nss-pam-ldapd-0.8.13/0000755000175000001440000000000012141476127011245 500000000000000nss-pam-ldapd-0.8.13/ldapns.schema0000644000175000001440000000120411746445413013631 00000000000000# LDAP Name Service Additional Schema # Source: pam_ldap package by Luke Howard # Has not been published in Internet Draft or RFC. attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC 'IANA GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject' DESC 'Auxiliary object class for adding authorizedService attribute' SUP top AUXILIARY MAY authorizedService ) objectclass ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxiliary object class for adding host attribute' SUP top AUXILIARY MAY host ) nss-pam-ldapd-0.8.13/config.guess0000755000175000001440000012743212141433521013505 00000000000000#! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, # 2011, 2012 Free Software Foundation, Inc. timestamp='2012-02-10' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Originally written by Per Bothner. Please send patches (context # diff format) to and include a ChangeLog # entry. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] Output the configuration name of the system \`$me' is run on. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" >&2 exit 1 ;; * ) break ;; esac done if test $# != 0; then echo "$me: too many arguments$help" >&2 exit 1 fi trap 'exit 1' 1 2 15 # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a # headache to deal with in a portable fashion. # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still # use `HOST_CC' if defined, but it is deprecated. # Portable tmp directory creation inspired by the Autoconf team. set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; : ${TMPDIR=/tmp} ; { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; dummy=$tmp/dummy ; tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; case $CC_FOR_BUILD,$HOST_CC,$CC in ,,) echo "int x;" > $dummy.c ; for c in cc gcc c89 c99 ; do if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then CC_FOR_BUILD="$c"; break ; fi ; done ; if test x"$CC_FOR_BUILD" = x ; then CC_FOR_BUILD=no_compiler_found ; fi ;; ,,*) CC_FOR_BUILD=$CC ;; ,*,*) CC_FOR_BUILD=$HOST_CC ;; esac ; set_cc_for_build= ;' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently # switched to ELF, *-*-netbsd* would select the old # object file format. This provides both forward # compatibility and a consistent mechanism for selecting the # object file format. # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ /usr/sbin/$sysctl 2>/dev/null || echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? os=netbsd else os=netbsdelf fi ;; *) os=netbsd ;; esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. case "${UNAME_VERSION}" in Debian*) release='-gnu' ;; *) release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} exit ;; *:ekkoBSD:*:*) echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} exit ;; *:SolidBSD:*:*) echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} exit ;; macppc:MirBSD:*:*) echo powerpc-unknown-mirbsd${UNAME_RELEASE} exit ;; *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` ;; *5.*) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ;; esac # According to Compaq, /usr/sbin/psrinfo has been available on # OSF/1 and Tru64 systems produced since 1995. I hope that # covers most systems running today. This code pipes the CPU # types through head -n 1, so we only detect the type of CPU 0. ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") UNAME_MACHINE="alpha" ;; "EV4.5 (21064)") UNAME_MACHINE="alpha" ;; "LCA4 (21066/21068)") UNAME_MACHINE="alpha" ;; "EV5 (21164)") UNAME_MACHINE="alphaev5" ;; "EV5.6 (21164A)") UNAME_MACHINE="alphaev56" ;; "EV5.6 (21164PC)") UNAME_MACHINE="alphapca56" ;; "EV5.7 (21164PC)") UNAME_MACHINE="alphapca57" ;; "EV6 (21264)") UNAME_MACHINE="alphaev6" ;; "EV6.7 (21264A)") UNAME_MACHINE="alphaev67" ;; "EV6.8CB (21264C)") UNAME_MACHINE="alphaev68" ;; "EV6.8AL (21264B)") UNAME_MACHINE="alphaev68" ;; "EV6.8CX (21264D)") UNAME_MACHINE="alphaev68" ;; "EV6.9A (21264/EV69A)") UNAME_MACHINE="alphaev69" ;; "EV7 (21364)") UNAME_MACHINE="alphaev7" ;; "EV7.9 (21364A)") UNAME_MACHINE="alphaev79" ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` # Reset EXIT trap before exiting to avoid spurious non-zero exit code. exitcode=$? trap '' 0 exit $exitcode ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix exit ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 exit ;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-amigaos exit ;; *:[Mm]orph[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-morphos exit ;; *:OS/390:*:*) echo i370-ibm-openedition exit ;; *:z/VM:*:*) echo s390-ibm-zvmoe exit ;; *:OS400:*:*) echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; arm:riscos:*:*|arm:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp exit ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 else echo pyramid-pyramid-bsd fi exit ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 exit ;; DRS?6000:unix:4.0:6*) echo sparc-icl-nx6 exit ;; DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; s390x:SunOS:*:*) echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) echo i386-pc-auroraux${UNAME_RELEASE} exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build SUN_ARCH="i386" # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then SUN_ARCH="x86_64" fi fi echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` exit ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} ;; sun4) echo sparc-sun-sunos${UNAME_RELEASE} ;; esac exit ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor # > m68000). The system name ranges from "MiNT" over "FreeMiNT" # to the lowercase version "mint" (or "freemint"). Finally # the system name "TOS" denotes a system which is actually not # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-unknown-mint${UNAME_RELEASE} exit ;; m68k:machten:*:*) echo m68k-apple-machten${UNAME_RELEASE} exit ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} exit ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __cplusplus #include /* for printf() prototype */ int main (int argc, char *argv[]) { #else int main (argc, argv) int argc; char *argv[]; { #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && SYSTEM_NAME=`$dummy $dummyarg` && { echo "$SYSTEM_NAME"; exit; } echo mips-mips-riscos${UNAME_RELEASE} exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax exit ;; Motorola:*:4.3:PL8-*) echo powerpc-harris-powermax exit ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) echo powerpc-harris-powermax exit ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 exit ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 exit ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 exit ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ [ ${TARGET_BINARY_INTERFACE}x = x ] then echo m88k-dg-dgux${UNAME_RELEASE} else echo m88k-dg-dguxbcs${UNAME_RELEASE} fi else echo i586-dg-dgux${UNAME_RELEASE} fi exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 exit ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 exit ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd exit ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) echo i386-ibm-aix exit ;; ia64:AIX:*:*) if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include main() { if (!__power_pc()) exit(1); puts("powerpc-ibm-aix3.2.5"); exit(0); } EOF if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` then echo "$SYSTEM_NAME" else echo rs6000-ibm-aix3.2.5 fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi exit ;; *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit ;; *:AIX:*:*) echo rs6000-ibm-aix exit ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx exit ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 exit ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd exit ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in 32) HP_ARCH="hppa2.0n" ;; 64) HP_ARCH="hppa2.0w" ;; '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 esac ;; esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #define _HPUX_SOURCE #include #include int main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); #endif long cpu = sysconf (_SC_CPU_VERSION); switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0"); break; case CPU_PA_RISC1_1: puts ("hppa1.1"); break; case CPU_PA_RISC2_0: #if defined(_SC_KERNEL_BITS) switch (bits) { case 64: puts ("hppa2.0w"); break; case 32: puts ("hppa2.0n"); break; default: puts ("hppa2.0"); break; } break; #else /* !defined(_SC_KERNEL_BITS) */ puts ("hppa2.0"); break; #endif default: puts ("hppa1.0"); break; } exit (0); } EOF (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac if [ ${HP_ARCH} = "hppa2.0w" ] then eval $set_cc_for_build # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler # generating 64-bit code. GNU and HP use different nomenclature: # # $ CC_FOR_BUILD=cc ./config.guess # => hppa2.0w-hp-hpux11.23 # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then HP_ARCH="hppa2.0w" else HP_ARCH="hppa64" fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit ;; ia64:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ia64-hp-hpux${HPUX_REV} exit ;; 3050*:HI-UX:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include int main () { long cpu = sysconf (_SC_CPU_VERSION); /* The order matters, because CPU_IS_HP_MC68K erroneously returns true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct results, however. */ if (CPU_IS_PA_RISC (cpu)) { switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; default: puts ("hppa-hitachi-hiuxwe2"); break; } } else if (CPU_IS_HP_MC68K (cpu)) puts ("m68k-hitachi-hiuxwe2"); else puts ("unknown-hitachi-hiuxwe2"); exit (0); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 exit ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd exit ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi exit ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; *:UNICOS/mp:*:*) echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit ;; sparc*:BSD/OS:*:*) echo sparc-unknown-bsdi${UNAME_RELEASE} exit ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} exit ;; *:FreeBSD:*:*) UNAME_PROCESSOR=`/usr/bin/uname -p` case ${UNAME_PROCESSOR} in amd64) echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac exit ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; i*:MSYS*:*) echo ${UNAME_MACHINE}-pc-msys exit ;; i*:windows32*:*) # uname -m includes "-pc" on this system. echo ${UNAME_MACHINE}-mingw32 exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; *:Interix*:*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; authenticamd | genuineintel | EM64T) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; IA64) echo ia64-unknown-interix${UNAME_RELEASE} exit ;; esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; 8664:Windows_NT:*) echo x86_64-pc-mks exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i586-pc-interix exit ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin exit ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) echo x86_64-unknown-cygwin exit ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin exit ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; *:GNU:*:*) # the GNU system echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; aarch64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; EV56) UNAME_MACHINE=alphaev56 ;; PCA56) UNAME_MACHINE=alphapca56 ;; PCA57) UNAME_MACHINE=alphapca56 ;; EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then echo ${UNAME_MACHINE}-unknown-linux-gnu else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then echo ${UNAME_MACHINE}-unknown-linux-gnueabi else echo ${UNAME_MACHINE}-unknown-linux-gnueabihf fi fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; cris:Linux:*:*) echo ${UNAME_MACHINE}-axis-linux-gnu exit ;; crisv32:Linux:*:*) echo ${UNAME_MACHINE}-axis-linux-gnu exit ;; frv:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; hexagon:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; i*86:Linux:*:*) LIBC=gnu eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __dietlibc__ LIBC=dietlibc #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` echo "${UNAME_MACHINE}-pc-linux-${LIBC}" exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; m32r*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU #undef ${UNAME_MACHINE} #undef ${UNAME_MACHINE}el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) CPU=${UNAME_MACHINE}el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) CPU=${UNAME_MACHINE} #else CPU= #endif #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; or32:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; padre:Linux:*:*) echo sparc-unknown-linux-gnu exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) echo hppa64-unknown-linux-gnu exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in PA7*) echo hppa1.1-unknown-linux-gnu ;; PA8*) echo hppa2.0-unknown-linux-gnu ;; *) echo hppa-unknown-linux-gnu ;; esac exit ;; ppc64:Linux:*:*) echo powerpc64-unknown-linux-gnu exit ;; ppc:Linux:*:*) echo powerpc-unknown-linux-gnu exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux exit ;; sh64*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; tile*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-gnu exit ;; x86_64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. echo i386-sequent-sysv4 exit ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx exit ;; i*86:XTS-300:*:STOP) echo ${UNAME_MACHINE}-unknown-stop exit ;; i*86:atheos:*:*) echo ${UNAME_MACHINE}-unknown-atheos exit ;; i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp exit ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi exit ;; i*86:*:5:[678]*) # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub # prints for the "djgpp" host, or else GDB configury will decide that # this is a cross-build. echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit ;; paragon:*:*:*) echo i860-intel-osf1 exit ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi exit ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv exit ;; mc68k:UNIX:SYSTEM5:3.51m) echo m68k-convergent-sysv exit ;; M680?0:D-NIX:5.3:*) echo m68k-diab-dnix exit ;; M68*:*:R3V[5678]*:*) test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; NCR*:*:4.2:* | MPRAS*:*:4.2:*) OS_REL='.3' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} exit ;; rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 exit ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` echo ${UNAME_MACHINE}-sni-sysv4 else echo ns32k-sni-sysv fi exit ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 exit ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 exit ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. echo ${UNAME_MACHINE}-stratus-vos exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos exit ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos exit ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; BePC:Haiku:*:*) # Haiku running on Intel PC compatible. echo i586-pc-haiku exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} exit ;; SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; SX-7:SUPER-UX:*:*) echo sx7-nec-superux${UNAME_RELEASE} exit ;; SX-8:SUPER-UX:*:*) echo sx8-nec-superux${UNAME_RELEASE} exit ;; SX-8R:SUPER-UX:*:*) echo sx8r-nec-superux${UNAME_RELEASE} exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown case $UNAME_PROCESSOR in i386) eval $set_cc_for_build if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then UNAME_PROCESSOR="x86_64" fi fi ;; unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = "x86"; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} exit ;; *:QNX:*:4*) echo i386-pc-qnx exit ;; NEO-?:NONSTOP_KERNEL:*:*) echo neo-tandem-nsk${UNAME_RELEASE} exit ;; NSE-?:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux exit ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv exit ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. if test "$cputype" = "386"; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-unknown-plan9 exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 exit ;; *:TENEX:*:*) echo pdp10-unknown-tenex exit ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) echo pdp10-dec-tops20 exit ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) echo pdp10-xkl-tops20 exit ;; *:TOPS-20:*:*) echo pdp10-unknown-tops20 exit ;; *:ITS:*:*) echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) echo mips-sei-seiux${UNAME_RELEASE} exit ;; *:DragonFly:*:*) echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` case "${UNAME_MACHINE}" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; V*) echo vax-dec-vms ; exit ;; esac ;; *:XENIX:*:SysV) echo i386-pc-xenix exit ;; i*86:skyos:*:*) echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' exit ;; i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; i*86:AROS:*:*) echo ${UNAME_MACHINE}-pc-aros exit ;; x86_64:VMkernel:*:*) echo ${UNAME_MACHINE}-unknown-esx exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 eval $set_cc_for_build cat >$dummy.c < # include #endif main () { #if defined (sony) #if defined (MIPSEB) /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, I don't know.... */ printf ("mips-sony-bsd\n"); exit (0); #else #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 "4" #else "" #endif ); exit (0); #endif #endif #if defined (__arm) && defined (__acorn) && defined (__unix) printf ("arm-acorn-riscix\n"); exit (0); #endif #if defined (hp300) && !defined (hpux) printf ("m68k-hp-bsd\n"); exit (0); #endif #if defined (NeXT) #if !defined (__ARCHITECTURE__) #define __ARCHITECTURE__ "m68k" #endif int version; version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; if (version < 4) printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); else printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); exit (0); #endif #if defined (MULTIMAX) || defined (n16) #if defined (UMAXV) printf ("ns32k-encore-sysv\n"); exit (0); #else #if defined (CMU) printf ("ns32k-encore-mach\n"); exit (0); #else printf ("ns32k-encore-bsd\n"); exit (0); #endif #endif #endif #if defined (__386BSD__) printf ("i386-pc-bsd\n"); exit (0); #endif #if defined (sequent) #if defined (i386) printf ("i386-sequent-dynix\n"); exit (0); #endif #if defined (ns32000) printf ("ns32k-sequent-dynix\n"); exit (0); #endif #endif #if defined (_SEQUENT_) struct utsname un; uname(&un); if (strncmp(un.version, "V2", 2) == 0) { printf ("i386-sequent-ptx2\n"); exit (0); } if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ printf ("i386-sequent-ptx1\n"); exit (0); } printf ("i386-sequent-ptx\n"); exit (0); #endif #if defined (vax) # if !defined (ultrix) # include # if defined (BSD) # if BSD == 43 printf ("vax-dec-bsd4.3\n"); exit (0); # else # if BSD == 199006 printf ("vax-dec-bsd4.3reno\n"); exit (0); # else printf ("vax-dec-bsd\n"); exit (0); # endif # endif # else printf ("vax-dec-bsd\n"); exit (0); # endif # else printf ("vax-dec-ultrix\n"); exit (0); # endif #endif #if defined (alliant) && defined (i860) printf ("i860-alliant-bsd\n"); exit (0); #endif exit (1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } # Apollos put the system type in the environment. test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } # Convex versions that predate uname can use getsysinfo(1) if [ -x /usr/convex/getsysinfo ] then case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd exit ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; c34*) echo c34-convex-bsd exit ;; c38*) echo c38-convex-bsd exit ;; c4*) echo c4-convex-bsd exit ;; esac fi cat >&2 < in order to provide the needed information to handle your system. config.guess timestamp = $timestamp uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` /bin/uname -X = `(/bin/uname -X) 2>/dev/null` hostinfo = `(hostinfo) 2>/dev/null` /bin/universe = `(/bin/universe) 2>/dev/null` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` /bin/arch = `(/bin/arch) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` UNAME_MACHINE = ${UNAME_MACHINE} UNAME_RELEASE = ${UNAME_RELEASE} UNAME_SYSTEM = ${UNAME_SYSTEM} UNAME_VERSION = ${UNAME_VERSION} EOF exit 1 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: nss-pam-ldapd-0.8.13/INSTALL0000644000175000001440000003660012141433522012213 00000000000000Installation Instructions ************************* Copyright (C) 1994-1996, 1999-2002, 2004-2011 Free Software Foundation, Inc. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without warranty of any kind. Basic Installation ================== Briefly, the shell commands `./configure; make; make install' should configure, build, and install this package. The following more-detailed instructions are generic; see the `README' file for instructions specific to this package. Some packages provide this `INSTALL' file but do not implement all of the features documented below. The lack of an optional feature in a given package is not necessarily a bug. More recommendations for GNU packages can be found in *note Makefile Conventions: (standards)Makefile Conventions. The `configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses those values to create a `Makefile' in each directory of the package. It may also create one or more `.h' files containing system-dependent definitions. Finally, it creates a shell script `config.status' that you can run in the future to recreate the current configuration, and a file `config.log' containing compiler output (useful mainly for debugging `configure'). It can also use an optional file (typically called `config.cache' and enabled with `--cache-file=config.cache' or simply `-C') that saves the results of its tests to speed up reconfiguring. Caching is disabled by default to prevent problems with accidental use of stale cache files. If you need to do unusual things to compile the package, please try to figure out how `configure' could check whether to do them, and mail diffs or instructions to the address given in the `README' so they can be considered for the next release. If you are using the cache, and at some point `config.cache' contains results you don't want to keep, you may remove or edit it. The file `configure.ac' (or `configure.in') is used to create `configure' by a program called `autoconf'. You need `configure.ac' if you want to change it or regenerate `configure' using a newer version of `autoconf'. The simplest way to compile this package is: 1. `cd' to the directory containing the package's source code and type `./configure' to configure the package for your system. Running `configure' might take a while. While running, it prints some messages telling which features it is checking for. 2. Type `make' to compile the package. 3. Optionally, type `make check' to run any self-tests that come with the package, generally using the just-built uninstalled binaries. 4. Type `make install' to install the programs and any data files and documentation. When installing into a prefix owned by root, it is recommended that the package be configured and built as a regular user, and only the `make install' phase executed with root privileges. 5. Optionally, type `make installcheck' to repeat any self-tests, but this time using the binaries in their final installed location. This target does not install anything. Running this target as a regular user, particularly if the prior `make install' required root privileges, verifies that the installation completed correctly. 6. You can remove the program binaries and object files from the source code directory by typing `make clean'. To also remove the files that `configure' created (so you can compile the package for a different kind of computer), type `make distclean'. There is also a `make maintainer-clean' target, but that is intended mainly for the package's developers. If you use it, you may have to get all sorts of other programs in order to regenerate files that came with the distribution. 7. Often, you can also type `make uninstall' to remove the installed files again. In practice, not all packages have tested that uninstallation works correctly, even though it is required by the GNU Coding Standards. 8. Some packages, particularly those that use Automake, provide `make distcheck', which can by used by developers to test that all other targets like `make install' and `make uninstall' work correctly. This target is generally not run by end users. Compilers and Options ===================== Some systems require unusual options for compilation or linking that the `configure' script does not know about. Run `./configure --help' for details on some of the pertinent environment variables. You can give `configure' initial values for configuration parameters by setting variables in the command line or in the environment. Here is an example: ./configure CC=c99 CFLAGS=-g LIBS=-lposix *Note Defining Variables::, for more details. Compiling For Multiple Architectures ==================================== You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their own directory. To do this, you can use GNU `make'. `cd' to the directory where you want the object files and executables to go and run the `configure' script. `configure' automatically checks for the source code in the directory that `configure' is in and in `..'. This is known as a "VPATH" build. With a non-GNU `make', it is safer to compile the package for one architecture at a time in the source code directory. After you have installed the package for one architecture, use `make distclean' before reconfiguring for another architecture. On MacOS X 10.5 and later systems, you can create libraries and executables that work on multiple system types--known as "fat" or "universal" binaries--by specifying multiple `-arch' options to the compiler but only a single `-arch' option to the preprocessor. Like this: ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ CPP="gcc -E" CXXCPP="g++ -E" This is not guaranteed to produce working output in all cases, you may have to build one architecture at a time and combine the results using the `lipo' tool if you have problems. Installation Names ================== By default, `make install' installs the package's commands under `/usr/local/bin', include files under `/usr/local/include', etc. You can specify an installation prefix other than `/usr/local' by giving `configure' the option `--prefix=PREFIX', where PREFIX must be an absolute file name. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you pass the option `--exec-prefix=PREFIX' to `configure', the package uses PREFIX as the prefix for installing programs and libraries. Documentation and other data files still use the regular prefix. In addition, if you use an unusual directory layout you can give options like `--bindir=DIR' to specify different values for particular kinds of files. Run `configure --help' for a list of the directories you can set and what kinds of files go in them. In general, the default for these options is expressed in terms of `${prefix}', so that specifying just `--prefix' will affect all of the other directory specifications that were not explicitly provided. The most portable way to affect installation locations is to pass the correct locations to `configure'; however, many packages provide one or both of the following shortcuts of passing variable assignments to the `make install' command line to change installation locations without having to reconfigure or recompile. The first method involves providing an override variable for each affected directory. For example, `make install prefix=/alternate/directory' will choose an alternate location for all directory configuration variables that were expressed in terms of `${prefix}'. Any directories that were specified during `configure', but not in terms of `${prefix}', must each be overridden at install time for the entire installation to be relocated. The approach of makefile variable overrides for each directory variable is required by the GNU Coding Standards, and ideally causes no recompilation. However, some platforms have known limitations with the semantics of shared libraries that end up requiring recompilation when using this method, particularly noticeable in packages that use GNU Libtool. The second method involves providing the `DESTDIR' variable. For example, `make install DESTDIR=/alternate/directory' will prepend `/alternate/directory' before all installation names. The approach of `DESTDIR' overrides is not required by the GNU Coding Standards, and does not work on platforms that have drive letters. On the other hand, it does better at avoiding recompilation issues, and works well even when some directory options were not specified in terms of `${prefix}' at `configure' time. Optional Features ================= If the package supports it, you can cause programs to be installed with an extra prefix or suffix on their names by giving `configure' the option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. Some packages pay attention to `--enable-FEATURE' options to `configure', where FEATURE indicates an optional part of the package. They may also pay attention to `--with-PACKAGE' options, where PACKAGE is something like `gnu-as' or `x' (for the X Window System). The `README' should mention any `--enable-' and `--with-' options that the package recognizes. For packages that use the X Window System, `configure' can usually find the X include and library files automatically, but if it doesn't, you can use the `configure' options `--x-includes=DIR' and `--x-libraries=DIR' to specify their locations. Some packages offer the ability to configure how verbose the execution of `make' will be. For these packages, running `./configure --enable-silent-rules' sets the default to minimal output, which can be overridden with `make V=1'; while running `./configure --disable-silent-rules' sets the default to verbose, which can be overridden with `make V=0'. Particular systems ================== On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC is not installed, it is recommended to use the following options in order to use an ANSI C compiler: ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" and if that doesn't work, install pre-built binaries of GCC for HP-UX. HP-UX `make' updates targets which have the same time stamps as their prerequisites, which makes it generally unusable when shipped generated files such as `configure' are involved. Use GNU `make' instead. On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot parse its `' header file. The option `-nodtk' can be used as a workaround. If GNU CC is not installed, it is therefore recommended to try ./configure CC="cc" and if that doesn't work, try ./configure CC="cc -nodtk" On Solaris, don't put `/usr/ucb' early in your `PATH'. This directory contains several dysfunctional programs; working variants of these programs are available in `/usr/bin'. So, if you need `/usr/ucb' in your `PATH', put it _after_ `/usr/bin'. On Haiku, software installed for all users goes in `/boot/common', not `/usr/local'. It is recommended to use the following options: ./configure --prefix=/boot/common Specifying the System Type ========================== There may be some features `configure' cannot figure out automatically, but needs to determine by the type of machine the package will run on. Usually, assuming the package is built to be run on the _same_ architectures, `configure' can figure that out, but if it prints a message saying it cannot guess the machine type, give it the `--build=TYPE' option. TYPE can either be a short name for the system type, such as `sun4', or a canonical name which has the form: CPU-COMPANY-SYSTEM where SYSTEM can have one of these forms: OS KERNEL-OS See the file `config.sub' for the possible values of each field. If `config.sub' isn't included in this package, then this package doesn't need to know the machine type. If you are _building_ compiler tools for cross-compiling, you should use the option `--target=TYPE' to select the type of system they will produce code for. If you want to _use_ a cross compiler, that generates code for a platform different from the build platform, you should specify the "host" platform (i.e., that on which the generated programs will eventually be run) with `--host=TYPE'. Sharing Defaults ================ If you want to set default values for `configure' scripts to share, you can create a site shell script called `config.site' that gives default values for variables like `CC', `cache_file', and `prefix'. `configure' looks for `PREFIX/share/config.site' if it exists, then `PREFIX/etc/config.site' if it exists. Or, you can set the `CONFIG_SITE' environment variable to the location of the site script. A warning: not all `configure' scripts look for a site script. Defining Variables ================== Variables not defined in a site shell script can be set in the environment passed to `configure'. However, some packages may run configure again during the build, and the customized values of these variables may be lost. In order to avoid this problem, you should set them in the `configure' command line, using `VAR=value'. For example: ./configure CC=/usr/local2/bin/gcc causes the specified `gcc' to be used as the C compiler (unless it is overridden in the site shell script). Unfortunately, this technique does not work for `CONFIG_SHELL' due to an Autoconf bug. Until the bug is fixed you can use this workaround: CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash `configure' Invocation ====================== `configure' recognizes the following options to control how it operates. `--help' `-h' Print a summary of all of the options to `configure', and exit. `--help=short' `--help=recursive' Print a summary of the options unique to this package's `configure', and exit. The `short' variant lists options used only in the top level, while the `recursive' variant lists options also present in any nested packages. `--version' `-V' Print the version of Autoconf used to generate the `configure' script, and exit. `--cache-file=FILE' Enable the cache: use and save the results of the tests in FILE, traditionally `config.cache'. FILE defaults to `/dev/null' to disable caching. `--config-cache' `-C' Alias for `--cache-file=config.cache'. `--quiet' `--silent' `-q' Do not print messages saying which checks are being made. To suppress all normal output, redirect it to `/dev/null' (any error messages will still be shown). `--srcdir=DIR' Look for the package's source code in directory DIR. Usually `configure' can determine that directory automatically. `--prefix=DIR' Use DIR as the installation prefix. *note Installation Names:: for more details, including other options available for fine-tuning the installation locations. `--no-create' `-n' Run the configure checks, but stop before creating any output files. `configure' also accepts some other, not widely useful, options. Run `configure --help' for more details. nss-pam-ldapd-0.8.13/pynslcd/0000755000175000001440000000000012141476127012721 500000000000000nss-pam-ldapd-0.8.13/pynslcd/cache.py0000644000175000001440000002554711711261041014260 00000000000000 # cache.py - caching layer for pynslcd # # Copyright (C) 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import datetime import itertools import os import sys import sqlite3 # TODO: probably create a config table # FIXME: store the cache in the right place and make it configurable filename = '/var/run/nslcd/cache.sqlite' dirname = os.path.dirname(filename) if not os.path.isdir(dirname): os.mkdir(dirname) con = sqlite3.connect(filename, detect_types=sqlite3.PARSE_DECLTYPES, check_same_thread=False) con.row_factory = sqlite3.Row # FIXME: have some way to remove stale entries from the cache if all items from LDAP are queried (perhas use TTL from all request) # set up the database con.executescript(''' -- store temporary tables in memory PRAGMA temp_store = MEMORY; -- disable sync() on database (corruption on disk failure) PRAGMA synchronous = OFF; -- put journal in memory (corruption if crash during transaction) PRAGMA journal_mode = MEMORY; -- tables for alias cache CREATE TABLE IF NOT EXISTS `alias_cache` ( `cn` TEXT PRIMARY KEY COLLATE NOCASE, `mtime` TIMESTAMP NOT NULL ); CREATE TABLE IF NOT EXISTS `alias_1_cache` ( `alias` TEXT NOT NULL COLLATE NOCASE, `rfc822MailMember` TEXT NOT NULL, FOREIGN KEY(`alias`) REFERENCES `alias_cache`(`cn`) ON DELETE CASCADE ON UPDATE CASCADE ); CREATE INDEX IF NOT EXISTS `alias_1_idx` ON `alias_1_cache`(`alias`); -- table for ethernet cache CREATE TABLE IF NOT EXISTS `ether_cache` ( `cn` TEXT NOT NULL COLLATE NOCASE, `macAddress` TEXT NOT NULL COLLATE NOCASE, `mtime` TIMESTAMP NOT NULL, UNIQUE (`cn`, `macAddress`) ); -- table for group cache CREATE TABLE IF NOT EXISTS `group_cache` ( `cn` TEXT PRIMARY KEY, `userPassword` TEXT, `gidNumber` INTEGER NOT NULL UNIQUE, `mtime` TIMESTAMP NOT NULL ); CREATE TABLE IF NOT EXISTS `group_3_cache` ( `group` TEXT NOT NULL, `memberUid` TEXT NOT NULL, FOREIGN KEY(`group`) REFERENCES `group_cache`(`cn`) ON DELETE CASCADE ON UPDATE CASCADE ); CREATE INDEX IF NOT EXISTS `group_3_idx` ON `group_3_cache`(`group`); -- tables for host cache CREATE TABLE IF NOT EXISTS `host_cache` ( `cn` TEXT PRIMARY KEY COLLATE NOCASE, `mtime` TIMESTAMP NOT NULL ); CREATE TABLE IF NOT EXISTS `host_1_cache` ( `host` TEXT NOT NULL COLLATE NOCASE, `cn` TEXT NOT NULL COLLATE NOCASE, FOREIGN KEY(`host`) REFERENCES `host_cache`(`cn`) ON DELETE CASCADE ON UPDATE CASCADE ); CREATE INDEX IF NOT EXISTS `host_1_idx` ON `host_1_cache`(`host`); CREATE TABLE IF NOT EXISTS `host_2_cache` ( `host` TEXT NOT NULL COLLATE NOCASE, `ipHostNumber` TEXT NOT NULL, FOREIGN KEY(`host`) REFERENCES `host_cache`(`cn`) ON DELETE CASCADE ON UPDATE CASCADE ); CREATE INDEX IF NOT EXISTS `host_2_idx` ON `host_2_cache`(`host`); -- FIXME: this does not work as entries are never removed from the cache CREATE TABLE IF NOT EXISTS `netgroup_cache` ( `cn` TEXT NOT NULL, `member` TEXT NOT NULL, `mtime` TIMESTAMP NOT NULL, UNIQUE (`cn`, `member`) ); -- tables for network cache CREATE TABLE IF NOT EXISTS `network_cache` ( `cn` TEXT PRIMARY KEY COLLATE NOCASE, `mtime` TIMESTAMP NOT NULL ); CREATE TABLE IF NOT EXISTS `network_1_cache` ( `network` TEXT NOT NULL COLLATE NOCASE, `cn` TEXT NOT NULL COLLATE NOCASE, FOREIGN KEY(`network`) REFERENCES `network_cache`(`cn`) ON DELETE CASCADE ON UPDATE CASCADE ); CREATE INDEX IF NOT EXISTS `network_1_idx` ON `network_1_cache`(`network`); CREATE TABLE IF NOT EXISTS `network_2_cache` ( `network` TEXT NOT NULL, `ipNetworkNumber` TEXT NOT NULL, FOREIGN KEY(`network`) REFERENCES `network_cache`(`cn`) ON DELETE CASCADE ON UPDATE CASCADE ); CREATE INDEX IF NOT EXISTS `network_2_idx` ON `network_2_cache`(`network`); -- table for passwd cache CREATE TABLE IF NOT EXISTS `passwd_cache` ( `uid` TEXT PRIMARY KEY, `userPassword` TEXT, `uidNumber` INTEGER NOT NULL UNIQUE, `gidNumber` INTEGER NOT NULL, `gecos` TEXT, `homeDirectory` TEXT, `loginShell` TEXT, `mtime` TIMESTAMP NOT NULL ); -- table for protocol cache CREATE TABLE IF NOT EXISTS `protocol_cache` ( `cn` TEXT PRIMARY KEY, `ipProtocolNumber` INTEGER NOT NULL, `mtime` TIMESTAMP NOT NULL ); CREATE TABLE IF NOT EXISTS `protocol_1_cache` ( `protocol` TEXT NOT NULL, `cn` TEXT NOT NULL, FOREIGN KEY(`protocol`) REFERENCES `protocol_cache`(`cn`) ON DELETE CASCADE ON UPDATE CASCADE ); CREATE INDEX IF NOT EXISTS `protocol_1_idx` ON `protocol_1_cache`(`protocol`); -- table for rpc cache CREATE TABLE IF NOT EXISTS `rpc_cache` ( `cn` TEXT PRIMARY KEY, `oncRpcNumber` INTEGER NOT NULL, `mtime` TIMESTAMP NOT NULL ); CREATE TABLE IF NOT EXISTS `rpc_1_cache` ( `rpc` TEXT NOT NULL, `cn` TEXT NOT NULL, FOREIGN KEY(`rpc`) REFERENCES `rpc_cache`(`cn`) ON DELETE CASCADE ON UPDATE CASCADE ); CREATE INDEX IF NOT EXISTS `rpc_1_idx` ON `rpc_1_cache`(`rpc`); -- tables for service cache CREATE TABLE IF NOT EXISTS `service_cache` ( `cn` TEXT NOT NULL, `ipServicePort` INTEGER NOT NULL, `ipServiceProtocol` TEXT NOT NULL, `mtime` TIMESTAMP NOT NULL, UNIQUE (`ipServicePort`, `ipServiceProtocol`) ); CREATE TABLE IF NOT EXISTS `service_1_cache` ( `ipServicePort` INTEGER NOT NULL, `ipServiceProtocol` TEXT NOT NULL, `cn` TEXT NOT NULL, FOREIGN KEY(`ipServicePort`) REFERENCES `service_cache`(`ipServicePort`) ON DELETE CASCADE ON UPDATE CASCADE, FOREIGN KEY(`ipServiceProtocol`) REFERENCES `service_cache`(`ipServiceProtocol`) ON DELETE CASCADE ON UPDATE CASCADE ); CREATE INDEX IF NOT EXISTS `service_1_idx1` ON `service_1_cache`(`ipServicePort`); CREATE INDEX IF NOT EXISTS `service_1_idx2` ON `service_1_cache`(`ipServiceProtocol`); -- table for shadow cache CREATE TABLE IF NOT EXISTS `shadow_cache` ( `uid` TEXT PRIMARY KEY, `userPassword` TEXT, `shadowLastChange` INTEGER, `shadowMin` INTEGER, `shadowMax` INTEGER, `shadowWarning` INTEGER, `shadowInactive` INTEGER, `shadowExpire` INTEGER, `shadowFlag` INTEGER, `mtime` TIMESTAMP NOT NULL ); ''') class Query(object): def __init__(self, query, parameters=None): self.query = query self.wheres = [] self.parameters = [] if parameters: for k, v in parameters.items(): self.add_where('`%s` = ?' % k, [v]) def add_query(self, query): self.query += ' ' + query def add_where(self, where, parameters): self.wheres.append(where) self.parameters += parameters def execute(self, con): query = self.query if self.wheres: query += ' WHERE ' + ' AND '.join(self.wheres) c = con.cursor() return c.execute(query, self.parameters) class CnAliasedQuery(Query): sql = ''' SELECT `%(table)s_cache`.*, `%(table)s_1_cache`.`cn` AS `alias` FROM `%(table)s_cache` LEFT JOIN `%(table)s_1_cache` ON `%(table)s_1_cache`.`%(table)s` = `%(table)s_cache`.`cn` ''' cn_join = ''' LEFT JOIN `%(table)s_1_cache` `cn_alias` ON `cn_alias`.`%(table)s` = `%(table)s_cache`.`cn` ''' def __init__(self, table, parameters): args = dict(table=table) super(CnAliasedQuery, self).__init__(self.sql % args) for k, v in parameters.items(): if k == 'cn': self.add_query(self.cn_join % args) self.add_where('(`%(table)s_cache`.`cn` = ? OR `cn_alias`.`cn` = ?)' % args, [v, v]) else: self.add_where('`%s` = ?' % k, [v]) class RowGrouper(object): """Pass in query results and group the results by a certain specified list of columns.""" def __init__(self, results, groupby, columns): self.groupby = groupby self.columns = columns self.results = itertools.groupby(results, key=self.keyfunc) def __iter__(self): return self def keyfunc(self, row): return tuple(row[x] for x in self.groupby) def next(self): groupcols, rows = self.results.next() tmp = dict((x, list()) for x in self.columns) for row in rows: for col in self.columns: if row[col] is not None: tmp[col].append(row[col]) result = dict(row) result.update(tmp) return result class Cache(object): def __init__(self): self.con = con self.table = sys.modules[self.__module__].__name__ def store(self, *values): """Store the values in the cache for the specified table.""" simple_values = [] multi_values = {} for n, v in enumerate(values): if isinstance(v, (list, tuple, set)): multi_values[n] = v else: simple_values.append(v) simple_values.append(datetime.datetime.now()) args = ', '.join(len(simple_values) * ('?', )) con.execute(''' INSERT OR REPLACE INTO %s_cache VALUES (%s) ''' % (self.table, args), simple_values) for n, vlist in multi_values.items(): con.execute(''' DELETE FROM %s_%d_cache WHERE `%s` = ? ''' % (self.table, n, self.table), (values[0], )) con.executemany(''' INSERT INTO %s_%d_cache VALUES (?, ?) ''' % (self.table, n), ((values[0], x) for x in vlist)) def retrieve(self, parameters): """Retrieve all items from the cache based on the parameters supplied.""" query = Query(''' SELECT * FROM %s_cache ''' % self.table, parameters) return (list(x)[:-1] for x in query.execute(self.con)) nss-pam-ldapd-0.8.13/pynslcd/pynslcd.py0000755000175000001440000003114412050523445014670 00000000000000#!/usr/bin/env python # pynslcd.py - main daemon module # # Copyright (C) 2010, 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import daemon import logging import logging.handlers import os import signal import sys import syslog import threading import ldap from tio import TIOStream import cfg # from nslcd.conf import common import config # from configure import constants # from nslcd.h import mypidfile # the name of the program program_name = 'pynslcd' # flag to indicate whether we are in debugging mode debugging = 0 # flag to indicate user requested the --check option checkonly = False class MyFormatter(logging.Formatter): def format(self, record): msg = super(MyFormatter, self).format(record) if record.levelno == logging.DEBUG: msg = 'DEBUG: %s' % msg return msg class MySysLogHandler(logging.Handler): mapping = { logging.DEBUG: syslog.LOG_DEBUG, logging.INFO: syslog.LOG_INFO, logging.WARNING: syslog.LOG_WARNING, logging.ERROR: syslog.LOG_ERR, logging.CRITICAL: syslog.LOG_CRIT, } def __init__(self): super(MySysLogHandler, self).__init__() syslog.openlog(program_name, syslog.LOG_PID, syslog.LOG_DAEMON) def emit(self, record): priority = self.mapping.get(record.levelno, syslog.LOG_WARNING) msg = self.format(record) for l in msg.splitlines(): syslog.syslog(priority, l) # configure logging formatter = MyFormatter('%(message)s') stderrhandler = logging.StreamHandler(sys.stderr) stderrhandler.setFormatter(formatter) sysloghandler = MySysLogHandler() sysloghandler.setFormatter(formatter) logging.getLogger().addHandler(stderrhandler) logging.getLogger().setLevel(logging.INFO) def display_version(fp): fp.write('%(PACKAGE_STRING)s\n' 'Written by Arthur de Jong.\n' '\n' 'Copyright (C) 2010-2012 Arthur de Jong\n' 'This is free software; see the source for copying conditions. There is NO\n' 'warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n' % {'PACKAGE_STRING': config.PACKAGE_STRING, }) def display_usage(fp): fp.write("Usage: %(program_name)s [OPTION]...\n" "Name Service LDAP connection daemon.\n" " -c, --check check if the daemon already is running\n" " -d, --debug don't fork and print debugging to stderr\n" " --help display this help and exit\n" " --version output version information and exit\n" "\n" "Report bugs to <%(PACKAGE_BUGREPORT)s>.\n" % {'program_name': program_name, 'PACKAGE_BUGREPORT': config.PACKAGE_BUGREPORT, }) def parse_cmdline(): """Parse command-line arguments.""" import getopt global program_name program_name = sys.argv[0] or program_name try: optlist, args = getopt.gnu_getopt(sys.argv[1:], 'cdhV', ('check', 'debug', 'help', 'version', )) for flag, arg in optlist: if flag in ('-c', '--check'): global checkonly checkonly = True elif flag in ('-d', '--debug'): global debugging debugging += 1 elif flag in ('-h', '--help'): display_usage(sys.stdout) sys.exit(0) elif flag in ('-V', '--version'): display_version(sys.stdout) sys.exit(0) if len(args): raise getopt.GetoptError('unrecognized option \'%s\'' % args[0], args[0]) except getopt.GetoptError, reason: sys.stderr.write("%(program_name)s: %(reason)s\n" "Try '%(program_name)s --help' for more information.\n" % {'program_name': program_name, 'reason': reason, }) sys.exit(1) def create_socket(): """Returns a socket ready to answer requests from the client.""" import socket import fcntl sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) # remove existing named socket try: os.unlink(config.NSLCD_SOCKET) except OSError: pass # ignore any problems # bind to named socket sock.bind((config.NSLCD_SOCKET)) # close the file descriptor on exit fcntl.fcntl(sock, fcntl.F_SETFD, fcntl.FD_CLOEXEC) # set permissions of socket so anybody can do requests os.chmod(config.NSLCD_SOCKET, 0666) # start listening for connections sock.listen(socket.SOMAXCONN) return sock def log_newsession(): pass # FIXME: implement def getpeercred(fd): """Return uid, gid and pid of calling application.""" import struct import socket SO_PEERCRED = 17 creds = fd.getsockopt(socket.SOL_SOCKET, SO_PEERCRED, struct.calcsize('3i')) pid, uid, gid = struct.unpack('3i', creds) return uid, gid, pid handlers = {} handlers.update(common.get_handlers('alias')) handlers.update(common.get_handlers('ether')) handlers.update(common.get_handlers('group')) handlers.update(common.get_handlers('host')) handlers.update(common.get_handlers('netgroup')) handlers.update(common.get_handlers('network')) handlers.update(common.get_handlers('pam')) handlers.update(common.get_handlers('passwd')) handlers.update(common.get_handlers('protocol')) handlers.update(common.get_handlers('rpc')) handlers.update(common.get_handlers('service')) handlers.update(common.get_handlers('shadow')) def acceptconnection(session): # accept a new connection conn, addr = nslcd_serversocket.accept() # See: http://docs.python.org/library/socket.html#socket.socket.settimeout fp = None try: # probably use finally # indicate new connection to logging module (genrates unique id) log_newsession() # log connection try: uid, gid, pid = getpeercred(conn) logging.debug('connection from pid=%r uid=%r gid=%r', pid, uid, gid) except: raise # FIXME: handle exception gracefully # create a stream object fp = TIOStream(conn) # read request version = fp.read_int32() if version != constants.NSLCD_VERSION: logging.debug('wrong nslcd version id (%r)', version) return action = fp.read_int32() try: handler = handlers[action] except KeyError: logging.warning('invalid action id: %r', action) return handler(fp, session, uid)() finally: if fp: fp.close() def disable_nss_ldap(): """Disable the nss_ldap module to avoid lookup loops.""" import ctypes lib = ctypes.CDLL(config.NSS_LDAP_SONAME) ctypes.c_int.in_dll(lib, '_nss_ldap_enablelookups').value = 0 def get_connection(): """Return a connection to the LDAP server.""" session = ldap.initialize(cfg.uri) # set session-specific LDAP options if cfg.ldap_version: session.set_option(ldap.OPT_PROTOCOL_VERSION, cfg.ldap_version) if cfg.deref: session.set_option(ldap.OPT_DEREF, cfg.deref) if cfg.timelimit: session.set_option(ldap.OPT_TIMELIMIT, cfg.timelimit) session.set_option(ldap.OPT_TIMEOUT, cfg.timelimit) session.set_option(ldap.OPT_NETWORK_TIMEOUT, cfg.timelimit) if cfg.referrals: session.set_option(ldap.OPT_REFERRALS, cfg.referrals) if cfg.sasl_canonicalize is not None: session.set_option(ldap.OPT_X_SASL_NOCANON, not cfg.sasl_canonicalize) session.set_option(ldap.OPT_RESTART, True) # TODO: register a connection callback (like dis?connect_cb() in myldap.c) if cfg.ssl or cfg.uri.startswith('ldaps://'): session.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_HARD) return session def worker(): session = get_connection() while True: try: acceptconnection(session) except: logging.exception('exception in worker') # ignore all exceptions, just keep going if __name__ == '__main__': # parse options parse_cmdline() # clean the environment os.environ.clear() os.putenv('HOME', '/') os.putenv('TMPDIR', '/tmp') os.putenv('LDAPNOINIT', '1') # disable ldap lookups of host names to avoid lookup loop disable_nss_ldap() # set log level if debugging: logging.getLogger().setLevel(logging.DEBUG) # TODO: implement #if myldap_set_debuglevel(cfg.debug) != LDAP_SUCCESS: # sys.exit(1) # read configuration file cfg.read(config.NSLCD_CONF_PATH) # set process title try: import setproctitle setproctitle.setproctitle('pynslcd') except ImportError: pass # set a default umask for the pidfile and socket os.umask(0022) # see if someone already locked the pidfile pidfile = mypidfile.MyPIDLockFile(config.NSLCD_PIDFILE) # see if --check option was given if checkonly: if pidfile.is_locked(): logging.debug('pidfile (%s) is locked', config.NSLCD_PIDFILE) sys.exit(0) else: logging.debug('pidfile (%s) is not locked', config.NSLCD_PIDFILE) sys.exit(1) # normal check for pidfile locked if pidfile.is_locked(): logging.error('daemon may already be active, cannot acquire lock (%s)', config.NSLCD_PIDFILE) sys.exit(1) # daemonize if debugging: daemon = pidfile else: daemon = daemon.DaemonContext( pidfile=pidfile, signal_map={ signal.SIGTERM: 'terminate', signal.SIGINT: 'terminate', signal.SIGPIPE: None, }) # start daemon with daemon: # start normal logging to syslog if not debugging: logging.getLogger().addHandler(sysloghandler) logging.info('version %s starting', config.VERSION) try: # create socket nslcd_serversocket = create_socket() # load supplementary groups if cfg.uid is not None: import pwd import grp u = pwd.getpwnam(cfg.uid) if cfg.gid is None: gid = u.pw_gid else: gid = grp.getgrnam(cfg.gid).gr_gid # set supplementary groups, gid and uid os.initgroups(u.pw_name, gid) os.setgid(gid) os.setuid(u.pw_uid) os.environ['HOME'] = u.pw_dir logging.info('accepting connections') # set global LDAP configuration if cfg.tls_reqcert is not None: ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, cfg.tls_reqcert) if cfg.tls_cacertdir: ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, cfg.tls_cacertdir) if cfg.tls_cacertfile: ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, cfg.tls_cacertfile) if cfg.tls_randfile: ldap.set_option(ldap.OPT_X_TLS_RANDOM_FILE, cfg.tls_randfile) if cfg.tls_ciphers: ldap.set_option(ldap.OPT_X_TLS_CIPHER_SUITE, cfg.tls_ciphers) if cfg.tls_cert: ldap.set_option(ldap.OPT_X_TLS_CERTFILE, cfg.tls_cert) if cfg.tls_key: ldap.set_option(ldap.OPT_X_TLS_KEYFILE, cfg.tls_key) # start worker threads threads = [] for i in range(cfg.threads): thread = threading.Thread(target=worker, name='thread%d' % i) thread.setDaemon(True) thread.start() logging.debug('started thread %s', thread.getName()) threads.append(thread) # wait for all threads to die for thread in threads: thread.join(10000) except: logging.exception('main loop exit') # no need to re-raise since we are exiting anyway nss-pam-ldapd-0.8.13/pynslcd/shadow.py0000644000175000001440000000765112137303542014504 00000000000000 # shadow.py - lookup functions for shadow information # # Copyright (C) 2010, 2011, 2012, 2013 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import logging import cache import common import constants attmap = common.Attributes(uid='uid', userPassword='"*"', shadowLastChange='"${shadowLastChange:--1}"', shadowMin='"${shadowMin:--1}"', shadowMax='"${shadowMax:--1}"', shadowWarning='"${shadowWarning:--1}"', shadowInactive='"${shadowInactive:--1}"', shadowExpire='"${shadowExpire:--1}"', shadowFlag='"${shadowFlag:-0}"') filter = '(objectClass=shadowAccount)' class Search(common.Search): case_sensitive = ('uid', ) limit_attributes = ('uid', ) required = ('uid', ) class Cache(cache.Cache): pass class ShadowRequest(common.Request): def write(self, name, passwd, lastchangedate, mindays, maxdays, warndays, inactdays, expiredate, flag): self.fp.write_string(name) self.fp.write_string(passwd) self.fp.write_int32(lastchangedate) self.fp.write_int32(mindays) self.fp.write_int32(maxdays) self.fp.write_int32(warndays) self.fp.write_int32(inactdays) self.fp.write_int32(expiredate) self.fp.write_int32(flag) def convert(self, dn, attributes, parameters): names = attributes['uid'] passwd = attributes['userPassword'][0] if not passwd or self.calleruid != 0: passwd = '*' # function for making an int def mk_int(attr): try: return int(attr) except TypeError: return None # get lastchange date lastchangedate = mk_int(attributes.get('shadowLastChange', [0])[0]) # we expect an AD 64-bit datetime value; # we should do date=date/864000000000-134774 # but that causes problems on 32-bit platforms, # first we devide by 1000000000 by stripping the # last 9 digits from the string and going from there */ if attmap['shadowLastChange'] == 'pwdLastSet': lastchangedate = (lastchangedate / 864000000000) - 134774 # get longs mindays = mk_int(attributes.get('shadowMin', [-1])[0]) maxdays = mk_int(attributes.get('shadowMax', [-1])[0]) warndays = mk_int(attributes.get('shadowWarning', [-1])[0]) inactdays = mk_int(attributes.get('shadowInactive', [-1])[0]) expiredate = mk_int(attributes.get('shadowExpire', [-1])[0]) flag = mk_int(attributes.get('shadowFlag', [0])[0]) if attmap['shadowFlag'] == 'pwdLastSet': if flag & 0x10000: maxdays = -1 flag = 0 # return results for name in names: yield (name, passwd, lastchangedate, mindays, maxdays, warndays, inactdays, expiredate, flag) class ShadowByNameRequest(ShadowRequest): action = constants.NSLCD_ACTION_SHADOW_BYNAME def read_parameters(self, fp): return dict(uid=fp.read_string()) class ShadowAllRequest(ShadowRequest): action = constants.NSLCD_ACTION_SHADOW_ALL nss-pam-ldapd-0.8.13/pynslcd/rpc.py0000644000175000001440000000411511711261041013765 00000000000000 # rpc.py - rpc name lookup routines # # Copyright (C) 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import cache import common import constants attmap = common.Attributes(cn='cn', oncRpcNumber='oncRpcNumber') filter = '(objectClass=oncRpc)' class Search(common.Search): case_sensitive = ('cn', ) canonical_first = ('cn', ) required = ('cn', 'oncRpcNumber') class Cache(cache.Cache): def retrieve(self, parameters): query = cache.CnAliasedQuery('rpc', parameters) for row in cache.RowGrouper(query.execute(self.con), ('cn', ), ('alias', )): yield row['cn'], row['alias'], row['oncRpcNumber'] class RpcRequest(common.Request): def write(self, name, aliases, number): self.fp.write_string(name) self.fp.write_stringlist(aliases) self.fp.write_int32(number) def convert(self, dn, attributes, parameters): names = attributes['cn'] yield (names[0], names[1:], int(attributes['oncRpcNumber'][0])) class RpcByNameRequest(RpcRequest): action = constants.NSLCD_ACTION_RPC_BYNAME def read_parameters(self, fp): return dict(cn=fp.read_string()) class RpcByNumberRequest(RpcRequest): action = constants.NSLCD_ACTION_RPC_BYNUMBER def read_parameters(self, fp): return dict(oncRpcNumber=fp.read_int32()) class RpcAllRequest(RpcRequest): action = constants.NSLCD_ACTION_RPC_ALL nss-pam-ldapd-0.8.13/pynslcd/attmap.py0000644000175000001440000001265511751034212014501 00000000000000 # attmap.py - attribute mapping class # # Copyright (C) 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA """Module for handling attribute mappings used for LDAP searches. >>> attrs = Attributes(uid='uid', ... userPassword='userPassword', ... uidNumber='uidNumber', ... gidNumber='gidNumber', ... gecos='"${gecos:-$cn}"', ... homeDirectory='homeDirectory', ... loginShell='loginShell') >>> 'cn' in attrs.attributes() True >>> attrs.translate({'uid': ['UIDVALUE', '2nduidvalue'], 'cn': ['COMMON NAME', ]}) {'uid': ['UIDVALUE', '2nduidvalue'], 'loginShell': [], 'userPassword': [], 'uidNumber': [], 'gidNumber': [], 'gecos': ['COMMON NAME'], 'homeDirectory': []} >>> attrs['uidNumber'] # a representation fit for logging and filters 'uidNumber' >>> attrs['gecos'] '"${gecos:-$cn}"' """ import ldap import re from ldap.filter import escape_filter_chars as escape from expr import Expression # exported names __all__ = ('Attributes', ) # TODO: support objectSid attributes # regular expression to match function attributes attribute_func_re = re.compile('^(?P[a-z]+)\((?P.*)\)$') class SimpleMapping(str): """Simple mapping to another attribute name.""" def attributes(self): return [self] def mk_filter(self, value): return '(%s=%s)' % (self, escape(str(value))) def values(self, variables): """Expand the expression using the variables specified.""" return variables.get(self, []) class ExpressionMapping(str): """Class for parsing and expanding an expression.""" def __init__(self, value): """Parse the expression as a string.""" self.expression = Expression(value) super(ExpressionMapping, self).__init__(value) def values(self, variables): """Expand the expression using the variables specified.""" return [self.expression.value(variables)] def attributes(self): """Return the attributes defined in the expression.""" return self.expression.variables() class FunctionMapping(str): """Mapping to a function to another attribute.""" def __init__(self, mapping): self.mapping = mapping m = attribute_func_re.match(mapping) self.attribute = m.group('attribute') self.function = getattr(self, m.group('function')) super(FunctionMapping, self).__init__(mapping) def upper(self, value): return value.upper() def lower(self, value): return value.lower() def attributes(self): return [self.attribute] def mk_filter(self, value): return '(%s=%s)' % (self.attribute, escape(value)) def values(self, variables): return [self.function(value) for value in variables.get(self.attribute, [])] class Attributes(dict): """Dictionary-like class for handling attribute mapping.""" def __init__(self, *args, **kwargs): self.update(*args, **kwargs) def __setitem__(self, attribute, mapping): # translate the mapping into a mapping object if mapping[0] == '"' and mapping[-1] == '"': mapping = ExpressionMapping(mapping[1:-1]) elif '(' in mapping: mapping = FunctionMapping(mapping) else: mapping = SimpleMapping(mapping) super(Attributes, self).__setitem__(attribute, mapping) def update(self, *args, **kwargs): for arg in args: other = dict(arg) for key in other: self[key] = other[key] for key in kwargs: self[key] = kwargs[key] def attributes(self): """Return the list of attributes that are referenced in this attribute mapping. These are the attributes that should be requested in the search.""" attributes = set() for mapping in self.itervalues(): attributes.update(mapping.attributes()) return list(attributes) def mk_filter(self, attribute, value): """Construct a search filter for searching for the attribute value combination.""" mapping = self.get(attribute, SimpleMapping(attribute)) return mapping.mk_filter(value) def translate(self, variables): """Return a dictionary with every attribute mapped to their value from the specified variables.""" results = dict() for attribute, mapping in self.iteritems(): results[attribute] = mapping.values(variables) return results def get_rdn_value(self, dn, attribute): """Extract the attribute value from from DN if possible. Return None otherwise.""" return self.translate(dict((x, [y]) for x, y, z in ldap.dn.str2dn(dn)[0]))[attribute][0] nss-pam-ldapd-0.8.13/pynslcd/network.py0000644000175000001440000000547011711261040014676 00000000000000 # network.py - lookup functions for network names and addresses # # Copyright (C) 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import cache import common import constants attmap = common.Attributes(cn='cn', ipNetworkNumber='ipNetworkNumber') filter = '(objectClass=ipNetwork)' class Search(common.Search): canonical_first = ('cn', ) required = ('cn', ) class NetworkQuery(cache.CnAliasedQuery): sql = ''' SELECT `network_cache`.`cn` AS `cn`, `network_1_cache`.`cn` AS `alias`, `network_2_cache`.`ipNetworkNumber` AS `ipNetworkNumber` FROM `network_cache` LEFT JOIN `network_1_cache` ON `network_1_cache`.`network` = `network_cache`.`cn` LEFT JOIN `network_2_cache` ON `network_2_cache`.`network` = `network_cache`.`cn` ''' def __init__(self, parameters): super(NetworkQuery, self).__init__('network', parameters) class Cache(cache.Cache): def retrieve(self, parameters): query = NetworkQuery(parameters) for row in cache.RowGrouper(query.execute(self.con), ('cn', ), ('alias', 'ipNetworkNumber', )): yield row['cn'], row['alias'], row['ipNetworkNumber'] class NetworkRequest(common.Request): def write(self, networkname, aliases, addresses): self.fp.write_string(networkname) self.fp.write_stringlist(aliases) self.fp.write_int32(len(addresses)) for address in addresses: self.fp.write_address(address) def convert(self, dn, attributes, parameters): netnames = attributes['cn'] yield (netnames[0], netnames[1:], attributes['ipNetworkNumber']) class NetworkByNameRequest(NetworkRequest): action = constants.NSLCD_ACTION_NETWORK_BYNAME def read_parameters(self, fp): return dict(cn=fp.read_string()) class NetworkByAddressRequest(NetworkRequest): action = constants.NSLCD_ACTION_NETWORK_BYADDR def read_parameters(self, fp): return dict(ipNetworkNumber=fp.read_address()) class NetworkAllRequest(NetworkRequest): action = constants.NSLCD_ACTION_NETWORK_ALL nss-pam-ldapd-0.8.13/pynslcd/pam.py0000644000175000001440000001601512000614374013763 00000000000000 # pam.py - functions authentication, authorisation and session handling # # Copyright (C) 2010, 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import logging import socket from ldap.filter import escape_filter_chars as escape import ldap import cfg import common import constants import passwd def try_bind(userdn, password): # open a new connection conn = ldap.initialize(cfg.uri) # bind using the specified credentials conn.simple_bind_s(userdn, password) # perform search for own object (just to do any kind of search) res = conn.search_s(userdn, ldap.SCOPE_BASE, '(objectClass=*)', ['dn', ]) for entry in res: if entry[0] == userdn: return raise ldap.NO_SUCH_OBJECT() class PAMRequest(common.Request): def validate_request(self, parameters): """This method checks the provided username for validity and fills in the DN if needed.""" # check username for validity common.validate_name(parameters['username']) # look up user DN entry = passwd.uid2entry(self.conn, parameters['username']) if not entry: raise ValueError('%r: user not found' % parameters['username']) # save the DN parameters['userdn'] = entry[0] # get the "real" username value = passwd.attmap.get_rdn_value(entry[0], 'uid') if not value: # get the username from the uid attribute values = entry[1]['uid'] if not values or not values[0]: logging.warning('%s: is missing a %s attribute', dn, passwd.attmap['uid']) value = values[0] # check the username if value and not common.isvalidname(value): raise ValueError('%s: has invalid %s attribute', dn, passwd.attmap['uid']) # check if the username is different and update it if needed if value != parameters['username']: logging.info('username changed from %r to %r', parameters['username'], value) parameters['username'] = value class PAMAuthenticationRequest(PAMRequest): action = constants.NSLCD_ACTION_PAM_AUTHC def read_parameters(self, fp): return dict(username=fp.read_string(), ignore_userdn=fp.read_string(), service=fp.read_string(), password=fp.read_string()) #self.validate_request() # TODO: log call with parameters def write(self, parameters, code=constants.NSLCD_PAM_SUCCESS, msg=''): self.fp.write_int32(constants.NSLCD_RESULT_BEGIN) self.fp.write_string(parameters['username']) self.fp.write_string('') # userdn self.fp.write_int32(code) # authc self.fp.write_int32(constants.NSLCD_PAM_SUCCESS) # authz self.fp.write_string(msg) # authzmsg self.fp.write_int32(constants.NSLCD_RESULT_END) def handle_request(self, parameters): # if the username is blank and rootpwmoddn is configured, try to # authenticate as administrator, otherwise validate request as usual if not parameters['username'] and cfg.rootpwmoddn: # authenticate as rootpwmoddn userdn = cfg.rootpwmoddn # if the caller is root we will allow the use of rootpwmodpw if not parameters['password'] and self.calleruid == 0 and cfg.rootpwmodpw: password = cfg.rootpwmodpw elif parameters['password']: password = parameters['password'] else: raise ValueError('password missing') else: self.validate_request(parameters) userdn = parameters['userdn'] password = parameters['password'] # try authentication try: try_bind(userdn, password) logging.debug('bind successful') self.write(parameters) except ldap.INVALID_CREDENTIALS, e: try: msg = e[0]['desc'] except: msg = str(e) logging.debug('bind failed: %s', msg) self.write(parameters, constants.NSLCD_PAM_AUTH_ERR, msg) class PAMAuthorisationRequest(PAMRequest): action = constants.NSLCD_ACTION_PAM_AUTHZ def read_parameters(self, fp): return dict(username=fp.read_string(), ignore_userdn=fp.read_string(), service=fp.read_string(), ruser=fp.read_string(), rhost=fp.read_string(), tty=fp.read_string()) # TODO: log call with parameters def write(self, parameters, code=constants.NSLCD_PAM_SUCCESS, msg=''): self.fp.write_int32(constants.NSLCD_RESULT_BEGIN) self.fp.write_string(parameters['username']) self.fp.write_string('') # userdn self.fp.write_int32(code) self.fp.write_string(msg) self.fp.write_int32(constants.NSLCD_RESULT_END) def check_authzsearch(self, parameters): if not cfg.pam_authz_searches: return # escape all parameters variables = dict((k, escape(v)) for k, v in parameters.items()) variables.update( hostname=escape(socket.gethostname()), fqdn=escape(socket.getfqdn()), dn=variables['userdn'], uid=variables['username'], ) # go over all authz searches for x in cfg.pam_authz_searches: filter = x.value(variables) logging.debug('trying pam_authz_search "%s"', filter) search = common.Search(self.conn, filter=filter, attributes=('dn', )) try: dn, values = search.items().next() except StopIteration: logging.error('pam_authz_search "%s" found no matches', filter) raise logging.debug('pam_authz_search found "%s"', dn) def handle_request(self, parameters): # fill in any missing userdn, etc. self.validate_request(parameters) # check authorisation search try: self.check_authzsearch(parameters) except StopIteration: self.write(parameters, constants.NSLCD_PAM_PERM_DENIED, 'LDAP authorisation check failed') return # all tests passed, return OK response self.write(parameters) #NSLCD_ACTION_PAM_SESS_O #NSLCD_ACTION_PAM_SESS_C #NSLCD_ACTION_PAM_PWMOD nss-pam-ldapd-0.8.13/pynslcd/expr.py0000644000175000001440000001221611751034212014162 00000000000000 # expr.py - expression handling functions # # Copyright (C) 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA """Module for handling expressions used for LDAP searches. >>> expr = Expression('foo=$foo') >>> expr.value(dict(foo='XX')) 'foo=XX' >>> expr = Expression('foo=${foo:-$bar}') >>> expr.value(dict(foo='', bar='YY')) 'foo=YY' >>> expr.value(dict(bar=['YY', 'ZZ'])) 'foo=YY' """ # exported names __all__ = ('Expression', ) # TODO: do more expression validity checking class MyIter(object): """Custom iterator-like class with a back() method.""" def __init__(self, value): self.value = value self.pos = 0 def next(self): self.pos += 1 try: return self.value[self.pos - 1] except IndexError: return None def back(self): self.pos -= 1 def __iter__(self): return self def get_name(self): """Read a variable name from the value iterator.""" name = '' for c in self: if not c or not c.isalnum(): self.back() return name name += c return name class DollarExpression(object): """Class for handling a variable $xxx ${xxx}, ${xxx:-yyy} or ${xxx:+yyy} expression.""" def __init__(self, value): """Parse the expression as the start of a $-expression.""" self.op = None self.expr = None c = value.next() if c == '{': self.name = value.get_name() c = value.next() if c == '}': return self.op = c + value.next() self.expr = Expression(value, endat='}') elif c == '(': self.name = None self.op = value.get_name() c = value.next() if c != '(': raise ValueError("Expecting '('") self.expr = Expression(value, endat=')') c = value.next() if c != ')': raise ValueError("Expecting ')'") else: value.back() self.name = value.get_name() def value(self, variables): """Expand the expression using the variables specified.""" # lookup the value value = variables.get(self.name, '') if value in (None, [], ()): value = '' elif isinstance(value, (list, tuple)): value = value[0] # TODO: try to return multiple values, one for each value of the list if self.op == ':-': return value if value else self.expr.value(variables) elif self.op == ':+': return self.expr.value(variables) if value else '' elif self.op == 'lower': return self.expr.value(variables).lower() elif self.op == 'upper': return self.expr.value(variables).upper() return value def variables(self, results): """Add the variables used in the expression to results.""" if self.name: results.add(self.name) if self.expr: self.expr.variables(results) class Expression(object): """Class for parsing and expanding an expression.""" def __init__(self, value, endat=None): """Parse the expression as a string.""" if not isinstance(value, MyIter): self.expression = value value = MyIter(value) expr = [] literal = '' c = value.next() while c != endat: if c == '$': if literal: expr.append(literal) expr.append(DollarExpression(value)) literal = '' elif c == '\\': literal += value.next() else: literal += c c = value.next() if literal: expr.append(literal) self.expr = expr def value(self, variables): """Expand the expression using the variables specified.""" res = '' for x in self.expr: if hasattr(x, 'value'): res += x.value(variables) else: res += x return res def variables(self, results=None): """Return the variables defined in the expression.""" if not results: results = set() for x in self.expr: if hasattr(x, 'variables'): x.variables(results) return results def __str__(self): return self.expression def __repr__(self): return repr(str(self)) nss-pam-ldapd-0.8.13/pynslcd/alias.py0000644000175000001440000000443612137303542014306 00000000000000 # alias.py - lookup functions for email aliases # # Copyright (C) 2010, 2011, 2012, 2013 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import cache import common import constants attmap = common.Attributes(cn='cn', rfc822MailMember='rfc822MailMember') filter = '(objectClass=nisMailAlias)' class Search(common.Search): case_insensitive = ('cn', ) limit_attributes = ('cn', ) required = ('cn', 'rfc822MailMember') class Cache(cache.Cache): retrieve_sql = ''' SELECT `alias_cache`.`cn` AS `cn`, `alias_1_cache`.`rfc822MailMember` AS `rfc822MailMember` FROM `alias_cache` LEFT JOIN `alias_1_cache` ON `alias_1_cache`.`alias` = `alias_cache`.`cn` ''' def retrieve(self, parameters): query = cache.Query(self.retrieve_sql, parameters) # return results, returning the members as a list for row in cache.RowGrouper(query.execute(self.con), ('cn', ), ('rfc822MailMember', )): yield row['cn'], row['rfc822MailMember'] class AliasRequest(common.Request): def write(self, name, members): self.fp.write_string(name) self.fp.write_stringlist(members) def convert(self, dn, attributes, parameters): names = attributes['cn'] members = attributes['rfc822MailMember'] for name in names: yield (name, members) class AliasByNameRequest(AliasRequest): action = constants.NSLCD_ACTION_ALIAS_BYNAME def read_parameters(self, fp): return dict(cn=fp.read_string()) class AliasAllRequest(AliasRequest): action = constants.NSLCD_ACTION_ALIAS_ALL nss-pam-ldapd-0.8.13/pynslcd/passwd.py0000644000175000001440000000744411711261041014512 00000000000000 # passwd.py - lookup functions for user account information # # Copyright (C) 2010, 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import logging import cache import common import constants attmap = common.Attributes(uid='uid', userPassword='"*"', uidNumber='uidNumber', gidNumber='gidNumber', gecos='"${gecos:-$cn}"', homeDirectory='homeDirectory', loginShell='loginShell', objectClass='objectClass') filter = '(objectClass=posixAccount)' class Search(common.Search): case_sensitive = ('uid', 'uidNumber', ) limit_attributes = ('uid', 'uidNumber', ) required = ('uid', 'uidNumber', 'gidNumber', 'gecos', 'homeDirectory', 'loginShell') class Cache(cache.Cache): pass class PasswdRequest(common.Request): def write(self, name, passwd, uid, gid, gecos, home, shell): self.fp.write_string(name) self.fp.write_string(passwd) self.fp.write_uid_t(uid) self.fp.write_gid_t(gid) self.fp.write_string(gecos) self.fp.write_string(home) self.fp.write_string(shell) def convert(self, dn, attributes, parameters): names = attributes['uid'] if 'shadowAccount' in attributes['objectClass']: passwd = 'x' else: passwd = attributes['userPassword'][0] uids = [int(x) for x in attributes['uidNumber']] gid = int(attributes['gidNumber'][0]) gecos = attributes['gecos'][0] home = attributes['homeDirectory'][0] shell = attributes['loginShell'][0] for name in names: if not common.isvalidname(name): logging.warning('%s: %s: denied by validnames option', dn, attmap['uid']) else: for uid in uids: yield (name, passwd, uid, gid, gecos, home, shell) class PasswdByNameRequest(PasswdRequest): action = constants.NSLCD_ACTION_PASSWD_BYNAME def read_parameters(self, fp): name = fp.read_string() common.validate_name(name) return dict(uid=name) class PasswdByUidRequest(PasswdRequest): action = constants.NSLCD_ACTION_PASSWD_BYUID def read_parameters(self, fp): return dict(uidNumber=fp.read_uid_t()) class PasswdAllRequest(PasswdRequest): action = constants.NSLCD_ACTION_PASSWD_ALL def uid2entry(conn, uid): """Look up the user by uid and return the LDAP entry or None if the user was not found.""" for dn, attributes in Search(conn, parameters=dict(uid=uid)): return dn, attributes def uid2dn(conn, uid): """Look up the user by uid and return the DN or None if the user was not found.""" x = uid2entry(conn, uid) if x is not None: return x[0] # FIXME: use cache of dn2uid and try to use DN to get uid attribute def dn2uid(conn, dn): """Look up the user by dn and return a uid or None if the user was not found.""" for dn, attributes in Search(conn, base=dn): return attributes['uid'][0] nss-pam-ldapd-0.8.13/pynslcd/cfg.py0000644000175000001440000002541112050523445013750 00000000000000 # cfg.py - module for accessing configuration information # # Copyright (C) 2010, 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import logging import re import sys import ldap from expr import Expression # the number of threads to start threads = 5 # the user id nslcd should be run as uid = None # the group id nslcd should be run as gid = None # the LDAP server to use # FIXME: support multiple servers and have a fail-over mechanism uri = None # LDAP protocol version to use (perhaps fix at 3?) ldap_version = ldap.VERSION3 # the DN to use when binding binddn = None bindpw = None # the DN to use to perform password modifications as root rootpwmoddn = None rootpwmodpw = None # SASL configuration sasl_mech = None sasl_realm = None sasl_authcid = None sasl_authzid = None sasl_secprops = None sasl_canonicalize = None # LDAP bases to search bases = [] # default search scope for searches scope = ldap.SCOPE_SUBTREE deref = ldap.DEREF_NEVER referrals = True # timing configuration bind_timelimit = 10 timelimit = ldap.NO_LIMIT idle_timelimit = 0 reconnect_sleeptime = 1 reconnect_retrytime = 10 # SSL/TLS options ssl = None tls_reqcert = None tls_cacertdir = None tls_cacertfile = None tls_randfile = None tls_ciphers = None tls_cert = None tls_key = None # other options pagesize = 0 nss_initgroups_ignoreusers = set() nss_min_uid = 0 validnames = re.compile(r'^[a-z0-9._@$][a-z0-9._@$ \\~-]{0,98}[a-z0-9._@$~-]$', re.IGNORECASE) pam_authz_searches = [] pam_password_prohibit_message = None # allowed boolean values _boolean_options = {'on': True, 'yes': True, 'true': True, '1': True, 'off': False, 'no': False, 'false': False, '0': False} # allowed values for scope option _scope_options = dict(sub=ldap.SCOPE_SUBTREE, subtree=ldap.SCOPE_SUBTREE, one=ldap.SCOPE_ONELEVEL, onelevel=ldap.SCOPE_ONELEVEL, base=ldap.SCOPE_BASE) # allowed values for the deref option _deref_options = dict(never=ldap.DEREF_NEVER, searching=ldap.DEREF_SEARCHING, finding=ldap.DEREF_FINDING, always=ldap.DEREF_ALWAYS) # allowed values for the ssl option _ssl_options = dict(start_tls='STARTTLS', starttls='STARTTLS', on='LDAPS', off=None) # allowed values for the tls_reqcert option _tls_reqcert_options = {'never': ldap.OPT_X_TLS_NEVER, 'no': ldap.OPT_X_TLS_NEVER, 'allow': ldap.OPT_X_TLS_ALLOW, 'try': ldap.OPT_X_TLS_TRY, 'demand': ldap.OPT_X_TLS_DEMAND, 'yes': ldap.OPT_X_TLS_DEMAND, 'hard': ldap.OPT_X_TLS_HARD} def _get_maps(): # separate function as not to pollute the namespace and avoid import loops import alias, ether, group, host, netgroup, network, passwd import protocol, rpc, service, shadow return dict( alias=alias, aliases=alias, ether=ether, ethers=ether, group=group, host=host, hosts=host, netgroup=netgroup, network=network, networks=network, passwd=passwd, protocol=protocol, protocols=protocol, rpc=rpc, service=service, services=service, shadow=shadow, none=sys.modules[__name__] ) class ParseError(Exception): def __init__(self, filename, lineno, message): self.message = '%s:%d: %s' % (filename, lineno, message) def __repr__(self): return self.message __str__ = __repr__ def read(filename): maps = _get_maps() lineno = 0 for line in open(filename, 'r'): lineno += 1 line = line.strip() # skip comments and blank lines if re.match('(#.*)?$', line, re.IGNORECASE): continue # parse options with a single integer argument m = re.match('(?Pthreads|ldap_version|bind_timelimit|timelimit|idle_timelimit|reconnect_sleeptime|reconnect_retrytime|pagesize|nss_min_uid)\s+(?P\d+)', line, re.IGNORECASE) if m: globals()[m.group('keyword').lower()] = int(m.group('value')) continue # parse options with a single boolean argument m = re.match('(?Preferrals)\s+(?P%s)' % '|'.join(_boolean_options.keys()), line, re.IGNORECASE) if m: globals()[m.group('keyword').lower()] = _boolean_options[m.group('value').lower()] continue # parse options with a single no-space value m = re.match('(?Puid|gid|bindpw|rootpwmodpw|sasl_mech)\s+(?P\S+)', line, re.IGNORECASE) if m: globals()[m.group('keyword').lower()] = m.group('value') continue # parse options with a single value that can contain spaces m = re.match('(?Pbinddn|rootpwmoddn|sasl_realm|sasl_authcid|sasl_authzid|sasl_secprops|krb5_ccname|tls_cacertdir|tls_cacertfile|tls_randfile|tls_ciphers|tls_cert|tls_key|pam_password_prohibit_message)\s+(?P\S.*)', line, re.IGNORECASE) if m: globals()[m.group('keyword').lower()] = m.group('value') continue # uri m = re.match('uri\s+(?P\S+)', line, re.IGNORECASE) if m: # FIXME: support multiple URI values # FIXME: support special DNS and DNS:domain values global uri uri = m.group('uri') continue # base ? m = re.match('base\s+((?P%s)\s+)?(?P\S.*)' % '|'.join(maps.keys()), line, re.IGNORECASE) if m: mod = maps[str(m.group('map')).lower()] if not hasattr(mod, 'bases'): mod.bases = [] mod.bases.append(m.group('value')) continue # filter m = re.match('filter\s+(?P%s)\s+(?P\S.*)' % '|'.join(maps.keys()), line, re.IGNORECASE) if m: mod = maps[m.group('map').lower()] mod.filter = m.group('value') continue # scope ? m = re.match('scope\s+((?P%s)\s+)?(?P%s)' % ( '|'.join(maps.keys()), '|'.join(_scope_options.keys())), line, re.IGNORECASE) if m: mod = maps[str(m.group('map')).lower()] mod.scope = _scope_options[m.group('keyword').lower()] continue # map m = re.match('map\s+(?P%s)\s+(?P\S+)\s+(?P\S.*)' % '|'.join(maps.keys()), line, re.IGNORECASE) if m: mod = maps[m.group('map').lower()] attribute = m.group('attribute') if attribute not in mod.attmap: raise ParseError(filename, lineno, 'attribute %s unknown' % attribute) mod.attmap[attribute] = m.group('value') # TODO: filter out attributes that cannot be an expression continue # deref m = re.match('deref\s+(?P%s)' % '|'.join(_deref_options.keys()), line, re.IGNORECASE) if m: global deref deref = _deref_options[m.group('value').lower()] continue # nss_initgroups_ignoreusers | m = re.match('nss_initgroups_ignoreusers\s+(?P\S.*)', line, re.IGNORECASE) if m: users = m.group('value') if users.lower() == 'alllocal': # get all users known to the system currently (since nslcd # isn't yet running, this should work) import pwd users = (x.pw_name for x in pwd.getpwall()) else: users = users.split(',') # TODO: warn about unknown users nss_initgroups_ignoreusers.update(users) continue # pam_authz_search m = re.match('pam_authz_search\s+(?P\S.*)', line, re.IGNORECASE) if m: pam_authz_searches.append(Expression(m.group('value'))) # TODO: check pam_authz_search expression to only contain # username, service, ruser, rhost, tty, hostname, fqdn, dn or # uid variables continue # ssl m = re.match('ssl\s+(?P%s)' % '|'.join(_ssl_options.keys()), line, re.IGNORECASE) if m: global ssl ssl = _ssl_options[m.group('value').lower()] continue # sasl_canonicalize yes|no m = re.match('(ldap_?)?sasl_(?Pno)?canon(icali[sz]e)?\s+(?P%s)' % '|'.join(_boolean_options.keys()), line, re.IGNORECASE) if m: global sasl_canonicalize sasl_canonicalize = _boolean_options[m.group('value').lower()] if m.group('no'): sasl_canonicalize = not sasl_canonicalize continue # tls_reqcert m = re.match('tls_reqcert\s+(?P%s)' % '|'.join(_tls_reqcert_options.keys()), line, re.IGNORECASE) if m: global tls_reqcert tls_reqcert = _tls_reqcert_options[m.group('value').lower()] continue # validnames /REGEX/i? m = re.match('validnames\s+/(?P.*)/(?P[i]?)$', line, re.IGNORECASE) if m: global validnames flags = 0 | re.IGNORECASE if m.group('flags') == 'i' else 0 validnames = re.compile(m.group('value'), flags=flags) continue # unrecognised line raise ParseError(filename, lineno, 'error parsing line %r' % line) # dump config (debugging code) for k, v in globals().items(): if not k.startswith('_'): logging.debug('%s=%r', k, v) nss-pam-ldapd-0.8.13/pynslcd/common.py0000644000175000001440000002327311751033715014510 00000000000000 # common.py - functions that are used by different modules # # Copyright (C) 2010, 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import logging import sys import ldap import ldap.dn from attmap import Attributes import cache import cfg import constants def isvalidname(name): """Checks to see if the specified name seems to be a valid user or group name. This test is based on the definition from POSIX (IEEE Std 1003.1, 2004, 3.426 User Name, 3.189 Group Name and 3.276 Portable Filename Character Set): http://www.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap03.html#tag_03_426 http://www.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap03.html#tag_03_189 http://www.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap03.html#tag_03_276 The standard defines user names valid if they contain characters from the set [A-Za-z0-9._-] where the hyphen should not be used as first character. As an extension this test allows some more characters.""" return bool(cfg.validnames.search(name)) def validate_name(name): """Checks to see if the specified name seems to be a valid user or group name. See isvalidname().""" if not cfg.validnames.search(name): raise ValueError('%r: denied by validnames option' % name) class Search(object): """ Class that performs a search. Subclasses are expected to define the actual searches and should implement the following members: case_sensitive - check that these attributes are present in the response if they were in the request case_insensitive - check that these attributes are present in the response if they were in the request limit_attributes - override response attributes with request attributes (ensure that only one copy of the value is returned) required - attributes that are required canonical_first - search the DN for these attributes and ensure that they are listed first in the attribute values mk_filter() (optional) - function that returns the LDAP search filter The module that contains the Request class can also contain the following definitions: attmap - an attribute mapping definition (using he Attributes class) filter - an LDAP search filter bases - search bases to be used, falls back to cfg.bases scope - search scope, falls back to cfg.scope """ canonical_first = [] required = [] case_sensitive = [] case_insensitive = [] limit_attributes = [] # FIXME: figure out which of these arguments are actually needed def __init__(self, conn, base=None, scope=None, filter=None, attributes=None, parameters=None): # load information from module that defines the class self.conn = conn module = sys.modules[self.__module__] self.attmap = getattr(module, 'attmap', None) self.filter = filter or getattr(module, 'filter', None) self.parameters = parameters or {} if base: self.bases = [base] else: self.bases = getattr(module, 'bases', cfg.bases) self.scope = scope or getattr(module, 'scope', cfg.scope) self.attributes = attributes or self.attmap.attributes() def __iter__(self): return self.items() def items(self): """Return the results from the search.""" filter = self.mk_filter() for base in self.bases: logging.debug('SEARCHING %s %s', base, filter) try: for entry in self.conn.search_s(base, self.scope, filter, self.attributes): if entry[0]: entry = self.handle_entry(entry[0], entry[1]) if entry: yield entry except ldap.NO_SUCH_OBJECT: # FIXME: log message pass def escape(self, value): """Escape the provided value so it may be used in a search filter.""" return ldap.filter.escape_filter_chars(str(value)) def mk_filter(self): """Return the active search filter (based on the read parameters).""" if self.parameters: return '(&%s%s)' % ( self.filter, ''.join(self.attmap.mk_filter(attribute, value) for attribute, value in self.parameters.items())) return self.filter def handle_entry(self, dn, attributes): """Handle an entry with the specified attributes, filtering it with the request parameters where needed.""" # translate the attributes using the attribute mapping if self.attmap: attributes = self.attmap.translate(attributes) # make sure value from DN is first value for attr in self.canonical_first: primary_value = self.attmap.get_rdn_value(dn, attr) if primary_value: values = attributes[attr] if primary_value in values: values.remove(primary_value) attributes[attr] = [primary_value] + values # check that these attributes have at least one value for attr in self.required: if not attributes.get(attr, None): logging.warning('%s: %s: missing', dn, self.attmap[attr]) return # check that requested attribute is present (case sensitive) for attr in self.case_sensitive: value = self.parameters.get(attr, None) if value and str(value) not in attributes[attr]: logging.debug('%s: %s: does not contain %r value', dn, self.attmap[attr], value) return # not found, skip entry # check that requested attribute is present (case insensitive) for attr in self.case_insensitive: value = self.parameters.get(attr, None) if value and str(value).lower() not in (x.lower() for x in attributes[attr]): logging.debug('%s: %s: does not contain %r value', dn, self.attmap[attr], value) return # not found, skip entry # limit attribute values to requested value for attr in self.limit_attributes: if attr in self.parameters: attributes[attr] = [self.parameters[attr]] # return the entry return dn, attributes class Request(object): """ Request handler class. Subclasses are expected to handle actual requests and should implement the following members: action - the NSLCD_ACTION_* action that should trigger this handler read_parameters() - a function that reads the request parameters of the request stream write() - function that writes a single LDAP entry to the result stream """ def __init__(self, fp, conn, calleruid): self.fp = fp self.conn = conn self.calleruid = calleruid module = sys.modules[self.__module__] self.search = getattr(module, 'Search', None) if not hasattr(module, 'cache_obj'): cache_cls = getattr(module, 'Cache', None) module.cache_obj = cache_cls() if cache_cls else None self.cache = module.cache_obj def read_parameters(self, fp): """This method should read the parameters from ths stream and store them in self.""" pass def handle_request(self, parameters): """This method handles the request based on the parameters read with read_parameters().""" try: with cache.con: for dn, attributes in self.search(conn=self.conn, parameters=parameters): for values in self.convert(dn, attributes, parameters): self.fp.write_int32(constants.NSLCD_RESULT_BEGIN) self.write(*values) if self.cache: self.cache.store(*values) except ldap.SERVER_DOWN: if self.cache: logging.debug('read from cache') # we assume server went down before writing any entries for values in self.cache.retrieve(parameters): self.fp.write_int32(constants.NSLCD_RESULT_BEGIN) self.write(*values) else: raise # write the final result code self.fp.write_int32(constants.NSLCD_RESULT_END) def __call__(self): parameters = self.read_parameters(self.fp) or {} logging.debug('%s(%r)', self.__class__.__name__, parameters) self.fp.write_int32(constants.NSLCD_VERSION) self.fp.write_int32(self.action) self.handle_request(parameters) def get_handlers(module): """Return a dictionary mapping actions to Request classes.""" import inspect res = {} if isinstance(module, basestring): module = __import__(module, globals()) for name, cls in inspect.getmembers(module, inspect.isclass): if issubclass(cls, Request) and hasattr(cls, 'action'): res[cls.action] = cls return res nss-pam-ldapd-0.8.13/pynslcd/netgroup.py0000644000175000001440000000443211711261041015046 00000000000000 # netgroup.py - lookup functions for netgroups # # Copyright (C) 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import logging import re import cache import common import constants _netgroup_triple_re = re.compile(r'^\s*\(\s*(?P.*)\s*,\s*(?P.*)\s*,\s*(?P.*)\s*\)\s*$') attmap = common.Attributes(cn='cn', nisNetgroupTriple='nisNetgroupTriple', memberNisNetgroup='memberNisNetgroup') filter = '(objectClass=nisNetgroup)' class Search(common.Search): case_sensitive = ('cn', ) required = ('cn', ) class Cache(cache.Cache): pass class NetgroupRequest(common.Request): def write(self, name, member): m = _netgroup_triple_re.match(member) if m: self.fp.write_int32(constants.NSLCD_NETGROUP_TYPE_TRIPLE) self.fp.write_string(m.group('host')) self.fp.write_string(m.group('user')) self.fp.write_string(m.group('domain')) else: self.fp.write_int32(constants.NSLCD_NETGROUP_TYPE_NETGROUP) self.fp.write_string(member) def convert(self, dn, attributes, parameters): # write the netgroup triples name = attributes['cn'][0] for triple in attributes['nisNetgroupTriple']: yield (name, triple) # write netgroup members for member in attributes['memberNisNetgroup']: yield (name, member) class NetgroupByNameRequest(NetgroupRequest): action = constants.NSLCD_ACTION_NETGROUP_BYNAME def read_parameters(self, fp): return dict(cn=fp.read_string()) nss-pam-ldapd-0.8.13/pynslcd/tio.py0000644000175000001440000000726111676704654014027 00000000000000 # tio.py - I/O functions # # Copyright (C) 2010, 2011 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import struct import os import socket # definition for reading and writing INT32 values _int32 = struct.Struct('i') # FIXME: use something from config.py to determine the correct size _uid_t = struct.Struct('i') # FIXME: use something from config.py to determine the correct size _gid_t = struct.Struct('i') # FIXME: use something from config.py to determine the correct size _struct_timeval = struct.Struct('ll') class TIOStreamError(Exception): pass class TIOStream(object): """File-like object that allows reading and writing nslcd-protocol entities.""" def __init__(self, conn): conn.setblocking(1) conn.setsockopt(socket.SOL_SOCKET, socket.SO_RCVTIMEO, _struct_timeval.pack(0, 500000)) conn.setsockopt(socket.SOL_SOCKET, socket.SO_SNDTIMEO, _struct_timeval.pack(60, 0)) self.fp = os.fdopen(conn.fileno(), 'w+b', 1024 * 1024) def read(self, size): return self.fp.read(size) def read_int32(self): return _int32.unpack(self.read(_int32.size))[0] def read_uid_t(self): return _uid_t.unpack(self.read(_uid_t.size))[0] def read_gid_t(self): return _gid_t.unpack(self.read(_gid_t.size))[0] def read_string(self, maxsize=None): len = self.read_int32() if maxsize and len >= maxsize: raise TIOStreamError() return self.read(len) def read_address(self): """Read an address (usually IPv4 or IPv6) from the stream and return the address as a string representation.""" af = self.read_int32() return socket.inet_ntop(af, self.read_string(maxsize=64)) def write(self, value): self.fp.write(value) def write_int32(self, value): self.write(_int32.pack(value)) def write_uid_t(self, value): self.write(_uid_t.pack(value)) def write_gid_t(self, value): self.write(_gid_t.pack(value)) def write_string(self, value): self.write_int32(len(value)) self.write(value) def write_stringlist(self, value): lst = tuple(value) self.write_int32(len(lst)) for string in lst: self.write_string(string) @staticmethod def _to_address(value): # try IPv4 first try: return socket.AF_INET, socket.inet_pton(socket.AF_INET, value) except socket.error: pass # try the next one # fall back to IPv6 return socket.AF_INET6, socket.inet_pton(socket.AF_INET6, value) def write_address(self, value): """Write an address (usually IPv4 or IPv6) in a string representation to the stream.""" # first try to make it into an IPv6 address af, address = TIOStream._to_address(value) self.write_int32(af) self.write_string(address) def close(self): try: self.fp.close() except IOError: pass def __del__(self): self.close() nss-pam-ldapd-0.8.13/pynslcd/service.py0000644000175000001440000001074311711261040014644 00000000000000 # service.py - service entry lookup routines # # Copyright (C) 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import datetime import ldap.filter import logging import cache import common import constants attmap = common.Attributes(cn='cn', ipServicePort='ipServicePort', ipServiceProtocol='ipServiceProtocol') filter = '(objectClass=ipService)' class Search(common.Search): case_sensitive = ('cn', 'ipServiceProtocol') limit_attributes = ('ipServiceProtocol', ) canonical_first = ('cn', ) required = ('cn', 'ipServicePort', 'ipServiceProtocol') class ServiceQuery(cache.CnAliasedQuery): sql = ''' SELECT `service_cache`.*, `service_1_cache`.`cn` AS `alias` FROM `service_cache` LEFT JOIN `service_1_cache` ON `service_1_cache`.`ipServicePort` = `service_cache`.`ipServicePort` AND `service_1_cache`.`ipServiceProtocol` = `service_cache`.`ipServiceProtocol` ''' cn_join = ''' LEFT JOIN `service_1_cache` `cn_alias` ON `cn_alias`.`ipServicePort` = `service_cache`.`ipServicePort` AND `cn_alias`.`ipServiceProtocol` = `service_cache`.`ipServiceProtocol` ''' def __init__(self, parameters): super(ServiceQuery, self).__init__('service', {}) for k, v in parameters.items(): if k == 'cn': self.add_query(self.cn_join) self.add_where('(`service_cache`.`cn` = ? OR `cn_alias`.`cn` = ?)', [v, v]) else: self.add_where('`service_cache`.`%s` = ?' % k, [v]) class Cache(cache.Cache): def store(self, name, aliases, port, protocol): self.con.execute(''' INSERT OR REPLACE INTO `service_cache` VALUES (?, ?, ?, ?) ''', (name, port, protocol, datetime.datetime.now())) self.con.execute(''' DELETE FROM `service_1_cache` WHERE `ipServicePort` = ? AND `ipServiceProtocol` = ? ''', (port, protocol)) self.con.executemany(''' INSERT INTO `service_1_cache` VALUES (?, ?, ?) ''', ((port, protocol, alias) for alias in aliases)) def retrieve(self, parameters): query = ServiceQuery(parameters) for row in cache.RowGrouper(query.execute(self.con), ('cn', 'ipServicePort', 'ipServiceProtocol'), ('alias', )): yield row['cn'], row['alias'], row['ipServicePort'], row['ipServiceProtocol'] class ServiceRequest(common.Request): def write(self, name, aliases, port, protocol): self.fp.write_string(name) self.fp.write_stringlist(aliases) self.fp.write_int32(port) self.fp.write_string(protocol) def convert(self, dn, attributes, parameters): names = attributes['cn'] port = int(attributes['ipServicePort'][0]) protocols = attributes['ipServiceProtocol'] for protocol in protocols: yield (names[0], names[1:], port, protocol) class ServiceByNameRequest(ServiceRequest): action = constants.NSLCD_ACTION_SERVICE_BYNAME def read_parameters(self, fp): name = fp.read_string() protocol = fp.read_string() if protocol: return dict(cn=name, ipServiceProtocol=protocol) else: return dict(cn=name) class ServiceByNumberRequest(ServiceRequest): action = constants.NSLCD_ACTION_SERVICE_BYNUMBER def read_parameters(self, fp): number = fp.read_int32() protocol = fp.read_string() if protocol: return dict(ipServicePort=number, ipServiceProtocol=protocol) else: return dict(ipServicePort=number) class ServiceAllRequest(ServiceRequest): action = constants.NSLCD_ACTION_SERVICE_ALL nss-pam-ldapd-0.8.13/pynslcd/ether.py0000644000175000001440000000440211711261041014307 00000000000000 # ether.py - lookup functions for ethernet addresses # # Copyright (C) 2010, 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import struct import cache import common import constants def ether_aton(ether): """Converst an ethernet address to binary form in network byte order.""" return struct.pack('BBBBBB', *(int(x, 16) for x in ether.split(':'))) def ether_ntoa(ether): """Conversts an ethernet address in network byte order to the string representation.""" return ':'.join('%x' % x for x in struct.unpack('6B', ether)) attmap = common.Attributes(cn='cn', macAddress='macAddress') filter = '(objectClass=ieee802Device)' class Search(common.Search): case_insensitive = ('cn', ) limit_attributes = ('cn', 'macAddress') required = ('cn', 'macAddress') class Cache(cache.Cache): pass class EtherRequest(common.Request): def write(self, name, ether): self.fp.write_string(name) self.fp.write(ether_aton(ether)) def convert(self, dn, attributes, parameters): for name in attributes['cn']: for ether in attributes['macAddress']: yield (name, ether) class EtherByNameRequest(EtherRequest): action = constants.NSLCD_ACTION_ETHER_BYNAME def read_parameters(self, fp): return dict(cn=fp.read_string()) class EtherByEtherRequest(EtherRequest): action = constants.NSLCD_ACTION_ETHER_BYETHER def read_parameters(self, fp): return dict(macAddress=ether_ntoa(fp.read(6))) class EtherAllRequest(EtherRequest): action = constants.NSLCD_ACTION_ETHER_ALL nss-pam-ldapd-0.8.13/pynslcd/protocol.py0000644000175000001440000000426111711261041015044 00000000000000 # protocol.py - protocol name and number lookup routines # # Copyright (C) 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import cache import common import constants attmap = common.Attributes(cn='cn', ipProtocolNumber='ipProtocolNumber') filter = '(objectClass=ipProtocol)' class Search(common.Search): case_sensitive = ('cn', ) canonical_first = ('cn', ) required = ('cn', 'ipProtocolNumber') class Cache(cache.Cache): def retrieve(self, parameters): query = cache.CnAliasedQuery('protocol', parameters) for row in cache.RowGrouper(query.execute(self.con), ('cn', ), ('alias', )): yield row['cn'], row['alias'], row['ipProtocolNumber'] class ProtocolRequest(common.Request): def write(self, name, names, number): self.fp.write_string(name) self.fp.write_stringlist(names) self.fp.write_int32(number) def convert(self, dn, attributes, parameters): names = attributes['cn'] yield (names[0], names[1:], int(attributes['ipProtocolNumber'][0])) class ProtocolByNameRequest(ProtocolRequest): action = constants.NSLCD_ACTION_PROTOCOL_BYNAME def read_parameters(self, fp): return dict(cn=fp.read_string()) class ProtocolByNumberRequest(ProtocolRequest): action = constants.NSLCD_ACTION_PROTOCOL_BYNUMBER def read_parameters(self, fp): return dict(ipProtocolNumber=fp.read_int32()) class ProtocolAllRequest(ProtocolRequest): action = constants.NSLCD_ACTION_PROTOCOL_ALL nss-pam-ldapd-0.8.13/pynslcd/mypidfile.py0000644000175000001440000000467111701577150015204 00000000000000 # mypidfile.py - functions for properly locking a PIDFile # # Copyright (C) 2010, 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import errno import fcntl import os class MyPIDLockFile(object): """Implementation of a PIDFile fit for use with the daemon module that locks the PIDFile with fcntl.lockf().""" def __init__(self, path): self.path = path def __enter__(self): """Lock the PID file and write the process ID to the file.""" fd = os.open(self.path, os.O_RDWR | os.O_CREAT, 0644) try: fcntl.lockf(fd, fcntl.LOCK_EX | fcntl.LOCK_NB) pidfile = os.fdopen(fd, 'w') except: os.close(fd) raise pidfile.write('%d\n' % os.getpid()) pidfile.truncate() pidfile.flush() self.pidfile = pidfile return self def __exit__(self, exc_type, exc_value, traceback): """Release the lock (close the lockfile).""" fcntl.lockf(self.pidfile.fileno(), fcntl.LOCK_UN) self.pidfile.close() del self.pidfile def is_locked(self): """Check whether the file is already present and locked.""" try: fd = os.open(self.path, os.O_RDWR, 0644) # Python doesn't seem to have F_TEST so we'll just try to lock fcntl.lockf(fd, fcntl.LOCK_EX | fcntl.LOCK_NB) # if we're here we must have aquired the lock fcntl.lockf(fd, fcntl.LOCK_UN) return False except (IOError, OSError), e: if e.errno == errno.ENOENT: return False if e.errno in (errno.EACCES, errno.EAGAIN): return True raise finally: if 'fd' in locals(): os.close(fd) nss-pam-ldapd-0.8.13/pynslcd/Makefile.in0000644000175000001440000004220312141445266014707 00000000000000# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am - use automake to generate Makefile.in # # Copyright (C) 2010, 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA VPATH = @srcdir@ am__make_dryrun = \ { \ am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ *) \ for am__flg in $$MAKEFLAGS; do \ case $$am__flg in \ *=*|--*) ;; \ *n*) am__dry=yes; break;; \ esac; \ done;; \ esac; \ test $$am__dry = yes; \ } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ subdir = pynslcd DIST_COMMON = $(pynslcd_PYTHON) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(srcdir)/config.py.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_pthread.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = config.py CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__py_compile = PYTHON=$(PYTHON) $(SHELL) $(py_compile) am__installdirs = "$(DESTDIR)$(pynslcddir)" "$(DESTDIR)$(pynslcddir)" py_compile = $(top_srcdir)/py-compile DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2X_MAN = @DOCBOOK2X_MAN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NSLCD_BINDPW_PATH = @NSLCD_BINDPW_PATH@ NSLCD_CONF_PATH = @NSLCD_CONF_PATH@ NSLCD_PIDFILE = @NSLCD_PIDFILE@ NSLCD_SOCKET = @NSLCD_SOCKET@ NSS_LDAP_SONAME = @NSS_LDAP_SONAME@ NSS_MODULE_OBJS = @NSS_MODULE_OBJS@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PAM_LDAP_SONAME = @PAM_LDAP_SONAME@ PAM_SECLIB_DIR = @PAM_SECLIB_DIR@ PATH_SEPARATOR = @PATH_SEPARATOR@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RELEASE_MONTH = @RELEASE_MONTH@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ nslcd_LIBS = @nslcd_LIBS@ nss_ldap_so_LDFLAGS = @nss_ldap_so_LDFLAGS@ nss_ldap_so_LINK = @nss_ldap_so_LINK@ oldincludedir = @oldincludedir@ pam_ldap_so_LDFLAGS = @pam_ldap_so_LDFLAGS@ pam_ldap_so_LINK = @pam_ldap_so_LINK@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ pynslcddir = $(datadir)/pynslcd pynslcd_PYTHON = pynslcd.py attmap.py cache.py cfg.py common.py expr.py \ mypidfile.py tio.py \ alias.py ether.py group.py host.py netgroup.py network.py \ pam.py passwd.py protocol.py rpc.py service.py shadow.py nodist_pynslcd_PYTHON = constants.py config.py CLEANFILES = $(nodist_pynslcd_PYTHON) all: all-am .SUFFIXES: $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu pynslcd/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu pynslcd/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): config.py: $(top_builddir)/config.status $(srcdir)/config.py.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ install-nodist_pynslcdPYTHON: $(nodist_pynslcd_PYTHON) @$(NORMAL_INSTALL) @list='$(nodist_pynslcd_PYTHON)'; dlist=; list2=; test -n "$(pynslcddir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(pynslcddir)'"; \ $(MKDIR_P) "$(DESTDIR)$(pynslcddir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then b=; else b="$(srcdir)/"; fi; \ if test -f $$b$$p; then \ $(am__strip_dir) \ dlist="$$dlist $$f"; \ list2="$$list2 $$b$$p"; \ else :; fi; \ done; \ for file in $$list2; do echo $$file; done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pynslcddir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(pynslcddir)" || exit $$?; \ done || exit $$?; \ if test -n "$$dlist"; then \ $(am__py_compile) --destdir "$(DESTDIR)" \ --basedir "$(pynslcddir)" $$dlist; \ else :; fi uninstall-nodist_pynslcdPYTHON: @$(NORMAL_UNINSTALL) @list='$(nodist_pynslcd_PYTHON)'; test -n "$(pynslcddir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ dir='$(DESTDIR)$(pynslcddir)'; \ filesc=`echo "$$files" | sed 's|$$|c|'`; \ fileso=`echo "$$files" | sed 's|$$|o|'`; \ st=0; \ for files in "$$files" "$$filesc" "$$fileso"; do \ $(am__uninstall_files_from_dir) || st=$$?; \ done; \ exit $$st install-pynslcdPYTHON: $(pynslcd_PYTHON) @$(NORMAL_INSTALL) @list='$(pynslcd_PYTHON)'; dlist=; list2=; test -n "$(pynslcddir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(pynslcddir)'"; \ $(MKDIR_P) "$(DESTDIR)$(pynslcddir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then b=; else b="$(srcdir)/"; fi; \ if test -f $$b$$p; then \ $(am__strip_dir) \ dlist="$$dlist $$f"; \ list2="$$list2 $$b$$p"; \ else :; fi; \ done; \ for file in $$list2; do echo $$file; done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pynslcddir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(pynslcddir)" || exit $$?; \ done || exit $$?; \ if test -n "$$dlist"; then \ $(am__py_compile) --destdir "$(DESTDIR)" \ --basedir "$(pynslcddir)" $$dlist; \ else :; fi uninstall-pynslcdPYTHON: @$(NORMAL_UNINSTALL) @list='$(pynslcd_PYTHON)'; test -n "$(pynslcddir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ dir='$(DESTDIR)$(pynslcddir)'; \ filesc=`echo "$$files" | sed 's|$$|c|'`; \ fileso=`echo "$$files" | sed 's|$$|o|'`; \ st=0; \ for files in "$$files" "$$filesc" "$$fileso"; do \ $(am__uninstall_files_from_dir) || st=$$?; \ done; \ exit $$st tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile all-local installdirs: for dir in "$(DESTDIR)$(pynslcddir)" "$(DESTDIR)$(pynslcddir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-local mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-nodist_pynslcdPYTHON install-pynslcdPYTHON @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-nodist_pynslcdPYTHON uninstall-pynslcdPYTHON .MAKE: install-am install-data-am install-strip .PHONY: all all-am all-local check check-am clean clean-generic \ clean-local distclean distclean-generic distdir dvi dvi-am \ html html-am info info-am install install-am install-data \ install-data-am install-data-hook install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man \ install-nodist_pynslcdPYTHON install-pdf install-pdf-am \ install-ps install-ps-am install-pynslcdPYTHON install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am uninstall uninstall-am \ uninstall-nodist_pynslcdPYTHON uninstall-pynslcdPYTHON all-local: $(nodist_pynslcd_PYTHON) # clean up locally created compiled Python files clean-local: rm -f *.pyc *.pyo # create a symbolic link for the pynslcd daemon and fix permissions install-data-hook: chmod a+rx $(DESTDIR)$(pynslcddir)/pynslcd.py $(MKDIR_P) $(DESTDIR)$(sbindir) [ -L $(DESTDIR)$(sbindir)/pynslcd ] || $(LN_S) $(pynslcddir)/pynslcd.py $(DESTDIR)$(sbindir)/pynslcd # generate constants module constants.py: $(top_srcdir)/nslcd.h Makefile ( echo "# This file is automatically generated from nslcd.h." ; \ echo "# See that file for details." ; \ echo "" ; \ sed -n 's| */\*.*\*/ *||;s/^.define *\(NSLCD_[A-Z_]*\) */\1 = /p' \ $(top_srcdir)/nslcd.h ) > $@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nss-pam-ldapd-0.8.13/pynslcd/Makefile.am0000644000175000001440000000357112036263200014670 00000000000000# Makefile.am - use automake to generate Makefile.in # # Copyright (C) 2010, 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA pynslcddir = $(datadir)/pynslcd pynslcd_PYTHON = pynslcd.py attmap.py cache.py cfg.py common.py expr.py \ mypidfile.py tio.py \ alias.py ether.py group.py host.py netgroup.py network.py \ pam.py passwd.py protocol.py rpc.py service.py shadow.py nodist_pynslcd_PYTHON = constants.py config.py CLEANFILES = $(nodist_pynslcd_PYTHON) all-local: $(nodist_pynslcd_PYTHON) # clean up locally created compiled Python files clean-local: rm -f *.pyc *.pyo # create a symbolic link for the pynslcd daemon and fix permissions install-data-hook: chmod a+rx $(DESTDIR)$(pynslcddir)/pynslcd.py $(MKDIR_P) $(DESTDIR)$(sbindir) [ -L $(DESTDIR)$(sbindir)/pynslcd ] || $(LN_S) $(pynslcddir)/pynslcd.py $(DESTDIR)$(sbindir)/pynslcd # generate constants module constants.py: $(top_srcdir)/nslcd.h Makefile ( echo "# This file is automatically generated from nslcd.h." ; \ echo "# See that file for details." ; \ echo "" ; \ sed -n 's| */\*.*\*/ *||;s/^.define *\(NSLCD_[A-Z_]*\) */\1 = /p' \ $(top_srcdir)/nslcd.h ) > $@ nss-pam-ldapd-0.8.13/pynslcd/config.py.in0000644000175000001440000000324511676720425015076 00000000000000 # config.py.in - configured information, this file is processed by the # configure script to produce config.py # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA # Name of package PACKAGE = '''@PACKAGE@''' # Define to the address where bug reports for this package should be sent. PACKAGE_BUGREPORT = '''@PACKAGE_BUGREPORT@''' # Define to the full name of this package. PACKAGE_NAME = '''@PACKAGE_NAME@''' # Define to the full name and version of this package. PACKAGE_STRING = '''@PACKAGE_STRING@''' # Define to the home page for this package. PACKAGE_URL = '''@PACKAGE_URL@''' # Version number of package VERSION = '''@VERSION@''' # Path to nslcd configuration file. NSLCD_CONF_PATH = '''@NSLCD_CONF_PATH@''' # The location of the pidfile used for checking availability of the nslcd. NSLCD_PIDFILE = '''@NSLCD_PIDFILE@''' # The location of the socket used for communicating. NSLCD_SOCKET = '''@NSLCD_SOCKET@''' # The SONAME of the NSS library module. NSS_LDAP_SONAME = '''@NSS_LDAP_SONAME@''' nss-pam-ldapd-0.8.13/pynslcd/group.py0000644000175000001440000001162011711261040014333 00000000000000 # group.py - group entry lookup routines # # Copyright (C) 2010, 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import itertools import logging from passwd import dn2uid, uid2dn import cache import common import constants def clean(lst): if lst: for i in lst: yield i.replace('\0', '') attmap = common.Attributes(cn='cn', userPassword='"*"', gidNumber='gidNumber', memberUid='memberUid', member='member') filter = '(objectClass=posixGroup)' class Search(common.Search): case_sensitive = ('cn', ) limit_attributes = ('cn', 'gidNumber') def __init__(self, *args, **kwargs): super(Search, self).__init__(*args, **kwargs) if 'memberUid' in self.parameters: # set up our own attributes that leave out membership attributes self.attributes = list(self.attributes) self.attributes.remove(attmap['memberUid']) self.attributes.remove(attmap['member']) def mk_filter(self): # we still need a custom mk_filter because this is an | query if attmap['member'] and 'memberUid' in self.parameters: memberuid = self.parameters['memberUid'] dn = uid2dn(self.conn, memberuid) if dn: return '(&%s(|(%s=%s)(%s=%s)))' % (self.filter, attmap['memberUid'], self.escape(memberuid), attmap['member'], self.escape(dn)) return super(Search, self).mk_filter() class Cache(cache.Cache): retrieve_sql = ''' SELECT `cn`, `userPassword`, `gidNumber`, `memberUid` FROM `group_cache` LEFT JOIN `group_3_cache` ON `group_3_cache`.`group` = `group_cache`.`cn` ''' def retrieve(self, parameters): query = cache.Query(self.retrieve_sql, parameters) # return results returning the members as a set q = itertools.groupby(query.execute(self.con), key=lambda x: (x['cn'], x['userPassword'], x['gidNumber'])) for k, v in q: yield k + (set(x['memberUid'] for x in v if x['memberUid'] is not None), ) class GroupRequest(common.Request): def write(self, name, passwd, gid, members): self.fp.write_string(name) self.fp.write_string(passwd) self.fp.write_gid_t(gid) self.fp.write_stringlist(members) def convert(self, dn, attributes, parameters): # get group names and check against requested group name names = attributes['cn'] # get group group password passwd = attributes['userPassword'][0] # get group id(s) gids = [int(x) for x in attributes['gidNumber']] # build member list members = set() # add the memberUid values for member in clean(attributes['memberUid']): if common.isvalidname(member): members.add(member) # translate and add the member values for memberdn in clean(attributes['member']): member = dn2uid(self.conn, memberdn) if member and common.isvalidname(member): members.add(member) # actually return the results for name in names: if not common.isvalidname(name): logging.warning('%s: %s: denied by validnames option', dn, attmap['cn']) else: for gid in gids: yield (name, passwd, gid, members) class GroupByNameRequest(GroupRequest): action = constants.NSLCD_ACTION_GROUP_BYNAME def read_parameters(self, fp): name = fp.read_string() common.validate_name(name) return dict(cn=name) class GroupByGidRequest(GroupRequest): action = constants.NSLCD_ACTION_GROUP_BYGID def read_parameters(self, fp): return dict(gidNumber=fp.read_gid_t()) class GroupByMemberRequest(GroupRequest): action = constants.NSLCD_ACTION_GROUP_BYMEMBER def read_parameters(self, fp): memberuid = fp.read_string() common.validate_name(memberuid) return dict(memberUid=memberuid) class GroupAllRequest(GroupRequest): action = constants.NSLCD_ACTION_GROUP_ALL nss-pam-ldapd-0.8.13/pynslcd/host.py0000644000175000001440000000525311711261041014162 00000000000000 # host.py - lookup functions for host names and addresses # # Copyright (C) 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import cache import common import constants attmap = common.Attributes(cn='cn', ipHostNumber='ipHostNumber') filter = '(objectClass=ipHost)' class Search(common.Search): canonical_first = ('cn', ) required = ('cn', ) class HostQuery(cache.CnAliasedQuery): sql = ''' SELECT `host_cache`.`cn` AS `cn`, `host_1_cache`.`cn` AS `alias`, `host_2_cache`.`ipHostNumber` AS `ipHostNumber` FROM `host_cache` LEFT JOIN `host_1_cache` ON `host_1_cache`.`host` = `host_cache`.`cn` LEFT JOIN `host_2_cache` ON `host_2_cache`.`host` = `host_cache`.`cn` ''' def __init__(self, parameters): super(HostQuery, self).__init__('host', parameters) class Cache(cache.Cache): def retrieve(self, parameters): query = HostQuery(parameters) for row in cache.RowGrouper(query.execute(self.con), ('cn', ), ('alias', 'ipHostNumber', )): yield row['cn'], row['alias'], row['ipHostNumber'] class HostRequest(common.Request): def write(self, hostname, aliases, addresses): self.fp.write_string(hostname) self.fp.write_stringlist(aliases) self.fp.write_int32(len(addresses)) for address in addresses: self.fp.write_address(address) def convert(self, dn, attributes, parameters): hostnames = attributes['cn'] yield (hostnames[0], hostnames[1:], attributes['ipHostNumber']) class HostByNameRequest(HostRequest): action = constants.NSLCD_ACTION_HOST_BYNAME def read_parameters(self, fp): return dict(cn=fp.read_string()) class HostByAddressRequest(HostRequest): action = constants.NSLCD_ACTION_HOST_BYADDR def read_parameters(self, fp): return dict(ipHostNumber=fp.read_address()) class HostAllRequest(HostRequest): action = constants.NSLCD_ACTION_HOST_ALL nss-pam-ldapd-0.8.13/configure.ac0000644000175000001440000006643312141445252013462 00000000000000# configure.ac - process this file with autoconf to produce configure # # Copyright (C) 2006 Luke Howard # Copyright (C) 2006 West Consulting # Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA AC_PREREQ(2.61) AC_COPYRIGHT( [Copyright (C) 2006 Luke Howard Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong This configure script is derived from configure.ac which is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. See the configure.ac file for more details.]) # initialize and set version and bugreport address AC_INIT([nss-pam-ldapd], [0.8.13], [nss-pam-ldapd-users@lists.arthurdejong.org],, [http://arthurdejong.org/nss-pam-ldapd/]) RELEASE_MONTH="May 2013" AC_SUBST(RELEASE_MONTH) AC_CONFIG_SRCDIR([nslcd.h]) # some initialisation AC_CANONICAL_TARGET AC_PREFIX_DEFAULT() AC_CONFIG_LIBOBJ_DIR([compat]) # display notice and initialize automake AC_MSG_NOTICE([configuring AC_PACKAGE_TARNAME AC_PACKAGE_VERSION]) AM_INIT_AUTOMAKE(AC_PACKAGE_TARNAME,AC_PACKAGE_VERSION) # create a config.h file (Automake will add -DHAVE_CONFIG_H) AC_CONFIG_HEADERS([config.h]) # check for programs AC_PROG_CC AC_PROG_CPP AC_PROG_INSTALL AC_PROG_RANLIB AM_PROG_CC_C_O AC_USE_SYSTEM_EXTENSIONS AC_PROG_LN_S # checks for tool to convert docbook to man AC_PATH_PROGS(DOCBOOK2X_MAN, docbook2x-man) if test "x${DOCBOOK2X_MAN}" = x then AC_MSG_WARN([docbook2x-man not found: not generating man pages]) fi AM_CONDITIONAL([GENMAN], [test "x${DOCBOOK2X_MAN}" != x]) # check for debugging options AC_ARG_ENABLE(debug, AS_HELP_STRING([--enable-debug], [enable extensive debugging and logging]), [if test "x$enableval" != "xno" ; then CFLAGS="-g -DDEBUG $CFLAGS" ; fi]) DESIRED_CFLAGS="" # check for extra compiler warnings AC_ARG_ENABLE(warnings, AS_HELP_STRING([--enable-warnings], [enable extra compiler warnings (gcc)]), [if test "x$enableval" != "no" then CFLAGS="$CFLAGS -pedantic -Wall -Wshadow -Wpointer-arith -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Waggregate-return -Wmissing-declarations -Wunused -Wformat=2 -Wswitch-default -Wswitch-enum -Wfloat-equal -Wbad-function-cast -Wredundant-decls" DESIRED_CFLAGS="$DESIRED_CFLAGS -Wextra -Wdeclaration-after-statement -Werror-implicit-function-declaration" fi]) test_gcc_flag() { AC_LANG_CONFTEST([AC_LANG_PROGRAM([int main() {}])]) $CC -c conftest.c $CFLAGS $@ > /dev/null 2> /dev/null ret=$? rm -f conftest.o return $ret } for flag in $DESIRED_CFLAGS do AC_MSG_CHECKING([whether $CC accepts $flag]) if test_gcc_flag $flag then CFLAGS="$CFLAGS $flag" AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) fi done # add --disable-maintainer-mode option AM_MAINTAINER_MODE([enable]) # check whether the NSS module should be built AC_MSG_CHECKING([whether to build the NSS module]) AC_ARG_ENABLE(nss, AS_HELP_STRING([--disable-nss], [build the NSS module [[default=enabled]]]),, [enable_nss="yes"]) AC_MSG_RESULT($enable_nss) AM_CONDITIONAL([ENABLE_NSS], [test "x$enable_nss" = "xyes"]) # check whether the PAM module should be built AC_MSG_CHECKING([whether to build the PAM module]) AC_ARG_ENABLE(pam, AS_HELP_STRING([--disable-pam], [build the PAM module [[default=enabled]]]),, [enable_pam="yes"]) AC_MSG_RESULT($enable_pam) AM_CONDITIONAL([ENABLE_PAM], [test "x$enable_pam" = "xyes"]) # check whether the nslcd daemon should be built AC_MSG_CHECKING([whether to build the nslcd daemon]) AC_ARG_ENABLE(nslcd, AS_HELP_STRING([--disable-nslcd], [build the nslcd daemon [[default=enabled]]]),, [enable_nslcd="yes"]) AC_MSG_RESULT($enable_nslcd) AM_CONDITIONAL([ENABLE_NSLCD], [test "x$enable_nslcd" = "xyes"]) # check whether the Python version of the nslcd daemon should be built AC_MSG_CHECKING([whether to build the pynslcd daemon]) AC_ARG_ENABLE(pynslcd, AS_HELP_STRING([--enable-pynslcd], [build the pynslcd daemon [[default=disabled]]]),, [enable_pynslcd="no"]) AC_MSG_RESULT($enable_pynslcd) AM_CONDITIONAL([ENABLE_PYNSLCD], [test "x$enable_pynslcd" = "xyes"]) if test "x$enable_pynslcd" = "xyes" then AC_MSG_WARN([the pynslcd daemon is experimental]) fi # check whether SASL support should be enabled AC_MSG_CHECKING([whether to enable SASL support]) AC_ARG_ENABLE(sasl, AS_HELP_STRING([--disable-sasl], [disable SASL support [[default=enabled]]]), [enable_sasl=$enableval], [enable_sasl="yes"]) AC_MSG_RESULT($enable_sasl) # check whether Kerberos support should be enabled AC_MSG_CHECKING([whether to enable Kerberos support]) AC_ARG_ENABLE(kerberos, AS_HELP_STRING([--disable-kerberos], [disable Kerberos support [[default=enabled]]]), [enable_kerberos=$enableval], [enable_kerberos="yes"]) AC_MSG_RESULT($enable_kerberos) # check whether configfile options should be checked AC_MSG_CHECKING([whether to check configfile options]) AC_ARG_ENABLE(configfile_checking, AS_HELP_STRING([--disable-configfile-checking], [check configfile options [[default=enabled]]]), [configfile_checking=$enableval], [configfile_checking="yes"]) AC_MSG_RESULT($configfile_checking) if test "x$configfile_checking" = "xyes" then AC_DEFINE(ENABLE_CONFIGFILE_CHECKING,1,[Whether to check configfile options.]) fi # check the name of the configuration file AC_ARG_WITH(ldap-conf-file, AS_HELP_STRING([--with-ldap-conf-file=PATH], [path to nslcd configuration file @<:@/etc/nslcd.conf@:>@]), [ NSLCD_CONF_PATH="$with_ldap_conf_file" ], [ NSLCD_CONF_PATH="/etc/nslcd.conf" ]) AC_DEFINE_UNQUOTED(NSLCD_CONF_PATH,"$NSLCD_CONF_PATH",[Path to nslcd configuration file.]) AC_SUBST(NSLCD_CONF_PATH) # check the name of the file with a bindpw value AC_ARG_WITH(bindpw-file, AS_HELP_STRING([--with-bindpw-file=PATH], [path to file with value for bindpw @<:@disabled@:>@]), [ NSLCD_BINDPW_PATH="$with_bindpw_file" AC_DEFINE_UNQUOTED(NSLCD_BINDPW_PATH,"$NSLCD_BINDPW_PATH",[Path to bindpw value.]) AC_SUBST(NSLCD_BINDPW_PATH) ]) # where should the pidfile be written AC_ARG_WITH(nslcd-pidfile, AS_HELP_STRING([--with-nslcd-pidfile=PATH], [path to pidfile @<:@/var/run/nslcd/nslcd.pid@:>@]), [ NSLCD_PIDFILE="$with_nslcd_pidfile" ], [ NSLCD_PIDFILE="/var/run/nslcd/nslcd.pid" ]) AC_DEFINE_UNQUOTED(NSLCD_PIDFILE,"$NSLCD_PIDFILE",[The location of the pidfile used for checking availability of the nslcd.]) AC_SUBST(NSLCD_PIDFILE) # where is the socket used for communication AC_ARG_WITH(nslcd-socket, AS_HELP_STRING([--with-nslcd-socket=PATH], [path to socket @<:@/var/run/nslcd/socket@:>@]), [ NSLCD_SOCKET="$with_nslcd_socket" ], [ NSLCD_SOCKET="/var/run/nslcd/socket" ]) AC_DEFINE_UNQUOTED(NSLCD_SOCKET,"$NSLCD_SOCKET",[The location of the socket used for communicating.]) AC_SUBST(NSLCD_SOCKET) # the directory PAM librabries are expected to be placed into AC_MSG_CHECKING([location for PAM module]) AC_ARG_WITH(pam-seclib-dir, AS_HELP_STRING([--with-pam-seclib-dir=PAM_SECLIB_DIR], [path to PAM security library @<:@auto@:>@]), [ PAM_SECLIB_DIR="$with_pam_seclib_dir" ], [ PAM_SECLIB_DIR="auto" ]) if test "x$PAM_SECLIB_DIR" = "xauto" then case "$target_os" in solaris*) PAM_SECLIB_DIR="/usr/lib/security" ;; freebsd*) PAM_SECLIB_DIR="/usr/lib" ;; *) PAM_SECLIB_DIR="/lib/security" ;; esac fi AC_MSG_RESULT($PAM_SECLIB_DIR) AC_DEFINE_UNQUOTED(PAM_SECLIB_DIR,"$PAM_SECLIB_DIR",[path to PAM security library]) AC_SUBST(PAM_SECLIB_DIR) # the SONAME to use for the NSS module AC_MSG_CHECKING([name of NSS module]) AC_ARG_WITH(nss-ldap-soname, AS_HELP_STRING([--with-nss-ldap-soname=SONAME], [name of NSS module @<:@auto@:>@]), [ NSS_LDAP_SONAME="$with_nss_ldap_soname" ], [ NSS_LDAP_SONAME="auto" ]) if test "x$NSS_LDAP_SONAME" = "xauto" then case "$target_os" in solaris*) NSS_LDAP_SONAME="nss_ldap.so.1" ;; freebsd*) NSS_LDAP_SONAME="nss_ldap.so.1" ;; *) NSS_LDAP_SONAME="libnss_ldap.so.2" ;; esac fi AC_MSG_RESULT($NSS_LDAP_SONAME) AC_DEFINE_UNQUOTED(NSS_LDAP_SONAME,"$NSS_LDAP_SONAME",[The SONAME of the NSS library module.]) AC_SUBST(NSS_LDAP_SONAME) # the SONAME to use for the PAM module AC_MSG_CHECKING([name of PAM module]) AC_ARG_WITH(pam-ldap-soname, AS_HELP_STRING([--with-pam-ldap-soname=SONAME], [name of PAM module @<:@auto@:>@]), [ PAM_LDAP_SONAME="$with_pam_ldap_soname" ], [ PAM_LDAP_SONAME="auto" ]) if test "x$PAM_LDAP_SONAME" = "xauto" then case "$target_os" in solaris*) PAM_LDAP_SONAME="pam_ldap.so.1" ;; *) PAM_LDAP_SONAME="pam_ldap.so" ;; esac fi AC_MSG_RESULT($PAM_LDAP_SONAME) AC_SUBST(PAM_LDAP_SONAME) # check which modules should be build AC_ARG_WITH(nss-maps, AS_HELP_STRING([--with-nss-maps=MAP LIST], [comma separated list of NSS maps to build @<:@all@:>@]), ,[ with_nss_maps="all" ]) # checks for availability of header files AC_CHECK_HEADERS([ctype.h strings.h pthread.h pthread_np.h fcntl.h limits.h]) AC_CHECK_HEADERS([nss.h nss_common.h grp.h shadow.h aliases.h netdb.h rpc/rpcent.h]) AC_CHECK_HEADERS([netinet/ether.h arpa/inet.h netinet/in.h]) AC_CHECK_HEADERS([nsswitch.h nss_dbdefs.h]) AC_CHECK_HEADERS([sys/socket.h sys/un.h sys/ucred.h ucred.h sys/param.h sys/time.h]) AC_CHECK_HEADERS([getopt.h syslog.h stddef.h]) # other general checks AC_C_INLINE AC_C_CONST # checks for availability of common functions AC_CHECK_FUNCS([sigaction snprintf]) AC_SEARCH_LIBS(socket,socket) AC_CHECK_FUNCS([strcasecmp strncasecmp strchr strcspn strspn strtol strtoul strtoull strndup]) AC_CHECK_FUNCS([malloc realloc atexit]) AC_FUNC_FORK AC_CHECK_FUNCS(__assert_fail) # checks for types AC_TYPE_MODE_T AC_TYPE_SIZE_T AC_TYPE_UID_T AC_TYPE_PID_T AC_TYPE_INT32_T AC_TYPE_UINT8_T AC_TYPE_UINT16_T AC_TYPE_UINT32_T AC_CHECK_SIZEOF(unsigned int) AC_CHECK_SIZEOF(unsigned long int) AC_CHECK_SIZEOF(unsigned long long int) AC_CHECK_SIZEOF(uid_t) AC_CHECK_SIZEOF(gid_t) # check for support for the __thread keyword AC_CACHE_CHECK([whether $CC supports '__thread'], [mn_cv_c___thread_supported], [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[static __thread i;]], [])], [mn_cv_c___thread_supported=yes], [mn_cv_c___thread_supported=no])]) if test $mn_cv_c___thread_supported != yes then AC_MSG_WARN([$CC does not support '__thread' keyword]) AC_DEFINE(__thread,,[Define to empty if compiler does not support `__thread' keyword.]) fi # check for support for the struct ether_addr structure AC_CHECK_TYPES(struct ether_addr,,,[ #include #include #include #include #include #ifdef HAVE_NETINET_ETHER_H #include #endif]) # check for ether_aton and ether_ntoa functions AC_CHECK_FUNCS(ether_aton ether_ntoa ether_aton_r ether_ntoa_r) AC_CHECK_DECLS([ether_aton,ether_ntoa],,,[ #include #include #include #include #include #ifdef HAVE_NETINET_ETHER_H #include #endif]) # check to see if socklen_t is defined AC_CHECK_TYPE(socklen_t,, AC_DEFINE(socklen_t,size_t,[Define to `size_t' if not defined elswhere.]),[ #include #include ]) # NSS module-specific tests if test "x$enable_nss" = "xyes" then # save CFLAGS and LIBS to restore later nss_save_CFLAGS="$CFLAGS" nss_save_LIBS="$LIBS" # check for a definition of struct aliasent AC_CHECK_TYPES(struct aliasent,,,[ #ifdef HAVE_ALIASES_H #include #endif]) # check for a definition of struct etherent AC_CHECK_TYPES(struct etherent,,,[ #include #include #include #include #ifdef HAVE_NETINET_ETHER_H #include #endif]) # check if struct passwd has a pw_class member AC_CHECK_MEMBERS([struct passwd.pw_class],,,[ #include ]) # check for a definition of struct rpcent AC_CHECK_TYPES(struct rpcent,,,[ #include #ifdef HAVE_RPC_RPCENT_H #include #endif]) # check for a definition of struct spwd AC_CHECK_TYPES(struct spwd,,,[ #ifdef HAVE_NSS_H #include #endif #ifdef HAVE_NSS_COMMON_H #include #endif #include #ifdef HAVE_SHADOW_H #include #endif]) # check for a definition of enum nss_status and nss_backend_t AC_CHECK_TYPES([enum nss_status,nss_backend_t],,,[ #ifdef HAVE_NSS_H #include #endif #ifdef HAVE_NSS_COMMON_H #include #endif #ifdef HAVE_NSS_DBDEFS_H #include #endif #ifdef HAVE_NSSWITCH_H #include #endif #ifdef HAVE_IRS_NSS_H #include "irs-nss.h" #endif]) # check if struct nss_XbyY_args has a returnlen attribute AC_CHECK_MEMBERS([struct nss_XbyY_args.returnlen],,,[[ #ifdef HAVE_NSS_H #include #endif #ifdef HAVE_NSS_COMMON_H #include #endif #ifdef HAVE_NSS_DBDEFS_H #include #endif #ifdef HAVE_NSSWITCH_H #include #endif #ifdef HAVE_IRS_NSS_H #include "irs-nss.h" #endif]]) # check which NSS flavour to build AC_MSG_CHECKING([which NSS flavour to build]) AC_ARG_WITH(nss-flavour, AS_HELP_STRING([--with-nss-flavour=auto|glibc|solaris|freebsd], [the libc flavour to build our NSS module for @<:@auto@:>@]),, with_nss_flavour=auto) if test "x$with_nss_flavour" = "xauto" then # do the guessing game case "$target_os" in solaris*) with_nss_flavour=solaris ;; freebsd*) with_nss_flavour=freebsd ;; *) with_nss_flavour=glibc ;; esac fi AC_MSG_RESULT($with_nss_flavour) case "$with_nss_flavour" in glibc) AC_DEFINE(NSS_FLAVOUR_GLIBC,1,[Whether to use the Glibc NSS interface flavour.]) ;; solaris) AC_DEFINE(NSS_FLAVOUR_SOLARIS,1,[Whether to use the Solaris NSS interface flavour.]) ;; freebsd) AC_DEFINE(NSS_FLAVOUR_FREEBSD,1,[Whether to use the FreeBSD NSS interface flavour.]) ;; esac # check which module source files to use AC_MSG_CHECKING([which NSS maps to build]) if test "x$with_nss_maps" = "xall" then case "$with_nss_flavour" in glibc) with_nss_maps="aliases,ethers,group,hosts,netgroup,networks,passwd,protocols,rpc,services,shadow" ;; solaris) with_nss_maps="ethers,group,hosts,netgroup,networks,passwd,protocols,rpc,services,shadow" ;; freebsd) with_nss_maps="group,hosts,passwd" ;; esac fi AC_MSG_RESULT($with_nss_maps) NSS_MODULE_OBJS="$(echo "$with_nss_maps " | sed 's/,/ /g;s/ */.$(OBJEXT) /g')" AC_SUBST(NSS_MODULE_OBJS) # find out how to link the library nss_ldap_so_LINK="\$(CCLD) \$(AM_CFLAGS) \$(CFLAGS) \$(nss_ldap_so_LDFLAGS) \$(LDFLAGS) -o \$@" case "$target_os" in solaris*) if test "x$GCC" = xyes then nss_ldap_so_LINK="/usr/ccs/bin/ld -Bdirect -z nodelete -Bdynamic -M \$(srcdir)/exports.solaris -G -o \$@" else nss_ldap_so_LDFLAGS="-Wl,-Bdirect -Wl,-z,nodelete -Wl,-Bdynamic -Wl,-M,\$(srcdir)/exports.solaris -Wl,-G" fi ;; *) nss_ldap_so_LDFLAGS="-shared -Wl,-h,\$(NSS_LDAP_SONAME) -Wl,--version-script,\$(srcdir)/exports.$with_nss_flavour" ;; esac AC_SUBST(nss_ldap_so_LDFLAGS) AC_SUBST(nss_ldap_so_LINK) # restore CFLAGS and LIBS CFLAGS="$nss_save_CFLAGS" LIBS="$nss_save_LIBS" fi # PAM module-specific tests if test "x$enable_pam" = "xyes" then # save CFLAGS and LIBS to restore later pam_save_CFLAGS="$CFLAGS" pam_save_LIBS="$LIBS" # check for headers AC_CHECK_HEADERS(security/pam_appl.h) AC_CHECK_HEADERS(security/pam_modules.h,,,[ #ifdef HAVE_SECURITY_PAM_APPL_H #include #endif ]) AC_CHECK_HEADERS(pam/pam_modules.h) AC_CHECK_HEADERS(security/pam_ext.h) AC_CHECK_HEADERS(security/pam_modutil.h) # at least one of security/pam_modules.h or pam/pam_modules.h is required if test "x$ac_cv_header_security_pam_modules_h" != "xyes" && \ test "x$ac_cv_header_pam_pam_modules_h" != "xyes" then AC_MSG_ERROR(PAM header files are missing) fi # find pam library AC_SEARCH_LIBS(pam_get_data,pam,,AC_MSG_ERROR(no PAM library available)) # replace some PAM functions if they are unavailable AC_REPLACE_FUNCS(pam_get_authtok pam_prompt) AC_CHECK_FUNCS(pam_modutil_getpwnam pam_syslog) # find out how to link the library pam_ldap_so_LINK="\$(CCLD) \$(AM_CFLAGS) \$(CFLAGS) \$(pam_ldap_so_LDFLAGS) \$(LDFLAGS) -o \$@" case "$target_os" in solaris*) if test "x$GCC" = xyes then pam_ldap_so_LINK="/usr/ccs/bin/ld -Bdirect -z nodelete -Bdynamic -M \$(srcdir)/pam_ldap.map -G -o \$@" else pam_ldap_so_LDFLAGS="-shared -Wl,-Bdirect -Wl,-z,nodelete -Wl,-Bdynamic -Wl,-M,\$(srcdir)/pam_ldap.map -Wl,-G" fi ;; *) pam_ldap_so_LDFLAGS="-shared -Wl,--version-script,\$(srcdir)/pam_ldap.map" ;; esac AC_SUBST(pam_ldap_so_LDFLAGS) AC_SUBST(pam_ldap_so_LINK) # restore CFLAGS and LIBS CFLAGS="$pam_save_CFLAGS" LIBS="$pam_save_LIBS" fi # nslcd daemon-specific tests if test "x$enable_nslcd" = "xyes" then # save CFLAGS and LIBS to restore later nslcd_save_CFLAGS="$CFLAGS" nslcd_save_LIBS="$LIBS" # check header files AC_CHECK_HEADERS(lber.h) AC_CHECK_HEADERS(ldap.h,, test "x$enable_nslcd" = "xyes" && AC_MSG_ERROR([could not locate ]),[ #if HAVE_LBER_H #include #endif ]) AC_CHECK_HEADERS(ldap_ssl.h) AC_CHECK_HEADERS(gssldap.h) if test "x$enable_sasl" = "xyes" then AC_CHECK_HEADERS(sasl.h sasl/sasl.h) AC_CHECK_HEADERS(gsssasl.h) fi if test "x$enable_kerberos" = "xyes" then AC_CHECK_HEADERS(gssapi/gssapi.h gssapi/gssapi_generic.h gssapi/gssapi_krb5.h gssapi.h) fi AC_CHECK_HEADERS(regex.h) # checks for availability of system libraries for nslcd AC_SEARCH_LIBS(gethostbyname,nsl socket) AC_SEARCH_LIBS(hstrerror,resolv) AC_SEARCH_LIBS(dlopen,dl) # check for availability of functions AC_CHECK_FUNCS(initgroups setgroups) AC_CHECK_FUNCS(getpeereid) AC_CHECK_FUNCS(getpeerucred) AC_CHECK_FUNCS(__nss_configure_lookup) AC_CHECK_FUNCS(getenv putenv clearenv) AC_CHECK_FUNCS(dlopen dlsym dlerror) AC_CHECK_FUNCS(regcomp regexec regerror) # replace some functions if they are not on the system AC_REPLACE_FUNCS(getopt_long) AC_REPLACE_FUNCS(strndup) # replace daemon() function if it is not on the system AC_SEARCH_LIBS(daemon,bsd) AC_REPLACE_FUNCS(daemon) AC_CHECK_DECLS([daemon],,,[ #include #include ]) # replace ether_aton_r() and ether_ntoa_r() if they are not found AC_CHECK_FUNCS(ether_aton_r ether_ntoa_r,,[AC_LIBOBJ(ether)]) # check to see if struct sockaddr_storage is defined AC_CHECK_TYPE(struct sockaddr_storage,, AC_DEFINE(sockaddr_storage,sockaddr_in,[Define to `sockaddr_in' if not defined elsewhere.]),[ #include #include ]) # check for support for the struct ucred structure AC_CHECK_TYPE(struct ucred, AC_DEFINE(HAVE_STRUCT_UCRED,1,[Define to 1 if you have a `struct ucred' definition.]),,[ #include #include #include ]) # check threading stuff AX_PTHREAD(,AC_MSG_ERROR([no support for pthreads])) pthread_save_CFLAGS="$CFLAGS" pthread_save_LIBS="$LIBS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" LIBS="$LIBS $PTHREAD_LIBS" AC_CHECK_FUNCS([pthread_mutex_lock pthread_join pthread_timedjoin_np]) CFLAGS="$pthread_save_CFLAGS" LIBS="$pthread_save_LIBS" # also use deprecated LDAP functions AC_DEFINE(LDAP_DEPRECATED, 1, Define to activate deprecated features in OpenLDAP) # for compatibility on Solaris AC_DEFINE(LDAP_REFERRALS, 1, Define to get some functions on Solaris) # search for an LDAP library (only OpenLDAP is tested) AC_ARG_WITH(ldap-lib, AS_HELP_STRING([--with-ldap-lib=TYPE], [select ldap library (auto|netscape5|netscape4|netscape3|umich|openldap) @<:@auto@:>@])) if test -z "$with_ldap_lib" then with_ldap_lib=auto fi if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = umich -o $with_ldap_lib = openldap \) then AC_SEARCH_LIBS(ldap_search_ext,[ldap_r ldap],found_ldap_lib=yes,,) fi if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape5 \) then AC_CHECK_LIB(ldap50, main, LIBS="-lldap50 -lssldap50 -lssl3 -lnss3 -lnspr4 -lprldap50 -lplc4 -lplds4 $LIBS" found_ldap_lib=yes,, -lpthread) fi if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape4 \) then AC_CHECK_LIB(ldapssl41, main, LIBS="-lldapssl41 -lplc3 -lplds3 -lnspr3 $LIBS" found_ldap_lib=yes,, -lpthread) if test -z "$found_ldap_lib" then AC_CHECK_LIB(ldapssl40, main, LIBS="-lldapssl40 $LIBS" found_ldap_lib=yes,, -lpthread) fi if test -z "$found_ldap_lib" then AC_CHECK_LIB(ldap41, main, LIBS="-lldap41 $LIBS" found_ldap_lib=yes,,) fi if test -z "$found_ldap_lib" then AC_CHECK_LIB(ldap40, main, LIBS="-lldap40 $LIBS" found_ldap_lib=yes,,) fi fi if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape3 \) then AC_CHECK_LIB(ldapssl30, main, LIBS="-lldapssl30 $LIBS" found_ldap_lib=yes,, -lpthread) fi AC_CHECK_FUNCS(ldap_search_ext,,AC_MSG_ERROR([could not locate a valid LDAP library])) # see if we need a BER library AC_SEARCH_LIBS(ber_bvfree,lber) # check for extra SASL libraries if test "$enable_sasl" = "yes" then AC_CHECK_TYPE(sasl_interact_t, AC_DEFINE(HAVE_SASL_INTERACT_T,1,[Define to 1 if you have a `sasl_interact_t' definition.]),,[ #ifdef HAVE_SASL_SASL_H #include #elif defined(HAVE_SASL_H) #include #endif]) AC_SEARCH_LIBS(ldap_sasl_interactive_bind_s,sasl2) AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s) fi # check for extra Kerberos libraries if test "$enable_kerberos" = "yes" then AC_SEARCH_LIBS(gss_krb5_ccache_name,gssapi gssapi_krb5) AC_CHECK_FUNCS(gss_krb5_ccache_name) fi # check for ldap function availability AC_CHECK_FUNCS(ldap_parse_result ldap_memfree ldap_controls_free ldap_control_free) AC_CHECK_FUNCS(ldap_explode_dn ldap_explode_rdn ldap_set_option ldap_get_option) AC_CHECK_FUNCS(ldap_abandon ldap_simple_bind_s ldap_unbind ldap_set_rebind_proc) AC_CHECK_FUNCS(ldap_initialize ldap_search_ext ldap_start_tls_s) AC_CHECK_FUNCS(ldap_create_control ldap_extended_operation_s) AC_CHECK_FUNCS(ldap_domain2hostlist ldap_domain2dn) AC_CHECK_FUNCS(ldap_get_values ldap_get_values_len ldap_value_free ldap_value_free_len) AC_CHECK_FUNCS(ldap_get_dn ldap_explode_dn ldap_count_values_len) AC_CHECK_FUNCS(ldap_err2string ldap_msgfree ldap_result) AC_CHECK_FUNCS(ber_bvfree ber_free ber_set_option ldap_modify_ext_s) AC_CHECK_FUNCS(ldap_first_attribute ldap_next_attribute) # replace ldap_create_page_control() and ldap_parse_page_control() AC_CHECK_FUNCS(ldap_create_page_control ldap_parse_page_control,,[AC_LIBOBJ(pagectrl)]) AC_CHECK_DECLS(ldap_extended_operation_s,,,[ #if HAVE_LBER_H #include #endif #include ]) # replace other ldap functions AC_REPLACE_FUNCS(ldap_passwd_s) AC_REPLACE_FUNCS(ldap_initialize) # check the number of arguments that ldap_set_rebind_proc() uses AC_CACHE_CHECK( [number of arguments to ldap_set_rebind_proc], nss_ldapd_cv_ldap_set_rebind_proc_args, [AC_COMPILE_IFELSE( [AC_LANG_PROGRAM([[ #include #include ]],[[ ldap_set_rebind_proc(0,0,0); ]])], [nss_ldapd_cv_ldap_set_rebind_proc_args=3], [nss_ldapd_cv_ldap_set_rebind_proc_args=2]) ]) AC_DEFINE_UNQUOTED(LDAP_SET_REBIND_PROC_ARGS,$nss_ldapd_cv_ldap_set_rebind_proc_args, [Define to the number of arguments to ldap_set_rebindproc.]) # check the return type of ldap_set_rebind_proc() AC_CACHE_CHECK( [return type of ldap_set_rebind_proc], nss_ldapd_cv_ldap_set_rebind_proc_type, [AC_COMPILE_IFELSE( [AC_LANG_PROGRAM([[ #include #include ]],[[ #if LDAP_SET_REBIND_PROC_ARGS == 3 return ldap_set_rebind_proc(0,0,0); #else return ldap_set_rebind_proc(0,0); #endif ]])], [nss_ldapd_cv_ldap_set_rebind_proc_type=int], [nss_ldapd_cv_ldap_set_rebind_proc_type=void]) ]) if test "x$nss_ldapd_cv_ldap_set_rebind_proc_type" = "xvoid" then AC_DEFINE(LDAP_SET_REBIND_PROC_RETURNS_VOID,1, [Define to 1 if ldap_set_rebind_proc() returns void.]) fi # save nslcd LIBS and CFLAGS and restore originals nslcd_CFLAGS="$CFLAGS" nslcd_LIBS="$LIBS" CFLAGS="$nslcd_save_CFLAGS" LIBS="$nslcd_save_LIBS" AC_SUBST(nslcd_LIBS) fi # pynslcd daemon-specific tests if test "x$enable_pynslcd" = "xyes" then # check Python interpreter AM_PATH_PYTHON(2.5) fi AM_CONDITIONAL([NSS_FLAVOUR_GLIBC], [test "x${with_nss_flavour}" = xglibc]) AM_CONDITIONAL([NSS_FLAVOUR_SOLARIS], [test "x${with_nss_flavour}" = xsolaris]) AM_CONDITIONAL([NSS_FLAVOUR_FREEBSD], [test "x${with_nss_flavour}" = xfreebsd]) # generate files AC_CONFIG_FILES([Makefile compat/Makefile common/Makefile nss/Makefile pam/Makefile nslcd/Makefile pynslcd/Makefile pynslcd/config.py man/Makefile tests/Makefile]) AC_OUTPUT nss-pam-ldapd-0.8.13/mkinstalldirs0000755000175000001440000000672212141433522013772 00000000000000#! /bin/sh # mkinstalldirs --- make directory hierarchy scriptversion=2009-04-28.21; # UTC # Original author: Noah Friedman # Created: 1993-05-16 # Public domain. # # This file is maintained in Automake, please report # bugs to or send patches to # . nl=' ' IFS=" "" $nl" errstatus=0 dirmode= usage="\ Usage: mkinstalldirs [-h] [--help] [--version] [-m MODE] DIR ... Create each directory DIR (with mode MODE, if specified), including all leading file name components. Report bugs to ." # process command line arguments while test $# -gt 0 ; do case $1 in -h | --help | --h*) # -h for help echo "$usage" exit $? ;; -m) # -m PERM arg shift test $# -eq 0 && { echo "$usage" 1>&2; exit 1; } dirmode=$1 shift ;; --version) echo "$0 $scriptversion" exit $? ;; --) # stop option processing shift break ;; -*) # unknown option echo "$usage" 1>&2 exit 1 ;; *) # first non-opt arg break ;; esac done for file do if test -d "$file"; then shift else break fi done case $# in 0) exit 0 ;; esac # Solaris 8's mkdir -p isn't thread-safe. If you mkdir -p a/b and # mkdir -p a/c at the same time, both will detect that a is missing, # one will create a, then the other will try to create a and die with # a "File exists" error. This is a problem when calling mkinstalldirs # from a parallel make. We use --version in the probe to restrict # ourselves to GNU mkdir, which is thread-safe. case $dirmode in '') if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then echo "mkdir -p -- $*" exec mkdir -p -- "$@" else # On NextStep and OpenStep, the `mkdir' command does not # recognize any option. It will interpret all options as # directories to create, and then abort because `.' already # exists. test -d ./-p && rmdir ./-p test -d ./--version && rmdir ./--version fi ;; *) if mkdir -m "$dirmode" -p --version . >/dev/null 2>&1 && test ! -d ./--version; then echo "mkdir -m $dirmode -p -- $*" exec mkdir -m "$dirmode" -p -- "$@" else # Clean up after NextStep and OpenStep mkdir. for d in ./-m ./-p ./--version "./$dirmode"; do test -d $d && rmdir $d done fi ;; esac for file do case $file in /*) pathcomp=/ ;; *) pathcomp= ;; esac oIFS=$IFS IFS=/ set fnord $file shift IFS=$oIFS for d do test "x$d" = x && continue pathcomp=$pathcomp$d case $pathcomp in -*) pathcomp=./$pathcomp ;; esac if test ! -d "$pathcomp"; then echo "mkdir $pathcomp" mkdir "$pathcomp" || lasterr=$? if test ! -d "$pathcomp"; then errstatus=$lasterr else if test ! -z "$dirmode"; then echo "chmod $dirmode $pathcomp" lasterr= chmod "$dirmode" "$pathcomp" || lasterr=$? if test ! -z "$lasterr"; then errstatus=$lasterr fi fi fi fi pathcomp=$pathcomp/ done done exit $errstatus # Local Variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: nss-pam-ldapd-0.8.13/ChangeLog-20100000664000175000001440000010762711621777305013342 000000000000002010-12-30 arthur * [r1358] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.8.0 release * [r1357] README, debian/copyright: update copyright information * [r1356] debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fi.po, debian/po/fr.po, debian/po/gl.po, debian/po/it.po, debian/po/ja.po, debian/po/nb.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po, debian/po/zh_CN.po: run debconf-updatepo (new and updated templates) * [r1355] debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fi.po, debian/po/fr.po, debian/po/gl.po, debian/po/it.po, debian/po/ja.po, debian/po/nb.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/vi.po, debian/po/zh_CN.po: put headers of .po files in a consistent format * [r1354] ., AUTHORS, HACKING, README, configure.ac, debian/copyright, nss/Makefile.am, nss/common.h, nss/ethers.c, nss/exports.solaris, nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c, nss/passwd.c, nss/protocols.c, nss/prototypes.h, nss/rpc.c, nss/services.c, nss/shadow.c, nss/solnss.c: integrate Solaris support developed by Ted C. Cheng of Symas Corporation that was developed on the -solaris branch 2010-12-29 arthur * [r1348] Makefile.am, pam/Makefile.am: fix distcheck by passing --with-pam-seclib-dir to configure and remove unneeded slashes * [r1347] Makefile.am, configure.ac, py-compile, pynslcd, pynslcd/Makefile.am, pynslcd/alias.py, pynslcd/cfg.py, pynslcd/common.py, pynslcd/config.py.in, pynslcd/debugio.py, pynslcd/ether.py, pynslcd/group.py, pynslcd/mypidfile.py, pynslcd/pam.py, pynslcd/passwd.py, pynslcd/pynslcd.py, pynslcd/shadow.py, pynslcd/tio.py: add an experimental (currently partial) Python implementation of nslcd to see if we can get the same features with easier to maintain code 2010-12-28 arthur * [r1346] man/nslcd.conf.5.xml, nslcd/attmap.c, nslcd/common.c, nslcd/common.h, nslcd/group.c, nslcd/passwd.c, nslcd/shadow.c: allow attribute mapping with an expression for the userPassword attribute for passwd, group and shadow entries and by default map it to the unmatchable password ("*") to avoid accidentally leaking password information 2010-12-26 arthur * [r1345] nslcd/common.h, nslcd/myldap.c, nslcd/myldap.h, nslcd/pam.c, nslcd/shadow.c: try to update the shadowLastChange attribute of a user on password change (the update is only tried if the attribute is present to begin with) * [r1344] common/tio.c: return connection reset when connection was closed by the other end * [r1343] tests/nslcd-test.conf: paging isn't supported by OpenLDAP when chasing referrals * [r1342] nslcd/cfg.c: also support the tls_cacert option as an alias for tls_cacertfile * [r1341] man/nslcd.conf.5.xml: add notes on ignored options when using GnuTLS (based on #513270 which was reported against the openldap package by Peter Palfrader) 2010-12-24 arthur * [r1340] nslcd/common.c: also support tilde (~) in user and group names, except as first character * [r1339] nslcd/common.c: make logic of character tests easier to read 2010-12-20 arthur * [r1338] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/group.c, nslcd/passwd.c: implement a nss_min_uid option to filter user entries returned by LDAP 2010-12-18 arthur * [r1337] tests/test_nsscmds.sh: sort group members by alphabet to not be dependant on the order of attributes returned and the internal softing of the set * [r1336] tests/README, tests/test.ldif.gz, tests/test_nsscmds.sh: update tests with current test set-up (with chasing a referral and some other minor changes) 2010-12-12 arthur * [r1328] nslcd/myldap.c: pass the ld to do_bind() instead of the session to use the correct ld from do_rebind() * [r1327] nslcd/pam.c: always return a positive authorisation result during authentication because we don't do any authorisation checks during authentication and this may confuse the PAM module if it's only used for authorisation * [r1326] pam/pam.c: fallback to standard PAM error message if one wasn't returned by nslcd * [r1325] nslcd/myldap.c: fix comment 2010-12-11 arthur * [r1322] tests/test_myldap.c: include extra assertion checks 2010-12-08 arthur * [r1319] nslcd/myldap.c, nslcd/myldap.h, nslcd/nslcd.c: in each worker wake up once in a while to check whether any existing LDAP connections should be closed 2010-12-03 arthur * [r1318] nslcd/pam.c: in try_bind(), perform the search ourselves instead of using lookup_dn2uid() to also be able to match administrator DNs (thanks to Thaddeus J. Kollar for spotting this) * [r1317] nslcd/pam.c: fix handling of try_bind() result code in nslcd_pam_authc() (patch by Thaddeus J. Kollar) 2010-11-26 arthur * [r1316] nslcd/nslcd.c: close all open file descriptors on start 2010-11-17 arthur * [r1315] nslcd/common.h, nslcd/pam.c, nslcd/passwd.c: return correct PAM status code for when LDAP server is unavailable (based on a patch by Pierre Gambarotto) * [r1314] nslcd/pam.c: switch all internal functions to return an LDAP status code * [r1313] nslcd/pam.c: return correct kind of error code from try_pwmod() (bug) 2010-11-10 arthur * [r1312] debian/nslcd.config, debian/nslcd.postinst, debian/nslcd.templates: implement configuring SASL authentication using Debconf, based on a patch by Daniel Dehennin * [r1311] debian/nslcd.config: fix for problem with undefined values in read_config() function 2010-11-07 arthur * [r1310] debian/nslcd.config: split reading values from a configfile into a separate function and also ensure that tls_reqcert is correctly read * [r1309] debian/nslcd.postinst: add comment describing function * [r1308] debian/nslcd.postinst: split updating configuration file based on debconf value to separate function and make config option renaming consistent * [r1307] pam/Makefile.am: fix installation directory for PAM module (was broken in r1239) * [r1306] debian/nslcd.postinst: move special casing of handling bindpw removal to cfg_disable() function * [r1305] debian/nslcd.config, debian/nslcd.postinst: handle tls_reqcert option consistently with other options * [r1304] debian/nslcd.config: remove extra slash character * [r1303] configure.ac: guess NSS SONAME on freebsd * [r1302] configure.ac: use NSS flavour to determine which exports file to use * [r1301] nslcd/alias.c, nslcd/common.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/log.c, nslcd/log.h, nslcd/netgroup.c, nslcd/network.c, nslcd/pam.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: log the request with any logged messages * [r1300] compat/ldap_compat.h: SASL compatibility definition 2010-11-04 arthur * [r1298] nslcd/nslcd.c: move acceptconnection() function body inside the worker() so we can more easily break out of the connection handling thread, close the server socket inside the signal handler to cause all threads waiting on accept() to fail and ensure that signals are handled in the main thread by blocking them in the worker threads (r1290 from -solaris branch) * [r1297] nslcd/common.h, nslcd/pam.c, nslcd/passwd.c: avoid unneeded strdup()s by using a passed buffer to lookup_dn2uid() and using strcmp() in dn2uid() to see if the existing cached value is ok * [r1296] nslcd/passwd.c: fix race condition that could cause a memory leak * [r1295] common/nslcd-prot.c, nslcd/nslcd.c: pass the actual size of the address family and the path length to bind() and connect() for named sockets 2010-11-03 arthur * [r1294] nslcd/myldap.c: call myldap_session_check() before adding a new search to the session so the connection actually gets closed on timeout (the connection isn't closed when there are active searches) 2010-10-16 arthur * [r1288] configure.ac: chage test for compiling with gcc to be simpler and not use deprecated ac_cv_prog_gcc * [r1287] nslcd/nslcd.c: fix log message * [r1286] nslcd/cfg.h: remove obsolete note 2010-10-15 arthur * [r1279] common/dict.c, common/dict.h, common/set.c, common/set.h, tests/test_set.c: implement dict_getany() and set_pop() functions to be able to pick and remove entries * [r1278] common/dict.c, common/dict.h, common/set.h, tests/test_dict.c, tests/test_set.c: make DICTs and SETs case-sensitive * [r1277] nss/common.h: split out checking of NSS module availability and buffer correctness to separate macros (taken from the -solaris branch) * [r1276] nslcd/myldap.c: set a longer socket timout for the normal connection (just in case mostly) and a short one to use when shutting down the connection (also see http://www.openldap.org/its/index.cgi?selectid=6673) 2010-10-14 arthur * [r1274] configure.ac: set {nss,pam}_ldap_so_LINK from configure to allow custom linker properties for Solaris (r1261 and r1263 from -solaris branch) * [r1273] configure.ac: also include sys/types.h for ethernet-related tests (same as in compat/ether.h) (r1259 from -solaris branch) * [r1272] nss/group.c: move _nss_ldap_initgroups_dyn() definition to the end to have more logical order * [r1271] nslcd/myldap.c: simplify SASL includes 2010-10-13 arthur * [r1270] nss/Makefile.am: link local modules before .a files from common directory to pick symbols up in correct order * [r1269] configure.ac: move ethernet function checks outside nslcd-specific tests to also compile without warnings when only compiling NSS module * [r1267] nslcd/pam.c: make buffer sizes for PAM requests consistent (and large enough for most situations) * [r1266] configure.ac: rename --with-nss-ldap-maps to --with-nss-maps * [r1265] compat/ldap_passwd_s.c: small fix 2010-10-12 arthur * [r1264] nslcd/myldap.c: set timeout options on LDAP socket to avoid problems when the LDAP library hangs on a read() (e.g. at ldap_unbind()) 2010-10-10 arthur * [r1256] nslcd/myldap.c, nss/netgroup.c, pam/pam.c: make use of UNUSED() consistent throughout the code * [r1255] nss/rpc.c: correctly name shared file handle * [r1254] ChangeLog: undo changes to ChangeLog accidentally checked in in r1253) * [r1253] ChangeLog, configure.ac, nss/Makefile.am, nss/exports.glibc, nss/exports.solaris, nss/nss_ldap.map, pam/Makefile.am: put all logic on how to run linker for NSS and PAM components in configure script (remove stuff from Makefile.ams) and add Solaris version script (renaming version scripts as needed) (r1250 from -solaris branch) * [r1252] compat/ether.c, compat/ether.h: move missing declarations of ether_ntoa() and ether_aton() to header file so they are available for other sources also (r1243 from -solaris branch) * [r1251] configure.ac: fix test of returnlen struct member check (r1244 from -solaris branch) 2010-10-08 arthur * [r1245] nss/services.c: correctly name shared file handle 2010-10-04 arthur * [r1240] nss/Makefile.am, nss/aliases.c, nss/ethers.c, nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c, nss/passwd.c, nss/protocols.c, nss/rpc.c, nss/services.c, nss/shadow.c, pam/Makefile.am: improve consistency of code layout * [r1239] compat/nss_compat.h, configure.ac, nss/Makefile.am, nss/common.h, nss/hosts.c, nss/networks.c, nss/prototypes.h, pam/Makefile.am: merge some of the changes for Solaris portability to ease merging, adding --with-pam-seclib-dir, --with-pam-ldap-soname and --with-nss-flavour options and having some auto-detection for SONAMEs and NSS flavour 2010-10-02 arthur * [r1235] .: ignore configure.lineno 2010-10-01 arthur * [r1233] compat/ether.c, compat/ldap_passwd_s.c, configure.ac: use AC_CHECK_DECLS to check for definitions of functions we provide a replacement definition for 2010-09-30 arthur * [r1229] debian/po/vi.po: updated Vietnamese (vi) translation of debconf templates by Clytie Siddall * [r1228] configure.ac: fix test quoting 2010-09-29 arthur * [r1227] compat/ether.c, configure.ac: only provide definitions for ether_aton() and ether_ntoa() for platforms missing a definition * [r1226] compat/ether.c: fix definitions of ether_aton() and ether_ntoa() 2010-09-28 arthur * [r1225] compat/nss_compat.h, compat/pam_get_authtok.c, configure.ac: begin merging some of the compatibility improvements from Ted C. Cheng of Symas Corporation * [r1224] compat/nss_compat.h: no need to provide a enum nss_status replacement because we don't use it * [r1223] tests/test_aliases.c, tests/test_ethers.c, tests/test_group.c, tests/test_hosts.c, tests/test_netgroup.c, tests/test_networks.c, tests/test_passwd.c, tests/test_protocols.c, tests/test_rpc.c, tests/test_services.c, tests/test_shadow.c: also switch to nss_status_t for test code * [r1222] configure.ac: simplify appending OBJEXT sed expression 2010-09-27 arthur * [r1221] nslcd/myldap.c: remove variables which are no longer necessary due to r1220 * [r1220] nslcd/myldap.c: remove disabling keepalives since we handle SIGPIPE anyway 2010-09-26 arthur * [r1219] nslcd/myldap.c: remove ugly empty line * [r1218] configure.ac: properly define PACKAGE_URL * [r1217] nslcd/group.c: update description of group schema supported * [r1216] Makefile.am: switch to nicer mechanism to specify subdirectories to build 2010-09-25 arthur * [r1215] configure.ac, nss/Makefile.am: have a way to limit which NSS maps should be built 2010-09-24 arthur * [r1214] compat/nss_compat.h, nss/aliases.c, nss/common.h, nss/ethers.c, nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c, nss/passwd.c, nss/protocols.c, nss/prototypes.h, nss/rpc.c, nss/services.c, nss/shadow.c: switch to using nss_status_t throughout the code and provide compatibility code to use whatever nss_status type is used on the system 2010-09-23 arthur * [r1208] nslcd/myldap.c: add some more error cases which should trigger a disconnect 2010-09-20 arthur * [r1207] nslcd/myldap.c: handle errors from ldap_result() consistently and also retry in case it times out 2010-09-05 arthur * [r1206] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/common.h, nslcd/nslcd.c, nslcd/pam.c, pam/pam.c: implement a rootpwmodpw option that allows root users to change user passwords without a password prompt 2010-08-28 arthur * [r1204] ChangeLog, NEWS, configure.ac, debian/changelog, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.7.9 release * [r1203] debian/po/nl.po: unfuzzy a few Dutch translations and improve some others * [r1202] debian/po/it.po: fix package name * [r1201] debian/po/es.po: updated Spanish (es) translation of debconf templates by Francisco Javier Cuadrado * [r1200] debian/libpam-ldapd.templates, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fi.po, debian/po/fr.po, debian/po/gl.po, debian/po/it.po, debian/po/ja.po, debian/po/nb.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po, debian/po/zh_CN.po: fix incorrect reference from /etc/nsswitch to /etc/nsswitch.conf * [r1199] debian/po/da.po, debian/po/de.po, debian/po/it.po, debian/po/ja.po, debian/po/nb.po, debian/po/ru.po, debian/po/sv.po: fix wrapping of po files * [r1198] debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/fr.po, debian/po/it.po, debian/po/ja.po, debian/po/nb.po, debian/po/pt.po, debian/po/ru.po, debian/po/sv.po, debian/po/zh_CN.po: correct references to package name for up-to-date translations * [r1197] debian/po/es.po, debian/po/fr.po, debian/po/gl.po, debian/po/ja.po: fix translations that had a reference to the old location of the configuration file * [r1196] debian/po/sv.po: updated Swedish (sv) translation of debconf templates by Martin Ã…gren * [r1195] debian/po/ca.po: unfuzzy translated string (confirmed OK by Agustí Grau) 2010-08-27 arthur * [r1194] debian/po/ca.po: updated Catalan (ca) translation of debconf templates by Agusti Grau 2010-08-26 arthur * [r1193] debian/po/de.po: updated German (de) translation of debconf templates by Chris Leick 2010-08-25 arthur * [r1192] debian/po/fr.po: updated French (fr) translation of debconf templates by Christian Perrier 2010-08-24 arthur * [r1191] debian/po/da.po: updated Danish (da) translation of debconf templates by Joe Hansen 2010-08-20 arthur * [r1190] debian/po/ja.po: updated Japanese (ja) translation of debconf templates by Kenshi Muto 2010-08-19 arthur * [r1189] debian/nslcd.templates, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fi.po, debian/po/fr.po, debian/po/gl.po, debian/po/it.po, debian/po/ja.po, debian/po/nb.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po, debian/po/zh_CN.po: fix double "be" in English template thanks to Christian PERRIER * [r1188] debian/po/it.po: updated Italian (it) translation of debconf templates by Vincenzo Campanella * [r1187] debian/po/zh_CN.po: updated Simplified Chinese (zh_CN) translation of debconf templates by zym * [r1186] debian/po/cs.po: updated Czech (cs) translation of debconf templates by Miroslav Kure * [r1185] configure.ac: fix for --with-nss-ldap-soname option by Julien Cristau 2010-08-18 arthur * [r1183] ChangeLog, NEWS, configure.ac, debian/changelog, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.7.8 release * [r1182] debian/po/nb.po: added Norwegian BokmÃ¥l (nb) translation of debconf templates by Bjørn Steensrud * [r1181] debian/po/ru.po: updated Russian (ru) translation of debconf templates by Yuri Kozlov * [r1180] debian/po/pt.po: updated Portuguese (pt) translation of debconf templates by Américo Monteir 2010-08-17 arthur * [r1179] debian/po/da.po, debian/po/vi.po, debian/po/zh_CN.po: remove invalid and bouncing addresses * [r1178] debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fi.po, debian/po/fr.po, debian/po/gl.po, debian/po/it.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po, debian/po/zh_CN.po: update debian/po files with modified template * [r1177] debian/libpam-ldapd.postinst: only offer to fix nsswitch.conf if PAM has been converted with pam-auth-update * [r1176] debian/libpam-ldapd.templates: updated debconf template thanks to Justin B Rye 2010-08-15 arthur * [r1175] debian/po/POTFILES.in, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fi.po, debian/po/fr.po, debian/po/gl.po, debian/po/it.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po, debian/po/zh_CN.po: update debian/po files with added template 2010-08-14 arthur * [r1174] debian/control: upgrade to standards-version 3.9.1 * [r1173] debian/control: add libpam-sss as an alternative to libpam-ldapd * [r1172] debian/control: merge the recommends from libnss-ldapd and libpam-ldapd into those of nslcd so we can track all the PAM alternatives in one place * [r1171] Makefile.am, debian/libnss-ldapd.postinst, debian/libnss-ldapd.postrm, debian/libpam-ldapd.lintian-overrides, debian/libpam-ldapd.postinst, debian/libpam-ldapd.templates: offer to add ldap to shadow in nsswitch.conf if a potential broken configuration is found * [r1170] ChangeLog, ChangeLog-2006, ChangeLog-2007, ChangeLog-2008, Makefile.am: archive older ChangeLog entries in year files * [r1169] common/expr.c: also don't expand variables in rest of ${var:+rest} expressions if var is not set or empty * [r1168] common/expr.c: do not expand variables in rest of ${var:-rest} expressions if var is not blank or empty 2010-07-27 arthur * [r1167] nss/services.c: use htons() instead of ntohs() (thanks Ted C. Cheng) 2010-07-18 arthur * [r1166] compat/nss_compat.h, configure.ac: compatibility improvement: also check for nss_common.h and see if enum nss_status exists * [r1165] nslcd/pam.c: fix comment * [r1164] nss/Makefile.am: use -h linker flag instead of -soname which seems more portable * [r1163] compat/pam_compat.h: define pam_info(), pam_error() and pam_syslog() compatibility macros to allow no arguments for format 2010-07-17 arthur * [r1162] debian/nslcd.config: only go back one step on Debconf back 2010-07-07 arthur * [r1161] configure.ac, nslcd/nslcd.c, nss/Makefile.am: allow configuring NSS module's SONAME from configure and use this in nslcd to dlopen() the correct library (thanks to Alexander V. Chernikov for the idea) 2010-07-03 arthur * [r1159] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.7.7 release * [r1158] debian/control: upgrade to standards-version 3.9.0 * [r1157] debian/libnss-ldapd.config, debian/nslcd.config: don't use dh_title to set the Debconf title, the default should be fine * [r1156] debian/control: use Replaces/Breaks instead of Conflicts for introduction of nslcd package (as per policy 3.9.0) 2010-06-25 arthur * [r1155] Makefile.am, debian/libpam-ldapd.manpages, debian/nslcd.install, debian/nslcd.manpages: make sure the pam_ldap manual page is in the libpam-ldapd package 2010-06-19 arthur * [r1154] nslcd/myldap.c: add logging to SASL interaction function * [r1153] nslcd/myldap.c: improve debug logging of SASL bind calls * [r1152] debian/nslcd.default: updated based on comments by Daniel Dehennin 2010-06-18 arthur * [r1151] AUTHORS, Makefile.am, debian/control, debian/nslcd.conffile, debian/nslcd.default, debian/nslcd.init: start k5start from the init script to keep the Kerberos ticket active if nslcd is configured for SASL GSSAPI kerberos authentication, based on a patch by Daniel Dehennin * [r1150] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h: remove warning messages from parsing the sasl_* options and document them in the nslcd.conf(5) manual page (they should be functional) * [r1149] nslcd/myldap.c: make SASL binding code a little earier to read * [r1148] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/myldap.c: remove the use_sasl option and instead rely on sasl_mech being specified * [r1147] debian/nslcd.init: group options more 2010-06-17 arthur * [r1146] compat/Makefile.am, compat/nss_compat.h, configure.ac, nss/common.h, nss/prototypes.h: have more compatibility code for NSS module and move compatibility code to compat directory 2010-06-16 arthur * [r1145] debian/nslcd.init: ensure that nslcd is started after hostname lookups are available so getting to the LDAP server via DNS lookups will work (patch by Petter Reinholdtsen) * [r1144] nslcd/nslcd.c: use RTLD_NODELETE during dlopen() instead of not using dlclose() 2010-06-15 arthur * [r1143] configure.ac, nss/Makefile.am, nss/exports.linux, nss/nss_ldap.map, pam/Makefile.am, pam/exports.linux, pam/pam_ldap.map: rename symbol map files and check for the linker option to specify the file with * [r1142] configure.ac, nslcd/Makefile.am: pass pthread flags correctly to nslcd Makefile and rename save_ vars to not conflict with AX_PTHREAD test 2010-06-14 arthur * [r1141] configure.ac, nslcd/nslcd.c, nss/Makefile.am, nss/common.c, nss/common.h, nss/exports.linux, nss/netgroup.c, nss/prototypes.h, tests/Makefile.am: implement a global symbol inside the NSS module to allow applications to disable NSS lookups over LDAP and use it in nslcd to avoid deadlocks * [r1140] common/dict.h, common/expr.h, common/nslcd-prot.h, common/set.h, common/tio.h, compat/attrs.h, compat/daemon.h, compat/ether.h, compat/getopt_long.h, compat/getpeercred.h, compat/ldap_compat.h, compat/pam_compat.h, nslcd/attmap.h, nslcd/cfg.h, nslcd/common.h, nslcd/log.h, nslcd/myldap.h, nss/common.h, nss/prototypes.h, pam/common.h: make include guard names consistent throughout the source and avoid conflicts with system headers * [r1139] nss/aliases.c, nss/ethers.c, nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c, nss/passwd.c, nss/protocols.c, nss/rpc.c, nss/services.c, nss/shadow.c: remove some unused include statements 2010-06-12 arthur * [r1138] README, common/tio.c, nslcd/attmap.c, nslcd/attmap.h, nslcd/group.c, nslcd/network.c: remove commented out memberOf and ipNetmaskNumber attributes and small cleanups * [r1137] debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fi.po, debian/po/fr.po, debian/po/gl.po, debian/po/it.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/vi.po, debian/po/zh_CN.po: run translations through debconf-updatepo -v 2010-06-11 arthur * [r1136] nslcd/nslcd.c: fix and remove source code comments 2010-06-04 arthur * [r1135] ChangeLog, debian/changelog: revert part of r1134 that was accidentally commited * [r1134] ChangeLog, debian/changelog, pam/pam.c: fix nullok test for password modification 2010-06-03 arthur * [r1133] debian/libpam-ldapd.pam-auth-update: also ignore other ignorable PAM return codes 2010-06-02 arthur * [r1132] compat/pam_get_authtok.c: add a warning to the limitation of our pam_get_authtok() implementation * [r1131] pam/pam.c: simplify PAM module splitting remapping for ignore_* options to a separate function, parsing of try_first_pass and use_first_pass is done by pam_get_authtok(), don't report session errors to the user and make error handling consistent 2010-06-01 arthur * [r1130] nslcd/pam.c: fix bug in test (r1127) * [r1129] man/pam_ldap.8.xml, pam/pam.c: implement an nullok PAM option and disable empty passwords by default * [r1128] pam/pam.c: don't log failure to do nslcd request to user and log authentication errors during password change * [r1127] nslcd/pam.c: add a debug log message when user authentication was successful * [r1126] debian/libpam-ldapd.pam-auth-update: don't use use_authtok for password modification by default 2010-05-31 arthur * [r1125] pam/pam.c: fix typo 2010-05-27 arthur * [r1123] AUTHORS, ChangeLog, NEWS, configure.ac, debian/changelog, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.7.6 release 2010-05-26 arthur * [r1122] debian/control: drop extra parts of package descriptions that should no longer be really relevant and update libpam-ldapd description 2010-05-24 arthur * [r1121] debian/libpam-ldapd.pam-auth-update: update pam-auth-update configuration to always perform LDAP autorisation, also pass use_authtok on password modification and spell out session result handling * [r1120] pam/pam.c: make code more consistent * [r1119] man/pam_ldap.8.xml: fix typo * [r1118] pam/pam.c: don't store use_authtok because pam_get_authtok() looks at the arguments itself 2010-05-23 arthur * [r1117] HACKING, README, man/nslcd.8.xml, man/nslcd.conf.5.xml: update documentation * [r1116] nslcd.conf: include uid and gid options in default configuration file * [r1115] configure.ac, m4/acx_pthread.m4, m4/ax_pthread.m4: update AC?X_PTHREAD macro and update configure script to be simpler and add some more checks * [r1114] debian/nslcd.init: use nslcd --check in init script's status command 2010-05-22 arthur * [r1113] nslcd/pam.c: make debug logging for pam_authz_search option a little more readable 2010-05-20 arthur * [r1112] debian/control: add libpam-heimdal as an alternative recommends for libnss-ldapd 2010-05-15 arthur * [r1111] nslcd/attmap.c, nslcd/attmap.h: always clear returned buffer when performing attribute mapping (based on a patch by Nalin Dahyabhai ) 2010-05-14 arthur * [r1109] ChangeLog, NEWS, configure.ac, debian/changelog, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.7.5 release * [r1108] Makefile.am, debian/source, debian/source/format: switch to source format 3.0 (native) * [r1107] pam/pam.c: print uid as a long * [r1106] compat/pam_compat.h, configure.ac, man/pam_ldap.8.xml, pam/common.h, pam/pam.c: perform logging from PAM module to syslog and support the debug option to log debugging information 2010-05-13 arthur * [r1105] pam/pam.c: centralise initialising functions needed for every PAM call into one function * [r1104] common/nslcd-prot.h, nslcd/common.h: make logging of buffer checks consistent * [r1103] pam/pam.c: also use PAM username instead of one from context for session open and close * [r1102] pam/pam.c: replace my_pam_get_authtok() with standard pam_get_authtok() function, get rid of get_old_password() and general cleanups and simplifications 2010-05-12 arthur * [r1101] pam/pam.c: make parsing configuration options global, reorganise a bit and make code more consistent and easier to read * [r1100] compat/pam_compat.h, nslcd/pam.c: small compatibility improvements 2010-05-10 arthur * [r1099] pam/pam.c: only log "LDAP session failed" if we actually tried * [r1098] compat/Makefile.am, compat/pam_compat.h, compat/pam_get_authtok.c, compat/pam_prompt.c, configure.ac, pam/pam.c: replace my_pam_warn() with pam_info() and pam_error() and provide replacement for pam_prompt() also using it in our pam_get_authtok() replacement 2010-05-09 arthur * [r1096] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.7.4 release * [r1095] nslcd/myldap.c: only log "connected to LDAP server" if the previous connect failed or we are failing over to a different server * [r1094] debian/nslcd.postinst, man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/myldap.c, tests/README, tests/nslcd-test.conf: rename reconnect_maxsleeptime option to reconnect_retrytime * [r1093] nslcd/myldap.c: don't log errno if it is not set (make error less confusing) * [r1092] nslcd/myldap.c: handle authentication searches a little differently (only try once if an authentication error is returned) * [r1091] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/myldap.c: refactor retry timing mechanism to use time between first and last error to determin when to rerty and only try once (and don't sleep) when we have been failing for a long time 2010-05-08 arthur * [r1090] man/nslcd.conf.5.xml: fix wrapping of long line (thanks lintian) * [r1089] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/pam.c: rename authz_search option to pam_authz_search 2010-05-07 arthur * [r1088] man/nslcd.conf.5.xml, man/pam_ldap.8.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/pam.c: implement an authz_search option to test whether the user is authorised * [r1087] nslcd/alias.c, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: tune some buffer sizes and small cleanups * [r1086] tests/test_myldap.c: implement test for buffer overflow * [r1085] nslcd/myldap.c: fix buffer overflow * [r1084] man, man/Makefile.am: have the possibility to generate HTML for manual pages (not done by default) * [r1083] man/nslcd.conf.5.xml, man/pam_ldap.8.xml: use docbook elements where possible 2010-05-06 arthur * [r1082] compat/pam_compat.h, configure.ac, debian/libpam-ldapd.pam-auth-update, man/pam_ldap.8.xml, pam/pam.c: implement a minimum_uid option for the PAM module to ignore users that have a lower numeric user id 2010-05-05 arthur * [r1081] config.guess, config.sub: include updated files 2010-05-03 arthur * [r1080] debian/nslcd.config: also parse /etc/ldap.conf for systems that use that for NSS and PAM configuration 2010-04-13 arthur * [r1079] nslcd/myldap.c, nslcd/myldap.h, nslcd/pam.c: don't have myldap_set_credentials() try to open a connection but have the PAM code perform a search with the new credentials so we re-use the fail-over mechanism in myldap_search() * [r1078] nslcd/cfg.c, nslcd/common.h, nslcd/myldap.c, nslcd/myldap.h, nslcd/passwd.c, tests/test_myldap.c: also have myldap_search() return an LDAP status code 2010-04-01 arthur * [r1077] tests/README, tests/test.ldif.gz, tests/test_nsscmds.sh: small improvements to the test setup 2010-03-20 arthur * [r1076] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/group.c: add an nss_initgroups_ignoreusers option to ignore username to group lookups for the specified users 2010-03-13 arthur * [r1075] man/nslcd.conf.5.xml: remove commented-oud default option because it is not implemented and we have a better mechanism now 2010-02-28 arthur * [r1074] nslcd/myldap.c: have less warnings when LDAP_OPT_X_TLS isn't defined * [r1073] man/nslcd.conf.5.xml: document which attributes may be mapped with an expression 2010-02-27 arthur * [r1071] ChangeLog, NEWS, configure.ac, debian/changelog, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.7.3 release * [r1070] debian/NEWS: add blank line for apt-listchanges * [r1069] debian/control: upgrade to standards-version 3.8.4 (no changes needed) * [r1068] common/dict.h: fix typo * [r1067] debian/nslcd.postinst, man/nslcd.conf.5.xml, nslcd.conf, nslcd.h, nslcd/cfg.c, nslcd/cfg.h, nslcd/pam.c: rename admindn option to rootpwmoddn * [r1066] INSTALL, compile: update from latest automake * [r1065] HACKING, tests/README: small updates to documentation 2010-02-17 arthur * [r1064] nslcd/myldap.c: first try password modification without the old password and if that fails with the old password * [r1063] compat/ldap_passwd_s.c: add pointer to RFC 3062 2010-01-28 arthur * [r1062] man/nslcd.8.xml, nslcd/nslcd.c: patch by Jan Schampera to implement a --check option 2010-01-25 arthur * [r1061] nslcd/myldap.c: fix for type mismatch (thanks to Jan Schampera) 2010-01-24 arthur * [r1060] configure.ac, nslcd/cfg.c: add --with-bindpw-file configure option to enable reading the bindpw option from a file * [r1059] debian/nslcd.postinst, man/nslcd.conf.5.xml, nslcd.conf, nslcd.h, nslcd/cfg.c, nslcd/cfg.h, nslcd/pam.c, pam/pam.c: add admindn configuration file option that is used when modifying another user's password * [r1058] man/nslcd.conf.5.xml: fix example * [r1057] nslcd/myldap.c: make logging of passwords consistent and support a NULL oldpassword value in myldap_passwd() * [r1056] nslcd/myldap.c: free data returned from ldap_passwd_s() call if needed and add missing casts * [r1055] HACKING: general updates and add PAM module information 2010-01-23 arthur * [r1054] nss/prototypes.h: simple improvement for FreeBSD * [r1053] nslcd/nslcd.c: lock the pidfile at start-up to ensure only one nslcd process is running (based on a patch by Jan Schampera ) 2010-01-21 arthur * [r1052] debian/nslcd.init: start nslcd before apache for systems that use LDAP users to run virtual hosts * [r1051] HACKING, README, configure.ac: set contact address to mailing list * [r1050] debian/NEWS: change format of NEWS entry based on Developer's Reference * [r1049] debian/rules: install lintian overrides with dh_lintian 2010-01-08 arthur * [r1048] nslcd/cfg.c: improve getting of domain name by also checking hostname aliases (based on patch by Jan Schampera ) * [r1047] AUTHORS: improve getting of domain name by also checking hostname aliases (based on patch by Jan Schampera ) nss-pam-ldapd-0.8.13/nslcd/0000755000175000001440000000000012141476127012350 500000000000000nss-pam-ldapd-0.8.13/nslcd/log.h0000644000175000001440000000337011541144160013215 00000000000000/* log.h - definitions of logging funtions Copyright (C) 2002, 2003, 2007, 2008, 2010, 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef NSLCD__LOG_H #define NSLCD__LOG_H 1 #include #include "compat/attrs.h" /* set loglevel when no logging is configured */ void log_setdefaultloglevel(int pri); /* start the logging with the configured logging methods if no method is configured yet, logging is done to syslog */ void log_startlogging(void); /* indicate that a session id should be included in the output and set it to a new value */ void log_newsession(void); /* indicate that we should clear any session identifiers set by log_newsession */ void log_clearsession(void); /* indicate that a request identifier should be included in the output from this point on, until log_newsession() is called */ void log_setrequest(const char *format, ...) LIKE_PRINTF(1,2); /* log the given message using the configured logging method */ void log_log(int pri,const char *format, ...) LIKE_PRINTF(2,3); #endif /* not NSLCD__LOG_H */ nss-pam-ldapd-0.8.13/nslcd/network.c0000644000175000001440000001321512024621117014116 00000000000000/* network.c - network address entry lookup routines Parts of this file were part of the nss_ldap library (as ldap-network.c) which has been forked into the nss-pam-ldapd library. Copyright (C) 1997-2005 Luke Howard Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include #include #include "common.h" #include "log.h" #include "myldap.h" #include "cfg.h" #include "attmap.h" /* ( nisSchema.2.7 NAME 'ipNetwork' SUP top STRUCTURAL * DESC 'Abstraction of a network. The distinguished value of * MUST ( cn $ ipNetworkNumber ) * MAY ( ipNetmaskNumber $ l $ description $ manager ) ) */ /* the search base for searches */ const char *network_bases[NSS_LDAP_CONFIG_MAX_BASES] = { NULL }; /* the search scope for searches */ int network_scope = LDAP_SCOPE_DEFAULT; /* the basic search filter for searches */ const char *network_filter = "(objectClass=ipNetwork)"; /* the attributes used in searches */ const char *attmap_network_cn = "cn"; const char *attmap_network_ipNetworkNumber = "ipNetworkNumber"; /* the attribute list to request with searches */ static const char *network_attrs[3]; /* create a search filter for searching a network entry by name, return -1 on errors */ static int mkfilter_network_byname(const char *name, char *buffer,size_t buflen) { char safename[300]; /* escape attribute */ if (myldap_escape(name,safename,sizeof(safename))) return -1; /* build filter */ return mysnprintf(buffer,buflen, "(&%s(%s=%s))", network_filter, attmap_network_cn,safename); } static int mkfilter_network_byaddr(const char *addrstr, char *buffer,size_t buflen) { char safeaddr[64]; /* escape attribute */ if (myldap_escape(addrstr,safeaddr,sizeof(safeaddr))) return -1; /* build filter */ return mysnprintf(buffer,buflen, "(&%s(%s=%s))", network_filter, attmap_network_ipNetworkNumber,safeaddr); } void network_init(void) { int i; /* set up search bases */ if (network_bases[0]==NULL) for (i=0;ildc_bases[i]; /* set up scope */ if (network_scope==LDAP_SCOPE_DEFAULT) network_scope=nslcd_cfg->ldc_scope; /* set up attribute list */ network_attrs[0]=attmap_network_cn; network_attrs[1]=attmap_network_ipNetworkNumber; network_attrs[2]=NULL; } /* write a single network entry to the stream */ static int write_network(TFILE *fp,MYLDAP_ENTRY *entry) { int32_t tmpint32,tmp2int32,tmp3int32; int numaddr,i; const char *networkname; const char **networknames; const char **addresses; /* get the most canonical name */ networkname=myldap_get_rdn_value(entry,attmap_network_cn); /* get the other names for the network */ networknames=myldap_get_values(entry,attmap_network_cn); if ((networknames==NULL)||(networknames[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_network_cn); return 0; } /* if the networkname is not yet found, get the first entry from networknames */ if (networkname==NULL) networkname=networknames[0]; /* get the addresses */ addresses=myldap_get_values(entry,attmap_network_ipNetworkNumber); if ((addresses==NULL)||(addresses[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_network_ipNetworkNumber); return 0; } /* write the entry */ WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_STRING(fp,networkname); WRITE_STRINGLIST_EXCEPT(fp,networknames,networkname); for (numaddr=0;addresses[numaddr]!=NULL;numaddr++) /*noting*/ ; WRITE_INT32(fp,numaddr); for (i=0;i #include #include #include #include "common.h" #include "log.h" #include "myldap.h" #include "cfg.h" #include "attmap.h" /* ( nisSchema.2.1 NAME 'shadowAccount' SUP top AUXILIARY * DESC 'Additional attributes for shadow passwords' * MUST uid * MAY ( userPassword $ shadowLastChange $ shadowMin * shadowMax $ shadowWarning $ shadowInactive $ * shadowExpire $ shadowFlag $ description ) ) */ /* the search base for searches */ const char *shadow_bases[NSS_LDAP_CONFIG_MAX_BASES] = { NULL }; /* the search scope for searches */ int shadow_scope = LDAP_SCOPE_DEFAULT; /* the basic search filter for searches */ const char *shadow_filter = "(objectClass=shadowAccount)"; /* the attributes to request with searches */ const char *attmap_shadow_uid = "uid"; const char *attmap_shadow_userPassword = "\"*\""; const char *attmap_shadow_shadowLastChange = "\"${shadowLastChange:--1}\""; const char *attmap_shadow_shadowMin = "\"${shadowMin:--1}\""; const char *attmap_shadow_shadowMax = "\"${shadowMax:--1}\""; const char *attmap_shadow_shadowWarning = "\"${shadowWarning:--1}\""; const char *attmap_shadow_shadowInactive = "\"${shadowInactive:--1}\""; const char *attmap_shadow_shadowExpire = "\"${shadowExpire:--1}\""; const char *attmap_shadow_shadowFlag = "\"${shadowFlag:-0}\""; /* default values for attributes */ static const char *default_shadow_userPassword = "*"; /* unmatchable */ /* the attribute list to request with searches */ static const char **shadow_attrs=NULL; static int mkfilter_shadow_byname(const char *name, char *buffer,size_t buflen) { char safename[300]; /* escape attribute */ if(myldap_escape(name,safename,sizeof(safename))) return -1; /* build filter */ return mysnprintf(buffer,buflen, "(&%s(%s=%s))", shadow_filter, attmap_shadow_uid,safename); } void shadow_init(void) { int i; SET *set; /* set up search bases */ if (shadow_bases[0]==NULL) for (i=0;ildc_bases[i]; /* set up scope */ if (shadow_scope==LDAP_SCOPE_DEFAULT) shadow_scope=nslcd_cfg->ldc_scope; /* set up attribute list */ set=set_new(); attmap_add_attributes(set,attmap_shadow_uid); attmap_add_attributes(set,attmap_shadow_userPassword); attmap_add_attributes(set,attmap_shadow_shadowLastChange); attmap_add_attributes(set,attmap_shadow_shadowMax); attmap_add_attributes(set,attmap_shadow_shadowMin); attmap_add_attributes(set,attmap_shadow_shadowWarning); attmap_add_attributes(set,attmap_shadow_shadowInactive); attmap_add_attributes(set,attmap_shadow_shadowExpire); attmap_add_attributes(set,attmap_shadow_shadowFlag); shadow_attrs=set_tolist(set); if (shadow_attrs==NULL) { log_log(LOG_CRIT,"malloc() failed to allocate memory"); exit(EXIT_FAILURE); } set_free(set); } static long to_date(const char *dn,const char *date,const char *attr) { char buffer[32]; long value; char *tmp; size_t l; /* do some special handling for date values on AD */ if (strcasecmp(attr,"pwdLastSet")==0) { /* we expect an AD 64-bit datetime value; we should do date=date/864000000000-134774 but that causes problems on 32-bit platforms, first we devide by 1000000000 by stripping the last 9 digits from the string and going from there */ l=strlen(date)-9; if (l>(sizeof(buffer)-1)) return -1; /* error */ strncpy(buffer,date,l); buffer[l]='\0'; errno=0; value=strtol(date,&tmp,10); if ((*date=='\0')||(*tmp!='\0')) { log_log(LOG_WARNING,"%s: %s: non-numeric",dn,attr); return -1; } else if (errno!=0) { log_log(LOG_WARNING,"%s: %s: out of range",dn,attr); return -1; } return value/864-134774; /* note that AD does not have expiry dates but a lastchangeddate and some value that needs to be added */ } errno=0; value=strtol(date,&tmp,10); if ((*date=='\0')||(*tmp!='\0')) { log_log(LOG_WARNING,"%s: %s: non-numeric",dn,attr); return -1; } else if (errno!=0) { log_log(LOG_WARNING,"%s: %s: out of range",dn,attr); return -1; } return value; } #ifndef UF_DONT_EXPIRE_PASSWD #define UF_DONT_EXPIRE_PASSWD 0x10000 #endif #define GET_OPTIONAL_LONG(var,att,fallback) \ tmpvalue=attmap_get_value(entry,attmap_shadow_##att,buffer,sizeof(buffer)); \ if (tmpvalue==NULL) \ tmpvalue=""; \ errno=0; \ var=strtol(tmpvalue,&tmp,10); \ if ((*(tmpvalue)=='\0')||(*tmp!='\0')) \ { \ log_log(LOG_WARNING,"%s: %s: non-numeric", \ myldap_get_dn(entry),attmap_shadow_##att); \ var=fallback; \ } \ else if (errno!=0) \ { \ log_log(LOG_WARNING,"%s: %s: out of range", \ myldap_get_dn(entry),attmap_shadow_##att); \ var=fallback; \ } void get_shadow_properties(MYLDAP_ENTRY *entry,long *lastchangedate, long *mindays,long *maxdays,long *warndays, long *inactdays,long *expiredate,unsigned long *flag) { char buffer[64]; const char *tmpvalue; char *tmp; /* get lastchange date */ tmpvalue=attmap_get_value(entry,attmap_shadow_shadowLastChange,buffer,sizeof(buffer)); if (tmpvalue==NULL) tmpvalue=""; *lastchangedate=to_date(myldap_get_dn(entry),tmpvalue,attmap_shadow_shadowLastChange); /* get other shadow properties */ GET_OPTIONAL_LONG(*mindays,shadowMin,-1); GET_OPTIONAL_LONG(*maxdays,shadowMax,-1); GET_OPTIONAL_LONG(*warndays,shadowWarning,-1); GET_OPTIONAL_LONG(*inactdays,shadowInactive,-1); GET_OPTIONAL_LONG(*expiredate,shadowExpire,-1); GET_OPTIONAL_LONG(*flag,shadowFlag,0); /* if we're using AD handle the flag specially */ if (strcasecmp(attmap_shadow_shadowLastChange,"pwdLastSet")==0) { if (*flag&UF_DONT_EXPIRE_PASSWD) *maxdays=-1; *flag=0; } } /* try to update the shadowLastChange attribute of the entry if possible */ int update_lastchange(MYLDAP_SESSION *session,const char *userdn) { MYLDAP_SEARCH *search; MYLDAP_ENTRY *entry; static const char *attrs[3]; const char *attr; int rc; const char **values; LDAPMod mod,*mods[2]; char buffer[64],*strvals[2]; /* find the name of the attribute to use */ if ( (attmap_shadow_shadowLastChange==NULL) || (attmap_shadow_shadowLastChange[0]=='\0') ) return LDAP_LOCAL_ERROR; /* attribute not mapped at all */ else if (strcmp(attmap_shadow_shadowLastChange,"\"${shadowLastChange:--1}\"")==0) attr="shadowLastChange"; else if (attmap_shadow_shadowLastChange[0]=='\"') return LDAP_LOCAL_ERROR; /* other expressions not supported for now */ else attr=attmap_shadow_shadowLastChange; /* set up the attributes we need */ attrs[0]=attmap_shadow_uid; attrs[1]=attr; attrs[2]=NULL; /* find the entry to see if the attribute is present */ search=myldap_search(session,userdn,LDAP_SCOPE_BASE,shadow_filter,attrs,&rc); if (search==NULL) return rc; entry=myldap_get_entry(search,&rc); if (entry==NULL) return rc; values=myldap_get_values(entry,attr); if ((values==NULL)||(values[0]==NULL)||(values[0][0]=='\0')) return LDAP_NO_SUCH_ATTRIBUTE; /* build the value for the new attribute */ if (strcasecmp(attr,"pwdLastSet")==0) { /* for AD we use another timestamp */ if(mysnprintf(buffer,sizeof(buffer),"%ld000000000",((long int)time(NULL)/100L+(134774L*864L)))) return LDAP_LOCAL_ERROR; } else { /* time in days since Jan 1, 1970 */ if(mysnprintf(buffer,sizeof(buffer),"%ld",((long int)(time(NULL)/(long int)(60*60*24))))) return LDAP_LOCAL_ERROR; } /* update the shadowLastChange attribute */ strvals[0]=buffer; strvals[1]=NULL; mod.mod_op=LDAP_MOD_REPLACE; mod.mod_type=(char *)attr; mod.mod_values=strvals; mods[0]=&mod; mods[1]=NULL; rc=myldap_modify(session,userdn,mods); if (rc!=LDAP_SUCCESS) log_log(LOG_WARNING,"%s: %s: modification failed: %s", userdn,attr,ldap_err2string(rc)); else log_log(LOG_DEBUG,"%s: %s: modification succeeded", userdn,attr); return rc; } static int write_shadow(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser) { int32_t tmpint32; const char **usernames; const char *passwd; long lastchangedate; long mindays; long maxdays; long warndays; long inactdays; long expiredate; unsigned long flag; int i; char passbuffer[64]; /* get username */ usernames=myldap_get_values(entry,attmap_shadow_uid); if ((usernames==NULL)||(usernames[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_shadow_uid); return 0; } /* get password */ passwd=get_userpassword(entry,attmap_shadow_userPassword,passbuffer,sizeof(passbuffer)); if (passwd==NULL) passwd=default_shadow_userPassword; /* get expiry properties */ get_shadow_properties(entry,&lastchangedate,&mindays,&maxdays,&warndays, &inactdays,&expiredate,&flag); /* write the entries */ for (i=0;usernames[i]!=NULL;i++) if ((requser==NULL)||(STR_CMP(requser,usernames[i])==0)) { WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_STRING(fp,usernames[i]); WRITE_STRING(fp,passwd); WRITE_INT32(fp,lastchangedate); WRITE_INT32(fp,mindays); WRITE_INT32(fp,maxdays); WRITE_INT32(fp,warndays); WRITE_INT32(fp,inactdays); WRITE_INT32(fp,expiredate); WRITE_INT32(fp,flag); } return 0; } MYLDAP_ENTRY *shadow_uid2entry(MYLDAP_SESSION *session,const char *username,int *rcp) { MYLDAP_SEARCH *search=NULL; MYLDAP_ENTRY *entry=NULL; const char *base; char filter[4096]; int i; /* if it isn't a valid username, just bail out now */ if (!isvalidname(username)) { if (rcp!=NULL) *rcp=LDAP_INVALID_SYNTAX; return NULL; } /* we have to look up the entry */ mkfilter_shadow_byname(username,filter,sizeof(filter)); for (i=0;(i #include #include #ifdef HAVE_STDINT_H #include #endif /* HAVE_STDINT_H */ #include "common.h" #include "log.h" #include "myldap.h" #include "cfg.h" #include "attmap.h" /* ( nisSchema.2.5 NAME 'oncRpc' SUP top STRUCTURAL * DESC 'Abstraction of an Open Network Computing (ONC) * [RFC1057] Remote Procedure Call (RPC) binding. * This class maps an ONC RPC number to a name. * The distinguished value of the cn attribute denotes * the RPC service's canonical name' * MUST ( cn $ oncRpcNumber ) * MAY description ) */ /* the search base for searches */ const char *rpc_bases[NSS_LDAP_CONFIG_MAX_BASES] = { NULL }; /* the search scope for searches */ int rpc_scope = LDAP_SCOPE_DEFAULT; /* the basic search filter for searches */ const char *rpc_filter = "(objectClass=oncRpc)"; /* the attributes to request with searches */ const char *attmap_rpc_cn = "cn"; const char *attmap_rpc_oncRpcNumber = "oncRpcNumber"; /* the attribute list to request with searches */ static const char *rpc_attrs[3]; static int mkfilter_rpc_byname(const char *name, char *buffer,size_t buflen) { char safename[300]; /* escape attribute */ if (myldap_escape(name,safename,sizeof(safename))) return -1; /* build filter */ return mysnprintf(buffer,buflen, "(&%s(%s=%s))", rpc_filter, attmap_rpc_cn,safename); } static int mkfilter_rpc_bynumber(int number, char *buffer,size_t buflen) { return mysnprintf(buffer,buflen, "(&%s(%s=%d))", rpc_filter, attmap_rpc_oncRpcNumber,number); } void rpc_init(void) { int i; /* set up search bases */ if (rpc_bases[0]==NULL) for (i=0;ildc_bases[i]; /* set up scope */ if (rpc_scope==LDAP_SCOPE_DEFAULT) rpc_scope=nslcd_cfg->ldc_scope; /* set up attribute list */ rpc_attrs[0]=attmap_rpc_cn; rpc_attrs[1]=attmap_rpc_oncRpcNumber; rpc_attrs[2]=NULL; } /* write a single rpc entry to the stream */ static int write_rpc(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname) { int32_t tmpint32,tmp2int32,tmp3int32; const char *name; const char **aliases; const char **numbers; char *tmp; long number; int i; /* get the most canonical name */ name=myldap_get_rdn_value(entry,attmap_rpc_cn); /* get the other names for the rpc entries */ aliases=myldap_get_values(entry,attmap_rpc_cn); if ((aliases==NULL)||(aliases[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_rpc_cn); return 0; } /* if the rpc name is not yet found, get the first entry */ if (name==NULL) name=aliases[0]; /* check case of returned rpc entry */ if ((reqname!=NULL)&&(STR_CMP(reqname,name)!=0)) { for (i=0;(aliases[i]!=NULL)&&(STR_CMP(reqname,aliases[i])!=0);i++) /* nothing here */ ; if (aliases[i]==NULL) return 0; /* neither the name nor any of the aliases matched */ } /* get the rpc number */ numbers=myldap_get_values(entry,attmap_rpc_oncRpcNumber); if ((numbers==NULL)||(numbers[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_rpc_oncRpcNumber); return 0; } else if (numbers[1]!=NULL) { log_log(LOG_WARNING,"%s: %s: multiple values", myldap_get_dn(entry),attmap_rpc_oncRpcNumber); } errno=0; number=strtol(numbers[0],&tmp,10); if ((*(numbers[0])=='\0')||(*tmp!='\0')) { log_log(LOG_WARNING,"%s: %s: non-numeric", myldap_get_dn(entry),attmap_rpc_oncRpcNumber); return 0; } else if ((errno!=0)||(number>UINT32_MAX)) { log_log(LOG_WARNING,"%s: %s: out of range", myldap_get_dn(entry),attmap_rpc_oncRpcNumber); return 0; } /* write the entry */ WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_STRING(fp,name); WRITE_STRINGLIST_EXCEPT(fp,aliases,name); WRITE_INT32(fp,number); return 0; } NSLCD_HANDLE( rpc,byname, char name[256]; char filter[4096]; READ_STRING(fp,name); log_setrequest("rpc=\"%s\"",name);, NSLCD_ACTION_RPC_BYNAME, mkfilter_rpc_byname(name,filter,sizeof(filter)), write_rpc(fp,entry,name) ) NSLCD_HANDLE( rpc,bynumber, int number; char filter[4096]; READ_INT32(fp,number); log_setrequest("rpc=%d",number);, NSLCD_ACTION_RPC_BYNUMBER, mkfilter_rpc_bynumber(number,filter,sizeof(filter)), write_rpc(fp,entry,NULL) ) NSLCD_HANDLE( rpc,all, const char *filter; log_setrequest("rpc(all)");, NSLCD_ACTION_RPC_ALL, (filter=rpc_filter,0), write_rpc(fp,entry,NULL) ) nss-pam-ldapd-0.8.13/nslcd/nsswitch.c0000644000175000001440000000615111677443254014311 00000000000000/* nsswitch.c - functions for parsing /etc/nsswitch.conf Copyright (C) 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include "common.h" #include "log.h" /* the maximum line length supported of nsswitch.conf */ #define MAX_LINE_LENGTH 4096 /* TODO: store mtime of file and use it to check reparse */ /* TODO: cache entries for x minutes */ /* see if the line is a service definition for db and return a pointer to the beginning of the services list if it is */ static const char *find_db(const char *line,const char *db) { int i; i=strlen(db); /* the line should begin with the db we're looking for */ if (strncmp(line,db,i)!=0) return NULL; /* followed by a : */ while (isspace(line[i])) i++; if (line[i]!=':') return NULL; i++; while (isspace(line[i])) i++; return line+i; } /* check to see if the list of services contains the specified service */ static int has_service(const char *services,const char *service, const char *filename,int lnr) { int i=0,l; if (services==NULL) return 0; l=strlen(service); while (services[i]!='\0') { /* skip spaces */ while (isspace(services[i])) i++; /* check if this is the service */ if ((strncmp(services+i,service,l)==0)&&(!isalnum(services[i+l]))) return 1; /* skip service name and spaces */ i++; while (isalnum(services[i])) i++; while (isspace(services[i])) i++; /* skip action mappings */ if (services[i]=='[') { i++; /* skip [ */ while ((services[i]!=']')&&(services[i]!='\0')) i++; if (services[i]!=']') { log_log(LOG_WARNING,"%s: error parsing line %d",filename,lnr); return 0; /* parse error */ } i++; /* skip ] */ } } return 0; } int nsswitch_db_uses_ldap(const char *filename,const char *db) { FILE *fp; int lnr=0; char linebuf[MAX_LINE_LENGTH]; const char *services; /* open config file */ if ((fp=fopen(filename,"r"))==NULL) { log_log(LOG_ERR,"cannot open %s: %s",filename,strerror(errno)); return 0; } /* read file and parse lines */ while (fgets(linebuf,sizeof(linebuf),fp)!=NULL) { lnr++; services=find_db(linebuf,db); if ((services!=NULL)&&has_service(services,"ldap",filename,lnr)) { fclose(fp); return 1; } } fclose(fp); return 0; } nss-pam-ldapd-0.8.13/nslcd/attmap.h0000644000175000001440000001002011616323637013723 00000000000000/* attmap.h - attribute mapping variables This file is part of the nss-pam-ldapd library. Copyright (C) 2007, 2008, 2009, 2010 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef NSLCD__ATTMAP_H #define NSLCD__ATTMAP_H 1 #include "cfg.h" #include "myldap.h" #include "common/set.h" /* these are the attribute names per database */ extern const char *attmap_alias_cn; extern const char *attmap_alias_rfc822MailMember; extern const char *attmap_ether_cn; extern const char *attmap_ether_macAddress; extern const char *attmap_group_cn; extern const char *attmap_group_userPassword; extern const char *attmap_group_gidNumber; extern const char *attmap_group_memberUid; extern const char *attmap_group_member; extern const char *attmap_host_cn; extern const char *attmap_host_ipHostNumber; extern const char *attmap_netgroup_cn; extern const char *attmap_netgroup_nisNetgroupTriple; extern const char *attmap_netgroup_memberNisNetgroup; extern const char *attmap_network_cn; extern const char *attmap_network_ipNetworkNumber; extern const char *attmap_passwd_uid; extern const char *attmap_passwd_userPassword; extern const char *attmap_passwd_uidNumber; extern const char *attmap_passwd_gidNumber; extern const char *attmap_passwd_gecos; extern const char *attmap_passwd_homeDirectory; extern const char *attmap_passwd_loginShell; extern const char *attmap_protocol_cn; extern const char *attmap_protocol_ipProtocolNumber; extern const char *attmap_rpc_cn; extern const char *attmap_rpc_oncRpcNumber; extern const char *attmap_service_cn; extern const char *attmap_service_ipServicePort; extern const char *attmap_service_ipServiceProtocol; extern const char *attmap_shadow_uid; extern const char *attmap_shadow_userPassword; extern const char *attmap_shadow_shadowLastChange; extern const char *attmap_shadow_shadowMin; extern const char *attmap_shadow_shadowMax; extern const char *attmap_shadow_shadowWarning; extern const char *attmap_shadow_shadowInactive; extern const char *attmap_shadow_shadowExpire; extern const char *attmap_shadow_shadowFlag; /* return a reference to the map specific base variable */ const char **base_get_var(enum ldap_map_selector map); /* return a reference to the map specific scope variable */ int *scope_get_var(enum ldap_map_selector map); /* return a reference to the map specific filter variable */ const char **filter_get_var(enum ldap_map_selector map); /* return a reference to the attribute mapping variable for the specified name the name is the name after the attmap_... variables above with the underscode replaced by a dot (e.g passwd.homeDirectory) */ const char **attmap_get_var(enum ldap_map_selector map,const char *name); /* Set the attribute mapping of the variable to the value specified. Returns the new value on success. */ MUST_USE const char *attmap_set_mapping(const char **var,const char *value); /* Return a value for the attribute, handling the case where attr is an expression. On error (e.g. problem parsing expression, attribute value not found) it returns NULL and the buffer is made empty. */ const char *attmap_get_value(MYLDAP_ENTRY *entry,const char *attr,char *buffer,size_t buflen); /* Add the attributes from attr to the set. The attr argumenent can either be an attribute or an attribute expression. */ SET *attmap_add_attributes(SET *set,const char *attr); #endif /* not NSLCD__ATTMAP_H */ nss-pam-ldapd-0.8.13/nslcd/protocol.c0000644000175000001440000001416412024621117014272 00000000000000/* protocol.c - protocol name and number lookup routines Parts of this file were part of the nss_ldap library (as ldap-proto.c) which has been forked into the nss-pam-ldapd library. Copyright (C) 1997-2005 Luke Howard Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #ifdef HAVE_STDINT_H #include #endif /* HAVE_STDINT_H */ #include "common.h" #include "log.h" #include "myldap.h" #include "cfg.h" #include "attmap.h" /* ( nisSchema.2.4 NAME 'ipProtocol' SUP top STRUCTURAL * DESC 'Abstraction of an IP protocol. Maps a protocol number * to one or more names. The distinguished value of the cn * attribute denotes the protocol's canonical name' * MUST ( cn $ ipProtocolNumber ) * MAY description ) */ /* the search base for searches */ const char *protocol_bases[NSS_LDAP_CONFIG_MAX_BASES] = { NULL }; /* the search scope for searches */ int protocol_scope = LDAP_SCOPE_DEFAULT; /* the basic search filter for searches */ const char *protocol_filter = "(objectClass=ipProtocol)"; /* the attributes used in searches */ const char *attmap_protocol_cn = "cn"; const char *attmap_protocol_ipProtocolNumber = "ipProtocolNumber"; /* the attribute list to request with searches */ static const char *protocol_attrs[3]; static int mkfilter_protocol_byname(const char *name, char *buffer,size_t buflen) { char safename[300]; /* escape attribute */ if (myldap_escape(name,safename,sizeof(safename))) return -1; /* build filter */ return mysnprintf(buffer,buflen, "(&%s(%s=%s))", protocol_filter, attmap_protocol_cn,safename); } /* create a search filter for searching a protocol entry by uid, return -1 on errors */ static int mkfilter_protocol_bynumber(int protocol, char *buffer,size_t buflen) { return mysnprintf(buffer,buflen, "(&%s(%s=%d))", protocol_filter, attmap_protocol_ipProtocolNumber,protocol); } void protocol_init(void) { int i; /* set up search bases */ if (protocol_bases[0]==NULL) for (i=0;ildc_bases[i]; /* set up scope */ if (protocol_scope==LDAP_SCOPE_DEFAULT) protocol_scope=nslcd_cfg->ldc_scope; /* set up attribute list */ protocol_attrs[0]=attmap_protocol_cn; protocol_attrs[1]=attmap_protocol_ipProtocolNumber; protocol_attrs[2]=NULL; } static int write_protocol(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname) { int32_t tmpint32,tmp2int32,tmp3int32; const char *name; const char **aliases; const char **protos; char *tmp; long proto; int i; /* get the most canonical name */ name=myldap_get_rdn_value(entry,attmap_protocol_cn); /* get the other names for the protocol */ aliases=myldap_get_values(entry,attmap_protocol_cn); if ((aliases==NULL)||(aliases[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_protocol_cn); return 0; } /* if the protocol name is not yet found, get the first entry */ if (name==NULL) name=aliases[0]; /* check case of returned protocol entry */ if ((reqname!=NULL)&&(STR_CMP(reqname,name)!=0)) { for (i=0;(aliases[i]!=NULL)&&(STR_CMP(reqname,aliases[i])!=0);i++) /* nothing here */ ; if (aliases[i]==NULL) return 0; /* neither the name nor any of the aliases matched */ } /* get the protocol number */ protos=myldap_get_values(entry,attmap_protocol_ipProtocolNumber); if ((protos==NULL)||(protos[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_protocol_ipProtocolNumber); return 0; } else if (protos[1]!=NULL) { log_log(LOG_WARNING,"%s: %s: multiple values", myldap_get_dn(entry),attmap_protocol_ipProtocolNumber); } errno=0; proto=strtol(protos[0],&tmp,10); if ((*(protos[0])=='\0')||(*tmp!='\0')) { log_log(LOG_WARNING,"%s: %s: non-numeric", myldap_get_dn(entry),attmap_protocol_ipProtocolNumber); return 0; } else if ((errno!=0)||(proto<0)||(proto>UINT8_MAX)) { log_log(LOG_WARNING,"%s: %s: out of range", myldap_get_dn(entry),attmap_protocol_ipProtocolNumber); return 0; } /* write entry */ WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_STRING(fp,name); WRITE_STRINGLIST_EXCEPT(fp,aliases,name); /* proto number is actually an 8-bit value but we write 32 bits anyway */ WRITE_INT32(fp,proto); return 0; } NSLCD_HANDLE( protocol,byname, char name[256]; char filter[4096]; READ_STRING(fp,name); log_setrequest("protocol=\"%s\"",name);, NSLCD_ACTION_PROTOCOL_BYNAME, mkfilter_protocol_byname(name,filter,sizeof(filter)), write_protocol(fp,entry,name) ) NSLCD_HANDLE( protocol,bynumber, int protocol; char filter[4096]; READ_INT32(fp,protocol); log_setrequest("protocol=%d",protocol);, NSLCD_ACTION_PROTOCOL_BYNUMBER, mkfilter_protocol_bynumber(protocol,filter,sizeof(filter)), write_protocol(fp,entry,NULL) ) NSLCD_HANDLE( protocol,all, const char *filter; log_setrequest("protocol(all)");, NSLCD_ACTION_PROTOCOL_ALL, (filter=protocol_filter,0), write_protocol(fp,entry,NULL) ) nss-pam-ldapd-0.8.13/nslcd/group.c0000644000175000001440000002637712112231560013573 00000000000000/* group.c - group entry lookup routines Parts of this file were part of the nss_ldap library (as ldap-grp.c) which has been forked into the nss-pam-ldapd library. Copyright (C) 1997-2006 Luke Howard Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include /* for gid_t */ #include #include "common/set.h" #include "common.h" #include "log.h" #include "myldap.h" #include "cfg.h" #include "attmap.h" #include "compat/strndup.h" /* ( nisSchema.2.2 NAME 'posixGroup' SUP top STRUCTURAL * DESC 'Abstraction of a group of accounts' * MUST ( cn $ gidNumber ) * MAY ( userPassword $ memberUid $ description ) ) * * apart from the above a member attribute is also supported that * may contains a DN of a user * * nested groups (groups that are member of a group) are currently * not supported */ /* the search base for searches */ const char *group_bases[NSS_LDAP_CONFIG_MAX_BASES] = { NULL }; /* the search scope for searches */ int group_scope = LDAP_SCOPE_DEFAULT; /* the basic search filter for searches */ const char *group_filter = "(objectClass=posixGroup)"; /* the attributes to request with searches */ const char *attmap_group_cn = "cn"; const char *attmap_group_userPassword = "\"*\""; const char *attmap_group_gidNumber = "gidNumber"; const char *attmap_group_memberUid = "memberUid"; const char *attmap_group_member = "member"; /* special property for objectSid-based searches (these are already LDAP-escaped strings) */ static char *gidSid=NULL; /* default values for attributes */ static const char *default_group_userPassword = "*"; /* unmatchable */ /* the attribute list to request with searches */ static const char **group_attrs=NULL; /* create a search filter for searching a group entry by name, return -1 on errors */ static int mkfilter_group_byname(const char *name, char *buffer,size_t buflen) { char safename[300]; /* escape attribute */ if(myldap_escape(name,safename,sizeof(safename))) return -1; /* build filter */ return mysnprintf(buffer,buflen, "(&%s(%s=%s))", group_filter, attmap_group_cn,safename); } /* create a search filter for searching a group entry by gid, return -1 on errors */ static int mkfilter_group_bygid(gid_t gid, char *buffer,size_t buflen) { if (gidSid!=NULL) { return mysnprintf(buffer,buflen, "(&%s(%s=%s\\%02x\\%02x\\%02x\\%02x))", group_filter, attmap_group_gidNumber,gidSid, (int)(gid&0xff),(int)((gid>>8)&0xff), (int)((gid>>16)&0xff),(int)((gid>>24)&0xff)); } else { return mysnprintf(buffer,buflen, "(&%s(%s=%d))", group_filter, attmap_group_gidNumber,(int)gid); } } /* create a search filter for searching a group entry by member uid, return -1 on errors */ static int mkfilter_group_bymember(MYLDAP_SESSION *session, const char *uid, char *buffer,size_t buflen) { char dn[256]; char safeuid[300]; char safedn[300]; /* escape attribute */ if(myldap_escape(uid,safeuid,sizeof(safeuid))) return -1; /* try to translate uid to DN */ if (uid2dn(session,uid,dn,sizeof(dn))==NULL) return mysnprintf(buffer,buflen, "(&%s(%s=%s))", group_filter, attmap_group_memberUid,safeuid); /* escape DN */ if(myldap_escape(dn,safedn,sizeof(safedn))) return -1; /* also lookup using user DN */ return mysnprintf(buffer,buflen, "(&%s(|(%s=%s)(%s=%s)))", group_filter, attmap_group_memberUid,safeuid, attmap_group_member,safedn); } void group_init(void) { int i; SET *set; /* set up search bases */ if (group_bases[0]==NULL) for (i=0;ildc_bases[i]; /* set up scope */ if (group_scope==LDAP_SCOPE_DEFAULT) group_scope=nslcd_cfg->ldc_scope; /* special case when gidNumber references objectSid */ if (strncasecmp(attmap_group_gidNumber,"objectSid:",10)==0) { gidSid=sid2search(attmap_group_gidNumber+10); attmap_group_gidNumber=strndup(attmap_group_gidNumber,9); } /* set up attribute list */ set=set_new(); attmap_add_attributes(set,attmap_group_cn); attmap_add_attributes(set,attmap_group_userPassword); attmap_add_attributes(set,attmap_group_memberUid); attmap_add_attributes(set,attmap_group_gidNumber); attmap_add_attributes(set,attmap_group_member); group_attrs=set_tolist(set); if (group_attrs==NULL) { log_log(LOG_CRIT,"malloc() failed to allocate memory"); exit(EXIT_FAILURE); } set_free(set); } static int do_write_group( TFILE *fp,MYLDAP_ENTRY *entry,const char **names,gid_t gids[],int numgids, const char *passwd,const char **members,const char *reqname) { int32_t tmpint32,tmp2int32,tmp3int32; int i,j; /* write entries for all names and gids */ for (i=0;names[i]!=NULL;i++) { if (!isvalidname(names[i])) { log_log(LOG_WARNING,"%s: %s: denied by validnames option", myldap_get_dn(entry),attmap_group_cn); } else if ((reqname==NULL)||(STR_CMP(reqname,names[i])==0)) { for (j=0;jldc_nss_initgroups_ignoreusers!=NULL)&& set_contains(nslcd_cfg->ldc_nss_initgroups_ignoreusers,name)) { log_log(LOG_DEBUG,"ignored group member"); /* just end the request, returning no results */ WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_GROUP_BYMEMBER); WRITE_INT32(fp,NSLCD_RESULT_END); return 0; }, NSLCD_ACTION_GROUP_BYMEMBER, mkfilter_group_bymember(session,name,filter,sizeof(filter)), write_group(fp,entry,NULL,NULL,0,session) ) NSLCD_HANDLE( group,all, const char *filter; log_setrequest("group(all)");, NSLCD_ACTION_GROUP_ALL, (filter=group_filter,0), write_group(fp,entry,NULL,NULL,1,session) ) nss-pam-ldapd-0.8.13/nslcd/alias.c0000644000175000001440000000775612024621117013533 00000000000000/* alias.c - alias entry lookup routines Parts of this file were part of the nss_ldap library (as ldap-alias.c) which has been forked into the nss-pam-ldapd library. Copyright (C) 1997-2005 Luke Howard Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include "common.h" #include "log.h" #include "myldap.h" #include "cfg.h" #include "attmap.h" /* Vendor-specific attributes and object classes. * (Mainly from Sun.) * ( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' SUP top STRUCTURAL * DESC 'NIS mail alias' * MUST cn * MAY rfc822MailMember ) */ /* the search base for searches */ const char *alias_bases[NSS_LDAP_CONFIG_MAX_BASES] = { NULL }; /* the search scope for searches */ int alias_scope = LDAP_SCOPE_DEFAULT; /* the basic search filter for searches */ const char *alias_filter = "(objectClass=nisMailAlias)"; /* the attributes to request with searches */ const char *attmap_alias_cn = "cn"; const char *attmap_alias_rfc822MailMember = "rfc822MailMember"; /* the attribute list to request with searches */ static const char *alias_attrs[3]; /* create a search filter for searching an alias by name, return -1 on errors */ static int mkfilter_alias_byname(const char *name, char *buffer,size_t buflen) { char safename[300]; /* escape attribute */ if (myldap_escape(name,safename,sizeof(safename))) return -1; /* build filter */ return mysnprintf(buffer,buflen, "(&%s(%s=%s))", alias_filter, attmap_alias_cn,safename); } void alias_init(void) { int i; /* set up search bases */ if (alias_bases[0]==NULL) for (i=0;ildc_bases[i]; /* set up scope */ if (alias_scope==LDAP_SCOPE_DEFAULT) alias_scope=nslcd_cfg->ldc_scope; /* set up attribute list */ alias_attrs[0]=attmap_alias_cn; alias_attrs[1]=attmap_alias_rfc822MailMember; alias_attrs[2]=NULL; } static int write_alias(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqalias) { int32_t tmpint32,tmp2int32,tmp3int32; const char **names,**members; int i; /* get the name of the alias */ names=myldap_get_values(entry,attmap_alias_cn); if ((names==NULL)||(names[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_alias_cn); return 0; } /* get the members of the alias */ members=myldap_get_values(entry,attmap_alias_rfc822MailMember); /* for each name, write an entry */ for (i=0;names[i]!=NULL;i++) { if ((reqalias==NULL)||(strcasecmp(reqalias,names[i])==0)) { WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_STRING(fp,names[i]); WRITE_STRINGLIST(fp,members); } } return 0; } NSLCD_HANDLE( alias,byname, char name[256]; char filter[4096]; READ_STRING(fp,name); log_setrequest("alias=\"%s\"",name);, NSLCD_ACTION_ALIAS_BYNAME, mkfilter_alias_byname(name,filter,sizeof(filter)), write_alias(fp,entry,name) ) NSLCD_HANDLE( alias,all, const char *filter; log_setrequest("alias(all)");, NSLCD_ACTION_ALIAS_ALL, (filter=alias_filter,0), write_alias(fp,entry,NULL) ) nss-pam-ldapd-0.8.13/nslcd/pam.c0000644000175000001440000005533412137303542013216 00000000000000/* pam.c - pam processing routines Copyright (C) 2009 Howard Chu Copyright (C) 2009, 2010, 2011, 2012, 2013 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #ifdef HAVE_STDINT_H #include #endif /* HAVE_STDINT_H */ #include #include #include "common.h" #include "log.h" #include "myldap.h" #include "cfg.h" #include "attmap.h" #include "common/dict.h" #include "common/expr.h" /* set up a connection and try to bind with the specified DN and password, returns an LDAP result code */ static int try_bind(const char *userdn,const char *password) { MYLDAP_SESSION *session; MYLDAP_SEARCH *search; MYLDAP_ENTRY *entry; static const char *attrs[2]; int rc; /* set up a new connection */ session=myldap_create_session(); if (session==NULL) return LDAP_UNAVAILABLE; /* set up credentials for the session */ myldap_set_credentials(session,userdn,password); /* perform search for own object (just to do any kind of search) */ attrs[0]="dn"; attrs[1]=NULL; search=myldap_search(session,userdn,LDAP_SCOPE_BASE,"(objectClass=*)",attrs,&rc); if ((search==NULL)||(rc!=LDAP_SUCCESS)) { if (rc==LDAP_SUCCESS) rc=LDAP_LOCAL_ERROR; log_log(LOG_WARNING,"%s: lookup failed: %s",userdn,ldap_err2string(rc)); } else { entry=myldap_get_entry(search,&rc); if ((entry==NULL)||(rc!=LDAP_SUCCESS)) { if (rc==LDAP_SUCCESS) rc=LDAP_NO_RESULTS_RETURNED; log_log(LOG_WARNING,"%s: lookup failed: %s",userdn,ldap_err2string(rc)); } } /* close the session */ myldap_session_close(session); /* return results */ return rc; } /* ensure that both userdn and username are filled in from the entry, returns an LDAP result code */ static MYLDAP_ENTRY *validate_user(MYLDAP_SESSION *session, char *username,int *rcp) { int rc; MYLDAP_ENTRY *entry=NULL; /* check username for validity */ if (!isvalidname(username)) { log_log(LOG_WARNING,"request denied by validnames option"); *rcp=LDAP_NO_SUCH_OBJECT; return NULL; } /* get the user entry based on the username */ entry=uid2entry(session,username,&rc); if (entry==NULL) { if (rc==LDAP_SUCCESS) rc=LDAP_NO_SUCH_OBJECT; log_log(LOG_DEBUG,"\"%s\": user not found: %s",username,ldap_err2string(rc)); *rcp=rc; } return entry; } /* update the username value from the entry if needed */ static void update_username(MYLDAP_ENTRY *entry,char *username,size_t username_len) { const char **values; const char *value; /* get the "real" username */ value=myldap_get_rdn_value(entry,attmap_passwd_uid); if (value==NULL) { /* get the username from the uid attribute */ values=myldap_get_values(entry,attmap_passwd_uid); if ((values==NULL)||(values[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_passwd_uid); return; } value=values[0]; } /* check the username */ if ((value==NULL)||!isvalidname(value)||strlen(value)>=username_len) { log_log(LOG_WARNING,"%s: %s: denied by validnames option", myldap_get_dn(entry),attmap_passwd_uid); return; } /* check if the username is different and update it if needed */ if (strcmp(username,value)!=0) { log_log(LOG_INFO,"username changed from \"%s\" to \"%s\"",username,value); strcpy(username,value); } } static int check_shadow(MYLDAP_SESSION *session,const char *username, char *authzmsg,size_t authzmsgsz, int check_maxdays,int check_mindays) { MYLDAP_ENTRY *entry=NULL; long today,lastchangedate,mindays,maxdays,warndays,inactdays,expiredate; unsigned long flag; long daysleft,inactleft; /* get the shadow entry */ entry=shadow_uid2entry(session,username,NULL); if (entry==NULL) return NSLCD_PAM_SUCCESS; /* no shadow entry found, nothing to check */ /* get today's date */ today=(long)(time(NULL)/(60*60*24)); /* get shadow information */ get_shadow_properties(entry,&lastchangedate,&mindays,&maxdays,&warndays, &inactdays,&expiredate,&flag); /* check account expiry date */ if ((expiredate!=-1)&&(today>=expiredate)) { daysleft=today-expiredate; mysnprintf(authzmsg,authzmsgsz-1,"account expired %ld days ago",daysleft); log_log(LOG_WARNING,"%s: %s: %s", myldap_get_dn(entry),attmap_shadow_shadowExpire,authzmsg); return NSLCD_PAM_ACCT_EXPIRED; } /* password expiration isn't interesting at this point because the user may not have authenticated with a password and if he did that would be checked in the authc phase */ if (check_maxdays) { /* check lastchanged */ if (lastchangedate==0) { mysnprintf(authzmsg,authzmsgsz-1,"need a new password"); log_log(LOG_WARNING,"%s: %s: %s", myldap_get_dn(entry),attmap_shadow_shadowLastChange,authzmsg); return NSLCD_PAM_NEW_AUTHTOK_REQD; } else if (today0) mysnprintf(authzmsg+strlen(authzmsg),authzmsgsz-strlen(authzmsg)-1, ", account will be locked in %ld days",inactleft); else { mysnprintf(authzmsg+strlen(authzmsg),authzmsgsz-strlen(authzmsg)-1, ", account locked %ld days ago",-inactleft); log_log(LOG_WARNING,"%s: %s: %s", myldap_get_dn(entry),attmap_shadow_shadowInactive,authzmsg); return NSLCD_PAM_AUTHTOK_EXPIRED; } } if (daysleft<=0) { /* log previously built message */ log_log(LOG_WARNING,"%s: %s: %s", myldap_get_dn(entry),attmap_shadow_shadowMax,authzmsg); return NSLCD_PAM_NEW_AUTHTOK_REQD; } /* check warndays */ if ((warndays>0)&&(daysleft<=warndays)) { mysnprintf(authzmsg,authzmsgsz-1,"password will expire in %ld days",daysleft); log_log(LOG_WARNING,"%s: %s: %s", myldap_get_dn(entry),attmap_shadow_shadowWarning,authzmsg); } } } if (check_mindays) { daysleft=lastchangedate+mindays-today; if ((mindays!=-1)&&(daysleft>0)) { mysnprintf(authzmsg,authzmsgsz-1,"password cannot be changed for another %ld days",daysleft); log_log(LOG_WARNING,"%s: %s: %s", myldap_get_dn(entry),attmap_shadow_shadowMin,authzmsg); return NSLCD_PAM_AUTHTOK_ERR; } } return NSLCD_PAM_SUCCESS; } /* check authentication credentials of the user */ int nslcd_pam_authc(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid) { int32_t tmpint32; int rc; char username[256]; char servicename[64]; char password[64]; const char *userdn; MYLDAP_ENTRY *entry; int authzrc=NSLCD_PAM_SUCCESS; char authzmsg[1024]; authzmsg[0]='\0'; /* read request parameters */ READ_STRING(fp,username); SKIP_STRING(fp); /* DN */ READ_STRING(fp,servicename); READ_STRING(fp,password); /* log call */ log_setrequest("authc=\"%s\"",username); log_log(LOG_DEBUG,"nslcd_pam_authc(\"%s\",\"%s\",\"%s\")", username,servicename,*password?"***":""); /* write the response header */ WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_PAM_AUTHC); /* if the username is blank and rootpwmoddn is configured, try to authenticate as administrator, otherwise validate request as usual */ if ((*username=='\0')&&(nslcd_cfg->ldc_rootpwmoddn!=NULL)) { userdn=nslcd_cfg->ldc_rootpwmoddn; /* if the caller is root we will allow the use of the rootpwmodpw option */ if ((*password=='\0')&&(calleruid==0)&&(nslcd_cfg->ldc_rootpwmodpw!=NULL)) { if (strlen(nslcd_cfg->ldc_rootpwmodpw)>=sizeof(password)) { log_log(LOG_ERR,"nslcd_pam_authc(): rootpwmodpw will not fit in password"); return -1; } strcpy(password,nslcd_cfg->ldc_rootpwmodpw); } } else { /* try normal authentication, lookup the user entry */ entry=validate_user(session,username,&rc); if (entry==NULL) { /* for user not found we just say no result */ if (rc==LDAP_NO_SUCH_OBJECT) { WRITE_INT32(fp,NSLCD_RESULT_END); } return -1; } userdn=myldap_get_dn(entry); update_username(entry,username,sizeof(username)); } /* try authentication */ rc=try_bind(userdn,password); if (rc==LDAP_SUCCESS) log_log(LOG_DEBUG,"bind successful"); /* map result code */ switch (rc) { case LDAP_SUCCESS: rc=NSLCD_PAM_SUCCESS; break; case LDAP_INVALID_CREDENTIALS: rc=NSLCD_PAM_AUTH_ERR; break; default: rc=NSLCD_PAM_AUTH_ERR; } /* perform shadow attribute checks */ if (*username!='\0') authzrc=check_shadow(session,username,authzmsg,sizeof(authzmsg),1,0); /* write response */ WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_STRING(fp,username); WRITE_STRING(fp,userdn); WRITE_INT32(fp,rc); WRITE_INT32(fp,authzrc); WRITE_STRING(fp,authzmsg); WRITE_INT32(fp,NSLCD_RESULT_END); return 0; } static void autzsearch_var_add(DICT *dict,const char *name,const char *value) { size_t sz; char *escaped_value; /* allocate memory for escaped string */ sz=((strlen(value)+8)*120)/100; escaped_value=(char *)malloc(sz); if (escaped_value==NULL) { log_log(LOG_CRIT,"autzsearch_var_add(): malloc() failed to allocate memory"); return; } /* perform escaping of the value */ if(myldap_escape(value,escaped_value,sz)) { log_log(LOG_CRIT,"autzsearch_var_add(): myldap_escape() failed to fit in buffer"); free(escaped_value); return; } /* add to dict */ dict_put(dict,name,escaped_value); } static void autzsearch_vars_free(DICT *dict) { int i; const char **keys; void *value; /* go over all keys and free all the values (they were allocated in autzsearch_var_add) */ /* loop over dictionary contents */ keys=dict_keys(dict); for (i=0;keys[i]!=NULL;i++) { value=dict_get(dict,keys[i]); if (value) free(value); } free(keys); /* after this values from the dict should obviously no longer be used */ } static const char *autzsearch_var_get(const char *name,void *expander_attr) { DICT *dict=(DICT *)expander_attr; return (const char *)dict_get(dict,name); /* TODO: if not set use entry to get attribute name (entry can be an element in the dict) */ } /* perform an authorisation search, returns an LDAP status code */ static int try_autzsearch(MYLDAP_SESSION *session,const char *dn, const char *username,const char *servicename, const char *ruser,const char *rhost,const char *tty) { char hostname[HOST_NAME_MAX+1]; const char *fqdn; DICT *dict=NULL; char filter[4096]; MYLDAP_SEARCH *search; MYLDAP_ENTRY *entry; static const char *attrs[2]; int rc; const char *res; int i; /* go over all pam_authz_search options */ for (i=0;(ildc_pam_authz_search[i]!=NULL);i++) { if (dict==NULL) { /* build the dictionary with variables NOTE: any variables added here also need to be added to cfg.c:parse_pam_authz_search_statement() */ dict=dict_new(); autzsearch_var_add(dict,"username",username); autzsearch_var_add(dict,"service",servicename); autzsearch_var_add(dict,"ruser",ruser); autzsearch_var_add(dict,"rhost",rhost); autzsearch_var_add(dict,"tty",tty); if (gethostname(hostname,sizeof(hostname))==0) autzsearch_var_add(dict,"hostname",hostname); if ((fqdn=getfqdn())!=NULL) autzsearch_var_add(dict,"fqdn",fqdn); autzsearch_var_add(dict,"dn",dn); autzsearch_var_add(dict,"uid",username); } /* build the search filter */ res=expr_parse(nslcd_cfg->ldc_pam_authz_search[i], filter,sizeof(filter), autzsearch_var_get,(void *)dict); if (res==NULL) { autzsearch_vars_free(dict); dict_free(dict); log_log(LOG_ERR,"invalid pam_authz_search \"%s\"",nslcd_cfg->ldc_pam_authz_search[i]); return LDAP_LOCAL_ERROR; } log_log(LOG_DEBUG,"trying pam_authz_search \"%s\"",filter); /* perform the search */ attrs[0]="dn"; attrs[1]=NULL; /* FIXME: this only searches the first base */ search=myldap_search(session,nslcd_cfg->ldc_bases[0],LDAP_SCOPE_SUBTREE, filter,attrs,&rc); if (search==NULL) { autzsearch_vars_free(dict); dict_free(dict); log_log(LOG_ERR,"pam_authz_search \"%s\" failed: %s", filter,ldap_err2string(rc)); return rc; } /* try to get an entry */ entry=myldap_get_entry(search,&rc); if (entry==NULL) { autzsearch_vars_free(dict); dict_free(dict); log_log(LOG_ERR,"pam_authz_search \"%s\" found no matches",filter); if (rc==LDAP_SUCCESS) rc=LDAP_NO_SUCH_OBJECT; return rc; } log_log(LOG_DEBUG,"pam_authz_search found \"%s\"",myldap_get_dn(entry)); } /* we went over all pam_authz_search entries */ if (dict!=NULL) { autzsearch_vars_free(dict); dict_free(dict); } return LDAP_SUCCESS; } /* check authorisation of the user */ int nslcd_pam_authz(TFILE *fp,MYLDAP_SESSION *session) { int32_t tmpint32; int rc; char username[256]; char servicename[64]; char ruser[256],rhost[HOST_NAME_MAX+1],tty[64]; MYLDAP_ENTRY *entry; char authzmsg[1024]; authzmsg[0]='\0'; /* read request parameters */ READ_STRING(fp,username); SKIP_STRING(fp); /* DN */ READ_STRING(fp,servicename); READ_STRING(fp,ruser); READ_STRING(fp,rhost); READ_STRING(fp,tty); /* log call */ log_setrequest("authz=\"%s\"",username); log_log(LOG_DEBUG,"nslcd_pam_authz(\"%s\",\"%s\",\"%s\",\"%s\",\"%s\")", username,servicename,ruser,rhost,tty); /* write the response header */ WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_PAM_AUTHZ); /* validate request */ entry=validate_user(session,username,&rc); if (entry==NULL) { /* for user not found we just say no result */ if (rc==LDAP_NO_SUCH_OBJECT) { WRITE_INT32(fp,NSLCD_RESULT_END); } return -1; } /* check authorisation search */ rc=try_autzsearch(session,myldap_get_dn(entry),username,servicename,ruser,rhost,tty); if (rc!=LDAP_SUCCESS) { WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_STRING(fp,username); WRITE_STRING(fp,""); WRITE_INT32(fp,NSLCD_PAM_PERM_DENIED); WRITE_STRING(fp,"LDAP authorisation check failed"); WRITE_INT32(fp,NSLCD_RESULT_END); return 0; } /* perform shadow attribute checks */ rc=check_shadow(session,username,authzmsg,sizeof(authzmsg),0,0); /* write response */ WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_STRING(fp,username); WRITE_STRING(fp,myldap_get_dn(entry)); WRITE_INT32(fp,rc); WRITE_STRING(fp,authzmsg); WRITE_INT32(fp,NSLCD_RESULT_END); return 0; } int nslcd_pam_sess_o(TFILE *fp,MYLDAP_SESSION *session) { int32_t tmpint32; char username[256]; char servicename[64]; char tty[64],rhost[HOST_NAME_MAX+1],ruser[256]; int32_t sessionid; /* read request parameters */ READ_STRING(fp,username); SKIP_STRING(fp); /* DN */ READ_STRING(fp,servicename); READ_STRING(fp,tty); READ_STRING(fp,rhost); READ_STRING(fp,ruser); READ_INT32(fp,sessionid); /* log call */ log_setrequest("sess_o=\"%s\"",username); log_log(LOG_DEBUG,"nslcd_pam_sess_o(\"%s\",\"%s\",\"%s\",\"%s\",\"%s\")", username,servicename,tty,rhost,ruser); /* write the response header */ WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_PAM_SESS_O); /* write response */ WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_INT32(fp,12345); /* session id */ WRITE_INT32(fp,NSLCD_RESULT_END); return 0; } int nslcd_pam_sess_c(TFILE *fp,MYLDAP_SESSION *session) { int32_t tmpint32; char username[256]; char servicename[64]; char tty[64],rhost[HOST_NAME_MAX+1],ruser[256]; int32_t sessionid; /* read request parameters */ READ_STRING(fp,username); SKIP_STRING(fp); /* DN */ READ_STRING(fp,servicename); READ_STRING(fp,tty); READ_STRING(fp,rhost); READ_STRING(fp,ruser); READ_INT32(fp,sessionid); /* log call */ log_setrequest("sess_c=\"%s\"",username); log_log(LOG_DEBUG,"nslcd_pam_sess_c(\"%s\",\"%s\",%d)", username,servicename,(int)sessionid); /* write the response header */ WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_PAM_SESS_C); /* write response */ WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_INT32(fp,0); /* session id */ WRITE_INT32(fp,NSLCD_RESULT_END); return 0; } /* perform an LDAP password modification, returns an LDAP status code */ static int try_pwmod(MYLDAP_SESSION *oldsession, const char *binddn,const char *userdn, const char *oldpassword,const char *newpassword) { MYLDAP_SESSION *session; char buffer[256]; int rc; /* set up a new connection */ session=myldap_create_session(); if (session==NULL) return LDAP_UNAVAILABLE; /* set up credentials for the session */ myldap_set_credentials(session,binddn,oldpassword); /* perform search for own object (just to do any kind of search) */ if ((lookup_dn2uid(session,userdn,&rc,buffer,sizeof(buffer))!=NULL)&&(rc==LDAP_SUCCESS)) { /* if doing password modification as admin, don't pass old password along */ if ((nslcd_cfg->ldc_rootpwmoddn!=NULL)&&(strcmp(binddn,nslcd_cfg->ldc_rootpwmoddn)==0)) oldpassword=NULL; /* perform password modification */ rc=myldap_passwd(session,userdn,oldpassword,newpassword); if (rc==LDAP_SUCCESS) { /* try to update the shadowLastChange attribute */ if (update_lastchange(session,userdn)!=LDAP_SUCCESS) /* retry with the normal session */ (void)update_lastchange(oldsession,userdn); } } /* close the session */ myldap_session_close(session); /* return */ return rc; } int nslcd_pam_pwmod(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid) { int32_t tmpint32; int rc; char username[256]; char userdn[256]; int asroot; char servicename[64]; char oldpassword[64]; char newpassword[64]; const char *binddn=NULL; /* the user performing the modification */ MYLDAP_ENTRY *entry; char authzmsg[1024]; authzmsg[0]='\0'; /* read request parameters */ READ_STRING(fp,username); READ_STRING(fp,userdn); /* we can't ignore userdn for now here because we need it to determine the modify-as-root case */ asroot=(nslcd_cfg->ldc_rootpwmoddn!=NULL)&&(strcmp(userdn,nslcd_cfg->ldc_rootpwmoddn)==0); READ_STRING(fp,servicename); READ_STRING(fp,oldpassword); READ_STRING(fp,newpassword); /* log call */ log_setrequest("pwmod=\"%s\"",username); log_log(LOG_DEBUG,"nslcd_pam_pwmod(\"%s\",%s,\"%s\",\"%s\",\"%s\")", username,asroot?"asroot":"asuser",servicename,*oldpassword?"***":"", *newpassword?"***":""); /* write the response header */ WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_PAM_PWMOD); /* validate request */ entry=validate_user(session,username,&rc); if (entry==NULL) { /* for user not found we just say no result */ if (rc==LDAP_NO_SUCH_OBJECT) { WRITE_INT32(fp,NSLCD_RESULT_END); } return -1; } /* check if pam_password_prohibit_message is set */ if (nslcd_cfg->pam_password_prohibit_message!=NULL) { log_log(LOG_NOTICE,"password change prohibited"); WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_STRING(fp,username); WRITE_STRING(fp,""); WRITE_INT32(fp,NSLCD_PAM_PERM_DENIED); WRITE_STRING(fp,nslcd_cfg->pam_password_prohibit_message); WRITE_INT32(fp,NSLCD_RESULT_END); return 0; } /* check if the the user passed the rootpwmoddn */ if (asroot) { binddn=nslcd_cfg->ldc_rootpwmoddn; /* check if rootpwmodpw should be used */ if ((*oldpassword=='\0')&&(calleruid==0)&&(nslcd_cfg->ldc_rootpwmodpw!=NULL)) { if (strlen(nslcd_cfg->ldc_rootpwmodpw)>=sizeof(oldpassword)) { log_log(LOG_ERR,"nslcd_pam_pwmod(): rootpwmodpw will not fit in oldpassword"); return -1; } strcpy(oldpassword,nslcd_cfg->ldc_rootpwmodpw); } } else { binddn=myldap_get_dn(entry); /* check whether shadow properties allow password change */ rc=check_shadow(session,username,authzmsg,sizeof(authzmsg),0,1); if (rc!=NSLCD_PAM_SUCCESS) { WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_STRING(fp,username); WRITE_STRING(fp,""); WRITE_INT32(fp,rc); WRITE_STRING(fp,authzmsg); WRITE_INT32(fp,NSLCD_RESULT_END); return 0; } } /* perform password modification */ rc=try_pwmod(session,binddn,myldap_get_dn(entry),oldpassword,newpassword); if (rc!=LDAP_SUCCESS) { mysnprintf(authzmsg,sizeof(authzmsg)-1,"password change failed: %s",ldap_err2string(rc)); WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_STRING(fp,username); WRITE_STRING(fp,""); WRITE_INT32(fp,NSLCD_PAM_PERM_DENIED); WRITE_STRING(fp,authzmsg); WRITE_INT32(fp,NSLCD_RESULT_END); return 0; } /* write response */ log_log(LOG_NOTICE,"password changed for %s",myldap_get_dn(entry)); WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_STRING(fp,username); WRITE_STRING(fp,myldap_get_dn(entry)); WRITE_INT32(fp,NSLCD_PAM_SUCCESS); WRITE_STRING(fp,""); WRITE_INT32(fp,NSLCD_RESULT_END); return 0; } nss-pam-ldapd-0.8.13/nslcd/nslcd.c0000644000175000001440000007130212137303542013535 00000000000000/* nslcd.c - ldap local connection daemon Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #ifdef HAVE_STDINT_H #include #endif /* HAVE_STDINT_H */ #include #include #include #ifdef HAVE_GETOPT_H #include #endif /* HAVE_GETOPT_H */ #include #include #include #include #include #include #include #include #include #ifdef HAVE_NSS_H #include #endif /* HAVE_NSS_H */ #include #ifdef HAVE_PTHREAD_NP_H #include #endif /* HAVE_PTHREAD_NP_H */ #ifndef HAVE_GETOPT_LONG #include "compat/getopt_long.h" #endif /* not HAVE_GETOPT_LONG */ #include "compat/daemon.h" #include #include #include #include "nslcd.h" #include "log.h" #include "cfg.h" #include "common.h" #include "compat/attrs.h" #include "compat/getpeercred.h" #include "compat/socket.h" /* read timeout is half a second because clients should send their request quickly, write timeout is 60 seconds because clients could be taking some time to process the results */ #define READ_TIMEOUT 500 #define WRITE_TIMEOUT 60*1000 /* buffer sizes for I/O */ #define READBUFFER_MINSIZE 32 #define READBUFFER_MAXSIZE 64 #define WRITEBUFFER_MINSIZE 64 #define WRITEBUFFER_MAXSIZE 1*1024*1024 /* flag to indicate if we are in debugging mode */ static int nslcd_debugging=0; /* flag to indicate user requested the --check option */ static int nslcd_checkonly=0; /* the exit flag to indicate that a signal was received */ static volatile int nslcd_exitsignal=0; /* the server socket used for communication */ static int nslcd_serversocket=-1; /* thread ids of all running threads */ static pthread_t *nslcd_threads; /* if we don't have clearenv() we have to do this the hard way */ #ifndef HAVE_CLEARENV /* the definition of the environment */ extern char **environ; /* the environment we want to use */ static char *sane_environment[] = { "HOME=/", "TMPDIR=/tmp", "LDAPNOINIT=1", NULL }; #endif /* not HAVE_CLEARENV */ /* display version information */ static void display_version(FILE *fp) { fprintf(fp,"%s\n",PACKAGE_STRING); fprintf(fp,"Written by Luke Howard and Arthur de Jong.\n\n"); fprintf(fp,"Copyright (C) 1997-2013 Luke Howard, Arthur de Jong and West Consulting\n" "This is free software; see the source for copying conditions. There is NO\n" "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n"); } /* display usage information */ static void display_usage(FILE *fp,const char *program_name) { fprintf(fp,"Usage: %s [OPTION]...\n",program_name); fprintf(fp,"Name Service LDAP connection daemon.\n"); fprintf(fp," -c, --check check if the daemon already is running\n"); fprintf(fp," -d, --debug don't fork and print debugging to stderr\n"); fprintf(fp," --help display this help and exit\n"); fprintf(fp," --version output version information and exit\n"); fprintf(fp,"\n" "Report bugs to <%s>.\n",PACKAGE_BUGREPORT); } /* the definition of options for getopt(). see getopt(2) */ static struct option const nslcd_options[] = { { "check", no_argument, NULL, 'c' }, { "debug", no_argument, NULL, 'd' }, { "help", no_argument, NULL, 'h' }, { "version", no_argument, NULL, 'V' }, { NULL, 0, NULL, 0 } }; #define NSLCD_OPTIONSTRING "cdhV" /* parse command line options and save settings in struct */ static void parse_cmdline(int argc,char *argv[]) { int optc; while ((optc=getopt_long(argc,argv,NSLCD_OPTIONSTRING,nslcd_options,NULL))!=-1) { switch (optc) { case 'c': /* -c, --check check if the daemon already is running */ nslcd_checkonly=1; break; case 'd': /* -d, --debug don't fork and print debugging to stderr */ nslcd_debugging++; log_setdefaultloglevel(LOG_DEBUG); break; case 'h': /* --help display this help and exit */ display_usage(stdout,argv[0]); exit(EXIT_SUCCESS); case 'V': /* --version output version information and exit */ display_version(stdout); exit(EXIT_SUCCESS); case ':': /* missing required parameter */ case '?': /* unknown option character or extraneous parameter */ default: fprintf(stderr,"Try '%s --help' for more information.\n", argv[0]); exit(EXIT_FAILURE); } } /* check for remaining arguments */ if (optind= 0) { if (close(nslcd_serversocket)) log_log(LOG_WARNING,"problem closing server socket (ignored): %s",strerror(errno)); } /* remove existing named socket */ if (unlink(NSLCD_SOCKET)<0) { log_log(LOG_DEBUG,"unlink() of "NSLCD_SOCKET" failed (ignored): %s", strerror(errno)); } /* remove pidfile */ if (unlink(NSLCD_PIDFILE)<0) { log_log(LOG_DEBUG,"unlink() of "NSLCD_PIDFILE" failed (ignored): %s", strerror(errno)); } /* log exit */ log_log(LOG_INFO,"version %s bailing out",VERSION); } /* create the directory for the specified file to reside in */ static void mkdirname(const char *filename) { char *tmpname,*path; tmpname=strdup(filename); if (tmpname==NULL) return; path=dirname(tmpname); if (mkdir(path,(mode_t)0755)==0) { /* if directory was just created, set correct ownership */ if (lchown(path,nslcd_cfg->ldc_uid,nslcd_cfg->ldc_gid)<0) log_log(LOG_WARNING,"problem setting permissions for %s: %s",path,strerror(errno)); } free(tmpname); } /* returns a socket ready to answer requests from the client, exit()s on error */ static int create_socket(const char *filename) { int sock; int i; struct sockaddr_un addr; /* create a socket */ if ( (sock=socket(PF_UNIX,SOCK_STREAM,0))<0 ) { log_log(LOG_ERR,"cannot create socket: %s",strerror(errno)); exit(EXIT_FAILURE); } if (sock>=FD_SETSIZE) { log_log(LOG_ERR,"socket file descriptor number too high (%d)",sock); exit(EXIT_FAILURE); } /* remove existing named socket */ if (unlink(filename)<0) { log_log(LOG_DEBUG,"unlink() of %s failed (ignored): %s", filename,strerror(errno)); } /* do not block on accept() */ if ((i=fcntl(sock,F_GETFL,0))<0) { log_log(LOG_ERR,"fctnl(F_GETFL) failed: %s",strerror(errno)); if (close(sock)) log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno)); exit(EXIT_FAILURE); } if (fcntl(sock,F_SETFL,i|O_NONBLOCK)<0) { log_log(LOG_ERR,"fctnl(F_SETFL,O_NONBLOCK) failed: %s",strerror(errno)); if (close(sock)) log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno)); exit(EXIT_FAILURE); } /* create the directory if needed */ mkdirname(filename); /* create socket address structure */ memset(&addr,0,sizeof(struct sockaddr_un)); addr.sun_family=AF_UNIX; strncpy(addr.sun_path,filename,sizeof(addr.sun_path)); addr.sun_path[sizeof(addr.sun_path)-1]='\0'; /* bind to the named socket */ if (bind(sock,(struct sockaddr *)&addr,SUN_LEN(&addr))) { log_log(LOG_ERR,"bind() to %s failed: %s",filename,strerror(errno)); if (close(sock)) log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno)); exit(EXIT_FAILURE); } /* close the file descriptor on exec */ if (fcntl(sock,F_SETFD,FD_CLOEXEC)<0) { log_log(LOG_ERR,"fctnl(F_SETFL,FD_CLOEXEC) on %s failed: %s",filename,strerror(errno)); if (close(sock)) log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno)); exit(EXIT_FAILURE); } /* set permissions of socket so anybody can do requests */ /* Note: we use chmod() here instead of fchmod() because fchmod does not work on sockets http://www.opengroup.org/onlinepubs/009695399/functions/fchmod.html http://lkml.org/lkml/2005/5/16/11 */ if (chmod(filename,(mode_t)0666)) { log_log(LOG_ERR,"chmod(0666) of %s failed: %s",filename,strerror(errno)); if (close(sock)) log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno)); exit(EXIT_FAILURE); } /* start listening for connections */ if (listen(sock,SOMAXCONN)<0) { log_log(LOG_ERR,"listen() failed: %s",strerror(errno)); if (close(sock)) log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno)); exit(EXIT_FAILURE); } /* we're done */ return sock; } /* read the version information and action from the stream this function returns the read action in location pointer to by action */ static int read_header(TFILE *fp,int32_t *action) { int32_t tmpint32; /* read the protocol version */ READ_TYPE(fp,tmpint32,int32_t); if (tmpint32 != (int32_t)NSLCD_VERSION) { log_log(LOG_DEBUG,"wrong nslcd version id (%d)",(int)tmpint32); return -1; } /* read the request type */ READ(fp,action,sizeof(int32_t)); return 0; } /* read a request message, returns <0 in case of errors, this function closes the socket */ static void handleconnection(int sock,MYLDAP_SESSION *session) { TFILE *fp; int32_t action; uid_t uid=(uid_t)-1; gid_t gid=(gid_t)-1; pid_t pid=(pid_t)-1; /* log connection */ if (getpeercred(sock,&uid,&gid,&pid)) log_log(LOG_DEBUG,"connection from unknown client: %s",strerror(errno)); else log_log(LOG_DEBUG,"connection from pid=%d uid=%d gid=%d", (int)pid,(int)uid,(int)gid); /* create a stream object */ if ((fp=tio_fdopen(sock,READ_TIMEOUT,WRITE_TIMEOUT, READBUFFER_MINSIZE,READBUFFER_MAXSIZE, WRITEBUFFER_MINSIZE,WRITEBUFFER_MAXSIZE))==NULL) { log_log(LOG_WARNING,"cannot create stream for writing: %s",strerror(errno)); (void)close(sock); return; } /* read request */ if (read_header(fp,&action)) { (void)tio_close(fp); return; } /* handle request */ switch (action) { case NSLCD_ACTION_CONFIG_GET: (void)nslcd_config_get(fp,session); break; case NSLCD_ACTION_ALIAS_BYNAME: (void)nslcd_alias_byname(fp,session); break; case NSLCD_ACTION_ALIAS_ALL: (void)nslcd_alias_all(fp,session); break; case NSLCD_ACTION_ETHER_BYNAME: (void)nslcd_ether_byname(fp,session); break; case NSLCD_ACTION_ETHER_BYETHER: (void)nslcd_ether_byether(fp,session); break; case NSLCD_ACTION_ETHER_ALL: (void)nslcd_ether_all(fp,session); break; case NSLCD_ACTION_GROUP_BYNAME: (void)nslcd_group_byname(fp,session); break; case NSLCD_ACTION_GROUP_BYGID: (void)nslcd_group_bygid(fp,session); break; case NSLCD_ACTION_GROUP_BYMEMBER: (void)nslcd_group_bymember(fp,session); break; case NSLCD_ACTION_GROUP_ALL: (void)nslcd_group_all(fp,session); break; case NSLCD_ACTION_HOST_BYNAME: (void)nslcd_host_byname(fp,session); break; case NSLCD_ACTION_HOST_BYADDR: (void)nslcd_host_byaddr(fp,session); break; case NSLCD_ACTION_HOST_ALL: (void)nslcd_host_all(fp,session); break; case NSLCD_ACTION_NETGROUP_BYNAME: (void)nslcd_netgroup_byname(fp,session); break; case NSLCD_ACTION_NETWORK_BYNAME: (void)nslcd_network_byname(fp,session); break; case NSLCD_ACTION_NETWORK_BYADDR: (void)nslcd_network_byaddr(fp,session); break; case NSLCD_ACTION_NETWORK_ALL: (void)nslcd_network_all(fp,session); break; case NSLCD_ACTION_PASSWD_BYNAME: (void)nslcd_passwd_byname(fp,session,uid); break; case NSLCD_ACTION_PASSWD_BYUID: (void)nslcd_passwd_byuid(fp,session,uid); break; case NSLCD_ACTION_PASSWD_ALL: (void)nslcd_passwd_all(fp,session,uid); break; case NSLCD_ACTION_PROTOCOL_BYNAME: (void)nslcd_protocol_byname(fp,session); break; case NSLCD_ACTION_PROTOCOL_BYNUMBER:(void)nslcd_protocol_bynumber(fp,session); break; case NSLCD_ACTION_PROTOCOL_ALL: (void)nslcd_protocol_all(fp,session); break; case NSLCD_ACTION_RPC_BYNAME: (void)nslcd_rpc_byname(fp,session); break; case NSLCD_ACTION_RPC_BYNUMBER: (void)nslcd_rpc_bynumber(fp,session); break; case NSLCD_ACTION_RPC_ALL: (void)nslcd_rpc_all(fp,session); break; case NSLCD_ACTION_SERVICE_BYNAME: (void)nslcd_service_byname(fp,session); break; case NSLCD_ACTION_SERVICE_BYNUMBER: (void)nslcd_service_bynumber(fp,session); break; case NSLCD_ACTION_SERVICE_ALL: (void)nslcd_service_all(fp,session); break; case NSLCD_ACTION_SHADOW_BYNAME: if (uid==0) (void)nslcd_shadow_byname(fp,session); else log_log(LOG_DEBUG,"denied shadow request by non-root user"); break; case NSLCD_ACTION_SHADOW_ALL: if (uid==0) (void)nslcd_shadow_all(fp,session); else log_log(LOG_DEBUG,"denied shadow request by non-root user"); break; case NSLCD_ACTION_PAM_AUTHC: (void)nslcd_pam_authc(fp,session,uid); break; case NSLCD_ACTION_PAM_AUTHZ: (void)nslcd_pam_authz(fp,session); break; case NSLCD_ACTION_PAM_SESS_O: (void)nslcd_pam_sess_o(fp,session); break; case NSLCD_ACTION_PAM_SESS_C: (void)nslcd_pam_sess_c(fp,session); break; case NSLCD_ACTION_PAM_PWMOD: (void)nslcd_pam_pwmod(fp,session,uid); break; default: log_log(LOG_WARNING,"invalid request id: %d",(int)action); break; } /* we're done with the request */ myldap_session_cleanup(session); (void)tio_close(fp); return; } /* test to see if we can lock the specified file */ static int is_locked(const char* filename) { int fd; if (filename!=NULL) { errno=0; if ((fd=open(filename,O_RDWR,0644))<0) { if (errno==ENOENT) return 0; /* if file doesn't exist it cannot be locked */ log_log(LOG_ERR,"cannot open lock file (%s): %s",filename,strerror(errno)); exit(EXIT_FAILURE); } if (lockf(fd,F_TEST,0)<0) { if (close(fd)) log_log(LOG_WARNING,"problem closing fd: %s",strerror(errno)); return -1; } if (close(fd)) log_log(LOG_WARNING,"problem closing fd: %s",strerror(errno)); } return 0; } /* write the current process id to the specified file */ static void create_pidfile(const char *filename) { int fd; char buffer[20]; if (filename!=NULL) { mkdirname(filename); if ((fd=open(filename,O_RDWR|O_CREAT,0644))<0) { log_log(LOG_ERR,"cannot create pid file (%s): %s",filename,strerror(errno)); exit(EXIT_FAILURE); } if (lockf(fd,F_TLOCK,0)<0) { log_log(LOG_ERR,"cannot lock pid file (%s): %s",filename,strerror(errno)); exit(EXIT_FAILURE); } if (ftruncate(fd,0)<0) { log_log(LOG_ERR,"cannot truncate pid file (%s): %s",filename,strerror(errno)); exit(EXIT_FAILURE); } mysnprintf(buffer,sizeof(buffer),"%d\n",(int)getpid()); if (write(fd,buffer,strlen(buffer))!=(int)strlen(buffer)) { log_log(LOG_ERR,"error writing pid file (%s): %s",filename,strerror(errno)); exit(EXIT_FAILURE); } /* we keep the pidfile open so the lock remains valid */ } } /* try to install signal handler and check result */ static void install_sighandler(int signum,void (*handler) (int)) { struct sigaction act; memset(&act,0,sizeof(struct sigaction)); act.sa_handler=handler; sigemptyset(&act.sa_mask); act.sa_flags=SA_RESTART|SA_NOCLDSTOP; if (sigaction(signum,&act,NULL)!=0) { log_log(LOG_ERR,"error installing signal handler for '%s': %s",signame(signum),strerror(errno)); exit(EXIT_FAILURE); } } static void worker_cleanup(void *arg) { MYLDAP_SESSION *session=(MYLDAP_SESSION *)arg; myldap_session_close(session); } static void *worker(void UNUSED(*arg)) { MYLDAP_SESSION *session; int csock; int j; struct sockaddr_storage addr; socklen_t alen; fd_set fds; struct timeval tv; /* create a new LDAP session */ session=myldap_create_session(); /* clean up the session if we're done */ pthread_cleanup_push(worker_cleanup,session); /* start waiting for incoming connections */ while (1) { /* time out connection to LDAP server if needed */ myldap_session_check(session); /* set up the set of fds to wait on */ FD_ZERO(&fds); FD_SET(nslcd_serversocket,&fds); /* set up our timeout value */ tv.tv_sec=nslcd_cfg->ldc_idle_timelimit; tv.tv_usec=0; /* wait for a new connection */ j=select(nslcd_serversocket+1,&fds,NULL,NULL,nslcd_cfg->ldc_idle_timelimit>0?&tv:NULL); /* check result of select() */ if (j<0) { if (errno==EINTR) log_log(LOG_DEBUG,"select() failed (ignored): %s",strerror(errno)); else log_log(LOG_ERR,"select() failed: %s",strerror(errno)); continue; } /* see if our file descriptor is actually ready */ if (!FD_ISSET(nslcd_serversocket,&fds)) continue; /* wait for a new connection */ alen=(socklen_t)sizeof(struct sockaddr_storage); csock=accept(nslcd_serversocket,(struct sockaddr *)&addr,&alen); if (csock<0) { if ((errno==EINTR)||(errno==EAGAIN)||(errno==EWOULDBLOCK)) log_log(LOG_DEBUG,"accept() failed (ignored): %s",strerror(errno)); else log_log(LOG_ERR,"accept() failed: %s",strerror(errno)); continue; } /* make sure O_NONBLOCK is not inherited */ if ((j=fcntl(csock,F_GETFL,0))<0) { log_log(LOG_ERR,"fctnl(F_GETFL) failed: %s",strerror(errno)); if (close(csock)) log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno)); continue; } if (fcntl(csock,F_SETFL,j&~O_NONBLOCK)<0) { log_log(LOG_ERR,"fctnl(F_SETFL,~O_NONBLOCK) failed: %s",strerror(errno)); if (close(csock)) log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno)); continue; } /* indicate new connection to logging module (generates unique id) */ log_newsession(); /* handle the connection */ handleconnection(csock,session); /* indicate end of session in log messages */ log_clearsession(); } pthread_cleanup_pop(1); return NULL; } /* function to disable lookups through the nss_ldap module to avoid lookup loops */ static void disable_nss_ldap(void) { void *handle; char *error; int *enable_flag; /* try to load the NSS module */ #ifdef RTLD_NODELETE handle=dlopen(NSS_LDAP_SONAME,RTLD_LAZY|RTLD_NODELETE); #else /* not RTLD_NODELETE */ handle=dlopen(NSS_LDAP_SONAME,RTLD_LAZY); #endif /* RTLD_NODELETE */ if (handle==NULL) { log_log(LOG_WARNING,"Warning: LDAP NSS module not loaded: %s",dlerror()); return; } /* clear any existing errors */ dlerror(); /* try to look up the flag */ enable_flag=(int *)dlsym(handle,"_nss_ldap_enablelookups"); error=dlerror(); if (error!=NULL) { log_log(LOG_WARNING,"Warning: %s (probably older NSS module loaded)",error); /* fall back to changing the way host lookup is done */ #ifdef HAVE___NSS_CONFIGURE_LOOKUP if (__nss_configure_lookup("hosts","files dns")) log_log(LOG_ERR,"unable to override hosts lookup method: %s",strerror(errno)); #endif /* HAVE___NSS_CONFIGURE_LOOKUP */ dlclose(handle); return; } /* disable nss_ldap */ *enable_flag=0; #ifdef RTLD_NODELETE /* only close the handle if RTLD_NODELETE was used */ dlclose(handle); #endif /* RTLD_NODELETE */ } /* the main program... */ int main(int argc,char *argv[]) { int i; sigset_t signalmask,oldmask; #ifdef HAVE_PTHREAD_TIMEDJOIN_NP struct timespec ts; #endif /* HAVE_PTHREAD_TIMEDJOIN_NP */ /* parse the command line */ parse_cmdline(argc,argv); /* clean the environment */ #ifdef HAVE_CLEARENV if ( clearenv() || putenv("HOME=/") || putenv("TMPDIR=/tmp") || putenv("LDAPNOINIT=1") ) { log_log(LOG_ERR,"clearing environment failed"); exit(EXIT_FAILURE); } #else /* not HAVE_CLEARENV */ /* this is a bit ugly */ environ=sane_environment; #endif /* not HAVE_CLEARENV */ /* disable the nss_ldap module for this process */ disable_nss_ldap(); /* set LDAP log level */ if (myldap_set_debuglevel(nslcd_debugging)!=LDAP_SUCCESS) exit(EXIT_FAILURE); /* read configuration file */ cfg_init(NSLCD_CONF_PATH); /* set default mode for pidfile and socket */ (void)umask((mode_t)0022); /* see if someone already locked the pidfile if --check option was given: exit TRUE if daemon runs (pidfile locked), FALSE otherwise */ if (nslcd_checkonly) { if (is_locked(NSLCD_PIDFILE)) { log_log(LOG_DEBUG,"pidfile (%s) is locked",NSLCD_PIDFILE); exit(EXIT_SUCCESS); } else { log_log(LOG_DEBUG,"pidfile (%s) is not locked",NSLCD_PIDFILE); exit(EXIT_FAILURE); } } /* normal check for pidfile locked */ if (is_locked(NSLCD_PIDFILE)) { log_log(LOG_ERR,"daemon may already be active, cannot acquire lock (%s): %s",NSLCD_PIDFILE,strerror(errno)); exit(EXIT_FAILURE); } /* close all file descriptors (except stdin/out/err) */ i=sysconf(_SC_OPEN_MAX)-1; /* if the system does not have OPEN_MAX just close the first 32 and hope we closed enough */ if (i<0) i=32; for (;i>3;i--) close(i); /* daemonize */ if ((!nslcd_debugging)&&(daemon(0,0)<0)) { log_log(LOG_ERR,"unable to daemonize: %s",strerror(errno)); exit(EXIT_FAILURE); } /* intilialize logging */ if (!nslcd_debugging) log_startlogging(); log_log(LOG_INFO,"version %s starting",VERSION); /* write pidfile */ create_pidfile(NSLCD_PIDFILE); /* install handler to close stuff off on exit and log notice */ if (atexit(exithandler)) { log_log(LOG_ERR,"atexit() failed: %s",strerror(errno)); exit(EXIT_FAILURE); } /* create socket */ nslcd_serversocket=create_socket(NSLCD_SOCKET); if ((nslcd_cfg->ldc_gid!=NOGID)&&(nslcd_cfg->ldc_uidname!=NULL)) { #ifdef HAVE_INITGROUPS /* load supplementary groups */ if (initgroups(nslcd_cfg->ldc_uidname,nslcd_cfg->ldc_gid)<0) log_log(LOG_WARNING,"cannot initgroups(\"%s\",%d) (ignored): %s", nslcd_cfg->ldc_uidname,(int)nslcd_cfg->ldc_gid,strerror(errno)); else log_log(LOG_DEBUG,"initgroups(\"%s\",%d) done", nslcd_cfg->ldc_uidname,(int)nslcd_cfg->ldc_gid); #else /* not HAVE_INITGROUPS */ #ifdef HAVE_SETGROUPS /* just drop all supplemental groups */ if (setgroups(0,NULL)<0) log_log(LOG_WARNING,"cannot setgroups(0,NULL) (ignored): %s",strerror(errno)); else log_log(LOG_DEBUG,"setgroups(0,NULL) done"); #else /* not HAVE_SETGROUPS */ log_log(LOG_DEBUG,"neither initgroups() or setgroups() available"); #endif /* not HAVE_SETGROUPS */ #endif /* not HAVE_INITGROUPS */ } /* change to nslcd gid */ if (nslcd_cfg->ldc_gid!=NOGID) { if (setgid(nslcd_cfg->ldc_gid)!=0) { log_log(LOG_ERR,"cannot setgid(%d): %s",(int)nslcd_cfg->ldc_gid,strerror(errno)); exit(EXIT_FAILURE); } log_log(LOG_DEBUG,"setgid(%d) done",(int)nslcd_cfg->ldc_gid); } /* change to nslcd uid */ if (nslcd_cfg->ldc_uid!=NOUID) { if (setuid(nslcd_cfg->ldc_uid)!=0) { log_log(LOG_ERR,"cannot setuid(%d): %s",(int)nslcd_cfg->ldc_uid,strerror(errno)); exit(EXIT_FAILURE); } log_log(LOG_DEBUG,"setuid(%d) done",(int)nslcd_cfg->ldc_uid); } /* block all these signals so our worker threads won't handle them */ sigemptyset(&signalmask); sigaddset(&signalmask,SIGHUP); sigaddset(&signalmask,SIGINT); sigaddset(&signalmask,SIGQUIT); sigaddset(&signalmask,SIGABRT); sigaddset(&signalmask,SIGPIPE); sigaddset(&signalmask,SIGTERM); sigaddset(&signalmask,SIGUSR1); sigaddset(&signalmask,SIGUSR2); pthread_sigmask(SIG_BLOCK,&signalmask,&oldmask); /* start worker threads */ log_log(LOG_INFO,"accepting connections"); nslcd_threads=(pthread_t *)malloc(nslcd_cfg->ldc_threads*sizeof(pthread_t)); if (nslcd_threads==NULL) { log_log(LOG_CRIT,"main(): malloc() failed to allocate memory"); exit(EXIT_FAILURE); } for (i=0;ildc_threads;i++) { if (pthread_create(&nslcd_threads[i],NULL,worker,NULL)) { log_log(LOG_ERR,"unable to start worker thread %d: %s",i,strerror(errno)); exit(EXIT_FAILURE); } } pthread_sigmask(SIG_SETMASK,&oldmask,NULL); /* install signalhandlers for some signals */ install_sighandler(SIGHUP, sigexit_handler); install_sighandler(SIGINT, sigexit_handler); install_sighandler(SIGQUIT,sigexit_handler); install_sighandler(SIGABRT,sigexit_handler); install_sighandler(SIGPIPE,SIG_IGN); install_sighandler(SIGTERM,sigexit_handler); install_sighandler(SIGUSR1,sigexit_handler); install_sighandler(SIGUSR2,sigexit_handler); /* wait until we received a signal */ while (nslcd_exitsignal==0) { sleep(INT_MAX); /* sleep as long as we can or until we receive a signal */ } /* print something about received signal */ log_log(LOG_INFO,"caught signal %s (%d), shutting down", signame(nslcd_exitsignal),nslcd_exitsignal); /* cancel all running threads */ for (i=0;ildc_threads;i++) if (pthread_cancel(nslcd_threads[i])) log_log(LOG_WARNING,"failed to stop thread %d (ignored): %s",i,strerror(errno)); /* close server socket to trigger failures in threads waiting on accept() */ close(nslcd_serversocket); nslcd_serversocket=-1; /* if we can, wait a few seconds for the threads to finish */ #ifdef HAVE_PTHREAD_TIMEDJOIN_NP ts.tv_sec=time(NULL)+3; ts.tv_nsec=0; #endif /* HAVE_PTHREAD_TIMEDJOIN_NP */ for (i=0;ildc_threads;i++) { #ifdef HAVE_PTHREAD_TIMEDJOIN_NP pthread_timedjoin_np(nslcd_threads[i],NULL,&ts); #endif /* HAVE_PTHREAD_TIMEDJOIN_NP */ if (pthread_kill(nslcd_threads[i],0)==0) log_log(LOG_ERR,"thread %d is still running, shutting down anyway",i); } /* we're done */ return EXIT_FAILURE; } nss-pam-ldapd-0.8.13/nslcd/common.h0000644000175000001440000002472312137303542013734 00000000000000/* common.h - common server code routines This file is part of the nss-pam-ldapd library. Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef NSLCD__COMMON_H #define NSLCD__COMMON_H 1 #include #include #ifdef HAVE_STDINT_H #include #endif /* HAVE_STDINT_H */ #include #include "nslcd.h" #include "common/nslcd-prot.h" #include "common/tio.h" #include "compat/attrs.h" #include "myldap.h" /* macros for basic read and write operations, the following ERROR_OUT* marcos define the action taken on errors the stream is not closed because the caller closes the stream */ #define ERROR_OUT_WRITEERROR(fp) \ log_log(LOG_WARNING,"error writing to client: %s",strerror(errno)); \ return -1; #define ERROR_OUT_READERROR(fp) \ log_log(LOG_WARNING,"error reading from client: %s",strerror(errno)); \ return -1; #define ERROR_OUT_BUFERROR(fp) \ log_log(LOG_WARNING,"client supplied argument %d bytes too large",tmpint32); \ return -1; /* a simple wrapper around snprintf, returns 0 if ok, -1 on error */ int mysnprintf(char *buffer,size_t buflen,const char *format, ...) LIKE_PRINTF(3,4); /* return the fully qualified domain name of the current host the returned value does not need to be freed but is re-used for every call */ MUST_USE const char *getfqdn(void); /* This tries to get the user password attribute from the entry. It will try to return an encrypted password as it is used in /etc/passwd, /etc/group or /etc/shadow depending upon what is in the directory. This function will return NULL if no passwd is found and will return the literal value in the directory if conversion is not possible. */ const char *get_userpassword(MYLDAP_ENTRY *entry,const char *attr, char *buffer,size_t buflen); /* write out an address, parsing the addr value */ int write_address(TFILE *fp,MYLDAP_ENTRY *entry,const char *attr, const char *addr); /* a helper macro to write out addresses and bail out on errors */ #define WRITE_ADDRESS(fp,entry,attr,addr) \ if (write_address(fp,entry,attr,addr)) \ return -1; /* read an address from the stream */ int read_address(TFILE *fp,char *addr,int *addrlen,int *af); /* helper macro to read an address from the stream */ #define READ_ADDRESS(fp,addr,len,af) \ len=(int)sizeof(addr); \ if (read_address(fp,addr,&(len),&(af))) \ return -1; /* convert the provided string representation of a sid (e.g. S-1-5-21-1936905831-823966427-12391542-23578) to a format that can be used to search the objectSid property with */ MUST_USE char *sid2search(const char *sid); /* return the last security identifier of the binary sid */ MUST_USE long int binsid2id(const char *binsid); /* checks to see if the specified string is a valid user or group name */ MUST_USE int isvalidname(const char *name); /* Perform an LDAP lookup to translate the DN into a uid. This function either returns NULL or a strdup()ed string. */ MUST_USE char *lookup_dn2uid(MYLDAP_SESSION *session,const char *dn,int *rcp,char *buf,size_t buflen); /* transforms the DN info a uid doing an LDAP lookup if needed */ MUST_USE char *dn2uid(MYLDAP_SESSION *session,const char *dn,char *buf,size_t buflen); /* use the user id to lookup an LDAP entry */ MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid,int *rcp); /* transforms the uid into a DN by doing an LDAP lookup */ MUST_USE char *uid2dn(MYLDAP_SESSION *session,const char *uid,char *buf,size_t buflen); /* try to update the shadowLastChange attribute of the entry if possible */ int update_lastchange(MYLDAP_SESSION *session,const char *userdn); /* use the user id to lookup an LDAP entry with the shadow attributes requested*/ MYLDAP_ENTRY *shadow_uid2entry(MYLDAP_SESSION *session,const char *username,int *rcp); /* return shadow information */ void get_shadow_properties(MYLDAP_ENTRY *entry,long *lastchangedate, long *mindays,long *maxdays,long *warndays, long *inactdays,long *expiredate,unsigned long *flag); /* check whether the nsswitch.conf file has LDAP as a naming source for db */ int nsswitch_db_uses_ldap(const char *filename,const char *db); /* fallback definition of HOST_NAME_MAX */ #ifndef HOST_NAME_MAX #ifdef _POSIX_HOST_NAME_MAX #define HOST_NAME_MAX _POSIX_HOST_NAME_MAX #else #define HOST_NAME_MAX 255 #endif /* _POSIX_HOST_NAME_MAX */ #endif /* not HOST_NAME_MAX */ /* provide strtouid() function alias */ #if SIZEOF_UID_T == SIZEOF_UNSIGNED_LONG_INT #define strtouid (uid_t)strtoul #elif SIZEOF_UID_T == SIZEOF_UNSIGNED_LONG_LONG_INT #define strtouid (uid_t)strtoull #elif SIZEOF_UID_T == SIZEOF_UNSIGNED_INT #define WANT_STRTOUI 1 #define strtouid (uid_t)strtoui #else #error unable to find implementation for strtouid() #endif /* provide strtouid() function alias */ #if SIZEOF_GID_T == SIZEOF_UNSIGNED_LONG_INT #define strtogid (gid_t)strtoul #elif SIZEOF_GID_T == SIZEOF_UNSIGNED_LONG_LONG_INT #define strtogid (gid_t)strtoull #elif SIZEOF_GID_T == SIZEOF_UNSIGNED_INT #ifndef WANT_STRTOUI #define WANT_STRTOUI 1 #endif #define strtogid (uid_t)strtoui #else #error unable to find implementation for strtogid() #endif #ifdef WANT_STRTOUI /* provide a strtoui() if it is needed */ unsigned int strtoui(const char *nptr,char **endptr,int base); #endif /* WANT_STRTOUI */ /* these are the functions for initialising the database specific modules */ void alias_init(void); void ether_init(void); void group_init(void); void host_init(void); void netgroup_init(void); void network_init(void); void passwd_init(void); void protocol_init(void); void rpc_init(void); void service_init(void); void shadow_init(void); /* these are the different functions that handle the database specific actions, see nslcd.h for the action descriptions */ int nslcd_config_get(TFILE *fp,MYLDAP_SESSION *session); int nslcd_alias_byname(TFILE *fp,MYLDAP_SESSION *session); int nslcd_alias_all(TFILE *fp,MYLDAP_SESSION *session); int nslcd_ether_byname(TFILE *fp,MYLDAP_SESSION *session); int nslcd_ether_byether(TFILE *fp,MYLDAP_SESSION *session); int nslcd_ether_all(TFILE *fp,MYLDAP_SESSION *session); int nslcd_group_byname(TFILE *fp,MYLDAP_SESSION *session); int nslcd_group_bygid(TFILE *fp,MYLDAP_SESSION *session); int nslcd_group_bymember(TFILE *fp,MYLDAP_SESSION *session); int nslcd_group_all(TFILE *fp,MYLDAP_SESSION *session); int nslcd_host_byname(TFILE *fp,MYLDAP_SESSION *session); int nslcd_host_byaddr(TFILE *fp,MYLDAP_SESSION *session); int nslcd_host_all(TFILE *fp,MYLDAP_SESSION *session); int nslcd_netgroup_byname(TFILE *fp,MYLDAP_SESSION *session); int nslcd_network_byname(TFILE *fp,MYLDAP_SESSION *session); int nslcd_network_byaddr(TFILE *fp,MYLDAP_SESSION *session); int nslcd_network_all(TFILE *fp,MYLDAP_SESSION *session); int nslcd_passwd_byname(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid); int nslcd_passwd_byuid(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid); int nslcd_passwd_all(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid); int nslcd_protocol_byname(TFILE *fp,MYLDAP_SESSION *session); int nslcd_protocol_bynumber(TFILE *fp,MYLDAP_SESSION *session); int nslcd_protocol_all(TFILE *fp,MYLDAP_SESSION *session); int nslcd_rpc_byname(TFILE *fp,MYLDAP_SESSION *session); int nslcd_rpc_bynumber(TFILE *fp,MYLDAP_SESSION *session); int nslcd_rpc_all(TFILE *fp,MYLDAP_SESSION *session); int nslcd_service_byname(TFILE *fp,MYLDAP_SESSION *session); int nslcd_service_bynumber(TFILE *fp,MYLDAP_SESSION *session); int nslcd_service_all(TFILE *fp,MYLDAP_SESSION *session); int nslcd_shadow_byname(TFILE *fp,MYLDAP_SESSION *session); int nslcd_shadow_all(TFILE *fp,MYLDAP_SESSION *session); int nslcd_pam_authc(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid); int nslcd_pam_authz(TFILE *fp,MYLDAP_SESSION *session); int nslcd_pam_sess_o(TFILE *fp,MYLDAP_SESSION *session); int nslcd_pam_sess_c(TFILE *fp,MYLDAP_SESSION *session); int nslcd_pam_pwmod(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid); /* macros for generating service handling code */ #define NSLCD_HANDLE(db,fn,readfn,action,mkfilter,writefn) \ int nslcd_##db##_##fn(TFILE *fp,MYLDAP_SESSION *session) \ NSLCD_HANDLE_BODY(db,fn,readfn,action,mkfilter,writefn) #define NSLCD_HANDLE_UID(db,fn,readfn,action,mkfilter,writefn) \ int nslcd_##db##_##fn(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid) \ NSLCD_HANDLE_BODY(db,fn,readfn,action,mkfilter,writefn) #define NSLCD_HANDLE_BODY(db,fn,readfn,action,mkfilter,writefn) \ { \ /* define common variables */ \ int32_t tmpint32; \ MYLDAP_SEARCH *search; \ MYLDAP_ENTRY *entry; \ const char *base; \ int rc,i; \ /* read request parameters */ \ readfn; \ /* write the response header */ \ WRITE_INT32(fp,NSLCD_VERSION); \ WRITE_INT32(fp,action); \ /* prepare the search filter */ \ if (mkfilter) \ { \ log_log(LOG_WARNING,"nslcd_" __STRING(db) "_" __STRING(fn) "(): filter buffer too small"); \ return -1; \ } \ /* perform a search for each search base */ \ for (i=0; (base=db##_bases[i])!=NULL; i++) \ { \ /* do the LDAP search */ \ if ((search=myldap_search(session,base,db##_scope,filter,db##_attrs,NULL))==NULL) \ return -1; \ /* go over results */ \ while ((entry=myldap_get_entry(search,&rc))!=NULL) \ { \ if (writefn) \ return -1; \ } \ } \ /* write the final result code */ \ if (rc==LDAP_SUCCESS) \ { \ WRITE_INT32(fp,NSLCD_RESULT_END); \ } \ return 0; \ } /* macro to compare strings Use the ignorecase config option to determine whether or not to do a case-sensitive match */ #define STR_CMP(str1,str2) \ (nslcd_cfg->ldc_ignorecase == 1 ? strcasecmp(str1,str2) : strcmp(str1,str2)) #endif /* not NSLCD__COMMON_H */ nss-pam-ldapd-0.8.13/nslcd/host.c0000644000175000001440000001302712024621117013403 00000000000000/* host.c - host name lookup routines Parts of this file were part of the nss_ldap library (as ldap-hosts.c) which has been forked into the nss-pam-ldapd library. Copyright (C) 1997-2005 Luke Howard Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include #include #include "common.h" #include "log.h" #include "myldap.h" #include "cfg.h" #include "attmap.h" /* ( nisSchema.2.6 NAME 'ipHost' SUP top AUXILIARY * DESC 'Abstraction of a host, an IP device. The distinguished * value of the cn attribute denotes the host's canonical * name. Device SHOULD be used as a structural class' * MUST ( cn $ ipHostNumber ) * MAY ( l $ description $ manager ) ) */ /* the search base for searches */ const char *host_bases[NSS_LDAP_CONFIG_MAX_BASES] = { NULL }; /* the search scope for searches */ int host_scope = LDAP_SCOPE_DEFAULT; /* the basic search filter for searches */ const char *host_filter = "(objectClass=ipHost)"; /* the attributes to request with searches */ const char *attmap_host_cn = "cn"; const char *attmap_host_ipHostNumber = "ipHostNumber"; /* the attribute list to request with searches */ static const char *host_attrs[3]; /* create a search filter for searching a host entry by name, return -1 on errors */ static int mkfilter_host_byname(const char *name, char *buffer,size_t buflen) { char safename[300]; /* escape attribute */ if (myldap_escape(name,safename,sizeof(safename))) return -1; /* build filter */ return mysnprintf(buffer,buflen, "(&%s(%s=%s))", host_filter, attmap_host_cn,safename); } static int mkfilter_host_byaddr(const char *addrstr, char *buffer,size_t buflen) { char safeaddr[64]; /* escape attribute */ if (myldap_escape(addrstr,safeaddr,sizeof(safeaddr))) return -1; /* build filter */ return mysnprintf(buffer,buflen, "(&%s(%s=%s))", host_filter, attmap_host_ipHostNumber,safeaddr); } void host_init(void) { int i; /* set up search bases */ if (host_bases[0]==NULL) for (i=0;ildc_bases[i]; /* set up scope */ if (host_scope==LDAP_SCOPE_DEFAULT) host_scope=nslcd_cfg->ldc_scope; /* set up attribute list */ host_attrs[0]=attmap_host_cn; host_attrs[1]=attmap_host_ipHostNumber; host_attrs[2]=NULL; } /* write a single host entry to the stream */ static int write_host(TFILE *fp,MYLDAP_ENTRY *entry) { int32_t tmpint32,tmp2int32,tmp3int32; int numaddr,i; const char *hostname; const char **hostnames; const char **addresses; /* get the most canonical name */ hostname=myldap_get_rdn_value(entry,attmap_host_cn); /* get the other names for the host */ hostnames=myldap_get_values(entry,attmap_host_cn); if ((hostnames==NULL)||(hostnames[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_host_cn); return 0; } /* if the hostname is not yet found, get the first entry from hostnames */ if (hostname==NULL) hostname=hostnames[0]; /* get the addresses */ addresses=myldap_get_values(entry,attmap_host_ipHostNumber); if ((addresses==NULL)||(addresses[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_host_ipHostNumber); return 0; } /* write the entry */ WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_STRING(fp,hostname); WRITE_STRINGLIST_EXCEPT(fp,hostnames,hostname); for (numaddr=0;addresses[numaddr]!=NULL;numaddr++) /*noting*/ ; WRITE_INT32(fp,numaddr); for (i=0;i #include #include #include #include #include "compat/attrs.h" #include "common/set.h" /* values for uid and gid */ #define NOUID ((gid_t)-1) #define NOGID ((gid_t)-1) /* maximum number of URIs */ #define NSS_LDAP_CONFIG_URI_MAX 31 /* maximum number of search bases */ #define NSS_LDAP_CONFIG_MAX_BASES 7 /* maximum number of pam_authz_search options */ #define NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES 8 enum ldap_ssl_options { SSL_OFF, SSL_LDAPS, SSL_START_TLS }; /* selectors for different maps */ enum ldap_map_selector { LM_PASSWD, LM_SHADOW, LM_GROUP, LM_HOSTS, LM_SERVICES, LM_NETWORKS, LM_PROTOCOLS, LM_RPC, LM_ETHERS, LM_ALIASES, LM_NETGROUP, LM_NONE }; struct myldap_uri { char *uri; /* time of first failed operation */ time_t firstfail; /* time of last failed operation */ time_t lastfail; }; struct ldap_config { /* the number of threads to start */ int ldc_threads; /* the user name specified in the uid option */ char *ldc_uidname; /* the user id nslcd should be run as */ uid_t ldc_uid; /* the group id nslcd should be run as */ gid_t ldc_gid; /* whether or not case should be ignored in lookups */ int ldc_ignorecase; /* NULL terminated list of URIs */ struct myldap_uri ldc_uris[NSS_LDAP_CONFIG_URI_MAX+1]; /* protocol version */ int ldc_version; /* bind DN */ char *ldc_binddn; /* bind cred */ char *ldc_bindpw; /* bind DN for password modification by administrator */ char *ldc_rootpwmoddn; /* bind password for password modification by root */ char *ldc_rootpwmodpw; /* sasl mech */ char *ldc_sasl_mech; /* sasl realm */ char *ldc_sasl_realm; /* sasl authentication id */ char *ldc_sasl_authcid; /* sasl authorization id */ char *ldc_sasl_authzid; /* sasl security */ char *ldc_sasl_secprops; #ifdef LDAP_OPT_X_SASL_NOCANON /* whether host name should be canonicalised */ int ldc_sasl_canonicalize; #endif /* LDAP_OPT_X_SASL_NOCANON */ /* base DN, eg. dc=gnu,dc=org */ const char *ldc_bases[NSS_LDAP_CONFIG_MAX_BASES]; /* scope for searches */ int ldc_scope; /* dereference aliases/links */ int ldc_deref; /* chase referrals */ int ldc_referrals; /* bind timelimit */ int ldc_bind_timelimit; /* search timelimit */ int ldc_timelimit; /* idle timeout */ int ldc_idle_timelimit; /* seconds to sleep; doubled until max */ int ldc_reconnect_sleeptime; /* maximum seconds to sleep */ int ldc_reconnect_retrytime; #ifdef LDAP_OPT_X_TLS /* SSL enabled */ enum ldap_ssl_options ldc_ssl_on; #endif /* LDAP_OPT_X_TLS */ /* whether the LDAP library should restart the select(2) system call when interrupted */ int ldc_restart; /* set to a greater than 0 to enable handling of paged results with the specified size */ int ldc_pagesize; /* the users for which no initgroups() searches should be done */ SET *ldc_nss_initgroups_ignoreusers; /* the searches that should be performed to do autorisation checks */ char *ldc_pam_authz_search[NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES]; /* minimum uid for users retrieved from LDAP */ uid_t ldc_nss_min_uid; /* the regular expression to determine valid names */ regex_t validnames; /* whether password changing should be denied and user prompted with this message */ char *pam_password_prohibit_message; }; /* this is a pointer to the global configuration, it should be available once cfg_init() was called */ extern struct ldap_config *nslcd_cfg; /* Initialize the configuration in nslcd_cfg. This method will read the default configuration file and call exit() if an error occurs. */ void cfg_init(const char *fname); #endif /* NSLCD__CFG_H */ nss-pam-ldapd-0.8.13/nslcd/myldap.c0000644000175000001440000017412012137303542013722 00000000000000/* myldap.c - simple interface to do LDAP requests Parts of this file were part of the nss_ldap library (as ldap-nss.c) which has been forked into the nss-pam-ldapd library. Copyright (C) 1997-2006 Luke Howard Copyright (C) 2006, 2007 West Consulting Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ /* This library expects to use an LDAP library to provide the real functionality and only provides a convenient wrapper. Some pointers for more information on the LDAP API: http://tools.ietf.org/id/draft-ietf-ldapext-ldap-c-api-05.txt http://www.mozilla.org/directory/csdk-docs/function.htm http://publib.boulder.ibm.com/infocenter/iseries/v5r3/topic/apis/dirserv1.htm http://www.openldap.org/software/man.cgi?query=ldap */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_LDAP_SSL_H #include #endif #ifdef HAVE_GSSLDAP_H #include #endif #ifdef HAVE_GSSSASL_H #include #endif #ifdef HAVE_SASL_SASL_H #include #endif #ifdef HAVE_SASL_H #include #endif #include #include #include #include "myldap.h" #include "common.h" #include "log.h" #include "cfg.h" #include "common/set.h" #include "compat/ldap_compat.h" /* the maximum number of searches per session */ #define MAX_SEARCHES_IN_SESSION 4 /* the maximum number of dn's to log to the debug log for each search */ #define MAX_DEBUG_LOG_DNS 10 /* This refers to a current LDAP session that contains the connection information. */ struct ldap_session { /* the connection */ LDAP *ld; /* the username to bind with */ char binddn[256]; /* the password to bind with if any */ char bindpw[64]; /* timestamp of last activity */ time_t lastactivity; /* index into ldc_uris: currently connected LDAP uri */ int current_uri; /* a list of searches registered with this session */ struct myldap_search *searches[MAX_SEARCHES_IN_SESSION]; }; /* A search description set as returned by myldap_search(). */ struct myldap_search { /* reference to the session */ MYLDAP_SESSION *session; /* indicator that the search is still valid */ int valid; /* the parameters descibing the search */ const char *base; int scope; const char *filter; char **attrs; /* a pointer to the current result entry, used for freeing resource allocated with that entry */ MYLDAP_ENTRY *entry; /* LDAP message id for the search, -1 indicates absense of an active search */ int msgid; /* the last result that was returned by ldap_result() */ LDAPMessage *msg; /* cookie for paged searches */ struct berval *cookie; /* to indicate that we can retry the search from myldap_get_entry() */ int may_retry_search; /* the number of resutls returned so far */ int count; }; /* The maximum number of calls to myldap_get_values() that may be done per returned entry. */ #define MAX_ATTRIBUTES_PER_ENTRY 16 /* The maximum number of ranged attribute values that may be stoted per entry. */ #define MAX_RANGED_ATTRIBUTES_PER_ENTRY 8 /* A single entry from the LDAP database as returned by myldap_get_entry(). */ struct myldap_entry { /* reference to the search to be used to get parameters (e.g. LDAP connection) for other calls */ MYLDAP_SEARCH *search; /* the DN */ const char *dn; /* a cached version of the exploded rdn */ char **exploded_rdn; /* a cache of attribute to value list */ char **attributevalues[MAX_ATTRIBUTES_PER_ENTRY]; /* a reference to ranged attribute values so we can free() them later on */ char **rangedattributevalues[MAX_RANGED_ATTRIBUTES_PER_ENTRY]; }; static void myldap_err(int pri,LDAP *ld,int rc,const char *format, ...) { char message[200]; char *msg_ldap=NULL; char *msg_diag=NULL; char *msg_errno=NULL; va_list ap; /* make the message */ va_start(ap,format); vsnprintf(message,sizeof(message),format,ap); message[sizeof(message)-1]='\0'; va_end(ap); /* get the various error message */ if (rc!=LDAP_SUCCESS) { msg_ldap=ldap_err2string(rc); /* get the diagnostic information */ #ifdef LDAP_OPT_DIAGNOSTIC_MESSAGE if (ld!=NULL) ldap_get_option(ld,LDAP_OPT_DIAGNOSTIC_MESSAGE,&msg_diag); #endif /* LDAP_OPT_DIAGNOSTIC_MESSAGE */ } if (errno!=0) msg_errno=strerror(errno); /* log the message */ log_log(pri,"%s%s%s%s%s%s%s",message, (msg_ldap==NULL)?"":": ",(msg_ldap==NULL)?"":msg_ldap, (msg_diag==NULL)?"":": ",(msg_diag==NULL)?"":msg_diag, (msg_errno==NULL)?"":": ",(msg_errno==NULL)?"":msg_errno); /* free diagnostic message */ if (msg_diag!=NULL) ldap_memfree(msg_diag); } static MYLDAP_ENTRY *myldap_entry_new(MYLDAP_SEARCH *search) { MYLDAP_ENTRY *entry; int i; /* Note: as an alternative we could embed the myldap_entry into the myldap_search struct to save on malloc() and free() calls. */ /* allocate new entry */ entry=(MYLDAP_ENTRY *)malloc(sizeof(struct myldap_entry)); if (entry==NULL) { log_log(LOG_CRIT,"myldap_entry_new(): malloc() failed to allocate memory"); exit(EXIT_FAILURE); } /* fill in fields */ entry->search=search; entry->dn=NULL; entry->exploded_rdn=NULL; for (i=0;iattributevalues[i]=NULL; for (i=0;irangedattributevalues[i]=NULL; /* return the fresh entry */ return entry; } static void myldap_entry_free(MYLDAP_ENTRY *entry) { int i; /* free the DN */ if (entry->dn!=NULL) ldap_memfree((char *)entry->dn); /* free the exploded RDN */ if (entry->exploded_rdn!=NULL) ldap_value_free(entry->exploded_rdn); /* free all attribute values */ for (i=0;iattributevalues[i]!=NULL) ldap_value_free(entry->attributevalues[i]); /* free all ranged attribute values */ for (i=0;irangedattributevalues[i]!=NULL) free(entry->rangedattributevalues[i]); /* we don't need the result anymore, ditch it. */ ldap_msgfree(entry->search->msg); entry->search->msg=NULL; /* free the actual memory for the struct */ free(entry); } static MYLDAP_SEARCH *myldap_search_new( MYLDAP_SESSION *session, const char *base,int scope,const char *filter,const char **attrs) { char *buffer; MYLDAP_SEARCH *search; int i; size_t sz; /* figure out size for new memory block to allocate this has the advantage that we can free the whole lot with one call */ sz=sizeof(struct myldap_search); sz+=strlen(base)+1+strlen(filter)+1; for (i=0;attrs[i]!=NULL;i++) sz+=strlen(attrs[i])+1; sz+=(i+1)*sizeof(char *); /* allocate new results memory region */ buffer=(char *)malloc(sz); if (buffer==NULL) { log_log(LOG_CRIT,"myldap_search_new(): malloc() failed to allocate memory"); exit(EXIT_FAILURE); } /* initialize struct */ search=(MYLDAP_SEARCH *)(void *)(buffer); buffer+=sizeof(struct myldap_search); /* save pointer to session */ search->session=session; /* flag as valid search */ search->valid=1; /* initialize array of attributes */ search->attrs=(char **)(void *)buffer; buffer+=(i+1)*sizeof(char *); /* copy base */ strcpy(buffer,base); search->base=buffer; buffer+=strlen(base)+1; /* just plainly store scope */ search->scope=scope; /* copy filter */ strcpy(buffer,filter); search->filter=buffer; buffer+=strlen(filter)+1; /* copy attributes themselves */ for (i=0;attrs[i]!=NULL;i++) { strcpy(buffer,attrs[i]); search->attrs[i]=buffer; buffer+=strlen(attrs[i])+1; } search->attrs[i]=NULL; /* initialize context */ search->cookie=NULL; search->msg=NULL; search->msgid=-1; search->may_retry_search=1; /* clear result entry */ search->entry=NULL; search->count=0; /* return the new search struct */ return search; } static MYLDAP_SESSION *myldap_session_new(void) { MYLDAP_SESSION *session; int i; /* allocate memory for the session storage */ session=(struct ldap_session *)malloc(sizeof(struct ldap_session)); if (session==NULL) { log_log(LOG_CRIT,"myldap_session_new(): malloc() failed to allocate memory"); exit(EXIT_FAILURE); } /* initialize the session */ session->ld=NULL; session->binddn[0]='\0'; session->bindpw[0]='\0'; session->lastactivity=0; session->current_uri=0; for (i=0;isearches[i]=NULL; /* return the new session */ return session; } PURE static inline int is_valid_session(MYLDAP_SESSION *session) { return (session!=NULL); } PURE static inline int is_open_session(MYLDAP_SESSION *session) { return is_valid_session(session)&&(session->ld!=NULL); } /* note that this does not check the valid flag of the search */ PURE static inline int is_valid_search(MYLDAP_SEARCH *search) { return (search!=NULL)&&is_open_session(search->session); } PURE static inline int is_valid_entry(MYLDAP_ENTRY *entry) { return (entry!=NULL)&&is_valid_search(entry->search)&&(entry->search->msg!=NULL); } #ifdef HAVE_SASL_INTERACT_T /* this is registered with ldap_sasl_interactive_bind_s() in do_bind() */ static int do_sasl_interact(LDAP UNUSED(*ld),unsigned UNUSED(flags),void *defaults,void *_interact) { struct ldap_config *cfg=defaults; sasl_interact_t *interact=_interact; while (interact->id!=SASL_CB_LIST_END) { switch(interact->id) { case SASL_CB_GETREALM: if (cfg->ldc_sasl_realm) { log_log(LOG_DEBUG,"do_sasl_interact(): returning sasl_realm \"%s\"",cfg->ldc_sasl_realm); interact->result=cfg->ldc_sasl_realm; interact->len=strlen(cfg->ldc_sasl_realm); } else log_log(LOG_DEBUG,"do_sasl_interact(): were asked for sasl_realm but we don't have any"); break; case SASL_CB_AUTHNAME: if (cfg->ldc_sasl_authcid) { log_log(LOG_DEBUG,"do_sasl_interact(): returning sasl_authcid \"%s\"",cfg->ldc_sasl_authcid); interact->result=cfg->ldc_sasl_authcid; interact->len=strlen(cfg->ldc_sasl_authcid); } else log_log(LOG_DEBUG,"do_sasl_interact(): were asked for sasl_authcid but we don't have any"); break; case SASL_CB_USER: if (cfg->ldc_sasl_authzid) { log_log(LOG_DEBUG,"do_sasl_interact(): returning sasl_authzid \"%s\"",cfg->ldc_sasl_authzid); interact->result=cfg->ldc_sasl_authzid; interact->len=strlen(cfg->ldc_sasl_authzid); } else log_log(LOG_DEBUG,"do_sasl_interact(): were asked for sasl_authzid but we don't have any"); break; case SASL_CB_PASS: if (cfg->ldc_bindpw) { log_log(LOG_DEBUG,"do_sasl_interact(): returning bindpw \"***\""); interact->result=cfg->ldc_bindpw; interact->len=strlen(cfg->ldc_bindpw); } else log_log(LOG_DEBUG,"do_sasl_interact(): were asked for bindpw but we don't have any"); break; default: /* just ignore */ break; } interact++; } return LDAP_SUCCESS; } #endif /* HAVE_SASL_INTERACT_T */ #define LDAP_SET_OPTION(ld,option,invalue) \ rc=ldap_set_option(ld,option,invalue); \ if (rc!=LDAP_SUCCESS) \ { \ myldap_err(LOG_ERR,ld,rc,"ldap_set_option(" #option ") failed"); \ return rc; \ } /* This function performs the authentication phase of opening a connection. The binddn and bindpw parameters may be used to override the authentication mechanism defined in the configuration. This returns an LDAP result code. */ static int do_bind(LDAP *ld,const char *binddn,const char *bindpw,const char *uri) { int rc; #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S #ifndef HAVE_SASL_INTERACT_T struct berval cred; #endif /* not HAVE_SASL_INTERACT_T */ #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */ #ifdef LDAP_OPT_X_TLS /* check if StartTLS is requested */ if (nslcd_cfg->ldc_ssl_on==SSL_START_TLS) { log_log(LOG_DEBUG,"ldap_start_tls_s()"); errno=0; rc=ldap_start_tls_s(ld,NULL,NULL); if (rc!=LDAP_SUCCESS) { myldap_err(LOG_WARNING,ld,rc,"ldap_start_tls_s() failed (uri=%s)",uri); return rc; } } #endif /* LDAP_OPT_X_TLS */ /* check if the binddn and bindpw are overwritten in the session */ if ((binddn!=NULL)&&(binddn[0]!='\0')) { /* do a simple bind */ log_log(LOG_DEBUG,"ldap_simple_bind_s(\"%s\",%s) (uri=\"%s\")",binddn, ((bindpw!=NULL)&&(bindpw[0]!='\0'))?"\"***\"":"\"\"",uri); return ldap_simple_bind_s(ld,binddn,bindpw); } /* perform SASL bind if requested and available on platform */ #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S /* TODO: store this information in the session */ if (nslcd_cfg->ldc_sasl_mech!=NULL) { /* do a SASL bind */ if (nslcd_cfg->ldc_sasl_secprops!=NULL) { log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_SASL_SECPROPS,\"%s\")",nslcd_cfg->ldc_sasl_secprops); LDAP_SET_OPTION(ld,LDAP_OPT_X_SASL_SECPROPS,(void *)nslcd_cfg->ldc_sasl_secprops); } #ifdef HAVE_SASL_INTERACT_T if (nslcd_cfg->ldc_binddn!=NULL) log_log(LOG_DEBUG,"ldap_sasl_interactive_bind_s(\"%s\",\"%s\") (uri=\"%s\")", nslcd_cfg->ldc_binddn,nslcd_cfg->ldc_sasl_mech,uri); else log_log(LOG_DEBUG,"ldap_sasl_interactive_bind_s(NULL,\"%s\") (uri=\"%s\")", nslcd_cfg->ldc_sasl_mech,uri); return ldap_sasl_interactive_bind_s(ld,nslcd_cfg->ldc_binddn,nslcd_cfg->ldc_sasl_mech,NULL,NULL, LDAP_SASL_QUIET, do_sasl_interact,(void *)nslcd_cfg); #else /* HAVE_SASL_INTERACT_T */ if (nslcd_cfg->ldc_bindpw!=NULL) { cred.bv_val=nslcd_cfg->ldc_bindpw; cred.bv_len=strlen(nslcd_cfg->ldc_bindpw); } else { cred.bv_val=""; cred.bv_len=0; } if (nslcd_cfg->ldc_binddn!=NULL) log_log(LOG_DEBUG,"ldap_sasl_bind_s(\"%s\",\"%s\",%s) (uri=\"%s\")", nslcd_cfg->ldc_binddn,nslcd_cfg->ldc_sasl_mech, nslcd_cfg->ldc_bindpw?"\"***\"":"NULL",uri); else log_log(LOG_DEBUG,"ldap_sasl_bind_s(NULL,\"%s\",%s) (uri=\"%s\")", nslcd_cfg->ldc_sasl_mech, nslcd_cfg->ldc_bindpw?"\"***\"":"NULL",uri); return ldap_sasl_bind_s(ld,nslcd_cfg->ldc_binddn,nslcd_cfg->ldc_sasl_mech,&cred,NULL,NULL,NULL); #endif /* not HAVE_SASL_INTERACT_T */ } #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */ /* do a simple bind */ if (nslcd_cfg->ldc_binddn) log_log(LOG_DEBUG,"ldap_simple_bind_s(\"%s\",%s) (uri=\"%s\")",nslcd_cfg->ldc_binddn, nslcd_cfg->ldc_bindpw?"\"***\"":"NULL",uri); else log_log(LOG_DEBUG,"ldap_simple_bind_s(NULL,%s) (uri=\"%s\")", nslcd_cfg->ldc_bindpw?"\"***\"":"NULL",uri); return ldap_simple_bind_s(ld,nslcd_cfg->ldc_binddn,nslcd_cfg->ldc_bindpw); } #ifdef HAVE_LDAP_SET_REBIND_PROC /* This function is called by the LDAP library when chasing referrals. It is configured with the ldap_set_rebind_proc() below. */ #if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) static int do_rebind(LDAP *ld,LDAP_CONST char *url, ber_tag_t UNUSED(request), ber_int_t UNUSED(msgid),void *arg) { MYLDAP_SESSION *session=(MYLDAP_SESSION *)arg; log_log(LOG_DEBUG,"rebinding to %s",url); return do_bind(ld,session->binddn,session->bindpw,url); } #else /* not recent OpenLDAP */ static int do_rebind(LDAP *ld,char **dnp,char **passwdp,int *authmethodp, int freeit,void *arg) { MYLDAP_SESSION *session=(MYLDAP_SESSION *)arg; if (freeit) { free(*dnp); memset(*passwdp,0,strlen(*passwdp)); free(*passwdp); } else { log_log(LOG_DEBUG,"rebinding"); *dnp=strdup(session->binddn); *passwdp=strdup(session->bindpw); *authmethodp=LDAP_AUTH_SIMPLE; if ((*dnp==NULL)||(*passwdp==NULL)) { if (*dnp!=NULL) free(*dnp); log_log(LOG_CRIT,"do_rebind(): strdup() failed to allocate memory"); return LDAP_NO_MEMORY; } } return LDAP_SUCCESS; } #endif /* not recent OpenLDAP */ #endif /* HAVE_LDAP_SET_REBIND_PROC */ /* set a recieve and send timeout on a socket */ static int set_socket_timeout(LDAP *ld,time_t sec,suseconds_t usec) { struct timeval tv; int rc=LDAP_SUCCESS; int sd; log_log(LOG_DEBUG,"set_socket_timeout(%lu,%lu)",(unsigned long)sec,(unsigned long)usec); /* get the socket */ if ((rc=ldap_get_option(ld,LDAP_OPT_DESC,&sd))!=LDAP_SUCCESS) { myldap_err(LOG_ERR,ld,rc,"ldap_get_option(LDAP_OPT_DESC) failed"); return rc; } /* ignore invalid (probably closed) file descriptors */ if (sd<=0) return LDAP_SUCCESS; /* set timeouts */ memset(&tv,0,sizeof(tv)); tv.tv_sec=sec; tv.tv_usec=usec; if (setsockopt(sd,SOL_SOCKET,SO_RCVTIMEO,(void *)&tv,sizeof(tv))) { log_log(LOG_ERR,"setsockopt(%d,SO_RCVTIMEO) failed: %s",sd,strerror(errno)); rc=LDAP_LOCAL_ERROR; } if (setsockopt(sd,SOL_SOCKET,SO_SNDTIMEO,(void *)&tv,sizeof(tv))) { log_log(LOG_ERR,"setsockopt(%d,SO_RCVTIMEO) failed: %s",sd,strerror(errno)); rc=LDAP_LOCAL_ERROR; } return rc; } #ifdef LDAP_OPT_CONNECT_CB /* This function is called by the LDAP library once a connection was made to the server. We set a timeout on the socket here, to catch network timeouts during the ssl handshake phase. It is configured with LDAP_OPT_CONNECT_CB. */ static int connect_cb(LDAP *ld,Sockbuf UNUSED(*sb),LDAPURLDesc UNUSED(*srv), struct sockaddr UNUSED(*addr),struct ldap_conncb UNUSED(*ctx)) { /* set timeout options on socket to avoid hang in some cases (a little more than the normal timeout so this should only be triggered in cases where the library behaves incorrectly) */ if (nslcd_cfg->ldc_timelimit) set_socket_timeout(ld,nslcd_cfg->ldc_timelimit,500000); return LDAP_SUCCESS; } /* We have an empty disconnect callback because LDAP_OPT_CONNECT_CB expects both functions to be available. */ static void disconnect_cb(LDAP UNUSED(*ld),Sockbuf UNUSED(*sb),struct ldap_conncb UNUSED(*ctx)) { } #endif /* LDAP_OPT_CONNECT_CB */ /* This function sets a number of properties on the connection, based what is configured in the configfile. This function returns an LDAP status code. */ static int do_set_options(MYLDAP_SESSION *session) { /* FIXME: move this to a global initialisation routine */ int rc; struct timeval tv; #ifdef LDAP_OPT_CONNECT_CB /* make this static because OpenLDAP doesn't make it's own copy */ static struct ldap_conncb cb; #endif /* LDAP_OPT_CONNECT_CB */ #ifdef LDAP_OPT_X_TLS int i; #endif /* LDAP_OPT_X_TLS */ #ifdef HAVE_LDAP_SET_REBIND_PROC /* the rebind function that is called when chasing referrals, see http://publib.boulder.ibm.com/infocenter/iseries/v5r3/topic/apis/ldap_set_rebind_proc.htm http://www.openldap.org/software/man.cgi?query=ldap_set_rebind_proc&manpath=OpenLDAP+2.4-Release */ /* TODO: probably only set this if we should chase referrals */ log_log(LOG_DEBUG,"ldap_set_rebind_proc()"); #ifndef LDAP_SET_REBIND_PROC_RETURNS_VOID /* it returns int */ rc=ldap_set_rebind_proc(session->ld,do_rebind,session); if (rc!=LDAP_SUCCESS) { myldap_err(LOG_ERR,session->ld,rc,"ldap_set_rebind_proc() failed"); return rc; } #else /* ldap_set_rebind_proc() returns void */ ldap_set_rebind_proc(session->ld,do_rebind,session); #endif #endif /* HAVE_LDAP_SET_REBIND_PROC */ /* set the protocol version to use */ log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,%d)",nslcd_cfg->ldc_version); LDAP_SET_OPTION(session->ld,LDAP_OPT_PROTOCOL_VERSION,&nslcd_cfg->ldc_version); /* set some other options */ log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_DEREF,%d)",nslcd_cfg->ldc_deref); LDAP_SET_OPTION(session->ld,LDAP_OPT_DEREF,&nslcd_cfg->ldc_deref); log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_TIMELIMIT,%d)",nslcd_cfg->ldc_timelimit); LDAP_SET_OPTION(session->ld,LDAP_OPT_TIMELIMIT,&nslcd_cfg->ldc_timelimit); tv.tv_sec=nslcd_cfg->ldc_bind_timelimit; tv.tv_usec=0; #ifdef LDAP_OPT_TIMEOUT log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_TIMEOUT,%d)",nslcd_cfg->ldc_timelimit); LDAP_SET_OPTION(session->ld,LDAP_OPT_TIMEOUT,&tv); #endif /* LDAP_OPT_TIMEOUT */ #ifdef LDAP_OPT_NETWORK_TIMEOUT log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,%d)",nslcd_cfg->ldc_timelimit); LDAP_SET_OPTION(session->ld,LDAP_OPT_NETWORK_TIMEOUT,&tv); #endif /* LDAP_OPT_NETWORK_TIMEOUT */ #ifdef LDAP_X_OPT_CONNECT_TIMEOUT log_log(LOG_DEBUG,"ldap_set_option(LDAP_X_OPT_CONNECT_TIMEOUT,%d)",nslcd_cfg->ldc_timelimit); LDAP_SET_OPTION(session->ld,LDAP_X_OPT_CONNECT_TIMEOUT,&tv); #endif /* LDAP_X_OPT_CONNECT_TIMEOUT */ log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_REFERRALS,%s)",nslcd_cfg->ldc_referrals?"LDAP_OPT_ON":"LDAP_OPT_OFF"); LDAP_SET_OPTION(session->ld,LDAP_OPT_REFERRALS,nslcd_cfg->ldc_referrals?LDAP_OPT_ON:LDAP_OPT_OFF); log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_RESTART,%s)",nslcd_cfg->ldc_restart?"LDAP_OPT_ON":"LDAP_OPT_OFF"); LDAP_SET_OPTION(session->ld,LDAP_OPT_RESTART,nslcd_cfg->ldc_restart?LDAP_OPT_ON:LDAP_OPT_OFF); #ifdef LDAP_OPT_CONNECT_CB /* register a connection callback */ cb.lc_add=connect_cb; cb.lc_del=disconnect_cb; cb.lc_arg=NULL; LDAP_SET_OPTION(session->ld,LDAP_OPT_CONNECT_CB,(void *)&cb); #endif /* LDAP_OPT_CONNECT_CB */ #ifdef LDAP_OPT_X_TLS /* if SSL is desired, then enable it */ if ( (nslcd_cfg->ldc_ssl_on==SSL_LDAPS) || (strncasecmp(nslcd_cfg->ldc_uris[session->current_uri].uri,"ldaps://",8)==0) ) { /* use tls */ i=LDAP_OPT_X_TLS_HARD; log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)"); LDAP_SET_OPTION(session->ld,LDAP_OPT_X_TLS,&i); } #endif /* LDAP_OPT_X_TLS */ #ifdef LDAP_OPT_X_SASL_NOCANON if (nslcd_cfg->ldc_sasl_canonicalize>=0) { log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_SASL_NOCANON,%s)",nslcd_cfg->ldc_sasl_canonicalize?"LDAP_OPT_OFF":"LDAP_OPT_ON"); LDAP_SET_OPTION(session->ld,LDAP_OPT_X_SASL_NOCANON,nslcd_cfg->ldc_sasl_canonicalize?LDAP_OPT_OFF:LDAP_OPT_ON); } #endif /* LDAP_OPT_X_SASL_NOCANON */ /* if nothing above failed, everything should be fine */ return LDAP_SUCCESS; } /* close the connection to the server and invalidate any running searches */ static void do_close(MYLDAP_SESSION *session) { int i; int rc; time_t sec; /* if we had reachability problems with the server close the connection */ if (session->ld!=NULL) { /* set timeout options on socket to avoid hang in some cases (we set a short timeout because we don't care too much about properly shutting down the connection) */ if (nslcd_cfg->ldc_timelimit) { sec=nslcd_cfg->ldc_timelimit/2; if (!sec) sec=1; set_socket_timeout(session->ld,sec,0); } /* go over the other searches and partially close them */ for (i=0;isearches[i]!=NULL) { /* free any messages (because later ld is no longer valid) */ if (session->searches[i]->msg!=NULL) { ldap_msgfree(session->searches[i]->msg); session->searches[i]->msg=NULL; } /* abandon the search if there were more results to fetch */ if (session->searches[i]->msgid!=-1) { log_log(LOG_DEBUG,"ldap_abandon()"); if (ldap_abandon(session->searches[i]->session->ld,session->searches[i]->msgid)) { if (ldap_get_option(session->ld,LDAP_OPT_ERROR_NUMBER,&rc)!=LDAP_SUCCESS) rc=LDAP_OTHER; myldap_err(LOG_WARNING,session->ld,rc,"ldap_abandon() failed to abandon search"); } session->searches[i]->msgid=-1; } /* flag the search as invalid */ session->searches[i]->valid=0; } } /* close the connection to the server */ log_log(LOG_DEBUG,"ldap_unbind()"); rc=ldap_unbind(session->ld); session->ld=NULL; if (rc!=LDAP_SUCCESS) myldap_err(LOG_WARNING,session->ld,rc,"ldap_unbind() failed"); } } void myldap_session_check(MYLDAP_SESSION *session) { int i; time_t current_time; /* check parameters */ if (!is_valid_session(session)) { log_log(LOG_ERR,"myldap_session_check(): invalid parameter passed"); errno=EINVAL; return; } /* check if we should time out the connection */ if ((session->ld!=NULL)&&(nslcd_cfg->ldc_idle_timelimit>0)) { /* if we have any running searches, don't time out */ for (i=0;isearches[i]!=NULL)&&(session->searches[i]->valid)) return; /* consider timeout (there are no running searches) */ time(¤t_time); if ((session->lastactivity+nslcd_cfg->ldc_idle_timelimit)ld!=NULL) return LDAP_SUCCESS; /* we should build a new session now */ session->ld=NULL; session->lastactivity=0; /* open the connection */ log_log(LOG_DEBUG,"ldap_initialize(%s)",nslcd_cfg->ldc_uris[session->current_uri].uri); errno=0; rc=ldap_initialize(&(session->ld),nslcd_cfg->ldc_uris[session->current_uri].uri); if (rc!=LDAP_SUCCESS) { myldap_err(LOG_WARNING,session->ld,rc,"ldap_initialize(%s) failed", nslcd_cfg->ldc_uris[session->current_uri].uri); if (session->ld!=NULL) do_close(session); return rc; } else if (session->ld==NULL) { log_log(LOG_WARNING,"ldap_initialize() returned NULL"); return LDAP_LOCAL_ERROR; } /* set the options for the connection */ rc=do_set_options(session); if (rc!=LDAP_SUCCESS) { do_close(session); return rc; } /* bind to the server */ errno=0; rc=do_bind(session->ld,session->binddn,session->bindpw, nslcd_cfg->ldc_uris[session->current_uri].uri); if (rc!=LDAP_SUCCESS) { /* log actual LDAP error code */ myldap_err((session->binddn[0]=='\0')?LOG_WARNING:LOG_DEBUG, session->ld,rc,"failed to bind to LDAP server %s", nslcd_cfg->ldc_uris[session->current_uri].uri); do_close(session); return rc; } /* update last activity and finish off state */ time(&(session->lastactivity)); return LDAP_SUCCESS; } /* Set alternative credentials for the session. */ void myldap_set_credentials(MYLDAP_SESSION *session,const char *dn, const char *password) { /* copy dn and password into session */ strncpy(session->binddn,dn,sizeof(session->binddn)); session->binddn[sizeof(session->binddn)-1]='\0'; strncpy(session->bindpw,password,sizeof(session->bindpw)); session->bindpw[sizeof(session->bindpw)-1]='\0'; } static int do_try_search(MYLDAP_SEARCH *search) { int rc; LDAPControl *serverCtrls[2]; LDAPControl **pServerCtrls; int msgid; /* ensure that we have an open connection */ rc=do_open(search->session); if (rc!=LDAP_SUCCESS) return rc; /* if we're using paging, build a page control */ if ((nslcd_cfg->ldc_pagesize>0)&&(search->scope!=LDAP_SCOPE_BASE)) { rc=ldap_create_page_control(search->session->ld,nslcd_cfg->ldc_pagesize, NULL,0,&serverCtrls[0]); if (rc==LDAP_SUCCESS) { serverCtrls[1]=NULL; pServerCtrls=serverCtrls; } else { myldap_err(LOG_WARNING,search->session->ld,rc,"ldap_create_page_control() failed"); /* clear error flag */ rc=LDAP_SUCCESS; if (ldap_set_option(search->session->ld,LDAP_OPT_ERROR_NUMBER,&rc)!=LDAP_SUCCESS) log_log(LOG_WARNING,"failed to clear the error flag"); pServerCtrls=NULL; } } else pServerCtrls=NULL; /* perform the search */ rc=ldap_search_ext(search->session->ld,search->base,search->scope, search->filter,(char **)(search->attrs), 0,pServerCtrls,NULL,NULL, LDAP_NO_LIMIT,&msgid); /* free the controls if we had them */ if (pServerCtrls!=NULL) { ldap_control_free(serverCtrls[0]); serverCtrls[0]=NULL; } /* handle errors */ if (rc!=LDAP_SUCCESS) { myldap_err(LOG_WARNING,search->session->ld,rc,"ldap_search_ext() failed"); return rc; } /* update the last activity on the connection */ time(&(search->session->lastactivity)); /* save msgid */ search->msgid=msgid; /* return the new search */ return LDAP_SUCCESS; } MYLDAP_SESSION *myldap_create_session(void) { return myldap_session_new(); } void myldap_session_cleanup(MYLDAP_SESSION *session) { int i; /* check parameter */ if (!is_valid_session(session)) { log_log(LOG_ERR,"myldap_session_cleanup(): invalid session passed"); return; } /* go over all searches in the session and close them */ for (i=0;isearches[i]!=NULL) { myldap_search_close(session->searches[i]); session->searches[i]=NULL; } } } void myldap_session_close(MYLDAP_SESSION *session) { /* check parameter */ if (!is_valid_session(session)) { log_log(LOG_ERR,"myldap_session_cleanup(): invalid session passed"); return; } /* close pending searches */ myldap_session_cleanup(session); /* close any open connections */ do_close(session); /* free allocated memory */ free(session); } /* mutex for updating the times in the uri */ pthread_mutex_t uris_mutex = PTHREAD_MUTEX_INITIALIZER; static int do_retry_search(MYLDAP_SEARCH *search) { int sleeptime=0; int start_uri; time_t endtime; time_t nexttry; time_t t; int rc=LDAP_UNAVAILABLE; struct myldap_uri *current_uri; int dotry[NSS_LDAP_CONFIG_URI_MAX]; /* clear time stamps */ for (start_uri=0;start_urildc_reconnect_retrytime; while (1) { nexttry=endtime; /* try each configured URL once */ pthread_mutex_lock(&uris_mutex); start_uri=search->session->current_uri; do { current_uri=&(nslcd_cfg->ldc_uris[search->session->current_uri]); /* only try this URI if we should */ if (!dotry[search->session->current_uri]) { /* skip this URI */ } else if ( (current_uri->lastfail > (current_uri->firstfail+nslcd_cfg->ldc_reconnect_retrytime)) && ((t=time(NULL)) < (current_uri->lastfail+nslcd_cfg->ldc_reconnect_retrytime)) ) { /* we are in a hard fail state and have retried not long ago */ log_log(LOG_DEBUG,"not retrying server %s which failed just %d second(s) ago and has been failing for %d seconds", current_uri->uri,(int)(t-current_uri->lastfail), (int)(t-current_uri->firstfail)); dotry[search->session->current_uri]=0; } else { /* try to start the search */ pthread_mutex_unlock(&uris_mutex); rc=do_try_search(search); if (rc==LDAP_SUCCESS) { pthread_mutex_lock(&uris_mutex); /* check if we are coming back from an error */ if ((current_uri->lastfail>0)||(search->session->current_uri!=start_uri)) log_log(LOG_INFO,"connected to LDAP server %s",current_uri->uri); /* update ok time */ current_uri->firstfail=0; current_uri->lastfail=0; pthread_mutex_unlock(&uris_mutex); /* flag the search as valid */ search->valid=1; return LDAP_SUCCESS; } /* close the current connection */ do_close(search->session); /* update time of failure and figure out when we should retry */ pthread_mutex_lock(&uris_mutex); t=time(NULL); /* update timestaps unless we are doing an authentication search */ if (search->session->binddn[0]=='\0') { if (current_uri->firstfail==0) current_uri->firstfail=t; current_uri->lastfail=t; } /* if it is one of these, retrying this URI is not going to help */ if ((rc==LDAP_INVALID_CREDENTIALS)||(rc==LDAP_INSUFFICIENT_ACCESS)|| (rc==LDAP_AUTH_METHOD_NOT_SUPPORTED)) dotry[search->session->current_uri]=0; /* check when we should try this URI again */ else if (t <= (current_uri->firstfail+nslcd_cfg->ldc_reconnect_retrytime)) { t+=nslcd_cfg->ldc_reconnect_sleeptime; if (tsession->current_uri++; if (nslcd_cfg->ldc_uris[search->session->current_uri].uri==NULL) search->session->current_uri=0; } while (search->session->current_uri!=start_uri); pthread_mutex_unlock(&uris_mutex); /* see if it is any use sleeping */ if (nexttry>=endtime) { if (search->session->binddn[0]=='\0') myldap_err(LOG_ERR,search->session->ld,rc,"no available LDAP server found"); return rc; } /* sleep between tries */ sleeptime=nexttry-time(NULL); if (sleeptime>0) { log_log(LOG_WARNING,"no available LDAP server found, sleeping %d seconds",sleeptime); (void)sleep(sleeptime); } } } MYLDAP_SEARCH *myldap_search( MYLDAP_SESSION *session, const char *base,int scope,const char *filter,const char **attrs, int *rcp) { MYLDAP_SEARCH *search; int i; int rc; /* check parameters */ if (!is_valid_session(session)||(base==NULL)||(filter==NULL)||(attrs==NULL)) { log_log(LOG_ERR,"myldap_search(): invalid parameter passed"); errno=EINVAL; if (rcp!=NULL) *rcp=LDAP_OPERATIONS_ERROR; return NULL; } /* log the call */ log_log(LOG_DEBUG,"myldap_search(base=\"%s\", filter=\"%s\")", base,filter); /* check if the idle time for the connection has expired */ myldap_session_check(session); /* allocate a new search entry */ search=myldap_search_new(session,base,scope,filter,attrs); /* find a place in the session where we can register our search */ for (i=0;(session->searches[i]!=NULL)&&(i=MAX_SEARCHES_IN_SESSION) { log_log(LOG_ERR,"myldap_search(): too many searches registered with session (max %d)", MAX_SEARCHES_IN_SESSION); myldap_search_close(search); if (rcp!=NULL) *rcp=LDAP_OPERATIONS_ERROR; return NULL; } /* regsiter search with the session so we can free it later on */ session->searches[i]=search; /* do the search with retries to all configured servers */ rc=do_retry_search(search); if (rc!=LDAP_SUCCESS) { myldap_search_close(search); if (rcp!=NULL) *rcp=rc; return NULL; } if (rcp!=NULL) *rcp=LDAP_SUCCESS; return search; } void myldap_search_close(MYLDAP_SEARCH *search) { int i; if (search==NULL) return; /* free any messages */ if (search->msg!=NULL) { ldap_msgfree(search->msg); search->msg=NULL; } /* abandon the search if there were more results to fetch */ if ((search->session->ld!=NULL)&&(search->msgid!=-1)) { ldap_abandon(search->session->ld,search->msgid); search->msgid=-1; } /* find the reference to this search in the session */ for (i=0;isession->searches[i]==search) search->session->searches[i]=NULL; } /* free any search entries */ if (search->entry!=NULL) myldap_entry_free(search->entry); /* clean up cookie */ if (search->cookie!=NULL) ber_bvfree(search->cookie); /* free read messages */ if (search->msg!=NULL) ldap_msgfree(search->msg); /* free the storage we allocated */ free(search); } MYLDAP_ENTRY *myldap_get_entry(MYLDAP_SEARCH *search,int *rcp) { int rc; int parserc; int msgid; struct timeval tv,*tvp; LDAPControl **resultcontrols; LDAPControl *serverctrls[2]; ber_int_t count; /* check parameters */ if (!is_valid_search(search)) { log_log(LOG_ERR,"myldap_get_entry(): invalid search passed"); errno=EINVAL; if (rcp!=NULL) *rcp=LDAP_OPERATIONS_ERROR; return NULL; } /* check if the connection wasn't closed in another search */ if (!search->valid) { log_log(LOG_WARNING,"myldap_get_entry(): connection was closed"); /* retry the search */ if (search->may_retry_search) { log_log(LOG_DEBUG,"myldap_get_entry(): retry search"); search->may_retry_search=0; if (do_retry_search(search)==LDAP_SUCCESS) return myldap_get_entry(search,rcp); } myldap_search_close(search); if (rcp!=NULL) *rcp=LDAP_SERVER_DOWN; return NULL; } /* set up a timelimit value for operations */ if (nslcd_cfg->ldc_timelimit==LDAP_NO_LIMIT) tvp=NULL; else { tv.tv_sec=nslcd_cfg->ldc_timelimit; tv.tv_usec=0; tvp=&tv; } /* if we have an existing result entry, free it */ if (search->entry!=NULL) { myldap_entry_free(search->entry); search->entry=NULL; } /* try to parse results until we have a final error or ok */ while (1) { /* free the previous message if there was any */ if (search->msg!=NULL) { ldap_msgfree(search->msg); search->msg=NULL; } /* get the next result */ rc=ldap_result(search->session->ld,search->msgid,LDAP_MSG_ONE,tvp,&(search->msg)); /* handle result */ switch (rc) { case LDAP_RES_SEARCH_ENTRY: /* we have a normal search entry, update timestamp and return result */ time(&(search->session->lastactivity)); search->entry=myldap_entry_new(search); if (rcp!=NULL) *rcp=LDAP_SUCCESS; /* log the first couple of dns in the result (but not all, to prevent swamping the log) */ if (search->countentry)); search->count++; search->may_retry_search=0; return search->entry; case LDAP_RES_SEARCH_RESULT: /* we have a search result, parse it */ resultcontrols=NULL; if (search->cookie!=NULL) { ber_bvfree(search->cookie); search->cookie=NULL; } /* NB: this frees search->msg */ parserc=ldap_parse_result(search->session->ld,search->msg,&rc,NULL, NULL,NULL,&resultcontrols,1); search->msg=NULL; /* check for errors during parsing */ if ((parserc!=LDAP_SUCCESS)&&(parserc!=LDAP_MORE_RESULTS_TO_RETURN)) { if (resultcontrols!=NULL) ldap_controls_free(resultcontrols); myldap_err(LOG_ERR,search->session->ld,parserc,"ldap_parse_result() failed"); myldap_search_close(search); if (rcp!=NULL) *rcp=parserc; return NULL; } /* check for errors in message */ if ((rc!=LDAP_SUCCESS)&&(rc!=LDAP_MORE_RESULTS_TO_RETURN)) { if (resultcontrols!=NULL) ldap_controls_free(resultcontrols); myldap_err(LOG_ERR,search->session->ld,rc,"ldap_result() failed"); /* close connection on connection problems */ if ((rc==LDAP_UNAVAILABLE)||(rc==LDAP_SERVER_DOWN)) do_close(search->session); myldap_search_close(search); if (rcp!=NULL) *rcp=rc; return NULL; } /* handle result controls */ if (resultcontrols!=NULL) { /* see if there are any more pages to come */ rc=ldap_parse_page_control(search->session->ld, resultcontrols,&count, &(search->cookie)); if (rc!=LDAP_SUCCESS) { myldap_err(LOG_WARNING,search->session->ld,rc,"ldap_parse_page_control() failed"); /* clear error flag */ rc=LDAP_SUCCESS; if (ldap_set_option(search->session->ld,LDAP_OPT_ERROR_NUMBER,&rc)!=LDAP_SUCCESS) log_log(LOG_WARNING,"failed to clear the error flag"); } /* TODO: handle the above return code?? */ ldap_controls_free(resultcontrols); } search->msgid=-1; /* check if there are more pages to come */ if ((search->cookie==NULL)||(search->cookie->bv_len==0)) { if (search->count>MAX_DEBUG_LOG_DNS) log_log(LOG_DEBUG,"ldap_result(): ... %d more results", search->count-MAX_DEBUG_LOG_DNS); log_log(LOG_DEBUG,"ldap_result(): end of results (%d total)", search->count); /* we are at the end of the search, no more results */ myldap_search_close(search); if (rcp!=NULL) *rcp=LDAP_SUCCESS; return NULL; } /* try the next page */ serverctrls[0]=NULL; serverctrls[1]=NULL; rc=ldap_create_page_control(search->session->ld, nslcd_cfg->ldc_pagesize, search->cookie,0,&serverctrls[0]); if (rc!=LDAP_SUCCESS) { if (serverctrls[0]!=NULL) ldap_control_free(serverctrls[0]); myldap_err(LOG_WARNING,search->session->ld,rc,"ldap_create_page_control() failed"); myldap_search_close(search); if (rcp!=NULL) *rcp=rc; return NULL; } /* set up a new search for the next page */ rc=ldap_search_ext(search->session->ld, search->base,search->scope,search->filter, search->attrs,0,serverctrls,NULL,NULL, LDAP_NO_LIMIT,&msgid); ldap_control_free(serverctrls[0]); if (rc!=LDAP_SUCCESS) { myldap_err(LOG_WARNING,search->session->ld,rc,"ldap_search_ext() failed"); /* close connection on connection problems */ if ((rc==LDAP_UNAVAILABLE)||(rc==LDAP_SERVER_DOWN)) do_close(search->session); myldap_search_close(search); if (rcp!=NULL) *rcp=rc; return NULL; } search->msgid=msgid; /* we continue with another pass */ break; case LDAP_RES_SEARCH_REFERENCE: break; /* just ignore search references */ default: /* we have some error condition, find out which */ switch (rc) { case -1: /* try to get error code */ if (ldap_get_option(search->session->ld,LDAP_OPT_ERROR_NUMBER,&rc)!=LDAP_SUCCESS) rc=LDAP_UNAVAILABLE; myldap_err(LOG_ERR,search->session->ld,rc,"ldap_result() failed"); break; case 0: /* the timeout expired */ log_log(LOG_ERR,"ldap_result() timed out"); rc=LDAP_TIMELIMIT_EXCEEDED; break; default: /* unknown code */ log_log(LOG_WARNING,"ldap_result() returned unexpected result type"); rc=LDAP_PROTOCOL_ERROR; } /* close connection on some connection problems */ if ((rc==LDAP_UNAVAILABLE)||(rc==LDAP_SERVER_DOWN)||(rc==LDAP_SUCCESS)|| (rc==LDAP_TIMELIMIT_EXCEEDED)||(rc==LDAP_OPERATIONS_ERROR)|| (rc==LDAP_PROTOCOL_ERROR)) { do_close(search->session); /* retry once if no data has been received yet */ if (search->may_retry_search) { log_log(LOG_DEBUG,"myldap_get_entry(): retry search"); search->may_retry_search=0; if (do_retry_search(search)==LDAP_SUCCESS) return myldap_get_entry(search,rcp); } } /* close search */ myldap_search_close(search); if (rcp!=NULL) *rcp=rc; return NULL; } } } /* Get the DN from the entry. This function only returns NULL (and sets errno) if an incorrect entry is passed. If the DN value cannot be retrieved "unknown" is returned instead. */ const char *myldap_get_dn(MYLDAP_ENTRY *entry) { int rc; /* check parameters */ if (!is_valid_entry(entry)) { log_log(LOG_ERR,"myldap_get_dn(): invalid result entry passed"); errno=EINVAL; return "unknown"; } /* if we don't have it yet, retrieve it */ if ((entry->dn==NULL)&&(entry->search->valid)) { entry->dn=ldap_get_dn(entry->search->session->ld,entry->search->msg); if (entry->dn==NULL) { if (ldap_get_option(entry->search->session->ld,LDAP_OPT_ERROR_NUMBER,&rc)!=LDAP_SUCCESS) rc=LDAP_UNAVAILABLE; myldap_err(LOG_WARNING,entry->search->session->ld,rc,"ldap_get_dn() returned NULL"); /* close connection on connection problems */ if ((rc==LDAP_UNAVAILABLE)||(rc==LDAP_SERVER_DOWN)) do_close(entry->search->session); } } /* if we still don't have it, return unknown */ if (entry->dn==NULL) return "unknown"; /* return it */ return entry->dn; } char *myldap_cpy_dn(MYLDAP_ENTRY *entry,char *buf,size_t buflen) { const char *dn; /* get the dn */ dn=myldap_get_dn(entry); /* copy into buffer */ if (strlen(dn)search->session; MYLDAP_SEARCH *search=NULL; SET *set=NULL; /* build the attribute name to find */ if (mysnprintf(attbuf,sizeof(attbuf),"%s;range=0-*",attr)) return NULL; /* keep doing lookups untul we can't get any more results */ while (1) { /* go over all attributes to find the ranged attribute */ ber=NULL; attn=ldap_first_attribute(entry->search->session->ld,entry->search->msg,&ber); values=NULL; while (attn!=NULL) { if (strncasecmp(attn,attbuf,strlen(attbuf)-1)==0) { log_log(LOG_DEBUG,"found ranged results %s",attn); nxt=atoi(attn+strlen(attbuf)-1)+1; values=ldap_get_values(entry->search->session->ld,entry->search->msg,attn); ldap_memfree(attn); break; } /* free old attribute name and get next one */ ldap_memfree(attn); attn=ldap_next_attribute(entry->search->session->ld,entry->search->msg,ber); } ber_free(ber,0); /* see if we found any values */ if ((values==NULL)||(*values==NULL)) break; /* allocate memory */ if (set==NULL) { set=set_new(); if (set==NULL) { ldap_value_free(values); log_log(LOG_CRIT,"myldap_get_ranged_values(): set_new() failed to allocate memory"); return NULL; } } /* add to the set */ for (i=0;values[i]!=NULL;i++) set_add(set,values[i]); /* free results */ ldap_value_free(values); /* check if we should start a new search */ if (nxt<=startat) break; startat=nxt; /* build attributes for a new search */ if (mysnprintf(attbuf,sizeof(attbuf),"%s;range=%d-*",attr,startat)) break; attrs[0]=attbuf; attrs[1]=NULL; /* close the previous search, if any */ if (search!=NULL) myldap_search_close(search); /* start the new search */ search=myldap_search(session,dn,LDAP_SCOPE_BASE,"(objectClass=*)",attrs,NULL); if (search==NULL) break; entry=myldap_get_entry(search,NULL); if (entry==NULL) break; } /* close any started searches */ if (search!=NULL) myldap_search_close(search); /* return the contents of the set as a list */ return set; } /* Simple wrapper around ldap_get_values(). */ const char **myldap_get_values(MYLDAP_ENTRY *entry,const char *attr) { char **values; int rc; int i; SET *set; /* check parameters */ if (!is_valid_entry(entry)) { log_log(LOG_ERR,"myldap_get_values(): invalid result entry passed"); errno=EINVAL; return NULL; } else if (attr==NULL) { log_log(LOG_ERR,"myldap_get_values(): invalid attribute name passed"); errno=EINVAL; return NULL; } if (!entry->search->valid) return NULL; /* search has been stopped */ /* get from LDAP */ values=ldap_get_values(entry->search->session->ld,entry->search->msg,attr); if (values==NULL) { if (ldap_get_option(entry->search->session->ld,LDAP_OPT_ERROR_NUMBER,&rc)!=LDAP_SUCCESS) rc=LDAP_UNAVAILABLE; /* ignore decoding errors as they are just nonexisting attribute values */ if (rc==LDAP_DECODING_ERROR) { rc=LDAP_SUCCESS; if (ldap_set_option(entry->search->session->ld,LDAP_OPT_ERROR_NUMBER,&rc)!=LDAP_SUCCESS) log_log(LOG_WARNING,"failed to clear the error flag"); } else if (rc==LDAP_SUCCESS) { /* we have a success code but no values, let's try to get ranged values */ set=myldap_get_ranged_values(entry,attr); if (set==NULL) return NULL; /* store values entry so we can free it later on */ for (i=0;irangedattributevalues[i]==NULL) { entry->rangedattributevalues[i]=(char **)set_tolist(set); set_free(set); return (const char **)entry->rangedattributevalues[i]; } /* we found no room to store the values */ log_log(LOG_ERR,"ldap_get_values() couldn't store results, increase MAX_RANGED_ATTRIBUTES_PER_ENTRY"); set_free(set); return NULL; } else myldap_err(LOG_WARNING,entry->search->session->ld,rc, "ldap_get_values() of attribute \"%s\" on entry \"%s\" returned NULL", attr,myldap_get_dn(entry)); return NULL; } /* store values entry so we can free it later on */ for (i=0;iattributevalues[i]==NULL) { entry->attributevalues[i]=values; return (const char **)values; } /* we found no room to store the entry */ log_log(LOG_ERR,"ldap_get_values() couldn't store results, increase MAX_ATTRIBUTES_PER_ENTRY"); ldap_value_free(values); return NULL; } /* Convert the bervalues to a simple list of strings that can be freed with one call to free(). */ static const char **bervalues_to_values(struct berval **bvalues) { int num_values; int i; size_t sz; char *buf; char **values; /* figure out how much memory to allocate */ num_values=ldap_count_values_len(bvalues); sz=(num_values+1)*sizeof(char *); for (i=0;ibv_len+1; /* allocate the needed memory */ values=(char **)malloc(sz); if (values==NULL) { log_log(LOG_CRIT,"bervalues_to_values(): malloc() failed to allocate memory"); return NULL; } buf=(char *)values; buf+=(num_values+1)*sizeof(char *); /* copy from bvalues */ for (i=0;ibv_val,bvalues[i]->bv_len); values[i][bvalues[i]->bv_len]='\0'; buf+=bvalues[i]->bv_len+1; } values[i]=NULL; return (const char **)values; } /* Simple wrapper around ldap_get_values(). */ const char **myldap_get_values_len(MYLDAP_ENTRY *entry,const char *attr) { const char **values; struct berval **bvalues; int rc; int i; SET *set; /* check parameters */ if (!is_valid_entry(entry)) { log_log(LOG_ERR,"myldap_get_values_len(): invalid result entry passed"); errno=EINVAL; return NULL; } else if (attr==NULL) { log_log(LOG_ERR,"myldap_get_values_len(): invalid attribute name passed"); errno=EINVAL; return NULL; } if (!entry->search->valid) return NULL; /* search has been stopped */ /* get from LDAP */ bvalues=ldap_get_values_len(entry->search->session->ld,entry->search->msg,attr); if (bvalues==NULL) { if (ldap_get_option(entry->search->session->ld,LDAP_OPT_ERROR_NUMBER,&rc)!=LDAP_SUCCESS) rc=LDAP_UNAVAILABLE; /* ignore decoding errors as they are just nonexisting attribute values */ if (rc==LDAP_DECODING_ERROR) { rc=LDAP_SUCCESS; if (ldap_set_option(entry->search->session->ld,LDAP_OPT_ERROR_NUMBER,&rc)!=LDAP_SUCCESS) log_log(LOG_WARNING,"failed to clear the error flag"); return NULL; } else if (rc==LDAP_SUCCESS) { /* we have a success code but no values, let's try to get ranged values */ set=myldap_get_ranged_values(entry,attr); if (set==NULL) return NULL; values=set_tolist(set); set_free(set); if (values==NULL) { log_log(LOG_CRIT,"myldap_get_values_len(): malloc() failed to allocate memory"); return NULL; } } else { myldap_err(LOG_WARNING,entry->search->session->ld,rc, "myldap_get_values_len() of attribute \"%s\" on entry \"%s\" returned NULL", attr,myldap_get_dn(entry)); return NULL; } } else { values=bervalues_to_values(bvalues); ldap_value_free_len(bvalues); } /* check if we got allocated memory */ if (values==NULL) return NULL; /* store values entry so we can free it later on */ for (i=0;irangedattributevalues[i]==NULL) { entry->rangedattributevalues[i]=(char **)values; return values; } /* we found no room to store the values */ log_log(LOG_ERR,"myldap_get_values_len() couldn't store results, increase MAX_RANGED_ATTRIBUTES_PER_ENTRY"); free(values); return NULL; } /* Go over the entries in exploded_rdn and see if any start with the requested attribute. Return a reference to the value part of the DN (does not modify exploded_rdn). */ static const char *find_rdn_value(char **exploded_rdn,const char *attr) { int i,j; int l; if (exploded_rdn==NULL) return NULL; /* go over all RDNs */ l=strlen(attr); for (i=0;exploded_rdn[i]!=NULL;i++) { /* check that RDN starts with attr */ if (strncasecmp(exploded_rdn[i],attr,l)!=0) continue; j=l; /* skip spaces */ while (isspace(exploded_rdn[i][j])) j++; /* ensure that we found an equals sign now */ if (exploded_rdn[i][j]!='=') continue; j++; /* skip more spaces */ while (isspace(exploded_rdn[i][j])) j++; /* ensure that we're not at the end of the string */ if (exploded_rdn[i][j]=='\0') continue; /* we found our value */ return exploded_rdn[i]+j; } /* fail */ return NULL; } /* explode the first part of DN into parts (e.g. "cn=Test", "uid=test") The returned value should be freed with ldap_value_free(). */ static char **get_exploded_rdn(const char *dn) { char **exploded_dn; char **exploded_rdn; /* check if we have a DN */ if ((dn==NULL)||(strcasecmp(dn,"unknown")==0)) return NULL; /* explode dn into { "uid=test", "ou=people", ..., NULL } */ exploded_dn=ldap_explode_dn(dn,0); if ((exploded_dn==NULL)||(exploded_dn[0]==NULL)) { log_log(LOG_WARNING,"ldap_explode_dn(%s) returned NULL: %s", dn,strerror(errno)); return NULL; } /* explode rdn (first part of exploded_dn), e.g. "cn=Test User+uid=testusr" into { "cn=Test User", "uid=testusr", NULL } */ errno=0; exploded_rdn=ldap_explode_rdn(exploded_dn[0],0); if ((exploded_rdn==NULL)||(exploded_rdn[0]==NULL)) { log_log(LOG_WARNING,"ldap_explode_rdn(%s) returned NULL: %s", exploded_dn[0],strerror(errno)); if (exploded_rdn!=NULL) ldap_value_free(exploded_rdn); ldap_value_free(exploded_dn); return NULL; } ldap_value_free(exploded_dn); return exploded_rdn; } const char *myldap_get_rdn_value(MYLDAP_ENTRY *entry,const char *attr) { /* check parameters */ if (!is_valid_entry(entry)) { log_log(LOG_ERR,"myldap_get_rdn_value(): invalid result entry passed"); errno=EINVAL; return NULL; } else if (attr==NULL) { log_log(LOG_ERR,"myldap_get_rdn_value(): invalid attribute name passed"); errno=EINVAL; return NULL; } /* check if entry contains exploded_rdn */ if (entry->exploded_rdn==NULL) { entry->exploded_rdn=get_exploded_rdn(myldap_get_dn(entry)); if (entry->exploded_rdn==NULL) return NULL; } /* find rnd value */ return find_rdn_value(entry->exploded_rdn,attr); } const char *myldap_cpy_rdn_value(const char *dn,const char *attr, char *buf,size_t buflen) { char **exploded_rdn; const char *value; /* explode dn into { "cn=Test", "uid=test", NULL } */ exploded_rdn=get_exploded_rdn(dn); if (exploded_rdn==NULL) return NULL; /* see if we have a match */ value=find_rdn_value(exploded_rdn,attr); /* if we have something store it in the buffer */ if ((value!=NULL)&&(strlen(value)=buflen) return -1; /* do escaping for some characters */ switch (*src) { case '*': strcpy(buffer+pos,"\\2a"); pos+=3; break; case '(': strcpy(buffer+pos,"\\28"); pos+=3; break; case ')': strcpy(buffer+pos,"\\29"); pos+=3; break; case '\\': strcpy(buffer+pos,"\\5c"); pos+=3; break; default: /* just copy character */ buffer[pos++]=*src; break; } } /* terminate destination string */ buffer[pos]='\0'; return 0; } int myldap_set_debuglevel(int level) { int i; int rc; /* turn on debugging */ if (level>1) { #ifdef LBER_OPT_LOG_PRINT_FILE log_log(LOG_DEBUG,"ber_set_option(LBER_OPT_LOG_PRINT_FILE)"); \ rc=ber_set_option(NULL,LBER_OPT_LOG_PRINT_FILE,stderr); if (rc!=LDAP_SUCCESS) { myldap_err(LOG_ERR,NULL,rc,"ber_set_option(LBER_OPT_LOG_PRINT_FILE) failed"); return rc; } #endif /* LBER_OPT_LOG_PRINT_FILE */ #ifdef LBER_OPT_DEBUG_LEVEL if (level>2) { i=-1; log_log(LOG_DEBUG,"ber_set_option(LBER_OPT_DEBUG_LEVEL,-1)"); rc=ber_set_option(NULL,LBER_OPT_DEBUG_LEVEL,&i); if (rc!=LDAP_SUCCESS) { myldap_err(LOG_ERR,NULL,rc,"ber_set_option(LBER_OPT_DEBUG_LEVEL) failed"); return rc; } } #endif /* LBER_OPT_DEBUG_LEVEL */ #ifdef LDAP_OPT_DEBUG_LEVEL i=-1; log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_DEBUG_LEVEL,-1)"); rc=ldap_set_option(NULL,LDAP_OPT_DEBUG_LEVEL,&i); if (rc!=LDAP_SUCCESS) { myldap_err(LOG_ERR,NULL,rc,"ldap_set_option(LDAP_OPT_DEBUG_LEVEL) failed"); return rc; } #endif /* LDAP_OPT_DEBUG_LEVEL */ } return LDAP_SUCCESS; } int myldap_passwd( MYLDAP_SESSION *session, const char *userdn,const char *oldpassword,const char *newpasswd) { int rc; struct berval ber_userdn, ber_oldpassword, ber_newpassword, ber_retpassword; /* check parameters */ if (!is_valid_session(session)||(userdn==NULL)||(newpasswd==NULL)) { log_log(LOG_ERR,"myldap_passwd(): invalid parameter passed"); errno=EINVAL; return LDAP_OTHER; } /* log the call */ log_log(LOG_DEBUG,"myldap_passwd(userdn=\"%s\",oldpasswd=%s,newpasswd=\"***\")", userdn,oldpassword?"\"***\"":"NULL"); /* translate to ber stuff */ ber_userdn.bv_val=(char *)userdn; ber_userdn.bv_len=strlen(userdn); ber_newpassword.bv_val=(char *)newpasswd; ber_newpassword.bv_len=strlen(newpasswd); ber_retpassword.bv_val=NULL; ber_retpassword.bv_len=0; /* perform request */ log_log(LOG_DEBUG,"myldap_passwd(): try ldap_passwd_s() without old password"); rc=ldap_passwd_s(session->ld,&ber_userdn,NULL, &ber_newpassword,&ber_retpassword,NULL,NULL); if (rc!=LDAP_SUCCESS) myldap_err(LOG_ERR,session->ld,rc,"ldap_passwd_s() without old password failed"); /* free returned data if needed */ if (ber_retpassword.bv_val!=NULL) ldap_memfree(ber_retpassword.bv_val); if ((rc!=LDAP_SUCCESS)&&(oldpassword!=NULL)) { /* retry with old password */ log_log(LOG_DEBUG,"myldap_passwd(): try ldap_passwd_s() with old password"); ber_oldpassword.bv_val=(char *)oldpassword; ber_oldpassword.bv_len=strlen(oldpassword); /* perform request */ rc=ldap_passwd_s(session->ld,&ber_userdn,&ber_oldpassword, &ber_newpassword,&ber_retpassword,NULL,NULL); if (rc!=LDAP_SUCCESS) myldap_err(LOG_ERR,session->ld,rc,"ldap_passwd_s() with old password failed"); /* free returned data if needed */ if (ber_retpassword.bv_val!=NULL) ldap_memfree(ber_retpassword.bv_val); } return rc; } int myldap_modify(MYLDAP_SESSION *session,const char *dn,LDAPMod *mods[]) { if (!is_valid_session(session)||(dn==NULL)) { log_log(LOG_ERR,"myldap_passwd(): invalid parameter passed"); errno=EINVAL; return LDAP_OTHER; } return ldap_modify_ext_s(session->ld,dn,mods,NULL,NULL); } nss-pam-ldapd-0.8.13/nslcd/cfg.c0000644000175000001440000012645212137233773013210 00000000000000/* cfg.c - functions for configuration information This file contains parts that were part of the nss_ldap library which has been forked into the nss-pam-ldapd library. Copyright (C) 1997-2005 Luke Howard Copyright (C) 2007 West Consulting Copyright (C) 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_GSSAPI_H #include #endif /* HAVE_GSSAPI_H */ #ifdef HAVE_GSSAPI_GSSAPI_H #include #endif /* HAVE_GSSAPI_GSSAPI_H */ #ifdef HAVE_GSSAPI_GSSAPI_KRB5_H #include #endif /* HAVE_GSSAPI_GSSAPI_KRB5_H */ #ifdef HAVE_GSSAPI_GSSAPI_GENERIC_H #include #endif /* HAVE_GSSAPI_GSSAPI_GENERIC_H */ #include #include #include #include "common.h" #include "log.h" #include "cfg.h" #include "attmap.h" #include "common/expr.h" struct ldap_config *nslcd_cfg=NULL; /* the maximum line length in the configuration file */ #define MAX_LINE_LENGTH 4096 /* the delimiters of tokens */ #define TOKEN_DELIM " \t\n\r" /* convenient wrapper macro for ldap_set_option() */ #define LDAP_SET_OPTION(ld,option,invalue) \ rc=ldap_set_option(ld,option,invalue); \ if (rc!=LDAP_SUCCESS) \ { \ log_log(LOG_ERR,"ldap_set_option(" #option ") failed: %s",ldap_err2string(rc)); \ exit(EXIT_FAILURE); \ } /* prototype for parse_validnames_statement() because it is used in cfg_defaults() */ static void parse_validnames_statement(const char *filename,int lnr, const char *keyword,char *line,struct ldap_config *cfg); /* set the configuration information to the defaults */ static void cfg_defaults(struct ldap_config *cfg) { int i; memset(cfg,0,sizeof(struct ldap_config)); cfg->ldc_threads=5; cfg->ldc_uidname=NULL; cfg->ldc_uid=NOUID; cfg->ldc_gid=NOGID; cfg->ldc_ignorecase=0; for (i=0;i<(NSS_LDAP_CONFIG_URI_MAX+1);i++) { cfg->ldc_uris[i].uri=NULL; cfg->ldc_uris[i].firstfail=0; cfg->ldc_uris[i].lastfail=0; } #ifdef LDAP_VERSION3 cfg->ldc_version=LDAP_VERSION3; #else /* LDAP_VERSION3 */ cfg->ldc_version=LDAP_VERSION2; #endif /* not LDAP_VERSION3 */ cfg->ldc_binddn=NULL; cfg->ldc_bindpw=NULL; cfg->ldc_rootpwmoddn=NULL; cfg->ldc_rootpwmodpw=NULL; cfg->ldc_sasl_mech=NULL; cfg->ldc_sasl_realm=NULL; cfg->ldc_sasl_authcid=NULL; cfg->ldc_sasl_authzid=NULL; cfg->ldc_sasl_secprops=NULL; #ifdef LDAP_OPT_X_SASL_NOCANON cfg->ldc_sasl_canonicalize=-1; #endif /* LDAP_OPT_X_SASL_NOCANON */ for (i=0;ildc_bases[i]=NULL; cfg->ldc_scope=LDAP_SCOPE_SUBTREE; cfg->ldc_deref=LDAP_DEREF_NEVER; cfg->ldc_referrals=1; cfg->ldc_bind_timelimit=10; cfg->ldc_timelimit=LDAP_NO_LIMIT; cfg->ldc_idle_timelimit=0; cfg->ldc_reconnect_sleeptime=1; cfg->ldc_reconnect_retrytime=10; #ifdef LDAP_OPT_X_TLS cfg->ldc_ssl_on=SSL_OFF; #endif /* LDAP_OPT_X_TLS */ cfg->ldc_restart=1; cfg->ldc_pagesize=0; cfg->ldc_nss_initgroups_ignoreusers=NULL; for (i=0;ildc_pam_authz_search[i]=NULL; cfg->ldc_nss_min_uid=0; parse_validnames_statement(__FILE__,__LINE__,"", "/^[a-z0-9._@$][a-z0-9._@$ \\~-]*[a-z0-9._@$~-]$/i",cfg); cfg->pam_password_prohibit_message=NULL; } /* simple strdup wrapper */ static char *xstrdup(const char *s) { char *tmp; if (s==NULL) { log_log(LOG_CRIT,"xstrdup() called with NULL"); exit(EXIT_FAILURE); } tmp=strdup(s); if (tmp==NULL) { log_log(LOG_CRIT,"strdup() failed to allocate memory"); exit(EXIT_FAILURE); } return tmp; } /* add a single URI to the list of URIs in the configuration */ static void add_uri(const char *filename,int lnr, struct ldap_config *cfg,const char *uri) { int i; log_log(LOG_DEBUG,"add_uri(%s)",uri); /* find the place where to insert the URI */ for (i=0;cfg->ldc_uris[i].uri!=NULL;i++) ; /* check for room */ if (i>=NSS_LDAP_CONFIG_URI_MAX) { log_log(LOG_ERR,"%s:%d: maximum number of URIs exceeded",filename,lnr); exit(EXIT_FAILURE); } /* append URI to list */ cfg->ldc_uris[i].uri=xstrdup(uri); } #ifdef HAVE_LDAP_DOMAIN2HOSTLIST /* return the domain name of the current host the returned string must be freed by caller */ static const char *cfg_getdomainname(const char *filename,int lnr) { const char *fqdn,*domain; fqdn=getfqdn(); if ((fqdn!=NULL)&&((domain=strchr(fqdn,'.'))!=NULL)&&(domain[1]!='\0')) return domain+1; log_log(LOG_ERR,"%s:%d: unable to determinate a domain name", filename,lnr); exit(EXIT_FAILURE); } /* add URIs by doing DNS queries for SRV records */ static void add_uris_from_dns(const char *filename,int lnr, struct ldap_config *cfg, const char *domain) { int rc; char *hostlist=NULL,*nxt; char buf[HOST_NAME_MAX+sizeof("ldap://")]; log_log(LOG_DEBUG,"query %s for SRV records",domain); rc=ldap_domain2hostlist(domain,&hostlist); if (rc!=LDAP_SUCCESS) { log_log(LOG_ERR,"%s:%d: no servers found in DNS zone %s: %s", filename,lnr,domain,ldap_err2string(rc)); exit(EXIT_FAILURE); } if ((hostlist==NULL)||(*hostlist=='\0')) { log_log(LOG_ERR,"%s:%d: no servers found in DNS zone %s",filename,lnr,domain); exit(EXIT_FAILURE); } /* hostlist is a space-separated list of host names that we use to build URIs */ while(hostlist!=NULL) { /* find the next space and split the string there */ nxt=strchr(hostlist,' '); if (nxt!=NULL) { *nxt='\0'; nxt++; } /* if port is 636, use ldaps:// URI */ if ((strlen(hostlist)>4)&&(strcmp(hostlist+strlen(hostlist)-4,":636")==0)) { hostlist[strlen(hostlist)-4]='\0'; mysnprintf(buf,sizeof(buf),"ldaps://%s",hostlist); } else { /* strip default port number */ if ((strlen(hostlist)>4)&&(strcmp(hostlist+strlen(hostlist)-4,":389")==0)) hostlist[strlen(hostlist)-4]='\0'; mysnprintf(buf,sizeof(buf),"ldap://%s",hostlist); } log_log(LOG_DEBUG,"add_uris_from_dns(): found uri: %s",buf); add_uri(filename,lnr,cfg,buf); /* get next entry from list */ hostlist=nxt; } } #endif /* HAVE_LDAP_DOMAIN2HOSTLIST */ static int parse_boolean(const char *filename,int lnr,const char *value) { if ( (strcasecmp(value,"on")==0) || (strcasecmp(value,"yes")==0) || (strcasecmp(value,"true")==0) || (strcasecmp(value,"1")==0) ) return 1; else if ( (strcasecmp(value,"off")==0) || (strcasecmp(value,"no")==0) || (strcasecmp(value,"false")==0) || (strcasecmp(value,"0")==0) ) return 0; else { log_log(LOG_ERR,"%s:%d: not a boolean argument: '%s'",filename,lnr,value); exit(EXIT_FAILURE); } } static int parse_scope(const char *filename,int lnr,const char *value) { if ( (strcasecmp(value,"sub")==0) || (strcasecmp(value,"subtree")==0) ) return LDAP_SCOPE_SUBTREE; else if ( (strcasecmp(value,"one")==0) || (strcasecmp(value,"onelevel")==0) ) return LDAP_SCOPE_ONELEVEL; else if (strcasecmp(value,"base")==0) return LDAP_SCOPE_BASE; else { log_log(LOG_ERR,"%s:%d: not a scope argument: '%s'",filename,lnr,value); exit(EXIT_FAILURE); } } /* This function works like strtok() except that the original string is not modified and a pointer within str to where the next token begins is returned (this can be used to pass to the function on the next iteration). If no more tokens are found or the token will not fit in the buffer, NULL is returned. */ static char *get_token(char **line,char *buf,size_t buflen) { size_t len; if ((line==NULL)||(*line==NULL)||(**line=='\0')||(buf==NULL)) return NULL; /* find the beginning and length of the token */ *line+=strspn(*line,TOKEN_DELIM); len=strcspn(*line,TOKEN_DELIM); /* check if there is a token */ if (len==0) { *line=NULL; return NULL; } /* limit the token length */ if (len>=buflen) len=buflen-1; /* copy the token */ strncpy(buf,*line,len); buf[len]='\0'; /* skip to the next token */ *line+=len; *line+=strspn(*line,TOKEN_DELIM); /* return the token */ return buf; } static enum ldap_map_selector parse_map(const char *value) { if ( (strcasecmp(value,"alias")==0) || (strcasecmp(value,"aliases")==0) ) return LM_ALIASES; else if ( (strcasecmp(value,"ether")==0) || (strcasecmp(value,"ethers")==0) ) return LM_ETHERS; else if (strcasecmp(value,"group")==0) return LM_GROUP; else if ( (strcasecmp(value,"host")==0) || (strcasecmp(value,"hosts")==0) ) return LM_HOSTS; else if (strcasecmp(value,"netgroup")==0) return LM_NETGROUP; else if ( (strcasecmp(value,"network")==0) || (strcasecmp(value,"networks")==0) ) return LM_NETWORKS; else if (strcasecmp(value,"passwd")==0) return LM_PASSWD; else if ( (strcasecmp(value,"protocol")==0) || (strcasecmp(value,"protocols")==0) ) return LM_PROTOCOLS; else if (strcasecmp(value,"rpc")==0) return LM_RPC; else if ( (strcasecmp(value,"service")==0) || (strcasecmp(value,"services")==0) ) return LM_SERVICES; else if (strcasecmp(value,"shadow")==0) return LM_SHADOW; else return LM_NONE; } /* check to see if the line begins with a named map */ static enum ldap_map_selector get_map(char **line) { char token[32]; char *old; enum ldap_map_selector map; /* get the token */ old=*line; if (get_token(line,token,sizeof(token))==NULL) return LM_NONE; /* find the map if any */ map=parse_map(token); /* unknown map, return to the previous state */ if (map==LM_NONE) *line=old; return map; } /* check that the condition is true and otherwise log an error and bail out */ static inline void check_argumentcount(const char *filename,int lnr, const char *keyword,int condition) { if (!condition) { log_log(LOG_ERR,"%s:%d: %s: wrong number of arguments",filename,lnr,keyword); exit(EXIT_FAILURE); } } /* check that the file is not world readable */ static void check_permissions(const char *filename,const char *keyword) { struct stat sb; /* get file status */ if (stat(filename,&sb)) { log_log(LOG_ERR,"cannot stat() %s: %s",filename,strerror(errno)); exit(EXIT_FAILURE); } /* check permissions */ if ((sb.st_mode&0007)!=0) { if (keyword!=NULL) log_log(LOG_ERR,"%s: file should not be world readable if %s is set", filename, keyword); else log_log(LOG_ERR,"%s: file should not be world readable",filename); exit(EXIT_FAILURE); } } static void get_int(const char *filename,int lnr, const char *keyword,char **line, int *var) { /* TODO: refactor to have less overhead */ char token[32]; check_argumentcount(filename,lnr,keyword,get_token(line,token,sizeof(token))!=NULL); /* TODO: replace with correct numeric parse */ *var=atoi(token); } static void get_boolean(const char *filename,int lnr, const char *keyword,char **line, int *var) { /* TODO: refactor to have less overhead */ char token[32]; check_argumentcount(filename,lnr,keyword,get_token(line,token,sizeof(token))!=NULL); *var=parse_boolean(filename,lnr,token); } static void get_strdup(const char *filename,int lnr, const char *keyword,char **line, char **var) { /* TODO: refactor to have less overhead */ char token[64]; check_argumentcount(filename,lnr,keyword,get_token(line,token,sizeof(token))!=NULL); /* Note: we have a memory leak here if a single variable is changed multiple times in one config (deemed not a problem) */ *var=xstrdup(token); } static void get_restdup(const char *filename,int lnr, const char *keyword,char **line, char **var) { check_argumentcount(filename,lnr,keyword,(*line!=NULL)&&(**line!='\0')); /* Note: we have a memory leak here if a single mapping is changed multiple times in one config (deemed not a problem) */ *var=xstrdup(*line); /* mark that we are at the end of the line */ *line=NULL; } static void get_eol(const char *filename,int lnr, const char *keyword,char **line) { if ((line!=NULL)&&(*line!=NULL)&&(**line!='\0')) { log_log(LOG_ERR,"%s:%d: %s: too may arguments",filename,lnr,keyword); exit(EXIT_FAILURE); } } static void get_uid(const char *filename,int lnr, const char *keyword,char **line, uid_t *var,gid_t *gid,char **str) { /* TODO: refactor to have less overhead */ char token[32]; struct passwd *pwent; char *tmp; check_argumentcount(filename,lnr,keyword,get_token(line,token,sizeof(token))!=NULL); /* check if it is a valid numerical uid */ errno=0; *var=strtouid(token,&tmp,10); if ((*token!='\0')&&(*tmp=='\0')&&(errno==0)&&(strchr(token,'-')==NULL)) { /* get the name and gid from the passwd database */ pwent=getpwuid(*var); if (pwent!=NULL) { if ((gid!=NULL)&&(*gid==NOGID)) *gid=pwent->pw_gid; if (str!=NULL) *str=strdup(pwent->pw_name); return; } } /* find by name */ pwent=getpwnam(token); if (pwent!=NULL) { *var=pwent->pw_uid; if ((gid!=NULL)&&(*gid==NOGID)) *gid=pwent->pw_gid; if (str!=NULL) *str=strdup(token); return; } /* log an error */ log_log(LOG_ERR,"%s:%d: %s: not a valid uid: '%s'",filename,lnr,keyword,token); exit(EXIT_FAILURE); } static void get_gid(const char *filename,int lnr, const char *keyword,char **line, gid_t *var) { /* TODO: refactor to have less overhead */ char token[32]; struct group *grent; char *tmp; check_argumentcount(filename,lnr,keyword,get_token(line,token,sizeof(token))!=NULL); /* check if it is a valid numerical gid */ errno=0; *var=strtogid(token,&tmp,10); if ((*token!='\0')&&(*tmp=='\0')&&(errno==0)&&(strchr(token,'-')==NULL)) return; /* find by name */ grent=getgrnam(token); if (grent!=NULL) { *var=grent->gr_gid; return; } /* log an error */ log_log(LOG_ERR,"%s:%d: %s: not a valid gid: '%s'",filename,lnr,keyword,token); exit(EXIT_FAILURE); } #ifdef LDAP_OPT_X_TLS static void get_reqcert(const char *filename,int lnr, const char *keyword,char **line, int *var) { char token[16]; /* get token */ check_argumentcount(filename,lnr,keyword,get_token(line,token,sizeof(token))!=NULL); /* check if it is a valid value for tls_reqcert option */ if ( (strcasecmp(token,"never")==0) || (strcasecmp(token,"no")==0) ) *var=LDAP_OPT_X_TLS_NEVER; else if (strcasecmp(token,"allow")==0) *var=LDAP_OPT_X_TLS_ALLOW; else if (strcasecmp(token,"try")==0) *var=LDAP_OPT_X_TLS_TRY; else if ( (strcasecmp(token,"demand")==0) || (strcasecmp(token,"yes")==0) ) *var=LDAP_OPT_X_TLS_DEMAND; else if (strcasecmp(token,"hard")==0) *var=LDAP_OPT_X_TLS_HARD; else { log_log(LOG_ERR,"%s:%d: %s: invalid argument: '%s'",filename,lnr,keyword,token); exit(EXIT_FAILURE); } } #endif /* LDAP_OPT_X_TLS */ static void parse_krb5_ccname_statement(const char *filename,int lnr, const char *keyword,char *line) { char token[80]; const char *ccname; const char *ccfile; size_t ccenvlen; char *ccenv; #ifdef HAVE_GSS_KRB5_CCACHE_NAME OM_uint32 minor_status; # endif /* HAVE_GSS_KRB5_CCACHE_NAME */ /* get token */ check_argumentcount(filename,lnr,keyword, (get_token(&line,token,sizeof(token))!=NULL)&&(*line=='\0')); /* set default kerberos ticket cache for SASL-GSSAPI */ ccname=token; /* check that cache exists and is readable if it is a file */ if ( (strncasecmp(ccname,"FILE:",sizeof("FILE:")-1)==0) || (strncasecmp(ccname,"WRFILE:",sizeof("WRFILE:")-1)==0)) { ccfile=strchr(ccname,':')+1; if (access(ccfile,R_OK)!=0) { log_log(LOG_ERR,"%s:%d: error accessing %s: %s",filename,lnr,ccfile,strerror(errno)); exit(EXIT_FAILURE); } } /* set the environment variable (we have a memory leak if this option is set multiple times) */ ccenvlen=strlen(ccname)+sizeof("KRB5CCNAME="); ccenv=(char *)malloc(ccenvlen); if (ccenv==NULL) { log_log(LOG_CRIT,"malloc() failed to allocate memory"); exit(EXIT_FAILURE); } mysnprintf(ccenv,ccenvlen,"KRB5CCNAME=%s",ccname); putenv(ccenv); #ifdef HAVE_GSS_KRB5_CCACHE_NAME /* set the name with gss_krb5_ccache_name() */ if (gss_krb5_ccache_name(&minor_status,ccname,NULL)!=GSS_S_COMPLETE) { log_log(LOG_ERR,"%s:%d: unable to set default credential cache: %s",filename,lnr,ccname); exit(EXIT_FAILURE); } # endif /* HAVE_GSS_KRB5_CCACHE_NAME */ } /* assigns the base to the specified variable doing domain expansion and a simple check to avoid overwriting duplicate values */ static void set_base(const char *filename,int lnr, const char *value,const char **var) { #ifdef HAVE_LDAP_DOMAIN2DN const char *domain=NULL; char *domaindn=NULL; #endif /* HAVE_LDAP_DOMAIN2DN */ /* if the base is "DOMAIN" use the domain name */ if (strcasecmp(value,"domain")==0) { #ifdef HAVE_LDAP_DOMAIN2DN domain=cfg_getdomainname(filename,lnr); ldap_domain2dn(domain,&domaindn); log_log(LOG_DEBUG,"set_base(): setting base to %s from domain",domaindn); value=domaindn; #else /* not HAVE_LDAP_DOMAIN2DN */ log_log(LOG_ERR,"%s:%d: value %s not supported on platform",filename,lnr,value); exit(EXIT_FAILURE); #endif /* not HAVE_LDAP_DOMAIN2DN */ } /* set the new value */ *var=xstrdup(value); } /* parse the validnames statement */ static void parse_validnames_statement(const char *filename,int lnr, const char *keyword,char *line,struct ldap_config *cfg) { char *value; int i,l; int flags=REG_EXTENDED|REG_NOSUB; /* the rest of the line should be a regular expression */ get_restdup(filename,lnr,keyword,&line,&value); /* check formatting and update flags */ if (value[0]!='/') { log_log(LOG_ERR,"%s:%d: regular expression incorrectly delimited",filename,lnr); exit(EXIT_FAILURE); } l=strlen(value); if (value[l-1]=='i') { value[l-1]='\0'; l--; flags|=REG_ICASE; } if (value[l-1]!='/') { log_log(LOG_ERR,"%s:%d: regular expression incorrectly delimited",filename,lnr); exit(EXIT_FAILURE); } value[l-1]='\0'; /* compile the regular expression */ if ((i=regcomp(&cfg->validnames,value+1,flags))!= 0) { /* get the error message */ l=regerror(i,&cfg->validnames,NULL,0); value=malloc(l); if (value==NULL) log_log(LOG_ERR,"%s:%d: invalid regular expression",filename,lnr); else { regerror(i,&cfg->validnames,value,l); log_log(LOG_ERR,"%s:%d: invalid regular expression: %s",filename,lnr, value); } exit(EXIT_FAILURE); } } static void parse_pam_password_prohibit_message_statement(const char *filename,int lnr, const char *keyword,char *line,struct ldap_config *cfg) { char *value; int l; /* the rest of the line should be a message */ get_restdup(filename,lnr,keyword,&line,&value); /* strip quotes if they are present */ l=strlen(value); if ((value[0]=='\"')&&(value[l-1]=='\"')) { value[l-1]='\0'; value++; } cfg->pam_password_prohibit_message=value; } static void parse_base_statement(const char *filename,int lnr, const char *keyword,char *line, struct ldap_config *cfg) { const char **bases; int i; /* get the list of bases to update */ bases=base_get_var(get_map(&line)); if (bases==NULL) bases=cfg->ldc_bases; /* find the spot in the list of bases */ for (i=0;ildc_scope; check_argumentcount(filename,lnr,keyword,(line!=NULL)&&(*line!='\0')); *var=parse_scope(filename,lnr,line); } static void parse_filter_statement(const char *filename,int lnr, const char *keyword,char *line) { const char **var; const char *map=line; var=filter_get_var(get_map(&line)); if (var==NULL) { log_log(LOG_ERR,"%s:%d: unknown map: '%s'",filename,lnr,map); exit(EXIT_FAILURE); } check_argumentcount(filename,lnr,keyword,(line!=NULL)&&(*line!='\0')); /* check if the value will be changed */ if (strcmp(*var,line)!=0) { /* Note: we have a memory leak here if a single mapping is changed multiple times in one config (deemed not a problem) */ *var=xstrdup(line); } } /* this function modifies the statement argument passed */ static void parse_map_statement(const char *filename,int lnr, const char *keyword,char *line) { enum ldap_map_selector map; const char **var; char oldatt[32], newatt[1024]; /* get the map */ if ((map=get_map(&line))==LM_NONE) { log_log(LOG_ERR,"%s:%d: unknown map: '%s'",filename,lnr,line); exit(EXIT_FAILURE); } /* read the other tokens */ check_argumentcount(filename,lnr,keyword, (get_token(&line,oldatt,sizeof(oldatt))!=NULL)&& (get_token(&line,newatt,sizeof(newatt))!=NULL)); /* check that there are no more tokens left on the line */ get_eol(filename,lnr,keyword,&line); /* change attribute mapping */ var=attmap_get_var(map,oldatt); if (var==NULL) { log_log(LOG_ERR,"%s:%d: unknown attribute to map: '%s'",filename,lnr,oldatt); exit(EXIT_FAILURE); } if (attmap_set_mapping(var,newatt)==NULL) { log_log(LOG_ERR,"%s:%d: attribute %s cannot be an expression",filename,lnr,oldatt); exit(EXIT_FAILURE); } } /* this function modifies the statement argument passed */ static void parse_nss_initgroups_ignoreusers_statement( const char *filename,int lnr,const char *keyword, char *line,struct ldap_config *cfg) { char token[MAX_LINE_LENGTH]; char *username,*next; struct passwd *pwent; check_argumentcount(filename,lnr,keyword,(line!=NULL)&&(*line!='\0')); if (cfg->ldc_nss_initgroups_ignoreusers==NULL) cfg->ldc_nss_initgroups_ignoreusers=set_new(); while (get_token(&line,token,sizeof(token))!=NULL) { if (strcasecmp(token,"alllocal")==0) { /* go over all users (this will work because nslcd is not yet running) */ setpwent(); while ((pwent=getpwent())!=NULL) set_add(cfg->ldc_nss_initgroups_ignoreusers,pwent->pw_name); endpwent(); } else { next=token; while (*next!='\0') { username=next; /* find the end of the current username */ while ((*next!='\0')&&(*next!=',')) next++; if (*next==',') { *next='\0'; next++; } /* check if user exists (but add anyway) */ pwent=getpwnam(username); if (pwent==NULL) log_log(LOG_ERR,"%s:%d: user '%s' does not exist",filename,lnr,username); set_add(cfg->ldc_nss_initgroups_ignoreusers,username); } } } } static void parse_pam_authz_search_statement( const char *filename,int lnr,const char *keyword, char *line,struct ldap_config *cfg) { SET *set; const char **list; int i; check_argumentcount(filename,lnr,keyword,(line!=NULL)&&(*line!='\0')); /* find free spot for search filter */ for (i=0;(ildc_pam_authz_search[i]!=NULL);i++); if (i>=NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) { log_log(LOG_ERR,"%s:%d: maximum number of pam_authz_search options (%d) exceeded", filename,lnr,NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES); exit(EXIT_FAILURE); } cfg->ldc_pam_authz_search[i]=xstrdup(line); /* check the variables used in the expression */ set=expr_vars(cfg->ldc_pam_authz_search[i],NULL); list=set_tolist(set); if (list==NULL) { log_log(LOG_CRIT,"malloc() failed to allocate memory"); exit(EXIT_FAILURE); } for (i=0;list[i]!=NULL;i++) { if ((strcmp(list[i],"username")!=0)&& (strcmp(list[i],"service")!=0)&& (strcmp(list[i],"ruser")!=0)&& (strcmp(list[i],"rhost")!=0)&& (strcmp(list[i],"tty")!=0)&& (strcmp(list[i],"hostname")!=0)&& (strcmp(list[i],"fqdn")!=0)&& (strcmp(list[i],"dn")!=0)&& (strcmp(list[i],"uid")!=0)) { log_log(LOG_ERR,"%s:%d: unknown variable $%s",filename,lnr,list[i]); exit(EXIT_FAILURE); } } /* free memory */ set_free(set); free(list); } static void cfg_read(const char *filename,struct ldap_config *cfg) { FILE *fp; int lnr=0; char linebuf[MAX_LINE_LENGTH]; char *line; char keyword[32]; char token[64]; int i; #ifdef LDAP_OPT_X_TLS int rc; char *value; #endif /* open config file */ if ((fp=fopen(filename,"r"))==NULL) { log_log(LOG_ERR,"cannot open config file (%s): %s",filename,strerror(errno)); exit(EXIT_FAILURE); } /* read file and parse lines */ while (fgets(linebuf,sizeof(linebuf),fp)!=NULL) { lnr++; line=linebuf; /* strip newline */ i=(int)strlen(line); if ((i<=0)||(line[i-1]!='\n')) { log_log(LOG_ERR,"%s:%d: line too long or last line missing newline",filename,lnr); exit(EXIT_FAILURE); } line[i-1]='\0'; /* ignore comment lines */ if (line[0]=='#') continue; /* strip trailing spaces */ for (i--;(i>0)&&isspace(line[i-1]);i--) line[i-1]='\0'; /* get keyword from line and ignore empty lines */ if (get_token(&line,keyword,sizeof(keyword))==NULL) continue; /* runtime options */ if (strcasecmp(keyword,"threads")==0) { get_int(filename,lnr,keyword,&line,&cfg->ldc_threads); get_eol(filename,lnr,keyword,&line); } else if (strcasecmp(keyword,"uid")==0) { get_uid(filename,lnr,keyword,&line,&cfg->ldc_uid,&cfg->ldc_gid,&cfg->ldc_uidname); get_eol(filename,lnr,keyword,&line); } else if (strcasecmp(keyword,"gid")==0) { get_gid(filename,lnr,keyword,&line,&cfg->ldc_gid); get_eol(filename,lnr,keyword,&line); } else if (strcasecmp(keyword,"ignorecase")==0) { get_boolean(filename,lnr,keyword,&line,&cfg->ldc_ignorecase); get_eol(filename,lnr,keyword,&line); } /* general connection options */ else if (strcasecmp(keyword,"uri")==0) { check_argumentcount(filename,lnr,keyword,(line!=NULL)&&(*line!='\0')); while (get_token(&line,token,sizeof(token))!=NULL) { if (strcasecmp(token,"dns")==0) { #ifdef HAVE_LDAP_DOMAIN2HOSTLIST add_uris_from_dns(filename,lnr,cfg,cfg_getdomainname(filename,lnr)); #else /* not HAVE_LDAP_DOMAIN2HOSTLIST */ log_log(LOG_ERR,"%s:%d: value %s not supported on platform",filename,lnr,token); exit(EXIT_FAILURE); #endif /* not HAVE_LDAP_DOMAIN2HOSTLIST */ } else if (strncasecmp(token,"dns:",4)==0) { #ifdef HAVE_LDAP_DOMAIN2HOSTLIST add_uris_from_dns(filename,lnr,cfg,strdup(token+sizeof("dns"))); #else /* not HAVE_LDAP_DOMAIN2HOSTLIST */ log_log(LOG_ERR,"%s:%d: value %s not supported on platform",filename,lnr,token); exit(EXIT_FAILURE); #endif /* not HAVE_LDAP_DOMAIN2HOSTLIST */ } else add_uri(filename,lnr,cfg,token); } } else if (strcasecmp(keyword,"ldap_version")==0) { get_int(filename,lnr,keyword,&line,&cfg->ldc_version); get_eol(filename,lnr,keyword,&line); } else if (strcasecmp(keyword,"binddn")==0) { get_restdup(filename,lnr,keyword,&line,&cfg->ldc_binddn); } else if (strcasecmp(keyword,"bindpw")==0) { check_permissions(filename,keyword); get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw); } else if (strcasecmp(keyword,"rootpwmoddn")==0) { get_restdup(filename,lnr,keyword,&line,&cfg->ldc_rootpwmoddn); } else if (strcasecmp(keyword,"rootpwmodpw")==0) { check_permissions(filename,keyword); get_restdup(filename,lnr,keyword,&line,&cfg->ldc_rootpwmodpw); } /* SASL authentication options */ else if (strcasecmp(keyword,"use_sasl")==0) { log_log(LOG_WARNING,"%s:%d: option %s is deprecated (and will be removed in an upcoming release), use sasl_mech instead",filename,lnr,keyword); } else if (strcasecmp(keyword,"sasl_mech")==0) { get_strdup(filename,lnr,keyword,&line,&cfg->ldc_sasl_mech); get_eol(filename,lnr,keyword,&line); } else if (strcasecmp(keyword,"sasl_realm")==0) { get_strdup(filename,lnr,keyword,&line,&cfg->ldc_sasl_realm); get_eol(filename,lnr,keyword,&line); } else if (strcasecmp(keyword,"sasl_authcid")==0) { get_strdup(filename,lnr,keyword,&line,&cfg->ldc_sasl_authcid); get_eol(filename,lnr,keyword,&line); } else if (strcasecmp(keyword,"sasl_authzid")==0) { get_strdup(filename,lnr,keyword,&line,&cfg->ldc_sasl_authzid); get_eol(filename,lnr,keyword,&line); } else if (strcasecmp(keyword,"sasl_secprops")==0) { get_strdup(filename,lnr,keyword,&line,&cfg->ldc_sasl_secprops); get_eol(filename,lnr,keyword,&line); } #ifdef LDAP_OPT_X_SASL_NOCANON else if ( (strcasecmp(keyword,"sasl_canonicalize")==0) || (strcasecmp(keyword,"sasl_canonicalise")==0) || (strcasecmp(keyword,"ldap_sasl_canonicalize")==0) || (strcasecmp(keyword,"sasl_canon")==0) ) { get_boolean(filename,lnr,keyword,&line,&cfg->ldc_sasl_canonicalize); get_eol(filename,lnr,keyword,&line); } else if (strcasecmp(keyword,"sasl_nocanon")==0) { get_boolean(filename,lnr,keyword,&line,&cfg->ldc_sasl_canonicalize); cfg->ldc_sasl_canonicalize=!cfg->ldc_sasl_canonicalize; get_eol(filename,lnr,keyword,&line); } #endif /* LDAP_OPT_X_SASL_NOCANON */ /* Kerberos authentication options */ else if (strcasecmp(keyword,"krb5_ccname")==0) { parse_krb5_ccname_statement(filename,lnr,keyword,line); } /* search/mapping options */ else if (strcasecmp(keyword,"base")==0) { parse_base_statement(filename,lnr,keyword,line,cfg); } else if (strcasecmp(keyword,"scope")==0) { parse_scope_statement(filename,lnr,keyword,line,cfg); } else if (strcasecmp(keyword,"deref")==0) { check_argumentcount(filename,lnr,keyword, (get_token(&line,token,sizeof(token))!=NULL)); if (strcasecmp(token,"never")==0) cfg->ldc_deref=LDAP_DEREF_NEVER; else if (strcasecmp(token,"searching")==0) cfg->ldc_deref=LDAP_DEREF_SEARCHING; else if (strcasecmp(token,"finding")==0) cfg->ldc_deref=LDAP_DEREF_FINDING; else if (strcasecmp(token,"always")==0) cfg->ldc_deref=LDAP_DEREF_ALWAYS; else { log_log(LOG_ERR,"%s:%d: wrong argument: '%s'",filename,lnr,token); exit(EXIT_FAILURE); } get_eol(filename,lnr,keyword,&line); } else if (strcasecmp(keyword,"referrals")==0) { get_boolean(filename,lnr,keyword,&line,&cfg->ldc_referrals); get_eol(filename,lnr,keyword,&line); } else if (strcasecmp(keyword,"filter")==0) { parse_filter_statement(filename,lnr,keyword,line); } else if (strcasecmp(keyword,"map")==0) { parse_map_statement(filename,lnr,keyword,line); } /* timing/reconnect options */ else if (strcasecmp(keyword,"bind_timelimit")==0) { get_int(filename,lnr,keyword,&line,&cfg->ldc_bind_timelimit); get_eol(filename,lnr,keyword,&line); } else if (strcasecmp(keyword,"timelimit")==0) { get_int(filename,lnr,keyword,&line,&cfg->ldc_timelimit); get_eol(filename,lnr,keyword,&line); } else if (strcasecmp(keyword,"idle_timelimit")==0) { get_int(filename,lnr,keyword,&line,&cfg->ldc_idle_timelimit); get_eol(filename,lnr,keyword,&line); } else if (strcasecmp(keyword,"reconnect_tries")==0) log_log(LOG_WARNING,"%s:%d: option %s has been removed and will be ignored",filename,lnr,keyword); else if (!strcasecmp(keyword,"reconnect_sleeptime")) { get_int(filename,lnr,keyword,&line,&cfg->ldc_reconnect_sleeptime); get_eol(filename,lnr,keyword,&line); } else if ( (strcasecmp(keyword,"reconnect_retrytime")==0) || (strcasecmp(keyword,"reconnect_maxsleeptime")==0) ) { if (strcasecmp(keyword,"reconnect_maxsleeptime")==0) log_log(LOG_WARNING,"%s:%d: option %s has been renamed to reconnect_retrytime",filename,lnr,keyword); get_int(filename,lnr,keyword,&line,&cfg->ldc_reconnect_retrytime); get_eol(filename,lnr,keyword,&line); } #ifdef LDAP_OPT_X_TLS /* SSL/TLS options */ else if (strcasecmp(keyword,"ssl")==0) { check_argumentcount(filename,lnr,keyword, (get_token(&line,token,sizeof(token))!=NULL)); if ( (strcasecmp(token,"start_tls")==0) || (strcasecmp(token,"starttls")==0) ) cfg->ldc_ssl_on=SSL_START_TLS; else if (parse_boolean(filename,lnr,token)) cfg->ldc_ssl_on=SSL_LDAPS; get_eol(filename,lnr,keyword,&line); } else if ( (strcasecmp(keyword,"tls_reqcert")==0) || (strcasecmp(keyword,"tls_checkpeer")==0) ) { if (strcasecmp(keyword,"tls_checkpeer")==0) log_log(LOG_WARNING,"%s:%d: option %s is deprecated (and will be removed in an upcoming release), use tls_reqcert instead",filename,lnr,keyword); get_reqcert(filename,lnr,keyword,&line,&i); get_eol(filename,lnr,keyword,&line); log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,%d)",i); LDAP_SET_OPTION(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&i); } else if (strcasecmp(keyword,"tls_cacertdir")==0) { get_strdup(filename,lnr,keyword,&line,&value); get_eol(filename,lnr,keyword,&line); /* TODO: check that the path is valid */ log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_TLS_CACERTDIR,\"%s\")",value); LDAP_SET_OPTION(NULL,LDAP_OPT_X_TLS_CACERTDIR,value); free(value); } else if ( (strcasecmp(keyword,"tls_cacertfile")==0) || (strcasecmp(keyword,"tls_cacert")==0) ) { get_strdup(filename,lnr,keyword,&line,&value); get_eol(filename,lnr,keyword,&line); /* TODO: check that the path is valid */ log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE,\"%s\")",value); LDAP_SET_OPTION(NULL,LDAP_OPT_X_TLS_CACERTFILE,value); free(value); } else if (strcasecmp(keyword,"tls_randfile")==0) { get_strdup(filename,lnr,keyword,&line,&value); get_eol(filename,lnr,keyword,&line); /* TODO: check that the path is valid */ log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_TLS_RANDOM_FILE,\"%s\")",value); LDAP_SET_OPTION(NULL,LDAP_OPT_X_TLS_RANDOM_FILE,value); free(value); } else if (strcasecmp(keyword,"tls_ciphers")==0) { get_restdup(filename,lnr,keyword,&line,&value); log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_TLS_CIPHER_SUITE,\"%s\")",value); LDAP_SET_OPTION(NULL,LDAP_OPT_X_TLS_CIPHER_SUITE,value); free(value); } else if (strcasecmp(keyword,"tls_cert")==0) { get_strdup(filename,lnr,keyword,&line,&value); get_eol(filename,lnr,keyword,&line); /* TODO: check that the path is valid */ log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_TLS_CERTFILE,\"%s\")",value); LDAP_SET_OPTION(NULL,LDAP_OPT_X_TLS_CERTFILE,value); free(value); } else if (strcasecmp(keyword,"tls_key")==0) { get_strdup(filename,lnr,keyword,&line,&value); get_eol(filename,lnr,keyword,&line); /* TODO: check that the path is valid */ log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_TLS_KEYFILE,\"%s\")",value); LDAP_SET_OPTION(NULL,LDAP_OPT_X_TLS_KEYFILE,value); free(value); } #endif /* LDAP_OPT_X_TLS */ /* other options */ else if (strcasecmp(keyword,"restart")==0) { log_log(LOG_WARNING,"%s:%d: option %s is currently untested (and may be removed in an upcoming release)",filename,lnr,keyword); get_boolean(filename,lnr,keyword,&line,&cfg->ldc_restart); get_eol(filename,lnr,keyword,&line); } else if (strcasecmp(keyword,"pagesize")==0) { get_int(filename,lnr,keyword,&line,&cfg->ldc_pagesize); get_eol(filename,lnr,keyword,&line); } else if (strcasecmp(keyword,"nss_initgroups_ignoreusers")==0) { parse_nss_initgroups_ignoreusers_statement(filename,lnr,keyword,line,cfg); } else if (strcasecmp(keyword,"pam_authz_search")==0) { parse_pam_authz_search_statement(filename,lnr,keyword,line,cfg); } else if (strcasecmp(keyword,"nss_min_uid")==0) { get_int(filename,lnr,keyword,&line,&i); cfg->ldc_nss_min_uid=i; get_eol(filename,lnr,keyword,&line); } else if (strcasecmp(keyword,"validnames")==0) { parse_validnames_statement(filename,lnr,keyword,line,cfg); } else if (strcasecmp(keyword,"pam_password_prohibit_message")==0) { parse_pam_password_prohibit_message_statement(filename,lnr,keyword,line,cfg); } #ifdef ENABLE_CONFIGFILE_CHECKING /* fallthrough */ else { log_log(LOG_ERR,"%s:%d: unknown keyword: '%s'",filename,lnr,keyword); exit(EXIT_FAILURE); } #endif } /* we're done reading file, close */ fclose(fp); } #ifdef NSLCD_BINDPW_PATH static void bindpw_read(const char *filename,struct ldap_config *cfg) { FILE *fp; char linebuf[MAX_LINE_LENGTH]; int i; /* open config file */ errno=0; if ((fp=fopen(filename,"r"))==NULL) { if (errno==ENOENT) { log_log(LOG_DEBUG,"no bindpw file (%s)",filename); return; /* ignore */ } else { log_log(LOG_ERR,"cannot open bindpw file (%s): %s",filename,strerror(errno)); exit(EXIT_FAILURE); } } /* check permissions */ check_permissions(filename,NULL); /* read the first line */ if (fgets(linebuf,sizeof(linebuf),fp)==NULL) { log_log(LOG_ERR,"%s: error reading first line",filename); exit(EXIT_FAILURE); } /* chop the last char off and save the rest as bindpw */ i=(int)strlen(linebuf); if ((i<=0)||(linebuf[i-1]!='\n')) { log_log(LOG_ERR,"%s:1: line too long or missing newline",filename); exit(EXIT_FAILURE); } linebuf[i-1]='\0'; if (strlen(linebuf)==0) { log_log(LOG_ERR,"%s:1: the password is empty",filename); exit(EXIT_FAILURE); } cfg->ldc_bindpw=strdup(linebuf); /* check if there is no more data in the file */ if (fgets(linebuf,sizeof(linebuf),fp)!=NULL) { log_log(LOG_ERR,"%s:2: there is more than one line in the bindpw file",filename); exit(EXIT_FAILURE); } fclose(fp); } #endif /* NSLCD_BINDPW_PATH */ /* This function tries to get the LDAP search base from the LDAP server. Note that this returns a string that has been allocated with strdup(). For this to work the myldap module needs enough configuration information to make an LDAP connection. */ static MUST_USE char *get_base_from_rootdse(void) { MYLDAP_SESSION *session; MYLDAP_SEARCH *search; MYLDAP_ENTRY *entry; const char *attrs[] = { "+", NULL }; int i; int rc; const char **values; char *base=NULL; /* initialize session */ session=myldap_create_session(); assert(session!=NULL); /* perform search */ search=myldap_search(session,"",LDAP_SCOPE_BASE,"(objectClass=*)",attrs,NULL); if (search==NULL) { myldap_session_close(session); return NULL; } /* go over results */ for (i=0;(entry=myldap_get_entry(search,&rc))!=NULL;i++) { /* get defaultNamingContext */ values=myldap_get_values(entry,"defaultNamingContext"); if ((values!=NULL)&&(values[0]!=NULL)) { base=xstrdup(values[0]); log_log(LOG_DEBUG,"get_basedn_from_rootdse(): found attribute defaultNamingContext with value %s",values[0]); break; } /* get namingContexts */ values=myldap_get_values(entry,"namingContexts"); if ((values!=NULL)&&(values[0]!=NULL)) { base=xstrdup(values[0]); log_log(LOG_DEBUG,"get_basedn_from_rootdse(): found attribute namingContexts with value %s",values[0]); break; } } /* clean up */ myldap_session_close(session); return base; } void cfg_init(const char *fname) { #ifdef LDAP_OPT_X_TLS int i; #endif /* LDAP_OPT_X_TLS */ /* check if we were called before */ if (nslcd_cfg!=NULL) { log_log(LOG_CRIT,"cfg_init() may only be called once"); exit(EXIT_FAILURE); } /* allocate the memory (this memory is not freed anywhere) */ nslcd_cfg=(struct ldap_config *)malloc(sizeof(struct ldap_config)); if (nslcd_cfg==NULL) { log_log(LOG_CRIT,"malloc() failed to allocate memory"); exit(EXIT_FAILURE); } /* clear configuration */ cfg_defaults(nslcd_cfg); /* read configfile */ cfg_read(fname,nslcd_cfg); #ifdef NSLCD_BINDPW_PATH bindpw_read(NSLCD_BINDPW_PATH,nslcd_cfg); #endif /* NSLCD_BINDPW_PATH */ /* do some sanity checks */ if (nslcd_cfg->ldc_uris[0].uri==NULL) { log_log(LOG_ERR,"no URIs defined in config"); exit(EXIT_FAILURE); } /* if ssl is on each URI should start with ldaps */ #ifdef LDAP_OPT_X_TLS if (nslcd_cfg->ldc_ssl_on==SSL_LDAPS) { for (i=0;nslcd_cfg->ldc_uris[i].uri!=NULL;i++) { if (strncasecmp(nslcd_cfg->ldc_uris[i].uri,"ldaps://",8)!=0) log_log(LOG_WARNING,"%s doesn't start with ldaps:// and \"ssl on\" is specified", nslcd_cfg->ldc_uris[i].uri); } } /* TODO: check that if some tls options are set the ssl option should be set to on (just warn) */ #endif /* LDAP_OPT_X_TLS */ /* if basedn is not yet set, get if from the rootDSE */ if (nslcd_cfg->ldc_bases[0]==NULL) nslcd_cfg->ldc_bases[0]=get_base_from_rootdse(); /* TODO: handle the case gracefully when no LDAP server is available yet */ /* see if we have a valid basedn */ if ((nslcd_cfg->ldc_bases[0]==NULL)||(nslcd_cfg->ldc_bases[0][0]=='\0')) { log_log(LOG_ERR,"no base defined in config and couldn't get one from server"); exit(EXIT_FAILURE); } /* initialise all database modules */ alias_init(); ether_init(); group_init(); host_init(); netgroup_init(); network_init(); passwd_init(); protocol_init(); rpc_init(); service_init(); shadow_init(); } nss-pam-ldapd-0.8.13/nslcd/netgroup.c0000644000175000001440000001707612024621117014301 00000000000000/* netgroup.c - netgroup lookup routines Parts of this file were part of the nss_ldap library (as ldap-netgrp.c) which has been forked into the nss-pam-ldapd library. Copyright (C) 1997-2005 Luke Howard Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include #include #include #include "common.h" #include "log.h" #include "myldap.h" #include "cfg.h" #include "attmap.h" /* ( nisSchema.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL * DESC 'Abstraction of a netgroup. May refer to other netgroups' * MUST cn * MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) ) */ /* the search base for searches */ const char *netgroup_bases[NSS_LDAP_CONFIG_MAX_BASES] = { NULL }; /* the search scope for searches */ int netgroup_scope = LDAP_SCOPE_DEFAULT; /* the basic search filter for searches */ const char *netgroup_filter = "(objectClass=nisNetgroup)"; /* the attributes to request with searches */ const char *attmap_netgroup_cn = "cn"; const char *attmap_netgroup_nisNetgroupTriple = "nisNetgroupTriple"; const char *attmap_netgroup_memberNisNetgroup = "memberNisNetgroup"; /* the attribute list to request with searches */ static const char *netgroup_attrs[4]; static int mkfilter_netgroup_byname(const char *name, char *buffer,size_t buflen) { char safename[300]; /* escape attribute */ if (myldap_escape(name,safename,sizeof(safename))) return -1; /* build filter */ return mysnprintf(buffer,buflen, "(&%s(%s=%s))", netgroup_filter, attmap_netgroup_cn,safename); } void netgroup_init(void) { int i; /* set up search bases */ if (netgroup_bases[0]==NULL) for (i=0;ildc_bases[i]; /* set up scope */ if (netgroup_scope==LDAP_SCOPE_DEFAULT) netgroup_scope=nslcd_cfg->ldc_scope; /* set up attribute list */ netgroup_attrs[0]=attmap_netgroup_cn; netgroup_attrs[1]=attmap_netgroup_nisNetgroupTriple; netgroup_attrs[2]=attmap_netgroup_memberNisNetgroup; netgroup_attrs[3]=NULL; } static int write_string_stripspace_len(TFILE *fp,const char *str,int len) { int32_t tmpint32; int i,j; DEBUG_PRINT("WRITE_STRING: var="__STRING(str)" string=\"%s\"",str); if (str==NULL) { WRITE_INT32(fp,0); } else { /* skip leading spaces */ for (i=0;(str[i]!='\0')&&(isspace(str[i]));i++) /* nothing else to do */ ; /* skip trailing spaces */ for (j=len;(j>i)&&(isspace(str[j-1]));j--) /* nothing else to do */ ; /* write length of string */ WRITE_INT32(fp,j-i); /* write string itself */ if (j>i) { WRITE(fp,str+i,j-i); } } /* we're done */ return 0; } #define WRITE_STRING_STRIPSPACE_LEN(fp,str,len) \ if (write_string_stripspace_len(fp,str,len)) \ return -1; #define WRITE_STRING_STRIPSPACE(fp,str) \ WRITE_STRING_STRIPSPACE_LEN(fp,str,strlen(str)) static int write_netgroup_triple(TFILE *fp,MYLDAP_ENTRY *entry,const char *triple) { int32_t tmpint32; int i; int hostb,hoste,userb,usere,domainb,domaine; /* skip leading spaces */ for (i=0;(triple[i]!='\0')&&(isspace(triple[i]));i++) /* nothing else to do */ ; /* we should have a bracket now */ if (triple[i]!='(') { log_log(LOG_WARNING,"%s: %s: does not begin with '('", myldap_get_dn(entry),attmap_netgroup_nisNetgroupTriple); return 0; } i++; hostb=i; /* find comma (end of host string) */ for (;(triple[i]!='\0')&&(triple[i]!=',');i++) /* nothing else to do */ ; if (triple[i]!=',') { log_log(LOG_WARNING,"%s: %s: missing ','", myldap_get_dn(entry),attmap_netgroup_nisNetgroupTriple); return 0; } hoste=i; i++; userb=i; /* find comma (end of user string) */ for (;(triple[i]!='\0')&&(triple[i]!=',');i++) /* nothing else to do */ ; if (triple[i]!=',') { log_log(LOG_WARNING,"%s: %s: missing ','", myldap_get_dn(entry),attmap_netgroup_nisNetgroupTriple); return 0; } usere=i; i++; domainb=i; /* find closing bracket (end of domain string) */ for (;(triple[i]!='\0')&&(triple[i]!=')');i++) /* nothing else to do */ ; if (triple[i]!=')') { log_log(LOG_WARNING,"%s: %s: missing ')'", myldap_get_dn(entry),attmap_netgroup_nisNetgroupTriple); return 0; } domaine=i; i++; /* skip trailing spaces */ for (;(triple[i]!='\0')&&(isspace(triple[i]));i++) /* nothing else to do */ ; /* if anything is left in the string we have a problem */ if (triple[i]!='\0') { log_log(LOG_WARNING,"%s: %s: contains trailing data", myldap_get_dn(entry),attmap_netgroup_nisNetgroupTriple); return 0; } /* write strings */ WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_INT32(fp,NSLCD_NETGROUP_TYPE_TRIPLE); WRITE_STRING_STRIPSPACE_LEN(fp,triple+hostb,hoste-hostb) WRITE_STRING_STRIPSPACE_LEN(fp,triple+userb,usere-userb) WRITE_STRING_STRIPSPACE_LEN(fp,triple+domainb,domaine-domainb) /* we're done */ return 0; } #define WRITE_NETGROUP_TRIPLE(fp,entry,triple) \ if (write_netgroup_triple(fp,entry,triple)) \ return -1; static int write_netgroup(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname) { int32_t tmpint32; int i; const char **names; const char **triples; const char **members; /* get the netgroup name */ names=myldap_get_values(entry,attmap_netgroup_cn); if ((names==NULL)||(names[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_netgroup_cn); return 0; } for (i=0;(names[i]!=NULL)&&(STR_CMP(reqname,names[i])!=0);i++) /* nothing here */ ; if (names[i]==NULL) return 0; /* the name was not found */ /* get the netgroup triples and member */ triples=myldap_get_values(entry,attmap_netgroup_nisNetgroupTriple); members=myldap_get_values(entry,attmap_netgroup_memberNisNetgroup); /* write the netgroup triples */ if (triples!=NULL) for (i=0;triples[i]!=NULL;i++) { WRITE_NETGROUP_TRIPLE(fp,entry,triples[i]); } /* write netgroup members */ if (members!=NULL) for (i=0;members[i]!=NULL;i++) { /* write the result code */ WRITE_INT32(fp,NSLCD_RESULT_BEGIN); /* write triple indicator */ WRITE_INT32(fp,NSLCD_NETGROUP_TYPE_NETGROUP); /* write netgroup name */ WRITE_STRING_STRIPSPACE(fp,members[i]); } /* we're done */ return 0; } NSLCD_HANDLE( netgroup,byname, char name[256]; char filter[4096]; READ_STRING(fp,name); log_setrequest("netgroup=\"%s\"",name);, NSLCD_ACTION_NETGROUP_BYNAME, mkfilter_netgroup_byname(name,filter,sizeof(filter)), write_netgroup(fp,entry,name) ) nss-pam-ldapd-0.8.13/nslcd/passwd.c0000644000175000001440000004655512112231560013740 00000000000000/* passwd.c - password entry lookup routines Parts of this file were part of the nss_ldap library (as ldap-pwd.c) which has been forked into the nss-pam-ldapd library. Copyright (C) 1997-2005 Luke Howard Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include #include #include #include "common.h" #include "log.h" #include "myldap.h" #include "cfg.h" #include "attmap.h" #include "common/dict.h" #include "compat/strndup.h" /* ( nisSchema.2.0 NAME 'posixAccount' SUP top AUXILIARY * DESC 'Abstraction of an account with POSIX attributes' * MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) * MAY ( userPassword $ loginShell $ gecos $ description ) ) */ /* the search base for searches */ const char *passwd_bases[NSS_LDAP_CONFIG_MAX_BASES] = { NULL }; /* the search scope for searches */ int passwd_scope = LDAP_SCOPE_DEFAULT; /* the basic search filter for searches */ const char *passwd_filter = "(objectClass=posixAccount)"; /* the attributes used in searches */ const char *attmap_passwd_uid = "uid"; const char *attmap_passwd_userPassword = "\"*\""; const char *attmap_passwd_uidNumber = "uidNumber"; const char *attmap_passwd_gidNumber = "gidNumber"; const char *attmap_passwd_gecos = "\"${gecos:-$cn}\""; const char *attmap_passwd_homeDirectory = "homeDirectory"; const char *attmap_passwd_loginShell = "loginShell"; /* special properties for objectSid-based searches (these are already LDAP-escaped strings) */ static char *uidSid=NULL; static char *gidSid=NULL; /* default values for attributes */ static const char *default_passwd_userPassword = "*"; /* unmatchable */ /* Note that the resulting password value should be one of: - no password set, allow login without password * - often used to prevent logins x - "valid" encrypted password that does not match any valid password often used to indicate that the password is defined elsewhere other - encrypted password, usually in crypt(3) format */ /* the attribute list to request with searches */ static const char **passwd_attrs=NULL; /* create a search filter for searching a passwd entry by name, return -1 on errors */ static int mkfilter_passwd_byname(const char *name, char *buffer,size_t buflen) { char safename[300]; /* escape attribute */ if(myldap_escape(name,safename,sizeof(safename))) return -1; /* build filter */ return mysnprintf(buffer,buflen, "(&%s(%s=%s))", passwd_filter, attmap_passwd_uid,safename); } /* create a search filter for searching a passwd entry by uid, return -1 on errors */ static int mkfilter_passwd_byuid(uid_t uid, char *buffer,size_t buflen) { if (uidSid!=NULL) { return mysnprintf(buffer,buflen, "(&%s(%s=%s\\%02x\\%02x\\%02x\\%02x))", passwd_filter, attmap_passwd_uidNumber,uidSid, (int)(uid&0xff),(int)((uid>>8)&0xff), (int)((uid>>16)&0xff),(int)((uid>>24)&0xff)); } else { return mysnprintf(buffer,buflen, "(&%s(%s=%d))", passwd_filter, attmap_passwd_uidNumber,(int)uid); } } void passwd_init(void) { int i; SET *set; /* set up search bases */ if (passwd_bases[0]==NULL) for (i=0;ildc_bases[i]; /* set up scope */ if (passwd_scope==LDAP_SCOPE_DEFAULT) passwd_scope=nslcd_cfg->ldc_scope; /* special case when uidNumber or gidNumber reference objectSid */ if (strncasecmp(attmap_passwd_uidNumber,"objectSid:",10)==0) { uidSid=sid2search(attmap_passwd_uidNumber+10); attmap_passwd_uidNumber=strndup(attmap_passwd_uidNumber,9); } if (strncasecmp(attmap_passwd_gidNumber,"objectSid:",10)==0) { gidSid=sid2search(attmap_passwd_gidNumber+10); attmap_passwd_gidNumber=strndup(attmap_passwd_gidNumber,9); } /* set up attribute list */ set=set_new(); attmap_add_attributes(set,"objectClass"); /* for testing shadowAccount */ attmap_add_attributes(set,attmap_passwd_uid); attmap_add_attributes(set,attmap_passwd_userPassword); attmap_add_attributes(set,attmap_passwd_uidNumber); attmap_add_attributes(set,attmap_passwd_gidNumber); attmap_add_attributes(set,attmap_passwd_gecos); attmap_add_attributes(set,attmap_passwd_homeDirectory); attmap_add_attributes(set,attmap_passwd_loginShell); passwd_attrs=set_tolist(set); if (passwd_attrs==NULL) { log_log(LOG_CRIT,"malloc() failed to allocate memory"); exit(EXIT_FAILURE); } set_free(set); } /* the cache that is used in dn2uid() */ static pthread_mutex_t dn2uid_cache_mutex=PTHREAD_MUTEX_INITIALIZER; static DICT *dn2uid_cache=NULL; struct dn2uid_cache_entry { time_t timestamp; char *uid; }; #define DN2UID_CACHE_TIMEOUT (15*60) /* checks whether the entry has a valid uidNumber attribute (>= nss_min_uid) */ static int entry_has_valid_uid(MYLDAP_ENTRY *entry) { int i; const char **values; char *tmp; uid_t uid; /* if min_uid is not set any entry should do */ if (nslcd_cfg->ldc_nss_min_uid==0) return 1; /* get all uidNumber attributes */ values=myldap_get_values_len(entry,attmap_passwd_uidNumber); if ((values==NULL)||(values[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_passwd_uidNumber); return 0; } /* check if there is a uidNumber attributes >= min_uid */ for (i=0;values[i]!=NULL;i++) { if (uidSid!=NULL) uid=(uid_t)binsid2id(values[i]); else { errno=0; uid=strtouid(values[i],&tmp,10); if ((*(values[i])=='\0')||(*tmp!='\0')) { log_log(LOG_WARNING,"%s: %s: non-numeric", myldap_get_dn(entry),attmap_passwd_uidNumber); continue; } else if ((errno!=0)||(strchr(values[i],'-')!=NULL)) { log_log(LOG_WARNING,"%s: %s: out of range", myldap_get_dn(entry),attmap_passwd_uidNumber); continue; } } if (uid>=nslcd_cfg->ldc_nss_min_uid) return 1; } /* nothing found */ return 0; } /* Perform an LDAP lookup to translate the DN into a uid. This function either returns NULL or a strdup()ed string. */ char *lookup_dn2uid(MYLDAP_SESSION *session,const char *dn,int *rcp,char *buf,size_t buflen) { MYLDAP_SEARCH *search; MYLDAP_ENTRY *entry; static const char *attrs[3]; int rc=LDAP_SUCCESS; const char **values; char *uid=NULL; if (rcp==NULL) rcp=&rc; /* we have to look up the entry */ attrs[0]=attmap_passwd_uid; attrs[1]=attmap_passwd_uidNumber; attrs[2]=NULL; search=myldap_search(session,dn,LDAP_SCOPE_BASE,passwd_filter,attrs,rcp); if (search==NULL) { log_log(LOG_WARNING,"%s: lookup error: %s",dn,ldap_err2string(*rcp)); return NULL; } entry=myldap_get_entry(search,rcp); if (entry==NULL) { if (*rcp!=LDAP_SUCCESS) log_log(LOG_WARNING,"%s: lookup error: %s",dn,ldap_err2string(*rcp)); return NULL; } /* check the uidNumber attribute if min_uid is set */ if (entry_has_valid_uid(entry)) { /* get uid (just use first one) */ values=myldap_get_values(entry,attmap_passwd_uid); /* check the result for presence and validity */ if ((values!=NULL)&&(values[0]!=NULL)&&isvalidname(values[0])&&(strlen(values[0])timestamp+DN2UID_CACHE_TIMEOUT)) { if ((cacheentry->uid!=NULL)&&(strlen(cacheentry->uid)uid); else buf=NULL; pthread_mutex_unlock(&dn2uid_cache_mutex); return buf; } /* leave the entry intact, just replace the uid below */ } pthread_mutex_unlock(&dn2uid_cache_mutex); /* look up the uid using an LDAP query */ uid=lookup_dn2uid(session,dn,NULL,buf,buflen); /* store the result in the cache */ pthread_mutex_lock(&dn2uid_cache_mutex); /* try to get the entry from the cache here again because it could have changed in the meantime */ cacheentry=dict_get(dn2uid_cache,dn); if (cacheentry==NULL) { /* allocate a new entry in the cache */ cacheentry=(struct dn2uid_cache_entry *)malloc(sizeof(struct dn2uid_cache_entry)); if (cacheentry!=NULL) { cacheentry->uid=NULL; dict_put(dn2uid_cache,dn,cacheentry); } } /* update the cache entry */ if (cacheentry!=NULL) { cacheentry->timestamp=time(NULL); /* copy the uid if needed */ if (cacheentry->uid==NULL) cacheentry->uid=uid!=NULL?strdup(uid):NULL; else if ((uid==NULL)||(strcmp(cacheentry->uid,uid)!=0)) { free(cacheentry->uid); cacheentry->uid=uid!=NULL?strdup(uid):NULL; } } pthread_mutex_unlock(&dn2uid_cache_mutex); /* copy the result into the buffer */ return uid; } MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid,int *rcp) { MYLDAP_SEARCH *search=NULL; MYLDAP_ENTRY *entry=NULL; const char *base; int i; static const char *attrs[3]; char filter[4096]; /* if it isn't a valid username, just bail out now */ if (!isvalidname(uid)) { if (rcp!=NULL) *rcp=LDAP_INVALID_SYNTAX; return NULL; } /* set up attributes (we don't need much) */ attrs[0]=attmap_passwd_uid; attrs[1]=attmap_passwd_uidNumber; attrs[2]=NULL; /* we have to look up the entry */ mkfilter_passwd_byname(uid,filter,sizeof(filter)); for (i=0;(i (cached_shadow_lastcheck+CACHED_SHADOW_TIMEOUT))) { cached_shadow_lastcheck=t; if (stat(NSSWITCH_FILE,&buf)) { log_log(LOG_ERR,"stat(%s) failed: %s",NSSWITCH_FILE,strerror(errno)); /* trigger a recheck anyway */ cached_shadow_uses_ldap=CACHED_UNKNOWN; return; } /* trigger a recheck if file changed */ if (buf.st_mtime!=nsswitch_mtime) { nsswitch_mtime=buf.st_mtime; cached_shadow_uses_ldap=CACHED_UNKNOWN; } } } /* check whether shadow lookups are configured to use ldap */ static inline int shadow_uses_ldap(void) { if (cached_shadow_uses_ldap==CACHED_UNKNOWN) { log_log(LOG_INFO,"(re)loading %s",NSSWITCH_FILE); cached_shadow_uses_ldap=nsswitch_db_uses_ldap(NSSWITCH_FILE,"shadow"); cached_shadow_lastcheck=time(NULL); } return cached_shadow_uses_ldap; } #endif /* NSS_FLAVOUR_GLIBC */ /* the maximum number of uidNumber attributes per entry */ #define MAXUIDS_PER_ENTRY 5 static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser, const uid_t *requid,uid_t calleruid) { int32_t tmpint32; const char **tmpvalues; char *tmp; const char **usernames; const char *passwd; uid_t uids[MAXUIDS_PER_ENTRY]; int numuids; char gidbuf[32]; gid_t gid; char gecos[1024]; char homedir[256]; char shell[64]; char passbuffer[64]; int i,j; /* get the usernames for this entry */ usernames=myldap_get_values(entry,attmap_passwd_uid); if ((usernames==NULL)||(usernames[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_passwd_uid); return 0; } /* if we are using shadow maps and this entry looks like it would return shadow information, make the passwd entry indicate it */ if (myldap_has_objectclass(entry,"shadowAccount")&&shadow_uses_ldap()) { passwd="x"; } else { passwd=get_userpassword(entry,attmap_passwd_userPassword,passbuffer,sizeof(passbuffer)); if ((passwd==NULL)||(calleruid!=0)) passwd=default_passwd_userPassword; } /* get the uids for this entry */ if (requid!=NULL) { uids[0]=*requid; numuids=1; } else { tmpvalues=myldap_get_values_len(entry,attmap_passwd_uidNumber); if ((tmpvalues==NULL)||(tmpvalues[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_passwd_uidNumber); return 0; } for (numuids=0;(numuids=nslcd_cfg->ldc_nss_min_uid) { WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_STRING(fp,usernames[i]); WRITE_STRING(fp,passwd); WRITE_TYPE(fp,uids[j],uid_t); WRITE_TYPE(fp,gid,gid_t); WRITE_STRING(fp,gecos); WRITE_STRING(fp,homedir); WRITE_STRING(fp,shell); } } } } return 0; } NSLCD_HANDLE_UID( passwd,byname, char name[256]; char filter[4096]; READ_STRING(fp,name); log_setrequest("passwd=\"%s\"",name); if (!isvalidname(name)) { log_log(LOG_WARNING,"request denied by validnames option"); return -1; } check_nsswitch_reload();, NSLCD_ACTION_PASSWD_BYNAME, mkfilter_passwd_byname(name,filter,sizeof(filter)), write_passwd(fp,entry,name,NULL,calleruid) ) NSLCD_HANDLE_UID( passwd,byuid, uid_t uid; char filter[4096]; READ_TYPE(fp,uid,uid_t); log_setrequest("passwd=%d",(int)uid); if (uidldc_nss_min_uid) { /* return an empty result */ WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_PASSWD_BYUID); WRITE_INT32(fp,NSLCD_RESULT_END); return 0; } check_nsswitch_reload();, NSLCD_ACTION_PASSWD_BYUID, mkfilter_passwd_byuid(uid,filter,sizeof(filter)), write_passwd(fp,entry,NULL,&uid,calleruid) ) NSLCD_HANDLE_UID( passwd,all, const char *filter; log_setrequest("passwd(all)"); check_nsswitch_reload();, NSLCD_ACTION_PASSWD_ALL, (filter=passwd_filter,0), write_passwd(fp,entry,NULL,NULL,calleruid) ) nss-pam-ldapd-0.8.13/nslcd/config.c0000644000175000001440000000340212051470127013672 00000000000000/* config.c - routines for getting configuration information Copyright (C) 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #ifdef HAVE_STDINT_H #include #endif /* HAVE_STDINT_H */ #include #include "common.h" #include "log.h" #include "cfg.h" int nslcd_config_get(TFILE *fp,MYLDAP_SESSION *session) { int32_t tmpint32; int32_t cfgopt; /* read request parameters */ READ_INT32(fp,cfgopt); /* log call */ log_setrequest("config=%d",(int)cfgopt); log_log(LOG_DEBUG,"nslcd_config_get(%d)",(int)cfgopt); /* write the response header */ WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_CONFIG_GET); WRITE_INT32(fp,NSLCD_RESULT_BEGIN); /* validate request */ switch (cfgopt) { case NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE: WRITE_STRING(fp,nslcd_cfg->pam_password_prohibit_message); break; default: /* all other config options are ignored */ break; } WRITE_INT32(fp,NSLCD_RESULT_END); return 0; } nss-pam-ldapd-0.8.13/nslcd/Makefile.in0000644000175000001440000004607712141445266014353 00000000000000# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am - use automake to generate Makefile.in # # Copyright (C) 2006, 2007 West Consulting # Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA VPATH = @srcdir@ am__make_dryrun = \ { \ am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ *) \ for am__flg in $$MAKEFLAGS; do \ case $$am__flg in \ *=*|--*) ;; \ *n*) am__dry=yes; break;; \ esac; \ done;; \ esac; \ test $$am__dry = yes; \ } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ sbin_PROGRAMS = nslcd$(EXEEXT) subdir = nslcd DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_pthread.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(sbindir)" PROGRAMS = $(sbin_PROGRAMS) am_nslcd_OBJECTS = nslcd.$(OBJEXT) log.$(OBJEXT) common.$(OBJEXT) \ myldap.$(OBJEXT) cfg.$(OBJEXT) attmap.$(OBJEXT) \ nsswitch.$(OBJEXT) alias.$(OBJEXT) config.$(OBJEXT) \ ether.$(OBJEXT) group.$(OBJEXT) host.$(OBJEXT) \ netgroup.$(OBJEXT) network.$(OBJEXT) passwd.$(OBJEXT) \ protocol.$(OBJEXT) rpc.$(OBJEXT) service.$(OBJEXT) \ shadow.$(OBJEXT) pam.$(OBJEXT) nslcd_OBJECTS = $(am_nslcd_OBJECTS) nslcd_DEPENDENCIES = ../common/libtio.a ../common/libdict.a \ ../common/libexpr.a ../compat/libcompat.a DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ SOURCES = $(nslcd_SOURCES) DIST_SOURCES = $(nslcd_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2X_MAN = @DOCBOOK2X_MAN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NSLCD_BINDPW_PATH = @NSLCD_BINDPW_PATH@ NSLCD_CONF_PATH = @NSLCD_CONF_PATH@ NSLCD_PIDFILE = @NSLCD_PIDFILE@ NSLCD_SOCKET = @NSLCD_SOCKET@ NSS_LDAP_SONAME = @NSS_LDAP_SONAME@ NSS_MODULE_OBJS = @NSS_MODULE_OBJS@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PAM_LDAP_SONAME = @PAM_LDAP_SONAME@ PAM_SECLIB_DIR = @PAM_SECLIB_DIR@ PATH_SEPARATOR = @PATH_SEPARATOR@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RELEASE_MONTH = @RELEASE_MONTH@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ nslcd_LIBS = @nslcd_LIBS@ nss_ldap_so_LDFLAGS = @nss_ldap_so_LDFLAGS@ nss_ldap_so_LINK = @nss_ldap_so_LINK@ oldincludedir = @oldincludedir@ pam_ldap_so_LDFLAGS = @pam_ldap_so_LDFLAGS@ pam_ldap_so_LINK = @pam_ldap_so_LINK@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AM_CPPFLAGS = -I$(top_srcdir) AM_CFLAGS = $(PTHREAD_CFLAGS) nslcd_SOURCES = nslcd.c ../nslcd.h ../common/nslcd-prot.h \ ../compat/attrs.h \ log.c log.h \ common.c common.h \ myldap.c myldap.h \ cfg.c cfg.h \ attmap.c attmap.h \ nsswitch.c \ alias.c config.c ether.c group.c host.c netgroup.c network.c \ passwd.c protocol.c rpc.c service.c shadow.c pam.c nslcd_LDADD = ../common/libtio.a ../common/libdict.a \ ../common/libexpr.a ../compat/libcompat.a \ @nslcd_LIBS@ @PTHREAD_LIBS@ all: all-am .SUFFIXES: .SUFFIXES: .c .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu nslcd/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu nslcd/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-sbinPROGRAMS: $(sbin_PROGRAMS) @$(NORMAL_INSTALL) @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p; \ then echo "$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) files[d] = files[d] " " $$1; \ else { print "f", $$3 "/" $$4, $$1; } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ } \ ; done uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -e 's/$$/$(EXEEXT)/' `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(sbindir)" && rm -f $$files clean-sbinPROGRAMS: -test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS) nslcd$(EXEEXT): $(nslcd_OBJECTS) $(nslcd_DEPENDENCIES) $(EXTRA_nslcd_DEPENDENCIES) @rm -f nslcd$(EXEEXT) $(LINK) $(nslcd_OBJECTS) $(nslcd_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alias.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attmap.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cfg.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/config.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ether.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/group.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/host.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myldap.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/netgroup.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/network.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nslcd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nsswitch.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/passwd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/protocol.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rpc.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/service.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shadow.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(PROGRAMS) installdirs: for dir in "$(DESTDIR)$(sbindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-sbinPROGRAMS mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-sbinPROGRAMS install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-sbinPROGRAMS .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-sbinPROGRAMS ctags distclean distclean-compile \ distclean-generic distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-sbinPROGRAMS install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \ uninstall-am uninstall-sbinPROGRAMS # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nss-pam-ldapd-0.8.13/nslcd/Makefile.am0000644000175000001440000000305111776242637014335 00000000000000# Makefile.am - use automake to generate Makefile.in # # Copyright (C) 2006, 2007 West Consulting # Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA sbin_PROGRAMS = nslcd AM_CPPFLAGS=-I$(top_srcdir) AM_CFLAGS = $(PTHREAD_CFLAGS) nslcd_SOURCES = nslcd.c ../nslcd.h ../common/nslcd-prot.h \ ../compat/attrs.h \ log.c log.h \ common.c common.h \ myldap.c myldap.h \ cfg.c cfg.h \ attmap.c attmap.h \ nsswitch.c \ alias.c config.c ether.c group.c host.c netgroup.c network.c \ passwd.c protocol.c rpc.c service.c shadow.c pam.c nslcd_LDADD = ../common/libtio.a ../common/libdict.a \ ../common/libexpr.a ../compat/libcompat.a \ @nslcd_LIBS@ @PTHREAD_LIBS@ nss-pam-ldapd-0.8.13/nslcd/service.c0000644000175000001440000001747212137303542014102 00000000000000/* service.c - service entry lookup routines Parts of this file were part of the nss_ldap library (as ldap-service.c) which has been forked into the nss-pam-ldapd library. Copyright (C) 1997-2005 Luke Howard Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012, 2013 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #ifdef HAVE_STDINT_H #include #endif /* HAVE_STDINT_H */ #include "common.h" #include "log.h" #include "myldap.h" #include "cfg.h" #include "attmap.h" /* ( nisSchema.2.3 NAME 'ipService' SUP top STRUCTURAL * DESC 'Abstraction an Internet Protocol service. * Maps an IP port and protocol (such as tcp or udp) * to one or more names; the distinguished value of * the cn attribute denotes the service's canonical * name' * MUST ( cn $ ipServicePort $ ipServiceProtocol ) * MAY ( description ) ) */ /* the search base for searches */ const char *service_bases[NSS_LDAP_CONFIG_MAX_BASES] = { NULL }; /* the search scope for searches */ int service_scope = LDAP_SCOPE_DEFAULT; /* the basic search filter for searches */ const char *service_filter = "(objectClass=ipService)"; /* the attributes to request with searches */ const char *attmap_service_cn = "cn"; const char *attmap_service_ipServicePort = "ipServicePort"; const char *attmap_service_ipServiceProtocol = "ipServiceProtocol"; /* the attribute list to request with searches */ static const char *service_attrs[4]; static int mkfilter_service_byname(const char *name, const char *protocol, char *buffer,size_t buflen) { char safename[300],safeprotocol[300]; /* escape attributes */ if (myldap_escape(name,safename,sizeof(safename))) return -1; /* build filter */ if (*protocol!='\0') { if (myldap_escape(protocol,safeprotocol,sizeof(safeprotocol))) return -1; return mysnprintf(buffer,buflen, "(&%s(%s=%s)(%s=%s))", service_filter, attmap_service_cn,safename, attmap_service_ipServiceProtocol,safeprotocol); } else return mysnprintf(buffer,buflen, "(&%s(%s=%s))", service_filter, attmap_service_cn,safename); } static int mkfilter_service_bynumber(int number, const char *protocol, char *buffer,size_t buflen) { char safeprotocol[300]; if (*protocol!='\0') { if (myldap_escape(protocol,safeprotocol,sizeof(safeprotocol))) return -1; return mysnprintf(buffer,buflen, "(&%s(%s=%d)(%s=%s))", service_filter, attmap_service_ipServicePort,number, attmap_service_ipServiceProtocol,safeprotocol); } else return mysnprintf(buffer,buflen, "(&%s(%s=%d))", service_filter, attmap_service_ipServicePort,number); } void service_init(void) { int i; /* set up search bases */ if (service_bases[0]==NULL) for (i=0;ildc_bases[i]; /* set up scope */ if (service_scope==LDAP_SCOPE_DEFAULT) service_scope=nslcd_cfg->ldc_scope; /* set up attribute list */ service_attrs[0]=attmap_service_cn; service_attrs[1]=attmap_service_ipServicePort; service_attrs[2]=attmap_service_ipServiceProtocol; service_attrs[3]=NULL; } static int write_service(TFILE *fp,MYLDAP_ENTRY *entry, const char *reqname,const char *reqprotocol) { int32_t tmpint32,tmp2int32,tmp3int32; const char *name; const char **aliases; const char **ports; const char **protocols; char *tmp; long port; int i; /* get the most canonical name */ name=myldap_get_rdn_value(entry,attmap_service_cn); /* get the other names for the service entries */ aliases=myldap_get_values(entry,attmap_service_cn); if ((aliases==NULL)||(aliases[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_service_cn); return 0; } /* if the service name is not yet found, get the first entry */ if (name==NULL) name=aliases[0]; /* check case of returned services entry */ if ((reqname!=NULL)&&(STR_CMP(reqname,name)!=0)) { for (i=0;(aliases[i]!=NULL)&&(STR_CMP(reqname,aliases[i])!=0);i++) /* nothing here */ ; if (aliases[i]==NULL) return 0; /* neither the name nor any of the aliases matched */ } /* get the service number */ ports=myldap_get_values(entry,attmap_service_ipServicePort); if ((ports==NULL)||(ports[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_service_ipServicePort); return 0; } else if (ports[1]!=NULL) { log_log(LOG_WARNING,"%s: %s: multiple values", myldap_get_dn(entry),attmap_service_ipServicePort); } errno=0; port=strtol(ports[0],&tmp,10); if ((*(ports[0])=='\0')||(*tmp!='\0')) { log_log(LOG_WARNING,"%s: %s: non-numeric value", myldap_get_dn(entry),attmap_service_ipServicePort); return 0; } else if ((errno!=0)||(port<=0)||(port>UINT16_MAX)) { log_log(LOG_WARNING,"%s: %s: out of range", myldap_get_dn(entry),attmap_service_ipServicePort); return 0; } /* get protocols */ protocols=myldap_get_values(entry,attmap_service_ipServiceProtocol); if ((protocols==NULL)||(protocols[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_service_ipServiceProtocol); return 0; } /* write the entries */ for (i=0;protocols[i]!=NULL;i++) if ((reqprotocol==NULL)||(*reqprotocol=='\0')||(STR_CMP(reqprotocol,protocols[i])==0)) { WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_STRING(fp,name); WRITE_STRINGLIST_EXCEPT(fp,aliases,name); /* port number is actually a 16-bit value but we write 32 bits anyway */ WRITE_INT32(fp,port); WRITE_STRING(fp,protocols[i]); } return 0; } NSLCD_HANDLE( service,byname, char name[256]; char protocol[256]; char filter[4096]; READ_STRING(fp,name); READ_STRING(fp,protocol); log_setrequest("service=\"%s\"%s%s",name,*protocol!='\0'?"/":"",protocol);, NSLCD_ACTION_SERVICE_BYNAME, mkfilter_service_byname(name,protocol,filter,sizeof(filter)), write_service(fp,entry,name,protocol) ) NSLCD_HANDLE( service,bynumber, int number; char protocol[256]; char filter[4096]; READ_INT32(fp,number); READ_STRING(fp,protocol); log_setrequest("service=%lu%s%s",(unsigned long int)number,*protocol!='\0'?"/":"",protocol);, NSLCD_ACTION_SERVICE_BYNUMBER, mkfilter_service_bynumber(number,protocol,filter,sizeof(filter)), write_service(fp,entry,NULL,protocol) ) NSLCD_HANDLE( service,all, const char *filter; log_setrequest("service(all)");, NSLCD_ACTION_SERVICE_ALL, (filter=service_filter,0), write_service(fp,entry,NULL,NULL) ) nss-pam-ldapd-0.8.13/nslcd/attmap.c0000644000175000001440000002436511632434104013725 00000000000000/* attmap.c - attribute mapping values and functions This file is part of the nss-pam-ldapd library. Copyright (C) 2007, 2008, 2009, 2010, 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include "attmap.h" #include "log.h" #include "common/expr.h" /* these are the bases that are defined per database */ extern const char *alias_bases[]; extern const char *ether_bases[]; extern const char *group_bases[]; extern const char *host_bases[]; extern const char *netgroup_bases[]; extern const char *network_bases[]; extern const char *passwd_bases[]; extern const char *protocol_bases[]; extern const char *rpc_bases[]; extern const char *service_bases[]; extern const char *shadow_bases[]; const char **base_get_var(enum ldap_map_selector map) { switch (map) { case LM_ALIASES: return alias_bases; case LM_ETHERS: return ether_bases; case LM_GROUP: return group_bases; case LM_HOSTS: return host_bases; case LM_NETGROUP: return netgroup_bases; case LM_NETWORKS: return network_bases; case LM_PASSWD: return passwd_bases; case LM_PROTOCOLS: return protocol_bases; case LM_RPC: return rpc_bases; case LM_SERVICES: return service_bases; case LM_SHADOW: return shadow_bases; case LM_NONE: default: return NULL; } } /* these are the scopes that are defined per database */ extern int alias_scope; extern int ether_scope; extern int group_scope; extern int host_scope; extern int netgroup_scope; extern int network_scope; extern int passwd_scope; extern int protocol_scope; extern int rpc_scope; extern int service_scope; extern int shadow_scope; int *scope_get_var(enum ldap_map_selector map) { switch (map) { case LM_ALIASES: return &alias_scope; case LM_ETHERS: return ðer_scope; case LM_GROUP: return &group_scope; case LM_HOSTS: return &host_scope; case LM_NETGROUP: return &netgroup_scope; case LM_NETWORKS: return &network_scope; case LM_PASSWD: return &passwd_scope; case LM_PROTOCOLS: return &protocol_scope; case LM_RPC: return &rpc_scope; case LM_SERVICES: return &service_scope; case LM_SHADOW: return &shadow_scope; case LM_NONE: default: return NULL; } } /* these are the filters that are defined per database */ extern const char *alias_filter; extern const char *ether_filter; extern const char *group_filter; extern const char *host_filter; extern const char *netgroup_filter; extern const char *network_filter; extern const char *passwd_filter; extern const char *protocol_filter; extern const char *rpc_filter; extern const char *service_filter; extern const char *shadow_filter; const char **filter_get_var(enum ldap_map_selector map) { switch (map) { case LM_ALIASES: return &alias_filter; case LM_ETHERS: return ðer_filter; case LM_GROUP: return &group_filter; case LM_HOSTS: return &host_filter; case LM_NETGROUP: return &netgroup_filter; case LM_NETWORKS: return &network_filter; case LM_PASSWD: return &passwd_filter; case LM_PROTOCOLS: return &protocol_filter; case LM_RPC: return &rpc_filter; case LM_SERVICES: return &service_filter; case LM_SHADOW: return &shadow_filter; case LM_NONE: default: return NULL; } } const char **attmap_get_var(enum ldap_map_selector map,const char *name) { if (map==LM_ALIASES) { if (strcasecmp(name,"cn")==0) return &attmap_alias_cn; if (strcasecmp(name,"rfc822MailMember")==0) return &attmap_alias_rfc822MailMember; } else if (map==LM_ETHERS) { if (strcasecmp(name,"cn")==0) return &attmap_ether_cn; if (strcasecmp(name,"macAddress")==0) return &attmap_ether_macAddress; } else if (map==LM_GROUP) { if (strcasecmp(name,"cn")==0) return &attmap_group_cn; if (strcasecmp(name,"userPassword")==0) return &attmap_group_userPassword; if (strcasecmp(name,"gidNumber")==0) return &attmap_group_gidNumber; if (strcasecmp(name,"memberUid")==0) return &attmap_group_memberUid; if (strcasecmp(name,"member")==0) return &attmap_group_member; } else if (map==LM_HOSTS) { if (strcasecmp(name,"cn")==0) return &attmap_host_cn; if (strcasecmp(name,"ipHostNumber")==0) return &attmap_host_ipHostNumber; } else if (map==LM_NETGROUP) { if (strcasecmp(name,"cn")==0) return &attmap_netgroup_cn; if (strcasecmp(name,"nisNetgroupTriple")==0) return &attmap_netgroup_nisNetgroupTriple; if (strcasecmp(name,"memberNisNetgroup")==0) return &attmap_netgroup_memberNisNetgroup; } else if (map==LM_NETWORKS) { if (strcasecmp(name,"cn")==0) return &attmap_network_cn; if (strcasecmp(name,"ipNetworkNumber")==0) return &attmap_network_ipNetworkNumber; } else if (map==LM_PASSWD) { if (strcasecmp(name,"uid")==0) return &attmap_passwd_uid; if (strcasecmp(name,"userPassword")==0) return &attmap_passwd_userPassword; if (strcasecmp(name,"uidNumber")==0) return &attmap_passwd_uidNumber; if (strcasecmp(name,"gidNumber")==0) return &attmap_passwd_gidNumber; if (strcasecmp(name,"gecos")==0) return &attmap_passwd_gecos; if (strcasecmp(name,"homeDirectory")==0) return &attmap_passwd_homeDirectory; if (strcasecmp(name,"loginShell")==0) return &attmap_passwd_loginShell; } else if (map==LM_PROTOCOLS) { if (strcasecmp(name,"cn")==0) return &attmap_protocol_cn; if (strcasecmp(name,"ipProtocolNumber")==0) return &attmap_protocol_ipProtocolNumber; } else if (map==LM_RPC) { if (strcasecmp(name,"cn")==0) return &attmap_rpc_cn; if (strcasecmp(name,"oncRpcNumber")==0) return &attmap_rpc_oncRpcNumber; } else if (map==LM_SERVICES) { if (strcasecmp(name,"cn")==0) return &attmap_service_cn; if (strcasecmp(name,"ipServicePort")==0) return &attmap_service_ipServicePort; if (strcasecmp(name,"ipServiceProtocol")==0) return &attmap_service_ipServiceProtocol; } else if (map==LM_SHADOW) { if (strcasecmp(name,"uid")==0) return &attmap_shadow_uid; if (strcasecmp(name,"userPassword")==0) return &attmap_shadow_userPassword; if (strcasecmp(name,"shadowLastChange")==0) return &attmap_shadow_shadowLastChange; if (strcasecmp(name,"shadowMin")==0) return &attmap_shadow_shadowMin; if (strcasecmp(name,"shadowMax")==0) return &attmap_shadow_shadowMax; if (strcasecmp(name,"shadowWarning")==0) return &attmap_shadow_shadowWarning; if (strcasecmp(name,"shadowInactive")==0) return &attmap_shadow_shadowInactive; if (strcasecmp(name,"shadowExpire")==0) return &attmap_shadow_shadowExpire; if (strcasecmp(name,"shadowFlag")==0) return &attmap_shadow_shadowFlag; } return NULL; } const char *attmap_set_mapping(const char **var,const char *value) { /* check if we are setting an expression */ if (value[0]=='"') { /* these attributes may contain an expression (note that this needs to match the functionality in the specific lookup module) */ if ( (var!=&attmap_group_userPassword) && (var!=&attmap_passwd_userPassword) && (var!=&attmap_passwd_gidNumber) && (var!=&attmap_passwd_gecos) && (var!=&attmap_passwd_homeDirectory) && (var!=&attmap_passwd_loginShell) && (var!=&attmap_shadow_userPassword) && (var!=&attmap_shadow_shadowLastChange) && (var!=&attmap_shadow_shadowMin) && (var!=&attmap_shadow_shadowMax) && (var!=&attmap_shadow_shadowWarning) && (var!=&attmap_shadow_shadowInactive) && (var!=&attmap_shadow_shadowExpire) && (var!=&attmap_shadow_shadowFlag) ) return NULL; } /* check if the value will be changed */ if ( (*var==NULL) || (strcmp(*var,value)!=0) ) *var=strdup(value); return *var; } static const char *entry_expand(const char *name,void *expander_attr) { MYLDAP_ENTRY *entry=(MYLDAP_ENTRY *)expander_attr; const char **values; if (strcasecmp(name,"dn")==0) return myldap_get_dn(entry); values=myldap_get_values(entry,name); if (values==NULL) return ""; /* TODO: handle userPassword attribute specially */ if ((values[0]!=NULL)&&(values[1]!=NULL)) { log_log(LOG_WARNING,"%s: %s: multiple values", myldap_get_dn(entry),name); } return values[0]; } const char *attmap_get_value(MYLDAP_ENTRY *entry,const char *attr,char *buffer,size_t buflen) { const char **values; /* check and clear buffer */ if ((buffer==NULL)||(buflen<=0)) return NULL; buffer[0]='\0'; /* for simple values just return the attribute */ if (attr[0]!='"') { values=myldap_get_values(entry,attr); if ((values==NULL)||(values[0]==NULL)) return NULL; strncpy(buffer,values[0],buflen); buffer[buflen-1]='\0'; return buffer; /* TODO: maybe warn when multiple values are found */ } /* we have an expression, try to parse */ if ( (attr[strlen(attr)-1]!='"') || (expr_parse(attr+1,buffer,buflen,entry_expand,(void *)entry)==NULL) ) { log_log(LOG_ERR,"attribute mapping %s is invalid",attr); buffer[0]='\0'; return NULL; } /* strip trailing " */ if (buffer[strlen(buffer)-1]=='"') buffer[strlen(buffer)-1]='\0'; return buffer; } SET *attmap_add_attributes(SET *set,const char *attr) { if (attr[0]!='\"') set_add(set,attr); else expr_vars(attr,set); return set; } nss-pam-ldapd-0.8.13/nslcd/myldap.h0000644000175000001440000001533711617050700013730 00000000000000/* myldap.h - simple interface to do LDAP requests This file is part of the nss-pam-ldapd library. Copyright (C) 2007, 2008, 2009, 2010, 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ /* This file describes the API of the myldap module which takes the complexity out of using the OpenLDAP library. Memory management, paging, reconnect logic, idle timeout of connections, etc is taken care of by the module. Use of this module is very straightforeward. You first have to create a session (with myldap_create_session()), with this session you can start searches (with myldap_search()), from a search you can get entries (with myldap_get_entry()) from the LDAP database and from these entries you can get attribute values (with myldap_get_values()). */ #ifndef NSLCD__MYLDAP_H #define NSLCD__MYLDAP_H /* for size_t */ #include /* for LDAP_SCOPE_* */ #include #include #include "compat/attrs.h" #ifndef LDAP_SCOPE_DEFAULT #define LDAP_SCOPE_DEFAULT LDAP_SCOPE_SUBTREE #endif /* not LDAP_SCOPE_DEFAULT */ /* This a a generic session handle. */ typedef struct ldap_session MYLDAP_SESSION; /* Note that this session handle may be used within one thread only. No locking is performed to prevent concurrent modifications. Most LDAP libraries also are not thread-safe in that a single connection may be shared by multiple threads. It seems however that OpenLDAP at least does not have any problems with an LDAP *ld per thread. http://www.openldap.org/lists/openldap-software/200606/msg00252.html */ /* A result set as returned by myldap_search(). */ typedef struct myldap_search MYLDAP_SEARCH; /* A single entry from the LDAP database as returned by myldap_get_entry(). */ typedef struct myldap_entry MYLDAP_ENTRY; /* Create a new session, this does not yet connect to the LDAP server. The connection to the server is made on-demand when a search is performed. This uses the configuration to find the URLs to attempt connections to. */ MUST_USE MYLDAP_SESSION *myldap_create_session(void); /* Set alternative credentials for the session. */ void myldap_set_credentials(MYLDAP_SESSION *session,const char *dn, const char *password); /* Closes all pending searches and deallocates any memory that is allocated with these searches. This does not close the session. */ void myldap_session_cleanup(MYLDAP_SESSION *session); /* This checks the timeout value of the session and closes the connection to the LDAP server if the timeout has expired and there are no pending searches. */ void myldap_session_check(MYLDAP_SESSION *session); /* Close the session and free all the resources allocated for the session. After a call to this function the referenced handle is invalid. */ void myldap_session_close(MYLDAP_SESSION *session); /* Do an LDAP search and return a reference to the results (returns NULL on error). This function uses paging, and does reconnects to the configured URLs transparently. The function returns an LDAP status code in the location pointed to by rcp if it is non-NULL. */ MUST_USE MYLDAP_SEARCH *myldap_search( MYLDAP_SESSION *session, const char *base,int scope,const char *filter,const char **attrs, int *rcp); /* Close the specified search. This frees all the memory that was allocated for the search and its results. */ void myldap_search_close(MYLDAP_SEARCH *search); /* Get an entry from the result set, going over all results (returns NULL if no more entries are available). Note that any memory allocated to return information about the previous entry (e.g. with myldap_get_values()) is freed with this call. The search is autoamtically closed when no more results are available. The function returns an LDAP status code in the location pointed to by rcp if it is non-NULL. */ MUST_USE MYLDAP_ENTRY *myldap_get_entry(MYLDAP_SEARCH *search,int *rcp); /* Get the DN from the entry. This function does not return NULL (on error "unknown" is returned). */ MUST_USE const char *myldap_get_dn(MYLDAP_ENTRY *entry); /* Just like myldap_get_dn() but copies the result into the buffer. */ char *myldap_cpy_dn(MYLDAP_ENTRY *entry,char *buf,size_t buflen); /* Get the attribute values from a certain entry as a NULL terminated list. May return NULL or an empty array. */ MUST_USE const char **myldap_get_values(MYLDAP_ENTRY *entry,const char *attr); /* Get the attribute values from a certain entry as a NULL terminated list. May return NULL or an empty array. */ MUST_USE const char **myldap_get_values_len(MYLDAP_ENTRY *entry,const char *attr); /* Checks to see if the entry has the specified object class. */ MUST_USE int myldap_has_objectclass(MYLDAP_ENTRY *entry,const char *objectclass); /* Get the RDN's value: eg. if the DN was cn=lukeh, ou=People, dc=example, dc=com getrdnvalue(entry,cn) would return lukeh. If the attribute was not found in the DN or if some error occurs NULL is returned. This method may be used to get the "most authorative" value for an attribute. */ MUST_USE const char *myldap_get_rdn_value(MYLDAP_ENTRY *entry,const char *attr); /* Just like myldap_get_rdn_value() but use the supplied character sequence and copies the result into the buffer. Returns a pointer to the start of the string on success and NULL on failure. */ MUST_USE const char *myldap_cpy_rdn_value(const char *dn,const char *attr, char *buf,size_t buflen); /* Escapes characters in a string for use in a search filter. */ MUST_USE int myldap_escape(const char *src,char *buffer,size_t buflen); /* Set the debug level globally. Returns an LDAP status code. */ int myldap_set_debuglevel(int level); /* Perform an EXOP password modification call. Returns an LDAP status code. */ int myldap_passwd( MYLDAP_SESSION *session, const char *userdn,const char *oldpassword,const char *newpasswd); /* Perform an LDAP modification request. Returns an LDAP status code. */ int myldap_modify(MYLDAP_SESSION *session,const char *dn,LDAPMod *mods[]); #endif /* not NSLCD__MYLDAP_H */ nss-pam-ldapd-0.8.13/nslcd/ether.c0000644000175000001440000001272012024621117013534 00000000000000/* ether.c - ethernet address entry lookup routines Parts of this file were part of the nss_ldap library (as ldap-ethers.c) which has been forked into the nss-pam-ldapd library. Copyright (C) 1997-2005 Luke Howard Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #ifdef HAVE_STDINT_H #include #endif /* HAVE_STDINT_H */ #include "common.h" #include "log.h" #include "myldap.h" #include "cfg.h" #include "attmap.h" #include "compat/ether.h" /* ( nisSchema.2.11 NAME 'ieee802Device' SUP top AUXILIARY * DESC 'A device with a MAC address; device SHOULD be * used as a structural class' * MAY macAddress ) */ /* the search base for searches */ const char *ether_bases[NSS_LDAP_CONFIG_MAX_BASES] = { NULL }; /* the search scope for searches */ int ether_scope = LDAP_SCOPE_DEFAULT; /* the basic search filter for searches */ const char *ether_filter = "(objectClass=ieee802Device)"; /* the attributes to request with searches */ const char *attmap_ether_cn = "cn"; const char *attmap_ether_macAddress = "macAddress"; /* the attribute list to request with searches */ static const char *ether_attrs[3]; /* create a search filter for searching an ethernet address by name, return -1 on errors */ static int mkfilter_ether_byname(const char *name, char *buffer,size_t buflen) { char safename[300]; /* escape attribute */ if(myldap_escape(name,safename,sizeof(safename))) return -1; /* build filter */ return mysnprintf(buffer,buflen, "(&%s(%s=%s))", ether_filter, attmap_ether_cn,safename); } static int mkfilter_ether_byether(const char *addrstr, char *buffer,size_t buflen) { /* FIXME: this has a bug when the directory has 01:00:0e:... and we're looking for 1:0:e:... (leading zeros) */ /* there should be no characters that need escaping */ /* build filter */ return mysnprintf(buffer,buflen, "(&%s(%s=%s))", ether_filter, attmap_ether_macAddress,addrstr); } void ether_init(void) { int i; /* set up search bases */ if (ether_bases[0]==NULL) for (i=0;ildc_bases[i]; /* set up scope */ if (ether_scope==LDAP_SCOPE_DEFAULT) ether_scope=nslcd_cfg->ldc_scope; /* set up attribute list */ ether_attrs[0]=attmap_ether_cn; ether_attrs[1]=attmap_ether_macAddress; ether_attrs[2]=NULL; } /* TODO: check for errors in aton() */ #define WRITE_ETHER(fp,addr) \ ether_aton_r(addr,&tmpaddr); \ WRITE_TYPE(fp,tmpaddr,uint8_t[6]); static int write_ether(TFILE *fp,MYLDAP_ENTRY *entry, const char *reqname,const char *reqether) { int32_t tmpint32; struct ether_addr tmpaddr; const char *tmparr[2]; const char **names,**ethers; int i,j; /* get the name of the ether entry */ names=myldap_get_values(entry,attmap_ether_cn); if ((names==NULL)||(names[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_ether_cn); return 0; } /* get the addresses */ if (reqether!=NULL) { ethers=tmparr; ethers[0]=reqether; ethers[1]=NULL; } else { ethers=myldap_get_values(entry,attmap_ether_macAddress); if ((ethers==NULL)||(ethers[0]==NULL)) { log_log(LOG_WARNING,"%s: %s: missing", myldap_get_dn(entry),attmap_ether_macAddress); return 0; } /* TODO: move parsing of addresses up here */ } /* write entries for all names and addresses */ for (i=0;names[i]!=NULL;i++) if ((reqname==NULL)||(strcasecmp(reqname,names[i])==0)) for (j=0;ethers[j]!=NULL;j++) { WRITE_INT32(fp,NSLCD_RESULT_BEGIN); WRITE_STRING(fp,names[i]); WRITE_ETHER(fp,ethers[j]); } return 0; } NSLCD_HANDLE( ether,byname, char name[256]; char filter[4096]; READ_STRING(fp,name); log_setrequest("ether=\"%s\"",name);, NSLCD_ACTION_ETHER_BYNAME, mkfilter_ether_byname(name,filter,sizeof(filter)), write_ether(fp,entry,name,NULL) ) NSLCD_HANDLE( ether,byether, struct ether_addr addr; char addrstr[20]; char filter[4096]; READ_TYPE(fp,addr,uint8_t[6]); if (ether_ntoa_r(&addr,addrstr)==NULL) return -1; log_setrequest("ether=%s",addrstr);, NSLCD_ACTION_ETHER_BYETHER, mkfilter_ether_byether(addrstr,filter,sizeof(filter)), write_ether(fp,entry,NULL,addrstr) ) NSLCD_HANDLE( ether,all, const char *filter; log_setrequest("ether(all)");, NSLCD_ACTION_ETHER_ALL, (filter=ether_filter,0), write_ether(fp,entry,NULL,NULL) ) nss-pam-ldapd-0.8.13/nslcd/log.c0000644000175000001440000001100411541144160013201 00000000000000/* log.c - logging funtions Copyright (C) 2002, 2003, 2008, 2010, 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include #include #include #include #include #include "log.h" /* set the logname */ #undef PACKAGE #define PACKAGE "nslcd" /* default loglevel when no logging is configured */ static int prelogging_loglevel=LOG_INFO; /* loglevel to use before logging to syslog */ static int loglevel=LOG_INFO; /* the session id that is set for this thread */ static __thread char *sessionid=NULL; /* the request identifier that is set for this thread */ static __thread char *requestid=NULL; #define MAX_REQUESTID_LENGTH 40 /* set loglevel when no logging is configured */ void log_setdefaultloglevel(int pri) { prelogging_loglevel=pri; } /* start the logging with the configured logging methods if no method is configured yet, logging is done to syslog */ void log_startlogging(void) { openlog(PACKAGE,LOG_PID,LOG_DAEMON); prelogging_loglevel=-1; } /* indicate that we should clear any session identifiers set by log_newsession */ void log_clearsession(void) { /* set the session id to empty */ if (sessionid!=NULL) sessionid[0]='\0'; /* set the request id to empty */ if (requestid!=NULL) requestid[0]='\0'; } /* indicate that a session id should be included in the output and set it to a new value */ void log_newsession(void) { /* ensure that sessionid can hold a string */ if (sessionid==NULL) { sessionid=(char *)malloc(7); if (sessionid==NULL) { fprintf(stderr,"malloc() failed: %s",strerror(errno)); return; /* silently fail */ } } sprintf(sessionid,"%06x",(int)(rand()&0xffffff)); /* set the request id to empty */ if (requestid!=NULL) requestid[0]='\0'; } /* indicate that a request identifier should be included in the output from this point on, until log_newsession() is called */ void log_setrequest(const char *format, ...) { va_list ap; /* ensure that requestid can hold a string */ if (requestid==NULL) { requestid=(char *)malloc(MAX_REQUESTID_LENGTH); if (requestid==NULL) { fprintf(stderr,"malloc() failed: %s",strerror(errno)); return; /* silently fail */ } } /* make the message */ va_start(ap,format); vsnprintf(requestid,MAX_REQUESTID_LENGTH,format,ap); requestid[MAX_REQUESTID_LENGTH-1]='\0'; va_end(ap); } /* log the given message using the configured logging method */ void log_log(int pri,const char *format, ...) { int res; char buffer[200]; va_list ap; /* make the message */ va_start(ap,format); res=vsnprintf(buffer,sizeof(buffer),format,ap); if ((res<0)||(res>=(int)sizeof(buffer))) { /* truncate with "..." */ buffer[sizeof(buffer)-2]='.'; buffer[sizeof(buffer)-3]='.'; buffer[sizeof(buffer)-4]='.'; } buffer[sizeof(buffer)-1]='\0'; va_end(ap); /* do the logging */ if (prelogging_loglevel>=0) { /* if logging is not yet defined, log to stderr */ if (pri<=prelogging_loglevel) { if ((requestid!=NULL)&&(requestid[0]!='\0')) fprintf(stderr,"%s: [%s] <%s> %s%s\n",PACKAGE,sessionid,requestid,pri==LOG_DEBUG?"DEBUG: ":"",buffer); else if ((sessionid!=NULL)&&(sessionid[0]!='\0')) fprintf(stderr,"%s: [%s] %s%s\n",PACKAGE,sessionid,pri==LOG_DEBUG?"DEBUG: ":"",buffer); else fprintf(stderr,"%s: %s%s\n",PACKAGE,pri==LOG_DEBUG?"DEBUG: ":"",buffer); } } else { if (pri<=loglevel) { if ((requestid!=NULL)&&(requestid[0]!='\0')) syslog(pri,"[%s] <%s> %s",sessionid,requestid,buffer); else if ((sessionid!=NULL)&&(sessionid[0]!='\0')) syslog(pri,"[%s] %s",sessionid,buffer); else syslog(pri,"%s",buffer); } } } nss-pam-ldapd-0.8.13/nslcd/common.c0000644000175000001440000002040511756243516013732 00000000000000/* common.c - common server code routines This file is part of the nss-pam-ldapd library. Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include "nslcd.h" #include "common.h" #include "log.h" #include "attmap.h" #include "cfg.h" /* simple wrapper around snptintf() to return non-0 in case of any failure (but always keep string 0-terminated) */ int mysnprintf(char *buffer,size_t buflen,const char *format, ...) { int res; va_list ap; /* do snprintf */ va_start(ap,format); res=vsnprintf(buffer,buflen,format,ap); va_end(ap); /* NULL-terminate the string just to be on the safe side */ buffer[buflen-1]='\0'; /* check if the string was completely written */ return ((res<0)||(((size_t)res)>=buflen)); } /* return the fully qualified domain name of the current host */ const char *getfqdn(void) { static char *fqdn=NULL; char hostname[HOST_NAME_MAX+1]; int hostnamelen; int i; struct hostent *host=NULL; /* if we already have a fqdn return that */ if (fqdn!=NULL) return fqdn; /* get system hostname */ if (gethostname(hostname,sizeof(hostname))<0) { log_log(LOG_ERR,"gethostname() failed: %s",strerror(errno)); return NULL; } hostnamelen=strlen(hostname); /* lookup hostent */ host=gethostbyname(hostname); if (host==NULL) { log_log(LOG_ERR,"gethostbyname(%s): %s",hostname,hstrerror(h_errno)); /* fall back to hostname */ fqdn=strdup(hostname); return fqdn; } /* check h_name for fqdn starting with our hostname */ if ((strncasecmp(hostname,host->h_name,hostnamelen)==0)&& (host->h_name[hostnamelen]=='.')&& (host->h_name[hostnamelen+1]!='\0')) { fqdn=strdup(host->h_name); return fqdn; } /* also check h_aliases */ for (i=0;host->h_aliases[i]!=NULL;i++) { if ((strncasecmp(hostname,host->h_aliases[i],hostnamelen)==0)&& (host->h_aliases[i][hostnamelen]=='.')&& (host->h_aliases[i][hostnamelen+1]!='\0')) { fqdn=strdup(host->h_aliases[i]); return fqdn; } } /* fall back to h_name if it has a dot in it */ if (strchr(host->h_name,'.')!=NULL) { fqdn=strdup(host->h_name); return fqdn; } /* also check h_aliases */ for (i=0;host->h_aliases[i]!=NULL;i++) { if (strchr(host->h_aliases[i],'.')!=NULL) { fqdn=strdup(host->h_aliases[i]); return fqdn; } } /* nothing found, fall back to hostname */ fqdn=strdup(hostname); return fqdn; } const char *get_userpassword(MYLDAP_ENTRY *entry,const char *attr,char *buffer,size_t buflen) { const char *tmpvalue; /* get the value */ tmpvalue=attmap_get_value(entry,attr,buffer,buflen); if (tmpvalue==NULL) return NULL; /* go over the entries and return the remainder of the value if it starts with {crypt} or crypt$ */ if (strncasecmp(tmpvalue,"{crypt}",7)==0) return tmpvalue+7; if (strncasecmp(tmpvalue,"crypt$",6)==0) return tmpvalue+6; /* just return the first value completely */ return tmpvalue; /* TODO: support more password formats e.g. SMD5 (which is $1$ but in a different format) (any code for this is more than welcome) */ } /* Checks if the specified name seems to be a valid user or group name. */ int isvalidname(const char *name) { return regexec(&nslcd_cfg->validnames,name,0,NULL,0)==0; } /* this writes a single address to the stream */ int write_address(TFILE *fp,MYLDAP_ENTRY *entry,const char *attr, const char *addr) { int32_t tmpint32; struct in_addr ipv4addr; struct in6_addr ipv6addr; /* try to parse the address as IPv4 first, fall back to IPv6 */ if (inet_pton(AF_INET,addr,&ipv4addr)>0) { /* write address type */ WRITE_INT32(fp,AF_INET); /* write the address length */ WRITE_INT32(fp,sizeof(struct in_addr)); /* write the address itself (in network byte order) */ WRITE_TYPE(fp,ipv4addr,struct in_addr); } else if (inet_pton(AF_INET6,addr,&ipv6addr)>0) { /* write address type */ WRITE_INT32(fp,AF_INET6); /* write the address length */ WRITE_INT32(fp,sizeof(struct in6_addr)); /* write the address itself (in network byte order) */ WRITE_TYPE(fp,ipv6addr,struct in6_addr); } else { /* failure, log but write simple invalid address (otherwise the address list is messed up) */ /* TODO: have error message in correct format */ log_log(LOG_WARNING,"%s: %s: \"%s\" unparseble", myldap_get_dn(entry),attmap_ether_cn,addr); /* write an illegal address type */ WRITE_INT32(fp,-1); /* write an emtpy address */ WRITE_INT32(fp,0); } /* we're done */ return 0; } int read_address(TFILE *fp,char *addr,int *addrlen,int *af) { int32_t tmpint32; int len; /* read address family */ READ_INT32(fp,*af); if ((*af!=AF_INET)&&(*af!=AF_INET6)) { log_log(LOG_WARNING,"incorrect address family specified: %d",*af); return -1; } /* read address length */ READ_INT32(fp,len); if ((len>*addrlen)||(len<=0)) { log_log(LOG_WARNING,"address length incorrect: %d",len); return -1; } *addrlen=len; /* read address */ READ(fp,addr,len); /* we're done */ return 0; } /* convert the provided string representation of a sid (e.g. S-1-5-21-1936905831-823966427-12391542-23578) to a format that can be used to search the objectSid property with */ char *sid2search(const char *sid) { const char *tmpsid=sid; char *res,*tmp; int i=0; long int l; /* check the beginning of the string */ if (strncasecmp(sid,"S-",2)!=0) { log_log(LOG_ERR,"error in SID %s",sid); exit(EXIT_FAILURE); } /* count the number of dashes in the sid */ while (tmpsid!=NULL) { i++; tmpsid=strchr(tmpsid+1,'-'); } i-=2; /* number of security ids plus one because we add the uid later */ /* allocate memory */ res=malloc(3+3+6*3+i*4*3+1); if (res==NULL) { log_log(LOG_CRIT,"malloc() failed to allocate memory"); exit(1); } /* build the first part */ l=strtol(sid+2,&tmp,10); sprintf(res,"\\%02x\\%02x",(int)l&0xff,(int)i); /* build authority part (we only handle 32 of the 48 bits) */ l=strtol(tmp+1,&tmp,10); sprintf(res+strlen(res),"\\00\\00\\%02x\\%02x\\%02x\\%02x", (int)((l>>24)&0xff),(int)((l>>16)&0xff),(int)((l>>8)&0xff),(int)(l&0xff)); /* go over the rest of the bits */ while (*tmp!='\0') { l=strtol(tmp+1,&tmp,10); sprintf(res+strlen(res),"\\%02x\\%02x\\%02x\\%02x", (int)(l&0xff),(int)((l>>8)&0xff),(int)((l>>16)&0xff),(int)((l>>24)&0xff)); } return res; } /* return the last security identifier of the binary sid */ long int binsid2id(const char *binsid) { int i; /* find the position of the last security id */ i=2+6+((((int)binsid[1])&0xff)-1)*4; return (((long int)binsid[i])&0xff)|((((long int)binsid[i+1])&0xff)<<8)| ((((long int)binsid[i+2])&0xff)<<16)|((((long int)binsid[i+3])&0xff)<<24); } #ifdef WANT_STRTOUI /* provide a strtoui() implementation, similar to strtoul() but returning an range-checked unsigned int instead */ unsigned int strtoui(const char *nptr,char **endptr,int base) { unsigned long val; val=strtoul(nptr,endptr,base); if (val>UINT_MAX) { errno=ERANGE; return UINT_MAX; } /* If errno was set by strtoul, we'll pass it back as-is */ return (unsigned int)val; } #endif /* WANT_STRTOUI */ nss-pam-ldapd-0.8.13/tests/0000755000175000001440000000000012141476127012407 500000000000000nss-pam-ldapd-0.8.13/tests/nslcd-test.conf0000644000175000001440000000116612031652462015256 00000000000000# nslcd-test.conf # nslcd configuration file for test environment. # See nslcd.conf(5) for details. # The location at which the LDAP server(s) should be reachable. uri ldap://127.0.0.1/ # The search base that will be used for all queries. base dc=test,dc=tld # The LDAP protocol version to use. #ldap_version 3 # The DN to bind with for normal lookups. #binddn cn=annonymous,dc=example,dc=net #bindpw *removed* # The search scope. #scope sub # The number of answers to request in a single search. #pagesize 100 # The timeout for network operations. timelimit 2 bind_timelimit 4 reconnect_sleeptime 4 reconnect_retrytime 10 nss-pam-ldapd-0.8.13/tests/test_nsscmds.sh0000755000175000001440000007444612141445252015411 00000000000000#!/bin/sh # test_nsscmds.sh - simple test script to check output of name lookup commands # # Copyright (C) 2007, 2008, 2009, 2010, 2011, 2013 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA # This script expects to be run in an environment where nss-pam-ldapd # is deployed with an LDAP server with the proper content (and nslcd running). # It's probably best to run this in an environment without nscd (this breaks # the services tests). set -e # find source directory srcdir="${srcdir-`dirname "$0"`}" # ensure that we are running in the test environment . "$srcdir/in_testenv.sh" # preload our own NSS module LD_PRELOAD="$srcdir/../nss/nss_ldap.so" export LD_PRELOAD # the total number of errors FAIL=0 check() { # the command to execute cmd="$1" # save the expected output expectfile=`mktemp -t expected.XXXXXX 2> /dev/null || tempfile -s .expected 2> /dev/null` cat > "$expectfile" # run the command echo 'test_nsscmds.sh: checking "'"$cmd"'"' actualfile=`mktemp -t actual.XXXXXX 2> /dev/null || tempfile -s .actual 2> /dev/null` eval "$cmd" > "$actualfile" 2>&1 || true # check for differences diff -Nauwi "$expectfile" "$actualfile" || FAIL=`expr $FAIL + 1` # remove temporary files rm "$expectfile" "$actualfile" } ########################################################################### if grep '^aliases.*ldap' /etc/nsswitch.conf > /dev/null 2>&1 then echo "test_nsscmds.sh: testing aliases..." # note that this doesn't work if /etc/aliases contains anything # check all aliases check "getent aliases|sort" << EOM bar2: foobar@example.com bar: foobar@example.com foo: bar@example.com EOM # get alias by name check "getent aliases foo" << EOM foo: bar@example.com EOM # get alias by second name check "getent aliases bar2" << EOM bar2: foobar@example.com EOM # get alias by different case check "getent aliases FOO" << EOM foo: bar@example.com EOM fi # end of aliases tests ########################################################################### if grep '^ethers.*ldap' /etc/nsswitch.conf > /dev/null 2>&1 then echo "test_nsscmds.sh: testing ether..." # get an entry by hostname check "getent ethers testhost" << EOM 0:18:8a:54:1a:8e testhost EOM # get an entry by alias name check "getent ethers testhostalias" << EOM 0:18:8a:54:1a:8e testhostalias EOM # get an entry by hostname with different case check "getent ethers TESTHOST" << EOM 0:18:8a:54:1a:8e testhost EOM # get an entry by ethernet address check "getent ethers 0:18:8a:54:1a:8b" << EOM 0:18:8a:54:1a:8b testhost2 EOM # get entry by ip address # this does not currently work, but maybe it should #check "getent ethers 10.0.0.1" << EOM #0:18:8a:54:1a:8e testhost #EOM # get all ethers (unsupported) check "getent ethers" << EOM Enumeration not supported on ethers EOM fi # end of ethers tests ########################################################################### if grep '^group.*ldap' /etc/nsswitch.conf > /dev/null 2>&1 then echo "test_nsscmds.sh: testing group..." # function to sort group members of a group sortgroup() { while read line do group="$(echo "$line" | sed 's/^\(.*:.*:.*:\).*/\1/')" members="$(echo "$line" | sed 's/^.*:.*:.*://' | tr ',' '\n' | sort | tr '\n' ',' | sed 's/,$//')" echo "${group}${members}" done } check "getent group testgroup | sortgroup" << EOM testgroup:*:6100:arthur,test,testuser4 EOM # this does not work because users is in /etc/group but it would # be nice if libc supported this #check "getent group users" << EOM #users:*:100:arthur,test #EOM # group with different case should not be found check "getent group TESTGROUP" << EOM EOM check "getent group 6100 | sortgroup" << EOM testgroup:*:6100:arthur,test,testuser4 EOM check "groups arthur | sed 's/^.*://'" << EOM users testgroup testgroup2 grp4 grp5 grp6 grp7 grp8 grp9 grp10 grp11 grp12 grp13 grp14 grp15 grp16 grp17 grp18 EOM check "groups testuser4 | sed 's/^.*://'" << EOM users testgroup testgroup2 EOM check "getent group | egrep '^(testgroup|users):' | sortgroup" << EOM users:x:100: testgroup:*:6100:arthur,test,testuser4 users:*:100:arthur,test EOM check "getent group | wc -l" << EOM `grep -c : /etc/group | awk '{print $1 + 20}'` EOM check "getent group | grep ^largegroup | sortgroup" << EOM largegroup:*:1005:akraskouskas,alat,ameisinger,bdevera,behrke,bmoldan,btempel,cjody,clouder,cmanno,dbye,dciviello,dfirpo,dgivliani,dgosser,emcquiddy,enastasi,fcunard,gcubbison,gdaub,gdreitzler,ghanauer,gpomerance,gsusoev,gtinnel,gvollrath,gzuhlke,hgalavis,hhaffey,hhydrick,hmachesky,hpaek,hpolk,hsweezer,htomlinson,hzagami,igurwell,ihashbarger,jyeater,kbradbury,khathway,kklavetter,lbuchtel,lgandee,lkhubba,lmauracher,lseehafer,lvittum,mblanchet,mbodley,mciaccia,mjuris,ndipanfilo,nfilipek,nfunchess,ngata,ngullett,nkraker,nriofrio,nroepke,nrybij,oclunes,oebrani,okveton,osaines,otrevor,pdossous,phaye,psowa,purquilla,rkoonz,rlatessa,rworkowski,sdebry,sgurski,showe,slaforge,tabdelal,testusr2,testusr3,tfalconeri,tpaa,uschweyen,utrezize,vchevalier,vdelnegro,vleyton,vmedici,vmigliori,vpender,vwaltmann,wbrettschneide,wselim,wvalcin,wworf,yautin,ykisak,zgingrich,znightingale,zwinterbottom EOM check "getent group largegroup | sortgroup" << EOM largegroup:*:1005:akraskouskas,alat,ameisinger,bdevera,behrke,bmoldan,btempel,cjody,clouder,cmanno,dbye,dciviello,dfirpo,dgivliani,dgosser,emcquiddy,enastasi,fcunard,gcubbison,gdaub,gdreitzler,ghanauer,gpomerance,gsusoev,gtinnel,gvollrath,gzuhlke,hgalavis,hhaffey,hhydrick,hmachesky,hpaek,hpolk,hsweezer,htomlinson,hzagami,igurwell,ihashbarger,jyeater,kbradbury,khathway,kklavetter,lbuchtel,lgandee,lkhubba,lmauracher,lseehafer,lvittum,mblanchet,mbodley,mciaccia,mjuris,ndipanfilo,nfilipek,nfunchess,ngata,ngullett,nkraker,nriofrio,nroepke,nrybij,oclunes,oebrani,okveton,osaines,otrevor,pdossous,phaye,psowa,purquilla,rkoonz,rlatessa,rworkowski,sdebry,sgurski,showe,slaforge,tabdelal,testusr2,testusr3,tfalconeri,tpaa,uschweyen,utrezize,vchevalier,vdelnegro,vleyton,vmedici,vmigliori,vpender,vwaltmann,wbrettschneide,wselim,wvalcin,wworf,yautin,ykisak,zgingrich,znightingale,zwinterbottom EOM check "getent group | grep ^hugegroup | sortgroup" << EOM hugegroup:*:1006:ablackstock,abortignon,achhor,ademosthenes,adenicola,adishaw,aesbensen,aferge,afredin,afuchs,agarbett,agimm,agordner,ahandy,ajaquess,akertzman,akomsthoeft,akraskouskas,akravetz,alamour,alat,alienhard,amanganelli,amaslyn,amayorga,amccroskey,amcgraw,amckinney,ameisinger,aponcedeleon,apurdon,areid,arosel,ascheno,ascovel,asemons,ashuey,asivley,astrunk,atollefsrud,atonkin,awhitt,aziernicki,badair,baigner,bbeckfield,bbrenton,bcoletta,bcolorado,bdadds,bdaughenbaugh,bdevera,bdominga,behrke,beon,bfishbeck,bgavagan,bguthary,bharnois,bhelverson,bjolly,blovig,bluellen,bmadamba,bmarlin,bmarszalek,bmicklos,bmoling,bouten,bphou,bpinedo,brodgerson,broher,bromano,bscadden,bsibal,bstrede,bswantak,btempel,btheim,bveeneman,bwinterton,bwynes,cabare,carguellez,cbarlup,cbartnick,cbelardo,cbleimehl,cbotdorf,cbourek,cbrechbill,cbrom,ccyganiewicz,cdeckard,cdegravelle,cdickes,cdrumm,cfasone,cflenner,cfleurantin,cgaler,cgalinol,cgaudette,cghianni,charriman,cjody,cjuntunen,ckerska,ckistenmacher,cklem,ckodish,clapenta,clewicki,clouder,cmafnas,cmanno,cmcanulty,cmellberg,cmiramon,cnabzdyk,cnoriego,cpaccione,cpalmios,cparee,cpencil,cpentreath,cpinela,cpluid,critchie,cscullion,csever,csoomaroo,cspilis,cswigert,ctenny,ctetteh,ctuzzo,cwank,cweiss,dasiedu,daubert,dbarriball,dbertels,dblazejewski,dcaltabiano,dciullo,ddeguire,ddigerolamo,denriquez,deshmon,dfirpo,dflore,dfollman,dgiacomazzi,dgivliani,dgosser,dhammontree,dhendon,dhindsman,dholdaway,dlablue,dlanois,dlargo,dledenbach,dlongbotham,dloubier,dmahapatra,dmarchizano,dmcgillen,dminozzi,dnegri,dpebbles,draymundo,dscheurer,dsharr,dsherard,dsteever,dtashjian,dtornow,dtuholski,dwittlinger,dzurek,eaguire,eathey,ebattee,ebeachem,eberkman,ebusk,ecelestin,ecolden,ecordas,ediga,edrinkwater,edurick,egospatrick,egrago,ehathcock,ehindbaugh,ejeppesen,ekalfas,ekenady,ekeuper,eklein,eklunder,ekurter,emanikowski,emargulis,emcquiddy,emehta,eorsten,eparham,epeterson,epoinelli,erathert,erostad,eserrett,esheehan,esonia,esproull,esthill,estockwin,etunby,ewicks,ewilles,ewismer,ewuitschick,eyounglas,eziebert,fagro,faleo,farquette,fbeatrice,fberra,fberyman,fbielecki,fburrough,fcha,fcunard,ffigert,fgoben,fgrashot,fhain,fhalon,fkeef,fmarchi,fmilsaps,fnottage,fparness,fplayfair,fsapien,fsavela,fsirianni,fsplinter,fsunderland,fsymmonds,fthein,fvallian,fvascones,fverfaille,fvinal,fwidhalm,gallanson,gapkin,garchambeault,gbitar,gbolay,gcarlini,gcervantez,gchounlapane,gclapham,gcobane,gconver,gcukaj,gcummer,gcurnutt,gdaub,gdeblasio,gdeyarmond,gdrilling,gearnshaw,gfaire,gfedewa,ggehrke,ggillim,ghann,ghelderman,ghumbles,gishii,gjankowiak,gkerens,glafontaine,gloebs,gmackinder,gmassi,gmilian,gmings,gmoen,gparkersmith,gpomerance,gportolese,greiff,gsantella,gschaumburg,gshrode,gtinnel,guresti,gvollrath,gwaud,habby,hbastidos,hbetterman,hbickford,hbraim,hbrandow,hbrehmer,hbukovsky,hcafourek,hcarrizal,hchaviano,hcintron,hcowles,hcusta,hdoiel,hdyner,hfludd,hgalavis,hhaffey,hhagee,hhartranft,hholyfield,hhysong,hkarney,hkinderknecht,hkippes,hkohlmeyer,hlauchaire,hlemon,hlichota,hliverman,hloftis,hlynema,hmateer,hmatonak,hmiazga,hmogush,hmuscaro,hpalmquist,hpimpare,hpolintan,hrapisura,hrenart,hriech,hsabol,hschelb,hschoepfer,hspiry,hstreitnatter,hsweezer,htilzer,htomlinson,htsuha,hvannette,hveader,hwestermark,hwoodert,hzagami,hzinda,iambrosino,ibeto,ibreitbart,ibuzo,ibyles,ichewning,icoard,ideveyra,ienglert,igizzi,ihalford,ihanneman,ihegener,ihernan,iherrarte,ihimmelwright,ihoa,iiffert,ikadar,ikulbida,ilacourse,ilamberth,ilawbaugh,ileaman,ilevian,imarungo,imcbay,imensah,imicthell,imillin,imuehl,inarain,iogasawara,iroiger,iseipel,isowder,isplonskowski,istallcup,istarring,isteinlicht,ithum,ivanschaack,iweibe,iyorgey,iyorks,jamber,jappleyard,jbielicki,jbjorkman,jcaroll,jdodge,jeuresti,jeverton,jglotzbecker,jherkenratt,jholzmiller,jjumalon,jkimpton,jknight,jlebouf,jlunney,jmartha,jmarugg,jmatty,joligee,jquicksall,jrees,jreigh,jroman,jscheitlin,jseen,jsegundo,jsenavanh,jskafec,jspohn,jsweezy,jvillaire,jwinterton,jzych,kaanerud,kalguire,kbarnthouse,kbartolet,kbattershell,kbrevitz,kbrugal,kcofrancesco,kcomparoni,kconkey,kdevincent,kepps,kfaure,kfend,kgarced,kgremminger,khartness,kheadlon,khovanesian,kjoslyn,klitehiser,klundsten,klurie,kmallach,kmandolfo,kmarzili,kmayoras,kmcardle,kmcguire,kmedcaf,kmeester,kmisove,kmoesch,kmosko,kmuros,kolexa,kottomaniello,kpalka,kpannunzio,kpenale,kpuebla,krahman,kseisler,kshippy,ksiering,ksollitto,ksparling,kstachurski,kthede,ktoni,ktriblett,ktuccio,ktuner,kwidrick,kwinterling,kwirght,laksamit,lautovino,lbanco,lbassin,lbove,lbuchtel,lcanestrini,lcaudell,lcavez,lcocherell,lcoulon,lcremer,leberhardt,lfarraj,lfichtner,lgadomski,lgandee,lgradilla,lhuggler,limbrogno,ljomes,lkimel,llarmore,llasher,lmadruga,lmauracher,lmcgeary,lmichaud,lmuehlberger,lnormand,lparrish,lpeagler,lpintor,lpitek,lpondexter,lrandall,lringuette,lschenkelberg,lschnorbus,lschollmeier,lseabold,lseehafer,lshilling,lsivic,lsobrino,lsous,lspielvogel,lvaleriano,lvanconant,lwedner,lyoula,mallmand,maustine,mbeagley,mbodley,mbravata,mcampagnone,mcaram,mcashett,mcasida,mcoch,mcolehour,mcontreras,mdanos,mdecourcey,mdedon,mdickinson,mdimaio,mdoering,mdyce,meconomides,mespinel,mfaeth,mfeil,mferandez,mfitzherbert,mgavet,mgayden,mground,mheilbrun,mhollings,mjeon,mkibler,mkofoed,mlaverde,mlenning,mlinak,mlinardi,mmangiamele,mmattu,mmcchristian,mmerriwether,mmesidor,mneubacher,moller,moser,mpanahon,mpark,mpellew,mpilon,mpizzaro,mpytko,mquigg,mredd,mrizer,mruppel,mrydelek,mskeele,mstirn,mswogger,mtanzi,mtintle,mvanbergen,mvanpelt,mvas,mvedder,mviverette,myokoyama,nagerton,nasmar,nbuford,nbugtong,ncermeno,nchrisman,nciucci,ndesautels,ndrumgole,nedgin,nendicott,nerbach,nevan,nforti,nfunchess,ngiesler,nglathar,ngrowney,ngullett,nhayer,nhelfinstine,nhija,ninnella,njordon,nkempon,nkubley,nlainhart,nlatchaw,nlemma,nlinarez,nlohmiller,nmccolm,nmoren,nnamanworth,nnickel,nousdahl,nphan,nramones,nranck,nridinger,nriofrio,nrybij,nrysavy,nschmig,nsiemonsma,nslaby,nspolar,nvyhnal,nwescott,nwiker,oahyou,oalthouse,obeaufait,obenallack,obercier,obihl,ocalleo,ochasten,oclunes,oconerly,ocrabbs,oebrani,ofelcher,ohatto,ohearl,ohedlund,ohoffert,ohove,ojerabek,okave,okveton,omalvaez,omasone,omatula,omcdaid,oolivarez,oosterhouse,opeet,opizzuti,opoch,oport,opuglisi,oreiss,osaber,oscarpello,oshough,ovibbert,owhelchel,owhitelow,pahles,pbascom,pbeckerdite,pbiggart,pbondroff,pbrentano,pcaposole,pcornn,pdauterman,pdech,pdischinger,pduitscher,pdulac,pdurando,pfavolise,pgiegerich,pgreenier,pgrybel,phalkett,pheathcock,phyer,pmineo,pminnis,ppedraja,ppeper,pphuaphes,prepasky,prowena,psabado,psalesky,pschrayter,psharits,psiroky,psundeen,pthornberry,ptoenjes,ptraweek,purquilla,pvierthaler,pvirelli,pviviani,pwademan,pwashuk,pwetherwax,pwhitmire,pwohlenhaus,pwutzke,qhanly,ralspach,rbernhagen,rbillingsly,rbloomstrand,rbrisby,rcheshier,rchevrette,rdubs,rdubuisson,redling,rfassinger,rfauerbach,rfidel,rginer,rgoonez,rgramby,rgriffies,rguinane,rheinzmann,rkraszewski,rlambertus,rlatessa,rlosinger,rmandril,rmcstay,rnordby,rpastorin,rpikes,rpinilla,rpitter,rramirez,rrasual,rschkade,rtole,rtooker,saben,sackles,sarndt,saycock,sbemo,sbettridge,sbloise,sbonnie,sbrabyn,scocuzza,sdebry,senrico,sestergard,sgefroh,sgirsh,sgropper,sgunder,sgurski,shaith,sherzberg,showe,sjankauskas,skanjirathinga,skoegler,slaningham,slaudeman,slerew,smccaie,smillian,smullowney,snotari,spolmer,srees,srubenfield,sscheiern,sskone,sskyers,sspagnuolo,sstough,sstuemke,svandewalle,svielle,svogler,svongal,swoodie,tabdelal,tairth,tbagne,tbattista,tboxx,tcacal,tcossa,tcrissinger,tdonathan,teliades,tfalconeri,tfetherston,tgelen,tgindhart,tguinnip,tharr,thelfritz,thoch,thynson,tkeala,tkelly,tkhora,tlana,tlowers,tmalecki,tmarkus,tmccaffity,tmccamish,tmcmickle,tmelland,tmorr,tmurata,tmysinger,tnaillon,tnitzel,tpaa,tplatko,tredfearn,tsablea,tsann,tschnepel,tsearle,tsepulueda,tsowells,tstalworth,tvehrs,tvrooman,tyounglas,ualway,uazatyan,ubenken,ubieniek,ubynum,udatu,uednilao,ueriks,uflander,ugerpheide,ugreenberg,uhayakawa,uholecek,ulanigan,umarbury,umosser,upater,upellam,uransford,urosentrance,uschweyen,usevera,uslavinski,uspittler,uvanmatre,uwalpole,uweyand,vbaldasaro,vbigalow,vbonder,vburton,vchevalier,vcrofton,vdesir,vdolan,veisenhardt,vemily,venfort,vfeigel,vglidden,vkrug,vlubic,vmaynard,vmedici,vnazzal,vnery,vpeairs,vpender,vpiraino,vrodick,vrunyon,vsefcovic,vstirman,vtowell,vtresch,vtrumpp,vwabasha,vwaltmann,vwisinger,vwokwicz,wbrill,wclokecloak,wconces,wconstantino,wcreggett,wdagrella,wdevenish,wdovey,wenglander,werrick,wesguerra,wganther,wkhazaleh,wleiva,wlynch,wmailey,wmendell,wnunziata,wottesen,wselim,wstjean,wtruman,wvalcin,wvermeulen,xeppley,xlantey,xrahaim,yautin,ycerasoli,ycobetto,ycostaneda,yduft,yeven,yfrymoyer,ygockel,yhenriques,ykimbel,yolivier,yschmuff,ysnock,yvdberg,zanderlik,zborgmeyer,zbuscaglia,zculp,zfarler,zhaulk,zkutchera,zmeeker,zneeb,zratti,zscammahorn,zvagt,zwinterbottom EOM check "getent group hugegroup | sortgroup" << EOM hugegroup:*:1006:ablackstock,abortignon,achhor,ademosthenes,adenicola,adishaw,aesbensen,aferge,afredin,afuchs,agarbett,agimm,agordner,ahandy,ajaquess,akertzman,akomsthoeft,akraskouskas,akravetz,alamour,alat,alienhard,amanganelli,amaslyn,amayorga,amccroskey,amcgraw,amckinney,ameisinger,aponcedeleon,apurdon,areid,arosel,ascheno,ascovel,asemons,ashuey,asivley,astrunk,atollefsrud,atonkin,awhitt,aziernicki,badair,baigner,bbeckfield,bbrenton,bcoletta,bcolorado,bdadds,bdaughenbaugh,bdevera,bdominga,behrke,beon,bfishbeck,bgavagan,bguthary,bharnois,bhelverson,bjolly,blovig,bluellen,bmadamba,bmarlin,bmarszalek,bmicklos,bmoling,bouten,bphou,bpinedo,brodgerson,broher,bromano,bscadden,bsibal,bstrede,bswantak,btempel,btheim,bveeneman,bwinterton,bwynes,cabare,carguellez,cbarlup,cbartnick,cbelardo,cbleimehl,cbotdorf,cbourek,cbrechbill,cbrom,ccyganiewicz,cdeckard,cdegravelle,cdickes,cdrumm,cfasone,cflenner,cfleurantin,cgaler,cgalinol,cgaudette,cghianni,charriman,cjody,cjuntunen,ckerska,ckistenmacher,cklem,ckodish,clapenta,clewicki,clouder,cmafnas,cmanno,cmcanulty,cmellberg,cmiramon,cnabzdyk,cnoriego,cpaccione,cpalmios,cparee,cpencil,cpentreath,cpinela,cpluid,critchie,cscullion,csever,csoomaroo,cspilis,cswigert,ctenny,ctetteh,ctuzzo,cwank,cweiss,dasiedu,daubert,dbarriball,dbertels,dblazejewski,dcaltabiano,dciullo,ddeguire,ddigerolamo,denriquez,deshmon,dfirpo,dflore,dfollman,dgiacomazzi,dgivliani,dgosser,dhammontree,dhendon,dhindsman,dholdaway,dlablue,dlanois,dlargo,dledenbach,dlongbotham,dloubier,dmahapatra,dmarchizano,dmcgillen,dminozzi,dnegri,dpebbles,draymundo,dscheurer,dsharr,dsherard,dsteever,dtashjian,dtornow,dtuholski,dwittlinger,dzurek,eaguire,eathey,ebattee,ebeachem,eberkman,ebusk,ecelestin,ecolden,ecordas,ediga,edrinkwater,edurick,egospatrick,egrago,ehathcock,ehindbaugh,ejeppesen,ekalfas,ekenady,ekeuper,eklein,eklunder,ekurter,emanikowski,emargulis,emcquiddy,emehta,eorsten,eparham,epeterson,epoinelli,erathert,erostad,eserrett,esheehan,esonia,esproull,esthill,estockwin,etunby,ewicks,ewilles,ewismer,ewuitschick,eyounglas,eziebert,fagro,faleo,farquette,fbeatrice,fberra,fberyman,fbielecki,fburrough,fcha,fcunard,ffigert,fgoben,fgrashot,fhain,fhalon,fkeef,fmarchi,fmilsaps,fnottage,fparness,fplayfair,fsapien,fsavela,fsirianni,fsplinter,fsunderland,fsymmonds,fthein,fvallian,fvascones,fverfaille,fvinal,fwidhalm,gallanson,gapkin,garchambeault,gbitar,gbolay,gcarlini,gcervantez,gchounlapane,gclapham,gcobane,gconver,gcukaj,gcummer,gcurnutt,gdaub,gdeblasio,gdeyarmond,gdrilling,gearnshaw,gfaire,gfedewa,ggehrke,ggillim,ghann,ghelderman,ghumbles,gishii,gjankowiak,gkerens,glafontaine,gloebs,gmackinder,gmassi,gmilian,gmings,gmoen,gparkersmith,gpomerance,gportolese,greiff,gsantella,gschaumburg,gshrode,gtinnel,guresti,gvollrath,gwaud,habby,hbastidos,hbetterman,hbickford,hbraim,hbrandow,hbrehmer,hbukovsky,hcafourek,hcarrizal,hchaviano,hcintron,hcowles,hcusta,hdoiel,hdyner,hfludd,hgalavis,hhaffey,hhagee,hhartranft,hholyfield,hhysong,hkarney,hkinderknecht,hkippes,hkohlmeyer,hlauchaire,hlemon,hlichota,hliverman,hloftis,hlynema,hmateer,hmatonak,hmiazga,hmogush,hmuscaro,hpalmquist,hpimpare,hpolintan,hrapisura,hrenart,hriech,hsabol,hschelb,hschoepfer,hspiry,hstreitnatter,hsweezer,htilzer,htomlinson,htsuha,hvannette,hveader,hwestermark,hwoodert,hzagami,hzinda,iambrosino,ibeto,ibreitbart,ibuzo,ibyles,ichewning,icoard,ideveyra,ienglert,igizzi,ihalford,ihanneman,ihegener,ihernan,iherrarte,ihimmelwright,ihoa,iiffert,ikadar,ikulbida,ilacourse,ilamberth,ilawbaugh,ileaman,ilevian,imarungo,imcbay,imensah,imicthell,imillin,imuehl,inarain,iogasawara,iroiger,iseipel,isowder,isplonskowski,istallcup,istarring,isteinlicht,ithum,ivanschaack,iweibe,iyorgey,iyorks,jamber,jappleyard,jbielicki,jbjorkman,jcaroll,jdodge,jeuresti,jeverton,jglotzbecker,jherkenratt,jholzmiller,jjumalon,jkimpton,jknight,jlebouf,jlunney,jmartha,jmarugg,jmatty,joligee,jquicksall,jrees,jreigh,jroman,jscheitlin,jseen,jsegundo,jsenavanh,jskafec,jspohn,jsweezy,jvillaire,jwinterton,jzych,kaanerud,kalguire,kbarnthouse,kbartolet,kbattershell,kbrevitz,kbrugal,kcofrancesco,kcomparoni,kconkey,kdevincent,kepps,kfaure,kfend,kgarced,kgremminger,khartness,kheadlon,khovanesian,kjoslyn,klitehiser,klundsten,klurie,kmallach,kmandolfo,kmarzili,kmayoras,kmcardle,kmcguire,kmedcaf,kmeester,kmisove,kmoesch,kmosko,kmuros,kolexa,kottomaniello,kpalka,kpannunzio,kpenale,kpuebla,krahman,kseisler,kshippy,ksiering,ksollitto,ksparling,kstachurski,kthede,ktoni,ktriblett,ktuccio,ktuner,kwidrick,kwinterling,kwirght,laksamit,lautovino,lbanco,lbassin,lbove,lbuchtel,lcanestrini,lcaudell,lcavez,lcocherell,lcoulon,lcremer,leberhardt,lfarraj,lfichtner,lgadomski,lgandee,lgradilla,lhuggler,limbrogno,ljomes,lkimel,llarmore,llasher,lmadruga,lmauracher,lmcgeary,lmichaud,lmuehlberger,lnormand,lparrish,lpeagler,lpintor,lpitek,lpondexter,lrandall,lringuette,lschenkelberg,lschnorbus,lschollmeier,lseabold,lseehafer,lshilling,lsivic,lsobrino,lsous,lspielvogel,lvaleriano,lvanconant,lwedner,lyoula,mallmand,maustine,mbeagley,mbodley,mbravata,mcampagnone,mcaram,mcashett,mcasida,mcoch,mcolehour,mcontreras,mdanos,mdecourcey,mdedon,mdickinson,mdimaio,mdoering,mdyce,meconomides,mespinel,mfaeth,mfeil,mferandez,mfitzherbert,mgavet,mgayden,mground,mheilbrun,mhollings,mjeon,mkibler,mkofoed,mlaverde,mlenning,mlinak,mlinardi,mmangiamele,mmattu,mmcchristian,mmerriwether,mmesidor,mneubacher,moller,moser,mpanahon,mpark,mpellew,mpilon,mpizzaro,mpytko,mquigg,mredd,mrizer,mruppel,mrydelek,mskeele,mstirn,mswogger,mtanzi,mtintle,mvanbergen,mvanpelt,mvas,mvedder,mviverette,myokoyama,nagerton,nasmar,nbuford,nbugtong,ncermeno,nchrisman,nciucci,ndesautels,ndrumgole,nedgin,nendicott,nerbach,nevan,nforti,nfunchess,ngiesler,nglathar,ngrowney,ngullett,nhayer,nhelfinstine,nhija,ninnella,njordon,nkempon,nkubley,nlainhart,nlatchaw,nlemma,nlinarez,nlohmiller,nmccolm,nmoren,nnamanworth,nnickel,nousdahl,nphan,nramones,nranck,nridinger,nriofrio,nrybij,nrysavy,nschmig,nsiemonsma,nslaby,nspolar,nvyhnal,nwescott,nwiker,oahyou,oalthouse,obeaufait,obenallack,obercier,obihl,ocalleo,ochasten,oclunes,oconerly,ocrabbs,oebrani,ofelcher,ohatto,ohearl,ohedlund,ohoffert,ohove,ojerabek,okave,okveton,omalvaez,omasone,omatula,omcdaid,oolivarez,oosterhouse,opeet,opizzuti,opoch,oport,opuglisi,oreiss,osaber,oscarpello,oshough,ovibbert,owhelchel,owhitelow,pahles,pbascom,pbeckerdite,pbiggart,pbondroff,pbrentano,pcaposole,pcornn,pdauterman,pdech,pdischinger,pduitscher,pdulac,pdurando,pfavolise,pgiegerich,pgreenier,pgrybel,phalkett,pheathcock,phyer,pmineo,pminnis,ppedraja,ppeper,pphuaphes,prepasky,prowena,psabado,psalesky,pschrayter,psharits,psiroky,psundeen,pthornberry,ptoenjes,ptraweek,purquilla,pvierthaler,pvirelli,pviviani,pwademan,pwashuk,pwetherwax,pwhitmire,pwohlenhaus,pwutzke,qhanly,ralspach,rbernhagen,rbillingsly,rbloomstrand,rbrisby,rcheshier,rchevrette,rdubs,rdubuisson,redling,rfassinger,rfauerbach,rfidel,rginer,rgoonez,rgramby,rgriffies,rguinane,rheinzmann,rkraszewski,rlambertus,rlatessa,rlosinger,rmandril,rmcstay,rnordby,rpastorin,rpikes,rpinilla,rpitter,rramirez,rrasual,rschkade,rtole,rtooker,saben,sackles,sarndt,saycock,sbemo,sbettridge,sbloise,sbonnie,sbrabyn,scocuzza,sdebry,senrico,sestergard,sgefroh,sgirsh,sgropper,sgunder,sgurski,shaith,sherzberg,showe,sjankauskas,skanjirathinga,skoegler,slaningham,slaudeman,slerew,smccaie,smillian,smullowney,snotari,spolmer,srees,srubenfield,sscheiern,sskone,sskyers,sspagnuolo,sstough,sstuemke,svandewalle,svielle,svogler,svongal,swoodie,tabdelal,tairth,tbagne,tbattista,tboxx,tcacal,tcossa,tcrissinger,tdonathan,teliades,tfalconeri,tfetherston,tgelen,tgindhart,tguinnip,tharr,thelfritz,thoch,thynson,tkeala,tkelly,tkhora,tlana,tlowers,tmalecki,tmarkus,tmccaffity,tmccamish,tmcmickle,tmelland,tmorr,tmurata,tmysinger,tnaillon,tnitzel,tpaa,tplatko,tredfearn,tsablea,tsann,tschnepel,tsearle,tsepulueda,tsowells,tstalworth,tvehrs,tvrooman,tyounglas,ualway,uazatyan,ubenken,ubieniek,ubynum,udatu,uednilao,ueriks,uflander,ugerpheide,ugreenberg,uhayakawa,uholecek,ulanigan,umarbury,umosser,upater,upellam,uransford,urosentrance,uschweyen,usevera,uslavinski,uspittler,uvanmatre,uwalpole,uweyand,vbaldasaro,vbigalow,vbonder,vburton,vchevalier,vcrofton,vdesir,vdolan,veisenhardt,vemily,venfort,vfeigel,vglidden,vkrug,vlubic,vmaynard,vmedici,vnazzal,vnery,vpeairs,vpender,vpiraino,vrodick,vrunyon,vsefcovic,vstirman,vtowell,vtresch,vtrumpp,vwabasha,vwaltmann,vwisinger,vwokwicz,wbrill,wclokecloak,wconces,wconstantino,wcreggett,wdagrella,wdevenish,wdovey,wenglander,werrick,wesguerra,wganther,wkhazaleh,wleiva,wlynch,wmailey,wmendell,wnunziata,wottesen,wselim,wstjean,wtruman,wvalcin,wvermeulen,xeppley,xlantey,xrahaim,yautin,ycerasoli,ycobetto,ycostaneda,yduft,yeven,yfrymoyer,ygockel,yhenriques,ykimbel,yolivier,yschmuff,ysnock,yvdberg,zanderlik,zborgmeyer,zbuscaglia,zculp,zfarler,zhaulk,zkutchera,zmeeker,zneeb,zratti,zscammahorn,zvagt,zwinterbottom EOM fi # end of group tests ########################################################################### if grep '^hosts.*ldap' /etc/nsswitch.conf > /dev/null 2>&1 then echo "test_nsscmds.sh: testing hosts..." check "getent hosts testhost" << EOM 10.0.0.1 testhost testhostalias EOM check "getent hosts testhostalias" << EOM 10.0.0.1 testhost testhostalias EOM # check hostname with different case check "getent hosts TESTHOST" << EOM 10.0.0.1 testhost testhostalias EOM check "getent hosts 10.0.0.1" << EOM 10.0.0.1 testhost testhostalias EOM check "getent hosts | grep testhost" << EOM 10.0.0.1 testhost testhostalias EOM # TODO: add more tests for IPv6 support fi # end of hosts tests ########################################################################### if grep '^netgroup.*ldap' /etc/nsswitch.conf > /dev/null 2>&1 then echo "test_nsscmds.sh: testing netgroup..." # check netgroup lookup of test netgroup check "getent netgroup tstnetgroup" << EOM tstnetgroup ( , arthur, ) (noot, , ) EOM # check netgroup lookup with different case # Note: this should return nothing at all (this is a bug) check "getent netgroup TSTNETGROUP" << EOM TSTNETGROUP EOM fi # end of netgroup tests ########################################################################### if grep '^networks.*ldap' /etc/nsswitch.conf > /dev/null 2>&1 then echo "test_nsscmds.sh: testing networks..." check "getent networks testnet" << EOM testnet 10.0.0.0 EOM # check network name with different case check "getent networks TESTNET" << EOM testnet 10.0.0.0 EOM check "getent networks 10.0.0.0" << EOM testnet 10.0.0.0 EOM check "getent networks | grep testnet" << EOM testnet 10.0.0.0 EOM fi # end of networks tests ########################################################################### if grep '^passwd.*ldap' /etc/nsswitch.conf > /dev/null 2>&1 then echo "test_nsscmds.sh: testing passwd..." check "getent passwd ecolden" << EOM ecolden:x:5972:1000:Estelle Colden:/home/ecolden:/bin/bash EOM check "getent passwd arthur" << EOM arthur:x:1000:100:Arthur de Jong:/home/arthur:/bin/bash EOM # check username with different case check "getent passwd ARTHUR" << EOM EOM check "getent passwd 4089" << EOM jguzzetta:x:4089:1000:Josephine Guzzetta:/home/jguzzetta:/bin/bash EOM # count the number of passwd entries in the 4000-5999 range check "getent passwd | grep -c ':x:[45][0-9][0-9][0-9]:'" << EOM 2000 EOM fi # end of passwd tests ########################################################################### if grep '^protocols.*ldap' /etc/nsswitch.conf > /dev/null 2>&1 then echo "test_nsscmds.sh: testing protocols..." check "getent protocols protfoo" << EOM protfoo 253 protfooalias EOM check "getent protocols protfooalias" << EOM protfoo 253 protfooalias EOM # check protocol with different case check "getent protocols PROTFOO" << EOM EOM # test protocol alias with different case check "getent protocols PROTFOOALIAS" << EOM EOM check "getent protocols 253" << EOM protfoo 253 protfooalias EOM check "getent protocols icmp" << EOM icmp 1 ICMP EOM check "getent protocols | grep protfoo" << EOM protfoo 253 protfooalias EOM fi # end of protocols tests ########################################################################### if grep '^rpc.*ldap' /etc/nsswitch.conf > /dev/null 2>&1 then echo "test_nsscmds.sh: testing rpc..." check "getent rpc rpcfoo" << EOM rpcfoo 160002 rpcfooalias EOM check "getent rpc rpcfooalias" << EOM rpcfoo 160002 rpcfooalias EOM # test rpc name with different case check "getent rpc RPCFOO" << EOM EOM check "getent rpc 160002" << EOM rpcfoo 160002 rpcfooalias EOM check "getent rpc | grep rpcfoo" << EOM rpcfoo 160002 rpcfooalias EOM fi # end of rpc tests ########################################################################### if grep '^services.*ldap' /etc/nsswitch.conf > /dev/null 2>&1 then echo "test_nsscmds.sh: testing services..." check "getent services foosrv" << EOM foosrv 15349/tcp EOM check "getent services foosrv/tcp" << EOM foosrv 15349/tcp EOM check "getent services foosrv/udp" << EOM EOM # check with different case check "getent services FOOSRV" << EOM EOM # check protocol name case sensitivity (TCP is commonly an alias) check "getent services foosrv/tCp" << EOM EOM check "getent services 15349/tcp" << EOM foosrv 15349/tcp EOM check "getent services 15349/udp" << EOM EOM check "getent services barsrv" << EOM barsrv 15350/tcp EOM check "getent services barsrv/tcp" << EOM barsrv 15350/tcp EOM check "getent services barsrv/udp" << EOM barsrv 15350/udp EOM check "getent services | egrep '(foo|bar)srv' | sort" << EOM barsrv 15350/tcp barsrv 15350/udp foosrv 15349/tcp EOM check "getent services sssin" << EOM sssin 5000/tcp SSSIN EOM check "getent services SSSIN" << EOM sssin 5000/tcp SSSIN EOM check "getent services | wc -l" << EOM `grep -c '^[^#].' /etc/services | awk '{print $1 + 4}'` EOM fi # end of services tests ########################################################################### if grep '^shadow.*ldap' /etc/nsswitch.conf > /dev/null 2>&1 then echo "test_nsscmds.sh: testing shadow..." # NOTE: the output of this should depend on whether we are root or not check "getent shadow ecordas" << EOM ecordas:*::::7:2::0 EOM check "getent shadow adishaw" << EOM adishaw:*:12302:::7:2::0 EOM # check case-sensitivity check "getent shadow ADISHAW" << EOM EOM # check if the number of passwd entries matches the number of shadow entries check "getent shadow | wc -l" << EOM `getent passwd | wc -l` EOM # check if the names of users match between passwd and shadow getent passwd | sed 's/:.*//' | sort | \ check "getent shadow | sed 's/:.*//' | sort" fi # end of shadow tests ########################################################################### # determine the result if [ $FAIL -eq 0 ] then echo "test_nsscmds.sh: all tests passed" exit 0 else echo "test_nsscmds.sh: $FAIL TESTS FAILED" exit 1 fi nss-pam-ldapd-0.8.13/tests/test_expr.c0000644000175000001440000001205612040247152014504 00000000000000/* test_expr.c - simple tests for the expr module This file is part of the nss-pam-ldapd library. Copyright (C) 2009, 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include "common.h" /* we include expr.c because we want to test the static methods */ #include "common/expr.c" static void test_parse_name(void) { char buffer[20]; int i; i=0; assert(parse_name("fooBar",&i,buffer,sizeof(buffer))!=NULL); assert(i==6); i=0; assert(parse_name("nameThatWillNotFitInBuffer",&i,buffer,sizeof(buffer))==NULL); i=0; assert(parse_name("foo Bar",&i,buffer,sizeof(buffer))!=NULL); assert(i==3); assertstreq(buffer,"foo"); } static const char *expanderfn(const char *name,void UNUSED(*expander_attr)) { if (strcmp(name,"empty")==0) return ""; if (strcmp(name,"null")==0) return NULL; else return "foobar"; } static void test_expr_parse(void) { char buffer[1024]; assert(expr_parse("$test1",buffer,sizeof(buffer),expanderfn,NULL)!=NULL); assertstreq(buffer,"foobar"); assert(expr_parse("\\$test1",buffer,sizeof(buffer),expanderfn,NULL)!=NULL); assertstreq(buffer,"$test1"); assert(expr_parse("$empty",buffer,sizeof(buffer),expanderfn,NULL)!=NULL); assertstreq(buffer,""); assert(expr_parse("$foo1$empty-$foo2",buffer,sizeof(buffer),expanderfn,NULL)!=NULL); assertstreq(buffer,"foobar-foobar"); assert(expr_parse("$foo1+$null+$foo2",buffer,sizeof(buffer),expanderfn,NULL)!=NULL); assertstreq(buffer,"foobar++foobar"); assert(expr_parse("${test1}\\$",buffer,sizeof(buffer),expanderfn,NULL)!=NULL); assertstreq(buffer,"foobar$"); assert(expr_parse("${test1:-default}",buffer,sizeof(buffer),expanderfn,NULL)!=NULL); assertstreq(buffer,"foobar"); assert(expr_parse("${empty:-default}",buffer,sizeof(buffer),expanderfn,NULL)!=NULL); assertstreq(buffer,"default"); assert(expr_parse("${test1:+setset}",buffer,sizeof(buffer),expanderfn,NULL)!=NULL); assertstreq(buffer,"setset"); assert(expr_parse("${empty:+setset}",buffer,sizeof(buffer),expanderfn,NULL)!=NULL); assertstreq(buffer,""); assert(expr_parse("${empty:-$test1}",buffer,sizeof(buffer),expanderfn,NULL)!=NULL); assertstreq(buffer,"foobar"); assert(expr_parse("a/$test1/b",buffer,sizeof(buffer),expanderfn,NULL)!=NULL); assertstreq(buffer,"a/foobar/b"); assert(expr_parse("a/$empty/b",buffer,sizeof(buffer),expanderfn,NULL)!=NULL); assertstreq(buffer,"a//b"); assert(expr_parse("a${test1}b",buffer,sizeof(buffer),expanderfn,NULL)!=NULL); assertstreq(buffer,"afoobarb"); assert(expr_parse("a${test1}b${test2:+${test3:-d$test4}e}c",buffer,sizeof(buffer),expanderfn,NULL)!=NULL); assertstreq(buffer,"afoobarbfoobarec"); assert(expr_parse("a${test1}b${test2:+${empty:-d$test4}e}c",buffer,sizeof(buffer),expanderfn,NULL)!=NULL); assertstreq(buffer,"afoobarbdfoobarec"); /* these are errors */ assert(expr_parse("$&",buffer,sizeof(buffer),expanderfn,NULL)==NULL); assert(expr_parse("${a",buffer,sizeof(buffer),expanderfn,NULL)==NULL); } static void test_buffer_overflow(void) { char buffer[10]; assert(expr_parse("$test1$empty$test1",buffer,sizeof(buffer),expanderfn,NULL)==NULL); assert(expr_parse("long test value",buffer,sizeof(buffer),expanderfn,NULL)==NULL); assert(expr_parse("${test1:-long test value}",buffer,sizeof(buffer),expanderfn,NULL)==NULL); } static void test_expr_vars(void) { SET *set; /* simple test */ set=set_new(); assert(expr_vars("$a",set)!=NULL); assert(set_contains(set,"a")); assert(!set_contains(set,"$a")); set_free(set); /* more elaborate test */ set=set_new(); assert(expr_vars("\"${gecos:-$cn}\"",set)!=NULL); assert(set_contains(set,"gecos")); assert(set_contains(set,"cn")); set_free(set); /* more elaborate test */ set=set_new(); assert(expr_vars("\"${homeDirectory:-/home/$uidNumber/$uid}\"",set)!=NULL); assert(set_contains(set,"homeDirectory")); assert(set_contains(set,"uidNumber")); assert(set_contains(set,"uid")); set_free(set); /* a test with attribute options */ set=set_new(); assert(expr_vars("\"${homeDirectory;foo:-/home/something}\"",set)!=NULL); assert(set_contains(set,"homeDirectory;foo")); set_free(set); } /* the main program... */ int main(int UNUSED(argc),char UNUSED(*argv[])) { test_parse_name(); test_expr_parse(); test_buffer_overflow(); test_expr_vars(); return EXIT_SUCCESS; } nss-pam-ldapd-0.8.13/tests/usernames.txt0000644000175000001440000005316112031652462015074 00000000000000wworf kwinterling timbier nroh bmatrejek scombass dstubby prigney iherrarte imayette oport waristizabal etunby wschmeisser cpinela ascheno lcavez skuntz rmcghay cdrumm sguenison fculleton cbarlup vglow greiff gmoen nfrancesconi apastor hmagsby ocornelison tmalecki obailly ygoldson uhuysman dcaltabiano aschmider yureta fgrashot rramirez pwutzke kfetters redling rworkowski istruzik ktriblett atollefsrud phalter wvakil jarango apliska cbambace ipaquette nvantassel adesgroseillie psundeen puzzell ihernan clarusso jvillaire ndepina fbalagtas mcattrell jscavotto emehta wprosienski ideveyra ncermeno eengelman istarring mautullo osaber osarao tplatko npopwell mkoelle hmaresco uhayakawa vlajoie umenlove mwalkington pvlcek skever ndelmore htsuha ctenny fmahler jherkenratt emargulis lnagata uchalender ihudspeth crieck enuffer hriech ikacher cdudziak eflury riler ncradduck fmarchi lvaleriano hsadiq fnader mcattrell igrimmer mswogger fsplinter zwoolfrey bphou ikuboushek leberhardt vhargers omarples fgeris vhaverill ogoldthwaite ckondo dfollman floparco xlantey tethelbert dlanois amccroskey kseisler gfaire pahles hsalvucci xrahaim alienhard lpitek kgiacalone pquanstrum gthorson mtelford tvehrs mkibler ivanschaack lbruscino gdreitzler vhaverill bmadamba mjeon nmastronardi dcarsey ykimbel dasiedu pgaudet cduba saycock vwokwicz wcreggett vmalandrino fbeatrice svogler ipen wmendell gmassi yszumigala dmellady smccaie wconstantino phalkett rgriffies gsantella canichini lnooman ndesautels vlajoie rbillingsly szachariades gwaldbauer dciviello bkoopmann mredd pfertitta lchaudoin inobrega vcrofton lchaudoin mdedon ktuner bwiggins opizzuti fvinal bdominga lbenito aarellano inarain ucarlino nsnaders zpoirier ndrumgole gspicer kvanderbie kbramblett apastor opuglisi hcrowden dgiacomazzi wbrettschneide vpridgeon ktorrent dsmykowski pbeckerdite tsepulueda rgrigorov fsunderland ccuozzo ofugere malleruzzo ckurkjian faleo esodachanh kcomparoni utircuit vrodick emcindoe zkurokawa wborde agordner lcarratala pbrentano mconsolini wclokecloak pdossous yvdberg shoitt wganther tquilindrino jbjorkman jgobble pkoblick broher myokoyama dcaltabiano obenton werrick iyorgey psabado xdittrick ykriegel isowder rgothro nciucci cfleurantin gwethern cmanno imakofsky dloubier umosser hsadiq cpentreath ojerabek tmelland ktapanes mcasida mvanpelt fthein jhenkensiefken ubrumett ysturino ilamberth tpaa yolivier rfangman tguinnip hhagee ibyles lsingletary vpoitevin kmcardle gettl vmaynard mrydelek hhardan dwittlinger lmuehlberger cpencil lhutsler jguzzetta tmurata nreistetter rgothro ysantoscoy llarmore pbrohawn hwoodert gdeyarmond mallmand rcabler gmackinder bconour ycerasoli jskafec bmarszalek dphou sdebry nwehnes psiroky dgreenlun gdaub dnoneman iambrosino tmalecki hskowronek fkeef jjumalon gvollrath kbrancati rcabler dsumaran jmingo lcoulon emele chosteller dpallesen emongelli zcervenak nvyhnal xlantey hhydrick mfitzherbert dsteever rhujer cpatrich mstoffey khartness iquero rpitter oosterhouse hfiebig kmallach ieagon cwinney thynson fsavela leberhardt aponcedeleon sshearon cdewoody olincicum lgutenberg hkarney pminnis ksparling ajaquess ttorregrossa mleggio vfohl kgiacalone uransford fbeatrice wtumaneng kfend udatu dprestia vkilburn ncapuchin cdonnick nrabsatt cchriswell omullner charriman sskyers ndesautels bamaker iroiger dnegri hrenart odarity dflore gkerens mfeil svongal tsteve jreigh achhor cbandel mpizzaro satkins asivley phyers gclapham tmccaffity prowena cpentreath zinsko kgiacalone mkarels ocrabbs mrydelek zkeitsock cgaudette emathwich ndepina lemling ibowdle dledenbach tbattista ssarabando ugreenberg bfishbeck wmellott eberkman alamour mtelford ugerpheide hschoepfer draymundo moller aborycz rainsley wenglander lspielvogel jbergseng gbareis nrufus fagro ibuzo gmings uwalpole tvrooman jwinterton ilacourse htomlinson ihaub fgoben ekeuper klurie dbissen fkrasnow jbielicki ascheno nwatkinson ljomes asellberg rboelk qhanly alat lcanestrini cdonnick lgab pslisz wgidaro ovasiliou hbukovsky joligee uholecek rtooker atimenez mwatt twillets vwabasha hschoepfer barenales hmaly salexandria ecolden dlablue ewismer kschlicker jarango mbaldyga hhagee cbartnick ubuscombe cbrunsting yverbeke ckistenmacher amusemeche fmilsaps ghermie esproull laksamit cklem nmesser psalesky ckleis omounts gmings xcilva jyeater omontross daubert dmccoyle tguinnip ddeguire kottomaniello mlenning hsabol nhayer lpavick gcukaj isteinlicht pwhitmire nchrisman sgefroh trofkahr kkennett hmatonak ecelestin vfeigel mtintle plabrum svandewalle ikrise mciaccia dbye zwoolfrey iracey szachariades bleaks wdovey dgivliani mdoering vgaseoma aarietta ofelcher ishuckhart cflenner wleiva fplayfair dgiacomazzi npremer jappleyard poakland wcagney hchaviano psharits oshough vwisinger kmeester swoodie hgreuel dnoneman kconkey gbumpaus pshina mhowat cpaccione ithum dmccoyle lkonicki edack ysnock edufford vlubic ihimmelwright ccrape bhelverson dscheurer kkarmo swolfertz epeterson lpondexter dcoffer ileaman nfilipek purquilla cmcanulty iaskin sbrabyn ekurter saben pgreviston vdains mzoulek bzieba plenix kcofrancesco lmcgeary mbosten gradish hgranelli lhenrey cheinecke wboroff dflore joconor iiffert ploegering kdecock jmatty tcampman sherzberg lautovino rginer kalguire ktaus kmisove aduffie gmilian dsmykowski tcuenca gbrihm dpintor aantuna hlindemann rsimonton wdagrella hseidt gchounlapane sstough cnagode ptoenjes fmeola bgavagan bguthary akraskouskas mtuma gdeadwyler ehathcock gjundt lhuggler wkhazaleh jeidem ohove badair sgraney obache ssorce rkraszewski moser ecordas aesbensen bcuez bwaymon dpfeiffer tkhora tsingeltary lbuchtel smccastle testusr2 nrybij lmohn isuro bdurkins pkillingworth lgadomski jyslava ebascle kgarced akrishna cbelardo dtashjian nramones sdefrain epoinelli imatherly gstorrer venfort ikadar eselvig rcianciolo cpaccione bouten mbrannin ekenady pschrayter hsumrell tmarcom hlemon fblow dfirpo nasmar ewilund stiry hwestermark dgorka rdubs tnaillon nnocella igurwell mcook fsinkovich amanganelli rcheshier stiry vhussien sspagnuolo nkempon ssarabando jholzmiller omatula glablanc ghelderman vtresch nschmig obirkline kcofrancesco tcrissinger vexler charriman pvirelli limbrogno obenallack pthornberry mstirn zosollo lcallender vnery pquiller tlietzke pbenik dbarretto hgalavis pshumski cmiramon lhutsler zculp hkohlmeyer wbarcellos gtkach djosselyn wharpel rgoonez ichewning nchafins ivoetmann ekurter bnicoletti mberson cabare hbinker teliades hschlesser nbuford ncrissler skuang kadamczyk planzi rpastorin dbarriball dkopczyk estockwin ldettmann ipaquette zgitlewski gvachula sjankauskas ywhittingham dsantander wschemm jpidcock ugowans hpenick cbrunsting adesgroseillie cweiss oduba gmackinder lcorbridge bmoling gbolay ninnella kbrevitz kdomke bflexer djosselyn farquette nquann otanon pdech okave cbotdorf jcurson zanderlik cereth ycobetto lhurtado tmontesi rlambertus mvedder ktopoian bwinterton vmcilwraith fdivers rfassinger ohoffert dciullo nreistetter glemler tsenemounnarat zvagt elozier aspiess ediga gdrilling baigner iogasawara ienglert wpander phyer yversluis ihalford mespinel zratti vdolan mfritsche mjeon ddeguire bgjelaj wrott nkubley lleagjeld agarbett xmcnerney tgelen kganesvoort mwaltemath tlietzke ralspach dpallesen jfay ncaballero nspolar uvanmatre vareias ikulbida jschedler mkumar pgrybel emiss meconomides cmiramon nspolar tlana gishii zboulding vnooman sherzberg fkrasnow gcubbison cdeckard nrajewski hmagsby pgermershausen yeike akrishna lmccosh phaye lpaglialunga ebattee jmcgartland mvas cdegravelle moller tmorr hhires yfrymoyer njordon thaycraft bluellen sgurski hvannette nobregon zneeb hhysong fnottage ahandy wzausch lfichtner yautin fdechellis sgarriss garchambeault bouten wselim kswirsky fspiess eziebert gjundt gdusen jquicksall sgunder isorhaindo lkimel uneice ebusk gclapham eshanon wpoudrier zborgmeyer kwinterling gcrossfield jlianes ctenny bbeckfield hfenk creins olilyblade choeger pzaccaria ltegtmeier ycerasoli jcourtwright kgillim ycurtis tfalconeri faquilar jeuresti sstazenski gpomerance pmineo ocornelison hschrank kfetters wmolin akravetz hmachesky shaith ppeper ldreckman lbartimeus tpin dlongbotham oclunes vbaldasaro bmatrejek pcornn nroepke myokoyama cbelardo rsilberman bpinedo gdeblasio nphan istarring sstuemke tmagel mcidre pphuaphes jwatah ipeick khembrey hgreuel nkempon shoitt slaudeman hcalvaruso hdumpert nbugtong hsweezer cmcgoey ngata bcolorado vballina tmurata sjarvi esonia ycostaneda hriech kmandolfo ghumbles ngrowney ipuccio ssilbert hrapisura mdanos teliades hmitchusson ckugler lmadruga psantorella ggillim dstreich emiss ksoberanes lshilling ohearl fberra hderrig nevan xdittrick obeaufait mfinigan fsirianni bhelscher fberyman sgropper mcashett ecordts bharnois gkirchberg wcarthon dmccoyle cnoriego mblanchet dhendon kshippy emori mgoodenough testusr3 sdenina lhutsler uednilao omcdaid afeinen tsearle lnagata aziernicki jmarugg sscheiern hpaek panello fsapien ykisak msweezer cheinecke dhannam maustine vrapin svielle rcandy tmysinger hpalmquist swilken jnehls ckondo uweyand ewuitschick wschmuck mlinak pzutell vchevalier tabelman cbrunsting xmcnerney tliekhus klundsten slaningham deshmon nmoren askimehorn rpinilla mcaram thoofard dprestia iquero nrysavy mvanbergen ascheno ulanigan jeidem gloebs mdellavalle tsingeltary lwedner mcoch mneubacher khathway syurkovich psherfy fvallian jlunney wdovey jjumalon umcsparin zfarler bdevera zeddins mbroglie adurol dcastillion ncaver naquas cmellberg mswed bluellen rtrichell cfasone hderrig hstanczyk enastasi adevenney gcobane psemple ggehrke mberson ndrumgole khoffstetter ggase iromie mquigg iyorgey emargulis imarungo lrandall kmalas tvisitacion imcbay hbraskey ymudie tkuchem rfauerbach ctewari gstallion hcianciolo jsegundo tfetherston mjuris ualway ideshon lmadruga aashbach erostad hludeman wconces tmarkus eturpiano pcaposole lburmester mcook osarao spolmer isalm gshelhorse iwoldt pvlcek arosel obache jseen kjhonson vdesir rrodberg wtruman mfornes mfaruolo iyorks tairth cstidstone cfilippello vwaltmann pbenik fhalon ctetteh hzagami pheisdorffer lelsaesser ghann fcunard afallert efobes srees sackles uspittler mcampagnone gfaire dhannam kgleichweit rmcdonnel akomsthoeft gjankowiak glafontaine mmylott kgourd lbatra lparrish snotari oreiss lringuette ymursko ekonick rmandril cfredericksen fminecci lbassin mgavet gshadle cpalmios vrunyon cpalmios ueriks kstraughn gconver vburton fplayfair opeet bwalega mkonow lschenkelberg creddrick ubieniek wgwaltney sanderegg jchancy ibyles klover hbickford fsymmonds nlemma pgaudet lparrish rpenhale fwidhalm mvas rlatessa oscarpello pzaccaria zclendennen seastridge iweibe wmenucci pfreiberger cswayze fmulac mviverette tvallow wborenstein lhoerr sstuemke mconsolini ndashem lmauracher mpark thelfritz ckehl tbagne jamber walbrecht diller zgingrich dzurek nllewlyn sbloise lyoula vkouns dblazejewski ashuey eathey kdevincent kwidrick mmcchristian ebeachem ckugler tfowlkes lnorseworthy nerbach phyer gfedewa ngrowney pwademan lkhubba ktoni craddle rhickok smarksberry bwynes bromano dmarchizano ewall mxiong fratner tstalworth omounts vpender tpownell osaines jlebouf szachariades omatice nspanbauer sdaignault svielle blovig nlaizure lsous ademosthenes speppin mmangiamele kmoesch nhuckstadt isudweeks hsnarr abeen amccroskey nkraker rcandy ocalleo owhitelow mrizer cmafnas jzych tsann abortignon prowena mfaeth nridinger ctuzzo rcheshier gshrode vstirman pheathcock bdevera mdimaio pbeckerdite amcgraw nousdahl zbuscaglia ldettmann ihegener hbetterman dlargo ewilles ngaler ptomopoulos lvanconant jbiber vglidden nmajera vnery lseehafer hiddings kwirght imensah dmahapatra osanthuff mmanozca hbrandow zbracamonte gguardia lschenkelberg ymichna klover hliverman tmccannon hnoblitt pbascom dherard jscheitlin lgadomski mpilon mstirn fwollner ashrigley dlanois seroh vschaedler mherlihy vbonder okveton gmalave hhardan fkosiba ccyganiewicz vemily omasone cgalinol jrees tmcmickle akertzman ngoshen tkeala hpimpare dtornow jdodge ldigman vrunyon jenfort akilburn lchaudoin clapenta kmedcaf fparness owhelchel egalleta yeven bhaislett critchie lbramel ppiccillo ahalleck gearnshaw nhelfinstine hhaffey eyounglas ksharma gwethern fhovermale eklunder emottillo mdanos isuro pphuaphes wvalcin pduitscher yhenriques mjeon areid gbrimmer rdubuisson mvanpelt dstubby ksauler cmiramon cbrom gparkersmith gdivalerio awhitt slerew mpanahon kmanin igeltz awoytowich llampier lslavis hsweezer cbarrigan afredin slaforge ycostaneda hsabol bhelscher cnabzdyk wharpel cbrom hbarrale tmoskos lnibler mkassabian saben twedel eleyton mpark mferandez utrezize ihanneman behrke tarre hhartranft eyounglas ehindbaugh ichewning smayorca pcorson bcuez isplonskowski ediga ivanschaack ewicks icalamari bmicklos lgandee iwininger pmurdoch gkrasner uazatyan kbordwine speppin hwoodert mmoskop mferrier ygoldson cpatrich ktuccio vchevalier cduffer lringrose dhomma prepasky mmattu rbillingsly kepps fcha lgodlove rasrari hpolich garchambeault nwrobbel lsobrino aagel eneighbor hbuttolph umcsparin oconerly sschoeman mtanzi usoltes skuntz fhain smullowney okveton showe vrunyon fschafer yschmuff olilyblade hlynema xhorvitz hschrank jsweezy jrimando dpintor gshelhorse dsharr hmuscaro ihashbarger kmalas mdyce kschlicker svielle pwetherwax tgraen ecathers fwaychowsky mgoldhahn tblackgoat uoblinski gwachowiak thoch bwiggins tdonathan dpfeiffer arthur mfaeth bscadden eorofino imariello hcouillard uslavinski guresti bzaeske rmagnone rbloomstrand klurie csteinbrecher tbattista gpiatt pspradling ckerska obercier mdecourcey senrico rheinzmann eprosper jsenavanh cklem fcarvosso pdziuban gdrilling vdelnegro lschollmeier mpatty gapkin eshurtliff ghaworth cdrumm zpero psharits smillian tnaillon mdoering mmedlar fvascones kmoesch akravetz ilacourse umanske cgalinol kaanerud tmcmickle pcassaro kkinnick adesgroseillie ssilbert kleardi pfloerke hfiebig greagey wpeckler ckreidler vtrumpp imillin kkozik bstrede txayavong aferge kgarced ycerasoli dblazejewski usherraden vbigalow khinckson gallanson pmalachi cbrechbill rfauerbach jglotzbecker chuxman skoegler lbartimeus hstreitnatter mviverette emottillo hbukovsky edurick pbiggart sshilo bsibal pzieglen bhelscher kshippy gcacatian puniacke nlatchaw ohatto rhollmann sansari swallberg gportolese plabrum obenton mbumbalough ckleis rschkade fverfaille ukins bwhang tmohmed krahman nlinarez nwiker gcarlini sarndt cmafnas dgosser phyers hspackman ireeser bjolly mhollings ctenny uschweyen cgaler zkampmann svielle kwidrick omalvaez aminari khathway mdickinson kbradbury cvote cspilis cschimke ibreitbart imcconkey amayorga gmeece iroiger wmailey kthede testusr2 hbraim eklunder fgarron cklem kbarnthouse khovanesian cwank dwideman istoff dlancey mlinardi tlorona yeike dfirpo mcontreras mlantieri wschmeisser dhammontree hmogush kfetters achhor bgjelaj lsivic eparham nradican thomme lcoller ncermeno zkutchera lgradilla pvlcek cdouthett znightingale jkimpton owager zbains slaudeman sczubia jcaroll pslisz fdarakjian dhindsman zhaulk mground mkoelle mmatise gzuhlke cjuntunen mferandez uholecek tnitzel fsumrall jmartha hboreland eserrett csalkeld fburrough jchipp lfelan hpotucek pheathcock dsgambati kpuebla agimm csarjeant fvinal nglathar beon bsteinbrecher rchevrette cbleimehl dminozzi hfludd wworf jbjorkman bzaeske nglaspy gdamour etunby hcintron sdrawec dtuholski ochasten pvierthaler ekalfas rzilahi joligee rhoffschneider ckistenmacher ksparling zmeeker asabin mkrauser umarbury dpallesen nblum showe fberyman phardung hkinderknecht dgreenlun gsusoev tdembinski lseabold hbastidos ohoffert aesbensen tmill sbonnie ohedlund ewilund tsowells ilevian btheim wschemm csoomaroo ilawbaugh jdeaville lswanton faleo mcrise fblow amckinney eklein rginer ndepina vtowell ploegering lpintor jfreuden cjuntunen lmichaud hzinda mwesberry wsteinkuehler mwalkington nendicott brodgerson opoch nnickel rwinchell ibeto cboecker lcocherell fbakaler wottesen cbelardo skanjirathinga dsahota nedgin nhija sestergard imicthell upater sskone ncrafford gmalekan dbertels kbartolet fsaeli vbon usoltes vdelnegro lversage bvanscooter ppedraja clouder bveeneman hspiry ckodish hmatonak owager lgunnett mfritsche espangenberg zvanwagoner bswantak lcoy dciviello bnibbs esheehan ptraweek hdyner wstjean kmosko nrajewski brepka hmerle loganyan hholyfield nhayer npopwell rfassinger sbettridge tvrooman ddobrowski mjacox enicoles emanikowski iseipel emargulis kgremminger dauer wgwaltney ebascle nnamanworth mtoves jlathen lpeagler mprim wdelbalso tabdelal yhahne uvazzana csever fbuzzi nscharler tchemin kfaure dpolashek jcourtwright sdehoyos mlaverde owero bbabst ewilles ablackstock kthornes cbourek tnitzel pcoburn redling lfarraj gwaud sgraney hmateer csever jchipp klitehiser oalthouse hsabol sduplechain mdoering wbryar lbarban hcusta glebold nmoren cfronduti pwohlenhaus mpilbin jgobble nbolon emanikowski sdenina mdoering ilambino vmigliori kklavetter krahman eyslava hschelb adishaw ghiland nmccolm zgingrich rkraszewski lsobrino habby mmuscarella vnazzal wzappa pgreenier phyer pziesmer cmundel enuffer vpiraino kordahl bmoldan mgayden craddle jspohn nhattman iyorks hloftis lcarratala ncermeno mkawai ascovel hkohlmeyer mvashaw vrunyon ihegener srubenfield rmagnone ikaus ngiesler jknight hhamburg vlajoie kheadlon dpallesen wdeluccia vgieringer hpascarella egrago aramsdale hdula hwoodert rdubuisson upellam sratledge rmcstay hkippes kgelhar vmedici gdeyarmond zwinterbottom htilzer apancoast yszumigala mmatise zscammahorn jroman pzorens pfertitta vkilburn ngullett gbueche rrasual mmerriwether wcolbenson splumlee egospatrick ykello ejuedes nsiemonsma cnabzdyk cpalmios mruppel cpentreath vpeairs cghianni ohatto kbattershell pfavolise kmcguire nagerton lseabold jherkenratt brucky wboylston mpatty dnoneman lnormand miglesia ieckhardt lschnorbus kgumbs gcervantez rkoonz wkappen wvermeulen lcremer kmayoras gbitar atonkin dbissett canichini swolfertz mhack mskeele hlemon denriquez fhalon lkahre eneighbor dsherard wmenucci oreynero imillin smosses uhayakawa ilacourse ahalcom bdadds tronald carguellez mstorto isteinlicht esonia fberyman fbielecki rguinane wtio istallcup bmednick sscheiern uwalpole ipeick icoard amaslyn rpikes ebumbrey gnordmark wbillotte jeverton vweissmann wlucken ewicks mcolehour dslade dhomma pzorens hyuscak wkirkegaard atilley zrenderos efudala nforti ubynum ihashbarger ganes tredfearn jwatah wdevenish apurdon satkins eorsten zkeitsock uazatyan tcacal wknipe hcarrizal dscialpi jspohn hpolk lbanco vemily huber oolivarez ggaytan dclardy mpellew bkiang ksheeler atopick tgraen cjody ovibbert ideveyra eshurtliff mtintle clewicki cdarensbourg hdula oduba espyies bmooe emoradian kpalka rpinilla xeppley tgindhart rlosinger hdecristofaro ycobetto pdischinger cwank rtrichell asivley kjoslyn hcafourek gkerens emcquiddy crile asticher spolfer mjennings hskowronek ddobrowski ueriks wgorton mallmand btempel tcossa jspeh tboxx nchrisman ppeper mpester asundholm kgiacalone nlainhart nslaby ekalil gpelyo dliehr eengelman pdauterman ddigerolamo lvittum tharr bdaughenbaugh tpownell enastasi dlancey hcowles amozier pdulac rfidel klape cswigert nlohmiller smazzara hharian llarmore kcheyney wbryar cscullion tmelland flehenbauer nwescott pvierthaler enoguera jasplund ploegering tsowells hpolintan ahalcom nscharler bsolecki yduft obihl lbove ikulbida volejarski dfacenda kwirght dsherard istruzik sfaure smosakowski vkrug oosterhouse pquiller msweezer ecann imuehl xlantey fpybus mfornes ssandine ulanigan bjolly rtole mkofoed mkarels xstrawbridge dmcgillen esonia llaneaux nbethany rbernhagen bwoolever mbeagley peickhorst pwashuk ktolontino njordon pquiller glocascio ashrigley eyslava tmagel lvanconant ghanauer ajudkins rcolindres tfowlkes kmarzili llasher ejeppesen irenick vsefcovic uflander uschweyen esthill ebartylla udelashmit pziesmer rhollmann dholdaway irenick hlemon gjankowiak gportolese osanthuff lkimel fcoak nchafins ecolden daveado pzaccaria wlynch tmorr mluft ztukuafa igeltz ksiering nfunchess hboyette qaloan mbixby werrick nblum mbodley wnunziata jarango ipaquette ocalleo planzi pbondroff ofelcher seroh cpaccione moser bbrenton gschaumburg ugammell cpluid mgoldhahn tboock dphou usevera tmusemeche ktriblett gcurnutt ischnitzer bbertao jwelliver dborneman eflanner dtryba hmiazga pgiegerich fcopley zkampmann vleyton vbracey oahyou ihoa amccolgan hbrehmer nherschelman bbuhoveckey pmailhiot pgrybel vbonder nranck cmiramon zweide bluppino nschiele hdoiel dsmykowski rgramby mweiss afuchs kkottenstette dtornow fmcnaught swallberg cparee kpenale alichtenwalter frumbo kolexa rkrallis hkinderknecht fburrough cpinela tsablea msturrup fluthe igizzi ksiering wesguerra tdonathan kmisove nriofrio bnicoletti ameisinger hdohring hstoute nbouras cdegravelle ashrigley rborjas mheilbrun trofkahr cblumstein swede bmarlin maustine lgadomski nmajette kpannunzio rlagrone hstoute kgillim istruzik wottesen erathert ygockel ibyles wcreggett vmaynard sestabillo egivliani mbravata wtruman jmarugg oellerbee pdauterman pzutell kbrugal cordorica wclokecloak blittman habby scocuzza ptomopoulos hloftis mjacox lcaudell ffigert msweezer sgirsh hveader wbarcellos pirby rnordby mpytko dpebbles otrevor nforti dpintor mdedon svincenzo pbrohawn blatona tlowers hharian mground akraskouskas lwedner kvidra nsilveria cbandel hkohlmeyer sbemo oebrani waustad asemons ndipanfilo adenicola tstokey mdecourcey mruppel kmuros rbrisby hgoodin mkeedah kpantoja myokoyama jkopko gcummer telman mbrar fprado mdoering owhelchel bcoletta hlauchaire gvollrath wstjean rmarsee fparness zgitlewski ipiontek tyounglas bcatholic lgutenberg mzoulek fnollora vduffel mgolder kgelhar edrinkwater tkelly mmesidor lloukota pviviani ihudspeth obelloso wkahoun cdickes jroden zwoolfrey sansari tmccamish jtetzlaff hlichota urosentrance vglow ubenken mpizzaro nsytsma psowa hboreland astrunk pdurando nquann aspiess ikacher wbrill senrico ishuckhart hzinda mpanahon veisenhardt eaguire jkressin pcourneya tschnepel osaines dciullo gtinnel walbrecht ksollitto kstachurski nbugtong mdimaio bdominga farquette nss-pam-ldapd-0.8.13/tests/test_pamcmds.expect0000644000175000001440000001225312031652463016224 00000000000000#!/usr/bin/expect -- # test_pamcmds.expect - test script to check output of PAM commands # # Copyright (C) 2011 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA # basic configuration set timeout 5 log_file -a -noappend test_pamcmds.log log_user 0 # basic error handling proc abort {} { global expect_out send_user "\n\ntest_pamcmds.expect: ERROR found:\n" send_user "$expect_out(buffer)\n" exit 1 } # function for resetting the password proc reset_password {} { global expect_out send_user "test_pamcmds.expect: resetting passwd...\n" spawn passwd arthur expect { "LDAP administrator password" { send "test\r"; exp_continue } -regexp "(New|Retype new) password:" { send "test\r"; exp_continue } "password updated successfully" {} "Invalid credentials" abort "Authentication token manipulation error" abort default abort } #close } # find source directory if { ! [info exists ::env(srcdir) ] } { set env(srcdir) "." } # ensure that we are running as root if { [exec id -u] != "0" } { send_user "test_pamcmds.expect: not running as root\n" exit 77 } # ensure that we are running in the test environment spawn $env(srcdir)/in_testenv.sh expect { "in_testenv.sh: using LDAP server" { expect eof } eof { send_user "test_pamcmds.expect: not running in test environment\n" exit 77 } } # ensure that a correct password is set reset_password # start a shell as nobody send_user "test_pamcmds.expect: start shell...\n" spawn su - nobody -s /bin/sh expect "\$ " # function to do login, expecting OK result proc test_login_ok {uid passwd} { send "su - $uid -s /bin/sh\r" expect "Password:" send "$passwd\r" expect { "\$ " {} "su: " abort default abort } # test whether we are really logged in send "id\r" expect { -regexp "uid=\[0-9\]*\\($uid\\)" {} "\$ " abort default abort } expect "\$ " } # function to do login, expecting FAIL result proc test_login_authfail {uid passwd} { send "su - $uid -s /bin/sh\r" expect "Password:" send "$passwd\r" expect { "su: Authentication failure" {} "\$ " abort default abort } expect "\$ " } # function to do login, expecting FAIL result proc test_login_unknown {uid passwd} { send "su - $uid -s /bin/sh\r" expect { "Password:" { send "$passwd\r"; exp_continue } "Unknown id" {} "No passwd entry for user" {} "\$ " abort default abort } expect "\$ " } # test incorrect password send_user "test_pamcmds.expect: testing incorrect password...\n" test_login_authfail arthur wrongpassword # test correct password send_user "test_pamcmds.expect: testing correct password...\n" test_login_ok arthur test # change password using incorrect old password send_user "test_pamcmds.expect: testing password change with incorrect password...\n" send "passwd\r" expect { -nocase "password:" { send "wrongpassword\r" } "\$ " abort default abort } expect { -regexp "(New|Retype new) password:" { send "newpassword\r"; exp_continue } "password changed" abort "Invalid credentials" {} "Authentication token manipulation error" {} "\$ " abort } expect "\$ " # change the password using the correct old password send_user "test_pamcmds.expect: testing password change with correct password...\n" send "passwd\r" expect { -nocase "password:" { send "test\r" } "\$ " abort default abort } expect { -regexp "(New|Retype new) password:" { send "newpassword\r"; exp_continue } "password updated successfully" {} "Invalid credentials" abort "Authentication token manipulation error" abort "\$ " abort } expect "\$ " # exist shell (back to nobody) send "exit\r" expect "\$ " # logging in with the old password should fail now send_user "test_pamcmds.expect: testing old password...\n" test_login_authfail arthur test # test correct password send_user "test_pamcmds.expect: testing new password...\n" test_login_ok arthur newpassword # test invalid username send_user "test_pamcmds.expect: testing with unknown username...\n" test_login_unknown foo anypassword # test login as root with incorrect password send_user "test_pamcmds.expect: testing with root...\n" test_login_authfail root anypassword # test login as nobody with incorrect password send_user "test_pamcmds.expect: testing with nobody...\n" test_login_authfail nobody anypassword # close the shell (first log of arthur) send "exit\r" expect "\$ " send "exit\r" expect { eof {} "\$ " abort timeout abort } # ensure that a correct password is set reset_password send_user "test_pamcmds.expect: everyting OK\n" exit 0 nss-pam-ldapd-0.8.13/tests/in_testenv.sh0000755000175000001440000000353112031652462015042 00000000000000#!/bin/sh # in_testenv.sh - script to check whether we are running in test environment # # Copyright (C) 2011 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA # This script expects to be run in an environment where nss-pam-ldapd # is deployed with an LDAP server with the proper content (and nslcd running). # It's probably best to run this in an environment without nscd (this breaks # the services tests). # check if LDAP is configured correctly cfgfile="/etc/nslcd.conf" if [ -r "$cfgfile" ] then : else echo "$0: $cfgfile: not found" exit 77 fi uri=`sed -n 's/^uri *//p' "$cfgfile" | head -n 1` base="dc=test,dc=tld" # try to fetch the base DN (fail with exit 77 to indicate problem) ldapsearch -b "$base" -s base -x -H "$uri" > /dev/null 2>&1 || { echo "$0: LDAP server $uri not available for $base" exit 77 } # basic check to see if nslcd is running if [ -S /var/run/nslcd/socket ] && \ [ -f /var/run/nslcd/nslcd.pid ] && \ kill -s 0 `cat /var/run/nslcd/nslcd.pid` > /dev/null 2>&1 then : else echo "$0: nslcd not running" exit 77 fi # TODO: check if nscd is running # TODO: check if /etc/nsswitch.conf is correct echo "$0: using LDAP server $uri" nss-pam-ldapd-0.8.13/tests/test_dict.c0000644000175000001440000001144312031652462014454 00000000000000/* test_dict.c - simple test for the dict module This file is part of the nss-pam-ldapd library. Copyright (C) 2007, 2008, 2009, 2010 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include "common/dict.h" #include "compat/attrs.h" /* Simple test that adds a few key/value pairs to the dict and the does most operations. */ static void test_simple(void) { DICT *dict; void *val; static char *value1="value1"; static char *value2="value2"; static char *replace2="replace2"; const char **keys; int i; /* initialize */ dict=dict_new(); /* store some entries */ dict_put(dict,"key1",value1); dict_put(dict,"key2",value2); dict_put(dict,"key3",dict); dict_put(dict,"key2",replace2); /* check dictionary contents */ val=dict_get(dict,"key1"); assert(val==value1); val=dict_get(dict,"key2"); assert(val==replace2); val=dict_get(dict,"key3"); assert(val==dict); val=dict_get(dict,"key4"); assert(val==NULL); val=dict_get(dict,"KEY1"); assert(val==NULL); /* remove a key */ dict_put(dict,"key3",NULL); val=dict_get(dict,"key3"); assert(val==NULL); /* loop over dictionary contents */ keys=dict_keys(dict); for (i=0;keys[i]!=NULL;i++) { val=dict_get(dict,keys[i]); assert(((val==value1)||(val==replace2))); } /* free stuff */ dict_free(dict); free(keys); } /* Test to insert a large number of elements in the dict. */ static void test_lotsofelements(void) { DICT *dict; char buf[80]; int i,r; void *val; const char **keys; /* initialize */ dict=dict_new(); /* insert a number of entries */ for (i=0;i<1024;i++) { r=1+(int)(10000.0*(rand()/(RAND_MAX+1.0))); sprintf(buf,"test%04d",r); dict_put(dict,buf,&buf); } /* remove a number of entries */ for (i=0;i<100;i++) { r=1+(int)(10000.0*(rand()/(RAND_MAX+1.0))); sprintf(buf,"test%04d",r); dict_put(dict,buf,NULL); } /* add some more entries */ for (i=0;i<1024;i++) { r=1+(int)(10000.0*(rand()/(RAND_MAX+1.0))); sprintf(buf,"test%04d",r); dict_put(dict,buf,&buf); } /* loop over dictionary contents */ keys=dict_keys(dict); for (i=0;keys[i]!=NULL;i++) { val=dict_get(dict,keys[i]); assert(val==buf); } /* free stuff */ dict_free(dict); free(keys); } /* Test to insert a large number of elements in the dict. */ static void test_readelements(const char *fname) { DICT *dict; char buf[80]; FILE *fp; void *val; const char **keys; int i; /* initialize */ dict=dict_new(); /* read file and insert all entries */ fp=fopen(fname,"r"); assert(fp!=NULL); while (fgets(buf,sizeof(buf),fp)!=NULL) { /* strip newline */ buf[strlen(buf)-1]='\0'; dict_put(dict,buf,&buf); } fclose(fp); /* loop over dictionary contents */ keys=dict_keys(dict); for (i=0;keys[i]!=NULL;i++) { val=dict_get(dict,keys[i]); assert(val==buf); } /* free stuff */ dict_free(dict); free(keys); } static void test_countelements(int num) { DICT *dict; char buf[80]; int i,r; const char **keys; /* initialize */ dict=dict_new(); /* insert a number of entries */ for (i=0;i #include #include #include #include #include #ifdef HAVE_STDINT_H #include #endif /* HAVE_STDINT_H */ #include #include #include #include #include "common.h" #include "common/tio.h" /* for platforms that don't have ETIME use ETIMEDOUT */ #ifndef ETIME #define ETIME ETIMEDOUT #endif /* ETIME */ /* structure for passing arguments to helper (is a thread) */ struct helper_args { int fd; size_t blocksize; size_t blocks; int timeout; }; static void *help_tiowriter(void *arg) { TFILE *fp; size_t i,j,k; uint8_t *buf; struct helper_args *hargs=(struct helper_args *)arg; /* allocate the buffer */ buf=(uint8_t *)malloc(hargs->blocksize); assert(buf!=NULL); /* open the file */ fp=tio_fdopen(hargs->fd,hargs->timeout*1000,hargs->timeout*1000,4*1024,8*1024,4*1024,8*1024); assertok(fp!=NULL); /* write the blocks */ i=0; for (k=0;kblocks;k++) { /* fill the buffer */ for (j=0;jblocksize;j++) buf[j]=i++; assertok(tio_write(fp,buf,hargs->blocksize)==0); } /* close the file flushing the buffer */ assertok(tio_close(fp)==0); /* we're done */ free(buf); return NULL; } static void *help_tioreader(void *arg) { TFILE *fp; size_t i,j,k; uint8_t *buf; struct helper_args *hargs=(struct helper_args *)arg; /* allocate the buffer */ buf=(uint8_t *)malloc(hargs->blocksize); assert(buf!=NULL); /* open the file */ fp=tio_fdopen(hargs->fd,hargs->timeout*1000,hargs->timeout*1000,4*1024,8*1024,4*1024,8*1024); assertok(fp!=NULL); /* read the blocks */ i=0; for (k=0;kblocks;k++) { assertok(tio_read(fp,buf,hargs->blocksize)==0); /* check the buffer */ for (j=0;jblocksize;j++) assert(buf[j]==(uint8_t)(i++)); } /* close the file */ assertok(tio_close(fp)==0); /* we're done */ free(buf); return NULL; } static void *help_normwriter(void *arg) { FILE *fp; size_t i,j,k; uint8_t *buf; struct helper_args *hargs=(struct helper_args *)arg; /* allocate the buffer */ buf=(uint8_t *)malloc(hargs->blocksize); assert(buf!=NULL); /* open the file */ fp=fdopen(hargs->fd,"wb"); assertok(fp!=NULL); /* write the blocks */ i=0; for (k=0;kblocks;k++) { /* fill the buffer */ for (j=0;jblocksize;j++) buf[j]=i++; assertok(fwrite(buf,hargs->blocksize,1,fp)==1); } /* close the file flushing the buffer */ assertok(fclose(fp)==0); /* we're done */ free(buf); return NULL; } static void *help_normreader(void *arg) { FILE *fp; size_t i,j,k; struct helper_args *hargs=(struct helper_args *)arg; /* open the file */ fp=fdopen(hargs->fd,"rb"); assertok(fp!=NULL); /* read the blocks */ i=0; for (k=0;kblocks;k++) { /* check the buffer */ for (j=0;jblocksize;j++) assertok(fgetc(fp)==(uint8_t)(i++)); } /* close the file */ assertok(fclose(fp)==0); return NULL; } /* TODO: test timeout TODO: test whether a simple request/response works */ static int test_blocks(size_t wbs, size_t wbl, size_t rbs, size_t rbl) { int sp[2]; pthread_t wthread, rthread; struct helper_args wargs,rargs; /* set up the socket pair */ assertok(socketpair(AF_UNIX,SOCK_STREAM,0,sp)==0); /* log */ printf("test_tio: writing %d blocks of %d bytes (%d total)\n",(int)wbl,(int)wbs,(int)(wbl*wbs)); printf("test_tio: reading %d blocks of %d bytes (%d total)\n",(int)rbl,(int)rbs,(int)(rbl*rbs)); /* start the writer thread */ wargs.fd=sp[0]; wargs.blocksize=wbs; wargs.blocks=wbl; wargs.timeout=2; assertok(pthread_create(&wthread,NULL,help_tiowriter,&wargs)==0); /* sleep(1); */ /* start the reader thread */ rargs.fd=sp[1]; rargs.blocksize=rbs; rargs.blocks=rbl; rargs.timeout=2; assertok(pthread_create(&rthread,NULL,help_tioreader,&rargs)==0); /* wait for all threads to die */ assertok(pthread_join(wthread,NULL)==0); assertok(pthread_join(rthread,NULL)==0); /* we're done */ return 0; } static void test_reset(void) { int sp[2]; pthread_t wthread; struct helper_args wargs; TFILE *fp; size_t i,j,k,save; uint8_t buf[20]; /* set up the socket pair */ assertok(socketpair(AF_UNIX,SOCK_STREAM,0,sp)==0); /* start the writer thread */ wargs.fd=sp[0]; wargs.blocksize=4*1024; wargs.blocks=10; wargs.timeout=2; assertok(pthread_create(&wthread,NULL,help_normwriter,&wargs)==0); /* set up read handle */ fp=tio_fdopen(sp[1],2000,2000,2*1024,4*1024,2*1024,4*1024); assertok(fp!=NULL); /* perform 20 reads */ i=0; for (k=0;k<20;k++) { assertok(tio_read(fp,buf,sizeof(buf))==0); /* check the buffer */ for (j=0;jstart); /* close the files */ assertok(tio_close(rfp)==0); assertok(fclose(wfp)==0); } /* this test starts a writer and an idle reader */ static void test_timeout_writer(void) { int sp[2]; FILE *rfp; TFILE *wfp; int i; uint8_t buf[20]; time_t start,end; /* set up the socket pair */ assertok(socketpair(AF_UNIX,SOCK_STREAM,0,sp)==0); /* open the reader */ assertok((rfp=fdopen(sp[0],"rb"))!=NULL); /* open the writer */ assertok((wfp=tio_fdopen(sp[1],1100,1100,2*1024,4*1024,2*20,4*20+1))!=NULL); /* perform a few write (these should be OK because they fill the buffer) */ assertok(tio_write(wfp,buf,sizeof(buf))==0); assertok(tio_write(wfp,buf,sizeof(buf))==0); assertok(tio_write(wfp,buf,sizeof(buf))==0); assertok(tio_write(wfp,buf,sizeof(buf))==0); /* one of these should fail but it depends on OS buffers */ start=time(NULL); for (i=0;(i<10000)&&(tio_write(wfp,buf,sizeof(buf))==0);i++); assert(i<10000); end=time(NULL); assert(end>start); /* close the files */ assertok(tio_close(wfp)!=0); /* fails because of bufferred data */ assertok(fclose(rfp)==0); } /* the main program... */ int main(int UNUSED(argc),char UNUSED(*argv[])) { /* normal read-writes */ test_blocks(400,11,11,400); test_blocks(10*1024,11,10*11,1024); test_blocks(5*1023,20,20*1023,5); /* reader closes file sooner */ /* test_blocks(2*6*1023,20,20*1023,5); */ /* test_blocks(10,10,10,9); */ /* writer closes file sooner */ /* test_blocks(4*1023,20,20*1023,5); */ /* test_blocks(10,9,10,10); */ /* set tio_mark() and tio_reset() functions */ test_reset(); /* test timeout functionality */ test_timeout_reader(); test_timeout_writer(); return 0; } nss-pam-ldapd-0.8.13/tests/common.h0000644000175000001440000000477412036266627014011 00000000000000/* common.h - common test routines This file is part of the nss-pam-ldapd library. Copyright (C) 2011, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef TEST__COMMON_H #define TEST__COMMON_H 1 #include #ifndef __ASSERT_FUNCTION #define __ASSERT_FUNCTION "" #endif /* not __ASSERT_FUNCTION */ /* try to find the actual assert function */ #ifndef HAVE___ASSERT_FAIL /* for Solaris: */ #ifdef sun #define __assert_fail(assertion,file,line,function) __assert(assertion,file,line) #endif /* for FreeBSD: */ #ifdef __FreeBSD__ #define __assert_fail(assertion,file,line,function) __assert(assertion,file,line,function) #endif #endif /* not HAVE___ASSERT_FAIL */ /* extra assertion function that epxects both strings to be the same (special macro because strcmp() can be a macro that turns ugly in assert) */ #define assertstreq(str1,str2) \ (assertstreq_impl(str1,str2,"strcmp(" __STRING(str1) "," __STRING(str2) ")==0", \ __FILE__, __LINE__, __ASSERT_FUNCTION)) static inline void assertstreq_impl(const char *str1,const char *str2, const char *assertion,const char *file, int line,const char *function) { if (strcmp(str1,str2)!=0) __assert_fail(assertion,file,line,function); } /* extra assertion function that expects expr to be valid and prints an error message that include errno otherwise */ #define assertok(expr) \ ((expr) \ ? (void) (0) \ : __assertok_fail(__STRING(expr),__FILE__,__LINE__,__ASSERT_FUNCTION)) static inline void __assertok_fail(const char *expr,const char *file, int line,const char *function) { char msg[120]; snprintf(msg,sizeof(msg),"%s (errno=\"%s\")",expr,strerror(errno)); __assert_fail(msg,file,line,function); } #endif /* not TEST__COMMON_H */ nss-pam-ldapd-0.8.13/tests/README0000644000175000001440000000536012031652462013207 00000000000000 This document tries to descrive the test in this directory. Most of these tests should be self-explanitory as they should be simple unit tests of the shipped modules (more unit tests are welcome). Since nss-pam-ldapd is meant for providing data from an LDAP server for some tests you should have an LDAP server running and for even other tests you need to have nslcd running. For this a test environment should be set up (the tests are ignored if no such environment was detected). In my development environment I use a chroot jail with Debian. The instructions in this document assume a similar environment. TEST ENVIRONMENT ================ LDAP server configuration ------------------------- An LDAP server listening on ldap://localhost and ldapi:// is assumed. This is acomplished on Debian by the following line in /etc/default/slapd: SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///" Because there will be a lot of data in the database and to test paged results you need the following in /etc/ldap/slapd.conf: sizelimit size.prtotal=unlimited The LDAP server should be set up to service up the dc=test,dc=tld DN as base. A sample test.ldif file is also available in the SVN repository. Note that this file is currently not shipped in the released tarballs because it is quite large. Load the file into your LDAP server so that it can be served. Most of the names in the database have been randomly generated based on a combination of name-lists that were found on the Internet. nsswitch.conf ------------- The /etc/nsswitch.conf file is expected to contain something like the following. All maps should be looked up through LDAP and some tests may expect the LDAP lookup to come after the files lookup. passwd: files ldap group: files ldap shadow: files ldap hosts: files ldap dns mdns networks: files ldap protocols: db files ldap services: db files ldap ethers: db files ldap rpc: db files ldap netgroup: files ldap aliases: files ldap nslcd.conf ---------- The /etc/nslcd.conf file is expected to be configured like the following. uid nslcd gid nslcd uri ldapi:/// base dc=test,dc=tld #pagesize 100 # paging and referrals don't mix timelimit 2 bind_timelimit 4 reconnect_sleeptime 4 reconnect_retrytime 10 filter group (|(objectClass=posixGroup)(objectClass=groupOfNames)) base passwd ou=people,dc=test,dc=tld base shadow ou=people,dc=test,dc=tld base group ou=groups,dc=test,dc=tld rootpwmoddn cn=admin,dc=test,dc=tld rootpwmodpw test OLD TESTS ========= There are also a lot of old test files in this directory. Those files are of the form test_.c. These files call the NSS module functions directly. These can probably all be removed and integrated into test_nsscmds.sh instead. nss-pam-ldapd-0.8.13/tests/test_set.c0000644000175000001440000000405512031652463014326 00000000000000/* test_set.c - simple test for the set module This file is part of the nss-pam-ldapd library. Copyright (C) 2008, 2009, 2010 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include "common/set.h" #include "compat/attrs.h" static int isknownvalue(const char *value) { return value!=NULL && ( (strcmp(value,"key1")==0) || (strcmp(value,"key2")==0) || (strcmp(value,"key3")==0) ); } /* the main program... */ int main(int UNUSED(argc),char UNUSED(*argv[])) { SET *set; const char **list; int i; /* initialize */ set=set_new(); /* store some entries */ set_add(set,"key1"); set_add(set,"key2"); set_add(set,"key3"); set_add(set,"key2"); /* check set contents */ assert(set_contains(set,"key1")); assert(set_contains(set,"key2")); assert(set_contains(set,"key3")); assert(!set_contains(set,"key4")); assert(!set_contains(set,"KEY1")); /* loop over set contents */ list=set_tolist(set); for (i=0;list[i]!=NULL;i++) { assert(isknownvalue(list[i])); } /* remove keys from the set */ assert(isknownvalue(set_pop(set))); assert(isknownvalue(set_pop(set))); assert(isknownvalue(set_pop(set))); assert(set_pop(set)==NULL); /* free set */ set_free(set); free(list); return 0; } nss-pam-ldapd-0.8.13/tests/test_pamcmds.sh0000755000175000001440000000231312141435406015343 00000000000000#!/bin/sh # test_pamcmds.sh - test script to start test_pamcmds.expect # # Copyright (C) 2011, 2013 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA set -e # find source directory srcdir="${srcdir-`dirname "$0"`}" # ensure that we are running in the test environment . "$srcdir/in_testenv.sh" # check if we have expect installed EXPECT="$(which expect 2> /dev/null || true)" if [ -x "$EXPECT" ] then : else echo "$0: expect not found, not running tests" exit 77 fi export srcdir "$EXPECT" "$srcdir/test_pamcmds.expect" nss-pam-ldapd-0.8.13/tests/test_common.c0000644000175000001440000000351512031652462015022 00000000000000/* test_common.c - simple test for the common module This file is part of the nss-pam-ldapd library. Copyright (C) 2008, 2009, 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include "nslcd/common.h" #include "nslcd/cfg.h" #include "nslcd/log.h" static void test_isvalidname(void) { assert(isvalidname("arthur")); assert(!isvalidname("-arthur")); assert(isvalidname("arthur-is-nice")); assert(isvalidname("sambamachine$")); assert(isvalidname("foo\\bar")); assert(!isvalidname("\\foo\\bar")); assert(!isvalidname("foo\\bar\\")); assert(isvalidname("me")); /* try short name */ } /* the main program... */ int main(int UNUSED(argc),char UNUSED(*argv[])) { char *srcdir; char fname[100]; /* build the name of the file */ srcdir=getenv("srcdir"); if (srcdir==NULL) srcdir="."; snprintf(fname,sizeof(fname),"%s/nslcd-test.conf",srcdir); fname[sizeof(fname)-1]='\0'; /* initialize configuration */ cfg_init(fname); /* partially initialize logging */ log_setdefaultloglevel(LOG_DEBUG); /* run the tests */ test_isvalidname(); return 0; } nss-pam-ldapd-0.8.13/tests/test_getpeercred.c0000644000175000001440000000755512031652462016033 00000000000000/* test_getpeercred.c - simple test for the peercred module This file is part of the nss-pam-ldapd library. Copyright (C) 2008, 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include #include #include #include #ifdef HAVE_GRP_H #include #endif /* HAVE_GRP_H */ #include #include "common.h" #include "compat/attrs.h" #include "compat/getpeercred.h" /* create a named socket */ static int create_socket(const char *name) { int sock; struct sockaddr_un addr; /* create a socket */ assertok((sock=socket(PF_UNIX,SOCK_STREAM,0))>=0); /* remove existing named socket */ unlink(name); /* create socket address structure */ memset(&addr,0,sizeof(struct sockaddr_un)); addr.sun_family=AF_UNIX; strncpy(addr.sun_path,name,sizeof(addr.sun_path)); addr.sun_path[sizeof(addr.sun_path)-1]='\0'; /* bind to the named socket */ assertok(bind(sock,(struct sockaddr *)&addr,sizeof(struct sockaddr_un))==0); /* close the file descriptor on exit */ assertok(fcntl(sock,F_SETFD,FD_CLOEXEC)>=0); /* start listening for connections */ assertok(listen(sock,SOMAXCONN)>=0); /* we're done */ return sock; } /* accept a connection on the socket */ static int acceptconnection(int sock) { int csock; int j; struct sockaddr_storage addr; socklen_t alen; /* accept a new connection */ alen=(socklen_t)sizeof(struct sockaddr_storage); assertok((csock=accept(sock,(struct sockaddr *)&addr,&alen))>=0); /* make sure O_NONBLOCK is not inherited */ assertok((j=fcntl(csock,F_GETFL,0))>=0); assertok(fcntl(csock,F_SETFL,j&~O_NONBLOCK)>=0); /* return socket */ return csock; } /* open a connection to the named socket */ static int open_socket(const char *name) { int sock; struct sockaddr_un addr; /* create a socket */ assertok((sock=socket(PF_UNIX,SOCK_STREAM,0))>=0); /* create socket address structure */ memset(&addr,0,sizeof(struct sockaddr_un)); addr.sun_family=AF_UNIX; strncpy(addr.sun_path,name,sizeof(addr.sun_path)); addr.sun_path[sizeof(addr.sun_path)-1]='\0'; /* connect to the socket */ assertok(connect(sock,(struct sockaddr *)&addr,(socklen_t)sizeof(struct sockaddr_un))>=0); /* return the socket */ return sock; } #define SOCKETNAME "/tmp/test_getpeercred.sock" #define assertwarn(assertion) \ if (!(assertion)) \ fprintf(stderr,"test_getpeercred: %s:%d: %s: Assertion `%s' failed\n", \ __FILE__, __LINE__, __ASSERT_FUNCTION, __STRING(assertion)); /* the main program... */ int main(int UNUSED(argc),char UNUSED(*argv[])) { int ssock; int csock; int fsock; uid_t uid; gid_t gid; pid_t pid; /* create a socket to listen on */ ssock=create_socket(SOCKETNAME); /* open a connection to the socket */ csock=open_socket(SOCKETNAME); /* get a connection from the server socket */ fsock=acceptconnection(ssock); /* look up client information */ assert(getpeercred(fsock,&uid,&gid,&pid)==0); assert(uid==geteuid()); assertwarn(gid==getegid()); assertwarn(pid==getpid()); /* remove the socket */ unlink(SOCKETNAME); return 0; } nss-pam-ldapd-0.8.13/tests/test_myldap.sh0000755000175000001440000000265612031652462015220 00000000000000#!/bin/sh # test_myldap.sh - simple wrapper test script for test_myldap # # Copyright (C) 2007 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA # This script expects to be run in an environment where an LDAP server # is available at the location specified in nslcd-test.conf in # this directory. set -e # get LDAP config srcdir="${srcdir-"."}" cfgfile="$srcdir/nslcd-test.conf" uri=`sed -n 's/^uri *//p' "$cfgfile" | head -n 1` base="dc=test,dc=tld" # try to fetch the base DN (fail with exit 77 to indicate problem) ldapsearch -b "$base" -s base -x -H "$uri" > /dev/null 2>&1 || { echo "test_myldap.sh: LDAP server $uri not available for $base" exit 77 } echo "test_myldap.sh: using LDAP server $uri" # just execute test_myldap exec ./test_myldap nss-pam-ldapd-0.8.13/tests/Makefile.in0000644000175000001440000006601112141445266014400 00000000000000# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am - use automake to generate Makefile.in # # Copyright (C) 2006 West Consulting # Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA VPATH = @srcdir@ am__make_dryrun = \ { \ am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ *) \ for am__flg in $$MAKEFLAGS; do \ case $$am__flg in \ *=*|--*) ;; \ *n*) am__dry=yes; break;; \ esac; \ done;; \ esac; \ test $$am__dry = yes; \ } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ TESTS = test_dict$(EXEEXT) test_set$(EXEEXT) test_tio$(EXEEXT) \ test_expr$(EXEEXT) test_getpeercred$(EXEEXT) test_cfg$(EXEEXT) \ test_myldap.sh test_common$(EXEEXT) test_nsscmds.sh \ test_pamcmds.sh check_PROGRAMS = test_dict$(EXEEXT) test_set$(EXEEXT) \ test_tio$(EXEEXT) test_expr$(EXEEXT) test_getpeercred$(EXEEXT) \ test_cfg$(EXEEXT) test_myldap$(EXEEXT) test_common$(EXEEXT) subdir = tests DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_pthread.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am_test_cfg_OBJECTS = test_cfg.$(OBJEXT) test_cfg_OBJECTS = $(am_test_cfg_OBJECTS) am__DEPENDENCIES_1 = ../nslcd/log.o ../nslcd/common.o \ ../nslcd/myldap.o ../nslcd/attmap.o ../nslcd/nsswitch.o \ ../nslcd/alias.o ../nslcd/ether.o ../nslcd/group.o \ ../nslcd/host.o ../nslcd/netgroup.o ../nslcd/network.o \ ../nslcd/passwd.o ../nslcd/protocol.o ../nslcd/rpc.o \ ../nslcd/service.o ../nslcd/shadow.o ../nslcd/pam.o \ ../common/libtio.a ../common/libdict.a ../common/libexpr.a \ ../compat/libcompat.a test_cfg_DEPENDENCIES = $(am__DEPENDENCIES_1) am_test_common_OBJECTS = test_common.$(OBJEXT) test_common_OBJECTS = $(am_test_common_OBJECTS) test_common_DEPENDENCIES = ../nslcd/cfg.o $(am__DEPENDENCIES_1) am_test_dict_OBJECTS = test_dict.$(OBJEXT) dict.$(OBJEXT) test_dict_OBJECTS = $(am_test_dict_OBJECTS) test_dict_LDADD = $(LDADD) am_test_expr_OBJECTS = test_expr.$(OBJEXT) test_expr_OBJECTS = $(am_test_expr_OBJECTS) test_expr_DEPENDENCIES = ../common/set.o ../common/dict.o am_test_getpeercred_OBJECTS = test_getpeercred.$(OBJEXT) test_getpeercred_OBJECTS = $(am_test_getpeercred_OBJECTS) test_getpeercred_DEPENDENCIES = ../compat/libcompat.a am_test_myldap_OBJECTS = test_myldap.$(OBJEXT) test_myldap_OBJECTS = $(am_test_myldap_OBJECTS) test_myldap_DEPENDENCIES = ../nslcd/cfg.o $(am__DEPENDENCIES_1) am_test_set_OBJECTS = test_set.$(OBJEXT) test_set_OBJECTS = $(am_test_set_OBJECTS) test_set_DEPENDENCIES = ../common/libdict.a am_test_tio_OBJECTS = test_tio.$(OBJEXT) tio.$(OBJEXT) test_tio_OBJECTS = $(am_test_tio_OBJECTS) test_tio_LDADD = $(LDADD) test_tio_LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(test_tio_LDFLAGS) \ $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ SOURCES = $(test_cfg_SOURCES) $(test_common_SOURCES) \ $(test_dict_SOURCES) $(test_expr_SOURCES) \ $(test_getpeercred_SOURCES) $(test_myldap_SOURCES) \ $(test_set_SOURCES) $(test_tio_SOURCES) DIST_SOURCES = $(test_cfg_SOURCES) $(test_common_SOURCES) \ $(test_dict_SOURCES) $(test_expr_SOURCES) \ $(test_getpeercred_SOURCES) $(test_myldap_SOURCES) \ $(test_set_SOURCES) $(test_tio_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2X_MAN = @DOCBOOK2X_MAN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NSLCD_BINDPW_PATH = @NSLCD_BINDPW_PATH@ NSLCD_CONF_PATH = @NSLCD_CONF_PATH@ NSLCD_PIDFILE = @NSLCD_PIDFILE@ NSLCD_SOCKET = @NSLCD_SOCKET@ NSS_LDAP_SONAME = @NSS_LDAP_SONAME@ NSS_MODULE_OBJS = @NSS_MODULE_OBJS@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PAM_LDAP_SONAME = @PAM_LDAP_SONAME@ PAM_SECLIB_DIR = @PAM_SECLIB_DIR@ PATH_SEPARATOR = @PATH_SEPARATOR@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RELEASE_MONTH = @RELEASE_MONTH@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ nslcd_LIBS = @nslcd_LIBS@ nss_ldap_so_LDFLAGS = @nss_ldap_so_LDFLAGS@ nss_ldap_so_LINK = @nss_ldap_so_LINK@ oldincludedir = @oldincludedir@ pam_ldap_so_LDFLAGS = @pam_ldap_so_LDFLAGS@ pam_ldap_so_LINK = @pam_ldap_so_LINK@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ EXTRA_DIST = nslcd-test.conf test_myldap.sh test_nsscmds.sh test_pamcmds.sh \ in_testenv.sh test_pamcmds.expect usernames.txt CLEANFILES = $(EXTRA_PROGRAMS) AM_CPPFLAGS = -I$(top_srcdir) AM_CFLAGS = $(PTHREAD_CFLAGS) -g # the following enables verbose protocol debugging information to be dumped #AM_CPPFLAGS += -DDEBUG_PROT -DDEBUG_PROT_DUMP # the following enabled verbose tio stats logging #AM_CPPFLAGS += -DDEBUG_TIO_STATS test_dict_SOURCES = test_dict.c ../common/dict.h ../common/dict.c #test_dict_LDADD = ../common/dict.o test_set_SOURCES = test_set.c ../common/set.h test_set_LDADD = ../common/libdict.a test_tio_SOURCES = test_tio.c common.h ../common/tio.h ../common/tio.c test_tio_LDFLAGS = $(PTHREAD_CFLAGS) $(PTHREAD_LIBS) test_expr_SOURCES = test_expr.c common.h test_expr_LDADD = ../common/set.o ../common/dict.o test_getpeercred_SOURCES = test_getpeercred.c common.h test_getpeercred_LDADD = ../compat/libcompat.a # common objects that are included for the tests of nslcd functionality common_nslcd_LDADD = ../nslcd/log.o ../nslcd/common.o \ ../nslcd/myldap.o ../nslcd/attmap.o ../nslcd/nsswitch.o \ ../nslcd/alias.o ../nslcd/ether.o ../nslcd/group.o \ ../nslcd/host.o ../nslcd/netgroup.o ../nslcd/network.o \ ../nslcd/passwd.o ../nslcd/protocol.o ../nslcd/rpc.o \ ../nslcd/service.o ../nslcd/shadow.o ../nslcd/pam.o \ ../common/libtio.a ../common/libdict.a \ ../common/libexpr.a ../compat/libcompat.a \ @nslcd_LIBS@ @PTHREAD_LIBS@ test_cfg_SOURCES = test_cfg.c common.h test_cfg_LDADD = $(common_nslcd_LDADD) test_myldap_SOURCES = test_myldap.c common.h test_myldap_LDADD = ../nslcd/cfg.o $(common_nslcd_LDADD) test_common_SOURCES = test_common.c ../nslcd/common.h test_common_LDADD = ../nslcd/cfg.o $(common_nslcd_LDADD) all: all-am .SUFFIXES: .SUFFIXES: .c .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu tests/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-checkPROGRAMS: -test -z "$(check_PROGRAMS)" || rm -f $(check_PROGRAMS) test_cfg$(EXEEXT): $(test_cfg_OBJECTS) $(test_cfg_DEPENDENCIES) $(EXTRA_test_cfg_DEPENDENCIES) @rm -f test_cfg$(EXEEXT) $(LINK) $(test_cfg_OBJECTS) $(test_cfg_LDADD) $(LIBS) test_common$(EXEEXT): $(test_common_OBJECTS) $(test_common_DEPENDENCIES) $(EXTRA_test_common_DEPENDENCIES) @rm -f test_common$(EXEEXT) $(LINK) $(test_common_OBJECTS) $(test_common_LDADD) $(LIBS) test_dict$(EXEEXT): $(test_dict_OBJECTS) $(test_dict_DEPENDENCIES) $(EXTRA_test_dict_DEPENDENCIES) @rm -f test_dict$(EXEEXT) $(LINK) $(test_dict_OBJECTS) $(test_dict_LDADD) $(LIBS) test_expr$(EXEEXT): $(test_expr_OBJECTS) $(test_expr_DEPENDENCIES) $(EXTRA_test_expr_DEPENDENCIES) @rm -f test_expr$(EXEEXT) $(LINK) $(test_expr_OBJECTS) $(test_expr_LDADD) $(LIBS) test_getpeercred$(EXEEXT): $(test_getpeercred_OBJECTS) $(test_getpeercred_DEPENDENCIES) $(EXTRA_test_getpeercred_DEPENDENCIES) @rm -f test_getpeercred$(EXEEXT) $(LINK) $(test_getpeercred_OBJECTS) $(test_getpeercred_LDADD) $(LIBS) test_myldap$(EXEEXT): $(test_myldap_OBJECTS) $(test_myldap_DEPENDENCIES) $(EXTRA_test_myldap_DEPENDENCIES) @rm -f test_myldap$(EXEEXT) $(LINK) $(test_myldap_OBJECTS) $(test_myldap_LDADD) $(LIBS) test_set$(EXEEXT): $(test_set_OBJECTS) $(test_set_DEPENDENCIES) $(EXTRA_test_set_DEPENDENCIES) @rm -f test_set$(EXEEXT) $(LINK) $(test_set_OBJECTS) $(test_set_LDADD) $(LIBS) test_tio$(EXEEXT): $(test_tio_OBJECTS) $(test_tio_DEPENDENCIES) $(EXTRA_test_tio_DEPENDENCIES) @rm -f test_tio$(EXEEXT) $(test_tio_LINK) $(test_tio_OBJECTS) $(test_tio_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dict.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_cfg.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_dict.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_expr.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_getpeercred.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_myldap.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_set.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_tio.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tio.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` dict.o: ../common/dict.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT dict.o -MD -MP -MF $(DEPDIR)/dict.Tpo -c -o dict.o `test -f '../common/dict.c' || echo '$(srcdir)/'`../common/dict.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/dict.Tpo $(DEPDIR)/dict.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../common/dict.c' object='dict.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o dict.o `test -f '../common/dict.c' || echo '$(srcdir)/'`../common/dict.c dict.obj: ../common/dict.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT dict.obj -MD -MP -MF $(DEPDIR)/dict.Tpo -c -o dict.obj `if test -f '../common/dict.c'; then $(CYGPATH_W) '../common/dict.c'; else $(CYGPATH_W) '$(srcdir)/../common/dict.c'; fi` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/dict.Tpo $(DEPDIR)/dict.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../common/dict.c' object='dict.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o dict.obj `if test -f '../common/dict.c'; then $(CYGPATH_W) '../common/dict.c'; else $(CYGPATH_W) '$(srcdir)/../common/dict.c'; fi` tio.o: ../common/tio.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tio.o -MD -MP -MF $(DEPDIR)/tio.Tpo -c -o tio.o `test -f '../common/tio.c' || echo '$(srcdir)/'`../common/tio.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tio.Tpo $(DEPDIR)/tio.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../common/tio.c' object='tio.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tio.o `test -f '../common/tio.c' || echo '$(srcdir)/'`../common/tio.c tio.obj: ../common/tio.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tio.obj -MD -MP -MF $(DEPDIR)/tio.Tpo -c -o tio.obj `if test -f '../common/tio.c'; then $(CYGPATH_W) '../common/tio.c'; else $(CYGPATH_W) '$(srcdir)/../common/tio.c'; fi` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tio.Tpo $(DEPDIR)/tio.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../common/tio.c' object='tio.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tio.obj `if test -f '../common/tio.c'; then $(CYGPATH_W) '../common/tio.c'; else $(CYGPATH_W) '$(srcdir)/../common/tio.c'; fi` ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ col="$$grn"; \ else \ col="$$red"; \ fi; \ echo "$${col}$$dashes$${std}"; \ echo "$${col}$$banner$${std}"; \ test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \ test -z "$$report" || echo "$${col}$$report$${std}"; \ echo "$${col}$$dashes$${std}"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-checkPROGRAMS clean-generic mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-checkPROGRAMS clean-generic ctags distclean \ distclean-compile distclean-generic distclean-tags distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \ uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nss-pam-ldapd-0.8.13/tests/test_cfg.c0000644000175000001440000002024012031652463014264 00000000000000/* test_cfg.c - simple test for the cfg module This file is part of the nss-pam-ldapd library. Copyright (C) 2007, 2009, 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include "common.h" /* we include cfg.c because we want to test the static methods */ #include "nslcd/cfg.c" static void test_xstrdup(void) { static const char *foo="testString123"; char *bar; bar=xstrdup(foo); /* we should have a new value */ assert(bar!=NULL); /* the contents should be the same */ assertstreq(foo,bar); /* but the pointer should be different */ assert(foo!=bar); /* free memory */ free(bar); } static void test_add_uris(void) { static struct ldap_config cfg; int i; /* set up config */ cfg_defaults(&cfg); assert(cfg.ldc_uris[0].uri==NULL); /* add a uri */ add_uri(__FILE__,__LINE__,&cfg,"ldap://localhost"); assert(cfg.ldc_uris[0].uri!=NULL); assert(cfg.ldc_uris[1].uri==NULL); /* add some more uris */ for (i=1;i #include #include #include #include #include #include "common.h" #include "nslcd/log.h" #include "nslcd/cfg.h" #include "nslcd/myldap.h" struct worker_args { int id; }; /* the maxium number of results to print (all results are retrieved) */ #define MAXRESULTS 10 /* This is a very basic search test, it performs a test to get certain entries from the database. It currently just prints out the DNs for the entries. */ static void test_search(void) { MYLDAP_SESSION *session; MYLDAP_SEARCH *search; MYLDAP_ENTRY *entry; const char *attrs[] = { "uid", "cn", "gid", NULL }; int i; int rc; /* initialize session */ printf("test_myldap: test_search(): getting session...\n"); session=myldap_create_session(); assert(session!=NULL); /* perform search */ printf("test_myldap: test_search(): doing search...\n"); search=myldap_search(session,nslcd_cfg->ldc_bases[0], LDAP_SCOPE_SUBTREE, "(objectclass=posixAccount)", attrs,NULL); assert(search!=NULL); /* go over results */ printf("test_myldap: test_search(): get results...\n"); for (i=0;(entry=myldap_get_entry(search,&rc))!=NULL;i++) { if (ildc_bases[0], LDAP_SCOPE_SUBTREE, "(objectclass=posixGroup)", attrs,NULL); assert(search!=NULL); /* go over results */ printf("test_myldap: test_search(): get results...\n"); for (i=0;(entry=myldap_get_entry(search,&rc))!=NULL;i++) { if (ildc_bases[0], LDAP_SCOPE_SUBTREE, "(&(|(objectClass=posixGroup)(objectClass=groupOfNames))(cn=testgroup2))", attrs1,NULL); assert(search1!=NULL); /* get one entry */ entry=myldap_get_entry(search1,&rc); assert(entry!=NULL); printf("test_myldap: test_get(): got DN %s\n",myldap_get_dn(entry)); /* get some attribute values */ (void)myldap_get_values(entry,"gidNumber"); (void)myldap_get_values(entry,"userPassword"); (void)myldap_get_values(entry,"memberUid"); (void)myldap_get_values(entry,"member"); /* perform another search */ printf("test_myldap: test_get(): doing get...\n"); search2=myldap_search(session,"cn=Test User2,ou=people,dc=test,dc=tld", LDAP_SCOPE_BASE, "(objectclass=posixAccount)", attrs2,NULL); assert(search2!=NULL); /* get one entry */ entry=myldap_get_entry(search2,&rc); assert(entry!=NULL); printf("test_myldap: test_get(): got DN %s\n",myldap_get_dn(entry)); /* test if searches are ok */ assert(myldap_get_entry(search1,&rc)==NULL); assert(myldap_get_entry(search2,&rc)==NULL); /* clean up */ myldap_session_close(session); } /* This search prints a number of attributes from a search */ static void test_get_values(void) { MYLDAP_SESSION *session; MYLDAP_SEARCH *search; MYLDAP_ENTRY *entry; const char *attrs[] = { "uidNumber", "cn", "gidNumber", "uid", "objectClass", NULL }; const char **vals; const char *rdnval; int i; /* initialize session */ printf("test_myldap: test_get_values(): getting session...\n"); session=myldap_create_session(); assert(session!=NULL); /* perform search */ search=myldap_search(session,nslcd_cfg->ldc_bases[0], LDAP_SCOPE_SUBTREE, "(&(objectClass=posixAccount)(uid=*))", attrs,NULL); assert(search!=NULL); /* go over results */ for (i=0;(entry=myldap_get_entry(search,NULL))!=NULL;i++) { if (ildc_bases[0], LDAP_SCOPE_SUBTREE, "(&(objectClass=posixAccount)(uid=*))", attrs,NULL); assert(search1!=NULL); /* get a result from search1 */ entry=myldap_get_entry(search1,NULL); assert(entry!=NULL); printf("test_myldap: test_two_searches(): [search1] DN %s\n",myldap_get_dn(entry)); vals=myldap_get_values(entry,"cn"); assert((vals!=NULL)&&(vals[0]!=NULL)); printf("test_myldap: test_two_searches(): [search1] cn=%s\n",vals[0]); /* start a second search */ search2=myldap_search(session,nslcd_cfg->ldc_bases[0], LDAP_SCOPE_SUBTREE, "(&(objectclass=posixGroup)(gidNumber=*))", attrs,NULL); assert(search2!=NULL); /* get a result from search2 */ entry=myldap_get_entry(search2,NULL); assert(entry!=NULL); printf("test_myldap: test_two_searches(): [search2] DN %s\n",myldap_get_dn(entry)); vals=myldap_get_values(entry,"cn"); assert((vals!=NULL)&&(vals[0]!=NULL)); printf("test_myldap: test_two_searches(): [search2] cn=%s\n",vals[0]); /* get another result from search1 */ entry=myldap_get_entry(search1,NULL); assert(entry!=NULL); printf("test_myldap: test_two_searches(): [search1] DN %s\n",myldap_get_dn(entry)); vals=myldap_get_values(entry,"cn"); assert((vals!=NULL)&&(vals[0]!=NULL)); printf("test_myldap: test_two_searches(): [search1] cn=%s\n",vals[0]); /* stop search1 */ myldap_search_close(search1); /* get another result from search2 */ entry=myldap_get_entry(search2,NULL); assert(entry!=NULL); printf("test_myldap: test_two_searches(): [search2] DN %s\n",myldap_get_dn(entry)); vals=myldap_get_values(entry,"cn"); assert((vals!=NULL)&&(vals[0]!=NULL)); printf("test_myldap: test_two_searches(): [search2] cn=%s\n",vals[0]); /* clean up */ myldap_session_close(session); } /* perform a simple search */ static void *worker(void *arg) { MYLDAP_SESSION *session; MYLDAP_SEARCH *search; MYLDAP_ENTRY *entry; const char *attrs[] = { "uid", "cn", "gid", NULL }; struct worker_args *args=(struct worker_args *)arg; int i; int rc; /* initialize session */ session=myldap_create_session(); assert(session!=NULL); /* perform search */ search=myldap_search(session,nslcd_cfg->ldc_bases[0], LDAP_SCOPE_SUBTREE, "(objectclass=posixAccount)", attrs,NULL); assert(search!=NULL); /* go over results */ for (i=0;(entry=myldap_get_entry(search,&rc))!=NULL;i++) { if (iid,i,myldap_get_dn(entry)); else if (i==MAXRESULTS) printf("test_myldap: test_threads(): [worker %d] ...\n",args->id); } printf("test_myldap: test_threads(): [worker %d] DONE: %s\n",args->id,ldap_err2string(rc)); assert(rc==LDAP_SUCCESS); /* clean up */ myldap_session_close(session); return 0; } /* thread ids of all running threads */ #define NUM_THREADS 5 pthread_t my_threads[NUM_THREADS]; static void test_threads(void) { int i; struct worker_args args[NUM_THREADS]; /* start worker threads */ for (i=0;ildc_uris[i].uri; nslcd_cfg->ldc_uris[i].uri=NULL; } /* set new URIs */ i=0; nslcd_cfg->ldc_uris[i++].uri="ldapi://%2fdev%2fnull/"; nslcd_cfg->ldc_uris[i++].uri="ldap://10.10.10.10/"; nslcd_cfg->ldc_uris[i++].uri="ldapi://%2fdev%2fnonexistent/"; nslcd_cfg->ldc_uris[i++].uri="ldap://nosuchhost/"; nslcd_cfg->ldc_uris[i++].uri=NULL; /* initialize session */ printf("test_myldap: test_connections(): getting session...\n"); session=myldap_create_session(); assert(session!=NULL); /* perform search */ printf("test_myldap: test_connections(): doing search...\n"); search=myldap_search(session,nslcd_cfg->ldc_bases[0], LDAP_SCOPE_SUBTREE, "(objectclass=posixAccount)", attrs,NULL); assert(search==NULL); /* clean up */ myldap_session_close(session); /* restore the old URIs */ for (i=0;i<(NSS_LDAP_CONFIG_URI_MAX+1);i++) nslcd_cfg->ldc_uris[i].uri=old_uris[i]; } /* test whether myldap_escape() handles buffer overlows correctly */ static void test_escape(void) { char buffer[1024]; assert(myldap_escape("test",buffer,4)!=0); assert(myldap_escape("t*st",buffer,5)!=0); assert(myldap_escape("t*st",buffer,20)==0); assertstreq(buffer,"t\\2ast"); } /* the main program... */ int main(int argc,char *argv[]) { char *srcdir; char fname[100]; struct sigaction act; /* build the name of the file */ srcdir=getenv("srcdir"); if (srcdir==NULL) srcdir="."; snprintf(fname,sizeof(fname),"%s/nslcd-test.conf",srcdir); fname[sizeof(fname)-1]='\0'; /* initialize configuration */ cfg_init(fname); /* partially initialize logging */ log_setdefaultloglevel(LOG_DEBUG); /* ignore SIGPIPE */ memset(&act,0,sizeof(struct sigaction)); act.sa_handler=SIG_IGN; sigemptyset(&act.sa_mask); act.sa_flags=SA_RESTART|SA_NOCLDSTOP; assert(sigaction(SIGPIPE,&act,NULL)==0); /* do tests */ test_search(); test_get(); test_get_values(); test_get_rdnvalues(); test_two_searches(); test_threads(); test_connections(); test_escape(); return 0; } nss-pam-ldapd-0.8.13/pam/0000755000175000001440000000000012141476126012021 500000000000000nss-pam-ldapd-0.8.13/pam/pam_ldap.map0000644000175000001440000000040611405755061014215 00000000000000EXPORTED { # published PAM service functions global: pam_sm_acct_mgmt; pam_sm_authenticate; pam_sm_chauthtok; pam_sm_close_session; pam_sm_open_session; pam_sm_setcred; # everything else should not be exported local: *; }; nss-pam-ldapd-0.8.13/pam/pam.c0000644000175000001440000005521112137303542012662 00000000000000/* pam.c - pam module functions Copyright (C) 2009 Howard Chu Copyright (C) 2009, 2010, 2011, 2012, 2013 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include #include #include /* these are defined (before including pam_modules.h) for staticly linking */ #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #define PAM_SM_SESSION #define PAM_SM_PASSWORD #include "common.h" #include "compat/attrs.h" #include "compat/pam_compat.h" #ifdef HAVE_SECURITY_PAM_APPL_H #include #endif /* HAVE_SECURITY_PAM_APPL_H */ #ifndef HAVE_PAM_PAM_MODULES_H #include #ifdef HAVE_SECURITY_PAM_EXT_H #include #endif /* HAVE_SECURITY_PAM_EXT_H */ #else /* not HAVE_PAM_PAM_MODULES_H */ #include #endif /* not HAVE_PAM_PAM_MODULES_H */ /* the name we store our context under */ #define PLD_CTX "PAM_LDAPD_CTX" /* this struct represents the context that the PAM module keeps between calls */ struct pld_ctx { char *user; char *dn; char *tmpluser; char *authzmsg; char *oldpassword; int authok; int authz; int sessid; char buf[1024]; }; /* clear the context to all empty values */ static void ctx_clear(struct pld_ctx *ctx) { if (ctx->user) { free(ctx->user); ctx->user=NULL; } if (ctx->oldpassword) { memset(ctx->oldpassword,0,strlen(ctx->oldpassword)); free(ctx->oldpassword); ctx->oldpassword=NULL; } ctx->dn=NULL; ctx->tmpluser=NULL; ctx->authzmsg=NULL; ctx->authok=0; ctx->authz=0; } /* free the context (this is installed as handler into PAM) */ static void ctx_free(pam_handle_t UNUSED(*pamh),void *data,int UNUSED(err)) { struct pld_ctx *ctx=data; ctx_clear(ctx); free(ctx); } /* try to get the module's context, returns a PAM status code */ static int ctx_get(pam_handle_t *pamh,const char *username,struct pld_ctx **pctx) { struct pld_ctx *ctx=NULL; int rc; /* try to get the context from PAM */ rc=pam_get_data(pamh,PLD_CTX,(const void **)&ctx); if ((rc==PAM_SUCCESS)&&(ctx!=NULL)) { /* if the user is different clear the context */ if ((ctx->user!=NULL)&&(strcmp(ctx->user,username)!=0)) ctx_clear(ctx); } else { /* allocate a new context */ ctx=calloc(1,sizeof(struct pld_ctx)); if (ctx==NULL) { pam_syslog(pamh,LOG_CRIT,"calloc(): failed to allocate memory: %s",strerror(errno)); return PAM_BUF_ERR; } ctx_clear(ctx); /* store the new context with the handler to free it */ rc=pam_set_data(pamh,PLD_CTX,ctx,ctx_free); if (rc!=PAM_SUCCESS) { ctx_free(pamh,ctx,0); pam_syslog(pamh,LOG_ERR,"failed to store context: %s",pam_strerror(pamh,rc)); return rc; } } /* return the context */ *pctx=ctx; return PAM_SUCCESS; } /* our PAM module configuration */ struct pld_cfg { int nullok; int no_warn; int ignore_unknown_user; int ignore_authinfo_unavail; int debug; uid_t minimum_uid; }; static void cfg_init(pam_handle_t *pamh,int flags,int argc,const char **argv, struct pld_cfg *cfg) { int i; /* initialise config with defaults */ cfg->nullok=0; cfg->no_warn=0; cfg->ignore_unknown_user=0; cfg->ignore_authinfo_unavail=0; cfg->debug=0; cfg->minimum_uid=0; /* go over arguments */ for (i=0;inullok=1; else if (strcmp(argv[i],"use_authtok")==0) /* ignore, this option is used by pam_get_authtok() internally */; else if (strcmp(argv[i],"no_warn")==0) cfg->no_warn=1; else if (strcmp(argv[i],"ignore_unknown_user")==0) cfg->ignore_unknown_user=1; else if (strcmp(argv[i],"ignore_authinfo_unavail")==0) cfg->ignore_authinfo_unavail=1; else if (strcmp(argv[i],"debug")==0) cfg->debug=1; else if (strncmp(argv[i],"minimum_uid=",12) == 0) cfg->minimum_uid=(uid_t)atoi(argv[i]+12); else pam_syslog(pamh,LOG_ERR,"unknown option: %s",argv[i]); } /* check flags */ if (flags&PAM_SILENT) cfg->no_warn=1; } static int init(pam_handle_t *pamh,struct pld_cfg *cfg,struct pld_ctx **ctx, const char **username,const char **service) { int rc; struct passwd *pwent; /* get user name */ rc=pam_get_user(pamh,username,NULL); if (rc!=PAM_SUCCESS) { pam_syslog(pamh,LOG_ERR,"failed to get user name: %s",pam_strerror(pamh,rc)); return rc; } if ((*username==NULL)||((*username)[0]=='\0')) { pam_syslog(pamh,LOG_ERR,"got empty user name"); return PAM_USER_UNKNOWN; } /* check uid */ if (cfg->minimum_uid>0) { pwent=pam_modutil_getpwnam(args->pamh,*username); if ((pwent!=NULL)&&(pwent->pw_uidminimum_uid)) { if (cfg->debug) pam_syslog(pamh,LOG_DEBUG,"uid below minimum_uid; user=%s uid=%ld",*username,(long)pwent->pw_uid); return cfg->ignore_unknown_user?PAM_IGNORE:PAM_USER_UNKNOWN; } } /* get our context */ rc=ctx_get(pamh,*username,ctx); if (rc!=PAM_SUCCESS) return rc; /* get service name */ rc=pam_get_item(pamh,PAM_SERVICE,(const void **)service); if (rc!=PAM_SUCCESS) { pam_syslog(pamh,LOG_ERR,"failed to get service name: %s",pam_strerror(pamh,rc)); return rc; } return PAM_SUCCESS; } /* map a NSLCD PAM status code to a PAM status code */ static int nslcd2pam_rc(pam_handle_t *pamh,int rc) { #define map(i) case NSLCD_##i: return i; switch(rc) { map(PAM_SUCCESS); map(PAM_PERM_DENIED); map(PAM_AUTH_ERR); map(PAM_CRED_INSUFFICIENT); map(PAM_AUTHINFO_UNAVAIL); map(PAM_USER_UNKNOWN); map(PAM_MAXTRIES); map(PAM_NEW_AUTHTOK_REQD); map(PAM_ACCT_EXPIRED); map(PAM_SESSION_ERR); map(PAM_AUTHTOK_ERR); map(PAM_AUTHTOK_DISABLE_AGING); map(PAM_IGNORE); map(PAM_ABORT); map(PAM_AUTHTOK_EXPIRED); default: pam_syslog(pamh,LOG_ERR,"unknown NSLCD_PAM_* code returned: %d",rc); return PAM_ABORT; } } /* check whether the specified user is handled by nslcd */ static int nslcd_request_exists(pam_handle_t *pamh,struct pld_ctx *ctx,struct pld_cfg *cfg, const char *username) { uid_t dummy_uid; gid_t dummy_gid; PAM_REQUEST(NSLCD_ACTION_PASSWD_BYNAME, /* log debug message */ pam_syslog(pamh,LOG_DEBUG,"nslcd account check; user=%s",username), /* write the request parameters */ WRITE_STRING(fp,username), /* read the result entry */ SKIP_STRING(fp); /* user name */ SKIP_STRING(fp); /* passwd entry */ READ_TYPE(fp,dummy_uid,uid_t); READ_TYPE(fp,dummy_gid,gid_t); SKIP_STRING(fp); /* gecos */ SKIP_STRING(fp); /* home dir */ SKIP_STRING(fp); /* shell */ ) } /* perform an authentication call over nslcd */ static int nslcd_request_authc(pam_handle_t *pamh,struct pld_ctx *ctx,struct pld_cfg *cfg, const char *username,const char *service, const char *passwd) { PAM_REQUEST(NSLCD_ACTION_PAM_AUTHC, /* log debug message */ pam_syslog(pamh,LOG_DEBUG,"nslcd authentication; user=%s",username), /* write the request parameters */ WRITE_STRING(fp,username); WRITE_STRING(fp,ctx->dn); WRITE_STRING(fp,service); WRITE_STRING(fp,passwd), /* read the result entry */ READ_BUF_STRING(fp,ctx->tmpluser); READ_BUF_STRING(fp,ctx->dn); READ_PAM_CODE(fp,ctx->authok) READ_PAM_CODE(fp,ctx->authz) READ_BUF_STRING(fp,ctx->authzmsg);) } /* perform an authorisation call over nslcd */ static int nslcd_request_authz(pam_handle_t *pamh,struct pld_ctx *ctx,struct pld_cfg *cfg, const char *username,const char *service, const char *ruser,const char *rhost, const char *tty) { PAM_REQUEST(NSLCD_ACTION_PAM_AUTHZ, /* log debug message */ pam_syslog(pamh,LOG_DEBUG,"nslcd authorisation; user=%s",username), /* write the request parameters */ WRITE_STRING(fp,username); WRITE_STRING(fp,ctx->dn); WRITE_STRING(fp,service); WRITE_STRING(fp,ruser); WRITE_STRING(fp,rhost); WRITE_STRING(fp,tty), /* read the result entry */ READ_BUF_STRING(fp,ctx->tmpluser); READ_BUF_STRING(fp,ctx->dn); READ_PAM_CODE(fp,ctx->authz); READ_BUF_STRING(fp,ctx->authzmsg);) } /* do a session nslcd request (open or close) */ static int nslcd_request_sess(pam_handle_t *pamh,struct pld_ctx *ctx,struct pld_cfg *cfg,int action, const char *username,const char *service, const char *tty,const char *rhost, const char *ruser) { PAM_REQUEST(action, /* log debug message */ pam_syslog(pamh,LOG_DEBUG,"nslcd session %s; user=%s", (action==NSLCD_ACTION_PAM_SESS_O)?"open":"close",username), /* write the request parameters */ WRITE_STRING(fp,username); WRITE_STRING(fp,ctx->dn); WRITE_STRING(fp,service); WRITE_STRING(fp,tty); WRITE_STRING(fp,rhost); WRITE_STRING(fp,ruser); WRITE_INT32(fp,ctx->sessid), /* read the result entry */ READ_INT32(fp,ctx->sessid)) } /* do a password modification nslcd call */ static int nslcd_request_pwmod(pam_handle_t *pamh,struct pld_ctx *ctx,struct pld_cfg *cfg, const char *username,const char *service, const char *oldpasswd,const char *newpasswd) { PAM_REQUEST(NSLCD_ACTION_PAM_PWMOD, /* log debug message */ pam_syslog(pamh,LOG_DEBUG,"nslcd password modify; user=%s",username), /* write the request parameters */ WRITE_STRING(fp,username); WRITE_STRING(fp,ctx->dn); WRITE_STRING(fp,service); WRITE_STRING(fp,oldpasswd); WRITE_STRING(fp,newpasswd), /* read the result entry */ READ_BUF_STRING(fp,ctx->tmpluser); READ_BUF_STRING(fp,ctx->dn); READ_PAM_CODE(fp,ctx->authz); READ_BUF_STRING(fp,ctx->authzmsg);) } static int nslcd_request_config_get(pam_handle_t *pamh,struct pld_ctx *ctx,struct pld_cfg *cfg, int cfgopt,char **value) { PAM_REQUEST(NSLCD_ACTION_CONFIG_GET, /* log debug message */ pam_syslog(pamh,LOG_DEBUG,"nslcd request config (%d)",cfgopt), /* write the request parameter */ WRITE_INT32(fp,cfgopt), /* read the result entry */ READ_BUF_STRING(fp,*value);) } /* remap the return code based on the configuration */ static int remap_pam_rc(int rc,struct pld_cfg *cfg) { if ((rc==PAM_AUTHINFO_UNAVAIL)&&cfg->ignore_authinfo_unavail) return PAM_IGNORE; if ((rc==PAM_USER_UNKNOWN)&&cfg->ignore_unknown_user) return PAM_IGNORE; return rc; } /* PAM authentication check */ int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc,const char **argv) { int rc; struct pld_cfg cfg; struct pld_ctx *ctx; const char *username,*service; char *prohibit_message; char *passwd=NULL; /* set up configuration */ cfg_init(pamh,flags,argc,argv,&cfg); rc=init(pamh,&cfg,&ctx,&username,&service); if (rc!=PAM_SUCCESS) return remap_pam_rc(rc,&cfg); /* if service is "passwd" and pwdmod is not allowed alert user */ if (!strcmp(service,"passwd")) { rc=nslcd_request_config_get(pamh,ctx,&cfg,NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE,&prohibit_message); if ((rc==PAM_SUCCESS)&&(prohibit_message!=NULL)&&(prohibit_message[0]!='\0')) { /* we silently ignore errors to get the configuration option */ pam_syslog(pamh,LOG_NOTICE,"password change prohibited: %s; user=%s",prohibit_message,username); if (!cfg.no_warn) pam_error(pamh,"%s",prohibit_message); return remap_pam_rc(PAM_PERM_DENIED,&cfg); } } /* get the password */ rc=pam_get_authtok(pamh,PAM_AUTHTOK,(const char **)&passwd,NULL); if (rc!=PAM_SUCCESS) { pam_syslog(pamh,LOG_ERR,"failed to get password: %s",pam_strerror(pamh,rc)); return rc; } /* check password */ if (!cfg.nullok&&((passwd==NULL)||(passwd[0]=='\0'))) { if (cfg.debug) pam_syslog(pamh,LOG_DEBUG,"user has empty password, access denied"); return PAM_AUTH_ERR; } /* do the nslcd request */ rc=nslcd_request_authc(pamh,ctx,&cfg,username,service,passwd); if (rc!=PAM_SUCCESS) return remap_pam_rc(rc,&cfg); /* check the authentication result */ rc=ctx->authok; if (rc!=PAM_SUCCESS) { pam_syslog(pamh,LOG_NOTICE,"%s; user=%s",pam_strerror(pamh,rc),username); return remap_pam_rc(rc,&cfg); } /* debug log */ if (cfg.debug) pam_syslog(pamh,LOG_DEBUG,"authentication succeeded"); /* save username */ ctx->user=strdup(username); /* if password change is required, save old password in context */ if (ctx->authz==PAM_NEW_AUTHTOK_REQD) ctx->oldpassword=strdup(passwd); /* update caller's idea of the user name */ if ( ctx->tmpluser && ctx->tmpluser[0] && (strcmp(ctx->tmpluser,username)!=0) ) { pam_syslog(pamh,LOG_INFO,"username changed from %s to %s",username, ctx->tmpluser); rc=pam_set_item(pamh,PAM_USER,ctx->tmpluser); } return rc; } /* called to update the authentication credentials */ int pam_sm_setcred(pam_handle_t UNUSED(*pamh),int UNUSED(flags), int UNUSED(argc),const char UNUSED(**argv)) { /* we don't need to do anything here */ return PAM_SUCCESS; } /* PAM authorisation check */ int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc,const char **argv) { int rc; struct pld_cfg cfg; struct pld_ctx *ctx=NULL,ctx2; const char *username,*service; const char *ruser=NULL,*rhost=NULL,*tty=NULL; /* set up configuration */ cfg_init(pamh,flags,argc,argv,&cfg); rc=init(pamh,&cfg,&ctx,&username,&service); if (rc!=PAM_SUCCESS) return remap_pam_rc(rc,&cfg); /* get more PAM information */ pam_get_item(pamh,PAM_RUSER,(const void **)&ruser); pam_get_item(pamh,PAM_RHOST,(const void **)&rhost); pam_get_item(pamh,PAM_TTY,(const void **)&tty); /* call the function with a copy of the context to be able to keep the original context */ ctx2.dn=ctx->dn; ctx2.user=ctx->user; /* do the nslcd request */ rc=nslcd_request_authz(pamh,&ctx2,&cfg,username,service,ruser,rhost,tty); if (rc!=PAM_SUCCESS) return remap_pam_rc(rc,&cfg); /* check the returned authorisation value */ if (ctx2.authz!=PAM_SUCCESS) { /* turn in to generic PAM error message if message is empty */ if ((ctx2.authzmsg==NULL)||(ctx2.authzmsg[0]=='\0')) { ctx2.authzmsg=(char *)pam_strerror(pamh,ctx2.authz); pam_syslog(pamh,LOG_NOTICE,"%s; user=%s",ctx2.authzmsg,username); } else pam_syslog(pamh,LOG_NOTICE,"%s; user=%s; err=%s",ctx2.authzmsg,username,pam_strerror(pamh,rc)); rc=remap_pam_rc(ctx2.authz,&cfg); if ((rc!=PAM_IGNORE)&&(!cfg.no_warn)) pam_error(pamh,"%s",ctx2.authzmsg); return rc; } /* check the original authorisation check from authentication */ if (ctx->authz!=PAM_SUCCESS) { if ((ctx->authzmsg==NULL)||(ctx->authzmsg[0]=='\0')) ctx->authzmsg=(char *)pam_strerror(pamh,ctx->authz); pam_syslog(pamh,LOG_NOTICE,"%s; user=%s",ctx->authzmsg,username); rc=remap_pam_rc(ctx->authz,&cfg); if ((rc!=PAM_IGNORE)&&(!cfg.no_warn)) pam_error(pamh,"%s",ctx->authzmsg); return rc; } if (cfg.debug) pam_syslog(pamh,LOG_DEBUG,"authorization succeeded"); /* present any informational messages to the user */ if ((ctx2.authzmsg!=NULL)&&(ctx2.authzmsg[0]!='\0')&&(!cfg.no_warn)) pam_info(pamh,"%s",ctx2.authzmsg); if ((ctx->authzmsg!=NULL)&&(ctx->authzmsg[0]!='\0')&&(!cfg.no_warn)) pam_info(pamh,"%s",ctx->authzmsg); return PAM_SUCCESS; } /* PAM session open/close calls */ static int pam_sm_session(pam_handle_t *pamh,int flags,int argc, const char **argv,int action) { int rc; struct pld_cfg cfg; struct pld_ctx *ctx; const char *username,*service; const char *tty=NULL,*rhost=NULL,*ruser=NULL; /* set up configuration */ cfg_init(pamh,flags,argc,argv,&cfg); rc=init(pamh,&cfg,&ctx,&username,&service); if (rc!=PAM_SUCCESS) return remap_pam_rc(rc,&cfg); /* get more PAM information */ pam_get_item(pamh,PAM_TTY,(const void **)&tty); pam_get_item(pamh,PAM_RHOST,(const void **)&rhost); pam_get_item(pamh,PAM_RUSER,(const void **)&ruser); /* do the nslcd request */ rc=nslcd_request_sess(pamh,ctx,&cfg,action,username,service,tty,rhost,ruser); if (rc!=PAM_SUCCESS) return remap_pam_rc(rc,&cfg); /* debug log */ if (cfg.debug) pam_syslog(pamh,LOG_DEBUG,"session %s succeeded; session_id=%d", (action==NSLCD_ACTION_PAM_SESS_O)?"open":"close",ctx->sessid); return PAM_SUCCESS; } /* PAM session open call */ int pam_sm_open_session( pam_handle_t *pamh,int flags,int argc,const char **argv) { return pam_sm_session(pamh,flags,argc,argv,NSLCD_ACTION_PAM_SESS_O); } /* PAM session close call */ int pam_sm_close_session( pam_handle_t *pamh,int flags,int argc,const char **argv) { return pam_sm_session(pamh,flags,argc,argv,NSLCD_ACTION_PAM_SESS_C); } /* Change the password of the user. This function is first called with PAM_PRELIM_CHECK set in the flags and then without the flag. In the first pass it is determined whether we can contact the LDAP server and the provided old password is valid. In the second pass we get the new password and actually modify the password. */ int pam_sm_chauthtok(pam_handle_t *pamh,int flags,int argc,const char **argv) { int rc; struct pld_cfg cfg; struct pld_ctx *ctx; const char *username,*service; const char *oldpassword=NULL,*newpassword=NULL; char *prohibit_message; struct passwd *pwent; uid_t myuid; /* set up configuration */ cfg_init(pamh,flags,argc,argv,&cfg); rc=init(pamh,&cfg,&ctx,&username,&service); if (rc!=PAM_SUCCESS) return remap_pam_rc(rc,&cfg); /* check if password modification is allowed */ rc=nslcd_request_config_get(pamh,ctx,&cfg,NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE,&prohibit_message); if ((rc==PAM_SUCCESS)&&(prohibit_message!=NULL)&&(prohibit_message[0]!='\0')) { /* we silently ignore errors to get the configuration option */ pam_syslog(pamh,LOG_NOTICE,"password change prohibited: %s; user=%s",prohibit_message,username); if (!cfg.no_warn) pam_error(pamh,"%s",prohibit_message); return remap_pam_rc(PAM_PERM_DENIED,&cfg); } /* see if we are dealing with an LDAP user first */ if (ctx->dn==NULL) { rc=nslcd_request_exists(pamh,ctx,&cfg,username); if (rc!=PAM_SUCCESS) return remap_pam_rc(rc,&cfg); } /* prelimenary check, just see if we can connect to the LDAP server and authenticate with the current password */ if (flags&PAM_PRELIM_CHECK) { /* see if the user is trying to modify another user's password */ pwent=pam_modutil_getpwnam(args->pamh,username); myuid=getuid(); if ((pwent!=NULL)&&(pwent->pw_uid!=myuid)&&(!(flags&PAM_CHANGE_EXPIRED_AUTHTOK))) { /* we are root so we can test if nslcd will allow us to change the user's password without the admin password */ if (myuid==0) { rc=nslcd_request_authc(pamh,ctx,&cfg,"",service,""); if ((rc==PAM_SUCCESS)&&(ctx->authok==PAM_SUCCESS)) return pam_set_item(pamh,PAM_OLDAUTHTOK,""); } /* try to authenticate with the LDAP administrator password by passing an empty username to the authc request */ rc=pam_get_authtok(pamh,PAM_OLDAUTHTOK,&oldpassword,"LDAP administrator password: "); if (rc!=PAM_SUCCESS) return rc; username=""; } else if ((ctx->oldpassword!=NULL)&&(*ctx->oldpassword!='\0')) /* we already have an old password stored (from a previous authentication phase) so we'll use that */ oldpassword=ctx->oldpassword; else { rc=pam_get_authtok(pamh,PAM_OLDAUTHTOK,(const char **)&oldpassword,"(current) LDAP Password: "); if (rc!=PAM_SUCCESS) return rc; } /* check for empty password */ if (!cfg.nullok&&((oldpassword==NULL)||(oldpassword[0]=='\0'))) { if (cfg.debug) pam_syslog(pamh,LOG_DEBUG,"user has empty password, access denied"); return PAM_AUTH_ERR; } /* try authenticating */ rc=nslcd_request_authc(pamh,ctx,&cfg,username,service,oldpassword); if (rc!=PAM_SUCCESS) return remap_pam_rc(rc,&cfg); /* handle authentication result */ if (ctx->authok!=PAM_SUCCESS) pam_syslog(pamh,LOG_NOTICE,"%s; user=%s",pam_strerror(pamh,ctx->authok),username); else if (cfg.debug) pam_syslog(pamh,LOG_DEBUG,"authentication succeeded"); /* store password (needed if oldpassword was retrieved from context) */ if (ctx->authok==PAM_SUCCESS) { rc=pam_set_item(pamh,PAM_OLDAUTHTOK,oldpassword); if (rc!=PAM_SUCCESS) return remap_pam_rc(rc,&cfg); } /* remap error code */ return remap_pam_rc(ctx->authok,&cfg); } /* get the old password (from the previous call) */ rc=pam_get_item(pamh,PAM_OLDAUTHTOK,(const void **)&oldpassword); if (rc!=PAM_SUCCESS) return rc; /* get the new password */ rc=pam_get_authtok(pamh,PAM_AUTHTOK,&newpassword,NULL); if (rc!=PAM_SUCCESS) return rc; /* perform the password modification */ rc=nslcd_request_pwmod(pamh,ctx,&cfg,username,service,oldpassword,newpassword); if (rc==PAM_SUCCESS) rc=ctx->authz; else ctx->authzmsg=(char *)pam_strerror(pamh,rc); /* remap error code */ rc=remap_pam_rc(rc,&cfg); /* check the returned value */ if (rc!=PAM_SUCCESS) { pam_syslog(pamh,LOG_NOTICE,"password change failed: %s; user=%s",ctx->authzmsg,username); if ((rc!=PAM_IGNORE)&&(!cfg.no_warn)) pam_error(pamh,"%s",ctx->authzmsg); return rc; } pam_syslog(pamh,LOG_NOTICE,"password changed for %s",username); return PAM_SUCCESS; } #ifdef PAM_STATIC struct pam_module _pam_ldap_modstruct={ "pam_ldap", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok }; #endif /* PAM_STATIC */ nss-pam-ldapd-0.8.13/pam/common.h0000644000175000001440000000673111557077350013417 00000000000000/* common.h - common functions for PAM lookups Copyright (C) 2009, 2010, 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef PAM__COMMON_H #define PAM__COMMON_H 1 #include #include "nslcd.h" #include "common/nslcd-prot.h" #include "compat/attrs.h" /* These are macros for handling read and write problems, they are PAM specific due to the return code so are defined here. They genrally close the open file, set an error code and return with an error status. */ /* Macro is called to handle errors in opening a client connection. */ #define ERROR_OUT_OPENERROR \ pam_syslog(pamh,LOG_ERR,"error opening connection to nslcd: %s",strerror(errno)); \ return PAM_AUTHINFO_UNAVAIL; /* Macro is called to handle errors on read operations. */ #define ERROR_OUT_READERROR(fp) \ pam_syslog(pamh,LOG_ERR,"error reading from nslcd: %s",strerror(errno)); \ (void)tio_close(fp); \ return PAM_AUTHINFO_UNAVAIL; /* Macro is called to handle problems with too small a buffer. */ #define ERROR_OUT_BUFERROR(fp) \ pam_syslog(pamh,LOG_CRIT,"buffer %d bytes too small",tmpint32); \ (void)tio_close(fp); \ return PAM_SYSTEM_ERR; /* This macro is called if there was a problem with a write operation. */ #define ERROR_OUT_WRITEERROR(fp) \ pam_syslog(pamh,LOG_ERR,"error writing to nslcd: %s",strerror(errno)); \ (void)tio_close(fp); \ return PAM_AUTHINFO_UNAVAIL; /* This macro is called if the read status code is not NSLCD_RESULT_BEGIN. */ #define ERROR_OUT_NOSUCCESS(fp) \ (void)tio_close(fp); \ if (cfg->debug) \ pam_syslog(pamh,LOG_DEBUG,"user not handled by nslcd"); \ return PAM_USER_UNKNOWN; /* This is a generic PAM request generation macro. The action parameter is the NSLCD_ACTION_.. action, the writefn is the operation for writing the parameter and readfn is the function name for reading a single result entry. The function is assumed to have result, buffer, buflen and errnop parameters that define the result structure, the user buffer with length and the errno to return. This macro should be called through some of the customized ones below. */ #define PAM_REQUEST(action,debuglog,writefn,readfn) \ TFILE *fp; \ int32_t tmpint32; \ char *buffer=ctx->buf; \ size_t buflen=sizeof(ctx->buf); \ size_t bufptr=0; \ if (cfg->debug) \ debuglog; \ /* open socket and write request */ \ NSLCD_REQUEST(fp,action,writefn); \ /* read response code */ \ READ_RESPONSE_CODE(fp); \ /* read the response */ \ readfn; \ /* close socket and we're done */ \ (void)tio_close(fp); \ return PAM_SUCCESS; /* helper macro to read PAM status code (auto-translated from NSLCD PAM status code */ #define READ_PAM_CODE(fp,i) \ READ_TYPE(fp,tmpint32,int32_t); \ i=nslcd2pam_rc(pamh,tmpint32); #endif /* not PAM__COMMON_H */ nss-pam-ldapd-0.8.13/pam/Makefile.in0000644000175000001440000003761012141445266014016 00000000000000# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am - use automake to generate Makefile.in # # Copyright (C) 2009, 2010, 2011 Arthur de Jong # Copyright (C) 2010 Symas Corporation # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA VPATH = @srcdir@ am__make_dryrun = \ { \ am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ *) \ for am__flg in $$MAKEFLAGS; do \ case $$am__flg in \ *=*|--*) ;; \ *n*) am__dry=yes; break;; \ esac; \ done;; \ esac; \ test $$am__dry = yes; \ } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ noinst_PROGRAMS = pam_ldap.so$(EXEEXT) subdir = pam DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_pthread.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = PROGRAMS = $(noinst_PROGRAMS) am_pam_ldap_so_OBJECTS = pam.$(OBJEXT) pam_ldap_so_OBJECTS = $(am_pam_ldap_so_OBJECTS) pam_ldap_so_DEPENDENCIES = ../common/libtio.a ../common/libprot.a \ ../compat/libcompat.a DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ SOURCES = $(pam_ldap_so_SOURCES) DIST_SOURCES = $(pam_ldap_so_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2X_MAN = @DOCBOOK2X_MAN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NSLCD_BINDPW_PATH = @NSLCD_BINDPW_PATH@ NSLCD_CONF_PATH = @NSLCD_CONF_PATH@ NSLCD_PIDFILE = @NSLCD_PIDFILE@ NSLCD_SOCKET = @NSLCD_SOCKET@ NSS_LDAP_SONAME = @NSS_LDAP_SONAME@ NSS_MODULE_OBJS = @NSS_MODULE_OBJS@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PAM_LDAP_SONAME = @PAM_LDAP_SONAME@ PAM_SECLIB_DIR = @PAM_SECLIB_DIR@ PATH_SEPARATOR = @PATH_SEPARATOR@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RELEASE_MONTH = @RELEASE_MONTH@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ nslcd_LIBS = @nslcd_LIBS@ nss_ldap_so_LDFLAGS = @nss_ldap_so_LDFLAGS@ nss_ldap_so_LINK = @nss_ldap_so_LINK@ oldincludedir = @oldincludedir@ pam_ldap_so_LDFLAGS = @pam_ldap_so_LDFLAGS@ pam_ldap_so_LINK = @pam_ldap_so_LINK@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AM_CPPFLAGS = -I$(top_srcdir) AM_CFLAGS = -fPIC pam_ldap_so_SOURCES = ../nslcd.h ../common/nslcd-prot.h \ ../compat/attrs.h pam.c common.h pam_ldap_so_LDADD = ../common/libtio.a ../common/libprot.a \ ../compat/libcompat.a \ -lpam EXTRA_DIST = pam_ldap.map all: all-am .SUFFIXES: .SUFFIXES: .c .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu pam/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu pam/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-noinstPROGRAMS: -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS) pam_ldap.so$(EXEEXT): $(pam_ldap_so_OBJECTS) $(pam_ldap_so_DEPENDENCIES) $(EXTRA_pam_ldap_so_DEPENDENCIES) @rm -f pam_ldap.so$(EXEEXT) $(pam_ldap_so_LINK) $(pam_ldap_so_OBJECTS) $(pam_ldap_so_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(PROGRAMS) installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-noinstPROGRAMS mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-exec-local install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-local .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-noinstPROGRAMS ctags distclean distclean-compile \ distclean-generic distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-exec-local install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-local install-exec-local: install-pam_ldap_so uninstall-local: uninstall-pam_ldap_so install-pam_ldap_so: pam_ldap.so -rm -f $(DESTDIR)$(PAM_SECLIB_DIR)/$(PAM_LDAP_SONAME) $(mkinstalldirs) $(DESTDIR)$(PAM_SECLIB_DIR) $(INSTALL_PROGRAM) pam_ldap.so $(DESTDIR)$(PAM_SECLIB_DIR)/$(PAM_LDAP_SONAME) uninstall-pam_ldap_so: -rm -f $(DESTDIR)$(PAM_SECLIB_DIR)/$(PAM_LDAP_SONAME) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nss-pam-ldapd-0.8.13/pam/Makefile.am0000644000175000001440000000307311621753400013773 00000000000000# Makefile.am - use automake to generate Makefile.in # # Copyright (C) 2009, 2010, 2011 Arthur de Jong # Copyright (C) 2010 Symas Corporation # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA noinst_PROGRAMS = pam_ldap.so AM_CPPFLAGS=-I$(top_srcdir) AM_CFLAGS = -fPIC pam_ldap_so_SOURCES = ../nslcd.h ../common/nslcd-prot.h \ ../compat/attrs.h pam.c common.h pam_ldap_so_LDADD = ../common/libtio.a ../common/libprot.a \ ../compat/libcompat.a \ -lpam EXTRA_DIST = pam_ldap.map install-exec-local: install-pam_ldap_so uninstall-local: uninstall-pam_ldap_so install-pam_ldap_so: pam_ldap.so -rm -f $(DESTDIR)$(PAM_SECLIB_DIR)/$(PAM_LDAP_SONAME) $(mkinstalldirs) $(DESTDIR)$(PAM_SECLIB_DIR) $(INSTALL_PROGRAM) pam_ldap.so $(DESTDIR)$(PAM_SECLIB_DIR)/$(PAM_LDAP_SONAME) uninstall-pam_ldap_so: -rm -f $(DESTDIR)$(PAM_SECLIB_DIR)/$(PAM_LDAP_SONAME) nss-pam-ldapd-0.8.13/config.sub0000755000175000001440000010532712141433521013147 00000000000000#! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, # 2011, 2012 Free Software Foundation, Inc. timestamp='2012-04-18' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software # can handle that machine. It does not imply ALL GNU software can. # # This file is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Please send patches to . Submit a context # diff and a properly formatted GNU ChangeLog entry. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. # Each package is responsible for reporting which valid configurations # it does not support. The user should be able to distinguish # a failure to support a valid configuration from a meaningless # configuration. # The goal of this file is to map all the various variations of a given # machine specification into a single specification in the form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM # or in some cases, the newer four-part form: # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] CPU-MFR-OPSYS $0 [OPTION] ALIAS Canonicalize a configuration name. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.sub ($timestamp) Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" exit 1 ;; *local*) # First pass through any local machine types. echo $1 exit ;; * ) break ;; esac done case $# in 0) echo "$me: missing argument$help" >&2 exit 1;; 1) ;; *) echo "$me: too many arguments$help" >&2 exit 1;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ knetbsd*-gnu* | netbsd*-gnu* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; android-linux) os=-linux-android basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] then os=`echo $1 | sed 's/.*-/-/'` else os=; fi ;; esac ### Let's recognize common machines as not being operating systems so ### that things like config.sub decstation-3100 work. We also ### recognize some manufacturers as not being operating systems, so we ### can provide default operating systems below. case $os in -sun*os*) # Prevent following clause from handling this invalid input. ;; -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -apple | -axis | -knuth | -cray | -microblaze) os= basic_machine=$1 ;; -bluegene*) os=-cnk ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 ;; -scout) ;; -wrs) os=-vxworks basic_machine=$1 ;; -chorusos*) os=-chorusos basic_machine=$1 ;; -chorusrdb) os=-chorusrdb basic_machine=$1 ;; -hiux*) os=-hiuxwe2 ;; -sco6) os=-sco5v6 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5) os=-sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5v6*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -udk*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -lynx*178) os=-lynxos178 ;; -lynx*5) os=-lynxos5 ;; -lynx*) os=-lynxos ;; -ptx*) basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` ;; -windowsnt*) os=`echo $os | sed -e 's/windowsnt/winnt/'` ;; -psos*) os=-psos ;; -mint | -mint[0-9]*) basic_machine=m68k-atari os=-mint ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. 1750a | 580 \ | a29k \ | aarch64 | aarch64_be \ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ | be32 | be64 \ | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ | epiphany \ | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ | maxq | mb | microblaze | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ | mips64octeon | mips64octeonel \ | mips64orion | mips64orionel \ | mips64r5900 | mips64r5900el \ | mips64vr | mips64vrel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | moxie \ | mt \ | msp430 \ | nds32 | nds32le | nds32be \ | nios | nios2 \ | ns16k | ns32k \ | open8 \ | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ | rl78 | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu \ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ | we32k \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) basic_machine=$basic_machine-unknown ;; c54x) basic_machine=tic54x-unknown ;; c55x) basic_machine=tic55x-unknown ;; c6x) basic_machine=tic6x-unknown ;; m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) basic_machine=$basic_machine-unknown os=-none ;; m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) ;; ms1) basic_machine=mt-unknown ;; strongarm | thumb | xscale) basic_machine=arm-unknown ;; xgate) basic_machine=$basic_machine-unknown os=-none ;; xscaleeb) basic_machine=armeb-unknown ;; xscaleel) basic_machine=armel-unknown ;; # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. i*86 | x86_64) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. *-*-*) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. 580-* \ | a29k-* \ | aarch64-* | aarch64_be-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ | mips64octeon-* | mips64octeonel-* \ | mips64orion-* | mips64orionel-* \ | mips64r5900-* | mips64r5900el-* \ | mips64vr-* | mips64vrel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ | nds32-* | nds32le-* | nds32be-* \ | nios-* | nios2-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ | pyramid-* \ | rl78-* | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ | tahoe-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tile*-* \ | tron-* \ | ubicom32-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ | ymp-* \ | z8k-* | z80-*) ;; # Recognize the basic CPU types without company name, with glob match. xtensa*) basic_machine=$basic_machine-unknown ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) basic_machine=i386-unknown os=-bsd ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; a29khif) basic_machine=a29k-amd os=-udi ;; abacus) basic_machine=abacus-unknown ;; adobe68k) basic_machine=m68010-adobe os=-scout ;; alliant | fx80) basic_machine=fx80-alliant ;; altos | altos3068) basic_machine=m68k-altos ;; am29k) basic_machine=a29k-none os=-bsd ;; amd64) basic_machine=x86_64-pc ;; amd64-*) basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; amdahl) basic_machine=580-amdahl os=-sysv ;; amiga | amiga-*) basic_machine=m68k-unknown ;; amigaos | amigados) basic_machine=m68k-unknown os=-amigaos ;; amigaunix | amix) basic_machine=m68k-unknown os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; apollo68bsd) basic_machine=m68k-apollo os=-bsd ;; aros) basic_machine=i386-pc os=-aros ;; aux) basic_machine=m68k-apple os=-aux ;; balance) basic_machine=ns32k-sequent os=-dynix ;; blackfin) basic_machine=bfin-unknown os=-linux ;; blackfin-*) basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; bluegene*) basic_machine=powerpc-ibm os=-cnk ;; c54x-*) basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` ;; c55x-*) basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` ;; c6x-*) basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` ;; c90) basic_machine=c90-cray os=-unicos ;; cegcc) basic_machine=arm-unknown os=-cegcc ;; convex-c1) basic_machine=c1-convex os=-bsd ;; convex-c2) basic_machine=c2-convex os=-bsd ;; convex-c32) basic_machine=c32-convex os=-bsd ;; convex-c34) basic_machine=c34-convex os=-bsd ;; convex-c38) basic_machine=c38-convex os=-bsd ;; cray | j90) basic_machine=j90-cray os=-unicos ;; craynv) basic_machine=craynv-cray os=-unicosmp ;; cr16 | cr16-*) basic_machine=cr16-unknown os=-elf ;; crds | unos) basic_machine=m68k-crds ;; crisv32 | crisv32-* | etraxfs*) basic_machine=crisv32-axis ;; cris | cris-* | etrax*) basic_machine=cris-axis ;; crx) basic_machine=crx-unknown os=-elf ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; decsystem10* | dec10*) basic_machine=pdp10-dec os=-tops10 ;; decsystem20* | dec20*) basic_machine=pdp10-dec os=-tops20 ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola ;; delta88) basic_machine=m88k-motorola os=-sysv3 ;; dicos) basic_machine=i686-pc os=-dicos ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx ;; dpx2* | dpx2*-bull) basic_machine=m68k-bull os=-sysv3 ;; ebmon29k) basic_machine=a29k-amd os=-ebmon ;; elxsi) basic_machine=elxsi-elxsi os=-bsd ;; encore | umax | mmax) basic_machine=ns32k-encore ;; es1800 | OSE68k | ose68k | ose | OSE) basic_machine=m68k-ericsson os=-ose ;; fx2800) basic_machine=i860-alliant ;; genix) basic_machine=ns32k-ns ;; gmicro) basic_machine=tron-gmicro os=-sysv ;; go32) basic_machine=i386-pc os=-go32 ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; h8300hms) basic_machine=h8300-hitachi os=-hms ;; h8300xray) basic_machine=h8300-hitachi os=-xray ;; h8500hms) basic_machine=h8500-hitachi os=-hms ;; harris) basic_machine=m88k-harris os=-sysv3 ;; hp300-*) basic_machine=m68k-hp ;; hp300bsd) basic_machine=m68k-hp os=-bsd ;; hp300hpux) basic_machine=m68k-hp os=-hpux ;; hp3k9[0-9][0-9] | hp9[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; hp9k6[0-9][0-9] | hp6[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k7[0-79][0-9] | hp7[0-79][0-9]) basic_machine=hppa1.1-hp ;; hp9k78[0-9] | hp78[0-9]) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[0-9][13679] | hp8[0-9][13679]) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; hppa-next) os=-nextstep3 ;; hppaosf) basic_machine=hppa1.1-hp os=-osf ;; hppro) basic_machine=hppa1.1-hp os=-proelf ;; i370-ibm* | ibm*) basic_machine=i370-ibm ;; i*86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i*86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i*86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; i*86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; i386mach) basic_machine=i386-mach os=-mach ;; i386-vsta | vsta) basic_machine=i386-unknown os=-vsta ;; iris | iris4d) basic_machine=mips-sgi case $os in -irix*) ;; *) os=-irix4 ;; esac ;; isi68 | isi) basic_machine=m68k-isi os=-sysv ;; m68knommu) basic_machine=m68k-unknown os=-linux ;; m68knommu-*) basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; m88k-omron*) basic_machine=m88k-omron ;; magnum | m3230) basic_machine=mips-mips os=-sysv ;; merlin) basic_machine=ns32k-utek os=-sysv ;; microblaze) basic_machine=microblaze-xilinx ;; mingw32) basic_machine=i386-pc os=-mingw32 ;; mingw32ce) basic_machine=arm-unknown os=-mingw32ce ;; miniframe) basic_machine=m68000-convergent ;; *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) basic_machine=m68k-atari os=-mint ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; monitor) basic_machine=m68k-rom68k os=-coff ;; morphos) basic_machine=powerpc-unknown os=-morphos ;; msdos) basic_machine=i386-pc os=-msdos ;; ms1-*) basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; msys) basic_machine=i386-pc os=-msys ;; mvs) basic_machine=i370-ibm os=-mvs ;; nacl) basic_machine=le32-unknown os=-nacl ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; netbsd386) basic_machine=i386-unknown os=-netbsd ;; netwinder) basic_machine=armv4l-rebel os=-linux ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos ;; news1000) basic_machine=m68030-sony os=-newsos ;; news-3600 | risc-news) basic_machine=mips-sony os=-newsos ;; necv70) basic_machine=v70-nec os=-sysv ;; next | m*-next ) basic_machine=m68k-next case $os in -nextstep* ) ;; -ns2*) os=-nextstep2 ;; *) os=-nextstep3 ;; esac ;; nh3000) basic_machine=m68k-harris os=-cxux ;; nh[45]000) basic_machine=m88k-harris os=-cxux ;; nindy960) basic_machine=i960-intel os=-nindy ;; mon960) basic_machine=i960-intel os=-mon960 ;; nonstopux) basic_machine=mips-compaq os=-nonstopux ;; np1) basic_machine=np1-gould ;; neo-tandem) basic_machine=neo-tandem ;; nse-tandem) basic_machine=nse-tandem ;; nsr-tandem) basic_machine=nsr-tandem ;; op50n-* | op60c-*) basic_machine=hppa1.1-oki os=-proelf ;; openrisc | openrisc-*) basic_machine=or32-unknown ;; os400) basic_machine=powerpc-ibm os=-os400 ;; OSE68000 | ose68000) basic_machine=m68000-ericsson os=-ose ;; os68k) basic_machine=m68k-none os=-os68k ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; paragon) basic_machine=i860-intel os=-osf ;; parisc) basic_machine=hppa-unknown os=-linux ;; parisc-*) basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; pbd) basic_machine=sparc-tti ;; pbb) basic_machine=m68k-tti ;; pc532 | pc532-*) basic_machine=ns32k-pc532 ;; pc98) basic_machine=i386-pc ;; pc98-*) basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium | p5 | k5 | k6 | nexgen | viac3) basic_machine=i586-pc ;; pentiumpro | p6 | 6x86 | athlon | athlon_*) basic_machine=i686-pc ;; pentiumii | pentium2 | pentiumiii | pentium3) basic_machine=i686-pc ;; pentium4) basic_machine=i786-pc ;; pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium4-*) basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould ;; power) basic_machine=power-ibm ;; ppc | ppcbe) basic_machine=powerpc-unknown ;; ppc-* | ppcbe-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown ;; ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64le | powerpc64little | ppc64-le | powerpc64-little) basic_machine=powerpc64le-unknown ;; ppc64le-* | powerpc64little-*) basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm ;; pw32) basic_machine=i586-unknown os=-pw32 ;; rdos) basic_machine=i386-pc os=-rdos ;; rom68k) basic_machine=m68k-rom68k os=-coff ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; s390 | s390-*) basic_machine=s390-ibm ;; s390x | s390x-*) basic_machine=s390x-ibm ;; sa29200) basic_machine=a29k-amd os=-udi ;; sb1) basic_machine=mipsisa64sb1-unknown ;; sb1el) basic_machine=mipsisa64sb1el-unknown ;; sde) basic_machine=mipsisa32-sde os=-elf ;; sei) basic_machine=mips-sei os=-seiux ;; sequent) basic_machine=i386-sequent ;; sh) basic_machine=sh-hitachi os=-hms ;; sh5el) basic_machine=sh5le-unknown ;; sh64) basic_machine=sh64-unknown ;; sparclite-wrs | simso-wrs) basic_machine=sparclite-wrs os=-vxworks ;; sps7) basic_machine=m68k-bull os=-sysv2 ;; spur) basic_machine=spur-unknown ;; st2000) basic_machine=m68k-tandem ;; stratus) basic_machine=i860-stratus os=-sysv4 ;; strongarm-* | thumb-*) basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` ;; sun2) basic_machine=m68000-sun ;; sun2os3) basic_machine=m68000-sun os=-sunos3 ;; sun2os4) basic_machine=m68000-sun os=-sunos4 ;; sun3os3) basic_machine=m68k-sun os=-sunos3 ;; sun3os4) basic_machine=m68k-sun os=-sunos4 ;; sun4os3) basic_machine=sparc-sun os=-sunos3 ;; sun4os4) basic_machine=sparc-sun os=-sunos4 ;; sun4sol2) basic_machine=sparc-sun os=-solaris2 ;; sun3 | sun3-*) basic_machine=m68k-sun ;; sun4) basic_machine=sparc-sun ;; sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; sv1) basic_machine=sv1-cray os=-unicos ;; symmetry) basic_machine=i386-sequent os=-dynix ;; t3e) basic_machine=alphaev5-cray os=-unicos ;; t90) basic_machine=t90-cray os=-unicos ;; tile*) basic_machine=$basic_machine-unknown os=-linux-gnu ;; tx39) basic_machine=mipstx39-unknown ;; tx39el) basic_machine=mipstx39el-unknown ;; toad1) basic_machine=pdp10-xkl os=-tops20 ;; tower | tower-32) basic_machine=m68k-ncr ;; tpf) basic_machine=s390x-ibm os=-tpf ;; udi29k) basic_machine=a29k-amd os=-udi ;; ultra3) basic_machine=a29k-nyu os=-sym1 ;; v810 | necv810) basic_machine=v810-nec os=-none ;; vaxv) basic_machine=vax-dec os=-sysv ;; vms) basic_machine=vax-dec os=-vms ;; vpp*|vx|vx-*) basic_machine=f301-fujitsu ;; vxworks960) basic_machine=i960-wrs os=-vxworks ;; vxworks68) basic_machine=m68k-wrs os=-vxworks ;; vxworks29k) basic_machine=a29k-wrs os=-vxworks ;; w65*) basic_machine=w65-wdc os=-none ;; w89k-*) basic_machine=hppa1.1-winbond os=-proelf ;; xbox) basic_machine=i686-pc os=-mingw32 ;; xps | xps100) basic_machine=xps100-honeywell ;; xscale-* | xscalee[bl]-*) basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` ;; ymp) basic_machine=ymp-cray os=-unicos ;; z8k-*-coff) basic_machine=z8k-unknown os=-sim ;; z80-*-coff) basic_machine=z80-unknown os=-sim ;; none) basic_machine=none-none os=-none ;; # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. w89k) basic_machine=hppa1.1-winbond ;; op50n) basic_machine=hppa1.1-oki ;; op60c) basic_machine=hppa1.1-oki ;; romp) basic_machine=romp-ibm ;; mmix) basic_machine=mmix-knuth ;; rs6000) basic_machine=rs6000-ibm ;; vax) basic_machine=vax-dec ;; pdp10) # there are many clones, so DEC is not a safe bet basic_machine=pdp10-unknown ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) basic_machine=sparc-sun ;; cydra) basic_machine=cydra-cydrome ;; orion) basic_machine=orion-highlevel ;; orion105) basic_machine=clipper-highlevel ;; mac | mpw | mac-mpw) basic_machine=m68k-apple ;; pmac | pmac-mpw) basic_machine=powerpc-apple ;; *-unknown) # Make sure to match an already-canonicalized machine name. ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` ;; *-commodore*) basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` ;; *) ;; esac # Decode manufacturer-specific aliases for certain operating systems. if [ x"$os" != x"" ] then case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. -auroraux) os=-auroraux ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; -solaris) os=-solaris2 ;; -svr4*) os=-sysv4 ;; -unixware*) os=-sysv4.2uw ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; # First accept the basic system types. # The portable systems comes first. # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ | -sym* | -kopensolaris* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ | -openbsd* | -solidbsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) case $basic_machine in x86-* | i*86-*) ;; *) os=-nto$os ;; esac ;; -nto-qnx*) ;; -nto*) os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) os=`echo $os | sed -e 's|mac|macos|'` ;; -linux-dietlibc) os=-linux-dietlibc ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) os=`echo $os | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; -opened*) os=-openedition ;; -os400*) os=-os400 ;; -wince*) os=-wince ;; -osfrose*) os=-osfrose ;; -osf*) os=-osf ;; -utek*) os=-bsd ;; -dynix*) os=-bsd ;; -acis*) os=-aos ;; -atheos*) os=-atheos ;; -syllable*) os=-syllable ;; -386bsd) os=-bsd ;; -ctix* | -uts*) os=-sysv ;; -nova*) os=-rtmk-nova ;; -ns2 ) os=-nextstep2 ;; -nsk*) os=-nsk ;; # Preserve the version number of sinix5. -sinix5.*) os=`echo $os | sed -e 's|sinix|sysv|'` ;; -sinix*) os=-sysv4 ;; -tpf*) os=-tpf ;; -triton*) os=-sysv3 ;; -oss*) os=-sysv3 ;; -svr4) os=-sysv4 ;; -svr3) os=-sysv3 ;; -sysvr4) os=-sysv4 ;; # This must come after -sysvr4. -sysv*) ;; -ose*) os=-ose ;; -es1800*) os=-ose ;; -xenix) os=-xenix ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) os=-mint ;; -aros*) os=-aros ;; -kaos*) os=-kaos ;; -zvmoe) os=-zvmoe ;; -dicos*) os=-dicos ;; -nacl*) ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 exit 1 ;; esac else # Here we handle the default operating systems that come with various machines. # The value should be what the vendor currently ships out the door with their # machine or put another way, the most popular os provided with the machine. # Note that if you're going to try to match "-MANUFACTURER" here (say, # "-sun"), then you have to tell the case statement up towards the top # that MANUFACTURER isn't an operating system. Otherwise, code above # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. case $basic_machine in score-*) os=-elf ;; spu-*) os=-elf ;; *-acorn) os=-riscix1.2 ;; arm*-rebel) os=-linux ;; arm*-semi) os=-aout ;; c4x-* | tic4x-*) os=-coff ;; hexagon-*) os=-elf ;; tic54x-*) os=-coff ;; tic55x-*) os=-coff ;; tic6x-*) os=-coff ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 ;; pdp11-*) os=-none ;; *-dec | vax-*) os=-ultrix4.2 ;; m68*-apollo) os=-domain ;; i386-sun) os=-sunos4.0.2 ;; m68000-sun) os=-sunos3 ;; m68*-cisco) os=-aout ;; mep-*) os=-elf ;; mips*-cisco) os=-elf ;; mips*-*) os=-elf ;; or32-*) os=-coff ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; *-be) os=-beos ;; *-haiku) os=-haiku ;; *-ibm) os=-aix ;; *-knuth) os=-mmixware ;; *-wec) os=-proelf ;; *-winbond) os=-proelf ;; *-oki) os=-proelf ;; *-hp) os=-hpux ;; *-hitachi) os=-hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) os=-sysv ;; *-cbm) os=-amigaos ;; *-dg) os=-dgux ;; *-dolphin) os=-sysv3 ;; m68k-ccur) os=-rtu ;; m88k-omron*) os=-luna ;; *-next ) os=-nextstep ;; *-sequent) os=-ptx ;; *-crds) os=-unos ;; *-ns) os=-genix ;; i370-*) os=-mvs ;; *-next) os=-nextstep3 ;; *-gould) os=-sysv ;; *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; *-sgi) os=-irix ;; *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; f30[01]-fujitsu | f700-fujitsu) os=-uxpv ;; *-rom68k) os=-coff ;; *-*bug) os=-coff ;; *-apple) os=-macos ;; *-atari*) os=-mint ;; *) os=-none ;; esac fi # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. vendor=unknown case $basic_machine in *-unknown) case $os in -riscix*) vendor=acorn ;; -sunos*) vendor=sun ;; -cnk*|-aix*) vendor=ibm ;; -beos*) vendor=be ;; -hpux*) vendor=hp ;; -mpeix*) vendor=hp ;; -hiux*) vendor=hitachi ;; -unos*) vendor=crds ;; -dgux*) vendor=dg ;; -luna*) vendor=omron ;; -genix*) vendor=ns ;; -mvs* | -opened*) vendor=ibm ;; -os400*) vendor=ibm ;; -ptx*) vendor=sequent ;; -tpf*) vendor=ibm ;; -vxsim* | -vxworks* | -windiss*) vendor=wrs ;; -aux*) vendor=apple ;; -hms*) vendor=hitachi ;; -mpw* | -macos*) vendor=apple ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) vendor=atari ;; -vos*) vendor=stratus ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os exit # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: nss-pam-ldapd-0.8.13/NEWS0000644000175000001440000022771512141446120011670 00000000000000changes from 0.8.12 to 0.8.13 ----------------------------- * include an extra sanity check to ensure not too many file descriptors are open * fix handling of gid configuration option if it listed before the uid option * fix microsecond timeout calculation (thanks Julien Cristau) * return NSS_STATUS_TRYAGAIN on zero-length (but not-NULL) buffer (thanks Jakub Hrozek) * provide an _nss_ldap_version symbol in the NSS module to help debug problems with a newer nslcd * retry updating the lastChange attribute with the normal nslcd LDAP connection if the update with the user's connection failed * avoid processing passwd_byuid requests for uids below nss_min_uid * fix a few minor or very unlikely to occur memory leaks * fix the text representation of shadow information for nscd on Solaris * make the way manual pages are built and installed more consistent with the chosen configure options * miscellaneous minor changes, fixes and compatibility improvements changes from 0.8.11 to 0.8.12 ----------------------------- * fix a problem with the sasl_canonicalize option that would cause errors on non-SASL enabled systems * ensure that the file descriptors in the NSS and PAM modules for connecting to nslcd are closed on exec of the process * allow attribute options in attribute mapping expressions * show reconnect messages when failing over to a different LDAP server or re-establishing the connection to an LDAP server (the message accidentally got hidden in 0.7.4) * fix a problem with the pw_class attribute in FreeBSD (fixes 0.8.11) * more fixes and improvements for Solaris (running under nscd may still give problems though) * small improvement to PAM error logging * provide a pynslcd manual if pynslcd is built changes from 0.8.10 to 0.8.11 ----------------------------- * add a pam_password_prohibit_message nslcd.conf option to deny password change (thanks to Ted Cheng) * add a sasl_canonicalize option to allow disabling of hostname canonicalisation in OpenLDAP * have the nslcd daemon load the nslcd user's supplementary groups to have more flexibility with assigning group permissions * fix logic error when falling back to getting ranged attribute values for possibly binary attributes (thanks scan-build) * fix a problem when storing negative hit to dn2uid cache (thanks scan-build) * use poll() instead of select() for checking file descriptor activity to also correctly work if more than FD_SETSIZE files are already open * small portability improvements * improve support for using Netscape LDAP libraries * improvements and fixes to the Solaris NSS code * grow all search filter buffers to 4096 bytes * some improvements to the pynslcd implementation * add an LDIF version of the ldapns.schema schema file changes from 0.8.9 to 0.8.10 ---------------------------- * documentation improvements * fix a problem that causes the PAM module to prompt for a new password even though the old one was wrong * log successful password change in nslcd * install default configuration file with reduced permissions (further protection for CVE-2009-1073) changes from 0.8.8 to 0.8.9 --------------------------- * allow the pam_authz_search option to be specified multiple times * improvements to pynslcd adding support for pam_authz_search * implement extra range checking of all numeric values * make documentation up-to-date * compatibility improvements, especially for FreeBSD changes from 0.8.7 to 0.8.8 --------------------------- * fix a regression in the handling of PAM requests * add the ldapns.schema file from pam_ldap to the tarball changes from 0.8.6 to 0.8.7 --------------------------- * log the first 10 search results in debug mode to make debugging easier (patch by Matthijs Kooijman) * provide more detailed logging information for LDAP errors, this should especially help for TLS related problems (based on a patch by Mel Flynn) * fix logging of invalid pam_authz_search value * when doing DNS queries for SRV records recognise default ldap and ldaps ports * make whether or not to do case-sensitive filtering configurable (patch by Matthew L. Dailey) * document the fact that each thread opens it's own connection (patch by Chris Hiestand) * some small portability improvements * try to prevent some of the Broken pipe messages in nslcd * increase buffer used for pam_authz_search as suggested by Chris J Arges * pynslcd now handles privileged requests correctly * pynslcd now supports attribute mapping using the lower() and upper() functions changes from 0.8.5 to 0.8.6 --------------------------- * a number of code improvements by Jakub Hrozek * fixes for FreeBSD (thanks Maxim Vetrov) * include missing pynslcd files from tarball * improvements to the pynslcd implementation * implement an offline cache in pynslcd * the Debian packaging was split from the main source tree changes from 0.8.4 to 0.8.5 --------------------------- * support larger gecos values * reduce loglevel of user not found messages to avoid spamming the logs with useless information (thanks Wakko Warner) * other logging improvements * explicitly parse numbers as base 10 (thanks Jakub Hrozek) * implement FreeBSD group membership NSS function (thanks Tom Judge) * fix an issue with detecting the uid of the calling process and log denied shadow requests in debug mode * fix a typo in the disconnect logic code (thanks Martin Poole) * implement configuration file handling in pynslcd and other pynslcd improvements * Debian packaging improvements changes from 0.8.3 to 0.8.4 --------------------------- * switch to using the member attribute by default instead of uniqueMember (backwards incompatible change) * only return "x" as a password hash when the object has the shadowAccount objectClass and nsswitch.conf is configured to do shadow lookups using LDAP (this avoids some problems with pam_unix) * fix problem with partial attribute name matches in DN (thanks Timothy White) * fix a problem with objectSid mappings with recent versions of OpenLDAP (patch by Wesley Mason) * set the socket timeout in a connection callback to avoid timeout issues during the SSL handshake (patch by Stefan Völkel) * check for unknown variables in pam_authz_search * only check password expiration when authenticating, only check account expiration when doing authorisation * make buffer sizes consistent and grow all buffers holding string representations of numbers to be able to hold 64-bit numbers * update AX_PTHREAD from autoconf-archive * support querying DNS SRV records from a different domain than the current one (based on a patch by James M. Leddy) * fix a problem with uninitialised memory while parsing the tls_ciphers option * implement bounds checking of numeric values read from LDAP (patch by Jakub Hrozek) * correctly support large uid and gid values from LDAP (patch by Jakub Hrozek) * improvements to the configure script (patch by Jakub Hrozek) * Debian packaging improvements changes from 0.8.2 to 0.8.3 --------------------------- * support using the objectSid attribute to provide numeric user and group ids, based on a patch by Wesley Mason * check shadow account and password expiry properties (similarly to what pam_unix does) in the PAM handling code * implement attribute mapping functionality in pynslcd * relax default for validnames option to allow user names of only two characters * make user and group name validation errors a little more informative * small portability improvements * general code improvements and refactoring in pynslcd * some simplifications in the protocol between the PAM module and nslcd (without actual protocol changes so far) * Debian packaging improvements changes from 0.8.1 to 0.8.2 --------------------------- * fix problem with endless loop on incorrect password * fix a communication problem between nslcd and the NSS and PAM modules when running on Solaris 10 * fix a compilation issue on systems without HOST_NAME_MAX * link to the resolv library for hstrerror() on platforms that need it * ignore password change requests for users not in LDAP * many clean-ups to the tests and added some new tests including some integration tests for the PAM functionality * some smaller code clean-ups and improvements * improvements to pynslcd, including implementations for service, protocol and rpc lookups * implement a validnames option that can be used to filter valid user and group names using a regular expression * improvements to the way nslcd shuts down with hanging worker threads changes from 0.8.0 to 0.8.1 --------------------------- * SECURITY FIX: the PAM module will allow authentication for users that do not exist in LDAP, this allows login to local users with an incorrect password (CVE-2011-0438) the exploitability of the problem depends on the details of the PAM stack and the use of the minimum_uid PAM option * include a file that was missing for Solaris support * add FreeBSD support, partially imported from the FreeBSD port (thanks to Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov) * document how to replace name pam_check_service_attr and pam_check_host_attr options in PADL's pam_ldap with with pam_authz_search in nss-pam-ldapd * implement a fqdn variable that can be used in pam_authz_search filters * create the directory to hold the socket and pidfile on startup * implement host, network and netgroup support in pynslcd changes from 0.7.13 to 0.8.0 ---------------------------- * include Solaris support developed by Ted C. Cheng of Symas Corporation * include an experimental partial implementation of nslcd in Python (disabled by default, see --enable-pynslcd configure option) * implement a nss_min_uid option to filter user entries returned by LDAP * implement a rootpwmodpw option that allows the root user to change a user's password without a password prompt * try to update the shadowLastChange attribute on password change * all log messages now include a description of the request to more easily track problems when not running in debug mode * allow attribute mapping expressions for the userPassword attribute for passwd, group and shadow entries and by default map it to the unmatchable password ("*") to avoid accidentally leaking password information * numerous compatibility improvements * add --with-pam-seclib-dir and --with-pam-ldap-soname configure options to allow more control of hot to install the PAM module * add --with-nss-flavour and --with-nss-maps configure options to support other C libraries and limit which NSS modules to install * allow tilde (~) in user and group names * improvements to the timeout mechanism (connections are now actively timed out using the idle_timelimit option) * set socket timeouts on the LDAP connection to disconnect regardless of LDAP and possibly TLS handling of connection * better disconnect/reconnect handling of error conditions * some code improvements and cleanups and several smaller bug fixes * all internal string comparisons are now also case sensitive (e.g. for providing DN to username lookups, etc) * signal handling in the daemon was changed to behave more reliable across different threading implementations * nslcd will now always return a positive authorisation result during authentication to avoid confusing the PAM module when it is only used for authorisation * Debian packaging improvement: implement configuring SASL authentication using Debconf, based on a patch by Daniel Dehennin changes from 0.7.12 to 0.7.13 ----------------------------- * fix handling of idle_timelimit option * fix error code for problem while doing password modification changes from 0.7.11 to 0.7.12 ----------------------------- * set a short socket timeout when shutting down the connection to the LDAP server to avoid disconnect problems when using TLS changes from 0.7.10 to 0.7.11 ----------------------------- * grow the buffer for the PAM ruser to not reject logins for users with a ruser including a domain part * Debian packaging improvements changes from 0.7.9 to 0.7.10 ---------------------------- * handle errors from ldap_result() better and disconnect (and reconnect) in more cases changes from 0.7.8 to 0.7.9 --------------------------- * fix for --with-nss-ldap-soname configure option by Julien Cristau * Debian packaging improvements changes from 0.7.7 to 0.7.8 --------------------------- * minor portability improvements and clean-ups (thanks Alexander V. Chernikov and Ted C. Cheng) * don't expand variables in rest of ${var:-rest} and ${var:+rest} expressions if it is not needed * Debian packaging improvements changes from 0.7.6 to 0.7.7 --------------------------- * refactoring and simplification of PAM module which also improves logging * implement a nullok PAM option and disable empty passwords by default * portability improvements and other minor code improvements * the mechanism to disable name lookups through LDAP from within the nslcd process has been improved * the undocumented use_sasl option has been removed (specifying sasl_mech now implies use_sasl) * the sasl_mech, sasl_realm, sasl_authcid, sasl_authzid and sasl_secprops configuration options are now documented * Debian packaging improvements changes from 0.7.5 to 0.7.6 --------------------------- * fix a problem with empty attributes if expression-based attribute mapping is used (patch by Nalin Dahyabhai) * make debug logging for pam_authz_search option a little more informative * documentation improvements * Debian packaging improvements changes from 0.7.4 to 0.7.5 --------------------------- * fix a problem in the session handling of the PAM module if the minimum_uid option was used * refactor the PAM module code to be simpler and better maintainable * perform logging from PAM module to syslog and support the debug option to log more information changes from 0.7.3 to 0.7.4 --------------------------- * fix a buffer overflow that should have no security consequences * perform proper fail-over when authenticating in the PAM module * add an nss_initgroups_ignoreusers option to ignore user name to group lookups for the specified users * add an pam_authz_search option to perform a flexible authorisation check on login (e.g. to restrict which users can login to which hosts, etc) * implement a minimum_uid option for the PAM module to ignore users that have a lower numeric user id * change the way retries are done to error out quicker if the LDAP server is down for some time (this should make the system more responsive when the LDAP server is unavailable) and rename the reconnect_maxsleeptime option to reconnect_retrytime to better describe the behaviour * only log "connected to LDAP server" if the previous connection failed * documentation improvements changes from 0.7.2 to 0.7.3 --------------------------- * allow password modification by root using the rootpwmoddn configuration file option (the user will be prompted for the password for rootpwmoddn instead of the user's password) * the LDAP password modify EXOP is first tried without the old password and if that fails retried with the old password * when determining the domain name (used for some value of the base and uri options) also try to use the hostname aliases to build the domain name (patch by Jan Schampera) * perform locking on the pidfile on start-up to ensure that only one nslcd process is running and implement a --check option (patch by Jan Schampera) * documentation improvements changes from 0.7.1 to 0.7.2 --------------------------- * some attributes may be mapped to a shell-like expression that expand attributes from LDAP entries; this allows attributes overrides, defaults and much more (as a result the passwd cn attribute mapping has been removed because the gecos mapping is now "${gecos:-$cn}" by default) * update the NSS module to follow the change in Glibc where the addr parameter of getnetbyaddr_r() was changed from network-byte-order to host-byte-order * properly escape searches for uniqueMember attributes for DN with a comma in an attribute value * miscellaneous improvements to the configure script implementing better (and simpler) library detection * some general refactoring and other miscellaneous improvements changes from 0.7.0 to 0.7.1 --------------------------- * implement password changing by performing an LDAP password modify EXOP request * fix return of authorisation check in PAM module (patch by Howard Chu) * fix for problem when authenticating to LDAP entries without a uid attribute in the DN * general code clean-up and portability improvements * provide more information with communication error messages changes from 0.6.11 to 0.7.0 ---------------------------- * rename software to nss-pam-ldapd to indicate that PAM module is now a standard part of the software * the PAM module is now built by default (the configure script can be instructed whether or not to build certain parts) * the default configuration file name has been changed to /etc/nslcd.conf * the default values for bind_timelimit and reconnect_maxsleeptime were lowered from 30 to 10 seconds * password hashes are no longer returned to non-root users (based on a patch by Alexander V. Chernikov) * a pam_ldap(8) manual page was added * unknown options in the configuration file can now be ignored with a new --disable-configfile-checking configure option changes from 0.6.10 to 0.6.11 ----------------------------- * fix user name to groups mapping (a bug in buffer checking in initgroups() that was introduced in 0.6.9) * fix a possible buffer overflow with too many uidNumber or gidNumber attributes (thanks to David Binderman for finding this) * lookups for group, netgroup, passwd, protocols, rpc, services and shadow maps are now case-sensitive * test suite is now minimally documented * added --disable-sasl and --disable-kerberos configure options * changed references to home page and contact email addresses to use arthurdejong.org * Debian packaging improvements changes from 0.6.9 to 0.6.10 ---------------------------- * implement searching through multiple search bases, based on a patch by Leigh Wedding * fix a segmentation fault that could occur when using any of the tls_* options with a string parameter * miscellaneous improvements to the experimental PAM module * implement PAM authentication function in the nslcd daemon * the code for reading and writing protocol entries between the NSS module and the daemon was improved * documentation updates * removed SSL/TLS related warnings during startup * Debian packaging improvements changes from 0.6.8 to 0.6.9 --------------------------- * produce more detailed logging in debug mode and allow multiple -d options to be specified to also include logging from the LDAP library * some LDAP configuration options are now initialized globally instead of per connection which should fix problems with the tls_reqcert option * documentation improvements for the NSLCD protocol used between the NSS module and the nslcd server * imported the new PAM module from the OpenLDAP nssov tree by Howard Chu (note that the PAM-related NSLCD protocol is not yet finalised and this module is not built by default) * in configure script allow disabling of building certain components * fix a bug with writing alternate service names and add checks for validity of passed buffer in NSS module * Debian packaging improvements changes from 0.6.7 to 0.6.8 --------------------------- * SECURITY FIX: the nss-ldapd.conf file that is installed by the Debian package was created world-readable which could cause problems if the bindpw option is used (CVE-2009-1073) this has been fixed in the Debian package but other users should check the permissions of the nss-ldapd.conf file when the bindpw option is used (warnings have been added to the manual page and sample nss-ldapd.conf) * clean the environment and set LDAPNOINIT to disable parsing of LDAP configuration files (.ldaprc, /etc/ldap/ldap.conf, etc) * remove sslpath option because it wasn't used * correctly set SSL/TLS options when using StartTLS * rename the tls_checkpeer option to tls_reqcert, deprecating the old name and supporting all values that OpenLDAP supports * allow backslashes in user and group names except as first or last character * check user and group names against LOGIN_NAME_MAX if it is defined * fix for getpeercred() on Solaris by David Bartley * Debian packaging improvements changes form 0.6.6 to 0.6.7 --------------------------- * a fix for a problem in the Debian packaging that would cause user-configured options be ignored changes form 0.6.5 to 0.6.6 --------------------------- * Debian packaging improvements * allow spaces in user and group names because it was causing problems in some environments * if ldap_set_option() fails log the option name instead of number * retry connecting to LDAP server in more cases changes form 0.6.4 to 0.6.5 --------------------------- * Debian package configuration translation updates changes form 0.6.3 to 0.6.4 --------------------------- * fix for the tls_checkpeer option * fix incorrect test for ssl option in combination with ldaps:// URIs * improvements to Active Directory sample configuration * implement looking up search base in rootDSE of LDAP server changes form 0.6.2 to 0.6.3 --------------------------- * retry connection and search if getting results failed with connection problems (some errors only occur when getting the results, not when starting the search) * add support for groups with up to around 150000 members (assuming user names on average are a little under 10 characters) * problem with possible SIGPIPE race condition was fixed by using send() instead of write() * add uid and gid configuration keywords that set the user and group of the nslcd daemon * add some documentation on supported group to member mappings * add sanity checking to code for when clock moves backward * log messages now include a session id that makes it easier to track errors to requests (especially useful in debugging mode) * miscellaneous portability improvements * increase buffers and time-outs to handle large lookups more gracefully * implement SASL authentication based on a patch by Dan White * allow more characters in user and group names changes form 0.6.1 to 0.6.2 --------------------------- * all user and group names are now checked for validity are specified in the POSIX Portable Filename Character Set * support retrieval of ranged attribute values as sometimes returned by Active Directory * added the threads keyword to configure the number of threads that should be started in nslcd * handle empty netgroups properly * change the time-out and retry mechanism for connecting to the LDAP server to return an error quickly if the LDAP server is known to be unavailable for a long time (this removed the reconnect_tries option and changes the meaning of the reconnect_sleeptime and reconnect_maxsleeptime options) * increased the time-out values between the NSS module and nslcd because of new retry mechanism * implement new dict and set modules that use a hashtable to map keys efficiently * use the new set to store group membership to simplify memory management and eliminate duplicate members * the uniqueMember attribute now only supports DN values * implement a cache for DN to user name lookups (15 minute timeout) used for the uniqueMember attribute to save on doing LDAP searches for groups with a lot of members, based on a patch by Petter Reinholdtsen * improvements to the tests * if any of the ldap calls return LDAP_UNAVAILABLE or LDAP_SERVER_DOWN the connection is closed * improve dependencies in LSB init script header to improve dependency based booting changes from 0.6 to 0.6.1 ------------------------- * numerous small fixes and compatibility improvements * the I/O buffers between nslcd and NSS module are now dynamically sized and tuned for common requests * correctly follow referrals * add StartTLS support by Ralf Haferkamp of SuSE * miscellaneous documentation improvements * remove code for handling rootbinddn/pw because it is unlikely to be supported any time soon * fix a problem with realloc()ed memory that was not referenced * fix for a crash in group membership buffer growing code thanks to Petter Reinholdtsen * some improvements to the Active Directory sample configuration * fix init script exit code with stop while not running * fixes to the _nss_ldap_initgroups_dyn() function to properly handle the buffer and limits passed by Glibc * fixes to the member to groups search functions to correctly handle uniqueMember attributes * only return shadow entries to root users * miscellaneous Debian packaging improvements changes from 0.5 to 0.6 ----------------------- * fix parsing of map option in nss-ldapd.conf * fix bug in handling of userPassword values * remove warning about missing loginShell attribute * support the uniqueMember LDAP attribute that holds DN values * support ldap as a compat service in /etc/nsswitch.conf * implement _nss_ldap_initgroups_dyn() to allow username->groups searches * fix retry mechanism with get*ent() functions where a too small buffer was passed by libc (to support groups with a lot of members) * fix a bug in reporting of communications problems between nslcd and the NSS library * test and log failures of all LDAP library calls * improved tests * miscellaneous compatibility improvements to try to support more LDAP libraries and platforms * support compilation with OpenLDAP 2.4 and newer * some configure script improvements * Debian packaging improvements changes from 0.4.1 to 0.5 ------------------------- * major structural changes in the LDAP lookup code using a newly implemented module that does memory management, session handling, paging and all other painful things with a simple interface * rewritten LDAP query and result handling code, now generating warnings about incorrect entries in the LDAP directory * IPv6 addresses in host lookups are now supported * added Kerberos ccname support (with the krb5_ccname option) thanks to Andreas Schneider and Ralf Haferkamp from SuSE and remove --with-gssapi-dir, --enable-configurable-krb5-ccname-gssapi and --enable-configurable-krb5-ccname-env configure options and having automatic detection instead * added support for DNS SRV record lookups by specifying DNS as uri thanks to Ralf Haferkamp and Michael Calmer from SuSE * added support for DOMAIN as base DN which uses the host's domain to construct a DN * removed nss_connect_policy, bind_policy and sizelimit options * cleaned up and documented reconnect logic with reconnect_tries, reconnect_sleeptime and reconnect_maxsleeptime options * configuration values with spaces in them (e.g. distinguished names) are now handled properly * fix a small memory leak in the I/O module * miscellaneous code improvements (better source code comments, more consistent logging, portability improvements, more tests, etc) * improvements to documentation changes from 0.4 to 0.4.1 ------------------------- * added French debconf translation by Cyril Brulebois * added Japanese debconf translation by Kenshi Muto * fix a problem with network name lookups where the lookup would result in the wrong call to nslcd * fix wrong default filter for rpc lookups * fix a number of memory leaks (thanks valgrind) (all memory leaks during normal operation should be fixed now) changes from 0.3 to 0.4 ----------------------- * remove nss_schema configfile option * temporary remove support for uniqueMember group membership attributes (will be re-added in a later release) * removed support for nested groups, if this is really needed (please ask or file a bug if you want it) it can be re-added later on * added missing docbook sources for manual pages to tarball * major cleanups and simplifications in the core LDAP query code (we don't need to worry about SIGPIPE because nslcd does that globally, locking because a connection is only used by one thread) and more simplifications in the the LDAP connection and query state * get base, scope, filter and map configfile directives properly working * simplifications in LDAP reconnect logic (some work remains to be done in this area) * issue warnings or errors for untested or unsupported configuration options * properly handle multiple URIs in Debian configuration * documentation improvements changes from 0.2.1 to 0.3 ------------------------- * a bug in the communication buffer handling code was fixed * a bug in the dictionary code was fixed (code not yet in use) * a fix for the init script that used a wrong pidfile * configuration file handling code was rewritten to be better maintainable * some configuration file options have changed which means that compatibility with the nss_ldap configuration file is lost * configuration syntax is now documented in the nss-ldapd.conf(5) manual page * support for dnsconfig was removed * the configuration file no longer supports using multiple search bases * removed nss_initgroups and nss_initgroups_ignoreusers options * removed --enable-paged-results configure option and use pagesize configuration file option to specify usage of paging at runtime * added Portuguese debconf translation by Américo Monteiro * Debian package configuration improvements and simplifications * use docbook2x-man for generating manual pages * miscellaneous documentation improvements including improved manual pages * general code reorganisation and clean-ups to achieve another 9% code reduction relative to 0.2.1 release (more than 40% relative to nss_ldap) * SASL, Kerberos and SSL/TLS support remain untested changes from 0.2 to 0.2.1 ------------------------- * fix permissions of server socket (this fixes a problem where non-root users were unable to do lookups) * fix configure script to properly check for pthread support * small code improvements * general build system cleanups changes from 0.1 to 0.2 ----------------------- * fixes to the netgroup lookup code * more simplifications and improvements in the code almost 5% code reduction (compared to release 0.1) and 37% reduction in gcc warnings (from 443 in 251 to 389 in 0.1 and 244 in 0.2) * a lot of code improvements thanks to flawfinder, more gcc warnings, splint and rats * license change from GNU Library General Public License to GNU Lesser General Public License (with the permission of Luke Howard) * fix logging code to be cleaner and always use our own logging module * a start has been made to make the code more testable and initial work to set up a testing framework has been done * implemented a timeout mechanism in the communication between the NSS part and the nslcd server part changes from nss_ldap 251 to nss-ldapd 0.1 ------------------------------------------ * initial release of nss-ldapd (should be functional but not yet stable enough for production use) * fork from the nss_ldap which was originally written by Luke Howard of PADL Software Pty Ltd. changing package name to nss-ldapd and versioning scheme * the functionality was split into a thin NSS library and a simple daemon proxying the requests to the LDAP server (see README for rationale) * a lot of dead and old compatibility code was removed (about 25% of the code was removed) (more simplifications to come) * the test code was rewritten * build script simplifications * default configuration file has been changed to /etc/nss-ldapd.conf * most documentation has been updated and rewritten * dropped support for non-glibc NSS interfaces and assumed OpenLDAP compatible library changes from 250 to 251 ----------------------- * remove doc/rfc2307.txt, it is available from http://www.ietf.org/rfc/rfc2307.txt * make objectClass a mappable attribute changes from 249 to 250 ----------------------- * don't use static _nss_ldap_no_members buffer, causes crash when nss_ldap is unloaded and memory is still referenced * fix for BUG#249: tcsh closes file descriptors, confuses nss_ldap and hangs (from David Houlder) * fix for BUG#257: initgroups() broken in RFC2307bis support disabled * fix for BUG#261: sslpath example wrong * fix for BUG#263: compile do_triple_permutations() when IRS enabled changes from 248 to 249 ----------------------- * fix for BUG#253: build broken on AIX * fix for BUG#255: deadlock in initgroups changes from 247 to 248 ----------------------- * fix regression in per-objectclass attribute mapping introduced in nss_ldap-246 changes from 246 to 247 ----------------------- * double-check *ld != NULL even if mapped eror return from ldap_initialize() returns NSS_SUCCESS changes from 245 to 246 ----------------------- * paged results and RFC2307bis support are now always compiled in; they are by default disabled unless you configured with --enable-paged-results and --enable-rfc2307bis, respectively. See nss_ldap(5) for configuration options. * fix for BUG#219: paged results delivers wrong results * fix for BUG#222: use asynchronous start TLS if available, using bind_timeout value * fix for BUG#235: make DNS SRV lookup domain configurable (nss_srv_domain) * fix for BUG#240: return "*" rather than "x" for userPassword if not present * fix for BUG#245: paged results broken since nss_ldap-241 * patch from Ralf Haferkamp : compile fix for IPv6 * compile for Solaris * schema mapping is always enabled, cleanup schema mapping code * allow for map-specific objectclass mapping * partial implementation of Solaris Simplified LDAP API, allows automountd support on Solaris via nss_ldap * for Linux automounter, always close connection after endautomntent() to avoid persistent connection * add nss_connect_policy argument to ldap.conf changes from 244 to 245 ----------------------- * don't leak LDAP connection if do_bind() failed or descriptor owner had changed. If do_bind() failed the underlying descriptor would also be leaked, causing a large number of sockets to be consumed during failover * add nss_initgroups_ignoreusers parameter to ldap.conf, returns NOTFOUND if nss_ldap's initgroups() is called for users (comma separated) * try to deal with systems that have headers for both versions of the SASL library installed * better logging of failed connections and reconnections * patch from Dean Michaels : build with Netscape 5 library on Solaris * patch from Ralf Haferkamp : manual page fix to bind_policy changes from 243 to 244 ----------------------- * patch from Ralf Haferkamp : enusre bytesleft macro does not return values < 0 * include in ldap-nss.c changes from 242 to 243 ----------------------- * fix for BUG#225: invalid pointer dereferencing when reading rootpw changes from 241 to 242 ----------------------- * fixes for compiling on Solaris 10 changes from 240 to 241 ----------------------- * new, more robust reconnection logic * both "host" and "uri" directives can be used in ldap.conf * new (undocumented) nss_reconnect_tries, nss_reconnect_sleeptime, nss_reconnect_maxsleeptime, nss_reconnect_maxconntries directives * reload configuration file if changed changes from 239 to 240 ----------------------- * new API for resolving automounts (requires custom autofs plugin for Linux at present): _nss_ldap_setautomntent(), _nss_ldap_getautomntent(), _nss_ldap_endautomntent(), _nss_ldap_getautomntbyname_r() * fix for BUG#200: rename SOCKLEN_T as it conflicts on AIX * fix for BUG#205: accept line feeds in ldap.conf * fix for BUG#211: nss_ldap fails to start TLS on referred connections * fix for BUG#213: initgroups crash if RFC2307bis undefined * turn down reconnection logging volume changes from 238 to 239 ----------------------- * support for initgroups using backlinks (selectable at runtime if RFC2307bis support is enabled, using the nss_initgroups backlink configuration directive) * support for dynamically expanding filter sizes * from Peter Marschall : revert the deletion of blanks/tabs in ldap.conf that happened between 235 and 238 * from Peter Marschall : This patch changes configure.in and Makefile.am so that ldap.conf gets installed in the place and with the name that is given to the configure option --with-ldap-conf-file. In addition to that it fixes a long standing bug in Makefile.am that tries to install a file before the destination directory is guaranteed to be created (hunk #3), and uses $(mkinstalldirs) for AIX (hunk #2). changes from 237 to 238 ----------------------- * more manual page updates changes from 236 to 237 ----------------------- * more manual page updates changes from 235 to 236 ----------------------- * fix for BUG#201: typo in ldap-schema.c causing build to fail * add manual page for nss_ldap changes from 234 to 235 ----------------------- * fix for BUG#198: make pagesize configurable * fix for BUG#199: correct fix for BUG#138 (blind last char remove in ldap.secret) changes from 233 to 234 ----------------------- * don't reacquire global lock in do_next_page() * restore old "bind_policy hard" behaviour (don't try to reconnect if initialization failed). The behaviour introduced in nss_ldap-227 can be enabled with "bind_policy hard_init". changes from 232 to 233 ----------------------- * if do_open() returns NSS_UNAVAIL, don't try to do server reconnect; only do it if NSS_TRYAGAIN is returned This should fix the problems introduced by the fixes in nss_ldap-227 (delayed binding) changes from 231 to 232 ----------------------- * fix for BUG#138 (blind last char remove in ldap.secret) changes from 229 to 230 ----------------------- * don't free gss_krb5_ccache_name() output (Heimdal) changes from 228 to 229 ----------------------- * more debugging in initgroups and _nss_ldap_getentry() * fix _nss_ldap_getentry() enumeration behaviour, and optimize by not searching if the requested attribute cannot be mapped changes from 227 to 228 ----------------------- * fix for BUG#188: better documentation for OpenLDAP SSL options * fix for BUG#189: do not configure tls_checkpeer unless it is explicitly specifier in ldap.conf * fix for BUG#190: set ls_state to LS_UNINITIALIZED after fork changes from 226 to 227 ----------------------- * separate initializing LDAP session with actually connecting to the DSA, so that we don't try to bind until we actually need to search (which allows the retry logic in the search function to also apply to binding). NB: this will only provide improved behavior for LDAP client libraries that support ldap_init() or ldap_initialize() rather than ldap_open * fix for BUG#183: support pw_change and pw_expire on BSD * fix for BUG#187: NSS_BUFLEN_DEFAULT causing problems on IRS platforms * fix for glibc 2.1 from Alexander Spannagel changes from 225 to 226 ----------------------- * make LDAP_NSS_NGROUPS configurable with --with-ngroups (experts only) option changes from 224 to 225 ----------------------- * make LDAP_NSS_NGROUPS 64 - better choice for small directories changes from 223 to 224 ----------------------- * don't double-free on realloc() failure in do_parse_group_members() * don't pass LDAP session as an argument, as it may refer to a stale LDAP handle. If this does not work we will need to replace LDAPMessage pointers with pointers to a structure that contains a reference-counted LDAP handle as well as the message * fix crasher when internal group membership buffer was reallocated (introduced with nested group expansion code) * immediately return NSS_TRYAGAIN and errno=ERANGE if there is not enough buffer space to handle LDAP_NSS_NGROUPS groups; this prevents getgrXXX() from expensive repeated directory searches when there is a priori knowledge that group memberships are large changes from 222 to 223 ----------------------- * allow empty lines in /etc/ldap.conf * do loop detection in nested groups * fixes for building with IRS on FreeBSD 4.10 changes from 221 to 222 ----------------------- * fix deadlock in _nss_ldap_getentry() * support more AIX usersec attributes * more AIX porting fixes * support Heimdal as well as MIT Kerberos changes from 220 to 221 ----------------------- * AIX fix from Recall #169033 * support for expansion of nested RFC2307bis groups * support for searching using range retrieval * fix memory leak with private contexts * fix memory leak in do_result() * implement _nss_ldap_getentry for AIX enumeration * implement netgroups for IRS/AIX * remove dependency on Berkeley DB - schema mapping and RFC2307bis no longer requires DB * remove old NeXT cruft in resolve.c changes from 218 to 220 ----------------------- * fix for BUG#169: getntohost() on Solaris * fix for BUG#170: _nss_ldap_getgroupsbymember_r fails to return all groups when NSCD is running and attribute mapping is enabled on Solaris * fix for BUG#173: reinstate use of sigaction() (XXX what is the correct fix here?) * fix for BUG#174: innetgr() depth checking changes from 217 to 218 ----------------------- * fix for BUG#168: set errnop to ENOENT if not found * check for -lgssapi before -lgssapi_krb5 changes from 216 to 217 ----------------------- * fix for BUG#167: compilation fails on Solaris changes from 215 to 216 ----------------------- * patch from Thorsten Kukuk to avoid overwriting sockaddr storage for IPv6; use struct sockaddr_storage if available * fix for BUG#153: use asynchronous search API in initgroups() * fix for BUG#157: check for __pthread_once rather than __pthread_atfork on glibc, as the latter is no longer exported * fix for BUG#158: escape netgroup search filters correctly * fix for BUG#161: remove redundant lock in _nss_ldap_innetgr() * fix for BUG#164: set schema element array size to LM_NONE + 1 not LM_NONE * fix for BUG#165: make _nss_ldap_result() private * fix for BUG#166: chase all nested netgroups in innetgr() * fix deadlock if getXXXent() called without first calling setXXXent() * only request gidNumber attribute when initgroups() (avoids sending back rest of a group's entry) * don't request any attributes when mapping a user to a DN (we want the DN only) changes from 214 to 215 ----------------------- * choose between using native GSS-API and putenv() for setting ccache path * per-map attribute mapping for attributes that appear in multiple maps changes from 213 to 214 ----------------------- * define LDAP_DEPRECATED for compiling against OpenLDAP 2.2 changes from 212 to 213 ----------------------- * fix netgroup compilation error when debugging is enabled * support GSS-API for setting ccache name * initgroups() should require user to be a POSIX account * define LOGNAME_MAX for HP-UX * do not use sigprocmask() - this blocks rather than disabling signals * SASL version check fix from Howard Chu changes from 211 to 212 ----------------------- * Solaris netgroup support test release * fix crasher in do_sasl_interact() * do_sasl_interact() needs to strdup() result for Cyrus SASL 1.x but not 2.x * merge in LDAP debug patch from Howard Chu * try alternate search descriptors on NSS_NOTFOUND as well as NSS_SUCCESS changes from 210 to 211 ----------------------- * do AT_OC_MAP cache initialization at config init * BSD build fixes * replace [h]errno2nssstat lookup tables with switch statement; should help building on AIX! changes from 209 to 210 ----------------------- * initialize DBT structures * fix SASL crasher changes from 208 to 209 ----------------------- * fix SASL breakage changes from 207 to 208 ----------------------- * use socklen_t not int * remove OpenLDAP SASL code * incorporated patches from (see below) Geert Jansen * add the "sasl_secprops" option to configure SASL security layers (usage as for OpenLDAP ldap.conf) * add the "krb5_ccname" option to specify the location of the Kerberos ticket cache (requires --enable-configurable-krb5-ccname for now as it is a fairly coarse solution to a lack of appropriate API in the Kerberos libraries) * add support for native Active Directory password policy attributes (enabled if shadowLastChange is mapped to pwdLastSet) * add "nss_override_attribute_value" and "nss_default_attribute_value" keywords for over- riding and setting default attribute values, respectively changes from 205 to 207 ----------------------- * work without LDAP_OPT_X_TLS_RANDOM_FILE * fix schema mapping regression from nss_ldap-205; attribute mapping now works again changes from 204 to 205 ----------------------- * build with Sleepycat DB without db185 compat layer (tested with 4.x; needs testing on 3.x) changes from 203 to 204 ----------------------- * Linux netgroup implementation from Larry Lile * Multiple service search descriptor support from Symas * IPv6 patch from Thorsten Kukuk at SuSE changes from 202 to 203 ----------------------- * fix for BUG#115 * fix for BUG#121 changes from 201 to 202 ----------------------- * getsockname() fixes from Howard Chu * configuration parser crasher fix changes from 200 to 201 ----------------------- * Berkeley DB fixes from Howard Chu * Netscape client library build fix changes from 199 to 200 ----------------------- * use sigprocmask() if available to block SIGPIPE * fix build breakage with OpenLDAP HEAD changes from 198 to 199 ----------------------- * HP-UX port * BUG#111: incorrect debugging statement in _nss_ldap_enter() * export required symbols only on Linux * corrected symbol names for glibc alias enumeration functions * the DNS response parser doesn't stop after parsing the right number of records, and doesn't handle long responses (Nalin at RedHat) changes from 197 to 198 ----------------------- * BUG#108: fix potential buffer overflow in dnsconfig.c (could be triggered if no flat file configuration for nss_ldap and large DNS SRV data for domain; because nss_ldap in SRV mode trusts DNS we do not believe this to be exploitable to elevate privilege in the default configuration) * do not malloc() configuration structure; use buffer changes from 196 to 197 ----------------------- * improved AIX documentation from Dejan Muhamedagic * define LDAP_OPT_SSL for Solaris 9 changes from 195 to 196 ----------------------- * return NSS_TRYAGAIN not NSS_NOTFOUND for insufficient buffer space in dn2uid_cache_get() * support automake 1.5 and friends * out of box build on AIX 4.3.3 * fixed BUG#104: do_ssl_options() return code ignored changes from 194 to 195 ----------------------- * fixed BUG#98: large groups cause buffer length wraparound with rfc2307bis changes from 193 to 194 ----------------------- * bugfix for Debian Bug report #147553: lack of global mutex use in initgroups() changes from 192 to 193 ----------------------- * support for PADL GSS-SASL client library changes from 191 to 192 ----------------------- * more carefully compare cached socket and peer addresses changes from 190 to 191 ----------------------- * added configurable [hard|soft] reconnect, see the bind_policy parameter in ldap.conf. changes from 189 to 190 ----------------------- * check for Netscape 4 SDK without SSL; don't require pthreads for these changes from 188 to 189 ----------------------- * patch for building on OpenLDAP 1.x from Nalin at RedHat changes from 187 to 188 ----------------------- * specify runtime path for LDAP library correctly to native Solaris linker * check for gcc correctly * use native linker on Solaris and AIX changes from 186 to 187 ----------------------- * make bogusSd in ldap-nss.c conditional on !HAVE_LDAP_LD_FREE * merge in paged result support from Max Caines * bugfixes for Debian Bug report #140854 changes from 185 to 186 ----------------------- * incorporated patch for Debian Bug report #140854, where nss_ldap could in some cases close a descriptor it did not own. Patch was provided by Luca Filipozzi. changes from 184 to 185 ----------------------- * updated copyrights * fix for BUG#82: set close on exec (Debian bug 136953) changes from 183 to 184 ----------------------- * return NSS_TRYAGAIN if no buffer space in ldap-grp.c changes from 181 to 183 ----------------------- * return error strings in AIX authentication routine * initialize schema in getgroupsbymember() * fix for tls_checkpeer; pass NULL session in to set global option * BUG#77: configurable config file locations changes from 181 to 181 ----------------------- * ignore SIGPIPE whilst inside nss_ldap library routines to prevent crashing on down LDAP server; possible fix for Debian bug 130006 * removed --enable-no-so-keepalive; always try to disable SO_KEEPALIVE on underlying socket to LDAP server * include local copy of irs.h under AIX * general cleanup of locking code * _nss_ldap_no_members appears to only need defining for when RFC2307bis is enabled changes from 179 to 180 ----------------------- * pull in libpthreads on AIX changes from 178 to 179 ----------------------- * a couple more patches for AIX changes from 177 to 178 ----------------------- * patch from Gabor Gombas for AIX support * Makefile.am: sasl.o needed by NSS_LDAP * aix_authmeth.c: method_passwordexpired is really method_passwdexpired; but since the struct was bzero()ed no need to set it to NULL * configure.in: support both gcc and xlc_r * exports.aix: sv_byport was not exported * ldap-grp.c: getgrset() returned group names instead of gid numbers changes from 176 to 177 ----------------------- * patch for building on AIX from IBM * added simple authentication support for AIX * cleaned up SASL patch to not break if Cyrus SASL is not installed changes from 175 to 176 ----------------------- * fixed bug in SASL patch which had required OpenLDAP headers changes from 174 to 175 ----------------------- * incorporated GSS-API SASL patches * rebind to server on LDAP_LOCAL_ERROR changes from 173 to 174 ----------------------- * added patches from Maxim Batourine for compiling with Sun workshop compiler * added notes re: 64-bit compile on Solaris from above source changes from 172 to 173 ----------------------- * notes on IRS in doc/README.IRS * added irs.h for AIX compat * patch from Bob Guo for stripping trailing spaces in ldap.conf. changes from 171 to 172 ----------------------- * fixed schema mapping bug by storing a copy of the mapped schema in the Berkeley DB rather than the element itself. Because the DB library returns static storage, this was causing problems where the schema mapping calls were used to build the attribute table in ldap-schema.c. This bugfix was sponsored by n2h2.com; thanks! changes from 170 to 171 ----------------------- * added ldap.conf stanza for AIX * workaround for schema mapping bug. changes from 169 to 170 ----------------------- * use _nss_ldap_getrdnvalue() for determining canonical group name changes from 168 to 169 ----------------------- * fixed typo in ldap-service.c; prefix filters now with _nss_ldap changes from 167 to 168 ----------------------- * initialize old_handler to SIG_DFL * incorporate Stephan Cremer's mapping patches, a big thanks to Stephan for these! * use LDAP_OPT_NETWORK_TIMEOUT if available for network connect timeout * removed hard-coded schema mapping for authPassword, NDS and MSSFU changes from 166 to 167 ----------------------- * support for new OpenLDAP rebind proc prototype * in rebind function, respect timeout * fix for PADL Release Control changes from 165 to 166 ----------------------- * corrected small typos changes from 164 to 165 ----------------------- * posixMember is a distinguished name, don't pretend it is a login name * cleaned up code referencing different member syntaxes changes from 163 to 164 ----------------------- * removed IDS_UID code, never worked properly changes from 162 to 163 ----------------------- * removed context_free function, usage confusing changes from 161 to 162 ----------------------- * in reconnect harness, do not treat entry not found errors as requiring a reconnect changes from 160 to 161 ----------------------- * hopefully fixed use of synchronous searches in _nss_ldap_getbyname() changes from 159 to 160 ----------------------- * patch from RedHat to check for DB3, override install user/group optionally * use synchronous searches for _nss_ldap_getbyname() * only set SSL options if we have values for those options changes from 158 to 159 ----------------------- * make do_ssl_options() take a config parameter; avoid segfault with SSL? changes from 157 to 158 ----------------------- * in the distinguished name to login cache (dn2uid) make sure we use the AT(uid) macro for the uid attribute rather than the hard-coded value of "uid" This should enable the cache for MSSFU support. changes from 156 to 157 ----------------------- * for MSSFU, use posixMember for group memberships rather than member (reported by Andy Rechenberg) * ignore SIGPIPE before calling do_close() for idle_timeout changes from 155 to 156 ----------------------- * logic was around the wrong way in do_search(), all searches were broken! * --disable-ssl option for configure * removed "Obsoletes: pam_ldap" from spec file changes from 154 to 155 ----------------------- * do not use private API when setting OpenLDAP TLS options (do_ssl_options()) changes from 153 to 154 ----------------------- * notes from Scott M. Stone * idle timeout patch from Steve Barrus changes from 152 to 153 ----------------------- * SSL fix changes from 151 to 152 ----------------------- * further patch from Jarkko for TLS/SSL auth: support for LDAPS/cipher suite selection/ client key/cert authentication changes from 150 to 151 ----------------------- * patch from Andrew Rechenberg for Active Directory schema support * patch from Jarkko Turkulainen for peer certificate support with OpenLDAP changes from 149 to 150 ----------------------- * patch from Anselm Kruis for URI support changes from 148 to 149 ----------------------- * fixed compile on Solaris, broken in 145 by malformed Linux patch changes from 147 to 148 ----------------------- * check for HAVE_LDAP_SET_OPTION always changes from 146 to 147 ----------------------- * check for ldap_set_option(), as LDAP_OPT_REFERRALS is defined for OpenLDAP 1.x but without the ldap_set_option() function changes from 145 to 146 ----------------------- * mass re-indentation, GNU style * patch from Simon Wilkinson for compatibility with old initgroups entry point * request authPassword attribute if --enable-authpassword * authPassword support in ldap-spwd.c (shadow) changes from 144 to 145 ----------------------- * preliminary support for authPassword attribute * updated COPYING * patch from Szymon Juraszczyk to suppot _nss_ldap_initgroups_dyn prototype changes from 143 to 144 ----------------------- * when specifying filters with nss_base_XXX, only escape the filter argument not the entire filter changes from 142 to 143 ----------------------- * patch from nalin@redhat.com to avoid corrupting the heap when the configuration file exists but has no host and base values. _nss_ldap_readconfigfromdns() will write to the region which was already freed. changes from 141 to 142 ----------------------- * patch from Simon Wilkinson for memory leak in ldap-service.c changes from 140 to 141 ----------------------- * fix for BUG#54 (AIX detection broken) * use -rpath on all platforms except Solaris, not just Linux changes from 139 to 140 ----------------------- * fix configure bug for DISABLE_SO_KEEPALIVE * fix alignment bug in util.c; this was causing Solaris to crash whenever per-map search descriptors were specified in ldap.conf changes from 138 to 139 ----------------------- * updated INSTALL file with boilerplate * fixed pointer error in ldap-nss.c changes from 137.1 to 138 ------------------------- * close config file FILE * if out of buffer space for parsing search descriptor * fixed bug where non-recognized directives in ldap.conf would cause the configuration file to not be parsed at all, if they were the last entries in the config file. changes from 137 to 137.1 ------------------------- * patch from nalin@redhat.com; return { NULL } not NULL for no group members * cleaned up usage of libc-lock.h weak aliases to pthreads API; use in ltf.c also * use __libc_atfork() or pthread_atfork() to close off connection on fork, rather than checking PIDs; this is expensive and breaks on Linux where each thread may have a different PID. changes from 136 to 137 ----------------------- * build nss_ldap as a loadable module on AIX * doco on AIX changes from 135 to 136 ----------------------- * define -DPIC for FreeBSD * link with -shared not --shared * fixes for AIX changes from 134 to 135 ----------------------- * merged ldap.conf * fixed bug in concatenating relative search bases in ldap-nss.c (profile support) changes from 133 to 134 ----------------------- * fixed Makefile.am * reordered DB search order in util.c changes from 132 to 133 ----------------------- * make /usr/lib directory in Makefile.am * new spec file from Joe Little changes from 131 to 132 ----------------------- * fixed rebind preprocessor logic changes from 130 to 131 ----------------------- * created files for automake happiness changes from 129 to 130 ----------------------- * fixed typo preventing build with Netscape client library changes from 128 to 129 ----------------------- * updated version number * fixed build bug on Solaris changes from 127 to 128 ----------------------- * fixed logic bug in util.c introduced in nss_ldap-127 changes from 126 to 127 ----------------------- * updating copyright notices * autoconf support; IRIX and OSF/1 support has been dropped (dl-*.[ch]) as no one really used this, the implementation was a hack, and these operating systems have their own LDAP implementations now * added support for "referrals" and "restart" options to ldap.conf * use OpenLDAP 2.x rebind proc with correct arguments * added "timelimit" and "bind_timelimit" directives to ldap.conf * fixed bug with dereferencing aliases * preliminary support for profiles; recognise profile semantics in ldap-nss.c/util.c * parity with pam_ldap; "ssl" directive in ldap.conf can now specify "yes" or "start_tls" for Start TLS * hopefully fixed Berkeley DB include mess in util.c * fixed potential buffer overflow in util.c * default to LDAP protocol version 3 * fixed leaks in util.c, dnsconfig.c * accept on/yes/true for boolean configuration values * tested building on FreeBSD, Solaris 8, Linux * tested functionality on RedHat 6.2 changes from 124 to 126 ----------------------- * fixed up Linux Makefiles to build libnss_ldap changes from 123 to 124 ----------------------- * patch from nalin@redhat.com for StartTLS * fixed up indenting changes from 122.BZ52.2 to 123 ------------------------------ * rolled in BUG#52 branch with fixes for AIX changes from 122.BZ52.1 to 122.BZ52.2 ------------------------------------- * included ldap-schema.c; omitted from previous checkpoint changes from 122 to 122.BZ52.1 ------------------------------ * preliminary fix for BUG#52 (support for different naming contexts for each map) * fixed bug in enumerating services map changes from 121 to 122 ----------------------- * fixed BUG#50 (check return value of ldap_simple_bind()) changes from 120 to 121 ----------------------- * fixed BUG#49 (fix acknowledged race condition) changes from 119 to 120 ----------------------- * added Makefile.aix and exports.aix (forgot) changes from 118 to 119 ----------------------- * patch from Gabor Gombas to support AIX implementation of BIND IRS changes from 117 to 118 ----------------------- * Makefile.RPM.openldap2 from Joe Little changes from 116 to 117 ----------------------- * permanently ignore SIGPIPE when using SSL. This bug should be fixed properly. changes from 115 to 116 ----------------------- * added irs-nss.diff and README.IRS from Emile Heitor changes from 113 to 115 ----------------------- * fixed filter escaping * call ldapssl_client_init() once only * include db_185.h not db.h for dn2uid cache * fixes for FreeBSD (IRS) support from Emile Heitor changes from 110 to 113 ----------------------- * patch from Ben Collins to escape '*' in filters changes from 109 to 110 ----------------------- * patch from Phlilip Liu for async binds changes from 108 to 109 ----------------------- * omit socket check for -DSSL; it doesn't work * updated CONTRIBUTORS * updated README re HAVE_LDAP_LD_FREE changes from 107 to 108 ----------------------- * included "deref" option in /etc/ldap.conf, compatible with OpenLDAP syntax. Patch from Michael Mattice. changes from 106.2 to 107 ------------------------- * fixed argument to _nss_ldap_getent() in ldap-ethers.c changes from 106.1 to 106.2 --------------------------- * if root, use rootbinddn/rootbindpw in rebind proc * include objectClass in pwd required attributes changes from 105 to 106.1 ------------------------- * if user is a shadowAccount, then don't return password in getpwent(), getpwuid() or getpwnam() * incorporated patch (from Doug Nazar): * allow getgrent() to be called without setgrent(); note arguments to _nss_ldap_getent() have changed. * return NSS_NOTFOUND instead of NSS_UNAVAIL at the end of a search * initialize len for getpeername() changes from 104 to 105 ----------------------- * incorporated patch for deadlock under Solaris (from Dave Begley) changes from 103 to 104 ----------------------- * new spec file changes from 102 to 103 ----------------------- * don't call ldap_parse_result() with V2 API changes from 101 to 102 ----------------------- * added defines for LDAP_MSG_ONE et al if not in ldap.h * removed LDAP_MORE_RESULTS_TO_RETURN test changes from 100 to 101 ----------------------- * fixed spec file changes from 99 to 100 ---------------------- * support for asynchronous search API! * added some contributors * notes about ldap_ld_free() * merged in ChangeLog changes from 98 to 99 --------------------- * added some netgroup implementation tips * do_close_no_unbind() cleanup changes from 97 to 98 --------------------- * /etc/nss_ldap.secret -> /etc/ldap.secret (sorry, Doug!) * deleted crypt-mechanism code. Junk. * fixed call to _nss_ldap_read() after changing prototypes in nss_ldap-88 changes from 96 to 97 --------------------- * #ifndef HAVE_LDAP_LD_FREE, still call ldap_unbind(), but having closed the descriptor. changes from 95 to 96 --------------------- * re-orged changes from 94 to 95 --------------------- * disable SO_KEEPALIVE on socket rather than blocking SIGPIPE. Need to figure out the right way to do this. changes from 93 to 94 --------------------- * committed some changes for the parent/child close problem. It relies on internal libldap APIs so it may be non-portable but should work with OpenLDAP and Netscape client libraries, and perhaps most UMich- derived client libraries. There's a possible workaround for client libraries without this; undefine HAVE_LDAP_LD_FREE to test this. changes from 92 to 93 --------------------- * important fix: make sure return status is reset after do_open() == NSS_SUCCESS, just in case no entries are returned. This bug was introduced in nss_ldap-88 and could potentially cause a security hole. changes from 91 to 92 --------------------- * signal handling fix: don't restore handler unnecessarily. * don't open nss_ldap.secret unless a root pw is specified in ldap.conf changes from 90 to 91 --------------------- * reorganized SIGPIPE blocking code * added SSL support changes from 89 to 90 --------------------- * only reconnect if we've changed to/from root changes from 88 to 89 --------------------- * cleaned up a few things changes from 87 to 88 --------------------- * added breaks to switch in _nss_ldap_lookup (thanks to Nathan.Hawkins@FMR.COM for pointing this out) * save signal handler and ignore SIGPIPE for appropriate sections of do_open() and confirm connection is still active (patch from rpatel@globix.com) * allow root users to bind as a different user, to provide quasi-shadow password support (patch from nazard@dragoninc.on.ca) * under Linux, make Makefile look at last libc version (patch from nazard@dragoninc.on.ca) * never clobber nsswitch.ldap/ldap.conf when making install (patch from nazard@dragoninc.on.ca) * change do_open() to not unbind the parent ldap connection when the pid changes but simply open a new connection (patch from nazard@dragoninc.on.ca) * changed _nss_ldap_lookup() and _nss_ldap_read() prototypes to return NSS_STATUS error codes, so that NSS_UNAVAIL percolates as appropriate. changes from 86 to 87 --------------------- * fixed looking up DN-membered groups by member. Thanks to Jeff Mandel for spotting this hard to find bug. changes from 85 to 86 --------------------- * member for NDS vs uniqueMember (needs further investigation; -DNDS) changes from 84 to 85 --------------------- * check non-NULLity of userdn before freeing * use AT(uid) for groupsbymember filter changes from 81 to 84 --------------------- * implemented _nss_ldap_initgroups() changes from 80 to 81 --------------------- * removed extraneous do_sleep() code * updated spec file changes from 2.79 to 80 ----------------------- * (really 2.80) changed version number a la Solaris 7! * cleaned up schema stuff into ldap-schema.h changes from 2.78 to 2.79 ------------------------- * implemented exponential backoff reconnect logic changes from 2.76 to 2.78 ------------------------- * removed ldap.conf.ragenet from lineup * removed spurious do_close() changes from 2.75 to 2.76 ------------------------- * added -lresolv to Solaris makefiles changes from 2.72 to 2.75 ------------------------- * incorporated RPM patches from stein@terminator.net changes from 2.71 to 2.72 ------------------------- * implemented getgroupsbymember() for Solaris. Supplementary groups should be initialized now. (NB: doesn't appear to be quite working for RFC2307bis yet.) * GNU indent-ified changes from 2.70 to 2.71 ------------------------- * removed -DDEBUG as default build flag changes from 2.69 to 2.70 ------------------------- * put /usr/ucblib back into linker search path for Solaris. changes from 2.68 to 2.69 ------------------------- * added timeout, unavailable, and server busy conditions to rebind logic * indent -gnu all source files changes from 2.65 to 2.68 ------------------------- * mods for glibc 2.1 (__set_errno is obselete it seems) changes from 2.64 to 2.65 ------------------------- * mods to compile with OpenLDAP 2 changes from 2.63 to 2.64 ------------------------- * changed alias schema to Sun SDS nisMailAlias schema * updated TODO list to reflect Bugzilla entries * restored capitalization of attributes for "niceness" changes from 2.62 to 2.63 ------------------------- * added patch from gero@faveve.uni-stuttgart.de for parsing of ldap.conf with tabs * some fixes for BSDI BSD/OS IRS changes from 2.61 to 2.62 ------------------------- * added experimental support for DN-membered groups; to enable, define RFC2307BIS * fixed align bug (where buflen wasn't being decremented after pointer alignment) changes from 2.60 to 2.61 ------------------------- * added warning about compiling with DS 4.1 LDAP SDK changes from 2.59 to 2.60 ------------------------- * fixed missing close brace changes from 2.56 to 2.59 ------------------------- * pw_comment field defaults to pw_gecos (Solaris only) changes from 2.55 to 2.56 ------------------------- * fixed Makefile.linux.mozilla NSSLIBVER changes from 2.54.6 to 2.55 --------------------------- * merged in glibc-2.1 branch changes from 2.54.5 to 2.54.6 ----------------------------- * misc fixes. changes from 2.54.4 to 2.54.5 ----------------------------- * misc fixes. changes from 2.54.3 to 2.54.4 ----------------------------- * glibc-2.1 patches from bcollins@debian.org changes from 2.51 to 2.54.3 --------------------------- * glibc-2.1 support. (Recall #93) * set erange correctly on Solaris (related to above) * added rebind function changes from 2.49 to 2.51 ------------------------- * added stuff for RC changes from 2.47 to 2.49 ------------------------- * configuration file is now case insensitive changes from 2.45 to 2.47 ------------------------- * RFC2052BIS (_ldap._tcp) support changes from 2.44 to 2.45 ------------------------- * added #include to globals.c changes from 2.42 to 2.44 ------------------------- * NULL search base allowed (omit basedn from config file) changes from 2.39 to 2.42 ------------------------- * fixed potential crasher in dnsconfig.c * LDAP session is now persistent for performance reasons. Removed references to the session anywhere outside ldap-nss.c. The process ID is cached and the session reopened after a fork(). changes from 2.38 to 2.39 ------------------------- * fixed warning in ldap-ethers.c (removed const from struct ether) * added ldap_version keyword to ldap.conf for parity with pam_ldap changes from 2.37 to 2.38 ------------------------- * debugged ldap_explode_rdn() code * added support for Mozilla LDAP client library; see Makefile.linux.mozilla and ltf.c for more information. Thanks to Netscape for making their library available. changes from 2.36 to 2.37 ------------------------- * moved to CVS repository and Linux as development environment * incorporated ldap-service.c fix from Greg changes from 2.35 to 2.36 ------------------------- * util.c: will use ldap_explode_rdn() if it exists changes from 2.34 to 2.35 ------------------------- * made util.c compile again. Silly me. changes from 2.33 to 2.34 ------------------------- * fixed #endif in testpw.c * fixed another DN freeing leak in util.c * added RFC 2307 to distribution (fixed the two typos in it: * fixed bug in ...getrdnvalue() (thanks, Greg) * diff rfc2307.txt ~/rfc2307.txt 480c480 < MUST ( cn $ ipProtocolNumber ) --- > MUST ( cn $ ipProtocolNumber $ description ) 1038c1038 < lester:X5/DBrWPOQQaI:10:10:Lester:/home/lester:/bin/csh --- > lester:X5/DBrWPOQQaI:10:10:Lester:/home/lester:/bin/sh changes from 2.32 to 2.33 ------------------------- * rolled in more patches from greg@rage.net: * removed _r from setXXXent and endXXXent functions for GNU_NSS * cleaned up testpw.c to use pthreads and protos * fixed prototype for gethostbyaddr_r on GNU_NSS * braced conditional in getservbyname_r * merged in Makefile.linux and README.LINUX diffs * added htons(port) in getservbyport_r * added nsswitch.test * added ldaptest.pl * added ldap.conf.ragenet changes from 2.31 to 2.32 ------------------------- * moved Makefile to Makefile.solaris * cleaned up mutex code for Linux, hopefully changes from 2.30 to 2.31 ------------------------- * fixed leak in util.c (need to free dn) * rolled in patches from greg@rage.net: * fixed ldap-ethers.c to use struct ether * fixed bracing in ldap-hosts.c (?) * added SSLEAY patch to ldap-nss.h * fixed locking in ldap-nss.h * Makefile changes incorporated into Makefile.linux changes from 2.29e to 2.30 -------------------------- * synced into DevMan repository again * RFC 2307 is the one! changes from 2.29d to 2.29e --------------------------- * util.c: fixed memory leak (call to ldap_value_free()) changes from 2.29c to 2.29d --------------------------- * ldap-ethers.c: fixed to use HOSTNAME attribute changes from 2.29b to 2.29c --------------------------- * ieee8022Device -> ieee802Device changes from 2.29a to 2.29b --------------------------- * added ieee8022Device and bootableDevice classes, at Sun's request. changes from 2.29 to 2.29a -------------------------- * dc -> cn changes from 2.28 to 2.29 ------------------------- * changed host/network/ethers naming schema see the -02 draft revision for more info changes from 2.27 to 2.28 ------------------------- * ldap-pwd.c, ldap-spwd.c: fixed tmpbuf stuff. Yuck. changes from 2.26 to 2.27 ------------------------- * ANNOUNCE: reflected draft-howard-nis-schema-01.txt * ldap-spwd.c: default for shadow integer values is -1, not 0 and fixed crasher (thanks to dj@gregor.com) changes from 2.25 to 2.26 ------------------------- * globals.c: added offset stuff back for mapping errnumbers. Weird: this stuff *was* in an earlier version of the work area. I have no idea where it went. Scary. changes from 2.24 to 2.25 ------------------------- * irs-nss.h: added prototype for irs_ldap_acc() * ldap-*.[ch]: removed redundent PARSER macro * unbroke for GNU NSS (context_key_t changed to context_handle_t) changes from 2.23 to 2.24 ------------------------- * irs-nss.c: added dispatch table for IRS library * testpw5.c: added additional test program * ldap-nss.c: removed spurious debug statement * ldap-nss.c, util.c, dnsconfig.c: cleaned up memory allocation for config. (This could be improved, but there is no longer a static ldap_config_t structure.) * Makefile: general cleanup changes from 2.22 to 2.23 ------------------------- * default destructor is now simply wrapped around by individual backend destructors * __EXTENSIONS__ defined for Solaris 2.6 to import strncasecmp() * getbyname: fixed crasher in ldap-nss.c due to uninitialized variable * ldap-parse.h, assorted others: tidied up resolver calls to use NSS_ARGS() macro and not to interfere with the previous backend's status (bad thing!) * ldap-service.c: cleaned up potential uninitialized var in parser * ldap-nss.c: no valued arrays are now { NULL } instead of NULL. changes from 2.21 to 2.22 ------------------------- * testpw.c: XXX problem. dies with segfault, but gdb doesn't give me enough information; it's definitely within nss_ldap.so though. I just can't see the symbols. (Maybe dbx would be better...) However, testpw doesn't work at *all* under 2.5.1, and technically it shouldn't as it's not linked against liblthread. I haven't been able to duplicate this with testpw2, which is the same code linked with the thread library. * backported to NeXT changes from 2.20 to 2.21 ------------------------- * resolve.h: renamed functions so as to keep namespace clean * snprintf.h: tidied up for systems which already have snprintf() and renamed anyway to keep namespace clean (_nss_ldap_snprintf) * ldap-*.h: made character constants const to avoid nasty warnings * globals.[ch]: as above * README, TODO, ANNOUNCE: general documentation updates * ldap-nss.c, et al: general work on Solaris 2.6 port, to get nscd working. Lots of fiddling with the locking. * Major architectural changes to Solaris NSS implementation. Thread specific data is now stored in the backend, where it should be: just like it is in IRS. Locking is a little more coarse now, but it will do for the moment. * Paul Henson's DCE module gave me the inspiration to do the backend stuff the "right" way -- thanks, Paul! * As a result, a lot of the bugs listed in TODO have mysteriously fixed themselves. :-) changes from 2.19 to 2.20 ------------------------- * Makefile.*: ensured resolve.[ch] and dnsconfig.[ch] were there. * Makefile: should link now with gcc -shared instead of requiring cc. changes from 2.18 to 2.19 ------------------------- * testpw4.c: added irs hostbyname() test * Makefile: added correct flags to build position indepdenent code with Sun's compiler (thanks, Bill). Added SRV sources. * testpw.c: works under NeXT, cleaned up a bit. * ldap.conf: documented what this file does * util.c: ignore blank lines in ldap.conf properly * resolve.h: fixed up for Solaris changes from 2.17 to 2.18 ------------------------- * ldap-network.c: fixed infinite loop in getnetbyname() * util.c: goto out causes a compiler warning under Solaris. Documented this. Should fix this, I suppose, but we need to break out of two blocks. (We could remove the code that handles multivalued DNs, as it's fairly unlikely that someone will use a DN of o=Xedoc+dc=xedoc,c=US+dc=com, but who knows?) * ldap-ethers.c: line 215, result was not assigned to an lvalue (should have been args->status, not args). Fixed. changes from 2.16 to 2.17 ------------------------- * Cleaned up documentation and testpw4.c * dnsconfig.c: Fixed strtok() bug which was clobbering domain changes from 2.15 to 2.16 ------------------------- * util.c (_nss_ldap_readconfig) fixed strtok() typo changes from 2.2 to 2.15 ------------------------ * dnsconfig.c: got DNS SRV support working under NEXTSTEP * util.c: (_nss_ldap_getdomainname) made host and network DN parsing compliant with current draft changes from 2.1 to 2.2 ----------------------- * I'll get around to merging in the RCS log here one day. Nothing very exciting happened, I just backported the code to NEXTSTEP and compiled it. nss-pam-ldapd-0.8.13/depcomp0000755000175000001440000005064312141433522012542 00000000000000#! /bin/sh # depcomp - compile a program generating dependencies as side-effects scriptversion=2012-03-27.16; # UTC # Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009, 2010, # 2011, 2012 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Originally written by Alexandre Oliva . case $1 in '') echo "$0: No command. Try '$0 --help' for more information." 1>&2 exit 1; ;; -h | --h*) cat <<\EOF Usage: depcomp [--help] [--version] PROGRAM [ARGS] Run PROGRAMS ARGS to compile a file, generating dependencies as side-effects. Environment variables: depmode Dependency tracking mode. source Source file read by 'PROGRAMS ARGS'. object Object file output by 'PROGRAMS ARGS'. DEPDIR directory where to store dependencies. depfile Dependency file to output. tmpdepfile Temporary file to use when outputting dependencies. libtool Whether libtool is used (yes/no). Report bugs to . EOF exit $? ;; -v | --v*) echo "depcomp $scriptversion" exit $? ;; esac # A tabulation character. tab=' ' # A newline character. nl=' ' if test -z "$depmode" || test -z "$source" || test -z "$object"; then echo "depcomp: Variables source, object and depmode must be set" 1>&2 exit 1 fi # Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po. depfile=${depfile-`echo "$object" | sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`} tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} rm -f "$tmpdepfile" # Some modes work just like other modes, but use different flags. We # parameterize here, but still list the modes in the big case below, # to make depend.m4 easier to write. Note that we *cannot* use a case # here, because this file can only contain one case statement. if test "$depmode" = hp; then # HP compiler uses -M and no extra arg. gccflag=-M depmode=gcc fi if test "$depmode" = dashXmstdout; then # This is just like dashmstdout with a different argument. dashmflag=-xM depmode=dashmstdout fi cygpath_u="cygpath -u -f -" if test "$depmode" = msvcmsys; then # This is just like msvisualcpp but w/o cygpath translation. # Just convert the backslash-escaped backslashes to single forward # slashes to satisfy depend.m4 cygpath_u='sed s,\\\\,/,g' depmode=msvisualcpp fi if test "$depmode" = msvc7msys; then # This is just like msvc7 but w/o cygpath translation. # Just convert the backslash-escaped backslashes to single forward # slashes to satisfy depend.m4 cygpath_u='sed s,\\\\,/,g' depmode=msvc7 fi if test "$depmode" = xlc; then # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency informations. gccflag=-qmakedep=gcc,-MF depmode=gcc fi case "$depmode" in gcc3) ## gcc 3 implements dependency tracking that does exactly what ## we want. Yay! Note: for some reason libtool 1.4 doesn't like ## it if -MD -MP comes after the -MF stuff. Hmm. ## Unfortunately, FreeBSD c89 acceptance of flags depends upon ## the command line argument order; so add the flags where they ## appear in depend2.am. Note that the slowdown incurred here ## affects only configure: in makefiles, %FASTDEP% shortcuts this. for arg do case $arg in -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;; *) set fnord "$@" "$arg" ;; esac shift # fnord shift # $arg done "$@" stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi mv "$tmpdepfile" "$depfile" ;; gcc) ## There are various ways to get dependency output from gcc. Here's ## why we pick this rather obscure method: ## - Don't want to use -MD because we'd like the dependencies to end ## up in a subdir. Having to rename by hand is ugly. ## (We might end up doing this anyway to support other compilers.) ## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like ## -MM, not -M (despite what the docs say). ## - Using -M directly means running the compiler twice (even worse ## than renaming). if test -z "$gccflag"; then gccflag=-MD, fi "$@" -Wp,"$gccflag$tmpdepfile" stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" echo "$object : \\" > "$depfile" alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ## The second -e expression handles DOS-style file names with drive letters. sed -e 's/^[^:]*: / /' \ -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" ## This next piece of magic avoids the "deleted header file" problem. ## The problem is that when a header file which appears in a .P file ## is deleted, the dependency causes make to die (because there is ## typically no way to rebuild the header). We avoid this by adding ## dummy dependencies for each header file. Too bad gcc doesn't do ## this for us directly. tr ' ' "$nl" < "$tmpdepfile" | ## Some versions of gcc put a space before the ':'. On the theory ## that the space means something, we add a space to the output as ## well. hp depmode also adds that space, but also prefixes the VPATH ## to the object. Take care to not repeat it in the output. ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \ | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; hp) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, # since it is checked for above. exit 1 ;; sgi) if test "$libtool" = yes; then "$@" "-Wp,-MDupdate,$tmpdepfile" else "$@" -MDupdate "$tmpdepfile" fi stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files echo "$object : \\" > "$depfile" # Clip off the initial element (the dependent). Don't try to be # clever and replace this with sed code, as IRIX sed won't handle # lines with more than a fixed number of characters (4096 in # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; # the IRIX cc adds comments like '#:fec' to the end of the # dependency line. tr ' ' "$nl" < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \ tr "$nl" ' ' >> "$depfile" echo >> "$depfile" # The second pass generates a dummy entry for each header file. tr ' ' "$nl" < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ >> "$depfile" else # The sourcefile does not contain any dependencies, so just # store a dummy comment line, to avoid errors with the Makefile # "include basename.Plo" scheme. echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" ;; xlc) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, # since it is checked for above. exit 1 ;; aix) # The C for AIX Compiler uses -M and outputs the dependencies # in a .u file. In older versions, this file always lives in the # current directory. Also, the AIX compiler puts '$object:' at the # start of each line; $object doesn't have directory information. # Version 6 uses the directory in both cases. dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` test "x$dir" = "x$object" && dir= base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` if test "$libtool" = yes; then tmpdepfile1=$dir$base.u tmpdepfile2=$base.u tmpdepfile3=$dir.libs/$base.u "$@" -Wc,-M else tmpdepfile1=$dir$base.u tmpdepfile2=$dir$base.u tmpdepfile3=$dir$base.u "$@" -M fi stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" exit $stat fi for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" do test -f "$tmpdepfile" && break done if test -f "$tmpdepfile"; then # Each line is of the form 'foo.o: dependent.h'. # Do two passes, one to just change these to # '$object: dependent.h' and one to simply 'dependent.h:'. sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" sed -e 's,^.*\.[a-z]*:['"$tab"' ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" else # The sourcefile does not contain any dependencies, so just # store a dummy comment line, to avoid errors with the Makefile # "include basename.Plo" scheme. echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" ;; icc) # Intel's C compiler anf tcc (Tiny C Compiler) understand '-MD -MF file'. # However on # $CC -MD -MF foo.d -c -o sub/foo.o sub/foo.c # ICC 7.0 will fill foo.d with something like # foo.o: sub/foo.c # foo.o: sub/foo.h # which is wrong. We want # sub/foo.o: sub/foo.c # sub/foo.o: sub/foo.h # sub/foo.c: # sub/foo.h: # ICC 7.1 will output # foo.o: sub/foo.c sub/foo.h # and will wrap long lines using '\': # foo.o: sub/foo.c ... \ # sub/foo.h ... \ # ... # tcc 0.9.26 (FIXME still under development at the moment of writing) # will emit a similar output, but also prepend the continuation lines # with horizontal tabulation characters. "$@" -MD -MF "$tmpdepfile" stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" # Each line is of the form 'foo.o: dependent.h', # or 'foo.o: dep1.h dep2.h \', or ' dep3.h dep4.h \'. # Do two passes, one to just change these to # '$object: dependent.h' and one to simply 'dependent.h:'. sed -e "s/^[ $tab][ $tab]*/ /" -e "s,^[^:]*:,$object :," \ < "$tmpdepfile" > "$depfile" sed ' s/[ '"$tab"'][ '"$tab"']*/ /g s/^ *// s/ *\\*$// s/^[^:]*: *// /^$/d /:$/d s/$/ :/ ' < "$tmpdepfile" >> "$depfile" rm -f "$tmpdepfile" ;; hp2) # The "hp" stanza above does not work with aCC (C++) and HP's ia64 # compilers, which have integrated preprocessors. The correct option # to use with these is +Maked; it writes dependencies to a file named # 'foo.d', which lands next to the object file, wherever that # happens to be. # Much of this is similar to the tru64 case; see comments there. dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` test "x$dir" = "x$object" && dir= base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` if test "$libtool" = yes; then tmpdepfile1=$dir$base.d tmpdepfile2=$dir.libs/$base.d "$@" -Wc,+Maked else tmpdepfile1=$dir$base.d tmpdepfile2=$dir$base.d "$@" +Maked fi stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile1" "$tmpdepfile2" exit $stat fi for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" do test -f "$tmpdepfile" && break done if test -f "$tmpdepfile"; then sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile" # Add 'dependent.h:' lines. sed -ne '2,${ s/^ *// s/ \\*$// s/$/:/ p }' "$tmpdepfile" >> "$depfile" else echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" "$tmpdepfile2" ;; tru64) # The Tru64 compiler uses -MD to generate dependencies as a side # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'. # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put # dependencies in 'foo.d' instead, so we check for that too. # Subdirectories are respected. dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` test "x$dir" = "x$object" && dir= base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` if test "$libtool" = yes; then # With Tru64 cc, shared objects can also be used to make a # static library. This mechanism is used in libtool 1.4 series to # handle both shared and static libraries in a single compilation. # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d. # # With libtool 1.5 this exception was removed, and libtool now # generates 2 separate objects for the 2 libraries. These two # compilations output dependencies in $dir.libs/$base.o.d and # in $dir$base.o.d. We have to check for both files, because # one of the two compilations can be disabled. We should prefer # $dir$base.o.d over $dir.libs/$base.o.d because the latter is # automatically cleaned when .libs/ is deleted, while ignoring # the former would cause a distcleancheck panic. tmpdepfile1=$dir.libs/$base.lo.d # libtool 1.4 tmpdepfile2=$dir$base.o.d # libtool 1.5 tmpdepfile3=$dir.libs/$base.o.d # libtool 1.5 tmpdepfile4=$dir.libs/$base.d # Compaq CCC V6.2-504 "$@" -Wc,-MD else tmpdepfile1=$dir$base.o.d tmpdepfile2=$dir$base.d tmpdepfile3=$dir$base.d tmpdepfile4=$dir$base.d "$@" -MD fi stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" exit $stat fi for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" do test -f "$tmpdepfile" && break done if test -f "$tmpdepfile"; then sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" sed -e 's,^.*\.[a-z]*:['"$tab"' ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" else echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" ;; msvc7) if test "$libtool" = yes; then showIncludes=-Wc,-showIncludes else showIncludes=-showIncludes fi "$@" $showIncludes > "$tmpdepfile" stat=$? grep -v '^Note: including file: ' "$tmpdepfile" if test "$stat" = 0; then : else rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" echo "$object : \\" > "$depfile" # The first sed program below extracts the file names and escapes # backslashes for cygpath. The second sed program outputs the file # name when reading, but also accumulates all include files in the # hold buffer in order to output them again at the end. This only # works with sed implementations that can handle large buffers. sed < "$tmpdepfile" -n ' /^Note: including file: *\(.*\)/ { s//\1/ s/\\/\\\\/g p }' | $cygpath_u | sort -u | sed -n ' s/ /\\ /g s/\(.*\)/'"$tab"'\1 \\/p s/.\(.*\) \\/\1:/ H $ { s/.*/'"$tab"'/ G p }' >> "$depfile" rm -f "$tmpdepfile" ;; msvc7msys) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, # since it is checked for above. exit 1 ;; #nosideeffect) # This comment above is used by automake to tell side-effect # dependency tracking mechanisms from slower ones. dashmstdout) # Important note: in order to support this mode, a compiler *must* # always write the preprocessed file to stdout, regardless of -o. "$@" || exit $? # Remove the call to Libtool. if test "$libtool" = yes; then while test "X$1" != 'X--mode=compile'; do shift done shift fi # Remove '-o $object'. IFS=" " for arg do case $arg in -o) shift ;; $object) shift ;; *) set fnord "$@" "$arg" shift # fnord shift # $arg ;; esac done test -z "$dashmflag" && dashmflag=-M # Require at least two characters before searching for ':' # in the target name. This is to cope with DOS-style filenames: # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise. "$@" $dashmflag | sed 's:^['"$tab"' ]*[^:'"$tab"' ][^:][^:]*\:['"$tab"' ]*:'"$object"'\: :' > "$tmpdepfile" rm -f "$depfile" cat < "$tmpdepfile" > "$depfile" tr ' ' "$nl" < "$tmpdepfile" | \ ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; dashXmstdout) # This case only exists to satisfy depend.m4. It is never actually # run, as this mode is specially recognized in the preamble. exit 1 ;; makedepend) "$@" || exit $? # Remove any Libtool call if test "$libtool" = yes; then while test "X$1" != 'X--mode=compile'; do shift done shift fi # X makedepend shift cleared=no eat=no for arg do case $cleared in no) set ""; shift cleared=yes ;; esac if test $eat = yes; then eat=no continue fi case "$arg" in -D*|-I*) set fnord "$@" "$arg"; shift ;; # Strip any option that makedepend may not understand. Remove # the object too, otherwise makedepend will parse it as a source file. -arch) eat=yes ;; -*|$object) ;; *) set fnord "$@" "$arg"; shift ;; esac done obj_suffix=`echo "$object" | sed 's/^.*\././'` touch "$tmpdepfile" ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" rm -f "$depfile" # makedepend may prepend the VPATH from the source file name to the object. # No need to regex-escape $object, excess matching of '.' is harmless. sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile" sed '1,2d' "$tmpdepfile" | tr ' ' "$nl" | \ ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" "$tmpdepfile".bak ;; cpp) # Important note: in order to support this mode, a compiler *must* # always write the preprocessed file to stdout. "$@" || exit $? # Remove the call to Libtool. if test "$libtool" = yes; then while test "X$1" != 'X--mode=compile'; do shift done shift fi # Remove '-o $object'. IFS=" " for arg do case $arg in -o) shift ;; $object) shift ;; *) set fnord "$@" "$arg" shift # fnord shift # $arg ;; esac done "$@" -E | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' | sed '$ s: \\$::' > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" cat < "$tmpdepfile" >> "$depfile" sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; msvisualcpp) # Important note: in order to support this mode, a compiler *must* # always write the preprocessed file to stdout. "$@" || exit $? # Remove the call to Libtool. if test "$libtool" = yes; then while test "X$1" != 'X--mode=compile'; do shift done shift fi IFS=" " for arg do case "$arg" in -o) shift ;; $object) shift ;; "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") set fnord "$@" shift shift ;; *) set fnord "$@" "$arg" shift shift ;; esac done "$@" -E 2>/dev/null | sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile" echo "$tab" >> "$depfile" sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile" rm -f "$tmpdepfile" ;; msvcmsys) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, # since it is checked for above. exit 1 ;; none) exec "$@" ;; *) echo "Unknown depmode $depmode" 1>&2 exit 1 ;; esac exit 0 # Local Variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: nss-pam-ldapd-0.8.13/ChangeLog0000644000175000001440000006175012141475566012756 000000000000002013-05-05 11:50 arthur * [r1958] ., compat/ldap_initialize.c: remove not needed define (r1897 from 0.9) 2013-05-05 11:45 arthur * [r1957] configure.ac: add some missing checks to the configure script (117327e from 0.9) 2013-05-05 11:39 arthur * [r1956] tests/test_nsscmds.sh: make the NSS tests dependant on the configuration of nsswitch.conf (302c2fa from 0.9) 2013-05-05 10:59 arthur * [r1955] tests/test_tio.c: support systems without ETIME (5e0bb05 from 0.9) 2013-05-05 10:55 arthur * [r1954] tests/test_pamcmds.sh: small portability fix in test_pamcmds.sh (24c565c from 0.9) 2013-05-05 10:53 arthur * [r1953] configure.ac: guess the value for --with-pam-seclib-dir if it is not specified (0b5b4d1 from 0.9) 2013-04-28 20:32 arthur * [r1950] ., nslcd.h, nslcd/cfg.h, nslcd/common.h, nslcd/myldap.c, nslcd/nslcd.c, nslcd/pam.c, nslcd/service.c, pam/pam.c, pynslcd/alias.py, pynslcd/shadow.py: various typo and other comment fixes (4b01125, b0785de, bfdf7cd, 4689d5f, dba048b, ebe5705 and 122c38d from 0.9) 2013-04-28 20:20 arthur * [r1949] tests/test_myldap.c: do not rely on printf() being able to print NULL strings (8790b40 from 0.9) 2013-04-28 14:56 arthur * [r1948] nslcd/cfg.c: the argument to nss_min_uid must be numeric 2013-04-28 14:50 arthur * [r1947] nslcd/cfg.c: handle the case where getpwuid() returns NULL 2013-04-28 14:16 arthur * [r1946] man/Makefile.am: fix the way manual pages are installed (b5b4239 from 0.9) 2013-04-28 13:26 arthur * [r1945] nss/common.c, nss/exports.freebsd, nss/exports.glibc, nss/exports.solaris: define and export an _nss_ldap_version symbol (3155cdf and 11283a5 from 0.9) 2013-04-28 13:14 arthur * [r1944] nss/common.h: return NSS_STATUS_TRYAGAIN on zero-length (but not-NULL) buffer (thanks Jakub Hrozek) (f21efd6 from 0.9) 2013-04-28 12:54 arthur * [r1943] nslcd/service.c: only log protocol name if it is present (6a92621 and 402d3f3 from 0.9) 2013-04-28 12:35 arthur * [r1942] ., configure.ac: drop -Wcase-qual when using --enable-warnings because it was causing too much noise (r1908 aka. 2a73fa1 from 0.9) 2013-04-28 12:16 arthur * [r1941] pam/pam.c: revert r1939 because it doesn't work on 0.8 2013-04-28 11:29 arthur * [r1940] nss/shadow.c: fix the text representation of shadow information for nscd on Solaris (7926326 from 0.9) 2013-04-28 11:15 arthur * [r1939] pam/pam.c: save the old password if either the authentication or the authorisation response is NEW_AUTHTOK_REQD (c89c41b from 0.9) 2013-04-28 11:08 arthur * [r1938] nslcd/pam.c: retry updating the lastChange attribute with the normal nslcd LDAP connection if the update with the user's connection failed (2f6f6a2 from 0.9) 2013-02-23 21:40 arthur * [r1935] nslcd/nslcd.c: extra sanity check to ensure not too many file descriptors are open (a9aea20f136026d6553295727350c88fe2431e0c from 0.9) 2013-02-23 21:23 arthur * [r1934] ., nslcd/cfg.c, nslcd/group.c, nslcd/passwd.c, nslcd/shadow.c: check result of set_tolist() to ensure that memory allocation problems are logged (r1911 from 0.9) 2013-02-23 21:15 arthur * [r1933] ., nslcd/myldap.c: fix memory leak in myldap_get_values_len() when using ranged attributes (very unlikely to occur) (r1910 from 0.9) 2013-02-23 21:11 arthur * [r1932] ., nslcd/myldap.c: fix a problem in memory handling in myldap_get_values_len() if malloc() would fail (r1909 from 0.9) 2013-01-16 22:14 arthur * [r1919] man/Makefile.am: fix the way manual pages are generated and distributed 2013-01-11 12:21 arthur * [r1907] nslcd/cfg.c: correctly handle the case where the gid option is before the uid option in the configuration (fixes r1723) 2012-12-20 22:21 arthur * [r1871] ., nslcd/passwd.c: don't process the passwd_byuid request at all for uids < nss_min_uid (r1870 from trunk) 2012-12-20 17:14 arthur * [r1869] ., nslcd/myldap.c: fix logic error (use && instead of & for logical and) (r1868 from trunk) 2012-12-08 22:48 arthur * [r1850] ., common/tio.c: fix setting deadline microsecond value (thanks Julien Cristau) (r1848 from trunk) 2012-11-18 21:14 arthur * [r1837] Makefile.am: fix the way ChangeLog is generated for branch 2012-11-18 21:04 arthur * [r1836] .: start a 0.8 maintenance branch 2012-11-18 20:40 arthur * [r1834] ChangeLog, NEWS, TODO, configure.ac, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml, man/pynslcd.8.xml: get files ready for 0.8.12 release 2012-11-18 20:13 arthur * [r1833] configure.ac, nss/passwd.c: properly initialise passwd.pw_class on FreeBSD to empty string (was set to NULL due to the memset which was introduced in r1767) 2012-11-17 16:40 arthur * [r1832] pam/pam.c: use pam_modutil_getpwnam() instead of getpwnam() in PAM module 2012-11-17 16:38 arthur * [r1831] man/nslcd.8.xml, man/pynslcd.8.xml: fix formatting and improve consistency in manaual pages 2012-11-16 19:56 arthur * [r1828] man/nslcd.8.xml, man/pynslcd.8.xml: remove dots from short description in manual page 2012-11-16 16:57 arthur * [r1827] nslcd/config.c: fix comment in header 2012-11-13 20:03 arthur * [r1824] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/myldap.c, pynslcd/cfg.py, pynslcd/pynslcd.py: to only set LDAP_OPT_X_SASL_NOCANON if the sasl_canonicalize option is explicitly set in the configuration file 2012-11-11 22:46 arthur * [r1823] pam/pam.c: log the PAM error message along with the message from nslcd if it is available 2012-11-11 16:44 arthur * [r1822] .gitignore: add a .gitignore file for those working with git 2012-11-11 16:40 arthur * [r1821] common/nslcd-prot.c: set FD_CLOEXEC in NSS and PAM modules to ensure that nslcd file descriptor is not leaked to child processes 2012-11-11 14:02 arthur * [r1814] nslcd/myldap.c: log connection message before clearing error indicators to not hide these log messages in most configurations (fixes r1095) 2012-10-28 20:13 arthur * [r1812] nss/Makefile.am, nss/common.h, nss/group.c, nss/hosts.c, nss/networks.c, nss/passwd.c, nss/protocols.c, nss/rpc.c, nss/services.c, nss/shadow.c, nss/solnss.h: refactor the read_result() functions into a common macro and move all the Solaris-specific definitions to solnss.h 2012-10-28 19:14 arthur * [r1811] nss/hosts.c: combine read_hostent_erronempty() and read_hostent_nextonempty() into a read_hostent() with a retry parameter 2012-10-28 15:09 arthur * [r1810] nss/group.c: fix typo (thanks Ted C. Cheng) 2012-10-26 11:51 arthur * [r1809] nss/group.c: fix buffer size checking in group by member NSS function on Solaris 2012-10-26 11:48 arthur * [r1808] nss/ethers.c, nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c, nss/passwd.c, nss/protocols.c, nss/rpc.c, nss/services.c, nss/shadow.c: introduce ent2str() functions for each database (except ether and netgroup) and make buffer handling consistent (for Solaris) 2012-10-21 14:36 arthur * [r1807] configure.ac: remove duplicate checks from the configure script 2012-10-21 14:26 arthur * [r1806] man: ignore generated pynslcd manual pages 2012-10-21 14:24 arthur * [r1805] nss/passwd.c: fix a problem on Solaris (fixes r1793) 2012-10-21 13:46 arthur * [r1804] man/Makefile.am, man/nslcd.8.xml, man/pynslcd.8.xml: make a pynslcd manual page and install it if pynslcd is enabled (and small fix in nslcd manual page) 2012-10-19 20:34 arthur * [r1803] common/expr.c, tests/test_expr.c: allow attribute options in attribute mapping expressions 2012-10-14 20:22 arthur * [r1798] ChangeLog, NEWS, configure.ac, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.8.11 release 2012-10-14 16:09 arthur * [r1797] configure.ac: remove extra code that sets PACKAGE_URL (which isn't used) 2012-10-14 15:20 arthur * [r1796] nss/netgroup.c: do not clear the netgroup struct because it contains information for others as well (fixes r1767) 2012-10-14 14:51 arthur * [r1795] nslcd/nslcd.c: if nslcd creates the state directory, try to set the right ownership 2012-10-13 21:41 arthur * [r1794] nss/passwd.c: include missing definition (fixes r1793) 2012-10-13 21:38 arthur * [r1793] nss/passwd.c: do proper range checking and replace READ_RESULT macro with read_result function (Solaris) 2012-10-13 21:14 arthur * [r1792] nss/hosts.c: return correct error for buffer too small (Solaris) 2012-10-13 21:08 arthur * [r1791] HACKING, nss/ethers.c: in ether handling only write to output values and return correct error for buffer too small 2012-10-13 21:05 arthur * [r1790] nss/common.h: on Solaris initialise the output values 2012-10-13 20:03 arthur * [r1789] nss/common.h: fix code indentation 2012-10-13 13:35 arthur * [r1787] tests/common.h: provide alternatives for assertion failures on Solaris and FreeBSD 2012-10-13 13:04 arthur * [r1786] Makefile.am: pass CPPFLAGS and LDFLAGS to distcheck's configure and put nslcd.conf under prefix 2012-10-13 13:02 arthur * [r1785] pynslcd/Makefile.am: use $(top_srcdir)/nslcd.h instead of $< to avoid problems with FreeBSD's make 2012-10-13 12:15 arthur * [r1784] tests/test_tio.c: update tests to new tio interface (fixes r1783) 2012-10-12 19:49 arthur * [r1783] common/nslcd-prot.c, common/tio.c, common/tio.h, nslcd/nslcd.c: use poll() instead of select() for checking file descriptor activity to also correctly work if more than FD_SETSIZE files are already open 2012-10-12 15:25 arthur * [r1781] common/tio.c: check if the file descriptor can be stored in the select() file descriptor set 2012-10-12 15:11 arthur * [r1780] README: small clarifications to shadow properties 2012-09-16 15:57 arthur * [r1771] nslcd/passwd.c: fix problem storing negative hit to dn2uid cache (thanks scan-build) 2012-09-16 15:51 arthur * [r1770] nslcd/myldap.c: fix logic error when falling back to getting ranged attribute values for possibly binary attributes (thanks scan-build) 2012-09-16 15:47 arthur * [r1769] nslcd/myldap.c: swap values and buf assignment to avoid compiler alignment warnings 2012-09-15 18:18 arthur * [r1768] nslcd/passwd.c: only check nsswitch.conf for shadow mapping on glibc (Solaris shadow map follows passwd's mapping and FreeBSD doesn't have shadow at all) 2012-09-15 17:51 arthur * [r1767] nss/aliases.c, nss/ethers.c, nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c, nss/passwd.c, nss/protocols.c, nss/rpc.c, nss/services.c, nss/shadow.c: clear the *ent structs before writing fields to avoid problems with extra fields (fixes password field weirdness on Solaris 10) 2012-09-14 21:08 arthur * [r1766] nss/hosts.c: fix host name lookups for Solaris (tested with Solaris 10) 2012-09-14 18:57 arthur * [r1765] nss/ethers.c: use the standard constructor and destructor eventhough be->fp isn't used 2012-09-14 18:54 arthur * [r1764] nss/ethers.c: fix ethernet lookups for Solaris (tested with Solaris 10) 2012-09-14 12:25 arthur * [r1763] nslcd/alias.c, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: grow all search filter buffers to 4096 bytes (thanks flavio) 2012-09-14 12:23 arthur * [r1762] nslcd/pam.c: rename filter_buffer to filter for consistency 2012-09-08 19:20 arthur * [r1761] ChangeLog, ChangeLog-2011, Makefile.am: archive older ChangeLog entries in year files 2012-09-03 21:15 arthur * [r1749] nss/group.c: a few fixes in the Solaris group lookups 2012-09-03 21:07 arthur * [r1748] nss/common.h, nss/passwd.c: fix indenting of code 2012-09-03 21:04 arthur * [r1747] nss/ethers.c, nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c, nss/passwd.c, nss/protocols.c, nss/rpc.c, nss/services.c, nss/shadow.c: on Solaris store the errno value in NSS_ARGS(args)->erange 2012-09-01 21:25 arthur * [r1746] compat/pam_get_authtok.c: include a missing cast 2012-09-01 20:17 arthur * [r1745] nslcd/myldap.c: provide an alternative do_rebind() for Netscape LDAP 2012-09-01 20:14 arthur * [r1744] nslcd/nslcd.c: include an explicit cast to int when printing gid_t (fixes r1723) 2012-08-31 09:07 arthur * [r1736] depcomp: mark file as executable 2012-08-31 08:30 arthur * [r1735] man/nslcd.conf.5.xml, nslcd/cfg.c, pynslcd/cfg.py: change the default value of sasl_canonicalize to yes (thanks Marcus Moeller) 2012-08-14 19:45 arthur * [r1734] nslcd/myldap.c: remove variable definition that was introduced in r1626 but should have been removed in r1714 2012-08-14 19:34 arthur * [r1733] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/myldap.c, pynslcd/cfg.py, pynslcd/pynslcd.py: introduce a sasl_canonicalize option that will now, by default, disable reverse host name lookups in OpenLDAP 2012-07-23 21:52 arthur * [r1731] nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c: ensure that all places where stdint.h is included it is surrounded by #ifdefs 2012-07-21 21:33 arthur * [r1725] nslcd/common.h: only inlude stdint.h if we have it 2012-07-21 21:29 arthur * [r1724] nslcd/common.h: add missing includes to ensure all types are defined in header 2012-07-20 12:27 arthur * [r1723] configure.ac, nslcd/cfg.c, nslcd/cfg.h, nslcd/nslcd.c, pynslcd/pynslcd.py: on startup have the gid option default to the primary group of the specified user and load the user's supplementary groups 2012-07-20 11:00 arthur * [r1722] Makefile.am, ldapns.ldif: add an LDIF version of the ldapns.schema schema file 2012-07-15 19:24 arthur * [r1721] pynslcd/pynslcd.py: avoid setting tls_randfile twice and remove fixed FIXME (fixed in r1717) 2012-07-15 19:20 arthur * [r1720] pynslcd/pynslcd.py: set the pynslcd process name if possible 2012-07-15 13:02 arthur * [r1719] pynslcd/cfg.py: support getting pam_password_prohibit_message from configuration (but don't handle it yet) 2012-07-15 12:59 arthur * [r1718] pynslcd/cfg.py, pynslcd/pam.py: rename internal pam_authz_search to pam_authz_searches 2012-07-15 12:47 arthur * [r1717] pynslcd/pynslcd.py: properly set most LDAP options from configuration 2012-07-11 21:21 arthur * [r1716] pam/pam.c: also check pam_password_prohibit_message in pam_sm_authenticate() because Solaris does authentication before pam_sm_chauthtok() (thanks Ted Cheng) 2012-07-08 08:26 arthur * [r1715] man/nslcd.conf.5.xml, nslcd.h, nslcd/Makefile.am, nslcd/cfg.c, nslcd/cfg.h, nslcd/common.h, nslcd/config.c, nslcd/nslcd.c, nslcd/pam.c, pam/pam.c: implement a pam_password_prohibit_message nslcd.conf option to deny password change introducing a NSLCD_ACTION_CONFIG_GET request thanks to Ted Cheng 2012-07-08 07:17 arthur * [r1714] nslcd/myldap.c: remove duplicate getting of LDAP_OPT_DIAGNOSTIC_MESSAGE (should have been part of r1639) 2012-07-07 15:35 arthur * [r1713] AUTHORS, pynslcd/Makefile.am: ensure that cache.py is installed (thanks Jon Severinsson) 2012-06-29 09:56 arthur * [r1707] ChangeLog, NEWS, TODO, configure.ac, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.8.10 release 2012-06-29 09:55 arthur * [r1706] config.sub: update from latest automake 2012-06-17 09:25 arthur * [r1705] HACKING: minor documentation touch-ups 2012-06-15 21:29 arthur * [r1704] Makefile.am: install the default configuration file with reduced permissions (further protection for CVE-2009-1073) 2012-06-15 21:15 arthur * [r1703] nslcd/pam.c: log successful password change in nslcd and correctly terminate protocol on password change failure 2012-06-15 21:04 arthur * [r1702] pam/pam.c: fix problem with returning wrong error code when changing password with wrong old password (thanks Anton Helwart) 2012-05-25 09:04 arthur * [r1701] README: reword section on bug reporting and add a reference to the ignorecase option on the case sensitivity section 2012-05-25 08:47 arthur * [r1700] HACKING: include list of required libraries and do not put information on AUTHORS file on the patch requirements 2012-05-20 20:35 arthur * [r1695] ChangeLog, NEWS, configure.ac, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.8.9 release 2012-05-20 19:53 arthur * [r1694] nslcd/cfg.c, nslcd/common.c, nslcd/group.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: implement extra range checking of all numeric values 2012-05-18 14:21 arthur * [r1693] configure.ac, nslcd/myldap.c, nslcd/nslcd.c, nss/bsdnss.c: get rid of a few compiler warnings on FreeBSD 2012-05-11 12:27 arthur * [r1690] compat/nss_compat.h, configure.ac: provide a compatibility version of struct spwd for systems without it 2012-05-11 09:28 arthur * [r1688] compat/socket.h: fix fallback definition of SUN_LEN() (fixes r1686) 2012-05-09 20:16 arthur * [r1686] common/nslcd-prot.c, compat/Makefile.am, compat/nss_compat.h, compat/socket.h, nslcd/nslcd.c: provide a compatibility definition of SUN_LEN() for systems that lack it 2012-05-09 19:47 arthur * [r1685] nslcd/nslcd.c: remove duplicate debug from log message 2012-05-04 21:24 arthur * [r1684] pynslcd/pam.py: implement PAM authorisation check using pam_authz_search option 2012-05-04 20:20 arthur * [r1683] pynslcd/pam.py: ignore user-supplied DN for PAM requests and don't send it back 2012-05-04 20:13 arthur * [r1682] pynslcd/Makefile.am, pynslcd/attmap.py, pynslcd/cfg.py, pynslcd/expr.py: move expression handling to own module 2012-05-04 20:10 arthur * [r1681] pynslcd/common.py: ensure search also works without attribute map 2012-05-04 20:06 arthur * [r1680] pynslcd/cfg.py: small code style improvements 2012-05-04 13:36 arthur * [r1679] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/pam.c, pynslcd/cfg.py: allow the pam_authz_search option to be specified multiple times 2012-05-04 13:31 arthur * [r1678] nslcd/nslcd.c: don't try to close _SC_OPEN_MAX file descriptor 2012-05-02 21:11 arthur * [r1677] compat/pam_compat.h, compat/pam_get_authtok.c: move all PAM_AUTHTOK_RECOVERY_ERR compatibility definitions to compat/pam_compat.h 2012-04-29 20:46 arthur * [r1673] README: documentation touch-ups 2012-04-27 07:56 arthur * [r1662] ChangeLog, NEWS, configure.ac, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.8.8 release 2012-04-27 07:37 arthur * [r1660] Makefile.am, ldapns.schema: add a schema file that some people use for PAM 2012-04-26 19:42 arthur * [r1659] common/tio.c, common/tio.h, nss/common.h: split the functionality to read everything from the stream into a separate function and don't assume we use non-blocking IO (fix r1637) 2012-04-26 19:39 arthur * [r1658] tests/test_pamcmds.expect: support alternative unknown user response 2012-04-22 19:28 arthur * [r1653] ChangeLog, NEWS, configure.ac, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.8.7 release 2012-04-09 13:48 arthur * [r1649] compile, depcomp: update files from recent automake 2012-03-23 10:18 arthur * [r1643] nslcd/pam.c: increase buffer for pam_authz_search as suggested by Chris J Arges 2012-03-16 15:00 arthur * [r1642] pynslcd/attmap.py: support the upper and lower functions in attribute mapping expressions 2012-03-16 13:53 arthur * [r1641] pynslcd/attmap.py, pynslcd/common.py, pynslcd/pam.py: refactor some of the attribute mapping code to introduce a mapping instance that does the hard work and support the lower() and upper() attribute mapping functions 2012-03-16 12:48 arthur * [r1640] pynslcd/pynslcd.py: implement a getpeercred() function 2012-03-16 09:46 arthur * [r1639] nslcd/myldap.c: always try to log the ldap error, the diagnostic message and errno if available in a consistent format 2012-03-16 08:28 arthur * [r1638] nss/common.h: put both tio_skip() and tio_close() within if (fixes r1637) and clarify documentation of one part of the code 2012-03-14 20:31 arthur * [r1637] common/tio.c, common/tio.h, nss/common.h: read any remaining available data from the stream when closing the connection in a normal way to prevent Broken pipe messages in nslcd 2012-03-14 20:26 arthur * [r1636] common/tio.c: ensure that we don't try to read more than SSIZE_MAX bytes 2012-03-13 19:32 arthur * [r1635] AUTHORS, man/nslcd.conf.5.xml: document the fact that each thread opens it's own connection (patch by Chris Hiestand) 2012-03-13 18:29 arthur * [r1634] AUTHORS, man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/common.h, nslcd/group.c, nslcd/netgroup.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: make whether or not to do case-sensitive filtering configurable (patch by Matthew L. Dailey) 2012-03-13 18:03 arthur * [r1633] compile, config.guess, config.sub, missing: update from latest automake 2012-03-10 20:57 arthur * [r1632] nslcd/cfg.c: when doing DNS queries for SRV records recognise default ldap and ldaps ports 2012-03-10 20:41 arthur * [r1631] nslcd/common.h: add missing include for _POSIX_HOST_NAME_MAX (thanks Mel Flynn) 2012-03-10 20:17 arthur * [r1628] nslcd/pam.c: fix log message for invalid pam_authz_search as reported by Matt Rae 2012-03-05 22:27 arthur * [r1627] nslcd/myldap.c: remove extra newline from log message 2012-03-05 21:53 arthur * [r1626] compat/ldap_compat.h, nslcd/myldap.c: provide more detailed logging information for ldap_start_tls_s() failures (based on a patch by Mel Flynn) 2012-02-29 21:44 arthur * [r1625] nslcd/myldap.c: log the first 10 search results in debug mode to make debugging easier (patch by Matthijs Kooijman) 2012-02-29 21:26 arthur * [r1624] README, nslcd/nslcd.c: update copyright years 2012-01-29 15:37 arthur * [r1616] ChangeLog, NEWS, configure.ac, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.8.6 release 2012-01-29 15:13 arthur * [r1615] pynslcd/alias.py, pynslcd/cache.py, pynslcd/common.py, pynslcd/ether.py, pynslcd/group.py, pynslcd/host.py, pynslcd/netgroup.py, pynslcd/network.py, pynslcd/passwd.py, pynslcd/protocol.py, pynslcd/rpc.py, pynslcd/service.py, pynslcd/shadow.py: implement a naive offline cache 2012-01-29 14:50 arthur * [r1614] pynslcd/group.py: small simplification in group lookups (member attributes are not requested anyway) 2012-01-29 14:39 arthur * [r1613] pynslcd/alias.py, pynslcd/common.py, pynslcd/ether.py, pynslcd/group.py, pynslcd/host.py, pynslcd/netgroup.py, pynslcd/network.py, pynslcd/passwd.py, pynslcd/protocol.py, pynslcd/rpc.py, pynslcd/service.py, pynslcd/shadow.py: split the result handling into a convert() and write() step 2012-01-20 20:08 arthur * [r1611] nslcd/netgroup.c, pynslcd/pynslcd.py: formatting fixes 2012-01-20 16:18 arthur * [r1605] nslcd/nslcd.c: clarify error messages and fix typo in comment 2012-01-20 16:01 arthur * [r1604] Makefile.am, debian: separate the Debian packaging from main sources switching to non-native Debian package (using svn-buildpackage) 2012-01-20 15:43 arthur * [r1603] pynslcd/Makefile.am: add missing Python modules to tarball 2012-01-17 19:41 arthur * [r1597] AUTHORS, nss/bsdnss.c: FreeBSD compilation fixes by Maxim Vetrov 2012-01-17 19:38 arthur * [r1596] common/nslcd-prot.c, nslcd/nslcd.c: pass the correct size of named socket address (fixes FreeBSD issue, fixes r1295) 2012-01-16 21:17 arthur * [r1595] INSTALL, compile, depcomp, install-sh, py-compile: update files from recent automake 2012-01-09 12:15 jhrozek * [r1594] nslcd/common.c: Add a matching va_end() for va_start() in mysnprintf() 2012-01-09 12:11 jhrozek * [r1593] nslcd/myldap.c: Warn if ldap_set_option() fails for LDAP_OPT_ERROR_NUM 2012-01-09 12:10 jhrozek * [r1592] nslcd/nslcd.c: Warn if fd cannot be closed in is_locked() 2012-01-09 12:07 jhrozek * [r1591] nslcd/netgroup.c: Check NULL return in write_netgroup() 2012-01-09 12:04 jhrozek * [r1590] nslcd/pam.c: Do not leak memory if myldap_escape() fails 2012-01-09 11:54 jhrozek * [r1589] nslcd/pam.c: Return from update_username() if myldap_get_values() returns invalid value If myldap_get_values() failed for the attmap_passwd_uid, nss-pam-ldapd would dereference a NULL pointer. 2012-01-06 13:59 arthur * [r1588] pynslcd/alias.py, pynslcd/cfg.py, pynslcd/common.py, pynslcd/ether.py, pynslcd/group.py, pynslcd/host.py, pynslcd/mypidfile.py, pynslcd/netgroup.py, pynslcd/network.py, pynslcd/pam.py, pynslcd/passwd.py, pynslcd/protocol.py, pynslcd/pynslcd.py, pynslcd/rpc.py: user the logging framework, handle exceptions properly and some cleanups 2012-01-05 21:30 arthur * [r1587] debian/po/zh_CN.po: updated Simplified Chinese (zh_CN) translation of debconf templates by zym 2012-01-02 20:46 arthur * [r1586] debian/po/nb.po: updated Norwegian BokmÃ¥l (nb) translation of debconf templates by Bjørn Steensrud nss-pam-ldapd-0.8.13/ldapns.ldif0000644000175000001440000000137612002235231013276 00000000000000# LDAP Name Service Additional Schema # Source: pam_ldap package by Luke Howard converted to LDIF by Slavko # Has not been published in Internet Draft or RFC. dn: cn=ldapns,cn=schema,cn=config objectClass: olcSchemaConfig cn: ldapns olcAttributeTypes: {0}( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC 'IANA GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.15{256} ) olcObjectClasses: {0}( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject' DESC 'Auxiliary object class for adding authorizedService attribute' SUP top AUXILIARY MAY authorizedService ) olcObjectClasses: {1}( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxilia ry object class for adding host attribute' SUP top AUXILIARY MAY host ) nss-pam-ldapd-0.8.13/compat/0000755000175000001440000000000012141476126012527 500000000000000nss-pam-ldapd-0.8.13/compat/ether.h0000644000175000001440000000374511542463764013750 00000000000000/* ether.h - ethernet definitions for systems lacking those Copyright (C) 2008, 2010 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef COMPAT__ETHER_H #define COMPAT__ETHER_H 1 #include #include #include #include #include #ifdef HAVE_NETINET_ETHER_H #include #endif #ifndef HAVE_STRUCT_ETHER_ADDR struct ether_addr { uint8_t ether_addr_octet[6]; }; #endif /* not HAVE_STRUCT_ETHER_ADDR */ #ifndef HAVE_ETHER_NTOA_R char *ether_ntoa_r(const struct ether_addr *addr,char *buf); #endif /* not HAVE_ETHER_NTOA_R */ #ifndef HAVE_ETHER_ATON_R struct ether_addr *ether_aton_r(const char *asc,struct ether_addr *addr); #endif /* not HAVE_ETHER_ATON_R */ #ifdef HAVE_ETHER_NTOA #if !HAVE_DECL_ETHER_NTOA /* we define ether_ntoa() here because on some platforms the function is undefined */ extern char *ether_ntoa(const struct ether_addr *e); #endif /* not HAVE_DECL_ETHER_NTOA */ #endif /* HAVE_ETHER_NTOA */ #ifdef HAVE_ETHER_ATON #if !HAVE_DECL_ETHER_ATON /* we define ether_aton() here because on some platforms the function is undefined */ extern struct ether_addr *ether_aton(const char *s); #endif /* not HAVE_DECL_ETHER_ATON */ #endif /* HAVE_ETHER_ATON */ #endif /* not COMPAT__ETHER_H */ nss-pam-ldapd-0.8.13/compat/daemon.c0000644000175000001440000000365311452427030014057 00000000000000/* daemon.c - implementation of daemon() for systems that lack it Copyright (C) 2002, 2003, 2008 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "daemon.h" #include #include #include #include int daemon(int nochdir,int noclose) { /* change directory */ if (!nochdir) if (chdir("/")!=0) return -1; /* fork() and exit() to detach from the parent process */ switch (fork()) { case 0: /* we are the child */ break; case -1: /* we are the parent, but have an error */ return -1; default: /* we are the parent and we're done*/ _exit(0); } /* become process leader */ if (setsid()<0) { return -1; } /* fork again so we cannot allocate a pty */ switch (fork()) { case 0: /* we are the child */ break; case -1: /* we are the parent, but have an error */ return -1; default: /* we are the parent and we're done*/ _exit(0); } /* close stdin, stdout and stderr and reconnect to /dev/null */ if (!noclose) { close(0); /* stdin */ close(1); /* stdout */ close(2); /* stderr */ open("/dev/null",O_RDWR); /* stdin, fd=0 */ dup(0); /* stdout, fd=1 */ dup(0); /* stderr, fd=2 */ } return 0; } nss-pam-ldapd-0.8.13/compat/attrs.h0000644000175000001440000000563211452427030013755 00000000000000/* attrs.h - wrapper macros for the gcc __attribute__(()) directive Copyright (C) 2007, 2008 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef COMPAT__ATTRS_H #define COMPAT__ATTRS_H 1 /* macro for testing the version of GCC */ #define GCC_VERSION(major,minor) \ ((__GNUC__ > (major)) || (__GNUC__ == (major) && __GNUC_MINOR__ >= (minor))) /* These are macros to use some gcc-specific flags in case the're available and otherwise define them to empty strings. This allows us to give the compiler some extra information. See http://gcc.gnu.org/onlinedocs/gcc/Attribute-Syntax.html for a list of attributes supported by gcc */ /* this is used to flag function parameters that are not used in the function body. */ #if GCC_VERSION(3,0) #define UNUSED(x) x __attribute__((__unused__)) #else #define UNUSED(x) x #endif /* this is used to add extra format checking to the function calls as if this was a printf()-like function */ #if GCC_VERSION(3,0) #define LIKE_PRINTF(format_idx,arg_idx) \ __attribute__((__format__(__printf__,format_idx,arg_idx))) #else #define LIKE_PRINTF(format_idx,arg_idx) /* no attribute */ #endif /* indicates that the function is "pure": it's result is purely based on the parameters and has no side effects or used static data */ #if GCC_VERSION(3,0) #define PURE __attribute__((__pure__)) #else #define PURE /* no attribute */ #endif /* the function returns a new data structure that has been freshly allocated */ #if GCC_VERSION(3,0) #define LIKE_MALLOC __attribute__((__malloc__)) #else #define LIKE_MALLOC /* no attribute */ #endif /* the function's return value should be used by the caller */ #if GCC_VERSION(3,4) #define MUST_USE __attribute__((__warn_unused_result__)) #else #define MUST_USE /* no attribute */ #endif /* the function's return value should be used by the caller */ #if GCC_VERSION(2,5) #define NORETURN __attribute__((__noreturn__)) #else #define NORETURN /* no attribute */ #endif /* define __STRING if it's not yet defined */ #ifndef __STRING #ifdef __STDC__ #define __STRING(x) #x #else /* __STDC__ */ #define __STRING(x) "x" #endif /* not __STDC__ */ #endif /* not __STRING */ #endif /* not COMPAT__ATTRS_H */ nss-pam-ldapd-0.8.13/compat/pam_get_authtok.c0000644000175000001440000000567012020477204015770 00000000000000/* pam_get_authtok.c - replacement function for pam_get_authtok() Copyright (C) 2009, 2010 Arthur de Jong Copyright (C) 2010 Symas Corporation This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include #include #include #include "compat/attrs.h" #include "compat/pam_compat.h" /* warning: this version assumes that try_first_pass is specified */ int pam_get_authtok(pam_handle_t *pamh,int item,const char **authtok,const char *prompt) { int rc; char *passwd=NULL,*retype_passwd=NULL; const void *oldauthtok; char retype_prompt[80]; /* first try to see if the value is already on the stack */ *authtok=NULL; rc=pam_get_item(pamh,item,(const void **)authtok); if ((rc==PAM_SUCCESS)&&(*authtok!=NULL)) return PAM_SUCCESS; /* check what to prompt for and provide default prompt */ *retype_prompt='\0'; if (item==PAM_OLDAUTHTOK) prompt=(prompt!=NULL)?prompt:"Old Password: "; else { rc=pam_get_item(pamh,PAM_OLDAUTHTOK,(const void **)&oldauthtok); if ((rc==PAM_SUCCESS)&&(oldauthtok!=NULL)) { prompt=(prompt!=NULL)?prompt:"New Password: "; snprintf(retype_prompt,sizeof(retype_prompt),"Retype %s",prompt); retype_prompt[sizeof(retype_prompt)-1]='\0'; } else prompt=(prompt!=NULL)?prompt:"Password: "; } /* prepare prompt and get password */ rc=pam_prompt(pamh,PAM_PROMPT_ECHO_OFF,&passwd,"%s",prompt); if (rc!=PAM_SUCCESS) return rc; /* if a second prompt should be presented, do it */ if (*retype_prompt) { rc=pam_prompt(pamh,PAM_PROMPT_ECHO_OFF,&retype_passwd,"%s",retype_prompt); /* check passwords */ if ((rc==PAM_SUCCESS)&&(strcmp(retype_passwd,passwd)!=0)) rc=PAM_AUTHTOK_RECOVERY_ERR; } /* store the password if everything went ok */ if (rc==PAM_SUCCESS) rc=pam_set_item(pamh,item,passwd); /* clear and free any password information */ memset(passwd,0,strlen(passwd)); free(passwd); if (retype_passwd!=NULL) { memset(retype_passwd,0,strlen(retype_passwd)); free(retype_passwd); } if (rc!=PAM_SUCCESS) return rc; /* return token from the stack */ return pam_get_item(pamh,item,(const void **)authtok); } nss-pam-ldapd-0.8.13/compat/nss_compat.h0000644000175000001440000001035111753202453014764 00000000000000/* nss_compat.h - compatibility definitions for NSS functions Copyright (C) 2010, 2012 Arthur de Jong Copyright (C) 2010 Symas Corporation This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef COMPAT__NSS_H #define COMPAT__NSS_H 1 #ifdef HAVE_NSS_H #include #endif /* HAVE_NSS_H */ #ifdef HAVE_NSS_COMMON_H #include #endif /* HAVE_NSS_COMMON_H */ #ifdef HAVE_ALIASES_H #include #endif #include #include #include #include #include #ifdef HAVE_SHADOW_H #include #endif /* HAVE_SHADOW_H */ #ifdef HAVE_RPC_RPCENT_H #include #endif /* HAVE_RPC_RPCENT_H */ #ifdef HAVE_NSS_DBDEFS_H #include #endif /* HAVE_NSS_DBDEFS_H */ #ifdef HAVE_NSSWITCH_H #include #endif /* HAVE_NSSWITCH_H */ #ifdef HAVE_IRS_NSS_H #include "irs-nss.h" #endif /* HAVE_IRS_NSS_H */ #include "compat/ether.h" /* define missing status codes */ #ifndef HAVE_ENUM_NSS_STATUS #ifndef NSS_STATUS_SUCCESS #define NSS_STATUS_SUCCESS NSS_SUCCESS #endif #ifndef NSS_STATUS_NOTFOUND #define NSS_STATUS_NOTFOUND NSS_NOTFOUND #endif #ifndef NSS_STATUS_UNAVAIL #define NSS_STATUS_UNAVAIL NSS_UNAVAIL #endif #ifndef NSS_STATUS_TRYAGAIN #define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN #endif #ifndef NSS_STATUS_RETURN #define NSS_STATUS_RETURN NSS_NOTFOUND #endif #endif /* not HAVE_ENUM_NSS_STATUS */ /* define nss_status_t */ #ifdef HAVE_ENUM_NSS_STATUS typedef enum nss_status nss_status_t; #endif /* Define an aliasent if it was not found on the system. */ #ifndef HAVE_STRUCT_ALIASENT struct aliasent { char *alias_name; size_t alias_members_len; char **alias_members; int alias_local; }; #endif /* not HAVE_STRUCT_ALIASENT */ /* Define an rpcent if it was not found on the system */ #ifndef HAVE_STRUCT_RPCENT struct rpcent { char *r_name; char **r_aliases; int r_number; }; #endif /* not HAVE_STRUCT_RPCENT */ /* We define struct etherent here because it does not seem to be defined in any publicly available header file exposed by glibc. This is taken from include/netinet/ether.h of the glibc (2.3.6) source tarball. */ #ifndef HAVE_STRUCT_ETHERENT struct etherent { const char *e_name; struct ether_addr e_addr; }; #endif /* not HAVE_STRUCT_ETHERENT */ /* We also define struct __netgrent because it's definition is not publically available. This is taken from inet/netgroup.h of the glibc (2.3.6) source tarball. The first part of the struct is the only part that is modified by our getnetgrent() function, all the other fields are not touched at all. */ struct __netgrent { enum { triple_val, group_val } type; union { struct { const char *host; const char *user; const char *domain; } triple; const char *group; } val; /* the following stuff is used by some NSS services but not by ours (it's not completely clear how these are shared between different services) or is used by our caller */ char *data; size_t data_size; union { char *cursor; unsigned long int position; } insertedname; /* added name to union to avoid warning */ int first; struct name_list *known_groups; struct name_list *needed_groups; void *nip; /* changed from `service_user *nip' */ }; /* Define struct spwd if it was not found on the system. */ #ifndef HAVE_STRUCT_SPWD struct spwd { char *sp_namp; char *sp_pwdp; long sp_lstchg; long sp_min; long sp_max; long sp_warn; long sp_inact; long sp_expire; unsigned long sp_flag; }; #endif /* not HAVE_STRUCT_SPWD */ #endif /* not COMPAT__NSS_H */ nss-pam-ldapd-0.8.13/compat/ldap_passwd_s.c0000644000175000001440000000744411452427030015441 00000000000000/* ldap_passwd_s.c - replacement function for ldap_passwd_s() Parts of this file were based on parts of the pam_ldap library (taken from _update_authtok() in pam_ldap.c). Copyright (C) 1998-2004 Luke Howard Copyright (C) 2009, 2010 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include "compat/ldap_compat.h" #include "compat/attrs.h" #ifndef LDAP_EXOP_MODIFY_PASSWD #ifdef LDAP_EXOP_X_MODIFY_PASSWD #define LDAP_EXOP_MODIFY_PASSWD LDAP_EXOP_X_MODIFY_PASSWD #define LDAP_TAG_EXOP_MODIFY_PASSWD_ID LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID #define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD #define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW #else /* not LDAP_EXOP_X_MODIFY_PASSWD */ #define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1" #define LDAP_TAG_EXOP_MODIFY_PASSWD_ID ((ber_tag_t) 0x80U) #define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD ((ber_tag_t) 0x81U) #define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U) #endif /* not LDAP_EXOP_X_MODIFY_PASSWD */ #endif /* not LDAP_EXOP_MODIFY_PASSWD */ #ifndef LBER_USE_DER #define LBER_USE_DER 1 #endif /* not LBER_USE_DER */ #ifndef HAVE_BER_MEMFREE #define ber_memfree free #endif /* not HAVE_BER_MEMFREE */ #if !HAVE_DECL_LDAP_EXTENDED_OPERATION_S /* we define this ourselves here because some LDAP header versions don't seem to define this */ extern int ldap_extended_operation_s(LDAP *ld,LDAP_CONST char *reqoid, struct berval *reqdata,LDAPControl **serverctrls,LDAPControl **clientctrls, char **retoidp,struct berval **retdatap); #endif /* not HAVE_DECL_LDAP_EXTENDED_OPERATION_S */ /* Replacement for password modification. user is the DN of the entry to change, oldpw is the old password (may not always be needed?), newpw is the new password to set and newpasswd is sometimes returned (though not by us). See RFC 3062 for details.*/ int ldap_passwd_s(LDAP *ld,struct berval *user,struct berval *oldpw, struct berval *newpw,struct berval UNUSED(*newpasswd), LDAPControl **sctrls,LDAPControl **cctrls) { #ifndef HAVE_LDAP_EXTENDED_OPERATION_S return LDAP_OPERATIONS_ERROR; #else /* HAVE_LDAP_EXTENDED_OPERATION_S */ int rc; BerElement *ber; struct berval *bv; char *retoid; struct berval *retdata; /* set up request data */ ber=ber_alloc_t(LBER_USE_DER); if (ber==NULL) return LDAP_NO_MEMORY; ber_printf(ber,"{"); ber_printf(ber,"tO",LDAP_TAG_EXOP_MODIFY_PASSWD_ID,user); if (oldpw!=NULL) ber_printf(ber,"tO",LDAP_TAG_EXOP_MODIFY_PASSWD_OLD,oldpw); ber_printf(ber,"tO",LDAP_TAG_EXOP_MODIFY_PASSWD_NEW,newpw); ber_printf(ber,"N}"); rc=ber_flatten(ber,&bv); ber_free(ber,1); if (rc<0) return LDAP_NO_MEMORY; /* perform the operation */ rc=ldap_extended_operation_s(ld,LDAP_EXOP_MODIFY_PASSWD,bv,sctrls,cctrls, &retoid,&retdata); /* free data */ ber_bvfree(bv); if (rc==LDAP_SUCCESS) { ber_bvfree(retdata); ber_memfree(retoid); } /* return result code */ return rc; #endif /* HAVE_LDAP_EXTENDED_OPERATION_S */ } nss-pam-ldapd-0.8.13/compat/strndup.h0000644000175000001440000000215711551657034014327 00000000000000/* strndup.h - definition of strndup() for systems that lack it Copyright (C) 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef COMPAT__STRNDUP_H #define COMPAT__STRNDUP_H 1 #ifndef HAVE_STRNDUP /* this is a strndup() replacement for systems that don't have it (strndup() is in POSIX 2008 now) */ char *strndup(const char *s,size_t size); #endif /* not HAVE_STRNDUP */ #endif /* COMPAT__STRNDUP_H */ nss-pam-ldapd-0.8.13/compat/ldap_initialize.c0000644000175000001440000000340512141445253015753 00000000000000/* ldap_initialize.c - replacement function for ldap_initialize() Copyright (C) 2009, 2013 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include #include "compat/ldap_compat.h" #include "nslcd/log.h" /* provide a wrapper around ldap_init() if the system doesn't have ldap_initialize() */ int ldap_initialize(LDAP **ldp,const char *url) { char host[80]; /* check schema part */ if (strncasecmp(url,"ldap://",7)==0) { strncpy(host,url+7,sizeof(host)); host[sizeof(host)-1]='\0'; } else if (strncasecmp(url,"ldaps://",8)==0) { strncpy(host,url+8,sizeof(host)); host[sizeof(host)-1]='\0'; } else { log_log(LOG_ERR,"ldap_initialize(): schema not supported: %s",url); exit(EXIT_FAILURE); } /* strip trailing slash */ if ((strlen(host)>0)&&(host[strlen(host)-1]=='/')) host[strlen(host)-1]='\0'; /* call ldap_init() */ *ldp=ldap_init(host,LDAP_PORT); return (*ldp==NULL)?LDAP_OPERATIONS_ERROR:LDAP_SUCCESS; } nss-pam-ldapd-0.8.13/compat/getopt_long.h0000644000175000001440000000316711452427030015142 00000000000000/* getopt_long.h - definition of getopt_long() for systems that lack it Copyright (C) 2001, 2002, 2008 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef COMPAT__GETOPT_LONG_H #define COMPAT__GETOPT_LONG_H 1 #ifndef HAVE_GETOPT_LONG #define no_argument 0 #define required_argument 1 #define optional_argument 2 struct option { const char *name; int has_arg; int *flag; int val; }; /* this is a (poor) getopt_long() replacement for systems that don't have it (this is generaly a GNU extention) this implementation is by no meens flawless, especialy the optional arguments to options and options following filenames is not quite right, allso minimal error checking */ int getopt_long(int argc,char * const argv[], const char *optstring, const struct option *longopts,int *longindex); #endif /* not HAVE_GETOPT_LONG */ #endif /* COMPAT__GETOPT_LONG_H */ nss-pam-ldapd-0.8.13/compat/pagectrl.c0000644000175000001440000001446311452427030014416 00000000000000/* pagectrl.c - provide a replacement ldap_create_page_control() function. This file was part of the nss_ldap library which has been forked into the nss-pam-ldapd library. Copyright (C) 2002 Max Caines This software is not subject to any license of the University of Wolverhampton. This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include #include #include "compat/ldap_compat.h" #ifndef LDAP_CONTROL_PAGE_OID #define LDAP_CONTROL_PAGE_OID "1.2.840.113556.1.4.319" #endif #ifndef HAVE_LDAP_CREATE_PAGE_CONTROL /*--- ldap_create_page_control Create and encode the Paged Results control. ld (IN) An LDAP session handle, as obtained from a call to ldap_init(). pagesize (IN) The number of entries to return in each page cookiep (IN) Pointer to a berVal structure that the server uses to determine the current location in the result set (opaque). Set to NULL the first time. iscritical (IN) Is this control critical to the search? ctrlp (OUT) A result parameter that will be assigned the address of an LDAPControl structure that contains the PagedResult control created by this function. The memory occupied by the LDAPControl structure SHOULD be freed when it is no longer in use by calling ldap_control_free(). Ber encoding PageResult ::= SEQUENCE { pageSize INTEGER cookie OCTET STRING } Note: The first time the Page control is created, the cookie should be set to a zero-length string. The cookie obtained from calling ldap_parse_page_control() should be used as the cookie in the next ldap_create_page_control call. ---*/ int ldap_create_page_control (LDAP * ld, unsigned long pagesize, struct berval *cookiep, int iscritical, LDAPControl ** ctrlp) { ber_tag_t tag; BerElement *ber; BerElement *ldap_alloc_ber_with_options (LDAP * ld); int rc; if ((ld == NULL) || (ctrlp == NULL)) { return (LDAP_PARAM_ERROR); } if ((ber = ldap_alloc_ber_with_options (ld)) == NULL) { return (LDAP_NO_MEMORY); } tag = ber_printf (ber, "{i", pagesize); if (tag == LBER_ERROR) goto exit; if (cookiep == NULL) tag = ber_printf (ber, "o", "", 0); else tag = ber_printf (ber, "O", cookiep); if (tag == LBER_ERROR) goto exit; tag = ber_printf (ber, /*{ */ "N}"); if (tag == LBER_ERROR) goto exit; rc = ldap_create_control (LDAP_CONTROL_PAGE_OID, ber, iscritical, ctrlp); ber_free (ber, 1); return (rc); exit: ber_free (ber, 1); return (LDAP_ENCODING_ERROR); } #endif /* not HAVE_LDAP_CREATE_PAGE_CONTROL */ #ifndef HAVE_LDAP_PARSE_PAGE_CONTROL /*--- ldap_parse_page_control Decode the Virtual List View control return information. ld (IN) An LDAP session handle. ctrls (IN) The address of a NULL-terminated array of LDAPControl structures, typically obtained by a call to ldap_parse_result(). list_countp (OUT) This result parameter is filled in with the number of entries returned in this page cookiep (OUT) This result parameter is filled in with the address of a struct berval that contains the server- generated cookie. The returned cookie SHOULD be used in the next call to create a Page sort control. The struct berval returned SHOULD be disposed of by calling ber_bvfree() when it is no longer needed. ---*/ int ldap_parse_page_control (LDAP * ld, LDAPControl ** ctrls, unsigned long *list_countp, struct berval **cookiep) { BerElement *ber; LDAPControl *pControl; int i; unsigned long count; ber_tag_t tag; if (cookiep) { *cookiep = NULL; /* Make sure we return a NULL if error occurs. */ } if (ld == NULL) { return (LDAP_PARAM_ERROR); } if (ctrls == NULL) { return (LDAP_CONTROL_NOT_FOUND); } /* Search the list of control responses for a Page control. */ for (i = 0; ctrls[i]; i++) { pControl = ctrls[i]; if (!strcmp (LDAP_CONTROL_PAGE_OID, pControl->ldctl_oid)) goto foundPageControl; } /* No page control was found. */ return (LDAP_CONTROL_NOT_FOUND); foundPageControl: /* Create a BerElement from the berval returned in the control. */ ber = ber_init (&pControl->ldctl_value); if (ber == NULL) { return (LDAP_NO_MEMORY); } /* Extract the data returned in the control. */ tag = ber_scanf (ber, "{iO" /*} */ , &count, cookiep); if (tag == LBER_ERROR) { ber_free (ber, 1); return (LDAP_DECODING_ERROR); } ber_free (ber, 1); /* Return data to the caller for items that were requested. */ if (list_countp) { *list_countp = count; } return (LDAP_SUCCESS); } #endif /* not HAVE_LDAP_PARSE_PAGE_CONTROL */ nss-pam-ldapd-0.8.13/compat/socket.h0000644000175000001440000000223011752722304014104 00000000000000/* socket.h - compatibility hacks for socket functions Copyright (C) 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef COMPAT__SOCKET_H #define COMPAT__SOCKET_H 1 #include #include #include /* provide a definition for SUN_LEN for systems without it */ #ifndef SUN_LEN #define SUN_LEN(addr) (sizeof((addr)->sun_family)+strlen((addr)->sun_path)+1) #endif /* not SUN_LEN */ #endif /* not COMPAT__SOCKET_H */ nss-pam-ldapd-0.8.13/compat/pam_compat.h0000644000175000001440000000574511750321210014737 00000000000000/* pam_compat.h - provide a replacement definitions for some pam functions Copyright (C) 2009, 2010 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef COMPAT__PAM_COMPAT_H #define COMPAT__PAM_COMPAT_H 1 #ifdef HAVE_SECURITY_PAM_APPL_H #include #endif /* HAVE_SECURITY_PAM_APPL_H */ #ifndef HAVE_PAM_PAM_MODULES_H #include #ifdef HAVE_SECURITY_PAM_EXT_H #include #endif /* HAVE_SECURITY_PAM_EXT_H */ #else /* not HAVE_PAM_PAM_MODULES_H */ #include #endif /* not HAVE_PAM_PAM_MODULES_H */ #ifdef HAVE_SECURITY_PAM_MODUTIL_H #include #endif /* HAVE_SECURITY_PAM_MODUTIL_H */ /* find value of PAM_AUTHTOK_RECOVERY_ERR */ #ifndef PAM_AUTHTOK_RECOVERY_ERR #ifdef PAM_AUTHTOK_RECOVER_ERR #define PAM_AUTHTOK_RECOVERY_ERR PAM_AUTHTOK_RECOVER_ERR #else #define PAM_AUTHTOK_RECOVERY_ERR 21 /* not defined anywhere */ #endif #endif /* not PAM_AUTHTOK_RECOVERY_ERR */ /* define our own replacement pam_get_authtok() if it wasn't found */ #ifndef HAVE_PAM_GET_AUTHTOK int pam_get_authtok(pam_handle_t *pamh,int item,const char **authtok,const char *prompt); #endif /* not HAVE_PAM_GET_AUTHTOK */ /* replace pam_prompt() if needed */ #ifndef HAVE_PAM_PROMPT int pam_prompt(pam_handle_t *pamh,int style,char **response,const char *format,...) LIKE_PRINTF(4,5); #endif /* not HAVE_PAM_PROMPT */ /* provide pam_info() if needed */ #ifndef pam_info #define pam_info(pamh,format...) \ pam_prompt(pamh,PAM_TEXT_INFO,NULL,##format) #endif /* not pam_info */ /* provide pam_error() if needed */ #ifndef pam_error #define pam_error(pamh,format...) \ pam_prompt(pamh,PAM_ERROR_MSG,NULL,##format) #endif /* not pam_error */ /* fall back to using getpwnam() if pam_modutil_getpwnam() isn't defined */ #ifndef HAVE_PAM_MODUTIL_GETGWNAM #include #include #define pam_modutil_getpwnam(pamh,user) getpwnam(user) #endif /* not HAVE_PAM_MODUTIL_GETGWNAM */ /* fall back to using syslog() if pam_syslog() doesn't exist */ #ifndef HAVE_PAM_SYSLOG #ifndef LOG_AUTHPRIV #define LOG_AUTHPRIV LOG_AUTH #endif /* not LOG_AUTHPRIV */ #define pam_syslog(pamh,priority,format...) \ syslog(LOG_AUTHPRIV|(priority),##format) #endif /* not HAVE_PAM_SYSLOG */ #endif /* _COMPAT_LDAP_COMPAT_H */ nss-pam-ldapd-0.8.13/compat/getopt_long.c0000644000175000001440000000573411452427030015137 00000000000000/* getopt_long.c - implementation of getopt_long() for systems that lack it Copyright (C) 2001, 2002, 2008 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include #include #include #include "getopt_long.h" /* this is a (poor) getopt_long() replacement for systems that don't have it (getopt_long() is generaly a GNU extention) this implementation is by no meens flawless, especialy the optional arguments to options and options following filenames is not quite right, allso minimal error checking is provided */ int getopt_long(int argc,char * const argv[], const char *optstring, const struct option *longopts,int *longindex) { int i; /* for looping through options */ int l; /* for length */ /* first check if there realy is a -- option */ if ( (optind>0)&&(optind #include #include #include #ifdef HAVE_SYS_UCRED_H #include #endif /* HAVE SYS_UCRED_H */ #include #ifdef HAVE_UCRED_H #include #endif /* HAVE_UCRED_H */ #include "getpeercred.h" /* Note: most of this code is untested, except for the first implementation (it may even fail to compile) */ int getpeercred(int sock,uid_t *uid,gid_t *gid,pid_t *pid) { #if defined(SO_PEERCRED) socklen_t l; struct ucred cred; /* initialize client information (in case getsockopt() breaks) */ cred.pid=(pid_t)0; cred.uid=(uid_t)-1; cred.gid=(gid_t)-1; /* look up process information from peer */ l=(socklen_t)sizeof(struct ucred); if (getsockopt(sock,SOL_SOCKET,SO_PEERCRED,&cred,&l) < 0) return -1; /* errno already set */ /* return the data */ if (uid!=NULL) *uid=cred.uid; if (gid!=NULL) *gid=cred.gid; if (pid!=NULL) *pid=cred.pid; return 0; #elif defined(LOCAL_PEERCRED) socklen_t l; struct xucred cred; /* look up process information from peer */ l=(socklen_t)sizeof(struct xucred); if (getsockopt(sock,0,LOCAL_PEERCRED,&cred,&l) < 0) return -1; /* errno already set */ if (cred.cr_version!=XUCRED_VERSION) { errno=EINVAL; return -1; } /* return the data */ if (uid!=NULL) *uid=cred.cr_uid; if (gid!=NULL) *gid=cred.cr_gid; if (pid!=NULL) *pid=(pid_t)-1; return 0; #elif defined(HAVE_GETPEERUCRED) ucred_t *cred=NULL; if (getpeerucred(sock,&cred)) return -1; /* save the data */ if (uid!=NULL) *uid=ucred_geteuid(cred); if (gid!=NULL) *gid=ucred_getegid(cred); if (pid!=NULL) *pid=ucred_getpid(cred); /* free cred and return */ ucred_free(cred); return 0; #elif defined(HAVE_GETPEEREID) uid_t tuid; gid_t tgid; if (uid==NULL) uid=&tuid; if (gid==NULL) gid=&tguid; if (getpeereid(sock,uid,gid)) return -1; /* return the data */ if (uid!=NULL) *uid=cred.uid; if (gid!=NULL) *gid=cred.gid; if (pid!=NULL) *pid=-1; /* we return a -1 pid because we have no usable pid */ return 0; #else /* nothing found that is supported */ errno=ENOSYS; return -1; #endif } nss-pam-ldapd-0.8.13/compat/ldap_compat.h0000644000175000001440000000502411725233110015073 00000000000000/* ldap_compat.h - provide a replacement definitions for some ldap functions Copyright (C) 2009, 2010 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef COMPAT__LDAP_COMPAT_H #define COMPAT__LDAP_COMPAT_H 1 #include #include /* compatibility macros */ #ifndef LDAP_CONST #define LDAP_CONST const #endif /* not LDAP_CONST */ #ifndef LDAP_MSG_ONE #define LDAP_MSG_ONE 0x00 #endif /* not LDAP_MSG_ONE */ #ifndef HAVE_LDAP_INITIALIZE /* provide a wrapper around ldap_init() if the system doesn't have ldap_initialize() */ int ldap_initialize(LDAP **ldp,const char *url); #endif /* not HAVE_LDAP_INITIALIZE */ #ifndef HAVE_LDAP_CREATE_PAGE_CONTROL int ldap_create_page_control(LDAP *ld,unsigned long pagesize, struct berval *cookiep,int iscritical, LDAPControl **ctrlp); #endif /* not HAVE_LDAP_CREATE_PAGE_CONTROL */ #ifndef HAVE_LDAP_PARSE_PAGE_CONTROL int ldap_parse_page_control(LDAP *ld,LDAPControl **ctrls, unsigned long *list_countp, struct berval **cookiep); #endif /* not HAVE_LDAP_PARSE_PAGE_CONTROL */ #ifndef HAVE_LDAP_PASSWD_S int ldap_passwd_s(LDAP *ld,struct berval *user,struct berval *oldpw, struct berval *newpw,struct berval *newpasswd, LDAPControl **sctrls,LDAPControl **cctrls); #endif /* not HAVE_LDAP_PASSWD_S */ /* compatibility definition */ #ifndef LDAP_SASL_QUIET #define LDAP_SASL_QUIET 2U #endif /* not LDAP_SASL_QUIET */ /* on some systems LDAP_OPT_DIAGNOSTIC_MESSAGE isn't there but LDAP_OPT_ERROR_STRING is */ #ifndef LDAP_OPT_DIAGNOSTIC_MESSAGE #ifdef LDAP_OPT_ERROR_STRING #define LDAP_OPT_DIAGNOSTIC_MESSAGE LDAP_OPT_ERROR_STRING #endif /* LDAP_OPT_ERROR_STRING */ #endif /* not LDAP_OPT_DIAGNOSTIC_MESSAGE */ #endif /* COMPAT__LDAP_COMPAT_H */ nss-pam-ldapd-0.8.13/compat/pam_prompt.c0000644000175000001440000000367711452427030015000 00000000000000/* pam_prompt.c - replacement function for pam_prompt() Copyright (C) 2010 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include "compat/attrs.h" #include "compat/pam_compat.h" int pam_prompt(pam_handle_t *pamh,int style,char **response,const char *format,...) { int rc; struct pam_conv *aconv; char buffer[200]; va_list ap; struct pam_message msg, *pmsg; struct pam_response *resp; /* the the conversion function */ rc=pam_get_item(pamh,PAM_CONV,(const void **)&aconv); if (rc!=PAM_SUCCESS) return rc; /* make the message string */ va_start(ap,format); vsnprintf(buffer,sizeof(buffer),format,ap); buffer[sizeof(buffer)-1]='\0'; va_end(ap); /* build the message */ msg.msg_style=style; msg.msg=buffer; pmsg=&msg; resp=NULL; rc=aconv->conv(1,(const struct pam_message **)&pmsg,&resp,aconv->appdata_ptr); if (rc!=PAM_SUCCESS) return rc; /* assign response if it is set */ if (response!=NULL) { if (resp==NULL) return PAM_CONV_ERR; if (resp[0].resp==NULL) { free(resp); return PAM_CONV_ERR; } *response=resp[0].resp; } else free(resp[0].resp); free(resp); return PAM_SUCCESS; } nss-pam-ldapd-0.8.13/compat/daemon.h0000644000175000001440000000237211542463764014077 00000000000000/* daemon.h - definition of daemon() for systems that lack it Copyright (C) 2002, 2003, 2008, 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef COMPAT__DAEMON_H #define COMPAT__DAEMON_H 1 #include #if !HAVE_DECL_DAEMON /* we define daemon() here because on some platforms the function is undefined: deamonize process, optionally chdir to / and optionally close stdin, strdout and stderr and redirect them to /dev/null */ int daemon(int nochdir,int noclose); #endif /* not HAVE_DECL_DAEMON */ #endif /* not COMPAT__DAEMON_H */ nss-pam-ldapd-0.8.13/compat/Makefile.in0000644000175000001440000004054412141445266014524 00000000000000# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am - use automake to generate Makefile.in # # Copyright (C) 2008, 2009, 2010, 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA VPATH = @srcdir@ am__make_dryrun = \ { \ am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ *) \ for am__flg in $$MAKEFLAGS; do \ case $$am__flg in \ *=*|--*) ;; \ *n*) am__dry=yes; break;; \ esac; \ done;; \ esac; \ test $$am__dry = yes; \ } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ subdir = compat DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in daemon.c \ ether.c getopt_long.c ldap_initialize.c ldap_passwd_s.c \ pagectrl.c pam_get_authtok.c pam_prompt.c strndup.c ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_pthread.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = LIBRARIES = $(noinst_LIBRARIES) AR = ar ARFLAGS = cru libcompat_a_AR = $(AR) $(ARFLAGS) libcompat_a_DEPENDENCIES = @LIBOBJS@ am_libcompat_a_OBJECTS = getpeercred.$(OBJEXT) libcompat_a_OBJECTS = $(am_libcompat_a_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ SOURCES = $(libcompat_a_SOURCES) DIST_SOURCES = $(libcompat_a_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2X_MAN = @DOCBOOK2X_MAN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NSLCD_BINDPW_PATH = @NSLCD_BINDPW_PATH@ NSLCD_CONF_PATH = @NSLCD_CONF_PATH@ NSLCD_PIDFILE = @NSLCD_PIDFILE@ NSLCD_SOCKET = @NSLCD_SOCKET@ NSS_LDAP_SONAME = @NSS_LDAP_SONAME@ NSS_MODULE_OBJS = @NSS_MODULE_OBJS@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PAM_LDAP_SONAME = @PAM_LDAP_SONAME@ PAM_SECLIB_DIR = @PAM_SECLIB_DIR@ PATH_SEPARATOR = @PATH_SEPARATOR@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RELEASE_MONTH = @RELEASE_MONTH@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ nslcd_LIBS = @nslcd_LIBS@ nss_ldap_so_LDFLAGS = @nss_ldap_so_LDFLAGS@ nss_ldap_so_LINK = @nss_ldap_so_LINK@ oldincludedir = @oldincludedir@ pam_ldap_so_LDFLAGS = @pam_ldap_so_LDFLAGS@ pam_ldap_so_LINK = @pam_ldap_so_LINK@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ noinst_LIBRARIES = libcompat.a AM_CPPFLAGS = -I$(top_srcdir) AM_CFLAGS = -fPIC EXTRA_DIST = getopt_long.c getopt_long.h \ daemon.c daemon.h \ ether.c ether.h \ strndup.c strndup.h \ nss_compat.h socket.h \ ldap_compat.h pagectrl.c ldap_passwd_s.c ldap_initialize.c \ pam_compat.h pam_get_authtok.c pam_prompt.c libcompat_a_SOURCES = getpeercred.c getpeercred.h libcompat_a_LIBADD = @LIBOBJS@ all: all-am .SUFFIXES: .SUFFIXES: .c .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu compat/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu compat/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-noinstLIBRARIES: -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES) libcompat.a: $(libcompat_a_OBJECTS) $(libcompat_a_DEPENDENCIES) $(EXTRA_libcompat_a_DEPENDENCIES) -rm -f libcompat.a $(libcompat_a_AR) libcompat.a $(libcompat_a_OBJECTS) $(libcompat_a_LIBADD) $(RANLIB) libcompat.a mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/daemon.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/ether.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getopt_long.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/ldap_initialize.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/ldap_passwd_s.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/pagectrl.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/pam_get_authtok.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/pam_prompt.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strndup.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getpeercred.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LIBRARIES) installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-noinstLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf $(DEPDIR) ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf $(DEPDIR) ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-noinstLIBRARIES ctags distclean distclean-compile \ distclean-generic distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \ uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nss-pam-ldapd-0.8.13/compat/Makefile.am0000644000175000001440000000244511752550250014506 00000000000000# Makefile.am - use automake to generate Makefile.in # # Copyright (C) 2008, 2009, 2010, 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA noinst_LIBRARIES = libcompat.a AM_CPPFLAGS=-I$(top_srcdir) AM_CFLAGS = -fPIC EXTRA_DIST = getopt_long.c getopt_long.h \ daemon.c daemon.h \ ether.c ether.h \ strndup.c strndup.h \ nss_compat.h socket.h \ ldap_compat.h pagectrl.c ldap_passwd_s.c ldap_initialize.c \ pam_compat.h pam_get_authtok.c pam_prompt.c libcompat_a_SOURCES = getpeercred.c getpeercred.h libcompat_a_LIBADD = @LIBOBJS@ nss-pam-ldapd-0.8.13/compat/strndup.c0000644000175000001440000000231711551656773014331 00000000000000/* strndup.c - implementation of strndup() for systems that lack it Copyright (C) 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include "strndup.h" /* this is a strndup() replacement for systems that don't have it (strndup() is in POSIX 2008 now) */ char *strndup(const char *s,size_t size) { char *result; result=(char *)malloc(size+1); if (result!=NULL) { strncpy(result,s,size); result[size]='\0'; } return result; } nss-pam-ldapd-0.8.13/compat/getpeercred.h0000644000175000001440000000262311452427030015106 00000000000000/* getpeercred.h - function for determining information about the other end of a unix socket This file is part of the nss-pam-ldapd library. Copyright (C) 2008 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef COMPAT__GETPEERCRED_H #define COMPAT__GETPEERCRED_H 1 /* This function tries to determine the (effective) user id, group id and process id of the other end of the specified socket. Any of the uid, gid and pid paramaters may be NULL to not update that information. On success, zero is returned. On error, -1 is returned, and errno is set appropriately. */ int getpeercred(int sock,uid_t *uid,gid_t *gid,pid_t *pid); #endif /* not COMPAT__GETPEERCRED_H */ nss-pam-ldapd-0.8.13/compat/ether.c0000644000175000001440000000320211454414023013711 00000000000000/* ether.c - useful ethernet functions for systems lacking those Copyright (C) 2008, 2009, 2010 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include #include #ifdef HAVE_NETINET_ETHER_H #include #endif #include "ether.h" /* these functions are not really reentrant */ #ifndef HAVE_ETHER_NTOA_R char *ether_ntoa_r(const struct ether_addr *addr,char *buf) { char *tmp; tmp=ether_ntoa(addr); if (tmp==NULL) return NULL; strcpy(buf,tmp); return buf; } #endif /* not HAVE_ETHER_NTOA_R */ #ifndef HAVE_ETHER_ATON_R struct ether_addr *ether_aton_r(const char *asc,struct ether_addr *addr) { struct ether_addr *tmp; tmp=ether_aton(asc); if (tmp==NULL) return NULL; memcpy(addr,tmp,sizeof(struct ether_addr)); return addr; } #endif /* not HAVE_ETHER_ATON_R */ nss-pam-ldapd-0.8.13/nss/0000755000175000001440000000000012141476126012047 500000000000000nss-pam-ldapd-0.8.13/nss/ethers.c0000644000175000001440000001260212043302032013407 00000000000000/* ethers.c - NSS lookup functions for ethers database Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2010, 2012 Arthur de Jong Copyright (C) 2010 Symas Corporation This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include "prototypes.h" #include "common.h" #include "compat/attrs.h" /* read an ethernet entry from the stream */ static nss_status_t read_etherent( TFILE *fp,struct etherent *result, char *buffer,size_t buflen,int *errnop) { int32_t tmpint32; size_t bufptr=0; memset(result,0,sizeof(struct etherent)); READ_BUF_STRING(fp,result->e_name); READ_TYPE(fp,result->e_addr,uint8_t[6]); return NSS_STATUS_SUCCESS; } #ifdef NSS_FLAVOUR_GLIBC /* map a hostname to the corresponding ethernet address */ nss_status_t _nss_ldap_gethostton_r( const char *name,struct etherent *result, char *buffer,size_t buflen,int *errnop) { NSS_BYNAME(NSLCD_ACTION_ETHER_BYNAME, name, read_etherent(fp,result,buffer,buflen,errnop)); } /* map an ethernet address to the corresponding hostname */ nss_status_t _nss_ldap_getntohost_r( const struct ether_addr *addr,struct etherent *result, char *buffer,size_t buflen,int *errnop) { NSS_BYTYPE(NSLCD_ACTION_ETHER_BYETHER, *addr,uint8_t[6], read_etherent(fp,result,buffer,buflen,errnop)); } /* thread-local file pointer to an ongoing request */ static __thread TFILE *etherentfp; /* open a connection to read all ether entries */ nss_status_t _nss_ldap_setetherent(int UNUSED(stayopen)) { NSS_SETENT(etherentfp); } /* read a single ethernet entry from the stream */ nss_status_t _nss_ldap_getetherent_r( struct etherent *result, char *buffer,size_t buflen,int *errnop) { NSS_GETENT(etherentfp,NSLCD_ACTION_ETHER_ALL, read_etherent(etherentfp,result,buffer,buflen,errnop)); } /* close the stream opened with setetherent() above */ nss_status_t _nss_ldap_endetherent(void) { NSS_ENDENT(etherentfp); } #endif /* NSS_FLAVOUR_GLIBC */ #ifdef NSS_FLAVOUR_SOLARIS /* we disable NSS_BUFCHECK because these functions do not use the buffer */ #undef NSS_BUFCHECK #define NSS_BUFCHECK ; /* provide a fallback definition */ #ifndef NSS_BUFLEN_ETHERS #define NSS_BUFLEN_ETHERS HOST_NAME_MAX #endif /* NSS_BUFLEN_ETHERS */ #ifdef HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN static char *etherent2str(struct etherent *result,char *buffer,size_t buflen) { int res; res=snprintf(buffer,buflen,"%s %s",ether_ntoa(&result->e_addr),result->e_name); if ((res<0)||(res>=buflen)) return NULL; return buffer; } #endif /* HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN */ static nss_status_t read_result(TFILE *fp,nss_XbyY_args_t *args,int wantname) { struct etherent result; char buffer[NSS_BUFLEN_ETHERS]; nss_status_t retv; /* read the result entry from the stream */ retv=read_etherent(fp,&result,buffer,sizeof(buffer),&args->erange); if (retv!=NSS_STATUS_SUCCESS) return retv; #ifdef HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN /* try to return in string format if requested */ if ((args->buf.buffer!=NULL)&&(args->buf.buflen>0)) { if (etherent2str(&result,args->buf.buffer,args->buf.buflen)==NULL) { args->erange=1; return NSS_NOTFOUND; } args->returnval=args->buf.buffer; args->returnlen=strlen(args->returnval); return NSS_SUCCESS; } #endif /* HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN */ /* return the result entry */ if (wantname) { /* we expect the buffer to have enough room for the name (buflen==0) */ strcpy(args->buf.buffer,result.e_name); args->returnval=args->buf.buffer; } else /* address */ { memcpy(args->buf.result,&result.e_addr,sizeof(result.e_addr)); args->returnval=args->buf.result; } return NSS_SUCCESS; } /* map a hostname to the corresponding ethernet address */ static nss_status_t ethers_gethostton(nss_backend_t UNUSED(*be),void *args) { NSS_BYNAME(NSLCD_ACTION_ETHER_BYNAME, NSS_ARGS(args)->key.name, read_result(fp,args,0)); } /* map an ethernet address to the corresponding hostname */ static nss_status_t ethers_getntohost(nss_backend_t UNUSED(*be),void *args) { struct ether_addr *addr=(struct ether_addr *)(NSS_ARGS(args)->key.ether); NSS_BYTYPE(NSLCD_ACTION_ETHER_BYETHER, *addr,uint8_t[6], read_result(fp,args,1)); } static nss_backend_op_t ethers_ops[]={ nss_ldap_destructor, ethers_gethostton, ethers_getntohost }; nss_backend_t *_nss_ldap_ethers_constr(const char UNUSED(*db_name), const char UNUSED(*src_name),const char UNUSED(*cfg_args)) { return nss_ldap_constructor(ethers_ops,sizeof(ethers_ops)); } #endif /* NSS_FLAVOUR_SOLARIS */ nss-pam-ldapd-0.8.13/nss/bsdnss.c0000644000175000001440000001557011755447736013456 00000000000000/* bsdnss.c - BSD NSS functions This file was part of the nss-pam-ldapd FreeBSD port and part of the nss_ldap FreeBSD port before that. Copyright (C) 2003 Jacques Vidrine Copyright (C) 2006 Artem Kazakov Copyright (C) 2009 Alexander V. Chernikov Copyright (C) 2011, 2012 Arthur de Jong Copyright (C) 2011 Tom Judge This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include "prototypes.h" #include "common.h" #include "compat/attrs.h" #define BUFFER_SIZE 1024 NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r); NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r); NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r); NSS_METHOD_PROTOTYPE(__nss_compat_setgrent); NSS_METHOD_PROTOTYPE(__nss_compat_endgrent); NSS_METHOD_PROTOTYPE(__freebsd_getgroupmembership); NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r); NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r); NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r); NSS_METHOD_PROTOTYPE(__nss_compat_setpwent); NSS_METHOD_PROTOTYPE(__nss_compat_endpwent); NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname); NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2); NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr); static ns_mtab methods[]={ { NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r }, { NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r }, { NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r }, { NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_ldap_setgrent }, { NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_ldap_endgrent }, { NSDB_GROUP, "getgroupmembership", __freebsd_getgroupmembership, NULL }, { NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r }, { NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r }, { NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r }, { NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_ldap_setpwent }, { NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_ldap_endpwent }, { NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_ldap_gethostbyname_r }, { NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_ldap_gethostbyaddr_r }, { NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_ldap_gethostbyname2_r }, { NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r }, { NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r }, { NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r }, { NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, _nss_ldap_setgrent }, { NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, _nss_ldap_endgrent }, { NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r }, { NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r }, { NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r }, { NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, _nss_ldap_setpwent }, { NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, _nss_ldap_endpwent }, }; int __nss_compat_gethostbyname(void *retval,void *mdata,va_list ap) { nss_status_t (*fn)(const char *,struct hostent *,char *,size_t,int *,int *); const char *name; struct hostent *result; char buffer[BUFFER_SIZE]; int errnop; int h_errnop; int af; nss_status_t status; fn=mdata; name=va_arg(ap,const char*); af=va_arg(ap,int); result=va_arg(ap,struct hostent *); status=fn(name,result,buffer,sizeof(buffer),&errnop,&h_errnop); status=__nss_compat_result(status,errnop); h_errno=h_errnop; return (status); } int __nss_compat_gethostbyname2(void *retval,void *mdata,va_list ap) { nss_status_t (*fn)(const char *,struct hostent *,char *,size_t,int *,int *); const char *name; struct hostent *result; char buffer[BUFFER_SIZE]; int errnop; int h_errnop; int af; nss_status_t status; fn=mdata; name=va_arg(ap,const char*); af=va_arg(ap,int); result=va_arg(ap,struct hostent *); status=fn(name,result,buffer,sizeof(buffer),&errnop,&h_errnop); status=__nss_compat_result(status,errnop); h_errno=h_errnop; return (status); } int __nss_compat_gethostbyaddr(void *retval,void *mdata,va_list ap) { struct in_addr *addr; int len; int type; struct hostent *result; char buffer[BUFFER_SIZE]; int errnop; int h_errnop; nss_status_t (*fn)(struct in_addr *,int,int,struct hostent *,char *,size_t,int *,int *); nss_status_t status; fn=mdata; addr=va_arg(ap,struct in_addr*); len=va_arg(ap,int); type=va_arg(ap,int); result=va_arg(ap,struct hostent*); status=fn(addr,len,type,result,buffer,sizeof(buffer),&errnop,&h_errnop); status=__nss_compat_result(status,errnop); h_errno=h_errnop; return (status); } static int __gr_addgid(gid_t gid,gid_t *groups,int maxgrp,int *groupc) { int ret,dupc; /* skip duplicates */ for (dupc=0;dupc #include #include "prototypes.h" #include "common.h" #include "compat/attrs.h" /* read a single shadow entry from the stream */ static nss_status_t read_spwd( TFILE *fp,struct spwd *result, char *buffer,size_t buflen,int *errnop) { int32_t tmpint32; size_t bufptr=0; memset(result,0,sizeof(struct spwd)); READ_BUF_STRING(fp,result->sp_namp); READ_BUF_STRING(fp,result->sp_pwdp); READ_INT32(fp,result->sp_lstchg); READ_INT32(fp,result->sp_min); READ_INT32(fp,result->sp_max); READ_INT32(fp,result->sp_warn); READ_INT32(fp,result->sp_inact); READ_INT32(fp,result->sp_expire); READ_INT32(fp,result->sp_flag); return NSS_STATUS_SUCCESS; } #ifdef NSS_FLAVOUR_GLIBC /* get a shadow entry by name */ nss_status_t _nss_ldap_getspnam_r( const char *name,struct spwd *result, char *buffer,size_t buflen,int *errnop) { NSS_BYNAME(NSLCD_ACTION_SHADOW_BYNAME, name, read_spwd(fp,result,buffer,buflen,errnop)); } /* thread-local file pointer to an ongoing request */ static __thread TFILE *spentfp; /* start listing all shadow users */ nss_status_t _nss_ldap_setspent(int UNUSED(stayopen)) { NSS_SETENT(spentfp); } /* return a single shadow entry read from the stream */ nss_status_t _nss_ldap_getspent_r( struct spwd *result, char *buffer,size_t buflen,int *errnop) { NSS_GETENT(spentfp,NSLCD_ACTION_SHADOW_ALL, read_spwd(spentfp,result,buffer,buflen,errnop)); } /* close the stream opened by setspent() above */ nss_status_t _nss_ldap_endspent(void) { NSS_ENDENT(spentfp); } #endif /* NSS_FLAVOUR_GLIBC */ #ifdef NSS_FLAVOUR_SOLARIS #ifdef HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN static char *spwd2str(struct spwd *result,char *buffer,size_t buflen) { /* snprintf writes a terminating \0 on Solaris */ snprintf(buffer,buflen,"%s:%s:",result->sp_namp,result->sp_pwdp); if (result->sp_lstchg>=0) snprintf(buffer,buflen-strlen(buffer)-1,"%d",result->sp_lstchg); strlcat(buffer,":",buflen); if (result->sp_min>=0) snprintf(buffer,buflen-strlen(buffer)-1,"%d",result->sp_min); strlcat(buffer,":",buflen); if (result->sp_max>=0) snprintf(buffer,buflen-strlen(buffer)-1,"%d",result->sp_max); strlcat(buffer,":",buflen); if (result->sp_warn>=0) snprintf(buffer,buflen-strlen(buffer)-1,"%d",result->sp_warn); strlcat(buffer,":",buflen); if (result->sp_inact>=0) snprintf(buffer,buflen-strlen(buffer)-1,"%d",result->sp_inact); strlcat(buffer,":",buflen); if (result->sp_expire>=0) snprintf(buffer,buflen-strlen(buffer)-1,"%d",result->sp_expire); strlcat(buffer,":",buflen); if (result->sp_flag>0) snprintf(buffer,buflen-strlen(buffer)-1,"%x",result->sp_flag); if (strlen(buffer)>=buflen-1) return NULL; return buffer; } #endif /* HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN */ static nss_status_t read_result(TFILE *fp,nss_XbyY_args_t *args) { READ_RESULT(spwd,&args->erange); } static nss_status_t shadow_getspnam(nss_backend_t UNUSED(*be),void *args) { NSS_BYNAME(NSLCD_ACTION_SHADOW_BYNAME, NSS_ARGS(args)->key.name, read_result(fp,args)); } static nss_status_t shadow_setspent(nss_backend_t *be,void UNUSED(*args)) { NSS_SETENT(LDAP_BE(be)->fp); } static nss_status_t shadow_getspent(nss_backend_t *be,void *args) { NSS_GETENT(LDAP_BE(be)->fp,NSLCD_ACTION_SHADOW_ALL, read_result(LDAP_BE(be)->fp,args)); } static nss_status_t shadow_endspent(nss_backend_t *be,void UNUSED(*args)) { NSS_ENDENT(LDAP_BE(be)->fp); } static nss_backend_op_t shadow_ops[]={ nss_ldap_destructor, shadow_endspent, shadow_setspent, shadow_getspent, shadow_getspnam }; nss_backend_t *_nss_ldap_shadow_constr(const char UNUSED(*db_name), const char UNUSED(*src_name),const char UNUSED(*cfg_args)) { return nss_ldap_constructor(shadow_ops,sizeof(shadow_ops)); } #endif /* NSS_FLAVOUR_SOLARIS */ nss-pam-ldapd-0.8.13/nss/exports.solaris0000644000175000001440000000113412137221176015066 00000000000000nss_ldap.so.1 { # published NSS service functions global: # flag to enable or disable lookups _nss_ldap_enablelookups; # version information of NSS module _nss_ldap_version; # published NSS service module constructors _nss_ldap_ethers_constr; _nss_ldap_group_constr; _nss_ldap_hosts_constr; _nss_ldap_networks_constr; _nss_ldap_protocols_constr; _nss_ldap_passwd_constr; _nss_ldap_rpc_constr; _nss_ldap_services_constr; _nss_ldap_shadow_constr; _nss_ldap_netgroup_constr; # everything else should not be exported local: *; }; nss-pam-ldapd-0.8.13/nss/exports.freebsd0000644000175000001440000000045412137221176015030 00000000000000EXPORTED { # published NSS service functions global: # flag to enable or disable lookups _nss_ldap_enablelookups; # version information of NSS module _nss_ldap_version; # module init nss_module_register; # everything else should not be exported local: *; }; nss-pam-ldapd-0.8.13/nss/rpc.c0000644000175000001440000001072212043311100012676 00000000000000/* rpc.c - NSS lookup functions for rpc database Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2010, 2012 Arthur de Jong Copyright (C) 2010 Symas Corporation This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include "prototypes.h" #include "common.h" #include "compat/attrs.h" /* read a sinlge rpc entry from the stream */ static nss_status_t read_rpcent( TFILE *fp,struct rpcent *result, char *buffer,size_t buflen,int *errnop) { int32_t tmpint32,tmp2int32,tmp3int32; size_t bufptr=0; memset(result,0,sizeof(struct rpcent)); READ_BUF_STRING(fp,result->r_name); READ_BUF_STRINGLIST(fp,result->r_aliases); READ_INT32(fp,result->r_number); return NSS_STATUS_SUCCESS; } #ifdef NSS_FLAVOUR_GLIBC /* get a rpc entry by name */ nss_status_t _nss_ldap_getrpcbyname_r( const char *name,struct rpcent *result, char *buffer,size_t buflen,int *errnop) { NSS_BYNAME(NSLCD_ACTION_RPC_BYNAME, name, read_rpcent(fp,result,buffer,buflen,errnop)); } /* get a rpc entry by number */ nss_status_t _nss_ldap_getrpcbynumber_r( int number,struct rpcent *result, char *buffer,size_t buflen,int *errnop) { NSS_BYINT32(NSLCD_ACTION_RPC_BYNUMBER, number, read_rpcent(fp,result,buffer,buflen,errnop)); } /* thread-local file pointer to an ongoing request */ static __thread TFILE *rpcentfp; /* request a stream to list all rpc entries */ nss_status_t _nss_ldap_setrpcent(int UNUSED(stayopen)) { NSS_SETENT(rpcentfp); } /* get an rpc entry from the list */ nss_status_t _nss_ldap_getrpcent_r( struct rpcent *result, char *buffer,size_t buflen,int *errnop) { NSS_GETENT(rpcentfp,NSLCD_ACTION_RPC_ALL, read_rpcent(rpcentfp,result,buffer,buflen,errnop)); } /* close the stream opened by setrpcent() above */ nss_status_t _nss_ldap_endrpcent(void) { NSS_ENDENT(rpcentfp); } #endif /* NSS_FLAVOUR_GLIBC */ #ifdef NSS_FLAVOUR_SOLARIS #ifdef HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN static char *rpcent2str(struct rpcent *result,char *buffer,size_t buflen) { int res,i; res=snprintf(buffer,buflen,"%s %d",result->r_name,result->r_number); if ((res<0)||(res>=buflen)) return NULL; if (result->r_aliases) for (i=0;result->r_aliases[i];i++) { strlcat(buffer," ",buflen); strlcat(buffer,result->r_aliases[i],buflen); } if (strlen(buffer)>=buflen-1) return NULL; return buffer; } #endif /* HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN */ static nss_status_t read_result(TFILE *fp,nss_XbyY_args_t *args) { READ_RESULT(rpcent,&args->erange); } static nss_status_t rpc_getrpcbyname(nss_backend_t UNUSED(*be),void *args) { NSS_BYNAME(NSLCD_ACTION_RPC_BYNAME, NSS_ARGS(args)->key.name, read_result(fp,args)); } static nss_status_t rpc_getrpcbynumber(nss_backend_t UNUSED(*be),void *args) { NSS_BYINT32(NSLCD_ACTION_RPC_BYNUMBER, NSS_ARGS(args)->key.number, read_result(fp,args)); } static nss_status_t rpc_setrpcent(nss_backend_t *be,void UNUSED(*args)) { NSS_SETENT(LDAP_BE(be)->fp); } static nss_status_t rpc_getrpcent(nss_backend_t *be,void *args) { NSS_GETENT(LDAP_BE(be)->fp,NSLCD_ACTION_RPC_ALL, read_result(LDAP_BE(be)->fp,args)); } static nss_status_t rpc_endrpcent(nss_backend_t *be,void UNUSED(*args)) { NSS_ENDENT(LDAP_BE(be)->fp); } static nss_backend_op_t rpc_ops[]={ nss_ldap_destructor, rpc_endrpcent, rpc_setrpcent, rpc_getrpcent, rpc_getrpcbyname, rpc_getrpcbynumber }; nss_backend_t *_nss_ldap_rpc_constr(const char UNUSED(*db_name), const char UNUSED(*src_name),const char UNUSED(*cfg_args)) { return nss_ldap_constructor(rpc_ops,sizeof(rpc_ops)); } #endif /* NSS_FLAVOUR_SOLARIS */ nss-pam-ldapd-0.8.13/nss/networks.c0000644000175000001440000001541512043311100013772 00000000000000/* networks.c - NSS lookup functions for networks database Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2010, 2011, 2012 Arthur de Jong Copyright (C) 2010 Symas Corporation This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include #include "prototypes.h" #include "common.h" #include "compat/attrs.h" /* Redefine some ERROR_OUT macros as we also want to set h_errnop. */ #undef ERROR_OUT_OPENERROR #define ERROR_OUT_OPENERROR \ *errnop=ENOENT; \ *h_errnop=HOST_NOT_FOUND; \ return (errno==EAGAIN)?NSS_STATUS_TRYAGAIN:NSS_STATUS_UNAVAIL; #undef ERROR_OUT_READERROR #define ERROR_OUT_READERROR(fp) \ (void)tio_close(fp); \ fp=NULL; \ *errnop=ENOENT; \ *h_errnop=NO_RECOVERY; \ return NSS_STATUS_UNAVAIL; #undef ERROR_OUT_BUFERROR #define ERROR_OUT_BUFERROR(fp) \ (void)tio_close(fp); \ fp=NULL; \ *errnop=ERANGE; \ *h_errnop=TRY_AGAIN; \ return NSS_STATUS_TRYAGAIN; #undef ERROR_OUT_WRITEERROR #define ERROR_OUT_WRITEERROR(fp) \ ERROR_OUT_READERROR(fp) /* read a single network entry from the stream, ignoring entries that are not AF_INET (IPv4), result is stored in result */ static nss_status_t read_netent( TFILE *fp,struct netent *result, char *buffer,size_t buflen,int *errnop,int *h_errnop) { int32_t tmpint32,tmp2int32,tmp3int32; int32_t numaddr; int readaf; size_t bufptr=0; nss_status_t retv=NSS_STATUS_NOTFOUND; memset(result,0,sizeof(struct netent)); /* read the network entry */ READ_BUF_STRING(fp,result->n_name); READ_BUF_STRINGLIST(fp,result->n_aliases); result->n_addrtype=AF_INET; /* read number of addresses to follow */ READ_TYPE(fp,numaddr,int32_t); /* go through the address list and filter on af */ while (--numaddr>=0) { /* read address family and size */ READ_INT32(fp,readaf); READ_INT32(fp,tmp2int32); /* address length */ if ((readaf==AF_INET)&&(tmp2int32==4)) { /* read address and translate to host byte order */ READ_TYPE(fp,tmpint32,int32_t); result->n_net=ntohl((uint32_t)tmpint32); /* signal that we've read a proper entry */ retv=NSS_STATUS_SUCCESS; /* don't return here to not upset the stream */ } else { /* skip unsupported address families */ SKIP(fp,tmpint32); } } return retv; } /* write an address value */ /* version 2.10 of glibc changed the address from network to host order (changelog entry 2009-07-01) */ #define WRITE_ADDRESS(fp,addr) \ WRITE_INT32(fp,AF_INET); \ WRITE_INT32(fp,4); \ WRITE_INT32(fp,htonl(addr)); #ifdef NSS_FLAVOUR_GLIBC /* get a network entry by name */ nss_status_t _nss_ldap_getnetbyname_r( const char *name,struct netent *result, char *buffer,size_t buflen,int *errnop,int *h_errnop) { NSS_BYNAME(NSLCD_ACTION_NETWORK_BYNAME, name, read_netent(fp,result,buffer,buflen,errnop,h_errnop)); } /* Note: the af parameter is ignored and is assumed to be AF_INET */ /* TODO: implement handling of af parameter */ nss_status_t _nss_ldap_getnetbyaddr_r( uint32_t addr,int UNUSED(af),struct netent *result, char *buffer,size_t buflen,int *errnop,int *h_errnop) { NSS_BYGEN(NSLCD_ACTION_NETWORK_BYADDR, WRITE_ADDRESS(fp,addr), read_netent(fp,result,buffer,buflen,errnop,h_errnop)) } /* thread-local file pointer to an ongoing request */ static __thread TFILE *netentfp; /* start a request to read all networks */ nss_status_t _nss_ldap_setnetent(int UNUSED(stayopen)) { NSS_SETENT(netentfp); } /* get a single network entry from the stream */ nss_status_t _nss_ldap_getnetent_r( struct netent *result, char *buffer,size_t buflen,int *errnop,int *h_errnop) { NSS_GETENT(netentfp,NSLCD_ACTION_NETWORK_ALL, read_netent(netentfp,result,buffer,buflen,errnop,h_errnop)); } /* close the stream opened by setnetent() above */ nss_status_t _nss_ldap_endnetent(void) { NSS_ENDENT(netentfp); } #endif /* NSS_FLAVOUR_GLIBC */ #ifdef NSS_FLAVOUR_SOLARIS #ifdef HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN static char *netent2str(struct netent *result,char *buffer,size_t buflen) { int i,res; struct in_addr priv_in_addr; priv_in_addr.s_addr=result->n_net; res=snprintf(buffer,buflen,"%s %s",result->n_name,inet_ntoa(priv_in_addr)); if ((res<0)||(res>=buflen)) return NULL; if (result->n_aliases) for (i=0;result->n_aliases[i];i++) { strlcat(buffer," ",buflen); strlcat(buffer,result->n_aliases[i],buflen); } if (strlen(buffer)>=buflen-1) return NULL; return buffer; } #endif /* HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN */ static nss_status_t read_result(TFILE *fp,nss_XbyY_args_t *args) { READ_RESULT(netent,&args->erange,&args->h_errno); } /* more of a dirty hack */ #define h_errnop (&(NSS_ARGS(args)->h_errno)) static nss_status_t networks_getnetbyname(nss_backend_t UNUSED(*be),void *args) { NSS_BYNAME(NSLCD_ACTION_NETWORK_BYNAME, NSS_ARGS(args)->key.name, read_result(fp,args)); } static nss_status_t networks_getnetbyaddr(nss_backend_t UNUSED(*be),void *args) { NSS_BYGEN(NSLCD_ACTION_NETWORK_BYADDR, WRITE_ADDRESS(fp,NSS_ARGS(args)->key.netaddr.net), read_result(fp,args)); } static nss_status_t networks_setnetent(nss_backend_t *be,void UNUSED(*args)) { NSS_SETENT(LDAP_BE(be)->fp); } static nss_status_t networks_getnetent(nss_backend_t *be,void *args) { NSS_GETENT(LDAP_BE(be)->fp,NSLCD_ACTION_NETWORK_ALL, read_result(LDAP_BE(be)->fp,args)); } static nss_status_t networks_endnetent(nss_backend_t *be,void UNUSED(*args)) { NSS_ENDENT(LDAP_BE(be)->fp); } static nss_backend_op_t networks_ops[]={ nss_ldap_destructor, networks_endnetent, networks_setnetent, networks_getnetent, networks_getnetbyname, networks_getnetbyaddr }; nss_backend_t *_nss_ldap_networks_constr(const char UNUSED(*db_name), const char UNUSED(*src_name),const char UNUSED(*cfg_args)) { return nss_ldap_constructor(networks_ops,sizeof(networks_ops)); } #endif /* NSS_FLAVOUR_SOLARIS */ nss-pam-ldapd-0.8.13/nss/services.c0000644000175000001440000001211512043311100013733 00000000000000/* service.c - NSS lookup functions for services database Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2010, 2012 Arthur de Jong Copyright (C) 2010 Symas Corporation This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include "prototypes.h" #include "common.h" #include "compat/attrs.h" /* read a single services result entry from the stream */ static nss_status_t read_servent( TFILE *fp,struct servent *result, char *buffer,size_t buflen,int *errnop) { int32_t tmpint32,tmp2int32,tmp3int32; size_t bufptr=0; memset(result,0,sizeof(struct servent)); READ_BUF_STRING(fp,result->s_name); READ_BUF_STRINGLIST(fp,result->s_aliases); /* store port number in network byte order */ READ_TYPE(fp,tmpint32,int32_t); result->s_port=htons((uint16_t)tmpint32); READ_BUF_STRING(fp,result->s_proto); /* we're done */ return NSS_STATUS_SUCCESS; } #ifdef NSS_FLAVOUR_GLIBC /* get a service entry by name and protocol */ nss_status_t _nss_ldap_getservbyname_r( const char *name,const char *protocol,struct servent *result, char *buffer,size_t buflen,int *errnop) { NSS_BYGEN(NSLCD_ACTION_SERVICE_BYNAME, WRITE_STRING(fp,name);WRITE_STRING(fp,protocol), read_servent(fp,result,buffer,buflen,errnop)); } /* get a service entry by port and protocol */ nss_status_t _nss_ldap_getservbyport_r( int port,const char *protocol,struct servent *result, char *buffer,size_t buflen,int *errnop) { NSS_BYGEN(NSLCD_ACTION_SERVICE_BYNUMBER, WRITE_INT32(fp,ntohs(port));WRITE_STRING(fp,protocol), read_servent(fp,result,buffer,buflen,errnop)); } /* thread-local file pointer to an ongoing request */ static __thread TFILE *serventfp; /* open request to get all services */ nss_status_t _nss_ldap_setservent(int UNUSED(stayopen)) { NSS_SETENT(serventfp); } /* read a single returned service definition */ nss_status_t _nss_ldap_getservent_r( struct servent *result, char *buffer,size_t buflen,int *errnop) { NSS_GETENT(serventfp,NSLCD_ACTION_SERVICE_ALL, read_servent(serventfp,result,buffer,buflen,errnop)); } /* close the stream opened by setservent() above */ nss_status_t _nss_ldap_endservent(void) { NSS_ENDENT(serventfp); } #endif /* NSS_FLAVOUR_GLIBC */ #ifdef NSS_FLAVOUR_SOLARIS #ifdef HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN static char *servent2str(struct servent *result,char *buffer,size_t buflen) { int res,i; res=snprintf(buffer,buflen,"%s %d/%s",result->s_name,result->s_port,result->s_proto); if ((res<0)||(res>=buflen)) return NULL; if (result->s_aliases) for (i=0;result->s_aliases[i];i++) { strlcat(buffer," ",buflen); strlcat(buffer,result->s_aliases[i],buflen); } if (strlen(buffer)>=buflen-1) return NULL; return buffer; } #endif /* HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN */ static nss_status_t read_result(TFILE *fp,nss_XbyY_args_t *args) { READ_RESULT(servent,&args->erange); } static nss_status_t services_getservbyname(nss_backend_t UNUSED(*be),void *args) { NSS_BYGEN(NSLCD_ACTION_SERVICE_BYNAME, WRITE_STRING(fp,NSS_ARGS(args)->key.serv.serv.name); WRITE_STRING(fp,NSS_ARGS(args)->key.serv.proto), read_result(fp,args)); } static nss_status_t services_getservbyport(nss_backend_t UNUSED(*be),void *args) { NSS_BYGEN(NSLCD_ACTION_SERVICE_BYNUMBER, WRITE_INT32(fp,ntohs(NSS_ARGS(args)->key.serv.serv.port)); WRITE_STRING(fp,NSS_ARGS(args)->key.serv.proto), read_result(fp,args)); } static nss_status_t services_setservent(nss_backend_t *be,void UNUSED(*args)) { NSS_SETENT(LDAP_BE(be)->fp); } static nss_status_t services_getservent(nss_backend_t *be,void *args) { NSS_GETENT(LDAP_BE(be)->fp,NSLCD_ACTION_SERVICE_ALL, read_result(LDAP_BE(be)->fp,args)); } static nss_status_t services_endservent(nss_backend_t *be,void UNUSED(*args)) { NSS_ENDENT(LDAP_BE(be)->fp); } static nss_backend_op_t services_ops[]={ nss_ldap_destructor, services_endservent, services_setservent, services_getservent, services_getservbyname, services_getservbyport }; nss_backend_t *_nss_ldap_services_constr(const char UNUSED(*db_name), const char UNUSED(*src_name),const char UNUSED(*cfg_args)) { return nss_ldap_constructor(services_ops,sizeof(services_ops)); } #endif /* NSS_FLAVOUR_SOLARIS */ nss-pam-ldapd-0.8.13/nss/hosts.c0000644000175000001440000002216612043311100013257 00000000000000/* hosts.c - NSS lookup functions for hosts database Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2010, 2012 Arthur de Jong Copyright (C) 2010 Symas Corporation This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include #include "prototypes.h" #include "common.h" #include "compat/attrs.h" /* Redefine some ERROR_OUT macros as we also want to set h_errnop. */ #undef ERROR_OUT_OPENERROR #define ERROR_OUT_OPENERROR \ *errnop=ENOENT; \ *h_errnop=HOST_NOT_FOUND; \ return (errno==EAGAIN)?NSS_STATUS_TRYAGAIN:NSS_STATUS_UNAVAIL; #undef ERROR_OUT_READERROR #define ERROR_OUT_READERROR(fp) \ (void)tio_close(fp); \ fp=NULL; \ *errnop=ENOENT; \ *h_errnop=NO_RECOVERY; \ return NSS_STATUS_UNAVAIL; #undef ERROR_OUT_BUFERROR #define ERROR_OUT_BUFERROR(fp) \ (void)tio_close(fp); \ fp=NULL; \ *errnop=ERANGE; \ *h_errnop=TRY_AGAIN; \ return NSS_STATUS_TRYAGAIN; #undef ERROR_OUT_WRITEERROR #define ERROR_OUT_WRITEERROR(fp) \ ERROR_OUT_READERROR(fp) /* read a single host entry from the stream, filtering on the specified address family, result is stored in result it will an empty entry if no addresses in the address family were available */ static nss_status_t read_one_hostent( TFILE *fp,struct hostent *result, char *buffer,size_t buflen,int *errnop,int *h_errnop,int af) { int32_t tmpint32,tmp2int32,tmp3int32; int32_t numaddr; int i; int readaf; size_t bufptr=0; memset(result,0,sizeof(struct hostent)); /* read the host entry */ READ_BUF_STRING(fp,result->h_name); READ_BUF_STRINGLIST(fp,result->h_aliases); result->h_addrtype=af; result->h_length=0; /* read number of addresses to follow */ READ_INT32(fp,numaddr); /* allocate memory for array */ /* Note: this may allocate too much memory (e.g. also for address records of other address families) but this is a simple way to do it */ BUF_ALLOC(fp,result->h_addr_list,char *,numaddr+1); /* go through the address list and filter on af */ i=0; while (--numaddr>=0) { /* read address family and size */ READ_INT32(fp,readaf); READ_INT32(fp,tmp2int32); if (readaf==af) { /* read the address */ result->h_length=tmp2int32; READ_BUF(fp,result->h_addr_list[i++],tmp2int32); } else { SKIP(fp,tmpint32); } } /* null-terminate address list */ result->h_addr_list[i]=NULL; return NSS_STATUS_SUCCESS; } /* this is a wrapper around read_one_hostent() that checks whether the read address list is empty and tries the next result if available if retry is set */ static nss_status_t read_hostent( TFILE *fp,struct hostent *result, char *buffer,size_t buflen,int *errnop,int *h_errnop,int af,int retry) { int32_t tmpint32; nss_status_t retv; /* check until we read an non-empty entry, error or */ while (1) { retv=read_one_hostent(fp,result,buffer,buflen,errnop,h_errnop,af); /* check result */ if ((retv!=NSS_STATUS_SUCCESS)||(result->h_addr_list[0]!=NULL)) return retv; /* error of if we are not retrying */ if (!retry) { *errnop=ENOENT; *h_errnop=NO_ADDRESS; (void)tio_close(fp); return NSS_STATUS_NOTFOUND; } /* skip to the next entry */ READ_RESPONSE_CODE(fp); } } /* write an address value */ #define WRITE_ADDRESS(fp,af,len,addr) \ WRITE_INT32(fp,af); \ WRITE_INT32(fp,len); \ WRITE(fp,addr,len); #ifdef NSS_FLAVOUR_GLIBC /* this function looks up a single host entry and returns all the addresses associated with the host in a single address familiy name - IN - hostname to lookup af - IN - address familty to present results for result - OUT - entry found buffer,buflen - OUT - buffer to store allocated stuff on errnop,h_errnop - OUT - for reporting errors */ nss_status_t _nss_ldap_gethostbyname2_r( const char *name,int af,struct hostent *result, char *buffer,size_t buflen,int *errnop,int *h_errnop) { NSS_BYNAME(NSLCD_ACTION_HOST_BYNAME, name, read_hostent(fp,result,buffer,buflen,errnop,h_errnop,af,0)); } /* this function just calls the gethostbyname2() variant with the address familiy set */ nss_status_t _nss_ldap_gethostbyname_r( const char *name,struct hostent *result, char *buffer,size_t buflen,int *errnop,int *h_errnop) { return _nss_ldap_gethostbyname2_r(name,AF_INET,result,buffer,buflen,errnop,h_errnop); } /* this function looks up a single host entry and returns all the addresses associated with the host in a single address familiy addr - IN - the address to look up len - IN - the size of the addr struct af - IN - address familty the address is specified as result - OUT - entry found buffer,buflen - OUT - buffer to store allocated stuff on errnop,h_errnop - OUT - for reporting errors */ nss_status_t _nss_ldap_gethostbyaddr_r( const void *addr,socklen_t len,int af,struct hostent *result, char *buffer,size_t buflen,int *errnop,int *h_errnop) { NSS_BYGEN(NSLCD_ACTION_HOST_BYADDR, WRITE_ADDRESS(fp,af,len,addr), read_hostent(fp,result,buffer,buflen,errnop,h_errnop,af,0)) } /* thread-local file pointer to an ongoing request */ static __thread TFILE *hostentfp; nss_status_t _nss_ldap_sethostent(int UNUSED(stayopen)) { NSS_SETENT(hostentfp); } /* this function only returns addresses of the AF_INET address family */ nss_status_t _nss_ldap_gethostent_r( struct hostent *result, char *buffer,size_t buflen,int *errnop,int *h_errnop) { NSS_GETENT(hostentfp,NSLCD_ACTION_HOST_ALL, read_hostent(hostentfp,result,buffer,buflen,errnop,h_errnop,AF_INET,1)); } /* close the stream opened with sethostent() above */ nss_status_t _nss_ldap_endhostent(void) { NSS_ENDENT(hostentfp); } #endif /* NSS_FLAVOUR_GLIBC */ #ifdef NSS_FLAVOUR_SOLARIS #ifdef HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN static char *hostent2str(struct hostent *result,char *buffer,size_t buflen) { int i,j; /* build the formatted string, one line per address */ buffer[0]='\0'; if (result->h_addr_list!=NULL) { for (i=0;result->h_addr_list[i];i++) { if (i>0) strlcat(buffer,"\n",buflen); /* snprintf writes a terminating \0 on Solaris */ snprintf(buffer,buflen-strlen(buffer)-1, "%s %s",inet_ntoa(*((struct in_addr *)result->h_addr_list[i])),result->h_name); /* add aliases for first line only */ if ((i==0)&&(result->h_aliases)) { for (j=0;result->h_aliases[j];j++) { strlcat(buffer," ",buflen); strlcat(buffer,result->h_aliases[j],buflen); } } } } if (strlen(buffer)>=buflen-1) return NULL; return buffer; } #endif /* HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN */ static nss_status_t read_result(TFILE *fp,int af,int retry,nss_XbyY_args_t *args) { READ_RESULT(hostent,&args->erange,&args->h_errno,af,retry); } /* hack to set the correct h_errno */ #define h_errnop &(NSS_ARGS(args)->h_errno) static nss_status_t hosts_gethostbyname(nss_backend_t UNUSED(*be),void *args) { NSS_BYNAME(NSLCD_ACTION_HOST_BYNAME, NSS_ARGS(args)->key.name, read_result(fp,AF_INET,0,args)); } static nss_status_t hosts_gethostbyaddr(nss_backend_t UNUSED(*be),void *args) { NSS_BYGEN(NSLCD_ACTION_HOST_BYADDR, WRITE_ADDRESS(fp,NSS_ARGS(args)->key.hostaddr.type,NSS_ARGS(args)->key.hostaddr.len,NSS_ARGS(args)->key.hostaddr.addr), read_result(fp,NSS_ARGS(args)->key.hostaddr.type,0,args)); } static nss_status_t hosts_sethostent(nss_backend_t *be,void UNUSED(*args)) { NSS_SETENT(LDAP_BE(be)->fp); } static nss_status_t hosts_gethostent(nss_backend_t *be,void *args) { NSS_GETENT(LDAP_BE(be)->fp,NSLCD_ACTION_HOST_ALL, read_result(LDAP_BE(be)->fp,AF_INET,1,args)); } static nss_status_t hosts_endhostent(nss_backend_t *be,void UNUSED(*args)) { NSS_ENDENT(LDAP_BE(be)->fp); } static nss_backend_op_t hosts_ops[]={ nss_ldap_destructor, hosts_endhostent, hosts_sethostent, hosts_gethostent, hosts_gethostbyname, hosts_gethostbyaddr }; nss_backend_t *_nss_ldap_hosts_constr(const char UNUSED(*db_name), const char UNUSED(*src_name),const char UNUSED(*cfg_args)) { return nss_ldap_constructor(hosts_ops,sizeof(hosts_ops)); } #endif /* NSS_FLAVOUR_SOLARIS */ nss-pam-ldapd-0.8.13/nss/group.c0000644000175000001440000002027712043311100013254 00000000000000/* group.c - NSS lookup functions for group database Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2009, 2010, 2012 Arthur de Jong Copyright (C) 2010 Symas Corporation This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include "prototypes.h" #include "common.h" #include "compat/attrs.h" /* read a single group entry from the stream */ static nss_status_t read_group( TFILE *fp,struct group *result, char *buffer,size_t buflen,int *errnop) { int32_t tmpint32,tmp2int32,tmp3int32; size_t bufptr=0; memset(result,0,sizeof(struct group)); READ_BUF_STRING(fp,result->gr_name); READ_BUF_STRING(fp,result->gr_passwd); READ_TYPE(fp,result->gr_gid,gid_t); READ_BUF_STRINGLIST(fp,result->gr_mem); return NSS_STATUS_SUCCESS; } /* read all group entries from the stream and add gids of these groups to the list */ static nss_status_t read_gids( TFILE *fp,gid_t skipgroup,long int *start,long int *size, gid_t **groupsp,long int limit,int *errnop) { int32_t res=(int32_t)NSLCD_RESULT_BEGIN; int32_t tmpint32,tmp2int32,tmp3int32; gid_t gid; #ifdef NSS_FLAVOUR_GLIBC gid_t *newgroups; long int newsize; #endif /* NSS_FLAVOUR_GLIBC */ /* loop over results */ while (res==(int32_t)NSLCD_RESULT_BEGIN) { /* skip group name */ SKIP_STRING(fp); /* skip passwd entry */ SKIP_STRING(fp); /* read gid */ READ_TYPE(fp,gid,gid_t); /* skip members */ SKIP_STRINGLIST(fp); /* only add the group to the list if it is not the specified group */ if (gid!=skipgroup) { #ifdef NSS_FLAVOUR_GLIBC /* check if we reached the limit */ if ( (limit>0) && (*start>=limit) ) return NSS_STATUS_TRYAGAIN; /* check if our buffer is large enough */ if ((*start)>=(*size)) { /* for some reason Glibc expects us to grow the array (completely different from all other NSS functions) */ /* calculate new size */ newsize=2*(*size); if ( (limit>0) && (*start>=limit) ) newsize=limit; /* allocate new memory */ newgroups=realloc(*groupsp,newsize*sizeof(gid_t)); if (newgroups==NULL) return NSS_STATUS_TRYAGAIN; *groupsp=newgroups; *size=newsize; } #endif /* NSS_FLAVOUR_GLIBC */ #ifdef NSS_FLAVOUR_SOLARIS /* check if we reached the limit */ if ( (limit>0) && (*start>=limit) ) { *errnop=1; /* this is args->erange */ return NSS_STATUS_NOTFOUND; } #endif /* NSS_FLAVOUR_SOLARIS */ /* add gid to list */ (*groupsp)[(*start)++]=gid; } /* read next response code (don't bail out on not success since we just want to build up a list) */ READ_TYPE(fp,res,int32_t); } /* return the proper status code */ return NSS_STATUS_SUCCESS; } #ifdef NSS_FLAVOUR_GLIBC /* get a group entry by name */ nss_status_t _nss_ldap_getgrnam_r( const char *name,struct group *result, char *buffer,size_t buflen,int *errnop) { NSS_BYNAME(NSLCD_ACTION_GROUP_BYNAME, name, read_group(fp,result,buffer,buflen,errnop)); } /* get a group entry by numeric gid */ nss_status_t _nss_ldap_getgrgid_r( gid_t gid,struct group *result, char *buffer,size_t buflen,int *errnop) { NSS_BYTYPE(NSLCD_ACTION_GROUP_BYGID, gid,gid_t, read_group(fp,result,buffer,buflen,errnop)); } /* thread-local file pointer to an ongoing request */ static __thread TFILE *grentfp; /* start a request to read all groups */ nss_status_t _nss_ldap_setgrent(int UNUSED(stayopen)) { NSS_SETENT(grentfp); } /* read a single group from the stream */ nss_status_t _nss_ldap_getgrent_r( struct group *result, char *buffer,size_t buflen,int *errnop) { NSS_GETENT(grentfp,NSLCD_ACTION_GROUP_ALL, read_group(grentfp,result,buffer,buflen,errnop)); } /* close the stream opened with setgrent() above */ nss_status_t _nss_ldap_endgrent(void) { NSS_ENDENT(grentfp); } /* this function returns a list of groups, documentation for the interface is scarce (any pointers are welcome) but this is what is assumed the parameters mean: user IN - the user name to find groups for skipgroup IN - a group to not include in the list *start IN/OUT - where to write in the array, is incremented *size IN/OUT - the size of the supplied array (gid_t entries, not bytes) **groupsp IN/OUT - pointer to the array of returned groupids limit IN - the maxium size of the array *errnop OUT - for returning errno */ nss_status_t _nss_ldap_initgroups_dyn( const char *user,gid_t skipgroup,long int *start, long int *size,gid_t **groupsp,long int limit,int *errnop) { /* temporarily map the buffer and buflen names so the check in NSS_BYNAME for validity of the buffer works (renaming the parameters may cause confusion) */ #define buffer groupsp #define buflen *size NSS_BYNAME(NSLCD_ACTION_GROUP_BYMEMBER, user, read_gids(fp,skipgroup,start,size,groupsp,limit,errnop)); #undef buffer #undef buflen } #endif /* NSS_FLAVOUR_GLIBC */ #ifdef NSS_FLAVOUR_SOLARIS #ifdef HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN static char *group2str(struct group *result,char *buffer,size_t buflen) { int res,i; res=snprintf(buffer,buflen,"%s:%s:%d:",result->gr_name,result->gr_passwd,(int)result->gr_gid); if ((res<0)||(res>=buflen)) return NULL; if (result->gr_mem) for (i=0;result->gr_mem[i];i++) { if (i) strlcat(buffer,",",buflen); strlcat(buffer,result->gr_mem[i],buflen); } /* check if buffer overflowed */ if (strlen(buffer)>=buflen-1) return NULL; return buffer; } #endif /* HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN */ static nss_status_t read_result(TFILE *fp,nss_XbyY_args_t *args) { READ_RESULT(group,&args->erange); } static nss_status_t group_getgrnam(nss_backend_t UNUSED(*be),void *args) { NSS_BYNAME(NSLCD_ACTION_GROUP_BYNAME, NSS_ARGS(args)->key.name, read_result(fp,args)); } static nss_status_t group_getgrgid(nss_backend_t UNUSED(*be),void *args) { NSS_BYTYPE(NSLCD_ACTION_GROUP_BYGID, NSS_ARGS(args)->key.gid,gid_t, read_result(fp,args)); } static nss_status_t group_setgrent(nss_backend_t *be,void UNUSED(*args)) { NSS_SETENT(LDAP_BE(be)->fp); } static nss_status_t group_getgrent(nss_backend_t *be,void *args) { NSS_GETENT(LDAP_BE(be)->fp,NSLCD_ACTION_GROUP_ALL, read_result(LDAP_BE(be)->fp,args)); } static nss_status_t group_endgrent(nss_backend_t *be,void UNUSED(*args)) { NSS_ENDENT(LDAP_BE(be)->fp); } static nss_status_t group_getgroupsbymember(nss_backend_t UNUSED(*be),void *args) { struct nss_groupsbymem *argp=(struct nss_groupsbymem *)args; long int start=(long int)argp->numgids; gid_t skipgroup=(start>0)?argp->gid_array[0]:(gid_t)-1; NSS_BYNAME(NSLCD_ACTION_GROUP_BYMEMBER, argp->username, read_gids(fp,skipgroup,&start,NULL,(gid_t **)&argp->gid_array,argp->maxgids,&NSS_ARGS(args)->erange); argp->numgids=(int)start;); } static nss_backend_op_t group_ops[]={ nss_ldap_destructor, group_endgrent, group_setgrent, group_getgrent, group_getgrnam, group_getgrgid, group_getgroupsbymember }; nss_backend_t *_nss_ldap_group_constr(const char UNUSED(*db_name), const char UNUSED(*src_name),const char UNUSED(*cfg_args)) { return nss_ldap_constructor(group_ops,sizeof(group_ops)); } #endif /* NSS_FLAVOUR_SOLARIS */ nss-pam-ldapd-0.8.13/nss/common.h0000644000175000001440000001467712137217060013442 00000000000000/* common.h - common functions for NSS lookups Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef NSS__COMMON_H #define NSS__COMMON_H 1 #include #include #include "nslcd.h" #include "common/nslcd-prot.h" #include "compat/attrs.h" #include "compat/nss_compat.h" #ifdef NSS_FLAVOUR_SOLARIS #include "solnss.h" #endif /* NSS_FLAVOUR_SOLARIS */ /* These are macros for handling read and write problems, they are NSS specific due to the return code so are defined here. They genrally close the open file, set an error code and return with an error status. */ /* Macro is called to handle errors in opening a client connection. */ #define ERROR_OUT_OPENERROR \ *errnop=ENOENT; \ return (errno==EAGAIN)?NSS_STATUS_TRYAGAIN:NSS_STATUS_UNAVAIL; /* Macro is called to handle errors on read operations. */ #define ERROR_OUT_READERROR(fp) \ (void)tio_close(fp); \ fp=NULL; \ *errnop=ENOENT; \ return NSS_STATUS_UNAVAIL; /* Macro is called to handle problems with too small a buffer. This triggers the caller to call the function with a larger buffer (see NSS_GETENT below). */ #define ERROR_OUT_BUFERROR(fp) \ *errnop=ERANGE; \ return NSS_STATUS_TRYAGAIN; /* This macro is called if there was a problem with a write operation. */ #define ERROR_OUT_WRITEERROR(fp) \ ERROR_OUT_READERROR(fp) /* This macro is called if the read status code is not NSLCD_RESULT_BEGIN. */ #define ERROR_OUT_NOSUCCESS(fp) \ (void)tio_close(fp); \ fp=NULL; \ return NSS_STATUS_NOTFOUND; /* These are some general macros that are used to build parts of the genral macros below. */ /* check to see if we should answer NSS requests */ #define NSS_AVAILCHECK \ if (!_nss_ldap_enablelookups) \ return NSS_STATUS_UNAVAIL; #ifdef NSS_FLAVOUR_GLIBC /* extra definitions we need (nothing for Glibc) */ #define NSS_EXTRA_DEFS ; /* check validity of passed buffer (Glibc flavour) */ #define NSS_BUFCHECK \ if (buffer==NULL) \ { \ *errnop=EINVAL; \ return NSS_STATUS_UNAVAIL; \ } \ if (buflen==0) \ { \ *errnop=ERANGE; \ return NSS_STATUS_TRYAGAIN; \ } #endif /* NSS_FLAVOUR_GLIBC */ /* The following macros to automatically generate get..byname(), get..bynumber(), setent(), getent() and endent() function bodies. These functions have very common code so this can easily be reused. */ /* This is a generic get..by..() generation macro. The action parameter is the NSLCD_ACTION_.. action, the writefn is the operation for writing the parameters and readfn is the function name for reading a single result entry. The function is assumed to have result, buffer, buflen and errnop parameters that define the result structure, the user buffer with length and the errno to return. This macro should be called through some of the customized ones below. */ #define NSS_BYGEN(action,writefn,readfn) \ TFILE *fp; \ int32_t tmpint32; \ nss_status_t retv; \ NSS_EXTRA_DEFS; \ NSS_AVAILCHECK; \ NSS_BUFCHECK; \ /* open socket and write request */ \ NSLCD_REQUEST(fp,action,writefn); \ /* read response */ \ READ_RESPONSE_CODE(fp); \ retv=readfn; \ /* close socket and we're done */ \ if ((retv==NSS_STATUS_SUCCESS)||(retv==NSS_STATUS_TRYAGAIN)) \ { \ (void)tio_skipall(fp); \ (void)tio_close(fp); \ } \ return retv; /* This macro can be used to generate a get..byname() function body. */ #define NSS_BYNAME(action,name,readfn) \ NSS_BYGEN(action,WRITE_STRING(fp,name),readfn) /* This macro can be used to generate a get..by..() function body where the value that is the key has the specified type. */ #define NSS_BYTYPE(action,val,type,readfn) \ NSS_BYGEN(action,WRITE_TYPE(fp,val,type),readfn) /* This macro can be used to generate a get..by..() function body where the value should be passed as an int32_t. */ #define NSS_BYINT32(action,val,readfn) \ NSS_BYGEN(action,WRITE_INT32(fp,val),readfn) /* This macro generates a simple setent() function body. This closes any open streams so that NSS_GETENT() can open a new file. */ #define NSS_SETENT(fp) \ NSS_AVAILCHECK; \ if (fp!=NULL) \ { \ (void)tio_close(fp); \ fp=NULL; \ } \ return NSS_STATUS_SUCCESS; /* This macro generates a getent() function body. If the stream is not yet open, a new one is opened, a request is written and a check is done for a response header. A single entry is read with the readfn() function. */ #define NSS_GETENT(fp,action,readfn) \ int32_t tmpint32; \ nss_status_t retv; \ NSS_EXTRA_DEFS; \ NSS_AVAILCHECK; \ NSS_BUFCHECK; \ /* check that we have a valid file descriptor */ \ if (fp==NULL) \ { \ /* open a new stream and write the request */ \ NSLCD_REQUEST(fp,action,/* no writefn */;); \ } \ /* prepare for buffer errors */ \ tio_mark(fp); \ /* read a response */ \ READ_RESPONSE_CODE(fp); \ retv=readfn; \ /* check read result */ \ if (retv==NSS_STATUS_TRYAGAIN) \ { \ /* if we have a full buffer try to reset the stream */ \ if (tio_reset(fp)) \ { \ /* reset failed, we close and give up with a permanent error \ because we cannot retry just the getent() call because it \ may not be only the first entry that failed */ \ tio_close(fp); \ fp=NULL; \ *errnop=EINVAL; \ return NSS_STATUS_UNAVAIL; \ } \ } \ else if (retv!=NSS_STATUS_SUCCESS) \ fp=NULL; /* file should be closed by now */ \ return retv; /* This macro generates an endent() function body. This just closes the stream. */ #define NSS_ENDENT(fp) \ NSS_AVAILCHECK; \ if (fp!=NULL) \ { \ (void)tio_skipall(fp); \ (void)tio_close(fp); \ fp=NULL; \ } \ return NSS_STATUS_SUCCESS; #endif /* not NSS__COMMON_H */ nss-pam-ldapd-0.8.13/nss/protocols.c0000644000175000001440000001124212043311100014134 00000000000000/* protocols.c - NSS lookup functions for protocol database Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2010, 2012 Arthur de Jong Copyright (C) 2010 Symas Corporation This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include "prototypes.h" #include "common.h" #include "compat/attrs.h" /* read a single protocol entry from the stream */ static nss_status_t read_protoent( TFILE *fp,struct protoent *result, char *buffer,size_t buflen,int *errnop) { int32_t tmpint32,tmp2int32,tmp3int32; size_t bufptr=0; memset(result,0,sizeof(struct protoent)); READ_BUF_STRING(fp,result->p_name); READ_BUF_STRINGLIST(fp,result->p_aliases); READ_INT32(fp,result->p_proto); return NSS_STATUS_SUCCESS; } #ifdef NSS_FLAVOUR_GLIBC /* get a protocol entry by name */ nss_status_t _nss_ldap_getprotobyname_r( const char *name,struct protoent *result, char *buffer,size_t buflen,int *errnop) { NSS_BYNAME(NSLCD_ACTION_PROTOCOL_BYNAME, name, read_protoent(fp,result,buffer,buflen,errnop)); } /* get a protocol entry by number */ nss_status_t _nss_ldap_getprotobynumber_r( int number,struct protoent *result, char *buffer,size_t buflen,int *errnop) { NSS_BYINT32(NSLCD_ACTION_PROTOCOL_BYNUMBER, number, read_protoent(fp,result,buffer,buflen,errnop)); } /* thread-local file pointer to an ongoing request */ static __thread TFILE *protoentfp; /* start a request to read all protocol entries */ nss_status_t _nss_ldap_setprotoent(int UNUSED(stayopen)) { NSS_SETENT(protoentfp); } /* get a single protocol entry */ nss_status_t _nss_ldap_getprotoent_r( struct protoent *result, char *buffer,size_t buflen,int *errnop) { NSS_GETENT(protoentfp,NSLCD_ACTION_PROTOCOL_ALL, read_protoent(protoentfp,result,buffer,buflen,errnop)); } /* close the stream opened by setprotoent() above */ nss_status_t _nss_ldap_endprotoent(void) { NSS_ENDENT(protoentfp); } #endif /* NSS_FLAVOUR_GLIBC */ #ifdef NSS_FLAVOUR_SOLARIS #ifdef HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN static char *protoent2str(struct protoent *result,char *buffer,size_t buflen) { int res,i; res=snprintf(buffer,buflen,"%s\t\t%d",result->p_name,result->p_proto); if ((res<0)||(res>=buflen)) return NULL; if (result->p_aliases) for (i=0;result->p_aliases[i];i++) { strlcat(buffer," ",buflen); strlcat(buffer,result->p_aliases[i],buflen); } if (strlen(buffer)>=buflen-1) return NULL; return buffer; } #endif /* HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN */ static nss_status_t read_result(TFILE *fp,nss_XbyY_args_t *args) { READ_RESULT(protoent,&args->erange); } static nss_status_t protocols_getprotobyname(nss_backend_t UNUSED(*be),void *args) { NSS_BYNAME(NSLCD_ACTION_PROTOCOL_BYNAME, NSS_ARGS(args)->key.name, read_result(fp,args)); } static nss_status_t protocols_getprotobynumber(nss_backend_t UNUSED(*be),void *args) { NSS_BYINT32(NSLCD_ACTION_PROTOCOL_BYNUMBER, NSS_ARGS(args)->key.number, read_result(fp,args)); } static nss_status_t protocols_setprotoent(nss_backend_t *be,void UNUSED(*args)) { NSS_SETENT(LDAP_BE(be)->fp); } static nss_status_t protocols_getprotoent(nss_backend_t *be,void *args) { NSS_GETENT(LDAP_BE(be)->fp,NSLCD_ACTION_PROTOCOL_ALL, read_result(LDAP_BE(be)->fp,args)); } static nss_status_t protocols_endprotoent(nss_backend_t *be,void UNUSED(*args)) { NSS_ENDENT(LDAP_BE(be)->fp); } static nss_backend_op_t protocols_ops[]={ nss_ldap_destructor, protocols_endprotoent, protocols_setprotoent, protocols_getprotoent, protocols_getprotobyname, protocols_getprotobynumber }; nss_backend_t *_nss_ldap_protocols_constr(const char UNUSED(*db_name), const char UNUSED(*src_name),const char UNUSED(*cfg_args)) { return nss_ldap_constructor(protocols_ops,sizeof(protocols_ops)); } #endif /* NSS_FLAVOUR_SOLARIS */ nss-pam-ldapd-0.8.13/nss/netgroup.c0000644000175000001440000002357412042477230014006 00000000000000/* netgroup.c - NSS lookup functions for netgroup entries Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2010, 2012 Arthur de Jong Copyright (C) 2010 Symas Corporation This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include "prototypes.h" #include "common.h" #include "compat/attrs.h" #include "common/set.h" /* we redefine this here because we need to return NSS_STATUS_RETURN instead of NSS_STATUS_NOTFOUND */ #undef ERROR_OUT_NOSUCCESS #define ERROR_OUT_NOSUCCESS(fp) \ (void)tio_close(fp); \ fp=NULL; \ return NSS_STATUS_RETURN; /* function for reading a single result entry */ static nss_status_t read_netgrent( TFILE *fp,struct __netgrent *result, char *buffer,size_t buflen,int *errnop) { int32_t tmpint32; int type; size_t bufptr=0; /* read netgroup type */ READ_INT32(fp,type); if (type==NSLCD_NETGROUP_TYPE_NETGROUP) { /* the response is a reference to another netgroup */ result->type=group_val; READ_BUF_STRING(fp,result->val.group); } else if (type==NSLCD_NETGROUP_TYPE_TRIPLE) { /* the response is a host/user/domain triple */ result->type=triple_val; /* read host and revert to NULL on empty string */ READ_BUF_STRING(fp,result->val.triple.host); if (result->val.triple.host[0]=='\0') { result->val.triple.host=NULL; bufptr--; /* free unused space */ } /* read user and revert to NULL on empty string */ READ_BUF_STRING(fp,result->val.triple.user); if (result->val.triple.user[0]=='\0') { result->val.triple.user=NULL; bufptr--; /* free unused space */ } /* read domain and revert to NULL on empty string */ READ_BUF_STRING(fp,result->val.triple.domain); if (result->val.triple.domain[0]=='\0') { result->val.triple.domain=NULL; bufptr--; /* free unused space */ } } else return NSS_STATUS_UNAVAIL; /* we're done */ return NSS_STATUS_SUCCESS; } #ifdef NSS_FLAVOUR_GLIBC /* thread-local file pointer to an ongoing request */ static __thread TFILE *netgrentfp; /* start a request to get a netgroup by name */ nss_status_t _nss_ldap_setnetgrent( const char *group,struct __netgrent UNUSED(*result)) { /* we cannot use NSS_SETENT() here because we have a parameter that is only available in this function */ int32_t tmpint32; int errnocp; int *errnop; if (!_nss_ldap_enablelookups) return NSS_STATUS_UNAVAIL; errnop=&errnocp; /* check parameter */ if ((group==NULL)||(group[0]=='\0')) return NSS_STATUS_UNAVAIL; /* open a new stream and write the request */ NSLCD_REQUEST(netgrentfp,NSLCD_ACTION_NETGROUP_BYNAME,WRITE_STRING(netgrentfp,group)); return NSS_STATUS_SUCCESS; } /* get a single netgroup tuple from the stream */ nss_status_t _nss_ldap_getnetgrent_r( struct __netgrent *result, char *buffer,size_t buflen,int *errnop) { NSS_GETENT(netgrentfp,NSLCD_ACTION_NETGROUP_BYNAME, read_netgrent(netgrentfp,result,buffer,buflen,errnop)); } /* close the stream opened with setnetgrent() above */ nss_status_t _nss_ldap_endnetgrent(struct __netgrent UNUSED(*result)) { NSS_ENDENT(netgrentfp); } #endif /* NSS_FLAVOUR_GLIBC */ #ifdef NSS_FLAVOUR_SOLARIS /* this is the backend structure for the {set,get,end}ent() functions */ struct setnetgrent_backend { nss_backend_op_t *ops; /* function-pointer table */ int n_ops; /* number of function pointers */ TFILE *fp; /* the file pointer for {set,get,end}ent() functions */ SET *seen_groups; /* netgroups seen, for loop detection */ SET *unseen_groups; /* netgroups that need to be chased */ }; /* easy way to get sets from back-end */ #define NETGROUP_BE(be) ((struct setnetgrent_backend*)(be)) /* access arguments */ #define SETNETGRENT_ARGS(args) ((struct nss_setnetgrent_args *)(args)) #define GETNETGRENT_ARGS(args) ((struct nss_getnetgrent_args *)(args)) /* return a netgroup that has not been traversed */ static char *find_unseen_netgroup(nss_backend_t *be) { char *group; while (1) { group=set_pop(NETGROUP_BE(be)->unseen_groups); if (group==NULL) return NULL; if (!set_contains(NETGROUP_BE(be)->seen_groups,group)) { set_add(NETGROUP_BE(be)->seen_groups,group); return group; } } } static nss_status_t netgroup_nslcd_setnetgrent(nss_backend_t *be,const char *group,int *errnop) { /* we cannot use NSS_SETENT() here because we have a parameter that is only available in this function */ int32_t tmpint32; /* check parameter */ if ((group==NULL)||(group[0]=='\0')) return NSS_STATUS_UNAVAIL; /* open a new stream and write the request */ NSLCD_REQUEST(NETGROUP_BE(be)->fp,NSLCD_ACTION_NETGROUP_BYNAME, WRITE_STRING(NETGROUP_BE(be)->fp,group)); return NSS_STATUS_SUCCESS; } static nss_status_t netgroup_nslcd_getnetgrent(nss_backend_t *be,struct __netgrent *result,char *buffer,size_t buflen,void *args) { NSS_GETENT(NETGROUP_BE(be)->fp,NSLCD_ACTION_NETGROUP_BYNAME, read_netgrent(NETGROUP_BE(be)->fp,result,buffer,buflen,errnop)); } static nss_status_t netgroup_setnetgrent_setnetgrent(nss_backend_t UNUSED(*be),void UNUSED(*args)) { return NSS_STATUS_SUCCESS; } static nss_status_t netgroup_setnetgrent_getnetgrent(nss_backend_t *be,void *args) { struct __netgrent result; char *group=NULL; int done=0; nss_status_t status,rc; GETNETGRENT_ARGS(args)->status=NSS_NETGR_NO; while (!done) { status=netgroup_nslcd_getnetgrent(be,&result,GETNETGRENT_ARGS(args)->buffer, GETNETGRENT_ARGS(args)->buflen,args); if (status!=NSS_STATUS_SUCCESS) { if (errno==ENOENT) { /* done with the current netgroup */ /* explore nested netgroup,if any */ int found=0; while (!found) { /* find a nested netgroup to pursue further */ group=find_unseen_netgroup(be); if (group==NULL) { /* no more netgroup */ found=1; done=1; errno=ENOENT; /* TODO: probably don't do this */ } else { rc=netgroup_nslcd_setnetgrent(be,group,&NSS_ARGS(args)->erange); if (rc==NSS_STATUS_SUCCESS) found=1; free(group); group=NULL; } } /* while !found */ } else { /* err!=ENOENT */ done=1; } } else { /* status==NSS_STATUS_SUCCESS */ if (result.type==group_val) { /* a netgroup nested within the current netgroup */ set_add(NETGROUP_BE(be)->unseen_groups,result.val.group); } else if (result.type==triple_val) { GETNETGRENT_ARGS(args)->retp[NSS_NETGR_MACHINE]=result.val.triple.host; GETNETGRENT_ARGS(args)->retp[NSS_NETGR_USER]=result.val.triple.user; GETNETGRENT_ARGS(args)->retp[NSS_NETGR_DOMAIN]=result.val.triple.domain; GETNETGRENT_ARGS(args)->status=NSS_NETGR_FOUND; done=1; } else { /* NSS_STATUS_SUCCESS,but type is not group_val or triple_val */ /* should not be here,log a message */ status=NSS_STATUS_NOTFOUND; done=1; } } } /* while !done */ return status; } static nss_status_t netgroup_setnetgrent_endnetgrent(nss_backend_t UNUSED(*be),void UNUSED(*args)) { NSS_ENDENT(NETGROUP_BE(be)->fp); } static nss_status_t netgroup_setnetgrent_destructor(nss_backend_t *be,void *UNUSED(args)) { struct setnetgrent_backend *ngbe=(struct setnetgrent_backend *)be; if (ngbe->fp!=NULL) (void)tio_close(ngbe->fp); set_free(ngbe->seen_groups); set_free(ngbe->unseen_groups); free(ngbe); return NSS_STATUS_SUCCESS; } static nss_backend_op_t netgroup_setnetgrent_ops[]={ netgroup_setnetgrent_destructor, netgroup_setnetgrent_endnetgrent, netgroup_setnetgrent_setnetgrent, netgroup_setnetgrent_getnetgrent, }; static nss_status_t netgroup_setnetgrent_constructor(nss_backend_t *be,void *args) { struct setnetgrent_backend *ngbe; nss_status_t retv; NSS_AVAILCHECK; SETNETGRENT_ARGS(args)->iterator=NULL; /* initialize */ /* allocate a back-end specific to this request */ ngbe=(struct setnetgrent_backend *)malloc(sizeof(struct setnetgrent_backend)); if (ngbe==NULL) return NSS_STATUS_UNAVAIL; ngbe->ops=netgroup_setnetgrent_ops; ngbe->n_ops=sizeof(netgroup_setnetgrent_ops)/sizeof(nss_backend_op_t); ngbe->fp=NULL; ngbe->seen_groups=set_new(); ngbe->unseen_groups=set_new(); /* start the first search */ retv=netgroup_nslcd_setnetgrent(be,SETNETGRENT_ARGS(args)->netgroup,&NSS_ARGS(args)->erange); if (retv!=NSS_STATUS_SUCCESS) { netgroup_setnetgrent_destructor(be,args); return retv; } /* return the new back-end */ SETNETGRENT_ARGS(args)->iterator=(nss_backend_t *)ngbe; return NSS_STATUS_SUCCESS; } static nss_backend_op_t netgroup_ops[]={ nss_ldap_destructor, NULL, NULL, NULL, NULL,/* TODO:_nss_ldap_netgr_in,*/ netgroup_setnetgrent_constructor }; nss_backend_t *_nss_ldap_netgroup_constr(const char UNUSED(*db_name), const char UNUSED(*src_name),const char UNUSED(*cfg_args)) { return nss_ldap_constructor(netgroup_ops,sizeof(netgroup_ops)); } #endif /* NSS_FLAVOUR_SOLARIS */ nss-pam-ldapd-0.8.13/nss/passwd.c0000644000175000001440000001160212052240544013426 00000000000000/* passwd.c - NSS lookup functions for passwd database Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2010, 2012 Arthur de Jong Copyright (C) 2010 Symas Corporation This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include "prototypes.h" #include "common.h" #include "compat/attrs.h" /* read a passwd entry from the stream */ static nss_status_t read_passwd( TFILE *fp,struct passwd *result, char *buffer,size_t buflen,int *errnop) { int32_t tmpint32; size_t bufptr=0; memset(result,0,sizeof(struct passwd)); READ_BUF_STRING(fp,result->pw_name); READ_BUF_STRING(fp,result->pw_passwd); READ_TYPE(fp,result->pw_uid,uid_t); READ_TYPE(fp,result->pw_gid,gid_t); READ_BUF_STRING(fp,result->pw_gecos); READ_BUF_STRING(fp,result->pw_dir); READ_BUF_STRING(fp,result->pw_shell); #ifdef HAVE_STRUCT_PASSWD_PW_CLASS /* set the user access class to an empty string */ result->pw_class=result->pw_name+strlen(result->pw_name); #endif /* HAVE_STRUCT_PASSWD_PW_CLASS */ return NSS_STATUS_SUCCESS; } #ifdef NSS_FLAVOUR_GLIBC /* get a single passwd entry by name */ nss_status_t _nss_ldap_getpwnam_r( const char *name,struct passwd *result, char *buffer,size_t buflen,int *errnop) { NSS_BYNAME(NSLCD_ACTION_PASSWD_BYNAME, name, read_passwd(fp,result,buffer,buflen,errnop)); } /* get a single passwd entry by uid */ nss_status_t _nss_ldap_getpwuid_r( uid_t uid,struct passwd *result, char *buffer,size_t buflen,int *errnop) { NSS_BYTYPE(NSLCD_ACTION_PASSWD_BYUID, uid,uid_t, read_passwd(fp,result,buffer,buflen,errnop)); } /* thread-local file pointer to an ongoing request */ static __thread TFILE *pwentfp; /* open a connection to read all passwd entries */ nss_status_t _nss_ldap_setpwent(int UNUSED(stayopen)) { NSS_SETENT(pwentfp); } /* read password data from an opened stream */ nss_status_t _nss_ldap_getpwent_r( struct passwd *result, char *buffer,size_t buflen,int *errnop) { NSS_GETENT(pwentfp,NSLCD_ACTION_PASSWD_ALL, read_passwd(pwentfp,result,buffer,buflen,errnop)); } /* close the stream opened with setpwent() above */ nss_status_t _nss_ldap_endpwent(void) { NSS_ENDENT(pwentfp); } #endif /* NSS_FLAVOUR_GLIBC */ #ifdef NSS_FLAVOUR_SOLARIS #ifdef HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN static char *passwd2str(struct passwd *result,char *buffer,size_t buflen) { int res; res=snprintf(buffer,buflen,"%s:%s:%d:%d:%s:%s:%s", result->pw_name,result->pw_passwd,(int)result->pw_uid,(int)result->pw_gid, result->pw_gecos,result->pw_dir,result->pw_shell); if ((res<0)||(res>=buflen)) return NULL; return buffer; } #endif /* HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN */ static nss_status_t read_result(TFILE *fp,nss_XbyY_args_t *args) { READ_RESULT(passwd,&args->erange); } static nss_status_t passwd_getpwnam(nss_backend_t UNUSED(*be),void *args) { NSS_BYNAME(NSLCD_ACTION_PASSWD_BYNAME, NSS_ARGS(args)->key.name, read_result(fp,args)); } static nss_status_t passwd_getpwuid(nss_backend_t UNUSED(*be),void *args) { NSS_BYTYPE(NSLCD_ACTION_PASSWD_BYUID, NSS_ARGS(args)->key.uid,uid_t, read_result(fp,args)); } /* open a connection to the nslcd and write the request */ static nss_status_t passwd_setpwent(nss_backend_t *be,void UNUSED(*args)) { NSS_SETENT(LDAP_BE(be)->fp); } /* read password data from an opened stream */ static nss_status_t passwd_getpwent(nss_backend_t *be,void *args) { NSS_GETENT(LDAP_BE(be)->fp,NSLCD_ACTION_PASSWD_ALL, read_result(LDAP_BE(be)->fp,args)); } /* close the stream opened with setpwent() above */ static nss_status_t passwd_endpwent(nss_backend_t *be,void UNUSED(*args)) { NSS_ENDENT(LDAP_BE(be)->fp); } static nss_backend_op_t passwd_ops[]={ nss_ldap_destructor, passwd_endpwent, passwd_setpwent, passwd_getpwent, passwd_getpwnam, passwd_getpwuid }; nss_backend_t *_nss_ldap_passwd_constr(const char UNUSED(*db_name), const char UNUSED(*src_name),const char UNUSED(*cfg_args)) { return nss_ldap_constructor(passwd_ops,sizeof(passwd_ops)); } #endif /* NSS_FLAVOUR_SOLARIS */ nss-pam-ldapd-0.8.13/nss/solnss.c0000644000175000001440000000301311507102613013441 00000000000000/* solnss.c - Solaris specific NSS interface functions Copyright (C) 2010 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include "prototypes.h" #include "common.h" #include "compat/attrs.h" nss_backend_t *nss_ldap_constructor(nss_backend_op_t *ops,size_t sizeofops) { struct nss_ldap_backend *ldapbe; ldapbe=(struct nss_ldap_backend *)malloc(sizeof(struct nss_ldap_backend)); if (ldapbe==NULL) return NULL; ldapbe->ops=ops; ldapbe->n_ops=sizeofops/sizeof(nss_backend_op_t); ldapbe->fp=NULL; return (nss_backend_t *)ldapbe; } nss_status_t nss_ldap_destructor(nss_backend_t *be,void UNUSED(*args)) { struct nss_ldap_backend *ldapbe=(struct nss_ldap_backend *)be; if (ldapbe->fp!=NULL) (void)tio_close(ldapbe->fp); free(ldapbe); return NSS_STATUS_SUCCESS; } nss-pam-ldapd-0.8.13/nss/Makefile.in0000644000175000001440000004242112141445266014040 00000000000000# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am - use automake to generate Makefile.in # # Copyright (C) 2006 Luke Howard # Copyright (C) 2006 West Consulting # Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong # Copyright (C) 2010 Symas Corporation # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA VPATH = @srcdir@ am__make_dryrun = \ { \ am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ *) \ for am__flg in $$MAKEFLAGS; do \ case $$am__flg in \ *=*|--*) ;; \ *n*) am__dry=yes; break;; \ esac; \ done;; \ esac; \ test $$am__dry = yes; \ } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ noinst_PROGRAMS = nss_ldap.so$(EXEEXT) @NSS_FLAVOUR_SOLARIS_TRUE@am__append_1 = solnss.$(OBJEXT) ../common/libdict.a @NSS_FLAVOUR_FREEBSD_TRUE@am__append_2 = bsdnss.$(OBJEXT) subdir = nss DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_pthread.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = PROGRAMS = $(noinst_PROGRAMS) am_nss_ldap_so_OBJECTS = common.$(OBJEXT) nss_ldap_so_OBJECTS = $(am_nss_ldap_so_OBJECTS) am__DEPENDENCIES_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ SOURCES = $(nss_ldap_so_SOURCES) $(EXTRA_nss_ldap_so_SOURCES) DIST_SOURCES = $(nss_ldap_so_SOURCES) $(EXTRA_nss_ldap_so_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2X_MAN = @DOCBOOK2X_MAN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NSLCD_BINDPW_PATH = @NSLCD_BINDPW_PATH@ NSLCD_CONF_PATH = @NSLCD_CONF_PATH@ NSLCD_PIDFILE = @NSLCD_PIDFILE@ NSLCD_SOCKET = @NSLCD_SOCKET@ NSS_LDAP_SONAME = @NSS_LDAP_SONAME@ NSS_MODULE_OBJS = @NSS_MODULE_OBJS@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PAM_LDAP_SONAME = @PAM_LDAP_SONAME@ PAM_SECLIB_DIR = @PAM_SECLIB_DIR@ PATH_SEPARATOR = @PATH_SEPARATOR@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RELEASE_MONTH = @RELEASE_MONTH@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ nslcd_LIBS = @nslcd_LIBS@ nss_ldap_so_LDFLAGS = @nss_ldap_so_LDFLAGS@ nss_ldap_so_LINK = @nss_ldap_so_LINK@ oldincludedir = @oldincludedir@ pam_ldap_so_LDFLAGS = @pam_ldap_so_LDFLAGS@ pam_ldap_so_LINK = @pam_ldap_so_LINK@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AM_CPPFLAGS = -I$(top_srcdir) AM_CFLAGS = -fPIC nss_ldap_so_SOURCES = common.c common.h prototypes.h solnss.h \ ../nslcd.h ../common/nslcd-prot.h \ ../compat/attrs.h EXTRA_nss_ldap_so_SOURCES = aliases.c ethers.c group.c hosts.c netgroup.c \ networks.c passwd.c protocols.c rpc.c services.c \ shadow.c solnss.c bsdnss.c nss_ldap_so_LDADD = $(NSS_MODULE_OBJS) $(am__append_1) $(am__append_2) \ ../common/libtio.a ../common/libprot.a nss_ldap_so_DEPENDENCIES = $(nss_ldap_so_LDADD) EXTRA_DIST = exports.glibc exports.solaris exports.freebsd all: all-am .SUFFIXES: .SUFFIXES: .c .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu nss/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu nss/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-noinstPROGRAMS: -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS) nss_ldap.so$(EXEEXT): $(nss_ldap_so_OBJECTS) $(nss_ldap_so_DEPENDENCIES) $(EXTRA_nss_ldap_so_DEPENDENCIES) @rm -f nss_ldap.so$(EXEEXT) $(nss_ldap_so_LINK) $(nss_ldap_so_OBJECTS) $(nss_ldap_so_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aliases.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsdnss.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ethers.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/group.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hosts.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/netgroup.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/networks.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/passwd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/protocols.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rpc.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/services.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shadow.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/solnss.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(PROGRAMS) installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-noinstPROGRAMS mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-exec-local install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-local .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-noinstPROGRAMS ctags distclean distclean-compile \ distclean-generic distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-exec-local install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-local install-exec-local: install-nss_ldap_so uninstall-local: uninstall-nss_ldap_so install-nss_ldap_so: nss_ldap.so -rm -f $(DESTDIR)$(libdir)/$(NSS_LDAP_SONAME) $(mkinstalldirs) $(DESTDIR)$(libdir) $(INSTALL_PROGRAM) nss_ldap.so $(DESTDIR)$(libdir)/$(NSS_LDAP_SONAME) uninstall-nss_ldap_so: -rm -f $(DESTDIR)$(libdir)/$(NSS_LDAP_SONAME) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nss-pam-ldapd-0.8.13/nss/aliases.c0000644000175000001440000000477412025136137013564 00000000000000/* aliases.c - NSS lookup functions for aliases database Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2010, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include "prototypes.h" #include "common.h" /* read an alias entry from the stream */ static nss_status_t read_aliasent( TFILE *fp,struct aliasent *result, char *buffer,size_t buflen,int *errnop) { int32_t tmpint32,tmp2int32,tmp3int32; size_t bufptr=0; memset(result,0,sizeof(struct aliasent)); /* read the name of the alias */ READ_BUF_STRING(fp,result->alias_name); /* read the members */ READ_BUF_STRINGLIST(fp,result->alias_members); /* tmp3int32 holds the number of entries read */ result->alias_members_len=tmp3int32; /* fill in remaining gaps in struct */ result->alias_local=0; /* we're done */ return NSS_STATUS_SUCCESS; } /* get an alias entry by name */ nss_status_t _nss_ldap_getaliasbyname_r( const char *name,struct aliasent *result, char *buffer,size_t buflen,int *errnop) { NSS_BYNAME(NSLCD_ACTION_ALIAS_BYNAME, name, read_aliasent(fp,result,buffer,buflen,errnop)); } /* thread-local file pointer to an ongoing request */ static __thread TFILE *aliasentfp; /* start a request to read all aliases */ nss_status_t _nss_ldap_setaliasent(void) { NSS_SETENT(aliasentfp); } /* read a single alias entry from the stream */ nss_status_t _nss_ldap_getaliasent_r( struct aliasent *result, char *buffer,size_t buflen,int *errnop) { NSS_GETENT(aliasentfp,NSLCD_ACTION_ALIAS_ALL, read_aliasent(aliasentfp,result,buffer,buflen,errnop)); } /* close the stream opened with setaliasent() above */ nss_status_t _nss_ldap_endaliasent(void) { NSS_ENDENT(aliasentfp); } nss-pam-ldapd-0.8.13/nss/Makefile.am0000644000175000001440000000407312043311100014004 00000000000000# Makefile.am - use automake to generate Makefile.in # # Copyright (C) 2006 Luke Howard # Copyright (C) 2006 West Consulting # Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong # Copyright (C) 2010 Symas Corporation # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA noinst_PROGRAMS = nss_ldap.so AM_CPPFLAGS=-I$(top_srcdir) AM_CFLAGS = -fPIC nss_ldap_so_SOURCES = common.c common.h prototypes.h solnss.h \ ../nslcd.h ../common/nslcd-prot.h \ ../compat/attrs.h EXTRA_nss_ldap_so_SOURCES = aliases.c ethers.c group.c hosts.c netgroup.c \ networks.c passwd.c protocols.c rpc.c services.c \ shadow.c solnss.c bsdnss.c nss_ldap_so_LDADD = $(NSS_MODULE_OBJS) if NSS_FLAVOUR_SOLARIS nss_ldap_so_LDADD += solnss.$(OBJEXT) ../common/libdict.a endif if NSS_FLAVOUR_FREEBSD nss_ldap_so_LDADD += bsdnss.$(OBJEXT) endif nss_ldap_so_LDADD += ../common/libtio.a ../common/libprot.a nss_ldap_so_DEPENDENCIES = $(nss_ldap_so_LDADD) EXTRA_DIST = exports.glibc exports.solaris exports.freebsd install-exec-local: install-nss_ldap_so uninstall-local: uninstall-nss_ldap_so install-nss_ldap_so: nss_ldap.so -rm -f $(DESTDIR)$(libdir)/$(NSS_LDAP_SONAME) $(mkinstalldirs) $(DESTDIR)$(libdir) $(INSTALL_PROGRAM) nss_ldap.so $(DESTDIR)$(libdir)/$(NSS_LDAP_SONAME) uninstall-nss_ldap_so: -rm -f $(DESTDIR)$(libdir)/$(NSS_LDAP_SONAME) nss-pam-ldapd-0.8.13/nss/exports.glibc0000644000175000001440000000414012137221176014472 00000000000000EXPORTED { # published NSS service functions global: # flag to enable or disable lookups _nss_ldap_enablelookups; # version information of NSS module _nss_ldap_version; # aliases - mail aliases _nss_ldap_getaliasbyname_r; _nss_ldap_setaliasent; _nss_ldap_getaliasent_r; _nss_ldap_endaliasent; # ethers - ethernet numbers _nss_ldap_gethostton_r; _nss_ldap_getntohost_r; _nss_ldap_setetherent; _nss_ldap_getetherent_r; _nss_ldap_endetherent; # group - groups of users _nss_ldap_getgrnam_r; _nss_ldap_getgrgid_r; _nss_ldap_initgroups_dyn; _nss_ldap_setgrent; _nss_ldap_getgrent_r; _nss_ldap_endgrent; # hosts - host names and numbers _nss_ldap_gethostbyname_r; _nss_ldap_gethostbyname2_r; _nss_ldap_gethostbyaddr_r; _nss_ldap_sethostent; _nss_ldap_gethostent_r; _nss_ldap_endhostent; # netgroup - list of host and users _nss_ldap_setnetgrent; _nss_ldap_getnetgrent_r; _nss_ldap_endnetgrent; # networks - network names and numbers _nss_ldap_getnetbyname_r; _nss_ldap_getnetbyaddr_r; _nss_ldap_setnetent; _nss_ldap_getnetent_r; _nss_ldap_endnetent; # passwd - user database and passwords _nss_ldap_getpwnam_r; _nss_ldap_getpwuid_r; _nss_ldap_setpwent; _nss_ldap_getpwent_r; _nss_ldap_endpwent; # protocols - network protocols _nss_ldap_getprotobyname_r; _nss_ldap_getprotobynumber_r; _nss_ldap_setprotoent; _nss_ldap_getprotoent_r; _nss_ldap_endprotoent; # rpc - remote procedure call names and numbers _nss_ldap_getrpcbyname_r; _nss_ldap_getrpcbynumber_r; _nss_ldap_setrpcent; _nss_ldap_getrpcent_r; _nss_ldap_endrpcent; # services - network services _nss_ldap_getservbyname_r; _nss_ldap_getservbyport_r; _nss_ldap_setservent; _nss_ldap_getservent_r; _nss_ldap_endservent; # shadow - extended user information _nss_ldap_getspnam_r; _nss_ldap_setspent; _nss_ldap_getspent_r; _nss_ldap_endspent; # everything else should not be exported local: *; }; nss-pam-ldapd-0.8.13/nss/prototypes.h0000644000175000001440000002042511753201522014365 00000000000000/* prototypes.h - all functions exported by the NSS library Copyright (C) 2006 West Consulting Copyright (C) 2006, 2008, 2010, 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef NSS__PROTOTYPES_H #define NSS__PROTOTYPES_H 1 #include "compat/nss_compat.h" /* flag to gloabally disable lookups (all _nss_ldap_*() functions will return NSS_STATUS_UNAVAIL */ extern int _nss_ldap_enablelookups; #ifdef NSS_FLAVOUR_FREEBSD /* for FreeBSD we want the GlibC prototypes and functions to be built (we provide some wrappers in bsdnss.c) */ #define NSS_FLAVOUR_GLIBC 1 /* FreeBSD specific register function */ ns_mtab *nss_module_register(const char *source, unsigned int *mtabsize, nss_module_unregister_fn *unreg); #endif /* NSS_FLAVOUR_FREEBSD */ #ifdef NSS_FLAVOUR_GLIBC /* These are prototypes for functions exported from the ldap NSS module. For more complete definitions of these functions check the GLIBC documentation. Other services than those mentioned here are currently not implemented. These definitions partially came from examining the GLIBC source code as no complete documentation of the NSS interface is available. This however is a useful pointer: http://www.gnu.org/software/libc/manual/html_node/Name-Service-Switch.html */ /* aliases - mail aliases */ nss_status_t _nss_ldap_getaliasbyname_r(const char *name,struct aliasent *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_setaliasent(void); nss_status_t _nss_ldap_getaliasent_r(struct aliasent *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_endaliasent(void); /* ethers - ethernet numbers */ nss_status_t _nss_ldap_gethostton_r(const char *name,struct etherent *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_getntohost_r(const struct ether_addr *addr,struct etherent *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_setetherent(int stayopen); nss_status_t _nss_ldap_getetherent_r(struct etherent *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_endetherent(void); /* group - groups of users */ nss_status_t _nss_ldap_getgrnam_r(const char *name,struct group *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_getgrgid_r(gid_t gid,struct group *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_initgroups_dyn(const char *user,gid_t skipgroup,long int *start,long int *size,gid_t **groupsp,long int limit,int *errnop); nss_status_t _nss_ldap_setgrent(int stayopen); nss_status_t _nss_ldap_getgrent_r(struct group *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_endgrent(void); /* hosts - host names and numbers */ nss_status_t _nss_ldap_gethostbyname_r(const char *name,struct hostent *result,char *buffer,size_t buflen,int *errnop,int *h_errnop); nss_status_t _nss_ldap_gethostbyname2_r(const char *name,int af,struct hostent *result,char *buffer,size_t buflen,int *errnop,int *h_errnop); nss_status_t _nss_ldap_gethostbyaddr_r(const void *addr,socklen_t len,int af,struct hostent *result,char *buffer,size_t buflen,int *errnop,int *h_errnop); nss_status_t _nss_ldap_sethostent(int stayopen); nss_status_t _nss_ldap_gethostent_r(struct hostent *result,char *buffer,size_t buflen,int *errnop,int *h_errnop); nss_status_t _nss_ldap_endhostent(void); /* netgroup - list of host and users */ nss_status_t _nss_ldap_setnetgrent(const char *group,struct __netgrent *result); nss_status_t _nss_ldap_getnetgrent_r(struct __netgrent *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_endnetgrent(struct __netgrent *result); /* networks - network names and numbers */ nss_status_t _nss_ldap_getnetbyname_r(const char *name,struct netent *result,char *buffer,size_t buflen,int *errnop,int *h_errnop); nss_status_t _nss_ldap_getnetbyaddr_r(uint32_t addr,int af,struct netent *result,char *buffer,size_t buflen,int *errnop,int *h_errnop); nss_status_t _nss_ldap_setnetent(int stayopen); nss_status_t _nss_ldap_getnetent_r(struct netent *result,char *buffer,size_t buflen,int *errnop,int *h_errnop); nss_status_t _nss_ldap_endnetent(void); /* passwd - user database and passwords */ nss_status_t _nss_ldap_getpwnam_r(const char *name,struct passwd *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_getpwuid_r(uid_t uid,struct passwd *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_setpwent(int stayopen); nss_status_t _nss_ldap_getpwent_r(struct passwd *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_endpwent(void); /* protocols - network protocols */ nss_status_t _nss_ldap_getprotobyname_r(const char *name,struct protoent *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_getprotobynumber_r(int number,struct protoent *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_setprotoent(int stayopen); nss_status_t _nss_ldap_getprotoent_r(struct protoent *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_endprotoent(void); /* rpc - remote procedure call names and numbers */ nss_status_t _nss_ldap_getrpcbyname_r(const char *name,struct rpcent *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_getrpcbynumber_r(int number,struct rpcent *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_setrpcent(int stayopen); nss_status_t _nss_ldap_getrpcent_r(struct rpcent *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_endrpcent(void); /* services - network services */ nss_status_t _nss_ldap_getservbyname_r(const char *name,const char *protocol,struct servent *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_getservbyport_r(int port,const char *protocol,struct servent *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_setservent(int stayopen); nss_status_t _nss_ldap_getservent_r(struct servent *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_endservent(void); /* shadow - extended user information */ nss_status_t _nss_ldap_getspnam_r(const char *name,struct spwd *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_setspent(int stayopen); nss_status_t _nss_ldap_getspent_r(struct spwd *result,char *buffer,size_t buflen,int *errnop); nss_status_t _nss_ldap_endspent(void); #endif /* NSS_FLAVOUR_GLIBC */ #ifdef NSS_FLAVOUR_SOLARIS /* helper marcos to do casts */ #define NSS_ARGS(args) ((nss_XbyY_args_t *)args) #define LDAP_BE(be) ((struct nss_ldap_backend*)(be)) /* these are the constructors we provide */ nss_backend_t *_nss_ldap_ethers_constr(const char *db_name,const char *src_name,const char *cfg_args); nss_backend_t *_nss_ldap_group_constr(const char *db_name,const char *src_name,const char *cfg_args); nss_backend_t *_nss_ldap_hosts_constr(const char *db_name,const char *src_name,const char *cfg_args); nss_backend_t *_nss_ldap_netgroup_constr(const char *db_name,const char *src_name,const char *cfg_args); nss_backend_t *_nss_ldap_networks_constr(const char *db_name,const char *src_name,const char *cfg_args); nss_backend_t *_nss_ldap_passwd_constr(const char *db_name,const char *src_name,const char *cfg_args); nss_backend_t *_nss_ldap_protocols_constr(const char *db_name,const char *src_name,const char *cfg_args); nss_backend_t *_nss_ldap_rpc_constr(const char *db_name,const char *src_name,const char *cfg_args); nss_backend_t *_nss_ldap_services_constr(const char *db_name,const char *src_name,const char *cfg_args); nss_backend_t *_nss_ldap_shadow_constr(const char *db_name,const char *src_name,const char *cfg_args); #endif /* NSS_FLAVOUR_SOLARIS */ #endif /* not NSS__PROTOTYPES_H */ nss-pam-ldapd-0.8.13/nss/common.c0000644000175000001440000000174512137221327013426 00000000000000/* common.c - common definitions Copyright (C) 2010, 2013 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include int _nss_ldap_enablelookups=1; /* version information about the NSS module */ char *_nss_ldap_version[3]={PACKAGE, VERSION, NULL}; nss-pam-ldapd-0.8.13/nss/solnss.h0000644000175000001440000001055312043311100013442 00000000000000/* solnss.h - common functions for NSS lookups on Solaris Copyright (C) 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef NSS__SOLNSS_H #define NSS__SOLNSS_H 1 #ifdef NSS_FLAVOUR_SOLARIS /* extra definitions we need (Solaris NSS functions don't pass errno) also clear the output values */ #ifdef HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN #define NSS_EXTRA_DEFS \ int *errnop=&(errno); \ NSS_ARGS(args)->returnval=NULL; \ NSS_ARGS(args)->returnlen=0; \ NSS_ARGS(args)->erange=0; \ NSS_ARGS(args)->h_errno=0; #else /* not HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN */ #define NSS_EXTRA_DEFS \ int *errnop=&(errno); \ NSS_ARGS(args)->returnval=NULL; \ NSS_ARGS(args)->erange=0; \ NSS_ARGS(args)->h_errno=0; #endif /* not HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN */ /* check validity of passed buffer (Solaris flavour) */ #define NSS_BUFCHECK \ if ((NSS_ARGS(args)->buf.buffer==NULL)||(NSS_ARGS(args)->buf.buflen<=0)) \ { \ NSS_ARGS(args)->erange=1; \ return NSS_STATUS_TRYAGAIN; \ } /* wrapper function body for read_xxxent that does the buffer handling, return code handling and conversion to strings for nscd (also see READ_RESULT_STRING below) */ #define READ_RESULT(ent,extra...) \ nss_status_t retv; \ READ_RESULT_STRING(ent,##extra) \ /* read the entry */ \ retv=read_##ent(fp,args->buf.result,args->buf.buffer,args->buf.buflen,##extra); \ if (retv!=NSS_STATUS_SUCCESS) \ return retv; \ args->returnval=args->buf.result; \ return NSS_STATUS_SUCCESS; /* provide result handling for when libc (or nscd) expects the returned values to be in string format */ #ifdef HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN #define READ_RESULT_STRING(ent,extra...) \ struct ent result; \ char *buffer; \ /* try to return in string format if requested */ \ if (args->buf.result==NULL) \ { \ /* read the entry into a temporary buffer */ \ buffer=(char *)malloc(args->buf.buflen); \ if (buffer==NULL) \ return NSS_STATUS_UNAVAIL; \ retv=read_##ent(fp,&result,buffer,args->buf.buflen,##extra); \ /* format to string */ \ if (retv==NSS_STATUS_SUCCESS) \ if (ent##2str(&result,args->buf.buffer,args->buf.buflen)==NULL) \ { \ args->erange=1; \ retv=NSS_NOTFOUND; \ } \ /* clean up and return result */ \ free(buffer); \ if (retv!=NSS_STATUS_SUCCESS) \ return retv; \ args->returnval=args->buf.buffer; \ args->returnlen=strlen(args->returnval); \ return NSS_STATUS_SUCCESS; \ } #else /* not HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN */ #define READ_RESULT_STRING(ent,extra...) ; #endif /* not HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN */ /* this is the backend structure for Solaris */ struct nss_ldap_backend { nss_backend_op_t *ops; /* function-pointer table */ int n_ops; /* number of function pointers */ TFILE *fp; /* the file pointer for {set,get,end}ent() functions */ }; /* constructor for LDAP backends */ nss_backend_t *nss_ldap_constructor(nss_backend_op_t *ops,size_t sizeofops); /* destructor for LDAP backends */ nss_status_t nss_ldap_destructor(nss_backend_t *be,void UNUSED(*args)); #endif /* NSS_FLAVOUR_SOLARIS */ #endif /* not NSS__COMMON_H */ nss-pam-ldapd-0.8.13/ChangeLog-20110000644000175000001440000006771112022714211013317 000000000000002011-12-31 arthur * [r1584] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.8.5 release 2011-12-30 arthur * [r1583] debian/control: fix versioned build dependency on debhelper 2011-12-28 arthur * [r1582] pynslcd/config.py.in: remove some information from config that we don't expect to use * [r1581] configure.ac, pynslcd/cfg.py, pynslcd/common.py, pynslcd/config.py.in, pynslcd/group.py, pynslcd/pynslcd.py: support for reading the configuration file (not all options are used though) * [r1580] pynslcd/cfg.py, pynslcd/pynslcd.py: move the state variables (from command line) from the configuration to the main module * [r1579] pynslcd/pam.py: fall back to trying to authenticate with provided password (in case rootpwmodpw is not set or unusable) * [r1578] pynslcd/group.py: never request group members for GroupByMemberRequest * [r1577] pynslcd/group.py: instead of modifying attmap, modify attribute list * [r1576] pynslcd/group.py, pynslcd/passwd.py: fix references to attmap (broken in r1571) * [r1575] nslcd/nslcd.c: typo fix in comment 2011-12-27 arthur * [r1574] pynslcd/common.py, pynslcd/group.py, pynslcd/netgroup.py, pynslcd/passwd.py, pynslcd/shadow.py: make logging more consistent and remove test bases from shadow and passwd maps * [r1573] pynslcd/cfg.py, pynslcd/ether.py, pynslcd/group.py, pynslcd/netgroup.py, pynslcd/pam.py, pynslcd/passwd.py, pynslcd/pynslcd.py, pynslcd/shadow.py, pynslcd/tio.py: PEP8 fixes * [r1572] debian/copyright: update copyright information 2011-12-12 arthur * [r1571] pynslcd/alias.py, pynslcd/common.py, pynslcd/ether.py, pynslcd/group.py, pynslcd/host.py, pynslcd/netgroup.py, pynslcd/network.py, pynslcd/passwd.py, pynslcd/protocol.py, pynslcd/rpc.py, pynslcd/service.py, pynslcd/shadow.py: define the search separately from the request * [r1570] pynslcd/alias.py, pynslcd/attmap.py, pynslcd/common.py, pynslcd/ether.py, pynslcd/group.py, pynslcd/host.py, pynslcd/netgroup.py, pynslcd/network.py, pynslcd/passwd.py, pynslcd/protocol.py, pynslcd/rpc.py, pynslcd/service.py, pynslcd/shadow.py: move check of required attributes and other common tests to the Request.handle_entry() method 2011-12-10 arthur * [r1569] nslcd/cfg.c: properly log failures to lookup DNS SRV records * [r1568] nslcd/nslcd.c: properly handle failures to truncate the pid file * [r1567] debian/nslcd.config: get the first configuration value instead of the last because that one is also written * [r1566] debian/nslcd.config: fix a deprecated use of head without the -n option * [r1565] debian/rules: enable more hardening options (-fPIE doesn't work yet because we use -fPIC in some places) * [r1564] debian/libnss-ldapd.config, debian/libnss-ldapd.postrm: ensure that the output of nss_list_configured() is space separated * [r1563] m4/ax_pthread.m4: update macro from autoconf-archive 2011-12-09 jhrozek * [r1560] nslcd/myldap.c: Fix a typo in disconnect logic 2011-12-01 arthur * [r1558] nslcd/nslcd.c: ensure that uid, gid and pid vars are properly initialised and log denied requests 2011-11-30 arthur * [r1557] nslcd/passwd.c: ensure that /etc/nsswitch.conf is only loaded once after start-up 2011-11-18 arthur * [r1556] debian/libnss-ldapd.config: simplification of logic to overwrite list of enabled /etc/nsswitch.conf services in debconf (based on r1555 of 0.7 branch) 2011-10-12 arthur * [r1554] debian/control: add versioned dependency on libpam for mutiarch support * [r1553] AUTHORS, nss/bsdnss.c: implement group membership NSS function by Tom Judge (taken from FreeBSD PR 154000) 2011-10-10 arthur * [r1552] debian/rules: keep nslcd running during package upgrades 2011-10-02 arthur * [r1551] nslcd/pam.c: reduce loglevel of user not found messages to avoid spamming the logs with useless information (thanks Wakko Warner) 2011-09-30 jhrozek * [r1547] nslcd/cfg.c, nslcd/group.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: Use an explicit base of 10 for strtouid()/strtogid()/strtol() calls 2011-09-21 arthur * [r1546] debian/nslcd.config: treat the "hard" value for tls_reqcert as if it was "demand" 2011-09-14 arthur * [r1543] debian/libnss-ldapd.config, debian/libnss-ldapd.postrm, debian/nslcd.config, debian/nslcd.init, debian/nslcd.postinst: make whitespace matching consistent in regular expressions (thanks Nick) 2011-09-09 arthur * [r1542] nslcd/alias.c, nslcd/attmap.c, nslcd/common.c, nslcd/common.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/netgroup.c, nslcd/network.c, nslcd/pam.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: make validation log messages consistent * [r1541] nslcd/nsswitch.c: add missing include 2011-09-08 arthur * [r1540] nslcd/network.c, nslcd/passwd.c: grow gecos buffer size and consistency improvements to other buffers * [r1539] nslcd/ether.c, nslcd/host.c, nslcd/network.c: give string representations of addresses more logical names 2011-09-07 arthur * [r1538] debian/copyright, debian/po/sv.po: updated Swedish (sv) translation of debconf templates by Martin Bagge 2011-09-04 arthur * [r1536] AUTHORS, ChangeLog, NEWS, TODO, configure.ac, debian/changelog, debian/copyright, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.8.4 release * [r1535] tests/test_getpeercred.c: warn when we couldn't get the gid or pid, the uid is the only really interesting bit * [r1534] tests/test_tio.c: add casts from size_t to int for printf * [r1533] debian/rules: ignore failures in tests * [r1532] debian/rules: use auto-detection for LDAP library and defaults for config file, socket and pidfile (no changes) 2011-09-03 arthur * [r1531] debian/libnss-ldapd.config, debian/libnss-ldapd.postinst, debian/libnss-ldapd.postrm, debian/libpam-ldapd.postinst: support spaces before and after database name while parsing /etc/nsswitch.conf and reduce the number of places where parsing is done 2011-08-30 arthur * [r1530] debian/nslcd.postinst: correctly handle leading and trailing spaces in preseeded uri option (patch by Andreas B. Mundt) * [r1529] configure.ac, nslcd/myldap.c: move LDAP_DEPRECATED and LDAP_REFERRALS to configure.ac to ensure that tests from configure see the same API 2011-08-29 arthur * [r1528] configure.ac, nslcd/common.c, nslcd/common.h: implement and use a strtoui() function if uid_t or gid_t is of size unsigned int (thanks Jakub Hrozek) * [r1527] pynslcd/Makefile.am: get rid of automake warning * [r1526] configure.ac: silence autoconf warnings, patch by Jakub Hrozek * [r1525] debian/po/nl.po: some changes based on feedback by Jeroen Schot 2011-08-27 arthur * [r1524] configure.ac, nslcd/cfg.c, nslcd/common.h, nslcd/group.c, nslcd/passwd.c: provide strtouid() and strtogid() functions that use strtoul() or strtoull() (thanks Jakub Hrozek) * [r1523] nslcd/cfg.c, nslcd/group.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: check errno after calls to strtol() to ensure that numbers that are too large for type will be reported (thanks Jakub Hrozek) * [r1522] AUTHORS, nslcd/myldap.c: pass a statically allocated callback structure to OpenLDAP because it doesn't make it's own copy (thanks Jakub Hrozek) (fixes a problem in r1490) * [r1521] debian/po/nl.po: some changes based on feedback by Paul Gevers 2011-08-26 arthur * [r1520] debian/po/nl.po: first attempt at Dutch (nl) translation * [r1519] debian/po/ca.po, debian/po/fi.po, debian/po/gl.po, debian/po/it.po, debian/po/nb.po, debian/po/nl.po, debian/po/sv.po, debian/po/vi.po, debian/po/zh_CN.po: small formatting changes to header 2011-08-25 arthur * [r1518] debian/po/es.po: updated Spanish (es) translation of debconf templates by Francisco Javier Cuadrado 2011-08-24 arthur * [r1517] nslcd/cfg.c: fix typo (thanks Nalin Dahyabhai) * [r1515] nslcd/cfg.c: fix a problem with uninitialised memory while parsing the tls_ciphers option (was broken in r853, similar problem was fixed in r910, reported by Isaac Freeman) * [r1514] debian/po/de.po: updated German (de) translation of debconf templates by Chris Leick * [r1513] AUTHORS, man/nslcd.conf.5.xml, nslcd/cfg.c: support querying DNS SRV records from a different domain than the current one (based on a patch by James M. Leddy) 2011-08-23 arthur * [r1512] debian/po/cs.po: updated Czech (cs) translation of debconf templates by Miroslav Kure 2011-08-19 arthur * [r1511] debian/po/fr.po: typo fix provided by Christian Perrier 2011-08-17 arthur * [r1510] AUTHORS: add new translators to AUTHORS file * [r1509] debian/po/ja.po: updated Japanese (ja) translation of debconf templates by Kenshi Muto * [r1508] debian/po/pt.po: updated Portuguese (pt) translation of debconf templates by Américo Monteiro 2011-08-14 arthur * [r1507] debian/po/pt_BR.po: updated Brazilian Portuguese (pt_BR) translation of debconf templates by Denis Doria * [r1506] ChangeLog, ChangeLog-2009, ChangeLog-2010, Makefile.am: split 2009 and 2010 changes to separate ChangeLog files * [r1505] nss/networks.c: remove unused variable * [r1504] nslcd/Makefile.am, pam/Makefile.am, tests/Makefile.am: put external libraries at the end when linking * [r1503] configure.ac: remove some tests for symbols we aren't using * [r1502] debian/libnss-ldapd.lintian-overrides: add lintian override for SONAME check * [r1501] debian/po/pt_BR.po: updated Brazilian Portuguese (pt_BR) translation of debconf templates by Denis Doria * [r1500] debian/po/da.po: update Danish (da) translation of debconf templates by Joe Hansen * [r1499] debian/po/sk.po: added Slovak (sk) translation of debconf templates by Slavko * [r1498] debian/po/fr.po: updated French (fr) translation of debconf templates by Christian Perrier * [r1497] debian/po/ru.po: updated Russian (ru) translation of debconf templates by Yuri Kozlov 2011-08-10 arthur * [r1496] AUTHORS: fix spelling of name (sorry about that) 2011-08-09 arthur * [r1495] nslcd/passwd.c: check nsswitch.conf mtime to see whether file should be reloaded * [r1494] debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fi.po, debian/po/fr.po, debian/po/gl.po, debian/po/it.po, debian/po/ja.po, debian/po/nb.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po, debian/po/zh_CN.po: run debconf-updatepo to update .pot and .po files * [r1493] debian/nslcd.templates, man/nslcd.conf.5.xml: small language updates based on feedback by Justin B Rye 2011-08-08 arthur * [r1492] debian/nslcd.templates: incorporate feedback on debconf templates by debian-l10n-english@lists.debian.org (thanks Justin B Rye and Christian PERRIER) 2011-08-07 arthur * [r1491] Makefile.am, debian/compat, debian/control, debian/libnss-ldapd.install, debian/libnss-ldapd.lintian-overrides, debian/libnss-ldapd.postinst, debian/libpam-ldapd.install, debian/rules, debian/source/lintian-overrides: build Debian packages with multiarch support * [r1490] AUTHORS, nslcd/myldap.c: set the socket timeout in a connection callback to avoid timeout issues during the SSL handshake (based on a patch by Stefan Völkel) 2011-08-06 arthur * [r1489] debian/copyright, m4/ax_pthread.m4: update AX_PTHREAD from http://www.gnu.org/software/autoconf-archive/ax_pthread.html 2011-08-05 arthur * [r1488] pynslcd/group.py, tests/test_myldap.c: replace last traces of groupOfUniqueNames * [r1487] nslcd/Makefile.am, nslcd/common.h, nslcd/nsswitch.c, nslcd/passwd.c, tests/Makefile.am: check whether the NSS shadow map queries LDAP before returning x as a password has for shadow users * [r1486] tests/README, tests/test.ldif.gz, tests/test_nsscmds.sh: update tests with change of member/uniqueMember default change (r1484) * [r1485] nslcd/group.c, nslcd/myldap.c, nslcd/myldap.h, nslcd/passwd.c: implementation of myldap_get_values_len() to use ldap_get_values_len() instead of ldap_get_values() to fix some problems with binary data in returned attribute values (patch by Wesley Mason) 2011-08-03 arthur * [r1484] README, nslcd.conf, nslcd/attmap.c, nslcd/attmap.h, nslcd/group.c, pynslcd/group.py, tests/test_myldap.c: switch to using the member attribute by default instead of uniqueMember 2011-07-21 arthur * [r1483] README: remove obsolete attribute from documentation 2011-07-15 arthur * [r1482] debian/nslcd.init: on restart only log_end_msg once 2011-07-04 arthur * [r1481] configure.ac: show the default value for the pam-seclib-dir option 2011-07-03 arthur * [r1480] compat/getpeercred.c: fix header * [r1479] compat/pam_compat.h: provide PAM_AUTHTOK_RECOVERY_ERR for systems with only PAM_AUTHTOK_RECOVER_ERR 2011-07-02 arthur * [r1478] Makefile.am, debian/compat, debian/control, debian/libpam-ldapd.install, debian/libpam-ldapd.pam-auth-update, debian/nslcd.install, debian/pam-configs, debian/pam-configs/ldap, debian/rules: switch to dh for debian/rules and bump debhelper compatibility to 8 * [r1476] nslcd/group.c, nslcd/host.c, nslcd/network.c, nslcd/passwd.c, nslcd/shadow.c: make buffer sizes consistent, grow gidNumber buffer to hold larger numbers and small consistency improvements 2011-06-10 arthur * [r1475] nslcd/pam.c: correctly only check password expiration when authenticating, only check account expiration when doing authorisation check 2011-06-05 arthur * [r1474] nslcd/cfg.c, nslcd/pam.c: check all variables in pam_authz_search to see if they exist * [r1473] nslcd/cfg.c, nslcd/common.c: mark more strings as const and don't free() data returned by cfg_getdomainname() * [r1471] common/expr.c, tests/test_expr.c: handle expressions where the expander function returns NULL (handle it as an empty string) * [r1470] nslcd/myldap.c: fix r1468 * [r1468] nslcd/myldap.c: simplify and correct find_rdn_value() to handle splitting attribute and value correctly * [r1467] config.guess, config.sub: include updated files 2011-05-23 arthur * [r1466] tests/test_common.c: add test case for two-character user name 2011-05-21 arthur * [r1464] nslcd/myldap.c: fix problem with partial attribute name matches in DN (e.g. uid vs. uidNumber) (thanks to Timothy White for the fix) 2011-05-13 arthur * [r1462] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.8.3 release * [r1461] debian/libnss-ldapd.postinst: don't unconditionally restart nscd but just try to invalidate the cache for the maps that change * [r1460] debian/libnss-ldapd.config: correctly pick up current configuration of /etc/nsswitch.conf when running dpkg-reconfigure * [r1459] debian/control: upgrade to standards-version 3.9.2 * [r1458] common/expr.c, common/expr.h: switch variable expander function type name because _t suffix is reserved * [r1457] debian/control, debian/nslcd.config: search for LDAP server by looking for SRV _ldap._tcp DNS records and try to query LDAP server for base DN during package configuration (based on work by Petter Reinholdtsen for the sssd package) * [r1456] debian/nslcd.config: fix domain to basedn expansion when having more than two domain parts (patch by Per Carlson) * [r1455] pynslcd/alias.py, pynslcd/common.py, pynslcd/ether.py, pynslcd/group.py, pynslcd/host.py, pynslcd/netgroup.py, pynslcd/network.py, pynslcd/pam.py, pynslcd/passwd.py, pynslcd/protocol.py, pynslcd/rpc.py, pynslcd/service.py, pynslcd/shadow.py: simplify request handling by passing read parameters around in a dict instead of setting object properties (this mainly simplifies search filter building) 2011-05-01 arthur * [r1454] pynslcd/alias.py, pynslcd/attmap.py, pynslcd/common.py, pynslcd/ether.py, pynslcd/group.py, pynslcd/host.py, pynslcd/netgroup.py, pynslcd/network.py, pynslcd/pam.py, pynslcd/passwd.py, pynslcd/protocol.py, pynslcd/rpc.py, pynslcd/service.py, pynslcd/shadow.py, pynslcd/tio.py: implement attribute mapping functionality and do some refactoring * [r1453] pynslcd/pam.py: remove unneeded import * [r1452] pynslcd/alias.py, pynslcd/common.py, pynslcd/ether.py, pynslcd/host.py, pynslcd/netgroup.py, pynslcd/network.py, pynslcd/pam.py, pynslcd/passwd.py, pynslcd/protocol.py, pynslcd/rpc.py, pynslcd/service.py, pynslcd/shadow.py: pass dn and attributes to functions separately * [r1451] pynslcd/group.py, pynslcd/pam.py, pynslcd/pynslcd.py: small code improvements 2011-04-30 arthur * [r1450] pam/common.h: make log message clearer when nslcd returns an empty response (user not handled) * [r1449] nslcd/pam.c: close the nslcd connection to signal LDAP server unavailable to PAM module * [r1448] pam/pam.c: split setting up of configuration into separate function * [r1447] nslcd/pam.c: improve password change failed error message * [r1446] nslcd/common.h, nslcd/pam.c, nslcd/shadow.c: check shadow properties (similarly to what pam_unix does) in the PAM handling code * [r1445] pam/pam.c: do not attempt to change password as root when changing an expired password * [r1444] nslcd/pam.c: fix return value of try_autzsearch() when no match found * [r1443] nslcd/pam.c: use the right DN in the pam_authz_search option * [r1442] nslcd/shadow.c: move code for getting shadow expiry properties to a separate function 2011-04-29 arthur * [r1441] nslcd/pam.c: move most of the code for building the authorisation search into the try_autzsearch() function * [r1440] nslcd.h, pam/pam.c: support more PAM status codes over the nslcd protocol * [r1439] nslcd/shadow.c, pynslcd/shadow.py: set maxdays to -1 to indicate no expiry (instead of a long time) 2011-04-28 arthur * [r1438] pynslcd/alias.py, pynslcd/common.py, pynslcd/ether.py, pynslcd/group.py, pynslcd/host.py, pynslcd/netgroup.py, pynslcd/network.py, pynslcd/pam.py, pynslcd/passwd.py, pynslcd/protocol.py, pynslcd/rpc.py, pynslcd/service.py, pynslcd/shadow.py: put standard library imports before application imports and remove some unused imports * [r1437] pynslcd/group.py: remove duplicate and wrong write() method 2011-04-24 arthur * [r1436] nslcd/pam.c: make request indicator shorter * [r1435] nslcd.h: document use of returned authorisation message * [r1434] nslcd/pam.c: no longer use the userdn parameter passed along with each request (this may mean one or two more lookups when doing authentication but simplifies things) * [r1433] tests/test_pamcmds.expect: improve handling of test_login_unknown 2011-04-22 arthur * [r1431] nslcd/myldap.c: report correct reported error from ldap_abandon() 2011-04-18 arthur * [r1430] nslcd/nslcd.c: fix r1429 to properly handle absence of RTLD_NODELETE * [r1429] nslcd/nslcd.c: support systems without RTLD_NODELETE 2011-04-16 arthur * [r1428] nslcd.conf: add example configuration provided by Wesley Mason 2011-04-15 arthur * [r1427] compat/Makefile.am, compat/strndup.c, compat/strndup.h, configure.ac, nslcd/group.c, nslcd/passwd.c: provide replacement implementation for strndup() for systems that don't have it * [r1426] AUTHORS: add Wesley Mason to AUTHOS file (was missing from r1425) * [r1425] man/nslcd.conf.5.xml, nslcd/common.c, nslcd/common.h, nslcd/group.c, nslcd/passwd.c: support using the objectSid attribute to provide numeric user and group ids, based on a patch by Wesley Mason * [r1424] tests/test_nsscmds.sh, tests/test_pamcmds.expect, tests/test_pamcmds.sh: allow running test_{nss,pam}cmds tests from another directory 2011-04-03 arthur * [r1423] nslcd/group.c, nslcd/pam.c, nslcd/passwd.c: make user and group name validation errors a little more informative 2011-03-31 arthur * [r1422] AUTHORS: add some people who seemed to be missing from the AUTHORS file * [r1421] common/tio.c: tv_usec in struct timeval must be lower than 1000000 (patch by SATOH Fumiyasu) * [r1420] AUTHORS, Makefile.am: use $(mkinstalldirs) instead of $(INSTALL_DATA) -D because -D is not supported on all operating systems (patch by SATOH Fumiyasu) * [r1419] man/nslcd.conf.5.xml, nslcd/cfg.c: allow usernames of only two characters 2011-03-26 arthur * [r1417] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.8.2 release * [r1416] tests/Makefile.am, tests/test_nsscmds.sh, tests/test_pamcmds.sh: ensure that all test source files are distibuted and can tests can be run when source directory differs from build directory * [r1415] pynslcd/common.py: sync validname regular expression with nslcd 2011-03-25 arthur * [r1414] configure.ac, nslcd/nslcd.c: no longer indefinitely wait for all worker threads to finish before exiting (but wait a few seconds on platforms with pthread_timedjoin_np()) * [r1413] tests/Makefile.am, tests/test_cfg.c, tests/test_common.c, tests/test_myldap.c: re-organise tests somewhat making things more consistent * [r1412] debian/nslcd.config, debian/nslcd.postinst: integrate patch by Daniel Dehennin to not loose debconf values of previously set options with dpkg-reconfigure * [r1411] configure.ac, man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/common.c, tests/Makefile.am, tests/test_common.c: implement a validnames option that can be used to fine-tune the test for valid user and group names using a regular expression 2011-03-24 arthur * [r1410] pynslcd/protocol.py, pynslcd/pynslcd.py, pynslcd/rpc.py, pynslcd/service.py: implement service, protocol and rpc lookups * [r1409] pynslcd/host.py, pynslcd/network.py: fix the case where the RDN is for some reason not in the cn * [r1408] pynslcd/pam.py: fix configuration name * [r1407] pynslcd/mypidfile.py: truncate pidfile to ensure remains of previous value is gone 2011-03-23 arthur * [r1406] pynslcd/host.py: fix use of spaces * [r1405] nslcd/protocol.c, nslcd/shadow.c: fix descriptions of files * [r1403] compat/daemon.h, configure.ac, nslcd/nslcd.c: provide a definition of daemon() for systems that lack it * [r1402] compat/ether.h: typo fix in comment 2011-03-19 arthur * [r1401] Makefile.am, common, compat, nslcd, nss, pam, tests, tests/test_expr.c, tests/test_pamcmds.expect, tests/test_tio.c: more tests and general test improvements * [r1400] common/expr.c, nslcd/myldap.h, nslcd/nslcd.c, nss/common.h, nss/prototypes.h, pam/common.h, pam/pam.c: small code improvements * [r1399] nslcd/log.c, nslcd/log.h: remove logging functionality that isn't used 2011-03-18 arthur * [r1398] tests, tests/Makefile.am, tests/in_testenv.sh, tests/test_nsscmds.sh, tests/test_pamcmds.expect, tests/test_pamcmds.sh: implement test cases for some of the common PAM actions (test environment required for this) 2011-03-17 arthur * [r1397] configure.ac, tests/Makefile.am, tests/common.h, tests/test_cfg.c, tests/test_common.c, tests/test_expr.c, tests/test_getpeercred.c, tests/test_myldap.c, tests/test_tio.c: put all assertion functions and compatibility code into one header file * [r1396] nslcd.conf: put idle_timelimit option in Active Directory example with low enough default 2011-03-16 arthur * [r1395] tests/Makefile.am, tests/test_aliases.c, tests/test_ethers.c, tests/test_group.c, tests/test_hosts.c, tests/test_netgroup.c, tests/test_networks.c, tests/test_nslcd_group.c, tests/test_passwd.c, tests/test_protocols.c, tests/test_rpc.c, tests/test_services.c, tests/test_shadow.c: remove legacy test code that is no longer used 2011-03-14 arthur * [r1394] pam/pam.c: check for user existence before trying password change * [r1393] common/tio.c: fix a problem in the timeout paramater that was being passed to select() and could contain too many µsec (fixes Solaris runtime issue) 2011-03-13 arthur * [r1392] tests/test_nsscmds.sh: fix name of script in header 2011-03-12 arthur * [r1391] configure.ac: include the resolv library for hstrerror() on platforms that need it (thanks Peter Bray) * [r1390] nslcd/common.h, nslcd/pam.c: put all HOST_NAME_MAX fallbacks in common.h and fall back to _POSIX_HOST_NAME_MAX (thanks Peter Bray) 2011-03-11 arthur * [r1389] Makefile.am: ensure that permissions are sane in the distributed tarball * [r1388] nslcd/myldap.c: fix problem with endless loop on incorrect password * [r1387] nslcd/common.c, nslcd/common.h: move HOST_NAME_MAX fallback definition to header file 2011-03-10 arthur * [r1385] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.8.1 release * [r1384] Makefile.am, common/tio.c, compat/Makefile.am, compat/ether.h, compat/ldap_compat.h, compat/pam_get_authtok.c, man/Makefile.am, nslcd/attmap.c, nslcd/attmap.h, nslcd/common.c, nslcd/common.h, nss/prototypes.h, pam/common.h, pynslcd/ether.py, pynslcd/pynslcd.py, pynslcd/tio.py: update copyright headers to add missing years 2011-03-09 arthur * [r1383] nslcd/pam.c: fix compiler warning * [r1382] nslcd/pam.c, nslcd/passwd.c: properly handle user-not-found errors when doing authentication (CVE-2011-0438) 2011-03-06 arthur * [r1381] pynslcd/Makefile.am, pynslcd/netgroup.py, pynslcd/pynslcd.py: implement module for netgroup lookups * [r1380] pynslcd/Makefile.am, pynslcd/network.py, pynslcd/pynslcd.py: add network name lookups * [r1379] tests/test.ldif.gz, tests/test_nsscmds.sh: add some test groups and add the arthur user to them to test whether all are returned correctly * [r1378] Makefile.am: pass --enable-pynslcd with distcheck * [r1377] pynslcd/Makefile.am: clean up compiled python files * [r1376] pynslcd/host.py: fix search filter objectClass for hosts * [r1375] nslcd/log.c, nslcd/log.h, nslcd/nslcd.c: ensure that session id is only logged while handling a connection * [r1374] man/nslcd.conf.5.xml: note that attribute mapping expressions cannot be used for all attributes 2011-02-14 arthur * [r1373] pynslcd/Makefile.am, pynslcd/host.py, pynslcd/pynslcd.py, pynslcd/tio.py: implement module for hostname lookups * [r1372] pynslcd/ether.py: fix comment * [r1371] pynslcd/Makefile.am, pynslcd/debugio.py: clean up and add missing files to installation 2011-02-11 arthur * [r1370] configure.ac: fix FreeBSD nss_ldap soname (as seen in current FreeBSD packaging) * [r1369] nslcd/nslcd.c: create the directory for the socket and pidfile 2011-01-29 arthur * [r1368] man/nslcd.conf.5.xml: document a proper replacement for pam_check_host_attr (thanks Luca Capello) and add a section on quoting * [r1367] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/common.c, nslcd/common.h, nslcd/pam.c: implement a fqdn variable that can be used inside pam_authz_search filters 2011-01-23 arthur * [r1366] man/nslcd.conf.5.xml: name pam_check_service_attr and pam_check_host_attr options in manual page and indicate how pam_authz_search replaces them 2011-01-05 arthur * [r1365] AUTHORS, HACKING, configure.ac, debian/copyright, nss/Makefile.am, nss/bsdnss.c, nss/exports.freebsd, nss/prototypes.h: add FreeBSD support, partially imported from the FreeBSD port (thanks to Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov) 2011-01-01 arthur * [r1364] nss/Makefile.am: put solnss.c under EXTRA_nss_ldap_so_SOURCES * [r1363] man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: add ids to options so we can more easily reference them from elsewhere (especially useful for generated HTML) * [r1362] nslcd/myldap.c: include definition of rc in all code paths because it's used most of the time * [r1361] configure.ac: fix quoting of NSS_MODULE_OBJS expression to one that is supported by more shells * [r1360] nss/Makefile.am: ensure that solnss.c ends up in tarball nss-pam-ldapd-0.8.13/ChangeLog-20070000644000175000001440000012523011431514476013331 000000000000002007-12-31 arthur * [r546] nslcd/common.h: fix get_userpassword() function description * [r545] nslcd/shadow.c: fix incorrect references to attribute map entries * [r544] nslcd/group.c: remove TODO (was done) * [r543] nslcd/common.c: fix bug that would return a password of one character short 2007-12-27 arthur * [r542] nslcd/cfg.c: do not define variable if we're not going to use it * [r541] configure.ac: check for all used ldap functions * [r539] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for 0.5 release 2007-12-26 arthur * [r538] tests/test_cfg.c: remove temporary file to make distcheck succeed * [r537] README, debian/copyright: some documentation cleanups * [r536] tests/test_nsscmds.sh: ignore erros in nss commands * [r535] nslcd/myldap.c: only log "connected to LDAP server" if it is a new connection * [r534] nslcd/cfg.c, nslcd/cfg.h, tests, tests/test_cfg.c: properly handle spaces in some configuration options (major change in code in cfg module) * [r533] tests/test_myldap.c: in test_two_searches() test that we can read from the second search if the first search as abandoned * [r532] nslcd/myldap.c: properly flag running searches as invalid if the connection to the LDAP server is reset 2007-12-25 arthur * [r531] nslcd/common.h, nslcd/myldap.c, nslcd/myldap.h, tests/test_myldap.c: have myldap_get_entry() return an LDAP status code that can signal errors in the lookup * [r530] nslcd.h, nslcd/common.h, nss/common.c, nss/group.c: remove NSLCD_RESULT_UNAVAIL because it's not needed anymore (the connection is broken when an error occurs) and rename NSLCD_RESULT_NOTFOUND into NSLCD_RESULT_END to better match its meaning * [r529] nslcd/common.h: no need for us to flush the buffer since our caller closes the stream immediatly (or could otherwise pass the flushing to another thread) 2007-12-24 arthur * [r528] man/nss-ldapd.conf.5.xml: some general cleanups and document the krb5_ccname option * [r527] debian/libnss-ldapd.config: disable rootbinddn and rootbindpw questions for now because they are not supported * [r526] man/nss-ldapd.conf.5.xml: document current timing and reconnect options * [r525] nslcd/myldap.c: merge the do_map_error(), do_with_reconnect() into the myldap_search() and do_try_search() functions having more understandable reconnect and retry logic * [r524] nslcd/myldap.h: add some more documentation for using the myldap module 2007-12-22 arthur * [r523] tests/nss-ldapd-test.conf, tests/test_myldap.c: add limited test for reconnect logic * [r522] nslcd/cfg.c, nslcd/cfg.h, nslcd/myldap.c: remove bind_policy option because the same effect is achieved by setting reconnect_tries to 1 * [r521] nslcd/cfg.c, nslcd/cfg.h: reorder timing and reconnect options to be more logical and remove nss_ prefix from reconnect options * [r520] tests/test_myldap.c: limit printing of results in test to just 10 * [r519] tests/test_myldap.sh: include script name in messages and have srcdir default to . * [r518] nslcd/myldap.c: integrate do_result() into myldap_get_entry() reducing complexity and improving error handling * [r517] nslcd/myldap.c: remove duplicate comment * [r516] nslcd/cfg.c, nslcd/cfg.h: remove some unused configuration file options * [r515] nslcd/myldap.c: bring more uniformity to log messages * [r514] nslcd/myldap.c: give struct myldap_session members more logical names 2007-12-21 arthur * [r513] tests/test_myldap.sh, tests/test_nsscmds.sh: only test the first URI in the configfile 2007-12-20 arthur * [r512] tests/Makefile.am, tests/test_myldap.c, tests/test_myldap.sh: pass configfile to use as a command-line paramter to test_myldap, use the myldap_session_close() function, print a limited number of results, add a wrapper script to test whether the LDAP server is available for the test and ship all needed files in the tarball * [r511] tests/test_nsscmds.sh: fail on any command and specify configfile separately * [r510] debian/copyright: remove FSF copyright since we no longer use their code * [r509] nslcd/myldap.c, nslcd/myldap.h: refactor myldap code to get rid of most of the old nss status codes, properly handle failures of ldap function calls and improve sourcecode comments * [r508] nslcd/myldap.c, nslcd/myldap.h: add myldap_session_close() function (mainly for testing purposes) * [r507] nslcd/myldap.c: move checks of validity of passed entries to separate functions * [r506] nslcd/myldap.c: remove msg member from struct myldap_entry and just reference the same message in the search * [r505] nslcd/shadow.c: rewrite GET_OPTIONAL_DATE() as an extension to GET_OPTIONAL_LONG() * [r504] configure.ac: add/change some tests for currently used functions, relayout some complexer tests and use AC_CHECK_TYPE instead of custom test * [r503] nslcd/ether.c: use ether_ntoa_r() instead of ether_ntoa() * [r502] compat/ldap.h, configure.ac: remove unused tests and compatibility code * [r501] tests/nss-ldapd-test.conf: set pagesize to some more reasonable value * [r500] tests/test_myldap.c: have assertion on correct search 2007-12-16 arthur * [r498] nss-ldapd.conf: fix typo in description 2007-12-14 arthur * [r497] nslcd/myldap.c: potential fix for double free() bug like in nss_ldap (Debian bug #366172) * [r496] nslcd/myldap.h: improve description of myldap interface in comments * [r495] nslcd/common.c: explain why we write an invalid address (in comment) and add TODO to describe we need to change the log format * [r494] tests/test_myldap.c: fix typo in comment 2007-12-09 arthur * [r493] debian/control: update package description * [r492] tests/Makefile.am: fix objects that are needed to get tests linkable (due to namechange from ldap-nss to myldap) * [r491] compat/ldap.h, nslcd/cfg.c, nslcd/cfg.h, nslcd/myldap.c: some small layout changes * [r490] tests/test_nsscmds.sh: remove ugly space * [r489] nslcd-common.h, nslcd/Makefile.am, nslcd/alias.c, nslcd/attmap.h, nslcd/cfg.c, nslcd/common.h, nslcd/group.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/myldap.c, nslcd/myldap.h: get rid of some old code and rename ldap-nss to myldap since there is no more NSS-related code in there * [r488] nslcd-common.h, nslcd/alias.c, nslcd/common.c, nslcd/common.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: switch to new LDAP entry parsing code that is much simpler and more readable * [r487] tests/test_nsscmds.sh: add some comments to tests, enable netgroup tests and extend ether and services tests * [r486] nslcd/ldap-nss.c: ignore decoding errors from ldap_get_values() as they are just nonexisting attribute values 2007-12-07 arthur * [r485] debian/control: fix Vcs-* links to point to the trunk * [r484] debian/control: upgrade to standards-version 3.7.3 (no changes needed) * [r483] nslcd/nslcd.c: don't use backticks as quote mark 2007-12-01 arthur * [r482] common/dict.c: simple check for validity of key value in dict_put() 2007-11-26 arthur * [r481] configure.ac, man/nss-ldapd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/ldap-nss.c: clean up Kerberos ccname code, moving it to cfg.c, fixing some bugs in the putenv() code, making the gss_krb5_ccache_name() automatically used if the function is available and removing the --with-gssapi-dir, --enable-configurable-krb5-ccname-gssapi and --enable-configurable-krb5-ccname-env configure options 2007-11-25 arthur * [r480] AUTHORS, README, configure.ac, man/nss-ldapd.conf.5.xml, nslcd/cfg.c: implement LDAP server discovery through DNS, based on a patch by Ralf Haferkamp and Michael Calmer 2007-11-24 arthur * [r479] HACKING: update versions of used tools 2007-11-20 arthur * [r478] debian/control: remove XS- prefix from version control fields * [r477] debian/control: put Homepage field in source stanza 2007-11-16 arthur * [r476] AUTHORS, nslcd/ldap-nss.c: patch from Andreas Schneider to get krb5_ccname option working 2007-10-31 arthur * [r475] nslcd.h: improve comments about protocol, also describing the final NSLCD_RESULT_NOTFOUND 2007-10-28 arthur * [r474] nslcd/ldap-nss.c: some smaller cleanups and simplifications to the code (getting rid of the is_connected flag * [r473] nslcd/ldap-nss.c: remove sizelimit parameter * [r472] nslcd/ldap-nss.c: integrate ent_context attributes into ldap_search * [r471] nslcd/ldap-nss.c: remove session from context and remove sycnhronous search functions * [r470] nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/netgroup.c, nslcd/service.c: replace calls to _nss_ldap_get_values() by myldap_get_values(), remove unused functions, remove struct ldap_state and replace remaining references to context to use search instead * [r469] man/nss-ldapd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/ldap-nss.c: remove support for nss_connect_policy configfile option and remove some supporting code for it * [r468] nslcd/alias.c, nslcd/common.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: first step to use the new myldap interface * [r467] tests/test_nsscmds.sh: script to run a number of NSS commands (mainly getent) and check the result (this requires an LDAP setup that is yet to be documented) 2007-10-27 arthur * [r466] man/nss-ldapd.conf.5.xml: include pagesize option in manual page since this is tested now * [r465] nss-ldapd.conf: add pointer to pagesize in AD section of sample configfile * [r464] nslcd/nslcd.c: clean up myldap session after each request * [r463] nslcd/cfg.c: make cfg_init() only callable once and add note about not free()ing memory * [r462] common/tio.c: fix memory leak in I/O module not free()ing allocated storage for file info on file close * [r461] common/tio.c: portability improvement to fall back to ETIMEDOUT when ETIME is unavailable 2007-10-26 arthur * [r460] NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: integrate changes from 0.4.1 release 2007-10-25 arthur * [r455] nslcd/rpc.c: fix rpc filter and remove unused objectClass attmap entry * [r454] nslcd/ldap-nss.c: clean up any messages after abandoning the search because that returns a new message (fix memory leak) * [r453] nslcd/ldap-nss.c: fix a memory leak, not storing search entries so they could be freed later on * [r452] nslcd/ldap-nss.c: fix using unassigned status * [r451] nslcd/ldap-nss.c: fix memory leak * [r450] debian/libnss-ldapd.nslcd.init: remove S runlevel from Default-Stop in init script 2007-10-21 arthur * [r449] nss/networks.c: correct calls to NSLCD_ACTION_NETWORK_BYNAME and NSLCD_ACTION_NETWORK_BYADDR and get address in correct byte order with the last call 2007-10-20 arthur * [r448] nslcd/passwd.c, nslcd/protocol.c: call mysnprintf() instead of snprintf() where needed (bugfix) 2007-10-19 arthur * [r444] nslcd/ldap-nss.c: make a replacement for _nss_ldap_getbyname() which uses the myldap calls internally * [r443] nslcd/Makefile.am, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/myldap.h, tests, tests/Makefile.am, tests/nss-ldapd-test.conf, tests/test_myldap.c: integrate basic myldap interface (partially merged from dev-myldap branch) * [r442] tests/Makefile.am: include debugging information in object files * [r441] tests/Makefile.am: move most C[PP]FLAGS options to AM_C[PP]FLAGS and clean up a little * [r440] common/tio.c: fix usage of DEBUG_TIO_STATS 2007-10-14 arthur * [r438] AUTHORS: add translator to Japanese of templates * [r437] debian/po/ja.po: update Japanese (ja) translation of debconf templates by Kenshi Muto 2007-10-08 arthur * [r436] debian/copyright, debian/po/fr.po: update French (fr) translation of debconf templates by Cyril Brulebois 2007-10-05 arthur * [r434] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for 0.4 release 2007-10-04 arthur * [r433] .: ignore tarballs * [r432] configure.ac: remove linking with libresolv because it's not needed on Linux 2007-10-03 arthur * [r431] nss-ldapd.conf: some reordering to make the file more logical and minor fixes * [r430] Makefile.am: pass --enable-warnings when running the distcheck target * [r429] README: some general documentation improvements 2007-09-28 arthur * [r428] man/nss-ldapd.conf.5.xml: add note about escaping of ldapi:// scheme * [r427] debian/libnss-ldapd.templates, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fr.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po: remove note about escaping of ldapi:// url scheme * [r426] nslcd/cfg.c: add warnings and errors to untested and unsupported configfile options 2007-09-25 arthur * [r425] man/nss-ldapd.conf.5.xml: manual page improvements 2007-09-24 arthur * [r424] configure.ac: switch to defining __thread as empty string and issue warning if __thread keyword is not supported * [r423] common/tio.c: also initialize sa_sigaction although it's not used * [r422] debian/libnss-ldapd.postinst: do something special for setting the uri parameter because it may be speicified multiple times * [r421] debian/libnss-ldapd.config: fix newline mangling 2007-09-23 arthur * [r420] debian/libnss-ldapd.config: properly handle multiple uri lines in config file * [r419] debian/libnss-ldapd.postinst: trim preceding spaces when adding an entry in /etc/nsswitch.conf * [r418] Makefile.am, common/tio.c, nslcd/ldap-nss.h, nslcd/nslcd.c, nss/common.c: some small improvements to the code based on some source code checks * [r417] Makefile.am: remove pscan target as these checks are sufficiently covered by the other tests 2007-09-22 arthur * [r416] nslcd/Makefile.am: add compat files to sources so they end up in the tarball * [r415] tests/Makefile.am: add all objects that are now needed to test the configuration module * [r414] tests/test_cfg.c: remove test for alloc_lsd() because we don't use struct ldap_service_search_descriptor any more 2007-09-21 arthur * [r412] nslcd/ldap-nss.c: remove unneeded variables and slightly improve logging * [r411] common/Makefile.am: just use -fPIC on all files in this directory 2007-09-19 arthur * [r410] nslcd/cfg.c, nslcd/cfg.h, nslcd/nslcd.c: put config filename as a parameter to cfg_init() 2007-09-15 arthur * [r409] nslcd/ldap-nss.c: centralize opening of connection to LDAP server in do_open() and refactor do_bind() to be simpler (making do_rebind() just one line) * [r408] man/nss-ldapd.conf.5.xml: remove documentation for nss_schema option since it isn't used any more and probably never will be * [r407] nslcd/attmap.c, nslcd/attmap.h, nslcd/cfg.c, nslcd/cfg.h, nslcd/common.h, nslcd/group.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/passwd.c: remove support for nested groups and use of uniqueMember and member attributes as well as memberOf attribute (this removes quite some functionality but helps us in refactoring because the code was one big exception to all the other modules) * [r406] nslcd/group.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h: some more code cleanup, changing return type of _nss_ldap_init(), integrating _nss_ldap_init(), do_init_session(), do_parse_async() and _nss_ldap_search_async() into the functions that call them (each was only called once) * [r404] nslcd/alias.c, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: do not pass useless errnos around because they aren't used anymore * [r403] nslcd/cfg.h: remove unused include 2007-09-14 arthur * [r402] nslcd/ldap-nss.c: some type fixes and logic simplifications * [r401] nslcd/group.c: minor code improvements * [r400] nslcd/Makefile.am, nslcd/alias.c, nslcd/cfg.c, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c, nslcd/util.c, nslcd/util.h: move the two remaining useful functions from util.c to ldap-nss.c * [r399] nslcd/group.c, nslcd/util.c, nslcd/util.h: move _nss_ldap_dn2uid() from util.c to group.c * [r398] nslcd/common.h, nslcd/passwd.c: add note about free()ing the returned value and add logging * [r397] nslcd/common.h, nslcd/group.c, nslcd/passwd.c: move user2dn() from group.c to passwd_username2dn() in passwd.c * [r396] nslcd/alias.c, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: do not flush streams: our caller closes the streams flusing them * [r395] nslcd/alias.c, nslcd/ether.c, nslcd/group.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: make use of write_*ent() functions consistent * [r394] nslcd/alias.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/util.c, nslcd/util.h: revert special casing for alias_byname() to other functions and some logging strings simplifications * [r393] nslcd/group.c: remove some more references to the old locked functions * [r392] nslcd/alias.c, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c, nslcd/util.c: remove mutex from all LDAP operations because we now have a session and a connection per thread * [r391] nslcd/alias.c, nslcd/common.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/netgroup.c, nslcd/network.c, nslcd/nslcd.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c, nslcd/util.c, nslcd/util.h: get rid of global session and instead pass the session as a parameter with every request and allocate a session per thread 2007-09-12 arthur * [r390] nslcd/ldap-nss.c: some code cleanup and fixes to the layout 2007-09-09 arthur * [r389] nslcd/group.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/util.c: change naming of search functions to clearly indicate whether the synchronous or the asynchronous interface is used * [r388] compat/ldap.h, nslcd/cfg.c, nslcd/cfg.h, nslcd/ldap-nss.c: some simplifications in the reconnect loging, removing the undocumented nss_reconnect_maxconntries configfile option and some work to split out LDAP compatibility code to a separate file 2007-09-08 arthur * [r387] nslcd/common.c, nslcd/common.h, nslcd/ldap-nss.c: move nss2nslcd() to ldap-nss.c * [r386] nslcd/group.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h: rename a function and a little bit of cleanup * [r385] nslcd/ldap-nss.c: fix endless loop bug * [r384] nslcd/alias.c, nslcd/attmap.c, nslcd/attmap.h, nslcd/cfg.c, nslcd/cfg.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c, nslcd/util.c: move base and scope handling to database specific modules, gettting rid of ldap_service_search_descriptor * [r383] nslcd/alias.c, nslcd/attmap.c, nslcd/attmap.h, nslcd/cfg.c, nslcd/cfg.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/ldap-nss.c, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c, nslcd/util.c: move filters definitions to the database modules themselves (and already define base and scope but don't use them yet) 2007-09-07 arthur * [r382] nslcd/alias.c, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: make handling of ent_context consistent and simpler * [r381] nslcd/alias.c, nslcd/ether.c, nslcd/host.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c, nslcd/util.h: properly initialize all contexts * [r380] nslcd/ldap-nss.h: remove struct ldap_args stuff * [r379] nslcd/group.c: remove last usage of struct ldap_args and add FIXME * [r378] nslcd/Makefile.am, nslcd/alias.c, nslcd/cfg.c, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/ldap-nss.c, nslcd/ldap-schema.c, nslcd/ldap-schema.h, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c, nslcd/util.c: remove the ldap-schema.[ch] files since this is now fully implemented in the database specific files * [r377] nslcd/alias.c, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/ldap-schema.c, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: also pass search filter for the *_all() functions from the database module instead of doing it in ldap-nss.c * [r376] nslcd/alias.c, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: rename attlst stuff to attrs since that is the name of the parameter that is passed * [r375] nslcd/alias.c, nslcd/common.c, nslcd/common.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/ldap-schema.c, nslcd/ldap-schema.h, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c, nslcd/util.h: move some of the filter code to the database specific modules to be able to reduce complexity of ldap-nss.c later on 2007-09-05 arthur * [r374] man/Makefile.am: clean generated manual pages in maintainer-clean target 2007-09-03 arthur * [r373] nslcd/alias.c, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: include service name in attlst storage and functions * [r372] nslcd/ldap-nss.c: remove sigpipe handling code since sigpipe is ignored throughout the program 2007-08-27 arthur * [r371] man/Makefile.am: always ship docbook sources and generated manual pages and always install manual pages (even without docbook2x-man) * [r370] INSTALL, autogen.sh, depcomp, install-sh, missing, mkinstalldirs: upgrade to using automake 1.10 * [r369] configure.ac: use AM_PROG_CC_C_O to have per-target compiler flags 2007-08-26 arthur * [r366] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for 0.3 release * [r365] Makefile.am: workaround for problems splint has in parsing system header files * [r364] nslcd/cfg.h, nslcd/ldap-nss.h: move enum ldap_map_selector and struct ldap_service_search_descriptor from ldap-nss.h to cfg.h 2007-08-25 arthur * [r363] debian/libnss-ldapd.postinst: fix handling of configfile values with spaces and symbols that could cause problems with sed * [r362] debian/libnss-ldapd.postinst: change regular expression boundry to | instead of % because it is less likely to appear with normal use * [r361] debian/libnss-ldapd.config: clear password informating in Debconf database if binddn is not used 2007-08-19 arthur * [r360] tests, tests/Makefile.am, tests/test_cfg.c: add some checks for the configuration module * [r359] configure.ac, tests/Makefile.am, tests/dict, tests/test_dict.c, tests/test_tio.c, tests/tio: move dict and tio tests into the tests directory * [r358] debian/po/pt.po: include updated Portugese translation by Américo Monteiro * [r357] debian/po/templates.pot: change Project-Id-Version project name * [r356] debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fr.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po: update Project-Id-Version and Report-Msgid-Bugs-To headers * [r355] debian/copyright, m4/acx_pthread.m4: include newer version of acx_pthread.m4 * [r354] README: add a note about case-sensitivity of NSS and LDAP databases * [r353] debian/libnss-ldapd.config, debian/libnss-ldapd.postinst: fix some bugs in mangling of configfile and be more cautious about replacing values (only replace first occurrence and only match options with the correct number of options) * [r352] debian/libnss-ldapd.postinst: remove passwords from configfile if the [root]binddn option was removed and always unset the passwd in the debconf database * [r351] config.guess, config.sub: include updated files * [r350] debian/libnss-ldapd.postinst: no longer use /etc/libnss-ldap.conf as a basis for creating a new configuration file since the syntax is no longer compatible * [r349] debian/libnss-ldapd.postinst: only restart nscd on configure * [r348] debian/libnss-ldapd.config, debian/libnss-ldapd.postinst, debian/libnss-ldapd.templates, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fr.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po: remove the ldap-version question as it should be unneeded in the most common installations (where it needs to be set the whole config is likely te need tweaking) 2007-08-18 arthur * [r347] debian/libnss-ldapd.templates, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fr.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po: rephrase the uri question and add some more pointers on how to specify the value * [r346] debian/libnss-ldapd.nslcd.init: change remaining reference to $PIDFILE into $NSLCD_PIDFILE * [r345] nslcd/ldap-nss.c: fix a couple of uses of per-map bases that could be NULL and remove the ldap_proxy_bind_args that wasn't used anywhere * [r344] man/nslcd.8.xml: replace remaining \- with - * [r343] configure.ac, man/nss-ldapd.conf.5.xml, nslcd/attmap.c, nslcd/attmap.h, nslcd/cfg.c, nslcd/cfg.h, nslcd/ldap-nss.c, nslcd/ldap-schema.h, nslcd/nslcd.c, nss-ldapd.conf: rewrite configuration file handling to be simpler and more consistent, this does mean that the syntax of the configfile has changed from the PADL one and that some options were removed (also update manual page and sample config file to reflect changes) 2007-08-03 arthur * [r342] nslcd/cfg.c, nslcd/cfg.h, nslcd/group.c: remove nss_initgroups and nss_initgroups_ignoreusers configfile options * [r341] HACKING, README: documentation improvements * [r340] README, configure.ac, man/nss-ldapd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/ldap-nss.c, nslcd/ldap-nss.h: remove --enable-paged-results configure option and now always do runtime configuration, remove nss_paged_results configfile option and use pagesize option to specify usage of paging or not 2007-08-02 arthur * [r339] README: some spelling fixes, added a section on unsupported features and rephrased default LDAP schema objectclasses as filters 2007-07-31 arthur * [r338] Makefile.am, configure.ac, debian/control, man, man/Makefile.am, man/nslcd.8.xml, man/nss-ldapd.conf.5.xml, nslcd.8, nss-ldapd.conf.5: switch to using docbook for manual pages, use docbook2x-man for generating the manual pages and update the nss-ldapd.conf manual page slightly 2007-07-28 arthur * [r337] nslcd/alias.c, nslcd/cfg.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/ldap-schema.c, nslcd/ldap-schema.h, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: define the list of attributes to look up in searches in the service modules instead of in ldap-schema * [r336] nslcd/attmap.h: fix typo in comment 2007-07-27 arthur * [r334] nslcd.h: fix typo 2007-07-26 arthur * [r332] nslcd/cfg.c, nslcd/ldap-schema.h: remove some more old mapping stuff and change configuration file keyword to map with the new syntax * [r331] nslcd/alias.c, nslcd/attmap.c, nslcd/attmap.h, nslcd/cfg.c, nslcd/cfg.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/ldap-nss.c, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: switch to the new attribute mapping code * [r330] nslcd/cfg.c, nslcd/cfg.h, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/ldap-schema.c: get rid of default and override attribute value mappings and remove host and port configuration options * [r329] nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/shadow.c: move some shadow specific functions to shadow.c * [r328] nslcd/cfg.c, nslcd/cfg.h: make function _nss_ldap_add_uri() static 2007-07-24 arthur * [r327] nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/ldap-schema.c: remove some more unused code * [r326] nslcd/Makefile.am, nslcd/alias.c, nslcd/attmap.c, nslcd/attmap.h, nslcd/cfg.c, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/ldap-schema.c, nslcd/ldap-schema.h, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c, nslcd/util.c: switch to a new interface for doing attribute mapping, splitting the attribute mapping stuff into a separate file * [r325] nslcd/cfg.c, nslcd/ldap-schema.c, nslcd/ldap-schema.h: get rid of some unused attribute mappings and a small reorganisation of code * [r324] debian/libnss-ldapd.templates, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fr.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po: rephrase nsswitch.conf question and removed reference to example file we don't ship * [r323] debian/copyright, nslcd/Makefile.am, nslcd/cfg.c, nslcd/cfg.h, nslcd/dnsconfig.c, nslcd/dnsconfig.h, nslcd/resolve.c, nslcd/resolve.h, nss-ldapd.conf.5: get rid of dnsconfig stuff since that probably didn't work anyway and it cleans up some stuff 2007-07-23 arthur * [r315] common/dict.c, tests/dict/test_dict.c: fix a serious bug in dict_values_next() that would return map pointers instead of values and write a test for it * [r314] debian/rules: use stricter distclean run in clean target as suggested by lintian * [r313] common/dict.c, common/dict.h, tests/dict/test_dict.c: add support for removing entries from a DICT by setting the value to NULL (this does not free any memory) 2007-07-21 arthur * [r310] AUTHORS: include translater of debconf templates to French 2007-07-18 arthur * [r309] debian/po/fr.po: typo fix by Cyril Brulebois 2007-07-16 arthur * [r308] debian/po/fr.po: update French (fr) translation of debconf templates by Cyril Brulebois 2007-07-15 arthur * [r307] tests/tio/test_tio.c: disable test that will always fail * [r306] common/tio.c: fix typo * [r305] common/tio.c: fix bug with buffer magic in writing code 2007-07-14 arthur * [r304] AUTHORS, debian/copyright, debian/po/pt.po: add Portuguese (pt) translation of debconf templates by Américo Monteiro 2007-07-13 arthur * [r303] tests/dict/Makefile.am, tests/tio/Makefile.am: do the simple unit tests at make check time * [r302] Makefile.am: don't include config diretory which we don't use * [r301] common/tio.c: add const and add FIXME about a to-be-fixed race condition * [r300] nss/networks.c: flag the address family parameter as unused * [r299] README: add notes about format of host and ethers entries in LDAP database * [r298] debian/control: add XS-Vcs-Svn and XS-Vcs-Browser as specified in #391023 2007-06-18 arthur * [r297] nslcd/nslcd.c: add comment explaining the use of chmod() over fchmod() 2007-06-17 arthur * [r294] ChangeLog, NEWS, configure.ac, debian/changelog, nss-ldapd.conf.5: get files ready for 0.2.1 release * [r293] Makefile.am: do proper wildcard expansion * [r292] Makefile.am, nss/Makefile.am: add proper support for make uninstall * [r291] autogen.sh: force regeneration of all files * [r290] Makefile.am, autogen.sh, configure.ac: include stuff from the m4 directory automatically * [r289] common/Makefile.am, nslcd/Makefile.am, nss/Makefile.am, tests/Makefile.am, tests/dict/Makefile.am, tests/tio/Makefile.am: support building outside the source directory * [r288] Makefile.am, configure.ac, debian/copyright, m4, m4/acx_pthread.m4, nslcd/Makefile.am: use the ACX_PTHREAD macro to check for platform independant pthread support and required options * [r287] debian/copyright: further clarification of use of autoconf/automake code 2007-06-16 arthur * [r286] nslcd/nslcd.c: change fchmod() into chmod() since fchmod() has undifined behaviour on named sockets (fails silently) 2007-06-12 arthur * [r285] common/dict.c, nslcd/ldap-nss.c, nslcd/ldap-schema.c, nslcd/util.c: fix casts of types where needed * [r284] nslcd/host.c: fix type of host address and handle errors in writing hostent 2007-06-11 arthur * [r280] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, nss-ldapd.conf.5: get files ready for 0.2 release * [r279] common/Makefile.am, common/dict.c, common/dict.h, nslcd/Makefile.am, nslcd/cfg.h, nslcd/dict.c, nslcd/dict.h, tests/dict/Makefile.am, tests/dict/test_dict.c: move dict into the common directory * [r278] nss-ldapd.conf.5: add a note about the status of this manual page 2007-06-10 arthur * [r277] common/Makefile.am: compile tio module with -fPIC because it is used in the NSS shared library * [r276] debian/libnss-ldapd.postinst: add note about modifying /etc/nsswitch.conf in postinst 2007-06-09 arthur * [r275] Makefile.am: have better rules to generate ChangeLog * [r274] common/tio.h: remove some trailing spaces * [r273] nss-ldapd.conf.5: add proper copyright header 2007-06-08 arthur * [r272] Makefile.am, common, common/Makefile.am, common/tio.c, common/tio.h, configure.ac, nslcd-common.h, nslcd/Makefile.am, nslcd/alias.c, nslcd/common.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/netgroup.c, nslcd/network.c, nslcd/nslcd.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c, nslcd/util.c, nslcd/util.h, nss/Makefile.am, nss/aliases.c, nss/common.c, nss/common.h, nss/ethers.c, nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c, nss/passwd.c, nss/protocols.c, nss/rpc.c, nss/services.c, nss/shadow.c, tests/Makefile.am, tests/tio, tests/tio/Makefile.am, tests/tio/test_tio.c: implement our own stdio-like library that handles IO with a simple configurable timeout mechanism with buffering 2007-06-05 arthur * [r271] NEWS, README, configure.ac, tests/dict/test_dict.c: some remaining tabs to spaces and trim trailing spaces 2007-06-02 arthur * [r270] configure.ac, debian/copyright: fix some remaining references to the GNU Library General Public License 2007-06-01 arthur * [r269] nslcd/nslcd.c: add some comments describing some problems that this code may have 2007-05-20 arthur * [r268] HACKING: add a section on build dependencies 2007-05-13 arthur * [r267] config.guess, config.sub: include updated files 2007-03-05 arthur * [r266] ., Makefile.am: include some targets to tun flawfinder, pscan, rats and splint 2007-03-04 arthur * [r265] nslcd-common.h, nslcd/alias.c, nslcd/ether.c, nslcd/group.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/ldap-schema.c, nslcd/ldap-schema.h, nslcd/log.c, nslcd/nslcd.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/shadow.c, nslcd/util.c, nslcd/util.h, nss/common.c, nss/common.h, nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c, nss/prototypes.h, nss/services.c: code improvements by making type casts explicit, flagging ignored return values, renames and flagging of parameters and some miscelanious improvements (thanks to gcc warnings, splint, rats and flawfinder) 2007-03-02 arthur * [r264] nslcd/ldap-nss.c: remove runtime checking for existance of /lib/init/rw/libnss-ldap.bind_policy_soft * [r263] nss-ldapd.conf: add missing attribute mapping for AD * [r262] nslcd/nslcd.c: do chmod on file descriptor instead of on file name 2007-02-17 arthur * [r251] nslcd-common.h, nslcd/cfg.c, nss/hosts.c: fix a few bugs found thanks to the new warnings * [r250] compat, compat/attrs.h, nslcd/cfg.h, nslcd/common.h, nslcd/dict.h, nslcd/log.h, nslcd/nslcd.c, nss/Makefile.am, nss/common.h, nss/ethers.c, nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c, nss/passwd.c, nss/protocols.c, nss/rpc.c, nss/services.c, nss/shadow.c, tests/dict/test_dict.c, tests/test_aliases.c: add gcc attributes to some functions and parameters * [r249] configure.ac: add some extra type checks and worarounds * [r248] configure.ac: add extra compiler warnings 2007-02-10 arthur * [r240] nslcd/dnsconfig.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/ldap-schema.c, nslcd/util.c: replace syslog calls to calls with our own logging module 2007-02-06 arthur * [r237] README: fix a typo and update copyright info 2007-02-04 arthur * [r236] configure.ac, tests/Makefile.am, tests/dict, tests/dict/Makefile.am, tests/dict/test_dict.c: add simple test for dict module * [r235] nslcd/dict.c: fix list corruption bug in dict_put() and ignore setting value to NULL * [r234] nslcd/dict.c, nslcd/dict.h: don't store const void * as value, just void * 2007-02-01 arthur * [r233] nslcd/util.c, nslcd/util.h: declare old dict functions static as thay are only used from within util.c * [r232] nslcd/dict.h, nslcd/ldap-nss.h: trim trailing whitespace * [r231] nslcd/Makefile.am, nslcd/cfg.c, nslcd/cfg.h, nslcd/dict.c, nslcd/dict.h, nslcd/ldap-nss.c, nslcd/util.c, nslcd/util.h: add new dictionary module and use it for the attribute mapping stuff * [r230] nslcd/Makefile.am, nslcd/log.c, nslcd/xmalloc.c, nslcd/xmalloc.h: get rid of xmalloc.[ch] 2007-01-17 arthur * [r229] nss/Makefile.am: no longer install libc-versioned symlink and hardcode nss soname because we will likely need to change our code if the ABI changes * [r228] debian/rules: in Debian package install NSS files in /usr/lib instead of /lib * [r227] nss/aliases.c, nss/common.h, nss/ethers.c, nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c, nss/passwd.c, nss/protocols.c, nss/rpc.c, nss/services.c, nss/shadow.c: ensure that all NSS functions can be generated by the marcos in common.h and spell out the read_..() function for every type * [r226] debian/copyright: indent license blubs and include license information for nslcd/resolve.[ch] * [r225] nslcd.h: add a little bit more documentation * [r224] nslcd/cfg.c: remove a const where it really wasn't * [r223] nslcd/cfg.c, nslcd/cfg.h, nslcd/group.c, nslcd/ldap-nss.c, nslcd/util.c, nslcd/util.h: move most config code into cfg.c, clean up dictornary stuff in util.c and do some more smaller restructuring * [r222] nslcd/group.c, nslcd/ldap-nss.h, nslcd/util.c, nslcd/util.h: move name_list stuff to group.c as that is the only place it's used at the moment * [r221] nslcd/netgroup.c: replace __netgrent with mynetgrent removing the fields that are not used * [r220] nslcd/Makefile.am, nslcd/cfg.c, nslcd/cfg.h, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/ldap-schema.h, nslcd/util.c, nslcd/util.h: first step to split out all configuration stuff into separate file * [r219] nslcd/ldap-nss.c, nslcd/ldap-nss.h: get rid of more code that would check if the socket was changed from under us by our caller * [r218] nslcd/ldap-nss.c: get rid of rebinding-on-fork() logic as our threading model is very predictable 2007-01-10 arthur * [r217] nslcd/netgroup.c: write a final result code of NSLCD_RESULT_NOTFOUND for netgroup lookups * [r216] nss/netgroup.c, nss/prototypes.h: fix netgroup lookups so that _nss_ldap_getnetgrent_r() returns NSS_STATUS_RETURN if there are no more entries to return but there was a first entry 2007-01-09 arthur * [r215] COPYING, Makefile.am, README, configure.ac, debian/copyright, debian/libnss-ldapd.nslcd.init, nslcd-common.h, nslcd.8, nslcd.h, nslcd/Makefile.am, nslcd/alias.c, nslcd/common.c, nslcd/common.h, nslcd/dnsconfig.c, nslcd/dnsconfig.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/ldap-schema.c, nslcd/ldap-schema.h, nslcd/log.c, nslcd/log.h, nslcd/netgroup.c, nslcd/network.c, nslcd/nslcd.c, nslcd/pagectrl.c, nslcd/pagectrl.h, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c, nslcd/util.c, nslcd/util.h, nslcd/xmalloc.c, nslcd/xmalloc.h, nss/Makefile.am, nss/aliases.c, nss/common.c, nss/common.h, nss/ethers.c, nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c, nss/passwd.c, nss/protocols.c, nss/prototypes.h, nss/rpc.c, nss/services.c, nss/shadow.c, tests/Makefile.am, tests/test_aliases.c, tests/test_ethers.c, tests/test_group.c, tests/test_hosts.c, tests/test_netgroup.c, tests/test_networks.c, tests/test_passwd.c, tests/test_protocols.c, tests/test_rpc.c, tests/test_services.c, tests/test_shadow.c: change license from GNU Library General Public License v.2 to GNU Lesser General Public License v.2.1 with permission from Luke Howard 2007-01-08 arthur * [r214] nss/netgroup.c, nss/prototypes.h: use our own thread-local file pointer for doing requests instead of misusing the data field in the __netgrent struct * [r213] debian/control: add a provide line for libnss-ldap so we can seamlessly replace it (it should provide the same functionality) * [r212] debian/libnss-ldapd.postinst: only modify nsswitch databases we support, leave everything else alone (e.g. automount) 2007-01-02 arthur * [r211] debian/libnss-ldapd.nslcd.init: change description in init script nss-pam-ldapd-0.8.13/man/0000755000175000001440000000000012141476127012020 500000000000000nss-pam-ldapd-0.8.13/man/pynslcd.80000644000175000001440000000330312141433560013476 00000000000000'\" -*- coding: utf-8 -*- .if \n(.g .ds T< \\FC .if \n(.g .ds T> \\F[\n[.fam]] .de URL \\$2 \(la\\$1\(ra\\$3 .. .if \n(.g .mso www.tmac .TH pynslcd 8 "May 2013" "Version 0.8.13" "System Manager's Manual" .SH NAME pynslcd \- local LDAP name service daemon .SH SYNOPSIS 'nh .fi .ad l \fBpynslcd\fR \kx .if (\nx>(\n(.l/2)) .nr x (\n(.l/5) 'in \n(.iu+\nxu [\fIoptions\fR] 'in \n(.iu-\nxu .ad b 'hy .SH DESCRIPTION \fBpynslcd\fR is a daemon that will do LDAP queries for local processes that want to do user, group and other naming lookups (NSS) or do user authentication, authorisation or password modification (PAM). .PP \fBpynslcd\fR is configured through a configuration file (see \fBnslcd.conf\fR(5)). .PP See the included README for information on configuring the LDAP server. .SH OPTIONS \fBpynslcd\fR accepts the following options: .TP \*(T<\fB\-c\fR\*(T>, \*(T<\fB\-\-check\fR\*(T> Check if the daemon is running. This causes \fBpynslcd\fR to return 0 if the daemon is already running and 1 if it is not. .TP \*(T<\fB\-d\fR\*(T>, \*(T<\fB\-\-debug\fR\*(T> Enable debugging mode. \fBpynslcd\fR will not put itself in the background and sends verbose debugging info to stderr. \fBpynslcd\fR will handle connections as usual. This option is for debugging purposes only. Specify this option multiple times to also include more detailed logging from the LDAP library. .TP \*(T<\fB\-\-help\fR\*(T> Display short help and exit. .TP \*(T<\fB\-V\fR\*(T>, \*(T<\fB\-\-version\fR\*(T> Output version information and exit. .SH FILES \*(T<\fI/etc/nslcd.conf\fR\*(T> - the configuration file (see \fBnslcd.conf\fR(5)) .SH "SEE ALSO" \fBnslcd.conf\fR(5) .SH AUTHOR This manual was written by Arthur de Jong . nss-pam-ldapd-0.8.13/man/pam_ldap.8.xml0000644000175000001440000001522412141433457014410 00000000000000 Arthur de Jong pam_ldap 8 Version 0.8.13 System Manager's Manual May 2013 pam_ldap PAM module for LDAP-based authentication pam_ldap.so ... Description This is a PAM module that uses an LDAP server to verify user access rights and credentials. Options Specifies that the PAM module should use the first password provided in the authentication stack and not prompt the user for a password. Specifies that the PAM module should use the first password provided in the authentication stack and if that fails prompt the user for a password. Specifying this option allows users to log in with a blank password. Normally logins without a password are denied. Specifies that the PAM module should return PAM_IGNORE for users that are not present in the LDAP directory. This causes the PAM framework to ignore this module. Specifies that the PAM module should return PAM_IGNORE if it cannot contact the LDAP server. This causes the PAM framework to ignore this module. Specifies that warning messages should not be propagated to the PAM application. This causes the PAM module to use the earlier provided password when changing the password. The module will not prompt the user for a new password (it is analogous to ). This option causes the PAM module to log debugging information to syslog3. This option causes the PAM module to ignore the user if the user id is lower than the specified value. This can be used to bypass LDAP checks for system users (e.g. by setting it to 1000). Module Services Provided All services are provided by this module but currently sessions changes are not implemented in the nslcd daemon. Files /etc/pam.conf the main PAM configuration file /etc/nslcd.conf The configuration file for the nslcd daemon (see nslcd.conf5) See Also pam.conf5, nslcd8, nslcd.conf5 Author This manual was written by Arthur de Jong <arthur@arthurdejong.org>. nss-pam-ldapd-0.8.13/man/nslcd.8.xml0000644000175000001440000001055512141433457013740 00000000000000 Arthur de Jong nslcd 8 Version 0.8.13 System Manager's Manual May 2013 nslcd local LDAP name service daemon nslcd options Description nslcd is a daemon that will do LDAP queries for local processes that want to do user, group and other naming lookups (NSS) or do user authentication, authorisation or password modification (PAM). nslcd is configured through a configuration file (see nslcd.conf5). See the included README for information on configuring the LDAP server. Options nslcd accepts the following options: , Check if the daemon is running. This causes nslcd to return 0 if the daemon is already running and 1 if it is not. , Enable debugging mode. nslcd will not put itself in the background and sends verbose debugging info to stderr. nslcd will handle connections as usual. This option is for debugging purposes only. Specify this option multiple times to also include more detailed logging from the LDAP library. Display short help and exit. , Output version information and exit. Files /etc/nslcd.conf - the configuration file (see nslcd.conf5) See Also nslcd.conf5 Author This manual was written by Arthur de Jong <arthur@arthurdejong.org>. nss-pam-ldapd-0.8.13/man/pynslcd.8.xml0000644000175000001440000001047312141433457014310 00000000000000 Arthur de Jong pynslcd 8 Version 0.8.13 System Manager's Manual May 2013 pynslcd local LDAP name service daemon pynslcd options Description pynslcd is a daemon that will do LDAP queries for local processes that want to do user, group and other naming lookups (NSS) or do user authentication, authorisation or password modification (PAM). pynslcd is configured through a configuration file (see nslcd.conf5). See the included README for information on configuring the LDAP server. Options pynslcd accepts the following options: , Check if the daemon is running. This causes pynslcd to return 0 if the daemon is already running and 1 if it is not. , Enable debugging mode. pynslcd will not put itself in the background and sends verbose debugging info to stderr. pynslcd will handle connections as usual. This option is for debugging purposes only. Specify this option multiple times to also include more detailed logging from the LDAP library. Display short help and exit. , Output version information and exit. Files /etc/nslcd.conf - the configuration file (see nslcd.conf5) See Also nslcd.conf5 Author This manual was written by Arthur de Jong <arthur@arthurdejong.org>. nss-pam-ldapd-0.8.13/man/pam_ldap.80000644000175000001440000000506012141433557013607 00000000000000'\" -*- coding: utf-8 -*- .if \n(.g .ds T< \\FC .if \n(.g .ds T> \\F[\n[.fam]] .de URL \\$2 \(la\\$1\(ra\\$3 .. .if \n(.g .mso www.tmac .TH pam_ldap 8 "May 2013" "Version 0.8.13" "System Manager's Manual" .SH NAME pam_ldap \- PAM module for LDAP-based authentication .SH SYNOPSIS 'nh .fi .ad l \fBpam_ldap.so\fR \kx .if (\nx>(\n(.l/2)) .nr x (\n(.l/5) 'in \n(.iu+\nxu [\fI...\fR] 'in \n(.iu-\nxu .ad b 'hy .SH DESCRIPTION This is a PAM module that uses an LDAP server to verify user access rights and credentials. .SH OPTIONS .TP \*(T<\fBuse_first_pass\fR\*(T> Specifies that the PAM module should use the first password provided in the authentication stack and not prompt the user for a password. .TP \*(T<\fBtry_first_pass\fR\*(T> Specifies that the PAM module should use the first password provided in the authentication stack and if that fails prompt the user for a password. .TP \*(T<\fBnullok\fR\*(T> Specifying this option allows users to log in with a blank password. Normally logins without a password are denied. .TP \*(T<\fBignore_unknown_user\fR\*(T> Specifies that the PAM module should return PAM_IGNORE for users that are not present in the LDAP directory. This causes the PAM framework to ignore this module. .TP \*(T<\fBignore_authinfo_unavail\fR\*(T> Specifies that the PAM module should return PAM_IGNORE if it cannot contact the LDAP server. This causes the PAM framework to ignore this module. .TP \*(T<\fBno_warn\fR\*(T> Specifies that warning messages should not be propagated to the PAM application. .TP \*(T<\fBuse_authtok\fR\*(T> This causes the PAM module to use the earlier provided password when changing the password. The module will not prompt the user for a new password (it is analogous to \*(T<\fBuse_first_pass\fR\*(T>). .TP \*(T<\fBdebug\fR\*(T> This option causes the PAM module to log debugging information to \fBsyslog\fR(3). .TP \*(T<\fBminimum_uid=\fR\*(T>\fIUID\fR This option causes the PAM module to ignore the user if the user id is lower than the specified value. This can be used to bypass LDAP checks for system users (e.g. by setting it to \*(T<1000\*(T>). .SH "MODULE SERVICES PROVIDED" All services are provided by this module but currently sessions changes are not implemented in the nslcd daemon. .SH FILES .TP \*(T<\fI/etc/pam.conf\fR\*(T> the main PAM configuration file .TP \*(T<\fI/etc/nslcd.conf\fR\*(T> The configuration file for the \fBnslcd\fR daemon (see \fBnslcd.conf\fR(5)) .SH "SEE ALSO" \fBpam.conf\fR(5), \fBnslcd\fR(8), \fBnslcd.conf\fR(5) .SH AUTHOR This manual was written by Arthur de Jong . nss-pam-ldapd-0.8.13/man/nslcd.conf.50000644000175000001440000004312212141433557014057 00000000000000'\" -*- coding: utf-8 -*- .if \n(.g .ds T< \\FC .if \n(.g .ds T> \\F[\n[.fam]] .de URL \\$2 \(la\\$1\(ra\\$3 .. .if \n(.g .mso www.tmac .TH nslcd.conf 5 "May 2013" "Version 0.8.13" "System Manager's Manual" .SH NAME nslcd.conf \- configuration file for LDAP nameservice daemon .SH DESCRIPTION The \fInss-pam-ldapd\fR package allows LDAP directory servers to be used as a primary source of name service information. (Name service information typically includes users, hosts, groups, and other such data historically stored in flat files or NIS.) .PP The file \*(T<\fInslcd.conf\fR\*(T> contains the configuration information for running \fBnslcd\fR (see \fBnslcd\fR(8)). The file contains options, one on each line, defining the way NSS lookups and PAM actions are mapped to LDAP lookups. .SH OPTIONS .SS "RUNTIME OPTIONS" .TP \*(T<\fBthreads\fR\*(T> \fINUM\fR Specifies the number of threads to start that can handle requests and perform LDAP queries. Each thread opens a separate connection to the LDAP server. The default is to start 5 threads. .TP \*(T<\fBuid\fR\*(T> \fIUID\fR This specifies the user id with which the daemon should be run. This can be a numerical id or a symbolic value. If no uid is specified no attempt to change the user will be made. Note that you should use values that don't need LDAP to resolve. .TP \*(T<\fBgid\fR\*(T> \fIGID\fR This specifies the group id with which the daemon should be run. This can be a numerical id or a symbolic value. If no gid is specified no attempt to change the group will be made. Note that you should use values that don't need LDAP to resolve. .SS "GENERAL CONNECTION OPTIONS" .TP \*(T<\fBuri\fR\*(T> \fIURI\fR Specifies the LDAP URI of the server to connect to. The URI scheme may be \*(T, \*(T or \*(T, specifying LDAP over TCP, ICP or SSL respectively (if supported by the LDAP library). Alternatively, the value \*(T may be used to try to lookup the server using DNS SRV records. By default the current domain is used but another domain can be queried by using the \*(T\fIDOMAIN\fR syntax. When using the ldapi scheme, %2f should be used to escape slashes (e.g. ldapi://%2fvar%2frun%2fslapd%2fldapi/), although most of the time this should not be needed. This option may be specified multiple times. Normally, only the first server will be used with the following servers as fall-back (see \*(T<\fBbind_timelimit\fR\*(T> below). If LDAP lookups are used for host name resolution, any host names should be specified as an IP address or name that can be resolved without using LDAP. .TP \*(T<\fBldap_version\fR\*(T> \fIVERSION\fR Specifies the version of the LDAP protocol to use. The default is to use the maximum version supported by the LDAP library. .TP \*(T<\fBbinddn\fR\*(T> \fIDN\fR Specifies the distinguished name with which to bind to the directory server for lookups. The default is to bind anonymously. .TP \*(T<\fBbindpw\fR\*(T> \fIPASSWORD\fR Specifies the credentials with which to bind. This option is only applicable when used with \*(T<\fBbinddn\fR\*(T> above. If you set this option you should consider changing the permissions of the \*(T<\fInslcd.conf\fR\*(T> file to only grant access to the root user. .TP \*(T<\fBrootpwmoddn\fR\*(T> \fIDN\fR Specifies the distinguished name to use when the root user tries to modify a user's password using the PAM module. .TP \*(T<\fBrootpwmodpw\fR\*(T> \fIPASSWORD\fR Specifies the credentials with which to bind if the root user tries to change a user's password. This option is only applicable when used with \*(T<\fBrootpwmoddn\fR\*(T> above. If this option is not specified the PAM module prompts the user for this password. If you set this option you should consider changing the permissions of the \*(T<\fInslcd.conf\fR\*(T> file to only grant access to the root user. .SS "SASL AUTHENTICATION OPTIONS" .TP \*(T<\fBsasl_mech\fR\*(T> \fIMECHANISM\fR Specifies the SASL mechanism to be used when performing SASL authentication. .TP \*(T<\fBsasl_realm\fR\*(T> \fIREALM\fR Specifies the SASL realm to be used when performing SASL authentication. .TP \*(T<\fBsasl_authcid\fR\*(T> \fIAUTHCID\fR Specifies the authentication identity to be used when performing SASL authentication. .TP \*(T<\fBsasl_authzid\fR\*(T> \fIAUTHZID\fR Specifies the authorization identity to be used when performing SASL authentication. Must be specified in one of the formats: dn: or u:. .TP \*(T<\fBsasl_secprops\fR\*(T> \fIPROPERTIES\fR Specifies Cyrus SASL security properties. Allowed values are described in the \fBldap.conf\fR(5) manual page. .TP \*(T<\fBsasl_canonicalize\fR\*(T> yes|no Determines whether the LDAP server host name should be canonicalised. If this is set to yes the LDAP library will do a reverse host name lookup. By default, it is left up to the LDAP library whether this check is performed or not. .SS "KERBEROS AUTHENTICATION OPTIONS" .TP \*(T<\fBkrb5_ccname\fR\*(T> \fINAME\fR Set the name for the GSS-API Kerberos credentials cache. .SS "SEARCH/MAPPING OPTIONS" .TP \*(T<\fBbase\fR\*(T> [\fIMAP\fR] \fIDN\fR Specifies the base distinguished name (DN) to use as search base. This option may be supplied multiple times and all specified bases will be searched. A global search base may be specified or a MAP-specific one. If no MAP-specific search bases are defined the global ones are used. If, instead of a DN, the value \fIDOMAIN\fR is specified, the host's DNS domain is used to construct a search base. If this value is not defined an attempt is made to look it up in the configured LDAP server. Note that if the LDAP server is unavailable during start-up \fBnslcd\fR will not start. .TP \*(T<\fBscope\fR\*(T> [\fIMAP\fR] sub[tree]|one[level]|base Specifies the search scope (subtree, one level or base object). The default scope is subtree; base scope is almost never useful for name service lookups. .TP \*(T<\fBderef\fR\*(T> never|searching|finding|always Specifies the policy for dereferencing aliases. The default policy is to never dereference aliases. .TP \*(T<\fBreferrals\fR\*(T> yes|no Specifies whether automatic referral chasing should be enabled. The default behaviour is to chase referrals. .TP \*(T<\fBfilter\fR\*(T> \fIMAP\fR \fIFILTER\fR The \fIFILTER\fR is an LDAP search filter to use for a specific map. The default filter is a basic search on the objectClass for the map (e.g. \*(T<(objectClass=posixAccount)\*(T>). .TP \*(T<\fBmap\fR\*(T> \fIMAP\fR \fIATTRIBUTE\fR \fINEWATTRIBUTE\fR This option allows for custom attributes to be looked up instead of the default RFC 2307 attributes. The \fIMAP\fR may be one of the supported maps below. The \fIATTRIBUTE\fR is the one as used in RFC 2307 (e.g. \*(T, \*(T, \*(T, etc.). The \fINEWATTRIBUTE\fR may be any attribute as it is available in the directory. If the \fINEWATTRIBUTE\fR is presented in quotes (") it is treated as an expression which will be evaluated to build up the actual value used. See the section on attribute mapping expressions below for more details. Only some attributes for group, passwd and shadow entries may be mapped with an expression (because other attributes may be used in search filters). For group entries only the \*(T attribute may be mapped with an expression. For passwd entries the following attributes may be mapped with an expression: \*(T, \*(T, \*(T, \*(T and \*(T. For shadow entries the following attributes may be mapped with an expression: \*(T, \*(T, \*(T, \*(T, \*(T, \*(T, \*(T and \*(T. The \*(T and \*(T attributes in the \*(T and \*(T maps may be mapped to the \*(T followed by the domain SID to derive numeric user and group ids from the SID (e.g. \*(T). By default all \*(T attributes are mapped to the unmatchable password ("*") to avoid accidentally leaking password information. .SS "TIMING/RECONNECT OPTIONS" .TP \*(T<\fBbind_timelimit\fR\*(T> \fISECONDS\fR Specifies the time limit (in seconds) to use when connecting to the directory server. This is distinct from the time limit specified in \*(T<\fBtimelimit\fR\*(T> and affects the set-up of the connection only. Note that not all LDAP client libraries have support for setting the connection time out. The default \*(T<\fBbind_timelimit\fR\*(T> is 10 seconds. .TP \*(T<\fBtimelimit\fR\*(T> \fISECONDS\fR Specifies the time limit (in seconds) to wait for a response from the LDAP server. A value of zero (0), which is the default, is to wait indefinitely for searches to be completed. .TP \*(T<\fBidle_timelimit\fR\*(T> \fISECONDS\fR Specifies the period if inactivity (in seconds) after which the connection to the LDAP server will be closed. The default is not to time out connections. .TP \*(T<\fBreconnect_sleeptime\fR\*(T> \fISECONDS\fR Specifies the number of seconds to sleep when connecting to all LDAP servers fails. By default 1 second is waited between the first failure and the first retry. .TP \*(T<\fBreconnect_retrytime\fR\*(T> \fISECONDS\fR Specifies the time after which the LDAP server is considered to be permanently unavailable. Once this time is reached retries will be done only once per this time period. The default value is 10 seconds. .PP Note that the reconnect logic as described above is the mechanism that is used between \fBnslcd\fR and the LDAP server. The mechanism between the NSS and PAM client libraries on one end and \fBnslcd\fR on the other is simpler with a fixed compiled-in time out of a 10 seconds for writing to \fBnslcd\fR and a time out of 60 seconds for reading answers. \fBnslcd\fR itself has a read time out of 0.5 seconds and a write time out of 60 seconds. .SS "SSL/TLS OPTIONS" .TP \*(T<\fBssl\fR\*(T> on|off|start_tls Specifies whether to use SSL/TLS or not (the default is not to). If \fIstart_tls\fR is specified then StartTLS is used rather than raw LDAP over SSL. Not all LDAP client libraries support both SSL, StartTLS and all related configuration options. .TP \*(T<\fBtls_reqcert\fR\*(T> never|allow|try|demand|hard Specifies what checks to perform on a server-supplied certificate. The meaning of the values is described in the \fBldap.conf\fR(5) manual page. At least one of \*(T<\fBtls_cacertdir\fR\*(T> and \*(T<\fBtls_cacertfile\fR\*(T> is required if peer verification is enabled. .TP \*(T<\fBtls_cacertdir\fR\*(T> \fIPATH\fR Specifies the directory containing X.509 certificates for peer authentication. This parameter is ignored when using GnuTLS. On Debian OpenLDAP is linked against GnuTLS. .TP \*(T<\fBtls_cacertfile\fR\*(T> \fIPATH\fR Specifies the path to the X.509 certificate for peer authentication. .TP \*(T<\fBtls_randfile\fR\*(T> \fIPATH\fR Specifies the path to an entropy source. This parameter is ignored when using GnuTLS. On Debian OpenLDAP is linked against GnuTLS. .TP \*(T<\fBtls_ciphers\fR\*(T> \fICIPHERS\fR Specifies the ciphers to use for TLS. See your TLS implementation's documentation for further information. .TP \*(T<\fBtls_cert\fR\*(T> \fIPATH\fR Specifies the path to the file containing the local certificate for client TLS authentication. .TP \*(T<\fBtls_key\fR\*(T> \fIPATH\fR Specifies the path to the file containing the private key for client TLS authentication. .SS "OTHER OPTIONS" .TP \*(T<\fBpagesize\fR\*(T> \fINUMBER\fR Set this to a number greater than 0 to request paged results from the LDAP server in accordance with RFC2696. The default (0) is to not request paged results. This is useful for LDAP servers that contain a lot of entries (e.g. more than 500) and limit the number of entries that are returned with one request. For OpenLDAP servers you may need to set \*(T<\fBsizelimit size.prtotal=unlimited\fR\*(T> for allowing more entries to be returned over multiple pages. .TP \*(T<\fBnss_initgroups_ignoreusers\fR\*(T> user1,user2,... This option prevents group membership lookups through LDAP for the specified users. This can be useful in case of unavailability of the LDAP server. This option may be specified multiple times. Alternatively, the value \*(T may be used. With that value nslcd builds a full list of non-LDAP users on startup. .TP \*(T<\fBnss_min_uid\fR\*(T> \fIUID\fR This option ensures that LDAP users with a numeric user id lower than the specified value are ignored. Also requests for users with a lower user id are ignored. .TP \*(T<\fBvalidnames\fR\*(T> \fIREGEX\fR This option can be used to specify how user and group names are verified within the system. This pattern is used to check all user and group names that are requested and returned from LDAP. The regular expression should be specified as a POSIX extended regular expression. The expression itself needs to be separated by slash (/) characters and the 'i' flag may be appended at the end to indicate that the match should be case-insensetive. The default value is \*(T .TP \*(T<\fBignorecase\fR\*(T> yes|no This specifies whether or not to perform searches for group, netgroup, passwd, protocols, rpc, services and shadow maps using case-insensitive matching. Setting this to \*(T could open up the system to authorisation vulnerabilities and introduce nscd cache poisoning vulnerabilities which allow denial of service. The default is to perform case-sensitve filtering of LDAP search results for the above maps. .TP \*(T<\fBpam_authz_search\fR\*(T> \fIFILTER\fR This option allows flexible fine tuning of the authorisation check that should be performed. The search filter specified is executed and if any entries match, access is granted, otherwise access is denied. The search filter can contain the following variable references: \*(T<$username\*(T>, \*(T<$service\*(T>, \*(T<$ruser\*(T>, \*(T<$rhost\*(T>, \*(T<$tty\*(T>, \*(T<$hostname\*(T>, \*(T<$fqdn\*(T>, \*(T<$dn\*(T>, and \*(T<$uid\*(T>. These references are substituted in the search filter using the same syntax as described in the section on attribute mapping expressions below. For example, to check that the user has a proper \*(T value if the attribute is present (this almost emulates the \*(T<\fBpam_check_service_attr\fR\*(T> option in PADL's pam_ldap): .nf \*(T<(&(objectClass=posixAccount)(uid=$username)(|(authorizedService=$service)(!(authorizedService=*))))\*(T> .fi The \*(T<\fBpam_check_host_attr\fR\*(T> option can be emulated with: .nf \*(T<(&(objectClass=posixAccount)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\e\e*)))\*(T> .fi This option may be specified multiple times and all specified searches should at least return one entry for access to be granted. .TP \*(T<\fBpam_password_prohibit_message\fR\*(T> "\fIMESSAGE\fR" If this option is set password modification using pam_ldap will be denied and the specified message will be presented to the user instead. The message can be used to direct the user to an alternative means of changing their password. .SH "SUPPORTED MAPS" The following maps are supported. They are referenced as \fIMAP\fR in the options above. .TP alias[es] Mail aliases. Note that most mail servers do not use the NSS interface for requesting mail aliases and parse \*(T<\fI/etc/aliases\fR\*(T> on their own. .TP ether[s] Ethernet numbers (mac addresses). .TP group Posix groups. .TP host[s] Host names. .TP netgroup Host and user groups used for access control. .TP network[s] Network numbers. .TP passwd Posix users. .TP protocol[s] Protocol definitions (like in \*(T<\fI/etc/protocols\fR\*(T>). .TP rpc Remote procedure call names and numbers. .TP service[s] Network service names and numbers. .TP shadow Shadow user password information. .SH "ATTRIBUTE MAPPING EXPRESSIONS" For some attributes a mapping expression may be used to construct the resulting value. This is currently only possible for attributes that do not need to be used in search filters. The expressions are a subset of the double quoted string expressions in the Bourne (POSIX) shell. Instead of variable substitution, attribute lookups are done on the current entry and the attribute value is substituted. The following expressions are supported: .TP \*(T<${attr}\*(T> (or \*(T<$attr\*(T> for short) will substitute the value of the attribute .TP \*(T<${attr:\-word}\*(T> (use default) will substitbute the value of the attribute or, if the attribute is not set or empty substitute the word .TP \*(T<${attr:+word}\*(T> (use alternative) will substitbute word if attribute is set, otherwise substitute the empty string .PP Quote (\*(T<"\*(T>), dollar (\*(T<$\*(T>) or backslash (\*(T<\e\*(T>) characters should be escaped with a backslash (\*(T<\e\*(T>). .PP The \fBnslcd\fR daemon checks the expressions to figure out which attributes to fetch from LDAP. Some examples to demonstrate how these expressions may be used in attribute mapping: .TP \*(T<"${shadowFlag:\-0}"\*(T> use the \*(T attribute, using the value 0 as default .TP \*(T<"${homeDirectory:\-/home/$uid}"\*(T> use the \*(T attribute to build a \*(T value if that attribute is missing .TP \*(T<"${isDisabled:+100}"\*(T> if the \*(T attribute is set, return 100, otherwise leave value empty .SH FILES .TP \*(T<\fI/etc/nslcd.conf\fR\*(T> the main configuration file .TP \*(T<\fI/etc/nsswitch.conf\fR\*(T> Name Service Switch configuration file .SH "SEE ALSO" \fBnslcd\fR(8), \fBnsswitch.conf\fR(5) .SH AUTHOR This manual was written by Arthur de Jong and is based on the \fBnss_ldap\fR(5) manual developed by PADL Software Pty Ltd. nss-pam-ldapd-0.8.13/man/nslcd.80000644000175000001440000000326112141433560013130 00000000000000'\" -*- coding: utf-8 -*- .if \n(.g .ds T< \\FC .if \n(.g .ds T> \\F[\n[.fam]] .de URL \\$2 \(la\\$1\(ra\\$3 .. .if \n(.g .mso www.tmac .TH nslcd 8 "May 2013" "Version 0.8.13" "System Manager's Manual" .SH NAME nslcd \- local LDAP name service daemon .SH SYNOPSIS 'nh .fi .ad l \fBnslcd\fR \kx .if (\nx>(\n(.l/2)) .nr x (\n(.l/5) 'in \n(.iu+\nxu [\fIoptions\fR] 'in \n(.iu-\nxu .ad b 'hy .SH DESCRIPTION \fBnslcd\fR is a daemon that will do LDAP queries for local processes that want to do user, group and other naming lookups (NSS) or do user authentication, authorisation or password modification (PAM). .PP \fBnslcd\fR is configured through a configuration file (see \fBnslcd.conf\fR(5)). .PP See the included README for information on configuring the LDAP server. .SH OPTIONS \fBnslcd\fR accepts the following options: .TP \*(T<\fB\-c\fR\*(T>, \*(T<\fB\-\-check\fR\*(T> Check if the daemon is running. This causes \fBnslcd\fR to return 0 if the daemon is already running and 1 if it is not. .TP \*(T<\fB\-d\fR\*(T>, \*(T<\fB\-\-debug\fR\*(T> Enable debugging mode. \fBnslcd\fR will not put itself in the background and sends verbose debugging info to stderr. \fBnslcd\fR will handle connections as usual. This option is for debugging purposes only. Specify this option multiple times to also include more detailed logging from the LDAP library. .TP \*(T<\fB\-\-help\fR\*(T> Display short help and exit. .TP \*(T<\fB\-V\fR\*(T>, \*(T<\fB\-\-version\fR\*(T> Output version information and exit. .SH FILES \*(T<\fI/etc/nslcd.conf\fR\*(T> - the configuration file (see \fBnslcd.conf\fR(5)) .SH "SEE ALSO" \fBnslcd.conf\fR(5) .SH AUTHOR This manual was written by Arthur de Jong . nss-pam-ldapd-0.8.13/man/nslcd.conf.5.xml0000644000175000001440000010437712141433457014667 00000000000000 Arthur de Jong nslcd.conf 5 Version 0.8.13 System Manager's Manual May 2013 nslcd.conf configuration file for LDAP nameservice daemon Description The nss-pam-ldapd package allows LDAP directory servers to be used as a primary source of name service information. (Name service information typically includes users, hosts, groups, and other such data historically stored in flat files or NIS.) The file nslcd.conf contains the configuration information for running nslcd (see nslcd8). The file contains options, one on each line, defining the way NSS lookups and PAM actions are mapped to LDAP lookups. Options Runtime options NUM Specifies the number of threads to start that can handle requests and perform LDAP queries. Each thread opens a separate connection to the LDAP server. The default is to start 5 threads. UID This specifies the user id with which the daemon should be run. This can be a numerical id or a symbolic value. If no uid is specified no attempt to change the user will be made. Note that you should use values that don't need LDAP to resolve. GID This specifies the group id with which the daemon should be run. This can be a numerical id or a symbolic value. If no gid is specified no attempt to change the group will be made. Note that you should use values that don't need LDAP to resolve. General connection options URI Specifies the LDAP URI of the server to connect to. The URI scheme may be ldap, ldapi or ldaps, specifying LDAP over TCP, ICP or SSL respectively (if supported by the LDAP library). Alternatively, the value DNS may be used to try to lookup the server using DNS SRV records. By default the current domain is used but another domain can be queried by using the DNS:DOMAIN syntax. When using the ldapi scheme, %2f should be used to escape slashes (e.g. ldapi://%2fvar%2frun%2fslapd%2fldapi/), although most of the time this should not be needed. This option may be specified multiple times. Normally, only the first server will be used with the following servers as fall-back (see below). If LDAP lookups are used for host name resolution, any host names should be specified as an IP address or name that can be resolved without using LDAP. VERSION Specifies the version of the LDAP protocol to use. The default is to use the maximum version supported by the LDAP library. DN Specifies the distinguished name with which to bind to the directory server for lookups. The default is to bind anonymously. PASSWORD Specifies the credentials with which to bind. This option is only applicable when used with above. If you set this option you should consider changing the permissions of the nslcd.conf file to only grant access to the root user. DN Specifies the distinguished name to use when the root user tries to modify a user's password using the PAM module. PASSWORD Specifies the credentials with which to bind if the root user tries to change a user's password. This option is only applicable when used with above. If this option is not specified the PAM module prompts the user for this password. If you set this option you should consider changing the permissions of the nslcd.conf file to only grant access to the root user. <acronym>SASL</acronym> authentication options MECHANISM Specifies the SASL mechanism to be used when performing SASL authentication. REALM Specifies the SASL realm to be used when performing SASL authentication. AUTHCID Specifies the authentication identity to be used when performing SASL authentication. AUTHZID Specifies the authorization identity to be used when performing SASL authentication. Must be specified in one of the formats: dn:<distinguished name> or u:<username>. PROPERTIES Specifies Cyrus SASL security properties. Allowed values are described in the ldap.conf5 manual page. yes|no Determines whether the LDAP server host name should be canonicalised. If this is set to yes the LDAP library will do a reverse host name lookup. By default, it is left up to the LDAP library whether this check is performed or not. Kerberos authentication options NAME Set the name for the GSS-API Kerberos credentials cache. Search/mapping options MAP DN Specifies the base distinguished name (DN) to use as search base. This option may be supplied multiple times and all specified bases will be searched. A global search base may be specified or a MAP-specific one. If no MAP-specific search bases are defined the global ones are used. If, instead of a DN, the value DOMAIN is specified, the host's DNS domain is used to construct a search base. If this value is not defined an attempt is made to look it up in the configured LDAP server. Note that if the LDAP server is unavailable during start-up nslcd will not start. MAP subtree|onelevel|base Specifies the search scope (subtree, one level or base object). The default scope is subtree; base scope is almost never useful for name service lookups. never|searching|finding|always Specifies the policy for dereferencing aliases. The default policy is to never dereference aliases. yes|no Specifies whether automatic referral chasing should be enabled. The default behaviour is to chase referrals. MAP FILTER The FILTER is an LDAP search filter to use for a specific map. The default filter is a basic search on the objectClass for the map (e.g. (objectClass=posixAccount)). MAP ATTRIBUTE NEWATTRIBUTE This option allows for custom attributes to be looked up instead of the default RFC 2307 attributes. The MAP may be one of the supported maps below. The ATTRIBUTE is the one as used in RFC 2307 (e.g. userPassword, ipProtocolNumber, macAddress, etc.). The NEWATTRIBUTE may be any attribute as it is available in the directory. If the NEWATTRIBUTE is presented in quotes (") it is treated as an expression which will be evaluated to build up the actual value used. See the section on attribute mapping expressions below for more details. Only some attributes for group, passwd and shadow entries may be mapped with an expression (because other attributes may be used in search filters). For group entries only the userPassword attribute may be mapped with an expression. For passwd entries the following attributes may be mapped with an expression: userPassword, gidNumber, gecos, homeDirectory and loginShell. For shadow entries the following attributes may be mapped with an expression: userPassword, shadowLastChange, shadowMin, shadowMax, shadowWarning, shadowInactive, shadowExpire and shadowFlag. The uidNumber and gidNumber attributes in the passwd and group maps may be mapped to the objectSid followed by the domain SID to derive numeric user and group ids from the SID (e.g. objectSid:S-1-5-21-3623811015-3361044348-30300820). By default all userPassword attributes are mapped to the unmatchable password ("*") to avoid accidentally leaking password information. Timing/reconnect options SECONDS Specifies the time limit (in seconds) to use when connecting to the directory server. This is distinct from the time limit specified in and affects the set-up of the connection only. Note that not all LDAP client libraries have support for setting the connection time out. The default is 10 seconds. SECONDS Specifies the time limit (in seconds) to wait for a response from the LDAP server. A value of zero (0), which is the default, is to wait indefinitely for searches to be completed. SECONDS Specifies the period if inactivity (in seconds) after which the connection to the LDAP server will be closed. The default is not to time out connections. SECONDS Specifies the number of seconds to sleep when connecting to all LDAP servers fails. By default 1 second is waited between the first failure and the first retry. SECONDS Specifies the time after which the LDAP server is considered to be permanently unavailable. Once this time is reached retries will be done only once per this time period. The default value is 10 seconds. Note that the reconnect logic as described above is the mechanism that is used between nslcd and the LDAP server. The mechanism between the NSS and PAM client libraries on one end and nslcd on the other is simpler with a fixed compiled-in time out of a 10 seconds for writing to nslcd and a time out of 60 seconds for reading answers. nslcd itself has a read time out of 0.5 seconds and a write time out of 60 seconds. <acronym>SSL</acronym>/<acronym>TLS</acronym> options on|off|start_tls Specifies whether to use SSL/TLS or not (the default is not to). If start_tls is specified then StartTLS is used rather than raw LDAP over SSL. Not all LDAP client libraries support both SSL, StartTLS and all related configuration options. never|allow|try|demand|hard Specifies what checks to perform on a server-supplied certificate. The meaning of the values is described in the ldap.conf5 manual page. At least one of and is required if peer verification is enabled. PATH Specifies the directory containing X.509 certificates for peer authentication. This parameter is ignored when using GnuTLS. On Debian OpenLDAP is linked against GnuTLS. PATH Specifies the path to the X.509 certificate for peer authentication. PATH Specifies the path to an entropy source. This parameter is ignored when using GnuTLS. On Debian OpenLDAP is linked against GnuTLS. CIPHERS Specifies the ciphers to use for TLS. See your TLS implementation's documentation for further information. PATH Specifies the path to the file containing the local certificate for client TLS authentication. PATH Specifies the path to the file containing the private key for client TLS authentication. Other options NUMBER Set this to a number greater than 0 to request paged results from the LDAP server in accordance with RFC2696. The default (0) is to not request paged results. This is useful for LDAP servers that contain a lot of entries (e.g. more than 500) and limit the number of entries that are returned with one request. For OpenLDAP servers you may need to set for allowing more entries to be returned over multiple pages. user1,user2,... This option prevents group membership lookups through LDAP for the specified users. This can be useful in case of unavailability of the LDAP server. This option may be specified multiple times. Alternatively, the value ALLLOCAL may be used. With that value nslcd builds a full list of non-LDAP users on startup. UID This option ensures that LDAP users with a numeric user id lower than the specified value are ignored. Also requests for users with a lower user id are ignored. REGEX This option can be used to specify how user and group names are verified within the system. This pattern is used to check all user and group names that are requested and returned from LDAP. The regular expression should be specified as a POSIX extended regular expression. The expression itself needs to be separated by slash (/) characters and the 'i' flag may be appended at the end to indicate that the match should be case-insensetive. The default value is /^[a-z0-9._@$][a-z0-9._@$ \\~-]*[a-z0-9._@$~-]$/i yes|no This specifies whether or not to perform searches for group, netgroup, passwd, protocols, rpc, services and shadow maps using case-insensitive matching. Setting this to yes could open up the system to authorisation vulnerabilities and introduce nscd cache poisoning vulnerabilities which allow denial of service. The default is to perform case-sensitve filtering of LDAP search results for the above maps. FILTER This option allows flexible fine tuning of the authorisation check that should be performed. The search filter specified is executed and if any entries match, access is granted, otherwise access is denied. The search filter can contain the following variable references: $username, $service, $ruser, $rhost, $tty, $hostname, $fqdn, $dn, and $uid. These references are substituted in the search filter using the same syntax as described in the section on attribute mapping expressions below. For example, to check that the user has a proper authorizedService value if the attribute is present (this almost emulates the option in PADL's pam_ldap): (&(objectClass=posixAccount)(uid=$username)(|(authorizedService=$service)(!(authorizedService=*)))) The option can be emulated with: (&(objectClass=posixAccount)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\\*))) This option may be specified multiple times and all specified searches should at least return one entry for access to be granted. "MESSAGE" If this option is set password modification using pam_ldap will be denied and the specified message will be presented to the user instead. The message can be used to direct the user to an alternative means of changing their password. Supported maps The following maps are supported. They are referenced as MAP in the options above. aliases Mail aliases. Note that most mail servers do not use the NSS interface for requesting mail aliases and parse /etc/aliases on their own. ethers Ethernet numbers (mac addresses). group Posix groups. hosts Host names. netgroup Host and user groups used for access control. networks Network numbers. passwd Posix users. protocols Protocol definitions (like in /etc/protocols). rpc Remote procedure call names and numbers. services Network service names and numbers. shadow Shadow user password information. Attribute mapping expressions For some attributes a mapping expression may be used to construct the resulting value. This is currently only possible for attributes that do not need to be used in search filters. The expressions are a subset of the double quoted string expressions in the Bourne (POSIX) shell. Instead of variable substitution, attribute lookups are done on the current entry and the attribute value is substituted. The following expressions are supported: ${attr} (or $attr for short) will substitute the value of the attribute ${attr:-word} (use default) will substitbute the value of the attribute or, if the attribute is not set or empty substitute the word ${attr:+word} (use alternative) will substitbute word if attribute is set, otherwise substitute the empty string Quote ("), dollar ($) or backslash (\) characters should be escaped with a backslash (\). The nslcd daemon checks the expressions to figure out which attributes to fetch from LDAP. Some examples to demonstrate how these expressions may be used in attribute mapping: "${shadowFlag:-0}" use the shadowFlag attribute, using the value 0 as default "${homeDirectory:-/home/$uid}" use the uid attribute to build a homeDirectory value if that attribute is missing "${isDisabled:+100}" if the isDisabled attribute is set, return 100, otherwise leave value empty Files /etc/nslcd.conf the main configuration file /etc/nsswitch.conf Name Service Switch configuration file See Also nslcd8, nsswitch.conf5 Author This manual was written by Arthur de Jong <arthur@arthurdejong.org> and is based on the nss_ldap5 manual developed by PADL Software Pty Ltd. nss-pam-ldapd-0.8.13/man/Makefile.in0000644000175000001440000004351612141445266014016 00000000000000# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am - use automake to generate Makefile.in # # Copyright (C) 2007, 2009, 2010, 2012, 2013 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA VPATH = @srcdir@ am__make_dryrun = \ { \ am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ *) \ for am__flg in $$MAKEFLAGS; do \ case $$am__flg in \ *=*|--*) ;; \ *n*) am__dry=yes; break;; \ esac; \ done;; \ esac; \ test $$am__dry = yes; \ } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ @ENABLE_PAM_TRUE@am__append_1 = $(PAM_MANS) @ENABLE_NSLCD_TRUE@am__append_2 = $(NSLCD_MANS) @ENABLE_PYNSLCD_TRUE@am__append_3 = $(PYNSLCD_MANS) @ENABLE_NSLCD_FALSE@@ENABLE_PYNSLCD_TRUE@am__append_4 = nslcd.conf.5 subdir = man DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_pthread.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } man5dir = $(mandir)/man5 am__installdirs = "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2X_MAN = @DOCBOOK2X_MAN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NSLCD_BINDPW_PATH = @NSLCD_BINDPW_PATH@ NSLCD_CONF_PATH = @NSLCD_CONF_PATH@ NSLCD_PIDFILE = @NSLCD_PIDFILE@ NSLCD_SOCKET = @NSLCD_SOCKET@ NSS_LDAP_SONAME = @NSS_LDAP_SONAME@ NSS_MODULE_OBJS = @NSS_MODULE_OBJS@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PAM_LDAP_SONAME = @PAM_LDAP_SONAME@ PAM_SECLIB_DIR = @PAM_SECLIB_DIR@ PATH_SEPARATOR = @PATH_SEPARATOR@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RELEASE_MONTH = @RELEASE_MONTH@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ nslcd_LIBS = @nslcd_LIBS@ nss_ldap_so_LDFLAGS = @nss_ldap_so_LDFLAGS@ nss_ldap_so_LINK = @nss_ldap_so_LINK@ oldincludedir = @oldincludedir@ pam_ldap_so_LDFLAGS = @pam_ldap_so_LDFLAGS@ pam_ldap_so_LINK = @pam_ldap_so_LINK@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ PAM_MANS = pam_ldap.8 NSLCD_MANS = nslcd.conf.5 nslcd.8 PYNSLCD_MANS = pynslcd.8 ALL_MANS = $(PAM_MANS) $(NSLCD_MANS) $(PYNSLCD_MANS) # figure out which manual pages to install man_MANS = $(am__append_1) $(am__append_2) $(am__append_3) \ $(am__append_4) noinst_DATA = $(ALL_MANS) EXTRA_DIST = $(ALL_MANS) $(ALL_MANS:=.xml) @GENMAN_TRUE@MAINTAINERCLEANFILES = $(ALL_MANS) @GENMAN_TRUE@SUFFIXES = .xml all: all-am .SUFFIXES: .SUFFIXES: .xml .html $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu man/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu man/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-man5: $(man_MANS) @$(NORMAL_INSTALL) @list1=''; \ list2='$(man_MANS)'; \ test -n "$(man5dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.5[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ done; } uninstall-man5: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man5dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) install-man8: $(man_MANS) @$(NORMAL_INSTALL) @list1=''; \ list2='$(man_MANS)'; \ test -n "$(man8dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.8[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man5 install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-man: uninstall-man5 uninstall-man8 .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic distclean \ distclean-generic distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-man5 install-man8 install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am uninstall uninstall-am uninstall-man \ uninstall-man5 uninstall-man8 @GENMAN_TRUE@.xml: @GENMAN_TRUE@ $(DOCBOOK2X_MAN) \ @GENMAN_TRUE@ --string-param header-3='$(RELEASE_MONTH)' \ @GENMAN_TRUE@ --string-param header-4='Version $(VERSION)' \ @GENMAN_TRUE@ --encoding=utf-8 \ @GENMAN_TRUE@ $< @GENMAN_TRUE@.xml.html: @GENMAN_TRUE@ xmlto xhtml-nochunks $< # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nss-pam-ldapd-0.8.13/man/Makefile.am0000644000175000001440000000303412137227231013767 00000000000000# Makefile.am - use automake to generate Makefile.in # # Copyright (C) 2007, 2009, 2010, 2012, 2013 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA PAM_MANS = pam_ldap.8 NSLCD_MANS = nslcd.conf.5 nslcd.8 PYNSLCD_MANS = pynslcd.8 ALL_MANS = $(PAM_MANS) $(NSLCD_MANS) $(PYNSLCD_MANS) # figure out which manual pages to install man_MANS = if ENABLE_PAM man_MANS += $(PAM_MANS) endif if ENABLE_NSLCD man_MANS += $(NSLCD_MANS) endif if ENABLE_PYNSLCD man_MANS += $(PYNSLCD_MANS) if !ENABLE_NSLCD man_MANS += nslcd.conf.5 endif endif noinst_DATA = $(ALL_MANS) EXTRA_DIST = $(ALL_MANS) $(ALL_MANS:=.xml) if GENMAN MAINTAINERCLEANFILES = $(ALL_MANS) SUFFIXES = .xml .xml: $(DOCBOOK2X_MAN) \ --string-param header-3='$(RELEASE_MONTH)' \ --string-param header-4='Version $(VERSION)' \ --encoding=utf-8 \ $< .xml.html: xmlto xhtml-nochunks $< endif nss-pam-ldapd-0.8.13/aclocal.m40000644000175000001440000013307712141445265013037 00000000000000# generated automatically by aclocal 1.11.6 -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, # 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, # Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],, [m4_warning([this file was generated for autoconf 2.69. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically `autoreconf'.])]) # Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008, 2011 Free Software # Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 1 # AM_AUTOMAKE_VERSION(VERSION) # ---------------------------- # Automake X.Y traces this macro to ensure aclocal.m4 has been # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.11' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. m4_if([$1], [1.11.6], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) # _AM_AUTOCONF_VERSION(VERSION) # ----------------------------- # aclocal traces this macro to find the Autoconf version. # This is a private macro too. Using m4_define simplifies # the logic in aclocal, which can simply ignore this definition. m4_define([_AM_AUTOCONF_VERSION], []) # AM_SET_CURRENT_AUTOMAKE_VERSION # ------------------------------- # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], [AM_AUTOMAKE_VERSION([1.11.6])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- # Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 1 # For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets # $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to # `$srcdir', `$srcdir/..', or `$srcdir/../..'. # # Of course, Automake must honor this variable whenever it calls a # tool from the auxiliary directory. The problem is that $srcdir (and # therefore $ac_aux_dir as well) can be either absolute or relative, # depending on how configure is run. This is pretty annoying, since # it makes $ac_aux_dir quite unusable in subdirectories: in the top # source directory, any form will work fine, but in subdirectories a # relative path needs to be adjusted first. # # $ac_aux_dir/missing # fails when called from a subdirectory if $ac_aux_dir is relative # $top_srcdir/$ac_aux_dir/missing # fails if $ac_aux_dir is absolute, # fails when called from a subdirectory in a VPATH build with # a relative $ac_aux_dir # # The reason of the latter failure is that $top_srcdir and $ac_aux_dir # are both prefixed by $srcdir. In an in-source build this is usually # harmless because $srcdir is `.', but things will broke when you # start a VPATH build or use an absolute $srcdir. # # So we could use something similar to $top_srcdir/$ac_aux_dir/missing, # iff we strip the leading $srcdir from $ac_aux_dir. That would be: # am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` # and then we would define $MISSING as # MISSING="\${SHELL} $am_aux_dir/missing" # This will work as long as MISSING is not called from configure, because # unfortunately $(top_srcdir) has no meaning in configure. # However there are other variables, like CC, which are often used in # configure, and could therefore not use this "fixed" $ac_aux_dir. # # Another solution, used here, is to always expand $ac_aux_dir to an # absolute PATH. The drawback is that using absolute paths prevent a # configured tree to be moved without reconfiguration. AC_DEFUN([AM_AUX_DIR_EXPAND], [dnl Rely on autoconf to set up CDPATH properly. AC_PREREQ([2.50])dnl # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` ]) # AM_CONDITIONAL -*- Autoconf -*- # Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 9 # AM_CONDITIONAL(NAME, SHELL-CONDITION) # ------------------------------------- # Define a conditional. AC_DEFUN([AM_CONDITIONAL], [AC_PREREQ(2.52)dnl ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl AC_SUBST([$1_TRUE])dnl AC_SUBST([$1_FALSE])dnl _AM_SUBST_NOTMAKE([$1_TRUE])dnl _AM_SUBST_NOTMAKE([$1_FALSE])dnl m4_define([_AM_COND_VALUE_$1], [$2])dnl if $2; then $1_TRUE= $1_FALSE='#' else $1_TRUE='#' $1_FALSE= fi AC_CONFIG_COMMANDS_PRE( [if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then AC_MSG_ERROR([[conditional "$1" was never defined. Usually this means the macro was only invoked conditionally.]]) fi])]) # Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009, # 2010, 2011 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 12 # There are a few dirty hacks below to avoid letting `AC_PROG_CC' be # written in clear, in which case automake, when reading aclocal.m4, # will think it sees a *use*, and therefore will trigger all it's # C support machinery. Also note that it means that autoscan, seeing # CC etc. in the Makefile, will ask for an AC_PROG_CC use... # _AM_DEPENDENCIES(NAME) # ---------------------- # See how the compiler implements dependency checking. # NAME is "CC", "CXX", "GCJ", or "OBJC". # We try a few techniques and use that to set a single cache variable. # # We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was # modified to invoke _AM_DEPENDENCIES(CC); we would have a circular # dependency, and given that the user is not expected to run this macro, # just rely on AC_PROG_CC. AC_DEFUN([_AM_DEPENDENCIES], [AC_REQUIRE([AM_SET_DEPDIR])dnl AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl AC_REQUIRE([AM_MAKE_INCLUDE])dnl AC_REQUIRE([AM_DEP_TRACK])dnl ifelse([$1], CC, [depcc="$CC" am_compiler_list=], [$1], CXX, [depcc="$CXX" am_compiler_list=], [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'], [$1], UPC, [depcc="$UPC" am_compiler_list=], [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'], [depcc="$$1" am_compiler_list=]) AC_CACHE_CHECK([dependency style of $depcc], [am_cv_$1_dependencies_compiler_type], [if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named `D' -- because `-MD' means `put the output # in D'. rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. cp "$am_depcomp" conftest.dir cd conftest.dir # We will build objects and dependencies in a subdirectory because # it helps to detect inapplicable dependency modes. For instance # both Tru64's cc and ICC support -MD to output dependencies as a # side effect of compilation, but ICC will put the dependencies in # the current directory while Tru64 will put them in the object # directory. mkdir sub am_cv_$1_dependencies_compiler_type=none if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` fi am__universal=false m4_case([$1], [CC], [case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac], [CXX], [case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac]) for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and # we should not choose a depcomp mode which is confused by this. # # We need to recreate these files for each test, as the compiler may # overwrite some of them when testing with obscure command lines. # This happens at least with the AIX C compiler. : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with # Solaris 8's {/usr,}/bin/sh. touch sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf # We check with `-c' and `-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly # handle `-M -o', and we need to detect this. Also, some Intel # versions had trouble with output in subdirs am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in gcc) # This depmode causes a compiler race in universal mode. test "$am__universal" = false || continue ;; nosideeffect) # after this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; msvc7 | msvc7msys | msvisualcpp | msvcmsys) # This compiler won't grok `-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} am__minus_obj= ;; none) break ;; esac if depmode=$depmode \ source=sub/conftest.c object=$am__obj \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && grep $am__obj sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. # When given -MP, icc 7.0 and 7.1 complain thusly: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported if (grep 'ignoring option' conftest.err || grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else am_cv_$1_dependencies_compiler_type=$depmode break fi fi done cd .. rm -rf conftest.dir else am_cv_$1_dependencies_compiler_type=none fi ]) AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type]) AM_CONDITIONAL([am__fastdep$1], [ test "x$enable_dependency_tracking" != xno \ && test "$am_cv_$1_dependencies_compiler_type" = gcc3]) ]) # AM_SET_DEPDIR # ------------- # Choose a directory name for dependency files. # This macro is AC_REQUIREd in _AM_DEPENDENCIES AC_DEFUN([AM_SET_DEPDIR], [AC_REQUIRE([AM_SET_LEADING_DOT])dnl AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl ]) # AM_DEP_TRACK # ------------ AC_DEFUN([AM_DEP_TRACK], [AC_ARG_ENABLE(dependency-tracking, [ --disable-dependency-tracking speeds up one-time build --enable-dependency-tracking do not reject slow dependency extractors]) if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' am__nodep='_no' fi AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) AC_SUBST([AMDEPBACKSLASH])dnl _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl AC_SUBST([am__nodep])dnl _AM_SUBST_NOTMAKE([am__nodep])dnl ]) # Generate code to set up dependency tracking. -*- Autoconf -*- # Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. #serial 5 # _AM_OUTPUT_DEPENDENCY_COMMANDS # ------------------------------ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], [{ # Autoconf 2.62 quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. case $CONFIG_FILES in *\'*) eval set x "$CONFIG_FILES" ;; *) set x $CONFIG_FILES ;; esac shift for mf do # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. # We used to match only the files named `Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. # Grep'ing the whole file is not good either: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then dirpart=`AS_DIRNAME("$mf")` else continue fi # Extract the definition of DEPDIR, am__include, and am__quote # from the Makefile without running `make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` test -z "am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` # When using ansi2knr, U may be empty or an underscore; expand it U=`sed -n 's/^U = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`AS_DIRNAME(["$file"])` AS_MKDIR_P([$dirpart/$fdir]) # echo "creating $dirpart/$file" echo '# dummy' > "$dirpart/$file" done done } ])# _AM_OUTPUT_DEPENDENCY_COMMANDS # AM_OUTPUT_DEPENDENCY_COMMANDS # ----------------------------- # This macro should only be invoked once -- use via AC_REQUIRE. # # This code is only required when automatic dependency tracking # is enabled. FIXME. This creates each `.P' file that we will # need in order to bootstrap the dependency handling code. AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AC_CONFIG_COMMANDS([depfiles], [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) ]) # Do all the work for Automake. -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, # 2005, 2006, 2008, 2009 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 16 # This macro actually does too much. Some checks are only needed if # your package does certain things. But this isn't really a big deal. # AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) # AM_INIT_AUTOMAKE([OPTIONS]) # ----------------------------------------------- # The call with PACKAGE and VERSION arguments is the old style # call (pre autoconf-2.50), which is being phased out. PACKAGE # and VERSION should now be passed to AC_INIT and removed from # the call to AM_INIT_AUTOMAKE. # We support both call styles for the transition. After # the next Automake release, Autoconf can make the AC_INIT # arguments mandatory, and then we can depend on a new Autoconf # release and drop the old call support. AC_DEFUN([AM_INIT_AUTOMAKE], [AC_PREREQ([2.62])dnl dnl Autoconf wants to disallow AM_ names. We explicitly allow dnl the ones we care about. m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl AC_REQUIRE([AC_PROG_INSTALL])dnl if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl # test to see if srcdir already configured if test -f $srcdir/config.status; then AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) fi fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi AC_SUBST([CYGPATH_W]) # Define the identity of the package. dnl Distinguish between old-style and new-style calls. m4_ifval([$2], [m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl AC_SUBST([PACKAGE], [$1])dnl AC_SUBST([VERSION], [$2])], [_AM_SET_OPTIONS([$1])dnl dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,, [m4_fatal([AC_INIT should be called with package and version arguments])])dnl AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl _AM_IF_OPTION([no-define],, [AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl # Some tools Automake needs. AC_REQUIRE([AM_SANITY_CHECK])dnl AC_REQUIRE([AC_ARG_PROGRAM])dnl AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}) AM_MISSING_PROG(AUTOCONF, autoconf) AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}) AM_MISSING_PROG(AUTOHEADER, autoheader) AM_MISSING_PROG(MAKEINFO, makeinfo) AC_REQUIRE([AM_PROG_INSTALL_SH])dnl AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl AC_REQUIRE([AM_PROG_MKDIR_P])dnl # We need awk for the "check" target. The system "awk" is bad on # some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl _AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], [_AM_PROG_TAR([v7])])]) _AM_IF_OPTION([no-dependencies],, [AC_PROVIDE_IFELSE([AC_PROG_CC], [_AM_DEPENDENCIES(CC)], [define([AC_PROG_CC], defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl AC_PROVIDE_IFELSE([AC_PROG_CXX], [_AM_DEPENDENCIES(CXX)], [define([AC_PROG_CXX], defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJC], [_AM_DEPENDENCIES(OBJC)], [define([AC_PROG_OBJC], defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl ]) _AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl dnl The `parallel-tests' driver may need to know about EXEEXT, so add the dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro dnl is hooked onto _AC_COMPILER_EXEEXT early, see below. AC_CONFIG_COMMANDS_PRE(dnl [m4_provide_if([_AM_COMPILER_EXEEXT], [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl ]) dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion. Do not dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further dnl mangled by Autoconf and run in a shell conditional statement. m4_define([_AC_COMPILER_EXEEXT], m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) # When config.status generates a header, we must update the stamp-h file. # This file resides in the same directory as the config header # that is generated. The stamp files are numbered to have different names. # Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the # loop where config.status creates the headers, so we can generate # our stamp files there. AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], [# Compute $1's index in $config_headers. _am_arg=$1 _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in $_am_arg | $_am_arg:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) # Copyright (C) 2001, 2003, 2005, 2008, 2011 Free Software Foundation, # Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 1 # AM_PROG_INSTALL_SH # ------------------ # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl if test x"${install_sh}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; *) install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi AC_SUBST(install_sh)]) # Copyright (C) 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 2 # Check whether the underlying file-system supports filenames # with a leading dot. For instance MS-DOS doesn't. AC_DEFUN([AM_SET_LEADING_DOT], [rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null AC_SUBST([am__leading_dot])]) # Add --enable-maintainer-mode option to configure. -*- Autoconf -*- # From Jim Meyering # Copyright (C) 1996, 1998, 2000, 2001, 2002, 2003, 2004, 2005, 2008, # 2011 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 5 # AM_MAINTAINER_MODE([DEFAULT-MODE]) # ---------------------------------- # Control maintainer-specific portions of Makefiles. # Default is to disable them, unless `enable' is passed literally. # For symmetry, `disable' may be passed as well. Anyway, the user # can override the default with the --enable/--disable switch. AC_DEFUN([AM_MAINTAINER_MODE], [m4_case(m4_default([$1], [disable]), [enable], [m4_define([am_maintainer_other], [disable])], [disable], [m4_define([am_maintainer_other], [enable])], [m4_define([am_maintainer_other], [enable]) m4_warn([syntax], [unexpected argument to AM@&t@_MAINTAINER_MODE: $1])]) AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) dnl maintainer-mode's default is 'disable' unless 'enable' is passed AC_ARG_ENABLE([maintainer-mode], [ --][am_maintainer_other][-maintainer-mode am_maintainer_other make rules and dependencies not useful (and sometimes confusing) to the casual installer], [USE_MAINTAINER_MODE=$enableval], [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes])) AC_MSG_RESULT([$USE_MAINTAINER_MODE]) AM_CONDITIONAL([MAINTAINER_MODE], [test $USE_MAINTAINER_MODE = yes]) MAINT=$MAINTAINER_MODE_TRUE AC_SUBST([MAINT])dnl ] ) AU_DEFUN([jm_MAINTAINER_MODE], [AM_MAINTAINER_MODE]) # Check to see how 'make' treats includes. -*- Autoconf -*- # Copyright (C) 2001, 2002, 2003, 2005, 2009 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 4 # AM_MAKE_INCLUDE() # ----------------- # Check to see how make treats includes. AC_DEFUN([AM_MAKE_INCLUDE], [am_make=${MAKE-make} cat > confinc << 'END' am__doit: @echo this is the am__doit target .PHONY: am__doit END # If we don't find an include directive, just comment out the code. AC_MSG_CHECKING([for style of include used by $am_make]) am__include="#" am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf # Ignore all kinds of additional output from `make'. case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=include am__quote= _am_result=GNU ;; esac # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=.include am__quote="\"" _am_result=BSD ;; esac fi AC_SUBST([am__include]) AC_SUBST([am__quote]) AC_MSG_RESULT([$_am_result]) rm -f confinc confmf ]) # Copyright (C) 1999, 2000, 2001, 2003, 2004, 2005, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 6 # AM_PROG_CC_C_O # -------------- # Like AC_PROG_CC_C_O, but changed for automake. AC_DEFUN([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC_C_O])dnl AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([compile])dnl # FIXME: we rely on the cache variable name because # there is no other way. set dummy $CC am_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']` eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o if test "$am_t" != yes; then # Losing compiler, so override with the script. # FIXME: It is wrong to rewrite CC. # But if we don't then we get into trouble of one sort or another. # A longer-term fix would be to have automake use am__CC in this case, # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" CC="$am_aux_dir/compile $CC" fi dnl Make sure AC_PROG_CC is never called again, or it will override our dnl setting of CC. m4_define([AC_PROG_CC], [m4_fatal([AC_PROG_CC cannot be called after AM_PROG_CC_C_O])]) ]) # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- # Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 6 # AM_MISSING_PROG(NAME, PROGRAM) # ------------------------------ AC_DEFUN([AM_MISSING_PROG], [AC_REQUIRE([AM_MISSING_HAS_RUN]) $1=${$1-"${am_missing_run}$2"} AC_SUBST($1)]) # AM_MISSING_HAS_RUN # ------------------ # Define MISSING if not defined so far and test if it supports --run. # If it does, set am_missing_run to use it, otherwise, to nothing. AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([missing])dnl if test x"${MISSING+set}" != xset; then case $am_aux_dir in *\ * | *\ *) MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; *) MISSING="\${SHELL} $am_aux_dir/missing" ;; esac fi # Use eval to expand $SHELL if eval "$MISSING --run true"; then am_missing_run="$MISSING --run " else am_missing_run= AC_MSG_WARN([`missing' script is too old or missing]) fi ]) # Copyright (C) 2003, 2004, 2005, 2006, 2011 Free Software Foundation, # Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 1 # AM_PROG_MKDIR_P # --------------- # Check for `mkdir -p'. AC_DEFUN([AM_PROG_MKDIR_P], [AC_PREREQ([2.60])dnl AC_REQUIRE([AC_PROG_MKDIR_P])dnl dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P, dnl while keeping a definition of mkdir_p for backward compatibility. dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile. dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of dnl Makefile.ins that do not define MKDIR_P, so we do our own dnl adjustment using top_builddir (which is defined more often than dnl MKDIR_P). AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl case $mkdir_p in [[\\/$]]* | ?:[[\\/]]*) ;; */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; esac ]) # Helper functions for option handling. -*- Autoconf -*- # Copyright (C) 2001, 2002, 2003, 2005, 2008, 2010 Free Software # Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 5 # _AM_MANGLE_OPTION(NAME) # ----------------------- AC_DEFUN([_AM_MANGLE_OPTION], [[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) # _AM_SET_OPTION(NAME) # -------------------- # Set option NAME. Presently that only means defining a flag for this option. AC_DEFUN([_AM_SET_OPTION], [m4_define(_AM_MANGLE_OPTION([$1]), 1)]) # _AM_SET_OPTIONS(OPTIONS) # ------------------------ # OPTIONS is a space-separated list of Automake options. AC_DEFUN([_AM_SET_OPTIONS], [m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) # _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) # ------------------------------------------- # Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) # Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2009, # 2011 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 2 # AM_PATH_PYTHON([MINIMUM-VERSION], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) # --------------------------------------------------------------------------- # Adds support for distributing Python modules and packages. To # install modules, copy them to $(pythondir), using the python_PYTHON # automake variable. To install a package with the same name as the # automake package, install to $(pkgpythondir), or use the # pkgpython_PYTHON automake variable. # # The variables $(pyexecdir) and $(pkgpyexecdir) are provided as # locations to install python extension modules (shared libraries). # Another macro is required to find the appropriate flags to compile # extension modules. # # If your package is configured with a different prefix to python, # users will have to add the install directory to the PYTHONPATH # environment variable, or create a .pth file (see the python # documentation for details). # # If the MINIMUM-VERSION argument is passed, AM_PATH_PYTHON will # cause an error if the version of python installed on the system # doesn't meet the requirement. MINIMUM-VERSION should consist of # numbers and dots only. AC_DEFUN([AM_PATH_PYTHON], [ dnl Find a Python interpreter. Python versions prior to 2.0 are not dnl supported. (2.0 was released on October 16, 2000). m4_define_default([_AM_PYTHON_INTERPRETER_LIST], [python python2 python3 python3.2 python3.1 python3.0 python2.7 dnl python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0]) AC_ARG_VAR([PYTHON], [the Python interpreter]) m4_if([$1],[],[ dnl No version check is needed. # Find any Python interpreter. if test -z "$PYTHON"; then AC_PATH_PROGS([PYTHON], _AM_PYTHON_INTERPRETER_LIST, :) fi am_display_PYTHON=python ], [ dnl A version check is needed. if test -n "$PYTHON"; then # If the user set $PYTHON, use it and don't search something else. AC_MSG_CHECKING([whether $PYTHON version >= $1]) AM_PYTHON_CHECK_VERSION([$PYTHON], [$1], [AC_MSG_RESULT(yes)], [AC_MSG_ERROR(too old)]) am_display_PYTHON=$PYTHON else # Otherwise, try each interpreter until we find one that satisfies # VERSION. AC_CACHE_CHECK([for a Python interpreter with version >= $1], [am_cv_pathless_PYTHON],[ for am_cv_pathless_PYTHON in _AM_PYTHON_INTERPRETER_LIST none; do test "$am_cv_pathless_PYTHON" = none && break AM_PYTHON_CHECK_VERSION([$am_cv_pathless_PYTHON], [$1], [break]) done]) # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON. if test "$am_cv_pathless_PYTHON" = none; then PYTHON=: else AC_PATH_PROG([PYTHON], [$am_cv_pathless_PYTHON]) fi am_display_PYTHON=$am_cv_pathless_PYTHON fi ]) if test "$PYTHON" = :; then dnl Run any user-specified action, or abort. m4_default([$3], [AC_MSG_ERROR([no suitable Python interpreter found])]) else dnl Query Python for its version number. Getting [:3] seems to be dnl the best way to do this; it's what "site.py" does in the standard dnl library. AC_CACHE_CHECK([for $am_display_PYTHON version], [am_cv_python_version], [am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[[:3]])"`]) AC_SUBST([PYTHON_VERSION], [$am_cv_python_version]) dnl Use the values of $prefix and $exec_prefix for the corresponding dnl values of PYTHON_PREFIX and PYTHON_EXEC_PREFIX. These are made dnl distinct variables so they can be overridden if need be. However, dnl general consensus is that you shouldn't need this ability. AC_SUBST([PYTHON_PREFIX], ['${prefix}']) AC_SUBST([PYTHON_EXEC_PREFIX], ['${exec_prefix}']) dnl At times (like when building shared libraries) you may want dnl to know which OS platform Python thinks this is. AC_CACHE_CHECK([for $am_display_PYTHON platform], [am_cv_python_platform], [am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`]) AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform]) dnl Set up 4 directories: dnl pythondir -- where to install python scripts. This is the dnl site-packages directory, not the python standard library dnl directory like in previous automake betas. This behavior dnl is more consistent with lispdir.m4 for example. dnl Query distutils for this directory. AC_CACHE_CHECK([for $am_display_PYTHON script directory], [am_cv_python_pythondir], [if test "x$prefix" = xNONE then am_py_prefix=$ac_default_prefix else am_py_prefix=$prefix fi am_cv_python_pythondir=`$PYTHON -c "import sys; from distutils import sysconfig; sys.stdout.write(sysconfig.get_python_lib(0,0,prefix='$am_py_prefix'))" 2>/dev/null` case $am_cv_python_pythondir in $am_py_prefix*) am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` ;; *) case $am_py_prefix in /usr|/System*) ;; *) am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages ;; esac ;; esac ]) AC_SUBST([pythondir], [$am_cv_python_pythondir]) dnl pkgpythondir -- $PACKAGE directory under pythondir. Was dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is dnl more consistent with the rest of automake. AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE]) dnl pyexecdir -- directory for installing python extension modules dnl (shared libraries) dnl Query distutils for this directory. AC_CACHE_CHECK([for $am_display_PYTHON extension module directory], [am_cv_python_pyexecdir], [if test "x$exec_prefix" = xNONE then am_py_exec_prefix=$am_py_prefix else am_py_exec_prefix=$exec_prefix fi am_cv_python_pyexecdir=`$PYTHON -c "import sys; from distutils import sysconfig; sys.stdout.write(sysconfig.get_python_lib(1,0,prefix='$am_py_exec_prefix'))" 2>/dev/null` case $am_cv_python_pyexecdir in $am_py_exec_prefix*) am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` ;; *) case $am_py_exec_prefix in /usr|/System*) ;; *) am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages ;; esac ;; esac ]) AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir]) dnl pkgpyexecdir -- $(pyexecdir)/$(PACKAGE) AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE]) dnl Run any user-specified action. $2 fi ]) # AM_PYTHON_CHECK_VERSION(PROG, VERSION, [ACTION-IF-TRUE], [ACTION-IF-FALSE]) # --------------------------------------------------------------------------- # Run ACTION-IF-TRUE if the Python interpreter PROG has version >= VERSION. # Run ACTION-IF-FALSE otherwise. # This test uses sys.hexversion instead of the string equivalent (first # word of sys.version), in order to cope with versions such as 2.2c1. # This supports Python 2.0 or higher. (2.0 was released on October 16, 2000). AC_DEFUN([AM_PYTHON_CHECK_VERSION], [prog="import sys # split strings by '.' and convert to numeric. Append some zeros # because we need at least 4 digits for the hex conversion. # map returns an iterator in Python 3.0 and a list in 2.x minver = list(map(int, '$2'.split('.'))) + [[0, 0, 0]] minverhex = 0 # xrange is not present in Python 3.0 and range returns an iterator for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]] sys.exit(sys.hexversion < minverhex)" AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])]) # Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 1 # AM_RUN_LOG(COMMAND) # ------------------- # Run COMMAND, save the exit status in ac_status, and log it. # (This has been adapted from Autoconf's _AC_RUN_LOG macro.) AC_DEFUN([AM_RUN_LOG], [{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD (exit $ac_status); }]) # Check to make sure that the build environment is sane. -*- Autoconf -*- # Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 5 # AM_SANITY_CHECK # --------------- AC_DEFUN([AM_SANITY_CHECK], [AC_MSG_CHECKING([whether build environment is sane]) # Just in case sleep 1 echo timestamp > conftest.file # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' ' case `pwd` in *[[\\\"\#\$\&\'\`$am_lf]]*) AC_MSG_ERROR([unsafe absolute working directory name]);; esac case $srcdir in *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);; esac # Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$[*]" = "X"; then # -L didn't work. set X `ls -t "$srcdir/configure" conftest.file` fi rm -f conftest.file if test "$[*]" != "X $srcdir/configure conftest.file" \ && test "$[*]" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken alias in your environment]) fi test "$[2]" = conftest.file ) then # Ok. : else AC_MSG_ERROR([newly created file is older than distributed files! Check your system clock]) fi AC_MSG_RESULT(yes)]) # Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 1 # AM_PROG_INSTALL_STRIP # --------------------- # One issue with vendor `install' (even GNU) is that you can't # specify the program used to strip binaries. This is especially # annoying in cross-compiling environments, where the build's strip # is unlikely to handle the host's binaries. # Fortunately install-sh will honor a STRIPPROG variable, so we # always use install-sh in `make install-strip', and initialize # STRIPPROG with the value of the STRIP variable (set by the user). AC_DEFUN([AM_PROG_INSTALL_STRIP], [AC_REQUIRE([AM_PROG_INSTALL_SH])dnl # Installed binaries are usually stripped using `strip' when the user # run `make install-strip'. However `strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the `STRIP' environment variable to overrule this program. dnl Don't test for $cross_compiling = yes, because it might be `maybe'. if test "$cross_compiling" != no; then AC_CHECK_TOOL([STRIP], [strip], :) fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) # Copyright (C) 2006, 2008, 2010 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 3 # _AM_SUBST_NOTMAKE(VARIABLE) # --------------------------- # Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. # This macro is traced by Automake. AC_DEFUN([_AM_SUBST_NOTMAKE]) # AM_SUBST_NOTMAKE(VARIABLE) # -------------------------- # Public sister of _AM_SUBST_NOTMAKE. AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- # Copyright (C) 2004, 2005, 2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 2 # _AM_PROG_TAR(FORMAT) # -------------------- # Check how to create a tarball in format FORMAT. # FORMAT should be one of `v7', `ustar', or `pax'. # # Substitute a variable $(am__tar) that is a command # writing to stdout a FORMAT-tarball containing the directory # $tardir. # tardir=directory && $(am__tar) > result.tar # # Substitute a variable $(am__untar) that extract such # a tarball read from stdin. # $(am__untar) < result.tar AC_DEFUN([_AM_PROG_TAR], [# Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AC_SUBST([AMTAR], ['$${TAR-tar}']) m4_if([$1], [v7], [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], [m4_case([$1], [ustar],, [pax],, [m4_fatal([Unknown tar format])]) AC_MSG_CHECKING([how to create a $1 tar archive]) # Loop over all known methods to create a tar archive until one works. _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' _am_tools=${am_cv_prog_tar_$1-$_am_tools} # Do not fold the above two line into one, because Tru64 sh and # Solaris sh will not grok spaces in the rhs of `-'. for _am_tool in $_am_tools do case $_am_tool in gnutar) for _am_tar in tar gnutar gtar; do AM_RUN_LOG([$_am_tar --version]) && break done am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' am__untar="$_am_tar -xf -" ;; plaintar) # Must skip GNU tar: if it does not support --format= it doesn't create # ustar tarball either. (tar --version) >/dev/null 2>&1 && continue am__tar='tar chf - "$$tardir"' am__tar_='tar chf - "$tardir"' am__untar='tar xf -' ;; pax) am__tar='pax -L -x $1 -w "$$tardir"' am__tar_='pax -L -x $1 -w "$tardir"' am__untar='pax -r' ;; cpio) am__tar='find "$$tardir" -print | cpio -o -H $1 -L' am__tar_='find "$tardir" -print | cpio -o -H $1 -L' am__untar='cpio -i -H $1 -d' ;; none) am__tar=false am__tar_=false am__untar=false ;; esac # If the value was cached, stop now. We just wanted to have am__tar # and am__untar set. test -n "${am_cv_prog_tar_$1}" && break # tar/untar a dummy directory, and stop if the command works rm -rf conftest.dir mkdir conftest.dir echo GrepMe > conftest.dir/file AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) rm -rf conftest.dir if test -s conftest.tar; then AM_RUN_LOG([$am__untar /dev/null 2>&1 && break fi done rm -rf conftest.dir AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) AC_MSG_RESULT([$am_cv_prog_tar_$1])]) AC_SUBST([am__tar]) AC_SUBST([am__untar]) ]) # _AM_PROG_TAR m4_include([m4/ax_pthread.m4]) nss-pam-ldapd-0.8.13/README0000644000175000001440000003730112036031301012031 00000000000000 nss-pam-ldapd - NSS and PAM libraries for name lookups and authentication using LDAP nss-pam-ldapd started as nss-ldapd which was a fork from nss_ldap which was originally written by Luke Howard of PADL Software Pty Ltd. In 2006 Arthur de Jong of West Consuling forked the library to split it into a thin NSS part and a server part. Most of the code was rewritten. The software was renamed to nss-pam-ldapd when PAM code contributed by Howard Chu for the OpenLDAP nssov module was integrated. Solaris compatibility was developed by Ted C. Cheng of Symas Corporation. http://arthurdejong.org/nss-pam-ldapd/ Copyright (C) 1997-2006 Luke Howard Copyright (C) 2006-2007 West Consulting Copyright (C) 2006-2012 Arthur de Jong Copyright (C) 2009 Howard Chu Copyright (C) 2010 Symas Corporation This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA INTRODUCTION ============ This is the nss-pam-ldapd library which consists of an NSS module to do name lookups to an LDAP directory server and a PAM module to do authentication to an LDAP server. The NSS part of this library was forked from nss_ldap as provided by Luke Howard of PADL Software Pty Ltd. The PAM module was mostly provided by Howard Chu of the OpenLDAP project. The NSS library allows distributing account, group, host and other configuration information from a central LDAP server. Because LDAP is a hierarchical directory service, information can be organised in a manner which reflects an organisational structure. This contrasts with the flat, single domain policy of NIS. LDAP has many of the advantages of NIS+ (security and scalability) without the complexity. The system will work alongside your existing NIS, NIS+, DNS and flat file name services. The PAM library (module) can be used to perform authentication based on information inside the LDAP directory. Both libraries consist of a thin NSS or PAM part that proxies the requests to a local daemon (nslcd) that handles the LDAP lookups. This simplifies the software architecture and fixes some scalability and locking problems in the original design of nss_ldap. It is also possible to use the thin NSS and PAM modules together with the nssov overlay in the OpenLDAP server (slapd). The three parts (NSS module, PAM module, and nslcd server) can be built separately and are not srtongly tied together. This means that for instance you can still use pam_ldap and use the NSS module from nss-pam-ldapd or use an alternative implementation of nslcd (for instance with the nssov slapd overlay or the pynslcd implementation). improvements over nss_ldap -------------------------- The fork from nss_ldap was done to implement some major design changes to fix some structural problems in the library. One of those problems were host name lookups through LDAP which could cause deadlocks. Another is that nss_ldpa loaded an SSL library into an executable that may not be designed to load it (e.g. problem with suid applications). A number of refactoring steps were done to simplify the code and improve maintainability. Legacy code was removed and support for non-Linux operating systems was initially removed to make the code more readable. Portability was re-added after the refactoring. The most practical improvements over nss_ldap are: - the LDAP library is not loaded for every process doing LDAP lookups - the number of connections to the LDAP server is limited, because not every process will open it's own connection - hostname lookups should now be deadlock-free because the LDAP server name is no longer looked up using the ldap method - avoid problems with TLS connections in suid binaries and other process-local configuration - the setup is easier to debug because logging on the server component can be enabled without affecting running processes - unavailability timeouts are global instead of per-process comparison to pam_ldap ---------------------- The PAM module that is currently implemented contains functionality for authentication, account management, password management and session management. The nslcd daemon currently implements authentication, authorisation and password modification. The OpenLDAP nssov overlay also implements session functionality. supported C libraries (for NSS module) -------------------------------------- This library currently supports the GNU C Library, the Solaris C library and the FreeBSD C library. supported name databases ------------------------ Currently the following name databases are supported: aliases, ethers, group, hosts, netgroup, networks, passwd, protocols, rpc, services and shadow Note that for when using IPv6 hosts entries, the addresses in the LDAP directory must be in their preferred form. The same is true for mac addresses for the ethers database. Otherwise the address to entry lookups will not work. For more details on the preferred form see http://ldap.akbkhome.com/index.php/attribute/ipHostNumber.html and http://ldap.akbkhome.com/index.php/attribute/macAddress.html automounter map lookups (which are also defined in /etc/nsswitch.conf) are not supported because the NSS interface is not used for these. The common autofs implementation (on GNU/Linux) currently uses it's own method for getting the maps from LDAP. Although mail aliases are exposed through NSS, most mail servers parse /etc/aliases by themselves and getting aliases from LDAP requires some configuration in the mail server. The publickey, bootparams and netmasks are currently unsupported. Some investigation should be done if these are needed for anything, which interfaces should be exported and how the LDAP schema part should look like. supported PAM implementation ---------------------------- The PAM module is currently only regularly tested on Linux PAM but other PAM implementations should also work. supported LDAP libraries ------------------------ The current version of nss-pam-ldapd has been developed with OpenLDAP 2.4 but other LDAP libraries and older versions of OpenLDAP may also work. unsupported features -------------------- Since nss-pam-ldapd was forked from nss_ldap most of the features that came with nss_ldap are available. The most important differences: - the configuration file formats are not fully compatible - nested groups are currently unsupported - rootbinddn/rootbindpw support is removed and is not likely to return For the PAM module some functionality is missing. Comparing it to pam_ldap: - only BIND authentication is supported - only LDAP password modify EXOP is supported as password changing mechanism - LDAP password policy is currently unsupported Some things work a little different in nss-pam-ldapd. For instance the attribute defaults and overrides of nss_ldap are implemented with mapping expressions and pam_ldap's pam_check_*_attr options can be implemented with the pam_authz_search option. INSTALLATION ============ The nss-pam-ldapd library uses autoconf and automake for building. Installing nss-pam-ldapd should be as simple as: % ./configure % make % make install It is a good idea to first go through the options of configure by running: % ./configure --help The last step (make install) should install the libnss_ldap.so.* and pam_ldap.so files and the daemon (nslcd). The proper location of the NSS and PAM modules are guessed. The boot process needs to be modified to start the nslcd daemon at the right time. It is recommended to create a dedicated user for the nslcd daemon. Configure this user in /etc/nslcd.conf using the uid and gid options. CONFIGURATION ============= After installation, the name service switch configuration file (/etc/nsswitch.conf) needs to be modified to do name lookups using the new module. This consist mostly of adding ldap in the list of lookup methods in the right place. See the nsswitch.conf(5) manual page for details on the format. As an example the file could look a little like this: # the following contain normal unix user and group information passwd: files ldap group: files ldap shadow: files ldap # hostname lookups through ldap before dns should work now hosts: files ldap dns networks: files ldap # normal flat-file definitions protocols: files ldap services: files ldap ethers: files ldap rpc: files ldap netgroup: ldap # whether alias lookups really use NSS depends on the mail server aliases: files ldap Configuring PAM differs a little from platform to platform but this is a minimal set-up for files under /etc/pam.d: auth sufficient pam_unix.so auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_ldap.so account required pam_permit.so session required pam_unix.so session optional pam_ldap.so password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so try_first_pass password required pam_deny.so Lastly, a configuration file for nslcd (by default /etc/nslcd.conf) needs to be made. See the shipped manual page for details on the format and options. It should at the very least contain something like: # the location of LDAP server uri ldap://localhost/ # search base for all queries. base dc=example,dc=net service discovery through DNS ----------------------------- nss-pam-ldapd supports looking up LDAP server names through DNS SRV records as specified in RFC 2782. However, Priority and Weight are not considered separately and a single list of servers in added as if they had been specified with uri options in the configuration file. To use this feature specify DNS as an uri in the configuration file and include something like the following in your zone: _ldap._tcp SRV 10 0 389 ldapserver LDAP SCHEMA =========== nss-pam-ldapd supports a wide range of possible LDAP schema configurations and it can be customized heavily. The LDAP schema used is described in RFC 2307. Groups using the member attribute that hold distinguished names (RFC 2307bis) are also supported (but see group membership below for more information). default attributes ------------------ This paragraph describes the mapping between the NSS lookups and the LDAP database. The mapping may be modified by changing the nslcd.conf configuration file. See the nslcd.conf(5) manual page for details. aliases (objectClass=nisMailAlias) cn - alias name rfc822MailMember - members of the alias (recipients) ethers (objectClass=ieee802Device) cn - host name macAddress - ethernet address group (objectClass=posixGroup) cn - group name userPassword - password (by default mapped to "*") gidNumber - gid memberUid - members (user names) member - members (DN values) hosts (objectClass=ipHost) cn - host name (and aliases) ipHostNumber - addresses netgroup (objectClass=nisNetgroup) cn - netgroup name nisNetgroupTriple - triplets describing netgroup entries memberNisNetgroup - reference to other netgroup networks (objectClass=ipNetwork) cn - network name ipNetworkNumber - network address passwd (objectClass=posixAccount) uid - account name userPassword - password (by default mapped to "*") uidNumber - uid gidNumber - gid gecos - gecos homeDirectory - home directory loginShell - shell protocols (objectClass=ipProtocol) cn - protocol name ipProtocolNumber - protocol number rpc (oncRpc) cn - rpc name oncRpcNumber - rpc number services (objectClass=ipService) cn - service name ipServicePort - service port ipServiceProtocol - service protocol shadow (objectClass=shadowAccount) uid - use name userPassword - password shadowLastChange - date of last password change shadowMin - days before password may be changed again shadowMax - days after which password must be changed shadowWarning - days before max password age to present a warning shadowInactive - days after max password age that account is disabled shadowExpire - account expiration date shadowFlag - reserved field using Microsoft Active Directory -------------------------------- When using Microsoft Active Directory server some changes need to be made to the nslcd.conf configuration file. The included sample configuration file has some commented out attribute mappings for such a set-up. group membership ---------------- Currently, two ways of specifying group membership are supported. The first, by using the memberUid attribute, is the simplest and by far the fastest (takes the least number of lookups). This attribute maps to user names with the same values as the uid attribute would hold for posixAccount entries. The second method is to use DN values in the member attribute (attribute names can be changed by using the attribute mapping options as described in the manual page). This is potentially a lot slower because in the worst case every DN has to be looked up in the LDAP server to find the proper value for the uid attribute. If the DN value already contains a uid value (e.g. uid=arthur, dc=example, dc=com) the lookup is skipped and the value from the DN is used. A cache is maintained that saves the DN to uid translations for 15 minutes. Currently, having nested groups by member values pointing to other groups, as well as the memberOf attribute in posixAccount entries are unsupported. case sensitivity ---------------- Most values in NSS databases are considered case-sensitive (e.g. the user "Foo" is a different user from the user "foo"). Most values in an LDAP database are however considered case-insensitive. nss-pam-ldapd tries to solve this problem by adding an extra filtering layer to ensure that when looking for the user "foo" it will not consider a user "Foo" that is found in LDAP. For the group, netgroup, passwd, protocols, rpc, services and shadow maps the matches will be checked case-sensitively and for aliases, ethers, hosts and networks matches will be case-insensitive (this seems to be what Glibc is doing currently in flat files). Only searching for groups by user is done case-insensitive. In all cases the case-use in the LDAP directory is returned. This behaviour can be disabled with the ignorecase configuration option but may be a security risk. Note that having entries that only differ in case is a bad idea and will likely get you in trouble. One example of such a problem is that the DN uid=test,dc=example,dc=com is considered the same in LDAP as uid=TEST,dc=example,dc=com. REPORTING BUGS ============== If you find any bugs or missing features please send email to nss-pam-ldapd-users@lists.arthurdejong.org If you are using a packaged version of nss-pam-ldapd you are encouraged to use the distributor's bug tracking system. Please include as much information as possible (platform, output of configure if compilation fails, error messages, output of nslcd -d, etc). Patches are more than welcome (also see the file HACKING). nss-pam-ldapd-0.8.13/nslcd.h0000644000175000001440000002510412137303543012437 00000000000000/* nslcd.h - file describing client/server protocol Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012, 2013 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef _NSLCD_H #define _NSLCD_H 1 /* The protocol used between the nslcd client and server is a simple binary protocol. It is request/response based where the client initiates a connection, does a single request and closes the connection again. Any mangled or not understood messages will be silently ignored by the server. A request looks like: INT32 NSLCD_VERSION INT32 NSLCD_ACTION_* [request parameters if any] A response looks like: INT32 NSLCD_VERSION INT32 NSLCD_ACTION_* (the original request type) [result(s)] INT32 NSLCD_RESULT_END A single result entry looks like: INT32 NSLCD_RESULT_BEGIN [result value(s)] If a response would return multiple values (e.g. for NSLCD_ACTION_*_ALL functions) each return value will be preceded by a NSLCD_RESULT_BEGIN value. After the last returned result the server sends NSLCD_RESULT_END. If some error occurs (e.g. LDAP server unavailable, error in the request, etc) the server terminates the connection to signal an error condition (breaking the protocol). These are the available basic data types: INT32 - 32-bit integer value TYPE - a typed field that is transferred using sizeof() STRING - a string length (32bit) followed by the string value (not null-terminted) the string itself is assumed to be UTF-8 STRINGLIST - a 32-bit number noting the number of strings followed by the strings one at a time Furthermore the ADDRESS compound data type is defined as: INT32 type of address: e.g. AF_INET or AF_INET6 INT32 lenght of address RAW the address itself in network byte order With the ADDRESSLIST using the same construct as with STRINGLIST. The protocol uses host-byte order for all types (except in the raw address above). */ /* The current version of the protocol. Note that version 1 is experimental and this version will be used until a 1.0 release of nss-pam-ldapd is made. */ #define NSLCD_VERSION 1 /* Get a NSLCD configuration option. There is one request parameter: INT32 NSLCD_CONFIG_* the result value is: STRING value, interpretation depending on request */ #define NSLCD_ACTION_CONFIG_GET 20006 /* return the message, if any, that is presented to the user when password modification through PAM is prohibited */ #define NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE 852 /* Email alias (/etc/aliases) NSS requests. The result values for a single entry are: STRING alias name STRINGLIST alias rcpts */ #define NSLCD_ACTION_ALIAS_BYNAME 4001 #define NSLCD_ACTION_ALIAS_ALL 4002 /* Ethernet address/name mapping NSS requests. The result values for a single entry are: STRING ether name TYPE(uint8_t[6]) ether address */ #define NSLCD_ACTION_ETHER_BYNAME 3001 #define NSLCD_ACTION_ETHER_BYETHER 3002 #define NSLCD_ACTION_ETHER_ALL 3005 /* Group and group membership related NSS requests. The result values for a single entry are: STRING group name STRING group password TYPE(gid_t) group id STRINGLIST members (usernames) of the group (not that the BYMEMER call returns an emtpy members list) */ #define NSLCD_ACTION_GROUP_BYNAME 5001 #define NSLCD_ACTION_GROUP_BYGID 5002 #define NSLCD_ACTION_GROUP_BYMEMBER 5003 #define NSLCD_ACTION_GROUP_ALL 5004 /* Hostname (/etc/hosts) lookup NSS requests. The result values for an entry are: STRING host name STRINGLIST host aliases ADDRESSLIST host addresses */ #define NSLCD_ACTION_HOST_BYNAME 6001 #define NSLCD_ACTION_HOST_BYADDR 6002 #define NSLCD_ACTION_HOST_ALL 6005 /* Netgroup NSS request return a number of results. Result values can be either a reference to another netgroup: INT32 NSLCD_NETGROUP_TYPE_NETGROUP STRING other netgroup name or a netgroup triple: INT32 NSLCD_NETGROUP_TYPE_TRIPLE STRING host STRING user STRING domain */ #define NSLCD_ACTION_NETGROUP_BYNAME 12001 #define NSLCD_NETGROUP_TYPE_NETGROUP 123 #define NSLCD_NETGROUP_TYPE_TRIPLE 456 /* Network name (/etc/networks) NSS requests. Result values for a single entry are: STRING network name STRINGLIST network aliases ADDRESSLIST network addresses */ #define NSLCD_ACTION_NETWORK_BYNAME 8001 #define NSLCD_ACTION_NETWORK_BYADDR 8002 #define NSLCD_ACTION_NETWORK_ALL 8005 /* User account (/etc/passwd) NSS requests. Result values are: STRING user name STRING user password TYPE(uid_t) user id TYPE(gid_t) group id STRING gecos information STRING home directory STRING login shell */ #define NSLCD_ACTION_PASSWD_BYNAME 1001 #define NSLCD_ACTION_PASSWD_BYUID 1002 #define NSLCD_ACTION_PASSWD_ALL 1004 /* Protocol information requests. Result values are: STRING protocol name STRINGLIST protocol aliases INT32 protocol number */ #define NSLCD_ACTION_PROTOCOL_BYNAME 9001 #define NSLCD_ACTION_PROTOCOL_BYNUMBER 9002 #define NSLCD_ACTION_PROTOCOL_ALL 9003 /* RPC information requests. Result values are: STRING rpc name STRINGLIST rpc aliases INT32 rpc number */ #define NSLCD_ACTION_RPC_BYNAME 10001 #define NSLCD_ACTION_RPC_BYNUMBER 10002 #define NSLCD_ACTION_RPC_ALL 10003 /* Service (/etc/services) information requests. The BYNAME and BYNUMBER requests contain an extra protocol string in the request which, if not blank, will filter the services by this protocol. Result values are: STRING service name STRINGLIST service aliases INT32 service (port) number STRING service protocol */ #define NSLCD_ACTION_SERVICE_BYNAME 11001 #define NSLCD_ACTION_SERVICE_BYNUMBER 11002 #define NSLCD_ACTION_SERVICE_ALL 11005 /* Extended user account (/etc/shadow) information requests. Result values for a single entry are: STRING user name STRING user password INT32 last password change INT32 mindays INT32 maxdays INT32 warn INT32 inact INT32 expire INT32 flag */ #define NSLCD_ACTION_SHADOW_BYNAME 2001 #define NSLCD_ACTION_SHADOW_ALL 2005 /* PAM-related requests. The request parameters for all these requests begin with: STRING user name STRING DN (if value is known already, otherwise empty) STRING service name all requests, except the SESSION requests start the result value with: STRING user name (cannonical name) STRING DN (can be used to speed up requests) Some functions may return an authorisation message. This message, if supplied will be used by the PAM module instead of a message that is generated by the PAM module itself. */ /* PAM authentication check request. The extra request values are: STRING password and the result value ends with: INT32 authc NSLCD_PAM_* result code INT32 authz NSLCD_PAM_* result code STRING authorisation error message If the username is empty in this request an attempt is made to authenticate as the administrator (set using rootpwmoddn). The returned DN is that of the administrator. */ #define NSLCD_ACTION_PAM_AUTHC 20001 /* PAM authorisation check request. The extra request values are: STRING ruser STRING rhost STRING tty and the result value ends with: INT32 authz NSLCD_PAM_* result code STRING authorisation error message */ #define NSLCD_ACTION_PAM_AUTHZ 20002 /* PAM session open and close requests. These requests have the following extra request values: STRING tty STRING rhost STRING ruser INT32 session id (ignored for SESS_O) and these calls only return the session ID: INT32 session id The SESS_C must contain the ID that is retured by SESS_O to close the correct session. */ #define NSLCD_ACTION_PAM_SESS_O 20003 #define NSLCD_ACTION_PAM_SESS_C 20004 /* PAM password modification request. This requests has the following extra request values: STRING old password STRING new password and returns there extra result values: INT32 authz NSLCD_PAM_* result code STRING authorisation error message In this request the DN may be set to the administrator's DN. In this case old password should be the administrator's password. This allows the administrator to change any user's password. */ #define NSLCD_ACTION_PAM_PWMOD 20005 /* Request result codes. */ #define NSLCD_RESULT_BEGIN 0 #define NSLCD_RESULT_END 3 /* Partial list of PAM result codes. */ #define NSLCD_PAM_SUCCESS 0 /* everything ok */ #define NSLCD_PAM_PERM_DENIED 6 /* Permission denied */ #define NSLCD_PAM_AUTH_ERR 7 /* Authc failure */ #define NSLCD_PAM_CRED_INSUFFICIENT 8 /* Cannot access authc data */ #define NSLCD_PAM_AUTHINFO_UNAVAIL 9 /* Cannot retrieve authc info */ #define NSLCD_PAM_USER_UNKNOWN 10 /* User not known */ #define NSLCD_PAM_MAXTRIES 11 /* Retry limit reached */ #define NSLCD_PAM_NEW_AUTHTOK_REQD 12 /* Password expired */ #define NSLCD_PAM_ACCT_EXPIRED 13 /* Account expired */ #define NSLCD_PAM_SESSION_ERR 14 /* Cannot make/remove session record */ #define NSLCD_PAM_AUTHTOK_ERR 20 /* Authentication token manipulation error */ #define NSLCD_PAM_AUTHTOK_DISABLE_AGING 23 /* Password aging disabled */ #define NSLCD_PAM_IGNORE 25 /* Ignore module */ #define NSLCD_PAM_ABORT 26 /* Fatal error */ #define NSLCD_PAM_AUTHTOK_EXPIRED 27 /* authentication token has expired */ #endif /* not _NSLCD_H */ nss-pam-ldapd-0.8.13/missing0000755000175000001440000002415212141433521012557 00000000000000#! /bin/sh # Common stub for a few missing GNU programs while installing. scriptversion=2012-01-06.13; # UTC # Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006, # 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. # Originally by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. if test $# -eq 0; then echo 1>&2 "Try \`$0 --help' for more information" exit 1 fi run=: sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p' sed_minuso='s/.* -o \([^ ]*\).*/\1/p' # In the cases where this matters, `missing' is being run in the # srcdir already. if test -f configure.ac; then configure_ac=configure.ac else configure_ac=configure.in fi msg="missing on your system" case $1 in --run) # Try to run requested program, and just exit if it succeeds. run= shift "$@" && exit 0 # Exit code 63 means version mismatch. This often happens # when the user try to use an ancient version of a tool on # a file that requires a minimum version. In this case we # we should proceed has if the program had been absent, or # if --run hadn't been passed. if test $? = 63; then run=: msg="probably too old" fi ;; -h|--h|--he|--hel|--help) echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an error status if there is no known handling for PROGRAM. Options: -h, --help display this help and exit -v, --version output version information and exit --run try to run the given command, and emulate it if it fails Supported PROGRAM values: aclocal touch file \`aclocal.m4' autoconf touch file \`configure' autoheader touch file \`config.h.in' autom4te touch the output file, or create a stub one automake touch all \`Makefile.in' files bison create \`y.tab.[ch]', if possible, from existing .[ch] flex create \`lex.yy.c', if possible, from existing .c help2man touch the output file lex create \`lex.yy.c', if possible, from existing .c makeinfo touch the output file yacc create \`y.tab.[ch]', if possible, from existing .[ch] Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and \`g' are ignored when checking the name. Send bug reports to ." exit $? ;; -v|--v|--ve|--ver|--vers|--versi|--versio|--version) echo "missing $scriptversion (GNU Automake)" exit $? ;; -*) echo 1>&2 "$0: Unknown \`$1' option" echo 1>&2 "Try \`$0 --help' for more information" exit 1 ;; esac # normalize program name to check for. program=`echo "$1" | sed ' s/^gnu-//; t s/^gnu//; t s/^g//; t'` # Now exit if we have it, but it failed. Also exit now if we # don't have it and --version was passed (most likely to detect # the program). This is about non-GNU programs, so use $1 not # $program. case $1 in lex*|yacc*) # Not GNU programs, they don't have --version. ;; *) if test -z "$run" && ($1 --version) > /dev/null 2>&1; then # We have it, but it failed. exit 1 elif test "x$2" = "x--version" || test "x$2" = "x--help"; then # Could not run --version or --help. This is probably someone # running `$TOOL --version' or `$TOOL --help' to check whether # $TOOL exists and not knowing $TOOL uses missing. exit 1 fi ;; esac # If it does not exist, or fails to run (possibly an outdated version), # try to emulate it. case $program in aclocal*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`acinclude.m4' or \`${configure_ac}'. You might want to install the \`Automake' and \`Perl' packages. Grab them from any GNU archive site." touch aclocal.m4 ;; autoconf*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`${configure_ac}'. You might want to install the \`Autoconf' and \`GNU m4' packages. Grab them from any GNU archive site." touch configure ;; autoheader*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`acconfig.h' or \`${configure_ac}'. You might want to install the \`Autoconf' and \`GNU m4' packages. Grab them from any GNU archive site." files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` test -z "$files" && files="config.h" touch_files= for f in $files; do case $f in *:*) touch_files="$touch_files "`echo "$f" | sed -e 's/^[^:]*://' -e 's/:.*//'`;; *) touch_files="$touch_files $f.in";; esac done touch $touch_files ;; automake*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. You might want to install the \`Automake' and \`Perl' packages. Grab them from any GNU archive site." find . -type f -name Makefile.am -print | sed 's/\.am$/.in/' | while read f; do touch "$f"; done ;; autom4te*) echo 1>&2 "\ WARNING: \`$1' is needed, but is $msg. You might have modified some files without having the proper tools for further handling them. You can get \`$1' as part of \`Autoconf' from any GNU archive site." file=`echo "$*" | sed -n "$sed_output"` test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` if test -f "$file"; then touch $file else test -z "$file" || exec >$file echo "#! /bin/sh" echo "# Created by GNU Automake missing as a replacement of" echo "# $ $@" echo "exit 0" chmod +x $file exit 1 fi ;; bison*|yacc*) echo 1>&2 "\ WARNING: \`$1' $msg. You should only need it if you modified a \`.y' file. You may need the \`Bison' package in order for those modifications to take effect. You can get \`Bison' from any GNU archive site." rm -f y.tab.c y.tab.h if test $# -ne 1; then eval LASTARG=\${$#} case $LASTARG in *.y) SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` if test -f "$SRCFILE"; then cp "$SRCFILE" y.tab.c fi SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` if test -f "$SRCFILE"; then cp "$SRCFILE" y.tab.h fi ;; esac fi if test ! -f y.tab.h; then echo >y.tab.h fi if test ! -f y.tab.c; then echo 'main() { return 0; }' >y.tab.c fi ;; lex*|flex*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified a \`.l' file. You may need the \`Flex' package in order for those modifications to take effect. You can get \`Flex' from any GNU archive site." rm -f lex.yy.c if test $# -ne 1; then eval LASTARG=\${$#} case $LASTARG in *.l) SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` if test -f "$SRCFILE"; then cp "$SRCFILE" lex.yy.c fi ;; esac fi if test ! -f lex.yy.c; then echo 'main() { return 0; }' >lex.yy.c fi ;; help2man*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified a dependency of a manual page. You may need the \`Help2man' package in order for those modifications to take effect. You can get \`Help2man' from any GNU archive site." file=`echo "$*" | sed -n "$sed_output"` test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` if test -f "$file"; then touch $file else test -z "$file" || exec >$file echo ".ab help2man is required to generate this page" exit $? fi ;; makeinfo*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified a \`.texi' or \`.texinfo' file, or any other file indirectly affecting the aspect of the manual. The spurious call might also be the consequence of using a buggy \`make' (AIX, DU, IRIX). You might want to install the \`Texinfo' package or the \`GNU make' package. Grab either from any GNU archive site." # The file to touch is that specified with -o ... file=`echo "$*" | sed -n "$sed_output"` test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` if test -z "$file"; then # ... or it is the one specified with @setfilename ... infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` file=`sed -n ' /^@setfilename/{ s/.* \([^ ]*\) *$/\1/ p q }' $infile` # ... or it is derived from the source name (dir/f.texi becomes f.info) test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info fi # If the file does not exist, the user really needs makeinfo; # let's fail without touching anything. test -f $file || exit 1 touch $file ;; *) echo 1>&2 "\ WARNING: \`$1' is needed, and is $msg. You might have modified some files without having the proper tools for further handling them. Check the \`README' file, it often tells you about the needed prerequisites for installing this package. You may also peek at any GNU archive site, in case some other package would contain this missing \`$1' program." exit 1 ;; esac exit 0 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: nss-pam-ldapd-0.8.13/py-compile0000755000175000001440000001040012141433522013154 00000000000000#!/bin/sh # py-compile - Compile a Python program scriptversion=2011-06-08.12; # UTC # Copyright (C) 2000, 2001, 2003, 2004, 2005, 2008, 2009, 2011 Free # Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # This file is maintained in Automake, please report # bugs to or send patches to # . if [ -z "$PYTHON" ]; then PYTHON=python fi me=py-compile usage_error () { echo "$me: $*" >&2 echo "Try \`$me --help' for more information." >&2 exit 1 } basedir= destdir= while test $# -ne 0; do case "$1" in --basedir) if test $# -lt 2; then usage_error "option '--basedir' requires an argument" else basedir=$2 fi shift ;; --destdir) if test $# -lt 2; then usage_error "option '--destdir' requires an argument" else destdir=$2 fi shift ;; -h|--help) cat <<\EOF Usage: py-compile [--help] [--version] [--basedir DIR] [--destdir DIR] FILES..." Byte compile some python scripts FILES. Use --destdir to specify any leading directory path to the FILES that you don't want to include in the byte compiled file. Specify --basedir for any additional path information you do want to be shown in the byte compiled file. Example: py-compile --destdir /tmp/pkg-root --basedir /usr/share/test test.py test2.py Report bugs to . EOF exit $? ;; -v|--version) echo "$me $scriptversion" exit $? ;; --) shift break ;; -*) usage_error "unrecognized option '$1'" ;; *) break ;; esac shift done files=$* if test -z "$files"; then usage_error "no files given" fi # if basedir was given, then it should be prepended to filenames before # byte compilation. if [ -z "$basedir" ]; then pathtrans="path = file" else pathtrans="path = os.path.join('$basedir', file)" fi # if destdir was given, then it needs to be prepended to the filename to # byte compile but not go into the compiled file. if [ -z "$destdir" ]; then filetrans="filepath = path" else filetrans="filepath = os.path.normpath('$destdir' + os.sep + path)" fi $PYTHON -c " import sys, os, py_compile files = '''$files''' sys.stdout.write('Byte-compiling python modules...\n') for file in files.split(): $pathtrans $filetrans if not os.path.exists(filepath) or not (len(filepath) >= 3 and filepath[-3:] == '.py'): continue sys.stdout.write(file) sys.stdout.flush() py_compile.compile(filepath, filepath + 'c', path) sys.stdout.write('\n')" || exit $? # this will fail for python < 1.5, but that doesn't matter ... $PYTHON -O -c " import sys, os, py_compile files = '''$files''' sys.stdout.write('Byte-compiling python modules (optimized versions) ...\n') for file in files.split(): $pathtrans $filetrans if not os.path.exists(filepath) or not (len(filepath) >= 3 and filepath[-3:] == '.py'): continue sys.stdout.write(file) sys.stdout.flush() py_compile.compile(filepath, filepath + 'o', path) sys.stdout.write('\n')" 2>/dev/null || : # Local Variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: nss-pam-ldapd-0.8.13/TODO0000644000175000001440000000270712051461240011651 00000000000000* write more unit tests * add sanity checking code (e.g. not too large buffer allocation and checking that host, user, etc do not contain funky characters) in all server modules * log some statistics: "passwd=100 shadow=10 host=20 rpc=10" (10 req/minute) * add an option to create an extra socket somewhere (so it may be used in chroot jails) * make I/O timeout between NSS lib and daemon configurable with configure * protocols/rpc: the description attribute should be used as an alias? * maybe rate-limit LDAP entry warnings * setnetgrent() may need to return an error if the netgroup is undefined * handle repeated calls to getent() better (see http://bugzilla.padl.com/show_bug.cgi?id=376) * make it possible to start nslcd real early in the boot process and have it become available when it determines it can (other timeout/retry mechanism on startup) * implement requesting and handling password policy information when binding as a user (see pam_ldap) * implement nested groups * implement other services in nslcd: sudo and autofs are candidates * complete pynslcd implementation * implement chsh and chfn in nslcd PAM code and make chsh.ldap and chfn.ldap binaries * have nslcd flush the nscd caches when reconnecting to the LDAP server after an error * add a max uid option for PAM module * support changing Samba password attributes on password change * while running NSS tests, check if nscd isn't running * implement keepalives on the LDAP connection nss-pam-ldapd-0.8.13/ChangeLog-20080000644000175000001440000007521111431514475013334 000000000000002008-12-15 arthur * [r806] man/nss-ldapd.conf.5.xml: add a note about permissions of configfile when bindpw is used 2008-12-06 arthur * [r805] man/nss-ldapd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/myldap.c, nss-ldapd.conf: rename the tls_checkpeer option to tls_reqcert, deprecating the old name and supporting all options that OpenLDAP supports for that value 2008-12-03 arthur * [r804] nslcd/common.c, tests/test_common.c: allow backslashes in names execpt as first or last character * [r803] configure.ac, nslcd/nslcd.c: clean the environment and set LDAPNOINIT to disable parsing of LDAP configfiles (.ldaprc, /etc/ldap/ldap.conf, etc) 2008-11-29 arthur * [r802] nslcd/myldap.c: use tls_* options also for StartTLS connections * [r801] man/nss-ldapd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h: remove sslpath option because it wasn't used for anything * [r800] debian/changelog: add missing pound sign 2008-11-14 arthur * [r798] ChangeLog, NEWS, configure.ac, debian/changelog, man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for 0.6.7 release 2008-11-13 arthur * [r797] debian/libnss-ldapd.templates: also leave out empty Default line for libnss-ldapd/ldap-binddn * [r796] debian/libnss-ldapd.config, debian/libnss-ldapd.templates: set debconf values from the environment only when they are empty or if configfile is present to fix installation problem 2008-11-11 arthur * [r795] debian/libnss-ldapd.postinst: any output should go to stderr to not confuse debconf 2008-11-04 arthur * [r793] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for 0.6.6 release * [r792] NEWS: some spelling fixes * [r791] man/nss-ldapd.conf.5.xml: update manual page with current timeout numbers 2008-11-01 arthur * [r790] debian/libnss-ldapd.postrm: fail on errors 2008-10-31 arthur * [r789] debian/libnss-ldapd.postinst: check for existance of init script instead of daemon 2008-10-01 arthur * [r788] nslcd/common.c: also allow spaces in user and group names because it was causing problems in some environments 2008-09-24 arthur * [r787] nslcd/myldap.c: also retry if ldap_result() failed and getting error number returned LDAP_SUCCESS * [r786] nslcd/myldap.c: log option name instead of option value for ldap_set_option() value * [r785] debian/control: clarify relationship to nss_ldap in package description 2008-08-22 arthur * [r783] ChangeLog, NEWS, configure.ac, debian/changelog, man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for 0.6.5 release 2008-08-07 arthur * [r782] debian/copyright, debian/po/da.po: updated Danish (da) translation of debconf templates by Jonas Smedegaard * [r781] debian/po/sv.po: updated Swedish (sv) translation of debconf templates by Martin Ågren 2008-07-20 arthur * [r778] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for 0.6.4 release * [r777] nslcd/cfg.c: rename get_base_from_dse() to get_base_from_rootdse() * [r776] nslcd/cfg.c: make the get_base_from_dse() function cleaner and add a comment describing the function * [r775] man/nss-ldapd.conf.5.xml, nslcd/cfg.c: implement looking up search base in DSE of LDAP server * [r774] tests/test_nsscmds.sh: reflect change in test LDAP setup 2008-07-10 arthur * [r773] nslcd/myldap.c: LDAP_OPT_X_TLS_REQUIRE_CERT is not a boolean 2008-06-21 arthur * [r772] README: small change to documentation * [r771] nss-ldapd.conf: further improvements to Active Directory filters and attribute mappings by Petter Reinholdtsen 2008-06-17 arthur * [r770] nslcd/cfg.c, nslcd/myldap.c: replace https:// by ldaps:// (stupid typo) * [r769] nss-ldapd.conf: Active Directory sample configuration improvement by Jelmer Jaarsma 2008-06-15 arthur * [r767] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for 0.6.3 release * [r766] Makefile.am, debian/libnss-ldapd.lintian-overrides, debian/rules: lintian override seems to be no longer necessary * [r765] debian/control: upgrade to standards-version 3.8.0 (no changes needed) * [r764] debian/libnss-ldapd.nslcd.init: create /var/run/nslcd directory with owner nslcd:nslcd by default so nslcd can remove socket and pidfile at exit * [r763] nslcd/nslcd.c: give pidfile and socket creation functions more logical names 2008-06-14 arthur * [r762] AUTHORS, configure.ac, man/nss-ldapd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/myldap.c: implement SASL authentication based on a patch by Dan White * [r761] man/nss-ldapd.conf.5.xml: make formatting of manual page options consistent 2008-06-13 arthur * [r760] tests, tests/Makefile.am, tests/test_common.c: add some very basic tests for the isvalidname() function * [r759] nslcd/common.c, nslcd/common.h, nslcd/group.c, nslcd/passwd.c: combine isvalidusername() and isvalidgroupname() into isvalidname() because they are similar enough and we just want to check to see if it is a reasonable name (e.g. not a DN) 2008-06-12 arthur * [r758] common/tio.c: restore the old writing code which masks SIGPIPE on platforms that can't use send() * [r757] nslcd/cfg.c: don't perform SSL/TLS sanity checks if it isn't available on the platform * [r756] tests: ignore test_getpeercred 2008-06-11 arthur * [r755] tests: ignore core files * [r754] tests/test_getpeercred.c: remove test socket at end of test 2008-06-06 arthur * [r753] compat/getpeercred.c: use the cr_ prefix when getting a xucred struct (needed for kfreebsd) * [r752] tests/Makefile.am, tests/test_getpeercred.c: implement a very basic test for getpeercred() * [r751] nslcd/cfg.c: remove warning on using ssl option * [r750] nslcd/cfg.c: check that all URLs start with https:// if "ssl on" is specified * [r749] nslcd/myldap.c: also set TLS options if an ldaps:// URL is specified * [r748] debian/control: add dependency on adduser as required by the previous commit * [r747] debian/libnss-ldapd.postinst: create a nslcd user in postinst and ensure that it is used by default * [r746] man/nss-ldapd.conf.5.xml: add uid and gid options to manual page * [r745] nslcd/cfg.c, nslcd/cfg.h, nslcd/nslcd.c: add uid and gid configuration keywords that set the user id and group id of the running nslcd process * [r744] nslcd/nslcd.c: environ is defined in unistd.h * [r743] nslcd/nslcd.c, nss/common.c: increase write buffer size in nslcd to free up threads earlier and increase timeout for nslcd to nss communication to one minute (at both places) * [r742] common/dict.c, compat/ether.c, nslcd/group.c, nslcd/myldap.c, nslcd/passwd.c, tests/test_tio.c: miscellaneous portability improvements 2008-05-18 arthur * [r741] TODO: from a review of glibc 2.3.6 code it shows that strerror() is only non-threadsafe in some very unlikely circumstances 2008-05-17 arthur * [r740] common/tio.c: use send() with a flag to ignore SIGPIPE instead of write() so we don't have to muck with signal handlers 2008-05-16 arthur * [r739] nslcd/log.c, nslcd/log.h, nslcd/nslcd.c: include a random string in every log message to be able to group log messages for a single request * [r738] common/tio.c, nslcd/myldap.c: add sanity checks to sleep calls to never sleep too long (problems could occur when the clock moves backwards) * [r737] nss/group.c: remove comment about limitation that has now been removed * [r736] nss/common.c: grow the read buffer maximum size to 2Mbyte to allow for groups with about 150000 members maximum 2008-05-15 arthur * [r735] README: add some documentation on supported group to member mappings * [r734] nslcd/myldap.h: improve documentation for myldap_get_rdn_value() function 2008-05-11 arthur * [r733] nslcd/myldap.c: close the connection and retry the search (once) if the search fails with the first call to myldap_get_entry() (starting a search doesn't always give an error when the connection has been broken) * [r732] nslcd/myldap.c: split retry mechanism of myldap_search() into a new do_retry_search() function * [r731] nslcd/myldap.c: allocate the search memory region in myldap_search() instead of in do_try_search() and have the latter return an LDAP status code * [r730] nslcd/myldap.c: also allow closing of searches that no longer have a valid connection and integrate myldap_search_free() into myldap_search_close() 2008-05-04 arthur * [r728] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for 0.6.2 release * [r727] HACKING, README: some documentation cleanups and updates * [r726] tests/test_nslcd_group.c: add some tests for isvalidgroupname() * [r725] man/nss-ldapd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/nslcd.c: make number of threads configurable with the threads keyword * [r724] nslcd/myldap.h: add reference to note about thread-safeness of OpenLDAP * [r723] nslcd/nslcd.c: fix copyright year 2008-05-03 arthur * [r722] nslcd/passwd.c: implement a cache for dn2uid() lookups that saves some time doing LDAP searches for groups with a lot of members, based on a patch by Petter Reinholdtsen * [r721] debian/libnss-ldapd.nslcd.init: add soft dependency on slapd, simplify network and file system dependencies and add reverse dependencies on some common daemons that may want to do NSS lookups 2008-05-02 arthur * [r720] nss/netgroup.c, nss/prototypes.h: remove checking for first entry and always return NSS_STATUS_RETURN when no more data is available in the netgroup (this has the side effect of not returning NSS_STATUS_NOTFOUND for non-existing netgroups but seems to be what other NSS modules do) to properly handle empty netgroups * [r719] tests, tests/Makefile.am, tests/test_nslcd_group.c: add file for testing nslcd/group.c * [r718] tests/Makefile.am: don't even compile the test programs on make check * [r717] tests/Makefile.am: don't compile test code on every build and fix LDADD lists to include correct objects * [r716] nslcd/cfg.c, nslcd/cfg.h, nslcd/myldap.c: only support tls-related options if LDAP library supports TLS, only add rebind code if ldap_set_rebind_proc() is found and only set LDAP_X_OPT_CONNECT_TIMEOUT if that option is supported 2008-05-01 arthur * [r715] nslcd/myldap.c: support ranged attribute values * [r714] nss/common.h: fix comment of return value of NSS_STATUS_TRYAGAIN * [r713] tests/test_myldap.c: fix a warning * [r712] tests/test_myldap.c: ensure that filter_get_var() and filter_get_var() return non-NULL to enable parsing of config file with attribute mapping and filter settings and use base from config file 2008-04-29 arthur * [r711] man/nss-ldapd.conf.5.xml: make language about pagesize option a little clearer 2008-04-27 arthur * [r710] nslcd/cfg.c: support the case where an attribute mapping variable is NULL 2008-04-26 arthur * [r709] nslcd/myldap.c: also close the LDAP connection on LDAP_SERVER_DOWN (besides LDAP_UNAVAILABLE) * [r708] man/nss-ldapd.conf.5.xml, nss/common.c: increase time out values because now nslcd will error out more quickly if the LDAP server is known to be unavailable * [r707] nslcd/nslcd.c: spelling fix in comment * [r706] man/nss-ldapd.conf.5.xml: some spelling fixes and a clarification of the retry mechanism * [r705] nslcd/cfg.c: fix log message of incorrect map statement * [r704] nslcd/passwd.c: make log message a little more descriptive * [r703] configure.ac: fix quote in comment * [r702] nslcd/myldap.c: ensure that the connection to the LDAP server is closed whenever any of the ldap_*() functions return LDAP_UNAVAILABLE 2008-04-25 arthur * [r701] man/nss-ldapd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/myldap.c, tests/nss-ldapd-test.conf, tests/test_cfg.c, tests/test_myldap.c: implement new timing mechanism for retries to quickly fail lookups to LDAP server that have been failing for some time, removing the reconnect_tries option and giving reconnect_sleeptime and reconnect_maxsleeptime options a new meaning * [r700] tests/test_myldap.c: include missing include * [r699] tests/test_myldap.c: ignore SIGPIPE in myldap tests * [r698] tests/test_myldap.c: fix assert to be test instead of assignment * [r697] tests/test_myldap.c, tests/test_myldap.sh: have the binary look up the file name and only use the shell script wrapper to determine if LDAP server is available * [r696] compat/ether.h: fix typos in references to HAVE_ETHER_NTOA_R and HAVE_ETHER_ATON_R macros 2008-04-23 arthur * [r695] tests/test_nsscmds.sh: fix order of members in group in tests because of new hashing dict (maybe we should fix the script instead to always sort members properly) * [r694] common/dict.c: fix problem where first item in the hashtable could be returned twice while looping * [r693] tests/test_dict.c: add test for problem with duplicate entries being returned while looping over results * [r692] nslcd/passwd.c: don't issue warning when myldap_get_entry() returns NULL and LDAP_SUCCESS 2008-04-21 arthur * [r691] common/dict.c: allocate room for key string just after entry to save on calls to malloc() and make it simpler 2008-04-20 arthur * [r690] nslcd/group.c, nslcd/passwd.c: fix tests for valid user and group names * [r689] nslcd/common.h, nslcd/group.c, nslcd/passwd.c: add checks for valid user and group names in incoming requests and for data returned from LDAP * [r688] nslcd/group.c: only support uniqueMember containing DN values * [r687] nslcd/group.c: fix warning message to not refer to alias * [r686] nslcd/myldap.c: make warning message more verbose, fix comment and don't try to store empty results 2008-04-19 arthur * [r685] debian/libnss-ldapd.config: only guess the searchbase if the value doesn't seem to be preseeded (based on a patch by Petter Reinholdtsen ) * [r684] common/dict.c: fix wrapping and indenting of comments * [r683] nslcd/group.c: correctly call set_free() instead of free() * [r682] nslcd/group.c: use the new set data structure to gather the group members * [r681] common/Makefile.am, common/set.c, common/set.h, tests, tests/Makefile.am, tests/test_set.c: implement a set that uses the dict module as back-end * [r680] common/dict.c: implement new dict module that uses a hashtable which is around 40 times faster for large (around 2000) entries but with around 40% more memory used * [r679] tests/Makefile.am, tests/test_dict.c, tests/usernames.txt: some new tests for the dictionary module * [r678] nslcd/passwd.c: add test for emtpy DN 2008-04-18 arthur * [r677] nslcd/myldap.c: instead of using the dict module to build a cache just store the values in an fixed-sized array because no more than 9 attributes are currently retrieved from an entry and we never retrieve the same value more than once (so the cache is useless) 2008-04-17 arthur * [r676] common/dict.h: add note about freed values * [r675] common/dict.c, common/dict.h, nslcd/myldap.c, tests/test_dict.c: change dict_values_first() and dict_values_next() into dict_loop_first() and dict_loop_next() to have a looping mechanism over keys and values 2008-04-13 arthur * [r674] tests/nss-ldapd-test.conf: remote hopefully last reference to rootbind{dn,pw} 2008-04-06 arthur * [r673] nslcd/common.h: return values of dn2uid() and uid2dn() should always be used * [r672] nslcd/group.c: properly handle the case where dn2uid() couldn't do a DN->uid lookup * [r670] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for 0.6.1 release * [r669] config.guess, config.sub: include updated files 2008-04-05 arthur * [r668] AUTHORS: include Petter Reinholdtsen for reporting many bugs and even some fixes * [r667] debian/libnss-ldapd.postinst: handle case where value contains spaces properly * [r666] debian/libnss-ldapd.postinst: support having a binddn set without a bindpw * [r665] debian/libnss-ldapd.config: fix typo in comment * [r664] debian/libnss-ldapd.config, debian/libnss-ldapd.postinst, debian/libnss-ldapd.templates, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fr.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po: remove rootbind{dn,pw} options from packaging because the options are not likely to be implemented in the future * [r663] nslcd/common.h, nslcd/group.c, nslcd/passwd.c: fix member->group searches by also searching for DN in uniqueMember attribute * [r662] nslcd/log.c: make log line a little bigger to properly log more search filters * [r661] nslcd/nslcd.c: only return shadow entries to root users * [r660] nss/group.c: correctly implement buffer handling in _nss_ldap_initgroups_dyn() to grow buffer when needed, check limits and handle extra group parameter (had a closer look at nis-initgroups.c) * [r659] tests/test_nsscmds.sh: no problem to shout a little with failed tests * [r658] nss/group.c: properly check the limit (as seen in nis-initgroups.c) * [r657] nslcd/shadow.c: partial support for reading AD date format for pwdLastSet attribute * [r656] nslcd/myldap.c: split closing of LDAP session to separate funtion to invalidate running searches always and closes connection if setting up search failed * [r655] tests/test_group.c: use a larger buffer for group membership results * [r654] tests/test_myldap.c: check that the last myldap_get_entry() returned success 2008-04-04 arthur * [r653] README, man/nss-ldapd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, nslcd/myldap.c, nss-ldapd.conf: remove code that handles special cases when calling as root (removing rootbinddn, rootbindpw, rootuse_sasl and rootsasl_authid options) * [r652] nslcd/myldap.c: revert r628 (using ldap_str2dn() instead of ldap_explode_r?dn()) for now to make this compile on older versions of OpenLDAP * [r651] man/nss-ldapd.conf.5.xml: add some more documentation to the pagesize option 2008-04-02 arthur * [r650] debian/libnss-ldapd.nslcd.init: make start not fail if nslcd is already running and stop not fail if it wasn't running before 2008-03-30 arthur * [r649] nss-ldapd.conf: some fixes to the configuration when using Active Directory (provided by Petter Reinholdtsen ) * [r648] configure.ac, nslcd/myldap.c: only define and use do_sasl_interact() if we have a sasl library * [r647] compat/attrs.h: make test for compiler versions simpler and per used attribute 2008-03-29 arthur * [r646] HACKING, README: add contact information on reporting bugs and contributing patches * [r645] HACKING: add some more notes about the design and direction I want to go in 2008-03-28 arthur * [r644] nslcd/myldap.c: don't warn about problems retreiving the objectClass from en entry 2008-03-27 arthur * [r643] nslcd/group.c: fix a problem where the newly allocated storage by realloc() wasn't used (thanks to Petter Reinholdtsen for the patch) 2008-03-16 arthur * [r642] debian/libnss-ldapd.config, debian/libnss-ldapd.postinst: comment out all rootbind{dn,pw} code as to not copy those directives because they are unsupported * [r641] debian/libnss-ldapd.config: use tail instead of head to avoid conflicts becase nss_ldap seems to pick up the last option in the file * [r640] debian/libnss-ldapd.config: handle the case where an option is defined multiple times 2008-03-06 arthur * [r639] AUTHORS, debian/copyright, debian/po/es.po: updated Spanish (es) translation of debconf templates by Rudy Godoy Guillén 2008-03-04 arthur * [r638] AUTHORS, debian/po/nl.po: updated Dutch (nl) translation of debconf templates by Bart Cornelis 2008-02-19 arthur * [r637] README: some updates to reflect recent changes * [r636] man/Makefile.am: have a better way to specify the manual page rule 2008-02-15 arthur * [r635] common/tio.c: split out the flushing of the buffers to separate functions and see if we can flush some data from the buffer if it is overflowing before growing the buffer * [r634] nslcd/myldap.c: add StartTLS support by Ralf Haferkamp * [r633] nslcd/myldap.c: pass URI to do_bind() to make it work with do_rebind() and use that URI (thanks Ralf Haferkamp ) * [r632] tests/test_myldap.c: add tests for myldap_get_rdn_value() and myldap_cpy_rdn_value() 2008-02-12 arthur * [r631] configure.ac: make using implicit function definitions an error * [r630] common/tio.c, common/tio.h, nslcd/nslcd.c, nss/common.c, tests/test_tio.c: implement resizable I/O buffers and tune buffer sizes to normal requests * [r629] common/tio.c: always allocate the read and write buffers and make the struct tio_buffer inline in struct tio_fileinfo 2008-02-10 arthur * [r628] nslcd/myldap.c: replace the calls to ldap_explode_dn() and ldap_explode_rdn() with a call to ldap_str2dn() resulting in much simpler code 2008-02-08 arthur * [r627] nslcd/cfg.c: only support "dns" and "domain" values on platforms with the necessary functions available * [r626] nslcd/ether.c: don't define struct ether_addr here, it was moved to compat/ether.h 2008-02-04 arthur * [r625] nslcd/myldap.c: make some changes to allow it to compile on more platforms * [r624] compat/Makefile.am, compat/ether.c, compat/ether.h, configure.ac, nslcd/ether.c: provide replacements for ether_aton_r() and ether_ntoa_r() for platforms that don't have them * [r623] configure.ac, nslcd/nslcd.c: only call __nss_configure_lookup() if it is available, if it isn't the platform is out of luck * [r622] nslcd/myldap.h: defined LDAP_SCOPE_DEFAULT it's not defined elsewhere * [r621] nslcd/nslcd.c: fix missing casts * [r620] nslcd/nslcd.c: actually include the compat header files when needed 2008-02-03 arthur * [r618] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for 0.6 release * [r617] configure.ac: also check for sasl2 library * [r616] tests/test_myldap.c, tests/test_nsscmds.sh: add tests for new LDAP lookups * [r615] nslcd/attmap.c, nslcd/attmap.h, nslcd/group.c: support the uniqueMember LDAP attribute that holds DN values (they are translated with dn2uid() from passwd.c) * [r614] debian/libnss-ldapd.postinst, debian/libnss-ldapd.postrm, debian/rules: don't use dh_makeshlibs any more because we don't need the shlibs file; call ldconfig from maintainer scripts ourselves * [r613] debian/rules: install the NSS library under /lib instead of /usr/lib to make it easyer to unmount /usr if it's on a separate filesystem 2008-02-02 arthur * [r612] debian/rules: don't pass options to configure which are not used * [r611] configure.ac: remove --with-ngroups option because it isn't used * [r610] nslcd/common.h, nslcd/passwd.c: implement a dn2uid() function to transform a DN into a username (looking inside the DN or doing an LDAP lookup if neede) * [r609] nslcd/myldap.c, nslcd/myldap.h: implement myldap_cpy_rdn_value() function to copy rdn value into a buffer (functionality like myldap_get_rdn_value()) * [r608] nslcd/myldap.c: log and otherwise ignore errors in ldap_parse_page_control() * [r607] nslcd/myldap.c: fix copy-pasto * [r606] nslcd/myldap.c: don't request paging when doing a search with scope base and ignore errors of ldap_create_page_control() * [r605] nslcd/myldap.c: reset LDAP error flag if ldap_get_values() returned an error because some LDAP functions don't do this correctly 2008-02-01 arthur * [r604] nslcd/myldap.c: have proper checks and logs of all ldap operations * [r603] tests/test_group.c: enable _nss_ldap_initgroups_dyn() test because it's working now * [r602] nslcd-common.h: fix buffer size debug message * [r601] nss/common.h, nss/hosts.c, nss/netgroup.c, nss/networks.c: do not set errno (and h_errno) if we got the last entry from get*ent() (this apparently is needed by coreutils' id and groups commands) * [r600] tests/Makefile.am: pagectrl module has moved * [r599] tests/test_nsscmds.sh: test for hugegroup * [r598] tests/test_nsscmds.sh: the groups command no longer lists the username * [r597] nss/common.c, nss/common.h, nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c: remove the nslcd2nss() function because it's not needed with the current protocol * [r596] nss/common.h: fail with a permanent error if resetting the stream failed to prevent indefinite retries 2008-01-31 arthur * [r595] nslcd/myldap.c: defined LDAP_DEPRECATED to also have definitions for deprecated functions * [r594] compat/attrs.h: only define MUST_USE attribute if gcc version is more recent than 3.4 * [r593] debian/copyright: update copyright information * [r592] compat/Makefile.am, compat/pagectrl.c, compat/pagectrl.h, configure.ac, debian/copyright, nslcd/Makefile.am, nslcd/myldap.c, nslcd/pagectrl.c, nslcd/pagectrl.h: move pagectrl code into compat directory * [r591] configure.ac: make comments lowercase for consistency * [r590] tests/test_myldap.c: re-add test URIs that accidentally got commented out in the last commit * [r589] tests/Makefile.am, tests/test_cfg.c, tests/test_myldap.c, tests/test_nsscmds.sh: pass the correct pthread flags for all calls to compiler and linker and link in compat code, handle other assert.h setups and avoid some ! in if statements in shell scripts * [r588] configure.ac: improve LDAP library autodetection and make if statements consistent * [r587] configure.ac: move finding of replacement functions to a more logical place * [r586] configure.ac: define extra macros to import system extensions from system header files and remove duplicate check for ldap_set_rebind_proc() * [r585] configure.ac: test to see if the compiler supports certain -W flags before using them 2008-01-30 arthur * [r584] nslcd/ether.c: include stdint.h * [r583] nslcd.h, nslcd/ether.c, nss/ethers.c: use uint8_t instead of u_int8_t because the former seems to be available on more platforms * [r582] INSTALL, depcomp, install-sh: update some files from recent automake * [r581] compat/Makefile.am, compat/daemon.c, compat/daemon.h, compat/getopt_long.c, compat/getopt_long.h, configure.ac: provide replacement functions for daemon() and getopt_long() when they are not available on the system * [r580] configure.ac: remove duplicate warning flags * [r579] compat/attrs.h: define __STRING() if it's not defined by the system * [r578] tests/test_tio.c: include errno in assertion statement * [r577] compat/getpeercred.c: some fixes for LOCAL_PEERCRED (still untested) 2008-01-27 arthur * [r576] AUTHORS, debian/po/de.po: updated German (de) translation of debconf templates by Erik Schanze * [r575] compat/ldap.h, nslcd/Makefile.am, nslcd/myldap.c: integrate some compatibility code into myldap.c, the only place it's used * [r573] nslcd/myldap.c: work around some LDAP libraries not having all options * [r572] configure.ac, nslcd/myldap.h: on some systems lber.h needs to be included before ldap.h * [r571] common/tio.c, nslcd-common.h, nslcd/nslcd.c, nss/common.c, tests/test_tio.c: when including stdint.h check if we actually have it * [r570] nslcd/pagectrl.c, nslcd/pagectrl.h: correct #endif comment 2008-01-26 arthur * [r569] nslcd/cfg.c: have a fallback value for HOST_NAME_MAX if it is not defined * [r568] tests/test_nsscmds.sh: handle the case where /etc/nss-ldapd.conf does not exist a little more graceful * [r567] nslcd/nslcd.c: log error when getpeercred() returned nothing * [r566] compat/getpeercred.c, compat/getpeercred.h, configure.ac: add (untested) support for the Solaris getpeerucred() function * [r565] Makefile.am, compat, compat/Makefile.am, compat/getpeercred.c, compat/getpeercred.h, configure.ac, nslcd/Makefile.am, nslcd/nslcd.c: move code to get information from socket peer to the compat directory because it is very platform specific * [r564] tests/test_myldap.c, tests/test_nsscmds.sh, tests/test_tio.c: somewhat improve the output from the tests * [r563] nslcd/cfg.c: fix marsing of map statement * [r562] tests/test_cfg.c: also test map filter and scope configuration options 2008-01-16 arthur * [r561] nslcd/cfg.c: fix problem in map statement end-of-line handling * [r560] tests/test_cfg.c: add a test for the map statement 2008-01-03 arthur * [r559] nslcd/nslcd.c: close connections in worker threads at program termination * [r558] nslcd/nslcd.c: make code a little more compact, don't include debug twice in the log message and remove the capabilities code because it will probably never be used * [r557] tests/test_nsscmds.sh: support the case where + is in /etc/group * [r556] nss/aliases.c, nss/common.h, nss/ethers.c, nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c, nss/passwd.c, nss/protocols.c, nss/rpc.c, nss/services.c, nss/shadow.c: only start the NSLCD_ACTION_*_ALL requests with the first call to getent() instead of with setent() to avoid unneeded requests if compat is used (except with netgroups) * [r555] nslcd/passwd.c, nss/prototypes.h: update copyright year * [r554] tests/test_nsscmds.sh: get the number of groups and services from files in /etc for comparison * [r553] nslcd/passwd.c: do not warn about missing loginShell attribute because it is not mandatory * [r552] nss/group.c: increment value that is pointed to, not the pointer (fixes segfault) 2008-01-02 arthur * [r551] nslcd/common.h: immediatly bail out if write entity function failed (prevents numerous "error writing to client" messages from filling up the logs) 2008-01-01 arthur * [r550] tests/test_nsscmds.sh: check to see if nslcd is running and add test for a large group (100 members) * [r549] nss/exports.linux, nss/group.c, nss/prototypes.h: enable the _nss_ldap_initgroups_dyn() function that is now implemented in nslcd * [r548] nss/common.h: use the new tio_mark()/tio_reset() functions to support retries of the getent() functions when NSS_STATUS_TRYAGAIN would be returned * [r547] common/tio.c, common/tio.h, tests/test_tio.c: add limited implementation of tio_mark() and tio_reset() functions to do limited seeks in the read stream, clean up header file comments and write tests for new code nss-pam-ldapd-0.8.13/config.h.in0000644000175000001440000004444212141446137013216 00000000000000/* config.h.in. Generated from configure.ac by autoheader. */ /* Whether to check configfile options. */ #undef ENABLE_CONFIGFILE_CHECKING /* Define to 1 if you have the header file. */ #undef HAVE_ALIASES_H /* Define to 1 if you have the header file. */ #undef HAVE_ARPA_INET_H /* Define to 1 if you have the `atexit' function. */ #undef HAVE_ATEXIT /* Define to 1 if you have the `ber_bvfree' function. */ #undef HAVE_BER_BVFREE /* Define to 1 if you have the `ber_free' function. */ #undef HAVE_BER_FREE /* Define to 1 if you have the `ber_set_option' function. */ #undef HAVE_BER_SET_OPTION /* Define to 1 if you have the `clearenv' function. */ #undef HAVE_CLEARENV /* Define to 1 if you have the header file. */ #undef HAVE_CTYPE_H /* Define to 1 if you have the `daemon' function. */ #undef HAVE_DAEMON /* Define to 1 if you have the declaration of `daemon', and to 0 if you don't. */ #undef HAVE_DECL_DAEMON /* Define to 1 if you have the declaration of `ether_aton', and to 0 if you don't. */ #undef HAVE_DECL_ETHER_ATON /* Define to 1 if you have the declaration of `ether_ntoa', and to 0 if you don't. */ #undef HAVE_DECL_ETHER_NTOA /* Define to 1 if you have the declaration of `ldap_extended_operation_s', and to 0 if you don't. */ #undef HAVE_DECL_LDAP_EXTENDED_OPERATION_S /* Define to 1 if you have the `dlerror' function. */ #undef HAVE_DLERROR /* Define to 1 if you have the `dlopen' function. */ #undef HAVE_DLOPEN /* Define to 1 if you have the `dlsym' function. */ #undef HAVE_DLSYM /* Define to 1 if the system has the type `enum nss_status'. */ #undef HAVE_ENUM_NSS_STATUS /* Define to 1 if you have the `ether_aton' function. */ #undef HAVE_ETHER_ATON /* Define to 1 if you have the `ether_aton_r' function. */ #undef HAVE_ETHER_ATON_R /* Define to 1 if you have the `ether_ntoa' function. */ #undef HAVE_ETHER_NTOA /* Define to 1 if you have the `ether_ntoa_r' function. */ #undef HAVE_ETHER_NTOA_R /* Define to 1 if you have the header file. */ #undef HAVE_FCNTL_H /* Define to 1 if you have the `fork' function. */ #undef HAVE_FORK /* Define to 1 if you have the `getenv' function. */ #undef HAVE_GETENV /* Define to 1 if you have the header file. */ #undef HAVE_GETOPT_H /* Define to 1 if you have the `getopt_long' function. */ #undef HAVE_GETOPT_LONG /* Define to 1 if you have the `getpeereid' function. */ #undef HAVE_GETPEEREID /* Define to 1 if you have the `getpeerucred' function. */ #undef HAVE_GETPEERUCRED /* Define to 1 if you have the header file. */ #undef HAVE_GRP_H /* Define to 1 if you have the header file. */ #undef HAVE_GSSAPI_GSSAPI_GENERIC_H /* Define to 1 if you have the header file. */ #undef HAVE_GSSAPI_GSSAPI_H /* Define to 1 if you have the header file. */ #undef HAVE_GSSAPI_GSSAPI_KRB5_H /* Define to 1 if you have the header file. */ #undef HAVE_GSSAPI_H /* Define to 1 if you have the header file. */ #undef HAVE_GSSLDAP_H /* Define to 1 if you have the header file. */ #undef HAVE_GSSSASL_H /* Define to 1 if you have the `gss_krb5_ccache_name' function. */ #undef HAVE_GSS_KRB5_CCACHE_NAME /* Define to 1 if you have the `initgroups' function. */ #undef HAVE_INITGROUPS /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H /* Define to 1 if you have the header file. */ #undef HAVE_LBER_H /* Define to 1 if you have the `ldap_abandon' function. */ #undef HAVE_LDAP_ABANDON /* Define to 1 if you have the `ldap_controls_free' function. */ #undef HAVE_LDAP_CONTROLS_FREE /* Define to 1 if you have the `ldap_control_free' function. */ #undef HAVE_LDAP_CONTROL_FREE /* Define to 1 if you have the `ldap_count_values_len' function. */ #undef HAVE_LDAP_COUNT_VALUES_LEN /* Define to 1 if you have the `ldap_create_control' function. */ #undef HAVE_LDAP_CREATE_CONTROL /* Define to 1 if you have the `ldap_create_page_control' function. */ #undef HAVE_LDAP_CREATE_PAGE_CONTROL /* Define to 1 if you have the `ldap_domain2dn' function. */ #undef HAVE_LDAP_DOMAIN2DN /* Define to 1 if you have the `ldap_domain2hostlist' function. */ #undef HAVE_LDAP_DOMAIN2HOSTLIST /* Define to 1 if you have the `ldap_err2string' function. */ #undef HAVE_LDAP_ERR2STRING /* Define to 1 if you have the `ldap_explode_dn' function. */ #undef HAVE_LDAP_EXPLODE_DN /* Define to 1 if you have the `ldap_explode_rdn' function. */ #undef HAVE_LDAP_EXPLODE_RDN /* Define to 1 if you have the `ldap_extended_operation_s' function. */ #undef HAVE_LDAP_EXTENDED_OPERATION_S /* Define to 1 if you have the `ldap_first_attribute' function. */ #undef HAVE_LDAP_FIRST_ATTRIBUTE /* Define to 1 if you have the `ldap_get_dn' function. */ #undef HAVE_LDAP_GET_DN /* Define to 1 if you have the `ldap_get_option' function. */ #undef HAVE_LDAP_GET_OPTION /* Define to 1 if you have the `ldap_get_values' function. */ #undef HAVE_LDAP_GET_VALUES /* Define to 1 if you have the `ldap_get_values_len' function. */ #undef HAVE_LDAP_GET_VALUES_LEN /* Define to 1 if you have the header file. */ #undef HAVE_LDAP_H /* Define to 1 if you have the `ldap_initialize' function. */ #undef HAVE_LDAP_INITIALIZE /* Define to 1 if you have the `ldap_memfree' function. */ #undef HAVE_LDAP_MEMFREE /* Define to 1 if you have the `ldap_modify_ext_s' function. */ #undef HAVE_LDAP_MODIFY_EXT_S /* Define to 1 if you have the `ldap_msgfree' function. */ #undef HAVE_LDAP_MSGFREE /* Define to 1 if you have the `ldap_next_attribute' function. */ #undef HAVE_LDAP_NEXT_ATTRIBUTE /* Define to 1 if you have the `ldap_parse_page_control' function. */ #undef HAVE_LDAP_PARSE_PAGE_CONTROL /* Define to 1 if you have the `ldap_parse_result' function. */ #undef HAVE_LDAP_PARSE_RESULT /* Define to 1 if you have the `ldap_passwd_s' function. */ #undef HAVE_LDAP_PASSWD_S /* Define to 1 if you have the `ldap_result' function. */ #undef HAVE_LDAP_RESULT /* Define to 1 if you have the `ldap_sasl_interactive_bind_s' function. */ #undef HAVE_LDAP_SASL_INTERACTIVE_BIND_S /* Define to 1 if you have the `ldap_search_ext' function. */ #undef HAVE_LDAP_SEARCH_EXT /* Define to 1 if you have the `ldap_set_option' function. */ #undef HAVE_LDAP_SET_OPTION /* Define to 1 if you have the `ldap_set_rebind_proc' function. */ #undef HAVE_LDAP_SET_REBIND_PROC /* Define to 1 if you have the `ldap_simple_bind_s' function. */ #undef HAVE_LDAP_SIMPLE_BIND_S /* Define to 1 if you have the header file. */ #undef HAVE_LDAP_SSL_H /* Define to 1 if you have the `ldap_start_tls_s' function. */ #undef HAVE_LDAP_START_TLS_S /* Define to 1 if you have the `ldap_unbind' function. */ #undef HAVE_LDAP_UNBIND /* Define to 1 if you have the `ldap_value_free' function. */ #undef HAVE_LDAP_VALUE_FREE /* Define to 1 if you have the `ldap_value_free_len' function. */ #undef HAVE_LDAP_VALUE_FREE_LEN /* Define to 1 if you have the header file. */ #undef HAVE_LIMITS_H /* Define to 1 if you have the `malloc' function. */ #undef HAVE_MALLOC /* Define to 1 if you have the header file. */ #undef HAVE_MEMORY_H /* Define to 1 if you have the header file. */ #undef HAVE_NETDB_H /* Define to 1 if you have the header file. */ #undef HAVE_NETINET_ETHER_H /* Define to 1 if you have the header file. */ #undef HAVE_NETINET_IN_H /* Define to 1 if you have the header file. */ #undef HAVE_NSSWITCH_H /* Define to 1 if the system has the type `nss_backend_t'. */ #undef HAVE_NSS_BACKEND_T /* Define to 1 if you have the header file. */ #undef HAVE_NSS_COMMON_H /* Define to 1 if you have the header file. */ #undef HAVE_NSS_DBDEFS_H /* Define to 1 if you have the header file. */ #undef HAVE_NSS_H /* Define to 1 if you have the `pam_get_authtok' function. */ #undef HAVE_PAM_GET_AUTHTOK /* Define to 1 if you have the `pam_modutil_getpwnam' function. */ #undef HAVE_PAM_MODUTIL_GETPWNAM /* Define to 1 if you have the header file. */ #undef HAVE_PAM_PAM_MODULES_H /* Define to 1 if you have the `pam_prompt' function. */ #undef HAVE_PAM_PROMPT /* Define to 1 if you have the `pam_syslog' function. */ #undef HAVE_PAM_SYSLOG /* Define if you have POSIX threads libraries and header files. */ #undef HAVE_PTHREAD /* Define to 1 if you have the header file. */ #undef HAVE_PTHREAD_H /* Define to 1 if you have the `pthread_join' function. */ #undef HAVE_PTHREAD_JOIN /* Define to 1 if you have the `pthread_mutex_lock' function. */ #undef HAVE_PTHREAD_MUTEX_LOCK /* Define to 1 if you have the header file. */ #undef HAVE_PTHREAD_NP_H /* Have PTHREAD_PRIO_INHERIT. */ #undef HAVE_PTHREAD_PRIO_INHERIT /* Define to 1 if you have the `pthread_timedjoin_np' function. */ #undef HAVE_PTHREAD_TIMEDJOIN_NP /* Define to 1 if you have the `putenv' function. */ #undef HAVE_PUTENV /* Define to 1 if you have the `realloc' function. */ #undef HAVE_REALLOC /* Define to 1 if you have the `regcomp' function. */ #undef HAVE_REGCOMP /* Define to 1 if you have the `regerror' function. */ #undef HAVE_REGERROR /* Define to 1 if you have the `regexec' function. */ #undef HAVE_REGEXEC /* Define to 1 if you have the header file. */ #undef HAVE_REGEX_H /* Define to 1 if you have the header file. */ #undef HAVE_RPC_RPCENT_H /* Define to 1 if you have the header file. */ #undef HAVE_SASL_H /* Define to 1 if you have a `sasl_interact_t' definition. */ #undef HAVE_SASL_INTERACT_T /* Define to 1 if you have the header file. */ #undef HAVE_SASL_SASL_H /* Define to 1 if you have the header file. */ #undef HAVE_SECURITY_PAM_APPL_H /* Define to 1 if you have the header file. */ #undef HAVE_SECURITY_PAM_EXT_H /* Define to 1 if you have the header file. */ #undef HAVE_SECURITY_PAM_MODULES_H /* Define to 1 if you have the header file. */ #undef HAVE_SECURITY_PAM_MODUTIL_H /* Define to 1 if you have the `setgroups' function. */ #undef HAVE_SETGROUPS /* Define to 1 if you have the header file. */ #undef HAVE_SHADOW_H /* Define to 1 if you have the `sigaction' function. */ #undef HAVE_SIGACTION /* Define to 1 if you have the `snprintf' function. */ #undef HAVE_SNPRINTF /* Define to 1 if you have the header file. */ #undef HAVE_STDDEF_H /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H /* Define to 1 if you have the header file. */ #undef HAVE_STDLIB_H /* Define to 1 if you have the `strcasecmp' function. */ #undef HAVE_STRCASECMP /* Define to 1 if you have the `strchr' function. */ #undef HAVE_STRCHR /* Define to 1 if you have the `strcspn' function. */ #undef HAVE_STRCSPN /* Define to 1 if you have the header file. */ #undef HAVE_STRINGS_H /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H /* Define to 1 if you have the `strncasecmp' function. */ #undef HAVE_STRNCASECMP /* Define to 1 if you have the `strndup' function. */ #undef HAVE_STRNDUP /* Define to 1 if you have the `strspn' function. */ #undef HAVE_STRSPN /* Define to 1 if you have the `strtol' function. */ #undef HAVE_STRTOL /* Define to 1 if you have the `strtoul' function. */ #undef HAVE_STRTOUL /* Define to 1 if you have the `strtoull' function. */ #undef HAVE_STRTOULL /* Define to 1 if the system has the type `struct aliasent'. */ #undef HAVE_STRUCT_ALIASENT /* Define to 1 if the system has the type `struct etherent'. */ #undef HAVE_STRUCT_ETHERENT /* Define to 1 if the system has the type `struct ether_addr'. */ #undef HAVE_STRUCT_ETHER_ADDR /* Define to 1 if `returnlen' is a member of `struct nss_XbyY_args'. */ #undef HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN /* Define to 1 if `pw_class' is a member of `struct passwd'. */ #undef HAVE_STRUCT_PASSWD_PW_CLASS /* Define to 1 if the system has the type `struct rpcent'. */ #undef HAVE_STRUCT_RPCENT /* Define to 1 if the system has the type `struct spwd'. */ #undef HAVE_STRUCT_SPWD /* Define to 1 if you have a `struct ucred' definition. */ #undef HAVE_STRUCT_UCRED /* Define to 1 if you have the header file. */ #undef HAVE_SYSLOG_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_PARAM_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SOCKET_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STAT_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TIME_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_UCRED_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_UN_H /* Define to 1 if you have the header file. */ #undef HAVE_UCRED_H /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H /* Define to 1 if you have the `vfork' function. */ #undef HAVE_VFORK /* Define to 1 if you have the header file. */ #undef HAVE_VFORK_H /* Define to 1 if `fork' works. */ #undef HAVE_WORKING_FORK /* Define to 1 if `vfork' works. */ #undef HAVE_WORKING_VFORK /* Define to 1 if you have the `__assert_fail' function. */ #undef HAVE___ASSERT_FAIL /* Define to 1 if you have the `__nss_configure_lookup' function. */ #undef HAVE___NSS_CONFIGURE_LOOKUP /* Define to activate deprecated features in OpenLDAP */ #undef LDAP_DEPRECATED /* Define to get some functions on Solaris */ #undef LDAP_REFERRALS /* Define to the number of arguments to ldap_set_rebindproc. */ #undef LDAP_SET_REBIND_PROC_ARGS /* Define to 1 if ldap_set_rebind_proc() returns void. */ #undef LDAP_SET_REBIND_PROC_RETURNS_VOID /* Define to 1 if your C compiler doesn't accept -c and -o together. */ #undef NO_MINUS_C_MINUS_O /* Path to bindpw value. */ #undef NSLCD_BINDPW_PATH /* Path to nslcd configuration file. */ #undef NSLCD_CONF_PATH /* The location of the pidfile used for checking availability of the nslcd. */ #undef NSLCD_PIDFILE /* The location of the socket used for communicating. */ #undef NSLCD_SOCKET /* Whether to use the FreeBSD NSS interface flavour. */ #undef NSS_FLAVOUR_FREEBSD /* Whether to use the Glibc NSS interface flavour. */ #undef NSS_FLAVOUR_GLIBC /* Whether to use the Solaris NSS interface flavour. */ #undef NSS_FLAVOUR_SOLARIS /* The SONAME of the NSS library module. */ #undef NSS_LDAP_SONAME /* Name of package */ #undef PACKAGE /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT /* Define to the full name of this package. */ #undef PACKAGE_NAME /* Define to the full name and version of this package. */ #undef PACKAGE_STRING /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME /* Define to the home page for this package. */ #undef PACKAGE_URL /* Define to the version of this package. */ #undef PACKAGE_VERSION /* path to PAM security library */ #undef PAM_SECLIB_DIR /* Define to necessary symbol if this constant uses a non-standard name on your system. */ #undef PTHREAD_CREATE_JOINABLE /* The size of `gid_t', as computed by sizeof. */ #undef SIZEOF_GID_T /* The size of `uid_t', as computed by sizeof. */ #undef SIZEOF_UID_T /* The size of `unsigned int', as computed by sizeof. */ #undef SIZEOF_UNSIGNED_INT /* The size of `unsigned long int', as computed by sizeof. */ #undef SIZEOF_UNSIGNED_LONG_INT /* The size of `unsigned long long int', as computed by sizeof. */ #undef SIZEOF_UNSIGNED_LONG_LONG_INT /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS /* Enable extensions on AIX 3, Interix. */ #ifndef _ALL_SOURCE # undef _ALL_SOURCE #endif /* Enable GNU extensions on systems that have them. */ #ifndef _GNU_SOURCE # undef _GNU_SOURCE #endif /* Enable threading extensions on Solaris. */ #ifndef _POSIX_PTHREAD_SEMANTICS # undef _POSIX_PTHREAD_SEMANTICS #endif /* Enable extensions on HP NonStop. */ #ifndef _TANDEM_SOURCE # undef _TANDEM_SOURCE #endif /* Enable general extensions on Solaris. */ #ifndef __EXTENSIONS__ # undef __EXTENSIONS__ #endif /* Version number of package */ #undef VERSION /* Define to 1 if on MINIX. */ #undef _MINIX /* Define to 2 if the system does not provide POSIX.1 features except with this defined. */ #undef _POSIX_1_SOURCE /* Define to 1 if you need to in order for `stat' and other things to work. */ #undef _POSIX_SOURCE /* Define for Solaris 2.5.1 so the uint32_t typedef from , , or is not used. If the typedef were allowed, the #define below would cause a syntax error. */ #undef _UINT32_T /* Define for Solaris 2.5.1 so the uint8_t typedef from , , or is not used. If the typedef were allowed, the #define below would cause a syntax error. */ #undef _UINT8_T /* Define to empty if compiler does not support `__thread' keyword. */ #undef __thread /* Define to empty if `const' does not conform to ANSI C. */ #undef const /* Define to `int' if doesn't define. */ #undef gid_t /* Define to `__inline__' or `__inline' if that's what the C compiler calls it, or to nothing if 'inline' is not supported under any name. */ #ifndef __cplusplus #undef inline #endif /* Define to the type of a signed integer type of width exactly 32 bits if such a type exists and the standard includes do not define it. */ #undef int32_t /* Define to `int' if does not define. */ #undef mode_t /* Define to `int' if does not define. */ #undef pid_t /* Define to `unsigned int' if does not define. */ #undef size_t /* Define to `sockaddr_in' if not defined elsewhere. */ #undef sockaddr_storage /* Define to `size_t' if not defined elswhere. */ #undef socklen_t /* Define to `int' if doesn't define. */ #undef uid_t /* Define to the type of an unsigned integer type of width exactly 16 bits if such a type exists and the standard includes do not define it. */ #undef uint16_t /* Define to the type of an unsigned integer type of width exactly 32 bits if such a type exists and the standard includes do not define it. */ #undef uint32_t /* Define to the type of an unsigned integer type of width exactly 8 bits if such a type exists and the standard includes do not define it. */ #undef uint8_t /* Define as `fork' if `vfork' does not work. */ #undef vfork nss-pam-ldapd-0.8.13/nslcd.conf0000644000175000001440000001125511616323640013140 00000000000000# This is the configuration file for the LDAP nameservice # switch library's nslcd daemon. It configures the mapping # between NSS names (see /etc/nsswitch.conf) and LDAP # information in the directory. # See the manual page nslcd.conf(5) for more information. # The user and group nslcd should run as. uid nslcd gid nslcd # The uri pointing to the LDAP server to use for name lookups. # Multiple entries may be specified. The address that is used # here should be resolvable without using LDAP (obviously). #uri ldap://127.0.0.1/ #uri ldaps://127.0.0.1/ #uri ldapi://%2fvar%2frun%2fldapi_sock/ # Note: %2f encodes the '/' used as directory separator uri ldap://127.0.0.1/ # The LDAP version to use (defaults to 3 # if supported by client library) #ldap_version 3 # The distinguished name of the search base. base dc=example,dc=com # The distinguished name to bind to the server with. # Optional: default is to bind anonymously. #binddn cn=proxyuser,dc=example,dc=com # The credentials to bind with. # Optional: default is no credentials. # Note that if you set a bindpw you should check the permissions of this file. #bindpw secret # The distinguished name to perform password modifications by root by. #rootpwmoddn cn=admin,dc=example,dc=com # The default search scope. #scope sub #scope one #scope base # Customize certain database lookups. #base group ou=Groups,dc=example,dc=com #base passwd ou=People,dc=example,dc=com #base shadow ou=People,dc=example,dc=com #scope group onelevel #scope hosts sub # Bind/connect timelimit. #bind_timelimit 30 # Search timelimit. #timelimit 30 # Idle timelimit. nslcd will close connections if the # server has not been contacted for the number of seconds. #idle_timelimit 3600 # Use StartTLS without verifying the server certificate. #ssl start_tls #tls_reqcert never # CA certificates for server certificate verification #tls_cacertdir /etc/ssl/certs #tls_cacertfile /etc/ssl/ca.cert # Seed the PRNG if /dev/urandom is not provided #tls_randfile /var/run/egd-pool # SSL cipher suite # See man ciphers for syntax #tls_ciphers TLSv1 # Client certificate and key # Use these, if your server requires client authentication. #tls_cert #tls_key # Mappings for Services for UNIX 3.5 #filter passwd (objectClass=User) #map passwd uid msSFU30Name #map passwd userPassword msSFU30Password #map passwd homeDirectory msSFU30HomeDirectory #map passwd homeDirectory msSFUHomeDirectory #filter shadow (objectClass=User) #map shadow uid msSFU30Name #map shadow userPassword msSFU30Password #filter group (objectClass=Group) #map group member msSFU30PosixMember # Mappings for Services for UNIX 2.0 #filter passwd (objectClass=User) #map passwd uid msSFUName #map passwd userPassword msSFUPassword #map passwd homeDirectory msSFUHomeDirectory #map passwd gecos msSFUName #filter shadow (objectClass=User) #map shadow uid msSFUName #map shadow userPassword msSFUPassword #map shadow shadowLastChange pwdLastSet #filter group (objectClass=Group) #map group member posixMember # Mappings for Active Directory #pagesize 1000 #referrals off #idle_timelimit 800 #filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)) #map passwd uid sAMAccountName #map passwd homeDirectory unixHomeDirectory #map passwd gecos displayName #filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)) #map shadow uid sAMAccountName #map shadow shadowLastChange pwdLastSet #filter group (objectClass=group) # Alternative mappings for Active Directory # (replace the SIDs in the objectSid mappings with the value for your domain) #pagesize 1000 #referrals off #idle_timelimit 800 #filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer))) #map passwd uid cn #map passwd uidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820 #map passwd gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820 #map passwd homeDirectory "/home/$cn" #map passwd gecos displayName #map passwd loginShell "/bin/bash" #filter group (|(objectClass=group)(objectClass=person)) #map group gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820 # Mappings for AIX SecureWay #filter passwd (objectClass=aixAccount) #map passwd uid userName #map passwd userPassword passwordChar #map passwd uidNumber uid #map passwd gidNumber gid #filter group (objectClass=aixAccessGroup) #map group cn groupName #map group gidNumber gid nss-pam-ldapd-0.8.13/AUTHORS0000644000175000001440000001072711776053421012245 00000000000000The original nss_ldap library was written by Luke Howard of PADL Software Pty Ltd. In 2006 Arthur de Jong of West Consuling forked the library to split it into a thin NSS part and a server part. The copyright holders of most of the code are: Luke Howard West Consulting Arthur de Jong Howard Chu Symas Corporation (contributed by Ted C. Cheng ) The following people (in no particular order) have also volunteered their time, effort, and ideas to make this software available. If you feel you are unjustly left out of this list, please send an email. Steven Barrus David Begley Maxim Batourine Michael Brownea Max Caines Carlos Celso Peter Cherny Ben Collins Stephan Cremer Alejandro Forero Cuervo Guenther Deschner Luca Filipozzi Andrew Findlay Cristian Gafton Gabor Gombas DJ Gregor Bob Guo Daniel Hanks Leif Hedstrom Emile Heitor Geert Jansen Szymon Juraszczyk Anselm Kruis Thorsten Kukuk Steve Langasek Joe Little Phillip Liu Larry Lile Jeff Mandel Peter Marschall Michael Mattice Dejan Muhamedagic Doug Nazar Frode Nordahl Lars Oergel Fredrik Ohrn Rakesh Patel Nathan Hawkins Andrew Rechenberg Greg Retowski Alain Richard Michael Shuey Oliver Schulze L. Alexander Spannagel Scott M. Stone Gero Treuner Jarkko Turkulainen Stein Vrale Simon Wilkinson Davide Puricelli Sami Haahtinen Stephen Frost Américo Monteiro Cyril Brulebois Kenshi Muto Andreas Schneider Ralf Haferkamp Michael Calmer Erik Schanze Bart Cornelis Rudy Godoy Guillén Petter Reinholdtsen Dan White Leigh Wedding Jan Schampera Nalin Dahyabhai Daniel Dehennin Bjørn Steensrud Chris Leick Christian Perrier David Bartley Esko Arajärvi Francisco Javier Cuadrado Guillaume Delacour Jonas Smedegaard Justin B Rye Marce Villarino Martin Ågren Miroslav Kure Thaddeus J. Kollar Vincenzo Campanella Yuri Kozlov zym Agustí Grau Clytie Siddall Pierre Gambarotto Ted C. Cheng Jacques Vidrine Artem Kazakov Alexander V. Chernikov SATOH Fumiyasu Wesley Mason Stefan Völkel Slavko Joe Hansen Denis Doria James M. Leddy Jakub Hrozek Andreas B. Mundt Paul Gevers Jeroen Schot Tom Judge Maxim Vetrov Matthew L. Dailey Chris Hiestand Jon Severinsson nss-pam-ldapd-0.8.13/HACKING0000644000175000001440000002240112036354156012153 00000000000000 This document tries to describe the software layout and design of nss-pam-ldapd. It should provide some help for contributing code to this package. CONTRIBUTING TO NSS-PAM-LDAPD ============================= Contributions to nss-pam-ldapd are most welcome. Integrating contributions will be done on a best-effort basis and can be made easier if the following are considered: * for large changes it is a good idea to send an email first * send your patches in unified diff (diff -u) format * try to use the svn version of the software to develop the patch * clearly state which problem you're trying to solve and how this is accomplished * please follow the existing coding conventions * please test the patch and include information on testing with the patch (platforms tested, etc) * add a copyright statement with the patch if you feel the contribution is significant enough (e.g. more than a few lines) * when including third-party code, retain copyright information (copyright holder and license) and ensure that the license is LGPL compatible Please email nss-pam-ldapd-users@lists.arthurdejong.org if you want to contribute. All contributions will be acknowledged in the AUTHORS file. BUILD DEPENDENCIES ================== For building svn snapshots the following tools are needed: * autoconf (2.65 is used but 2.61 is minimal) * automake (1.11 is used) * OpenLDAP libraries (2.4 is generally used) * PAM libraries * optionally a Kerberos library (MIT Kerberos is tested) * optionally a SASL library (only Cyrus SASL is tested) * docbook2x for generating the manual pages To build the svn snapshot run the autogen.sh shell script to build the configure script. When developing patches please use --enable-warnings with configure and don't introduce too many new warnings. RELEASE VERSIONING ================== The versioning scheme of nss-pam-ldapd is a simple major.minor.micro numbering. The idea is to keep a stable (x.y) branch that only gets bug fixes and small enhancements while development goes in another branch. Backwards incompatible changes should be announced clearly. GENERAL DESIGN ============== The basic design splits the functionality in three parts. The NSS part interfaces with libc and translates the NSS requests into simple generic requests (e.g. "get user with name test", "get group with gid 101" or "get all shadow entries"). Another part is the PAM module which handles authentication requests from the system. Both these parts translate the queries in a higher-level simple protocol used to communicate with the nslcd daemon. This daemon translates the requests into LDAP searches. As a result, the NSS and PAM modules don't need to known anything about LDAP (in fact replacing it with another lookup method should be very simple) and don't have to link with the LDAP libraries. libc NSS -> libnss_ldap.so \ |-> nslcd -> OpenLDAP -> LDAP server / PAM stack -> pam_ldap.so design goals ------------ * make it as simple as possible * simpler configuration and semantics * simpler, clearer and completer documentation * split source code into manageable parts * get rid of unneeded code and complexity * have a stable, easily maintainable piece of quality software NSS MODULE ========== The NSS module is implemented in the nss directory. The functions are split into files according to the database they support. The files support multiple NSS implementations. The NSS interface is specific to the C library that is used. The original implementation was for the GNU C Library but now also includes an implementation for Solaris' C Library and has some support for FreeBSD. GNU C Library notes ------------------- Function definitions for glibc look like: _nss_ldap_FUNCTION_r(...) This function opens the connection to the nslcd (with a time-out), builds the correct data structures and does a request (write()) to the nslcd waiting for an answer (again with a time-out) The complete list of exported functions can be found in exports.linux and prototypes.h. Currently a number of macros are used to build most of the function bodies for these functions. Part of this is defined in the common/nslcd-prot.h file and the NSS-specific stuff is in nss/common.h. For memory management, the general mechanism that is expected to be used is to return NSS_STATUS_TRYAGAIN and set errno to ERANGE. This causes glibc to retry the request with a larger buffer. Some useful links: http://www.gnu.org/software/libc/manual/html_node/index.html Solaris C Library notes ----------------------- The Solaris C library uses a different mechanism. For each map a back-end object is allocated per thread which is used to do queries. The object is created with a constructor (e.g. _nss_ldap_passwd_constr()) that returns a back-end that contains a list of function pointer to lookup methods and a destructor. A buffer is passed with every request but a local buffer that is stored in the back-end can presumably also be created. Earlier versions of Solaris expected the NSS functions to return the binary representation of the lookups (e.g. struct passwd) but later versions expect a string representation of the data to be returned (just like a single line out of /etc/passwd was read) but only if running from nscd. If args->buf.result is NULL a string representation is requested (except for ether by address lookup which is special). Source and documentation pointers for Solaris NSS: http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/lib/nsswitch/ http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/head/nss_common.h http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/head/nss_dbdefs.h FreeBSD C Libarary notes ------------------------ The FreeBSD C library seems to have support for exposing GNU C Library NSS module functions through a wrapper function. This makes it very easy to implement NSS support on FreeBSD. Pointers for more documentation on this is welcome. Some information is available here: http://nixdoc.net/man-pages/FreeBSD/man3/nsdispatch.3.html ftp://ftp8.tw.freebsd.org/pub/branches/-current/src/include/nss.h PAM MODULE ========== The PAM module is implemented in the pam directory. Implementation is fairly straight-forward. The PAM module stores some state between PAM calls in a struct. The calls to nslcd are however stateless. The PAM module may supply some information that help lookups (most notably DNs of user entries). Care must be taken with the communication because the nslcd requests are not authenticated (e.g. changing passwords requests should include all credentials). The PAM requests may result in state changes on the LDAP server and this is where they are most notably different from the NSS requests. Some useful links: http://www.kernel.org/pub/linux/libs/pam/ http://www.opengroup.org/tech/rfc/rfc86.0.html THE COMMUNICATIONS PROTOCOL =========================== The protocol used for communicating between the NSS library and PAM module on one end and the nslcd daemon on the other is very simple and almost fully described in the nslcd.h header file. The common/nslcd-prot.h header file defines some macros that are used for reading and writing protocol entities (strings, 32-bit integers, etc). Every NSS database has a corresponding source file in the nss and the nslcd directory. The PAM module is built up of a single file in both the pam and nslcd directories. If the protocol is changed in an incompatible way the protocol version should be incremented in nslcd.h. There is currently no versioning scheme available for this. A special module (common/tio.c) was made so we can define simpler semantics for time-out values and buffer sizes. All components use this module which means that it includes functionality that is needed for both (e.g. large write buffers for the server part and large resettable read buffers for the NSS part). Maybe building two modules from the same source with different features in them is an option (e.g. the NSS part needs the read buffers and handling of SIGPIPE and the nslcd part needs the write buffers and possibly flushing in the background). The common directory also contains some other generally useful modules that are used in some components. SERVER PART =========== At the server end a dispatcher picks up the request and delegates it to one of the database specific functions. nslcd_FUNCION(...) This functions fills in the correct parameters from the request. This function should write responses to the stream. SECURITY NOTES ============== This design does open up the system to more potential security issues because there is now a local interface to a daemon with privileges. Before (with nss_ldap) processes could only potentially exploit bugs in the library and gain the privileges of the process that was doing the name lookups. In this case the privileges of the daemon are potentially exposed. Extra care should be taken with processes that normally require extra privileges (getting shadow entries, authentication, updating session information, etc). Any user on the system can perform nslcd queries so either the nslcd daemon needs to check the userid of the caller or the request needs to contain the needed credentials itself. TEST SET-UP =========== In the test directory there are a number of tests available. See the file README in the test directory for more details. nss-pam-ldapd-0.8.13/ChangeLog-20090000664000175000001440000006640011621777303013341 000000000000002009-12-29 arthur * [r1046] nslcd/cfg.h, nslcd/myldap.c: some small simplifcations and clarifications 2009-12-28 arthur * [r1044] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.7.2 release * [r1043] debian/nslcd.postrm: fix removal of old configuration file (thanks piuparts) * [r1042] debian/control: fix Conflicts relationship * [r1041] common/Makefile.am, common/expr.c, common/expr.h, man/nslcd.conf.5.xml, nslcd.conf, nslcd/Makefile.am, nslcd/attmap.c, nslcd/attmap.h, nslcd/cfg.c, nslcd/passwd.c, nslcd/shadow.c, tests, tests/Makefile.am, tests/test_cfg.c, tests/test_common.c, tests/test_expr.c, tests/test_myldap.c: implement attribute mapping using shell-like expressions * [r1040] nss/networks.c: fix missing argument (problem in r1039) * [r1039] nss/networks.c: Glibc changed the addr parameter of getnetbyaddr_r() from network-byte-order to host-byte-order * [r1038] tests/test_nsscmds.sh: preload our own NSS module for tests * [r1037] common/nslcd-prot.h: WRITE_STRINGLIST(): properly handle the case where the list is null (result of change in r1028) 2009-12-27 arthur * [r1036] nslcd/shadow.c: fix log message * [r1035] nslcd/group.c: fix comment * [r1034] debian/po/it.po: updated Italian (it) translation of debconf templates by Vincenzo Campanella 2009-12-21 arthur * [r1033] configure.ac: remove -Wunreachable-code because it was turning up too many false positives (our use of macros, system string functions, etc) * [r1032] nss/prototypes.h: also use compat/ether.h for nss functions * [r1031] configure.ac: include the same headers in configure as in compat/ether.h 2009-12-13 arthur * [r1028] common/dict.c, common/dict.h, common/set.c, common/set.h, nslcd/group.c, nslcd/myldap.c, tests/test_dict.c, tests/test_set.c: change dict and set API to perform loops with a list of strings instead of loop_first() and loop_next() functions 2009-12-06 arthur * [r1027] debian/control: recommend libpam-krb5 als an alternative to libpam-ldapd for Kerberos environments 2009-11-14 arthur * [r1024] debian/po/it.po: updated Italian (it) translation of debconf templates by Vincenzo Campanella 2009-11-13 arthur * [r1023] configure.ac: fix lber library check for function we actually use and another small reorganisation 2009-11-11 arthur * [r1022] configure.ac: simplify structure of configure script and see if -llber is needed 2009-11-02 arthur * [r1017] configure.ac: fix PAM library check for systems without pam_get_authtok() 2009-11-01 arthur * [r1016] configure.ac: fail in configure if PAM functionality is missing * [r1015] tests/test.ldif.gz, tests/test_nsscmds.sh: add test case for comma in DN attribute value * [r1014] nslcd/alias.c, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: give search filter escaping buffers more logical names * [r1013] nslcd/group.c: also do proper escaping in mkfilter_group_bymember() * [r1012] nslcd/myldap.c: also log uri when ldap_start_tls_s() fails * [r1011] configure.ac: make --disable-* configure options default values clearer 2009-10-20 arthur * [r1009] ChangeLog, NEWS, configure.ac, debian/changelog, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.7.1 release 2009-10-17 arthur * [r1008] compat/Makefile.am, compat/pam_compat.h, compat/pam_get_authtok.c, configure.ac, pam/Makefile.am, pam/pam.c: provide a replacement for the pam_get_authtok() functions for systems without it * [r1007] compat/Makefile.am, compat/ldap_compat.h, compat/ldap_initialize.c, compat/ldap_passwd_s.c, compat/pagectrl.c, compat/pagectrl.h, configure.ac, nslcd/myldap.c: provide replacement functions for ldap_initialize() and ldap_passwd_s() and centralise LDAP compatibility hacks into ldap_compat.h * [r1006] compat/ether.c: also provide some function definitions for ether_ntoa() and ether_aton() because definitions seem to be missing on some platforms 2009-10-11 arthur * [r1005] nslcd/common.h: make NSLCD_HANDLE_PARAMS() macro simpler and not have empty argument * [r1004] configure.ac, pam/pam.c: only include security/pam_ext.h for systems that have it 2009-10-08 arthur * [r1003] configure.ac, nslcd/myldap.c: fix some header checks in configure and fix ldap_set_rebind_proc() return type check * [r1002] nss/common.h: don't pass an empty parameter to a macro * [r1001] configure.ac, nss/Makefile.am: re-organise configure script and only run tests for parts that are enabled 2009-10-07 arthur * [r1000] debian/libpam-ldapd.pam-auth-update, man/pam_ldap.8.xml, nslcd/myldap.c, nslcd/myldap.h, nslcd/nslcd.c, nslcd/pam.c, pam/pam.c: implement password changing in the PAM module by performing an LDAP password modify EXOP request * [r999] common/nslcd-prot.h: fix the case where the string passed to WRITE_STRING() is an expression 2009-10-05 arthur * [r998] configure.ac, nslcd/cfg.c, nslcd/cfg.h, nslcd/myldap.c, pam/pam.c: some compatibility improvements 2009-09-29 arthur * [r997] pam/pam.c: fix return of authorisation check (patch by Howard Chu ) 2009-09-27 arthur * [r996] debian/po/vi.po: updated Vietnamese (vi) translation of debconf templates by Clytie Siddall * [r995] nslcd/common.h: log reading and writing errors with errno message 2009-09-24 arthur * [r994] debian/po/vi.po: partially updated Vietnamese (vi) translation of debconf templates by Clytie Siddall * [r993] pam/pam.c: general code cleanup and add missing casts and includes * [r992] nslcd/pam.c: fix for problem when authenticating to LDAP entries without a uid attribute 2009-09-13 arthur * [r991] debian/po/de.po: updated German (de) translation of debconf templates by Erik Schanze 2009-09-08 arthur * [r990] configure.ac: add the possibility to specify --disable-maintainer-mode * [r989] debian/nslcd.config: fix "Use StartTLS?" debconf question when no ssl option is defined in the config 2009-09-04 arthur * [r987] ChangeLog, Makefile.am, NEWS, configure.ac, debian/NEWS, debian/changelog, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get files ready for 0.7.0 release * [r986] configure.ac, nslcd/cfg.c, nslcd/common.c, nss/prototypes.h: some simple changes in includes to make FreeBSD diff smaller 2009-09-01 arthur * [r985] configure.ac, nslcd/cfg.c: add a --disable-configfile-checking option to configure to cause unknown options to be ignored from the configuration * [r984] configure.ac: fix help message to indicate that PAM module is built by default * [r983] man/nslcd.conf.5.xml, nslcd/cfg.c: lower the default values for bind_timelimit and reconnect_maxsleeptime from 30 to 10 seconds * [r982] Makefile.am: fix generation of ChangeLog * [r981] .: rename trunk to nss-pam-ldapd 2009-08-31 arthur * [r980] Makefile.am, README, configure.ac, debian/libnss-ldapd.config, debian/nslcd.config, debian/nslcd.examples, debian/nslcd.init, debian/nslcd.postinst, debian/nslcd.postrm, debian/nslcd.templates, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fi.po, debian/po/fr.po, debian/po/gl.po, debian/po/it.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po, debian/po/zh_CN.po, debian/rules, man, man/Makefile.am, man/nslcd.8.xml, man/nslcd.conf.5.xml, man/nss-ldapd.conf.5.xml, man/pam_ldap.8.xml, nslcd.conf, nslcd/nslcd.c, nss-ldapd.conf, tests/Makefile.am, tests/README, tests/nslcd-test.conf, tests/nss-ldapd-test.conf, tests/test_myldap.c, tests/test_myldap.sh, tests/test_nslcd_group.c, tests/test_nsscmds.sh: rename configfile to /etc/nslcd.conf and make debian packaging copy the file to the new name on upgrade * [r979] INSTALL, autogen.sh, compile, depcomp, install-sh, missing, mkinstalldirs: upgrade to using automake 1.11 * [r978] ., HACKING, README, common/dict.c, common/dict.h, common/set.c, common/set.h, common/tio.c, common/tio.h, compat/getpeercred.c, compat/getpeercred.h, compat/pagectrl.c, compat/pagectrl.h, configure.ac, debian/control, debian/copyright, debian/nslcd.config, debian/nslcd.init, debian/nslcd.postinst, debian/nslcd.templates, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fi.po, debian/po/fr.po, debian/po/gl.po, debian/po/it.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po, debian/po/zh_CN.po, nslcd.h, nslcd/alias.c, nslcd/attmap.c, nslcd/attmap.h, nslcd/cfg.c, nslcd/cfg.h, nslcd/common.c, nslcd/common.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/myldap.c, nslcd/myldap.h, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c, tests/README, tests/test_cfg.c, tests/test_common.c, tests/test_dict.c, tests/test_getpeercred.c, tests/test_myldap.c, tests/test_nsscmds.sh, tests/test_set.c, tests/test_tio.c: rename software to nss-pam-ldapd * [r977] debian/control: upgrade to standards-version 3.8.3 (no changes needed) * [r975] Makefile.am, debian/control, debian/libnss-ldapd.config, debian/libnss-ldapd.docs, debian/libnss-ldapd.examples, debian/libnss-ldapd.install, debian/libnss-ldapd.nslcd.init, debian/libnss-ldapd.postinst, debian/libnss-ldapd.postrm, debian/libnss-ldapd.templates, debian/libpam-ldapd.install, debian/libpam-ldapd.pam-auth-update, debian/libpam-ldapd.postinst, debian/libpam-ldapd.prerm, debian/nslcd.config, debian/nslcd.docs, debian/nslcd.examples, debian/nslcd.init, debian/nslcd.install, debian/nslcd.postinst, debian/nslcd.postrm, debian/nslcd.templates, debian/po/POTFILES.in, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fi.po, debian/po/fr.po, debian/po/gl.po, debian/po/it.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po, debian/po/zh_CN.po, debian/rules: split into binary packages libnss-ldapd, libpam-ldapd and nslcd packages, using a patch for libpam-ldap by Steve Langasek for the libpam-ldapd package * [r974] debian/libnss-ldapd.nslcd.init: patch by Petter Reinholdtsen to fix init script to start before autofs 2009-08-16 arthur * [r973] config.guess, config.sub: include updated files * [r972] Makefile.am, configure.ac: enable building PAM module by default * [r971] nslcd.h: remove development warning * [r970] man, man/Makefile.am, man/pam_ldap.8.xml: add basic pam_ldap manual page 2009-08-12 arthur * [r969] nslcd/common.h, nslcd/nslcd.c, nslcd/passwd.c: don't return password hashes at all for non-root users, based on a patch by Alexander V. Chernikov 2009-07-18 arthur * [r968] debian/po/gl.po: updated Galician (gl) translation of debconf ates by Marce Villarino 2009-07-12 arthur * [r966] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for 0.6.11 release * [r965] debian/po/fr.po: updated French (fr) translation of debconf templates by Christian Perrier 2009-07-10 arthur * [r962] debian/po/cs.po: updated Czech (cs) translation of debconf templates by Miroslav Kure 2009-07-04 arthur * [r961] debian/po/cs.po: unfuzzy translations that were due to fixes in the English template * [r960] debian/po/cs.po: updated Czech (cs) translation of debconf templates by Miroslav Kure * [r959] debian/po/pt.po: updated Portuguese (pt) translation of debconf templates by Américo Monteiro 2009-07-02 arthur * [r958] debian/po/es.po: updated Spanish (es) translation of debconf templates by Francisco Javier Cuadrado 2009-06-29 arthur * [r957] nslcd/group.c: fix off by one error in the maximum number of gidNumber attributes in an LDAP group entry * [r956] nslcd/passwd.c: fix off by one error in the maximum number of uidNumber attributes in an LDAP entry (thanks to David Binderman for finding this) 2009-06-27 arthur * [r955] debian/po/sv.po: updated Swedish (sv) translation of debconf templates by Martin Ågren * [r954] debian/control: upgrade to standards-version 3.8.2 (no changes needed) * [r953] debian/po/ru.po: updated Russian (ru) translation of debconf templates by Yuri Kozlov 2009-06-26 arthur * [r951] debian/control: add missing slash to homepage 2009-06-24 arthur * [r950] debian/po/ja.po: updated Japanese (ja) translation of debconf templates by Kenshi Muto * [r949] debian/po/fi.po: updated Finnish (fi) translation of debconf templates by Esko Arajärvi 2009-06-23 arthur * [r948] debian/libnss-ldapd.templates, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fi.po, debian/po/fr.po, debian/po/gl.po, debian/po/it.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po, debian/po/zh_CN.po: change reqcert choice description and make choices translatable * [r947] debian/po/zh_CN.po: added Simplified Chinese (zh_CN) translation of debconf templates by zym 2009-06-22 arthur * [r946] debian/po/fi.po: fix non-ascii characters that got lost when importing the file 2009-06-21 arthur * [r945] debian/libnss-ldapd.templates, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fi.po, debian/po/fr.po, debian/po/gl.po, debian/po/it.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po: improvements to debconf templates (English language review by Justin B Rye 2009-06-20 arthur * [r944] debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fi.po, debian/po/fr.po, debian/po/gl.po, debian/po/it.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po: update debconf translation files * [r943] debian/libnss-ldapd.config, debian/libnss-ldapd.postinst, debian/libnss-ldapd.templates: make configuring SSL/TLS possible with debconf * [r942] nslcd/cfg.c: also support starttls as value for the ssl option 2009-06-19 arthur * [r941] debian/libnss-ldapd.templates, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fi.po, debian/po/fr.po, debian/po/gl.po, debian/po/it.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po: rephrase LDAP server URI question based on pam_ldap's new debconf templates * [r940] debian/libnss-ldapd.templates, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fi.po, debian/po/fr.po, debian/po/gl.po, debian/po/it.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po: fix wrapping, use of double spaces and unfuzzy translations 2009-06-14 arthur * [r939] debian/control: fix Vcs-Browser link 2009-06-12 arthur * [r938] AUTHORS, HACKING, README, configure.ac, debian/control, debian/copyright, man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: replace references to ch.tudelft.nl with arthurdejong.org * [r937] nslcd/nslcd.c: make error message a little clearer 2009-06-06 arthur * [r934] README, nslcd/alias.c, nslcd/ether.c, nslcd/group.c, nslcd/netgroup.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c, tests/test_nsscmds.sh: implement case-sensitive filtering for group, netgroup, passwd, protocols, rpc, services and shadow lookups * [r933] tests/README: fix wrapping * [r932] HACKING, tests/README, tests/test.ldif.gz, tests/test_nsscmds.sh: update and document test suite * [r931] nss/group.c: fix buffer check for user to groups mapping function * [r930] configure.ac: add --disable-sasl and --disable-kerberos configure options 2009-06-04 arthur * [r929] nslcd/myldap.c: also compile correctly if HAVE_LDAP_SASL_INTERACTIVE_BIND_S is not set * [r928] configure.ac: let configure --help show the correct behaviour 2009-06-03 arthur * [r926] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for 0.6.10 release * [r925] nslcd/cfg.c: remove SSL/TLS warning messages during startup * [r924] README: add note about creating a user to run nslcd * [r923] nslcd/Makefile.am, nslcd/common.h, nslcd/nslcd.c, nslcd/pam.c: import preliminary version of PAM functionality into nslcd * [r922] nslcd/common.h, nslcd/passwd.c: make lookup_dn2uid() available to other modules and split uid2dn() into uid2entry() and uid2dn() (from nss-pam-ldapd branch) * [r921] nslcd/myldap.c, nslcd/myldap.h: implement myldap_set_credentials() and myldap_cpy_dn() which will be used in the PAM lookups (from nss-pam-ldapd branch) * [r920] pam/pam.c: remove trailing spaces * [r919] nslcd.h, pam/pam.c: change PAM authorisation request to also include ruser, rhost and tty (based on OpenLDAP cvs, r916 in nss-pam-ldapd branch) * [r917] debian/control: add Richard A Nelson (Rick) to uploaders 2009-06-01 arthur * [r914] HACKING, README, man/nss-ldapd.conf.5.xml, nss-ldapd.conf: clean up documentation 2009-05-30 arthur * [r910] nslcd/cfg.c: don't look inside the passed variable get_strdup() because it could point to uninitialized memory 2009-05-29 arthur * [r908] pam/common.h, pam/pam.c: partially refactor to follow local coding convention and introduce READ_PAM_CODE macro (r896 from nss-pam-ldapd) * [r907] pam/pam.c: tabs to spaces (r889 from nss-pam-ldapd) * [r906] pam/common.h, pam/pam.c: make request-response functions simpler (r888 from nss-pam-ldapd) * [r905] common/Makefile.am: remove unneeded EXTRA_DIST * [r904] Makefile.am, common/Makefile.am, common/nslcd-prot.c, common/nslcd-prot.h, nslcd-common.h, nslcd/Makefile.am, nslcd/alias.c, nslcd/common.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c, nss/Makefile.am, nss/aliases.c, nss/common.c, nss/common.h, nss/ethers.c, nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c, nss/passwd.c, nss/protocols.c, nss/rpc.c, nss/services.c, nss/shadow.c, pam/Makefile.am, pam/common.h, pam/pam.c, tests/Makefile.am: refactor protocol reading and writing macros to the common directory, use more logical names and in the PAM module no longer use NSS status codes (import of r887 from nss-pam-ldapd) * [r903] tests/Makefile.am: add missing objects to test programs 2009-05-24 arthur * [r895] man/nss-ldapd.conf.5.xml: document that you can specify base option multiple times * [r894] Makefile.am: also build PAM module for make distcheck * [r893] nslcd/alias.c, nslcd/cfg.c, nslcd/common.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: initialise database modules only once after parsing config * [r892] AUTHORS, nslcd/alias.c, nslcd/attmap.c, nslcd/cfg.c, nslcd/cfg.h, nslcd/common.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c, tests/test_cfg.c, tests/test_myldap.c: support multiple search bases, partially based on a patch by Leigh Wedding * [r891] AUTHORS: don't mention Howard Chu twice 2009-05-23 arthur * [r890] debian/po/fi.po: added Finnish (fi) translation of debconf templates by Esko Arajärvi 2009-05-16 arthur * [r885] nss/common.h, pam/pam.c: quick fix for building PAM module 2009-05-09 arthur * [r881] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for 0.6.9 release * [r880] debian/libnss-ldapd.postinst: if base is blank disable the base option to let nslcd attempt search base autodiscovery * [r879] nss/common.h: also close any open stream on buffer error * [r878] nss/common.h, nss/group.c: check the buffer passed by Glibc for validity * [r877] nslcd-common.h: make sure that when writing a list of strings the number of strings is always checked when excluding an entry * [r876] ., AUTHORS, Makefile.am, configure.ac, debian, debian/copyright, nslcd.h, pam: import the PAM module from the nss-ldapd branch (r875) based on the OpenLDAP nssov tree and allow configuring which modules should be built (PAM module disabled by default) * [r872] configure.ac, nslcd/nslcd.c: according to autoupdate RETSIGTYPE can be considered void always 2009-05-08 arthur * [r868] debian/copyright: aggregate years 2009-05-07 arthur * [r867] INSTALL, config.guess, config.sub: include updated files * [r864] nslcd.h, nslcd/netgroup.c, nss/netgroup.c: prefix NETGROUP_TYPE macros with NSLCD_ * [r861] debian/po/gl.po: added Galician (gl) translation of debconf templates by Marce Villarino 2009-05-06 arthur * [r860] debian/po/es.po: updated Spanish (es) translation of debconf templates by Francisco Javier Cuadrado 2009-05-05 arthur * [r859] debian/po/ru.po: updated Russian (ru) translation of debconf templates by Yuri Kozlov * [r858] debian/po/ru.po: convert translation to UTF-8 2009-05-03 arthur * [r857] debian/po/sv.po: updated Swedish (sv) translation of debconf templates by Martin Ågren 2009-05-02 arthur * [r856] debian/po/fr.po: updated French (fr) translation of debconf templates by Guillaume Delacour 2009-05-01 arthur * [r855] debian/po/it.po: fix incorrect references to nss-ldap (without the d at the end) * [r854] man/nslcd.8.xml: document that you can specify -d multiple times * [r853] nslcd/cfg.c, nslcd/cfg.h, nslcd/myldap.c: set most SSL/TLS related options globally instead of per connection 2009-04-30 arthur * [r852] nslcd/cfg.c, nslcd/cfg.h, nslcd/myldap.c, nslcd/myldap.h, nslcd/nslcd.c: move debugging initialisation to myldap_set_debuglevel() function 2009-04-27 arthur * [r851] debian/po/it.po: added Italian (it) translation of debconf templates by Vincenzo Campanella 2009-04-25 arthur * [r850] nslcd/myldap.c: produce more logging and get OpenLDAP logging working by logging to stderr (and implement temporary workaround for reqcert problems) * [r849] nslcd/cfg.h: include ldap.h to ensure that struct ldap_config will be the same in every file * [r848] nslcd/myldap.c: clear errno before ldap calls to get usable returned errno * [r847] debian/po/pt.po: updated Portuguese (pt) translation of debconf templates by Américo Monteiro 2009-04-22 arthur * [r846] debian/libnss-ldapd.templates, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fr.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po: fix spelling in English debconf template (thanks Vincenzo Campanella) * [r845] debian/po/ja.po: updated Japanese (ja) translation of debconf templates by Kenshi Muto * [r844] debian/po/da.po: updated Danish (da) translation of debconf templates by Jonas Smedegaard 2009-04-21 arthur * [r843] debian/libnss-ldapd.postrm, debian/libnss-ldapd.templates, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fr.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po: ask on removal and on purge whether to edit /etc/nsswitch.conf and remove ldap entries 2009-04-19 arthur * [r834] nslcd.h, nslcd/alias.c, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c, nss/common.h, nss/group.c: clear up protocol description in nslcd.h, renaming NSLCD_RESULT_SUCCESS to NSLCD_RESULT_BEGIN 2009-04-17 arthur * [r830] nslcd.h: include definitions of PAM-related actions from current OpenLDAP work in nssov * [r829] debian/libnss-ldapd.postrm: fix spelling in comment 2009-04-04 arthur * [r828] debian/libnss-ldapd.postrm: remove /var/run/nslcd on package removal 2009-03-31 arthur * [r827] debian/changelog: add CVE identifier 2009-03-22 arthur * [r825] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for 0.6.8 release * [r824] README, debian/copyright: update copyright year * [r823] nslcd/nslcd.c: update copyright year * [r822] debian/compat, debian/control, debian/rules: upgrade to debhelper compatibility level 7 * [r821] debian/control: upgrade to standards-version 3.8.1 (no changes needed) * [r820] Makefile.am, debian/libnss-ldapd.lintian-overrides, debian/rules: add lintian override for missing shlibs and symbols control files (we are a shared library that should not be directly linked to) 2009-03-21 arthur * [r818] NEWS: fix version numbers in NEWS file * [r817] nss-ldapd.conf: add a note about permissions of nss-ldapd.conf when using the bindpw option * [r816] debian/libnss-ldapd.postinst: instead of bindpw check always create config file with proper permissions and fix permissions once on upgrade 2009-03-20 arthur * [r814] debian/libnss-ldapd.postinst: add bindpw-related warning message to default installed config file * [r813] debian/libnss-ldapd.postinst: fix permissions of configfile if passwords are stored 2009-03-15 arthur * [r812] debian/control: follow change in override file 2009-02-27 arthur * [r811] debian/control: use misc:Depends to generate debconf dependency * [r810] nslcd/common.c: check user and group names against LOGIN_NAME_MAX if it is defined * [r809] man/Makefile.am: generate utf-8 encoded manual page (no non-ascii characters used at the moment) * [r808] nslcd/passwd.c: add some more documentation 2009-01-30 arthur * [r807] compat/getpeercred.c: fix for getpeercred() on Solaris by David Bartley nss-pam-ldapd-0.8.13/configure0000755000175000001440000110237512141445267013106 00000000000000#! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.69 for nss-pam-ldapd 0.8.13. # # Report bugs to . # # Copyright (C) 2006 Luke Howard # Copyright (C) 2006 West Consulting # Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong # # This configure script is derived from configure.ac which is free software; # you can redistribute it and/or modify it under the terms of the GNU Lesser # General Public License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. See the # configure.ac file for more details. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. # # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # Use a proper internal environment variable to ensure we don't fall # into an infinite loop, continuously re-executing ourselves. if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then _as_can_reexec=no; export _as_can_reexec; # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 as_fn_exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } as_fn_failure () { as_fn_return 1; } as_fn_ret_success () { return 0; } as_fn_ret_failure () { return 1; } exitcode=0 as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : else exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null; then : as_have_required=yes else as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. as_shell=$as_dir/$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : CONFIG_SHELL=$as_shell as_have_required=yes if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : break 2 fi fi done;; esac as_found=false done $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : CONFIG_SHELL=$SHELL as_have_required=yes fi; } IFS=$as_save_IFS if test "x$CONFIG_SHELL" != x; then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi if test x$as_have_required = xno; then : $as_echo "$0: This script requires a shell more modern than all" $as_echo "$0: the shells that I found on your system." if test x${ZSH_VERSION+set} = xset ; then $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org and $0: nss-pam-ldapd-users@lists.arthurdejong.org about your $0: system, including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." fi exit 1 fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. CLICOLOR_FORCE= GREP_OPTIONS= unset CLICOLOR_FORCE GREP_OPTIONS ## --------------------- ## ## M4sh Shell Functions. ## ## --------------------- ## # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_lineno_1=$LINENO as_lineno_1a=$LINENO as_lineno_2=$LINENO as_lineno_2a=$LINENO eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall # in an infinite loop. This has already happened in practice. _as_can_reexec=no; export _as_can_reexec # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` # # Initializations. # ac_default_prefix=/usr/local ac_clean_files= ac_config_libobj_dir=. LIBOBJS= cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= # Identity of this package. PACKAGE_NAME='nss-pam-ldapd' PACKAGE_TARNAME='nss-pam-ldapd' PACKAGE_VERSION='0.8.13' PACKAGE_STRING='nss-pam-ldapd 0.8.13' PACKAGE_BUGREPORT='nss-pam-ldapd-users@lists.arthurdejong.org' PACKAGE_URL='http://arthurdejong.org/nss-pam-ldapd/' ac_unique_file="nslcd.h" ac_default_prefix= ac_config_libobj_dir=compat # Factoring default headers for most tests. ac_includes_default="\ #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_STAT_H # include #endif #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif #ifdef HAVE_STRING_H # if !defined STDC_HEADERS && defined HAVE_MEMORY_H # include # endif # include #endif #ifdef HAVE_STRINGS_H # include #endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif #ifdef HAVE_UNISTD_H # include #endif" ac_subst_vars='am__EXEEXT_FALSE am__EXEEXT_TRUE LTLIBOBJS NSS_FLAVOUR_FREEBSD_FALSE NSS_FLAVOUR_FREEBSD_TRUE NSS_FLAVOUR_SOLARIS_FALSE NSS_FLAVOUR_SOLARIS_TRUE NSS_FLAVOUR_GLIBC_FALSE NSS_FLAVOUR_GLIBC_TRUE pkgpyexecdir pyexecdir pkgpythondir pythondir PYTHON_PLATFORM PYTHON_EXEC_PREFIX PYTHON_PREFIX PYTHON_VERSION PYTHON nslcd_LIBS PTHREAD_CFLAGS PTHREAD_LIBS PTHREAD_CC ax_pthread_config pam_ldap_so_LINK pam_ldap_so_LDFLAGS LIBOBJS nss_ldap_so_LINK nss_ldap_so_LDFLAGS NSS_MODULE_OBJS PAM_LDAP_SONAME NSS_LDAP_SONAME PAM_SECLIB_DIR NSLCD_SOCKET NSLCD_PIDFILE NSLCD_BINDPW_PATH NSLCD_CONF_PATH ENABLE_PYNSLCD_FALSE ENABLE_PYNSLCD_TRUE ENABLE_NSLCD_FALSE ENABLE_NSLCD_TRUE ENABLE_PAM_FALSE ENABLE_PAM_TRUE ENABLE_NSS_FALSE ENABLE_NSS_TRUE MAINT MAINTAINER_MODE_FALSE MAINTAINER_MODE_TRUE GENMAN_FALSE GENMAN_TRUE DOCBOOK2X_MAN LN_S EGREP GREP RANLIB CPP am__fastdepCC_FALSE am__fastdepCC_TRUE CCDEPMODE am__nodep AMDEPBACKSLASH AMDEP_FALSE AMDEP_TRUE am__quote am__include DEPDIR OBJEXT EXEEXT ac_ct_CC CPPFLAGS LDFLAGS CFLAGS CC am__untar am__tar AMTAR am__leading_dot SET_MAKE AWK mkdir_p MKDIR_P INSTALL_STRIP_PROGRAM STRIP install_sh MAKEINFO AUTOHEADER AUTOMAKE AUTOCONF ACLOCAL VERSION PACKAGE CYGPATH_W am__isrc INSTALL_DATA INSTALL_SCRIPT INSTALL_PROGRAM target_os target_vendor target_cpu target host_os host_vendor host_cpu host build_os build_vendor build_cpu build RELEASE_MONTH target_alias host_alias build_alias LIBS ECHO_T ECHO_N ECHO_C DEFS mandir localedir libdir psdir pdfdir dvidir htmldir infodir docdir oldincludedir includedir localstatedir sharedstatedir sysconfdir datadir datarootdir libexecdir sbindir bindir program_transform_name prefix exec_prefix PACKAGE_URL PACKAGE_BUGREPORT PACKAGE_STRING PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking enable_dependency_tracking enable_debug enable_warnings enable_maintainer_mode enable_nss enable_pam enable_nslcd enable_pynslcd enable_sasl enable_kerberos enable_configfile_checking with_ldap_conf_file with_bindpw_file with_nslcd_pidfile with_nslcd_socket with_pam_seclib_dir with_nss_ldap_soname with_pam_ldap_soname with_nss_maps with_nss_flavour with_ldap_lib ' ac_precious_vars='build_alias host_alias target_alias CC CFLAGS LDFLAGS LIBS CPPFLAGS CPP PYTHON' # Initialize some variables set by options. ac_init_help= ac_init_version=false ac_unrecognized_opts= ac_unrecognized_sep= # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. # (The list follows the same order as the GNU Coding Standards.) bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datarootdir='${prefix}/share' datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' pdfdir='${docdir}' psdir='${docdir}' libdir='${exec_prefix}/lib' localedir='${datarootdir}/locale' mandir='${datarootdir}/man' ac_prev= ac_dashdash= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval $ac_prev=\$ac_option ac_prev= continue fi case $ac_option in *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; *=) ac_optarg= ;; *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=*) datadir=$ac_optarg ;; -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | --dataroo | --dataro | --datar) ac_prev=datarootdir ;; -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) datarootdir=$ac_optarg ;; -disable-* | --disable-*) ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=no ;; -docdir | --docdir | --docdi | --doc | --do) ac_prev=docdir ;; -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) docdir=$ac_optarg ;; -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) ac_prev=dvidir ;; -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) dvidir=$ac_optarg ;; -enable-* | --enable-*) ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=\$ac_optarg ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) ac_prev=htmldir ;; -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | --ht=*) htmldir=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localedir | --localedir | --localedi | --localed | --locale) ac_prev=localedir ;; -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) localedir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst | --locals) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) ac_prev=pdfdir ;; -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) pdfdir=$ac_optarg ;; -psdir | --psdir | --psdi | --psd | --ps) ac_prev=psdir ;; -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) psdir=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=\$ac_optarg ;; -without-* | --without-*) ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=no ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) as_fn_error $? "unrecognized option: \`$ac_option' Try \`$0 --help' for more information" ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` as_fn_error $? "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi # Check all directory arguments for consistency. for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. case $ac_val in */ ) ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` eval $ac_var=\$ac_val;; esac # Be sure to have absolute directory names. case $ac_val in [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || as_fn_error $? "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || as_fn_error $? "pwd does not report name of working directory" # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. ac_confdir=`$as_dirname -- "$as_myself" || $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` srcdir=$ac_confdir if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then srcdir=. fi # Remove unnecessary trailing slashes from srcdir. # Double slashes in file names in object file debugging info # mess up M-x gdb in Emacs. case $srcdir in */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; esac for ac_var in $ac_precious_vars; do eval ac_env_${ac_var}_set=\${${ac_var}+set} eval ac_env_${ac_var}_value=\$${ac_var} eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} eval ac_cv_env_${ac_var}_value=\$${ac_var} done # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures nss-pam-ldapd 0.8.13 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking ...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/nss-pam-ldapd] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF Program names: --program-prefix=PREFIX prepend PREFIX to installed program names --program-suffix=SUFFIX append SUFFIX to installed program names --program-transform-name=PROGRAM run sed PROGRAM on installed program names System types: --build=BUILD configure for building on BUILD [guessed] --host=HOST cross-compile to build programs to run on HOST [BUILD] --target=TARGET configure for building compilers for TARGET [HOST] _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in short | recursive ) echo "Configuration of nss-pam-ldapd 0.8.13:";; esac cat <<\_ACEOF Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --disable-dependency-tracking speeds up one-time build --enable-dependency-tracking do not reject slow dependency extractors --enable-debug enable extensive debugging and logging --enable-warnings enable extra compiler warnings (gcc) --disable-maintainer-mode disable make rules and dependencies not useful (and sometimes confusing) to the casual installer --disable-nss build the NSS module [[default=enabled]] --disable-pam build the PAM module [[default=enabled]] --disable-nslcd build the nslcd daemon [[default=enabled]] --enable-pynslcd build the pynslcd daemon [[default=disabled]] --disable-sasl disable SASL support [[default=enabled]] --disable-kerberos disable Kerberos support [[default=enabled]] --disable-configfile-checking check configfile options [[default=enabled]] Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-ldap-conf-file=PATH path to nslcd configuration file [/etc/nslcd.conf] --with-bindpw-file=PATH path to file with value for bindpw [disabled] --with-nslcd-pidfile=PATH path to pidfile [/var/run/nslcd/nslcd.pid] --with-nslcd-socket=PATH path to socket [/var/run/nslcd/socket] --with-pam-seclib-dir=PAM_SECLIB_DIR path to PAM security library [auto] --with-nss-ldap-soname=SONAME name of NSS module [auto] --with-pam-ldap-soname=SONAME name of PAM module [auto] --with-nss-maps=MAP LIST comma separated list of NSS maps to build [all] --with-nss-flavour=auto|glibc|solaris|freebsd the libc flavour to build our NSS module for [auto] --with-ldap-lib=TYPE select ldap library (auto|netscape5|netscape4|netscape3|umich|openldap) [auto] Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory LIBS libraries to pass to the linker, e.g. -l CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor PYTHON the Python interpreter Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to . nss-pam-ldapd home page: . _ACEOF ac_status=$? fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d "$ac_dir" || { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } # Check for guested configure. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive elif test -f "$ac_srcdir/configure"; then echo && $SHELL "$ac_srcdir/configure" --help=recursive else $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF nss-pam-ldapd configure 0.8.13 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. Copyright (C) 2006 Luke Howard Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong This configure script is derived from configure.ac which is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. See the configure.ac file for more details. _ACEOF exit fi ## ------------------------ ## ## Autoconf initialization. ## ## ------------------------ ## # ac_fn_c_try_compile LINENO # -------------------------- # Try to compile conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_compile # ac_fn_c_try_cpp LINENO # ---------------------- # Try to preprocess conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_cpp () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } > conftest.i && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_cpp # ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists, giving a warning if it cannot be compiled using # the include files in INCLUDES and setting the cache variable VAR # accordingly. ac_fn_c_check_header_mongrel () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if eval \${$3+:} false; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } else # Is the header compilable? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 $as_echo_n "checking $2 usability... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_header_compiler=yes else ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 $as_echo_n "checking $2 presence... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <$2> _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : ac_header_preproc=yes else ac_header_preproc=no fi rm -f conftest.err conftest.i conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( yes:no: ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ;; no:yes:* ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ( $as_echo "## --------------------------------------------------------- ## ## Report this to nss-pam-ldapd-users@lists.arthurdejong.org ## ## --------------------------------------------------------- ##" ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=\$ac_header_compiler" fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_mongrel # ac_fn_c_try_run LINENO # ---------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes # that executables *can* be run. ac_fn_c_try_run () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then : ac_retval=0 else $as_echo "$as_me: program exited with status $ac_status" >&5 $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=$ac_status fi rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_run # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists and can be compiled using the include files in # INCLUDES, setting the cache variable VAR accordingly. ac_fn_c_check_header_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_compile # ac_fn_c_try_link LINENO # ----------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_link () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext conftest$ac_exeext if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || test -x conftest$ac_exeext }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would # interfere with the next link command; also delete a directory that is # left behind by Apple's compiler. We do this before executing the actions. rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_link # ac_fn_c_check_func LINENO FUNC VAR # ---------------------------------- # Tests whether FUNC exists, setting the cache variable VAR accordingly ac_fn_c_check_func () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define $2 to an innocuous variant, in case declares $2. For example, HP-UX 11i declares gettimeofday. */ #define $2 innocuous_$2 /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $2 (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $2 /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $2 (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$2 || defined __stub___$2 choke me #endif int main () { return $2 (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_func # ac_fn_c_check_type LINENO TYPE VAR INCLUDES # ------------------------------------------- # Tests whether TYPE exists after having included INCLUDES, setting cache # variable VAR accordingly. ac_fn_c_check_type () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof ($2)) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof (($2))) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else eval "$3=yes" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_type # ac_fn_c_find_intX_t LINENO BITS VAR # ----------------------------------- # Finds a signed integer type with width BITS, setting cache variable VAR # accordingly. ac_fn_c_find_intX_t () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for int$2_t" >&5 $as_echo_n "checking for int$2_t... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=no" # Order is important - never check a type that is potentially smaller # than half of the expected target width. for ac_type in int$2_t 'int' 'long int' \ 'long long int' 'short int' 'signed char'; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default enum { N = $2 / 2 - 1 }; int main () { static int test_array [1 - 2 * !(0 < ($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 1))]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default enum { N = $2 / 2 - 1 }; int main () { static int test_array [1 - 2 * !(($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 1) < ($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 2))]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else case $ac_type in #( int$2_t) : eval "$3=yes" ;; #( *) : eval "$3=\$ac_type" ;; esac fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if eval test \"x\$"$3"\" = x"no"; then : else break fi done fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_find_intX_t # ac_fn_c_find_uintX_t LINENO BITS VAR # ------------------------------------ # Finds an unsigned integer type with width BITS, setting cache variable VAR # accordingly. ac_fn_c_find_uintX_t () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uint$2_t" >&5 $as_echo_n "checking for uint$2_t... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=no" # Order is important - never check a type that is potentially smaller # than half of the expected target width. for ac_type in uint$2_t 'unsigned int' 'unsigned long int' \ 'unsigned long long int' 'unsigned short int' 'unsigned char'; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main () { static int test_array [1 - 2 * !((($ac_type) -1 >> ($2 / 2 - 1)) >> ($2 / 2 - 1) == 3)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : case $ac_type in #( uint$2_t) : eval "$3=yes" ;; #( *) : eval "$3=\$ac_type" ;; esac fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if eval test \"x\$"$3"\" = x"no"; then : else break fi done fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_find_uintX_t # ac_fn_c_compute_int LINENO EXPR VAR INCLUDES # -------------------------------------------- # Tries to find the compile-time value of EXPR in a program that includes # INCLUDES, setting VAR accordingly. Returns whether the value could be # computed ac_fn_c_compute_int () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if test "$cross_compiling" = yes; then # Depending upon the size, compute the lo and hi bounds. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) >= 0)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_lo=0 ac_mid=0 while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) <= $ac_mid)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_hi=$ac_mid; break else as_fn_arith $ac_mid + 1 && ac_lo=$as_val if test $ac_lo -le $ac_mid; then ac_lo= ac_hi= break fi as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) < 0)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_hi=-1 ac_mid=-1 while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) >= $ac_mid)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_lo=$ac_mid; break else as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val if test $ac_mid -le $ac_hi; then ac_lo= ac_hi= break fi as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done else ac_lo= ac_hi= fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext # Binary search between lo and hi bounds. while test "x$ac_lo" != "x$ac_hi"; do as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) <= $ac_mid)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_hi=$ac_mid else as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done case $ac_lo in #(( ?*) eval "$3=\$ac_lo"; ac_retval=0 ;; '') ac_retval=1 ;; esac else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 static long int longval () { return $2; } static unsigned long int ulongval () { return $2; } #include #include int main () { FILE *f = fopen ("conftest.val", "w"); if (! f) return 1; if (($2) < 0) { long int i = longval (); if (i != ($2)) return 1; fprintf (f, "%ld", i); } else { unsigned long int i = ulongval (); if (i != ($2)) return 1; fprintf (f, "%lu", i); } /* Do not output a trailing newline, as this causes \r\n confusion on some platforms. */ return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : echo >>conftest.val; read $3 &5 $as_echo_n "checking whether $as_decl_name is declared... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { #ifndef $as_decl_name #ifdef __cplusplus (void) $as_decl_use; #else (void) $as_decl_name; #endif #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_decl # ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES # ---------------------------------------------------- # Tries to find if the field MEMBER exists in type AGGR, after including # INCLUDES, setting cache variable VAR accordingly. ac_fn_c_check_member () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 $as_echo_n "checking for $2.$3... " >&6; } if eval \${$4+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int main () { static $2 ac_aggr; if (ac_aggr.$3) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$4=yes" else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int main () { static $2 ac_aggr; if (sizeof ac_aggr.$3) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$4=yes" else eval "$4=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$4 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_member cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by nss-pam-ldapd $as_me 0.8.13, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ _ACEOF exec 5>>config.log { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; 2) as_fn_append ac_configure_args1 " '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi as_fn_append ac_configure_args " '$ac_arg'" ;; esac done done { ac_configure_args0=; unset ac_configure_args0;} { ac_configure_args1=; unset ac_configure_args1;} # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo $as_echo "## ---------------- ## ## Cache variables. ## ## ---------------- ##" echo # The following way of writing the cache mishandles newlines in values, ( for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( *${as_nl}ac_space=\ *) sed -n \ "s/'\''/'\''\\\\'\'''\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" ;; #( *) sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) echo $as_echo "## ----------------- ## ## Output variables. ## ## ----------------- ##" echo for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then $as_echo "## ------------------- ## ## File substitutions. ## ## ------------------- ##" echo for ac_var in $ac_subst_files do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then $as_echo "## ----------- ## ## confdefs.h. ## ## ----------- ##" echo cat confdefs.h echo fi test "$ac_signal" != 0 && $as_echo "$as_me: caught signal $ac_signal" $as_echo "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h $as_echo "/* confdefs.h */" > confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_URL "$PACKAGE_URL" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then # We do not want a PATH search for config.site. case $CONFIG_SITE in #(( -*) ac_site_file1=./$CONFIG_SITE;; */*) ac_site_file1=$CONFIG_SITE;; *) ac_site_file1=./$CONFIG_SITE;; esac elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site else ac_site_file1=$ac_default_prefix/share/config.site ac_site_file2=$ac_default_prefix/etc/config.site fi for ac_site_file in "$ac_site_file1" "$ac_site_file2" do test "x$ac_site_file" = xNONE && continue if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file See \`config.log' for more details" "$LINENO" 5; } fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special files # actually), so we avoid doing that. DJGPP emulates it as a regular file. if test /dev/null != "$cache_file" && test -f "$cache_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in $ac_precious_vars; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then # differences in whitespace do not lead to failure. ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 $as_echo "$as_me: former value: \`$ac_old_val'" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) as_fn_append ac_configure_args " '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## ## -------------------- ## ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu RELEASE_MONTH="May 2013" # some initialisation ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do if test -f "$ac_dir/install-sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f "$ac_dir/install.sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break elif test -f "$ac_dir/shtool"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/shtool install -c" break fi done if test -z "$ac_aux_dir"; then as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 fi # These three variables are undocumented and unsupported, # and are intended to be withdrawn in a future Autoconf release. # They can cause serious problems if a builder's source tree is in a directory # whose full name contains unusual characters. ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 $as_echo_n "checking build system type... " >&6; } if ${ac_cv_build+:} false; then : $as_echo_n "(cached) " >&6 else ac_build_alias=$build_alias test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` test "x$ac_build_alias" = x && as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 $as_echo "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; *) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; esac build=$ac_cv_build ac_save_IFS=$IFS; IFS='-' set x $ac_cv_build shift build_cpu=$1 build_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: build_os=$* IFS=$ac_save_IFS case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 $as_echo_n "checking host system type... " >&6; } if ${ac_cv_host+:} false; then : $as_echo_n "(cached) " >&6 else if test "x$host_alias" = x; then ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 $as_echo "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; *) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; esac host=$ac_cv_host ac_save_IFS=$IFS; IFS='-' set x $ac_cv_host shift host_cpu=$1 host_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: host_os=$* IFS=$ac_save_IFS case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking target system type" >&5 $as_echo_n "checking target system type... " >&6; } if ${ac_cv_target+:} false; then : $as_echo_n "(cached) " >&6 else if test "x$target_alias" = x; then ac_cv_target=$ac_cv_host else ac_cv_target=`$SHELL "$ac_aux_dir/config.sub" $target_alias` || as_fn_error $? "$SHELL $ac_aux_dir/config.sub $target_alias failed" "$LINENO" 5 fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_target" >&5 $as_echo "$ac_cv_target" >&6; } case $ac_cv_target in *-*-*) ;; *) as_fn_error $? "invalid value of canonical target" "$LINENO" 5;; esac target=$ac_cv_target ac_save_IFS=$IFS; IFS='-' set x $ac_cv_target shift target_cpu=$1 target_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: target_os=$* IFS=$ac_save_IFS case $target_os in *\ *) target_os=`echo "$target_os" | sed 's/ /-/g'`;; esac # The aliases save the names the user supplied, while $host etc. # will get canonicalized. test -n "$target_alias" && test "$program_prefix$program_suffix$program_transform_name" = \ NONENONEs,x,x, && program_prefix=${target_alias}- # display notice and initialize automake { $as_echo "$as_me:${as_lineno-$LINENO}: configuring nss-pam-ldapd 0.8.13" >&5 $as_echo "$as_me: configuring nss-pam-ldapd 0.8.13" >&6;} am__api_version='1.11' # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AmigaOS /C/install, which installs bootblocks on floppy discs # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. # Reject install programs that cannot install multiple files. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 $as_echo_n "checking for a BSD-compatible install... " >&6; } if test -z "$INSTALL"; then if ${ac_cv_path_install+:} false; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. # Account for people who put trailing slashes in PATH elements. case $as_dir/ in #(( ./ | .// | /[cC]/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else rm -rf conftest.one conftest.two conftest.dir echo one > conftest.one echo two > conftest.two mkdir conftest.dir if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && test -s conftest.one && test -s conftest.two && test -s conftest.dir/conftest.one && test -s conftest.dir/conftest.two then ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" break 3 fi fi fi done done ;; esac done IFS=$as_save_IFS rm -rf conftest.one conftest.two conftest.dir fi if test "${ac_cv_path_install+set}" = set; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. Don't cache a # value for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. INSTALL=$ac_install_sh fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 $as_echo "$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 $as_echo_n "checking whether build environment is sane... " >&6; } # Just in case sleep 1 echo timestamp > conftest.file # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' ' case `pwd` in *[\\\"\#\$\&\'\`$am_lf]*) as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;; esac case $srcdir in *[\\\"\#\$\&\'\`$am_lf\ \ ]*) as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;; esac # Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$*" = "X"; then # -L didn't work. set X `ls -t "$srcdir/configure" conftest.file` fi rm -f conftest.file if test "$*" != "X $srcdir/configure conftest.file" \ && test "$*" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". as_fn_error $? "ls -t appears to fail. Make sure there is not a broken alias in your environment" "$LINENO" 5 fi test "$2" = conftest.file ) then # Ok. : else as_fn_error $? "newly created file is older than distributed files! Check your system clock" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } test "$program_prefix" != NONE && program_transform_name="s&^&$program_prefix&;$program_transform_name" # Use a double $ so make ignores it. test "$program_suffix" != NONE && program_transform_name="s&\$&$program_suffix&;$program_transform_name" # Double any \ or $. # By default was `s,x,x', remove it if useless. ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` if test x"${MISSING+set}" != xset; then case $am_aux_dir in *\ * | *\ *) MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; *) MISSING="\${SHELL} $am_aux_dir/missing" ;; esac fi # Use eval to expand $SHELL if eval "$MISSING --run true"; then am_missing_run="$MISSING --run " else am_missing_run= { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5 $as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} fi if test x"${install_sh}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; *) install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi # Installed binaries are usually stripped using `strip' when the user # run `make install-strip'. However `strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the `STRIP' environment variable to overrule this program. if test "$cross_compiling" != no; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 $as_echo "$STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 $as_echo "$ac_ct_STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_STRIP" = x; then STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP fi else STRIP="$ac_cv_prog_STRIP" fi fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 $as_echo_n "checking for a thread-safe mkdir -p... " >&6; } if test -z "$MKDIR_P"; then if ${ac_cv_path_mkdir+:} false; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in mkdir gmkdir; do for ac_exec_ext in '' $ac_executable_extensions; do as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( 'mkdir (GNU coreutils) '* | \ 'mkdir (coreutils) '* | \ 'mkdir (fileutils) '4.1*) ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext break 3;; esac done done done IFS=$as_save_IFS fi test -d ./--version && rmdir ./--version if test "${ac_cv_path_mkdir+set}" = set; then MKDIR_P="$ac_cv_path_mkdir -p" else # As a last resort, use the slow shell script. Don't cache a # value for MKDIR_P within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. MKDIR_P="$ac_install_sh -d" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 $as_echo "$MKDIR_P" >&6; } mkdir_p="$MKDIR_P" case $mkdir_p in [\\/$]* | ?:[\\/]*) ;; */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; esac for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_AWK+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AWK="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 $as_echo "$AWK" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AWK" && break done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering ...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } SET_MAKE= else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." am__isrc=' -I$(srcdir)' # test to see if srcdir already configured if test -f $srcdir/config.status; then as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 fi fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi # Define the identity of the package. PACKAGE=nss-pam-ldapd VERSION=0.8.13 cat >>confdefs.h <<_ACEOF #define PACKAGE "$PACKAGE" _ACEOF cat >>confdefs.h <<_ACEOF #define VERSION "$VERSION" _ACEOF # Some tools Automake needs. ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} # We need awk for the "check" target. The system "awk" is bad on # some platforms. # Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AMTAR='$${TAR-tar}' am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -' # create a config.h file (Automake will add -DHAVE_CONFIG_H) ac_config_headers="$ac_config_headers config.h" # check for programs ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl.exe do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl.exe do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_CC" && break done if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi fi fi test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH See \`config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 for ac_option in --version -v -V -qversion; do { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? if test -s conftest.err; then sed '10a\ ... rest of stderr output deleted ... 10q' conftest.err >conftest.er1 cat conftest.er1 >&5 fi rm -f conftest.er1 conftest.err $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 $as_echo_n "checking whether the C compiler works... " >&6; } ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # The possible output files: ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" ac_rmfiles= for ac_file in $ac_files do case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; * ) ac_rmfiles="$ac_rmfiles $ac_file";; esac done rm -f $ac_rmfiles if { { ac_try="$ac_link_default" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link_default") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. for ac_file in $ac_files '' do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not # safe: cross compilers may not add the suffix if given an `-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. break;; * ) break;; esac done test "$ac_cv_exeext" = no && ac_cv_exeext= else ac_file='' fi if test -z "$ac_file"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables See \`config.log' for more details" "$LINENO" 5; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 $as_echo_n "checking for C compiler default output file name... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 $as_echo "$ac_file" >&6; } ac_exeext=$ac_cv_exeext rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 $as_echo_n "checking for suffix of executables... " >&6; } if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with # `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest conftest$ac_cv_exeext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 $as_echo "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { FILE *f = fopen ("conftest.out", "w"); return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF ac_clean_files="$ac_clean_files conftest.out" # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 $as_echo_n "checking whether we are cross compiling... " >&6; } if test "$cross_compiling" != yes; then { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if { ac_try='./conftest$ac_cv_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details" "$LINENO" 5; } fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 $as_echo "$cross_compiling" >&6; } rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 $as_echo_n "checking for suffix of object files... " >&6; } if ${ac_cv_objext+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.o conftest.obj if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 $as_echo "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 $as_echo_n "checking whether we are using the GNU C compiler... " >&6; } if ${ac_cv_c_compiler_gnu+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_compiler_gnu=yes else ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 $as_echo "$ac_cv_c_compiler_gnu" >&6; } if test $ac_compiler_gnu = yes; then GCC=yes else GCC= fi ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 $as_echo_n "checking whether $CC accepts -g... " >&6; } if ${ac_cv_prog_cc_g+:} false; then : $as_echo_n "(cached) " >&6 else ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes else CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 $as_echo "$ac_cv_prog_cc_g" >&6; } if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } if ${ac_cv_prog_cc_c89+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include struct stat; /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters inside strings and character constants. */ #define FOO(x) 'x' int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_c89=$ac_arg fi rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 $as_echo "none needed" >&6; } ;; xno) { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 $as_echo "unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; esac if test "x$ac_cv_prog_cc_c89" != xno; then : fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu DEPDIR="${am__leading_dot}deps" ac_config_commands="$ac_config_commands depfiles" am_make=${MAKE-make} cat > confinc << 'END' am__doit: @echo this is the am__doit target .PHONY: am__doit END # If we don't find an include directive, just comment out the code. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5 $as_echo_n "checking for style of include used by $am_make... " >&6; } am__include="#" am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf # Ignore all kinds of additional output from `make'. case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=include am__quote= _am_result=GNU ;; esac # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=.include am__quote="\"" _am_result=BSD ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5 $as_echo "$_am_result" >&6; } rm -f confinc confmf # Check whether --enable-dependency-tracking was given. if test "${enable_dependency_tracking+set}" = set; then : enableval=$enable_dependency_tracking; fi if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' am__nodep='_no' fi if test "x$enable_dependency_tracking" != xno; then AMDEP_TRUE= AMDEP_FALSE='#' else AMDEP_TRUE='#' AMDEP_FALSE= fi depcc="$CC" am_compiler_list= { $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 $as_echo_n "checking dependency style of $depcc... " >&6; } if ${am_cv_CC_dependencies_compiler_type+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named `D' -- because `-MD' means `put the output # in D'. rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. cp "$am_depcomp" conftest.dir cd conftest.dir # We will build objects and dependencies in a subdirectory because # it helps to detect inapplicable dependency modes. For instance # both Tru64's cc and ICC support -MD to output dependencies as a # side effect of compilation, but ICC will put the dependencies in # the current directory while Tru64 will put them in the object # directory. mkdir sub am_cv_CC_dependencies_compiler_type=none if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` fi am__universal=false case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and # we should not choose a depcomp mode which is confused by this. # # We need to recreate these files for each test, as the compiler may # overwrite some of them when testing with obscure command lines. # This happens at least with the AIX C compiler. : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with # Solaris 8's {/usr,}/bin/sh. touch sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf # We check with `-c' and `-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly # handle `-M -o', and we need to detect this. Also, some Intel # versions had trouble with output in subdirs am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in gcc) # This depmode causes a compiler race in universal mode. test "$am__universal" = false || continue ;; nosideeffect) # after this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; msvc7 | msvc7msys | msvisualcpp | msvcmsys) # This compiler won't grok `-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} am__minus_obj= ;; none) break ;; esac if depmode=$depmode \ source=sub/conftest.c object=$am__obj \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && grep $am__obj sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. # When given -MP, icc 7.0 and 7.1 complain thusly: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported if (grep 'ignoring option' conftest.err || grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else am_cv_CC_dependencies_compiler_type=$depmode break fi fi done cd .. rm -rf conftest.dir else am_cv_CC_dependencies_compiler_type=none fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 $as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type if test "x$enable_dependency_tracking" != xno \ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then am__fastdepCC_TRUE= am__fastdepCC_FALSE='#' else am__fastdepCC_TRUE='#' am__fastdepCC_FALSE= fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 $as_echo_n "checking how to run the C preprocessor... " >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if ${ac_cv_prog_CPP+:} false; then : $as_echo_n "(cached) " >&6 else # Double quotes because CPP needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : break fi done ac_cv_prog_CPP=$CPP fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 $as_echo "$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details" "$LINENO" 5; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_RANLIB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 $as_echo "$RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_RANLIB"; then ac_ct_RANLIB=$RANLIB # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_RANLIB="ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 $as_echo "$ac_ct_RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_RANLIB" = x; then RANLIB=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac RANLIB=$ac_ct_RANLIB fi else RANLIB="$ac_cv_prog_RANLIB" fi if test "x$CC" != xcc; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC and cc understand -c and -o together" >&5 $as_echo_n "checking whether $CC and cc understand -c and -o together... " >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether cc understands -c and -o together" >&5 $as_echo_n "checking whether cc understands -c and -o together... " >&6; } fi set dummy $CC; ac_cc=`$as_echo "$2" | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'` if eval \${ac_cv_prog_cc_${ac_cc}_c_o+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF # Make sure it works both with $CC and with simple cc. # We do the test twice because some compilers refuse to overwrite an # existing .o file with -o, though they will create one. ac_try='$CC -c conftest.$ac_ext -o conftest2.$ac_objext >&5' rm -f conftest2.* if { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -f conftest2.$ac_objext && { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then eval ac_cv_prog_cc_${ac_cc}_c_o=yes if test "x$CC" != xcc; then # Test first that cc exists at all. if { ac_try='cc -c conftest.$ac_ext >&5' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then ac_try='cc -c conftest.$ac_ext -o conftest2.$ac_objext >&5' rm -f conftest2.* if { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -f conftest2.$ac_objext && { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then # cc works too. : else # cc exists but doesn't like -o. eval ac_cv_prog_cc_${ac_cc}_c_o=no fi fi fi else eval ac_cv_prog_cc_${ac_cc}_c_o=no fi rm -f core conftest* fi if eval test \$ac_cv_prog_cc_${ac_cc}_c_o = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "#define NO_MINUS_C_MINUS_O 1" >>confdefs.h fi # FIXME: we rely on the cache variable name because # there is no other way. set dummy $CC am_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'` eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o if test "$am_t" != yes; then # Losing compiler, so override with the script. # FIXME: It is wrong to rewrite CC. # But if we don't then we get into trouble of one sort or another. # A longer-term fix would be to have automake use am__CC in this case, # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" CC="$am_aux_dir/compile $CC" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 $as_echo_n "checking for grep that handles long lines and -e... " >&6; } if ${ac_cv_path_GREP+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_GREP" || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_GREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_GREP=$GREP fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 $as_echo "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 $as_echo_n "checking for egrep... " >&6; } if ${ac_cv_path_EGREP+:} false; then : $as_echo_n "(cached) " >&6 else if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else if test -z "$EGREP"; then ac_path_EGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_EGREP" || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP case `"$ac_path_EGREP" --version 2>&1` in *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_EGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_EGREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if ${ac_cv_header_stdc+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then $as_echo "#define STDC_HEADERS 1" >>confdefs.h fi # On IRIX 5.3, sys/types and inttypes.h are conflicting. for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ inttypes.h stdint.h unistd.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done ac_fn_c_check_header_mongrel "$LINENO" "minix/config.h" "ac_cv_header_minix_config_h" "$ac_includes_default" if test "x$ac_cv_header_minix_config_h" = xyes; then : MINIX=yes else MINIX= fi if test "$MINIX" = yes; then $as_echo "#define _POSIX_SOURCE 1" >>confdefs.h $as_echo "#define _POSIX_1_SOURCE 2" >>confdefs.h $as_echo "#define _MINIX 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether it is safe to define __EXTENSIONS__" >&5 $as_echo_n "checking whether it is safe to define __EXTENSIONS__... " >&6; } if ${ac_cv_safe_to_define___extensions__+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ # define __EXTENSIONS__ 1 $ac_includes_default int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_safe_to_define___extensions__=yes else ac_cv_safe_to_define___extensions__=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_safe_to_define___extensions__" >&5 $as_echo "$ac_cv_safe_to_define___extensions__" >&6; } test $ac_cv_safe_to_define___extensions__ = yes && $as_echo "#define __EXTENSIONS__ 1" >>confdefs.h $as_echo "#define _ALL_SOURCE 1" >>confdefs.h $as_echo "#define _GNU_SOURCE 1" >>confdefs.h $as_echo "#define _POSIX_PTHREAD_SEMANTICS 1" >>confdefs.h $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 $as_echo_n "checking whether ln -s works... " >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 $as_echo "no, using $LN_S" >&6; } fi # checks for tool to convert docbook to man for ac_prog in docbook2x-man do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_DOCBOOK2X_MAN+:} false; then : $as_echo_n "(cached) " >&6 else case $DOCBOOK2X_MAN in [\\/]* | ?:[\\/]*) ac_cv_path_DOCBOOK2X_MAN="$DOCBOOK2X_MAN" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_DOCBOOK2X_MAN="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi DOCBOOK2X_MAN=$ac_cv_path_DOCBOOK2X_MAN if test -n "$DOCBOOK2X_MAN"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DOCBOOK2X_MAN" >&5 $as_echo "$DOCBOOK2X_MAN" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$DOCBOOK2X_MAN" && break done if test "x${DOCBOOK2X_MAN}" = x then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: docbook2x-man not found: not generating man pages" >&5 $as_echo "$as_me: WARNING: docbook2x-man not found: not generating man pages" >&2;} fi if test "x${DOCBOOK2X_MAN}" != x; then GENMAN_TRUE= GENMAN_FALSE='#' else GENMAN_TRUE='#' GENMAN_FALSE= fi # check for debugging options # Check whether --enable-debug was given. if test "${enable_debug+set}" = set; then : enableval=$enable_debug; if test "x$enableval" != "xno" ; then CFLAGS="-g -DDEBUG $CFLAGS" ; fi fi DESIRED_CFLAGS="" # check for extra compiler warnings # Check whether --enable-warnings was given. if test "${enable_warnings+set}" = set; then : enableval=$enable_warnings; if test "x$enableval" != "no" then CFLAGS="$CFLAGS -pedantic -Wall -Wshadow -Wpointer-arith -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Waggregate-return -Wmissing-declarations -Wunused -Wformat=2 -Wswitch-default -Wswitch-enum -Wfloat-equal -Wbad-function-cast -Wredundant-decls" DESIRED_CFLAGS="$DESIRED_CFLAGS -Wextra -Wdeclaration-after-statement -Werror-implicit-function-declaration" fi fi test_gcc_flag() { cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main() {} int main () { ; return 0; } _ACEOF $CC -c conftest.c $CFLAGS $@ > /dev/null 2> /dev/null ret=$? rm -f conftest.o return $ret } for flag in $DESIRED_CFLAGS do { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts $flag" >&5 $as_echo_n "checking whether $CC accepts $flag... " >&6; } if test_gcc_flag $flag then CFLAGS="$CFLAGS $flag" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi done # add --disable-maintainer-mode option { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable maintainer-specific portions of Makefiles" >&5 $as_echo_n "checking whether to enable maintainer-specific portions of Makefiles... " >&6; } # Check whether --enable-maintainer-mode was given. if test "${enable_maintainer_mode+set}" = set; then : enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval else USE_MAINTAINER_MODE=yes fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_MAINTAINER_MODE" >&5 $as_echo "$USE_MAINTAINER_MODE" >&6; } if test $USE_MAINTAINER_MODE = yes; then MAINTAINER_MODE_TRUE= MAINTAINER_MODE_FALSE='#' else MAINTAINER_MODE_TRUE='#' MAINTAINER_MODE_FALSE= fi MAINT=$MAINTAINER_MODE_TRUE # check whether the NSS module should be built { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build the NSS module" >&5 $as_echo_n "checking whether to build the NSS module... " >&6; } # Check whether --enable-nss was given. if test "${enable_nss+set}" = set; then : enableval=$enable_nss; else enable_nss="yes" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_nss" >&5 $as_echo "$enable_nss" >&6; } if test "x$enable_nss" = "xyes"; then ENABLE_NSS_TRUE= ENABLE_NSS_FALSE='#' else ENABLE_NSS_TRUE='#' ENABLE_NSS_FALSE= fi # check whether the PAM module should be built { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build the PAM module" >&5 $as_echo_n "checking whether to build the PAM module... " >&6; } # Check whether --enable-pam was given. if test "${enable_pam+set}" = set; then : enableval=$enable_pam; else enable_pam="yes" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_pam" >&5 $as_echo "$enable_pam" >&6; } if test "x$enable_pam" = "xyes"; then ENABLE_PAM_TRUE= ENABLE_PAM_FALSE='#' else ENABLE_PAM_TRUE='#' ENABLE_PAM_FALSE= fi # check whether the nslcd daemon should be built { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build the nslcd daemon" >&5 $as_echo_n "checking whether to build the nslcd daemon... " >&6; } # Check whether --enable-nslcd was given. if test "${enable_nslcd+set}" = set; then : enableval=$enable_nslcd; else enable_nslcd="yes" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_nslcd" >&5 $as_echo "$enable_nslcd" >&6; } if test "x$enable_nslcd" = "xyes"; then ENABLE_NSLCD_TRUE= ENABLE_NSLCD_FALSE='#' else ENABLE_NSLCD_TRUE='#' ENABLE_NSLCD_FALSE= fi # check whether the Python version of the nslcd daemon should be built { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build the pynslcd daemon" >&5 $as_echo_n "checking whether to build the pynslcd daemon... " >&6; } # Check whether --enable-pynslcd was given. if test "${enable_pynslcd+set}" = set; then : enableval=$enable_pynslcd; else enable_pynslcd="no" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_pynslcd" >&5 $as_echo "$enable_pynslcd" >&6; } if test "x$enable_pynslcd" = "xyes"; then ENABLE_PYNSLCD_TRUE= ENABLE_PYNSLCD_FALSE='#' else ENABLE_PYNSLCD_TRUE='#' ENABLE_PYNSLCD_FALSE= fi if test "x$enable_pynslcd" = "xyes" then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: the pynslcd daemon is experimental" >&5 $as_echo "$as_me: WARNING: the pynslcd daemon is experimental" >&2;} fi # check whether SASL support should be enabled { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable SASL support" >&5 $as_echo_n "checking whether to enable SASL support... " >&6; } # Check whether --enable-sasl was given. if test "${enable_sasl+set}" = set; then : enableval=$enable_sasl; enable_sasl=$enableval else enable_sasl="yes" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_sasl" >&5 $as_echo "$enable_sasl" >&6; } # check whether Kerberos support should be enabled { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable Kerberos support" >&5 $as_echo_n "checking whether to enable Kerberos support... " >&6; } # Check whether --enable-kerberos was given. if test "${enable_kerberos+set}" = set; then : enableval=$enable_kerberos; enable_kerberos=$enableval else enable_kerberos="yes" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_kerberos" >&5 $as_echo "$enable_kerberos" >&6; } # check whether configfile options should be checked { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to check configfile options" >&5 $as_echo_n "checking whether to check configfile options... " >&6; } # Check whether --enable-configfile_checking was given. if test "${enable_configfile_checking+set}" = set; then : enableval=$enable_configfile_checking; configfile_checking=$enableval else configfile_checking="yes" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $configfile_checking" >&5 $as_echo "$configfile_checking" >&6; } if test "x$configfile_checking" = "xyes" then $as_echo "#define ENABLE_CONFIGFILE_CHECKING 1" >>confdefs.h fi # check the name of the configuration file # Check whether --with-ldap-conf-file was given. if test "${with_ldap_conf_file+set}" = set; then : withval=$with_ldap_conf_file; NSLCD_CONF_PATH="$with_ldap_conf_file" else NSLCD_CONF_PATH="/etc/nslcd.conf" fi cat >>confdefs.h <<_ACEOF #define NSLCD_CONF_PATH "$NSLCD_CONF_PATH" _ACEOF # check the name of the file with a bindpw value # Check whether --with-bindpw-file was given. if test "${with_bindpw_file+set}" = set; then : withval=$with_bindpw_file; NSLCD_BINDPW_PATH="$with_bindpw_file" cat >>confdefs.h <<_ACEOF #define NSLCD_BINDPW_PATH "$NSLCD_BINDPW_PATH" _ACEOF fi # where should the pidfile be written # Check whether --with-nslcd-pidfile was given. if test "${with_nslcd_pidfile+set}" = set; then : withval=$with_nslcd_pidfile; NSLCD_PIDFILE="$with_nslcd_pidfile" else NSLCD_PIDFILE="/var/run/nslcd/nslcd.pid" fi cat >>confdefs.h <<_ACEOF #define NSLCD_PIDFILE "$NSLCD_PIDFILE" _ACEOF # where is the socket used for communication # Check whether --with-nslcd-socket was given. if test "${with_nslcd_socket+set}" = set; then : withval=$with_nslcd_socket; NSLCD_SOCKET="$with_nslcd_socket" else NSLCD_SOCKET="/var/run/nslcd/socket" fi cat >>confdefs.h <<_ACEOF #define NSLCD_SOCKET "$NSLCD_SOCKET" _ACEOF # the directory PAM librabries are expected to be placed into { $as_echo "$as_me:${as_lineno-$LINENO}: checking location for PAM module" >&5 $as_echo_n "checking location for PAM module... " >&6; } # Check whether --with-pam-seclib-dir was given. if test "${with_pam_seclib_dir+set}" = set; then : withval=$with_pam_seclib_dir; PAM_SECLIB_DIR="$with_pam_seclib_dir" else PAM_SECLIB_DIR="auto" fi if test "x$PAM_SECLIB_DIR" = "xauto" then case "$target_os" in solaris*) PAM_SECLIB_DIR="/usr/lib/security" ;; freebsd*) PAM_SECLIB_DIR="/usr/lib" ;; *) PAM_SECLIB_DIR="/lib/security" ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PAM_SECLIB_DIR" >&5 $as_echo "$PAM_SECLIB_DIR" >&6; } cat >>confdefs.h <<_ACEOF #define PAM_SECLIB_DIR "$PAM_SECLIB_DIR" _ACEOF # the SONAME to use for the NSS module { $as_echo "$as_me:${as_lineno-$LINENO}: checking name of NSS module" >&5 $as_echo_n "checking name of NSS module... " >&6; } # Check whether --with-nss-ldap-soname was given. if test "${with_nss_ldap_soname+set}" = set; then : withval=$with_nss_ldap_soname; NSS_LDAP_SONAME="$with_nss_ldap_soname" else NSS_LDAP_SONAME="auto" fi if test "x$NSS_LDAP_SONAME" = "xauto" then case "$target_os" in solaris*) NSS_LDAP_SONAME="nss_ldap.so.1" ;; freebsd*) NSS_LDAP_SONAME="nss_ldap.so.1" ;; *) NSS_LDAP_SONAME="libnss_ldap.so.2" ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NSS_LDAP_SONAME" >&5 $as_echo "$NSS_LDAP_SONAME" >&6; } cat >>confdefs.h <<_ACEOF #define NSS_LDAP_SONAME "$NSS_LDAP_SONAME" _ACEOF # the SONAME to use for the PAM module { $as_echo "$as_me:${as_lineno-$LINENO}: checking name of PAM module" >&5 $as_echo_n "checking name of PAM module... " >&6; } # Check whether --with-pam-ldap-soname was given. if test "${with_pam_ldap_soname+set}" = set; then : withval=$with_pam_ldap_soname; PAM_LDAP_SONAME="$with_pam_ldap_soname" else PAM_LDAP_SONAME="auto" fi if test "x$PAM_LDAP_SONAME" = "xauto" then case "$target_os" in solaris*) PAM_LDAP_SONAME="pam_ldap.so.1" ;; *) PAM_LDAP_SONAME="pam_ldap.so" ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PAM_LDAP_SONAME" >&5 $as_echo "$PAM_LDAP_SONAME" >&6; } # check which modules should be build # Check whether --with-nss-maps was given. if test "${with_nss_maps+set}" = set; then : withval=$with_nss_maps; else with_nss_maps="all" fi # checks for availability of header files for ac_header in ctype.h strings.h pthread.h pthread_np.h fcntl.h limits.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in nss.h nss_common.h grp.h shadow.h aliases.h netdb.h rpc/rpcent.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in netinet/ether.h arpa/inet.h netinet/in.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in nsswitch.h nss_dbdefs.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in sys/socket.h sys/un.h sys/ucred.h ucred.h sys/param.h sys/time.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in getopt.h syslog.h stddef.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done # other general checks { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 $as_echo_n "checking for inline... " >&6; } if ${ac_cv_c_inline+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_c_inline=no for ac_kw in inline __inline__ __inline; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifndef __cplusplus typedef int foo_t; static $ac_kw foo_t static_foo () {return 0; } $ac_kw foo_t foo () {return 0; } #endif _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_inline=$ac_kw fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext test "$ac_cv_c_inline" != no && break done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 $as_echo "$ac_cv_c_inline" >&6; } case $ac_cv_c_inline in inline | yes) ;; *) case $ac_cv_c_inline in no) ac_val=;; *) ac_val=$ac_cv_c_inline;; esac cat >>confdefs.h <<_ACEOF #ifndef __cplusplus #define inline $ac_val #endif _ACEOF ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 $as_echo_n "checking for an ANSI C-conforming const... " >&6; } if ${ac_cv_c_const+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __cplusplus /* Ultrix mips cc rejects this sort of thing. */ typedef int charset[2]; const charset cs = { 0, 0 }; /* SunOS 4.1.1 cc rejects this. */ char const *const *pcpcc; char **ppc; /* NEC SVR4.0.2 mips cc rejects this. */ struct point {int x, y;}; static struct point const zero = {0,0}; /* AIX XL C 1.02.0.0 rejects this. It does not let you subtract one const X* pointer from another in an arm of an if-expression whose if-part is not a constant expression */ const char *g = "string"; pcpcc = &g + (g ? g-g : 0); /* HPUX 7.0 cc rejects these. */ ++pcpcc; ppc = (char**) pcpcc; pcpcc = (char const *const *) ppc; { /* SCO 3.2v4 cc rejects this sort of thing. */ char tx; char *t = &tx; char const *s = 0 ? (char *) 0 : (char const *) 0; *t++ = 0; if (s) return 0; } { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ int x[] = {25, 17}; const int *foo = &x[0]; ++foo; } { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ typedef const int *iptr; iptr p = 0; ++p; } { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ struct s { int j; const int *ap[3]; } bx; struct s *b = &bx; b->j = 5; } { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ const int foo = 10; if (!foo) return 0; } return !cs[0] && !zero.x; #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_const=yes else ac_cv_c_const=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 $as_echo "$ac_cv_c_const" >&6; } if test $ac_cv_c_const = no; then $as_echo "#define const /**/" >>confdefs.h fi # checks for availability of common functions for ac_func in sigaction snprintf do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing socket" >&5 $as_echo_n "checking for library containing socket... " >&6; } if ${ac_cv_search_socket+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char socket (); int main () { return socket (); ; return 0; } _ACEOF for ac_lib in '' socket; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_socket=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_socket+:} false; then : break fi done if ${ac_cv_search_socket+:} false; then : else ac_cv_search_socket=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_socket" >&5 $as_echo "$ac_cv_search_socket" >&6; } ac_res=$ac_cv_search_socket if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi for ac_func in strcasecmp strncasecmp strchr strcspn strspn strtol strtoul strtoull strndup do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in malloc realloc atexit do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default" if test "x$ac_cv_type_pid_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define pid_t int _ACEOF fi for ac_header in vfork.h do : ac_fn_c_check_header_mongrel "$LINENO" "vfork.h" "ac_cv_header_vfork_h" "$ac_includes_default" if test "x$ac_cv_header_vfork_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_VFORK_H 1 _ACEOF fi done for ac_func in fork vfork do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done if test "x$ac_cv_func_fork" = xyes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fork" >&5 $as_echo_n "checking for working fork... " >&6; } if ${ac_cv_func_fork_works+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_fork_works=cross else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main () { /* By Ruediger Kuhlmann. */ return fork () < 0; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_fork_works=yes else ac_cv_func_fork_works=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fork_works" >&5 $as_echo "$ac_cv_func_fork_works" >&6; } else ac_cv_func_fork_works=$ac_cv_func_fork fi if test "x$ac_cv_func_fork_works" = xcross; then case $host in *-*-amigaos* | *-*-msdosdjgpp*) # Override, as these systems have only a dummy fork() stub ac_cv_func_fork_works=no ;; *) ac_cv_func_fork_works=yes ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&5 $as_echo "$as_me: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&2;} fi ac_cv_func_vfork_works=$ac_cv_func_vfork if test "x$ac_cv_func_vfork" = xyes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working vfork" >&5 $as_echo_n "checking for working vfork... " >&6; } if ${ac_cv_func_vfork_works+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_vfork_works=cross else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Thanks to Paul Eggert for this test. */ $ac_includes_default #include #ifdef HAVE_VFORK_H # include #endif /* On some sparc systems, changes by the child to local and incoming argument registers are propagated back to the parent. The compiler is told about this with #include , but some compilers (e.g. gcc -O) don't grok . Test for this by using a static variable whose address is put into a register that is clobbered by the vfork. */ static void #ifdef __cplusplus sparc_address_test (int arg) # else sparc_address_test (arg) int arg; #endif { static pid_t child; if (!child) { child = vfork (); if (child < 0) { perror ("vfork"); _exit(2); } if (!child) { arg = getpid(); write(-1, "", 0); _exit (arg); } } } int main () { pid_t parent = getpid (); pid_t child; sparc_address_test (0); child = vfork (); if (child == 0) { /* Here is another test for sparc vfork register problems. This test uses lots of local variables, at least as many local variables as main has allocated so far including compiler temporaries. 4 locals are enough for gcc 1.40.3 on a Solaris 4.1.3 sparc, but we use 8 to be safe. A buggy compiler should reuse the register of parent for one of the local variables, since it will think that parent can't possibly be used any more in this routine. Assigning to the local variable will thus munge parent in the parent process. */ pid_t p = getpid(), p1 = getpid(), p2 = getpid(), p3 = getpid(), p4 = getpid(), p5 = getpid(), p6 = getpid(), p7 = getpid(); /* Convince the compiler that p..p7 are live; otherwise, it might use the same hardware register for all 8 local variables. */ if (p != p1 || p != p2 || p != p3 || p != p4 || p != p5 || p != p6 || p != p7) _exit(1); /* On some systems (e.g. IRIX 3.3), vfork doesn't separate parent from child file descriptors. If the child closes a descriptor before it execs or exits, this munges the parent's descriptor as well. Test for this by closing stdout in the child. */ _exit(close(fileno(stdout)) != 0); } else { int status; struct stat st; while (wait(&status) != child) ; return ( /* Was there some problem with vforking? */ child < 0 /* Did the child fail? (This shouldn't happen.) */ || status /* Did the vfork/compiler bug occur? */ || parent != getpid() /* Did the file descriptor bug occur? */ || fstat(fileno(stdout), &st) != 0 ); } } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_vfork_works=yes else ac_cv_func_vfork_works=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vfork_works" >&5 $as_echo "$ac_cv_func_vfork_works" >&6; } fi; if test "x$ac_cv_func_fork_works" = xcross; then ac_cv_func_vfork_works=$ac_cv_func_vfork { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&5 $as_echo "$as_me: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&2;} fi if test "x$ac_cv_func_vfork_works" = xyes; then $as_echo "#define HAVE_WORKING_VFORK 1" >>confdefs.h else $as_echo "#define vfork fork" >>confdefs.h fi if test "x$ac_cv_func_fork_works" = xyes; then $as_echo "#define HAVE_WORKING_FORK 1" >>confdefs.h fi for ac_func in __assert_fail do : ac_fn_c_check_func "$LINENO" "__assert_fail" "ac_cv_func___assert_fail" if test "x$ac_cv_func___assert_fail" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE___ASSERT_FAIL 1 _ACEOF fi done # checks for types ac_fn_c_check_type "$LINENO" "mode_t" "ac_cv_type_mode_t" "$ac_includes_default" if test "x$ac_cv_type_mode_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define mode_t int _ACEOF fi ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" if test "x$ac_cv_type_size_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define size_t unsigned int _ACEOF fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 $as_echo_n "checking for uid_t in sys/types.h... " >&6; } if ${ac_cv_type_uid_t+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "uid_t" >/dev/null 2>&1; then : ac_cv_type_uid_t=yes else ac_cv_type_uid_t=no fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 $as_echo "$ac_cv_type_uid_t" >&6; } if test $ac_cv_type_uid_t = no; then $as_echo "#define uid_t int" >>confdefs.h $as_echo "#define gid_t int" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default" if test "x$ac_cv_type_pid_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define pid_t int _ACEOF fi ac_fn_c_find_intX_t "$LINENO" "32" "ac_cv_c_int32_t" case $ac_cv_c_int32_t in #( no|yes) ;; #( *) cat >>confdefs.h <<_ACEOF #define int32_t $ac_cv_c_int32_t _ACEOF ;; esac ac_fn_c_find_uintX_t "$LINENO" "8" "ac_cv_c_uint8_t" case $ac_cv_c_uint8_t in #( no|yes) ;; #( *) $as_echo "#define _UINT8_T 1" >>confdefs.h cat >>confdefs.h <<_ACEOF #define uint8_t $ac_cv_c_uint8_t _ACEOF ;; esac ac_fn_c_find_uintX_t "$LINENO" "16" "ac_cv_c_uint16_t" case $ac_cv_c_uint16_t in #( no|yes) ;; #( *) cat >>confdefs.h <<_ACEOF #define uint16_t $ac_cv_c_uint16_t _ACEOF ;; esac ac_fn_c_find_uintX_t "$LINENO" "32" "ac_cv_c_uint32_t" case $ac_cv_c_uint32_t in #( no|yes) ;; #( *) $as_echo "#define _UINT32_T 1" >>confdefs.h cat >>confdefs.h <<_ACEOF #define uint32_t $ac_cv_c_uint32_t _ACEOF ;; esac # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned int" >&5 $as_echo_n "checking size of unsigned int... " >&6; } if ${ac_cv_sizeof_unsigned_int+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned int))" "ac_cv_sizeof_unsigned_int" "$ac_includes_default"; then : else if test "$ac_cv_type_unsigned_int" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (unsigned int) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_unsigned_int=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_int" >&5 $as_echo "$ac_cv_sizeof_unsigned_int" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_UNSIGNED_INT $ac_cv_sizeof_unsigned_int _ACEOF # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long int" >&5 $as_echo_n "checking size of unsigned long int... " >&6; } if ${ac_cv_sizeof_unsigned_long_int+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long int))" "ac_cv_sizeof_unsigned_long_int" "$ac_includes_default"; then : else if test "$ac_cv_type_unsigned_long_int" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (unsigned long int) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_unsigned_long_int=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long_int" >&5 $as_echo "$ac_cv_sizeof_unsigned_long_int" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_UNSIGNED_LONG_INT $ac_cv_sizeof_unsigned_long_int _ACEOF # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long long int" >&5 $as_echo_n "checking size of unsigned long long int... " >&6; } if ${ac_cv_sizeof_unsigned_long_long_int+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long long int))" "ac_cv_sizeof_unsigned_long_long_int" "$ac_includes_default"; then : else if test "$ac_cv_type_unsigned_long_long_int" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (unsigned long long int) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_unsigned_long_long_int=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long_long_int" >&5 $as_echo "$ac_cv_sizeof_unsigned_long_long_int" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_UNSIGNED_LONG_LONG_INT $ac_cv_sizeof_unsigned_long_long_int _ACEOF # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of uid_t" >&5 $as_echo_n "checking size of uid_t... " >&6; } if ${ac_cv_sizeof_uid_t+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (uid_t))" "ac_cv_sizeof_uid_t" "$ac_includes_default"; then : else if test "$ac_cv_type_uid_t" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (uid_t) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_uid_t=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_uid_t" >&5 $as_echo "$ac_cv_sizeof_uid_t" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_UID_T $ac_cv_sizeof_uid_t _ACEOF # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of gid_t" >&5 $as_echo_n "checking size of gid_t... " >&6; } if ${ac_cv_sizeof_gid_t+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (gid_t))" "ac_cv_sizeof_gid_t" "$ac_includes_default"; then : else if test "$ac_cv_type_gid_t" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (gid_t) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_gid_t=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_gid_t" >&5 $as_echo "$ac_cv_sizeof_gid_t" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_GID_T $ac_cv_sizeof_gid_t _ACEOF # check for support for the __thread keyword { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports '__thread'" >&5 $as_echo_n "checking whether $CC supports '__thread'... " >&6; } if ${mn_cv_c___thread_supported+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ static __thread i; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : mn_cv_c___thread_supported=yes else mn_cv_c___thread_supported=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $mn_cv_c___thread_supported" >&5 $as_echo "$mn_cv_c___thread_supported" >&6; } if test $mn_cv_c___thread_supported != yes then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $CC does not support '__thread' keyword" >&5 $as_echo "$as_me: WARNING: $CC does not support '__thread' keyword" >&2;} $as_echo "#define __thread /**/" >>confdefs.h fi # check for support for the struct ether_addr structure ac_fn_c_check_type "$LINENO" "struct ether_addr" "ac_cv_type_struct_ether_addr" " #include #include #include #include #include #ifdef HAVE_NETINET_ETHER_H #include #endif " if test "x$ac_cv_type_struct_ether_addr" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_ETHER_ADDR 1 _ACEOF fi # check for ether_aton and ether_ntoa functions for ac_func in ether_aton ether_ntoa ether_aton_r ether_ntoa_r do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done ac_fn_c_check_decl "$LINENO" "ether_aton" "ac_cv_have_decl_ether_aton" " #include #include #include #include #include #ifdef HAVE_NETINET_ETHER_H #include #endif " if test "x$ac_cv_have_decl_ether_aton" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_ETHER_ATON $ac_have_decl _ACEOF ac_fn_c_check_decl "$LINENO" "ether_ntoa" "ac_cv_have_decl_ether_ntoa" " #include #include #include #include #include #ifdef HAVE_NETINET_ETHER_H #include #endif " if test "x$ac_cv_have_decl_ether_ntoa" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_ETHER_NTOA $ac_have_decl _ACEOF # check to see if socklen_t is defined ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" " #include #include " if test "x$ac_cv_type_socklen_t" = xyes; then : else $as_echo "#define socklen_t size_t" >>confdefs.h fi # NSS module-specific tests if test "x$enable_nss" = "xyes" then # save CFLAGS and LIBS to restore later nss_save_CFLAGS="$CFLAGS" nss_save_LIBS="$LIBS" # check for a definition of struct aliasent ac_fn_c_check_type "$LINENO" "struct aliasent" "ac_cv_type_struct_aliasent" " #ifdef HAVE_ALIASES_H #include #endif " if test "x$ac_cv_type_struct_aliasent" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_ALIASENT 1 _ACEOF fi # check for a definition of struct etherent ac_fn_c_check_type "$LINENO" "struct etherent" "ac_cv_type_struct_etherent" " #include #include #include #include #ifdef HAVE_NETINET_ETHER_H #include #endif " if test "x$ac_cv_type_struct_etherent" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_ETHERENT 1 _ACEOF fi # check if struct passwd has a pw_class member ac_fn_c_check_member "$LINENO" "struct passwd" "pw_class" "ac_cv_member_struct_passwd_pw_class" " #include " if test "x$ac_cv_member_struct_passwd_pw_class" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_PASSWD_PW_CLASS 1 _ACEOF fi # check for a definition of struct rpcent ac_fn_c_check_type "$LINENO" "struct rpcent" "ac_cv_type_struct_rpcent" " #include #ifdef HAVE_RPC_RPCENT_H #include #endif " if test "x$ac_cv_type_struct_rpcent" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_RPCENT 1 _ACEOF fi # check for a definition of struct spwd ac_fn_c_check_type "$LINENO" "struct spwd" "ac_cv_type_struct_spwd" " #ifdef HAVE_NSS_H #include #endif #ifdef HAVE_NSS_COMMON_H #include #endif #include #ifdef HAVE_SHADOW_H #include #endif " if test "x$ac_cv_type_struct_spwd" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_SPWD 1 _ACEOF fi # check for a definition of enum nss_status and nss_backend_t ac_fn_c_check_type "$LINENO" "enum nss_status" "ac_cv_type_enum_nss_status" " #ifdef HAVE_NSS_H #include #endif #ifdef HAVE_NSS_COMMON_H #include #endif #ifdef HAVE_NSS_DBDEFS_H #include #endif #ifdef HAVE_NSSWITCH_H #include #endif #ifdef HAVE_IRS_NSS_H #include \"irs-nss.h\" #endif " if test "x$ac_cv_type_enum_nss_status" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_ENUM_NSS_STATUS 1 _ACEOF fi ac_fn_c_check_type "$LINENO" "nss_backend_t" "ac_cv_type_nss_backend_t" " #ifdef HAVE_NSS_H #include #endif #ifdef HAVE_NSS_COMMON_H #include #endif #ifdef HAVE_NSS_DBDEFS_H #include #endif #ifdef HAVE_NSSWITCH_H #include #endif #ifdef HAVE_IRS_NSS_H #include \"irs-nss.h\" #endif " if test "x$ac_cv_type_nss_backend_t" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_NSS_BACKEND_T 1 _ACEOF fi # check if struct nss_XbyY_args has a returnlen attribute ac_fn_c_check_member "$LINENO" "struct nss_XbyY_args" "returnlen" "ac_cv_member_struct_nss_XbyY_args_returnlen" " #ifdef HAVE_NSS_H #include #endif #ifdef HAVE_NSS_COMMON_H #include #endif #ifdef HAVE_NSS_DBDEFS_H #include #endif #ifdef HAVE_NSSWITCH_H #include #endif #ifdef HAVE_IRS_NSS_H #include \"irs-nss.h\" #endif " if test "x$ac_cv_member_struct_nss_XbyY_args_returnlen" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN 1 _ACEOF fi # check which NSS flavour to build { $as_echo "$as_me:${as_lineno-$LINENO}: checking which NSS flavour to build" >&5 $as_echo_n "checking which NSS flavour to build... " >&6; } # Check whether --with-nss-flavour was given. if test "${with_nss_flavour+set}" = set; then : withval=$with_nss_flavour; else with_nss_flavour=auto fi if test "x$with_nss_flavour" = "xauto" then # do the guessing game case "$target_os" in solaris*) with_nss_flavour=solaris ;; freebsd*) with_nss_flavour=freebsd ;; *) with_nss_flavour=glibc ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_nss_flavour" >&5 $as_echo "$with_nss_flavour" >&6; } case "$with_nss_flavour" in glibc) $as_echo "#define NSS_FLAVOUR_GLIBC 1" >>confdefs.h ;; solaris) $as_echo "#define NSS_FLAVOUR_SOLARIS 1" >>confdefs.h ;; freebsd) $as_echo "#define NSS_FLAVOUR_FREEBSD 1" >>confdefs.h ;; esac # check which module source files to use { $as_echo "$as_me:${as_lineno-$LINENO}: checking which NSS maps to build" >&5 $as_echo_n "checking which NSS maps to build... " >&6; } if test "x$with_nss_maps" = "xall" then case "$with_nss_flavour" in glibc) with_nss_maps="aliases,ethers,group,hosts,netgroup,networks,passwd,protocols,rpc,services,shadow" ;; solaris) with_nss_maps="ethers,group,hosts,netgroup,networks,passwd,protocols,rpc,services,shadow" ;; freebsd) with_nss_maps="group,hosts,passwd" ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_nss_maps" >&5 $as_echo "$with_nss_maps" >&6; } NSS_MODULE_OBJS="$(echo "$with_nss_maps " | sed 's/,/ /g;s/ */.$(OBJEXT) /g')" # find out how to link the library nss_ldap_so_LINK="\$(CCLD) \$(AM_CFLAGS) \$(CFLAGS) \$(nss_ldap_so_LDFLAGS) \$(LDFLAGS) -o \$@" case "$target_os" in solaris*) if test "x$GCC" = xyes then nss_ldap_so_LINK="/usr/ccs/bin/ld -Bdirect -z nodelete -Bdynamic -M \$(srcdir)/exports.solaris -G -o \$@" else nss_ldap_so_LDFLAGS="-Wl,-Bdirect -Wl,-z,nodelete -Wl,-Bdynamic -Wl,-M,\$(srcdir)/exports.solaris -Wl,-G" fi ;; *) nss_ldap_so_LDFLAGS="-shared -Wl,-h,\$(NSS_LDAP_SONAME) -Wl,--version-script,\$(srcdir)/exports.$with_nss_flavour" ;; esac # restore CFLAGS and LIBS CFLAGS="$nss_save_CFLAGS" LIBS="$nss_save_LIBS" fi # PAM module-specific tests if test "x$enable_pam" = "xyes" then # save CFLAGS and LIBS to restore later pam_save_CFLAGS="$CFLAGS" pam_save_LIBS="$LIBS" # check for headers for ac_header in security/pam_appl.h do : ac_fn_c_check_header_mongrel "$LINENO" "security/pam_appl.h" "ac_cv_header_security_pam_appl_h" "$ac_includes_default" if test "x$ac_cv_header_security_pam_appl_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SECURITY_PAM_APPL_H 1 _ACEOF fi done for ac_header in security/pam_modules.h do : ac_fn_c_check_header_compile "$LINENO" "security/pam_modules.h" "ac_cv_header_security_pam_modules_h" " #ifdef HAVE_SECURITY_PAM_APPL_H #include #endif " if test "x$ac_cv_header_security_pam_modules_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SECURITY_PAM_MODULES_H 1 _ACEOF fi done for ac_header in pam/pam_modules.h do : ac_fn_c_check_header_mongrel "$LINENO" "pam/pam_modules.h" "ac_cv_header_pam_pam_modules_h" "$ac_includes_default" if test "x$ac_cv_header_pam_pam_modules_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_PAM_PAM_MODULES_H 1 _ACEOF fi done for ac_header in security/pam_ext.h do : ac_fn_c_check_header_mongrel "$LINENO" "security/pam_ext.h" "ac_cv_header_security_pam_ext_h" "$ac_includes_default" if test "x$ac_cv_header_security_pam_ext_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SECURITY_PAM_EXT_H 1 _ACEOF fi done for ac_header in security/pam_modutil.h do : ac_fn_c_check_header_mongrel "$LINENO" "security/pam_modutil.h" "ac_cv_header_security_pam_modutil_h" "$ac_includes_default" if test "x$ac_cv_header_security_pam_modutil_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SECURITY_PAM_MODUTIL_H 1 _ACEOF fi done # at least one of security/pam_modules.h or pam/pam_modules.h is required if test "x$ac_cv_header_security_pam_modules_h" != "xyes" && \ test "x$ac_cv_header_pam_pam_modules_h" != "xyes" then as_fn_error $? "PAM header files are missing" "$LINENO" 5 fi # find pam library { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing pam_get_data" >&5 $as_echo_n "checking for library containing pam_get_data... " >&6; } if ${ac_cv_search_pam_get_data+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pam_get_data (); int main () { return pam_get_data (); ; return 0; } _ACEOF for ac_lib in '' pam; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_pam_get_data=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_pam_get_data+:} false; then : break fi done if ${ac_cv_search_pam_get_data+:} false; then : else ac_cv_search_pam_get_data=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_pam_get_data" >&5 $as_echo "$ac_cv_search_pam_get_data" >&6; } ac_res=$ac_cv_search_pam_get_data if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" else as_fn_error $? "no PAM library available" "$LINENO" 5 fi # replace some PAM functions if they are unavailable ac_fn_c_check_func "$LINENO" "pam_get_authtok" "ac_cv_func_pam_get_authtok" if test "x$ac_cv_func_pam_get_authtok" = xyes; then : $as_echo "#define HAVE_PAM_GET_AUTHTOK 1" >>confdefs.h else case " $LIBOBJS " in *" pam_get_authtok.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS pam_get_authtok.$ac_objext" ;; esac fi ac_fn_c_check_func "$LINENO" "pam_prompt" "ac_cv_func_pam_prompt" if test "x$ac_cv_func_pam_prompt" = xyes; then : $as_echo "#define HAVE_PAM_PROMPT 1" >>confdefs.h else case " $LIBOBJS " in *" pam_prompt.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS pam_prompt.$ac_objext" ;; esac fi for ac_func in pam_modutil_getpwnam pam_syslog do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done # find out how to link the library pam_ldap_so_LINK="\$(CCLD) \$(AM_CFLAGS) \$(CFLAGS) \$(pam_ldap_so_LDFLAGS) \$(LDFLAGS) -o \$@" case "$target_os" in solaris*) if test "x$GCC" = xyes then pam_ldap_so_LINK="/usr/ccs/bin/ld -Bdirect -z nodelete -Bdynamic -M \$(srcdir)/pam_ldap.map -G -o \$@" else pam_ldap_so_LDFLAGS="-shared -Wl,-Bdirect -Wl,-z,nodelete -Wl,-Bdynamic -Wl,-M,\$(srcdir)/pam_ldap.map -Wl,-G" fi ;; *) pam_ldap_so_LDFLAGS="-shared -Wl,--version-script,\$(srcdir)/pam_ldap.map" ;; esac # restore CFLAGS and LIBS CFLAGS="$pam_save_CFLAGS" LIBS="$pam_save_LIBS" fi # nslcd daemon-specific tests if test "x$enable_nslcd" = "xyes" then # save CFLAGS and LIBS to restore later nslcd_save_CFLAGS="$CFLAGS" nslcd_save_LIBS="$LIBS" # check header files for ac_header in lber.h do : ac_fn_c_check_header_mongrel "$LINENO" "lber.h" "ac_cv_header_lber_h" "$ac_includes_default" if test "x$ac_cv_header_lber_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LBER_H 1 _ACEOF fi done for ac_header in ldap.h do : ac_fn_c_check_header_compile "$LINENO" "ldap.h" "ac_cv_header_ldap_h" " #if HAVE_LBER_H #include #endif " if test "x$ac_cv_header_ldap_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LDAP_H 1 _ACEOF else test "x$enable_nslcd" = "xyes" && as_fn_error $? "could not locate " "$LINENO" 5 fi done for ac_header in ldap_ssl.h do : ac_fn_c_check_header_mongrel "$LINENO" "ldap_ssl.h" "ac_cv_header_ldap_ssl_h" "$ac_includes_default" if test "x$ac_cv_header_ldap_ssl_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LDAP_SSL_H 1 _ACEOF fi done for ac_header in gssldap.h do : ac_fn_c_check_header_mongrel "$LINENO" "gssldap.h" "ac_cv_header_gssldap_h" "$ac_includes_default" if test "x$ac_cv_header_gssldap_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GSSLDAP_H 1 _ACEOF fi done if test "x$enable_sasl" = "xyes" then for ac_header in sasl.h sasl/sasl.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in gsssasl.h do : ac_fn_c_check_header_mongrel "$LINENO" "gsssasl.h" "ac_cv_header_gsssasl_h" "$ac_includes_default" if test "x$ac_cv_header_gsssasl_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GSSSASL_H 1 _ACEOF fi done fi if test "x$enable_kerberos" = "xyes" then for ac_header in gssapi/gssapi.h gssapi/gssapi_generic.h gssapi/gssapi_krb5.h gssapi.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done fi for ac_header in regex.h do : ac_fn_c_check_header_mongrel "$LINENO" "regex.h" "ac_cv_header_regex_h" "$ac_includes_default" if test "x$ac_cv_header_regex_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_REGEX_H 1 _ACEOF fi done # checks for availability of system libraries for nslcd { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5 $as_echo_n "checking for library containing gethostbyname... " >&6; } if ${ac_cv_search_gethostbyname+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gethostbyname (); int main () { return gethostbyname (); ; return 0; } _ACEOF for ac_lib in '' nsl socket; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_gethostbyname=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_gethostbyname+:} false; then : break fi done if ${ac_cv_search_gethostbyname+:} false; then : else ac_cv_search_gethostbyname=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gethostbyname" >&5 $as_echo "$ac_cv_search_gethostbyname" >&6; } ac_res=$ac_cv_search_gethostbyname if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing hstrerror" >&5 $as_echo_n "checking for library containing hstrerror... " >&6; } if ${ac_cv_search_hstrerror+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char hstrerror (); int main () { return hstrerror (); ; return 0; } _ACEOF for ac_lib in '' resolv; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_hstrerror=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_hstrerror+:} false; then : break fi done if ${ac_cv_search_hstrerror+:} false; then : else ac_cv_search_hstrerror=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_hstrerror" >&5 $as_echo "$ac_cv_search_hstrerror" >&6; } ac_res=$ac_cv_search_hstrerror if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 $as_echo_n "checking for library containing dlopen... " >&6; } if ${ac_cv_search_dlopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF for ac_lib in '' dl; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_dlopen=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_dlopen+:} false; then : break fi done if ${ac_cv_search_dlopen+:} false; then : else ac_cv_search_dlopen=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 $as_echo "$ac_cv_search_dlopen" >&6; } ac_res=$ac_cv_search_dlopen if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi # check for availability of functions for ac_func in initgroups setgroups do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in getpeereid do : ac_fn_c_check_func "$LINENO" "getpeereid" "ac_cv_func_getpeereid" if test "x$ac_cv_func_getpeereid" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETPEEREID 1 _ACEOF fi done for ac_func in getpeerucred do : ac_fn_c_check_func "$LINENO" "getpeerucred" "ac_cv_func_getpeerucred" if test "x$ac_cv_func_getpeerucred" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETPEERUCRED 1 _ACEOF fi done for ac_func in __nss_configure_lookup do : ac_fn_c_check_func "$LINENO" "__nss_configure_lookup" "ac_cv_func___nss_configure_lookup" if test "x$ac_cv_func___nss_configure_lookup" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE___NSS_CONFIGURE_LOOKUP 1 _ACEOF fi done for ac_func in getenv putenv clearenv do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in dlopen dlsym dlerror do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in regcomp regexec regerror do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done # replace some functions if they are not on the system ac_fn_c_check_func "$LINENO" "getopt_long" "ac_cv_func_getopt_long" if test "x$ac_cv_func_getopt_long" = xyes; then : $as_echo "#define HAVE_GETOPT_LONG 1" >>confdefs.h else case " $LIBOBJS " in *" getopt_long.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS getopt_long.$ac_objext" ;; esac fi ac_fn_c_check_func "$LINENO" "strndup" "ac_cv_func_strndup" if test "x$ac_cv_func_strndup" = xyes; then : $as_echo "#define HAVE_STRNDUP 1" >>confdefs.h else case " $LIBOBJS " in *" strndup.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS strndup.$ac_objext" ;; esac fi # replace daemon() function if it is not on the system { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing daemon" >&5 $as_echo_n "checking for library containing daemon... " >&6; } if ${ac_cv_search_daemon+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char daemon (); int main () { return daemon (); ; return 0; } _ACEOF for ac_lib in '' bsd; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_daemon=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_daemon+:} false; then : break fi done if ${ac_cv_search_daemon+:} false; then : else ac_cv_search_daemon=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_daemon" >&5 $as_echo "$ac_cv_search_daemon" >&6; } ac_res=$ac_cv_search_daemon if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi ac_fn_c_check_func "$LINENO" "daemon" "ac_cv_func_daemon" if test "x$ac_cv_func_daemon" = xyes; then : $as_echo "#define HAVE_DAEMON 1" >>confdefs.h else case " $LIBOBJS " in *" daemon.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS daemon.$ac_objext" ;; esac fi ac_fn_c_check_decl "$LINENO" "daemon" "ac_cv_have_decl_daemon" " #include #include " if test "x$ac_cv_have_decl_daemon" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_DAEMON $ac_have_decl _ACEOF # replace ether_aton_r() and ether_ntoa_r() if they are not found for ac_func in ether_aton_r ether_ntoa_r do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF else case " $LIBOBJS " in *" ether.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS ether.$ac_objext" ;; esac fi done # check to see if struct sockaddr_storage is defined ac_fn_c_check_type "$LINENO" "struct sockaddr_storage" "ac_cv_type_struct_sockaddr_storage" " #include #include " if test "x$ac_cv_type_struct_sockaddr_storage" = xyes; then : else $as_echo "#define sockaddr_storage sockaddr_in" >>confdefs.h fi # check for support for the struct ucred structure ac_fn_c_check_type "$LINENO" "struct ucred" "ac_cv_type_struct_ucred" " #include #include #include " if test "x$ac_cv_type_struct_ucred" = xyes; then : $as_echo "#define HAVE_STRUCT_UCRED 1" >>confdefs.h fi # check threading stuff ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ax_pthread_ok=no # We used to check for pthread.h first, but this fails if pthread.h # requires special compiler flags (e.g. on True64 or Sequent). # It gets checked for in the link test anyway. # First of all, check if the user has set any of the PTHREAD_LIBS, # etcetera environment variables, and if threads linking works using # them: if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" save_LIBS="$LIBS" LIBS="$PTHREAD_LIBS $LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS" >&5 $as_echo_n "checking for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pthread_join (); int main () { return pthread_join (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ax_pthread_ok=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_ok" >&5 $as_echo "$ax_pthread_ok" >&6; } if test x"$ax_pthread_ok" = xno; then PTHREAD_LIBS="" PTHREAD_CFLAGS="" fi LIBS="$save_LIBS" CFLAGS="$save_CFLAGS" fi # We must check for the threads library under a number of different # names; the ordering is very important because some systems # (e.g. DEC) have both -lpthread and -lpthreads, where one of the # libraries is broken (non-POSIX). # Create a list of thread flags to try. Items starting with a "-" are # C compiler flags, and other items are library names, except for "none" # which indicates that we try without any flags at all, and "pthread-config" # which is a program returning the flags for the Pth emulation library. ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" # The ordering *is* (sometimes) important. Some notes on the # individual items follow: # pthreads: AIX (must check this before -lpthread) # none: in case threads are in libc; should be tried before -Kthread and # other compiler flags to prevent continual compiler warnings # -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) # -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) # lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) # -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads) # -pthreads: Solaris/gcc # -mthreads: Mingw32/gcc, Lynx/gcc # -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it # doesn't hurt to check since this sometimes defines pthreads too; # also defines -D_REENTRANT) # ... -mt is also the pthreads flag for HP/aCC # pthread: Linux, etcetera # --thread-safe: KAI C++ # pthread-config: use pthread-config program (for GNU Pth library) case "${host_cpu}-${host_os}" in *solaris*) # On Solaris (at least, for some versions), libc contains stubbed # (non-functional) versions of the pthreads routines, so link-based # tests will erroneously succeed. (We need to link with -pthreads/-mt/ # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather # a function called by this macro, so we could check for that, but # who knows whether they'll stub that too in a future libc.) So, # we'll just look for -pthreads and -lpthread first: ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags" ;; *-darwin*) ax_pthread_flags="-pthread $ax_pthread_flags" ;; esac if test x"$ax_pthread_ok" = xno; then for flag in $ax_pthread_flags; do case $flag in none) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work without any flags" >&5 $as_echo_n "checking whether pthreads work without any flags... " >&6; } ;; -*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with $flag" >&5 $as_echo_n "checking whether pthreads work with $flag... " >&6; } PTHREAD_CFLAGS="$flag" ;; pthread-config) # Extract the first word of "pthread-config", so it can be a program name with args. set dummy pthread-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ax_pthread_config+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ax_pthread_config"; then ac_cv_prog_ax_pthread_config="$ax_pthread_config" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ax_pthread_config="yes" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_prog_ax_pthread_config" && ac_cv_prog_ax_pthread_config="no" fi fi ax_pthread_config=$ac_cv_prog_ax_pthread_config if test -n "$ax_pthread_config"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_config" >&5 $as_echo "$ax_pthread_config" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test x"$ax_pthread_config" = xno; then continue; fi PTHREAD_CFLAGS="`pthread-config --cflags`" PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the pthreads library -l$flag" >&5 $as_echo_n "checking for the pthreads library -l$flag... " >&6; } PTHREAD_LIBS="-l$flag" ;; esac save_LIBS="$LIBS" save_CFLAGS="$CFLAGS" LIBS="$PTHREAD_LIBS $LIBS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" # Check for various functions. We must include pthread.h, # since some functions may be macros. (On the Sequent, we # need a special flag -Kthread to make this header compile.) # We check for pthread_join because it is in -lpthread on IRIX # while pthread_create is in libc. We check for pthread_attr_init # due to DEC craziness with -lpthreads. We check for # pthread_cleanup_push because it is one of the few pthread # functions on Solaris that doesn't have a non-functional libc stub. # We try pthread_create on general principles. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include static void routine(void *a) { a = 0; } static void *start_routine(void *a) { return a; } int main () { pthread_t th; pthread_attr_t attr; pthread_create(&th, 0, start_routine, 0); pthread_join(th, 0); pthread_attr_init(&attr); pthread_cleanup_push(routine, 0); pthread_cleanup_pop(0) /* ; */ ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ax_pthread_ok=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$save_LIBS" CFLAGS="$save_CFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_ok" >&5 $as_echo "$ax_pthread_ok" >&6; } if test "x$ax_pthread_ok" = xyes; then break; fi PTHREAD_LIBS="" PTHREAD_CFLAGS="" done fi # Various other checks: if test "x$ax_pthread_ok" = xyes; then save_LIBS="$LIBS" LIBS="$PTHREAD_LIBS $LIBS" save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for joinable pthread attribute" >&5 $as_echo_n "checking for joinable pthread attribute... " >&6; } attr_name=unknown for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int attr = $attr; return attr /* ; */ ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : attr_name=$attr; break fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext done { $as_echo "$as_me:${as_lineno-$LINENO}: result: $attr_name" >&5 $as_echo "$attr_name" >&6; } if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then cat >>confdefs.h <<_ACEOF #define PTHREAD_CREATE_JOINABLE $attr_name _ACEOF fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking if more special flags are required for pthreads" >&5 $as_echo_n "checking if more special flags are required for pthreads... " >&6; } flag=no case "${host_cpu}-${host_os}" in *-aix* | *-freebsd* | *-darwin*) flag="-D_THREAD_SAFE";; *-osf* | *-hpux*) flag="-D_REENTRANT";; *solaris*) if test "$GCC" = "yes"; then flag="-D_REENTRANT" else flag="-mt -D_REENTRANT" fi ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${flag}" >&5 $as_echo "${flag}" >&6; } if test "x$flag" != xno; then PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PTHREAD_PRIO_INHERIT" >&5 $as_echo_n "checking for PTHREAD_PRIO_INHERIT... " >&6; } if ${ax_cv_PTHREAD_PRIO_INHERIT+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int i = PTHREAD_PRIO_INHERIT; ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ax_cv_PTHREAD_PRIO_INHERIT=yes else ax_cv_PTHREAD_PRIO_INHERIT=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_PRIO_INHERIT" >&5 $as_echo "$ax_cv_PTHREAD_PRIO_INHERIT" >&6; } if test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"; then : $as_echo "#define HAVE_PTHREAD_PRIO_INHERIT 1" >>confdefs.h fi LIBS="$save_LIBS" CFLAGS="$save_CFLAGS" # More AIX lossage: must compile with xlc_r or cc_r if test x"$GCC" != xyes; then for ac_prog in xlc_r cc_r do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_PTHREAD_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$PTHREAD_CC"; then ac_cv_prog_PTHREAD_CC="$PTHREAD_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_PTHREAD_CC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi PTHREAD_CC=$ac_cv_prog_PTHREAD_CC if test -n "$PTHREAD_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PTHREAD_CC" >&5 $as_echo "$PTHREAD_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$PTHREAD_CC" && break done test -n "$PTHREAD_CC" || PTHREAD_CC="${CC}" else PTHREAD_CC=$CC fi else PTHREAD_CC="$CC" fi # Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: if test x"$ax_pthread_ok" = xyes; then $as_echo "#define HAVE_PTHREAD 1" >>confdefs.h : else ax_pthread_ok=no as_fn_error $? "no support for pthreads" "$LINENO" 5 fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu pthread_save_CFLAGS="$CFLAGS" pthread_save_LIBS="$LIBS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" LIBS="$LIBS $PTHREAD_LIBS" for ac_func in pthread_mutex_lock pthread_join pthread_timedjoin_np do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done CFLAGS="$pthread_save_CFLAGS" LIBS="$pthread_save_LIBS" # also use deprecated LDAP functions $as_echo "#define LDAP_DEPRECATED 1" >>confdefs.h # for compatibility on Solaris $as_echo "#define LDAP_REFERRALS 1" >>confdefs.h # search for an LDAP library (only OpenLDAP is tested) # Check whether --with-ldap-lib was given. if test "${with_ldap_lib+set}" = set; then : withval=$with_ldap_lib; fi if test -z "$with_ldap_lib" then with_ldap_lib=auto fi if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = umich -o $with_ldap_lib = openldap \) then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing ldap_search_ext" >&5 $as_echo_n "checking for library containing ldap_search_ext... " >&6; } if ${ac_cv_search_ldap_search_ext+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ldap_search_ext (); int main () { return ldap_search_ext (); ; return 0; } _ACEOF for ac_lib in '' ldap_r ldap; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_ldap_search_ext=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_ldap_search_ext+:} false; then : break fi done if ${ac_cv_search_ldap_search_ext+:} false; then : else ac_cv_search_ldap_search_ext=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_ldap_search_ext" >&5 $as_echo "$ac_cv_search_ldap_search_ext" >&6; } ac_res=$ac_cv_search_ldap_search_ext if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" found_ldap_lib=yes fi fi if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape5 \) then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lldap50" >&5 $as_echo_n "checking for main in -lldap50... " >&6; } if ${ac_cv_lib_ldap50_main+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lldap50 -lpthread $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { return main (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_ldap50_main=yes else ac_cv_lib_ldap50_main=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldap50_main" >&5 $as_echo "$ac_cv_lib_ldap50_main" >&6; } if test "x$ac_cv_lib_ldap50_main" = xyes; then : LIBS="-lldap50 -lssldap50 -lssl3 -lnss3 -lnspr4 -lprldap50 -lplc4 -lplds4 $LIBS" found_ldap_lib=yes fi fi if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape4 \) then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lldapssl41" >&5 $as_echo_n "checking for main in -lldapssl41... " >&6; } if ${ac_cv_lib_ldapssl41_main+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lldapssl41 -lpthread $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { return main (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_ldapssl41_main=yes else ac_cv_lib_ldapssl41_main=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldapssl41_main" >&5 $as_echo "$ac_cv_lib_ldapssl41_main" >&6; } if test "x$ac_cv_lib_ldapssl41_main" = xyes; then : LIBS="-lldapssl41 -lplc3 -lplds3 -lnspr3 $LIBS" found_ldap_lib=yes fi if test -z "$found_ldap_lib" then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lldapssl40" >&5 $as_echo_n "checking for main in -lldapssl40... " >&6; } if ${ac_cv_lib_ldapssl40_main+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lldapssl40 -lpthread $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { return main (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_ldapssl40_main=yes else ac_cv_lib_ldapssl40_main=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldapssl40_main" >&5 $as_echo "$ac_cv_lib_ldapssl40_main" >&6; } if test "x$ac_cv_lib_ldapssl40_main" = xyes; then : LIBS="-lldapssl40 $LIBS" found_ldap_lib=yes fi fi if test -z "$found_ldap_lib" then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lldap41" >&5 $as_echo_n "checking for main in -lldap41... " >&6; } if ${ac_cv_lib_ldap41_main+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lldap41 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { return main (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_ldap41_main=yes else ac_cv_lib_ldap41_main=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldap41_main" >&5 $as_echo "$ac_cv_lib_ldap41_main" >&6; } if test "x$ac_cv_lib_ldap41_main" = xyes; then : LIBS="-lldap41 $LIBS" found_ldap_lib=yes fi fi if test -z "$found_ldap_lib" then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lldap40" >&5 $as_echo_n "checking for main in -lldap40... " >&6; } if ${ac_cv_lib_ldap40_main+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lldap40 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { return main (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_ldap40_main=yes else ac_cv_lib_ldap40_main=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldap40_main" >&5 $as_echo "$ac_cv_lib_ldap40_main" >&6; } if test "x$ac_cv_lib_ldap40_main" = xyes; then : LIBS="-lldap40 $LIBS" found_ldap_lib=yes fi fi fi if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape3 \) then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lldapssl30" >&5 $as_echo_n "checking for main in -lldapssl30... " >&6; } if ${ac_cv_lib_ldapssl30_main+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lldapssl30 -lpthread $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { return main (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_ldapssl30_main=yes else ac_cv_lib_ldapssl30_main=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldapssl30_main" >&5 $as_echo "$ac_cv_lib_ldapssl30_main" >&6; } if test "x$ac_cv_lib_ldapssl30_main" = xyes; then : LIBS="-lldapssl30 $LIBS" found_ldap_lib=yes fi fi for ac_func in ldap_search_ext do : ac_fn_c_check_func "$LINENO" "ldap_search_ext" "ac_cv_func_ldap_search_ext" if test "x$ac_cv_func_ldap_search_ext" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LDAP_SEARCH_EXT 1 _ACEOF else as_fn_error $? "could not locate a valid LDAP library" "$LINENO" 5 fi done # see if we need a BER library { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing ber_bvfree" >&5 $as_echo_n "checking for library containing ber_bvfree... " >&6; } if ${ac_cv_search_ber_bvfree+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ber_bvfree (); int main () { return ber_bvfree (); ; return 0; } _ACEOF for ac_lib in '' lber; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_ber_bvfree=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_ber_bvfree+:} false; then : break fi done if ${ac_cv_search_ber_bvfree+:} false; then : else ac_cv_search_ber_bvfree=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_ber_bvfree" >&5 $as_echo "$ac_cv_search_ber_bvfree" >&6; } ac_res=$ac_cv_search_ber_bvfree if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi # check for extra SASL libraries if test "$enable_sasl" = "yes" then ac_fn_c_check_type "$LINENO" "sasl_interact_t" "ac_cv_type_sasl_interact_t" " #ifdef HAVE_SASL_SASL_H #include #elif defined(HAVE_SASL_H) #include #endif " if test "x$ac_cv_type_sasl_interact_t" = xyes; then : $as_echo "#define HAVE_SASL_INTERACT_T 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing ldap_sasl_interactive_bind_s" >&5 $as_echo_n "checking for library containing ldap_sasl_interactive_bind_s... " >&6; } if ${ac_cv_search_ldap_sasl_interactive_bind_s+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ldap_sasl_interactive_bind_s (); int main () { return ldap_sasl_interactive_bind_s (); ; return 0; } _ACEOF for ac_lib in '' sasl2; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_ldap_sasl_interactive_bind_s=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_ldap_sasl_interactive_bind_s+:} false; then : break fi done if ${ac_cv_search_ldap_sasl_interactive_bind_s+:} false; then : else ac_cv_search_ldap_sasl_interactive_bind_s=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_ldap_sasl_interactive_bind_s" >&5 $as_echo "$ac_cv_search_ldap_sasl_interactive_bind_s" >&6; } ac_res=$ac_cv_search_ldap_sasl_interactive_bind_s if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi for ac_func in ldap_sasl_interactive_bind_s do : ac_fn_c_check_func "$LINENO" "ldap_sasl_interactive_bind_s" "ac_cv_func_ldap_sasl_interactive_bind_s" if test "x$ac_cv_func_ldap_sasl_interactive_bind_s" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LDAP_SASL_INTERACTIVE_BIND_S 1 _ACEOF fi done fi # check for extra Kerberos libraries if test "$enable_kerberos" = "yes" then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gss_krb5_ccache_name" >&5 $as_echo_n "checking for library containing gss_krb5_ccache_name... " >&6; } if ${ac_cv_search_gss_krb5_ccache_name+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gss_krb5_ccache_name (); int main () { return gss_krb5_ccache_name (); ; return 0; } _ACEOF for ac_lib in '' gssapi gssapi_krb5; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_gss_krb5_ccache_name=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_gss_krb5_ccache_name+:} false; then : break fi done if ${ac_cv_search_gss_krb5_ccache_name+:} false; then : else ac_cv_search_gss_krb5_ccache_name=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gss_krb5_ccache_name" >&5 $as_echo "$ac_cv_search_gss_krb5_ccache_name" >&6; } ac_res=$ac_cv_search_gss_krb5_ccache_name if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi for ac_func in gss_krb5_ccache_name do : ac_fn_c_check_func "$LINENO" "gss_krb5_ccache_name" "ac_cv_func_gss_krb5_ccache_name" if test "x$ac_cv_func_gss_krb5_ccache_name" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GSS_KRB5_CCACHE_NAME 1 _ACEOF fi done fi # check for ldap function availability for ac_func in ldap_parse_result ldap_memfree ldap_controls_free ldap_control_free do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in ldap_explode_dn ldap_explode_rdn ldap_set_option ldap_get_option do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in ldap_abandon ldap_simple_bind_s ldap_unbind ldap_set_rebind_proc do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in ldap_initialize ldap_search_ext ldap_start_tls_s do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in ldap_create_control ldap_extended_operation_s do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in ldap_domain2hostlist ldap_domain2dn do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in ldap_get_values ldap_get_values_len ldap_value_free ldap_value_free_len do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in ldap_get_dn ldap_explode_dn ldap_count_values_len do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in ldap_err2string ldap_msgfree ldap_result do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in ber_bvfree ber_free ber_set_option ldap_modify_ext_s do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in ldap_first_attribute ldap_next_attribute do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done # replace ldap_create_page_control() and ldap_parse_page_control() for ac_func in ldap_create_page_control ldap_parse_page_control do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF else case " $LIBOBJS " in *" pagectrl.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS pagectrl.$ac_objext" ;; esac fi done ac_fn_c_check_decl "$LINENO" "ldap_extended_operation_s" "ac_cv_have_decl_ldap_extended_operation_s" " #if HAVE_LBER_H #include #endif #include " if test "x$ac_cv_have_decl_ldap_extended_operation_s" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_LDAP_EXTENDED_OPERATION_S $ac_have_decl _ACEOF # replace other ldap functions ac_fn_c_check_func "$LINENO" "ldap_passwd_s" "ac_cv_func_ldap_passwd_s" if test "x$ac_cv_func_ldap_passwd_s" = xyes; then : $as_echo "#define HAVE_LDAP_PASSWD_S 1" >>confdefs.h else case " $LIBOBJS " in *" ldap_passwd_s.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS ldap_passwd_s.$ac_objext" ;; esac fi ac_fn_c_check_func "$LINENO" "ldap_initialize" "ac_cv_func_ldap_initialize" if test "x$ac_cv_func_ldap_initialize" = xyes; then : $as_echo "#define HAVE_LDAP_INITIALIZE 1" >>confdefs.h else case " $LIBOBJS " in *" ldap_initialize.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS ldap_initialize.$ac_objext" ;; esac fi # check the number of arguments that ldap_set_rebind_proc() uses { $as_echo "$as_me:${as_lineno-$LINENO}: checking number of arguments to ldap_set_rebind_proc" >&5 $as_echo_n "checking number of arguments to ldap_set_rebind_proc... " >&6; } if ${nss_ldapd_cv_ldap_set_rebind_proc_args+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { ldap_set_rebind_proc(0,0,0); ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : nss_ldapd_cv_ldap_set_rebind_proc_args=3 else nss_ldapd_cv_ldap_set_rebind_proc_args=2 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $nss_ldapd_cv_ldap_set_rebind_proc_args" >&5 $as_echo "$nss_ldapd_cv_ldap_set_rebind_proc_args" >&6; } cat >>confdefs.h <<_ACEOF #define LDAP_SET_REBIND_PROC_ARGS $nss_ldapd_cv_ldap_set_rebind_proc_args _ACEOF # check the return type of ldap_set_rebind_proc() { $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of ldap_set_rebind_proc" >&5 $as_echo_n "checking return type of ldap_set_rebind_proc... " >&6; } if ${nss_ldapd_cv_ldap_set_rebind_proc_type+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { #if LDAP_SET_REBIND_PROC_ARGS == 3 return ldap_set_rebind_proc(0,0,0); #else return ldap_set_rebind_proc(0,0); #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : nss_ldapd_cv_ldap_set_rebind_proc_type=int else nss_ldapd_cv_ldap_set_rebind_proc_type=void fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $nss_ldapd_cv_ldap_set_rebind_proc_type" >&5 $as_echo "$nss_ldapd_cv_ldap_set_rebind_proc_type" >&6; } if test "x$nss_ldapd_cv_ldap_set_rebind_proc_type" = "xvoid" then $as_echo "#define LDAP_SET_REBIND_PROC_RETURNS_VOID 1" >>confdefs.h fi # save nslcd LIBS and CFLAGS and restore originals nslcd_CFLAGS="$CFLAGS" nslcd_LIBS="$LIBS" CFLAGS="$nslcd_save_CFLAGS" LIBS="$nslcd_save_LIBS" fi # pynslcd daemon-specific tests if test "x$enable_pynslcd" = "xyes" then # check Python interpreter if test -n "$PYTHON"; then # If the user set $PYTHON, use it and don't search something else. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version >= 2.5" >&5 $as_echo_n "checking whether $PYTHON version >= 2.5... " >&6; } prog="import sys # split strings by '.' and convert to numeric. Append some zeros # because we need at least 4 digits for the hex conversion. # map returns an iterator in Python 3.0 and a list in 2.x minver = list(map(int, '2.5'.split('.'))) + [0, 0, 0] minverhex = 0 # xrange is not present in Python 3.0 and range returns an iterator for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i] sys.exit(sys.hexversion < minverhex)" if { echo "$as_me:$LINENO: $PYTHON -c "$prog"" >&5 ($PYTHON -c "$prog") >&5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else as_fn_error $? "too old" "$LINENO" 5 fi am_display_PYTHON=$PYTHON else # Otherwise, try each interpreter until we find one that satisfies # VERSION. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a Python interpreter with version >= 2.5" >&5 $as_echo_n "checking for a Python interpreter with version >= 2.5... " >&6; } if ${am_cv_pathless_PYTHON+:} false; then : $as_echo_n "(cached) " >&6 else for am_cv_pathless_PYTHON in python python2 python3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do test "$am_cv_pathless_PYTHON" = none && break prog="import sys # split strings by '.' and convert to numeric. Append some zeros # because we need at least 4 digits for the hex conversion. # map returns an iterator in Python 3.0 and a list in 2.x minver = list(map(int, '2.5'.split('.'))) + [0, 0, 0] minverhex = 0 # xrange is not present in Python 3.0 and range returns an iterator for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i] sys.exit(sys.hexversion < minverhex)" if { echo "$as_me:$LINENO: $am_cv_pathless_PYTHON -c "$prog"" >&5 ($am_cv_pathless_PYTHON -c "$prog") >&5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then : break fi done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_pathless_PYTHON" >&5 $as_echo "$am_cv_pathless_PYTHON" >&6; } # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON. if test "$am_cv_pathless_PYTHON" = none; then PYTHON=: else # Extract the first word of "$am_cv_pathless_PYTHON", so it can be a program name with args. set dummy $am_cv_pathless_PYTHON; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_PYTHON+:} false; then : $as_echo_n "(cached) " >&6 else case $PYTHON in [\\/]* | ?:[\\/]*) ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi PYTHON=$ac_cv_path_PYTHON if test -n "$PYTHON"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 $as_echo "$PYTHON" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi am_display_PYTHON=$am_cv_pathless_PYTHON fi if test "$PYTHON" = :; then as_fn_error $? "no suitable Python interpreter found" "$LINENO" 5 else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5 $as_echo_n "checking for $am_display_PYTHON version... " >&6; } if ${am_cv_python_version+:} false; then : $as_echo_n "(cached) " >&6 else am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[:3])"` fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5 $as_echo "$am_cv_python_version" >&6; } PYTHON_VERSION=$am_cv_python_version PYTHON_PREFIX='${prefix}' PYTHON_EXEC_PREFIX='${exec_prefix}' { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5 $as_echo_n "checking for $am_display_PYTHON platform... " >&6; } if ${am_cv_python_platform+:} false; then : $as_echo_n "(cached) " >&6 else am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"` fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5 $as_echo "$am_cv_python_platform" >&6; } PYTHON_PLATFORM=$am_cv_python_platform { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory" >&5 $as_echo_n "checking for $am_display_PYTHON script directory... " >&6; } if ${am_cv_python_pythondir+:} false; then : $as_echo_n "(cached) " >&6 else if test "x$prefix" = xNONE then am_py_prefix=$ac_default_prefix else am_py_prefix=$prefix fi am_cv_python_pythondir=`$PYTHON -c "import sys; from distutils import sysconfig; sys.stdout.write(sysconfig.get_python_lib(0,0,prefix='$am_py_prefix'))" 2>/dev/null` case $am_cv_python_pythondir in $am_py_prefix*) am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` ;; *) case $am_py_prefix in /usr|/System*) ;; *) am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages ;; esac ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5 $as_echo "$am_cv_python_pythondir" >&6; } pythondir=$am_cv_python_pythondir pkgpythondir=\${pythondir}/$PACKAGE { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory" >&5 $as_echo_n "checking for $am_display_PYTHON extension module directory... " >&6; } if ${am_cv_python_pyexecdir+:} false; then : $as_echo_n "(cached) " >&6 else if test "x$exec_prefix" = xNONE then am_py_exec_prefix=$am_py_prefix else am_py_exec_prefix=$exec_prefix fi am_cv_python_pyexecdir=`$PYTHON -c "import sys; from distutils import sysconfig; sys.stdout.write(sysconfig.get_python_lib(1,0,prefix='$am_py_exec_prefix'))" 2>/dev/null` case $am_cv_python_pyexecdir in $am_py_exec_prefix*) am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` ;; *) case $am_py_exec_prefix in /usr|/System*) ;; *) am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages ;; esac ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5 $as_echo "$am_cv_python_pyexecdir" >&6; } pyexecdir=$am_cv_python_pyexecdir pkgpyexecdir=\${pyexecdir}/$PACKAGE fi fi if test "x${with_nss_flavour}" = xglibc; then NSS_FLAVOUR_GLIBC_TRUE= NSS_FLAVOUR_GLIBC_FALSE='#' else NSS_FLAVOUR_GLIBC_TRUE='#' NSS_FLAVOUR_GLIBC_FALSE= fi if test "x${with_nss_flavour}" = xsolaris; then NSS_FLAVOUR_SOLARIS_TRUE= NSS_FLAVOUR_SOLARIS_FALSE='#' else NSS_FLAVOUR_SOLARIS_TRUE='#' NSS_FLAVOUR_SOLARIS_FALSE= fi if test "x${with_nss_flavour}" = xfreebsd; then NSS_FLAVOUR_FREEBSD_TRUE= NSS_FLAVOUR_FREEBSD_FALSE='#' else NSS_FLAVOUR_FREEBSD_TRUE='#' NSS_FLAVOUR_FREEBSD_FALSE= fi # generate files ac_config_files="$ac_config_files Makefile compat/Makefile common/Makefile nss/Makefile pam/Makefile nslcd/Makefile pynslcd/Makefile pynslcd/config.py man/Makefile tests/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then if test "x$cache_file" != "x/dev/null"; then { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 $as_echo "$as_me: updating cache $cache_file" >&6;} if test ! -f "$cache_file" || test -h "$cache_file"; then cat confcache >"$cache_file" else case $cache_file in #( */* | ?:*) mv -f confcache "$cache_file"$$ && mv -f "$cache_file"$$ "$cache_file" ;; #( *) mv -f confcache "$cache_file" ;; esac fi fi else { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' ac_i=`$as_echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs if test -n "$EXEEXT"; then am__EXEEXT_TRUE= am__EXEEXT_FALSE='#' else am__EXEEXT_TRUE='#' am__EXEEXT_FALSE= fi if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then as_fn_error $? "conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then as_fn_error $? "conditional \"am__fastdepCC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${GENMAN_TRUE}" && test -z "${GENMAN_FALSE}"; then as_fn_error $? "conditional \"GENMAN\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then as_fn_error $? "conditional \"MAINTAINER_MODE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${ENABLE_NSS_TRUE}" && test -z "${ENABLE_NSS_FALSE}"; then as_fn_error $? "conditional \"ENABLE_NSS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${ENABLE_PAM_TRUE}" && test -z "${ENABLE_PAM_FALSE}"; then as_fn_error $? "conditional \"ENABLE_PAM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${ENABLE_NSLCD_TRUE}" && test -z "${ENABLE_NSLCD_FALSE}"; then as_fn_error $? "conditional \"ENABLE_NSLCD\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${ENABLE_PYNSLCD_TRUE}" && test -z "${ENABLE_PYNSLCD_FALSE}"; then as_fn_error $? "conditional \"ENABLE_PYNSLCD\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${NSS_FLAVOUR_GLIBC_TRUE}" && test -z "${NSS_FLAVOUR_GLIBC_FALSE}"; then as_fn_error $? "conditional \"NSS_FLAVOUR_GLIBC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${NSS_FLAVOUR_SOLARIS_TRUE}" && test -z "${NSS_FLAVOUR_SOLARIS_FALSE}"; then as_fn_error $? "conditional \"NSS_FLAVOUR_SOLARIS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${NSS_FLAVOUR_FREEBSD_TRUE}" && test -z "${NSS_FLAVOUR_FREEBSD_FALSE}"; then as_fn_error $? "conditional \"NSS_FLAVOUR_FREEBSD\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 $as_echo "$as_me: creating $CONFIG_STATUS" >&6;} as_write_fail=0 cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} export SHELL _ASEOF cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 ## ----------------------------------- ## ## Main body of $CONFIG_STATUS script. ## ## ----------------------------------- ## _ASEOF test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by nss-pam-ldapd $as_me 0.8.13, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ on `(hostname || uname -n) 2>/dev/null | sed 1q` " _ACEOF case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac case $ac_config_headers in *" "*) set x $ac_config_headers; shift; ac_config_headers=$*;; esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" config_headers="$ac_config_headers" config_commands="$ac_config_commands" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ \`$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. Usage: $0 [OPTION]... [TAG]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit --config print configuration, then exit -q, --quiet, --silent do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE --header=FILE[:TEMPLATE] instantiate the configuration header FILE Configuration files: $config_files Configuration headers: $config_headers Configuration commands: $config_commands Report bugs to . nss-pam-ldapd home page: ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ nss-pam-ldapd config.status 0.8.13 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Copyright (C) 2012 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' INSTALL='$INSTALL' MKDIR_P='$MKDIR_P' AWK='$AWK' test -n "\$AWK" || AWK=awk _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # The default lists apply if the user does not specify any file. ac_need_defaults=: while test $# != 0 do case $1 in --*=?*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; --*=) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg= ac_shift=: ;; *) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; esac case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; --config | --confi | --conf | --con | --co | --c ) $as_echo "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; --header | --heade | --head | --hea ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac as_fn_append CONFIG_HEADERS " '$ac_optarg'" ac_need_defaults=false;; --he | --h) # Conflict between --help and --header as_fn_error $? "ambiguous option: \`$1' Try \`$0 --help' for more information.";; --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) as_fn_error $? "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX $as_echo "$ac_log" } >&5 _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # # INIT-COMMANDS # AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "compat/Makefile") CONFIG_FILES="$CONFIG_FILES compat/Makefile" ;; "common/Makefile") CONFIG_FILES="$CONFIG_FILES common/Makefile" ;; "nss/Makefile") CONFIG_FILES="$CONFIG_FILES nss/Makefile" ;; "pam/Makefile") CONFIG_FILES="$CONFIG_FILES pam/Makefile" ;; "nslcd/Makefile") CONFIG_FILES="$CONFIG_FILES nslcd/Makefile" ;; "pynslcd/Makefile") CONFIG_FILES="$CONFIG_FILES pynslcd/Makefile" ;; "pynslcd/config.py") CONFIG_FILES="$CONFIG_FILES pynslcd/config.py" ;; "man/Makefile") CONFIG_FILES="$CONFIG_FILES man/Makefile" ;; "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: # after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= ac_tmp= trap 'exit_status=$? : "${ac_tmp:=$tmp}" { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status ' 0 trap 'as_fn_exit 1' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 ac_tmp=$tmp # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. # This happens for instance with `./config.status config.h'. if test -n "$CONFIG_FILES"; then ac_cr=`echo X | tr X '\015'` # On cygwin, bash can eat \r inside `` if the user requested igncr. # But we know of no other shell where ac_cr would be empty at this # point, so we can use a bashism as a fallback. if test "x$ac_cr" = x; then eval ac_cr=\$\'\\r\' fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi echo 'BEGIN {' >"$ac_tmp/subs1.awk" && _ACEOF { echo "cat >conf$$subs.awk <<_ACEOF" && echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done rm -f conf$$subs.sh cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && _ACEOF sed -n ' h s/^/S["/; s/!.*/"]=/ p g s/^[^!]*!// :repl t repl s/'"$ac_delim"'$// t delim :nl h s/\(.\{148\}\)..*/\1/ t more1 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ p n b repl :more1 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t nl :delim h s/\(.\{148\}\)..*/\1/ t more2 s/["\\]/\\&/g; s/^/"/; s/$/"/ p b :more2 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t delim ' >$CONFIG_STATUS || ac_write_fail=1 rm -f conf$$subs.awk cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACAWK cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && for (key in S) S_is_set[key] = 1 FS = "" } { line = $ 0 nfields = split(line, field, "@") substed = 0 len = length(field[1]) for (i = 2; i < nfields; i++) { key = field[i] keylen = length(key) if (S_is_set[key]) { value = S[key] line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) len += length(value) + length(field[++i]) substed = 1 } else len += 1 + keylen } print line } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" else cat fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 _ACEOF # VPATH may cause trouble with some makes, so we remove sole $(srcdir), # ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ h s/// s/^/:/ s/[ ]*$/:/ s/:\$(srcdir):/:/g s/:\${srcdir}:/:/g s/:@srcdir@:/:/g s/^:*// s/:*$// x s/\(=[ ]*\).*/\1/ G s/\n// s/^[^=]*=[ ]*$// }' fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" # Set up the scripts for CONFIG_HEADERS section. # No need to generate them if there are no CONFIG_HEADERS. # This happens for instance with `./config.status Makefile'. if test -n "$CONFIG_HEADERS"; then cat >"$ac_tmp/defines.awk" <<\_ACAWK || BEGIN { _ACEOF # Transform confdefs.h into an awk script `defines.awk', embedded as # here-document in config.status, that substitutes the proper values into # config.h.in to produce config.h. # Create a delimiter string that does not exist in confdefs.h, to ease # handling of long lines. ac_delim='%!_!# ' for ac_last_try in false false :; do ac_tt=`sed -n "/$ac_delim/p" confdefs.h` if test -z "$ac_tt"; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done # For the awk script, D is an array of macro values keyed by name, # likewise P contains macro parameters if any. Preserve backslash # newline sequences. ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* sed -n ' s/.\{148\}/&'"$ac_delim"'/g t rset :rset s/^[ ]*#[ ]*define[ ][ ]*/ / t def d :def s/\\$// t bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3"/p s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p d :bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3\\\\\\n"\\/p t cont s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p t cont d :cont n s/.\{148\}/&'"$ac_delim"'/g t clear :clear s/\\$// t bsnlc s/["\\]/\\&/g; s/^/"/; s/$/"/p d :bsnlc s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p b cont ' >$CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 for (key in D) D_is_set[key] = 1 FS = "" } /^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { line = \$ 0 split(line, arg, " ") if (arg[1] == "#") { defundef = arg[2] mac1 = arg[3] } else { defundef = substr(arg[1], 2) mac1 = arg[2] } split(mac1, mac2, "(") #) macro = mac2[1] prefix = substr(line, 1, index(line, defundef) - 1) if (D_is_set[macro]) { # Preserve the white space surrounding the "#". print prefix "define", macro P[macro] D[macro] next } else { # Replace #undef with comments. This is necessary, for example, # in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. if (defundef == "undef") { print "/*", prefix defundef, macro, "*/" next } } } { print } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 fi # test -n "$CONFIG_HEADERS" eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" shift for ac_tag do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: set x $ac_tag IFS=$ac_save_IFS shift ac_file=$1 shift case $ac_mode in :L) ac_source=$1;; :[FH]) ac_file_inputs= for ac_f do case $ac_f in -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 $as_echo "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) ac_sed_conf_input=`$as_echo "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac case $ac_tag in *:-:* | *:-) cat >"$ac_tmp/stdin" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac ac_dir=`$as_dirname -- "$ac_file" || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir="$ac_dir"; as_fn_mkdir_p ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix case $ac_mode in :F) # # CONFIG_FILE # case $INSTALL in [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; esac ac_MKDIR_P=$MKDIR_P case $MKDIR_P in [\\/$]* | ?:[\\/]* ) ;; */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; esac _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= ac_sed_dataroot=' /datarootdir/ { p q } /@datadir@/p /@docdir@/p /@infodir@/p /@localedir@/p /@mandir@/p' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_sed_extra="$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s|@configure_input@|$ac_sed_conf_input|;t t s&@top_builddir@&$ac_top_builddir_sub&;t t s&@top_build_prefix@&$ac_top_build_prefix&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t s&@INSTALL@&$ac_INSTALL&;t t s&@MKDIR_P@&$ac_MKDIR_P&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" case $ac_file in -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; esac \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; :H) # # CONFIG_HEADER # if test x"$ac_file" != x-; then { $as_echo "/* $configure_input */" \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" } >"$ac_tmp/config.h" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 $as_echo "$as_me: $ac_file is unchanged" >&6;} else rm -f "$ac_file" mv "$ac_tmp/config.h" "$ac_file" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 fi else $as_echo "/* $configure_input */" \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ || as_fn_error $? "could not create -" "$LINENO" 5 fi # Compute "$ac_file"'s index in $config_headers. _am_arg="$ac_file" _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in $_am_arg | $_am_arg:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || $as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$_am_arg" : 'X\(//\)[^/]' \| \ X"$_am_arg" : 'X\(//\)$' \| \ X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$_am_arg" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'`/stamp-h$_am_stamp_count ;; :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 $as_echo "$as_me: executing $ac_file commands" >&6;} ;; esac case $ac_file$ac_mode in "depfiles":C) test x"$AMDEP_TRUE" != x"" || { # Autoconf 2.62 quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. case $CONFIG_FILES in *\'*) eval set x "$CONFIG_FILES" ;; *) set x $CONFIG_FILES ;; esac shift for mf do # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. # We used to match only the files named `Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. # Grep'ing the whole file is not good either: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then dirpart=`$as_dirname -- "$mf" || $as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$mf" : 'X\(//\)[^/]' \| \ X"$mf" : 'X\(//\)$' \| \ X"$mf" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$mf" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` else continue fi # Extract the definition of DEPDIR, am__include, and am__quote # from the Makefile without running `make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` test -z "am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` # When using ansi2knr, U may be empty or an underscore; expand it U=`sed -n 's/^U = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`$as_dirname -- "$file" || $as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$file" : 'X\(//\)[^/]' \| \ X"$file" : 'X\(//\)$' \| \ X"$file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir=$dirpart/$fdir; as_fn_mkdir_p # echo "creating $dirpart/$file" echo '# dummy' > "$dirpart/$file" done done } ;; esac done # for ac_tag as_fn_exit 0 _ACEOF ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi nss-pam-ldapd-0.8.13/common/0000755000175000001440000000000012141476126012534 500000000000000nss-pam-ldapd-0.8.13/common/tio.c0000644000175000001440000003550512060741373013422 00000000000000/* tio.c - timed io functions This file is part of the nss-pam-ldapd library. Copyright (C) 2007, 2008, 2010, 2011, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #ifdef HAVE_STDINT_H #include #endif /* HAVE_STDINT_H */ #include #include #include #include #include #include #include #include #include #include #include #include "tio.h" /* for platforms that don't have ETIME use ETIMEDOUT */ #ifndef ETIME #define ETIME ETIMEDOUT #endif /* ETIME */ /* structure that holds a buffer the buffer contains the data that is between the application and the file descriptor that is used for efficient transfer the buffer is built up as follows: |.....********......| ^start ^size ^--len--^ */ struct tio_buffer { uint8_t *buffer; size_t size; /* the size of the buffer */ size_t maxsize; /* the maximum size of the buffer */ size_t start; /* the start of the data (before start is unused) */ size_t len; /* size of the data (from the start) */ }; /* structure that holds all the state for files */ struct tio_fileinfo { int fd; struct tio_buffer readbuffer; struct tio_buffer writebuffer; int readtimeout; int writetimeout; int read_resettable; /* whether the tio_reset() function can be called */ #ifdef DEBUG_TIO_STATS /* this is used to collect statistics on the use of the streams and can be used to tune the buffer sizes */ size_t byteswritten; size_t bytesread; #endif /* DEBUG_TIO_STATS */ }; /* build a timeval for comparison to when the operation should be finished */ static inline void tio_get_deadline(struct timeval *deadline,int timeout) { if (gettimeofday(deadline,NULL)) { /* just blank it in case of errors */ deadline->tv_sec=0; deadline->tv_usec=0; return; } deadline->tv_sec+=timeout/1000; deadline->tv_usec+=(timeout%1000)*1000; } /* update the timeout to the value that is remaining before deadline returns non-zero if there is no more time before the deadline */ static inline int tio_time_remaining(const struct timeval *deadline) { struct timeval tv; /* get the current time */ if (gettimeofday(&tv,NULL)) { /* 1 second default if gettimeofday() is broken */ return 1000; } /* calculate time remaining in miliseconds */ return (deadline->tv_sec-tv.tv_sec)*1000 + (deadline->tv_usec-tv.tv_usec)/1000; } /* open a new TFILE based on the file descriptor */ TFILE *tio_fdopen(int fd,int readtimeout,int writetimeout, size_t initreadsize,size_t maxreadsize, size_t initwritesize,size_t maxwritesize) { struct tio_fileinfo *fp; fp=(struct tio_fileinfo *)malloc(sizeof(struct tio_fileinfo)); if (fp==NULL) return NULL; fp->fd=fd; /* initialize read buffer */ fp->readbuffer.buffer=(uint8_t *)malloc(initreadsize); if (fp->readbuffer.buffer==NULL) { free(fp); return NULL; } fp->readbuffer.size=initreadsize; fp->readbuffer.maxsize=maxreadsize; fp->readbuffer.start=0; fp->readbuffer.len=0; /* initialize write buffer */ fp->writebuffer.buffer=(uint8_t *)malloc(initwritesize); if (fp->writebuffer.buffer==NULL) { free(fp->readbuffer.buffer); free(fp); return NULL; } fp->writebuffer.size=initwritesize; fp->writebuffer.maxsize=maxwritesize; fp->writebuffer.start=0; fp->writebuffer.len=0; /* initialize other attributes */ fp->readtimeout=readtimeout; fp->writetimeout=writetimeout; fp->read_resettable=0; #ifdef DEBUG_TIO_STATS fp->byteswritten=0; fp->bytesread=0; #endif /* DEBUG_TIO_STATS */ return fp; } /* wait for any activity on the specified file descriptor using the specified deadline */ static int tio_wait(TFILE *fp,int readfd,const struct timeval *deadline) { int timeout; struct pollfd fds[1]; int rv; while (1) { /* figure out the time we need to wait */ if ((timeout=tio_time_remaining(deadline))<0) { errno=ETIME; return -1; } /* wait for activity */ if (readfd) { fds[0].fd=fp->fd; fds[0].events=POLLIN; /* santiy check for moving clock */ if (timeout>fp->readtimeout) timeout=fp->readtimeout; } else { fds[0].fd=fp->fd; fds[0].events=POLLOUT; /* santiy check for moving clock */ if (timeout>fp->writetimeout) timeout=fp->writetimeout; } rv=poll(fds,1,timeout); if (rv>0) return 0; /* we have activity */ else if (rv==0) { /* no file descriptors were available within the specified time */ errno=ETIME; return -1; } else if (errno!=EINTR) /* some error ocurred */ return -1; /* we just try again on EINTR */ } } /* do a read on the file descriptor, returning the data in the buffer if no data was read in the specified time an error is returned */ int tio_read(TFILE *fp, void *buf, size_t count) { struct timeval deadline; int rv; uint8_t *tmp; size_t newsz; size_t len; /* have a more convenient storage type for the buffer */ uint8_t *ptr=(uint8_t *)buf; /* build a time by which we should be finished */ tio_get_deadline(&deadline,fp->readtimeout); /* loop until we have returned all the needed data */ while (1) { /* check if we have enough data in the buffer */ if (fp->readbuffer.len >= count) { if (count>0) { if (ptr!=NULL) memcpy(ptr,fp->readbuffer.buffer+fp->readbuffer.start,count); /* adjust buffer position */ fp->readbuffer.start+=count; fp->readbuffer.len-=count; } return 0; } /* empty what we have and continue from there */ if (fp->readbuffer.len>0) { if (ptr!=NULL) { memcpy(ptr,fp->readbuffer.buffer+fp->readbuffer.start,fp->readbuffer.len); ptr+=fp->readbuffer.len; } count-=fp->readbuffer.len; fp->readbuffer.start+=fp->readbuffer.len; fp->readbuffer.len=0; } /* after this point until the read fp->readbuffer.len is 0 */ if (!fp->read_resettable) { /* the stream is not resettable, re-use the buffer */ fp->readbuffer.start=0; } else if (fp->readbuffer.start>=(fp->readbuffer.size-4)) { /* buffer is running empty, try to grow buffer */ if (fp->readbuffer.sizereadbuffer.maxsize) { newsz=fp->readbuffer.size*2; if (newsz>fp->readbuffer.maxsize) newsz=fp->readbuffer.maxsize; tmp=realloc(fp->readbuffer.buffer,newsz); if (tmp!=NULL) { fp->readbuffer.buffer=tmp; fp->readbuffer.size=newsz; } } /* if buffer still does not contain enough room, clear resettable */ if (fp->readbuffer.start>=(fp->readbuffer.size-4)) { fp->readbuffer.start=0; fp->read_resettable=0; } } /* wait until we have input */ if (tio_wait(fp,1,&deadline)) return -1; /* read the input in the buffer */ len=fp->readbuffer.size-fp->readbuffer.start; #ifdef SSIZE_MAX if (len>SSIZE_MAX) len=SSIZE_MAX; #endif /* SSIZE_MAX */ rv=read(fp->fd,fp->readbuffer.buffer+fp->readbuffer.start,len); /* check for errors */ if (rv==0) { errno=ECONNRESET; return -1; } else if ((rv<0)&&(errno!=EINTR)&&(errno!=EAGAIN)) return -1; /* something went wrong with the read */ /* skip the read part in the buffer */ fp->readbuffer.len=rv; #ifdef DEBUG_TIO_STATS fp->bytesread+=rv; #endif /* DEBUG_TIO_STATS */ } } /* Read and discard the specified number of bytes from the stream. */ int tio_skip(TFILE *fp, size_t count) { return tio_read(fp,NULL,count); } /* Read all available data from the stream and empty the read buffer. */ int tio_skipall(TFILE *fp) { struct pollfd fds[1]; int rv; size_t len; /* clear the read buffer */ fp->readbuffer.start=0; fp->readbuffer.len=0; fp->read_resettable=0; /* read until we can't read no more */ len=fp->readbuffer.size; #ifdef SSIZE_MAX if (len>SSIZE_MAX) len=SSIZE_MAX; #endif /* SSIZE_MAX */ while (1) { /* see if any data is available */ fds[0].fd=fp->fd; fds[0].events=POLLIN; rv=poll(fds,1,0); /* check the poll() result */ if (rv==0) return 0; /* no file descriptor ready */ if ((rv<0)&&((errno==EINTR)||(errno==EAGAIN))) continue; /* interrupted, try again */ if (rv<0) return -1; /* something went wrong */ /* read data from the stream */ rv=read(fp->fd,fp->readbuffer.buffer,len); if (rv==0) return 0; /* end-of-file */ if ((rv<0)&&(errno==EWOULDBLOCK)) return 0; /* we've ready everything we can without blocking */ if ((rv<0)&&(errno!=EINTR)&&(errno!=EAGAIN)) return -1; /* something went wrong with the read */ } } /* the caller has assured us that we can write to the file descriptor and we give it a shot */ static int tio_writebuf(TFILE *fp) { int rv; /* write the buffer */ #ifdef MSG_NOSIGNAL rv=send(fp->fd,fp->writebuffer.buffer+fp->writebuffer.start,fp->writebuffer.len,MSG_NOSIGNAL); #else /* not MSG_NOSIGNAL */ /* on platforms that cannot use send() with masked signals, we change the signal mask and change it back after the write (note that there is a race condition here) */ struct sigaction act,oldact; /* set up sigaction */ memset(&act,0,sizeof(struct sigaction)); act.sa_sigaction=NULL; act.sa_handler=SIG_IGN; sigemptyset(&act.sa_mask); act.sa_flags=SA_RESTART; /* ignore SIGPIPE */ if (sigaction(SIGPIPE,&act,&oldact)!=0) return -1; /* error setting signal handler */ /* write the buffer */ rv=write(fp->fd,fp->writebuffer.buffer+fp->writebuffer.start,fp->writebuffer.len); /* restore the old handler for SIGPIPE */ if (sigaction(SIGPIPE,&oldact,NULL)!=0) return -1; /* error restoring signal handler */ #endif /* check for errors */ if ((rv==0)||((rv<0)&&(errno!=EINTR)&&(errno!=EAGAIN))) return -1; /* something went wrong with the write */ /* skip the written part in the buffer */ if (rv>0) { fp->writebuffer.start+=rv; fp->writebuffer.len-=rv; #ifdef DEBUG_TIO_STATS fp->byteswritten+=rv; #endif /* DEBUG_TIO_STATS */ /* reset start if len is 0 */ if (fp->writebuffer.len==0) fp->writebuffer.start=0; /* move contents of the buffer to the front if it will save enough room */ if (fp->writebuffer.start>=(fp->writebuffer.size/4)) { memmove(fp->writebuffer.buffer,fp->writebuffer.buffer+fp->writebuffer.start,fp->writebuffer.len); fp->writebuffer.start=0; } } return 0; } /* write all the data in the buffer to the stream */ int tio_flush(TFILE *fp) { struct timeval deadline; /* build a time by which we should be finished */ tio_get_deadline(&deadline,fp->writetimeout); /* loop until we have written our buffer */ while (fp->writebuffer.len > 0) { /* wait until we can write */ if (tio_wait(fp,0,&deadline)) return -1; /* write one block */ if (tio_writebuf(fp)) return -1; } return 0; } /* try a single write of data in the buffer if the file descriptor will accept data */ static int tio_flush_nonblock(TFILE *fp) { struct pollfd fds[1]; int rv; /* wait for activity */ fds[0].fd=fp->fd; fds[0].events=POLLOUT; rv=poll(fds,1,0); /* check if any file descriptors were ready (timeout) or we were interrupted */ if ((rv==0)||((rv<0)&&(errno==EINTR))) return 0; /* any other errors? */ if (rv<0) return -1; /* so file descriptor will accept writes */ return tio_writebuf(fp); } int tio_write(TFILE *fp, const void *buf, size_t count) { size_t fr; uint8_t *tmp; size_t newsz; const uint8_t *ptr=(const uint8_t *)buf; /* keep filling the buffer until we have bufferred everything */ while (count>0) { /* figure out free size in buffer */ fr=fp->writebuffer.size-(fp->writebuffer.start+fp->writebuffer.len); if (count <= fr) { /* the data fits in the buffer */ memcpy(fp->writebuffer.buffer+fp->writebuffer.start+fp->writebuffer.len,ptr,count); fp->writebuffer.len+=count; return 0; } else if (fr > 0) { /* fill the buffer with data that will fit */ memcpy(fp->writebuffer.buffer+fp->writebuffer.start+fp->writebuffer.len,ptr,fr); fp->writebuffer.len+=fr; ptr+=fr; count-=fr; } /* try to flush some of the data that is in the buffer */ if (tio_flush_nonblock(fp)) return -1; /* if we have room now, try again */ if (fp->writebuffer.size>(fp->writebuffer.start+fp->writebuffer.len)) continue; /* try to grow the buffer */ if (fp->writebuffer.sizewritebuffer.maxsize) { newsz=fp->writebuffer.size*2; if (newsz>fp->writebuffer.maxsize) newsz=fp->writebuffer.maxsize; tmp=realloc(fp->writebuffer.buffer,newsz); if (tmp!=NULL) { fp->writebuffer.buffer=tmp; fp->writebuffer.size=newsz; continue; /* try again */ } } /* write the buffer to the stream */ if (tio_flush(fp)) return -1; } return 0; } int tio_close(TFILE *fp) { int retv; /* write any buffered data */ retv=tio_flush(fp); #ifdef DEBUG_TIO_STATS /* dump statistics to stderr */ fprintf(stderr,"DEBUG_TIO_STATS READ=%d WRITTEN=%d\n",fp->bytesread,fp->byteswritten); #endif /* DEBUG_TIO_STATS */ /* close file descriptor */ if (close(fp->fd)) retv=-1; /* free any allocated buffers */ free(fp->readbuffer.buffer); free(fp->writebuffer.buffer); /* free the tio struct itself */ free(fp); /* return the result of the earlier operations */ return retv; } void tio_mark(TFILE *fp) { /* move any data in the buffer to the start of the buffer */ if ((fp->readbuffer.start>0)&&(fp->readbuffer.len>0)) { memmove(fp->readbuffer.buffer,fp->readbuffer.buffer+fp->readbuffer.start,fp->readbuffer.len); fp->readbuffer.start=0; } /* mark the stream as resettable */ fp->read_resettable=1; } int tio_reset(TFILE *fp) { /* check if the stream is (still) resettable */ if (!fp->read_resettable) return -1; /* reset the buffer */ fp->readbuffer.len+=fp->readbuffer.start; fp->readbuffer.start=0; return 0; } nss-pam-ldapd-0.8.13/common/set.h0000644000175000001440000000410411456026103013411 00000000000000/* set.h - set functions This file is part of the nss-pam-ldapd library. Copyright (C) 2008, 2009, 2010 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef COMMON__SET_H #define COMMON__SET_H #include "compat/attrs.h" /* These functions provide a set of strings in an unordered collection. */ typedef struct set SET; /* Create a new instance of a set. Returns NULL in case of memory allocation errors. */ SET *set_new(void) LIKE_MALLOC MUST_USE; /* Add a string in the set. The value is duplicated and can be reused by the caller. This function returns non-0 in case of memory allocation errors. All value comparisons are case sensitive. */ int set_add(SET *set,const char *value); /* Return non-zero if the value is in the set. All value comparisons are case sensitive. */ int set_contains(SET *set,const char *value) MUST_USE; /* Get an element from the set and removes it from the set. Returns NULL on an empty set. A copy of the string in the set is returned, the caller should use free() to free it. */ char *set_pop(SET *set); /* Remove the set from memory. All allocated storage for the set and the values is freed. */ void set_free(SET *set); /* Return the content of the set as a list of strings. The caller should free the memory with a single call to free(). */ const char **set_tolist(SET *set) MUST_USE; #endif /* COMMON__SET_H */ nss-pam-ldapd-0.8.13/common/dict.c0000644000175000001440000001645511456026132013552 00000000000000/* dict.c - dictionary functions This file is part of the nss-pam-ldapd library. Copyright (C) 2007, 2008, 2009, 2010 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #ifdef HAVE_STDINT_H #include #endif /* HAVE_STDINT_H */ #include "dict.h" /* This module uses a hashtable to store it's key to value mappings. The structure is basically as follows: [struct dictionary] \- holds an array of pointers to a linked list of [struct dict_entry] \- each entry has a key/value mapping The hashmap can be resized when the total number of elements in the hashmap exceeds a certain load factor. All the keys are copied in a separate linked list of buffers where each new buffer that is allocated is larger than the previous one. The first buffer in the linked list is always the current one. */ /* an entry stores one key/value pair */ struct dict_entry { uint32_t hash; /* used for quick matching and rehashing */ const char *key; /* a reference to a copy of the key */ void *value; /* the stored value */ struct dict_entry *next; }; /* the initial size of the hashtable */ #define DICT_INITSIZE 7 /* load factor at which point to grow hashtable */ #define DICT_LOADPERCENTAGE 400 /* the dictionary is a hashtable */ struct dictionary { int size; /* size of the hashtable */ int num; /* total number of keys stored */ struct dict_entry **table; /* the hashtable */ }; /* Simple hash function that computes the hash value of a string. */ static uint32_t stringhash(const char *str) { uint32_t hash=0; while (*str!='\0') hash=3*hash+*str++; return hash; } /* Grow the hashtable. */ static void growhashtable(DICT *dict) { int i; int newsize; struct dict_entry **newtable; struct dict_entry *entry,*tmp; newsize=dict->size*3+1; /* allocate room for new hashtable */ newtable=(struct dict_entry **)malloc(newsize*sizeof(struct dict_entry *)); if (newtable==NULL) return; /* allocating memory failed continue to fill the existing table */ /* clear new table */ for (i=0;isize;i++) { /* go over elements in linked list */ entry=dict->table[i]; while (entry!=NULL) { tmp=entry; entry=entry->next; /* put in new position */ tmp->next=newtable[tmp->hash%newsize]; newtable[tmp->hash%newsize]=tmp; } } /* free the old hashtable */ free(dict->table); /* put new hashtable in place */ dict->size=newsize; dict->table=newtable; } DICT *dict_new(void) { struct dictionary *dict; int i; /* allocate room for dictionary information */ dict=(struct dictionary *)malloc(sizeof(struct dictionary)); if (dict==NULL) return NULL; dict->size=DICT_INITSIZE; dict->num=0; /* allocate initial hashtable */ dict->table=(struct dict_entry **)malloc(DICT_INITSIZE*sizeof(struct dict_entry *)); if (dict->table==NULL) { free(dict); return NULL; } /* clear the hashtable */ for (i=0;itable[i]=NULL; /* we're done */ return dict; } void dict_free(DICT *dict) { struct dict_entry *entry,*etmp; int i; /* free hashtable entries */ for (i=0;isize;i++) { entry=dict->table[i]; while (entry!=NULL) { etmp=entry; entry=entry->next; free(etmp); } } /* free the hashtable */ free(dict->table); /* free dictionary struct itself */ free(dict); } void *dict_get(DICT *dict,const char *key) { uint32_t hash; struct dict_entry *entry; /* calculate the hash */ hash=stringhash(key); /* loop over the linked list in the hashtable */ for (entry=dict->table[hash%dict->size];entry!=NULL;entry=entry->next) { if ( (entry->hash==hash) && (strcmp(entry->key,key)==0) ) return entry->value; } /* no matches found */ return NULL; } const char *dict_getany(DICT *dict) { int i; /* loop over the linked list in the hashtable */ for (i=0;isize;i++) if (dict->table[i]) return dict->table[i]->key; /* no matches found */ return NULL; } int dict_put(DICT *dict,const char *key,void *value) { uint32_t hash; int l; char *buf; int idx; struct dict_entry *entry,*prev; /* check if we should grow the hashtable */ if ( dict->num >= ((dict->size*DICT_LOADPERCENTAGE)/100) ) growhashtable(dict); /* calculate the hash and position in the hashtable */ hash=stringhash(key); idx=hash%dict->size; /* check if the entry is already present */ for (entry=dict->table[idx],prev=NULL; entry!=NULL; prev=entry,entry=entry->next) { if ( (entry->hash==hash) && (strcmp(entry->key,key)==0) ) { /* check if we should unset the entry */ if (value==NULL) { /* remove from linked list */ if (prev==NULL) dict->table[idx]=entry->next; else prev->next=entry->next; /* free entry memory and register removal */ free(entry); dict->num--; return 0; } /* just set the new value */ entry->value=value; return 0; } } /* if entry should be unset we're done */ if (value==NULL) return 0; /* entry is not present, make new entry */ l=strlen(key)+1; buf=(char *)malloc(sizeof(struct dict_entry)+l); if (buf==NULL) return -1; entry=(struct dict_entry *)(void *)buf; buf+=sizeof(struct dict_entry); strcpy(buf,key); entry->hash=hash; entry->key=buf; entry->value=value; /* insert into hashtable/linked list */ entry->next=dict->table[idx]; dict->table[idx]=entry; /* increment number of stored items */ dict->num++; return 0; } const char **dict_keys(DICT *dict) { int i; struct dict_entry *entry; char *buf; const char **values; size_t sz; int num; /* figure out how much memory to allocate */ num=0; sz=0; for (i=0;isize;i++) { entry=dict->table[i]; while (entry!=NULL) { num++; sz+=strlen(entry->key)+1; entry=entry->next; } } /* allocate the needed memory */ buf=(char *)malloc((num+1)*sizeof(char *)+sz); if (buf==NULL) return NULL; values=(const char **)(void *)buf; buf+=(num+1)*sizeof(char *); /* fill the array with the keys */ num=0; for (i=0;isize;i++) { entry=dict->table[i]; while (entry!=NULL) { strcpy(buf,entry->key); values[num++]=buf; buf+=strlen(buf)+1; entry=entry->next; } } values[num]=NULL; /* done */ return values; } nss-pam-ldapd-0.8.13/common/nslcd-prot.h0000644000175000001440000002640111706312013014703 00000000000000/* nslcd-prot.h - helper macros for reading and writing in protocol streams Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2009 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef COMMON__NSLCD_PROT_H #define COMMON__NSLCD_PROT_H 1 #include "tio.h" /* If you use these macros you should define the following macros to handle error conditions (these marcos should clean up and return from the function): ERROR_OUT_WRITEERROR(fp) ERROR_OUT_READERROR(fp) ERROR_OUT_BUFERROR(fp) ERROR_OUT_NOSUCCESS(fp) */ /* Debugging marcos that can be used to enable detailed protocol logging, pass -DDEBUG_PROT to do overall protocol debugging, and -DDEBUG_PROT_DUMP to dump the actual bytestream. */ #ifdef DEBUG_PROT /* define a debugging macro to output logging */ #include #include #define DEBUG_PRINT(fmt,arg) \ fprintf(stderr,"%s:%d:%s: " fmt "\n",__FILE__,__LINE__,__PRETTY_FUNCTION__,arg); #else /* DEBUG_PROT */ /* define an empty debug macro to disable logging */ #define DEBUG_PRINT(fmt,arg) #endif /* not DEBUG_PROT */ #ifdef DEBUG_PROT_DUMP /* define a debugging macro to output detailed logging */ #ifdef HAVE_STDINT_H #include #endif /* HAVE_STDINT_H */ static void debug_dump(const void *ptr,size_t size) { int i; for (i=0;i0) \ { WRITE(fp,(str),tmpint32); } \ } #define WRITE_STRINGLIST(fp,arr) \ if ((arr)==NULL) \ { \ DEBUG_PRINT("WRITE_STRLST: var="__STRING(arr)" num=%d",0); \ WRITE_INT32(fp,0); \ } \ else \ { \ /* first determin length of array */ \ for (tmp3int32=0;(arr)[tmp3int32]!=NULL;tmp3int32++) \ /*noting*/ ; \ /* write number of strings */ \ DEBUG_PRINT("WRITE_STRLST: var="__STRING(arr)" num=%d",(int)tmp3int32); \ WRITE_TYPE(fp,tmp3int32,int32_t); \ /* write strings */ \ for (tmp2int32=0;tmp2int32=sizeof(buffer)) \ { \ /* will not fit */ \ tmpint32=(tmpint32-sizeof(buffer))+1; \ DEBUG_PRINT("READ : buffer %d bytes too small",tmpint32); \ ERROR_OUT_BUFERROR(fp); \ } \ /* read string from the stream */ \ if (tmpint32>0) \ { READ(fp,buffer,(size_t)tmpint32); } \ /* null-terminate string in buffer */ \ buffer[tmpint32]='\0'; \ DEBUG_PRINT("READ_STRING: var="__STRING(buffer)" string=\"%s\"",buffer); /* READ BUF macros that read data into a pre-allocated buffer. these macros may require the availability of the following variables: int32_t tmpint32; - temporary variable char *buffer; - pointer to a buffer for reading strings size_t buflen; - the size of the buffer size_t bufptr; - the current position in the buffer */ /* current position in the buffer */ #define BUF_CUR \ (buffer+bufptr) /* check that the buffer has sz bytes left in it */ #define BUF_CHECK(fp,sz) \ if ((bufptr+(size_t)(sz))>buflen) \ { \ /* will not fit */ \ tmpint32=bufptr+(sz)-(buflen); \ DEBUG_PRINT("READ : buffer %d bytes too small",tmpint32); \ ERROR_OUT_BUFERROR(fp); \ } /* move the buffer pointer */ #define BUF_SKIP(sz) \ bufptr+=(size_t)(sz); /* move BUF_CUR foreward so that it is aligned to the specified type width */ #define BUF_ALIGN(fp,type) \ /* figure out number of bytes to skip foreward */ \ tmp2int32=(sizeof(type)-((BUF_CUR-(char *)NULL)%sizeof(type)))%sizeof(type); \ /* check and skip */ \ BUF_CHECK(fp,tmp2int32); \ BUF_SKIP(tmp2int32); /* allocate a piece of the buffer to store an array in */ #define BUF_ALLOC(fp,ptr,type,num) \ /* align to the specified type width */ \ BUF_ALIGN(fp,type); \ /* check that we have enough room */ \ BUF_CHECK(fp,(size_t)(num)*sizeof(type)); \ /* store the pointer */ \ (ptr)=(type *)BUF_CUR; \ /* reserve the space */ \ BUF_SKIP((size_t)(num)*sizeof(type)); /* read a binary blob into the buffer */ #define READ_BUF(fp,ptr,sz) \ /* check that there is enough room and read */ \ BUF_CHECK(fp,sz); \ READ(fp,BUF_CUR,(size_t)sz); \ /* store pointer and skip */ \ (ptr)=BUF_CUR; \ BUF_SKIP(sz); /* read string in the buffer (using buffer, buflen and bufptr) and store the actual location of the string in field */ #define READ_BUF_STRING(fp,field) \ /* read the size of the string */ \ READ_TYPE(fp,tmpint32,int32_t); \ DEBUG_PRINT("READ_BUF_STRING: var="__STRING(field)" strlen=%d",tmpint32); \ /* check if read would fit */ \ BUF_CHECK(fp,tmpint32+1); \ /* read string from the stream */ \ if (tmpint32>0) \ { READ(fp,BUF_CUR,(size_t)tmpint32); } \ /* null-terminate string in buffer */ \ BUF_CUR[tmpint32]='\0'; \ DEBUG_PRINT("READ_BUF_STRING: var="__STRING(field)" string=\"%s\"",BUF_CUR); \ /* prepare result */ \ (field)=BUF_CUR; \ BUF_SKIP(tmpint32+1); /* read an array from a stram and store it as a null-terminated array list (size for the array is allocated) */ #define READ_BUF_STRINGLIST(fp,arr) \ /* read the number of entries */ \ READ_TYPE(fp,tmp3int32,int32_t); \ DEBUG_PRINT("READ_STRLST: var="__STRING(arr)" num=%d",(int)tmp3int32); \ /* allocate room for *char[num+1] */ \ BUF_ALLOC(fp,arr,char *,tmp3int32+1); \ /* read all entries */ \ for (tmp2int32=0;tmp2int32 #include #include #include #include "set.h" #include "dict.h" /* The SET object is just a DICT which is passed around. The value for each entry in the dict is just the pointer to the dict. Another API is provided to give it a more set-like interface. */ SET *set_new(void) { return (SET *)dict_new(); } int set_add(SET *set,const char *value) { return dict_put((DICT *)set,value,set); } char *set_pop(SET *set) { const char *key; char *value; key=dict_getany((DICT *)set); if (key==NULL) return NULL; /* no more entries in set */ /* remove the entry from the dict and return a copy */ value=strdup(key); dict_put((DICT *)set,key,NULL); return value; } int set_contains(SET *set,const char *value) { return dict_get((DICT *)set,value)!=NULL; } void set_free(SET *set) { dict_free((DICT *)set); } const char **set_tolist(SET *set) { return dict_keys((DICT *)set); } nss-pam-ldapd-0.8.13/common/tio.h0000644000175000001440000000547212036035232013420 00000000000000/* tio.h - timed io functions This file is part of the nss-pam-ldapd library. Copyright (C) 2007, 2008, 2010, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ /* TODO: Add some documentation here. the SIGPIPE signal should be ignored (is ignored in this code) This library is not thread safe. You cannot share TFILE objects between threads and expect to be able to read and write from them in different threads. All the state is in the TFILE object so calls to this library on different objects can be done in parallel. */ #ifndef COMMON__TIO_H #define COMMON__TIO_H #include #include #include "compat/attrs.h" /* This is a generic file handle used for reading and writing (something like FILE from stdio.h). */ typedef struct tio_fileinfo TFILE; /* Open a new TFILE based on the file descriptor. The timeout is set for any operation (value in milliseconds). */ TFILE *tio_fdopen(int fd,int readtimeout,int writetimeout, size_t initreadsize,size_t maxreadsize, size_t initwritesize,size_t maxwritesize) LIKE_MALLOC MUST_USE; /* Read the specified number of bytes from the stream. */ int tio_read(TFILE *fp,void *buf,size_t count); /* Read and discard the specified number of bytes from the stream. */ int tio_skip(TFILE *fp,size_t count); /* Read all available data from the stream and empty the read buffer. */ int tio_skipall(TFILE *fp); /* Write the specified buffer to the stream. */ int tio_write(TFILE *fp,const void *buf,size_t count); /* Write out all buffered data to the stream. */ int tio_flush(TFILE *fp); /* Flush the streams and closes the underlying file descriptor. */ int tio_close(TFILE *fp); /* Store the current position in the stream so that we can jump back to it with the tio_reset() function. */ void tio_mark(TFILE *fp); /* Rewinds the stream to the point set by tio_mark(). Note that this only resets the read stream and not the write stream. This function returns whether the reset was successful (this function may fail if the buffers were full). */ int tio_reset(TFILE *fp); #endif /* COMMON__TIO_H */ nss-pam-ldapd-0.8.13/common/Makefile.in0000644000175000001440000004130312141445266014523 00000000000000# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am - use automake to generate Makefile.in # # Copyright (C) 2007, 2008, 2009 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA VPATH = @srcdir@ am__make_dryrun = \ { \ am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ *) \ for am__flg in $$MAKEFLAGS; do \ case $$am__flg in \ *=*|--*) ;; \ *n*) am__dry=yes; break;; \ esac; \ done;; \ esac; \ test $$am__dry = yes; \ } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ subdir = common DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_pthread.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = LIBRARIES = $(noinst_LIBRARIES) AR = ar ARFLAGS = cru libdict_a_AR = $(AR) $(ARFLAGS) libdict_a_LIBADD = am_libdict_a_OBJECTS = dict.$(OBJEXT) set.$(OBJEXT) libdict_a_OBJECTS = $(am_libdict_a_OBJECTS) libexpr_a_AR = $(AR) $(ARFLAGS) libexpr_a_LIBADD = am_libexpr_a_OBJECTS = expr.$(OBJEXT) libexpr_a_OBJECTS = $(am_libexpr_a_OBJECTS) libprot_a_AR = $(AR) $(ARFLAGS) libprot_a_LIBADD = am_libprot_a_OBJECTS = nslcd-prot.$(OBJEXT) libprot_a_OBJECTS = $(am_libprot_a_OBJECTS) libtio_a_AR = $(AR) $(ARFLAGS) libtio_a_LIBADD = am_libtio_a_OBJECTS = tio.$(OBJEXT) libtio_a_OBJECTS = $(am_libtio_a_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ SOURCES = $(libdict_a_SOURCES) $(libexpr_a_SOURCES) \ $(libprot_a_SOURCES) $(libtio_a_SOURCES) DIST_SOURCES = $(libdict_a_SOURCES) $(libexpr_a_SOURCES) \ $(libprot_a_SOURCES) $(libtio_a_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2X_MAN = @DOCBOOK2X_MAN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NSLCD_BINDPW_PATH = @NSLCD_BINDPW_PATH@ NSLCD_CONF_PATH = @NSLCD_CONF_PATH@ NSLCD_PIDFILE = @NSLCD_PIDFILE@ NSLCD_SOCKET = @NSLCD_SOCKET@ NSS_LDAP_SONAME = @NSS_LDAP_SONAME@ NSS_MODULE_OBJS = @NSS_MODULE_OBJS@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PAM_LDAP_SONAME = @PAM_LDAP_SONAME@ PAM_SECLIB_DIR = @PAM_SECLIB_DIR@ PATH_SEPARATOR = @PATH_SEPARATOR@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RELEASE_MONTH = @RELEASE_MONTH@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ nslcd_LIBS = @nslcd_LIBS@ nss_ldap_so_LDFLAGS = @nss_ldap_so_LDFLAGS@ nss_ldap_so_LINK = @nss_ldap_so_LINK@ oldincludedir = @oldincludedir@ pam_ldap_so_LDFLAGS = @pam_ldap_so_LDFLAGS@ pam_ldap_so_LINK = @pam_ldap_so_LINK@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ noinst_LIBRARIES = libtio.a libprot.a libdict.a libexpr.a AM_CPPFLAGS = -I$(top_srcdir) AM_CFLAGS = -fPIC libtio_a_SOURCES = tio.c tio.h libprot_a_SOURCES = nslcd-prot.c nslcd-prot.h libdict_a_SOURCES = dict.c dict.h \ set.c set.h libexpr_a_SOURCES = expr.c expr.h all: all-am .SUFFIXES: .SUFFIXES: .c .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu common/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu common/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-noinstLIBRARIES: -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES) libdict.a: $(libdict_a_OBJECTS) $(libdict_a_DEPENDENCIES) $(EXTRA_libdict_a_DEPENDENCIES) -rm -f libdict.a $(libdict_a_AR) libdict.a $(libdict_a_OBJECTS) $(libdict_a_LIBADD) $(RANLIB) libdict.a libexpr.a: $(libexpr_a_OBJECTS) $(libexpr_a_DEPENDENCIES) $(EXTRA_libexpr_a_DEPENDENCIES) -rm -f libexpr.a $(libexpr_a_AR) libexpr.a $(libexpr_a_OBJECTS) $(libexpr_a_LIBADD) $(RANLIB) libexpr.a libprot.a: $(libprot_a_OBJECTS) $(libprot_a_DEPENDENCIES) $(EXTRA_libprot_a_DEPENDENCIES) -rm -f libprot.a $(libprot_a_AR) libprot.a $(libprot_a_OBJECTS) $(libprot_a_LIBADD) $(RANLIB) libprot.a libtio.a: $(libtio_a_OBJECTS) $(libtio_a_DEPENDENCIES) $(EXTRA_libtio_a_DEPENDENCIES) -rm -f libtio.a $(libtio_a_AR) libtio.a $(libtio_a_OBJECTS) $(libtio_a_LIBADD) $(RANLIB) libtio.a mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dict.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/expr.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nslcd-prot.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tio.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LIBRARIES) installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-noinstLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-noinstLIBRARIES ctags distclean distclean-compile \ distclean-generic distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \ uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nss-pam-ldapd-0.8.13/common/Makefile.am0000644000175000001440000000214211316121147014500 00000000000000# Makefile.am - use automake to generate Makefile.in # # Copyright (C) 2007, 2008, 2009 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA noinst_LIBRARIES = libtio.a libprot.a libdict.a libexpr.a AM_CPPFLAGS=-I$(top_srcdir) AM_CFLAGS = -fPIC libtio_a_SOURCES = tio.c tio.h libprot_a_SOURCES = nslcd-prot.c nslcd-prot.h libdict_a_SOURCES = dict.c dict.h \ set.c set.h libexpr_a_SOURCES = expr.c expr.h nss-pam-ldapd-0.8.13/common/expr.c0000644000175000001440000001504312037600311013566 00000000000000/* expr.c - limited shell-like expression parsing functions This file is part of the nss-pam-ldapd library. Copyright (C) 2009, 2010, 2011 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include "expr.h" #include "compat/attrs.h" /* the maximum length of a variable name */ #define MAXVARLENGTH 30 static inline int my_isalpha(const char c) { return ((c>='a')&&(c<='z'))||((c>='A')&&(c<='Z')); } static inline int my_isalphanum(const char c) { return my_isalpha(c)||((c>='0')&&(c<='9')); } /* return the part of the string that is a valid name */ MUST_USE static const char *parse_name(const char *str,int *ptr,char *buffer,size_t buflen) { int i=0; /* clear the buffer */ buffer[i]='\0'; /* look for an alpha+alphanumeric* string */ if (!my_isalpha(str[*ptr])) return NULL; while (my_isalphanum(str[*ptr])||(str[*ptr]==';')) { if ((size_t)i>=buflen) return NULL; buffer[i++]=str[(*ptr)++]; } /* NULL-terminate the string */ if ((size_t)i>=buflen) return NULL; buffer[i++]='\0'; return buffer; } /* dummy expander function to always return an empty string */ static const char *empty_expander(const char UNUSED(*name),void UNUSED(*expander_arg)) { return ""; } /* definition of the parse functions (they call eachother) */ MUST_USE static const char *parse_dollar_expression( const char *str,int *ptr,char *buffer,size_t buflen, expr_expander_func expander,void *expander_arg); MUST_USE static const char *parse_expression( const char *str,int *ptr,int endat,char *buffer,size_t buflen, expr_expander_func expander,void *expander_arg); MUST_USE static const char *parse_dollar_expression( const char *str,int *ptr,char *buffer,size_t buflen, expr_expander_func expander,void *expander_arg) { char varname[MAXVARLENGTH]; const char *varvalue; if ((buflen<=0)||(buffer==NULL)||(str==NULL)||(ptr==NULL)) return NULL; if (str[*ptr]=='{') { (*ptr)++; /* the first part is always a variable name */ if (parse_name(str,ptr,varname,sizeof(varname))==NULL) return NULL; varvalue=expander(varname,expander_arg); if (varvalue==NULL) varvalue=""; if (str[*ptr]=='}') { /* simple substitute */ if (strlen(varvalue)>=buflen) return NULL; strcpy(buffer,varvalue); } else if (strncmp(str+*ptr,":-",2)==0) { /* if variable is not set or empty, substitute remainder */ (*ptr)+=2; if ((varvalue!=NULL)&&(*varvalue!='\0')) { /* value is set, skip rest of expression and use value */ if (parse_expression(str,ptr,'}',buffer,buflen,empty_expander,NULL)==NULL) return NULL; if (strlen(varvalue)>=buflen) return NULL; strcpy(buffer,varvalue); } else { /* value is not set, evaluate rest of expression */ if (parse_expression(str,ptr,'}',buffer,buflen,expander,expander_arg)==NULL) return NULL; } } else if (strncmp(str+*ptr,":+",2)==0) { /* if variable is set, substitute remainer */ (*ptr)+=2; if ((varvalue!=NULL)&&(*varvalue!='\0')) { /* value is set, evaluate rest of expression */ if (parse_expression(str,ptr,'}',buffer,buflen,expander,expander_arg)==NULL) return NULL; } else { /* value is not set, skip rest of expression and blank */ if (parse_expression(str,ptr,'}',buffer,buflen,empty_expander,NULL)==NULL) return NULL; buffer[0]='\0'; } } else return NULL; (*ptr)++; /* skip closing } */ } else { /* it is a simple reference to a variable, like $uidNumber */ if (parse_name(str,ptr,varname,sizeof(varname))==NULL) return NULL; varvalue=expander(varname,expander_arg); if (varvalue==NULL) varvalue=""; if (strlen(varvalue)>=buflen) return NULL; strcpy(buffer,varvalue); } return buffer; } MUST_USE static const char *parse_expression( const char *str,int *ptr,int endat,char *buffer,size_t buflen, expr_expander_func expander,void *expander_arg) { int j=0; /* go over string */ while ((str[*ptr]!=endat)&&(str[*ptr]!='\0')) { switch (str[*ptr]) { case '$': /* beginning of an expression */ (*ptr)++; if ((size_t)j>=buflen) return NULL; if (parse_dollar_expression(str,ptr,buffer+j,buflen-j,expander,expander_arg)==NULL) return NULL; j=strlen(buffer); break; case '\\': /* escaped character, unescape */ (*ptr)++; default: /* just copy the text */ if ((size_t)j>=buflen) return NULL; buffer[j++]=str[*ptr]; (*ptr)++; } } /* NULL-terminate buffer */ if ((size_t)j>=buflen) return NULL; buffer[j++]='\0'; return buffer; } MUST_USE const char *expr_parse(const char *str,char *buffer,size_t buflen, expr_expander_func expander,void *expander_arg) { int i=0; return parse_expression(str,&i,'\0',buffer,buflen,expander,expander_arg); } SET *expr_vars(const char *str,SET *set) { char varname[MAXVARLENGTH]; int i=0; /* allocate set if needed */ if (set==NULL) set=set_new(); if (set==NULL) return NULL; /* go over string */ while (str[i]!='\0') { switch (str[i]) { case '$': /* beginning of a $-expression */ i++; if (str[i]=='{') i++; /* the rest should start with a variable name */ if (parse_name(str,&i,varname,sizeof(varname))!=NULL) set_add(set,varname); break; case '\\': /* escaped character, unescape */ i++; /* no break needed here */ default: /* just skip */ i++; } } return set; } nss-pam-ldapd-0.8.13/common/expr.h0000644000175000001440000000317011562706665013616 00000000000000/* expr.h - limited shell-like expression parsing functions This file is part of the nss-pam-ldapd library. Copyright (C) 2009 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef COMMON__EXPR_H #define COMMON__EXPR_H 1 #include "compat/attrs.h" #include "common/set.h" typedef const char *(*expr_expander_func)(const char *name,void *expander_arg); /* Parse the expression and store the result in buffer, using the expander function to expand variable names to values. If the expression is invalid or the result didn't fit in the buffer NULL is returned. */ MUST_USE const char *expr_parse(const char *expr,char *buffer,size_t buflen, expr_expander_func expander,void *expander_arg); /* Return the variable names that are used in expr. If set is NULL a new one is allocated, otherwise the passed set is added to. */ SET *expr_vars(const char *expr,SET *set); #endif /* not _COMMON__ */ nss-pam-ldapd-0.8.13/common/nslcd-prot.c0000644000175000001440000000601612047752442014713 00000000000000/* nslcd-prot.c - common functions for NSLCD lookups Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2009, 2010, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #ifdef HAVE_STDINT_H #include #endif /* HAVE_STDINT_H */ #include #include #include #include #include #include #include #include #include #include "nslcd.h" #include "nslcd-prot.h" #include "compat/socket.h" /* read timeout is 60 seconds because looking up stuff may take some time write timeout is 10 secods because nslcd could be loaded with requests */ #define READ_TIMEOUT 60*1000 #define WRITE_TIMEOUT 10*1000 /* buffer sizes for I/O */ #define READBUFFER_MINSIZE 1024 #define READBUFFER_MAXSIZE 2*1024*1024 #define WRITEBUFFER_MINSIZE 32 #define WRITEBUFFER_MAXSIZE 32 /* Note that the READBUFFER_MAXSIZE should be large enough to hold any single result entity as defined in nslcd.h because the get*ent() functions expect to be able to tio_reset() the stream to re-read the current entity. Since group entities can grow arbitrarily large, this setting limits the number of users that can be put in a group. */ /* returns a socket to the server or NULL on error (see errno), socket should be closed with fclose() */ TFILE *nslcd_client_open() { int sock; struct sockaddr_un addr; TFILE *fp; int flags; /* create a socket */ if ( (sock=socket(PF_UNIX,SOCK_STREAM,0))<0 ) return NULL; /* create socket address structure */ memset(&addr,0,sizeof(struct sockaddr_un)); addr.sun_family=AF_UNIX; strncpy(addr.sun_path,NSLCD_SOCKET,sizeof(addr.sun_path)); addr.sun_path[sizeof(addr.sun_path)-1]='\0'; /* close the file descriptor on exec (ignore errors) */ flags=fcntl(sock,F_GETFL); if (flags>=0) (void)fcntl(sock,F_SETFD,flags|FD_CLOEXEC); /* connect to the socket */ if (connect(sock,(struct sockaddr *)&addr,SUN_LEN(&addr))<0) { (void)close(sock); return NULL; } /* create a stream object */ if ((fp=tio_fdopen(sock,READ_TIMEOUT,WRITE_TIMEOUT, READBUFFER_MINSIZE,READBUFFER_MAXSIZE, WRITEBUFFER_MINSIZE,WRITEBUFFER_MAXSIZE))==NULL) { (void)close(sock); return NULL; } /* return the stream */ return fp; } nss-pam-ldapd-0.8.13/Makefile.in0000644000175000001440000006620212141445266013240 00000000000000# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am - use automake to generate Makefile.in # # Copyright (C) 2006 Luke Howard # Copyright (C) 2006 West Consulting # Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA VPATH = @srcdir@ am__make_dryrun = \ { \ am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ *) \ for am__flg in $$MAKEFLAGS; do \ case $$am__flg in \ *=*|--*) ;; \ *n*) am__dry=yes; break;; \ esac; \ done;; \ esac; \ test $$am__dry = yes; \ } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ @ENABLE_NSS_TRUE@am__append_1 = nss @ENABLE_PAM_TRUE@am__append_2 = pam @ENABLE_NSLCD_TRUE@am__append_3 = nslcd @ENABLE_PYNSLCD_TRUE@am__append_4 = pynslcd subdir = . DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(srcdir)/config.h.in \ $(top_srcdir)/configure AUTHORS COPYING ChangeLog INSTALL NEWS \ TODO compile config.guess config.sub depcomp install-sh \ missing mkinstalldirs py-compile ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_pthread.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ distdir dist dist-all distcheck ETAGS = etags CTAGS = ctags DIST_SUBDIRS = compat common nss pam nslcd pynslcd man tests DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) am__remove_distdir = \ if test -d "$(distdir)"; then \ find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ && rm -rf "$(distdir)" \ || { sleep 5 && rm -rf "$(distdir)"; }; \ else :; fi am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" DIST_ARCHIVES = $(distdir).tar.gz GZIP_ENV = --best distuninstallcheck_listfiles = find . -type f -print am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' distcleancheck_listfiles = find . -type f -print ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2X_MAN = @DOCBOOK2X_MAN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NSLCD_BINDPW_PATH = @NSLCD_BINDPW_PATH@ NSLCD_CONF_PATH = @NSLCD_CONF_PATH@ NSLCD_PIDFILE = @NSLCD_PIDFILE@ NSLCD_SOCKET = @NSLCD_SOCKET@ NSS_LDAP_SONAME = @NSS_LDAP_SONAME@ NSS_MODULE_OBJS = @NSS_MODULE_OBJS@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PAM_LDAP_SONAME = @PAM_LDAP_SONAME@ PAM_SECLIB_DIR = @PAM_SECLIB_DIR@ PATH_SEPARATOR = @PATH_SEPARATOR@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RELEASE_MONTH = @RELEASE_MONTH@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ nslcd_LIBS = @nslcd_LIBS@ nss_ldap_so_LDFLAGS = @nss_ldap_so_LDFLAGS@ nss_ldap_so_LINK = @nss_ldap_so_LINK@ oldincludedir = @oldincludedir@ pam_ldap_so_LDFLAGS = @pam_ldap_so_LDFLAGS@ pam_ldap_so_LINK = @pam_ldap_so_LINK@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = compat common $(am__append_1) $(am__append_2) \ $(am__append_3) $(am__append_4) man tests EXTRA_DIST = nslcd.conf nslcd.h $(wildcard ChangeLog-20??) \ $(wildcard m4/*.m4) HACKING ldapns.schema ldapns.ldif DISTCHECK_CONFIGURE_FLAGS = --enable-warnings --enable-pynslcd \ --with-pam-seclib-dir="\$${libdir}/security" \ --with-ldap-conf-file="\$${prefix}/nslcd.conf" \ CPPFLAGS=$(CPPFLAGS) LDFLAGS=$(LDFLAGS) ACLOCAL_AMFLAGS = -I m4 all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive .SUFFIXES: am--refresh: Makefile @: $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \ $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ echo ' $(SHELL) ./config.status'; \ $(SHELL) ./config.status;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) $(am__cd) $(srcdir) && $(AUTOCONF) $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) $(am__aclocal_m4_deps): config.h: stamp-h1 @if test ! -f $@; then rm -f stamp-h1; else :; fi @if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) stamp-h1; else :; fi stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status @rm -f stamp-h1 cd $(top_builddir) && $(SHELL) ./config.status config.h $(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) rm -f stamp-h1 touch $@ distclean-hdr: -rm -f config.h stamp-h1 # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) $(am__remove_distdir) test -d "$(distdir)" || mkdir "$(distdir)" @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ $(am__make_dryrun) \ || test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$(top_distdir)" distdir="$(distdir)" \ dist-hook -test -n "$(am__skip_mode_fix)" \ || find "$(distdir)" -type d ! -perm -755 \ -exec chmod u+rwx,go+rx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r "$(distdir)" dist-gzip: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz $(am__remove_distdir) dist-bzip2: distdir tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 $(am__remove_distdir) dist-lzip: distdir tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz $(am__remove_distdir) dist-lzma: distdir tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma $(am__remove_distdir) dist-xz: distdir tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz $(am__remove_distdir) dist-tarZ: distdir tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__remove_distdir) dist-shar: distdir shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz $(am__remove_distdir) dist-zip: distdir -rm -f $(distdir).zip zip -rq $(distdir).zip $(distdir) $(am__remove_distdir) dist dist-all: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz $(am__remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another # tarfile. distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lzma*) \ lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\ *.tar.lz*) \ lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ *.tar.xz*) \ xz -dc $(distdir).tar.xz | $(am__untar) ;;\ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac chmod -R a-w $(distdir); chmod u+w $(distdir) mkdir $(distdir)/_build mkdir $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && am__cwd=`pwd` \ && $(am__cd) $(distdir)/_build \ && ../configure --srcdir=.. --prefix="$$dc_install_base" \ $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ && $(MAKE) $(AM_MAKEFLAGS) install \ && $(MAKE) $(AM_MAKEFLAGS) installcheck \ && $(MAKE) $(AM_MAKEFLAGS) uninstall \ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ distuninstallcheck \ && chmod -R a-w "$$dc_install_base" \ && ({ \ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ } || { rm -rf "$$dc_destdir"; exit 1; }) \ && rm -rf "$$dc_destdir" \ && $(MAKE) $(AM_MAKEFLAGS) dist \ && rm -rf $(DIST_ARCHIVES) \ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ && cd "$$am__cwd" \ || exit 1 $(am__remove_distdir) @(echo "$(distdir) archives ready for distribution: "; \ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' distuninstallcheck: @test -n '$(distuninstallcheck_dir)' || { \ echo 'ERROR: trying to run $@ with an empty' \ '$$(distuninstallcheck_dir)' >&2; \ exit 1; \ }; \ $(am__cd) '$(distuninstallcheck_dir)' || { \ echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ exit 1; \ }; \ test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left after uninstall:" ; \ if test -n "$(DESTDIR)"; then \ echo " (check DESTDIR support)"; \ fi ; \ $(distuninstallcheck_listfiles) ; \ exit 1; } >&2 distcleancheck: distclean @if test '$(srcdir)' = . ; then \ echo "ERROR: distcleancheck can only run from a VPATH build" ; \ exit 1 ; \ fi @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left in build directory after distclean:" ; \ $(distcleancheck_listfiles) ; \ exit 1; } >&2 check-am: all-am check: check-recursive all-am: Makefile config.h installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic mostlyclean-am distclean: distclean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -f Makefile distclean-am: clean-am distclean-generic distclean-hdr distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-data-local install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -rf $(top_srcdir)/autom4te.cache -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: uninstall-local .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \ ctags-recursive install-am install-strip tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am am--refresh check check-am clean clean-generic \ ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \ dist-hook dist-lzip dist-lzma dist-shar dist-tarZ dist-xz \ dist-zip distcheck distclean distclean-generic distclean-hdr \ distclean-tags distcleancheck distdir distuninstallcheck dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-data-local install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ installdirs-am maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags \ tags-recursive uninstall uninstall-am uninstall-local install-data-local: install-nslcd_conf uninstall-local: uninstall-nslcd_conf # install a default configuration file if it is not already there install-nslcd_conf: @if [ -f $(DESTDIR)$(NSLCD_CONF_PATH) ]; then \ echo "$(DESTDIR)$(NSLCD_CONF_PATH) already exists, install will not overwrite"; \ else \ $(mkinstalldirs) `dirname $(DESTDIR)$(NSLCD_CONF_PATH)`; \ $(INSTALL) -m 600 $(srcdir)/nslcd.conf $(DESTDIR)$(NSLCD_CONF_PATH); \ fi uninstall-nslcd_conf: -rm -f $(DESTDIR)$(NSLCD_CONF_PATH) # fix permissions before distributing dist-hook: chmod -R a+rX $(distdir) # target for generating the ChangeLog file changelog: ( svn2cl -i --stdout -r HEAD:1835 ; \ svn2cl -i --stdout -r 1835:1586 --strip-prefix='nss-pam-ldapd' ; \ ) > ChangeLog flawfinder.html: flawfinder --quiet --html --context --followdotdir . > $@ rats.html: rats --quiet --html --context . > $@ splint.txt: -env LARCH_PATH=/usr/share/splint/lib/ \ LCLIMPORTDIR=/usr/share/splint/imports/ \ splint -checks -mustfreefresh \ -warnposix +showsummary +showalluses +hints -namechecks \ -globstate -predboolint -mustfreeonly -temptrans -kepttrans \ -I. -I$(srcdir) -I$(top_builddir) $(DEFS) -D_REENTRANT -DDEBUG \ -D__signed__=signed -D__thread= -D__gnuc_va_list=__ptr_t \ -Dkrb5_int32=int32_t -Dkrb5_ui_4=uint32_t \ -D__u16=uint16_t -D__u32=uint32_t \ *.[ch] nss/*.[ch] nslcd/*.[ch] common/*.[ch] compat/*.[ch] > $@ 2>&1 .PHONY: flawfinder.html rats.html splint.txt # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nss-pam-ldapd-0.8.13/install-sh0000755000175000001440000003325612141433521013171 00000000000000#!/bin/sh # install - install a program, script, or datafile scriptversion=2011-01-19.21; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the # following copyright and license. # # Copyright (C) 1994 X Consortium # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to # deal in the Software without restriction, including without limitation the # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or # sell copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN # AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- # TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # # Except as contained in this notice, the name of the X Consortium shall not # be used in advertising or otherwise to promote the sale, use or other deal- # ings in this Software without prior written authorization from the X Consor- # tium. # # # FSF changes to this file are in the public domain. # # Calling this script install-sh is preferred over install.sh, to prevent # `make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. nl=' ' IFS=" "" $nl" # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. doit=${DOITPROG-} if test -z "$doit"; then doit_exec=exec else doit_exec=$doit fi # Put in absolute file names if you don't have them in your path; # or use environment vars. chgrpprog=${CHGRPPROG-chgrp} chmodprog=${CHMODPROG-chmod} chownprog=${CHOWNPROG-chown} cmpprog=${CMPPROG-cmp} cpprog=${CPPROG-cp} mkdirprog=${MKDIRPROG-mkdir} mvprog=${MVPROG-mv} rmprog=${RMPROG-rm} stripprog=${STRIPPROG-strip} posix_glob='?' initialize_posix_glob=' test "$posix_glob" != "?" || { if (set -f) 2>/dev/null; then posix_glob= else posix_glob=: fi } ' posix_mkdir= # Desired mode of installed file. mode=0755 chgrpcmd= chmodcmd=$chmodprog chowncmd= mvcmd=$mvprog rmcmd="$rmprog -f" stripcmd= src= dst= dir_arg= dst_arg= copy_on_change=false no_target_directory= usage="\ Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE or: $0 [OPTION]... SRCFILES... DIRECTORY or: $0 [OPTION]... -t DIRECTORY SRCFILES... or: $0 [OPTION]... -d DIRECTORIES... In the 1st form, copy SRCFILE to DSTFILE. In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. In the 4th, create DIRECTORIES. Options: --help display this help and exit. --version display version info and exit. -c (ignored) -C install only if different (preserve the last data modification time) -d create directories instead of installing files. -g GROUP $chgrpprog installed files to GROUP. -m MODE $chmodprog installed files to MODE. -o USER $chownprog installed files to USER. -s $stripprog installed files. -t DIRECTORY install into DIRECTORY. -T report an error if DSTFILE is a directory. Environment variables override the default commands: CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG " while test $# -ne 0; do case $1 in -c) ;; -C) copy_on_change=true;; -d) dir_arg=true;; -g) chgrpcmd="$chgrpprog $2" shift;; --help) echo "$usage"; exit $?;; -m) mode=$2 case $mode in *' '* | *' '* | *' '* | *'*'* | *'?'* | *'['*) echo "$0: invalid mode: $mode" >&2 exit 1;; esac shift;; -o) chowncmd="$chownprog $2" shift;; -s) stripcmd=$stripprog;; -t) dst_arg=$2 # Protect names problematic for `test' and other utilities. case $dst_arg in -* | [=\(\)!]) dst_arg=./$dst_arg;; esac shift;; -T) no_target_directory=true;; --version) echo "$0 $scriptversion"; exit $?;; --) shift break;; -*) echo "$0: invalid option: $1" >&2 exit 1;; *) break;; esac shift done if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. # Otherwise, the last argument is the destination. Remove it from $@. for arg do if test -n "$dst_arg"; then # $@ is not empty: it contains at least $arg. set fnord "$@" "$dst_arg" shift # fnord fi shift # arg dst_arg=$arg # Protect names problematic for `test' and other utilities. case $dst_arg in -* | [=\(\)!]) dst_arg=./$dst_arg;; esac done fi if test $# -eq 0; then if test -z "$dir_arg"; then echo "$0: no input file specified." >&2 exit 1 fi # It's OK to call `install-sh -d' without argument. # This can happen when creating conditional directories. exit 0 fi if test -z "$dir_arg"; then do_exit='(exit $ret); exit $ret' trap "ret=129; $do_exit" 1 trap "ret=130; $do_exit" 2 trap "ret=141; $do_exit" 13 trap "ret=143; $do_exit" 15 # Set umask so as not to create temps with too-generous modes. # However, 'strip' requires both read and write access to temps. case $mode in # Optimize common cases. *644) cp_umask=133;; *755) cp_umask=22;; *[0-7]) if test -z "$stripcmd"; then u_plus_rw= else u_plus_rw='% 200' fi cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; *) if test -z "$stripcmd"; then u_plus_rw= else u_plus_rw=,u+rw fi cp_umask=$mode$u_plus_rw;; esac fi for src do # Protect names problematic for `test' and other utilities. case $src in -* | [=\(\)!]) src=./$src;; esac if test -n "$dir_arg"; then dst=$src dstdir=$dst test -d "$dstdir" dstdir_status=$? else # Waiting for this to be detected by the "$cpprog $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if test ! -f "$src" && test ! -d "$src"; then echo "$0: $src does not exist." >&2 exit 1 fi if test -z "$dst_arg"; then echo "$0: no destination specified." >&2 exit 1 fi dst=$dst_arg # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. if test -d "$dst"; then if test -n "$no_target_directory"; then echo "$0: $dst_arg: Is a directory" >&2 exit 1 fi dstdir=$dst dst=$dstdir/`basename "$src"` dstdir_status=0 else # Prefer dirname, but fall back on a substitute if dirname fails. dstdir=` (dirname "$dst") 2>/dev/null || expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$dst" : 'X\(//\)[^/]' \| \ X"$dst" : 'X\(//\)$' \| \ X"$dst" : 'X\(/\)' \| . 2>/dev/null || echo X"$dst" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q' ` test -d "$dstdir" dstdir_status=$? fi fi obsolete_mkdir_used=false if test $dstdir_status != 0; then case $posix_mkdir in '') # Create intermediate dirs using mode 755 as modified by the umask. # This is like FreeBSD 'install' as of 1997-10-28. umask=`umask` case $stripcmd.$umask in # Optimize common cases. *[2367][2367]) mkdir_umask=$umask;; .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; *[0-7]) mkdir_umask=`expr $umask + 22 \ - $umask % 100 % 40 + $umask % 20 \ - $umask % 10 % 4 + $umask % 2 `;; *) mkdir_umask=$umask,go-w;; esac # With -d, create the new directory with the user-specified mode. # Otherwise, rely on $mkdir_umask. if test -n "$dir_arg"; then mkdir_mode=-m$mode else mkdir_mode= fi posix_mkdir=false case $umask in *[123567][0-7][0-7]) # POSIX mkdir -p sets u+wx bits regardless of umask, which # is incompatible with FreeBSD 'install' when (umask & 300) != 0. ;; *) tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 if (umask $mkdir_umask && exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 then if test -z "$dir_arg" || { # Check for POSIX incompatibilities with -m. # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or # other-writeable bit of parent directory when it shouldn't. # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. ls_ld_tmpdir=`ls -ld "$tmpdir"` case $ls_ld_tmpdir in d????-?r-*) different_mode=700;; d????-?--*) different_mode=755;; *) false;; esac && $mkdirprog -m$different_mode -p -- "$tmpdir" && { ls_ld_tmpdir_1=`ls -ld "$tmpdir"` test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" } } then posix_mkdir=: fi rmdir "$tmpdir/d" "$tmpdir" else # Remove any dirs left behind by ancient mkdir implementations. rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null fi trap '' 0;; esac;; esac if $posix_mkdir && ( umask $mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" ) then : else # The umask is ridiculous, or mkdir does not conform to POSIX, # or it failed possibly due to a race condition. Create the # directory the slow way, step by step, checking for races as we go. case $dstdir in /*) prefix='/';; [-=\(\)!]*) prefix='./';; *) prefix='';; esac eval "$initialize_posix_glob" oIFS=$IFS IFS=/ $posix_glob set -f set fnord $dstdir shift $posix_glob set +f IFS=$oIFS prefixes= for d do test X"$d" = X && continue prefix=$prefix$d if test -d "$prefix"; then prefixes= else if $posix_mkdir; then (umask=$mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break # Don't fail if two instances are running concurrently. test -d "$prefix" || exit 1 else case $prefix in *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; *) qprefix=$prefix;; esac prefixes="$prefixes '$qprefix'" fi fi prefix=$prefix/ done if test -n "$prefixes"; then # Don't fail if two instances are running concurrently. (umask $mkdir_umask && eval "\$doit_exec \$mkdirprog $prefixes") || test -d "$dstdir" || exit 1 obsolete_mkdir_used=true fi fi fi if test -n "$dir_arg"; then { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 else # Make a couple of temp file names in the proper directory. dsttmp=$dstdir/_inst.$$_ rmtmp=$dstdir/_rm.$$_ # Trap to clean up those temp files at exit. trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 # Copy the file name to the temp name. (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && # and set any options; do chmod last to preserve setuid bits. # # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $cpprog $src $dsttmp" command. # { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && # If -C, don't bother to copy if it wouldn't change the file. if $copy_on_change && old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && eval "$initialize_posix_glob" && $posix_glob set -f && set X $old && old=:$2:$4:$5:$6 && set X $new && new=:$2:$4:$5:$6 && $posix_glob set +f && test "$old" = "$new" && $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 then rm -f "$dsttmp" else # Rename the file to the real destination. $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || # The rename failed, perhaps because mv can't rename something else # to itself, or perhaps because mv is so ancient that it does not # support -f. { # Now remove or move aside any old file at destination location. # We try this two ways since rm can't unlink itself on some # systems and the destination file might be busy for other # reasons. In this case, the final cleanup might fail but the new # file should still install successfully. { test ! -f "$dst" || $doit $rmcmd -f "$dst" 2>/dev/null || { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } } || { echo "$0: cannot unlink or rename $dst" >&2 (exit 1); exit 1 } } && # Now rename the file to the real destination. $doit $mvcmd "$dsttmp" "$dst" } fi || exit 1 trap '' 0 fi done # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: nss-pam-ldapd-0.8.13/Makefile.am0000644000175000001440000000613012052247572013222 00000000000000# Makefile.am - use automake to generate Makefile.in # # Copyright (C) 2006 Luke Howard # Copyright (C) 2006 West Consulting # Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA SUBDIRS = compat common if ENABLE_NSS SUBDIRS += nss endif if ENABLE_PAM SUBDIRS += pam endif if ENABLE_NSLCD SUBDIRS += nslcd endif if ENABLE_PYNSLCD SUBDIRS += pynslcd endif SUBDIRS += man tests EXTRA_DIST = nslcd.conf nslcd.h $(wildcard ChangeLog-20??) \ $(wildcard m4/*.m4) HACKING ldapns.schema ldapns.ldif DISTCHECK_CONFIGURE_FLAGS = --enable-warnings --enable-pynslcd \ --with-pam-seclib-dir="\$${libdir}/security" \ --with-ldap-conf-file="\$${prefix}/nslcd.conf" \ CPPFLAGS=$(CPPFLAGS) LDFLAGS=$(LDFLAGS) ACLOCAL_AMFLAGS = -I m4 NSLCD_CONF_PATH = @NSLCD_CONF_PATH@ install-data-local: install-nslcd_conf uninstall-local: uninstall-nslcd_conf # install a default configuration file if it is not already there install-nslcd_conf: @if [ -f $(DESTDIR)$(NSLCD_CONF_PATH) ]; then \ echo "$(DESTDIR)$(NSLCD_CONF_PATH) already exists, install will not overwrite"; \ else \ $(mkinstalldirs) `dirname $(DESTDIR)$(NSLCD_CONF_PATH)`; \ $(INSTALL) -m 600 $(srcdir)/nslcd.conf $(DESTDIR)$(NSLCD_CONF_PATH); \ fi uninstall-nslcd_conf: -rm -f $(DESTDIR)$(NSLCD_CONF_PATH) # fix permissions before distributing dist-hook: chmod -R a+rX $(distdir) # target for generating the ChangeLog file changelog: ( svn2cl -i --stdout -r HEAD:1835 ; \ svn2cl -i --stdout -r 1835:1586 --strip-prefix='nss-pam-ldapd' ; \ ) > ChangeLog flawfinder.html: flawfinder --quiet --html --context --followdotdir . > $@ rats.html: rats --quiet --html --context . > $@ splint.txt: -env LARCH_PATH=/usr/share/splint/lib/ \ LCLIMPORTDIR=/usr/share/splint/imports/ \ splint -checks -mustfreefresh \ -warnposix +showsummary +showalluses +hints -namechecks \ -globstate -predboolint -mustfreeonly -temptrans -kepttrans \ -I. -I$(srcdir) -I$(top_builddir) $(DEFS) -D_REENTRANT -DDEBUG \ -D__signed__=signed -D__thread= -D__gnuc_va_list=__ptr_t \ -Dkrb5_int32=int32_t -Dkrb5_ui_4=uint32_t \ -D__u16=uint16_t -D__u32=uint32_t \ *.[ch] nss/*.[ch] nslcd/*.[ch] common/*.[ch] compat/*.[ch] > $@ 2>&1 .PHONY: flawfinder.html rats.html splint.txt nss-pam-ldapd-0.8.13/m4/0000755000175000001440000000000012141476125011563 500000000000000nss-pam-ldapd-0.8.13/m4/ax_pthread.m40000644000175000001440000003044011726462003014063 00000000000000# =========================================================================== # http://www.gnu.org/software/autoconf-archive/ax_pthread.html # =========================================================================== # # SYNOPSIS # # AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]]) # # DESCRIPTION # # This macro figures out how to build C programs using POSIX threads. It # sets the PTHREAD_LIBS output variable to the threads library and linker # flags, and the PTHREAD_CFLAGS output variable to any special C compiler # flags that are needed. (The user can also force certain compiler # flags/libs to be tested by setting these environment variables.) # # Also sets PTHREAD_CC to any special C compiler that is needed for # multi-threaded programs (defaults to the value of CC otherwise). (This # is necessary on AIX to use the special cc_r compiler alias.) # # NOTE: You are assumed to not only compile your program with these flags, # but also link it with them as well. e.g. you should link with # $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS # # If you are only building threads programs, you may wish to use these # variables in your default LIBS, CFLAGS, and CC: # # LIBS="$PTHREAD_LIBS $LIBS" # CFLAGS="$CFLAGS $PTHREAD_CFLAGS" # CC="$PTHREAD_CC" # # In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant # has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name # (e.g. PTHREAD_CREATE_UNDETACHED on AIX). # # Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the # PTHREAD_PRIO_INHERIT symbol is defined when compiling with # PTHREAD_CFLAGS. # # ACTION-IF-FOUND is a list of shell commands to run if a threads library # is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it # is not found. If ACTION-IF-FOUND is not specified, the default action # will define HAVE_PTHREAD. # # Please let the authors know if this macro fails on any platform, or if # you have any other suggestions or comments. This macro was based on work # by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help # from M. Frigo), as well as ac_pthread and hb_pthread macros posted by # Alejandro Forero Cuervo to the autoconf macro repository. We are also # grateful for the helpful feedback of numerous users. # # Updated for Autoconf 2.68 by Daniel Richard G. # # LICENSE # # Copyright (c) 2008 Steven G. Johnson # Copyright (c) 2011 Daniel Richard G. # # This program is free software: you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation, either version 3 of the License, or (at your # option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General # Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure # scripts that are the output of Autoconf when processing the Macro. You # need not follow the terms of the GNU General Public License when using # or distributing such scripts, even though portions of the text of the # Macro appear in them. The GNU General Public License (GPL) does govern # all other use of the material that constitutes the Autoconf Macro. # # This special exception to the GPL applies to versions of the Autoconf # Macro released by the Autoconf Archive. When you make and distribute a # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. #serial 17 AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD]) AC_DEFUN([AX_PTHREAD], [ AC_REQUIRE([AC_CANONICAL_HOST]) AC_LANG_PUSH([C]) ax_pthread_ok=no # We used to check for pthread.h first, but this fails if pthread.h # requires special compiler flags (e.g. on True64 or Sequent). # It gets checked for in the link test anyway. # First of all, check if the user has set any of the PTHREAD_LIBS, # etcetera environment variables, and if threads linking works using # them: if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" save_LIBS="$LIBS" LIBS="$PTHREAD_LIBS $LIBS" AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS]) AC_TRY_LINK_FUNC(pthread_join, ax_pthread_ok=yes) AC_MSG_RESULT($ax_pthread_ok) if test x"$ax_pthread_ok" = xno; then PTHREAD_LIBS="" PTHREAD_CFLAGS="" fi LIBS="$save_LIBS" CFLAGS="$save_CFLAGS" fi # We must check for the threads library under a number of different # names; the ordering is very important because some systems # (e.g. DEC) have both -lpthread and -lpthreads, where one of the # libraries is broken (non-POSIX). # Create a list of thread flags to try. Items starting with a "-" are # C compiler flags, and other items are library names, except for "none" # which indicates that we try without any flags at all, and "pthread-config" # which is a program returning the flags for the Pth emulation library. ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" # The ordering *is* (sometimes) important. Some notes on the # individual items follow: # pthreads: AIX (must check this before -lpthread) # none: in case threads are in libc; should be tried before -Kthread and # other compiler flags to prevent continual compiler warnings # -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) # -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) # lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) # -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads) # -pthreads: Solaris/gcc # -mthreads: Mingw32/gcc, Lynx/gcc # -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it # doesn't hurt to check since this sometimes defines pthreads too; # also defines -D_REENTRANT) # ... -mt is also the pthreads flag for HP/aCC # pthread: Linux, etcetera # --thread-safe: KAI C++ # pthread-config: use pthread-config program (for GNU Pth library) case "${host_cpu}-${host_os}" in *solaris*) # On Solaris (at least, for some versions), libc contains stubbed # (non-functional) versions of the pthreads routines, so link-based # tests will erroneously succeed. (We need to link with -pthreads/-mt/ # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather # a function called by this macro, so we could check for that, but # who knows whether they'll stub that too in a future libc.) So, # we'll just look for -pthreads and -lpthread first: ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags" ;; *-darwin*) ax_pthread_flags="-pthread $ax_pthread_flags" ;; esac if test x"$ax_pthread_ok" = xno; then for flag in $ax_pthread_flags; do case $flag in none) AC_MSG_CHECKING([whether pthreads work without any flags]) ;; -*) AC_MSG_CHECKING([whether pthreads work with $flag]) PTHREAD_CFLAGS="$flag" ;; pthread-config) AC_CHECK_PROG(ax_pthread_config, pthread-config, yes, no) if test x"$ax_pthread_config" = xno; then continue; fi PTHREAD_CFLAGS="`pthread-config --cflags`" PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" ;; *) AC_MSG_CHECKING([for the pthreads library -l$flag]) PTHREAD_LIBS="-l$flag" ;; esac save_LIBS="$LIBS" save_CFLAGS="$CFLAGS" LIBS="$PTHREAD_LIBS $LIBS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" # Check for various functions. We must include pthread.h, # since some functions may be macros. (On the Sequent, we # need a special flag -Kthread to make this header compile.) # We check for pthread_join because it is in -lpthread on IRIX # while pthread_create is in libc. We check for pthread_attr_init # due to DEC craziness with -lpthreads. We check for # pthread_cleanup_push because it is one of the few pthread # functions on Solaris that doesn't have a non-functional libc stub. # We try pthread_create on general principles. AC_LINK_IFELSE([AC_LANG_PROGRAM([#include static void routine(void *a) { a = 0; } static void *start_routine(void *a) { return a; }], [pthread_t th; pthread_attr_t attr; pthread_create(&th, 0, start_routine, 0); pthread_join(th, 0); pthread_attr_init(&attr); pthread_cleanup_push(routine, 0); pthread_cleanup_pop(0) /* ; */])], [ax_pthread_ok=yes], []) LIBS="$save_LIBS" CFLAGS="$save_CFLAGS" AC_MSG_RESULT($ax_pthread_ok) if test "x$ax_pthread_ok" = xyes; then break; fi PTHREAD_LIBS="" PTHREAD_CFLAGS="" done fi # Various other checks: if test "x$ax_pthread_ok" = xyes; then save_LIBS="$LIBS" LIBS="$PTHREAD_LIBS $LIBS" save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. AC_MSG_CHECKING([for joinable pthread attribute]) attr_name=unknown for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], [int attr = $attr; return attr /* ; */])], [attr_name=$attr; break], []) done AC_MSG_RESULT($attr_name) if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then AC_DEFINE_UNQUOTED(PTHREAD_CREATE_JOINABLE, $attr_name, [Define to necessary symbol if this constant uses a non-standard name on your system.]) fi AC_MSG_CHECKING([if more special flags are required for pthreads]) flag=no case "${host_cpu}-${host_os}" in *-aix* | *-freebsd* | *-darwin*) flag="-D_THREAD_SAFE";; *-osf* | *-hpux*) flag="-D_REENTRANT";; *solaris*) if test "$GCC" = "yes"; then flag="-D_REENTRANT" else flag="-mt -D_REENTRANT" fi ;; esac AC_MSG_RESULT(${flag}) if test "x$flag" != xno; then PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" fi AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT], ax_cv_PTHREAD_PRIO_INHERIT, [ AC_LINK_IFELSE([ AC_LANG_PROGRAM([[#include ]], [[int i = PTHREAD_PRIO_INHERIT;]])], [ax_cv_PTHREAD_PRIO_INHERIT=yes], [ax_cv_PTHREAD_PRIO_INHERIT=no]) ]) AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"], AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], 1, [Have PTHREAD_PRIO_INHERIT.])) LIBS="$save_LIBS" CFLAGS="$save_CFLAGS" # More AIX lossage: must compile with xlc_r or cc_r if test x"$GCC" != xyes; then AC_CHECK_PROGS(PTHREAD_CC, xlc_r cc_r, ${CC}) else PTHREAD_CC=$CC fi else PTHREAD_CC="$CC" fi AC_SUBST(PTHREAD_LIBS) AC_SUBST(PTHREAD_CFLAGS) AC_SUBST(PTHREAD_CC) # Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: if test x"$ax_pthread_ok" = xyes; then ifelse([$1],,AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]),[$1]) : else ax_pthread_ok=no $2 fi AC_LANG_POP ])dnl AX_PTHREAD nss-pam-ldapd-0.8.13/ChangeLog-20060000644000175000001440000010665111431514500013322 000000000000002006-12-31 arthur * [r210] nslcd-common.h: if the string to write is NULL, write an empty string * [r209] nslcd-common.h: ensure that all arrays that are allocated in the buffer are now aligned to the pointer size * [r208] nslcd-common.h, nss/hosts.c: extract some more common macros 2006-12-30 arthur * [r207] nslcd/ldap-nss.c, tests/test_group.c: get rid of a few warnings 2006-12-29 arthur * [r206] config.sub: update to newer version again (got lost in r205) * [r205] config.sub, nslcd/group.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/util.c: get rid of debug() function and call log_log() instead 2006-12-27 arthur * [r204] nslcd-common.h, nslcd/alias.c, nslcd/common.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: do not allocate new memory with malloc() for each request with a string parameter but use a buffer allocated on the stack instead (this simplifies free()-ing the buffer(s) in case of problems) 2006-12-25 arthur * [r203] nslcd/dnsconfig.c, nslcd/group.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/passwd.c, nslcd/util.c, nslcd/util.h: get rid of NSS_BUFSIZ, rename _nss_ldap_oc_check() to has_objectclass(), redo _nss_ldap_escape_string() with simpler logic and slightly different signature and redid layout of some code 2006-12-23 arthur * [r201] ChangeLog, NEWS, TODO, configure.ac, debian/changelog: get files ready for 0.1 release 2006-12-22 arthur * [r200] nslcd.8: fix name of configuration file and update date and version number * [r199] NEWS, TODO, nslcd/alias.c, nslcd/dnsconfig.c, nslcd/dnsconfig.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, nslcd/ldap-nss.c, nslcd/ldap-nss.h, nslcd/ldap-schema.c, nslcd/ldap-schema.h, nslcd/netgroup.c, nslcd/network.c, nslcd/pagectrl.c, nslcd/pagectrl.h, nslcd/passwd.c, nslcd/protocol.c, nslcd/resolve.c, nslcd/resolve.h, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c, nslcd/util.c, nslcd/util.h, nss-ldapd.conf, nss-ldapd.conf.5, nss/exports.linux: remove last keyword and disable keyword expansion * [r198] nslcd/Makefile.am: make list of source files a little clearer * [r197] HACKING: change reference to directory name 2006-12-21 arthur * [r196] Makefile.am, configure.ac, debian/copyright, nslcd, server: rename server directory to nslcd * [r195] ChangeLog, Makefile.am: add code for generating ChangeLog and add initial ChangeLog 2006-12-21 arthur * [r194] .: change trunk location in repository to match package name * [r193] server/alias.c, server/dnsconfig.c, server/dnsconfig.h, server/ether.c, server/group.c, server/host.c, server/ldap-nss.c, server/ldap-nss.h, server/ldap-schema.c, server/ldap-schema.h, server/log.c, server/log.h, server/netgroup.c, server/network.c, server/pagectrl.c, server/pagectrl.h, server/passwd.c, server/protocol.c, server/rpc.c, server/service.c, server/shadow.c, server/util.c, server/util.h, server/xmalloc.c, server/xmalloc.h: normalize copyright headers 2006-12-20 arthur * [r192] debian/copyright: update copyright file with current copyright information * [r191] Makefile.am, nss/Makefile.am, server/Makefile.am, tests/Makefile.am: properly capitalize company name * [r190] README: fix wrapping * [r189] README: integrate remaining parts in documentation * [r188] Makefile.am, debian/libnss-ldapd.examples: ship nss-ldapd.conf as an example in the Debian package 2006-12-19 arthur * [r187] ., debian/changelog, debian/control: change Debian source package name to nss-ldapd * [r186] Makefile.am: do not try to ship gone README.Debian but do ship new HACKING * [r185] nss-ldapd.conf: get rid of pam stuff * [r184] HACKING, NEWS, README, TODO: first step at improving documentation * [r183] configure.ac, debian/changelog: change version number to 0.1 * [r182] debian/libnss-ldapd.postinst: change some tests with grep to be correct, add some comments and improve import of old configuration file * [r181] debian/README.Debian: the README.Debian does not contain any more relevant information * [r180] server/nslcd.c: add TODO * [r179] Makefile.am, configure.ac, debian/libnss-ldapd.config, debian/libnss-ldapd.nslcd.init, debian/libnss-ldapd.postinst, debian/libnss-ldapd.postrm, debian/rules, ldap.conf, nss-ldapd.conf, nss-ldapd.conf.5, nss_ldap.5: change default configuration file name to /etc/nss-ldapd.conf 2006-12-18 arthur * [r178] Makefile.am, nslcd.8: add initial nslcd manual page * [r177] server/nslcd.c: output of --help no longer shows --config option (which isn't there) * [r176] configure.ac: change name of package also in configure * [r175] debian/libnss-ldapd.config: handle cases where commands in backticks return an error code * [r174] nss/hosts.c: only set h_errno to error value on problems and change the returned value in some cases 2006-12-17 arthur * [r173] debian/libnss-ldapd.nslcd.init: report process id in status * [r172] configure.ac, debian/changelog, debian/libnss-ldapd.config, debian/libnss-ldapd.nslcd.init, debian/libnss-ldapd.postinst, nss/common.h, server/nslcd.c, tests/test_networks.c: remove trailing spaces * [r171] nss/prototypes.h: add note about glibc manual * [r170] nss/Makefile.am: fix comment as to installing libraries * [r169] debian/control: add a snippet to the package description as to what the main differences to libnss-ldap are * [r168] debian/rules: move the nss libraries to /lib instead of /usr/lib * [r167] debian/rules: remove some unneeded configure options 2006-12-16 arthur * [r166] Makefile.am, debian/libnss-ldapd.lintian-overrides, debian/rules: fix some lintian warnings regarding shared libraries with an override file and generating shlibs for now * [r165] debian/rules: fix configuration file manual page name * [r164] debian/libnss-ldapd.templates, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fr.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po: end every short description line with a colon (and run debconf-updatepo) (thanks lintian) * [r163] server/nslcd.c: set correct permissions on socket creation and remove socket and pidfile on exit * [r162] nss/exports.linux, nss/group.c, nss/prototypes.h, tests/test_group.c: remove _nss_ldap_initgroups_dyn() from interface for now because it is currently not working * [r161] configure.ac: fix configure --help strings to be more consistent and list default values * [r160] Makefile.am: fix debian files to ship and split off those files into a separate variable * [r159] debian/po/POTFILES.in, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fr.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po: update po and pot files based on current templates * [r158] debian/config, debian/libnss-ldapd.config, debian/libnss-ldapd.postinst, debian/libnss-ldapd.postrm, debian/libnss-ldapd.templates, debian/rules, debian/templates: redid Debian packaging: on installation a search is done for any reasonable configuration information (existing nss_ldap config, hostname info, etc), configuring nsswitch.conf is also done and all files in the debian directory have more logical names * [r157] Makefile.am, debian/libnss-ldapd.nslcd.init, debian/rules: ship an init script for starting nslcd 2006-12-14 arthur * [r156] AUTHORS: fix format of AUTHORS file and include new authors * [r155] ANNOUNCE, README: include ANNOUNCE document in README * [r154] ChangeLog, NEWS: rename ChangeLog to NEWS and change formatting of file to follow common format 2006-12-13 arthur * [r153] NEWS, TODO: NEWS looks more like a TODO 2006-12-08 arthur * [r152] Makefile.am, debian/changelog, debian/control, debian/libnss-ldapd.postinst, debian/rules: clean up Debian packaging a bit * [r151] tests/ldaptest.pl, tests/nsswitch.test, tests/testd.c, tests/testgr.c, tests/testnss.c, tests/testpw.c, tests/testpw3.c, tests/testpw4.c, tests/testpw5.c, tests/testpw6.c: get rid of old test code (most of it should be covered by the new test code) * [r150] .: ignore generated debuild files * [r149] debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fr.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po, debian/templates: do not make default values translatable * [r148] nss/common.c: fix indentation * [r147] README, debian/LDAP-Permissions.txt, debian/examples, debian/libnss-ldapd.docs: get rid of more documentation in an attempt to include all useful documentation in one place * [r146] Makefile.am, README, doc: reasonable configuration information (existing nss_ldap config, parts in top-level README * [r145] configure.ac, nslcd.h: specify socket and pidfile location with configure script * [r144] debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fr.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po: run debconf-updatepo to get pot and po files in a consistent state * [r143] debian/control: get rid of cdbs build dependency 2006-12-07 arthur * [r142] debian, debian/README.Debian, debian/changelog, debian/control, debian/libnss-ldap.dirs, debian/libnss-ldap.init, debian/libnss-ldap.install, debian/libnss-ldap.links, debian/libnss-ldap.postinst, debian/libnss-ldap.postrm, debian/libnss-ldapd.docs, debian/libnss-ldapd.postinst, debian/libnss-ldapd.postrm, debian/rules: initial step to get working Debian packaging 2006-12-05 arthur * [r141] Makefile.am, compile, config.sub, configure.ac, nss/Makefile.am, server/Makefile.am: clean up build scripts to only link nslcd to OpenSSL and to cleanly create a nss_ldap.so file * [r140] server/ldap-nss.c, server/ldap-nss.h: get rid of _nss_ldap_get_ld_errno() which wasn't used 2006-12-03 arthur * [r139] server/nslcd.c: fix logging levels and remove some commented out code * [r138] server/ldap-nss.c, server/ldap-schema.c, server/passwd.c: get rid of some more unneeded code * [r137] tests/Makefile.am: split out common files into own variable and disable (comment out) protocol debugging * [r136] nss/exports.linux: regenerate from prototypes.h 2006-11-30 arthur * [r135] server/Makefile.am, server/alias.c, server/common.h, server/ether.c, server/group.c, server/host.c, server/ldap-nss.c, server/netgroup.c, server/network.c, server/nslcd-server.c, server/nslcd-server.h, server/nslcd.c, server/passwd.c, server/protocol.c, server/rpc.c, server/service.c, server/shadow.c, server/util.c: implement a simple threading solution and move code from nslcd-server.c to nslcd.c 2006-11-28 arthur * [r134] nslcd.h, nss/aliases.c, nss/ethers.c, nss/group.c, nss/passwd.c, nss/protocols.c, nss/rpc.c, nss/services.c, nss/shadow.c, server/alias.c, server/ether.c, server/group.c, server/passwd.c, server/protocol.c, server/rpc.c, server/service.c, server/shadow.c: rename LDF_ marcos to NSLCD_ macros to have a single namespace * [r133] server: ignore generated nslcd binary * [r132] configure.ac: look for nslcd.h now since nslcd.c has been moved into the server directory * [r131] ., Makefile.am, configure.ac, exports.linux, log.c, log.h, nslcd-common.h, nslcd-server.c, nslcd-server.h, nslcd.c, nss/Makefile.am, nss/exports.linux, server, server/Makefile.am, server/log.c, server/log.h, server/nslcd-server.c, server/nslcd-server.h, server/nslcd.c, server/xmalloc.c, server/xmalloc.h, testnss.c, tests, tests/Makefile.am, tests/test_aliases.c, tests/test_ethers.c, tests/test_group.c, tests/test_hosts.c, tests/test_netgroup.c, tests/test_networks.c, tests/test_passwd.c, tests/test_protocols.c, tests/test_rpc.c, tests/test_services.c, tests/test_shadow.c, tests/testnss.c, xmalloc.c, xmalloc.h: get as many files from the root directory as possible, moving all server related code to the server directory and moving and splitting the test code to the tests directory * [r130] nslcd-server.c, nss/networks.c, server/network.c, testnss.c: implement network name lookups on server side plus some fixes on the client side * [r129] nslcd-server.c, server/common.c: include config.h as first statement * [r128] nslcd-common.h: implement more detailed protocol logging (dumping the actual byte values read and written) 2006-11-27 arthur * [r127] Makefile.am, nslcd-client.c, nslcd-client.h, nss/Makefile.am, nss/aliases.c, nss/common.c, nss/common.h, nss/ethers.c, nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c, nss/passwd.c, nss/protocols.c, nss/rpc.c, nss/services.c, nss/shadow.c: get rid of nslcd-client.{c,h} and move it to nss/common.{c,h}, this ensures that all code that is needed for the nss part is in the nss directory * [r126] server/host.c, server/rpc.c: fix typos 2006-11-26 arthur * [r125] server/Makefile.am, server/dnsconfig.c, server/dnsconfig.h, server/ether.c, server/group.c, server/ldap-nss.c, server/ldap-nss.h, server/ldap-parse.h, server/ldap-schema.c, server/ldap-schema.h, server/network.c, server/passwd.c, server/util.c, server/util.h: clean up header files * [r124] doc/autofs-4.1.3-lookup-nssldap.patch, doc/lookup_nssldap.c, ldap.conf, nslcd-server.c, nslcd-server.h, nslcd.h, nss/Makefile.am, nss/automount.c, nss/prototypes.h, server/Makefile.am, server/automount.c, server/ldap-nss.h, server/ldap-schema.c, server/ldap-schema.h, server/rpc.c, server/util.c, server/util.h: get rid of automount map information lookups through NSS as this is not used (at least not with glibc), autofs-ldap looks up the information on it's own (but does parse /etc/nsswitch.conf) 2006-11-25 arthur * [r123] nslcd-server.c, nss/services.c, server/service.c, testnss.c: implement server end of service name lookup and fix client end to translate between host and network byte order and to also pass protocol in request * [r122] nslcd-common.h: fix bug that always causes a READ_STRING_ALLOC to read to a variable called name * [r121] nslcd-server.c, server/rpc.c, testnss.c: implement rpc service on server side * [r120] server/host.c: get rid of superfluous test * [r119] server/protocol.c: only flush the stream after writing all records * [r118] nslcd-server.c, server/protocol.c, testnss.c: implement protocol handling (server side) * [r117] nslcd.h, nss/netgroup.c, nss/prototypes.h: trip trailing whitespace * [r116] nslcd-common.h: include stdio for definitions of fread(), fwrite() etc 2006-11-24 arthur * [r115] nslcd-server.c, server/host.c, testnss.c: implement server end of host name lookups (without IPv6 support sofar) * [r114] nss/hosts.c: fix problem with allocated array for storing addresses, properly set h_errnop and check empty address (only addresses of other address family) in nss functions, not in read_hostent() * [r113] nslcd-common.h: make protocol logging a little more readable and do not use fseek() in streams because that is not supported 2006-11-22 arthur * [r112] server/alias.c, server/ether.c, server/group.c, server/passwd.c, server/shadow.c: only flush the stream after writing all records (not every time) and more logging consistency * [r111] nslcd-server.c, server/shadow.c, testnss.c: implement server end of shadow lookups * [r110] server/alias.c, server/passwd.c: make logging a little bit more consistent * [r109] server/netgroup.c: add extra copyright information (the exact same code was seen in glibc) 2006-11-21 arthur * [r108] nslcd-server.c, nslcd.h, nss/netgroup.c, server/netgroup.c, testnss.c: implement netgroup lookups, including test code 2006-11-19 arthur * [r107] nslcd.h: include a note about encoding of strings * [r106] nslcd-server.c, server/ether.c: implement nslcd_ether_*() functions * [r105] nslcd-server.c, nslcd-server.h: create prototypes for all server methods * [r104] nss/ethers.c: write contents of ethernet address not pointer * [r103] server/group.c: add missing semicolon * [r102] nslcd-common.h: add more verbose protocol logging, including logging of errors * [r101] ., debian, doc, nss, server, tests: ignore stale nfs files * [r100] nss/common.h: fix bug: the readfn() function was executed twice 2006-11-18 arthur * [r99] server/group.c, server/netgroup.c: some layout changes * [r98] nslcd.h: include changes to handle protocol, rpc, service and netgroup nslcd calls 2006-11-17 arthur * [r97] nss/Makefile.am, nss/netgroup.c, nss/prototypes.h: implement netgroup lookups * [r96] nss/aliases.c, nss/automount.c, nss/common.h, nss/ethers.c, nss/group.c, nss/hosts.c, nss/networks.c, nss/passwd.c, nss/protocols.c, nss/rpc.c, nss/services.c, nss/shadow.c: do some refactoring in the generated code and add some documentation on generated code in comments in common.h 2006-11-16 arthur * [r95] nss/Makefile.am, nss/services.c: implement reading of services entities * [r94] nss/Makefile.am, nss/rpc.c: implement reading of rpc entities * [r93] nss/Makefile.am, nss/protocols.c: implement reading of protocol entities * [r92] nss/aliases.c, nss/common.h, nss/ethers.c, nss/group.c, nss/hosts.c, nss/networks.c, nss/passwd.c, nss/shadow.c: switch to a simpler and more compact framework to generate methods (one reader function to deserialize a struct from the stream and auto-generated functions) 2006-11-15 arthur * [r91] nslcd.h, nss/Makefile.am, nss/networks.c, nss/prototypes.h: implement network information lookups through NSS * [r90] nss/hosts.c: properly filter out empty returned address records and return NOTFOUND for entries without addresses in our address family 2006-11-14 arthur * [r89] xmalloc.h: add xxmalloc() macro to simply allocate a structure of a certain type * [r88] nslcd.h, nss/Makefile.am, nss/automount.c, nss/prototypes.h: implement automounter maps lookups * [r87] nss/common.h: just close the stream in case of problems instead of calling endent() 2006-11-11 arthur * [r86] server/group.c: include some other functions into lookup functions to increase readability * [r85] server/Makefile.am, server/alias.c, server/aliases.c, server/automount.c, server/common.c, server/common.h, server/ether.c, server/ethers.c, server/group.c, server/host.c, server/hosts.c, server/ldap-nss.c, server/ldap-nss.h, server/ldap-parse.h, server/ldap-schema.c, server/ldap-schema.h, server/netgroup.c, server/network.c, server/networks.c, server/passwd.c, server/protocol.c, server/protocols.c, server/rpc.c, server/service.c, server/services.c, server/shadow.c, server/util.c, server/util.h: fix naming and copyright headers * [r84] server/aliases.c, server/ldap-nss.c, server/ldap-nss.h, server/util.c, server/util.h: simplify some functions to pass file pointer around instead of struct and buffer (initially only for alias_byname()) * [r83] server/ldap-nss.h: some reformatting 2006-11-10 arthur * [r82] nslcd.h, nss/Makefile.am, nss/aliases.c, nss/ethers.c, nss/exports.h, nss/group.c, nss/hosts.c, nss/passwd.c, nss/prototypes.h, nss/shadow.c, testnss.c: rename nss/exports.h to nss/prototypes.h * [r81] nss/exports.h, nss/group.c, nss/hosts.c, nss/passwd.c, nss/shadow.c: switch to using prototypes that are defined in glibc 2.3.6 * [r80] nslcd.h, nss/Makefile.am, nss/shadow.c, testnss.c: implement NSS-side shadow lookups (plus test code) * [r79] nslcd.h, nss/Makefile.am, nss/ethers.c, nss/exports.h, testnss.c: implement NSS-side ethers database lookups plus test code * [r78] nss/exports.h, nss/hosts.c, testnss.c: add test code for host database and add const to function definition * [r77] nss/aliases.c, nss/group.c, nss/hosts.c: use better names for our thread-local file pointer 2006-11-07 arthur * [r76] server/aliases.c: expand some marcos and combine some code * [r75] server/passwd.c: expand some marcos and combine some code 2006-11-05 arthur * [r74] nslcd-common.h, testnss.c: add proper copyright headers * [r73] nslcd-server.c, nslcd-server.h, server/group.c, testnss.c: implement group functions in server but currently group_bymember() does not work * [r72] nslcd-common.h: remove testing stuff * [r71] nslcd-common.h: fix some variable usage bugs in READ_* marcos and change protocol debugging marcos to not use variadic arguments 2006-11-04 arthur * [r70] Makefile.am, certutil, doc/nsswitch.ldap, nsswitch.ldap: reorganize (and get rid of) some files 2006-11-03 arthur * [r69] nslcd.h, nss/Makefile.am, nss/hosts.c: implement initial host database lookups NSS-side * [r68] nslcd-common.h: make SKIP more consistent with READ * [r67] nslcd-server.c: clean struct sockaddr_un structure before usage * [r66] nslcd-common.h, nss/group.c: fix bogus reuse of tmpint32, introducing tmp3int32 * [r65] nslcd-common.h: split buffer management macros into separate macros * [r64] nslcd-common.h, nslcd.h, nss/aliases.c, nss/group.c, server/aliases.c: rename LOOP to STRINGLIST as that is currently the only supported format * [r63] nslcd-common.h, nss/group.c: add _nss_ldap_initgroups_dyn() function * [r62] nslcd-common.h, nss/aliases.c, nss/common.h, nss/group.c, nss/passwd.c: make loop macros common, create macros for expanding {set,get,end}ent() functions and implement {set,get,end}aliasent * [r61] nslcd.h: small documentation fixes * [r60] nslcd-server.h: implement nslcd_alias_all() server-side * [r59] nslcd-server.c, server/aliases.c: implement nslcd_alias_all() server-side * [r58] server/group.c: get rid of some more unneeded code 2006-11-02 arthur * [r57] server/aliases.c, server/passwd.c: some small fixes * [r56] nslcd-client.h, nslcd-server.c, nslcd-server.h, nslcd.h, nss/aliases.c, nss/common.c, nss/passwd.c, server/aliases.c, server/common.c, server/passwd.c: rename some constants and switch to a more sane naming scheme * [r55] nss/exports.h: we only need to export _nss_ldap_initgroups_dyn(), not _nss_ldap_initgroups() * [r54] nslcd-client.h, nss/aliases.c, nss/group.c, nss/passwd.c: rename READ_RESPONSE() macro to READ_RESPONSE_CODE() 2006-11-01 arthur * [r53] nslcd.h, nss/Makefile.am, nss/group.c, testnss.c: implement NSS side of getgrnam(), getgrgid() and {set,get,end}grent() * [r52] nss/aliases.c, nss/common.h, nss/passwd.c: always set *errnop correctly * [r51] CVSVersionInfo.txt, Makefile.am: get rid of CVSVersionInfo.txt * [r50] nslcd.c: prevent recursive hostname lookups through ldap * [r49] Makefile.am: add some files to EXTRA_DIST * [r48] nslcd-server.c, nslcd.h, server/common.c, server/group.c, server/passwd.c: get rid of some trailing spaces * [r47] nslcd.c: ignore SIGPIPE and get rid of some trailing spaces * [r46] testnss.c: only print result on success and errors on failure * [r45] server/common.h: do not close the server-side stream as the main dispatcher will close it * [r44] nss/passwd.c: implement _nss_ldap_{set,get,end}pwent() functions with thread-local opened file * [r43] nss/common.h: also set file pointer to NULL when closing a stream to properly handle reuse of stream * [r42] log.c: prefix debugging messages with DEBUG * [r41] configure.ac: look for different file in source directory, improve --enable-debug option and add checking for __thread keyword * [r40] nslcd-common.h: do not try to read and write zero length strings and add protocol debugging option * [r39] Makefile.am, dnsconfig.c, dnsconfig.h, ldap-nss.c, ldap-nss.h, ldap-parse.h, ldap-schema.c, ldap-schema.h, nslcd.c, pagectrl.c, pagectrl.h, resolve.c, resolve.h, server/Makefile.am, server/dnsconfig.c, server/dnsconfig.h, server/ldap-nss.c, server/ldap-nss.h, server/ldap-parse.h, server/ldap-schema.c, server/ldap-schema.h, server/pagectrl.c, server/pagectrl.h, server/resolve.c, server/resolve.h, server/util.c, server/util.h, util.c, util.h: move some remaining files into the server/ directory 2006-10-31 arthur * [r38] nslcd-common.h, nslcd-server.c, nslcd-server.h, nslcd.h, nss/aliases.c, server/aliases.c, server/passwd.c, testnss.c: implement reading of alias information through getaliasbyname() * [r37] nss/aliases.c, nss/common.c, nss/common.h, nss/exports.h, nss/passwd.c: make code consistent by adding headers, removing trailing whitespace and proper ifdefs for header files * [r36] .: ignore more files * [r35] nslcd-common.h: add header file defining read and write macros * [r34] nslcd-client.c, nslcd-client.h, nslcd-server.c, nslcd-server.h, nslcd.h, nss/Makefile.am, nss/common.c, nss/common.h, nss/passwd.c, server/common.h, server/passwd.c, testnss.c: clear up protocol macros while implementing getpwuid() and {set,get,end}pwent() functions (last not yet on NSS side) * [r33] nslcd.h: document protocol a little better 2006-10-30 arthur * [r32] Makefile.am, nslcd-client.c, nslcd-client.h, nslcd-server.c, nslcd-server.h, nslcd.c, nslcd.h, testnss.c: get first working version of end-to-end test of nss call using simple test program * [r31] Makefile.am, configure.ac: add server directory * [r30] nss/passwd.c: get rid of some empty lines * [r29] server, server/Makefile.am, server/common.c, server/common.h, server/passwd.c: implement simple password lookup with nslcd_getpwnam() function * [r28] nss/common.h, nss/passwd.c: return read data in struct and fix some marcos * [r27] nss/Makefile.am: do not build libnss_ldap.so in this directory, only build nss object functions 2006-10-25 arthur * [r26] configure.ac, nss: build nss directory * [r25] ldap-alias.c, ldap-automount.c, ldap-ethers.c, ldap-grp.c, ldap-hosts.c, ldap-netgrp.c, ldap-network.c, ldap-proto.c, ldap-pwd.c, ldap-rpc.c, ldap-service.c, ldap-spwd.c, server, server/aliases.c, server/automount.c, server/ethers.c, server/group.c, server/hosts.c, server/netgroup.c, server/networks.c, server/passwd.c, server/protocols.c, server/rpc.c, server/services.c, server/shadow.c: move ldap server code into separate directory * [r24] Makefile.am, nslcd-client.c, nslcd-client.h, nslcd.h, nss, nss/Makefile.am, nss/aliases.c, nss/common.c, nss/common.h, nss/exports.h, nss/passwd.c: add some basic minimal NSS code that can be generated from macros 2006-10-23 arthur * [r23] ., Makefile.am, configure.ac, log.c, log.h, nslcd-client.c, nslcd-client.h, nslcd-server.c, nslcd-server.h, nslcd.c, nslcd.h, xmalloc.c, xmalloc.h: implemented basic client/server setup with a thin client comminicating with a local server over a socket (initial version of code, much needs to be done) * [r22] ldap-grp.c, ldap-parse.h: rearrange functions in more logical order * [r21] ldap-nss.h: align comments * [r20] ldap-pwd.c: export function _nss_ldap_parse_pw() 2006-10-17 arthur * [r19] Makefile.am, dnsconfig.c, dnsconfig.h, ldap-alias.c, ldap-automount.c, ldap-ethers.c, ldap-grp.c, ldap-hosts.c, ldap-netgrp.c, ldap-network.c, ldap-nss.c, ldap-nss.h, ldap-parse.h, ldap-proto.c, ldap-pwd.c, ldap-rpc.c, ldap-schema.c, ldap-schema.h, ldap-service.c, ldap-spwd.c, ltf.c, ltf.h, pagectrl.c, pagectrl.h, resolve.c, resolve.h, util.c: get rid of ltf files (which contain NPL licenced code btw) clean up includes and general small code cleanups * [r18] .cvsignore: get rid of this file 2006-10-16 arthur * [r17] Makefile.am, dnsconfig.c, dnsconfig.h, ldap-alias.c, ldap-automount.c, ldap-ethers.c, ldap-grp.c, ldap-hosts.c, ldap-netgrp.c, ldap-network.c, ldap-nss.c, ldap-nss.h, ldap-parse.h, ldap-proto.c, ldap-pwd.c, ldap-rpc.c, ldap-schema.h, ldap-service.c, ldap-spwd.c, ltf.c, nss_common.h, nss_ldap.spec, util.c, util.h: some more cleanups, expanding some MACROs and typedefs and get rid of some more code 2006-10-15 arthur * [r16] configure.ac: add --enable-warnings option for extra compiler warnings 2006-10-12 arthur * [r15] Makefile.am, exports.solaris, ldap-alias.c, ldap-alias.h, ldap-automount.c, ldap-automount.h, ldap-bp.c, ldap-bp.h, ldap-ethers.c, ldap-ethers.h, ldap-grp.c, ldap-grp.h, ldap-hosts.c, ldap-hosts.h, ldap-netgrp.c, ldap-netgrp.h, ldap-network.c, ldap-network.h, ldap-proto.c, ldap-proto.h, ldap-pwd.c, ldap-pwd.h, ldap-rpc.c, ldap-rpc.h, ldap-service.c, ldap-service.h, ldap-spwd.c, ldap-spwd.h: get rid of some unnecessary header files (and a c file) * [r14] ANNOUNCE, AUTHORS, COPYING, ChangeLog, Makefile.am, NEWS, README, certutil, configure.ac, dnsconfig.c, dnsconfig.h, ldap-alias.c, ldap-alias.h, ldap-automount.c, ldap-automount.h, ldap-bp.c, ldap-bp.h, ldap-ethers.c, ldap-ethers.h, ldap-grp.c, ldap-grp.h, ldap-hosts.c, ldap-hosts.h, ldap-netgrp.c, ldap-netgrp.h, ldap-network.c, ldap-network.h, ldap-nss.c, ldap-nss.h, ldap-parse.h, ldap-proto.c, ldap-proto.h, ldap-pwd.c, ldap-pwd.h, ldap-rpc.c, ldap-rpc.h, ldap-schema.c, ldap-schema.h, ldap-service.c, ldap-service.h, ldap-spwd.c, ldap-spwd.h, ldap.conf, ltf.c, ltf.h, nss_common.h, nss_ldap.5, nss_ldap.spec, pagectrl.c, pagectrl.h, resolve.c, resolve.h, util.c, util.h: remove trailing spaces * [r13] ANNOUNCE, AUTHORS, Makefile.am, NEWS, README, certutil, configure.ac, dnsconfig.c, dnsconfig.h, exports.aix, exports.hpux, exports.linux, exports.solaris, ldap-alias.c, ldap-alias.h, ldap-automount.c, ldap-automount.h, ldap-bp.c, ldap-bp.h, ldap-ethers.c, ldap-ethers.h, ldap-grp.c, ldap-grp.h, ldap-hosts.c, ldap-hosts.h, ldap-netgrp.c, ldap-netgrp.h, ldap-network.c, ldap-network.h, ldap-nss.c, ldap-nss.h, ldap-parse.h, ldap-proto.c, ldap-proto.h, ldap-pwd.c, ldap-rpc.c, ldap-rpc.h, ldap-schema.c, ldap-schema.h, ldap-service.c, ldap-service.h, ldap-spwd.c, ldap-spwd.h, ldap.conf, ltf.c, nsswitch.ldap, pagectrl.c, resolve.c, resolve.h, util.c, util.h: some more small cleanups of code for non-supported systems and convert tabs to spaces * [r12] configure.ac: include templates from acconfig.h into configure.ac * [r11] debian/rules: set as executable * [r10] Makefile.am, aix_authmeth.c, dnsconfig.c, dnsconfig.h, irs-grp.c, irs-hosts.c, irs-netgrp.c, irs-network.c, irs-nss.c, irs-nss.h, irs-proto.c, irs-pwd.c, irs-service.c, irs.h, ldap-alias.c, ldap-alias.h, ldap-automount.c, ldap-automount.h, ldap-bp.c, ldap-bp.h, ldap-ethers.c, ldap-ethers.h, ldap-grp.c, ldap-grp.h, ldap-hosts.c, ldap-hosts.h, ldap-netgrp.c, ldap-netgrp.h, ldap-network.c, ldap-network.h, ldap-nss.c, ldap-nss.h, ldap-parse.h, ldap-proto.c, ldap-proto.h, ldap-pwd.c, ldap-pwd.h, ldap-rpc.c, ldap-rpc.h, ldap-schema.c, ldap-schema.h, ldap-service.c, ldap-service.h, ldap-sldap.c, ldap-sldap.h, ldap-spwd.c, ldap-spwd.h, ltf.c, ltf.h, nss_common.h, nss_dbdefs.h, nss_ldap.5, pagectrl.c, pagectrl.h, resolve.c, resolve.h, snprintf.c, snprintf.h, util.c, util.h: first round of cleanups, all non-glibc NSS stuff has been removed, because we are going to do some major restructuring it will not likely remain valid anyway and we can always re-add it later * [r9] CVSVersionInfo.txt, ChangeLog, NEWS, aix_authmeth.c, certutil, dnsconfig.c, dnsconfig.h, doc/autofs-4.1.3-lookup-nssldap.patch, doc/lookup_nssldap.c, exports.linux, exports.solaris, irs-grp.c, irs-hosts.c, irs-netgrp.c, irs-network.c, irs-nss.c, irs-nss.h, irs-proto.c, irs-pwd.c, irs-service.c, irs.h, ldap-alias.c, ldap-alias.h, ldap-automount.c, ldap-automount.h, ldap-bp.c, ldap-bp.h, ldap-ethers.c, ldap-ethers.h, ldap-grp.c, ldap-grp.h, ldap-hosts.c, ldap-hosts.h, ldap-netgrp.c, ldap-netgrp.h, ldap-network.c, ldap-network.h, ldap-nss.c, ldap-nss.h, ldap-parse.h, ldap-proto.c, ldap-proto.h, ldap-pwd.c, ldap-pwd.h, ldap-rpc.c, ldap-rpc.h, ldap-schema.c, ldap-schema.h, ldap-service.c, ldap-service.h, ldap-sldap.c, ldap-sldap.h, ldap-spwd.c, ldap-spwd.h, ldap.conf, ltf.c, ltf.h, nss_common.h, nss_dbdefs.h, nss_ldap.5, nsswitch.ldap, pagectrl.c, pagectrl.h, resolve.c, resolve.h, snprintf.c, snprintf.h, tests/nsswitch.test, tests/testpw.c, tests/testpw4.c, tests/testpw5.c, tests/testpw6.c, util.c, util.h: add keyword expansion (svn:keywords) to all files containing keywords * [r8] Makefile.am, configure.ac: add West to copyrights notice 2006-10-11 arthur * [r7] INSTALL: install newer version from automake * [r6] Makefile.am, acconfig.h, aclocal.m4, autogen.sh, config.guess, config.h.in, config.sub, configure.ac, configure.in, depcomp, install-sh, missing, mkinstalldirs, stamp-h, stamp-h.in: first step in cleaning up build process (switch to newer autoconf/automake and remove generated files from version control) * [r5] ., Makefile.in, configure: remove some files from version control and add more ignores * [r4] ., debian: ignore some generated files * [r3] .: branch off latest Debian version 2006-10-11 arthur * [r2] ., Makefile.am, Makefile.in, aclocal.m4, configure, configure.in, debian, debian/LDAP-Permissions.txt, debian/README.Debian, debian/changelog, debian/compat, debian/config, debian/control, debian/copyright, debian/examples, debian/examples/groups.ldif, debian/examples/people.ldif, debian/libnss-ldap.dirs, debian/libnss-ldap.init, debian/libnss-ldap.install, debian/libnss-ldap.links, debian/libnss-ldap.postinst, debian/libnss-ldap.postrm, debian/po, debian/po/POTFILES.in, debian/po/ca.po, debian/po/cs.po, debian/po/da.po, debian/po/de.po, debian/po/es.po, debian/po/fr.po, debian/po/ja.po, debian/po/nl.po, debian/po/pt_BR.po, debian/po/ru.po, debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po, debian/rules, debian/templates, ldap-nss.c, ldap-nss.h, ldap-pwd.c, ldap.conf, stamp-h: import Debian release 251-5.2 2006-10-11 arthur * [r1] ., .cvsignore, ANNOUNCE, AUTHORS, COPYING, CVSVersionInfo.txt, ChangeLog, INSTALL, Makefile.am, Makefile.in, NEWS, README, acconfig.h, aclocal.m4, aix_authmeth.c, autogen.sh, certutil, config.guess, config.h.in, config.sub, configure, configure.in, depcomp, dnsconfig.c, dnsconfig.h, doc, doc/README.AIX, doc/README.HPUX, doc/README.IRS, doc/README.SFU, doc/README.paged, doc/SolarisInstallNotes.txt, doc/autofs-4.1.3-lookup-nssldap.patch, doc/lookup_nssldap.c, exports.aix, exports.hpux, exports.linux, exports.solaris, install-sh, irs-grp.c, irs-hosts.c, irs-netgrp.c, irs-network.c, irs-nss.c, irs-nss.h, irs-proto.c, irs-pwd.c, irs-service.c, irs.h, ldap-alias.c, ldap-alias.h, ldap-automount.c, ldap-automount.h, ldap-bp.c, ldap-bp.h, ldap-ethers.c, ldap-ethers.h, ldap-grp.c, ldap-grp.h, ldap-hosts.c, ldap-hosts.h, ldap-netgrp.c, ldap-netgrp.h, ldap-network.c, ldap-network.h, ldap-nss.c, ldap-nss.h, ldap-parse.h, ldap-proto.c, ldap-proto.h, ldap-pwd.c, ldap-pwd.h, ldap-rpc.c, ldap-rpc.h, ldap-schema.c, ldap-schema.h, ldap-service.c, ldap-service.h, ldap-sldap.c, ldap-sldap.h, ldap-spwd.c, ldap-spwd.h, ldap.conf, ltf.c, ltf.h, missing, mkinstalldirs, nss_common.h, nss_dbdefs.h, nss_ldap.5, nss_ldap.spec, nsswitch.ldap, pagectrl.c, pagectrl.h, resolve.c, resolve.h, snprintf.c, snprintf.h, stamp-h.in, tests, tests/ldaptest.pl, tests/nsswitch.test, tests/testd.c, tests/testgr.c, tests/testpw.c, tests/testpw3.c, tests/testpw4.c, tests/testpw5.c, tests/testpw6.c, util.c, util.h: import release 251 of nss-ldap nss-pam-ldapd-0.8.13/COPYING0000644000175000001440000006350410551003560012216 00000000000000 GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. [This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below. When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things. To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights. We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library. To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others. Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license. Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs. When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library. We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances. For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License. In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system. Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library. The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you". A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables. The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".) "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. 1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) The modified work must itself be a software library. b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. This option is useful when you wish to copy part of the code of the Library into a program that is not a library. 4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code. 5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.) Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. 6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications. You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with. c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. 7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things: a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above. b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it. 10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License. 11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. 14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Libraries If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License). To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the library `Frob' (a library for tweaking knobs) written by James Random Hacker. , 1 April 1990 Ty Coon, President of Vice That's all there is to it! nss-pam-ldapd-0.8.13/compile0000755000175000001440000001615212141433521012537 00000000000000#! /bin/sh # Wrapper for compilers which do not understand '-c -o'. scriptversion=2012-03-05.13; # UTC # Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009, 2010, 2012 Free # Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # This file is maintained in Automake, please report # bugs to or send patches to # . nl=' ' # We need space, tab and new line, in precisely that order. Quoting is # there to prevent tools from complaining about whitespace usage. IFS=" "" $nl" file_conv= # func_file_conv build_file lazy # Convert a $build file to $host form and store it in $file # Currently only supports Windows hosts. If the determined conversion # type is listed in (the comma separated) LAZY, no conversion will # take place. func_file_conv () { file=$1 case $file in / | /[!/]*) # absolute file, and not a UNC file if test -z "$file_conv"; then # lazily determine how to convert abs files case `uname -s` in MINGW*) file_conv=mingw ;; CYGWIN*) file_conv=cygwin ;; *) file_conv=wine ;; esac fi case $file_conv/,$2, in *,$file_conv,*) ;; mingw/*) file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` ;; cygwin/*) file=`cygpath -m "$file" || echo "$file"` ;; wine/*) file=`winepath -w "$file" || echo "$file"` ;; esac ;; esac } # func_cl_dashL linkdir # Make cl look for libraries in LINKDIR func_cl_dashL () { func_file_conv "$1" if test -z "$lib_path"; then lib_path=$file else lib_path="$lib_path;$file" fi linker_opts="$linker_opts -LIBPATH:$file" } # func_cl_dashl library # Do a library search-path lookup for cl func_cl_dashl () { lib=$1 found=no save_IFS=$IFS IFS=';' for dir in $lib_path $LIB do IFS=$save_IFS if $shared && test -f "$dir/$lib.dll.lib"; then found=yes lib=$dir/$lib.dll.lib break fi if test -f "$dir/$lib.lib"; then found=yes lib=$dir/$lib.lib break fi done IFS=$save_IFS if test "$found" != yes; then lib=$lib.lib fi } # func_cl_wrapper cl arg... # Adjust compile command to suit cl func_cl_wrapper () { # Assume a capable shell lib_path= shared=: linker_opts= for arg do if test -n "$eat"; then eat= else case $1 in -o) # configure might choose to run compile as 'compile cc -o foo foo.c'. eat=1 case $2 in *.o | *.[oO][bB][jJ]) func_file_conv "$2" set x "$@" -Fo"$file" shift ;; *) func_file_conv "$2" set x "$@" -Fe"$file" shift ;; esac ;; -I) eat=1 func_file_conv "$2" mingw set x "$@" -I"$file" shift ;; -I*) func_file_conv "${1#-I}" mingw set x "$@" -I"$file" shift ;; -l) eat=1 func_cl_dashl "$2" set x "$@" "$lib" shift ;; -l*) func_cl_dashl "${1#-l}" set x "$@" "$lib" shift ;; -L) eat=1 func_cl_dashL "$2" ;; -L*) func_cl_dashL "${1#-L}" ;; -static) shared=false ;; -Wl,*) arg=${1#-Wl,} save_ifs="$IFS"; IFS=',' for flag in $arg; do IFS="$save_ifs" linker_opts="$linker_opts $flag" done IFS="$save_ifs" ;; -Xlinker) eat=1 linker_opts="$linker_opts $2" ;; -*) set x "$@" "$1" shift ;; *.cc | *.CC | *.cxx | *.CXX | *.[cC]++) func_file_conv "$1" set x "$@" -Tp"$file" shift ;; *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO]) func_file_conv "$1" mingw set x "$@" "$file" shift ;; *) set x "$@" "$1" shift ;; esac fi shift done if test -n "$linker_opts"; then linker_opts="-link$linker_opts" fi exec "$@" $linker_opts exit 1 } eat= case $1 in '') echo "$0: No command. Try '$0 --help' for more information." 1>&2 exit 1; ;; -h | --h*) cat <<\EOF Usage: compile [--help] [--version] PROGRAM [ARGS] Wrapper for compilers which do not understand '-c -o'. Remove '-o dest.o' from ARGS, run PROGRAM with the remaining arguments, and rename the output as expected. If you are trying to build a whole package this is not the right script to run: please start by reading the file 'INSTALL'. Report bugs to . EOF exit $? ;; -v | --v*) echo "compile $scriptversion" exit $? ;; cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) func_cl_wrapper "$@" # Doesn't return... ;; esac ofile= cfile= for arg do if test -n "$eat"; then eat= else case $1 in -o) # configure might choose to run compile as 'compile cc -o foo foo.c'. # So we strip '-o arg' only if arg is an object. eat=1 case $2 in *.o | *.obj) ofile=$2 ;; *) set x "$@" -o "$2" shift ;; esac ;; *.c) cfile=$1 set x "$@" "$1" shift ;; *) set x "$@" "$1" shift ;; esac fi shift done if test -z "$ofile" || test -z "$cfile"; then # If no '-o' option was seen then we might have been invoked from a # pattern rule where we don't need one. That is ok -- this is a # normal compilation that the losing compiler can handle. If no # '.c' file was seen then we are probably linking. That is also # ok. exec "$@" fi # Name of file we expect compiler to create. cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` # Create the lock directory. # Note: use '[/\\:.-]' here to ensure that we don't use the same name # that we are using for the .o file. Also, base the name on the expected # object file name, since that is what matters with a parallel build. lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d while true; do if mkdir "$lockdir" >/dev/null 2>&1; then break fi sleep 1 done # FIXME: race condition here if user kills between mkdir and trap. trap "rmdir '$lockdir'; exit 1" 1 2 15 # Run the compile. "$@" ret=$? if test -f "$cofile"; then test "$cofile" = "$ofile" || mv "$cofile" "$ofile" elif test -f "${cofile}bj"; then test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile" fi rmdir "$lockdir" exit $ret # Local Variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: