mypid) {
+ sss_cli_close_socket();
+ mypid = getpid();
+ }
+
+ /* check if the socket has been closed on the other side */
+ if (sss_cli_sd != -1) {
+ struct pollfd pfd;
+ int res, error;
+
+ *errnop = 0;
+ pfd.fd = sss_cli_sd;
+ pfd.events = POLLIN | POLLOUT;
+
+ do {
+ errno = 0;
+ res = poll(&pfd, 1, SSS_CLI_SOCKET_TIMEOUT);
+ error = errno;
+
+ /* If error is EINTR here, we'll try again
+ * If it's any other error, we'll catch it
+ * below.
+ */
+ } while (error == EINTR);
+
+ switch (res) {
+ case -1:
+ *errnop = error;
+ break;
+ case 0:
+ *errnop = ETIME;
+ break;
+ case 1:
+ if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
+ *errnop = EPIPE;
+ }
+ if (!(pfd.revents & (POLLIN | POLLOUT))) {
+ *errnop = EBUSY;
+ }
+ break;
+ default: /* more than one avail ?? */
+ *errnop = EBADF;
+ break;
+ }
+ if (*errnop) {
+ sss_cli_close_socket();
+ return SSS_STATUS_UNAVAIL;
+ }
+
+ return SSS_STATUS_SUCCESS;
+ }
+
+ mysd = sss_nss_open_socket(errnop, socket_name);
+ if (mysd == -1) {
+ return SSS_STATUS_UNAVAIL;
+ }
+
+ sss_cli_sd = mysd;
+
+ if (sss_nss_check_version(socket_name) == NSS_STATUS_SUCCESS) {
+ return SSS_STATUS_SUCCESS;
+ }
+
+ sss_cli_close_socket();
+ *errnop = EFAULT;
+ return SSS_STATUS_UNAVAIL;
+}
+
+/* this function will check command codes match and returned length is ok */
+/* repbuf and replen report only the data section not the header */
+enum nss_status sss_nss_make_request(enum sss_cli_command cmd,
+ struct sss_cli_req_data *rd,
+ uint8_t **repbuf, size_t *replen,
+ int *errnop)
+{
+ enum nss_status ret;
+ char *envval;
+
+ /* avoid looping in the nss daemon */
+ envval = getenv("_SSS_LOOPS");
+ if (envval && strcmp(envval, "NO") == 0) {
+ return NSS_STATUS_NOTFOUND;
+ }
+
+ ret = sss_cli_check_socket(errnop, SSS_NSS_SOCKET_NAME);
+ if (ret != SSS_STATUS_SUCCESS) {
+ return NSS_STATUS_UNAVAIL;
+ }
+
+ return sss_nss_make_request_nochecks(cmd, rd, repbuf, replen, errnop);
+}
+
+int sss_pam_make_request(enum sss_cli_command cmd,
+ struct sss_cli_req_data *rd,
+ uint8_t **repbuf, size_t *replen,
+ int *errnop)
+{
+ int ret;
+ char *envval;
+ struct stat stat_buf;
+
+ /* avoid looping in the pam daemon */
+ envval = getenv("_SSS_LOOPS");
+ if (envval && strcmp(envval, "NO") == 0) {
+ return PAM_SERVICE_ERR;
+ }
+
+ /* only root shall use the privileged pipe */
+ if (getuid() == 0 && getgid() == 0) {
+ ret = stat(SSS_PAM_PRIV_SOCKET_NAME, &stat_buf);
+ if (ret != 0) return PAM_SERVICE_ERR;
+ if ( ! (stat_buf.st_uid == 0 &&
+ stat_buf.st_gid == 0 &&
+ (stat_buf.st_mode&(S_IFSOCK|S_IRUSR|S_IWUSR)) == stat_buf.st_mode)) {
+ return PAM_SERVICE_ERR;
+ }
+
+ ret = sss_cli_check_socket(errnop, SSS_PAM_PRIV_SOCKET_NAME);
+ } else {
+ ret = sss_cli_check_socket(errnop, SSS_PAM_SOCKET_NAME);
+ }
+ if (ret != NSS_STATUS_SUCCESS) {
+ return PAM_SERVICE_ERR;
+ }
+
+ return sss_nss_make_request_nochecks(cmd, rd, repbuf, replen, errnop);
+}
diff --git a/server/sss_client/conf_macros.m4 b/server/sss_client/conf_macros.m4
new file mode 100644
index 000000000..cff961bc8
--- /dev/null
+++ b/server/sss_client/conf_macros.m4
@@ -0,0 +1,52 @@
+AC_DEFUN([BUILD_WITH_AUX_INFO],
+ [ AC_ARG_WITH([aux-info],
+ [AC_HELP_STRING([--with-aux-info],
+ [Build with -aux-info output])])
+ ])
+AM_CONDITIONAL([WANT_AUX_INFO], [test x$with_aux_info = xyes])
+
+AC_DEFUN([WITH_PIPE_PATH],
+ [ AC_ARG_WITH([pipe-path],
+ [AC_HELP_STRING([--with-pipe-path=PATH],
+ [Where to store pipe files for the SSSD interconnects [/var/lib/sss/pipes]]
+ )
+ ]
+ )
+ config_pipepath="\"VARDIR\"/lib/sss/pipes"
+ pipepath="${localstatedir}/lib/sss/pipes"
+ if test x"$with_pipe_path" != x; then
+ config_pipepath=$with_pipe_path
+ pipepath=$with_pipe_path
+ fi
+ AC_SUBST(pipepath)
+ AC_DEFINE_UNQUOTED(PIPE_PATH, "$config_pipepath", [Where to store pipe files for the SSSD interconnects])
+ ])
+AC_DEFUN([WITH_MANPAGES],
+ [ AC_ARG_WITH([manpages],
+ [AC_HELP_STRING([--with-manpages],
+ [Whether to regenerate man pages from DocBook sources [yes]]
+ )
+ ],
+ [],
+ with_manpages=yes
+ )
+ if test x"$with_manpages" == xyes; then
+ HAVE_MANPAGES=1
+ AC_SUBST(HAVE_MANPAGES)
+ fi
+ ])
+AM_CONDITIONAL([BUILD_MANPAGES], [test x$with_manpages = xyes])
+
+AC_DEFUN([WITH_XML_CATALOG],
+ [ AC_ARG_WITH([xml-catalog-path],
+ [AC_HELP_STRING([--with-xml-catalog-path=PATH],
+ [Where to look for XML catalog [/etc/xml/catalog]]
+ )
+ ]
+ )
+ SGML_CATALOG_FILES="/etc/xml/catalog"
+ if test x"$with_xml_catalog_path" != x; then
+ SGML_CATALOG_FILES="$with_xml_catalog_path"
+ fi
+ AC_SUBST([SGML_CATALOG_FILES])
+ ])
diff --git a/server/sss_client/config.guess b/server/sss_client/config.guess
new file mode 100755
index 000000000..354dbe175
--- /dev/null
+++ b/server/sss_client/config.guess
@@ -0,0 +1,1464 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+
+timestamp='2005-08-03'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner <per@bothner.com>.
+# Please send patches to <config-patches@gnu.org>. Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub. If it succeeds, it prints the system name on stdout, and
+# exits with 0. Otherwise, it exits with 1.
+#
+# The plan is that this can be called by configure scripts if you
+# don't specify an explicit build system type.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help" >&2
+ exit 1 ;;
+ * )
+ break ;;
+ esac
+done
+
+if test $# != 0; then
+ echo "$me: too many arguments$help" >&2
+ exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,) echo "int x;" > $dummy.c ;
+ for c in cc gcc c89 c99 ; do
+ if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+ CC_FOR_BUILD="$c"; break ;
+ fi ;
+ done ;
+ if test x"$CC_FOR_BUILD" = x ; then
+ CC_FOR_BUILD=no_compiler_found ;
+ fi
+ ;;
+ ,,*) CC_FOR_BUILD=$CC ;;
+ ,*,*) CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+ PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+ *:NetBSD:*:*)
+ # NetBSD (nbsd) targets should (where applicable) match one or
+ # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+ # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
+ # switched to ELF, *-*-netbsd* would select the old
+ # object file format. This provides both forward
+ # compatibility and a consistent mechanism for selecting the
+ # object file format.
+ #
+ # Note: NetBSD doesn't particularly care about the vendor
+ # portion of the name. We always set it to "unknown".
+ sysctl="sysctl -n hw.machine_arch"
+ UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+ /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+ case "${UNAME_MACHINE_ARCH}" in
+ armeb) machine=armeb-unknown ;;
+ arm*) machine=arm-unknown ;;
+ sh3el) machine=shl-unknown ;;
+ sh3eb) machine=sh-unknown ;;
+ *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+ esac
+ # The Operating System including object format, if it has switched
+ # to ELF recently, or will in the future.
+ case "${UNAME_MACHINE_ARCH}" in
+ arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+ eval $set_cc_for_build
+ if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep __ELF__ >/dev/null
+ then
+ # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+ # Return netbsd for either. FIX?
+ os=netbsd
+ else
+ os=netbsdelf
+ fi
+ ;;
+ *)
+ os=netbsd
+ ;;
+ esac
+ # The OS release
+ # Debian GNU/NetBSD machines have a different userland, and
+ # thus, need a distinct triplet. However, they do not need
+ # kernel version information, so it can be replaced with a
+ # suitable tag, in the style of linux-gnu.
+ case "${UNAME_VERSION}" in
+ Debian*)
+ release='-gnu'
+ ;;
+ *)
+ release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+ ;;
+ esac
+ # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+ # contains redundant information, the shorter form:
+ # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+ echo "${machine}-${os}${release}"
+ exit ;;
+ *:OpenBSD:*:*)
+ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+ echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+ exit ;;
+ *:ekkoBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+ exit ;;
+ macppc:MirBSD:*:*)
+ echo powerppc-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ *:MirBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ alpha:OSF1:*:*)
+ case $UNAME_RELEASE in
+ *4.0)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+ ;;
+ *5.*)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+ ;;
+ esac
+ # According to Compaq, /usr/sbin/psrinfo has been available on
+ # OSF/1 and Tru64 systems produced since 1995. I hope that
+ # covers most systems running today. This code pipes the CPU
+ # types through head -n 1, so we only detect the type of CPU 0.
+ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+ case "$ALPHA_CPU_TYPE" in
+ "EV4 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "EV4.5 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "LCA4 (21066/21068)")
+ UNAME_MACHINE="alpha" ;;
+ "EV5 (21164)")
+ UNAME_MACHINE="alphaev5" ;;
+ "EV5.6 (21164A)")
+ UNAME_MACHINE="alphaev56" ;;
+ "EV5.6 (21164PC)")
+ UNAME_MACHINE="alphapca56" ;;
+ "EV5.7 (21164PC)")
+ UNAME_MACHINE="alphapca57" ;;
+ "EV6 (21264)")
+ UNAME_MACHINE="alphaev6" ;;
+ "EV6.7 (21264A)")
+ UNAME_MACHINE="alphaev67" ;;
+ "EV6.8CB (21264C)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8AL (21264B)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8CX (21264D)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.9A (21264/EV69A)")
+ UNAME_MACHINE="alphaev69" ;;
+ "EV7 (21364)")
+ UNAME_MACHINE="alphaev7" ;;
+ "EV7.9 (21364A)")
+ UNAME_MACHINE="alphaev79" ;;
+ esac
+ # A Pn.n version is a patched version.
+ # A Vn.n version is a released version.
+ # A Tn.n version is a released field test version.
+ # A Xn.n version is an unreleased experimental baselevel.
+ # 1.2 uses "1.2" for uname -r.
+ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ exit ;;
+ Alpha\ *:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # Should we change UNAME_MACHINE based on the output of uname instead
+ # of the specific Alpha model?
+ echo alpha-pc-interix
+ exit ;;
+ 21064:Windows_NT:50:3)
+ echo alpha-dec-winnt3.5
+ exit ;;
+ Amiga*:UNIX_System_V:4.0:*)
+ echo m68k-unknown-sysv4
+ exit ;;
+ *:[Aa]miga[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-amigaos
+ exit ;;
+ *:[Mm]orph[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-morphos
+ exit ;;
+ *:OS/390:*:*)
+ echo i370-ibm-openedition
+ exit ;;
+ *:z/VM:*:*)
+ echo s390-ibm-zvmoe
+ exit ;;
+ *:OS400:*:*)
+ echo powerpc-ibm-os400
+ exit ;;
+ arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+ echo arm-acorn-riscix${UNAME_RELEASE}
+ exit ;;
+ arm:riscos:*:*|arm:RISCOS:*:*)
+ echo arm-unknown-riscos
+ exit ;;
+ SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+ echo hppa1.1-hitachi-hiuxmpp
+ exit ;;
+ Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+ # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+ if test "`(/bin/universe) 2>/dev/null`" = att ; then
+ echo pyramid-pyramid-sysv3
+ else
+ echo pyramid-pyramid-bsd
+ fi
+ exit ;;
+ NILE*:*:*:dcosx)
+ echo pyramid-pyramid-svr4
+ exit ;;
+ DRS?6000:unix:4.0:6*)
+ echo sparc-icl-nx6
+ exit ;;
+ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+ case `/usr/bin/uname -p` in
+ sparc) echo sparc-icl-nx7; exit ;;
+ esac ;;
+ sun4H:SunOS:5.*:*)
+ echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+ echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ i86pc:SunOS:5.*:*)
+ echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:6*:*)
+ # According to config.sub, this is the proper way to canonicalize
+ # SunOS6. Hard to guess exactly what SunOS6 will be like, but
+ # it's likely to be more like Solaris than SunOS4.
+ echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:*:*)
+ case "`/usr/bin/arch -k`" in
+ Series*|S4*)
+ UNAME_RELEASE=`uname -v`
+ ;;
+ esac
+ # Japanese Language versions have a version number like `4.1.3-JL'.
+ echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+ exit ;;
+ sun3*:SunOS:*:*)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ exit ;;
+ sun*:*:4.2BSD:*)
+ UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+ test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+ case "`/bin/arch`" in
+ sun3)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ ;;
+ sun4)
+ echo sparc-sun-sunos${UNAME_RELEASE}
+ ;;
+ esac
+ exit ;;
+ aushp:SunOS:*:*)
+ echo sparc-auspex-sunos${UNAME_RELEASE}
+ exit ;;
+ # The situation for MiNT is a little confusing. The machine name
+ # can be virtually everything (everything which is not
+ # "atarist" or "atariste" at least should have a processor
+ # > m68000). The system name ranges from "MiNT" over "FreeMiNT"
+ # to the lowercase version "mint" (or "freemint"). Finally
+ # the system name "TOS" denotes a system which is actually not
+ # MiNT. But MiNT is downward compatible to TOS, so this should
+ # be no problem.
+ atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+ echo m68k-milan-mint${UNAME_RELEASE}
+ exit ;;
+ hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+ echo m68k-hades-mint${UNAME_RELEASE}
+ exit ;;
+ *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+ echo m68k-unknown-mint${UNAME_RELEASE}
+ exit ;;
+ m68k:machten:*:*)
+ echo m68k-apple-machten${UNAME_RELEASE}
+ exit ;;
+ powerpc:machten:*:*)
+ echo powerpc-apple-machten${UNAME_RELEASE}
+ exit ;;
+ RISC*:Mach:*:*)
+ echo mips-dec-mach_bsd4.3
+ exit ;;
+ RISC*:ULTRIX:*:*)
+ echo mips-dec-ultrix${UNAME_RELEASE}
+ exit ;;
+ VAX*:ULTRIX*:*:*)
+ echo vax-dec-ultrix${UNAME_RELEASE}
+ exit ;;
+ 2020:CLIX:*:* | 2430:CLIX:*:*)
+ echo clipper-intergraph-clix${UNAME_RELEASE}
+ exit ;;
+ mips:*:*:UMIPS | mips:*:*:RISCos)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h> /* for printf() prototype */
+ int main (int argc, char *argv[]) {
+#else
+ int main (argc, argv) int argc; char *argv[]; {
+#endif
+ #if defined (host_mips) && defined (MIPSEB)
+ #if defined (SYSTYPE_SYSV)
+ printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_SVR4)
+ printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+ printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+ #endif
+ #endif
+ exit (-1);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c &&
+ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+ SYSTEM_NAME=`$dummy $dummyarg` &&
+ { echo "$SYSTEM_NAME"; exit; }
+ echo mips-mips-riscos${UNAME_RELEASE}
+ exit ;;
+ Motorola:PowerMAX_OS:*:*)
+ echo powerpc-motorola-powermax
+ exit ;;
+ Motorola:*:4.3:PL8-*)
+ echo powerpc-harris-powermax
+ exit ;;
+ Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+ echo powerpc-harris-powermax
+ exit ;;
+ Night_Hawk:Power_UNIX:*:*)
+ echo powerpc-harris-powerunix
+ exit ;;
+ m88k:CX/UX:7*:*)
+ echo m88k-harris-cxux7
+ exit ;;
+ m88k:*:4*:R4*)
+ echo m88k-motorola-sysv4
+ exit ;;
+ m88k:*:3*:R3*)
+ echo m88k-motorola-sysv3
+ exit ;;
+ AViiON:dgux:*:*)
+ # DG/UX returns AViiON for all architectures
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
+ if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+ then
+ if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+ [ ${TARGET_BINARY_INTERFACE}x = x ]
+ then
+ echo m88k-dg-dgux${UNAME_RELEASE}
+ else
+ echo m88k-dg-dguxbcs${UNAME_RELEASE}
+ fi
+ else
+ echo i586-dg-dgux${UNAME_RELEASE}
+ fi
+ exit ;;
+ M88*:DolphinOS:*:*) # DolphinOS (SVR3)
+ echo m88k-dolphin-sysv3
+ exit ;;
+ M88*:*:R3*:*)
+ # Delta 88k system running SVR3
+ echo m88k-motorola-sysv3
+ exit ;;
+ XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+ echo m88k-tektronix-sysv3
+ exit ;;
+ Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+ echo m68k-tektronix-bsd
+ exit ;;
+ *:IRIX*:*:*)
+ echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+ exit ;;
+ ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
+ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
+ i*86:AIX:*:*)
+ echo i386-ibm-aix
+ exit ;;
+ ia64:AIX:*:*)
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+ exit ;;
+ *:AIX:2:3)
+ if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <sys/systemcfg.h>
+
+ main()
+ {
+ if (!__power_pc())
+ exit(1);
+ puts("powerpc-ibm-aix3.2.5");
+ exit(0);
+ }
+EOF
+ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+ then
+ echo "$SYSTEM_NAME"
+ else
+ echo rs6000-ibm-aix3.2.5
+ fi
+ elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+ echo rs6000-ibm-aix3.2.4
+ else
+ echo rs6000-ibm-aix3.2
+ fi
+ exit ;;
+ *:AIX:*:[45])
+ IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+ if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+ IBM_ARCH=rs6000
+ else
+ IBM_ARCH=powerpc
+ fi
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+ exit ;;
+ *:AIX:*:*)
+ echo rs6000-ibm-aix
+ exit ;;
+ ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+ echo romp-ibm-bsd4.4
+ exit ;;
+ ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
+ echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
+ exit ;; # report: romp-ibm BSD 4.3
+ *:BOSX:*:*)
+ echo rs6000-bull-bosx
+ exit ;;
+ DPX/2?00:B.O.S.:*:*)
+ echo m68k-bull-sysv3
+ exit ;;
+ 9000/[34]??:4.3bsd:1.*:*)
+ echo m68k-hp-bsd
+ exit ;;
+ hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+ echo m68k-hp-bsd4.4
+ exit ;;
+ 9000/[34678]??:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ case "${UNAME_MACHINE}" in
+ 9000/31? ) HP_ARCH=m68000 ;;
+ 9000/[34]?? ) HP_ARCH=m68k ;;
+ 9000/[678][0-9][0-9])
+ if [ -x /usr/bin/getconf ]; then
+ sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+ case "${sc_cpu_version}" in
+ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+ 532) # CPU_PA_RISC2_0
+ case "${sc_kernel_bits}" in
+ 32) HP_ARCH="hppa2.0n" ;;
+ 64) HP_ARCH="hppa2.0w" ;;
+ '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
+ esac ;;
+ esac
+ fi
+ if [ "${HP_ARCH}" = "" ]; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+
+ #define _HPUX_SOURCE
+ #include <stdlib.h>
+ #include <unistd.h>
+
+ int main ()
+ {
+ #if defined(_SC_KERNEL_BITS)
+ long bits = sysconf(_SC_KERNEL_BITS);
+ #endif
+ long cpu = sysconf (_SC_CPU_VERSION);
+
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+ case CPU_PA_RISC2_0:
+ #if defined(_SC_KERNEL_BITS)
+ switch (bits)
+ {
+ case 64: puts ("hppa2.0w"); break;
+ case 32: puts ("hppa2.0n"); break;
+ default: puts ("hppa2.0"); break;
+ } break;
+ #else /* !defined(_SC_KERNEL_BITS) */
+ puts ("hppa2.0"); break;
+ #endif
+ default: puts ("hppa1.0"); break;
+ }
+ exit (0);
+ }
+EOF
+ (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+ test -z "$HP_ARCH" && HP_ARCH=hppa
+ fi ;;
+ esac
+ if [ ${HP_ARCH} = "hppa2.0w" ]
+ then
+ eval $set_cc_for_build
+
+ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
+ # generating 64-bit code. GNU and HP use different nomenclature:
+ #
+ # $ CC_FOR_BUILD=cc ./config.guess
+ # => hppa2.0w-hp-hpux11.23
+ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+ # => hppa64-hp-hpux11.23
+
+ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+ grep __LP64__ >/dev/null
+ then
+ HP_ARCH="hppa2.0w"
+ else
+ HP_ARCH="hppa64"
+ fi
+ fi
+ echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+ exit ;;
+ ia64:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ echo ia64-hp-hpux${HPUX_REV}
+ exit ;;
+ 3050*:HI-UX:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <unistd.h>
+ int
+ main ()
+ {
+ long cpu = sysconf (_SC_CPU_VERSION);
+ /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+ true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
+ results, however. */
+ if (CPU_IS_PA_RISC (cpu))
+ {
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+ default: puts ("hppa-hitachi-hiuxwe2"); break;
+ }
+ }
+ else if (CPU_IS_HP_MC68K (cpu))
+ puts ("m68k-hitachi-hiuxwe2");
+ else puts ("unknown-hitachi-hiuxwe2");
+ exit (0);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
+ echo unknown-hitachi-hiuxwe2
+ exit ;;
+ 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+ echo hppa1.1-hp-bsd
+ exit ;;
+ 9000/8??:4.3bsd:*:*)
+ echo hppa1.0-hp-bsd
+ exit ;;
+ *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+ echo hppa1.0-hp-mpeix
+ exit ;;
+ hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+ echo hppa1.1-hp-osf
+ exit ;;
+ hp8??:OSF1:*:*)
+ echo hppa1.0-hp-osf
+ exit ;;
+ i*86:OSF1:*:*)
+ if [ -x /usr/sbin/sysversion ] ; then
+ echo ${UNAME_MACHINE}-unknown-osf1mk
+ else
+ echo ${UNAME_MACHINE}-unknown-osf1
+ fi
+ exit ;;
+ parisc*:Lites*:*:*)
+ echo hppa1.1-hp-lites
+ exit ;;
+ C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+ echo c1-convex-bsd
+ exit ;;
+ C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit ;;
+ C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+ echo c34-convex-bsd
+ exit ;;
+ C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+ echo c38-convex-bsd
+ exit ;;
+ C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+ echo c4-convex-bsd
+ exit ;;
+ CRAY*Y-MP:*:*:*)
+ echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*[A-Z]90:*:*:*)
+ echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+ -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*TS:*:*:*)
+ echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*T3E:*:*:*)
+ echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*SV1:*:*:*)
+ echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ *:UNICOS/mp:*:*)
+ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+ FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
+ 5000:UNIX_System_V:4.*:*)
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
+ i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+ echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+ exit ;;
+ sparc*:BSD/OS:*:*)
+ echo sparc-unknown-bsdi${UNAME_RELEASE}
+ exit ;;
+ *:BSD/OS:*:*)
+ echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+ exit ;;
+ *:FreeBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+ exit ;;
+ i*:CYGWIN*:*)
+ echo ${UNAME_MACHINE}-pc-cygwin
+ exit ;;
+ i*:MINGW*:*)
+ echo ${UNAME_MACHINE}-pc-mingw32
+ exit ;;
+ i*:windows32*:*)
+ # uname -m includes "-pc" on this system.
+ echo ${UNAME_MACHINE}-mingw32
+ exit ;;
+ i*:PW*:*)
+ echo ${UNAME_MACHINE}-pc-pw32
+ exit ;;
+ x86:Interix*:[34]*)
+ echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
+ exit ;;
+ [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+ echo i${UNAME_MACHINE}-pc-mks
+ exit ;;
+ i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+ # UNAME_MACHINE based on the output of uname instead of i386?
+ echo i586-pc-interix
+ exit ;;
+ i*:UWIN*:*)
+ echo ${UNAME_MACHINE}-pc-uwin
+ exit ;;
+ amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+ echo x86_64-unknown-cygwin
+ exit ;;
+ p*:CYGWIN*:*)
+ echo powerpcle-unknown-cygwin
+ exit ;;
+ prep*:SunOS:5.*:*)
+ echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ *:GNU:*:*)
+ # the GNU system
+ echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+ exit ;;
+ *:GNU/*:*:*)
+ # other systems with GNU libc and userland
+ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+ exit ;;
+ i*86:Minix:*:*)
+ echo ${UNAME_MACHINE}-pc-minix
+ exit ;;
+ arm*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ cris:Linux:*:*)
+ echo cris-axis-linux-gnu
+ exit ;;
+ crisv32:Linux:*:*)
+ echo crisv32-axis-linux-gnu
+ exit ;;
+ frv:Linux:*:*)
+ echo frv-unknown-linux-gnu
+ exit ;;
+ ia64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ m32r*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ m68*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ mips:Linux:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #undef CPU
+ #undef mips
+ #undef mipsel
+ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+ CPU=mipsel
+ #else
+ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+ CPU=mips
+ #else
+ CPU=
+ #endif
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+ ;;
+ mips64:Linux:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #undef CPU
+ #undef mips64
+ #undef mips64el
+ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+ CPU=mips64el
+ #else
+ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+ CPU=mips64
+ #else
+ CPU=
+ #endif
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+ ;;
+ or32:Linux:*:*)
+ echo or32-unknown-linux-gnu
+ exit ;;
+ ppc:Linux:*:*)
+ echo powerpc-unknown-linux-gnu
+ exit ;;
+ ppc64:Linux:*:*)
+ echo powerpc64-unknown-linux-gnu
+ exit ;;
+ alpha:Linux:*:*)
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ EV5) UNAME_MACHINE=alphaev5 ;;
+ EV56) UNAME_MACHINE=alphaev56 ;;
+ PCA56) UNAME_MACHINE=alphapca56 ;;
+ PCA57) UNAME_MACHINE=alphapca56 ;;
+ EV6) UNAME_MACHINE=alphaev6 ;;
+ EV67) UNAME_MACHINE=alphaev67 ;;
+ EV68*) UNAME_MACHINE=alphaev68 ;;
+ esac
+ objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+ echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+ exit ;;
+ parisc:Linux:*:* | hppa:Linux:*:*)
+ # Look for CPU level
+ case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+ PA7*) echo hppa1.1-unknown-linux-gnu ;;
+ PA8*) echo hppa2.0-unknown-linux-gnu ;;
+ *) echo hppa-unknown-linux-gnu ;;
+ esac
+ exit ;;
+ parisc64:Linux:*:* | hppa64:Linux:*:*)
+ echo hppa64-unknown-linux-gnu
+ exit ;;
+ s390:Linux:*:* | s390x:Linux:*:*)
+ echo ${UNAME_MACHINE}-ibm-linux
+ exit ;;
+ sh64*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ sh*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ sparc:Linux:*:* | sparc64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ x86_64:Linux:*:*)
+ echo x86_64-unknown-linux-gnu
+ exit ;;
+ i*86:Linux:*:*)
+ # The BFD linker knows what the default object file format is, so
+ # first see if it will tell us. cd to the root directory to prevent
+ # problems with other programs or directories called `ld' in the path.
+ # Set LC_ALL=C to ensure ld outputs messages in English.
+ ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+ | sed -ne '/supported targets:/!d
+ s/[ ][ ]*/ /g
+ s/.*supported targets: *//
+ s/ .*//
+ p'`
+ case "$ld_supported_targets" in
+ elf32-i386)
+ TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
+ ;;
+ a.out-i386-linux)
+ echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+ exit ;;
+ coff-i386)
+ echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+ exit ;;
+ "")
+ # Either a pre-BFD a.out linker (linux-gnuoldld) or
+ # one that does not give us useful --help.
+ echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+ exit ;;
+ esac
+ # Determine whether the default compiler is a.out or elf
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <features.h>
+ #ifdef __ELF__
+ # ifdef __GLIBC__
+ # if __GLIBC__ >= 2
+ LIBC=gnu
+ # else
+ LIBC=gnulibc1
+ # endif
+ # else
+ LIBC=gnulibc1
+ # endif
+ #else
+ #ifdef __INTEL_COMPILER
+ LIBC=gnu
+ #else
+ LIBC=gnuaout
+ #endif
+ #endif
+ #ifdef __dietlibc__
+ LIBC=dietlibc
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
+ test x"${LIBC}" != x && {
+ echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+ exit
+ }
+ test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+ ;;
+ i*86:DYNIX/ptx:4*:*)
+ # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+ # earlier versions are messed up and put the nodename in both
+ # sysname and nodename.
+ echo i386-sequent-sysv4
+ exit ;;
+ i*86:UNIX_SV:4.2MP:2.*)
+ # Unixware is an offshoot of SVR4, but it has its own version
+ # number series starting with 2...
+ # I am not positive that other SVR4 systems won't match this,
+ # I just have to hope. -- rms.
+ # Use sysv4.2uw... so that sysv4* matches it.
+ echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+ exit ;;
+ i*86:OS/2:*:*)
+ # If we were able to find `uname', then EMX Unix compatibility
+ # is probably installed.
+ echo ${UNAME_MACHINE}-pc-os2-emx
+ exit ;;
+ i*86:XTS-300:*:STOP)
+ echo ${UNAME_MACHINE}-unknown-stop
+ exit ;;
+ i*86:atheos:*:*)
+ echo ${UNAME_MACHINE}-unknown-atheos
+ exit ;;
+ i*86:syllable:*:*)
+ echo ${UNAME_MACHINE}-pc-syllable
+ exit ;;
+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+ echo i386-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ i*86:*DOS:*:*)
+ echo ${UNAME_MACHINE}-pc-msdosdjgpp
+ exit ;;
+ i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+ UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+ if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+ echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+ else
+ echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+ fi
+ exit ;;
+ i*86:*:5:[678]*)
+ # UnixWare 7.x, OpenUNIX and OpenServer 6.
+ case `/bin/uname -X | grep "^Machine"` in
+ *486*) UNAME_MACHINE=i486 ;;
+ *Pentium) UNAME_MACHINE=i586 ;;
+ *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+ esac
+ echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+ exit ;;
+ i*86:*:3.2:*)
+ if test -f /usr/options/cb.name; then
+ UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+ echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+ elif /bin/uname -X 2>/dev/null >/dev/null ; then
+ UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+ (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+ (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+ && UNAME_MACHINE=i586
+ (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+ && UNAME_MACHINE=i686
+ (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+ && UNAME_MACHINE=i686
+ echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+ else
+ echo ${UNAME_MACHINE}-pc-sysv32
+ fi
+ exit ;;
+ pc:*:*:*)
+ # Left here for compatibility:
+ # uname -m prints for DJGPP always 'pc', but it prints nothing about
+ # the processor, so we play safe by assuming i386.
+ echo i386-pc-msdosdjgpp
+ exit ;;
+ Intel:Mach:3*:*)
+ echo i386-pc-mach3
+ exit ;;
+ paragon:*:*:*)
+ echo i860-intel-osf1
+ exit ;;
+ i860:*:4.*:*) # i860-SVR4
+ if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+ echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+ else # Add other i860-SVR4 vendors below as they are discovered.
+ echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
+ fi
+ exit ;;
+ mini*:CTIX:SYS*5:*)
+ # "miniframe"
+ echo m68010-convergent-sysv
+ exit ;;
+ mc68k:UNIX:SYSTEM5:3.51m)
+ echo m68k-convergent-sysv
+ exit ;;
+ M680?0:D-NIX:5.3:*)
+ echo m68k-diab-dnix
+ exit ;;
+ M68*:*:R3V[5678]*:*)
+ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+ 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+ OS_REL=''
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4; exit; } ;;
+ m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+ echo m68k-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ mc68030:UNIX_System_V:4.*:*)
+ echo m68k-atari-sysv4
+ exit ;;
+ TSUNAMI:LynxOS:2.*:*)
+ echo sparc-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ rs6000:LynxOS:2.*:*)
+ echo rs6000-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+ echo powerpc-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ SM[BE]S:UNIX_SV:*:*)
+ echo mips-dde-sysv${UNAME_RELEASE}
+ exit ;;
+ RM*:ReliantUNIX-*:*:*)
+ echo mips-sni-sysv4
+ exit ;;
+ RM*:SINIX-*:*:*)
+ echo mips-sni-sysv4
+ exit ;;
+ *:SINIX-*:*:*)
+ if uname -p 2>/dev/null >/dev/null ; then
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ echo ${UNAME_MACHINE}-sni-sysv4
+ else
+ echo ns32k-sni-sysv
+ fi
+ exit ;;
+ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+ # says <Richard.M.Bartel@ccMail.Census.GOV>
+ echo i586-unisys-sysv4
+ exit ;;
+ *:UNIX_System_V:4*:FTX*)
+ # From Gerald Hewes <hewes@openmarket.com>.
+ # How about differentiating between stratus architectures? -djm
+ echo hppa1.1-stratus-sysv4
+ exit ;;
+ *:*:*:FTX*)
+ # From seanf@swdc.stratus.com.
+ echo i860-stratus-sysv4
+ exit ;;
+ i*86:VOS:*:*)
+ # From Paul.Green@stratus.com.
+ echo ${UNAME_MACHINE}-stratus-vos
+ exit ;;
+ *:VOS:*:*)
+ # From Paul.Green@stratus.com.
+ echo hppa1.1-stratus-vos
+ exit ;;
+ mc68*:A/UX:*:*)
+ echo m68k-apple-aux${UNAME_RELEASE}
+ exit ;;
+ news*:NEWS-OS:6*:*)
+ echo mips-sony-newsos6
+ exit ;;
+ R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+ if [ -d /usr/nec ]; then
+ echo mips-nec-sysv${UNAME_RELEASE}
+ else
+ echo mips-unknown-sysv${UNAME_RELEASE}
+ fi
+ exit ;;
+ BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
+ echo powerpc-be-beos
+ exit ;;
+ BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
+ echo powerpc-apple-beos
+ exit ;;
+ BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
+ echo i586-pc-beos
+ exit ;;
+ SX-4:SUPER-UX:*:*)
+ echo sx4-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-5:SUPER-UX:*:*)
+ echo sx5-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-6:SUPER-UX:*:*)
+ echo sx6-nec-superux${UNAME_RELEASE}
+ exit ;;
+ Power*:Rhapsody:*:*)
+ echo powerpc-apple-rhapsody${UNAME_RELEASE}
+ exit ;;
+ *:Rhapsody:*:*)
+ echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+ exit ;;
+ *:Darwin:*:*)
+ UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+ case $UNAME_PROCESSOR in
+ *86) UNAME_PROCESSOR=i686 ;;
+ unknown) UNAME_PROCESSOR=powerpc ;;
+ esac
+ echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+ exit ;;
+ *:procnto*:*:* | *:QNX:[0123456789]*:*)
+ UNAME_PROCESSOR=`uname -p`
+ if test "$UNAME_PROCESSOR" = "x86"; then
+ UNAME_PROCESSOR=i386
+ UNAME_MACHINE=pc
+ fi
+ echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+ exit ;;
+ *:QNX:*:4*)
+ echo i386-pc-qnx
+ exit ;;
+ NSE-?:NONSTOP_KERNEL:*:*)
+ echo nse-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ NSR-?:NONSTOP_KERNEL:*:*)
+ echo nsr-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ *:NonStop-UX:*:*)
+ echo mips-compaq-nonstopux
+ exit ;;
+ BS2000:POSIX*:*:*)
+ echo bs2000-siemens-sysv
+ exit ;;
+ DS/*:UNIX_System_V:*:*)
+ echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+ exit ;;
+ *:Plan9:*:*)
+ # "uname -m" is not consistent, so use $cputype instead. 386
+ # is converted to i386 for consistency with other x86
+ # operating systems.
+ if test "$cputype" = "386"; then
+ UNAME_MACHINE=i386
+ else
+ UNAME_MACHINE="$cputype"
+ fi
+ echo ${UNAME_MACHINE}-unknown-plan9
+ exit ;;
+ *:TOPS-10:*:*)
+ echo pdp10-unknown-tops10
+ exit ;;
+ *:TENEX:*:*)
+ echo pdp10-unknown-tenex
+ exit ;;
+ KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+ echo pdp10-dec-tops20
+ exit ;;
+ XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+ echo pdp10-xkl-tops20
+ exit ;;
+ *:TOPS-20:*:*)
+ echo pdp10-unknown-tops20
+ exit ;;
+ *:ITS:*:*)
+ echo pdp10-unknown-its
+ exit ;;
+ SEI:*:*:SEIUX)
+ echo mips-sei-seiux${UNAME_RELEASE}
+ exit ;;
+ *:DragonFly:*:*)
+ echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+ exit ;;
+ *:*VMS:*:*)
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ case "${UNAME_MACHINE}" in
+ A*) echo alpha-dec-vms ; exit ;;
+ I*) echo ia64-dec-vms ; exit ;;
+ V*) echo vax-dec-vms ; exit ;;
+ esac ;;
+ *:XENIX:*:SysV)
+ echo i386-pc-xenix
+ exit ;;
+ i*86:skyos:*:*)
+ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+ exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+ /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
+ I don't know.... */
+ printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+ printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+ "4"
+#else
+ ""
+#endif
+ ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+ printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+ printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+ int version;
+ version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+ if (version < 4)
+ printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+ else
+ printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+ exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+ printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+ printf ("ns32k-encore-mach\n"); exit (0);
+#else
+ printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+ printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+ printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+ printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+ struct utsname un;
+
+ uname(&un);
+
+ if (strncmp(un.version, "V2", 2) == 0) {
+ printf ("i386-sequent-ptx2\n"); exit (0);
+ }
+ if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+ printf ("i386-sequent-ptx1\n"); exit (0);
+ }
+ printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+# include <sys/param.h>
+# if defined (BSD)
+# if BSD == 43
+ printf ("vax-dec-bsd4.3\n"); exit (0);
+# else
+# if BSD == 199006
+ printf ("vax-dec-bsd4.3reno\n"); exit (0);
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# endif
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# else
+ printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+ printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+ exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+ case `getsysinfo -f cpu_type` in
+ c1*)
+ echo c1-convex-bsd
+ exit ;;
+ c2*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit ;;
+ c34*)
+ echo c34-convex-bsd
+ exit ;;
+ c38*)
+ echo c38-convex-bsd
+ exit ;;
+ c4*)
+ echo c4-convex-bsd
+ exit ;;
+ esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+ http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+ http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo = `(hostinfo) 2>/dev/null`
+/bin/universe = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/server/sss_client/config.sub b/server/sss_client/config.sub
new file mode 100755
index 000000000..23cd6fd75
--- /dev/null
+++ b/server/sss_client/config.sub
@@ -0,0 +1,1577 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+
+timestamp='2005-07-08'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine. It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches@gnu.org>. Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support. The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+ $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help"
+ exit 1 ;;
+
+ *local*)
+ # First pass through any local machine types.
+ echo $1
+ exit ;;
+
+ * )
+ break ;;
+ esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+ exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+ exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+ nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \
+ kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
+ os=-$maybe_os
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+ ;;
+ *)
+ basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+ if [ $basic_machine != $1 ]
+ then os=`echo $1 | sed 's/.*-/-/'`
+ else os=; fi
+ ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work. We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+ -sun*os*)
+ # Prevent following clause from handling this invalid input.
+ ;;
+ -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+ -apple | -axis | -knuth | -cray)
+ os=
+ basic_machine=$1
+ ;;
+ -sim | -cisco | -oki | -wec | -winbond)
+ os=
+ basic_machine=$1
+ ;;
+ -scout)
+ ;;
+ -wrs)
+ os=-vxworks
+ basic_machine=$1
+ ;;
+ -chorusos*)
+ os=-chorusos
+ basic_machine=$1
+ ;;
+ -chorusrdb)
+ os=-chorusrdb
+ basic_machine=$1
+ ;;
+ -hiux*)
+ os=-hiuxwe2
+ ;;
+ -sco5)
+ os=-sco3.2v5
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco4)
+ os=-sco3.2v4
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2.[4-9]*)
+ os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2v[4-9]*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco*)
+ os=-sco3.2v2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -udk*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -isc)
+ os=-isc2.2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -clix*)
+ basic_machine=clipper-intergraph
+ ;;
+ -isc*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -lynx*)
+ os=-lynxos
+ ;;
+ -ptx*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+ ;;
+ -windowsnt*)
+ os=`echo $os | sed -e 's/windowsnt/winnt/'`
+ ;;
+ -psos*)
+ os=-psos
+ ;;
+ -mint | -mint[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+ # Recognize the basic CPU types without company name.
+ # Some are omitted here because they have special meanings below.
+ 1750a | 580 \
+ | a29k \
+ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+ | am33_2.0 \
+ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
+ | bfin \
+ | c4x | clipper \
+ | d10v | d30v | dlx | dsp16xx \
+ | fr30 | frv \
+ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+ | i370 | i860 | i960 | ia64 \
+ | ip2k | iq2000 \
+ | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \
+ | mips | mipsbe | mipseb | mipsel | mipsle \
+ | mips16 \
+ | mips64 | mips64el \
+ | mips64vr | mips64vrel \
+ | mips64orion | mips64orionel \
+ | mips64vr4100 | mips64vr4100el \
+ | mips64vr4300 | mips64vr4300el \
+ | mips64vr5000 | mips64vr5000el \
+ | mips64vr5900 | mips64vr5900el \
+ | mipsisa32 | mipsisa32el \
+ | mipsisa32r2 | mipsisa32r2el \
+ | mipsisa64 | mipsisa64el \
+ | mipsisa64r2 | mipsisa64r2el \
+ | mipsisa64sb1 | mipsisa64sb1el \
+ | mipsisa64sr71k | mipsisa64sr71kel \
+ | mipstx39 | mipstx39el \
+ | mn10200 | mn10300 \
+ | ms1 \
+ | msp430 \
+ | ns16k | ns32k \
+ | or32 \
+ | pdp10 | pdp11 | pj | pjl \
+ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+ | pyramid \
+ | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
+ | sh64 | sh64le \
+ | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \
+ | sparcv8 | sparcv9 | sparcv9b \
+ | strongarm \
+ | tahoe | thumb | tic4x | tic80 | tron \
+ | v850 | v850e \
+ | we32k \
+ | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \
+ | z8k)
+ basic_machine=$basic_machine-unknown
+ ;;
+ m32c)
+ basic_machine=$basic_machine-unknown
+ ;;
+ m6811 | m68hc11 | m6812 | m68hc12)
+ # Motorola 68HC11/12.
+ basic_machine=$basic_machine-unknown
+ os=-none
+ ;;
+ m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+ ;;
+
+ # We use `pc' rather than `unknown'
+ # because (1) that's what they normally are, and
+ # (2) the word "unknown" tends to confuse beginning users.
+ i*86 | x86_64)
+ basic_machine=$basic_machine-pc
+ ;;
+ # Object if more than one company name word.
+ *-*-*)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+ # Recognize the basic CPU types with company name.
+ 580-* \
+ | a29k-* \
+ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
+ | avr-* \
+ | bfin-* | bs2000-* \
+ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+ | clipper-* | craynv-* | cydra-* \
+ | d10v-* | d30v-* | dlx-* \
+ | elxsi-* \
+ | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
+ | h8300-* | h8500-* \
+ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+ | i*86-* | i860-* | i960-* | ia64-* \
+ | ip2k-* | iq2000-* \
+ | m32r-* | m32rle-* \
+ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* \
+ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+ | mips16-* \
+ | mips64-* | mips64el-* \
+ | mips64vr-* | mips64vrel-* \
+ | mips64orion-* | mips64orionel-* \
+ | mips64vr4100-* | mips64vr4100el-* \
+ | mips64vr4300-* | mips64vr4300el-* \
+ | mips64vr5000-* | mips64vr5000el-* \
+ | mips64vr5900-* | mips64vr5900el-* \
+ | mipsisa32-* | mipsisa32el-* \
+ | mipsisa32r2-* | mipsisa32r2el-* \
+ | mipsisa64-* | mipsisa64el-* \
+ | mipsisa64r2-* | mipsisa64r2el-* \
+ | mipsisa64sb1-* | mipsisa64sb1el-* \
+ | mipsisa64sr71k-* | mipsisa64sr71kel-* \
+ | mipstx39-* | mipstx39el-* \
+ | mmix-* \
+ | ms1-* \
+ | msp430-* \
+ | none-* | np1-* | ns16k-* | ns32k-* \
+ | orion-* \
+ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+ | pyramid-* \
+ | romp-* | rs6000-* \
+ | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \
+ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+ | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \
+ | sparclite-* \
+ | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
+ | tahoe-* | thumb-* \
+ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+ | tron-* \
+ | v850-* | v850e-* | vax-* \
+ | we32k-* \
+ | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \
+ | xstormy16-* | xtensa-* \
+ | ymp-* \
+ | z8k-*)
+ ;;
+ m32c-*)
+ ;;
+ # Recognize the various machine names and aliases which stand
+ # for a CPU type and a company and sometimes even an OS.
+ 386bsd)
+ basic_machine=i386-unknown
+ os=-bsd
+ ;;
+ 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+ basic_machine=m68000-att
+ ;;
+ 3b*)
+ basic_machine=we32k-att
+ ;;
+ a29khif)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ abacus)
+ basic_machine=abacus-unknown
+ ;;
+ adobe68k)
+ basic_machine=m68010-adobe
+ os=-scout
+ ;;
+ alliant | fx80)
+ basic_machine=fx80-alliant
+ ;;
+ altos | altos3068)
+ basic_machine=m68k-altos
+ ;;
+ am29k)
+ basic_machine=a29k-none
+ os=-bsd
+ ;;
+ amd64)
+ basic_machine=x86_64-pc
+ ;;
+ amd64-*)
+ basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ amdahl)
+ basic_machine=580-amdahl
+ os=-sysv
+ ;;
+ amiga | amiga-*)
+ basic_machine=m68k-unknown
+ ;;
+ amigaos | amigados)
+ basic_machine=m68k-unknown
+ os=-amigaos
+ ;;
+ amigaunix | amix)
+ basic_machine=m68k-unknown
+ os=-sysv4
+ ;;
+ apollo68)
+ basic_machine=m68k-apollo
+ os=-sysv
+ ;;
+ apollo68bsd)
+ basic_machine=m68k-apollo
+ os=-bsd
+ ;;
+ aux)
+ basic_machine=m68k-apple
+ os=-aux
+ ;;
+ balance)
+ basic_machine=ns32k-sequent
+ os=-dynix
+ ;;
+ c90)
+ basic_machine=c90-cray
+ os=-unicos
+ ;;
+ convex-c1)
+ basic_machine=c1-convex
+ os=-bsd
+ ;;
+ convex-c2)
+ basic_machine=c2-convex
+ os=-bsd
+ ;;
+ convex-c32)
+ basic_machine=c32-convex
+ os=-bsd
+ ;;
+ convex-c34)
+ basic_machine=c34-convex
+ os=-bsd
+ ;;
+ convex-c38)
+ basic_machine=c38-convex
+ os=-bsd
+ ;;
+ cray | j90)
+ basic_machine=j90-cray
+ os=-unicos
+ ;;
+ craynv)
+ basic_machine=craynv-cray
+ os=-unicosmp
+ ;;
+ cr16c)
+ basic_machine=cr16c-unknown
+ os=-elf
+ ;;
+ crds | unos)
+ basic_machine=m68k-crds
+ ;;
+ crisv32 | crisv32-* | etraxfs*)
+ basic_machine=crisv32-axis
+ ;;
+ cris | cris-* | etrax*)
+ basic_machine=cris-axis
+ ;;
+ crx)
+ basic_machine=crx-unknown
+ os=-elf
+ ;;
+ da30 | da30-*)
+ basic_machine=m68k-da30
+ ;;
+ decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+ basic_machine=mips-dec
+ ;;
+ decsystem10* | dec10*)
+ basic_machine=pdp10-dec
+ os=-tops10
+ ;;
+ decsystem20* | dec20*)
+ basic_machine=pdp10-dec
+ os=-tops20
+ ;;
+ delta | 3300 | motorola-3300 | motorola-delta \
+ | 3300-motorola | delta-motorola)
+ basic_machine=m68k-motorola
+ ;;
+ delta88)
+ basic_machine=m88k-motorola
+ os=-sysv3
+ ;;
+ djgpp)
+ basic_machine=i586-pc
+ os=-msdosdjgpp
+ ;;
+ dpx20 | dpx20-*)
+ basic_machine=rs6000-bull
+ os=-bosx
+ ;;
+ dpx2* | dpx2*-bull)
+ basic_machine=m68k-bull
+ os=-sysv3
+ ;;
+ ebmon29k)
+ basic_machine=a29k-amd
+ os=-ebmon
+ ;;
+ elxsi)
+ basic_machine=elxsi-elxsi
+ os=-bsd
+ ;;
+ encore | umax | mmax)
+ basic_machine=ns32k-encore
+ ;;
+ es1800 | OSE68k | ose68k | ose | OSE)
+ basic_machine=m68k-ericsson
+ os=-ose
+ ;;
+ fx2800)
+ basic_machine=i860-alliant
+ ;;
+ genix)
+ basic_machine=ns32k-ns
+ ;;
+ gmicro)
+ basic_machine=tron-gmicro
+ os=-sysv
+ ;;
+ go32)
+ basic_machine=i386-pc
+ os=-go32
+ ;;
+ h3050r* | hiux*)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ h8300hms)
+ basic_machine=h8300-hitachi
+ os=-hms
+ ;;
+ h8300xray)
+ basic_machine=h8300-hitachi
+ os=-xray
+ ;;
+ h8500hms)
+ basic_machine=h8500-hitachi
+ os=-hms
+ ;;
+ harris)
+ basic_machine=m88k-harris
+ os=-sysv3
+ ;;
+ hp300-*)
+ basic_machine=m68k-hp
+ ;;
+ hp300bsd)
+ basic_machine=m68k-hp
+ os=-bsd
+ ;;
+ hp300hpux)
+ basic_machine=m68k-hp
+ os=-hpux
+ ;;
+ hp3k9[0-9][0-9] | hp9[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k2[0-9][0-9] | hp9k31[0-9])
+ basic_machine=m68000-hp
+ ;;
+ hp9k3[2-9][0-9])
+ basic_machine=m68k-hp
+ ;;
+ hp9k6[0-9][0-9] | hp6[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k7[0-79][0-9] | hp7[0-79][0-9])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k78[0-9] | hp78[0-9])
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][13679] | hp8[0-9][13679])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][0-9] | hp8[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hppa-next)
+ os=-nextstep3
+ ;;
+ hppaosf)
+ basic_machine=hppa1.1-hp
+ os=-osf
+ ;;
+ hppro)
+ basic_machine=hppa1.1-hp
+ os=-proelf
+ ;;
+ i370-ibm* | ibm*)
+ basic_machine=i370-ibm
+ ;;
+# I'm not sure what "Sysv32" means. Should this be sysv3.2?
+ i*86v32)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv32
+ ;;
+ i*86v4*)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv4
+ ;;
+ i*86v)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv
+ ;;
+ i*86sol2)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-solaris2
+ ;;
+ i386mach)
+ basic_machine=i386-mach
+ os=-mach
+ ;;
+ i386-vsta | vsta)
+ basic_machine=i386-unknown
+ os=-vsta
+ ;;
+ iris | iris4d)
+ basic_machine=mips-sgi
+ case $os in
+ -irix*)
+ ;;
+ *)
+ os=-irix4
+ ;;
+ esac
+ ;;
+ isi68 | isi)
+ basic_machine=m68k-isi
+ os=-sysv
+ ;;
+ m88k-omron*)
+ basic_machine=m88k-omron
+ ;;
+ magnum | m3230)
+ basic_machine=mips-mips
+ os=-sysv
+ ;;
+ merlin)
+ basic_machine=ns32k-utek
+ os=-sysv
+ ;;
+ mingw32)
+ basic_machine=i386-pc
+ os=-mingw32
+ ;;
+ miniframe)
+ basic_machine=m68000-convergent
+ ;;
+ *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+ mips3*-*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+ ;;
+ mips3*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+ ;;
+ monitor)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ morphos)
+ basic_machine=powerpc-unknown
+ os=-morphos
+ ;;
+ msdos)
+ basic_machine=i386-pc
+ os=-msdos
+ ;;
+ mvs)
+ basic_machine=i370-ibm
+ os=-mvs
+ ;;
+ ncr3000)
+ basic_machine=i486-ncr
+ os=-sysv4
+ ;;
+ netbsd386)
+ basic_machine=i386-unknown
+ os=-netbsd
+ ;;
+ netwinder)
+ basic_machine=armv4l-rebel
+ os=-linux
+ ;;
+ news | news700 | news800 | news900)
+ basic_machine=m68k-sony
+ os=-newsos
+ ;;
+ news1000)
+ basic_machine=m68030-sony
+ os=-newsos
+ ;;
+ news-3600 | risc-news)
+ basic_machine=mips-sony
+ os=-newsos
+ ;;
+ necv70)
+ basic_machine=v70-nec
+ os=-sysv
+ ;;
+ next | m*-next )
+ basic_machine=m68k-next
+ case $os in
+ -nextstep* )
+ ;;
+ -ns2*)
+ os=-nextstep2
+ ;;
+ *)
+ os=-nextstep3
+ ;;
+ esac
+ ;;
+ nh3000)
+ basic_machine=m68k-harris
+ os=-cxux
+ ;;
+ nh[45]000)
+ basic_machine=m88k-harris
+ os=-cxux
+ ;;
+ nindy960)
+ basic_machine=i960-intel
+ os=-nindy
+ ;;
+ mon960)
+ basic_machine=i960-intel
+ os=-mon960
+ ;;
+ nonstopux)
+ basic_machine=mips-compaq
+ os=-nonstopux
+ ;;
+ np1)
+ basic_machine=np1-gould
+ ;;
+ nsr-tandem)
+ basic_machine=nsr-tandem
+ ;;
+ op50n-* | op60c-*)
+ basic_machine=hppa1.1-oki
+ os=-proelf
+ ;;
+ openrisc | openrisc-*)
+ basic_machine=or32-unknown
+ ;;
+ os400)
+ basic_machine=powerpc-ibm
+ os=-os400
+ ;;
+ OSE68000 | ose68000)
+ basic_machine=m68000-ericsson
+ os=-ose
+ ;;
+ os68k)
+ basic_machine=m68k-none
+ os=-os68k
+ ;;
+ pa-hitachi)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ paragon)
+ basic_machine=i860-intel
+ os=-osf
+ ;;
+ pbd)
+ basic_machine=sparc-tti
+ ;;
+ pbb)
+ basic_machine=m68k-tti
+ ;;
+ pc532 | pc532-*)
+ basic_machine=ns32k-pc532
+ ;;
+ pentium | p5 | k5 | k6 | nexgen | viac3)
+ basic_machine=i586-pc
+ ;;
+ pentiumpro | p6 | 6x86 | athlon | athlon_*)
+ basic_machine=i686-pc
+ ;;
+ pentiumii | pentium2 | pentiumiii | pentium3)
+ basic_machine=i686-pc
+ ;;
+ pentium4)
+ basic_machine=i786-pc
+ ;;
+ pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+ basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumpro-* | p6-* | 6x86-* | athlon-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium4-*)
+ basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pn)
+ basic_machine=pn-gould
+ ;;
+ power) basic_machine=power-ibm
+ ;;
+ ppc) basic_machine=powerpc-unknown
+ ;;
+ ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppcle | powerpclittle | ppc-le | powerpc-little)
+ basic_machine=powerpcle-unknown
+ ;;
+ ppcle-* | powerpclittle-*)
+ basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64) basic_machine=powerpc64-unknown
+ ;;
+ ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+ basic_machine=powerpc64le-unknown
+ ;;
+ ppc64le-* | powerpc64little-*)
+ basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ps2)
+ basic_machine=i386-ibm
+ ;;
+ pw32)
+ basic_machine=i586-unknown
+ os=-pw32
+ ;;
+ rom68k)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ rm[46]00)
+ basic_machine=mips-siemens
+ ;;
+ rtpc | rtpc-*)
+ basic_machine=romp-ibm
+ ;;
+ s390 | s390-*)
+ basic_machine=s390-ibm
+ ;;
+ s390x | s390x-*)
+ basic_machine=s390x-ibm
+ ;;
+ sa29200)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ sb1)
+ basic_machine=mipsisa64sb1-unknown
+ ;;
+ sb1el)
+ basic_machine=mipsisa64sb1el-unknown
+ ;;
+ sei)
+ basic_machine=mips-sei
+ os=-seiux
+ ;;
+ sequent)
+ basic_machine=i386-sequent
+ ;;
+ sh)
+ basic_machine=sh-hitachi
+ os=-hms
+ ;;
+ sh64)
+ basic_machine=sh64-unknown
+ ;;
+ sparclite-wrs | simso-wrs)
+ basic_machine=sparclite-wrs
+ os=-vxworks
+ ;;
+ sps7)
+ basic_machine=m68k-bull
+ os=-sysv2
+ ;;
+ spur)
+ basic_machine=spur-unknown
+ ;;
+ st2000)
+ basic_machine=m68k-tandem
+ ;;
+ stratus)
+ basic_machine=i860-stratus
+ os=-sysv4
+ ;;
+ sun2)
+ basic_machine=m68000-sun
+ ;;
+ sun2os3)
+ basic_machine=m68000-sun
+ os=-sunos3
+ ;;
+ sun2os4)
+ basic_machine=m68000-sun
+ os=-sunos4
+ ;;
+ sun3os3)
+ basic_machine=m68k-sun
+ os=-sunos3
+ ;;
+ sun3os4)
+ basic_machine=m68k-sun
+ os=-sunos4
+ ;;
+ sun4os3)
+ basic_machine=sparc-sun
+ os=-sunos3
+ ;;
+ sun4os4)
+ basic_machine=sparc-sun
+ os=-sunos4
+ ;;
+ sun4sol2)
+ basic_machine=sparc-sun
+ os=-solaris2
+ ;;
+ sun3 | sun3-*)
+ basic_machine=m68k-sun
+ ;;
+ sun4)
+ basic_machine=sparc-sun
+ ;;
+ sun386 | sun386i | roadrunner)
+ basic_machine=i386-sun
+ ;;
+ sv1)
+ basic_machine=sv1-cray
+ os=-unicos
+ ;;
+ symmetry)
+ basic_machine=i386-sequent
+ os=-dynix
+ ;;
+ t3e)
+ basic_machine=alphaev5-cray
+ os=-unicos
+ ;;
+ t90)
+ basic_machine=t90-cray
+ os=-unicos
+ ;;
+ tic54x | c54x*)
+ basic_machine=tic54x-unknown
+ os=-coff
+ ;;
+ tic55x | c55x*)
+ basic_machine=tic55x-unknown
+ os=-coff
+ ;;
+ tic6x | c6x*)
+ basic_machine=tic6x-unknown
+ os=-coff
+ ;;
+ tx39)
+ basic_machine=mipstx39-unknown
+ ;;
+ tx39el)
+ basic_machine=mipstx39el-unknown
+ ;;
+ toad1)
+ basic_machine=pdp10-xkl
+ os=-tops20
+ ;;
+ tower | tower-32)
+ basic_machine=m68k-ncr
+ ;;
+ tpf)
+ basic_machine=s390x-ibm
+ os=-tpf
+ ;;
+ udi29k)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ ultra3)
+ basic_machine=a29k-nyu
+ os=-sym1
+ ;;
+ v810 | necv810)
+ basic_machine=v810-nec
+ os=-none
+ ;;
+ vaxv)
+ basic_machine=vax-dec
+ os=-sysv
+ ;;
+ vms)
+ basic_machine=vax-dec
+ os=-vms
+ ;;
+ vpp*|vx|vx-*)
+ basic_machine=f301-fujitsu
+ ;;
+ vxworks960)
+ basic_machine=i960-wrs
+ os=-vxworks
+ ;;
+ vxworks68)
+ basic_machine=m68k-wrs
+ os=-vxworks
+ ;;
+ vxworks29k)
+ basic_machine=a29k-wrs
+ os=-vxworks
+ ;;
+ w65*)
+ basic_machine=w65-wdc
+ os=-none
+ ;;
+ w89k-*)
+ basic_machine=hppa1.1-winbond
+ os=-proelf
+ ;;
+ xbox)
+ basic_machine=i686-pc
+ os=-mingw32
+ ;;
+ xps | xps100)
+ basic_machine=xps100-honeywell
+ ;;
+ ymp)
+ basic_machine=ymp-cray
+ os=-unicos
+ ;;
+ z8k-*-coff)
+ basic_machine=z8k-unknown
+ os=-sim
+ ;;
+ none)
+ basic_machine=none-none
+ os=-none
+ ;;
+
+# Here we handle the default manufacturer of certain CPU types. It is in
+# some cases the only manufacturer, in others, it is the most popular.
+ w89k)
+ basic_machine=hppa1.1-winbond
+ ;;
+ op50n)
+ basic_machine=hppa1.1-oki
+ ;;
+ op60c)
+ basic_machine=hppa1.1-oki
+ ;;
+ romp)
+ basic_machine=romp-ibm
+ ;;
+ mmix)
+ basic_machine=mmix-knuth
+ ;;
+ rs6000)
+ basic_machine=rs6000-ibm
+ ;;
+ vax)
+ basic_machine=vax-dec
+ ;;
+ pdp10)
+ # there are many clones, so DEC is not a safe bet
+ basic_machine=pdp10-unknown
+ ;;
+ pdp11)
+ basic_machine=pdp11-dec
+ ;;
+ we32k)
+ basic_machine=we32k-att
+ ;;
+ sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
+ basic_machine=sh-unknown
+ ;;
+ sparc | sparcv8 | sparcv9 | sparcv9b)
+ basic_machine=sparc-sun
+ ;;
+ cydra)
+ basic_machine=cydra-cydrome
+ ;;
+ orion)
+ basic_machine=orion-highlevel
+ ;;
+ orion105)
+ basic_machine=clipper-highlevel
+ ;;
+ mac | mpw | mac-mpw)
+ basic_machine=m68k-apple
+ ;;
+ pmac | pmac-mpw)
+ basic_machine=powerpc-apple
+ ;;
+ *-unknown)
+ # Make sure to match an already-canonicalized machine name.
+ ;;
+ *)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+ *-digital*)
+ basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+ ;;
+ *-commodore*)
+ basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+ ;;
+ *)
+ ;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+ # First match some system type aliases
+ # that might get confused with valid system types.
+ # -solaris* is a basic system type, with this one exception.
+ -solaris1 | -solaris1.*)
+ os=`echo $os | sed -e 's|solaris1|sunos4|'`
+ ;;
+ -solaris)
+ os=-solaris2
+ ;;
+ -svr4*)
+ os=-sysv4
+ ;;
+ -unixware*)
+ os=-sysv4.2uw
+ ;;
+ -gnu/linux*)
+ os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+ ;;
+ # First accept the basic system types.
+ # The portable systems comes first.
+ # Each alternative MUST END IN A *, to match a version number.
+ # -sysv* is not here because it comes later, after sysvr4.
+ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+ | -aos* \
+ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \
+ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+ | -chorusos* | -chorusrdb* \
+ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+ | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \
+ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+ | -skyos* | -haiku*)
+ # Remember, each alternative MUST END IN *, to match a version number.
+ ;;
+ -qnx*)
+ case $basic_machine in
+ x86-* | i*86-*)
+ ;;
+ *)
+ os=-nto$os
+ ;;
+ esac
+ ;;
+ -nto-qnx*)
+ ;;
+ -nto*)
+ os=`echo $os | sed -e 's|nto|nto-qnx|'`
+ ;;
+ -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+ ;;
+ -mac*)
+ os=`echo $os | sed -e 's|mac|macos|'`
+ ;;
+ -linux-dietlibc)
+ os=-linux-dietlibc
+ ;;
+ -linux*)
+ os=`echo $os | sed -e 's|linux|linux-gnu|'`
+ ;;
+ -sunos5*)
+ os=`echo $os | sed -e 's|sunos5|solaris2|'`
+ ;;
+ -sunos6*)
+ os=`echo $os | sed -e 's|sunos6|solaris3|'`
+ ;;
+ -opened*)
+ os=-openedition
+ ;;
+ -os400*)
+ os=-os400
+ ;;
+ -wince*)
+ os=-wince
+ ;;
+ -osfrose*)
+ os=-osfrose
+ ;;
+ -osf*)
+ os=-osf
+ ;;
+ -utek*)
+ os=-bsd
+ ;;
+ -dynix*)
+ os=-bsd
+ ;;
+ -acis*)
+ os=-aos
+ ;;
+ -atheos*)
+ os=-atheos
+ ;;
+ -syllable*)
+ os=-syllable
+ ;;
+ -386bsd)
+ os=-bsd
+ ;;
+ -ctix* | -uts*)
+ os=-sysv
+ ;;
+ -nova*)
+ os=-rtmk-nova
+ ;;
+ -ns2 )
+ os=-nextstep2
+ ;;
+ -nsk*)
+ os=-nsk
+ ;;
+ # Preserve the version number of sinix5.
+ -sinix5.*)
+ os=`echo $os | sed -e 's|sinix|sysv|'`
+ ;;
+ -sinix*)
+ os=-sysv4
+ ;;
+ -tpf*)
+ os=-tpf
+ ;;
+ -triton*)
+ os=-sysv3
+ ;;
+ -oss*)
+ os=-sysv3
+ ;;
+ -svr4)
+ os=-sysv4
+ ;;
+ -svr3)
+ os=-sysv3
+ ;;
+ -sysvr4)
+ os=-sysv4
+ ;;
+ # This must come after -sysvr4.
+ -sysv*)
+ ;;
+ -ose*)
+ os=-ose
+ ;;
+ -es1800*)
+ os=-ose
+ ;;
+ -xenix)
+ os=-xenix
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ os=-mint
+ ;;
+ -aros*)
+ os=-aros
+ ;;
+ -kaos*)
+ os=-kaos
+ ;;
+ -zvmoe)
+ os=-zvmoe
+ ;;
+ -none)
+ ;;
+ *)
+ # Get rid of the `-' at the beginning of $os.
+ os=`echo $os | sed 's/[^-]*-//'`
+ echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system. Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+ *-acorn)
+ os=-riscix1.2
+ ;;
+ arm*-rebel)
+ os=-linux
+ ;;
+ arm*-semi)
+ os=-aout
+ ;;
+ c4x-* | tic4x-*)
+ os=-coff
+ ;;
+ # This must come before the *-dec entry.
+ pdp10-*)
+ os=-tops20
+ ;;
+ pdp11-*)
+ os=-none
+ ;;
+ *-dec | vax-*)
+ os=-ultrix4.2
+ ;;
+ m68*-apollo)
+ os=-domain
+ ;;
+ i386-sun)
+ os=-sunos4.0.2
+ ;;
+ m68000-sun)
+ os=-sunos3
+ # This also exists in the configure program, but was not the
+ # default.
+ # os=-sunos4
+ ;;
+ m68*-cisco)
+ os=-aout
+ ;;
+ mips*-cisco)
+ os=-elf
+ ;;
+ mips*-*)
+ os=-elf
+ ;;
+ or32-*)
+ os=-coff
+ ;;
+ *-tti) # must be before sparc entry or we get the wrong os.
+ os=-sysv3
+ ;;
+ sparc-* | *-sun)
+ os=-sunos4.1.1
+ ;;
+ *-be)
+ os=-beos
+ ;;
+ *-haiku)
+ os=-haiku
+ ;;
+ *-ibm)
+ os=-aix
+ ;;
+ *-knuth)
+ os=-mmixware
+ ;;
+ *-wec)
+ os=-proelf
+ ;;
+ *-winbond)
+ os=-proelf
+ ;;
+ *-oki)
+ os=-proelf
+ ;;
+ *-hp)
+ os=-hpux
+ ;;
+ *-hitachi)
+ os=-hiux
+ ;;
+ i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+ os=-sysv
+ ;;
+ *-cbm)
+ os=-amigaos
+ ;;
+ *-dg)
+ os=-dgux
+ ;;
+ *-dolphin)
+ os=-sysv3
+ ;;
+ m68k-ccur)
+ os=-rtu
+ ;;
+ m88k-omron*)
+ os=-luna
+ ;;
+ *-next )
+ os=-nextstep
+ ;;
+ *-sequent)
+ os=-ptx
+ ;;
+ *-crds)
+ os=-unos
+ ;;
+ *-ns)
+ os=-genix
+ ;;
+ i370-*)
+ os=-mvs
+ ;;
+ *-next)
+ os=-nextstep3
+ ;;
+ *-gould)
+ os=-sysv
+ ;;
+ *-highlevel)
+ os=-bsd
+ ;;
+ *-encore)
+ os=-bsd
+ ;;
+ *-sgi)
+ os=-irix
+ ;;
+ *-siemens)
+ os=-sysv4
+ ;;
+ *-masscomp)
+ os=-rtu
+ ;;
+ f30[01]-fujitsu | f700-fujitsu)
+ os=-uxpv
+ ;;
+ *-rom68k)
+ os=-coff
+ ;;
+ *-*bug)
+ os=-coff
+ ;;
+ *-apple)
+ os=-macos
+ ;;
+ *-atari*)
+ os=-mint
+ ;;
+ *)
+ os=-none
+ ;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer. We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+ *-unknown)
+ case $os in
+ -riscix*)
+ vendor=acorn
+ ;;
+ -sunos*)
+ vendor=sun
+ ;;
+ -aix*)
+ vendor=ibm
+ ;;
+ -beos*)
+ vendor=be
+ ;;
+ -hpux*)
+ vendor=hp
+ ;;
+ -mpeix*)
+ vendor=hp
+ ;;
+ -hiux*)
+ vendor=hitachi
+ ;;
+ -unos*)
+ vendor=crds
+ ;;
+ -dgux*)
+ vendor=dg
+ ;;
+ -luna*)
+ vendor=omron
+ ;;
+ -genix*)
+ vendor=ns
+ ;;
+ -mvs* | -opened*)
+ vendor=ibm
+ ;;
+ -os400*)
+ vendor=ibm
+ ;;
+ -ptx*)
+ vendor=sequent
+ ;;
+ -tpf*)
+ vendor=ibm
+ ;;
+ -vxsim* | -vxworks* | -windiss*)
+ vendor=wrs
+ ;;
+ -aux*)
+ vendor=apple
+ ;;
+ -hms*)
+ vendor=hitachi
+ ;;
+ -mpw* | -macos*)
+ vendor=apple
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ vendor=atari
+ ;;
+ -vos*)
+ vendor=stratus
+ ;;
+ esac
+ basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+ ;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/server/sss_client/configure.ac b/server/sss_client/configure.ac
new file mode 100644
index 000000000..c32bb6fd6
--- /dev/null
+++ b/server/sss_client/configure.ac
@@ -0,0 +1,54 @@
+AC_PREREQ(2.50)
+m4_include([../version.m4])
+AC_INIT([sss_client],
+ VERSION_NUMBER,
+ [sssd-devel@lists.fedorahosted.org])
+AC_CONFIG_SRCDIR([common.c])
+AC_CONFIG_HEADER(config.h)
+AC_CONFIG_AUX_DIR([build])
+AM_INIT_AUTOMAKE([-Wall foreign subdir-objects])
+AM_PROG_CC_C_O
+AC_DISABLE_STATIC
+AC_PROG_LIBTOOL
+AC_CONFIG_MACRO_DIR([m4])
+AM_GNU_GETTEXT([external])
+AM_GNU_GETTEXT_VERSION([0.14])
+
+AM_CONDITIONAL([HAVE_GCC], [test "$ac_cv_prog_gcc" = yes])
+
+AC_CHECK_TYPES([errno_t], [], [], [[#include <errno.h>]])
+
+m4_pattern_allow([AM_SILENT_RULES])
+AM_SILENT_RULES
+
+AC_SUBST(PAM_LIBS)
+
+#Check for PAM headers
+AC_CHECK_HEADERS([security/pam_appl.h security/pam_misc.h security/pam_modules.h],
+ [AC_CHECK_LIB(pam, pam_get_item, [ PAM_LIBS="-lpam" ], [AC_MSG_ERROR([PAM must support pam_get_item])])],
+ [AC_MSG_ERROR([PAM development libraries not installed])]
+)
+
+#Set the NSS library install path
+AC_ARG_ENABLE([nsslibdir], [AS_HELP_STRING([--enable-nsslibdir],
+ [Where to install nss libraries ($libdir)])],
+ [nsslibdir=$enableval],
+ [nsslibdir=$libdir])
+AC_SUBST(nsslibdir)
+
+m4_include([conf_macros.m4])
+BUILD_WITH_AUX_INFO
+WITH_PIPE_PATH
+WITH_MANPAGES
+WITH_XML_CATALOG
+
+m4_include([external/docbook.m4])
+if test x$HAVE_MANPAGES != x; then
+ CHECK_XML_TOOLS
+ CHECK_STYLESHEET([$SGML_CATALOG_FILES],
+ [http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
+ [Docbook XSL templates])
+fi
+
+AC_CONFIG_FILES([Makefile po/Makefile.in])
+AC_OUTPUT
diff --git a/server/sss_client/external/docbook.m4 b/server/sss_client/external/docbook.m4
new file mode 100644
index 000000000..cae89feb1
--- /dev/null
+++ b/server/sss_client/external/docbook.m4
@@ -0,0 +1,35 @@
+dnl Checks for tools needed to generate manual pages
+AC_DEFUN([CHECK_XML_TOOLS],
+[
+ AC_PATH_PROG([XSLTPROC], [xsltproc])
+ if test ! -x "$XSLTPROC"; then
+ AC_MSG_ERROR([Could not find xsltproc])
+ fi
+
+ AC_PATH_PROG([XMLLINT], [xmllint])
+ if test ! -x "$XMLLINT"; then
+ AC_MSG_ERROR([Could not find xmllint])
+ fi
+
+ AC_PATH_PROG([XMLCATALOG], [xmlcatalog])
+ if test ! -x "$XMLCATALOG"; then
+ AC_MSG_ERROR([Could not find xmlcatalog])
+ fi
+])
+
+dnl Usage:
+dnl CHECK_STYLESHEET_URI(FILE, URI, [FRIENDLY-NAME])
+dnl Checks if the XML catalog given by FILE exists and
+dnl if a particular URI appears in the XML catalog
+AC_DEFUN([CHECK_STYLESHEET],
+[
+ AC_CHECK_FILE($1, [], [AC_MSG_ERROR([could not find XML catalog])])
+
+ AC_MSG_CHECKING([for ifelse([$3],,[$2],[$3]) in XML catalog])
+ if AC_RUN_LOG([$XMLCATALOG --noout "$1" "$2" >&2]); then
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_ERROR([could not find ifelse([$3],,[$2],[$3]) in XML catalog])
+ fi
+])
+
diff --git a/server/sss_client/group.c b/server/sss_client/group.c
new file mode 100644
index 000000000..675b8b71e
--- /dev/null
+++ b/server/sss_client/group.c
@@ -0,0 +1,435 @@
+/*
+ * System Security Services Daemon. NSS client interface
+ *
+ * Copyright (C) Simo Sorce 2007
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* GROUP database NSS interface */
+
+#include <nss.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include "sss_cli.h"
+
+static struct sss_nss_getgrent_data {
+ size_t len;
+ size_t ptr;
+ uint8_t *data;
+} sss_nss_getgrent_data;
+
+static void sss_nss_getgrent_data_clean(void) {
+
+ if (sss_nss_getgrent_data.data != NULL) {
+ free(sss_nss_getgrent_data.data);
+ sss_nss_getgrent_data.data = NULL;
+ }
+ sss_nss_getgrent_data.len = 0;
+ sss_nss_getgrent_data.ptr = 0;
+}
+
+/* GETGRNAM Request:
+ *
+ * 0-X: string with name
+ *
+ * GERTGRGID Request:
+ *
+ * 0-7: 32bit number with gid
+ *
+ * INITGROUPS Request:
+ *
+ * 0-3: 32bit number with gid
+ * 4-7: 32bit unsigned with max num of entries
+ *
+ * Replies:
+ *
+ * 0-3: 32bit unsigned number of results
+ * 4-7: 32bit unsigned (reserved/padding)
+ * For each result (64bit padded ?):
+ * 0-3: 32bit number gid
+ * 4-7: 32bit unsigned number of members
+ * 8-X: sequence of 0 terminated strings (name, passwd, mem..)
+ *
+ * FIXME: do we need to pad so that each result is 32 bit aligned ?
+ */
+struct sss_nss_gr_rep {
+ struct group *result;
+ char *buffer;
+ size_t buflen;
+};
+
+static int sss_nss_getgr_readrep(struct sss_nss_gr_rep *pr,
+ uint8_t *buf, size_t *len)
+{
+ size_t i, l, slen, ptmem;
+ ssize_t dlen;
+ char *sbuf;
+ uint32_t mem_num;
+
+ if (*len < 11) { /* not enough space for data, bad packet */
+ return EBADMSG;
+ }
+
+ pr->result->gr_gid = ((uint32_t *)buf)[0];
+ mem_num = ((uint32_t *)buf)[1];
+
+ sbuf = (char *)&buf[8];
+ slen = *len - 8;
+ dlen = pr->buflen;
+
+ pr->result->gr_name = &(pr->buffer[0]);
+ i = 0;
+ while (slen > i && dlen > 0) {
+ pr->buffer[i] = sbuf[i];
+ if (pr->buffer[i] == '\0') break;
+ i++;
+ dlen--;
+ }
+ if (slen <= i) { /* premature end of buf */
+ return EBADMSG;
+ }
+ if (dlen <= 0) { /* not enough memory */
+ return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */
+ }
+ i++;
+ dlen--;
+
+ pr->result->gr_passwd = &(pr->buffer[i]);
+ while (slen > i && dlen > 0) {
+ pr->buffer[i] = sbuf[i];
+ if (pr->buffer[i] == '\0') break;
+ i++;
+ dlen--;
+ }
+ if (slen <= i) { /* premature end of buf */
+ return EBADMSG;
+ }
+ if (dlen <= 0) { /* not enough memory */
+ return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */
+ }
+ i++;
+ dlen--;
+
+ /* now members */
+ pr->result->gr_mem = (char **)&(pr->buffer[i]);
+ ptmem = sizeof(char *) * (mem_num + 1);
+ if (ptmem > dlen) {
+ return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */
+ }
+ dlen -= ptmem;
+ ptmem += i;
+ pr->result->gr_mem[mem_num] = NULL; /* terminate array */
+
+ for (l = 0; l < mem_num; l++) {
+ pr->result->gr_mem[l] = &(pr->buffer[ptmem]);
+ while ((slen > i) && (dlen > 0)) {
+ pr->buffer[ptmem] = sbuf[i];
+ if (pr->buffer[ptmem] == '\0') break;
+ i++;
+ dlen--;
+ ptmem++;
+ }
+ if (slen <= i) { /* premature end of buf */
+ return EBADMSG;
+ }
+ if (dlen <= 0) { /* not enough memory */
+ return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */
+ }
+ i++;
+ dlen--;
+ ptmem++;
+ }
+
+ *len = slen -i;
+ return 0;
+}
+
+/* INITGROUP Reply:
+ *
+ * 0-3: 32bit unsigned number of results
+ * 4-7: 32bit unsigned (reserved/padding)
+ * For each result:
+ * 0-4: 32bit number with gid
+ */
+
+
+enum nss_status _nss_sss_initgroups_dyn(const char *user, gid_t group,
+ long int *start, long int *size,
+ gid_t **groups, long int limit,
+ int *errnop)
+{
+ struct sss_cli_req_data rd;
+ uint8_t *repbuf;
+ size_t replen;
+ enum nss_status nret;
+ uint32_t *rbuf;
+ uint32_t num_ret;
+ long int l, max_ret;
+
+ rd.len = strlen(user) +1;
+ rd.data = user;
+
+ nret = sss_nss_make_request(SSS_NSS_INITGR, &rd,
+ &repbuf, &replen, errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ return nret;
+ }
+
+ /* no results if not found */
+ num_ret = ((uint32_t *)repbuf)[0];
+ if (num_ret == 0) {
+ free(repbuf);
+ return NSS_STATUS_NOTFOUND;
+ }
+ max_ret = num_ret;
+
+ /* check we have enough space in the buffer */
+ if ((*size - *start) < num_ret) {
+ long int newsize;
+ gid_t *newgroups;
+
+ newsize = *size + num_ret;
+ if ((limit > 0) && (newsize > limit)) {
+ newsize = limit;
+ max_ret = newsize - *start;
+ }
+
+ newgroups = (gid_t *)realloc((*groups), newsize * sizeof(**groups));
+ if (!newgroups) {
+ *errnop = ENOMEM;
+ free(repbuf);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ *groups = newgroups;
+ *size = newsize;
+ }
+
+ rbuf = &((uint32_t *)repbuf)[2];
+ for (l = 0; l < max_ret; l++) {
+ (*groups)[*start] = rbuf[l];
+ *start += 1;
+ }
+
+ return NSS_STATUS_SUCCESS;
+}
+
+
+enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result,
+ char *buffer, size_t buflen, int *errnop)
+{
+ struct sss_cli_req_data rd;
+ struct sss_nss_gr_rep grrep;
+ uint8_t *repbuf;
+ size_t replen, len;
+ enum nss_status nret;
+ int ret;
+
+ /* Caught once glibc passing in buffer == 0x0 */
+ if (!buffer || !buflen) return ERANGE;
+
+ rd.len = strlen(name) + 1;
+ rd.data = name;
+
+ nret = sss_nss_make_request(SSS_NSS_GETGRNAM, &rd,
+ &repbuf, &replen, errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ return nret;
+ }
+
+ grrep.result = result;
+ grrep.buffer = buffer;
+ grrep.buflen = buflen;
+
+ /* no results if not found */
+ if (((uint32_t *)repbuf)[0] == 0) {
+ free(repbuf);
+ return NSS_STATUS_NOTFOUND;
+ }
+
+ /* only 1 result is accepted for this function */
+ if (((uint32_t *)repbuf)[0] != 1) {
+ *errnop = EBADMSG;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ len = replen - 8;
+ ret = sss_nss_getgr_readrep(&grrep, repbuf+8, &len);
+ free(repbuf);
+ if (ret) {
+ *errnop = ret;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ return NSS_STATUS_SUCCESS;
+}
+
+enum nss_status _nss_sss_getgrgid_r(gid_t gid, struct group *result,
+ char *buffer, size_t buflen, int *errnop)
+{
+ struct sss_cli_req_data rd;
+ struct sss_nss_gr_rep grrep;
+ uint8_t *repbuf;
+ size_t replen, len;
+ enum nss_status nret;
+ uint32_t group_gid;
+ int ret;
+
+ /* Caught once glibc passing in buffer == 0x0 */
+ if (!buffer || !buflen) return ERANGE;
+
+ group_gid = gid;
+ rd.len = sizeof(uint32_t);
+ rd.data = &group_gid;
+
+ nret = sss_nss_make_request(SSS_NSS_GETGRGID, &rd,
+ &repbuf, &replen, errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ return nret;
+ }
+
+ grrep.result = result;
+ grrep.buffer = buffer;
+ grrep.buflen = buflen;
+
+ /* no results if not found */
+ if (((uint32_t *)repbuf)[0] == 0) {
+ free(repbuf);
+ return NSS_STATUS_NOTFOUND;
+ }
+
+ /* only 1 result is accepted for this function */
+ if (((uint32_t *)repbuf)[0] != 1) {
+ *errnop = EBADMSG;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ len = replen - 8;
+ ret = sss_nss_getgr_readrep(&grrep, repbuf+8, &len);
+ free(repbuf);
+ if (ret) {
+ *errnop = ret;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ return NSS_STATUS_SUCCESS;
+}
+
+enum nss_status _nss_sss_setgrent(void)
+{
+ enum nss_status nret;
+ int errnop;
+
+ /* make sure we do not have leftovers, and release memory */
+ sss_nss_getgrent_data_clean();
+
+ nret = sss_nss_make_request(SSS_NSS_SETGRENT,
+ NULL, NULL, NULL, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ errno = errnop;
+ return nret;
+ }
+
+ return NSS_STATUS_SUCCESS;
+}
+
+enum nss_status _nss_sss_getgrent_r(struct group *result,
+ char *buffer, size_t buflen, int *errnop)
+{
+ struct sss_cli_req_data rd;
+ struct sss_nss_gr_rep grrep;
+ uint8_t *repbuf;
+ size_t replen;
+ enum nss_status nret;
+ uint32_t num_entries;
+ int ret;
+
+ /* Caught once glibc passing in buffer == 0x0 */
+ if (!buffer || !buflen) return ERANGE;
+
+ /* if there are leftovers return the next one */
+ if (sss_nss_getgrent_data.data != NULL &&
+ sss_nss_getgrent_data.ptr < sss_nss_getgrent_data.len) {
+
+ repbuf = (uint8_t *)sss_nss_getgrent_data.data +
+ sss_nss_getgrent_data.ptr;
+ replen = sss_nss_getgrent_data.len -
+ sss_nss_getgrent_data.ptr;
+
+ grrep.result = result;
+ grrep.buffer = buffer;
+ grrep.buflen = buflen;
+
+ ret = sss_nss_getgr_readrep(&grrep, repbuf, &replen);
+ if (ret) {
+ *errnop = ret;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ /* advance buffer pointer */
+ sss_nss_getgrent_data.ptr = sss_nss_getgrent_data.len - replen;
+
+ return NSS_STATUS_SUCCESS;
+ }
+
+ /* release memory if any */
+ sss_nss_getgrent_data_clean();
+
+ /* retrieve no more than SSS_NSS_MAX_ENTRIES at a time */
+ num_entries = SSS_NSS_MAX_ENTRIES;
+ rd.len = sizeof(uint32_t);
+ rd.data = &num_entries;
+
+ nret = sss_nss_make_request(SSS_NSS_GETGRENT, &rd,
+ &repbuf, &replen, errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ return nret;
+ }
+
+ /* no results if not found */
+ if ((((uint32_t *)repbuf)[0] == 0) || (replen - 8 == 0)) {
+ free(repbuf);
+ return NSS_STATUS_NOTFOUND;
+ }
+
+ sss_nss_getgrent_data.data = repbuf;
+ sss_nss_getgrent_data.len = replen;
+ sss_nss_getgrent_data.ptr = 8; /* skip metadata fields */
+
+ /* call again ourselves, this will return the first result */
+ return _nss_sss_getgrent_r(result, buffer, buflen, errnop);
+}
+
+enum nss_status _nss_sss_endgrent(void)
+{
+ enum nss_status nret;
+ int errnop;
+
+ /* make sure we do not have leftovers, and release memory */
+ sss_nss_getgrent_data_clean();
+
+ nret = sss_nss_make_request(SSS_NSS_ENDGRENT,
+ NULL, NULL, NULL, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ errno = errnop;
+ return nret;
+ }
+
+ return NSS_STATUS_SUCCESS;
+}
diff --git a/server/sss_client/install-sh b/server/sss_client/install-sh
new file mode 100755
index 000000000..58719246f
--- /dev/null
+++ b/server/sss_client/install-sh
@@ -0,0 +1,238 @@
+#! /bin/sh
+#
+# install - install a program, script, or datafile
+# This comes from X11R5.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+#
+
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit="${DOITPROG-}"
+
+
+# put in absolute paths if you don't have them in your path; or use env. vars.
+
+mvprog="${MVPROG-mv}"
+cpprog="${CPPROG-cp}"
+chmodprog="${CHMODPROG-chmod}"
+chownprog="${CHOWNPROG-chown}"
+chgrpprog="${CHGRPPROG-chgrp}"
+stripprog="${STRIPPROG-strip}"
+rmprog="${RMPROG-rm}"
+mkdirprog="${MKDIRPROG-mkdir}"
+
+transformbasename=""
+transform_arg=""
+instcmd="$mvprog"
+chmodcmd="$chmodprog 0755"
+chowncmd=""
+chgrpcmd=""
+stripcmd=""
+rmcmd="$rmprog -f"
+mvcmd="$mvprog"
+src=""
+dst=""
+dir_arg=""
+
+while [ x"$1" != x ]; do
+ case $1 in
+ -c) instcmd="$cpprog"
+ shift
+ continue;;
+
+ -d) dir_arg=true
+ shift
+ continue;;
+
+ -m) chmodcmd="$chmodprog $2"
+ shift
+ shift
+ continue;;
+
+ -o) chowncmd="$chownprog $2"
+ shift
+ shift
+ continue;;
+
+ -g) chgrpcmd="$chgrpprog $2"
+ shift
+ shift
+ continue;;
+
+ -s) stripcmd="$stripprog"
+ shift
+ continue;;
+
+ -t=*) transformarg=`echo $1 | sed 's/-t=//'`
+ shift
+ continue;;
+
+ -b=*) transformbasename=`echo $1 | sed 's/-b=//'`
+ shift
+ continue;;
+
+ *) if [ x"$src" = x ]
+ then
+ src=$1
+ else
+ # this colon is to work around a 386BSD /bin/sh bug
+ :
+ dst=$1
+ fi
+ shift
+ continue;;
+ esac
+done
+
+if [ x"$src" = x ]
+then
+ echo "install: no input file specified"
+ exit 1
+else
+ true
+fi
+
+if [ x"$dir_arg" != x ]; then
+ dst=$src
+ src=""
+
+ if [ -d $dst ]; then
+ instcmd=:
+ else
+ instcmd=mkdir
+ fi
+else
+
+# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
+# might cause directories to be created, which would be especially bad
+# if $src (and thus $dsttmp) contains '*'.
+
+ if [ -f $src -o -d $src ]
+ then
+ true
+ else
+ echo "install: $src does not exist"
+ exit 1
+ fi
+
+ if [ x"$dst" = x ]
+ then
+ echo "install: no destination specified"
+ exit 1
+ else
+ true
+ fi
+
+# If destination is a directory, append the input filename; if your system
+# does not like double slashes in filenames, you may need to add some logic
+
+ if [ -d $dst ]
+ then
+ dst="$dst"/`basename $src`
+ else
+ true
+ fi
+fi
+
+## this sed command emulates the dirname command
+dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
+
+# Make sure that the destination directory exists.
+# this part is taken from Noah Friedman's mkinstalldirs script
+
+# Skip lots of stat calls in the usual case.
+if [ ! -d "$dstdir" ]; then
+defaultIFS='
+'
+IFS="${IFS-${defaultIFS}}"
+
+oIFS="${IFS}"
+# Some sh's can't handle IFS=/ for some reason.
+IFS='%'
+set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
+IFS="${oIFS}"
+
+pathcomp=''
+
+while [ $# -ne 0 ] ; do
+ pathcomp="${pathcomp}${1}"
+ shift
+
+ if [ ! -d "${pathcomp}" ] ;
+ then
+ $mkdirprog "${pathcomp}"
+ else
+ true
+ fi
+
+ pathcomp="${pathcomp}/"
+done
+fi
+
+if [ x"$dir_arg" != x ]
+then
+ $doit $instcmd $dst &&
+
+ if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
+ if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
+ if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
+ if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
+else
+
+# If we're going to rename the final executable, determine the name now.
+
+ if [ x"$transformarg" = x ]
+ then
+ dstfile=`basename $dst`
+ else
+ dstfile=`basename $dst $transformbasename |
+ sed $transformarg`$transformbasename
+ fi
+
+# don't allow the sed command to completely eliminate the filename
+
+ if [ x"$dstfile" = x ]
+ then
+ dstfile=`basename $dst`
+ else
+ true
+ fi
+
+# Make a temp file name in the proper directory.
+
+ dsttmp=$dstdir/#inst.$$#
+
+# Move or copy the file name to the temp name
+
+ $doit $instcmd $src $dsttmp &&
+
+ trap "rm -f ${dsttmp}" 0 &&
+
+# and set any options; do chmod last to preserve setuid bits
+
+# If any of these fail, we abort the whole thing. If we want to
+# ignore errors from any of these, just make sure not to ignore
+# errors from the above "$doit $instcmd $src $dsttmp" command.
+
+ if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
+ if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
+ if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
+ if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
+
+# Now rename the file to the real destination.
+
+ $doit $rmcmd -f $dstdir/$dstfile &&
+ $doit $mvcmd $dsttmp $dstdir/$dstfile
+
+fi &&
+
+
+exit 0
diff --git a/server/sss_client/m4/.dir b/server/sss_client/m4/.dir
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/server/sss_client/m4/.dir
diff --git a/server/sss_client/man/pam_sss.8.xml b/server/sss_client/man/pam_sss.8.xml
new file mode 100644
index 000000000..f6ac9f477
--- /dev/null
+++ b/server/sss_client/man/pam_sss.8.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN"
+"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
+<reference>
+<title>SSSD Manual pages</title>
+<refentry>
+ <refentryinfo>
+ <productname>SSSD</productname>
+ <orgname>The SSSD upstream - http://fedorahosted.org/sssd</orgname>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>pam_sss</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </refmeta>
+
+ <refnamediv id='name'>
+ <refname>pam_sss</refname>
+ <refpurpose>PAM module for SSSD</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv id='synopsis'>
+ <cmdsynopsis>
+ <command>pam_sss.so</command>
+ <arg choice='opt'>
+ <replaceable>forward_pass</replaceable>
+ </arg>
+ <arg choice='opt'>
+ <replaceable>use_first_pass</replaceable>
+ </arg>
+ <arg choice='opt'>
+ <replaceable>use_authtok</replaceable>
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id='description'>
+ <title>DESCRIPTION</title>
+ <para><command>pam_sss.so</command> is the PAM interface to the System
+ Security Services daemon (SSSD). Errors and results are logged through
+ <command>syslog(3)</command> with the LOG_AUTHPRIV facility.</para>
+ </refsect1>
+
+ <refsect1 id='options'>
+ <title>OPTIONS</title>
+ <variablelist remap='IP'>
+ <varlistentry>
+ <term>
+ <option>forward_pass</option>
+ </term>
+ <listitem>
+ <para>If <option>forward_pass</option> is set the entered
+ password is put on the stack for other PAM modules to use.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>use_first_pass</option>
+ </term>
+ <listitem>
+ <para>The argument use_first_pass forces the module to use
+ a previous stacked modules password and will never prompt
+ the user - if no password is available or the password is
+ not appropriate, the user will be denied access.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>use_authtok</option>
+ </term>
+ <listitem>
+ <para>When password changing enforce the module to set the
+ new password to the one provided by a previously stacked
+ password module.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='module_types_provides'>
+ <title>MODULE TYPES PROVIDED</title>
+ <para>All module types (<option>account</option>, <option>auth</option>,
+ <option>password</option> and <option>session</option>) are provided.
+ </para>
+ </refsect1>
+
+ <refsect1 id='see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+</refentry>
+</reference>
diff --git a/server/sss_client/pam_sss.c b/server/sss_client/pam_sss.c
new file mode 100644
index 000000000..8a1e3129a
--- /dev/null
+++ b/server/sss_client/pam_sss.c
@@ -0,0 +1,1166 @@
+/*
+ Authors:
+ Sumit Bose <sbose@redhat.com>
+
+ Copyright (C) 2009 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#define PAM_SM_AUTH
+#define PAM_SM_ACCOUNT
+#define PAM_SM_SESSION
+#define PAM_SM_PASSWORD
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <syslog.h>
+#include <time.h>
+
+#include <security/pam_modules.h>
+#include <security/pam_ext.h>
+#include <security/pam_modutil.h>
+#include "sss_pam_macros.h"
+
+#include "sss_cli.h"
+
+#include <libintl.h>
+#define _(STRING) dgettext (PACKAGE, STRING)
+#include "config.h"
+
+#define FLAGS_USE_FIRST_PASS (1 << 0)
+#define FLAGS_FORWARD_PASS (1 << 1)
+#define FLAGS_USE_AUTHTOK (1 << 2)
+
+struct pam_items {
+ const char* pam_service;
+ const char* pam_user;
+ const char* pam_tty;
+ const char* pam_ruser;
+ const char* pam_rhost;
+ char* pam_authtok;
+ char* pam_newauthtok;
+ const char* pamstack_authtok;
+ const char* pamstack_oldauthtok;
+ size_t pam_service_size;
+ size_t pam_user_size;
+ size_t pam_tty_size;
+ size_t pam_ruser_size;
+ size_t pam_rhost_size;
+ int pam_authtok_type;
+ size_t pam_authtok_size;
+ int pam_newauthtok_type;
+ size_t pam_newauthtok_size;
+ pid_t cli_pid;
+ const char *login_name;
+};
+
+#define DEBUG_MGS_LEN 1024
+#define MAX_AUTHTOK_SIZE (1024*1024)
+#define CHECK_AND_RETURN_PI_STRING(s) ((s != NULL && *s != '\0')? s : "(not available)")
+
+static void logger(pam_handle_t *pamh, int level, const char *fmt, ...) {
+ va_list ap;
+
+ va_start(ap, fmt);
+
+#ifdef DEBUG
+ va_list apd;
+ char debug_msg[DEBUG_MGS_LEN];
+ int ret;
+ va_copy(apd, ap);
+
+ ret = vsnprintf(debug_msg, DEBUG_MGS_LEN, fmt, apd);
+ if (ret >= DEBUG_MGS_LEN) {
+ D(("the following message is truncated: %s", debug_msg));
+ } else if (ret < 0) {
+ D(("vsnprintf failed to format debug message!"));
+ } else {
+ D((debug_msg));
+ }
+
+ va_end(apd);
+#endif
+
+ pam_vsyslog(pamh, LOG_AUTHPRIV|level, fmt, ap);
+
+ va_end(ap);
+}
+
+
+static size_t add_authtok_item(enum pam_item_type type,
+ enum sss_authtok_type authtok_type,
+ const char *tok, const size_t size,
+ uint8_t *buf) {
+ size_t rp=0;
+ uint32_t c;
+
+ if (tok == NULL) return 0;
+
+ c = type;
+ memcpy(&buf[rp], &c, sizeof(uint32_t));
+ rp += sizeof(uint32_t);
+
+ c = size + sizeof(uint32_t);
+ memcpy(&buf[rp], &c, sizeof(uint32_t));
+ rp += sizeof(uint32_t);
+
+ c = authtok_type;
+ memcpy(&buf[rp], &c, sizeof(uint32_t));
+ rp += sizeof(uint32_t);
+
+ memcpy(&buf[rp], tok, size);
+ rp += size;
+
+ return rp;
+}
+
+
+static size_t add_uint32_t_item(enum pam_item_type type, const uint32_t val,
+ uint8_t *buf) {
+ size_t rp=0;
+ uint32_t c;
+
+ c = type;
+ memcpy(&buf[rp], &c, sizeof(uint32_t));
+ rp += sizeof(uint32_t);
+
+ c = sizeof(uint32_t);
+ memcpy(&buf[rp], &c, sizeof(uint32_t));
+ rp += sizeof(uint32_t);
+
+ c = val;
+ memcpy(&buf[rp], &c, sizeof(uint32_t));
+ rp += sizeof(uint32_t);
+
+ return rp;
+}
+
+static size_t add_string_item(enum pam_item_type type, const char *str,
+ const size_t size, uint8_t *buf) {
+ size_t rp=0;
+ uint32_t c;
+
+ if (str == NULL || *str == '\0') return 0;
+
+ c = type;
+ memcpy(&buf[rp], &c, sizeof(uint32_t));
+ rp += sizeof(uint32_t);
+
+ c = size;
+ memcpy(&buf[rp], &c, sizeof(uint32_t));
+ rp += sizeof(uint32_t);
+
+ memcpy(&buf[rp], str, size);
+ rp += size;
+
+ return rp;
+}
+
+static void overwrite_and_free_authtoks(struct pam_items *pi)
+{
+ if (pi->pam_authtok != NULL) {
+ _pam_overwrite_n((void *)pi->pam_authtok, pi->pam_authtok_size);
+ free((void *)pi->pam_authtok);
+ pi->pam_authtok = NULL;
+ }
+
+ if (pi->pam_newauthtok != NULL) {
+ _pam_overwrite_n((void *)pi->pam_newauthtok, pi->pam_newauthtok_size);
+ free((void *)pi->pam_newauthtok);
+ pi->pam_newauthtok = NULL;
+ }
+}
+
+static int pack_message_v3(struct pam_items *pi, size_t *size,
+ uint8_t **buffer) {
+ int len;
+ uint8_t *buf;
+ int rp;
+ uint32_t terminator = SSS_END_OF_PAM_REQUEST;
+
+ len = sizeof(uint32_t) +
+ 2*sizeof(uint32_t) + pi->pam_user_size +
+ sizeof(uint32_t);
+ len += *pi->pam_service != '\0' ?
+ 2*sizeof(uint32_t) + pi->pam_service_size : 0;
+ len += *pi->pam_tty != '\0' ?
+ 2*sizeof(uint32_t) + pi->pam_tty_size : 0;
+ len += *pi->pam_ruser != '\0' ?
+ 2*sizeof(uint32_t) + pi->pam_ruser_size : 0;
+ len += *pi->pam_rhost != '\0' ?
+ 2*sizeof(uint32_t) + pi->pam_rhost_size : 0;
+ len += pi->pam_authtok != NULL ?
+ 3*sizeof(uint32_t) + pi->pam_authtok_size : 0;
+ len += pi->pam_newauthtok != NULL ?
+ 3*sizeof(uint32_t) + pi->pam_newauthtok_size : 0;
+ len += 3*sizeof(uint32_t); /* cli_pid */
+
+ buf = malloc(len);
+ if (buf == NULL) {
+ D(("malloc failed."));
+ return PAM_BUF_ERR;
+ }
+
+ rp = 0;
+ ((uint32_t *)(&buf[rp]))[0] = SSS_START_OF_PAM_REQUEST;
+ rp += sizeof(uint32_t);
+
+ rp += add_string_item(SSS_PAM_ITEM_USER, pi->pam_user, pi->pam_user_size,
+ &buf[rp]);
+
+ rp += add_string_item(SSS_PAM_ITEM_SERVICE, pi->pam_service,
+ pi->pam_service_size, &buf[rp]);
+
+ rp += add_string_item(SSS_PAM_ITEM_TTY, pi->pam_tty, pi->pam_tty_size,
+ &buf[rp]);
+
+ rp += add_string_item(SSS_PAM_ITEM_RUSER, pi->pam_ruser, pi->pam_ruser_size,
+ &buf[rp]);
+
+ rp += add_string_item(SSS_PAM_ITEM_RHOST, pi->pam_rhost, pi->pam_rhost_size,
+ &buf[rp]);
+
+ rp += add_uint32_t_item(SSS_PAM_ITEM_CLI_PID, (uint32_t) pi->cli_pid,
+ &buf[rp]);
+
+ rp += add_authtok_item(SSS_PAM_ITEM_AUTHTOK, pi->pam_authtok_type,
+ pi->pam_authtok, pi->pam_authtok_size, &buf[rp]);
+
+ rp += add_authtok_item(SSS_PAM_ITEM_NEWAUTHTOK, pi->pam_newauthtok_type,
+ pi->pam_newauthtok, pi->pam_newauthtok_size,
+ &buf[rp]);
+
+ memcpy(&buf[rp], &terminator, sizeof(uint32_t));
+ rp += sizeof(uint32_t);
+
+ if (rp != len) {
+ D(("error during packet creation."));
+ return PAM_BUF_ERR;
+ }
+
+ *size = len;
+ *buffer = buf;
+
+ return 0;
+}
+
+static int null_strcmp(const char *s1, const char *s2) {
+ if (s1 == NULL && s2 == NULL) return 0;
+ if (s1 == NULL && s2 != NULL) return -1;
+ if (s1 != NULL && s2 == NULL) return 1;
+ return strcmp(s1, s2);
+}
+
+enum {
+ SSS_PAM_CONV_DONE = 0,
+ SSS_PAM_CONV_STD,
+ SSS_PAM_CONV_REENTER,
+};
+
+static int do_pam_conversation(pam_handle_t *pamh, const int msg_style,
+ const char *msg,
+ const char *reenter_msg,
+ char **answer)
+{
+ int ret;
+ int state = SSS_PAM_CONV_STD;
+ struct pam_conv *conv;
+ struct pam_message *mesg[1];
+ struct pam_response *resp=NULL;
+
+ if ((msg_style == PAM_TEXT_INFO || msg_style == PAM_ERROR_MSG) &&
+ msg == NULL) return PAM_SYSTEM_ERR;
+
+ if ((msg_style == PAM_PROMPT_ECHO_OFF ||
+ msg_style == PAM_PROMPT_ECHO_ON) &&
+ (msg == NULL || answer == NULL)) return PAM_SYSTEM_ERR;
+
+ if (msg_style == PAM_TEXT_INFO || msg_style == PAM_ERROR_MSG) {
+ logger(pamh, LOG_INFO, "User %s message: %s",
+ msg_style == PAM_TEXT_INFO ? "info" : "error",
+ msg);
+ }
+
+ ret=pam_get_item(pamh, PAM_CONV, (const void **) &conv);
+ if (ret != PAM_SUCCESS) return ret;
+
+ do {
+ mesg[0] = malloc(sizeof(struct pam_message));
+ if (mesg[0] == NULL) {
+ D(("Malloc failed."));
+ return PAM_SYSTEM_ERR;
+ }
+
+ mesg[0]->msg_style = msg_style;
+ if (state == SSS_PAM_CONV_REENTER) {
+ mesg[0]->msg = reenter_msg;
+ } else {
+ mesg[0]->msg = msg;
+ }
+
+ ret=conv->conv(1, (const struct pam_message **) mesg, &resp,
+ conv->appdata_ptr);
+ free(mesg[0]);
+ if (ret != PAM_SUCCESS) {
+ D(("Conversation failure: %s.", pam_strerror(pamh,ret)));
+ return ret;
+ }
+
+ if (msg_style == PAM_PROMPT_ECHO_OFF ||
+ msg_style == PAM_PROMPT_ECHO_ON) {
+ if (resp == NULL) {
+ D(("response expected, but resp==NULL"));
+ return PAM_SYSTEM_ERR;
+ }
+
+ if (state == SSS_PAM_CONV_REENTER) {
+ if (null_strcmp(*answer, resp[0].resp) != 0) {
+ logger(pamh, LOG_NOTICE, "Passwords do not match.");
+ _pam_overwrite((void *)resp[0].resp);
+ free(resp[0].resp);
+ if (*answer != NULL) {
+ _pam_overwrite((void *)*answer);
+ free(*answer);
+ *answer = NULL;
+ }
+ ret = do_pam_conversation(pamh, PAM_ERROR_MSG,
+ _("Passwords do not match"),
+ NULL, NULL);
+ if (ret != PAM_SUCCESS) {
+ D(("do_pam_conversation failed."));
+ return PAM_SYSTEM_ERR;
+ }
+ return PAM_CRED_ERR;
+ }
+ _pam_overwrite((void *)resp[0].resp);
+ free(resp[0].resp);
+ } else {
+ if (resp[0].resp == NULL) {
+ D(("Empty password"));
+ *answer = NULL;
+ } else {
+ *answer = strndup(resp[0].resp, MAX_AUTHTOK_SIZE);
+ _pam_overwrite((void *)resp[0].resp);
+ free(resp[0].resp);
+ if(*answer == NULL) {
+ D(("strndup failed"));
+ return PAM_BUF_ERR;
+ }
+ }
+ }
+ free(resp);
+ resp = NULL;
+ }
+
+ if (reenter_msg != NULL && state == SSS_PAM_CONV_STD) {
+ state = SSS_PAM_CONV_REENTER;
+ } else {
+ state = SSS_PAM_CONV_DONE;
+ }
+ } while (state != SSS_PAM_CONV_DONE);
+
+ return PAM_SUCCESS;
+}
+
+static int user_info_offline_auth(pam_handle_t *pamh, size_t buflen,
+ uint8_t *buf)
+{
+ int ret;
+ long long expire_date;
+ struct tm tm;
+ char expire_str[128];
+ char user_msg[256];
+
+ expire_str[0] = '\0';
+
+ if (buflen != sizeof(uint32_t) + sizeof(long long)) {
+ D(("User info response data has the wrong size"));
+ return PAM_BUF_ERR;
+ }
+
+ memcpy(&expire_date, buf + sizeof(uint32_t), sizeof(long long));
+
+ if (expire_date > 0) {
+ if (localtime_r((time_t *) &expire_date, &tm) != NULL) {
+ ret = strftime(expire_str, sizeof(expire_str), "%c", &tm);
+ if (ret == 0) {
+ D(("strftime failed."));
+ expire_str[0] = '\0';
+ }
+ } else {
+ D(("localtime_r failed"));
+ }
+ }
+
+ ret = snprintf(user_msg, sizeof(user_msg), "%s%s%s.",
+ _("Offline authentication"),
+ expire_str[0] ? _(", your cached password will expire at: ") : "",
+ expire_str[0] ? expire_str : "");
+ if (ret < 0 || ret >= sizeof(user_msg)) {
+ D(("snprintf failed."));
+ return PAM_SYSTEM_ERR;
+ }
+
+ ret = do_pam_conversation(pamh, PAM_TEXT_INFO, user_msg, NULL, NULL);
+ if (ret != PAM_SUCCESS) {
+ D(("do_pam_conversation failed."));
+ return PAM_SYSTEM_ERR;
+ }
+
+ return PAM_SUCCESS;
+}
+
+static int user_info_offline_auth_delayed(pam_handle_t *pamh, size_t buflen,
+ uint8_t *buf)
+{
+ int ret;
+ long long delayed_until;
+ struct tm tm;
+ char delay_str[128];
+ char user_msg[256];
+
+ delay_str[0] = '\0';
+
+ if (buflen != sizeof(uint32_t) + sizeof(long long)) {
+ D(("User info response data has the wrong size"));
+ return PAM_BUF_ERR;
+ }
+
+ memcpy(&delayed_until, buf + sizeof(uint32_t), sizeof(long long));
+
+ if (delayed_until <= 0) {
+ D(("User info response data has an invalid value"));
+ return PAM_BUF_ERR;
+ }
+
+ if (localtime_r((time_t *) &delayed_until, &tm) != NULL) {
+ ret = strftime(delay_str, sizeof(delay_str), "%c", &tm);
+ if (ret == 0) {
+ D(("strftime failed."));
+ delay_str[0] = '\0';
+ }
+ } else {
+ D(("localtime_r failed"));
+ }
+
+ ret = snprintf(user_msg, sizeof(user_msg), "%s%s.",
+ _("Offline authentication, authentication is denied until: "),
+ delay_str);
+ if (ret < 0 || ret >= sizeof(user_msg)) {
+ D(("snprintf failed."));
+ return PAM_SYSTEM_ERR;
+ }
+
+ ret = do_pam_conversation(pamh, PAM_TEXT_INFO, user_msg, NULL, NULL);
+ if (ret != PAM_SUCCESS) {
+ D(("do_pam_conversation failed."));
+ return PAM_SYSTEM_ERR;
+ }
+
+ return PAM_SUCCESS;
+}
+
+static int user_info_offline_chpass(pam_handle_t *pamh, size_t buflen,
+ uint8_t *buf)
+{
+ int ret;
+
+ if (buflen != sizeof(uint32_t)) {
+ D(("User info response data has the wrong size"));
+ return PAM_BUF_ERR;
+ }
+
+ ret = do_pam_conversation(pamh, PAM_TEXT_INFO,
+ _("System is offline, password change not possible"),
+ NULL, NULL);
+ if (ret != PAM_SUCCESS) {
+ D(("do_pam_conversation failed."));
+ return PAM_SYSTEM_ERR;
+ }
+
+ return PAM_SUCCESS;
+}
+
+static int user_info_chpass_error(pam_handle_t *pamh, size_t buflen,
+ uint8_t *buf)
+{
+ int ret;
+ uint32_t msg_len;
+ char user_msg[256];
+
+ if (buflen < 2* sizeof(uint32_t)) {
+ D(("User info response data is too short"));
+ return PAM_BUF_ERR;
+ }
+
+ memcpy(&msg_len, buf + sizeof(uint32_t), sizeof(uint32_t));
+
+ if (buflen != 2* sizeof(uint32_t) + msg_len) {
+ D(("User info response data has the wrong size"));
+ return PAM_BUF_ERR;
+ }
+
+ ret = snprintf(user_msg, sizeof(user_msg), "%s%s%.*s",
+ _("Password change failed. "),
+ msg_len > 0 ? _("Server message: ") : "",
+ msg_len,
+ msg_len > 0 ? (char *)(buf + 2 * sizeof(uint32_t)) : "" );
+ if (ret < 0 || ret >= sizeof(user_msg)) {
+ D(("snprintf failed."));
+ return PAM_SYSTEM_ERR;
+ }
+
+ ret = do_pam_conversation(pamh, PAM_TEXT_INFO, user_msg, NULL, NULL);
+ if (ret != PAM_SUCCESS) {
+ D(("do_pam_conversation failed."));
+ return PAM_SYSTEM_ERR;
+ }
+
+ return PAM_SUCCESS;
+}
+
+
+static int eval_user_info_response(pam_handle_t *pamh, size_t buflen,
+ uint8_t *buf)
+{
+ int ret;
+ uint32_t type;
+
+ if (buflen < sizeof(uint32_t)) {
+ D(("User info response data is too short"));
+ return PAM_BUF_ERR;
+ }
+
+ memcpy(&type, buf, sizeof(uint32_t));
+
+ switch(type) {
+ case SSS_PAM_USER_INFO_OFFLINE_AUTH:
+ ret = user_info_offline_auth(pamh, buflen, buf);
+ break;
+ case SSS_PAM_USER_INFO_OFFLINE_AUTH_DELAYED:
+ ret = user_info_offline_auth_delayed(pamh, buflen, buf);
+ break;
+ case SSS_PAM_USER_INFO_OFFLINE_CHPASS:
+ ret = user_info_offline_chpass(pamh, buflen, buf);
+ break;
+ case SSS_PAM_USER_INFO_CHPASS_ERROR:
+ ret = user_info_chpass_error(pamh, buflen, buf);
+ break;
+ default:
+ D(("Unknown user info type [%d]", type));
+ ret = PAM_SYSTEM_ERR;
+ }
+
+ return ret;
+}
+
+static int eval_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf)
+{
+ int ret;
+ size_t p=0;
+ char *env_item;
+ int32_t c;
+ int32_t type;
+ int32_t len;
+ int32_t pam_status;
+
+ if (buflen < (2*sizeof(int32_t))) {
+ D(("response buffer is too small"));
+ return PAM_BUF_ERR;
+ }
+
+ memcpy(&pam_status, buf+p, sizeof(int32_t));
+ p += sizeof(int32_t);
+
+
+ memcpy(&c, buf+p, sizeof(int32_t));
+ p += sizeof(int32_t);
+
+ while(c>0) {
+ if (buflen < (p+2*sizeof(int32_t))) {
+ D(("response buffer is too small"));
+ return PAM_BUF_ERR;
+ }
+
+ memcpy(&type, buf+p, sizeof(int32_t));
+ p += sizeof(int32_t);
+
+ memcpy(&len, buf+p, sizeof(int32_t));
+ p += sizeof(int32_t);
+
+ if (buflen < (p + len)) {
+ D(("response buffer is too small"));
+ return PAM_BUF_ERR;
+ }
+
+ switch(type) {
+ case SSS_PAM_SYSTEM_INFO:
+ if (buf[p + (len -1)] != '\0') {
+ D(("user info does not end with \\0."));
+ break;
+ }
+ logger(pamh, LOG_INFO, "system info: [%s]", &buf[p]);
+ break;
+ case SSS_PAM_DOMAIN_NAME:
+ D(("domain name: [%s]", &buf[p]));
+ break;
+ case SSS_ENV_ITEM:
+ case SSS_PAM_ENV_ITEM:
+ case SSS_ALL_ENV_ITEM:
+ if (buf[p + (len -1)] != '\0') {
+ D(("env item does not end with \\0."));
+ break;
+ }
+
+ D(("env item: [%s]", &buf[p]));
+ if (type == SSS_PAM_ENV_ITEM || type == SSS_ALL_ENV_ITEM) {
+ ret = pam_putenv(pamh, (char *)&buf[p]);
+ if (ret != PAM_SUCCESS) {
+ D(("pam_putenv failed."));
+ break;
+ }
+ }
+
+ if (type == SSS_ENV_ITEM || type == SSS_ALL_ENV_ITEM) {
+ env_item = strdup((char *)&buf[p]);
+ if (env_item == NULL) {
+ D(("strdup failed"));
+ break;
+ }
+ ret = putenv(env_item);
+ if (ret == -1) {
+ D(("putenv failed."));
+ break;
+ }
+ }
+ break;
+ case SSS_PAM_USER_INFO:
+ ret = eval_user_info_response(pamh, len, &buf[p]);
+ if (ret != PAM_SUCCESS) {
+ D(("eval_user_info_response failed"));
+ }
+ break;
+ default:
+ D(("Unknown response type [%d]", type));
+ }
+ p += len;
+
+ --c;
+ }
+
+ return PAM_SUCCESS;
+}
+
+static int get_pam_items(pam_handle_t *pamh, struct pam_items *pi)
+{
+ int ret;
+
+ pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY;
+ pi->pam_authtok = NULL;
+ pi->pam_authtok_size = 0;
+ pi->pam_newauthtok_type = SSS_AUTHTOK_TYPE_EMPTY;
+ pi->pam_newauthtok = NULL;
+ pi->pam_newauthtok_size = 0;
+
+ ret = pam_get_item(pamh, PAM_SERVICE, (const void **) &(pi->pam_service));
+ if (ret != PAM_SUCCESS) return ret;
+ if (pi->pam_service == NULL) pi->pam_service="";
+ pi->pam_service_size=strlen(pi->pam_service)+1;
+
+ ret = pam_get_item(pamh, PAM_USER, (const void **) &(pi->pam_user));
+ if (ret != PAM_SUCCESS) return ret;
+ if (pi->pam_user == NULL) {
+ D(("No user found, aborting."));
+ return PAM_BAD_ITEM;
+ }
+ if (strcmp(pi->pam_user, "root") == 0) {
+ D(("pam_sss will not handle root."));
+ return PAM_USER_UNKNOWN;
+ }
+ pi->pam_user_size=strlen(pi->pam_user)+1;
+
+
+ ret = pam_get_item(pamh, PAM_TTY, (const void **) &(pi->pam_tty));
+ if (ret != PAM_SUCCESS) return ret;
+ if (pi->pam_tty == NULL) pi->pam_tty="";
+ pi->pam_tty_size=strlen(pi->pam_tty)+1;
+
+ ret = pam_get_item(pamh, PAM_RUSER, (const void **) &(pi->pam_ruser));
+ if (ret != PAM_SUCCESS) return ret;
+ if (pi->pam_ruser == NULL) pi->pam_ruser="";
+ pi->pam_ruser_size=strlen(pi->pam_ruser)+1;
+
+ ret = pam_get_item(pamh, PAM_RHOST, (const void **) &(pi->pam_rhost));
+ if (ret != PAM_SUCCESS) return ret;
+ if (pi->pam_rhost == NULL) pi->pam_rhost="";
+ pi->pam_rhost_size=strlen(pi->pam_rhost)+1;
+
+ ret = pam_get_item(pamh, PAM_AUTHTOK,
+ (const void **) &(pi->pamstack_authtok));
+ if (ret != PAM_SUCCESS) return ret;
+ if (pi->pamstack_authtok == NULL) pi->pamstack_authtok="";
+
+ ret = pam_get_item(pamh, PAM_OLDAUTHTOK,
+ (const void **) &(pi->pamstack_oldauthtok));
+ if (ret != PAM_SUCCESS) return ret;
+ if (pi->pamstack_oldauthtok == NULL) pi->pamstack_oldauthtok="";
+
+ pi->cli_pid = getpid();
+
+ pi->login_name = pam_modutil_getlogin(pamh);
+ if (pi->login_name == NULL) pi->login_name="";
+
+ return PAM_SUCCESS;
+}
+
+static void print_pam_items(struct pam_items *pi)
+{
+ if (pi == NULL) return;
+
+ D(("Service: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_service)));
+ D(("User: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_user)));
+ D(("Tty: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_tty)));
+ D(("Ruser: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_ruser)));
+ D(("Rhost: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_rhost)));
+ D(("Pamstack_Authtok: %s",
+ CHECK_AND_RETURN_PI_STRING(pi->pamstack_authtok)));
+ D(("Pamstack_Oldauthtok: %s",
+ CHECK_AND_RETURN_PI_STRING(pi->pamstack_oldauthtok)));
+ D(("Authtok: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_authtok)));
+ D(("Newauthtok: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_newauthtok)));
+ D(("Cli_PID: %d", pi->cli_pid));
+}
+
+static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi,
+ enum sss_cli_command task)
+{
+ int ret;
+ int errnop;
+ struct sss_cli_req_data rd;
+ uint8_t *buf = NULL;
+ uint8_t *repbuf = NULL;
+ size_t replen;
+ int pam_status = PAM_SYSTEM_ERR;
+
+ print_pam_items(pi);
+
+ ret = pack_message_v3(pi, &rd.len, &buf);
+ if (ret != 0) {
+ D(("pack_message failed."));
+ pam_status = PAM_SYSTEM_ERR;
+ goto done;
+ }
+ rd.data = buf;
+
+ ret = sss_pam_make_request(task, &rd, &repbuf, &replen, &errnop);
+
+ if (ret != NSS_STATUS_SUCCESS) {
+ logger(pamh, LOG_ERR, "Request to sssd failed.");
+ pam_status = PAM_SYSTEM_ERR;
+ goto done;
+ }
+
+/* FIXME: add an end signature */
+ if (replen < (2*sizeof(int32_t))) {
+ D(("response not in expected format."));
+ pam_status = PAM_SYSTEM_ERR;
+ goto done;
+ }
+
+ pam_status = ((int32_t *)repbuf)[0];
+ ret = eval_response(pamh, replen, repbuf);
+ if (ret != PAM_SUCCESS) {
+ D(("eval_response failed."));
+ pam_status = ret;
+ goto done;
+ }
+
+ switch (task) {
+ case SSS_PAM_AUTHENTICATE:
+ logger(pamh, (pam_status == PAM_SUCCESS ? LOG_INFO : LOG_NOTICE),
+ "authentication %s; logname=%s uid=%lu euid=%d tty=%s "
+ "ruser=%s rhost=%s user=%s",
+ pam_status == PAM_SUCCESS ? "success" : "failure",
+ pi->login_name, getuid(), (unsigned long) geteuid(),
+ pi->pam_tty, pi->pam_ruser, pi->pam_rhost, pi->pam_user);
+ if (pam_status != PAM_SUCCESS) {
+ logger(pamh, LOG_NOTICE, "received for user %s: %d (%s)",
+ pi->pam_user, pam_status,
+ pam_strerror(pamh,pam_status));
+ }
+ break;
+ case SSS_PAM_CHAUTHTOK_PRELIM:
+ if (pam_status != PAM_SUCCESS) {
+ logger(pamh, LOG_NOTICE,
+ "Authentication failed for user %s: %d (%s)",
+ pi->pam_user, pam_status,
+ pam_strerror(pamh,pam_status));
+ }
+ break;
+ case SSS_PAM_CHAUTHTOK:
+ if (pam_status != PAM_SUCCESS) {
+ logger(pamh, LOG_NOTICE,
+ "Password change failed for user %s: %d (%s)",
+ pi->pam_user, pam_status,
+ pam_strerror(pamh,pam_status));
+ }
+ break;
+ case SSS_PAM_ACCT_MGMT:
+ if (pam_status != PAM_SUCCESS) {
+ logger(pamh, LOG_NOTICE,
+ "Access denied for user %s: %d (%s)",
+ pi->pam_user, pam_status,
+ pam_strerror(pamh,pam_status));
+ }
+ break;
+ case SSS_PAM_SETCRED:
+ case SSS_PAM_OPEN_SESSION:
+ case SSS_PAM_CLOSE_SESSION:
+ break;
+ default:
+ D(("Illegal task [%d]", task));
+ return PAM_SYSTEM_ERR;
+ }
+
+done:
+ if (buf != NULL ) {
+ _pam_overwrite_n((void *)buf, rd.len);
+ free(buf);
+ }
+ free(repbuf);
+
+ return pam_status;
+}
+
+static int prompt_password(pam_handle_t *pamh, struct pam_items *pi)
+{
+ int ret;
+ char *answer = NULL;
+
+ ret = do_pam_conversation(pamh, PAM_PROMPT_ECHO_OFF, _("Password: "),
+ NULL, &answer);
+ if (ret != PAM_SUCCESS) {
+ D(("do_pam_conversation failed."));
+ return ret;
+ }
+
+ if (answer == NULL) {
+ pi->pam_authtok = NULL;
+ pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY;
+ pi->pam_authtok_size=0;
+ } else {
+ pi->pam_authtok = strdup(answer);
+ _pam_overwrite((void *)answer);
+ free(answer);
+ answer=NULL;
+ if (pi->pam_authtok == NULL) {
+ return PAM_BUF_ERR;
+ }
+ pi->pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
+ pi->pam_authtok_size=strlen(pi->pam_authtok);
+ }
+
+ return PAM_SUCCESS;
+}
+
+static int prompt_new_password(pam_handle_t *pamh, struct pam_items *pi)
+{
+ int ret;
+ char *answer = NULL;
+
+ ret = do_pam_conversation(pamh, PAM_PROMPT_ECHO_OFF,
+ _("New Password: "),
+ _("Reenter new Password: "),
+ &answer);
+ if (ret != PAM_SUCCESS) {
+ D(("do_pam_conversation failed."));
+ return ret;
+ }
+ if (answer == NULL) {
+ pi->pam_newauthtok = NULL;
+ pi->pam_newauthtok_type = SSS_AUTHTOK_TYPE_EMPTY;
+ pi->pam_newauthtok_size=0;
+ } else {
+ pi->pam_newauthtok = strdup(answer);
+ _pam_overwrite((void *)answer);
+ free(answer);
+ answer=NULL;
+ if (pi->pam_newauthtok == NULL) {
+ return PAM_BUF_ERR;
+ }
+ pi->pam_newauthtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
+ pi->pam_newauthtok_size=strlen(pi->pam_newauthtok);
+ }
+
+ return PAM_SUCCESS;
+}
+
+static void eval_argv(pam_handle_t *pamh, int argc, const char **argv,
+ uint32_t *flags)
+{
+ for (; argc-- > 0; ++argv) {
+ if (strcmp(*argv, "forward_pass") == 0) {
+ *flags |= FLAGS_FORWARD_PASS;
+ } else if (strcmp(*argv, "use_first_pass") == 0) {
+ *flags |= FLAGS_USE_FIRST_PASS;
+ } else if (strcmp(*argv, "use_authtok") == 0) {
+ *flags |= FLAGS_USE_AUTHTOK;
+ } else {
+ logger(pamh, LOG_WARNING, "unknown option: %s", *argv);
+ }
+ }
+
+ return;
+}
+
+static int get_authtok_for_authentication(pam_handle_t *pamh,
+ struct pam_items *pi,
+ uint32_t flags)
+{
+ int ret;
+
+ if (flags & FLAGS_USE_FIRST_PASS) {
+ pi->pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
+ pi->pam_authtok = strdup(pi->pamstack_authtok);
+ if (pi->pam_authtok == NULL) {
+ D(("option use_first_pass set, but no password found"));
+ return PAM_BUF_ERR;
+ }
+ pi->pam_authtok_size = strlen(pi->pam_authtok);
+ } else {
+ ret = prompt_password(pamh, pi);
+ if (ret != PAM_SUCCESS) {
+ D(("failed to get password from user"));
+ return ret;
+ }
+
+ if (flags & FLAGS_FORWARD_PASS) {
+ ret = pam_set_item(pamh, PAM_AUTHTOK, pi->pam_authtok);
+ if (ret != PAM_SUCCESS) {
+ D(("Failed to set PAM_AUTHTOK [%s], "
+ "authtok may not be available for other modules",
+ pam_strerror(pamh,ret)));
+ }
+ }
+ }
+
+ return PAM_SUCCESS;
+}
+
+static int get_authtok_for_password_change(pam_handle_t *pamh,
+ struct pam_items *pi,
+ uint32_t flags,
+ int pam_flags)
+{
+ int ret;
+
+ /* we query for the old password during PAM_PRELIM_CHECK to make
+ * pam_sss work e.g. with pam_cracklib */
+ if (pam_flags & PAM_PRELIM_CHECK) {
+ if (getuid() != 0 && !(flags & FLAGS_USE_FIRST_PASS)) {
+ ret = prompt_password(pamh, pi);
+ if (ret != PAM_SUCCESS) {
+ D(("failed to get password from user"));
+ return ret;
+ }
+
+ ret = pam_set_item(pamh, PAM_OLDAUTHTOK, pi->pam_authtok);
+ if (ret != PAM_SUCCESS) {
+ D(("Failed to set PAM_OLDAUTHTOK [%s], "
+ "oldauthtok may not be available",
+ pam_strerror(pamh,ret)));
+ return ret;
+ }
+ }
+
+ return PAM_SUCCESS;
+ }
+
+ if (pi->pamstack_oldauthtok == NULL) {
+ if (getuid() != 0) {
+ D(("no password found for chauthtok"));
+ return PAM_BUF_ERR;
+ } else {
+ pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY;
+ pi->pam_authtok = NULL;
+ pi->pam_authtok_size = 0;
+ }
+ } else {
+ pi->pam_authtok = strdup(pi->pamstack_oldauthtok);
+ pi->pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
+ pi->pam_authtok_size = strlen(pi->pam_authtok);
+ }
+
+ if (flags & FLAGS_USE_AUTHTOK) {
+ pi->pam_newauthtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
+ pi->pam_newauthtok = strdup(pi->pamstack_authtok);
+ if (pi->pam_newauthtok == NULL) {
+ D(("option use_authtok set, but no new password found"));
+ return PAM_BUF_ERR;
+ }
+ pi->pam_newauthtok_size = strlen(pi->pam_newauthtok);
+ } else {
+ ret = prompt_new_password(pamh, pi);
+ if (ret != PAM_SUCCESS) {
+ D(("failed to get new password from user"));
+ return ret;
+ }
+
+ if (flags & FLAGS_FORWARD_PASS) {
+ ret = pam_set_item(pamh, PAM_AUTHTOK, pi->pam_newauthtok);
+ if (ret != PAM_SUCCESS) {
+ D(("Failed to set PAM_AUTHTOK [%s], "
+ "oldauthtok may not be available",
+ pam_strerror(pamh,ret)));
+ }
+ }
+ }
+
+ return PAM_SUCCESS;
+}
+
+static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
+ int pam_flags, int argc, const char **argv)
+{
+ int ret;
+ struct pam_items pi;
+ uint32_t flags = 0;
+
+ bindtextdomain(PACKAGE, LOCALEDIR);
+
+ D(("Hello pam_sssd: %d", task));
+
+ eval_argv(pamh, argc, argv, &flags);
+
+ ret = get_pam_items(pamh, &pi);
+ if (ret != PAM_SUCCESS) {
+ D(("get items returned error: %s", pam_strerror(pamh,ret)));
+ return ret;
+ }
+
+
+ switch(task) {
+ case SSS_PAM_AUTHENTICATE:
+ ret = get_authtok_for_authentication(pamh, &pi, flags);
+ if (ret != PAM_SUCCESS) {
+ D(("failed to get authentication token: %s",
+ pam_strerror(pamh, ret)));
+ return ret;
+ }
+ break;
+ case SSS_PAM_CHAUTHTOK:
+ ret = get_authtok_for_password_change(pamh, &pi, flags, pam_flags);
+ if (ret != PAM_SUCCESS) {
+ D(("failed to get tokens for password change: %s",
+ pam_strerror(pamh, ret)));
+ return ret;
+ }
+ if (pam_flags & PAM_PRELIM_CHECK) {
+ task = SSS_PAM_CHAUTHTOK_PRELIM;
+ }
+ break;
+ case SSS_PAM_ACCT_MGMT:
+ case SSS_PAM_SETCRED:
+ case SSS_PAM_OPEN_SESSION:
+ case SSS_PAM_CLOSE_SESSION:
+ break;
+ default:
+ D(("Illegal task [%d]", task));
+ return PAM_SYSTEM_ERR;
+ }
+
+ ret = send_and_receive(pamh, &pi, task);
+
+ if (ret == PAM_AUTHTOK_EXPIRED && task == SSS_PAM_AUTHENTICATE) {
+ D(("Authtoken expired, trying to change it"));
+ ret = do_pam_conversation(pamh, PAM_ERROR_MSG,
+ _("Password has expired."), NULL, NULL);
+ if (ret != PAM_SUCCESS) {
+ D(("do_pam_conversation failed."));
+ return PAM_SYSTEM_ERR;
+ }
+
+ pi.pamstack_oldauthtok = pi.pam_authtok;
+ ret = get_authtok_for_password_change(pamh, &pi, flags, pam_flags);
+ if (ret != PAM_SUCCESS) {
+ D(("failed to get tokens for password change: %s",
+ pam_strerror(pamh, ret)));
+ return ret;
+ }
+
+ ret = send_and_receive(pamh, &pi, SSS_PAM_CHAUTHTOK);
+ }
+
+ overwrite_and_free_authtoks(&pi);
+
+ return ret;
+}
+
+PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
+ const char **argv )
+{
+ return pam_sss(SSS_PAM_AUTHENTICATE, pamh, flags, argc, argv);
+}
+
+
+PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
+ const char **argv )
+{
+ return pam_sss(SSS_PAM_SETCRED, pamh, flags, argc, argv);
+}
+
+PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc,
+ const char **argv )
+{
+ return pam_sss(SSS_PAM_ACCT_MGMT, pamh, flags, argc, argv);
+}
+
+PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc,
+ const char **argv )
+{
+ return pam_sss(SSS_PAM_CHAUTHTOK, pamh, flags, argc, argv);
+}
+
+PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
+ const char **argv )
+{
+ return pam_sss(SSS_PAM_OPEN_SESSION, pamh, flags, argc, argv);
+}
+
+PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
+ const char **argv )
+{
+ return pam_sss(SSS_PAM_CLOSE_SESSION, pamh, flags, argc, argv);
+}
+
+
+#ifdef PAM_STATIC
+
+/* static module data */
+
+struct pam_module _pam_sssd_modstruct ={
+ "pam_sssd",
+ pam_sm_authenticate,
+ pam_sm_setcred,
+ pam_sm_acct_mgmt,
+ pam_sm_open_session,
+ pam_sm_close_session,
+ pam_sm_chauthtok
+};
+
+#endif
diff --git a/server/sss_client/pam_test_client.c b/server/sss_client/pam_test_client.c
new file mode 100644
index 000000000..a088981bc
--- /dev/null
+++ b/server/sss_client/pam_test_client.c
@@ -0,0 +1,95 @@
+/*
+ Authors:
+ Sumit Bose <sbose@redhat.com>
+
+ Copyright (C) 2009 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <unistd.h>
+
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+int main(int argc, char *argv[]) {
+
+ pam_handle_t *pamh;
+ char *user;
+ char *action;
+ int ret;
+
+ if (argc == 1) {
+ fprintf(stderr, "missing action and user name, using default\n");
+ action = strdup("auth");
+ user = strdup("dummy");
+ } else if (argc == 2) {
+ fprintf(stdout, "using first argument as action and default user name\n");
+ action = strdup(argv[1]);
+ user = strdup("dummy");
+ } else {
+ action = strdup(argv[1]);
+ user = strdup(argv[2]);
+ }
+
+ fprintf(stdout, "action: %s\nuser: %s\n", action,user);
+
+ ret = pam_start("sss_test", user, &conv, &pamh);
+ if (ret != PAM_SUCCESS) {
+ fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, ret));
+ return 1;
+ }
+
+ if ( strncmp(action, "auth", 4)== 0 ) {
+ fprintf(stdout, "testing pam_authenticate\n");
+ ret = pam_authenticate(pamh, 0);
+ fprintf(stderr, "pam_authenticate: %s\n", pam_strerror(pamh, ret));
+ } else if ( strncmp(action, "chau", 4)== 0 ) {
+ fprintf(stdout, "testing pam_chauthtok\n");
+ ret = pam_chauthtok(pamh, 0);
+ fprintf(stderr, "pam_chauthtok: %s\n", pam_strerror(pamh, ret));
+ } else if ( strncmp(action, "acct", 4)== 0 ) {
+ fprintf(stdout, "testing pam_acct_mgmt\n");
+ ret = pam_acct_mgmt(pamh, 0);
+ fprintf(stderr, "pam_acct_mgmt: %s\n", pam_strerror(pamh, ret));
+ } else if ( strncmp(action, "setc", 4)== 0 ) {
+ fprintf(stdout, "testing pam_setcred\n");
+ ret = pam_setcred(pamh, 0);
+ fprintf(stderr, "pam_setcred: %d[%s]\n", ret, pam_strerror(pamh, ret));
+ } else if ( strncmp(action, "open", 4)== 0 ) {
+ fprintf(stdout, "testing pam_open_session\n");
+ ret = pam_open_session(pamh, 0);
+ fprintf(stderr, "pam_open_session: %s\n", pam_strerror(pamh, ret));
+ } else if ( strncmp(action, "clos", 4)== 0 ) {
+ fprintf(stdout, "testing pam_close_session\n");
+ ret = pam_close_session(pamh, 0);
+ fprintf(stderr, "pam_close_session: %s\n", pam_strerror(pamh, ret));
+ } else {
+ fprintf(stderr, "unknown action\n");
+ }
+
+ pam_end(pamh, ret);
+
+ return 0;
+}
diff --git a/server/sss_client/passwd.c b/server/sss_client/passwd.c
new file mode 100644
index 000000000..0d70b6843
--- /dev/null
+++ b/server/sss_client/passwd.c
@@ -0,0 +1,373 @@
+/*
+ * System Security Services Daemon. NSS client interface
+ *
+ * Copyright (C) Simo Sorce 2007
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* PASSWD database NSS interface */
+
+#include <nss.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include "sss_cli.h"
+
+static struct sss_nss_getpwent_data {
+ size_t len;
+ size_t ptr;
+ uint8_t *data;
+} sss_nss_getpwent_data;
+
+static void sss_nss_getpwent_data_clean(void) {
+
+ if (sss_nss_getpwent_data.data != NULL) {
+ free(sss_nss_getpwent_data.data);
+ sss_nss_getpwent_data.data = NULL;
+ }
+ sss_nss_getpwent_data.len = 0;
+ sss_nss_getpwent_data.ptr = 0;
+}
+
+/* GETPWNAM Request:
+ *
+ * 0-X: string with name
+ *
+ * GERTPWUID Request:
+ *
+ * 0-3: 32bit number with uid
+ *
+ * Replies:
+ *
+ * 0-3: 32bit unsigned number of results
+ * 4-7: 32bit unsigned (reserved/padding)
+ * For each result:
+ * 0-3: 32bit number uid
+ * 4-7: 32bit number gid
+ * 8-X: sequence of 5, 0 terminated, strings (name, passwd, gecos, dir, shell)
+ */
+
+struct sss_nss_pw_rep {
+ struct passwd *result;
+ char *buffer;
+ size_t buflen;
+};
+
+static int sss_nss_getpw_readrep(struct sss_nss_pw_rep *pr,
+ uint8_t *buf, size_t *len)
+{
+ size_t i, slen, dlen;
+ char *sbuf;
+
+ if (*len < 13) { /* not enough space for data, bad packet */
+ return EBADMSG;
+ }
+
+ pr->result->pw_uid = ((uint32_t *)buf)[0];
+ pr->result->pw_gid = ((uint32_t *)buf)[1];
+
+ sbuf = (char *)&buf[8];
+ slen = *len - 8;
+ dlen = pr->buflen;
+
+ i = 0;
+ pr->result->pw_name = &(pr->buffer[i]);
+ while (slen > i && dlen > 0) {
+ pr->buffer[i] = sbuf[i];
+ if (pr->buffer[i] == '\0') break;
+ i++;
+ dlen--;
+ }
+ if (slen <= i) { /* premature end of buf */
+ return EBADMSG;
+ }
+ if (dlen <= 0) { /* not enough memory */
+ return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */
+ }
+ i++;
+ dlen--;
+
+ pr->result->pw_passwd = &(pr->buffer[i]);
+ while (slen > i && dlen > 0) {
+ pr->buffer[i] = sbuf[i];
+ if (pr->buffer[i] == '\0') break;
+ i++;
+ dlen--;
+ }
+ if (slen <= i) { /* premature end of buf */
+ return EBADMSG;
+ }
+ if (dlen <= 0) { /* not enough memory */
+ return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */
+ }
+ i++;
+ dlen--;
+
+ pr->result->pw_gecos = &(pr->buffer[i]);
+ while (slen > i && dlen > 0) {
+ pr->buffer[i] = sbuf[i];
+ if (pr->buffer[i] == '\0') break;
+ i++;
+ dlen--;
+ }
+ if (slen <= i) { /* premature end of buf */
+ return EBADMSG;
+ }
+ if (dlen <= 0) { /* not enough memory */
+ return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */
+ }
+ i++;
+ dlen--;
+
+ pr->result->pw_dir = &(pr->buffer[i]);
+ while (slen > i && dlen > 0) {
+ pr->buffer[i] = sbuf[i];
+ if (pr->buffer[i] == '\0') break;
+ i++;
+ dlen--;
+ }
+ if (slen <= i) { /* premature end of buf */
+ return EBADMSG;
+ }
+ if (dlen <= 0) { /* not enough memory */
+ return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */
+ }
+ i++;
+ dlen--;
+
+ pr->result->pw_shell = &(pr->buffer[i]);
+ while (slen > i && dlen > 0) {
+ pr->buffer[i] = sbuf[i];
+ if (pr->buffer[i] == '\0') break;
+ i++;
+ dlen--;
+ }
+ if (slen <= i) { /* premature end of buf */
+ return EBADMSG;
+ }
+ if (dlen <= 0) { /* not enough memory */
+ return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */
+ }
+
+ *len = slen -i -1;
+
+ return 0;
+}
+
+enum nss_status _nss_sss_getpwnam_r(const char *name, struct passwd *result,
+ char *buffer, size_t buflen, int *errnop)
+{
+ struct sss_cli_req_data rd;
+ struct sss_nss_pw_rep pwrep;
+ uint8_t *repbuf;
+ size_t replen, len;
+ enum nss_status nret;
+ int ret;
+
+ /* Caught once glibc passing in buffer == 0x0 */
+ if (!buffer || !buflen) return ERANGE;
+
+ rd.len = strlen(name) + 1;
+ rd.data = name;
+
+ nret = sss_nss_make_request(SSS_NSS_GETPWNAM, &rd,
+ &repbuf, &replen, errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ return nret;
+ }
+
+ pwrep.result = result;
+ pwrep.buffer = buffer;
+ pwrep.buflen = buflen;
+
+ /* no results if not found */
+ if (((uint32_t *)repbuf)[0] == 0) {
+ free(repbuf);
+ return NSS_STATUS_NOTFOUND;
+ }
+
+ /* only 1 result is accepted for this function */
+ if (((uint32_t *)repbuf)[0] != 1) {
+ *errnop = EBADMSG;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ len = replen - 8;
+ ret = sss_nss_getpw_readrep(&pwrep, repbuf+8, &len);
+ free(repbuf);
+ if (ret) {
+ *errnop = ret;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ return NSS_STATUS_SUCCESS;
+}
+
+enum nss_status _nss_sss_getpwuid_r(uid_t uid, struct passwd *result,
+ char *buffer, size_t buflen, int *errnop)
+{
+ struct sss_cli_req_data rd;
+ struct sss_nss_pw_rep pwrep;
+ uint8_t *repbuf;
+ size_t replen, len;
+ enum nss_status nret;
+ uint32_t user_uid;
+ int ret;
+
+ /* Caught once glibc passing in buffer == 0x0 */
+ if (!buffer || !buflen) return ERANGE;
+
+ user_uid = uid;
+ rd.len = sizeof(uint32_t);
+ rd.data = &user_uid;
+
+ nret = sss_nss_make_request(SSS_NSS_GETPWUID, &rd,
+ &repbuf, &replen, errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ return nret;
+ }
+
+ pwrep.result = result;
+ pwrep.buffer = buffer;
+ pwrep.buflen = buflen;
+
+ /* no results if not found */
+ if (((uint32_t *)repbuf)[0] == 0) {
+ free(repbuf);
+ return NSS_STATUS_NOTFOUND;
+ }
+
+ /* only 1 result is accepted for this function */
+ if (((uint32_t *)repbuf)[0] != 1) {
+ *errnop = EBADMSG;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ len = replen - 8;
+ ret = sss_nss_getpw_readrep(&pwrep, repbuf+8, &len);
+ free(repbuf);
+ if (ret) {
+ *errnop = ret;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ return NSS_STATUS_SUCCESS;
+}
+
+enum nss_status _nss_sss_setpwent(void)
+{
+ enum nss_status nret;
+ int errnop;
+
+ /* make sure we do not have leftovers, and release memory */
+ sss_nss_getpwent_data_clean();
+
+ nret = sss_nss_make_request(SSS_NSS_SETPWENT,
+ NULL, NULL, NULL, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ errno = errnop;
+ return nret;
+ }
+
+ return NSS_STATUS_SUCCESS;
+}
+
+enum nss_status _nss_sss_getpwent_r(struct passwd *result,
+ char *buffer, size_t buflen,
+ int *errnop)
+{
+ struct sss_cli_req_data rd;
+ struct sss_nss_pw_rep pwrep;
+ uint8_t *repbuf;
+ size_t replen;
+ enum nss_status nret;
+ uint32_t num_entries;
+ int ret;
+
+ /* Caught once glibc passing in buffer == 0x0 */
+ if (!buffer || !buflen) return ERANGE;
+
+ /* if there are leftovers return the next one */
+ if (sss_nss_getpwent_data.data != NULL &&
+ sss_nss_getpwent_data.ptr < sss_nss_getpwent_data.len) {
+
+ repbuf = sss_nss_getpwent_data.data + sss_nss_getpwent_data.ptr;
+ replen = sss_nss_getpwent_data.len - sss_nss_getpwent_data.ptr;
+
+ pwrep.result = result;
+ pwrep.buffer = buffer;
+ pwrep.buflen = buflen;
+
+ ret = sss_nss_getpw_readrep(&pwrep, repbuf, &replen);
+ if (ret) {
+ *errnop = ret;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ /* advance buffer pointer */
+ sss_nss_getpwent_data.ptr = sss_nss_getpwent_data.len - replen;
+
+ return NSS_STATUS_SUCCESS;
+ }
+
+ /* release memory if any */
+ sss_nss_getpwent_data_clean();
+
+ /* retrieve no more than SSS_NSS_MAX_ENTRIES at a time */
+ num_entries = SSS_NSS_MAX_ENTRIES;
+ rd.len = sizeof(uint32_t);
+ rd.data = &num_entries;
+
+ nret = sss_nss_make_request(SSS_NSS_GETPWENT, &rd,
+ &repbuf, &replen, errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ return nret;
+ }
+
+ /* no results if not found */
+ if ((((uint32_t *)repbuf)[0] == 0) || (replen - 8 == 0)) {
+ free(repbuf);
+ return NSS_STATUS_NOTFOUND;
+ }
+
+ sss_nss_getpwent_data.data = repbuf;
+ sss_nss_getpwent_data.len = replen;
+ sss_nss_getpwent_data.ptr = 8; /* skip metadata fields */
+
+ /* call again ourselves, this will return the first result */
+ return _nss_sss_getpwent_r(result, buffer, buflen, errnop);
+}
+
+enum nss_status _nss_sss_endpwent(void)
+{
+ enum nss_status nret;
+ int errnop;
+
+ /* make sure we do not have leftovers, and release memory */
+ sss_nss_getpwent_data_clean();
+
+ nret = sss_nss_make_request(SSS_NSS_ENDPWENT,
+ NULL, NULL, NULL, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ errno = errnop;
+ return nret;
+ }
+
+ return NSS_STATUS_SUCCESS;
+}
diff --git a/server/sss_client/po/LINGUAS b/server/sss_client/po/LINGUAS
new file mode 100644
index 000000000..123c64cac
--- /dev/null
+++ b/server/sss_client/po/LINGUAS
@@ -0,0 +1,10 @@
+es
+pl
+fr
+it
+ja
+nl
+pt
+de
+sv
+
diff --git a/server/sss_client/po/Makevars b/server/sss_client/po/Makevars
new file mode 100644
index 000000000..1c2ad2ba3
--- /dev/null
+++ b/server/sss_client/po/Makevars
@@ -0,0 +1,41 @@
+# Makefile variables for PO directory in any package using GNU gettext.
+
+# Usually the message domain is the same as the package name.
+DOMAIN = $(PACKAGE)
+
+# These two variables depend on the location of this directory.
+subdir = po
+top_builddir = ..
+
+# These options get passed to xgettext.
+XGETTEXT_OPTIONS = --keyword=_ --keyword=N_
+
+# This is the copyright holder that gets inserted into the header of the
+# $(DOMAIN).pot file. Set this to the copyright holder of the surrounding
+# package. (Note that the msgstr strings, extracted from the package's
+# sources, belong to the copyright holder of the package.) Translators are
+# expected to transfer the copyright for their translations to this person
+# or entity, or to disclaim their copyright. The empty string stands for
+# the public domain; in this case the translators are expected to disclaim
+# their copyright.
+COPYRIGHT_HOLDER = Red Hat, Inc.
+
+# This is the email address or URL to which the translators shall report
+# bugs in the untranslated strings:
+# - Strings which are not entire sentences, see the maintainer guidelines
+# in the GNU gettext documentation, section 'Preparing Strings'.
+# - Strings which use unclear terms or require additional context to be
+# understood.
+# - Strings which make invalid assumptions about notation of date, time or
+# money.
+# - Pluralisation problems.
+# - Incorrect English spelling.
+# - Incorrect formatting.
+# It can be your email address, or a mailing list address where translators
+# can write to without being subscribed, or the URL of a web page through
+# which the translators can contact you.
+MSGID_BUGS_ADDRESS = sssd-devel@lists.fedorahosted.org
+
+# This is the list of locale categories, beyond LC_MESSAGES, for which the
+# message catalogs shall be used. It is usually empty.
+EXTRA_LOCALE_CATEGORIES =
diff --git a/server/sss_client/po/POTFILES.in b/server/sss_client/po/POTFILES.in
new file mode 100644
index 000000000..feeb0049c
--- /dev/null
+++ b/server/sss_client/po/POTFILES.in
@@ -0,0 +1,6 @@
+# List of source files which contain translatable strings.
+common.c
+group.c
+pam_sss.c
+pam_test_client.c
+passwd.c
diff --git a/server/sss_client/po/de.po b/server/sss_client/po/de.po
new file mode 100644
index 000000000..68f344266
--- /dev/null
+++ b/server/sss_client/po/de.po
@@ -0,0 +1,46 @@
+# German translation of SSSd client.
+# Copyright (C) 2009 Red Hat, Inc.
+# This file is distributed under the same license as the sssd package.
+#
+# Fabian Affolter <fab@fedoraproject.org>, 2009.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: SSSD Client\n"
+"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+"POT-Creation-Date: 2010-02-05 09:37-0500\n"
+"PO-Revision-Date: 2009-12-09 11:18+0100\n"
+"Last-Translator: Fabian Affolter <fab@fedoraproject.org>\n"
+"Language-Team: German <fedora-trans-de@redhat.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: German\n"
+
+#: pam_sss.c:336
+msgid "Passwords do not match"
+msgstr "Passwörter stimmen nicht überein"
+
+#: pam_sss.c:405
+msgid "Offline authentication"
+msgstr ""
+
+#: pam_sss.c:406
+msgid ", your cached password will expire at: "
+msgstr ""
+
+#: pam_sss.c:730
+msgid "Password: "
+msgstr "Passwort: "
+
+#: pam_sss.c:762
+msgid "New Password: "
+msgstr "Neues Passwort: "
+
+#: pam_sss.c:763
+msgid "Reenter new Password: "
+msgstr "Neues Passwort noch einmal eingeben: "
+
+#: pam_sss.c:967
+msgid "Password has expired."
+msgstr "Passwort ist abgelaufen."
diff --git a/server/sss_client/po/es.po b/server/sss_client/po/es.po
new file mode 100644
index 000000000..be67efe3b
--- /dev/null
+++ b/server/sss_client/po/es.po
@@ -0,0 +1,46 @@
+# English translations for sss_client package.
+# Copyright (C) 2009 Red Hat, Inc.
+# This file is distributed under the same license as the sss_client package.
+# Automatically generated, 2009.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: sss_client 0.4.0\n"
+"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+"POT-Creation-Date: 2010-02-05 09:37-0500\n"
+"PO-Revision-Date: 2009-12-08 15:37-0300\n"
+"Last-Translator: Domingo Becker <domingobecker@gmail.com>\n"
+"Language-Team: Transifex Spanish\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Poedit-Language: Spanish\n"
+
+#: pam_sss.c:336
+msgid "Passwords do not match"
+msgstr "Las contraseñas no coinciden"
+
+#: pam_sss.c:405
+msgid "Offline authentication"
+msgstr ""
+
+#: pam_sss.c:406
+msgid ", your cached password will expire at: "
+msgstr ""
+
+#: pam_sss.c:730
+msgid "Password: "
+msgstr "Contraseña: "
+
+#: pam_sss.c:762
+msgid "New Password: "
+msgstr "Nueva contraseña: "
+
+#: pam_sss.c:763
+msgid "Reenter new Password: "
+msgstr "Reingrese la contraseña nueva:"
+
+#: pam_sss.c:967
+msgid "Password has expired."
+msgstr "La contraseña ha expirado."
diff --git a/server/sss_client/po/fr.po b/server/sss_client/po/fr.po
new file mode 100644
index 000000000..657e3f403
--- /dev/null
+++ b/server/sss_client/po/fr.po
@@ -0,0 +1,44 @@
+# French translation of SSS Client
+# Copyright (C) 2009 Red Hat, Inc.
+# This file is distributed under the same license as the SSSD package.
+# Pablo Martin-Gomez <pablo.martin-gomez@laposte.net>, 2009.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: fr\n"
+"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+"POT-Creation-Date: 2010-02-05 09:37-0500\n"
+"PO-Revision-Date: 2009-11-17 21:05+0100\n"
+"Last-Translator: Pablo Martin-Gomez <pablo.martin-gomez@laposte.net>\n"
+"Language-Team: Français <fedora-trans-fr@redhat.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: pam_sss.c:336
+msgid "Passwords do not match"
+msgstr "Les mots de passe ne correspondent pas"
+
+#: pam_sss.c:405
+msgid "Offline authentication"
+msgstr ""
+
+#: pam_sss.c:406
+msgid ", your cached password will expire at: "
+msgstr ""
+
+#: pam_sss.c:730
+msgid "Password: "
+msgstr "Mot de passe : "
+
+#: pam_sss.c:762
+msgid "New Password: "
+msgstr "Nouveau mot de passe : "
+
+#: pam_sss.c:763
+msgid "Reenter new Password: "
+msgstr "Retaper le nouveau mot de passe : "
+
+#: pam_sss.c:967
+msgid "Password has expired."
+msgstr "Le mot de passe a expiré."
diff --git a/server/sss_client/po/it.po b/server/sss_client/po/it.po
new file mode 100644
index 000000000..a78bb2435
--- /dev/null
+++ b/server/sss_client/po/it.po
@@ -0,0 +1,47 @@
+# Italian translations for sss_client package.
+# Copyright (C) 2009 Red Hat, Inc.
+# This file is distributed under the same license as the sss_client package.
+# Marina Latini <deneb.alphacygni@gmail.com>, 2009.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: it\n"
+"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+"POT-Creation-Date: 2010-02-05 09:37-0500\n"
+"PO-Revision-Date: \n"
+"Last-Translator: Marina Latini <deneb.alphacygni@gmail.com>\n"
+"Language-Team: Italian <fedora-trans-it@redhat.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Italian\n"
+"X-Poedit-Country: ITALY\n"
+"X-Poedit-SourceCharset: utf-8\n"
+
+#: pam_sss.c:336
+msgid "Passwords do not match"
+msgstr "Le password non coincidono"
+
+#: pam_sss.c:405
+msgid "Offline authentication"
+msgstr ""
+
+#: pam_sss.c:406
+msgid ", your cached password will expire at: "
+msgstr ""
+
+#: pam_sss.c:730
+msgid "Password: "
+msgstr "Password: "
+
+#: pam_sss.c:762
+msgid "New Password: "
+msgstr "Nuova password: "
+
+#: pam_sss.c:763
+msgid "Reenter new Password: "
+msgstr "reinserire la nuova password: "
+
+#: pam_sss.c:967
+msgid "Password has expired."
+msgstr "La password è scaduta."
diff --git a/server/sss_client/po/ja.po b/server/sss_client/po/ja.po
new file mode 100644
index 000000000..527815b96
--- /dev/null
+++ b/server/sss_client/po/ja.po
@@ -0,0 +1,46 @@
+# translation of sss_client_ja.po to Japanese
+# Copyright (C) YEAR Red Hat, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+#
+# Noriko Mizumoto <noriko@fedoraproject.org>, 2009.
+msgid ""
+msgstr ""
+"Project-Id-Version: sss_client_ja\n"
+"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+"POT-Creation-Date: 2010-02-05 09:37-0500\n"
+"PO-Revision-Date: 2009-11-18 09:47+1000\n"
+"Last-Translator: Noriko Mizumoto <noriko@fedoraproject.org>\n"
+"Language-Team: Japanese <fedora-trans-ja@redhat.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+
+#: pam_sss.c:336
+msgid "Passwords do not match"
+msgstr ""
+
+#: pam_sss.c:405
+msgid "Offline authentication"
+msgstr ""
+
+#: pam_sss.c:406
+msgid ", your cached password will expire at: "
+msgstr ""
+
+#: pam_sss.c:730
+msgid "Password: "
+msgstr ""
+
+#: pam_sss.c:762
+msgid "New Password: "
+msgstr ""
+
+#: pam_sss.c:763
+msgid "Reenter new Password: "
+msgstr ""
+
+#: pam_sss.c:967
+msgid "Password has expired."
+msgstr ""
diff --git a/server/sss_client/po/nl.po b/server/sss_client/po/nl.po
new file mode 100644
index 000000000..5c2d39719
--- /dev/null
+++ b/server/sss_client/po/nl.po
@@ -0,0 +1,46 @@
+# translation of sssd.master.sss_client.po to Dutch
+# Copyright (C) YEAR Red Hat, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+#
+# Richard van der Luit <nippur@fedoraproject.org>, 2009.
+msgid ""
+msgstr ""
+"Project-Id-Version: sssd.master.sss_client\n"
+"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+"POT-Creation-Date: 2010-02-05 09:37-0500\n"
+"PO-Revision-Date: 2009-11-19 13:14+0100\n"
+"Last-Translator: Richard van der Luit <nippur@fedoraproject.org>\n"
+"Language-Team: Dutch <nl@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: pam_sss.c:336
+msgid "Passwords do not match"
+msgstr "Wachtwoorden komen niet overeen"
+
+#: pam_sss.c:405
+msgid "Offline authentication"
+msgstr ""
+
+#: pam_sss.c:406
+msgid ", your cached password will expire at: "
+msgstr ""
+
+#: pam_sss.c:730
+msgid "Password: "
+msgstr "Wachtwoord: "
+
+#: pam_sss.c:762
+msgid "New Password: "
+msgstr "Nieuw Wachtwoord: "
+
+#: pam_sss.c:763
+msgid "Reenter new Password: "
+msgstr "Voer nieuw wachtwoord nogmaals in: "
+
+#: pam_sss.c:967
+msgid "Password has expired."
+msgstr "Wachtwoord is verlopen."
diff --git a/server/sss_client/po/pl.po b/server/sss_client/po/pl.po
new file mode 100644
index 000000000..c8b1b479c
--- /dev/null
+++ b/server/sss_client/po/pl.po
@@ -0,0 +1,42 @@
+# translation of pl.po to Polish
+# Piotr Drąg <piotrdrag@gmail.com>, 2009.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: pl\n"
+"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+"POT-Creation-Date: 2010-02-05 09:37-0500\n"
+"PO-Revision-Date: 2010-02-06 01:00+0100\n"
+"Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
+"Language-Team: Polish <trans-pl@lists.fedoraproject.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: pam_sss.c:336
+msgid "Passwords do not match"
+msgstr "Hasła nie zgadzają się"
+
+#: pam_sss.c:405
+msgid "Offline authentication"
+msgstr "Uwierzytelnienie w trybie offline"
+
+#: pam_sss.c:406
+msgid ", your cached password will expire at: "
+msgstr ", hasło w pamięci podręcznej wygaśnie za: "
+
+#: pam_sss.c:730
+msgid "Password: "
+msgstr "Hasło: "
+
+#: pam_sss.c:762
+msgid "New Password: "
+msgstr "Nowe hasło: "
+
+#: pam_sss.c:763
+msgid "Reenter new Password: "
+msgstr "Proszę ponownie podać nowe hasło: "
+
+#: pam_sss.c:967
+msgid "Password has expired."
+msgstr "Hasło wygasło."
diff --git a/server/sss_client/po/pt.po b/server/sss_client/po/pt.po
new file mode 100644
index 000000000..9fd869020
--- /dev/null
+++ b/server/sss_client/po/pt.po
@@ -0,0 +1,46 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR Red Hat, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: sssd.master.sss_client\n"
+"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+"POT-Creation-Date: 2010-02-05 09:37-0500\n"
+"PO-Revision-Date: 2009-12-08 17:32+0100\n"
+"Last-Translator: Rui Gouveia <rui.gouveia@globaltek.pt>\n"
+"Language-Team: PT <fedora-trans-pt@redhat.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Portuguese\n"
+"X-Poedit-Country: PORTUGAL\n"
+
+#: pam_sss.c:336
+msgid "Passwords do not match"
+msgstr "Senhas não coincidem"
+
+#: pam_sss.c:405
+msgid "Offline authentication"
+msgstr ""
+
+#: pam_sss.c:406
+msgid ", your cached password will expire at: "
+msgstr ""
+
+#: pam_sss.c:730
+msgid "Password: "
+msgstr "Senha: "
+
+#: pam_sss.c:762
+msgid "New Password: "
+msgstr "Nova Senha: "
+
+#: pam_sss.c:763
+msgid "Reenter new Password: "
+msgstr "Digite a senha novamente: "
+
+#: pam_sss.c:967
+msgid "Password has expired."
+msgstr "Senha expirou."
diff --git a/server/sss_client/po/sss_client.pot b/server/sss_client/po/sss_client.pot
new file mode 100644
index 000000000..6d8e2a67c
--- /dev/null
+++ b/server/sss_client/po/sss_client.pot
@@ -0,0 +1,45 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR Red Hat, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+"POT-Creation-Date: 2010-02-05 09:37-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: pam_sss.c:336
+msgid "Passwords do not match"
+msgstr ""
+
+#: pam_sss.c:405
+msgid "Offline authentication"
+msgstr ""
+
+#: pam_sss.c:406
+msgid ", your cached password will expire at: "
+msgstr ""
+
+#: pam_sss.c:730
+msgid "Password: "
+msgstr ""
+
+#: pam_sss.c:762
+msgid "New Password: "
+msgstr ""
+
+#: pam_sss.c:763
+msgid "Reenter new Password: "
+msgstr ""
+
+#: pam_sss.c:967
+msgid "Password has expired."
+msgstr ""
diff --git a/server/sss_client/po/sv.po b/server/sss_client/po/sv.po
new file mode 100644
index 000000000..32c45e1aa
--- /dev/null
+++ b/server/sss_client/po/sv.po
@@ -0,0 +1,44 @@
+# Swedish messages for sssd client.
+# Copyright 2009 Red Hat, Inc.
+# This file is distributed under the same license as the sssd package.
+# Göran Uddeborg <goeran@uddeborg.se>, 2009.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: sss_client\n"
+"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+"POT-Creation-Date: 2010-02-05 09:37-0500\n"
+"PO-Revision-Date: 2009-12-09 20:52+0100\n"
+"Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n"
+"Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: pam_sss.c:336
+msgid "Passwords do not match"
+msgstr "Lösenorden stämmer inte överens"
+
+#: pam_sss.c:405
+msgid "Offline authentication"
+msgstr ""
+
+#: pam_sss.c:406
+msgid ", your cached password will expire at: "
+msgstr ""
+
+#: pam_sss.c:730
+msgid "Password: "
+msgstr "Lösenord: "
+
+#: pam_sss.c:762
+msgid "New Password: "
+msgstr "Nytt lösenord: "
+
+#: pam_sss.c:763
+msgid "Reenter new Password: "
+msgstr "Skriv det nya lösenordet igen: "
+
+#: pam_sss.c:967
+msgid "Password has expired."
+msgstr "Lösenordet har gått ut."
diff --git a/server/sss_client/protos.h b/server/sss_client/protos.h
new file mode 100644
index 000000000..adb0b7bb7
--- /dev/null
+++ b/server/sss_client/protos.h
@@ -0,0 +1,137 @@
+/*
+ * System Security Services Daemon. NSS Interface
+ *
+ * Copyright (C) Simo Sorce 2007
+ *
+ * You can used this header file in any way you see fit provided copyright
+ * notices are preserved.
+ *
+ */
+
+#if 0
+/* SHADOW database NSS interface */
+enum nss_status _nss_sss_getspnam_r(const char *name, struct spwd *result,
+ char *buffer, size_t buflen, int *errnop);
+enum nss_status _nss_sss_setspent(void);
+enum nss_status _nss_sss_getspent_r(struct spwd *result,
+ char *buffer, size_t buflen, int *errnop);
+enum nss_status _nss_sss_endspent(void);
+
+
+/* HOSTS database NSS interface */
+enum nss_status _nss_sss_gethostbyname_r(const char *name,
+ struct hostent *result,
+ char *buffer, size_t buflen,
+ int *errnop, int *h_errnop);
+enum nss_status _nss_sss_gethostbyname2_r(const char *name, int af,
+ struct hostent *result,
+ char *buffer, size_t buflen,
+ int *errnop, int *h_errnop);
+enum nss_status _nss_sss_gethostbyaddr_r(const void *addr, socklen_t len,
+ int af, struct hostent *result,
+ char *buffer, size_t buflen,
+ int *errnop, int *h_errnop);
+enum nss_status _nss_sss_sethostent(void);
+enum nss_status _nss_sss_gethostent_r(struct hostent *result,
+ char *buffer, size_t buflen,
+ int *errnop, int *h_errnop);
+enum nss_status _nss_sss_endhostent(void);
+
+/* NETGROUP database NSS interface */
+enum nss_status _nss_sss_setnetgrent(const char *netgroup,
+ struct __netgrent *result);
+enum nss_status _nss_sss_getnetgrent_r(struct __netgrent *result,
+ char *buffer, size_t buflen,
+ int *errnop);
+enum nss_status _nss_ldap_endnetgrent(void);
+/* too bad innetgr is currently implemented as an iteration over
+ * {set|get|end}netgroup ... */
+
+/* NETWORKS database NSS interface */
+enum nss_status _nss_sss_getnetbyname_r(const char *name,
+ struct netent *result,
+ char *buffer, size_t buflen,
+ int *errnop, int *h_errnop);
+enum nss_status _nss_sss_getnetbyaddr_r(uint32_t addr, int af,
+ struct netent *result,
+ char *buffer, size_t buflen,
+ int *errnop, int *h_errnop);
+enum nss_status _nss_sss_setnetent(void);
+enum nss_status _nss_sss_getnetent_r(struct netent *result,
+ char *buffer, size_t buflen,
+ int *errnop, int *h_errnop);
+enum nss_status _nss_sss_endnetent(void);
+
+
+/* PROTOCOLS database NSS interface */
+enum nss_status _nss_sss_getprotobyname_r(const char *name,
+ struct protoent *result,
+ char *buffer, size_t buflen,
+ int *errnop);
+enum nss_status _nss_sss_getprotobynumber_r(int number,
+ struct protoent *result,
+ char *buffer, size_t buflen,
+ int *errnop);
+enum nss_status _nss_sss_setprotoent(void);
+enum nss_status _nss_sss_getprotoent_r(struct protoent *result,
+ char *buffer, size_t buflen,
+ int *errnop);
+enum nss_status _nss_sss_endprotoent(void);
+
+/* SERVICES database NSS interface */
+enum nss_status _nss_sss_getservbyname_r(const char *name,
+ const char *protocol,
+ struct servent *result,
+ char *buffer, size_t buflen,
+ int *errnop);
+enum nss_status _nss_sss_getservbyport_r(int port, const char *protocol,
+ struct servent *result,
+ char *buffer, size_t buflen,
+ int *errnop);
+enum nss_status _nss_sss_setservent(void);
+enum nss_status _nss_sss_getservent_r(struct servent *result,
+ char *buffer, size_t buflen,
+ int *errnop);
+enum nss_status _nss_sss_endservent(void);
+
+/* ALIASES database NSS interface */
+enum nss_status _nss_sss_getaliasbyname_r(const char *name,
+ struct aliasent *result,
+ char *buffer, size_t buflen,
+ int *errnop);
+enum nss_status _nss_sss_setaliasent(void);
+enum nss_status _nss_sss_getaliasent_r(struct aliasent *result,
+ char *buffer, size_t buflen,
+ int *errnop);
+enum nss_status _nss_sss_endaliasent(void);
+
+/* ETHERS database NSS interface */
+enum nss_status _nss_sss_gethostton_r(const char *name,
+ struct etherent *result,
+ char *buffer, size_t buflen,
+ int *errnop);
+enum nss_status _nss_sss_getntohost_r(const struct ether_addr *addr,
+ struct etherent *result,
+ char *buffer, size_t buflen,
+ int *errnop);
+enum nss_status _nss_sss_setetherent(void);
+enum nss_status _nss_sss_getetherent_r(struct etherent *result,
+ char *buffer, size_t buflen,
+ int *errnop);
+enum nss_status _nss_sss_endetherent(void);
+
+/* RPC database NSS interface */
+enum nss_status _nss_sss_getrpcbyname_r(const char *name,
+ struct rpcent *result,
+ char *buffer, size_t buflen,
+ int *errnop);
+enum nss_status _nss_sss_getrpcbynumber_r(int number, struct rpcent *result,
+ char *buffer, size_t buflen,
+ int *errnop);
+enum nss_status _nss_sss_setrpcent(void);
+enum nss_status _nss_sss_getrpcent_r(struct rpcent *result,
+ char *buffer, size_t buflen,
+ int *errnop);
+enum nss_status _nss_sss_endrpcent(void);
+
+#endif
diff --git a/server/sss_client/sss_cli.h b/server/sss_client/sss_cli.h
new file mode 100644
index 000000000..7e9a81ff3
--- /dev/null
+++ b/server/sss_client/sss_cli.h
@@ -0,0 +1,220 @@
+/*
+ * System Security Services Daemon. Client Interface for NSS and PAM.
+ *
+ * Copyright (C) Simo Sorce 2007
+ *
+ * You can used this header file in any way you see fit provided copyright
+ * notices are preserved.
+ *
+ */
+
+#ifndef _SSSCLI_H
+#define _SSSCLI_H
+
+#include <nss.h>
+#include <pwd.h>
+#include <grp.h>
+
+#ifndef HAVE_ERRNO_T
+#define HAVE_ERRNO_T
+typedef int errno_t;
+#endif
+
+#define SSS_NSS_PROTOCOL_VERSION 1
+#define SSS_PAM_PROTOCOL_VERSION 3
+
+enum sss_cli_command {
+/* null */
+ SSS_CLI_NULL = 0x0000,
+
+/* version */
+ SSS_GET_VERSION = 0x0001,
+
+/* passwd */
+
+ SSS_NSS_GETPWNAM = 0x0011,
+ SSS_NSS_GETPWUID = 0x0012,
+ SSS_NSS_SETPWENT = 0x0013,
+ SSS_NSS_GETPWENT = 0x0014,
+ SSS_NSS_ENDPWENT = 0x0015,
+
+/* group */
+
+ SSS_NSS_GETGRNAM = 0x0021,
+ SSS_NSS_GETGRGID = 0x0022,
+ SSS_NSS_SETGRENT = 0x0023,
+ SSS_NSS_GETGRENT = 0x0024,
+ SSS_NSS_ENDGRENT = 0x0025,
+ SSS_NSS_INITGR = 0x0026,
+
+#if 0
+/* aliases */
+
+ SSS_NSS_GETALIASBYNAME = 0x0031,
+ SSS_NSS_GETALIASBYPORT = 0x0032,
+ SSS_NSS_SETALIASENT = 0x0033,
+ SSS_NSS_GETALIASENT = 0x0034,
+ SSS_NSS_ENDALIASENT = 0x0035,
+
+/* ethers */
+
+ SSS_NSS_GETHOSTTON = 0x0041,
+ SSS_NSS_GETNTOHOST = 0x0042,
+ SSS_NSS_SETETHERENT = 0x0043,
+ SSS_NSS_GETETHERENT = 0x0044,
+ SSS_NSS_ENDETHERENT = 0x0045,
+
+/* hosts */
+
+ SSS_NSS_GETHOSTBYNAME = 0x0051,
+ SSS_NSS_GETHOSTBYNAME2 = 0x0052,
+ SSS_NSS_GETHOSTBYADDR = 0x0053,
+ SSS_NSS_SETHOSTENT = 0x0054,
+ SSS_NSS_GETHOSTENT = 0x0055,
+ SSS_NSS_ENDHOSTENT = 0x0056,
+
+/* netgroup */
+
+ SSS_NSS_SETNETGRENT = 0x0061,
+ SSS_NSS_GETNETGRENT = 0x0062,
+ SSS_NSS_ENDNETGRENT = 0x0063,
+ /* SSS_NSS_INNETGR = 0x0064, */
+
+/* networks */
+
+ SSS_NSS_GETNETBYNAME = 0x0071,
+ SSS_NSS_GETNETBYADDR = 0x0072,
+ SSS_NSS_SETNETENT = 0x0073,
+ SSS_NSS_GETNETENT = 0x0074,
+ SSS_NSS_ENDNETENT = 0x0075,
+
+/* protocols */
+
+ SSS_NSS_GETPROTOBYNAME = 0x0081,
+ SSS_NSS_GETPROTOBYNUM = 0x0082,
+ SSS_NSS_SETPROTOENT = 0x0083,
+ SSS_NSS_GETPROTOENT = 0x0084,
+ SSS_NSS_ENDPROTOENT = 0x0085,
+
+/* rpc */
+
+ SSS_NSS_GETRPCBYNAME = 0x0091,
+ SSS_NSS_GETRPCBYNUM = 0x0092,
+ SSS_NSS_SETRPCENT = 0x0093,
+ SSS_NSS_GETRPCENT = 0x0094,
+ SSS_NSS_ENDRPCENT = 0x0095,
+
+/* services */
+
+ SSS_NSS_GETSERVBYNAME = 0x00A1,
+ SSS_NSS_GETSERVBYPORT = 0x00A2,
+ SSS_NSS_SETSERVENT = 0x00A3,
+ SSS_NSS_GETSERVENT = 0x00A4,
+ SSS_NSS_ENDSERVENT = 0x00A5,
+
+/* shadow */
+
+ SSS_NSS_GETSPNAM = 0x00B1,
+ SSS_NSS_GETSPUID = 0x00B2,
+ SSS_NSS_SETSPENT = 0x00B3,
+ SSS_NSS_GETSPENT = 0x00B4,
+ SSS_NSS_ENDSPENT = 0x00B5,
+#endif
+
+/* PAM related calls */
+ SSS_PAM_AUTHENTICATE = 0x00F1,
+ SSS_PAM_SETCRED = 0x00F2,
+ SSS_PAM_ACCT_MGMT = 0x00F3,
+ SSS_PAM_OPEN_SESSION = 0x00F4,
+ SSS_PAM_CLOSE_SESSION = 0x00F5,
+ SSS_PAM_CHAUTHTOK = 0x00F6,
+ SSS_PAM_CHAUTHTOK_PRELIM = 0x00F7,
+
+};
+
+enum sss_authtok_type {
+ SSS_AUTHTOK_TYPE_EMPTY = 0x0000,
+ SSS_AUTHTOK_TYPE_PASSWORD = 0x0001,
+};
+
+#define SSS_START_OF_PAM_REQUEST 0x4d415049
+#define SSS_END_OF_PAM_REQUEST 0x4950414d
+
+enum pam_item_type {
+ SSS_PAM_ITEM_EMPTY = 0x0000,
+ SSS_PAM_ITEM_USER,
+ SSS_PAM_ITEM_SERVICE,
+ SSS_PAM_ITEM_TTY,
+ SSS_PAM_ITEM_RUSER,
+ SSS_PAM_ITEM_RHOST,
+ SSS_PAM_ITEM_AUTHTOK,
+ SSS_PAM_ITEM_NEWAUTHTOK,
+ SSS_PAM_ITEM_CLI_LOCALE,
+ SSS_PAM_ITEM_CLI_PID,
+};
+
+#define SSS_NSS_MAX_ENTRIES 256
+#define SSS_NSS_HEADER_SIZE (sizeof(uint32_t) * 4)
+struct sss_cli_req_data {
+ size_t len;
+ const void *data;
+};
+
+/* this is in milliseconds, wait up to 300 seconds */
+#define SSS_CLI_SOCKET_TIMEOUT 300000
+
+enum sss_status {
+ SSS_STATUS_UNAVAIL,
+ SSS_STATUS_SUCCESS
+};
+
+enum response_type {
+ SSS_PAM_SYSTEM_INFO = 0x01,
+ SSS_PAM_DOMAIN_NAME,
+ SSS_PAM_ENV_ITEM, /* only pam environment */
+ SSS_ENV_ITEM, /* only user environment */
+ SSS_ALL_ENV_ITEM, /* pam and user environment */
+ SSS_PAM_USER_INFO
+};
+
+enum user_info_type {
+ SSS_PAM_USER_INFO_OFFLINE_AUTH = 0x01,
+ SSS_PAM_USER_INFO_OFFLINE_AUTH_DELAYED,
+ SSS_PAM_USER_INFO_OFFLINE_CHPASS,
+ SSS_PAM_USER_INFO_CHPASS_ERROR
+};
+
+enum nss_status sss_nss_make_request(enum sss_cli_command cmd,
+ struct sss_cli_req_data *rd,
+ uint8_t **repbuf, size_t *replen,
+ int *errnop);
+
+int sss_pam_make_request(enum sss_cli_command cmd,
+ struct sss_cli_req_data *rd,
+ uint8_t **repbuf, size_t *replen,
+ int *errnop);
+
+#endif /* _SSSCLI_H */
+
+#if 0
+
+/* GETSPNAM Request:
+ *
+ * 0-X: string with name
+ *
+ * Replies:
+ *
+ * 0-3: 32bit unsigned number of results
+ * 4-7: 32bit unsigned (reserved/padding)
+ * For each result:
+ * 0-7: 64bit unsigned with Date of last change
+ * 8-15: 64bit unsigned with Min #days between changes
+ * 16-23: 64bit unsigned with Max #days between changes
+ * 24-31: 64bit unsigned with #days before pwd expires
+ * 32-39: 64bit unsigned with #days after pwd expires until account is disabled
+ * 40-47: 64bit unsigned with expiration date in days since 1970-01-01
+ * 48-55: 64bit unsigned (flags/reserved)
+ * 56-X: sequence of 2, 0 terminated, strings (name, pwd) 64bit padded
+ */
+#endif
+
diff --git a/server/sss_client/sss_nss.exports b/server/sss_client/sss_nss.exports
new file mode 100644
index 000000000..bcc6b10e1
--- /dev/null
+++ b/server/sss_client/sss_nss.exports
@@ -0,0 +1,73 @@
+EXPORTED {
+
+ # public functions
+ global:
+
+ _nss_sss_getpwnam_r;
+ _nss_sss_getpwuid_r;
+ _nss_sss_setpwent;
+ _nss_sss_getpwent_r;
+ _nss_sss_endpwent;
+
+ _nss_sss_getgrnam_r;
+ _nss_sss_getgrgid_r;
+ _nss_sss_setgrent;
+ _nss_sss_getgrent_r;
+ _nss_sss_endgrent;
+ _nss_sss_initgroups_dyn;
+
+ #_nss_sss_getaliasbyname_r;
+ #_nss_sss_setaliasent;
+ #_nss_sss_getaliasent_r;
+ #_nss_sss_endaliasent;
+
+ #_nss_sss_gethostton_r;
+ #_nss_sss_getntohost_r;
+ #_nss_sss_setetherent;
+ #_nss_sss_getetherent_r;
+ #_nss_sss_endetherent;
+
+ #_nss_sss_gethostbyname_r;
+ #_nss_sss_gethostbyname2_r;
+ #_nss_sss_gethostbyaddr_r;
+ #_nss_sss_sethostent;
+ #_nss_sss_gethostent_r;
+ #_nss_sss_endhostent;
+
+ #_nss_sss_setnetgrent;
+ #_nss_sss_getnetgrent_r;
+ #_nss_sss_endnetgrent;
+
+ #_nss_sss_getnetbyname_r;
+ #_nss_sss_getnetbyaddr_r;
+ #_nss_sss_setnetent;
+ #_nss_sss_getnetent_r;
+ #_nss_sss_endnetent;
+
+ #_nss_sss_getprotobyname_r;
+ #_nss_sss_getprotobynumber_r;
+ #_nss_sss_setprotoent;
+ #_nss_sss_getprotoent_r;
+ #_nss_sss_endprotoent;
+
+ #_nss_sss_getrpcbyname_r;
+ #_nss_sss_getrpcbynumber_r;
+ #_nss_sss_setrpcent;
+ #_nss_sss_getrpcent_r;
+ #_nss_sss_endrpcent;
+
+ #_nss_sss_getservbyname_r;
+ #_nss_sss_getservbyport_r;
+ #_nss_sss_setservent;
+ #_nss_sss_getservent_r;
+ #_nss_sss_endservent;
+
+ #_nss_sss_getspnam_r;
+ #_nss_sss_setspent;
+ #_nss_sss_getspent_r;
+ #_nss_sss_endspent;
+
+ # everything else is local
+ local:
+ *;
+};
diff --git a/server/sss_client/sss_pam.exports b/server/sss_client/sss_pam.exports
new file mode 100644
index 000000000..9afa106be
--- /dev/null
+++ b/server/sss_client/sss_pam.exports
@@ -0,0 +1,4 @@
+{
+ global:
+ *;
+};
diff --git a/server/sss_client/sss_pam_macros.h b/server/sss_client/sss_pam_macros.h
new file mode 100644
index 000000000..5277acd0f
--- /dev/null
+++ b/server/sss_client/sss_pam_macros.h
@@ -0,0 +1,30 @@
+/*
+ * System Security Services Daemon. Client Interface for NSS and PAM.
+ *
+ * Copyright (C) Stephen Gallagher 2009
+ *
+ * You can used this header file in any way you see fit provided copyright
+ * notices are preserved.
+ *
+ */
+
+#ifndef _SSS_PAM_MACROS_H
+#define _SSS_PAM_MACROS_H
+
+/* Older versions of the pam development headers do not include the
+ * _pam_overwrite_n(n,x) macro. This implementation is copied from
+ * the Fedora 11 _pam_macros.h.
+ */
+#include <security/_pam_macros.h>
+#ifndef _pam_overwrite_n
+#define _pam_overwrite_n(x,n) \
+do { \
+ register char *__xx__; \
+ register unsigned int __i__ = 0; \
+ if ((__xx__=(x))) \
+ for (;__i__<n; __i__++) \
+ __xx__[__i__] = 0; \
+} while (0)
+#endif /* _pam_overwrite_n */
+
+#endif /* _SSS_PAM_MACROS_H */
diff --git a/server/util/user_info_msg.c b/server/util/user_info_msg.c
index 1886537a4..547e3bb74 100644
--- a/server/util/user_info_msg.c
+++ b/server/util/user_info_msg.c
@@ -23,7 +23,7 @@
*/
#include "util/util.h"
-#include "../sss_client/sss_cli.h"
+#include "sss_client/sss_cli.h"
errno_t pack_user_info_chpass_error(TALLOC_CTX *mem_ctx,
const char *user_error_message,