nufw-2.4.3/0000777000175000017500000000000011431215443007502 500000000000000nufw-2.4.3/aclocal.m40000644000175000017500000106426311431215371011272 00000000000000# generated automatically by aclocal 1.10.1 -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, # 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl m4_if(AC_AUTOCONF_VERSION, [2.61],, [m4_warning([this file was generated for autoconf 2.61. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically `autoreconf'.])]) # Configure paths for GLIB # Owen Taylor 1997-2001 dnl AM_PATH_GLIB_2_0([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND [, MODULES]]]]) dnl Test for GLIB, and define GLIB_CFLAGS and GLIB_LIBS, if gmodule, gobject, dnl gthread, or gio is specified in MODULES, pass to pkg-config dnl AC_DEFUN([AM_PATH_GLIB_2_0], [dnl dnl Get the cflags and libraries from pkg-config dnl AC_ARG_ENABLE(glibtest, [ --disable-glibtest do not try to compile and run a test GLIB program], , enable_glibtest=yes) pkg_config_args=glib-2.0 for module in . $4 do case "$module" in gmodule) pkg_config_args="$pkg_config_args gmodule-2.0" ;; gmodule-no-export) pkg_config_args="$pkg_config_args gmodule-no-export-2.0" ;; gobject) pkg_config_args="$pkg_config_args gobject-2.0" ;; gthread) pkg_config_args="$pkg_config_args gthread-2.0" ;; gio*) pkg_config_args="$pkg_config_args $module-2.0" ;; esac done PKG_PROG_PKG_CONFIG([0.16]) no_glib="" if test "x$PKG_CONFIG" = x ; then no_glib=yes PKG_CONFIG=no fi min_glib_version=ifelse([$1], ,2.0.0,$1) AC_MSG_CHECKING(for GLIB - version >= $min_glib_version) if test x$PKG_CONFIG != xno ; then ## don't try to run the test against uninstalled libtool libs if $PKG_CONFIG --uninstalled $pkg_config_args; then echo "Will use uninstalled version of GLib found in PKG_CONFIG_PATH" enable_glibtest=no fi if $PKG_CONFIG --atleast-version $min_glib_version $pkg_config_args; then : else no_glib=yes fi fi if test x"$no_glib" = x ; then GLIB_GENMARSHAL=`$PKG_CONFIG --variable=glib_genmarshal glib-2.0` GOBJECT_QUERY=`$PKG_CONFIG --variable=gobject_query glib-2.0` GLIB_MKENUMS=`$PKG_CONFIG --variable=glib_mkenums glib-2.0` GLIB_CFLAGS=`$PKG_CONFIG --cflags $pkg_config_args` GLIB_LIBS=`$PKG_CONFIG --libs $pkg_config_args` glib_config_major_version=`$PKG_CONFIG --modversion glib-2.0 | \ sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\1/'` glib_config_minor_version=`$PKG_CONFIG --modversion glib-2.0 | \ sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\2/'` glib_config_micro_version=`$PKG_CONFIG --modversion glib-2.0 | \ sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\3/'` if test "x$enable_glibtest" = "xyes" ; then ac_save_CFLAGS="$CFLAGS" ac_save_LIBS="$LIBS" CFLAGS="$CFLAGS $GLIB_CFLAGS" LIBS="$GLIB_LIBS $LIBS" dnl dnl Now check if the installed GLIB is sufficiently new. (Also sanity dnl checks the results of pkg-config to some extent) dnl rm -f conf.glibtest AC_TRY_RUN([ #include #include #include int main () { int major, minor, micro; char *tmp_version; system ("touch conf.glibtest"); /* HP/UX 9 (%@#!) writes to sscanf strings */ tmp_version = g_strdup("$min_glib_version"); if (sscanf(tmp_version, "%d.%d.%d", &major, &minor, µ) != 3) { printf("%s, bad version string\n", "$min_glib_version"); exit(1); } if ((glib_major_version != $glib_config_major_version) || (glib_minor_version != $glib_config_minor_version) || (glib_micro_version != $glib_config_micro_version)) { printf("\n*** 'pkg-config --modversion glib-2.0' returned %d.%d.%d, but GLIB (%d.%d.%d)\n", $glib_config_major_version, $glib_config_minor_version, $glib_config_micro_version, glib_major_version, glib_minor_version, glib_micro_version); printf ("*** was found! If pkg-config was correct, then it is best\n"); printf ("*** to remove the old version of GLib. You may also be able to fix the error\n"); printf("*** by modifying your LD_LIBRARY_PATH enviroment variable, or by editing\n"); printf("*** /etc/ld.so.conf. Make sure you have run ldconfig if that is\n"); printf("*** required on your system.\n"); printf("*** If pkg-config was wrong, set the environment variable PKG_CONFIG_PATH\n"); printf("*** to point to the correct configuration files\n"); } else if ((glib_major_version != GLIB_MAJOR_VERSION) || (glib_minor_version != GLIB_MINOR_VERSION) || (glib_micro_version != GLIB_MICRO_VERSION)) { printf("*** GLIB header files (version %d.%d.%d) do not match\n", GLIB_MAJOR_VERSION, GLIB_MINOR_VERSION, GLIB_MICRO_VERSION); printf("*** library (version %d.%d.%d)\n", glib_major_version, glib_minor_version, glib_micro_version); } else { if ((glib_major_version > major) || ((glib_major_version == major) && (glib_minor_version > minor)) || ((glib_major_version == major) && (glib_minor_version == minor) && (glib_micro_version >= micro))) { return 0; } else { printf("\n*** An old version of GLIB (%d.%d.%d) was found.\n", glib_major_version, glib_minor_version, glib_micro_version); printf("*** You need a version of GLIB newer than %d.%d.%d. The latest version of\n", major, minor, micro); printf("*** GLIB is always available from ftp://ftp.gtk.org.\n"); printf("***\n"); printf("*** If you have already installed a sufficiently new version, this error\n"); printf("*** probably means that the wrong copy of the pkg-config shell script is\n"); printf("*** being found. The easiest way to fix this is to remove the old version\n"); printf("*** of GLIB, but you can also set the PKG_CONFIG environment to point to the\n"); printf("*** correct copy of pkg-config. (In this case, you will have to\n"); printf("*** modify your LD_LIBRARY_PATH enviroment variable, or edit /etc/ld.so.conf\n"); printf("*** so that the correct libraries are found at run-time))\n"); } } return 1; } ],, no_glib=yes,[echo $ac_n "cross compiling; assumed OK... $ac_c"]) CFLAGS="$ac_save_CFLAGS" LIBS="$ac_save_LIBS" fi fi if test "x$no_glib" = x ; then AC_MSG_RESULT(yes (version $glib_config_major_version.$glib_config_minor_version.$glib_config_micro_version)) ifelse([$2], , :, [$2]) else AC_MSG_RESULT(no) if test "$PKG_CONFIG" = "no" ; then echo "*** A new enough version of pkg-config was not found." echo "*** See http://www.freedesktop.org/software/pkgconfig/" else if test -f conf.glibtest ; then : else echo "*** Could not run GLIB test program, checking why..." ac_save_CFLAGS="$CFLAGS" ac_save_LIBS="$LIBS" CFLAGS="$CFLAGS $GLIB_CFLAGS" LIBS="$LIBS $GLIB_LIBS" AC_TRY_LINK([ #include #include ], [ return ((glib_major_version) || (glib_minor_version) || (glib_micro_version)); ], [ echo "*** The test program compiled, but did not run. This usually means" echo "*** that the run-time linker is not finding GLIB or finding the wrong" echo "*** version of GLIB. If it is not finding GLIB, you'll need to set your" echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point" echo "*** to the installed location Also, make sure you have run ldconfig if that" echo "*** is required on your system" echo "***" echo "*** If you have an old version installed, it is best to remove it, although" echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ], [ echo "*** The test program failed to compile or link. See the file config.log for the" echo "*** exact error that occured. This usually means GLIB is incorrectly installed."]) CFLAGS="$ac_save_CFLAGS" LIBS="$ac_save_LIBS" fi fi GLIB_CFLAGS="" GLIB_LIBS="" GLIB_GENMARSHAL="" GOBJECT_QUERY="" GLIB_MKENUMS="" ifelse([$3], , :, [$3]) fi AC_SUBST(GLIB_CFLAGS) AC_SUBST(GLIB_LIBS) AC_SUBST(GLIB_GENMARSHAL) AC_SUBST(GOBJECT_QUERY) AC_SUBST(GLIB_MKENUMS) rm -f conf.glibtest ]) dnl Autoconf macros for libgcrypt dnl Copyright (C) 2002, 2004 Free Software Foundation, Inc. dnl dnl This file is free software; as a special exception the author gives dnl unlimited permission to copy and/or distribute it, with or without dnl modifications, as long as this notice is preserved. dnl dnl This file is distributed in the hope that it will be useful, but dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION, dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) dnl Test for libgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS. dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed dnl with the API version to also check the API compatibility. Example: dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using dnl this features allows to prevent build against newer versions of libgcrypt dnl with a changed API. dnl AC_DEFUN([AM_PATH_LIBGCRYPT], [ AC_ARG_WITH(libgcrypt-prefix, AC_HELP_STRING([--with-libgcrypt-prefix=PFX], [prefix where LIBGCRYPT is installed (optional)]), libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="") if test x$libgcrypt_config_prefix != x ; then if test x${LIBGCRYPT_CONFIG+set} != xset ; then LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config fi fi AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no) tmp=ifelse([$1], ,1:1.2.0,$1) if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'` else req_libgcrypt_api=0 min_libgcrypt_version="$tmp" fi AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version) ok=no if test "$LIBGCRYPT_CONFIG" != "no" ; then req_major=`echo $min_libgcrypt_version | \ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'` req_minor=`echo $min_libgcrypt_version | \ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` req_micro=`echo $min_libgcrypt_version | \ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'` libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` major=`echo $libgcrypt_config_version | \ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` minor=`echo $libgcrypt_config_version | \ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'` micro=`echo $libgcrypt_config_version | \ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'` if test "$major" -gt "$req_major"; then ok=yes else if test "$major" -eq "$req_major"; then if test "$minor" -gt "$req_minor"; then ok=yes else if test "$minor" -eq "$req_minor"; then if test "$micro" -ge "$req_micro"; then ok=yes fi fi fi fi fi fi if test $ok = yes; then AC_MSG_RESULT([yes ($libgcrypt_config_version)]) else AC_MSG_RESULT(no) fi if test $ok = yes; then # If we have a recent libgcrypt, we should also check that the # API is compatible if test "$req_libgcrypt_api" -gt 0 ; then tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` if test "$tmp" -gt 0 ; then AC_MSG_CHECKING([LIBGCRYPT API version]) if test "$req_libgcrypt_api" -eq "$tmp" ; then AC_MSG_RESULT([okay]) else ok=no AC_MSG_RESULT([does not match. want=$req_libgcrypt_api got=$tmp]) fi fi fi fi if test $ok = yes; then LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` ifelse([$2], , :, [$2]) else LIBGCRYPT_CFLAGS="" LIBGCRYPT_LIBS="" ifelse([$3], , :, [$3]) fi AC_SUBST(LIBGCRYPT_CFLAGS) AC_SUBST(LIBGCRYPT_LIBS) ]) # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- # serial 52 Debian 1.5.26-4+lenny1 AC_PROG_LIBTOOL # AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED) # ----------------------------------------------------------- # If this macro is not defined by Autoconf, define it here. m4_ifdef([AC_PROVIDE_IFELSE], [], [m4_define([AC_PROVIDE_IFELSE], [m4_ifdef([AC_PROVIDE_$1], [$2], [$3])])]) # AC_PROG_LIBTOOL # --------------- AC_DEFUN([AC_PROG_LIBTOOL], [AC_REQUIRE([_AC_PROG_LIBTOOL])dnl dnl If AC_PROG_CXX has already been expanded, run AC_LIBTOOL_CXX dnl immediately, otherwise, hook it in at the end of AC_PROG_CXX. AC_PROVIDE_IFELSE([AC_PROG_CXX], [AC_LIBTOOL_CXX], [define([AC_PROG_CXX], defn([AC_PROG_CXX])[AC_LIBTOOL_CXX ])]) dnl And a similar setup for Fortran 77 support AC_PROVIDE_IFELSE([AC_PROG_F77], [AC_LIBTOOL_F77], [define([AC_PROG_F77], defn([AC_PROG_F77])[AC_LIBTOOL_F77 ])]) dnl Quote A][M_PROG_GCJ so that aclocal doesn't bring it in needlessly. dnl If either AC_PROG_GCJ or A][M_PROG_GCJ have already been expanded, run dnl AC_LIBTOOL_GCJ immediately, otherwise, hook it in at the end of both. AC_PROVIDE_IFELSE([AC_PROG_GCJ], [AC_LIBTOOL_GCJ], [AC_PROVIDE_IFELSE([A][M_PROG_GCJ], [AC_LIBTOOL_GCJ], [AC_PROVIDE_IFELSE([LT_AC_PROG_GCJ], [AC_LIBTOOL_GCJ], [ifdef([AC_PROG_GCJ], [define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[AC_LIBTOOL_GCJ])]) ifdef([A][M_PROG_GCJ], [define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[AC_LIBTOOL_GCJ])]) ifdef([LT_AC_PROG_GCJ], [define([LT_AC_PROG_GCJ], defn([LT_AC_PROG_GCJ])[AC_LIBTOOL_GCJ])])])]) ])])# AC_PROG_LIBTOOL # _AC_PROG_LIBTOOL # ---------------- AC_DEFUN([_AC_PROG_LIBTOOL], [AC_REQUIRE([AC_LIBTOOL_SETUP])dnl AC_BEFORE([$0],[AC_LIBTOOL_CXX])dnl AC_BEFORE([$0],[AC_LIBTOOL_F77])dnl AC_BEFORE([$0],[AC_LIBTOOL_GCJ])dnl # This can be used to rebuild libtool when needed LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh" # Always use our own libtool. LIBTOOL='$(SHELL) $(top_builddir)/libtool' AC_SUBST(LIBTOOL)dnl # Prevent multiple expansion define([AC_PROG_LIBTOOL], []) ])# _AC_PROG_LIBTOOL # AC_LIBTOOL_SETUP # ---------------- AC_DEFUN([AC_LIBTOOL_SETUP], [AC_PREREQ(2.50)dnl AC_REQUIRE([AC_ENABLE_SHARED])dnl AC_REQUIRE([AC_ENABLE_STATIC])dnl AC_REQUIRE([AC_ENABLE_FAST_INSTALL])dnl AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([AC_PROG_LD])dnl AC_REQUIRE([AC_PROG_LD_RELOAD_FLAG])dnl AC_REQUIRE([AC_PROG_NM])dnl AC_REQUIRE([AC_PROG_LN_S])dnl AC_REQUIRE([AC_DEPLIBS_CHECK_METHOD])dnl # Autoconf 2.13's AC_OBJEXT and AC_EXEEXT macros only works for C compilers! AC_REQUIRE([AC_OBJEXT])dnl AC_REQUIRE([AC_EXEEXT])dnl dnl AC_LIBTOOL_SYS_MAX_CMD_LEN AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE AC_LIBTOOL_OBJDIR AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl _LT_AC_PROG_ECHO_BACKSLASH case $host_os in aix3*) # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi ;; esac # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. Xsed='sed -e 1s/^X//' [sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g'] # Same as above, but do not quote variable references. [double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g'] # Sed substitution to delay expansion of an escaped shell variable in a # double_quote_subst'ed string. delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' # Sed substitution to avoid accidental globbing in evaled expressions no_glob_subst='s/\*/\\\*/g' # Constants: rm="rm -f" # Global variables: default_ofile=libtool can_build_shared=yes # All known linkers require a `.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a ltmain="$ac_aux_dir/ltmain.sh" ofile="$default_ofile" with_gnu_ld="$lt_cv_prog_gnu_ld" AC_CHECK_TOOL(AR, ar, false) AC_CHECK_TOOL(RANLIB, ranlib, :) AC_CHECK_TOOL(STRIP, strip, :) old_CC="$CC" old_CFLAGS="$CFLAGS" # Set sane defaults for various variables test -z "$AR" && AR=ar test -z "$AR_FLAGS" && AR_FLAGS=cru test -z "$AS" && AS=as test -z "$CC" && CC=cc test -z "$LTCC" && LTCC=$CC test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS test -z "$DLLTOOL" && DLLTOOL=dlltool test -z "$LD" && LD=ld test -z "$LN_S" && LN_S="ln -s" test -z "$MAGIC_CMD" && MAGIC_CMD=file test -z "$NM" && NM=nm test -z "$SED" && SED=sed test -z "$OBJDUMP" && OBJDUMP=objdump test -z "$RANLIB" && RANLIB=: test -z "$STRIP" && STRIP=: test -z "$ac_objext" && ac_objext=o # Determine commands to create old-style static archives. old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' old_postinstall_cmds='chmod 644 $oldlib' old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in openbsd*) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib" ;; *) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib" ;; esac old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" fi _LT_CC_BASENAME([$compiler]) # Only perform the check for file, if the check method requires it case $deplibs_check_method in file_magic*) if test "$file_magic_cmd" = '$MAGIC_CMD'; then AC_PATH_MAGIC fi ;; esac _LT_REQUIRED_DARWIN_CHECKS AC_PROVIDE_IFELSE([AC_LIBTOOL_DLOPEN], enable_dlopen=yes, enable_dlopen=no) AC_PROVIDE_IFELSE([AC_LIBTOOL_WIN32_DLL], enable_win32_dll=yes, enable_win32_dll=no) AC_ARG_ENABLE([libtool-lock], [AC_HELP_STRING([--disable-libtool-lock], [avoid locking (might break parallel builds)])]) test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes AC_ARG_WITH([pic], [AC_HELP_STRING([--with-pic], [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], [pic_mode="$withval"], [pic_mode=default]) test -z "$pic_mode" && pic_mode=default # Use C for the default configuration in the libtool script tagname= AC_LIBTOOL_LANG_C_CONFIG _LT_AC_TAGCONFIG ])# AC_LIBTOOL_SETUP # _LT_AC_SYS_COMPILER # ------------------- AC_DEFUN([_LT_AC_SYS_COMPILER], [AC_REQUIRE([AC_PROG_CC])dnl # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC ])# _LT_AC_SYS_COMPILER # _LT_CC_BASENAME(CC) # ------------------- # Calculate cc_basename. Skip known compiler wrappers and cross-prefix. AC_DEFUN([_LT_CC_BASENAME], [for cc_temp in $1""; do case $cc_temp in compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` ]) # _LT_COMPILER_BOILERPLATE # ------------------------ # Check for compiler boilerplate output or warnings with # the simple compiler test code. AC_DEFUN([_LT_COMPILER_BOILERPLATE], [AC_REQUIRE([LT_AC_PROG_SED])dnl ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" >conftest.$ac_ext eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_compiler_boilerplate=`cat conftest.err` $rm conftest* ])# _LT_COMPILER_BOILERPLATE # _LT_LINKER_BOILERPLATE # ---------------------- # Check for linker boilerplate output or warnings with # the simple link test code. AC_DEFUN([_LT_LINKER_BOILERPLATE], [AC_REQUIRE([LT_AC_PROG_SED])dnl ac_outfile=conftest.$ac_objext echo "$lt_simple_link_test_code" >conftest.$ac_ext eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_linker_boilerplate=`cat conftest.err` $rm -r conftest* ])# _LT_LINKER_BOILERPLATE # _LT_REQUIRED_DARWIN_CHECKS # -------------------------- # Check for some things on darwin AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS],[ case $host_os in rhapsody* | darwin*) AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:]) AC_CHECK_TOOL([NMEDIT], [nmedit], [:]) AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod], [lt_cv_apple_cc_single_mod=no if test -z "${LT_MULTI_MODULE}"; then # By default we will add the -single_module flag. You can override # by either setting the environment variable LT_MULTI_MODULE # non-empty at configure time, or by adding -multi_module to the # link flags. echo "int foo(void){return 1;}" > conftest.c $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib ${wl}-single_module conftest.c if test -f libconftest.dylib; then lt_cv_apple_cc_single_mod=yes rm -rf libconftest.dylib* fi rm conftest.c fi]) AC_CACHE_CHECK([for -exported_symbols_list linker flag], [lt_cv_ld_exported_symbols_list], [lt_cv_ld_exported_symbols_list=no save_LDFLAGS=$LDFLAGS echo "_main" > conftest.sym LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], [lt_cv_ld_exported_symbols_list=yes], [lt_cv_ld_exported_symbols_list=no]) LDFLAGS="$save_LDFLAGS" ]) case $host_os in rhapsody* | darwin1.[[0123]]) _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; darwin1.*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; darwin*) # if running on 10.5 or later, the deployment target defaults # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; 10.[[012]]*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; 10.*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; esac ;; esac if test "$lt_cv_apple_cc_single_mod" = "yes"; then _lt_dar_single_mod='$single_module' fi if test "$lt_cv_ld_exported_symbols_list" = "yes"; then _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' else _lt_dar_export_syms="~$NMEDIT -s \$output_objdir/\${libname}-symbols.expsym \${lib}" fi if test "$DSYMUTIL" != ":"; then _lt_dsymutil="~$DSYMUTIL \$lib || :" else _lt_dsymutil= fi ;; esac ]) # _LT_AC_SYS_LIBPATH_AIX # ---------------------- # Links a minimal program and checks the executable # for the system default hardcoded library path. In most cases, # this is /usr/lib:/lib, but when the MPI compilers are used # the location of the communication and MPI libs are included too. # If we don't find anything, use the default library path according # to the aix ld manual. AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX], [AC_REQUIRE([LT_AC_PROG_SED])dnl AC_LINK_IFELSE(AC_LANG_PROGRAM,[ lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/ p } }' aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi],[]) if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi ])# _LT_AC_SYS_LIBPATH_AIX # _LT_AC_SHELL_INIT(ARG) # ---------------------- AC_DEFUN([_LT_AC_SHELL_INIT], [ifdef([AC_DIVERSION_NOTICE], [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)], [AC_DIVERT_PUSH(NOTICE)]) $1 AC_DIVERT_POP ])# _LT_AC_SHELL_INIT # _LT_AC_PROG_ECHO_BACKSLASH # -------------------------- # Add some code to the start of the generated configure script which # will find an echo command which doesn't interpret backslashes. AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH], [_LT_AC_SHELL_INIT([ # Check that we are running under the correct shell. SHELL=${CONFIG_SHELL-/bin/sh} case X$ECHO in X*--fallback-echo) # Remove one level of quotation (which was required for Make). ECHO=`echo "$ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','` ;; esac echo=${ECHO-echo} if test "X[$]1" = X--no-reexec; then # Discard the --no-reexec flag, and continue. shift elif test "X[$]1" = X--fallback-echo; then # Avoid inline document here, it may be left over : elif test "X`($echo '\t') 2>/dev/null`" = 'X\t' ; then # Yippee, $echo works! : else # Restart under the correct shell. exec $SHELL "[$]0" --no-reexec ${1+"[$]@"} fi if test "X[$]1" = X--fallback-echo; then # used as fallback echo shift cat </dev/null 2>&1 && unset CDPATH if test -z "$ECHO"; then if test "X${echo_test_string+set}" != Xset; then # find a string as large as possible, as long as the shell can cope with it for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ... if (echo_test_string=`eval $cmd`) 2>/dev/null && echo_test_string=`eval $cmd` && (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null then break fi done fi if test "X`($echo '\t') 2>/dev/null`" = 'X\t' && echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then : else # The Solaris, AIX, and Digital Unix default echo programs unquote # backslashes. This makes it impossible to quote backslashes using # echo "$something" | sed 's/\\/\\\\/g' # # So, first we look for a working echo in the user's PATH. lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for dir in $PATH /usr/ucb; do IFS="$lt_save_ifs" if (test -f $dir/echo || test -f $dir/echo$ac_exeext) && test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' && echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then echo="$dir/echo" break fi done IFS="$lt_save_ifs" if test "X$echo" = Xecho; then # We didn't find a better echo, so look for alternatives. if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' && echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then # This shell has a builtin print -r that does the trick. echo='print -r' elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) && test "X$CONFIG_SHELL" != X/bin/ksh; then # If we have ksh, try running configure again with it. ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh} export ORIGINAL_CONFIG_SHELL CONFIG_SHELL=/bin/ksh export CONFIG_SHELL exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"} else # Try using printf. echo='printf %s\n' if test "X`($echo '\t') 2>/dev/null`" = 'X\t' && echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then # Cool, printf works : elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` && test "X$echo_testing_string" = 'X\t' && echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL export CONFIG_SHELL SHELL="$CONFIG_SHELL" export SHELL echo="$CONFIG_SHELL [$]0 --fallback-echo" elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` && test "X$echo_testing_string" = 'X\t' && echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then echo="$CONFIG_SHELL [$]0 --fallback-echo" else # maybe with a smaller string... prev=: for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null then break fi prev="$cmd" done if test "$prev" != 'sed 50q "[$]0"'; then echo_test_string=`eval $prev` export echo_test_string exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"} else # Oops. We lost completely, so just stick with echo. echo=echo fi fi fi fi fi fi # Copy echo and quote the copy suitably for passing to libtool from # the Makefile, instead of quoting the original, which is used later. ECHO=$echo if test "X$ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo" fi AC_SUBST(ECHO) ])])# _LT_AC_PROG_ECHO_BACKSLASH # _LT_AC_LOCK # ----------- AC_DEFUN([_LT_AC_LOCK], [AC_ARG_ENABLE([libtool-lock], [AC_HELP_STRING([--disable-libtool-lock], [avoid locking (might break parallel builds)])]) test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes # Some flags need to be propagated to the compiler or linker for good # libtool support. case $host in ia64-*-hpux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) HPUX_IA64_MODE="32" ;; *ELF-64*) HPUX_IA64_MODE="64" ;; esac fi rm -rf conftest* ;; *-*-irix6*) # Find out which ABI we are using. echo '[#]line __oline__ "configure"' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then if test "$lt_cv_prog_gnu_ld" = yes; then case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" ;; *N32*) LD="${LD-ld} -melf32bmipn32" ;; *64-bit*) LD="${LD-ld} -melf64bmip" ;; esac else case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -32" ;; *N32*) LD="${LD-ld} -n32" ;; *64-bit*) LD="${LD-ld} -64" ;; esac fi fi rm -rf conftest* ;; x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ s390*-*linux*|sparc*-*linux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in *32-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_i386_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_i386" ;; ppc64-*linux*|powerpc64-*linux*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) LD="${LD-ld} -m elf_s390" ;; sparc64-*linux*) LD="${LD-ld} -m elf32_sparc" ;; esac ;; *64-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_x86_64_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; ppc*-*linux*|powerpc*-*linux*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*) LD="${LD-ld} -m elf64_s390" ;; sparc*-*linux*) LD="${LD-ld} -m elf64_sparc" ;; esac ;; esac fi rm -rf conftest* ;; *-*-sco3.2v5*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. SAVE_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -belf" AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, [AC_LANG_PUSH(C) AC_TRY_LINK([],[],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no]) AC_LANG_POP]) if test x"$lt_cv_cc_needs_belf" != x"yes"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf CFLAGS="$SAVE_CFLAGS" fi ;; sparc*-*solaris*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in yes*) LD="${LD-ld} -m elf64_sparc" ;; *) if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then LD="${LD-ld} -64" fi ;; esac ;; esac fi rm -rf conftest* ;; AC_PROVIDE_IFELSE([AC_LIBTOOL_WIN32_DLL], [*-*-cygwin* | *-*-mingw* | *-*-pw32*) AC_CHECK_TOOL(DLLTOOL, dlltool, false) AC_CHECK_TOOL(AS, as, false) AC_CHECK_TOOL(OBJDUMP, objdump, false) ;; ]) esac need_locks="$enable_libtool_lock" ])# _LT_AC_LOCK # AC_LIBTOOL_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, # [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE]) # ---------------------------------------------------------------- # Check whether the given compiler option works AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [AC_REQUIRE([LT_AC_PROG_SED]) AC_CACHE_CHECK([$1], [$2], [$2=no ifelse([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="$3" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&AS_MESSAGE_LOG_FD echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then $2=yes fi fi $rm conftest* ]) if test x"[$]$2" = xyes; then ifelse([$5], , :, [$5]) else ifelse([$6], , :, [$6]) fi ])# AC_LIBTOOL_COMPILER_OPTION # AC_LIBTOOL_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, # [ACTION-SUCCESS], [ACTION-FAILURE]) # ------------------------------------------------------------ # Check whether the given compiler option works AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], [AC_REQUIRE([LT_AC_PROG_SED])dnl AC_CACHE_CHECK([$1], [$2], [$2=no save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS $3" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&AS_MESSAGE_LOG_FD $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then $2=yes fi else $2=yes fi fi $rm -r conftest* LDFLAGS="$save_LDFLAGS" ]) if test x"[$]$2" = xyes; then ifelse([$4], , :, [$4]) else ifelse([$5], , :, [$5]) fi ])# AC_LIBTOOL_LINKER_OPTION # AC_LIBTOOL_SYS_MAX_CMD_LEN # -------------------------- AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [# find the maximum length of command line arguments AC_MSG_CHECKING([the maximum length of command line arguments]) AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl i=0 teststring="ABCD" case $build_os in msdosdjgpp*) # On DJGPP, this test can blow up pretty badly due to problems in libc # (any single argument exceeding 2000 bytes causes a buffer overrun # during glob expansion). Even if it were fixed, the result of this # check would be larger than it should be. lt_cv_sys_max_cmd_len=12288; # 12K is about right ;; gnu*) # Under GNU Hurd, this test is not required because there is # no limit to the length of command line arguments. # Libtool will interpret -1 as no limit whatsoever lt_cv_sys_max_cmd_len=-1; ;; cygwin* | mingw*) # On Win9x/ME, this test blows up -- it succeeds, but takes # about 5 minutes as the teststring grows exponentially. # Worse, since 9x/ME are not pre-emptively multitasking, # you end up with a "frozen" computer, even though with patience # the test eventually succeeds (with a max line length of 256k). # Instead, let's just punt: use the minimum linelength reported by # all of the supported platforms: 8192 (on NT/2K/XP). lt_cv_sys_max_cmd_len=8192; ;; amigaos*) # On AmigaOS with pdksh, this test takes hours, literally. # So we just punt and use a minimum line length of 8192. lt_cv_sys_max_cmd_len=8192; ;; netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` elif test -x /usr/sbin/sysctl; then lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` else lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs fi # And add a safety zone lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` ;; interix*) # We know the value 262144 and hardcode it with a safety zone (like BSD) lt_cv_sys_max_cmd_len=196608 ;; osf*) # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not # nice to cause kernel panics so lets avoid the loop below. # First set a reasonable default. lt_cv_sys_max_cmd_len=16384 # if test -x /sbin/sysconfig; then case `/sbin/sysconfig -q proc exec_disable_arg_limit` in *1*) lt_cv_sys_max_cmd_len=-1 ;; esac fi ;; sco3.2v5*) lt_cv_sys_max_cmd_len=102400 ;; sysv5* | sco5v6* | sysv4.2uw2*) kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` if test -n "$kargmax"; then lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'` else lt_cv_sys_max_cmd_len=32768 fi ;; *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` if test -n "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} while (test "X"`$SHELL [$]0 --fallback-echo "X$teststring" 2>/dev/null` \ = "XX$teststring") >/dev/null 2>&1 && new_result=`expr "X$teststring" : ".*" 2>&1` && lt_cv_sys_max_cmd_len=$new_result && test $i != 17 # 1/2 MB should be enough do i=`expr $i + 1` teststring=$teststring$teststring done teststring= # Add a significant safety factor because C++ compilers can tack on massive # amounts of additional arguments before passing them to the linker. # It appears as though 1/2 is a usable value. lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` fi ;; esac ]) if test -n $lt_cv_sys_max_cmd_len ; then AC_MSG_RESULT($lt_cv_sys_max_cmd_len) else AC_MSG_RESULT(none) fi ])# AC_LIBTOOL_SYS_MAX_CMD_LEN # _LT_AC_CHECK_DLFCN # ------------------ AC_DEFUN([_LT_AC_CHECK_DLFCN], [AC_CHECK_HEADERS(dlfcn.h)dnl ])# _LT_AC_CHECK_DLFCN # _LT_AC_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE, # ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING) # --------------------------------------------------------------------- AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF], [AC_REQUIRE([_LT_AC_CHECK_DLFCN])dnl if test "$cross_compiling" = yes; then : [$4] else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < #endif #include #ifdef RTLD_GLOBAL # define LT_DLGLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LT_DLGLOBAL DL_GLOBAL # else # define LT_DLGLOBAL 0 # endif #endif /* We may have to define LT_DLLAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LT_DLLAZY_OR_NOW # ifdef RTLD_LAZY # define LT_DLLAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LT_DLLAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LT_DLLAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LT_DLLAZY_OR_NOW DL_NOW # else # define LT_DLLAZY_OR_NOW 0 # endif # endif # endif # endif #endif #ifdef __cplusplus extern "C" void exit (int); #endif void fnord() { int i=42;} int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; /* dlclose (self); */ } else puts (dlerror ()); exit (status); }] EOF if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null lt_status=$? case x$lt_status in x$lt_dlno_uscore) $1 ;; x$lt_dlneed_uscore) $2 ;; x$lt_dlunknown|x*) $3 ;; esac else : # compilation failed $3 fi fi rm -fr conftest* ])# _LT_AC_TRY_DLOPEN_SELF # AC_LIBTOOL_DLOPEN_SELF # ---------------------- AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [AC_REQUIRE([_LT_AC_CHECK_DLFCN])dnl if test "x$enable_dlopen" != xyes; then enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown else lt_cv_dlopen=no lt_cv_dlopen_libs= case $host_os in beos*) lt_cv_dlopen="load_add_on" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ;; mingw* | pw32*) lt_cv_dlopen="LoadLibrary" lt_cv_dlopen_libs= ;; cygwin*) lt_cv_dlopen="dlopen" lt_cv_dlopen_libs= ;; darwin*) # if libdl is installed we need to link against it AC_CHECK_LIB([dl], [dlopen], [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[ lt_cv_dlopen="dyld" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ]) ;; *) AC_CHECK_FUNC([shl_load], [lt_cv_dlopen="shl_load"], [AC_CHECK_LIB([dld], [shl_load], [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"], [AC_CHECK_FUNC([dlopen], [lt_cv_dlopen="dlopen"], [AC_CHECK_LIB([dl], [dlopen], [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"], [AC_CHECK_LIB([svld], [dlopen], [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"], [AC_CHECK_LIB([dld], [dld_link], [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"]) ]) ]) ]) ]) ]) ;; esac if test "x$lt_cv_dlopen" != xno; then enable_dlopen=yes else enable_dlopen=no fi case $lt_cv_dlopen in dlopen) save_CPPFLAGS="$CPPFLAGS" test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" save_LDFLAGS="$LDFLAGS" wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" save_LIBS="$LIBS" LIBS="$lt_cv_dlopen_libs $LIBS" AC_CACHE_CHECK([whether a program can dlopen itself], lt_cv_dlopen_self, [dnl _LT_AC_TRY_DLOPEN_SELF( lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes, lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross) ]) if test "x$lt_cv_dlopen_self" = xyes; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" AC_CACHE_CHECK([whether a statically linked program can dlopen itself], lt_cv_dlopen_self_static, [dnl _LT_AC_TRY_DLOPEN_SELF( lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross) ]) fi CPPFLAGS="$save_CPPFLAGS" LDFLAGS="$save_LDFLAGS" LIBS="$save_LIBS" ;; esac case $lt_cv_dlopen_self in yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; *) enable_dlopen_self=unknown ;; esac case $lt_cv_dlopen_self_static in yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; *) enable_dlopen_self_static=unknown ;; esac fi ])# AC_LIBTOOL_DLOPEN_SELF # AC_LIBTOOL_PROG_CC_C_O([TAGNAME]) # --------------------------------- # Check to see if options -c and -o are simultaneously supported by compiler AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O], [AC_REQUIRE([LT_AC_PROG_SED])dnl AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)], [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no $rm -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&AS_MESSAGE_LOG_FD echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then _LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes fi fi chmod u+w . 2>&AS_MESSAGE_LOG_FD $rm conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files $rm out/* && rmdir out cd .. rmdir conftest $rm conftest* ]) ])# AC_LIBTOOL_PROG_CC_C_O # AC_LIBTOOL_SYS_HARD_LINK_LOCKS([TAGNAME]) # ----------------------------------------- # Check to see if we can do hard links to lock some files if needed AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_REQUIRE([_LT_AC_LOCK])dnl hard_links="nottested" if test "$_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then # do not overwrite the value of need_locks provided by the user AC_MSG_CHECKING([if we can lock with hard links]) hard_links=yes $rm conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no AC_MSG_RESULT([$hard_links]) if test "$hard_links" = no; then AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe]) need_locks=warn fi else need_locks=no fi ])# AC_LIBTOOL_SYS_HARD_LINK_LOCKS # AC_LIBTOOL_OBJDIR # ----------------- AC_DEFUN([AC_LIBTOOL_OBJDIR], [AC_CACHE_CHECK([for objdir], [lt_cv_objdir], [rm -f .libs 2>/dev/null mkdir .libs 2>/dev/null if test -d .libs; then lt_cv_objdir=.libs else # MS-DOS does not allow filenames that begin with a dot. lt_cv_objdir=_libs fi rmdir .libs 2>/dev/null]) objdir=$lt_cv_objdir ])# AC_LIBTOOL_OBJDIR # AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH([TAGNAME]) # ---------------------------------------------- # Check hardcoding attributes. AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_MSG_CHECKING([how to hardcode library paths into programs]) _LT_AC_TAGVAR(hardcode_action, $1)= if test -n "$_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)" || \ test -n "$_LT_AC_TAGVAR(runpath_var, $1)" || \ test "X$_LT_AC_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then # We can hardcode non-existant directories. if test "$_LT_AC_TAGVAR(hardcode_direct, $1)" != no && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)" != no && test "$_LT_AC_TAGVAR(hardcode_minus_L, $1)" != no; then # Linking always hardcodes the temporary library directory. _LT_AC_TAGVAR(hardcode_action, $1)=relink else # We can link without hardcoding, and we can hardcode nonexisting dirs. _LT_AC_TAGVAR(hardcode_action, $1)=immediate fi else # We cannot hardcode anything, or else we can only hardcode existing # directories. _LT_AC_TAGVAR(hardcode_action, $1)=unsupported fi AC_MSG_RESULT([$_LT_AC_TAGVAR(hardcode_action, $1)]) if test "$_LT_AC_TAGVAR(hardcode_action, $1)" = relink; then # Fast installation is not supported enable_fast_install=no elif test "$shlibpath_overrides_runpath" = yes || test "$enable_shared" = no; then # Fast installation is not necessary enable_fast_install=needless fi ])# AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH # AC_LIBTOOL_SYS_LIB_STRIP # ------------------------ AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP], [striplib= old_striplib= AC_MSG_CHECKING([whether stripping libraries is possible]) if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" test -z "$striplib" && striplib="$STRIP --strip-unneeded" AC_MSG_RESULT([yes]) else # FIXME - insert some real tests, host_os isn't really good enough case $host_os in darwin*) if test -n "$STRIP" ; then striplib="$STRIP -x" old_striplib="$STRIP -S" AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) fi ;; *) AC_MSG_RESULT([no]) ;; esac fi ])# AC_LIBTOOL_SYS_LIB_STRIP # AC_LIBTOOL_SYS_DYNAMIC_LINKER # ----------------------------- # PORTME Fill in your ld.so characteristics AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_REQUIRE([LT_AC_PROG_SED])dnl AC_MSG_CHECKING([dynamic linker characteristics]) library_names_spec= libname_spec='lib$name' soname_spec= shrext_cmds=".so" postinstall_cmds= postuninstall_cmds= finish_cmds= finish_eval= shlibpath_var= shlibpath_overrides_runpath=unknown version_type=none dynamic_linker="$host_os ld.so" sys_lib_dlsearch_path_spec="/lib /usr/lib" m4_if($1,[],[ if test "$GCC" = yes; then case $host_os in darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; *) lt_awk_arg="/^libraries:/" ;; esac lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"` if echo "$lt_search_path_spec" | grep ';' >/dev/null ; then # if the path contains ";" then we assume it to be the separator # otherwise default to the standard path separator (i.e. ":") - it is # assumed that no part of a normal pathname contains ";" but that should # okay in the real world where ";" in dirpaths is itself problematic. lt_search_path_spec=`echo "$lt_search_path_spec" | $SED -e 's/;/ /g'` else lt_search_path_spec=`echo "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi # Ok, now we have the path, separated by spaces, we can step through it # and add multilib dir if necessary. lt_tmp_lt_search_path_spec= lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` for lt_sys_path in $lt_search_path_spec; do if test -d "$lt_sys_path/$lt_multi_os_dir"; then lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" else test -d "$lt_sys_path" && \ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" fi done lt_search_path_spec=`echo $lt_tmp_lt_search_path_spec | awk ' BEGIN {RS=" "; FS="/|\n";} { lt_foo=""; lt_count=0; for (lt_i = NF; lt_i > 0; lt_i--) { if ($lt_i != "" && $lt_i != ".") { if ($lt_i == "..") { lt_count++; } else { if (lt_count == 0) { lt_foo="/" $lt_i lt_foo; } else { lt_count--; } } } } if (lt_foo != "") { lt_freq[[lt_foo]]++; } if (lt_freq[[lt_foo]] == 1) { print lt_foo; } }'` sys_lib_search_path_spec=`echo $lt_search_path_spec` else sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" fi]) need_lib_prefix=unknown hardcode_into_libs=no # when you set need_version to no, make sure it does not cause -set_version # flags to be left without arguments need_version=unknown case $host_os in aix3*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. soname_spec='${libname}${release}${shared_ext}$major' ;; aix[[4-9]]*) version_type=linux need_lib_prefix=no need_version=no hardcode_into_libs=yes if test "$host_cpu" = ia64; then # AIX 5 supports IA64 library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with # the line `#! .'. This would cause the generated library to # depend on `.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[[01]] | aix4.[[01]].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then : else can_build_shared=no fi ;; esac # AIX (on Power*) has no versioning support, so currently we can not hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. if test "$aix_use_runtimelinking" = yes; then # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' else # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. library_names_spec='${libname}${release}.a $libname.a' soname_spec='${libname}${release}${shared_ext}$major' fi shlibpath_var=LIBPATH fi ;; amigaos*) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; beos*) library_names_spec='${libname}${shared_ext}' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; bsdi[[45]]*) version_type=linux need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" # the default ld.so.conf also contains /usr/contrib/lib and # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow # libtool to hard-code these into programs ;; cygwin* | mingw* | pw32*) version_type=windows shrext_cmds=".dll" need_version=no need_lib_prefix=no case $GCC,$host_os in yes,cygwin* | yes,mingw* | yes,pw32*) library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ chmod a+x \$dldir/$dlname' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $rm \$dlpath' shlibpath_overrides_runpath=yes case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" ;; mingw*) # MinGW DLLs use traditional 'lib' prefix soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` if echo "$sys_lib_search_path_spec" | [grep ';[c-zC-Z]:/' >/dev/null]; then # It is most probably a Windows format PATH printed by # mingw gcc, but we are running on Cygwin. Gcc prints its search # path with ; separators, and with drive letters. We can handle the # drive letters (cygwin fileutils understands them), so leave them, # especially as we might pass files found there to a mingw objdump, # which wouldn't understand a cygwinified path. Ahh. sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` else sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' ;; esac ;; *) library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib' ;; esac dynamic_linker='Win32 ld.exe' # FIXME: first we should search . and the directory the executable is in shlibpath_var=PATH ;; darwin* | rhapsody*) dynamic_linker="$host_os dyld" version_type=darwin need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext' soname_spec='${libname}${release}${major}$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' m4_if([$1], [],[ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"]) sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' ;; dgux*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; freebsd1*) dynamic_linker=no ;; freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. if test -x /usr/bin/objformat; then objformat=`/usr/bin/objformat` else case $host_os in freebsd[[123]]*) objformat=aout ;; *) objformat=elf ;; esac fi version_type=freebsd-$objformat case $version_type in freebsd-elf*) library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' need_version=no need_lib_prefix=no ;; freebsd-*) library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' need_version=yes ;; esac shlibpath_var=LD_LIBRARY_PATH case $host_os in freebsd2*) shlibpath_overrides_runpath=yes ;; freebsd3.[[01]]* | freebsdelf3.[[01]]*) shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \ freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1) shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; *) # from 4.6 on, and DragonFly shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; esac ;; gnu*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH hardcode_into_libs=yes ;; hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. version_type=sunos need_lib_prefix=no need_version=no case $host_cpu in ia64*) shrext_cmds='.so' hardcode_into_libs=yes dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' if test "X$HPUX_IA64_MODE" = X32; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" fi sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' hardcode_into_libs=yes dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; *) shrext_cmds='.sl' dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555. postinstall_cmds='chmod 555 $lib' ;; interix[[3-9]]*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) if test "$lt_cv_prog_gnu_ld" = yes; then version_type=linux else version_type=irix fi ;; esac need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= ;; *) case $LD in # libtool.m4 will add one of these switches to LD *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= libmagic=32-bit;; *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 libmagic=N32;; *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 libmagic=64-bit;; *) libsuff= shlibsuff= libmagic=never-match;; esac ;; esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" hardcode_into_libs=yes ;; # No shared lib support for Linux oldld, aout, or coff. linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; # This must be Linux ELF. linux* | k*bsd*-gnu) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. hardcode_into_libs=yes # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on # powerpc, because MkLinux only supported shared libraries with the # GNU dynamic linker. Since this was broken with cross compilers, # most powerpc-linux boxes support dynamic linking these days and # people can always --disable-shared, the test was removed, and we # assume the GNU/Linux dynamic linker is in use. dynamic_linker='GNU/Linux ld.so' ;; netbsdelf*-gnu) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='NetBSD ld.elf_so' ;; netbsd*) version_type=sunos need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; newsos6) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; nto-qnx*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; openbsd*) version_type=sunos sys_lib_dlsearch_path_spec="/usr/lib" need_lib_prefix=no # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. case $host_os in openbsd3.3 | openbsd3.3.*) need_version=yes ;; *) need_version=no ;; esac library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' shlibpath_var=LD_LIBRARY_PATH if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then case $host_os in openbsd2.[[89]] | openbsd2.[[89]].*) shlibpath_overrides_runpath=no ;; *) shlibpath_overrides_runpath=yes ;; esac else shlibpath_overrides_runpath=yes fi ;; os2*) libname_spec='$name' shrext_cmds=".dll" need_lib_prefix=no library_names_spec='$libname${shared_ext} $libname.a' dynamic_linker='OS/2 ld.exe' shlibpath_var=LIBPATH ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" ;; rdos*) dynamic_linker=no ;; solaris*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes # ldd complains unless libraries are executable postinstall_cmds='chmod +x $lib' ;; sunos4*) version_type=sunos library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes if test "$with_gnu_ld" = yes; then need_lib_prefix=no fi need_version=yes ;; sysv4 | sysv4.3*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) shlibpath_overrides_runpath=no need_lib_prefix=no export_dynamic_flag_spec='${wl}-Blargedynsym' runpath_var=LD_RUN_PATH ;; siemens) need_lib_prefix=no ;; motorola) need_lib_prefix=no need_version=no shlibpath_overrides_runpath=no sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' ;; esac ;; sysv4*MP*) if test -d /usr/nec ;then version_type=linux library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' soname_spec='$libname${shared_ext}.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) version_type=freebsd-elf need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH hardcode_into_libs=yes if test "$with_gnu_ld" = yes; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' shlibpath_overrides_runpath=no else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' shlibpath_overrides_runpath=yes case $host_os in sco3.2v5*) sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" ;; esac fi sys_lib_dlsearch_path_spec='/usr/lib' ;; uts4*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; *) dynamic_linker=no ;; esac AC_MSG_RESULT([$dynamic_linker]) test "$dynamic_linker" = no && can_build_shared=no AC_CACHE_VAL([lt_cv_sys_lib_search_path_spec], [lt_cv_sys_lib_search_path_spec="$sys_lib_search_path_spec"]) sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" AC_CACHE_VAL([lt_cv_sys_lib_dlsearch_path_spec], [lt_cv_sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec"]) sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" variables_saved_for_relink="PATH $shlibpath_var $runpath_var" if test "$GCC" = yes; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi ])# AC_LIBTOOL_SYS_DYNAMIC_LINKER # _LT_AC_TAGCONFIG # ---------------- AC_DEFUN([_LT_AC_TAGCONFIG], [AC_REQUIRE([LT_AC_PROG_SED])dnl AC_ARG_WITH([tags], [AC_HELP_STRING([--with-tags@<:@=TAGS@:>@], [include additional configurations @<:@automatic@:>@])], [tagnames="$withval"]) if test -f "$ltmain" && test -n "$tagnames"; then if test ! -f "${ofile}"; then AC_MSG_WARN([output file `$ofile' does not exist]) fi if test -z "$LTCC"; then eval "`$SHELL ${ofile} --config | grep '^LTCC='`" if test -z "$LTCC"; then AC_MSG_WARN([output file `$ofile' does not look like a libtool script]) else AC_MSG_WARN([using `LTCC=$LTCC', extracted from `$ofile']) fi fi if test -z "$LTCFLAGS"; then eval "`$SHELL ${ofile} --config | grep '^LTCFLAGS='`" fi # Extract list of available tagged configurations in $ofile. # Note that this assumes the entire list is on one line. available_tags=`grep "^available_tags=" "${ofile}" | $SED -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'` lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for tagname in $tagnames; do IFS="$lt_save_ifs" # Check whether tagname contains only valid characters case `$echo "X$tagname" | $Xsed -e 's:[[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]]::g'` in "") ;; *) AC_MSG_ERROR([invalid tag name: $tagname]) ;; esac if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "${ofile}" > /dev/null then AC_MSG_ERROR([tag name \"$tagname\" already exists]) fi # Update the list of available tags. if test -n "$tagname"; then echo appending configuration tag \"$tagname\" to $ofile case $tagname in CXX) if test -n "$CXX" && ( test "X$CXX" != "Xno" && ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || (test "X$CXX" != "Xg++"))) ; then AC_LIBTOOL_LANG_CXX_CONFIG else tagname="" fi ;; F77) if test -n "$F77" && test "X$F77" != "Xno"; then AC_LIBTOOL_LANG_F77_CONFIG else tagname="" fi ;; GCJ) if test -n "$GCJ" && test "X$GCJ" != "Xno"; then AC_LIBTOOL_LANG_GCJ_CONFIG else tagname="" fi ;; RC) AC_LIBTOOL_LANG_RC_CONFIG ;; *) AC_MSG_ERROR([Unsupported tag name: $tagname]) ;; esac # Append the new tag name to the list of available tags. if test -n "$tagname" ; then available_tags="$available_tags $tagname" fi fi done IFS="$lt_save_ifs" # Now substitute the updated list of available tags. if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' \"$ofile\" > \"${ofile}T\""; then mv "${ofile}T" "$ofile" chmod +x "$ofile" else rm -f "${ofile}T" AC_MSG_ERROR([unable to update list of available tagged configurations.]) fi fi ])# _LT_AC_TAGCONFIG # AC_LIBTOOL_DLOPEN # ----------------- # enable checks for dlopen support AC_DEFUN([AC_LIBTOOL_DLOPEN], [AC_BEFORE([$0],[AC_LIBTOOL_SETUP]) ])# AC_LIBTOOL_DLOPEN # AC_LIBTOOL_WIN32_DLL # -------------------- # declare package support for building win32 DLLs AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [AC_BEFORE([$0], [AC_LIBTOOL_SETUP]) ])# AC_LIBTOOL_WIN32_DLL # AC_ENABLE_SHARED([DEFAULT]) # --------------------------- # implement the --enable-shared flag # DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. AC_DEFUN([AC_ENABLE_SHARED], [define([AC_ENABLE_SHARED_DEFAULT], ifelse($1, no, no, yes))dnl AC_ARG_ENABLE([shared], [AC_HELP_STRING([--enable-shared@<:@=PKGS@:>@], [build shared libraries @<:@default=]AC_ENABLE_SHARED_DEFAULT[@:>@])], [p=${PACKAGE-default} case $enableval in yes) enable_shared=yes ;; no) enable_shared=no ;; *) enable_shared=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_shared=yes fi done IFS="$lt_save_ifs" ;; esac], [enable_shared=]AC_ENABLE_SHARED_DEFAULT) ])# AC_ENABLE_SHARED # AC_DISABLE_SHARED # ----------------- # set the default shared flag to --disable-shared AC_DEFUN([AC_DISABLE_SHARED], [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl AC_ENABLE_SHARED(no) ])# AC_DISABLE_SHARED # AC_ENABLE_STATIC([DEFAULT]) # --------------------------- # implement the --enable-static flag # DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. AC_DEFUN([AC_ENABLE_STATIC], [define([AC_ENABLE_STATIC_DEFAULT], ifelse($1, no, no, yes))dnl AC_ARG_ENABLE([static], [AC_HELP_STRING([--enable-static@<:@=PKGS@:>@], [build static libraries @<:@default=]AC_ENABLE_STATIC_DEFAULT[@:>@])], [p=${PACKAGE-default} case $enableval in yes) enable_static=yes ;; no) enable_static=no ;; *) enable_static=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_static=yes fi done IFS="$lt_save_ifs" ;; esac], [enable_static=]AC_ENABLE_STATIC_DEFAULT) ])# AC_ENABLE_STATIC # AC_DISABLE_STATIC # ----------------- # set the default static flag to --disable-static AC_DEFUN([AC_DISABLE_STATIC], [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl AC_ENABLE_STATIC(no) ])# AC_DISABLE_STATIC # AC_ENABLE_FAST_INSTALL([DEFAULT]) # --------------------------------- # implement the --enable-fast-install flag # DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. AC_DEFUN([AC_ENABLE_FAST_INSTALL], [define([AC_ENABLE_FAST_INSTALL_DEFAULT], ifelse($1, no, no, yes))dnl AC_ARG_ENABLE([fast-install], [AC_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@], [optimize for fast installation @<:@default=]AC_ENABLE_FAST_INSTALL_DEFAULT[@:>@])], [p=${PACKAGE-default} case $enableval in yes) enable_fast_install=yes ;; no) enable_fast_install=no ;; *) enable_fast_install=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_fast_install=yes fi done IFS="$lt_save_ifs" ;; esac], [enable_fast_install=]AC_ENABLE_FAST_INSTALL_DEFAULT) ])# AC_ENABLE_FAST_INSTALL # AC_DISABLE_FAST_INSTALL # ----------------------- # set the default to --disable-fast-install AC_DEFUN([AC_DISABLE_FAST_INSTALL], [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl AC_ENABLE_FAST_INSTALL(no) ])# AC_DISABLE_FAST_INSTALL # AC_LIBTOOL_PICMODE([MODE]) # -------------------------- # implement the --with-pic flag # MODE is either `yes' or `no'. If omitted, it defaults to `both'. AC_DEFUN([AC_LIBTOOL_PICMODE], [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl pic_mode=ifelse($#,1,$1,default) ])# AC_LIBTOOL_PICMODE # AC_PROG_EGREP # ------------- # This is predefined starting with Autoconf 2.54, so this conditional # definition can be removed once we require Autoconf 2.54 or later. m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP], [AC_CACHE_CHECK([for egrep], [ac_cv_prog_egrep], [if echo a | (grep -E '(a|b)') >/dev/null 2>&1 then ac_cv_prog_egrep='grep -E' else ac_cv_prog_egrep='egrep' fi]) EGREP=$ac_cv_prog_egrep AC_SUBST([EGREP]) ])]) # AC_PATH_TOOL_PREFIX # ------------------- # find a file program which can recognize shared library AC_DEFUN([AC_PATH_TOOL_PREFIX], [AC_REQUIRE([AC_PROG_EGREP])dnl AC_MSG_CHECKING([for $1]) AC_CACHE_VAL(lt_cv_path_MAGIC_CMD, [case $MAGIC_CMD in [[\\/*] | ?:[\\/]*]) lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. ;; *) lt_save_MAGIC_CMD="$MAGIC_CMD" lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR dnl $ac_dummy forces splitting on constant user-supplied paths. dnl POSIX.2 word splitting is done only on the output of word expansions, dnl not every word. This closes a longstanding sh security hole. ac_dummy="ifelse([$2], , $PATH, [$2])" for ac_dir in $ac_dummy; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$1; then lt_cv_path_MAGIC_CMD="$ac_dir/$1" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : else cat <&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org EOF fi ;; esac fi break fi done IFS="$lt_save_ifs" MAGIC_CMD="$lt_save_MAGIC_CMD" ;; esac]) MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then AC_MSG_RESULT($MAGIC_CMD) else AC_MSG_RESULT(no) fi ])# AC_PATH_TOOL_PREFIX # AC_PATH_MAGIC # ------------- # find a file program which can recognize a shared library AC_DEFUN([AC_PATH_MAGIC], [AC_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) if test -z "$lt_cv_path_MAGIC_CMD"; then if test -n "$ac_tool_prefix"; then AC_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH) else MAGIC_CMD=: fi fi ])# AC_PATH_MAGIC # AC_PROG_LD # ---------- # find the pathname to the GNU or non-GNU linker AC_DEFUN([AC_PROG_LD], [AC_ARG_WITH([gnu-ld], [AC_HELP_STRING([--with-gnu-ld], [assume the C compiler uses GNU ld @<:@default=no@:>@])], [test "$withval" = no || with_gnu_ld=yes], [with_gnu_ld=no]) AC_REQUIRE([LT_AC_PROG_SED])dnl AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. AC_MSG_CHECKING([for ld used by $CC]) case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [[\\/]]* | ?:[[\\/]]*) re_direlt='/[[^/]][[^/]]*/\.\./' # Canonicalize the pathname of ld ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'` while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test "$with_gnu_ld" = yes; then AC_MSG_CHECKING([for GNU ld]) else AC_MSG_CHECKING([for non-GNU ld]) fi AC_CACHE_VAL(lt_cv_path_LD, [if test -z "$LD"; then lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then lt_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 &1 /dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?' lt_cv_file_magic_cmd='$OBJDUMP -f' fi ;; darwin* | rhapsody*) lt_cv_deplibs_check_method=pass_all ;; freebsd* | dragonfly*) if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then case $host_cpu in i*86 ) # Not sure whether the presence of OpenBSD here was a mistake. # Let's accept both of them until this is cleared up. lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` ;; esac else lt_cv_deplibs_check_method=pass_all fi ;; gnu*) lt_cv_deplibs_check_method=pass_all ;; hpux10.20* | hpux11*) lt_cv_file_magic_cmd=/usr/bin/file case $host_cpu in ia64*) lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64' lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so ;; hppa*64*) [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'] lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl ;; *) lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library' lt_cv_file_magic_test_file=/usr/lib/libc.sl ;; esac ;; interix[[3-9]]*) # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$' ;; irix5* | irix6* | nonstopux*) case $LD in *-32|*"-32 ") libmagic=32-bit;; *-n32|*"-n32 ") libmagic=N32;; *-64|*"-64 ") libmagic=64-bit;; *) libmagic=never-match;; esac lt_cv_deplibs_check_method=pass_all ;; # This must be Linux ELF. linux* | k*bsd*-gnu) lt_cv_deplibs_check_method=pass_all ;; netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$' fi ;; newos6*) lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=/usr/lib/libnls.so ;; nto-qnx*) lt_cv_deplibs_check_method=unknown ;; openbsd*) if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' fi ;; osf3* | osf4* | osf5*) lt_cv_deplibs_check_method=pass_all ;; rdos*) lt_cv_deplibs_check_method=pass_all ;; solaris*) lt_cv_deplibs_check_method=pass_all ;; sysv4 | sysv4.3*) case $host_vendor in motorola) lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]' lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` ;; ncr) lt_cv_deplibs_check_method=pass_all ;; sequent) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )' ;; sni) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib" lt_cv_file_magic_test_file=/lib/libc.so ;; siemens) lt_cv_deplibs_check_method=pass_all ;; pc) lt_cv_deplibs_check_method=pass_all ;; esac ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) lt_cv_deplibs_check_method=pass_all ;; esac ]) file_magic_cmd=$lt_cv_file_magic_cmd deplibs_check_method=$lt_cv_deplibs_check_method test -z "$deplibs_check_method" && deplibs_check_method=unknown ])# AC_DEPLIBS_CHECK_METHOD # AC_PROG_NM # ---------- # find the pathname to a BSD-compatible name lister AC_DEFUN([AC_PROG_NM], [AC_CACHE_CHECK([for BSD-compatible nm], lt_cv_path_NM, [if test -n "$NM"; then # Let the user override the test. lt_cv_path_NM="$NM" else lt_nm_to_check="${ac_tool_prefix}nm" if test -n "$ac_tool_prefix" && test "$build" = "$host"; then lt_nm_to_check="$lt_nm_to_check nm" fi for lt_tmp_nm in $lt_nm_to_check; do lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. tmp_nm="$ac_dir/$lt_tmp_nm" if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then # Check to see if the nm accepts a BSD-compat flag. # Adding the `sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored # Tru64's nm complains that /dev/null is an invalid object file case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in */dev/null* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" break ;; *) case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" break ;; *) lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but continue # so that we can try to find one that supports BSD flags ;; esac ;; esac fi done IFS="$lt_save_ifs" done test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm fi]) NM="$lt_cv_path_NM" ])# AC_PROG_NM # AC_CHECK_LIBM # ------------- # check for math library AC_DEFUN([AC_CHECK_LIBM], [AC_REQUIRE([AC_CANONICAL_HOST])dnl LIBM= case $host in *-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*) # These system don't have libm, or don't need it ;; *-ncr-sysv4.3*) AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw") AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm") ;; *) AC_CHECK_LIB(m, cos, LIBM="-lm") ;; esac ])# AC_CHECK_LIBM # AC_LIBLTDL_CONVENIENCE([DIRECTORY]) # ----------------------------------- # sets LIBLTDL to the link flags for the libltdl convenience library and # LTDLINCL to the include flags for the libltdl header and adds # --enable-ltdl-convenience to the configure arguments. Note that # AC_CONFIG_SUBDIRS is not called here. If DIRECTORY is not provided, # it is assumed to be `libltdl'. LIBLTDL will be prefixed with # '${top_builddir}/' and LTDLINCL will be prefixed with '${top_srcdir}/' # (note the single quotes!). If your package is not flat and you're not # using automake, define top_builddir and top_srcdir appropriately in # the Makefiles. AC_DEFUN([AC_LIBLTDL_CONVENIENCE], [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl case $enable_ltdl_convenience in no) AC_MSG_ERROR([this package needs a convenience libltdl]) ;; "") enable_ltdl_convenience=yes ac_configure_args="$ac_configure_args --enable-ltdl-convenience" ;; esac LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdlc.la LTDLINCL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl']) # For backwards non-gettext consistent compatibility... INCLTDL="$LTDLINCL" ])# AC_LIBLTDL_CONVENIENCE # AC_LIBLTDL_INSTALLABLE([DIRECTORY]) # ----------------------------------- # sets LIBLTDL to the link flags for the libltdl installable library and # LTDLINCL to the include flags for the libltdl header and adds # --enable-ltdl-install to the configure arguments. Note that # AC_CONFIG_SUBDIRS is not called here. If DIRECTORY is not provided, # and an installed libltdl is not found, it is assumed to be `libltdl'. # LIBLTDL will be prefixed with '${top_builddir}/'# and LTDLINCL with # '${top_srcdir}/' (note the single quotes!). If your package is not # flat and you're not using automake, define top_builddir and top_srcdir # appropriately in the Makefiles. # In the future, this macro may have to be called after AC_PROG_LIBTOOL. AC_DEFUN([AC_LIBLTDL_INSTALLABLE], [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl AC_CHECK_LIB(ltdl, lt_dlinit, [test x"$enable_ltdl_install" != xyes && enable_ltdl_install=no], [if test x"$enable_ltdl_install" = xno; then AC_MSG_WARN([libltdl not installed, but installation disabled]) else enable_ltdl_install=yes fi ]) if test x"$enable_ltdl_install" = x"yes"; then ac_configure_args="$ac_configure_args --enable-ltdl-install" LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdl.la LTDLINCL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl']) else ac_configure_args="$ac_configure_args --enable-ltdl-install=no" LIBLTDL="-lltdl" LTDLINCL= fi # For backwards non-gettext consistent compatibility... INCLTDL="$LTDLINCL" ])# AC_LIBLTDL_INSTALLABLE # AC_LIBTOOL_CXX # -------------- # enable support for C++ libraries AC_DEFUN([AC_LIBTOOL_CXX], [AC_REQUIRE([_LT_AC_LANG_CXX]) ])# AC_LIBTOOL_CXX # _LT_AC_LANG_CXX # --------------- AC_DEFUN([_LT_AC_LANG_CXX], [AC_REQUIRE([AC_PROG_CXX]) AC_REQUIRE([_LT_AC_PROG_CXXCPP]) _LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}CXX]) ])# _LT_AC_LANG_CXX # _LT_AC_PROG_CXXCPP # ------------------ AC_DEFUN([_LT_AC_PROG_CXXCPP], [ AC_REQUIRE([AC_PROG_CXX]) if test -n "$CXX" && ( test "X$CXX" != "Xno" && ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || (test "X$CXX" != "Xg++"))) ; then AC_PROG_CXXCPP fi ])# _LT_AC_PROG_CXXCPP # AC_LIBTOOL_F77 # -------------- # enable support for Fortran 77 libraries AC_DEFUN([AC_LIBTOOL_F77], [AC_REQUIRE([_LT_AC_LANG_F77]) ])# AC_LIBTOOL_F77 # _LT_AC_LANG_F77 # --------------- AC_DEFUN([_LT_AC_LANG_F77], [AC_REQUIRE([AC_PROG_F77]) _LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}F77]) ])# _LT_AC_LANG_F77 # AC_LIBTOOL_GCJ # -------------- # enable support for GCJ libraries AC_DEFUN([AC_LIBTOOL_GCJ], [AC_REQUIRE([_LT_AC_LANG_GCJ]) ])# AC_LIBTOOL_GCJ # _LT_AC_LANG_GCJ # --------------- AC_DEFUN([_LT_AC_LANG_GCJ], [AC_PROVIDE_IFELSE([AC_PROG_GCJ],[], [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],[], [AC_PROVIDE_IFELSE([LT_AC_PROG_GCJ],[], [ifdef([AC_PROG_GCJ],[AC_REQUIRE([AC_PROG_GCJ])], [ifdef([A][M_PROG_GCJ],[AC_REQUIRE([A][M_PROG_GCJ])], [AC_REQUIRE([A][C_PROG_GCJ_OR_A][M_PROG_GCJ])])])])])]) _LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}GCJ]) ])# _LT_AC_LANG_GCJ # AC_LIBTOOL_RC # ------------- # enable support for Windows resource files AC_DEFUN([AC_LIBTOOL_RC], [AC_REQUIRE([LT_AC_PROG_RC]) _LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}RC]) ])# AC_LIBTOOL_RC # AC_LIBTOOL_LANG_C_CONFIG # ------------------------ # Ensure that the configuration vars for the C compiler are # suitably defined. Those variables are subsequently used by # AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'. AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG], [_LT_AC_LANG_C_CONFIG]) AC_DEFUN([_LT_AC_LANG_C_CONFIG], [lt_save_CC="$CC" AC_LANG_PUSH(C) # Source file extension for C test sources. ac_ext=c # Object file extension for compiled C test sources. objext=o _LT_AC_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(){return(0);}' _LT_AC_SYS_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE AC_LIBTOOL_PROG_COMPILER_NO_RTTI($1) AC_LIBTOOL_PROG_COMPILER_PIC($1) AC_LIBTOOL_PROG_CC_C_O($1) AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1) AC_LIBTOOL_PROG_LD_SHLIBS($1) AC_LIBTOOL_SYS_DYNAMIC_LINKER($1) AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1) AC_LIBTOOL_SYS_LIB_STRIP AC_LIBTOOL_DLOPEN_SELF # Report which library types will actually be built AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac AC_MSG_RESULT([$enable_shared]) AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes AC_MSG_RESULT([$enable_static]) AC_LIBTOOL_CONFIG($1) AC_LANG_POP CC="$lt_save_CC" ])# AC_LIBTOOL_LANG_C_CONFIG # AC_LIBTOOL_LANG_CXX_CONFIG # -------------------------- # Ensure that the configuration vars for the C compiler are # suitably defined. Those variables are subsequently used by # AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'. AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG], [_LT_AC_LANG_CXX_CONFIG(CXX)]) AC_DEFUN([_LT_AC_LANG_CXX_CONFIG], [AC_LANG_PUSH(C++) AC_REQUIRE([AC_PROG_CXX]) AC_REQUIRE([_LT_AC_PROG_CXXCPP]) _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no _LT_AC_TAGVAR(allow_undefined_flag, $1)= _LT_AC_TAGVAR(always_export_symbols, $1)=no _LT_AC_TAGVAR(archive_expsym_cmds, $1)= _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)= _LT_AC_TAGVAR(hardcode_direct, $1)=no _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_AC_TAGVAR(hardcode_libdir_separator, $1)= _LT_AC_TAGVAR(hardcode_minus_L, $1)=no _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported _LT_AC_TAGVAR(hardcode_automatic, $1)=no _LT_AC_TAGVAR(module_cmds, $1)= _LT_AC_TAGVAR(module_expsym_cmds, $1)= _LT_AC_TAGVAR(link_all_deplibs, $1)=unknown _LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_AC_TAGVAR(no_undefined_flag, $1)= _LT_AC_TAGVAR(whole_archive_flag_spec, $1)= _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no # Dependencies to place before and after the object being linked: _LT_AC_TAGVAR(predep_objects, $1)= _LT_AC_TAGVAR(postdep_objects, $1)= _LT_AC_TAGVAR(predeps, $1)= _LT_AC_TAGVAR(postdeps, $1)= _LT_AC_TAGVAR(compiler_lib_search_path, $1)= _LT_AC_TAGVAR(compiler_lib_search_dirs, $1)= # Source file extension for C++ test sources. ac_ext=cpp # Object file extension for compiled C++ test sources. objext=o _LT_AC_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }' # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_AC_SYS_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC=$CC lt_save_LD=$LD lt_save_GCC=$GCC GCC=$GXX lt_save_with_gnu_ld=$with_gnu_ld lt_save_path_LD=$lt_cv_path_LD if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx else $as_unset lt_cv_prog_gnu_ld fi if test -n "${lt_cv_path_LDCXX+set}"; then lt_cv_path_LD=$lt_cv_path_LDCXX else $as_unset lt_cv_path_LD fi test -z "${LDCXX+set}" || LD=$LDCXX CC=${CXX-"c++"} compiler=$CC _LT_AC_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) # We don't want -fno-exception wen compiling C++ code, so set the # no_builtin_flag separately if test "$GXX" = yes; then _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' else _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= fi if test "$GXX" = yes; then # Set up default GNU C++ configuration AC_PROG_LD # Check if GNU C++ uses GNU ld as the underlying linker, since the # archiving commands below assume that GNU ld is being used. if test "$with_gnu_ld" = yes; then _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' # If archive_cmds runs LD, not CC, wlarc should be empty # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to # investigate it a little bit more. (MM) wlarc='${wl}' # ancient GNU ld didn't support --whole-archive et. al. if eval "`$CC -print-prog-name=ld` --help 2>&1" | \ grep 'no-whole-archive' > /dev/null; then _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else _LT_AC_TAGVAR(whole_archive_flag_spec, $1)= fi else with_gnu_ld=no wlarc= # A generic and very simple default shared library creation # command for GNU C++ for the case where it uses the native # linker, instead of GNU ld. If possible, this setting should # overridden to take advantage of the native linker features on # the platform it is being used on. _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' fi # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"' else GXX=no with_gnu_ld=no wlarc= fi # PORTME: fill in a description of your system's C++ link characteristics AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) _LT_AC_TAGVAR(ld_shlibs, $1)=yes case $host_os in aix3*) # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; aix[[4-9]]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag="" else aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) for ld_flag in $LDFLAGS; do case $ld_flag in *-brtl*) aix_use_runtimelinking=yes break ;; esac done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. _LT_AC_TAGVAR(archive_cmds, $1)='' _LT_AC_TAGVAR(hardcode_direct, $1)=yes _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_AC_TAGVAR(link_all_deplibs, $1)=yes if test "$GXX" = yes; then case $host_os in aix4.[[012]]|aix4.[[012]].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && \ strings "$collect2name" | grep resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)= fi ;; esac shared_flag='-shared' if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi else # not using gcc if test "$host_cpu" = ia64; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' fi fi fi # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. _LT_AC_TAGVAR(always_export_symbols, $1)=yes if test "$aix_use_runtimelinking" = yes; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. _LT_AC_TAGVAR(allow_undefined_flag, $1)='-berok' # Determine the default libpath from the value encoded in an empty executable. _LT_AC_SYS_LIBPATH_AIX _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' _LT_AC_TAGVAR(allow_undefined_flag, $1)="-z nodefs" _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an empty executable. _LT_AC_SYS_LIBPATH_AIX _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' # Exported symbols can be pulled into shared objects from archives _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='$convenience' _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes # This is similar to how AIX traditionally builds its shared libraries. _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; beos*) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME _LT_AC_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' else _LT_AC_TAGVAR(ld_shlibs, $1)=no fi ;; chorus*) case $cc_basename in *) # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; esac ;; cygwin* | mingw* | pw32*) # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_AC_TAGVAR(always_export_symbols, $1)=no _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... _LT_AC_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else _LT_AC_TAGVAR(ld_shlibs, $1)=no fi ;; darwin* | rhapsody*) _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no _LT_AC_TAGVAR(hardcode_direct, $1)=no _LT_AC_TAGVAR(hardcode_automatic, $1)=yes _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='' _LT_AC_TAGVAR(link_all_deplibs, $1)=yes _LT_AC_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined" if test "$GXX" = yes ; then output_verbose_link_cmd='echo' _LT_AC_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" _LT_AC_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" _LT_AC_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" _LT_AC_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" if test "$lt_cv_apple_cc_single_mod" != "yes"; then _LT_AC_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}" _LT_AC_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}" fi else case $cc_basename in xlc*) output_verbose_link_cmd='echo' _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $xlcverstring' _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $xlcverstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' ;; *) _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; esac fi ;; dgux*) case $cc_basename in ec++*) # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; ghcx*) # Green Hills C++ Compiler # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; esac ;; freebsd[[12]]*) # C++ shared libraries reported to be fairly broken before switch to ELF _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; freebsd-elf*) _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no ;; freebsd* | dragonfly*) # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF # conventions _LT_AC_TAGVAR(ld_shlibs, $1)=yes ;; gnu*) ;; hpux9*) _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' _LT_AC_TAGVAR(hardcode_direct, $1)=yes _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, # but as the default # location of the library. case $cc_basename in CC*) # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; aCC*) _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "[[-]]L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' ;; *) if test "$GXX" = yes; then _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; hpux10*|hpux11*) if test $with_gnu_ld = no; then _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: case $host_cpu in hppa*64*|ia64*) ;; *) _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' ;; esac fi case $host_cpu in hppa*64*|ia64*) _LT_AC_TAGVAR(hardcode_direct, $1)=no _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) _LT_AC_TAGVAR(hardcode_direct, $1)=yes _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, # but as the default # location of the library. ;; esac case $cc_basename in CC*) # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; aCC*) case $host_cpu in hppa*64*) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; ia64*) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; *) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; esac # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' ;; *) if test "$GXX" = yes; then if test $with_gnu_ld = no; then case $host_cpu in hppa*64*) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; ia64*) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; *) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; esac fi else # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; interix[[3-9]]*) _LT_AC_TAGVAR(hardcode_direct, $1)=no _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; irix5* | irix6*) case $cc_basename in CC*) # SGI C++ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' # Archives containing C++ object files must be created using # "CC -ar", where "CC" is the IRIX C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs' ;; *) if test "$GXX" = yes; then if test "$with_gnu_ld" = no; then _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` -o $lib' fi fi _LT_AC_TAGVAR(link_all_deplibs, $1)=yes ;; esac _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: ;; linux* | k*bsd*-gnu) case $cc_basename in KCC*) # Kuck and Associates, Inc. (KAI) C++ Compiler # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. _LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | grep "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath,$libdir' _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' # Archives containing C++ object files must be created using # "CC -Bstatic", where "CC" is the KAI C++ compiler. _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; icpc*) # Intel C++ with_gnu_ld=yes # version 8.0 and above of icpc choke on multiply defined symbols # if we add $predep_objects and $postdep_objects, however 7.1 and # earlier do not add the objects themselves. case `$CC -V 2>&1` in *"Version 7."*) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' ;; *) # Version 8.0 or newer tmp_idyn= case $host_cpu in ia64*) tmp_idyn=' -i_dynamic';; esac _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' ;; esac _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' ;; pgCC* | pgcpp*) # Portland Group C++ compiler _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' ;; cxx*) # Compaq C++ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols' runpath_var=LD_RUN_PATH _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 _LT_AC_TAGVAR(no_undefined_flag, $1)=' -zdefs' _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' # Not sure whether something based on # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 # would be better. output_verbose_link_cmd='echo' # Archives containing C++ object files must be created using # "CC -xar", where "CC" is the Sun C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' ;; esac ;; esac ;; lynxos*) # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; m88k*) # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; mvs*) case $cc_basename in cxx*) # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; esac ;; netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' wlarc= _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_AC_TAGVAR(hardcode_direct, $1)=yes _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no fi # Workaround some broken pre-1.5 toolchains output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' ;; openbsd2*) # C++ shared libraries are fairly broken _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; openbsd*) if test -f /usr/libexec/ld.so; then _LT_AC_TAGVAR(hardcode_direct, $1)=yes _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' fi output_verbose_link_cmd='echo' else _LT_AC_TAGVAR(ld_shlibs, $1)=no fi ;; osf3*) case $cc_basename in KCC*) # Kuck and Associates, Inc. (KAI) C++ Compiler # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. _LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: # Archives containing C++ object files must be created using # "CC -Bstatic", where "CC" is the KAI C++ compiler. _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; RCC*) # Rational C++ 2.4.1 # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; cxx*) _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && echo ${wl}-set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' ;; *) if test "$GXX" = yes && test "$with_gnu_ld" = no; then _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"' else # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; osf4* | osf5*) case $cc_basename in KCC*) # Kuck and Associates, Inc. (KAI) C++ Compiler # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. _LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: # Archives containing C++ object files must be created using # the KAI C++ compiler. _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;; RCC*) # Rational C++ 2.4.1 # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; cxx*) _LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ echo "-hidden">> $lib.exp~ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname -Wl,-input -Wl,$lib.exp `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~ $rm $lib.exp' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' ;; *) if test "$GXX" = yes && test "$with_gnu_ld" = no; then _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"' else # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; psos*) # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; sunos4*) case $cc_basename in CC*) # Sun C++ 4.x # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; lcc*) # Lucid # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; esac ;; solaris*) case $cc_basename in CC*) # Sun C++ 4.2, 5.x and Centerline C++ _LT_AC_TAGVAR(archive_cmds_need_lc,$1)=yes _LT_AC_TAGVAR(no_undefined_flag, $1)=' -zdefs' _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands `-z linker_flag'. # Supported since Solaris 2.6 (maybe 2.5.1?) _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' ;; esac _LT_AC_TAGVAR(link_all_deplibs, $1)=yes output_verbose_link_cmd='echo' # Archives containing C++ object files must be created using # "CC -xar", where "CC" is the Sun C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' ;; gcx*) # Green Hills C++ Compiler _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' # The C++ compiler must be used to create the archive. _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs' ;; *) # GNU C++ compiler with Solaris linker if test "$GXX" = yes && test "$with_gnu_ld" = no; then _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs' if $CC --version | grep -v '^2\.7' > /dev/null; then _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd="$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\"" else # g++ 2.7 appears to require `-G' NOT `-shared' on this # platform. _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd="$CC -G $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\"" fi _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir' case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' ;; esac fi ;; esac ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var='LD_RUN_PATH' case $cc_basename in CC*) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; *) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; esac ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We can NOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. # For security reasons, it is highly recommended that you always # use absolute paths for naming shared libraries, and exclude the # DT_RUNPATH tag from executables and libraries. But doing so # requires that you compile everything twice, which is a pain. # So that behaviour is only enabled if SCOABSPATH is set to a # non-empty value in the environment. Most likely only useful for # creating official distributions of packages. # This is a hack until libtool officially supports absolute path # names for shared libraries. _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_AC_TAGVAR(link_all_deplibs, $1)=yes _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' runpath_var='LD_RUN_PATH' case $cc_basename in CC*) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; *) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; esac ;; tandem*) case $cc_basename in NCC*) # NonStop-UX NCC 3.20 # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; esac ;; vxworks*) # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; esac AC_MSG_RESULT([$_LT_AC_TAGVAR(ld_shlibs, $1)]) test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no _LT_AC_TAGVAR(GCC, $1)="$GXX" _LT_AC_TAGVAR(LD, $1)="$LD" AC_LIBTOOL_POSTDEP_PREDEP($1) AC_LIBTOOL_PROG_COMPILER_PIC($1) AC_LIBTOOL_PROG_CC_C_O($1) AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1) AC_LIBTOOL_PROG_LD_SHLIBS($1) AC_LIBTOOL_SYS_DYNAMIC_LINKER($1) AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1) AC_LIBTOOL_CONFIG($1) AC_LANG_POP CC=$lt_save_CC LDCXX=$LD LD=$lt_save_LD GCC=$lt_save_GCC with_gnu_ldcxx=$with_gnu_ld with_gnu_ld=$lt_save_with_gnu_ld lt_cv_path_LDCXX=$lt_cv_path_LD lt_cv_path_LD=$lt_save_path_LD lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld ])# AC_LIBTOOL_LANG_CXX_CONFIG # AC_LIBTOOL_POSTDEP_PREDEP([TAGNAME]) # ------------------------------------ # Figure out "hidden" library dependencies from verbose # compiler output when linking a shared library. # Parse the compiler output and extract the necessary # objects, libraries and library flags. AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP], [AC_REQUIRE([LT_AC_PROG_SED])dnl dnl we can't use the lt_simple_compile_test_code here, dnl because it contains code intended for an executable, dnl not a library. It's possible we should let each dnl tag define a new lt_????_link_test_code variable, dnl but it's only used here... ifelse([$1],[],[cat > conftest.$ac_ext < conftest.$ac_ext < conftest.$ac_ext < conftest.$ac_ext <&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 # # The more standards-conforming stlport4 library is # incompatible with the Cstd library. Avoid specifying # it if it's in CXXFLAGS. Ignore libCrun as # -library=stlport4 depends on it. case " $CXX $CXXFLAGS " in *" -library=stlport4 "*) solaris_use_stlport4=yes ;; esac if test "$solaris_use_stlport4" != yes; then _LT_AC_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' fi ;; esac ;; solaris*) case $cc_basename in CC*) # The more standards-conforming stlport4 library is # incompatible with the Cstd library. Avoid specifying # it if it's in CXXFLAGS. Ignore libCrun as # -library=stlport4 depends on it. case " $CXX $CXXFLAGS " in *" -library=stlport4 "*) solaris_use_stlport4=yes ;; esac # Adding this requires a known-good setup of shared libraries for # Sun compiler versions before 5.6, else PIC objects from an old # archive will be linked into the output, leading to subtle bugs. if test "$solaris_use_stlport4" != yes; then _LT_AC_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' fi ;; esac ;; esac ]) case " $_LT_AC_TAGVAR(postdeps, $1) " in *" -lc "*) _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no ;; esac ])# AC_LIBTOOL_POSTDEP_PREDEP # AC_LIBTOOL_LANG_F77_CONFIG # -------------------------- # Ensure that the configuration vars for the C compiler are # suitably defined. Those variables are subsequently used by # AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'. AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG], [_LT_AC_LANG_F77_CONFIG(F77)]) AC_DEFUN([_LT_AC_LANG_F77_CONFIG], [AC_REQUIRE([AC_PROG_F77]) AC_LANG_PUSH(Fortran 77) _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no _LT_AC_TAGVAR(allow_undefined_flag, $1)= _LT_AC_TAGVAR(always_export_symbols, $1)=no _LT_AC_TAGVAR(archive_expsym_cmds, $1)= _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)= _LT_AC_TAGVAR(hardcode_direct, $1)=no _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_AC_TAGVAR(hardcode_libdir_separator, $1)= _LT_AC_TAGVAR(hardcode_minus_L, $1)=no _LT_AC_TAGVAR(hardcode_automatic, $1)=no _LT_AC_TAGVAR(module_cmds, $1)= _LT_AC_TAGVAR(module_expsym_cmds, $1)= _LT_AC_TAGVAR(link_all_deplibs, $1)=unknown _LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_AC_TAGVAR(no_undefined_flag, $1)= _LT_AC_TAGVAR(whole_archive_flag_spec, $1)= _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no # Source file extension for f77 test sources. ac_ext=f # Object file extension for compiled f77 test sources. objext=o _LT_AC_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="\ subroutine t return end " # Code to be used in simple link tests lt_simple_link_test_code="\ program t end " # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_AC_SYS_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC="$CC" CC=${F77-"f77"} compiler=$CC _LT_AC_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac AC_MSG_RESULT([$enable_shared]) AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes AC_MSG_RESULT([$enable_static]) _LT_AC_TAGVAR(GCC, $1)="$G77" _LT_AC_TAGVAR(LD, $1)="$LD" AC_LIBTOOL_PROG_COMPILER_PIC($1) AC_LIBTOOL_PROG_CC_C_O($1) AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1) AC_LIBTOOL_PROG_LD_SHLIBS($1) AC_LIBTOOL_SYS_DYNAMIC_LINKER($1) AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1) AC_LIBTOOL_CONFIG($1) AC_LANG_POP CC="$lt_save_CC" ])# AC_LIBTOOL_LANG_F77_CONFIG # AC_LIBTOOL_LANG_GCJ_CONFIG # -------------------------- # Ensure that the configuration vars for the C compiler are # suitably defined. Those variables are subsequently used by # AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'. AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG], [_LT_AC_LANG_GCJ_CONFIG(GCJ)]) AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG], [AC_LANG_SAVE # Source file extension for Java test sources. ac_ext=java # Object file extension for compiled Java test sources. objext=o _LT_AC_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="class foo {}" # Code to be used in simple link tests lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }' # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_AC_SYS_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC="$CC" CC=${GCJ-"gcj"} compiler=$CC _LT_AC_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) # GCJ did not exist at the time GCC didn't implicitly link libc in. _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no _LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds AC_LIBTOOL_PROG_COMPILER_NO_RTTI($1) AC_LIBTOOL_PROG_COMPILER_PIC($1) AC_LIBTOOL_PROG_CC_C_O($1) AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1) AC_LIBTOOL_PROG_LD_SHLIBS($1) AC_LIBTOOL_SYS_DYNAMIC_LINKER($1) AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1) AC_LIBTOOL_CONFIG($1) AC_LANG_RESTORE CC="$lt_save_CC" ])# AC_LIBTOOL_LANG_GCJ_CONFIG # AC_LIBTOOL_LANG_RC_CONFIG # ------------------------- # Ensure that the configuration vars for the Windows resource compiler are # suitably defined. Those variables are subsequently used by # AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'. AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG], [_LT_AC_LANG_RC_CONFIG(RC)]) AC_DEFUN([_LT_AC_LANG_RC_CONFIG], [AC_LANG_SAVE # Source file extension for RC test sources. ac_ext=rc # Object file extension for compiled RC test sources. objext=o _LT_AC_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' # Code to be used in simple link tests lt_simple_link_test_code="$lt_simple_compile_test_code" # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_AC_SYS_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC="$CC" CC=${RC-"windres"} compiler=$CC _LT_AC_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) _LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes AC_LIBTOOL_CONFIG($1) AC_LANG_RESTORE CC="$lt_save_CC" ])# AC_LIBTOOL_LANG_RC_CONFIG # AC_LIBTOOL_CONFIG([TAGNAME]) # ---------------------------- # If TAGNAME is not passed, then create an initial libtool script # with a default configuration from the untagged config vars. Otherwise # add code to config.status for appending the configuration named by # TAGNAME from the matching tagged config vars. AC_DEFUN([AC_LIBTOOL_CONFIG], [# The else clause should only fire when bootstrapping the # libtool distribution, otherwise you forgot to ship ltmain.sh # with your package, and you will get complaints that there are # no rules to generate ltmain.sh. if test -f "$ltmain"; then # See if we are running on zsh, and set the options which allow our commands through # without removal of \ escapes. if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi # Now quote all the things that may contain metacharacters while being # careful not to overquote the AC_SUBSTed values. We take copies of the # variables and quote the copies for generation of the libtool script. for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \ SED SHELL STRIP \ libname_spec library_names_spec soname_spec extract_expsyms_cmds \ old_striplib striplib file_magic_cmd finish_cmds finish_eval \ deplibs_check_method reload_flag reload_cmds need_locks \ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \ lt_cv_sys_global_symbol_to_c_name_address \ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \ old_postinstall_cmds old_postuninstall_cmds \ _LT_AC_TAGVAR(compiler, $1) \ _LT_AC_TAGVAR(CC, $1) \ _LT_AC_TAGVAR(LD, $1) \ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1) \ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1) \ _LT_AC_TAGVAR(lt_prog_compiler_static, $1) \ _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) \ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1) \ _LT_AC_TAGVAR(thread_safe_flag_spec, $1) \ _LT_AC_TAGVAR(whole_archive_flag_spec, $1) \ _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1) \ _LT_AC_TAGVAR(old_archive_cmds, $1) \ _LT_AC_TAGVAR(old_archive_from_new_cmds, $1) \ _LT_AC_TAGVAR(predep_objects, $1) \ _LT_AC_TAGVAR(postdep_objects, $1) \ _LT_AC_TAGVAR(predeps, $1) \ _LT_AC_TAGVAR(postdeps, $1) \ _LT_AC_TAGVAR(compiler_lib_search_path, $1) \ _LT_AC_TAGVAR(compiler_lib_search_dirs, $1) \ _LT_AC_TAGVAR(archive_cmds, $1) \ _LT_AC_TAGVAR(archive_expsym_cmds, $1) \ _LT_AC_TAGVAR(postinstall_cmds, $1) \ _LT_AC_TAGVAR(postuninstall_cmds, $1) \ _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1) \ _LT_AC_TAGVAR(allow_undefined_flag, $1) \ _LT_AC_TAGVAR(no_undefined_flag, $1) \ _LT_AC_TAGVAR(export_symbols_cmds, $1) \ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) \ _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1) \ _LT_AC_TAGVAR(hardcode_libdir_separator, $1) \ _LT_AC_TAGVAR(hardcode_automatic, $1) \ _LT_AC_TAGVAR(module_cmds, $1) \ _LT_AC_TAGVAR(module_expsym_cmds, $1) \ _LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1) \ _LT_AC_TAGVAR(fix_srcfile_path, $1) \ _LT_AC_TAGVAR(exclude_expsyms, $1) \ _LT_AC_TAGVAR(include_expsyms, $1); do case $var in _LT_AC_TAGVAR(old_archive_cmds, $1) | \ _LT_AC_TAGVAR(old_archive_from_new_cmds, $1) | \ _LT_AC_TAGVAR(archive_cmds, $1) | \ _LT_AC_TAGVAR(archive_expsym_cmds, $1) | \ _LT_AC_TAGVAR(module_cmds, $1) | \ _LT_AC_TAGVAR(module_expsym_cmds, $1) | \ _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1) | \ _LT_AC_TAGVAR(export_symbols_cmds, $1) | \ extract_expsyms_cmds | reload_cmds | finish_cmds | \ postinstall_cmds | postuninstall_cmds | \ old_postinstall_cmds | old_postuninstall_cmds | \ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec) # Double-quote double-evaled strings. eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" ;; *) eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" ;; esac done case $lt_echo in *'\[$]0 --fallback-echo"') lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\[$]0 --fallback-echo"[$]/[$]0 --fallback-echo"/'` ;; esac ifelse([$1], [], [cfgfile="${ofile}T" trap "$rm \"$cfgfile\"; exit 1" 1 2 15 $rm -f "$cfgfile" AC_MSG_NOTICE([creating $ofile])], [cfgfile="$ofile"]) cat <<__EOF__ >> "$cfgfile" ifelse([$1], [], [#! $SHELL # `$echo "$cfgfile" | sed 's%^.*/%%'` - Provide generalized library-building support services. # Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP) # NOTE: Changes made to this file will be lost: look at ltmain.sh. # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 # Free Software Foundation, Inc. # # This file is part of GNU Libtool: # Originally by Gordon Matzigkeit , 1996 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # A sed program that does not truncate output. SED=$lt_SED # Sed that helps us avoid accidentally triggering echo(1) options like -n. Xsed="$SED -e 1s/^X//" # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # The names of the tagged configurations supported by this script. available_tags= # ### BEGIN LIBTOOL CONFIG], [# ### BEGIN LIBTOOL TAG CONFIG: $tagname]) # Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # Shell to use when invoking shell scripts. SHELL=$lt_SHELL # Whether or not to build shared libraries. build_libtool_libs=$enable_shared # Whether or not to build static libraries. build_old_libs=$enable_static # Whether or not to add -lc for building shared libraries. build_libtool_need_lc=$_LT_AC_TAGVAR(archive_cmds_need_lc, $1) # Whether or not to disallow shared libs when runtime libs are static allow_libtool_libs_with_static_runtimes=$_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1) # Whether or not to optimize for fast installation. fast_install=$enable_fast_install # The host system. host_alias=$host_alias host=$host host_os=$host_os # The build system. build_alias=$build_alias build=$build build_os=$build_os # An echo program that does not interpret backslashes. echo=$lt_echo # The archiver. AR=$lt_AR AR_FLAGS=$lt_AR_FLAGS # A C compiler. LTCC=$lt_LTCC # LTCC compiler flags. LTCFLAGS=$lt_LTCFLAGS # A language-specific compiler. CC=$lt_[]_LT_AC_TAGVAR(compiler, $1) # Is the compiler the GNU C compiler? with_gcc=$_LT_AC_TAGVAR(GCC, $1) # An ERE matcher. EGREP=$lt_EGREP # The linker used to build libraries. LD=$lt_[]_LT_AC_TAGVAR(LD, $1) # Whether we need hard or soft links. LN_S=$lt_LN_S # A BSD-compatible nm program. NM=$lt_NM # A symbol stripping program STRIP=$lt_STRIP # Used to examine libraries when file_magic_cmd begins "file" MAGIC_CMD=$MAGIC_CMD # Used on cygwin: DLL creation program. DLLTOOL="$DLLTOOL" # Used on cygwin: object dumper. OBJDUMP="$OBJDUMP" # Used on cygwin: assembler. AS="$AS" # The name of the directory that contains temporary libtool files. objdir=$objdir # How to create reloadable object files. reload_flag=$lt_reload_flag reload_cmds=$lt_reload_cmds # How to pass a linker flag through the compiler. wl=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_wl, $1) # Object file suffix (normally "o"). objext="$ac_objext" # Old archive suffix (normally "a"). libext="$libext" # Shared library suffix (normally ".so"). shrext_cmds='$shrext_cmds' # Executable file suffix (normally ""). exeext="$exeext" # Additional compiler flags for building library objects. pic_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) pic_mode=$pic_mode # What is the maximum length of a command? max_cmd_len=$lt_cv_sys_max_cmd_len # Does compiler simultaneously support -c and -o options? compiler_c_o=$lt_[]_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1) # Must we lock files when doing compilation? need_locks=$lt_need_locks # Do we need the lib prefix for modules? need_lib_prefix=$need_lib_prefix # Do we need a version for libraries? need_version=$need_version # Whether dlopen is supported. dlopen_support=$enable_dlopen # Whether dlopen of programs is supported. dlopen_self=$enable_dlopen_self # Whether dlopen of statically linked programs is supported. dlopen_self_static=$enable_dlopen_self_static # Compiler flag to prevent dynamic linking. link_static_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_static, $1) # Compiler flag to turn off builtin functions. no_builtin_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) # Compiler flag to allow reflexive dlopens. export_dynamic_flag_spec=$lt_[]_LT_AC_TAGVAR(export_dynamic_flag_spec, $1) # Compiler flag to generate shared objects directly from archives. whole_archive_flag_spec=$lt_[]_LT_AC_TAGVAR(whole_archive_flag_spec, $1) # Compiler flag to generate thread-safe objects. thread_safe_flag_spec=$lt_[]_LT_AC_TAGVAR(thread_safe_flag_spec, $1) # Library versioning type. version_type=$version_type # Format of library name prefix. libname_spec=$lt_libname_spec # List of archive names. First name is the real one, the rest are links. # The last name is the one that the linker finds with -lNAME. library_names_spec=$lt_library_names_spec # The coded name of the library, if different from the real name. soname_spec=$lt_soname_spec # Commands used to build and install an old-style archive. RANLIB=$lt_RANLIB old_archive_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_cmds, $1) old_postinstall_cmds=$lt_old_postinstall_cmds old_postuninstall_cmds=$lt_old_postuninstall_cmds # Create an old-style archive from a shared archive. old_archive_from_new_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_from_new_cmds, $1) # Create a temporary old-style archive to link instead of a shared archive. old_archive_from_expsyms_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1) # Commands used to build and install a shared archive. archive_cmds=$lt_[]_LT_AC_TAGVAR(archive_cmds, $1) archive_expsym_cmds=$lt_[]_LT_AC_TAGVAR(archive_expsym_cmds, $1) postinstall_cmds=$lt_postinstall_cmds postuninstall_cmds=$lt_postuninstall_cmds # Commands used to build a loadable module (assumed same as above if empty) module_cmds=$lt_[]_LT_AC_TAGVAR(module_cmds, $1) module_expsym_cmds=$lt_[]_LT_AC_TAGVAR(module_expsym_cmds, $1) # Commands to strip libraries. old_striplib=$lt_old_striplib striplib=$lt_striplib # Dependencies to place before the objects being linked to create a # shared library. predep_objects=$lt_[]_LT_AC_TAGVAR(predep_objects, $1) # Dependencies to place after the objects being linked to create a # shared library. postdep_objects=$lt_[]_LT_AC_TAGVAR(postdep_objects, $1) # Dependencies to place before the objects being linked to create a # shared library. predeps=$lt_[]_LT_AC_TAGVAR(predeps, $1) # Dependencies to place after the objects being linked to create a # shared library. postdeps=$lt_[]_LT_AC_TAGVAR(postdeps, $1) # The directories searched by this compiler when creating a shared # library compiler_lib_search_dirs=$lt_[]_LT_AC_TAGVAR(compiler_lib_search_dirs, $1) # The library search path used internally by the compiler when linking # a shared library. compiler_lib_search_path=$lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1) # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method # Command to use when deplibs_check_method == file_magic. file_magic_cmd=$lt_file_magic_cmd # Flag that allows shared libraries with undefined symbols to be built. allow_undefined_flag=$lt_[]_LT_AC_TAGVAR(allow_undefined_flag, $1) # Flag that forces no undefined symbols. no_undefined_flag=$lt_[]_LT_AC_TAGVAR(no_undefined_flag, $1) # Commands used to finish a libtool library installation in a directory. finish_cmds=$lt_finish_cmds # Same as above, but a single script fragment to be evaled but not shown. finish_eval=$lt_finish_eval # Take the output of nm and produce a listing of raw symbols and C names. global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe # Transform the output of nm in a proper C declaration global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl # Transform the output of nm in a C name address pair global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address # This is the shared library runtime path variable. runpath_var=$runpath_var # This is the shared library path variable. shlibpath_var=$shlibpath_var # Is shlibpath searched before the hard-coded library search path? shlibpath_overrides_runpath=$shlibpath_overrides_runpath # How to hardcode a shared library path into an executable. hardcode_action=$_LT_AC_TAGVAR(hardcode_action, $1) # Whether we should hardcode library paths into libraries. hardcode_into_libs=$hardcode_into_libs # Flag to hardcode \$libdir into a binary during linking. # This must work even if \$libdir does not exist. hardcode_libdir_flag_spec=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) # If ld is used when linking, flag to hardcode \$libdir into # a binary during linking. This must work even if \$libdir does # not exist. hardcode_libdir_flag_spec_ld=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1) # Whether we need a single -rpath flag with a separated argument. hardcode_libdir_separator=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_separator, $1) # Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the # resulting binary. hardcode_direct=$_LT_AC_TAGVAR(hardcode_direct, $1) # Set to yes if using the -LDIR flag during linking hardcodes DIR into the # resulting binary. hardcode_minus_L=$_LT_AC_TAGVAR(hardcode_minus_L, $1) # Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into # the resulting binary. hardcode_shlibpath_var=$_LT_AC_TAGVAR(hardcode_shlibpath_var, $1) # Set to yes if building a shared library automatically hardcodes DIR into the library # and all subsequent libraries and executables linked against it. hardcode_automatic=$_LT_AC_TAGVAR(hardcode_automatic, $1) # Variables whose values should be saved in libtool wrapper scripts and # restored at relink time. variables_saved_for_relink="$variables_saved_for_relink" # Whether libtool must link a program against all its dependency libraries. link_all_deplibs=$_LT_AC_TAGVAR(link_all_deplibs, $1) # Compile-time system search path for libraries sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec # Fix the shell variable \$srcfile for the compiler. fix_srcfile_path=$lt_fix_srcfile_path # Set to yes if exported symbols are required. always_export_symbols=$_LT_AC_TAGVAR(always_export_symbols, $1) # The commands to list exported symbols. export_symbols_cmds=$lt_[]_LT_AC_TAGVAR(export_symbols_cmds, $1) # The commands to extract the exported symbol list from a shared archive. extract_expsyms_cmds=$lt_extract_expsyms_cmds # Symbols that should not be listed in the preloaded symbols. exclude_expsyms=$lt_[]_LT_AC_TAGVAR(exclude_expsyms, $1) # Symbols that must always be exported. include_expsyms=$lt_[]_LT_AC_TAGVAR(include_expsyms, $1) ifelse([$1],[], [# ### END LIBTOOL CONFIG], [# ### END LIBTOOL TAG CONFIG: $tagname]) __EOF__ ifelse([$1],[], [ case $host_os in aix3*) cat <<\EOF >> "$cfgfile" # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi EOF ;; esac # We use sed instead of cat because bash on DJGPP gets confused if # if finds mixed CR/LF and LF-only lines. Since sed operates in # text mode, it properly converts lines to CR/LF. This bash problem # is reportedly fixed, but why not run on old versions too? sed '$q' "$ltmain" >> "$cfgfile" || (rm -f "$cfgfile"; exit 1) mv -f "$cfgfile" "$ofile" || \ (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") chmod +x "$ofile" ]) else # If there is no Makefile yet, we rely on a make rule to execute # `config.status --recheck' to rerun these tests and create the # libtool script then. ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'` if test -f "$ltmain_in"; then test -f Makefile && make "$ltmain" fi fi ])# AC_LIBTOOL_CONFIG # AC_LIBTOOL_PROG_COMPILER_NO_RTTI([TAGNAME]) # ------------------------------------------- AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= if test "$GCC" = yes; then _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' AC_LIBTOOL_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], lt_cv_prog_compiler_rtti_exceptions, [-fno-rtti -fno-exceptions], [], [_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"]) fi ])# AC_LIBTOOL_PROG_COMPILER_NO_RTTI # AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE # --------------------------------- AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_REQUIRE([AC_CANONICAL_HOST]) AC_REQUIRE([LT_AC_PROG_SED]) AC_REQUIRE([AC_PROG_NM]) AC_REQUIRE([AC_OBJEXT]) # Check for command to grab the raw symbol name followed by C symbol from nm. AC_MSG_CHECKING([command to parse $NM output from $compiler object]) AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe], [ # These are sane defaults that work on at least a few old systems. # [They come from Ultrix. What could be older than Ultrix?!! ;)] # Character class describing NM global symbol codes. symcode='[[BCDEGRST]]' # Regexp to match symbols that can be accessed directly from C. sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)' # Transform an extracted symbol line into a proper C declaration lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern int \1;/p'" # Transform an extracted symbol line into symbol name and symbol address lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" # Define system-specific variables. case $host_os in aix*) symcode='[[BCDT]]' ;; cygwin* | mingw* | pw32*) symcode='[[ABCDGISTW]]' ;; hpux*) # Its linker distinguishes data from code symbols if test "$host_cpu" = ia64; then symcode='[[ABCDEGRST]]' fi lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" ;; linux* | k*bsd*-gnu) if test "$host_cpu" = ia64; then symcode='[[ABCDGIRSTW]]' lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" fi ;; irix* | nonstopux*) symcode='[[BCDEGRST]]' ;; osf*) symcode='[[BCDEGQRST]]' ;; solaris*) symcode='[[BDRT]]' ;; sco3.2v5*) symcode='[[DT]]' ;; sysv4.2uw2*) symcode='[[DT]]' ;; sysv5* | sco5v6* | unixware* | OpenUNIX*) symcode='[[ABDT]]' ;; sysv4) symcode='[[DFNSTU]]' ;; esac # Handle CRLF in mingw tool chain opt_cr= case $build_os in mingw*) opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp ;; esac # If we're using GNU nm, then use its standard symbol codes. case `$NM -V 2>&1` in *GNU* | *'with BFD'*) symcode='[[ABCDGIRSTW]]' ;; esac # Try without a prefix undercore, then with it. for ac_symprfx in "" "_"; do # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. symxfrm="\\1 $ac_symprfx\\2 \\2" # Write the raw and C identifiers. lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" # Check to see that the pipe works correctly. pipe_works=no rm -f conftest* cat > conftest.$ac_ext < $nlist) && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" else rm -f "$nlist"T fi # Make sure that we snagged all the symbols we need. if grep ' nm_test_var$' "$nlist" >/dev/null; then if grep ' nm_test_func$' "$nlist" >/dev/null; then cat < conftest.$ac_ext #ifdef __cplusplus extern "C" { #endif EOF # Now generate the symbol file. eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | grep -v main >> conftest.$ac_ext' cat <> conftest.$ac_ext #if defined (__STDC__) && __STDC__ # define lt_ptr_t void * #else # define lt_ptr_t char * # define const #endif /* The mapping between symbol names and symbols. */ const struct { const char *name; lt_ptr_t address; } lt_preloaded_symbols[[]] = { EOF $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" | grep -v main >> conftest.$ac_ext cat <<\EOF >> conftest.$ac_ext {0, (lt_ptr_t) 0} }; #ifdef __cplusplus } #endif EOF # Now try linking the two files. mv conftest.$ac_objext conftstm.$ac_objext lt_save_LIBS="$LIBS" lt_save_CFLAGS="$CFLAGS" LIBS="conftstm.$ac_objext" CFLAGS="$CFLAGS$_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)" if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then pipe_works=yes fi LIBS="$lt_save_LIBS" CFLAGS="$lt_save_CFLAGS" else echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD fi else echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD fi else echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD fi else echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD cat conftest.$ac_ext >&5 fi rm -rf conftest* conftst* # Do not use the global_symbol_pipe unless it works. if test "$pipe_works" = yes; then break else lt_cv_sys_global_symbol_pipe= fi done ]) if test -z "$lt_cv_sys_global_symbol_pipe"; then lt_cv_sys_global_symbol_to_cdecl= fi if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then AC_MSG_RESULT(failed) else AC_MSG_RESULT(ok) fi ]) # AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE # AC_LIBTOOL_PROG_COMPILER_PIC([TAGNAME]) # --------------------------------------- AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC], [_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)= _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= _LT_AC_TAGVAR(lt_prog_compiler_static, $1)= AC_MSG_CHECKING([for $compiler option to produce PIC]) ifelse([$1],[CXX],[ # C++ specific cases for pic, static, wl, etc. if test "$GXX" = yes; then _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static' case $host_os in aix*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi ;; amigaos*) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | os2* | pw32*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries m4_if([$1], [GCJ], [], [_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' ;; *djgpp*) # DJGPP does not support shared libraries at all _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= ;; interix[[3-9]]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; sysv4*MP*) if test -d /usr/nec; then _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic fi ;; hpux*) # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) ;; *) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac ;; *) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac else case $host_os in aix[[4-9]]*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' else _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' fi ;; chorus*) case $cc_basename in cxch68*) # Green Hills C++ Compiler # _LT_AC_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" ;; esac ;; darwin*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files case $cc_basename in xlc*) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-qnocommon' _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' ;; esac ;; dgux*) case $cc_basename in ec++*) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' ;; ghcx*) # Green Hills C++ Compiler _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic' ;; *) ;; esac ;; freebsd* | dragonfly*) # FreeBSD uses GNU C++ ;; hpux9* | hpux10* | hpux11*) case $cc_basename in CC*) _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' if test "$host_cpu" != ia64; then _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z' fi ;; aCC*) _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z' ;; esac ;; *) ;; esac ;; interix*) # This is c89, which is MS Visual C++ (no shared libs) # Anyone wants to do a port? ;; irix5* | irix6* | nonstopux*) case $cc_basename in CC*) _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' # CC pic flag -KPIC is the default. ;; *) ;; esac ;; linux* | k*bsd*-gnu) case $cc_basename in KCC*) # KAI C++ Compiler _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; icpc* | ecpc*) # Intel C++ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; pgCC* | pgcpp*) # Portland Group C++ compiler. _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; cxx*) # Compaq C++ # Make sure the PIC flag is empty. It appears that all Alpha # Linux and Compaq Tru64 Unix objects are PIC. _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' ;; esac ;; esac ;; lynxos*) ;; m88k*) ;; mvs*) case $cc_basename in cxx*) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall' ;; *) ;; esac ;; netbsd* | netbsdelf*-gnu) ;; osf3* | osf4* | osf5*) case $cc_basename in KCC*) _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' ;; RCC*) # Rational C++ 2.4.1 _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic' ;; cxx*) # Digital/Compaq C++ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # Make sure the PIC flag is empty. It appears that all Alpha # Linux and Compaq Tru64 Unix objects are PIC. _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; *) ;; esac ;; psos*) ;; solaris*) case $cc_basename in CC*) # Sun C++ 4.2, 5.x and Centerline C++ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' ;; gcx*) # Green Hills C++ Compiler _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' ;; *) ;; esac ;; sunos4*) case $cc_basename in CC*) # Sun C++ 4.x _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; lcc*) # Lucid _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic' ;; *) ;; esac ;; tandem*) case $cc_basename in NCC*) # NonStop-UX NCC 3.20 _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' ;; *) ;; esac ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) case $cc_basename in CC*) _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; esac ;; vxworks*) ;; *) _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no ;; esac fi ], [ if test "$GCC" = yes; then _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static' case $host_os in aix*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi ;; amigaos*) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries m4_if([$1], [GCJ], [], [_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' ;; interix[[3-9]]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; msdosdjgpp*) # Just because we use GCC doesn't mean we suddenly get shared libraries # on systems that don't support them. _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no enable_shared=no ;; sysv4*MP*) if test -d /usr/nec; then _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic fi ;; hpux*) # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac ;; *) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac else # PORTME Check for flag to pass linker flags through the system compiler. case $host_os in aix*) _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' else _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' fi ;; darwin*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files case $cc_basename in xlc*) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-qnocommon' _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' ;; esac ;; mingw* | cygwin* | pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). m4_if([$1], [GCJ], [], [_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; hpux9* | hpux10* | hpux11*) _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z' ;; esac # Is there a better lt_prog_compiler_static that works with the bundled CC? _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' ;; irix5* | irix6* | nonstopux*) _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # PIC (with -KPIC) is the default. _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; newsos6) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; linux* | k*bsd*-gnu) case $cc_basename in icc* | ecc*) _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; pgcc* | pgf77* | pgf90* | pgf95*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; ccc*) _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # All Alpha code is PIC. _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' ;; *Sun\ F*) # Sun Fortran 8.3 passes all unrecognized flags to the linker _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='' ;; esac ;; esac ;; osf3* | osf4* | osf5*) _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # All OSF/1 code is PIC. _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; rdos*) _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; solaris*) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' case $cc_basename in f77* | f90* | f95*) _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';; *) _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';; esac ;; sunos4*) _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; sysv4 | sysv4.2uw2* | sysv4.3*) _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; sysv4*MP*) if test -d /usr/nec ;then _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; unicos*) _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no ;; uts4*) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic' _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; *) _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no ;; esac fi ]) AC_MSG_RESULT([$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)]) # # Check to make sure the PIC flag actually works. # if test -n "$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)"; then AC_LIBTOOL_COMPILER_OPTION([if $compiler PIC flag $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) works], _LT_AC_TAGVAR(lt_cv_prog_compiler_pic_works, $1), [$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)ifelse([$1],[],[ -DPIC],[ifelse([$1],[CXX],[ -DPIC],[])])], [], [case $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) in "" | " "*) ;; *) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)" ;; esac], [_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no]) fi case $host_os in # For platforms which do not support PIC, -DPIC is meaningless: *djgpp*) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= ;; *) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)ifelse([$1],[],[ -DPIC],[ifelse([$1],[CXX],[ -DPIC],[])])" ;; esac # # Check to make sure the static flag actually works. # wl=$_LT_AC_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_AC_TAGVAR(lt_prog_compiler_static, $1)\" AC_LIBTOOL_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works], _LT_AC_TAGVAR(lt_cv_prog_compiler_static_works, $1), $lt_tmp_static_flag, [], [_LT_AC_TAGVAR(lt_prog_compiler_static, $1)=]) ]) # AC_LIBTOOL_PROG_LD_SHLIBS([TAGNAME]) # ------------------------------------ # See if the linker supports building shared libraries. AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_REQUIRE([LT_AC_PROG_SED])dnl AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) ifelse([$1],[CXX],[ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' case $host_os in aix[[4-9]]*) # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm if $NM -V 2>&1 | grep 'GNU' > /dev/null; then _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols' else _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols' fi ;; pw32*) _LT_AC_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds" ;; cygwin* | mingw*) _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;/^.*[[ ]]__nm__/s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' ;; linux* | k*bsd*-gnu) _LT_AC_TAGVAR(link_all_deplibs, $1)=no ;; *) _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' ;; esac _LT_AC_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] ],[ runpath_var= _LT_AC_TAGVAR(allow_undefined_flag, $1)= _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no _LT_AC_TAGVAR(archive_cmds, $1)= _LT_AC_TAGVAR(archive_expsym_cmds, $1)= _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)= _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1)= _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)= _LT_AC_TAGVAR(whole_archive_flag_spec, $1)= _LT_AC_TAGVAR(thread_safe_flag_spec, $1)= _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_AC_TAGVAR(hardcode_libdir_separator, $1)= _LT_AC_TAGVAR(hardcode_direct, $1)=no _LT_AC_TAGVAR(hardcode_minus_L, $1)=no _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported _LT_AC_TAGVAR(link_all_deplibs, $1)=unknown _LT_AC_TAGVAR(hardcode_automatic, $1)=no _LT_AC_TAGVAR(module_cmds, $1)= _LT_AC_TAGVAR(module_expsym_cmds, $1)= _LT_AC_TAGVAR(always_export_symbols, $1)=no _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' # include_expsyms should be a list of space-separated symbols to be *always* # included in the symbol list _LT_AC_TAGVAR(include_expsyms, $1)= # exclude_expsyms can be an extended regexp of symbols to exclude # it will be wrapped by ` (' and `)$', so one must not match beginning or # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', # as well as any symbol that contains `d'. _LT_AC_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if # the symbol is explicitly referenced. Since portable code cannot # rely on this symbol name, it's probably fine to never include it in # preloaded symbol tables. # Exclude shared library initialization/finalization symbols. dnl Note also adjust exclude_expsyms for C++ above. extract_expsyms_cmds= # Just being paranoid about ensuring that cc_basename is set. _LT_CC_BASENAME([$compiler]) case $host_os in cygwin* | mingw* | pw32*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. if test "$GCC" != yes; then with_gnu_ld=no fi ;; interix*) # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; openbsd*) with_gnu_ld=no ;; esac _LT_AC_TAGVAR(ld_shlibs, $1)=yes if test "$with_gnu_ld" = yes; then # If archive_cmds runs LD, not CC, wlarc should be empty wlarc='${wl}' # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else _LT_AC_TAGVAR(whole_archive_flag_spec, $1)= fi supports_anon_versioning=no case `$LD -v 2>/dev/null` in *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... *\ 2.11.*) ;; # other 2.11 versions *) supports_anon_versioning=yes ;; esac # See if GNU ld supports shared libraries. case $host_os in aix[[3-9]]*) # On AIX/PPC, the GNU linker is very broken if test "$host_cpu" != ia64; then _LT_AC_TAGVAR(ld_shlibs, $1)=no cat <&2 *** Warning: the GNU linker, at least up to release 2.9.1, is reported *** to be unable to reliably create shared libraries on AIX. *** Therefore, libtool is disabling shared libraries support. If you *** really care for shared libraries, you may want to modify your PATH *** so that a non-GNU linker is found, and then restart. EOF fi ;; amigaos*) _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Samuel A. Falvo II reports # that the semantics of dynamic libraries on AmigaOS, at least up # to version 4, is to share data among multiple programs linked # with the same dynamic library. Since this doesn't match the # behavior of shared libraries on other platforms, we can't use # them. _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; beos*) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME _LT_AC_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' else _LT_AC_TAGVAR(ld_shlibs, $1)=no fi ;; cygwin* | mingw* | pw32*) # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_AC_TAGVAR(always_export_symbols, $1)=no _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/'\'' -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... _LT_AC_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else _LT_AC_TAGVAR(ld_shlibs, $1)=no fi ;; interix[[3-9]]*) _LT_AC_TAGVAR(hardcode_direct, $1)=no _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | k*bsd*-gnu) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then tmp_addflag= case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag' ;; pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 tmp_addflag=' -i_dynamic -nofor_main' ;; ifc* | ifort*) # Intel Fortran compiler tmp_addflag=' -nofor_main' ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; *) tmp_sharedflag='-shared' ;; esac _LT_AC_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' if test $supports_anon_versioning = yes; then _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ $echo "local: *; };" >> $output_objdir/$libname.ver~ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' fi _LT_AC_TAGVAR(link_all_deplibs, $1)=no else _LT_AC_TAGVAR(ld_shlibs, $1)=no fi ;; netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' fi ;; solaris*) if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then _LT_AC_TAGVAR(ld_shlibs, $1)=no cat <&2 *** Warning: The releases 2.8.* of the GNU linker cannot reliably *** create shared libraries on Solaris systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.9.1 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. EOF elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else _LT_AC_TAGVAR(ld_shlibs, $1)=no fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) case `$LD -v 2>&1` in *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) _LT_AC_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 *** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not *** reliably create shared libraries on SCO systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.16.91.0.3 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF ;; *) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`' _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib' else _LT_AC_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; sunos4*) _LT_AC_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' wlarc= _LT_AC_TAGVAR(hardcode_direct, $1)=yes _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else _LT_AC_TAGVAR(ld_shlibs, $1)=no fi ;; esac if test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no; then runpath_var= _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)= _LT_AC_TAGVAR(whole_archive_flag_spec, $1)= fi else # PORTME fill in a description of your system's linker (not GNU ld) case $host_os in aix3*) _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_AC_TAGVAR(always_export_symbols, $1)=yes _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported fi ;; aix[[4-9]]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag="" else # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm if $NM -V 2>&1 | grep 'GNU' > /dev/null; then _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols' else _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) for ld_flag in $LDFLAGS; do if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then aix_use_runtimelinking=yes break fi done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. _LT_AC_TAGVAR(archive_cmds, $1)='' _LT_AC_TAGVAR(hardcode_direct, $1)=yes _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_AC_TAGVAR(link_all_deplibs, $1)=yes if test "$GCC" = yes; then case $host_os in aix4.[[012]]|aix4.[[012]].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && \ strings "$collect2name" | grep resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)= fi ;; esac shared_flag='-shared' if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi else # not using gcc if test "$host_cpu" = ia64; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' fi fi fi # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. _LT_AC_TAGVAR(always_export_symbols, $1)=yes if test "$aix_use_runtimelinking" = yes; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. _LT_AC_TAGVAR(allow_undefined_flag, $1)='-berok' # Determine the default libpath from the value encoded in an empty executable. _LT_AC_SYS_LIBPATH_AIX _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' _LT_AC_TAGVAR(allow_undefined_flag, $1)="-z nodefs" _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an empty executable. _LT_AC_SYS_LIBPATH_AIX _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' # Exported symbols can be pulled into shared objects from archives _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='$convenience' _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes # This is similar to how AIX traditionally builds its shared libraries. _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; amigaos*) _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # see comment about different semantics on the GNU ld section _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; bsdi[[45]]*) _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic ;; cygwin* | mingw* | pw32*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. _LT_AC_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)='true' # FIXME: Should let the user specify the lib program. _LT_AC_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs' _LT_AC_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`' _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes ;; darwin* | rhapsody*) case $host_os in rhapsody* | darwin1.[[012]]) _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}suppress' ;; *) # Darwin 1.3 on if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' else case ${MACOSX_DEPLOYMENT_TARGET} in 10.[[012]]) _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; 10.*) _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}dynamic_lookup' ;; esac fi ;; esac _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no _LT_AC_TAGVAR(hardcode_direct, $1)=no _LT_AC_TAGVAR(hardcode_automatic, $1)=yes _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='' _LT_AC_TAGVAR(link_all_deplibs, $1)=yes if test "$GCC" = yes ; then output_verbose_link_cmd='echo' _LT_AC_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" _LT_AC_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" _LT_AC_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" _LT_AC_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" else case $cc_basename in xlc*) output_verbose_link_cmd='echo' _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $xlcverstring' _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $xlcverstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' ;; *) _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; esac fi ;; dgux*) _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no ;; freebsd1*) _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little # extra space). freebsd2.2*) _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_AC_TAGVAR(hardcode_direct, $1)=yes _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no ;; # Unfortunately, older versions of FreeBSD 2 do not have this feature. freebsd2*) _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' _LT_AC_TAGVAR(hardcode_direct, $1)=yes _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. freebsd* | dragonfly*) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_AC_TAGVAR(hardcode_direct, $1)=yes _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no ;; hpux9*) if test "$GCC" = yes; then _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' fi _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: _LT_AC_TAGVAR(hardcode_direct, $1)=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' ;; hpux10*) if test "$GCC" = yes -a "$with_gnu_ld" = no; then _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else _LT_AC_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi if test "$with_gnu_ld" = no; then _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: _LT_AC_TAGVAR(hardcode_direct, $1)=yes _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes fi ;; hpux11*) if test "$GCC" = yes -a "$with_gnu_ld" = no; then case $host_cpu in hppa*64*) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else case $host_cpu in hppa*64*) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac fi if test "$with_gnu_ld" = no; then _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: case $host_cpu in hppa*64*|ia64*) _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir' _LT_AC_TAGVAR(hardcode_direct, $1)=no _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) _LT_AC_TAGVAR(hardcode_direct, $1)=yes _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes ;; esac fi ;; irix5* | irix6* | nonstopux*) if test "$GCC" = yes; then _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir' fi _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: _LT_AC_TAGVAR(link_all_deplibs, $1)=yes ;; netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF fi _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_AC_TAGVAR(hardcode_direct, $1)=yes _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no ;; newsos6) _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_AC_TAGVAR(hardcode_direct, $1)=yes _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no ;; openbsd*) if test -f /usr/libexec/ld.so; then _LT_AC_TAGVAR(hardcode_direct, $1)=yes _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' else case $host_os in openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*) _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' ;; *) _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' ;; esac fi else _LT_AC_TAGVAR(ld_shlibs, $1)=no fi ;; os2*) _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_AC_TAGVAR(archive_cmds, $1)='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' ;; osf3*) if test "$GCC" = yes; then _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else _LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' fi _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: ;; osf4* | osf5*) # as osf3* with the addition of -msym flag if test "$GCC" = yes; then _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' else _LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~ $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp' # Both c and cxx compiler support -rpath directly _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' fi _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: ;; solaris*) _LT_AC_TAGVAR(no_undefined_flag, $1)=' -z text' if test "$GCC" = yes; then wlarc='${wl}' _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp' else wlarc='' _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp' fi _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands `-z linker_flag'. GCC discards it without `$wl', # but is careful enough not to reorder. # Supported since Solaris 2.6 (maybe 2.5.1?) if test "$GCC" = yes; then _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' else _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' fi ;; esac _LT_AC_TAGVAR(link_all_deplibs, $1)=yes ;; sunos4*) if test "x$host_vendor" = xsequent; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_AC_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_AC_TAGVAR(hardcode_direct, $1)=yes _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no ;; sysv4) case $host_vendor in sni) _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_AC_TAGVAR(hardcode_direct, $1)=yes # is this really true??? ;; siemens) ## LD is ld it makes a PLAMLIB ## CC just makes a GrossModule. _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags' _LT_AC_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs' _LT_AC_TAGVAR(hardcode_direct, $1)=no ;; motorola) _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_AC_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie ;; esac runpath_var='LD_RUN_PATH' _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no ;; sysv4.3*) _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport' ;; sysv4*MP*) if test -d /usr/nec; then _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var=LD_RUN_PATH hardcode_runpath_var=yes _LT_AC_TAGVAR(ld_shlibs, $1)=yes fi ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We can NOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_AC_TAGVAR(link_all_deplibs, $1)=yes _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; uts4*) _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; esac fi ]) AC_MSG_RESULT([$_LT_AC_TAGVAR(ld_shlibs, $1)]) test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no # # Do we need to explicitly link libc? # case "x$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)" in x|xyes) # Assume -lc should be added _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes if test "$enable_shared" = yes && test "$GCC" = yes; then case $_LT_AC_TAGVAR(archive_cmds, $1) in *'~'*) # FIXME: we may have to deal with multi-command sequences. ;; '$CC '*) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. AC_MSG_CHECKING([whether -lc should be explicitly linked in]) $rm conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if AC_TRY_EVAL(ac_compile) 2>conftest.err; then soname=conftest lib=conftest libobjs=conftest.$ac_objext deplibs= wl=$_LT_AC_TAGVAR(lt_prog_compiler_wl, $1) pic_flag=$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) compiler_flags=-v linker_flags=-v verstring= output_objdir=. libname=conftest lt_save_allow_undefined_flag=$_LT_AC_TAGVAR(allow_undefined_flag, $1) _LT_AC_TAGVAR(allow_undefined_flag, $1)= if AC_TRY_EVAL(_LT_AC_TAGVAR(archive_cmds, $1) 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) then _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no else _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes fi _LT_AC_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag else cat conftest.err 1>&5 fi $rm conftest* AC_MSG_RESULT([$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)]) ;; esac fi ;; esac ])# AC_LIBTOOL_PROG_LD_SHLIBS # _LT_AC_FILE_LTDLL_C # ------------------- # Be careful that the start marker always follows a newline. AC_DEFUN([_LT_AC_FILE_LTDLL_C], [ # /* ltdll.c starts here */ # #define WIN32_LEAN_AND_MEAN # #include # #undef WIN32_LEAN_AND_MEAN # #include # # #ifndef __CYGWIN__ # # ifdef __CYGWIN32__ # # define __CYGWIN__ __CYGWIN32__ # # endif # #endif # # #ifdef __cplusplus # extern "C" { # #endif # BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved); # #ifdef __cplusplus # } # #endif # # #ifdef __CYGWIN__ # #include # DECLARE_CYGWIN_DLL( DllMain ); # #endif # HINSTANCE __hDllInstance_base; # # BOOL APIENTRY # DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved) # { # __hDllInstance_base = hInst; # return TRUE; # } # /* ltdll.c ends here */ ])# _LT_AC_FILE_LTDLL_C # _LT_AC_TAGVAR(VARNAME, [TAGNAME]) # --------------------------------- AC_DEFUN([_LT_AC_TAGVAR], [ifelse([$2], [], [$1], [$1_$2])]) # old names AC_DEFUN([AM_PROG_LIBTOOL], [AC_PROG_LIBTOOL]) AC_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)]) AC_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)]) AC_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)]) AC_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)]) AC_DEFUN([AM_PROG_LD], [AC_PROG_LD]) AC_DEFUN([AM_PROG_NM], [AC_PROG_NM]) # This is just to silence aclocal about the macro not being used ifelse([AC_DISABLE_FAST_INSTALL]) AC_DEFUN([LT_AC_PROG_GCJ], [AC_CHECK_TOOL(GCJ, gcj, no) test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2" AC_SUBST(GCJFLAGS) ]) AC_DEFUN([LT_AC_PROG_RC], [AC_CHECK_TOOL(RC, windres, no) ]) # Cheap backport of AS_EXECUTABLE_P and required macros # from Autoconf 2.59; we should not use $as_executable_p directly. # _AS_TEST_PREPARE # ---------------- m4_ifndef([_AS_TEST_PREPARE], [m4_defun([_AS_TEST_PREPARE], [if test -x / >/dev/null 2>&1; then as_executable_p='test -x' else as_executable_p='test -f' fi ])])# _AS_TEST_PREPARE # AS_EXECUTABLE_P # --------------- # Check whether a file is executable. m4_ifndef([AS_EXECUTABLE_P], [m4_defun([AS_EXECUTABLE_P], [AS_REQUIRE([_AS_TEST_PREPARE])dnl $as_executable_p $1[]dnl ])])# AS_EXECUTABLE_P # NOTE: This macro has been submitted for inclusion into # # GNU Autoconf as AC_PROG_SED. When it is available in # # a released version of Autoconf we should remove this # # macro and use it instead. # # LT_AC_PROG_SED # -------------- # Check for a fully-functional sed program, that truncates # as few characters as possible. Prefer GNU sed if found. AC_DEFUN([LT_AC_PROG_SED], [AC_MSG_CHECKING([for a sed that does not truncate output]) AC_CACHE_VAL(lt_cv_path_SED, [# Loop through the user's path and test for sed and gsed. # Then use that list of sed's as ones to test for truncation. as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for lt_ac_prog in sed gsed; do for ac_exec_ext in '' $ac_executable_extensions; do if AS_EXECUTABLE_P(["$as_dir/$lt_ac_prog$ac_exec_ext"]); then lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" fi done done done IFS=$as_save_IFS lt_ac_max=0 lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris # along with /bin/sed that truncates output. for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do test ! -f $lt_ac_sed && continue cat /dev/null > conftest.in lt_ac_count=0 echo $ECHO_N "0123456789$ECHO_C" >conftest.in # Check for GNU sed and select it if it is found. if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then lt_cv_path_SED=$lt_ac_sed break fi while true; do cat conftest.in conftest.in >conftest.tmp mv conftest.tmp conftest.in cp conftest.in conftest.nl echo >>conftest.nl $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break cmp -s conftest.out conftest.nl || break # 10000 chars as input seems more than enough test $lt_ac_count -gt 10 && break lt_ac_count=`expr $lt_ac_count + 1` if test $lt_ac_count -gt $lt_ac_max; then lt_ac_max=$lt_ac_count lt_cv_path_SED=$lt_ac_sed fi done done ]) SED=$lt_cv_path_SED AC_SUBST([SED]) AC_MSG_RESULT([$SED]) ]) # pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- # # Copyright © 2004 Scott James Remnant . # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # PKG_PROG_PKG_CONFIG([MIN-VERSION]) # ---------------------------------- AC_DEFUN([PKG_PROG_PKG_CONFIG], [m4_pattern_forbid([^_?PKG_[A-Z_]+$]) m4_pattern_allow([^PKG_CONFIG(_PATH)?$]) AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])dnl if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) fi if test -n "$PKG_CONFIG"; then _pkg_min_version=m4_default([$1], [0.9.0]) AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) PKG_CONFIG="" fi fi[]dnl ])# PKG_PROG_PKG_CONFIG # PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) # # Check to see whether a particular set of modules exists. Similar # to PKG_CHECK_MODULES(), but does not set variables or print errors. # # # Similar to PKG_CHECK_MODULES, make sure that the first instance of # this or PKG_CHECK_MODULES is called, or make sure to call # PKG_CHECK_EXISTS manually # -------------------------------------------------------------- AC_DEFUN([PKG_CHECK_EXISTS], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl if test -n "$PKG_CONFIG" && \ AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then m4_ifval([$2], [$2], [:]) m4_ifvaln([$3], [else $3])dnl fi]) # _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) # --------------------------------------------- m4_define([_PKG_CONFIG], [if test -n "$PKG_CONFIG"; then if test -n "$$1"; then pkg_cv_[]$1="$$1" else PKG_CHECK_EXISTS([$3], [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`], [pkg_failed=yes]) fi else pkg_failed=untried fi[]dnl ])# _PKG_CONFIG # _PKG_SHORT_ERRORS_SUPPORTED # ----------------------------- AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], [AC_REQUIRE([PKG_PROG_PKG_CONFIG]) if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi[]dnl ])# _PKG_SHORT_ERRORS_SUPPORTED # PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], # [ACTION-IF-NOT-FOUND]) # # # Note that if there is a possibility the first call to # PKG_CHECK_MODULES might not happen, you should be sure to include an # explicit call to PKG_PROG_PKG_CONFIG in your configure.ac # # # -------------------------------------------------------------- AC_DEFUN([PKG_CHECK_MODULES], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl pkg_failed=no AC_MSG_CHECKING([for $1]) _PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) _PKG_CONFIG([$1][_LIBS], [libs], [$2]) m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS and $1[]_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.]) if test $pkg_failed = yes; then _PKG_SHORT_ERRORS_SUPPORTED if test $_pkg_short_errors_supported = yes; then $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "$2"` else $1[]_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$2"` fi # Put the nasty error message in config.log where it belongs echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD ifelse([$4], , [AC_MSG_ERROR(dnl [Package requirements ($2) were not met: $$1_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. _PKG_TEXT ])], [AC_MSG_RESULT([no]) $4]) elif test $pkg_failed = untried; then ifelse([$4], , [AC_MSG_FAILURE(dnl [The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. _PKG_TEXT To get pkg-config, see .])], [$4]) else $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS $1[]_LIBS=$pkg_cv_[]$1[]_LIBS AC_MSG_RESULT([yes]) ifelse([$3], , :, [$3]) fi[]dnl ])# PKG_CHECK_MODULES # Copyright (C) 2002, 2003, 2005, 2006, 2007 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_AUTOMAKE_VERSION(VERSION) # ---------------------------- # Automake X.Y traces this macro to ensure aclocal.m4 has been # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.10' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. m4_if([$1], [1.10.1], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) # _AM_AUTOCONF_VERSION(VERSION) # ----------------------------- # aclocal traces this macro to find the Autoconf version. # This is a private macro too. Using m4_define simplifies # the logic in aclocal, which can simply ignore this definition. m4_define([_AM_AUTOCONF_VERSION], []) # AM_SET_CURRENT_AUTOMAKE_VERSION # ------------------------------- # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AC_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], [AM_AUTOMAKE_VERSION([1.10.1])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(AC_AUTOCONF_VERSION)]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- # Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets # $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to # `$srcdir', `$srcdir/..', or `$srcdir/../..'. # # Of course, Automake must honor this variable whenever it calls a # tool from the auxiliary directory. The problem is that $srcdir (and # therefore $ac_aux_dir as well) can be either absolute or relative, # depending on how configure is run. This is pretty annoying, since # it makes $ac_aux_dir quite unusable in subdirectories: in the top # source directory, any form will work fine, but in subdirectories a # relative path needs to be adjusted first. # # $ac_aux_dir/missing # fails when called from a subdirectory if $ac_aux_dir is relative # $top_srcdir/$ac_aux_dir/missing # fails if $ac_aux_dir is absolute, # fails when called from a subdirectory in a VPATH build with # a relative $ac_aux_dir # # The reason of the latter failure is that $top_srcdir and $ac_aux_dir # are both prefixed by $srcdir. In an in-source build this is usually # harmless because $srcdir is `.', but things will broke when you # start a VPATH build or use an absolute $srcdir. # # So we could use something similar to $top_srcdir/$ac_aux_dir/missing, # iff we strip the leading $srcdir from $ac_aux_dir. That would be: # am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` # and then we would define $MISSING as # MISSING="\${SHELL} $am_aux_dir/missing" # This will work as long as MISSING is not called from configure, because # unfortunately $(top_srcdir) has no meaning in configure. # However there are other variables, like CC, which are often used in # configure, and could therefore not use this "fixed" $ac_aux_dir. # # Another solution, used here, is to always expand $ac_aux_dir to an # absolute PATH. The drawback is that using absolute paths prevent a # configured tree to be moved without reconfiguration. AC_DEFUN([AM_AUX_DIR_EXPAND], [dnl Rely on autoconf to set up CDPATH properly. AC_PREREQ([2.50])dnl # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` ]) # AM_CONDITIONAL -*- Autoconf -*- # Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 8 # AM_CONDITIONAL(NAME, SHELL-CONDITION) # ------------------------------------- # Define a conditional. AC_DEFUN([AM_CONDITIONAL], [AC_PREREQ(2.52)dnl ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl AC_SUBST([$1_TRUE])dnl AC_SUBST([$1_FALSE])dnl _AM_SUBST_NOTMAKE([$1_TRUE])dnl _AM_SUBST_NOTMAKE([$1_FALSE])dnl if $2; then $1_TRUE= $1_FALSE='#' else $1_TRUE='#' $1_FALSE= fi AC_CONFIG_COMMANDS_PRE( [if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then AC_MSG_ERROR([[conditional "$1" was never defined. Usually this means the macro was only invoked conditionally.]]) fi])]) # Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 9 # There are a few dirty hacks below to avoid letting `AC_PROG_CC' be # written in clear, in which case automake, when reading aclocal.m4, # will think it sees a *use*, and therefore will trigger all it's # C support machinery. Also note that it means that autoscan, seeing # CC etc. in the Makefile, will ask for an AC_PROG_CC use... # _AM_DEPENDENCIES(NAME) # ---------------------- # See how the compiler implements dependency checking. # NAME is "CC", "CXX", "GCJ", or "OBJC". # We try a few techniques and use that to set a single cache variable. # # We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was # modified to invoke _AM_DEPENDENCIES(CC); we would have a circular # dependency, and given that the user is not expected to run this macro, # just rely on AC_PROG_CC. AC_DEFUN([_AM_DEPENDENCIES], [AC_REQUIRE([AM_SET_DEPDIR])dnl AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl AC_REQUIRE([AM_MAKE_INCLUDE])dnl AC_REQUIRE([AM_DEP_TRACK])dnl ifelse([$1], CC, [depcc="$CC" am_compiler_list=], [$1], CXX, [depcc="$CXX" am_compiler_list=], [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'], [$1], UPC, [depcc="$UPC" am_compiler_list=], [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'], [depcc="$$1" am_compiler_list=]) AC_CACHE_CHECK([dependency style of $depcc], [am_cv_$1_dependencies_compiler_type], [if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named `D' -- because `-MD' means `put the output # in D'. mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. cp "$am_depcomp" conftest.dir cd conftest.dir # We will build objects and dependencies in a subdirectory because # it helps to detect inapplicable dependency modes. For instance # both Tru64's cc and ICC support -MD to output dependencies as a # side effect of compilation, but ICC will put the dependencies in # the current directory while Tru64 will put them in the object # directory. mkdir sub am_cv_$1_dependencies_compiler_type=none if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` fi for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and # we should not choose a depcomp mode which is confused by this. # # We need to recreate these files for each test, as the compiler may # overwrite some of them when testing with obscure command lines. # This happens at least with the AIX C compiler. : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with # Solaris 8's {/usr,}/bin/sh. touch sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf case $depmode in nosideeffect) # after this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; none) break ;; esac # We check with `-c' and `-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly # handle `-M -o', and we need to detect this. if depmode=$depmode \ source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. # When given -MP, icc 7.0 and 7.1 complain thusly: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported if (grep 'ignoring option' conftest.err || grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else am_cv_$1_dependencies_compiler_type=$depmode break fi fi done cd .. rm -rf conftest.dir else am_cv_$1_dependencies_compiler_type=none fi ]) AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type]) AM_CONDITIONAL([am__fastdep$1], [ test "x$enable_dependency_tracking" != xno \ && test "$am_cv_$1_dependencies_compiler_type" = gcc3]) ]) # AM_SET_DEPDIR # ------------- # Choose a directory name for dependency files. # This macro is AC_REQUIREd in _AM_DEPENDENCIES AC_DEFUN([AM_SET_DEPDIR], [AC_REQUIRE([AM_SET_LEADING_DOT])dnl AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl ]) # AM_DEP_TRACK # ------------ AC_DEFUN([AM_DEP_TRACK], [AC_ARG_ENABLE(dependency-tracking, [ --disable-dependency-tracking speeds up one-time build --enable-dependency-tracking do not reject slow dependency extractors]) if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' fi AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) AC_SUBST([AMDEPBACKSLASH])dnl _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl ]) # Generate code to set up dependency tracking. -*- Autoconf -*- # Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. #serial 3 # _AM_OUTPUT_DEPENDENCY_COMMANDS # ------------------------------ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], [for mf in $CONFIG_FILES; do # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. # We used to match only the files named `Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. # Grep'ing the whole file is not good either: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then dirpart=`AS_DIRNAME("$mf")` else continue fi # Extract the definition of DEPDIR, am__include, and am__quote # from the Makefile without running `make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` test -z "am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` # When using ansi2knr, U may be empty or an underscore; expand it U=`sed -n 's/^U = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`AS_DIRNAME(["$file"])` AS_MKDIR_P([$dirpart/$fdir]) # echo "creating $dirpart/$file" echo '# dummy' > "$dirpart/$file" done done ])# _AM_OUTPUT_DEPENDENCY_COMMANDS # AM_OUTPUT_DEPENDENCY_COMMANDS # ----------------------------- # This macro should only be invoked once -- use via AC_REQUIRE. # # This code is only required when automatic dependency tracking # is enabled. FIXME. This creates each `.P' file that we will # need in order to bootstrap the dependency handling code. AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AC_CONFIG_COMMANDS([depfiles], [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) ]) # Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 8 # AM_CONFIG_HEADER is obsolete. It has been replaced by AC_CONFIG_HEADERS. AU_DEFUN([AM_CONFIG_HEADER], [AC_CONFIG_HEADERS($@)]) # Do all the work for Automake. -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, # 2005, 2006, 2008 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 13 # This macro actually does too much. Some checks are only needed if # your package does certain things. But this isn't really a big deal. # AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) # AM_INIT_AUTOMAKE([OPTIONS]) # ----------------------------------------------- # The call with PACKAGE and VERSION arguments is the old style # call (pre autoconf-2.50), which is being phased out. PACKAGE # and VERSION should now be passed to AC_INIT and removed from # the call to AM_INIT_AUTOMAKE. # We support both call styles for the transition. After # the next Automake release, Autoconf can make the AC_INIT # arguments mandatory, and then we can depend on a new Autoconf # release and drop the old call support. AC_DEFUN([AM_INIT_AUTOMAKE], [AC_PREREQ([2.60])dnl dnl Autoconf wants to disallow AM_ names. We explicitly allow dnl the ones we care about. m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl AC_REQUIRE([AC_PROG_INSTALL])dnl if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl # test to see if srcdir already configured if test -f $srcdir/config.status; then AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) fi fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi AC_SUBST([CYGPATH_W]) # Define the identity of the package. dnl Distinguish between old-style and new-style calls. m4_ifval([$2], [m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl AC_SUBST([PACKAGE], [$1])dnl AC_SUBST([VERSION], [$2])], [_AM_SET_OPTIONS([$1])dnl dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,, [m4_fatal([AC_INIT should be called with package and version arguments])])dnl AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl _AM_IF_OPTION([no-define],, [AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl # Some tools Automake needs. AC_REQUIRE([AM_SANITY_CHECK])dnl AC_REQUIRE([AC_ARG_PROGRAM])dnl AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}) AM_MISSING_PROG(AUTOCONF, autoconf) AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}) AM_MISSING_PROG(AUTOHEADER, autoheader) AM_MISSING_PROG(MAKEINFO, makeinfo) AM_PROG_INSTALL_SH AM_PROG_INSTALL_STRIP AC_REQUIRE([AM_PROG_MKDIR_P])dnl # We need awk for the "check" target. The system "awk" is bad on # some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl _AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], [_AM_PROG_TAR([v7])])]) _AM_IF_OPTION([no-dependencies],, [AC_PROVIDE_IFELSE([AC_PROG_CC], [_AM_DEPENDENCIES(CC)], [define([AC_PROG_CC], defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl AC_PROVIDE_IFELSE([AC_PROG_CXX], [_AM_DEPENDENCIES(CXX)], [define([AC_PROG_CXX], defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJC], [_AM_DEPENDENCIES(OBJC)], [define([AC_PROG_OBJC], defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl ]) ]) # When config.status generates a header, we must update the stamp-h file. # This file resides in the same directory as the config header # that is generated. The stamp files are numbered to have different names. # Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the # loop where config.status creates the headers, so we can generate # our stamp files there. AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], [# Compute $1's index in $config_headers. _am_arg=$1 _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in $_am_arg | $_am_arg:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) # Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_SH # ------------------ # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl install_sh=${install_sh-"\$(SHELL) $am_aux_dir/install-sh"} AC_SUBST(install_sh)]) # Copyright (C) 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 2 # Check whether the underlying file-system supports filenames # with a leading dot. For instance MS-DOS doesn't. AC_DEFUN([AM_SET_LEADING_DOT], [rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null AC_SUBST([am__leading_dot])]) # Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2005 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 5 # AM_PROG_LEX # ----------- # Autoconf leaves LEX=: if lex or flex can't be found. Change that to a # "missing" invocation, for better error output. AC_DEFUN([AM_PROG_LEX], [AC_PREREQ(2.50)dnl AC_REQUIRE([AM_MISSING_HAS_RUN])dnl AC_REQUIRE([AC_PROG_LEX])dnl if test "$LEX" = :; then LEX=${am_missing_run}flex fi]) # Check to see how 'make' treats includes. -*- Autoconf -*- # Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 3 # AM_MAKE_INCLUDE() # ----------------- # Check to see how make treats includes. AC_DEFUN([AM_MAKE_INCLUDE], [am_make=${MAKE-make} cat > confinc << 'END' am__doit: @echo done .PHONY: am__doit END # If we don't find an include directive, just comment out the code. AC_MSG_CHECKING([for style of include used by $am_make]) am__include="#" am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf # We grep out `Entering directory' and `Leaving directory' # messages which can occur if `w' ends up in MAKEFLAGS. # In particular we don't look at `^make:' because GNU make might # be invoked under some other name (usually "gmake"), in which # case it prints its new name instead of `make'. if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then am__include=include am__quote= _am_result=GNU fi # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then am__include=.include am__quote="\"" _am_result=BSD fi fi AC_SUBST([am__include]) AC_SUBST([am__quote]) AC_MSG_RESULT([$_am_result]) rm -f confinc confmf ]) # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- # Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 5 # AM_MISSING_PROG(NAME, PROGRAM) # ------------------------------ AC_DEFUN([AM_MISSING_PROG], [AC_REQUIRE([AM_MISSING_HAS_RUN]) $1=${$1-"${am_missing_run}$2"} AC_SUBST($1)]) # AM_MISSING_HAS_RUN # ------------------ # Define MISSING if not defined so far and test if it supports --run. # If it does, set am_missing_run to use it, otherwise, to nothing. AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([missing])dnl test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing" # Use eval to expand $SHELL if eval "$MISSING --run true"; then am_missing_run="$MISSING --run " else am_missing_run= AC_MSG_WARN([`missing' script is too old or missing]) fi ]) # Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_MKDIR_P # --------------- # Check for `mkdir -p'. AC_DEFUN([AM_PROG_MKDIR_P], [AC_PREREQ([2.60])dnl AC_REQUIRE([AC_PROG_MKDIR_P])dnl dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P, dnl while keeping a definition of mkdir_p for backward compatibility. dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile. dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of dnl Makefile.ins that do not define MKDIR_P, so we do our own dnl adjustment using top_builddir (which is defined more often than dnl MKDIR_P). AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl case $mkdir_p in [[\\/$]]* | ?:[[\\/]]*) ;; */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; esac ]) # Helper functions for option handling. -*- Autoconf -*- # Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 3 # _AM_MANGLE_OPTION(NAME) # ----------------------- AC_DEFUN([_AM_MANGLE_OPTION], [[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) # _AM_SET_OPTION(NAME) # ------------------------------ # Set option NAME. Presently that only means defining a flag for this option. AC_DEFUN([_AM_SET_OPTION], [m4_define(_AM_MANGLE_OPTION([$1]), 1)]) # _AM_SET_OPTIONS(OPTIONS) # ---------------------------------- # OPTIONS is a space-separated list of Automake options. AC_DEFUN([_AM_SET_OPTIONS], [AC_FOREACH([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) # _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) # ------------------------------------------- # Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) # Check to make sure that the build environment is sane. -*- Autoconf -*- # Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 4 # AM_SANITY_CHECK # --------------- AC_DEFUN([AM_SANITY_CHECK], [AC_MSG_CHECKING([whether build environment is sane]) # Just in case sleep 1 echo timestamp > conftest.file # Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null` if test "$[*]" = "X"; then # -L didn't work. set X `ls -t $srcdir/configure conftest.file` fi rm -f conftest.file if test "$[*]" != "X $srcdir/configure conftest.file" \ && test "$[*]" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken alias in your environment]) fi test "$[2]" = conftest.file ) then # Ok. : else AC_MSG_ERROR([newly created file is older than distributed files! Check your system clock]) fi AC_MSG_RESULT(yes)]) # Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_STRIP # --------------------- # One issue with vendor `install' (even GNU) is that you can't # specify the program used to strip binaries. This is especially # annoying in cross-compiling environments, where the build's strip # is unlikely to handle the host's binaries. # Fortunately install-sh will honor a STRIPPROG variable, so we # always use install-sh in `make install-strip', and initialize # STRIPPROG with the value of the STRIP variable (set by the user). AC_DEFUN([AM_PROG_INSTALL_STRIP], [AC_REQUIRE([AM_PROG_INSTALL_SH])dnl # Installed binaries are usually stripped using `strip' when the user # run `make install-strip'. However `strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the `STRIP' environment variable to overrule this program. dnl Don't test for $cross_compiling = yes, because it might be `maybe'. if test "$cross_compiling" != no; then AC_CHECK_TOOL([STRIP], [strip], :) fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) # Copyright (C) 2006 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_SUBST_NOTMAKE(VARIABLE) # --------------------------- # Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. # This macro is traced by Automake. AC_DEFUN([_AM_SUBST_NOTMAKE]) # Check how to create a tarball. -*- Autoconf -*- # Copyright (C) 2004, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 2 # _AM_PROG_TAR(FORMAT) # -------------------- # Check how to create a tarball in format FORMAT. # FORMAT should be one of `v7', `ustar', or `pax'. # # Substitute a variable $(am__tar) that is a command # writing to stdout a FORMAT-tarball containing the directory # $tardir. # tardir=directory && $(am__tar) > result.tar # # Substitute a variable $(am__untar) that extract such # a tarball read from stdin. # $(am__untar) < result.tar AC_DEFUN([_AM_PROG_TAR], [# Always define AMTAR for backward compatibility. AM_MISSING_PROG([AMTAR], [tar]) m4_if([$1], [v7], [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'], [m4_case([$1], [ustar],, [pax],, [m4_fatal([Unknown tar format])]) AC_MSG_CHECKING([how to create a $1 tar archive]) # Loop over all known methods to create a tar archive until one works. _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' _am_tools=${am_cv_prog_tar_$1-$_am_tools} # Do not fold the above two line into one, because Tru64 sh and # Solaris sh will not grok spaces in the rhs of `-'. for _am_tool in $_am_tools do case $_am_tool in gnutar) for _am_tar in tar gnutar gtar; do AM_RUN_LOG([$_am_tar --version]) && break done am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' am__untar="$_am_tar -xf -" ;; plaintar) # Must skip GNU tar: if it does not support --format= it doesn't create # ustar tarball either. (tar --version) >/dev/null 2>&1 && continue am__tar='tar chf - "$$tardir"' am__tar_='tar chf - "$tardir"' am__untar='tar xf -' ;; pax) am__tar='pax -L -x $1 -w "$$tardir"' am__tar_='pax -L -x $1 -w "$tardir"' am__untar='pax -r' ;; cpio) am__tar='find "$$tardir" -print | cpio -o -H $1 -L' am__tar_='find "$tardir" -print | cpio -o -H $1 -L' am__untar='cpio -i -H $1 -d' ;; none) am__tar=false am__tar_=false am__untar=false ;; esac # If the value was cached, stop now. We just wanted to have am__tar # and am__untar set. test -n "${am_cv_prog_tar_$1}" && break # tar/untar a dummy directory, and stop if the command works rm -rf conftest.dir mkdir conftest.dir echo GrepMe > conftest.dir/file AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) rm -rf conftest.dir if test -s conftest.tar; then AM_RUN_LOG([$am__untar /dev/null 2>&1 && break fi done rm -rf conftest.dir AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) AC_MSG_RESULT([$am_cv_prog_tar_$1])]) AC_SUBST([am__tar]) AC_SUBST([am__untar]) ]) # _AM_PROG_TAR nufw-2.4.3/AUTHORS0000644000175000017500000000160711431206275010475 00000000000000Core team ========= Éric Leblond (aka regit) regit@inl.fr Vincent Deffontaines (aka gryzor) http://www.gryzor.com Pierre Chifflier (aka pollux) pierre.chifflier AT inl.fr Laurent Defert (aka lodesi) laurent.defert AT inl.fr Sébastien Tricaud (aka toady) stricaud AT inl.fr Victor Stinner (aka haypo) victor.stinner AT inl.fr Contributors ============ Andrew Williams aka mistik1 fixed Makefile.am of nuauth_command for Gentoo ($DESTDIR) Francesco Varano Gabriele Messineo authors of auth_mysql module Hervé Hénoch fixed a regular expression in nuaclgen script Jean Gillaux author of pam_nufw module Mikael Berthe (aka McKael) original author of plaintext module Simon Josefsson getdelim() implentation (used on FreeBSD) nufw-2.4.3/config.guess0000755000175000017500000012753410756112266011762 00000000000000#! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 # Free Software Foundation, Inc. timestamp='2008-01-23' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA # 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Originally written by Per Bothner . # Please send patches to . Submit a context # diff and a properly formatted ChangeLog entry. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # # The plan is that this can be called by configure scripts if you # don't specify an explicit build system type. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] Output the configuration name of the system \`$me' is run on. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" >&2 exit 1 ;; * ) break ;; esac done if test $# != 0; then echo "$me: too many arguments$help" >&2 exit 1 fi trap 'exit 1' 1 2 15 # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a # headache to deal with in a portable fashion. # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still # use `HOST_CC' if defined, but it is deprecated. # Portable tmp directory creation inspired by the Autoconf team. set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; : ${TMPDIR=/tmp} ; { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; dummy=$tmp/dummy ; tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; case $CC_FOR_BUILD,$HOST_CC,$CC in ,,) echo "int x;" > $dummy.c ; for c in cc gcc c89 c99 ; do if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then CC_FOR_BUILD="$c"; break ; fi ; done ; if test x"$CC_FOR_BUILD" = x ; then CC_FOR_BUILD=no_compiler_found ; fi ;; ,,*) CC_FOR_BUILD=$CC ;; ,*,*) CC_FOR_BUILD=$HOST_CC ;; esac ; set_cc_for_build= ;' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently # switched to ELF, *-*-netbsd* would select the old # object file format. This provides both forward # compatibility and a consistent mechanism for selecting the # object file format. # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ /usr/sbin/$sysctl 2>/dev/null || echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep __ELF__ >/dev/null then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? os=netbsd else os=netbsdelf fi ;; *) os=netbsd ;; esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. case "${UNAME_VERSION}" in Debian*) release='-gnu' ;; *) release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} exit ;; *:ekkoBSD:*:*) echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} exit ;; *:SolidBSD:*:*) echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} exit ;; macppc:MirBSD:*:*) echo powerpc-unknown-mirbsd${UNAME_RELEASE} exit ;; *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` ;; *5.*) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ;; esac # According to Compaq, /usr/sbin/psrinfo has been available on # OSF/1 and Tru64 systems produced since 1995. I hope that # covers most systems running today. This code pipes the CPU # types through head -n 1, so we only detect the type of CPU 0. ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") UNAME_MACHINE="alpha" ;; "EV4.5 (21064)") UNAME_MACHINE="alpha" ;; "LCA4 (21066/21068)") UNAME_MACHINE="alpha" ;; "EV5 (21164)") UNAME_MACHINE="alphaev5" ;; "EV5.6 (21164A)") UNAME_MACHINE="alphaev56" ;; "EV5.6 (21164PC)") UNAME_MACHINE="alphapca56" ;; "EV5.7 (21164PC)") UNAME_MACHINE="alphapca57" ;; "EV6 (21264)") UNAME_MACHINE="alphaev6" ;; "EV6.7 (21264A)") UNAME_MACHINE="alphaev67" ;; "EV6.8CB (21264C)") UNAME_MACHINE="alphaev68" ;; "EV6.8AL (21264B)") UNAME_MACHINE="alphaev68" ;; "EV6.8CX (21264D)") UNAME_MACHINE="alphaev68" ;; "EV6.9A (21264/EV69A)") UNAME_MACHINE="alphaev69" ;; "EV7 (21364)") UNAME_MACHINE="alphaev7" ;; "EV7.9 (21364A)") UNAME_MACHINE="alphaev79" ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` exit ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix exit ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 exit ;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-amigaos exit ;; *:[Mm]orph[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-morphos exit ;; *:OS/390:*:*) echo i370-ibm-openedition exit ;; *:z/VM:*:*) echo s390-ibm-zvmoe exit ;; *:OS400:*:*) echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; arm:riscos:*:*|arm:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp exit ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 else echo pyramid-pyramid-bsd fi exit ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 exit ;; DRS?6000:unix:4.0:6*) echo sparc-icl-nx6 exit ;; DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` exit ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} ;; sun4) echo sparc-sun-sunos${UNAME_RELEASE} ;; esac exit ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor # > m68000). The system name ranges from "MiNT" over "FreeMiNT" # to the lowercase version "mint" (or "freemint"). Finally # the system name "TOS" denotes a system which is actually not # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-unknown-mint${UNAME_RELEASE} exit ;; m68k:machten:*:*) echo m68k-apple-machten${UNAME_RELEASE} exit ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} exit ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __cplusplus #include /* for printf() prototype */ int main (int argc, char *argv[]) { #else int main (argc, argv) int argc; char *argv[]; { #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && SYSTEM_NAME=`$dummy $dummyarg` && { echo "$SYSTEM_NAME"; exit; } echo mips-mips-riscos${UNAME_RELEASE} exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax exit ;; Motorola:*:4.3:PL8-*) echo powerpc-harris-powermax exit ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) echo powerpc-harris-powermax exit ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 exit ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 exit ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 exit ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ [ ${TARGET_BINARY_INTERFACE}x = x ] then echo m88k-dg-dgux${UNAME_RELEASE} else echo m88k-dg-dguxbcs${UNAME_RELEASE} fi else echo i586-dg-dgux${UNAME_RELEASE} fi exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 exit ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 exit ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd exit ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) echo i386-ibm-aix exit ;; ia64:AIX:*:*) if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include main() { if (!__power_pc()) exit(1); puts("powerpc-ibm-aix3.2.5"); exit(0); } EOF if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` then echo "$SYSTEM_NAME" else echo rs6000-ibm-aix3.2.5 fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi exit ;; *:AIX:*:[456]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit ;; *:AIX:*:*) echo rs6000-ibm-aix exit ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx exit ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 exit ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd exit ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in 32) HP_ARCH="hppa2.0n" ;; 64) HP_ARCH="hppa2.0w" ;; '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 esac ;; esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #define _HPUX_SOURCE #include #include int main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); #endif long cpu = sysconf (_SC_CPU_VERSION); switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0"); break; case CPU_PA_RISC1_1: puts ("hppa1.1"); break; case CPU_PA_RISC2_0: #if defined(_SC_KERNEL_BITS) switch (bits) { case 64: puts ("hppa2.0w"); break; case 32: puts ("hppa2.0n"); break; default: puts ("hppa2.0"); break; } break; #else /* !defined(_SC_KERNEL_BITS) */ puts ("hppa2.0"); break; #endif default: puts ("hppa1.0"); break; } exit (0); } EOF (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac if [ ${HP_ARCH} = "hppa2.0w" ] then eval $set_cc_for_build # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler # generating 64-bit code. GNU and HP use different nomenclature: # # $ CC_FOR_BUILD=cc ./config.guess # => hppa2.0w-hp-hpux11.23 # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | grep __LP64__ >/dev/null then HP_ARCH="hppa2.0w" else HP_ARCH="hppa64" fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit ;; ia64:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ia64-hp-hpux${HPUX_REV} exit ;; 3050*:HI-UX:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include int main () { long cpu = sysconf (_SC_CPU_VERSION); /* The order matters, because CPU_IS_HP_MC68K erroneously returns true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct results, however. */ if (CPU_IS_PA_RISC (cpu)) { switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; default: puts ("hppa-hitachi-hiuxwe2"); break; } } else if (CPU_IS_HP_MC68K (cpu)) puts ("m68k-hitachi-hiuxwe2"); else puts ("unknown-hitachi-hiuxwe2"); exit (0); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 exit ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd exit ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi exit ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; *:UNICOS/mp:*:*) echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit ;; sparc*:BSD/OS:*:*) echo sparc-unknown-bsdi${UNAME_RELEASE} exit ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} exit ;; *:FreeBSD:*:*) case ${UNAME_MACHINE} in pc98) echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; amd64) echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac exit ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; i*:windows32*:*) # uname -m includes "-pc" on this system. echo ${UNAME_MACHINE}-mingw32 exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; *:Interix*:[3456]*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; EM64T | authenticamd) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; IA64) echo ia64-unknown-interix${UNAME_RELEASE} exit ;; esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i586-pc-interix exit ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin exit ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) echo x86_64-unknown-cygwin exit ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin exit ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; *:GNU:*:*) # the GNU system echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then echo ${UNAME_MACHINE}-unknown-linux-gnu else echo ${UNAME_MACHINE}-unknown-linux-gnueabi fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; cris:Linux:*:*) echo cris-axis-linux-gnu exit ;; crisv32:Linux:*:*) echo crisv32-axis-linux-gnu exit ;; frv:Linux:*:*) echo frv-unknown-linux-gnu exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; m32r*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; mips:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU #undef mips #undef mipsel #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) CPU=mipsel #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) CPU=mips #else CPU= #endif #endif EOF eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' /^CPU/{ s: ::g p }'`" test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU #undef mips64 #undef mips64el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) CPU=mips64el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) CPU=mips64 #else CPU= #endif #endif EOF eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' /^CPU/{ s: ::g p }'`" test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; or32:Linux:*:*) echo or32-unknown-linux-gnu exit ;; ppc:Linux:*:*) echo powerpc-unknown-linux-gnu exit ;; ppc64:Linux:*:*) echo powerpc64-unknown-linux-gnu exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; EV56) UNAME_MACHINE=alphaev56 ;; PCA56) UNAME_MACHINE=alphapca56 ;; PCA57) UNAME_MACHINE=alphapca56 ;; EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in PA7*) echo hppa1.1-unknown-linux-gnu ;; PA8*) echo hppa2.0-unknown-linux-gnu ;; *) echo hppa-unknown-linux-gnu ;; esac exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) echo hppa64-unknown-linux-gnu exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux exit ;; sh64*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-gnu exit ;; x86_64:Linux:*:*) echo x86_64-unknown-linux-gnu exit ;; xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; i*86:Linux:*:*) # The BFD linker knows what the default object file format is, so # first see if it will tell us. cd to the root directory to prevent # problems with other programs or directories called `ld' in the path. # Set LC_ALL=C to ensure ld outputs messages in English. ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ | sed -ne '/supported targets:/!d s/[ ][ ]*/ /g s/.*supported targets: *// s/ .*// p'` case "$ld_supported_targets" in elf32-i386) TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" ;; a.out-i386-linux) echo "${UNAME_MACHINE}-pc-linux-gnuaout" exit ;; coff-i386) echo "${UNAME_MACHINE}-pc-linux-gnucoff" exit ;; "") # Either a pre-BFD a.out linker (linux-gnuoldld) or # one that does not give us useful --help. echo "${UNAME_MACHINE}-pc-linux-gnuoldld" exit ;; esac # Determine whether the default compiler is a.out or elf eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include #ifdef __ELF__ # ifdef __GLIBC__ # if __GLIBC__ >= 2 LIBC=gnu # else LIBC=gnulibc1 # endif # else LIBC=gnulibc1 # endif #else #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) LIBC=gnu #else LIBC=gnuaout #endif #endif #ifdef __dietlibc__ LIBC=dietlibc #endif EOF eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' /^LIBC/{ s: ::g p }'`" test x"${LIBC}" != x && { echo "${UNAME_MACHINE}-pc-linux-${LIBC}" exit } test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. echo i386-sequent-sysv4 exit ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx exit ;; i*86:XTS-300:*:STOP) echo ${UNAME_MACHINE}-unknown-stop exit ;; i*86:atheos:*:*) echo ${UNAME_MACHINE}-unknown-atheos exit ;; i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp exit ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi exit ;; i*86:*:5:[678]*) # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i386. echo i386-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit ;; paragon:*:*:*) echo i860-intel-osf1 exit ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi exit ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv exit ;; mc68k:UNIX:SYSTEM5:3.51m) echo m68k-convergent-sysv exit ;; M680?0:D-NIX:5.3:*) echo m68k-diab-dnix exit ;; M68*:*:R3V[5678]*:*) test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} exit ;; rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 exit ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` echo ${UNAME_MACHINE}-sni-sysv4 else echo ns32k-sni-sysv fi exit ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 exit ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 exit ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. echo ${UNAME_MACHINE}-stratus-vos exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos exit ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos exit ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} exit ;; SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; SX-7:SUPER-UX:*:*) echo sx7-nec-superux${UNAME_RELEASE} exit ;; SX-8:SUPER-UX:*:*) echo sx8-nec-superux${UNAME_RELEASE} exit ;; SX-8R:SUPER-UX:*:*) echo sx8r-nec-superux${UNAME_RELEASE} exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown case $UNAME_PROCESSOR in unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = "x86"; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} exit ;; *:QNX:*:4*) echo i386-pc-qnx exit ;; NSE-?:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux exit ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv exit ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. if test "$cputype" = "386"; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-unknown-plan9 exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 exit ;; *:TENEX:*:*) echo pdp10-unknown-tenex exit ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) echo pdp10-dec-tops20 exit ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) echo pdp10-xkl-tops20 exit ;; *:TOPS-20:*:*) echo pdp10-unknown-tops20 exit ;; *:ITS:*:*) echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) echo mips-sei-seiux${UNAME_RELEASE} exit ;; *:DragonFly:*:*) echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` case "${UNAME_MACHINE}" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; V*) echo vax-dec-vms ; exit ;; esac ;; *:XENIX:*:SysV) echo i386-pc-xenix exit ;; i*86:skyos:*:*) echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' exit ;; i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 eval $set_cc_for_build cat >$dummy.c < # include #endif main () { #if defined (sony) #if defined (MIPSEB) /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, I don't know.... */ printf ("mips-sony-bsd\n"); exit (0); #else #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 "4" #else "" #endif ); exit (0); #endif #endif #if defined (__arm) && defined (__acorn) && defined (__unix) printf ("arm-acorn-riscix\n"); exit (0); #endif #if defined (hp300) && !defined (hpux) printf ("m68k-hp-bsd\n"); exit (0); #endif #if defined (NeXT) #if !defined (__ARCHITECTURE__) #define __ARCHITECTURE__ "m68k" #endif int version; version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; if (version < 4) printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); else printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); exit (0); #endif #if defined (MULTIMAX) || defined (n16) #if defined (UMAXV) printf ("ns32k-encore-sysv\n"); exit (0); #else #if defined (CMU) printf ("ns32k-encore-mach\n"); exit (0); #else printf ("ns32k-encore-bsd\n"); exit (0); #endif #endif #endif #if defined (__386BSD__) printf ("i386-pc-bsd\n"); exit (0); #endif #if defined (sequent) #if defined (i386) printf ("i386-sequent-dynix\n"); exit (0); #endif #if defined (ns32000) printf ("ns32k-sequent-dynix\n"); exit (0); #endif #endif #if defined (_SEQUENT_) struct utsname un; uname(&un); if (strncmp(un.version, "V2", 2) == 0) { printf ("i386-sequent-ptx2\n"); exit (0); } if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ printf ("i386-sequent-ptx1\n"); exit (0); } printf ("i386-sequent-ptx\n"); exit (0); #endif #if defined (vax) # if !defined (ultrix) # include # if defined (BSD) # if BSD == 43 printf ("vax-dec-bsd4.3\n"); exit (0); # else # if BSD == 199006 printf ("vax-dec-bsd4.3reno\n"); exit (0); # else printf ("vax-dec-bsd\n"); exit (0); # endif # endif # else printf ("vax-dec-bsd\n"); exit (0); # endif # else printf ("vax-dec-ultrix\n"); exit (0); # endif #endif #if defined (alliant) && defined (i860) printf ("i860-alliant-bsd\n"); exit (0); #endif exit (1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } # Apollos put the system type in the environment. test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } # Convex versions that predate uname can use getsysinfo(1) if [ -x /usr/convex/getsysinfo ] then case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd exit ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; c34*) echo c34-convex-bsd exit ;; c38*) echo c38-convex-bsd exit ;; c4*) echo c4-convex-bsd exit ;; esac fi cat >&2 < in order to provide the needed information to handle your system. config.guess timestamp = $timestamp uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` /bin/uname -X = `(/bin/uname -X) 2>/dev/null` hostinfo = `(hostinfo) 2>/dev/null` /bin/universe = `(/bin/universe) 2>/dev/null` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` /bin/arch = `(/bin/arch) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` UNAME_MACHINE = ${UNAME_MACHINE} UNAME_RELEASE = ${UNAME_RELEASE} UNAME_SYSTEM = ${UNAME_SYSTEM} UNAME_VERSION = ${UNAME_VERSION} EOF exit 1 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: nufw-2.4.3/ylwrap0000755000175000017500000001407411431215400010661 00000000000000#! /bin/sh # ylwrap - wrapper for lex/yacc invocations. scriptversion=2007-11-22.22 # Copyright (C) 1996, 1997, 1998, 1999, 2001, 2002, 2003, 2004, 2005, # 2007 Free Software Foundation, Inc. # # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # This file is maintained in Automake, please report # bugs to or send patches to # . case "$1" in '') echo "$0: No files given. Try \`$0 --help' for more information." 1>&2 exit 1 ;; --basedir) basedir=$2 shift 2 ;; -h|--h*) cat <<\EOF Usage: ylwrap [--help|--version] INPUT [OUTPUT DESIRED]... -- PROGRAM [ARGS]... Wrapper for lex/yacc invocations, renaming files as desired. INPUT is the input file OUTPUT is one file PROG generates DESIRED is the file we actually want instead of OUTPUT PROGRAM is program to run ARGS are passed to PROG Any number of OUTPUT,DESIRED pairs may be used. Report bugs to . EOF exit $? ;; -v|--v*) echo "ylwrap $scriptversion" exit $? ;; esac # The input. input="$1" shift case "$input" in [\\/]* | ?:[\\/]*) # Absolute path; do nothing. ;; *) # Relative path. Make it absolute. input="`pwd`/$input" ;; esac pairlist= while test "$#" -ne 0; do if test "$1" = "--"; then shift break fi pairlist="$pairlist $1" shift done # The program to run. prog="$1" shift # Make any relative path in $prog absolute. case "$prog" in [\\/]* | ?:[\\/]*) ;; *[\\/]*) prog="`pwd`/$prog" ;; esac # FIXME: add hostname here for parallel makes that run commands on # other machines. But that might take us over the 14-char limit. dirname=ylwrap$$ trap "cd '`pwd`'; rm -rf $dirname > /dev/null 2>&1" 1 2 3 15 mkdir $dirname || exit 1 cd $dirname case $# in 0) "$prog" "$input" ;; *) "$prog" "$@" "$input" ;; esac ret=$? if test $ret -eq 0; then set X $pairlist shift first=yes # Since DOS filename conventions don't allow two dots, # the DOS version of Bison writes out y_tab.c instead of y.tab.c # and y_tab.h instead of y.tab.h. Test to see if this is the case. y_tab_nodot="no" if test -f y_tab.c || test -f y_tab.h; then y_tab_nodot="yes" fi # The directory holding the input. input_dir=`echo "$input" | sed -e 's,\([\\/]\)[^\\/]*$,\1,'` # Quote $INPUT_DIR so we can use it in a regexp. # FIXME: really we should care about more than `.' and `\'. input_rx=`echo "$input_dir" | sed 's,\\\\,\\\\\\\\,g;s,\\.,\\\\.,g'` while test "$#" -ne 0; do from="$1" # Handle y_tab.c and y_tab.h output by DOS if test $y_tab_nodot = "yes"; then if test $from = "y.tab.c"; then from="y_tab.c" else if test $from = "y.tab.h"; then from="y_tab.h" fi fi fi if test -f "$from"; then # If $2 is an absolute path name, then just use that, # otherwise prepend `../'. case "$2" in [\\/]* | ?:[\\/]*) target="$2";; *) target="../$2";; esac # We do not want to overwrite a header file if it hasn't # changed. This avoid useless recompilations. However the # parser itself (the first file) should always be updated, # because it is the destination of the .y.c rule in the # Makefile. Divert the output of all other files to a temporary # file so we can compare them to existing versions. if test $first = no; then realtarget="$target" target="tmp-`echo $target | sed s/.*[\\/]//g`" fi # Edit out `#line' or `#' directives. # # We don't want the resulting debug information to point at # an absolute srcdir; it is better for it to just mention the # .y file with no path. # # We want to use the real output file name, not yy.lex.c for # instance. # # We want the include guards to be adjusted too. FROM=`echo "$from" | sed \ -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'\ -e 's/[^ABCDEFGHIJKLMNOPQRSTUVWXYZ]/_/g'` TARGET=`echo "$2" | sed \ -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'\ -e 's/[^ABCDEFGHIJKLMNOPQRSTUVWXYZ]/_/g'` sed -e "/^#/!b" -e "s,$input_rx,," -e "s,$from,$2," \ -e "s,$FROM,$TARGET," "$from" >"$target" || ret=$? # Check whether header files must be updated. if test $first = no; then if test -f "$realtarget" && cmp -s "$realtarget" "$target"; then echo "$2" is unchanged rm -f "$target" else echo updating "$2" mv -f "$target" "$realtarget" fi fi else # A missing file is only an error for the first file. This # is a blatant hack to let us support using "yacc -d". If -d # is not specified, we don't want an error when the header # file is "missing". if test $first = yes; then ret=1 fi fi shift shift first=no done else ret=$? fi # Remove the directory. cd .. rm -rf $dirname exit $ret # Local Variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-end: "$" # End: nufw-2.4.3/Makefile.in0000644000175000017500000005335411431215403011471 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = . DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(top_srcdir)/configure AUTHORS COPYING \ ChangeLog INSTALL NEWS TODO config.guess config.sub depcomp \ install-sh ltmain.sh missing ylwrap ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) am__remove_distdir = \ { test ! -d $(distdir) \ || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \ && rm -fr $(distdir); }; } DIST_ARCHIVES = $(distdir).tar.gz GZIP_ENV = --best distuninstallcheck_listfiles = find . -type f -print distcleancheck_listfiles = find . -type f -print ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = src scripts doc tests conf python selinux PATCH_FILES = patches/dump-connection-mark.diff EXTRA_DIST = autogen.sh $(PATCH_FILES) all: all-recursive .SUFFIXES: am--refresh: @: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ echo ' cd $(srcdir) && $(AUTOMAKE) --gnu '; \ cd $(srcdir) && $(AUTOMAKE) --gnu \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ echo ' $(SHELL) ./config.status'; \ $(SHELL) ./config.status;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck $(top_srcdir)/configure: $(am__configure_deps) cd $(srcdir) && $(AUTOCONF) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs distclean-libtool: -rm -f libtool # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) $(am__remove_distdir) test -d $(distdir) || mkdir $(distdir) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ distdir=`$(am__cd) $(distdir) && pwd`; \ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ (cd $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$top_distdir" \ distdir="$$distdir/$$subdir" \ am__remove_distdir=: \ am__skip_length_check=: \ distdir) \ || exit 1; \ fi; \ done -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r $(distdir) dist-gzip: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz $(am__remove_distdir) dist-bzip2: distdir tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2 $(am__remove_distdir) dist-lzma: distdir tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma $(am__remove_distdir) dist-tarZ: distdir tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__remove_distdir) dist-shar: distdir shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz $(am__remove_distdir) dist-zip: distdir -rm -f $(distdir).zip zip -rq $(distdir).zip $(distdir) $(am__remove_distdir) dist dist-all: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz $(am__remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another # tarfile. distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lzma*) \ unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac chmod -R a-w $(distdir); chmod a+w $(distdir) mkdir $(distdir)/_build mkdir $(distdir)/_inst chmod a-w $(distdir) dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && cd $(distdir)/_build \ && ../configure --srcdir=.. --prefix="$$dc_install_base" \ $(DISTCHECK_CONFIGURE_FLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ && $(MAKE) $(AM_MAKEFLAGS) install \ && $(MAKE) $(AM_MAKEFLAGS) installcheck \ && $(MAKE) $(AM_MAKEFLAGS) uninstall \ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ distuninstallcheck \ && chmod -R a-w "$$dc_install_base" \ && ({ \ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ } || { rm -rf "$$dc_destdir"; exit 1; }) \ && rm -rf "$$dc_destdir" \ && $(MAKE) $(AM_MAKEFLAGS) dist \ && rm -rf $(DIST_ARCHIVES) \ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck $(am__remove_distdir) @(echo "$(distdir) archives ready for distribution: "; \ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' distuninstallcheck: @cd $(distuninstallcheck_dir) \ && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \ || { echo "ERROR: files left after uninstall:" ; \ if test -n "$(DESTDIR)"; then \ echo " (check DESTDIR support)"; \ fi ; \ $(distuninstallcheck_listfiles) ; \ exit 1; } >&2 distcleancheck: distclean @if test '$(srcdir)' = . ; then \ echo "ERROR: distcleancheck can only run from a VPATH build" ; \ exit 1 ; \ fi @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left in build directory after distclean:" ; \ $(distcleancheck_listfiles) ; \ exit 1; } >&2 check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -f Makefile distclean-am: clean-am distclean-generic distclean-libtool \ distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive info: info-recursive info-am: install-dvi: install-dvi-recursive install-exec-am: install-html: install-html-recursive install-info: install-info-recursive install-man: install-pdf: install-pdf-recursive install-ps: install-ps-recursive installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -rf $(top_srcdir)/autom4te.cache -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ install-strip .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am am--refresh check check-am clean clean-generic \ clean-libtool ctags ctags-recursive dist dist-all dist-bzip2 \ dist-gzip dist-lzma dist-shar dist-tarZ dist-zip distcheck \ distclean distclean-generic distclean-libtool distclean-tags \ distcleancheck distdir distuninstallcheck dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ uninstall uninstall-am func_tests: cd tests && ./test_all.py all: @echo "Compile done"; install-data-am: @echo "Run 'make install-conf' if you want to install initial configuration file"; install-conf: install -d $(sysconfdir) test -e $(sysconfdir)/nufw.conf || install -m 600 $(top_srcdir)/conf/nufw.conf $(sysconfdir) install -d $(sysconfdir)/nuauth.d test -e $(sysconfdir)/nuauth.conf || install -m 600 $(top_srcdir)/conf/nuauth.conf $(sysconfdir) test -e $(sysconfdir)/nuauth.d/nuauth_ldap.conf || install -m 600 $(top_srcdir)/conf/nuauth.d/nuauth_ldap.conf $(sysconfdir)/nuauth.d test -e $(sysconfdir)/nuauth.d/nuauth_tls.conf || install -m 600 $(top_srcdir)/conf/nuauth.d/nuauth_tls.conf $(sysconfdir)/nuauth.d test -e $(sysconfdir)/nuauth.d/nuauth_mysql.conf || install -m 600 $(top_srcdir)/conf/nuauth.d/nuauth_mysql.conf $(sysconfdir)/nuauth.d test -e $(sysconfdir)/nuauth.d/nuauth_pgsql.conf || install -m 600 $(top_srcdir)/conf/nuauth.d/nuauth_pgsql.conf $(sysconfdir)/nuauth.d test -e $(sysconfdir)/nuauth.d/nuauth_tuning.conf || install -m 600 $(top_srcdir)/conf/nuauth.d/nuauth_tuning.conf $(sysconfdir)/nuauth.d test -e $(sysconfdir)/nuauth.d/nuauth_mark.conf || install -m 600 $(top_srcdir)/conf/nuauth.d/nuauth_mark.conf $(sysconfdir)/nuauth.d test -e $(sysconfdir)/nuauth.d/nuauth_krb5.conf || install -m 600 $(top_srcdir)/conf/nuauth.d/nuauth_krb5.conf $(sysconfdir)/nuauth.d test -e $(sysconfdir)/nuauth.d/nuauth_authtype.conf || install -m 600 $(top_srcdir)/conf/nuauth.d/nuauth_authtype.conf $(sysconfdir)/nuauth.d test -e $(sysconfdir)/certs/NuFW-cacert.pem || install -m 600 $(top_srcdir)/conf/certs/NuFW-cacert.pem $(sysconfdir) test -e $(sysconfdir)/certs/nufw-key.pem || install -m 600 $(top_srcdir)/conf/certs/nufw-key.pem $(sysconfdir) test -e $(sysconfdir)/certs/nufw-cert.pem || install -m 600 $(top_srcdir)/conf/certs/nufw-cert.pem $(sysconfdir) test -e $(sysconfdir)/certs/nuauth-key.pem || install -m 600 $(top_srcdir)/conf/certs/nuauth-key.pem $(sysconfdir) test -e $(sysconfdir)/certs/nuauth-cert.pem || install -m 600 $(top_srcdir)/conf/certs/nuauth-cert.pem $(sysconfdir) test -e $(sysconfdir)/acls.nufw || install -m 600 $(top_srcdir)/conf/acls.nufw $(sysconfdir) test -e $(sysconfdir)/users.nufw || install -m 600 $(top_srcdir)/conf/users-plaintext.nufw $(sysconfdir)/users.nufw test -e $(sysconfdir)/periods.xml || install -m 600 $(top_srcdir)/conf/periods.xml $(sysconfdir)/ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/config.sub0000755000175000017500000010115310756112266011412 00000000000000#! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 # Free Software Foundation, Inc. timestamp='2008-01-16' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software # can handle that machine. It does not imply ALL GNU software can. # # This file is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA # 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Please send patches to . Submit a context # diff and a properly formatted ChangeLog entry. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. # Each package is responsible for reporting which valid configurations # it does not support. The user should be able to distinguish # a failure to support a valid configuration from a meaningless # configuration. # The goal of this file is to map all the various variations of a given # machine specification into a single specification in the form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM # or in some cases, the newer four-part form: # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] CPU-MFR-OPSYS $0 [OPTION] ALIAS Canonicalize a configuration name. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.sub ($timestamp) Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" exit 1 ;; *local*) # First pass through any local machine types. echo $1 exit ;; * ) break ;; esac done case $# in 0) echo "$me: missing argument$help" >&2 exit 1;; 1) ;; *) echo "$me: too many arguments$help" >&2 exit 1;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] then os=`echo $1 | sed 's/.*-/-/'` else os=; fi ;; esac ### Let's recognize common machines as not being operating systems so ### that things like config.sub decstation-3100 work. We also ### recognize some manufacturers as not being operating systems, so we ### can provide default operating systems below. case $os in -sun*os*) # Prevent following clause from handling this invalid input. ;; -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -apple | -axis | -knuth | -cray) os= basic_machine=$1 ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 ;; -scout) ;; -wrs) os=-vxworks basic_machine=$1 ;; -chorusos*) os=-chorusos basic_machine=$1 ;; -chorusrdb) os=-chorusrdb basic_machine=$1 ;; -hiux*) os=-hiuxwe2 ;; -sco6) os=-sco5v6 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5) os=-sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5v6*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -udk*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -lynx*) os=-lynxos ;; -ptx*) basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` ;; -windowsnt*) os=`echo $os | sed -e 's/windowsnt/winnt/'` ;; -psos*) os=-psos ;; -mint | -mint[0-9]*) basic_machine=m68k-atari os=-mint ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. 1750a | 580 \ | a29k \ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ | maxq | mb | microblaze | mcore | mep \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ | mips64vr | mips64vrel \ | mips64orion | mips64orionel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | mt \ | msp430 \ | nios | nios2 \ | ns16k | ns32k \ | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ | score \ | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu | strongarm \ | tahoe | thumb | tic4x | tic80 | tron \ | v850 | v850e \ | we32k \ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ | z8k) basic_machine=$basic_machine-unknown ;; m6811 | m68hc11 | m6812 | m68hc12) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown os=-none ;; m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) ;; ms1) basic_machine=mt-unknown ;; # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. i*86 | x86_64) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. *-*-*) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. 580-* \ | a29k-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ | m88110-* | m88k-* | maxq-* | mcore-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ | mips64vr-* | mips64vrel-* \ | mips64orion-* | mips64orionel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ | nios-* | nios2-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ | romp-* | rs6000-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tron-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ | xstormy16-* | xtensa*-* \ | ymp-* \ | z8k-*) ;; # Recognize the basic CPU types without company name, with glob match. xtensa*) basic_machine=$basic_machine-unknown ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) basic_machine=i386-unknown os=-bsd ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; a29khif) basic_machine=a29k-amd os=-udi ;; abacus) basic_machine=abacus-unknown ;; adobe68k) basic_machine=m68010-adobe os=-scout ;; alliant | fx80) basic_machine=fx80-alliant ;; altos | altos3068) basic_machine=m68k-altos ;; am29k) basic_machine=a29k-none os=-bsd ;; amd64) basic_machine=x86_64-pc ;; amd64-*) basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; amdahl) basic_machine=580-amdahl os=-sysv ;; amiga | amiga-*) basic_machine=m68k-unknown ;; amigaos | amigados) basic_machine=m68k-unknown os=-amigaos ;; amigaunix | amix) basic_machine=m68k-unknown os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; apollo68bsd) basic_machine=m68k-apollo os=-bsd ;; aux) basic_machine=m68k-apple os=-aux ;; balance) basic_machine=ns32k-sequent os=-dynix ;; blackfin) basic_machine=bfin-unknown os=-linux ;; blackfin-*) basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; c90) basic_machine=c90-cray os=-unicos ;; convex-c1) basic_machine=c1-convex os=-bsd ;; convex-c2) basic_machine=c2-convex os=-bsd ;; convex-c32) basic_machine=c32-convex os=-bsd ;; convex-c34) basic_machine=c34-convex os=-bsd ;; convex-c38) basic_machine=c38-convex os=-bsd ;; cray | j90) basic_machine=j90-cray os=-unicos ;; craynv) basic_machine=craynv-cray os=-unicosmp ;; cr16) basic_machine=cr16-unknown os=-elf ;; crds | unos) basic_machine=m68k-crds ;; crisv32 | crisv32-* | etraxfs*) basic_machine=crisv32-axis ;; cris | cris-* | etrax*) basic_machine=cris-axis ;; crx) basic_machine=crx-unknown os=-elf ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; decsystem10* | dec10*) basic_machine=pdp10-dec os=-tops10 ;; decsystem20* | dec20*) basic_machine=pdp10-dec os=-tops20 ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola ;; delta88) basic_machine=m88k-motorola os=-sysv3 ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx ;; dpx2* | dpx2*-bull) basic_machine=m68k-bull os=-sysv3 ;; ebmon29k) basic_machine=a29k-amd os=-ebmon ;; elxsi) basic_machine=elxsi-elxsi os=-bsd ;; encore | umax | mmax) basic_machine=ns32k-encore ;; es1800 | OSE68k | ose68k | ose | OSE) basic_machine=m68k-ericsson os=-ose ;; fx2800) basic_machine=i860-alliant ;; genix) basic_machine=ns32k-ns ;; gmicro) basic_machine=tron-gmicro os=-sysv ;; go32) basic_machine=i386-pc os=-go32 ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; h8300hms) basic_machine=h8300-hitachi os=-hms ;; h8300xray) basic_machine=h8300-hitachi os=-xray ;; h8500hms) basic_machine=h8500-hitachi os=-hms ;; harris) basic_machine=m88k-harris os=-sysv3 ;; hp300-*) basic_machine=m68k-hp ;; hp300bsd) basic_machine=m68k-hp os=-bsd ;; hp300hpux) basic_machine=m68k-hp os=-hpux ;; hp3k9[0-9][0-9] | hp9[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; hp9k6[0-9][0-9] | hp6[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k7[0-79][0-9] | hp7[0-79][0-9]) basic_machine=hppa1.1-hp ;; hp9k78[0-9] | hp78[0-9]) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[0-9][13679] | hp8[0-9][13679]) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; hppa-next) os=-nextstep3 ;; hppaosf) basic_machine=hppa1.1-hp os=-osf ;; hppro) basic_machine=hppa1.1-hp os=-proelf ;; i370-ibm* | ibm*) basic_machine=i370-ibm ;; # I'm not sure what "Sysv32" means. Should this be sysv3.2? i*86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i*86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i*86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; i*86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; i386mach) basic_machine=i386-mach os=-mach ;; i386-vsta | vsta) basic_machine=i386-unknown os=-vsta ;; iris | iris4d) basic_machine=mips-sgi case $os in -irix*) ;; *) os=-irix4 ;; esac ;; isi68 | isi) basic_machine=m68k-isi os=-sysv ;; m68knommu) basic_machine=m68k-unknown os=-linux ;; m68knommu-*) basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; m88k-omron*) basic_machine=m88k-omron ;; magnum | m3230) basic_machine=mips-mips os=-sysv ;; merlin) basic_machine=ns32k-utek os=-sysv ;; mingw32) basic_machine=i386-pc os=-mingw32 ;; mingw32ce) basic_machine=arm-unknown os=-mingw32ce ;; miniframe) basic_machine=m68000-convergent ;; *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) basic_machine=m68k-atari os=-mint ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; monitor) basic_machine=m68k-rom68k os=-coff ;; morphos) basic_machine=powerpc-unknown os=-morphos ;; msdos) basic_machine=i386-pc os=-msdos ;; ms1-*) basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; mvs) basic_machine=i370-ibm os=-mvs ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; netbsd386) basic_machine=i386-unknown os=-netbsd ;; netwinder) basic_machine=armv4l-rebel os=-linux ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos ;; news1000) basic_machine=m68030-sony os=-newsos ;; news-3600 | risc-news) basic_machine=mips-sony os=-newsos ;; necv70) basic_machine=v70-nec os=-sysv ;; next | m*-next ) basic_machine=m68k-next case $os in -nextstep* ) ;; -ns2*) os=-nextstep2 ;; *) os=-nextstep3 ;; esac ;; nh3000) basic_machine=m68k-harris os=-cxux ;; nh[45]000) basic_machine=m88k-harris os=-cxux ;; nindy960) basic_machine=i960-intel os=-nindy ;; mon960) basic_machine=i960-intel os=-mon960 ;; nonstopux) basic_machine=mips-compaq os=-nonstopux ;; np1) basic_machine=np1-gould ;; nsr-tandem) basic_machine=nsr-tandem ;; op50n-* | op60c-*) basic_machine=hppa1.1-oki os=-proelf ;; openrisc | openrisc-*) basic_machine=or32-unknown ;; os400) basic_machine=powerpc-ibm os=-os400 ;; OSE68000 | ose68000) basic_machine=m68000-ericsson os=-ose ;; os68k) basic_machine=m68k-none os=-os68k ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; paragon) basic_machine=i860-intel os=-osf ;; parisc) basic_machine=hppa-unknown os=-linux ;; parisc-*) basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; pbd) basic_machine=sparc-tti ;; pbb) basic_machine=m68k-tti ;; pc532 | pc532-*) basic_machine=ns32k-pc532 ;; pc98) basic_machine=i386-pc ;; pc98-*) basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium | p5 | k5 | k6 | nexgen | viac3) basic_machine=i586-pc ;; pentiumpro | p6 | 6x86 | athlon | athlon_*) basic_machine=i686-pc ;; pentiumii | pentium2 | pentiumiii | pentium3) basic_machine=i686-pc ;; pentium4) basic_machine=i786-pc ;; pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium4-*) basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould ;; power) basic_machine=power-ibm ;; ppc) basic_machine=powerpc-unknown ;; ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown ;; ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64le | powerpc64little | ppc64-le | powerpc64-little) basic_machine=powerpc64le-unknown ;; ppc64le-* | powerpc64little-*) basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm ;; pw32) basic_machine=i586-unknown os=-pw32 ;; rdos) basic_machine=i386-pc os=-rdos ;; rom68k) basic_machine=m68k-rom68k os=-coff ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; s390 | s390-*) basic_machine=s390-ibm ;; s390x | s390x-*) basic_machine=s390x-ibm ;; sa29200) basic_machine=a29k-amd os=-udi ;; sb1) basic_machine=mipsisa64sb1-unknown ;; sb1el) basic_machine=mipsisa64sb1el-unknown ;; sde) basic_machine=mipsisa32-sde os=-elf ;; sei) basic_machine=mips-sei os=-seiux ;; sequent) basic_machine=i386-sequent ;; sh) basic_machine=sh-hitachi os=-hms ;; sh5el) basic_machine=sh5le-unknown ;; sh64) basic_machine=sh64-unknown ;; sparclite-wrs | simso-wrs) basic_machine=sparclite-wrs os=-vxworks ;; sps7) basic_machine=m68k-bull os=-sysv2 ;; spur) basic_machine=spur-unknown ;; st2000) basic_machine=m68k-tandem ;; stratus) basic_machine=i860-stratus os=-sysv4 ;; sun2) basic_machine=m68000-sun ;; sun2os3) basic_machine=m68000-sun os=-sunos3 ;; sun2os4) basic_machine=m68000-sun os=-sunos4 ;; sun3os3) basic_machine=m68k-sun os=-sunos3 ;; sun3os4) basic_machine=m68k-sun os=-sunos4 ;; sun4os3) basic_machine=sparc-sun os=-sunos3 ;; sun4os4) basic_machine=sparc-sun os=-sunos4 ;; sun4sol2) basic_machine=sparc-sun os=-solaris2 ;; sun3 | sun3-*) basic_machine=m68k-sun ;; sun4) basic_machine=sparc-sun ;; sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; sv1) basic_machine=sv1-cray os=-unicos ;; symmetry) basic_machine=i386-sequent os=-dynix ;; t3e) basic_machine=alphaev5-cray os=-unicos ;; t90) basic_machine=t90-cray os=-unicos ;; tic54x | c54x*) basic_machine=tic54x-unknown os=-coff ;; tic55x | c55x*) basic_machine=tic55x-unknown os=-coff ;; tic6x | c6x*) basic_machine=tic6x-unknown os=-coff ;; tile*) basic_machine=tile-unknown os=-linux-gnu ;; tx39) basic_machine=mipstx39-unknown ;; tx39el) basic_machine=mipstx39el-unknown ;; toad1) basic_machine=pdp10-xkl os=-tops20 ;; tower | tower-32) basic_machine=m68k-ncr ;; tpf) basic_machine=s390x-ibm os=-tpf ;; udi29k) basic_machine=a29k-amd os=-udi ;; ultra3) basic_machine=a29k-nyu os=-sym1 ;; v810 | necv810) basic_machine=v810-nec os=-none ;; vaxv) basic_machine=vax-dec os=-sysv ;; vms) basic_machine=vax-dec os=-vms ;; vpp*|vx|vx-*) basic_machine=f301-fujitsu ;; vxworks960) basic_machine=i960-wrs os=-vxworks ;; vxworks68) basic_machine=m68k-wrs os=-vxworks ;; vxworks29k) basic_machine=a29k-wrs os=-vxworks ;; w65*) basic_machine=w65-wdc os=-none ;; w89k-*) basic_machine=hppa1.1-winbond os=-proelf ;; xbox) basic_machine=i686-pc os=-mingw32 ;; xps | xps100) basic_machine=xps100-honeywell ;; ymp) basic_machine=ymp-cray os=-unicos ;; z8k-*-coff) basic_machine=z8k-unknown os=-sim ;; none) basic_machine=none-none os=-none ;; # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. w89k) basic_machine=hppa1.1-winbond ;; op50n) basic_machine=hppa1.1-oki ;; op60c) basic_machine=hppa1.1-oki ;; romp) basic_machine=romp-ibm ;; mmix) basic_machine=mmix-knuth ;; rs6000) basic_machine=rs6000-ibm ;; vax) basic_machine=vax-dec ;; pdp10) # there are many clones, so DEC is not a safe bet basic_machine=pdp10-unknown ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) basic_machine=sparc-sun ;; cydra) basic_machine=cydra-cydrome ;; orion) basic_machine=orion-highlevel ;; orion105) basic_machine=clipper-highlevel ;; mac | mpw | mac-mpw) basic_machine=m68k-apple ;; pmac | pmac-mpw) basic_machine=powerpc-apple ;; *-unknown) # Make sure to match an already-canonicalized machine name. ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` ;; *-commodore*) basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` ;; *) ;; esac # Decode manufacturer-specific aliases for certain operating systems. if [ x"$os" != x"" ] then case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; -solaris) os=-solaris2 ;; -svr4*) os=-sysv4 ;; -unixware*) os=-sysv4.2uw ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; # First accept the basic system types. # The portable systems comes first. # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ | -openbsd* | -solidbsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ | -skyos* | -haiku* | -rdos* | -toppers* | -drops*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) case $basic_machine in x86-* | i*86-*) ;; *) os=-nto$os ;; esac ;; -nto-qnx*) ;; -nto*) os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) os=`echo $os | sed -e 's|mac|macos|'` ;; -linux-dietlibc) os=-linux-dietlibc ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) os=`echo $os | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; -opened*) os=-openedition ;; -os400*) os=-os400 ;; -wince*) os=-wince ;; -osfrose*) os=-osfrose ;; -osf*) os=-osf ;; -utek*) os=-bsd ;; -dynix*) os=-bsd ;; -acis*) os=-aos ;; -atheos*) os=-atheos ;; -syllable*) os=-syllable ;; -386bsd) os=-bsd ;; -ctix* | -uts*) os=-sysv ;; -nova*) os=-rtmk-nova ;; -ns2 ) os=-nextstep2 ;; -nsk*) os=-nsk ;; # Preserve the version number of sinix5. -sinix5.*) os=`echo $os | sed -e 's|sinix|sysv|'` ;; -sinix*) os=-sysv4 ;; -tpf*) os=-tpf ;; -triton*) os=-sysv3 ;; -oss*) os=-sysv3 ;; -svr4) os=-sysv4 ;; -svr3) os=-sysv3 ;; -sysvr4) os=-sysv4 ;; # This must come after -sysvr4. -sysv*) ;; -ose*) os=-ose ;; -es1800*) os=-ose ;; -xenix) os=-xenix ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) os=-mint ;; -aros*) os=-aros ;; -kaos*) os=-kaos ;; -zvmoe) os=-zvmoe ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 exit 1 ;; esac else # Here we handle the default operating systems that come with various machines. # The value should be what the vendor currently ships out the door with their # machine or put another way, the most popular os provided with the machine. # Note that if you're going to try to match "-MANUFACTURER" here (say, # "-sun"), then you have to tell the case statement up towards the top # that MANUFACTURER isn't an operating system. Otherwise, code above # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. case $basic_machine in score-*) os=-elf ;; spu-*) os=-elf ;; *-acorn) os=-riscix1.2 ;; arm*-rebel) os=-linux ;; arm*-semi) os=-aout ;; c4x-* | tic4x-*) os=-coff ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 ;; pdp11-*) os=-none ;; *-dec | vax-*) os=-ultrix4.2 ;; m68*-apollo) os=-domain ;; i386-sun) os=-sunos4.0.2 ;; m68000-sun) os=-sunos3 # This also exists in the configure program, but was not the # default. # os=-sunos4 ;; m68*-cisco) os=-aout ;; mep-*) os=-elf ;; mips*-cisco) os=-elf ;; mips*-*) os=-elf ;; or32-*) os=-coff ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; *-be) os=-beos ;; *-haiku) os=-haiku ;; *-ibm) os=-aix ;; *-knuth) os=-mmixware ;; *-wec) os=-proelf ;; *-winbond) os=-proelf ;; *-oki) os=-proelf ;; *-hp) os=-hpux ;; *-hitachi) os=-hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) os=-sysv ;; *-cbm) os=-amigaos ;; *-dg) os=-dgux ;; *-dolphin) os=-sysv3 ;; m68k-ccur) os=-rtu ;; m88k-omron*) os=-luna ;; *-next ) os=-nextstep ;; *-sequent) os=-ptx ;; *-crds) os=-unos ;; *-ns) os=-genix ;; i370-*) os=-mvs ;; *-next) os=-nextstep3 ;; *-gould) os=-sysv ;; *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; *-sgi) os=-irix ;; *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; f30[01]-fujitsu | f700-fujitsu) os=-uxpv ;; *-rom68k) os=-coff ;; *-*bug) os=-coff ;; *-apple) os=-macos ;; *-atari*) os=-mint ;; *) os=-none ;; esac fi # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. vendor=unknown case $basic_machine in *-unknown) case $os in -riscix*) vendor=acorn ;; -sunos*) vendor=sun ;; -aix*) vendor=ibm ;; -beos*) vendor=be ;; -hpux*) vendor=hp ;; -mpeix*) vendor=hp ;; -hiux*) vendor=hitachi ;; -unos*) vendor=crds ;; -dgux*) vendor=dg ;; -luna*) vendor=omron ;; -genix*) vendor=ns ;; -mvs* | -opened*) vendor=ibm ;; -os400*) vendor=ibm ;; -ptx*) vendor=sequent ;; -tpf*) vendor=ibm ;; -vxsim* | -vxworks* | -windiss*) vendor=wrs ;; -aux*) vendor=apple ;; -hms*) vendor=hitachi ;; -mpw* | -macos*) vendor=apple ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) vendor=atari ;; -vos*) vendor=stratus ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os exit # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: nufw-2.4.3/src/0000777000175000017500000000000011431215440010266 500000000000000nufw-2.4.3/src/Makefile.in0000644000175000017500000003532711431215377012272 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive ETAGS = etags CTAGS = ctags DIST_SUBDIRS = include libs nufw clients nuauth DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ EXTRA_DIST = doxygen.cfg doxygen.sh @BUILD_NUAUTH_FALSE@SUBDIRS = include libs nufw clients @BUILD_NUAUTH_TRUE@SUBDIRS = include libs nuauth nufw clients all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ distdir=`$(am__cd) $(distdir) && pwd`; \ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ (cd $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$top_distdir" \ distdir="$$distdir/$$subdir" \ am__remove_distdir=: \ am__skip_length_check=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-exec-am: install-html: install-html-recursive install-info: install-info-recursive install-man: install-pdf: install-pdf-recursive install-ps: install-ps-recursive installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ install-strip .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic clean-libtool \ ctags ctags-recursive distclean distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/include/0000777000175000017500000000000011431215437011717 500000000000000nufw-2.4.3/src/include/proto.h0000644000175000017500000001321711431206275013153 00000000000000/* ** Copyright (C) 2002-2007 - INL ** Written by Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NUFW_PROTOCOL_H #define NUFW_PROTOCOL_H #ifdef HAVE_CONFIG_H # include "config.h" #endif #ifdef LINUX # include #else # include #endif #define AUTHREQ_PORT 4128 #define USERPCKT_PORT 4129 #define USERPCKT_SERVICE "4129" /* define here last proto */ #define PROTO_STRING "PROTO" #define PROTO_UNKNOWN 0 enum proto_type_t { NUFW_PROTO = 0, CLIENT_PROTO }; enum proto_client_version_t { PROTO_VERSION_NONE, PROTO_VERSION_V20 = 3, PROTO_VERSION_V22, PROTO_VERSION_V22_1, PROTO_VERSION_V24 }; #define PROTO_VERSION PROTO_VERSION_V24 enum proto_nufw_version_t { PROTO_VERSION_NUFW_V20 = 3, PROTO_VERSION_NUFW_V22, PROTO_VERSION_NUFW_V22_2 }; #define PROTO_NUFW_VERSION PROTO_VERSION_NUFW_V22_2 /* header common for all packets 1 4 8 16 24 32 | | | | | | | Proto |Msg Type | Msg option | packet length | message type is one of : AUTHREQ : user send packet */ struct nu_header { #ifdef WORDS_BIGENDIAN uint8_t msg_type:4; uint8_t proto:4; #else uint8_t proto:4; uint8_t msg_type:4; #endif uint8_t option; uint16_t length; }; /** * Header of message send by NuFW to NuAuth * * See also structures ::nufw_to_nuauth_conntrack_message_t and * ::nufw_to_nuauth_auth_message_t which include message content. */ typedef struct { /** Version of the protocol (#PROTO_VERSION) */ uint8_t protocol_version; /** Message type (from ::nufw_message_t) */ uint8_t msg_type; /** Message length including header (in bytes) */ uint16_t msg_length; } nufw_to_nuauth_message_header_t; /** * (possible value of the option member of ::nuv2_authfield) */ #define OS_SRV 0x1 #define CLIENT_SRV 0x1 #define APP_TYPE_NAME 0x1 /** application is defined by full path. */ /** * Application is defined by full path and SHA1 sig of binary. * * Format is : "full_path_app;SHA1 sig" each filed being base64 encoded */ #define APP_TYPE_SHA1 0x2 typedef enum { DECISION_DROP = 0, /*!< NuAuth decision answer: drop packet */ DECISION_ACCEPT, /*!< NuAuth decision answer: packet accepted */ DECISION_NODECIDE, /*!< NuAuth decision answer: can't decide! */ DECISION_REJECT /*!< NuAuth decision answer: reject the packet */ } decision_t; /** * Message type : stored on 4 bits * * Used in ::nufw_to_nuauth_message_header_t */ typedef enum { AUTH_REQUEST = 0x1, AUTH_ANSWER, USER_REQUEST, AUTH_CONTROL, USER_HELLO, AUTH_CONN_DESTROY, AUTH_CONN_UPDATE, AUTH_CONN_FIXED_TIMEOUT, EXTENDED_PROTO, } nufw_message_t; typedef enum { IPV4_FIELD = 1, IPV6_FIELD, APP_FIELD, OS_FIELD, VERSION_FIELD, HELLO_FIELD, CAPA_FIELD, EXTENDED_PROTO_FIELD, HASH_FIELD, } nu_field_identifier_t; struct nu_authreq { uint16_t packet_seq; uint16_t packet_length; /*!< Length of the whole packet including this header */ }; /** * Header of one field. * See also the header of the whole packet: ::nu_authreq */ struct nu_authfield { uint8_t type; /*!< Field type identifier: see ::nuv_field_identifier_t */ uint8_t option; /*!< Option: equals to 0 to #OS_SRV */ uint16_t length; /*!< Length of one field */ }; struct nu_authfield_ipv6 { uint8_t type; uint8_t option; uint16_t length; /*!< Length of one field */ struct in6_addr src; struct in6_addr dst; uint8_t proto; uint8_t flags; uint16_t FUSE; uint16_t sport; uint16_t dport; }; struct nu_authfield_ipv4 { uint8_t type; uint8_t option; uint16_t length; /*!< Length of one field */ uint32_t src; uint32_t dst; uint8_t proto; uint8_t flags; uint16_t FUSE; uint16_t sport; uint16_t dport; }; /** * Application field datas */ struct nu_authfield_app { uint8_t type; uint8_t option; uint16_t length; /*!< Length of content */ /* after that is the application content */ }; struct nu_authfield_hello { uint8_t type; uint8_t option; uint16_t length; uint32_t helloid; /*!< Length of one field */ }; /* sender to client message */ /* type message */ typedef enum { SRV_TYPE = 1, /*!< Send server mode: #SRV_TYPE_PUSH or #SRV_TYPE_POLL */ SRV_REQUIRED_PACKET, SRV_REQUIRED_DISCONNECT, SRV_REQUIRED_HELLO, SRV_REQUIRED_INFO, SRV_EXTENDED_PROTO, SRV_INIT, } nu_type_t; /** Server mode, value of with #SRV_TYPE (::nuv2_srv_message) message type */ typedef enum { SRV_TYPE_POLL = 0, /*!< Server works in POLL mode (default) */ SRV_TYPE_PUSH, /*!< Server works in PUSH mode */ SRV_HASH_TYPE /*!< Server hash function for app sig */ } nu_server_mode_t; typedef enum { OS_VERSION = 0, CLIENT_VERSION, CLIENT_CAPA } nu_client_info_t; typedef enum { INIT_NOK = 0, INIT_OK } nu_srv_init_t; struct nu_srv_message { uint8_t type; uint8_t option; uint16_t length; }; struct nu_srv_helloreq { uint8_t type, option; uint16_t length; uint32_t helloid; }; /* include definition for NuFW 2.0 */ #include /* include definition for NuFW 2.2 */ #include #endif nufw-2.4.3/src/include/proto_v4.h0000644000175000017500000000731411431206275013565 00000000000000/* ** Copyright (C) 2002-2009 INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NUFW_PROTOCOL_V4_H #define NUFW_PROTOCOL_V4_H #include /* struct in6addr */ #ifdef LINUX # ifdef USE_NFQUEUE # include # else # define IFNAMSIZ 16 # endif #else #define IFNAMSIZ 16 #endif /** * Protocol version of message exchanged between NuFW and NuAuth. * * Value of field protocol_version of ::nufw_to_nuauth_message_header_t */ /* * Protocol 4 definition */ /** * Message of type #AUTH_CONN_DESTROY or #AUTH_CONN_UPDATE send * by NuFW to NuAuth */ #define aligned_u64 unsigned long long __attribute__((aligned(8))) struct nuv4_conntrack_message_t { /* Copy/paste nufw_to_nuauth_message_header_t content */ uint8_t protocol_version; /*!< Version of the protocol (#PROTO_VERSION) */ uint8_t msg_type; /*!< Message type (from ::nufw_message_t) */ uint16_t msg_length; /*!< Message length including header (in bytes) */ /* Conntrack fields */ uint32_t timeout; /*!< Timeout (Epoch format) */ struct in6_addr ip_src; /*!< IPv6 source IP */ struct in6_addr ip_dst; /*!< IPv6 destination IP */ uint8_t ip_protocol; /*!< IP protocol number */ uint16_t src_port; /*!< TCP/UDP source port or ICMP type */ uint16_t dest_port; /*!< TCP/UDP destination port or ICMP code */ /* mark field */ u_int32_t mark; /* counters fields */ aligned_u64 packets_in; aligned_u64 bytes_in; aligned_u64 packets_out; aligned_u64 bytes_out; }; /** * Message of type #AUTH_REQUEST or #AUTH_CONTROL * send by NuFW to NuAuth */ typedef struct { /* Copy/paste nufw_to_nuauth_message_header_t content */ uint8_t protocol_version; /*!< Version of the protocol (#PROTO_VERSION) */ uint8_t msg_type; /*!< Message type (from ::nufw_message_t) */ uint16_t msg_length; /*!< Message length including header (in bytes) */ /* Authentication fields */ uint32_t packet_id; /*!< Netfilter packet unique identifier */ uint32_t timestamp; /*!< Timestamp (Epoch format) */ u_int32_t mark; char indev[IFNAMSIZ]; char physindev[IFNAMSIZ]; char outdev[IFNAMSIZ]; char physoutdev[IFNAMSIZ]; /* (...): packet content (maybe truncated) */ } nuv4_nufw_to_nuauth_auth_message_t; /** * Send NuAuth decision to NuFW */ typedef struct { uint8_t protocol_version; /*!< Version of the protocol (#PROTO_VERSION) */ uint8_t msg_type; /*!< Message type (#AUTH_ANSWER) */ u_int8_t decision; /*!< NuAuth decision (see ::decision_t) */ u_int8_t priority; /*!< priority (See if there is an interest of having this in the scope of asynchronous message) */ uint32_t packet_id; /*!< NetFilter packet unique identifier */ u_int32_t tcmark; /*!< User identifier */ uint16_t payload_len; /*!< Indicate the length of data in the recv buffer after the end of the structure that contains the payload of packet. Set to 0 to treat the following data as a new decision response */ uint16_t padding; /*!< 0x00000000 */ } nuv4_nuauth_decision_response_t; #endif nufw-2.4.3/src/include/Makefile.in0000644000175000017500000002322511431215377013707 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/include DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ $(srcdir)/config.h.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ EXTRA_DIST = security.h debug.h documentation.h \ jhash.h nufw_source.h proto.h \ proto_v3.h proto_v4.h security.h all: config.h $(MAKE) $(AM_MAKEFLAGS) all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/include/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/include/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh config.h: stamp-h1 @if test ! -f $@; then \ rm -f stamp-h1; \ $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \ else :; fi stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status @rm -f stamp-h1 cd $(top_builddir) && $(SHELL) ./config.status src/include/config.h $(srcdir)/config.h.in: $(am__configure_deps) cd $(top_srcdir) && $(AUTOHEADER) rm -f stamp-h1 touch $@ distclean-hdr: -rm -f config.h stamp-h1 mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile config.h installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic distclean-hdr dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ distclean distclean-generic distclean-hdr distclean-libtool \ distdir dvi dvi-am html html-am info info-am install \ install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/include/proto_v3.h0000644000175000017500000000630511431206275013563 00000000000000/* ** Copyright (C) 2002-2009 - INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NUFW_PROTOCOL_V3_H #define NUFW_PROTOCOL_V3_H #ifdef LINUX # include #else # include #endif /** * Protocol version of message exchanged between NuFW and NuAuth. * * Value of field protocol_version of ::nufw_to_nuauth_message_header_t */ /* * Protocol 3 definition */ /** * Message of type #AUTH_CONN_DESTROY or #AUTH_CONN_UPDATE send * by NuFW to NuAuth */ struct nuv3_conntrack_message_t { /* Copy/paste nufw_to_nuauth_message_header_t content */ uint8_t protocol_version; /*!< Version of the protocol (#PROTO_VERSION) */ uint8_t msg_type; /*!< Message type (from ::nufw_message_t) */ uint16_t msg_length; /*!< Message length including header (in bytes) */ /* Conntrack fields */ uint32_t timeout; /*!< Timeout (Epoch format) */ uint32_t ipv4_src; /*!< IPv4 source IP */ uint32_t ipv4_dst; /*!< IPv4 destination IP */ uint8_t ipv4_protocol; /*!< IPv4 protocol number */ uint16_t src_port; /*!< TCP/UDP source port or ICMP type */ uint16_t dest_port; /*!< TCP/UDP destionation port or ICMP code */ }; /** * Message of type #AUTH_REQUEST or #AUTH_CONTROL * send by NuFW to NuAuth */ typedef struct { /* Copy/paste nufw_to_nuauth_message_header_t content */ uint8_t protocol_version; /*!< Version of the protocol (#PROTO_VERSION) */ uint8_t msg_type; /*!< Message type (from ::nufw_message_t) */ uint16_t msg_length; /*!< Message length including header (in bytes) */ /* Authentication fields */ uint32_t packet_id; /*!< Netfilter packet unique identifier */ uint32_t timestamp; /*!< Timestamp (Epoch format) */ /* (...): packet content (maybe truncated) */ } nuv3_nufw_to_nuauth_auth_message_t; /** * Send NuAuth decision to NuFW */ typedef struct { uint8_t protocol_version; /*!< Version of the protocol (#PROTO_VERSION) */ uint8_t msg_type; /*!< Message type (#AUTH_ANSWER) */ u_int16_t mark; /*!< Mark */ u_int8_t decision; /*!< NuAuth decision (see ::decision_t) */ uint8_t priority; /*!< Priority ? */ uint16_t padding; /*!< Padding (0x0000) */ uint32_t packet_id; /*!< NetFilter packet unique identifier */ uint16_t payload_len; /*!< Indicate the length of datas in the recv buffer after the end of the structure that contains the payload of packet. Set to 0 to treat the following datas as a new decision response */ } nuv3_nuauth_decision_response_t; #endif /* NUFW_PROTOCOL_V3_H */ nufw-2.4.3/src/include/debug.h0000644000175000017500000000467011431206275013101 00000000000000/* ** Copyright 2005-2008 - INL ** Written by Vincent Deffontaines ** Victor Stinner ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NUFW_DEBUG_HEADER #define NUFW_DEBUG_HEADER #define RETURN_NO_LOG return /** * Debug levels: default is #DEFAULT_DEBUG_LEVEL * and values are between #MIN_DEBUG_LEVEL and #MAX_DEBUG_LEVEL */ typedef enum { DEBUG_LEVEL_FATAL = 1, /*!< 1: Least verbose level */ DEBUG_LEVEL_CRITICAL, /*!< 2 */ DEBUG_LEVEL_SERIOUS_WARNING, /*!< 3 (default) */ DEBUG_LEVEL_WARNING, /*!< 4 */ DEBUG_LEVEL_SERIOUS_MESSAGE, /*!< 5 */ DEBUG_LEVEL_MESSAGE, /*!< 6 */ DEBUG_LEVEL_INFO, /*!< 7 */ DEBUG_LEVEL_DEBUG, /*!< 8 */ DEBUG_LEVEL_VERBOSE_DEBUG, /*!< 9: Most verbose level */ DEFAULT_DEBUG_LEVEL = DEBUG_LEVEL_SERIOUS_WARNING, /*!< Default debug level */ MIN_DEBUG_LEVEL = DEBUG_LEVEL_FATAL, /*!< Minimum debug level value (least verbose) */ MAX_DEBUG_LEVEL = DEBUG_LEVEL_VERBOSE_DEBUG /*!< Maximum debug level value (most verbose) */ } debug_level_t; /** Debug areas (domains), default is #DEFAULT_DEBUG_AREAS (all) */ typedef enum { DEBUG_AREA_MAIN = 1, /*!< 1: Main domain */ DEBUG_AREA_PACKET = 2, /*!< 2: Packet domain */ DEBUG_AREA_USER = 4, /*!< 4: User domain */ DEBUG_AREA_GW = 8, /*!< 8: Gateway domain */ DEBUG_AREA_AUTH = 16, /*!< 16: Auth. domain */ DEBUG_AREA_PERF = 32, /*!< 32: Performance display domain */ DEBUG_AREA_ALL = DEBUG_AREA_MAIN | DEBUG_AREA_PACKET | DEBUG_AREA_USER | DEBUG_AREA_GW | DEBUG_AREA_AUTH | DEBUG_AREA_PERF, /*!< All debug areas */ DEFAULT_DEBUG_AREAS = DEBUG_AREA_MAIN | DEBUG_AREA_PACKET | DEBUG_AREA_USER | DEBUG_AREA_GW | DEBUG_AREA_AUTH /*!< Default debug areas: all areas but not perf*/ } debug_area_t; #define LOG_FACILITY LOG_DAEMON #endif /* define NUFW_DEBUG_HEADER */ nufw-2.4.3/src/include/jhash.h0000644000175000017500000000427311431206275013107 00000000000000/* jhash.h: Jenkins hash support. * * Copyright (C) 1996 Bob Jenkins (bob_jenkins@burtleburtle.net) * * $Id$ * * http://burtleburtle.net/bob/hash/ * * These are the credits from Bob's sources: * * lookup2.c, by Bob Jenkins, December 1996, Public Domain. * hash(), hash2(), hash3, and mix() are externally useful functions. * Routines to test the hash are included if SELF_TEST is defined. * You can use this free for any purpose. It has no warranty. * * Copyright (C) 2003 David S. Miller (davem@redhat.com) * * I've modified Bob's hash to be useful in the Linux kernel, and * any bugs present are surely my fault. -DaveM */ #ifndef _JHASH_HEADER #define _JHASH_HEADER #include /* NOTE: Arguments are modified. */ #define __jhash_mix(a, b, c) \ { \ a -= b; a -= c; a ^= (c>>13); \ b -= c; b -= a; b ^= (a<<8); \ c -= a; c -= b; c ^= (b>>13); \ a -= b; a -= c; a ^= (c>>12); \ b -= c; b -= a; b ^= (a<<16); \ c -= a; c -= b; c ^= (b>>5); \ a -= b; a -= c; a ^= (c>>3); \ b -= c; b -= a; b ^= (a<<10); \ c -= a; c -= b; c ^= (b>>15); \ } /* The golden ration: an arbitrary value */ #define JHASH_GOLDEN_RATIO 0x9e3779b9 #ifdef USE_JHASH3 /** * A special ultra-optimized versions that knows they are hashing exactly * 3, 2 or 1 word(s). * * NOTE: In partilar the "c += length; __jhash_mix(a,b,c);" normally * done at the end is not done here. */ static uint32_t jhash_3words(uint32_t a, uint32_t b, uint32_t c, uint32_t initval) { a += JHASH_GOLDEN_RATIO; b += JHASH_GOLDEN_RATIO; c += initval; __jhash_mix(a, b, c); return c; } #endif /* USE_JHASH3 */ #ifdef USE_JHASH2 /* A special optimized version that handles 1 or more of uint32_ts. * The length parameter here is the number of uint32_ts in the key. */ static inline uint32_t jhash2(uint32_t * k, uint32_t length, uint32_t initval) { uint32_t a, b, c, len; a = b = JHASH_GOLDEN_RATIO; c = initval; len = length; while (len >= 3) { a += k[0]; b += k[1]; c += k[2]; __jhash_mix(a, b, c); k += 3; len -= 3; } c += length * 4; switch (len) { case 2: b += k[1]; case 1: a += k[0]; }; __jhash_mix(a, b, c); return c; } #endif /* USE_JHASH2 */ #endif nufw-2.4.3/src/include/Makefile.am0000644000175000017500000000017111431206275013666 00000000000000EXTRA_DIST = security.h debug.h documentation.h \ jhash.h nufw_source.h proto.h \ proto_v3.h proto_v4.h security.h nufw-2.4.3/src/include/nufw_source.h0000644000175000017500000000206011431206275014341 00000000000000/* ** Copyright(C) 2003-2006 INL ** Written by Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NUFW_SOURCE_H #define NUFW_SOURCE_H #ifdef HAVE_CONFIG_H # include #endif /* Disable inline keyword when compiling in strict ANSI conformance */ #if defined(__STRICT_ANSI__) && !defined(__cplusplus) # undef inline # define inline #endif #endif nufw-2.4.3/src/include/security.h0000644000175000017500000000352311431206275013656 00000000000000/* ** Copyright(C) 2006 INL ** Written by Victor Stinner ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef _NUFW_SECURITY_H #define _NUFW_SECURITY_H /** \def SECURE_STRNCPY(dst,src,size) * Copy string src to dst. Copy at maximum size-1 characters and make * sure that the string finish with a '\\0'. * * Workaround strncpy security problem: if size is smaller than strlen(src), * dst doesn't contains '\\0'. This macro copy on maximum size-1 characters, * and always write a '\\0' on last position (dst[size-1]). */ #define SECURE_STRNCPY(dst, src, size) \ do { strncpy(dst, src, (size)-1); (dst)[(size)-1] = '\0'; } while (0) /** \def SECURE_STRNCAT(dst,src,size) * Copy string src to dst. Copy at maximum size-1 characters and make * sure that the string finish with a '\\0'. * * Workaround strncat security problem: if size is smaller than strlen(src), * dst doesn't contains '\\0'. This macro copy on maximum size-1 characters, * and always write a '\\0' on last position (dst[size-1]). */ #define SECURE_STRNCAT(dst, src, size) \ do { strncat(dst, src, (size)-1); (dst)[(size)-1] = '\0'; } while (0) #endif /* of ifndef _NUFW_SECURITY_H */ nufw-2.4.3/src/include/config.h.in0000644000175000017500000001276011431215374013664 00000000000000/* src/include/config.h.in. Generated from configure.ac by autoheader. */ /* Build nuauth_command */ #undef BUILD_NUAUTH_COMMAND /* Will compile development debug message */ #undef DEBUG_ENABLE /* Target is freebsd */ #undef FREEBSD /* Define to 1 if you have the header file. */ #undef HAVE_ARPA_INET_H /* Define to 1 if you have the header file. */ #undef HAVE_DLFCN_H /* Define to 1 if you have the header file. */ #undef HAVE_ERRNO_H /* Define to 1 if you have the header file. */ #undef HAVE_FCNTL_H /* Define to 1 if you have the `gethostbyname' function. */ #undef HAVE_GETHOSTBYNAME /* Define to 1 if you have the header file. */ #undef HAVE_GETOPT_H /* Define to 1 if you have the `getopt_long' function. */ #undef HAVE_GETOPT_LONG /* Will use gnutls support instead of openssl */ #undef HAVE_GNUTLS /* Define whether GnuTLS provide priority parsing */ #undef HAVE_GNUTLS_STRING_PRIORITY /* Define to 1 if you have the header file. */ #undef HAVE_INEXISTENT_H /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H /* libconntrack has been found */ #undef HAVE_LIBCONNTRACK /* Define to 1 if you have the header file. */ #undef HAVE_LIBIPQ_H /* Define to 1 if you have the header file. */ #undef HAVE_LIBIPQ_LIBIPQ_H /* libipq has support for mark */ #undef HAVE_LIBIPQ_MARK /* ldap lib flag */ #undef HAVE_LIBRARY_LDAP /* mysql lib flag */ #undef HAVE_LIBRARY_MYSQLCLIENT /* pam lib flag */ #undef HAVE_LIBRARY_PAM /* pgsql lib flag */ #undef HAVE_LIBRARY_PQ /* prelude library flag */ #undef HAVE_LIBRARY_PRELUDE /* SASL lib flag */ #undef HAVE_LIBRARY_SASL2 /* Define to 1 if you have the header file. */ #undef HAVE_LIMITS_H /* Define to 1 if your system has a GNU libc compatible `malloc' function, and to 0 otherwise. */ #undef HAVE_MALLOC /* Define to 1 if you have the header file. */ #undef HAVE_MEMORY_H /* Define to 1 if you have the `memset' function. */ #undef HAVE_MEMSET /* Will compile mysql log module with ssl support */ #undef HAVE_MYSQL_SSL /* Define to 1 if you have the header file. */ #undef HAVE_NETDB_H /* Define to 1 if you have the header file. */ #undef HAVE_NETINET_IN_H /* Define to 1 if you have the header file. */ #undef HAVE_NETINET_TCP_H /* libconntrack new API has been found */ #undef HAVE_NEW_NFCT_API /* Found iface resolution in nfnetlink and libnetfilter_queue */ #undef HAVE_NFQ_INDEV_NAME /* Found queue max length support in netfilter_queue */ #undef HAVE_NFQ_SET_QUEUE_MAXLEN /* Will use openssl support instead of gnutls */ #undef HAVE_OPENSSL /* Define to 1 if you have the header file. */ #undef HAVE_PTHREAD_H /* Define to 1 if you have the `setsockopt' function. */ #undef HAVE_SETSOCKOPT /* Define to 1 if you have the `socket' function. */ #undef HAVE_SOCKET /* Define to 1 if `stat' has the bug that it succeeds when given the zero-length file name argument. */ #undef HAVE_STAT_EMPTY_STRING_BUG /* Define to 1 if you have the header file. */ #undef HAVE_STDARG_H /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H /* Define to 1 if you have the header file. */ #undef HAVE_STDLIB_H /* Define to 1 if you have the `strcasecmp' function. */ #undef HAVE_STRCASECMP /* Define to 1 if you have the header file. */ #undef HAVE_STRINGS_H /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H /* Define to 1 if you have the `strspn' function. */ #undef HAVE_STRSPN /* Define if struct dirent has member d_type */ #undef HAVE_STRUCT_DIRENT_D_TYPE /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SELECT_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SOCKET_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STAT_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H /* Target is Linux */ #undef LINUX /* Define to 1 if `lstat' dereferences a symlink specified with a trailing slash. */ #undef LSTAT_FOLLOWS_SLASHED_SYMLINK /* Name of package */ #undef PACKAGE /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT /* Define to the full name of this package. */ #undef PACKAGE_NAME /* Define to the full name and version of this package. */ #undef PACKAGE_STRING /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME /* Define to the version of this package. */ #undef PACKAGE_VERSION /* Performance display */ #undef PERF_DISPLAY_ENABLE /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS /* Will use netlink queue support instead of libipq */ #undef USE_NFQUEUE /* Will use UTF8 exchange */ #undef USE_UTF8 /* Version number of package */ #undef VERSION /* Define to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel and VAX). */ #undef WORDS_BIGENDIAN /* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a `char[]'. */ #undef YYTEXT_POINTER /* Define to __FUNCTION__ or "" if '__func__' does not conform to ANSI C. */ #undef __PRELUDE_FUNC__ /* Define to empty if `const' does not conform to ANSI C. */ #undef const /* Define to rpl_malloc if the replacement function should be used. */ #undef malloc nufw-2.4.3/src/include/documentation.h0000644000175000017500000000562711431206275014667 00000000000000/* ** Copyright 2006-2009 -INL ** Written by Victor Stinner ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef DOCUMENTATION_H #define DOCUMENTATION_H /** * \mainpage NuFW documentation (SVN version) * * \section intro_sec Introduction * * NuFW is a firewall based on NetFilter (http://www.netfilter.org) * which authenticate users. It's composed of three parts: * - NuFW: gateway that works directly with NetFilter, just sends new * connection packets to NuAuth, and applies decisions (accept or drop) ; * - NuAuth: Kernel of the firewall, manages client connections, and takes * decisions on new connection packets sent by NuFW ; * - Client (nutcpc or Windows client): Authenticates users to NuAuth and * answers NuAuth requests (sends its new connection list). * * This documentation only describes four parts: NuFW, NuAuth, libnuclient and nutcpc. * * \section nufw_sec NuFW * * NuFW is a very simple gateway. It runs in user-space but needs root * privileges because it's connected directly to NetFilter using IPQ or Netfilter * queue link. * * NuFW is composed of three main parts: * - Main process which just displays audit informations (number of received * packets and number of accepted packets) every five seconds ; * - Packet server thread: packetsrv() ; * - Auth server thread (connection to NuAuth): authsrv(). * * \section nuauth_sec NuAuth * * NuAuth is the biggest and most important part of NuFW firewall: * - Create all queues and threads: init_nuauthdatas() * - Main loop: nuauth_main_loop() * * \section client_sec Client * \subsection libnuclient_sec Libnuclient * * Libnuclient is a library used by nuauth on client side to read active * connection. The library is used by nutcpc client. Public API is * defined in file nuclient.h. * * To initialize the library, use: \verbatim NuAuth *session = NULL; struct nuclient_error nuerror; nu_client_global_init(&nuerror); session = nu_client_init2( "hostname", "4129", NULL, NULL, &get_username, &get_password, NULL, &nuerror); \endverbatim * * \subsection nutcpc_sec nutcpc client * * Nutcpc is the Linux and FreeBSD command line client. */ #endif /* of ifndef DOCUMENTATION_H */ nufw-2.4.3/src/clients/0000777000175000017500000000000011431215440011727 500000000000000nufw-2.4.3/src/clients/Makefile.in0000644000175000017500000003513511431215377013730 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/clients DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = lib nutcpc pam_nufw all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/clients/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/clients/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ distdir=`$(am__cd) $(distdir) && pwd`; \ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ (cd $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$top_distdir" \ distdir="$$distdir/$$subdir" \ am__remove_distdir=: \ am__skip_length_check=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-exec-am: install-html: install-html-recursive install-info: install-info-recursive install-man: install-pdf: install-pdf-recursive install-ps: install-ps-recursive installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ install-strip .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic clean-libtool \ ctags ctags-recursive distclean distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/clients/nutcpc/0000777000175000017500000000000011431215440013223 500000000000000nufw-2.4.3/src/clients/nutcpc/Makefile.in0000644000175000017500000004147611431215377015231 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @BUILD_NUTCPC_TRUE@bin_PROGRAMS = nutcpc$(EXEEXT) subdir = src/clients/nutcpc DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__installdirs = "$(DESTDIR)$(bindir)" binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(bin_PROGRAMS) am__nutcpc_SOURCES_DIST = nutcpc.c @BUILD_NUTCPC_TRUE@am_nutcpc_OBJECTS = nutcpc-nutcpc.$(OBJEXT) nutcpc_OBJECTS = $(am_nutcpc_OBJECTS) @BUILD_NUTCPC_TRUE@nutcpc_DEPENDENCIES = ../lib/libnuclient.la \ @BUILD_NUTCPC_TRUE@ ../../libs/nussl/libnussl.la nutcpc_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(nutcpc_LDFLAGS) \ $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(nutcpc_SOURCES) DIST_SOURCES = $(am__nutcpc_SOURCES_DIST) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @BUILD_NUTCPC_TRUE@EXTRA_DIST = valgrind.sh valgrind.supp # nutcpc @BUILD_NUTCPC_TRUE@nutcpc_SOURCES = nutcpc.c @BUILD_NUTCPC_TRUE@nutcpc_CPPFLAGS = -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nussl/ -I$(top_srcdir)/src/clients/lib/ @BUILD_NUTCPC_TRUE@INCLUDES = -I$(top_srcdir)/src/libs/nubase @BUILD_NUTCPC_TRUE@nutcpc_LDFLAGS = -L$(top_builddir)/src/clients/lib/ @BUILD_NUTCPC_TRUE@nutcpc_LDADD = ../lib/libnuclient.la ../../libs/nussl/libnussl.la all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/clients/nutcpc/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/clients/nutcpc/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" @list='$(bin_PROGRAMS)'; for p in $$list; do \ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ if test -f $$p \ || test -f $$p1 \ ; then \ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ else :; fi; \ done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(bin_PROGRAMS)'; for p in $$list; do \ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ rm -f "$(DESTDIR)$(bindir)/$$f"; \ done clean-binPROGRAMS: @list='$(bin_PROGRAMS)'; for p in $$list; do \ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ echo " rm -f $$p $$f"; \ rm -f $$p $$f ; \ done nutcpc$(EXEEXT): $(nutcpc_OBJECTS) $(nutcpc_DEPENDENCIES) @rm -f nutcpc$(EXEEXT) $(nutcpc_LINK) $(nutcpc_OBJECTS) $(nutcpc_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nutcpc-nutcpc.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< nutcpc-nutcpc.o: nutcpc.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(nutcpc_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT nutcpc-nutcpc.o -MD -MP -MF $(DEPDIR)/nutcpc-nutcpc.Tpo -c -o nutcpc-nutcpc.o `test -f 'nutcpc.c' || echo '$(srcdir)/'`nutcpc.c @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/nutcpc-nutcpc.Tpo $(DEPDIR)/nutcpc-nutcpc.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='nutcpc.c' object='nutcpc-nutcpc.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(nutcpc_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o nutcpc-nutcpc.o `test -f 'nutcpc.c' || echo '$(srcdir)/'`nutcpc.c nutcpc-nutcpc.obj: nutcpc.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(nutcpc_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT nutcpc-nutcpc.obj -MD -MP -MF $(DEPDIR)/nutcpc-nutcpc.Tpo -c -o nutcpc-nutcpc.obj `if test -f 'nutcpc.c'; then $(CYGPATH_W) 'nutcpc.c'; else $(CYGPATH_W) '$(srcdir)/nutcpc.c'; fi` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/nutcpc-nutcpc.Tpo $(DEPDIR)/nutcpc-nutcpc.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='nutcpc.c' object='nutcpc-nutcpc.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(nutcpc_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o nutcpc-nutcpc.obj `if test -f 'nutcpc.c'; then $(CYGPATH_W) 'nutcpc.c'; else $(CYGPATH_W) '$(srcdir)/nutcpc.c'; fi` mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(PROGRAMS) installdirs: for dir in "$(DESTDIR)$(bindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-exec-am: install-binPROGRAMS install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-binPROGRAMS .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \ clean-generic clean-libtool ctags distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am html html-am info info-am install install-am \ install-binPROGRAMS install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags uninstall uninstall-am \ uninstall-binPROGRAMS @BUILD_NUTCPC_TRUE@check: @BUILD_NUTCPC_TRUE@ $(top_builddir)/src/clients/nutcpc/nutcpc -V # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/clients/nutcpc/nutcpc.c0000644000175000017500000006341611431206275014617 00000000000000/* ** Copyright 2004-2009 - INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* Enable GNU extensions: getline() from stdio.h */ #include "nufw_source.h" #include #include "../lib/nuclient.h" #include #include #include #include #include #include #include /* setrlimit() */ #include #include #include #include #include /* mkdir() */ #include /* mkdir() */ #include /* tcgetattr() */ #include "proto.h" #include "security.h" #include "debug.h" #define NUTCPC_VERSION PACKAGE_VERSION " $Revision$" #ifdef HAVE_GETOPT_H # include #endif #ifdef FREEBSD #include /* PATH_MAX */ #include #endif #define MAX_RETRY_TIME 30 #include #include struct termios orig; nuauth_session_t *session = NULL; nuclient_error_t *err = NULL; struct sigaction old_sigterm; struct sigaction old_sigint; int forced_reconnect = 0; int connected; static int suppress_ca_warning = 0; static int suppress_fqdn_verif = 0; static int do_not_load_config = 0; static int do_not_load_plugins = 0; static int mono_user = 0; void panic(const char *fmt, ...) #ifdef __GNUC__ __attribute__((__format__(printf,1,2))) #endif ; typedef struct { char port[10]; /*!< Port (service) number / name */ unsigned long interval; /*!< Number of millisecond for sleep in main loop (default value: 100ms) */ unsigned char donotuselock; /*!< Do not user lock */ char srv_addr[512]; /*!< Nuauth server hostname */ char password[100]; char nuauthdn[512]; unsigned char debug_mode; /*!< Debug mode enabled if different than zero */ int tempo; /*!< Number of second between each connection retry */ char *certfile; char *keyfile; char *cafile; char *crlfile; char *pkcs12file; char *pkcs12password; char *krb5_service; char *sasl_mechlist; } nutcpc_context_t; /** * Panic: function called on fatal error. * Display error message and then exit client (using exit()). */ void panic(const char *fmt, ...) { va_list args; va_start(args, fmt); printf("\n"); printf("Fatal error: "); vprintf(fmt, args); printf("\n"); fflush(stdout); exit(EXIT_FAILURE); va_end(args); } /** * Compure run pid filename: "$HOME/.nufw/nutcpc" */ char *compute_run_pid() { char path_dir[254]; char *home = nu_get_home_dir(); if (home == NULL) return NULL; secure_snprintf(path_dir, sizeof(path_dir), "%s/.nufw", home); if (access(path_dir, R_OK) != 0) { printf("Creating directory \"%s\"\n", path_dir); if (mkdir(path_dir, S_IRWXU) != 0) { printf("Could not create directory \"%s\" (%s)\n", path_dir, strerror(errno)); } } secure_snprintf(path_dir, sizeof(path_dir), "%s/.nufw/nutcpc", home); free(home); return strdup(path_dir); } /** * Test if a nutcpc is currently running */ int test_nutcpc(pid_t *pid) { FILE *fd; int ok = EXIT_FAILURE; char *runpid = compute_run_pid(); if (runpid) { fd = fopen(runpid, "r"); if (fd) { fscanf(fd, "%d", pid); fclose(fd); /** \todo test if process pid is running */ ok = EXIT_SUCCESS; } free(runpid); } return ok; } /** * Kill existing instance of nutcpc: read pid file, * and then send SIGTERM to the process. * * Exit the program at the end of this function. */ void kill_nutcpc() { pid_t pid; if (test_nutcpc(&pid) == EXIT_SUCCESS) { int ret; char *runpid = compute_run_pid(); ret = kill(pid, SIGTERM); if (ret == 0) { printf("nutcpc process killed (pid %lu)\n", (unsigned long) pid); unlink(runpid); free(runpid); exit(EXIT_SUCCESS); } else { switch (errno) { case ESRCH: printf("Process does not exist: removing pid file\n"); unlink(runpid); break; case EINVAL: case EPERM: default: printf("Bad return from kill\n"); } free(runpid); exit(EXIT_FAILURE); } } else { printf("No nutcpc seems to be running\n"); exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } /** * Leave the client: * - Restore ECHO mode ; * - Free memory of the library ; * - Unlink pid file ; * - deinit. library ; * - free memory. */ void leave_client() { char *runpid; struct termios term; /* restore ECHO mode */ if (tcgetattr(fileno(stdin), &term) == 0) { term.c_lflag |= ECHO; (void) tcsetattr(fileno(stdin), TCSAFLUSH, &term); } if (session) { nu_client_delete(session); } runpid = compute_run_pid(); if (runpid != NULL) { unlink(runpid); free(runpid); } nu_client_global_deinit(); nu_client_error_destroy(err); } /** * Signal handler: catch SIGINT or SIGTERM. This function will exit nutcpc: * deinit libnuclient, free memory, and then exit the process. * * The function will first reinstall old handlers. */ void exit_clean() { /* reinstall old signal handlers */ (void) sigaction(SIGINT, &old_sigint, NULL); (void) sigaction(SIGTERM, &old_sigterm, NULL); /* quit nutcpc */ printf("\nQuit client\n"); leave_client(); exit(EXIT_SUCCESS); } #ifdef FREEBSD ssize_t getline(char **lineptr, size_t * n, FILE * stream) { char *line; size_t len; /* call fgetln(): read line from stdin */ line = fgetln(stream, &len); if (!line) return -1; /* buffer need to grow up? */ if (len >= *n) { char *tmp = realloc(*lineptr, len + 1); if (tmp == NULL) { printf("Not enough memory\n"); return -1; } *lineptr = tmp; *n = len + 1; } memcpy(*lineptr, line, len); (*lineptr)[len] = 0; return len; } #endif #ifndef FREEBSD /** * Read a password on terminal. Given buffer may grow up (resized by realloc). * * \param lineptr Pointer to buffer * \param linelen Initial length (including nul byte) of the buffer * \return Number of characters of the password, * or -1 if fails */ ssize_t my_getpass(char **lineptr, size_t * linelen) { struct termios new; int nread; /* Turn echoing off and fail if we can't. */ if (tcgetattr(fileno(stdin), &orig) != 0) return -1; new = orig; new.c_lflag &= ~ECHO; if (tcsetattr(fileno(stdin), TCSAFLUSH, &new) != 0) return -1; /* Read the password. */ nread = getline(lineptr, linelen, stdin); /* Restore terminal. */ (void) tcsetattr(fileno(stdin), TCSAFLUSH, &orig); /* remove new line if needed */ if (0 < nread) { char *line = *lineptr; if (line[nread - 1] == '\n') { line[nread - 1] = '\0'; nread--; } } printf("\n"); return nread; } #endif /** * Callback used in nu_client_connect() call: read password * * \return New allocated buffer containing the password, * or NULL if it fails */ char *get_password() { size_t password_size = 32; char *new_pass; char *question = "Enter password: "; #ifdef FREEBSD char *ret; #else int ret; #endif new_pass = (char *) calloc(password_size, sizeof(char)); #ifdef FREEBSD ret = readpassphrase(question, new_pass, password_size, RPP_REQUIRE_TTY); if (ret == NULL) { fprintf(stderr, "unable to read passphrase"); } #else printf("%s", question); ret = my_getpass(&new_pass, &password_size); if (ret < 0) { free(new_pass); printf("Problem when getting password\n"); return NULL; } #endif return new_pass; } /** * Callback used in nu_client_connect() call: read user name * * \return New allocated buffer containing the name, * or NULL if it fails */ char *get_username() { char *username; int nread; size_t username_size = 32; printf("Enter username: "); username = (char *) calloc(username_size, sizeof(char)); nread = getline(&username, &username_size, stdin); if (nread < 0) { free(username); printf("Problem when reading username\n"); return NULL; } if (0 < nread && username[nread - 1] == '\n') { username[nread - 1] = 0; } return username; } /** * Callback used for user validation * * \return New allocated buffer containing the answer, * or NULL if it fails */ char *get_user_validation(const char *msg) { char *answer; int nread; size_t answer_size = 32; if (msg) { fprintf(stdout,"%s",msg); fflush(stdout); } answer = (char *) calloc(answer_size, sizeof(char)); nread = getline(&answer, &answer_size, stdin); if (nread < 0) { free(answer); printf("Problem when reading answer\n"); return NULL; } if (0 < nread && answer[nread - 1] == '\n') { answer[nread - 1] = 0; } return answer; } static struct option long_options[] = { {"help", 0, NULL, 'h'}, {"user", 1, NULL, 'U'}, {"host", 1, NULL, 'H'}, {"kill", 0, NULL, 'k'}, {"check", 0, NULL, 'c'}, {"no-lock", 0, NULL, 'l'}, {"version", 0, NULL, 'V'}, {"cert", 1, NULL, 'C'}, {"ca", 1, NULL, 'A'}, {"key", 1, NULL, 'K'}, {"pkcs12-file", 1, NULL, 'S'}, {"pkcs12-key", 1, NULL, 'W'}, {"crl", 1, NULL, 'R'}, {"no-warn-ca", 0, NULL, 'Q'}, {"no-error-fqdn", 0, NULL, 'N'}, {"no-config", 0, NULL, 'F'}, {"no-plugins", 0, NULL, 'G'}, {"krb-service", 1, NULL, 'Z'}, {"sasl-mechs", 1, NULL, 'M'}, {"port", 1, NULL, 'p'}, {"auth-dn", 1, NULL, 'a'}, {"interval", 1, NULL, 'I'}, {"hide", 0, NULL, 'q'}, {"password", 1, NULL, 'P'}, {"debug", 0, NULL, 'd'}, {"mono", 0, NULL, 'm'}, {0, 0, 0, 0} }; /** * Print client usage. */ static void usage(void) { fprintf(stderr, "usage: nutcpc [-U username] [-H host]\n"); fprintf(stderr, "\n"); fprintf(stderr, "Options:\n"); fprintf(stderr, " -U (--user ): username (default: current login)\n"); fprintf(stderr, " -H (--host ): nuauth server\n"); fprintf(stderr, " -k (--kill ): kill active client\n"); fprintf(stderr, " -c (--check ): check if there is an active client\n"); fprintf(stderr, " -l (--no-lock ): don't create lock file\n"); fprintf(stderr, " -m (--mono ): mono user system\n"); fprintf(stderr, " -V (--no-version ): display version\n"); fprintf(stderr, "\n"); fprintf(stderr, "Certificate options:\n"); fprintf(stderr, " -C (--cert ) CERTFILE: PEM certificate filename\n"); fprintf(stderr, " -A (--ca ) AUTHFILE: PEM authority certificate filename\n"); fprintf(stderr, " -K (--key ) KEYFILE: PEM RSA private key filename\n"); fprintf(stderr, " -S (--pkcs12-file ) PKCS12FILE: PKCS12 key/certificate filename\n"); fprintf(stderr, " -W (--pkcs12-key ) PKCS12PASS: PKCS12 password\n"); fprintf(stderr, " -R (--crl ) CRLFILE: crl filename\n"); fprintf(stderr, " -Q (--no-warn-ca ): suppress warning if no certificate authority is configured\n"); fprintf(stderr, " -N (--no-error-fqdn): suppress error if server FQDN does not match certificate CN.\n"); fprintf(stderr, " -F (--no-config ): do not load config file (implies -G).\n"); fprintf(stderr, " -G (--no-plugins ): do not loadplugins.\n"); fprintf(stderr, "\n"); fprintf(stderr, "SASL options:\n"); fprintf(stderr, " -Z (--krb-service ) SERVICE: Kerberos service name (nuauth)\n"); fprintf(stderr, " -M (--sasl-mechs ) MECH_LIST: SASL mechanism list (same as server)\n"); fprintf(stderr, "\n"); fprintf(stderr, "Other options:\n"); fprintf(stderr, " -p (--port ) PORT: nuauth port number\n"); fprintf(stderr, " -a (--auth-dn ) AUTH_DN: authentication domain name\n"); fprintf(stderr, " -I (--interval ) INTERVAL: check interval in milliseconds\n"); fprintf(stderr, " -P (--password ):PASSWORD: specify password (only for debug purpose)\n"); fprintf(stderr, " -q (--hide ): do not display running nutcpc options on \"ps\"\n"); fprintf(stderr, " -v (--verbose ): increase debug level (+1 for each 'v') (max useful number : 10)\n"); fprintf(stderr, " -d (--debug ): debug mode (don't go to foreground, daemon)\n"); fprintf(stderr, "\n"); exit(EXIT_FAILURE); } void process_hup(int signum) { forced_reconnect = 1; nu_client_reset(session); connected = 0; } /** * Install signal handlers: * - SIGINT: call exit_clean() ; * - SIGTERM: call exit_clean(). */ void install_signals() { struct sigaction action; action.sa_handler = exit_clean; sigemptyset(&(action.sa_mask)); action.sa_flags = 0; /* install handlers */ if (sigaction(SIGINT, &action, &old_sigint) != 0) { fprintf(stderr, "Unable to install SIGINT signal handler!\n"); exit(EXIT_FAILURE); } if (sigaction(SIGTERM, &action, &old_sigterm) != 0) { fprintf(stderr, "Unable to install SIGTERM signal handler!\n"); exit(EXIT_FAILURE); } memset(&action, 0, sizeof(action)); action.sa_handler = &process_hup; action.sa_flags = SIGHUP; if (sigaction(SIGHUP, &action, NULL) != 0) { fprintf(stderr, "Warning : Unable to install SIGHUP signal handler!\n"); } } /** * Daemonize the process */ void daemonize_process(nutcpc_context_t * context, char *runpid) { pid_t p; /* 1st fork */ p = fork(); if (p < 0) { fprintf(stderr, "nutcpc: fork failure: %s\n", strerror(errno)); exit(EXIT_FAILURE); } /* kill 1st process (keep 2nd) */ if (p != 0) { exit(0); } /* 2nd fork */ p = fork(); if (p < 0) { fprintf(stderr, "nutcpc: fork falure: %s\n", strerror(errno)); exit(EXIT_FAILURE); } /* kill 2nd process (keep 3rd) */ if (p != 0) { fprintf(stderr, "nutcpc started (pid %d)\n", (int) p); if (context->donotuselock == 0) { FILE *RunD; RunD = fopen(runpid, "w"); free(runpid); fprintf(RunD, "%d", p); fclose(RunD); } exit(EXIT_SUCCESS); } /* Fix process user identifier, close stdin, stdout, stderr, * set currente directory to root directory */ setsid(); (void) chdir("/"); ioctl(STDIN_FILENO, TIOCNOTTY, NULL); (void) close(STDIN_FILENO); (void) close(STDOUT_FILENO); (void) close(STDERR_FILENO); setpgid(0, 0); } void wipe(void *data, size_t datalen) { memset(data, 0, datalen); } /** * Display informations about the user certificate * */ void display_cert(nuauth_session_t* session) { char* info; info = nu_client_get_cipher(session); printf("Server cipher:\n%s\n", info ? info : "None"); free(info); info = nu_client_get_cert_info(session); printf("User certificate:\n%s\n", info ? info : "None"); free(info); info = nu_client_get_server_cert_info(session); printf("Server certificate:\n%s\n", info ? info : "None"); free(info); } /** * Try to connect to nuauth. * * \return The client session, or NULL on error (get description from ::err) */ nuauth_session_t *do_connect(nutcpc_context_t * context, char *username) { nuauth_session_t *session; session = nu_client_new_callback(get_username, get_password, 1, err); if (session == NULL) { printf("Problem during session callback init\n"); return NULL; } if (username) { nu_client_set_username(session, username); free(username); } if (context->password[0] != 0) { nu_client_set_password(session, context->password); } nu_client_set_client_info(session, "nutcpc", NUTCPC_VERSION); nu_client_set_debug(session, context->debug_mode); /* Set hostname from libnuclient if it wasn't specified by the user */ if (*context->port == '\0') { if (nu_client_default_port()) { SECURE_STRNCPY(context->port, nu_client_default_port(), sizeof(context->port)); } else { SECURE_STRNCPY(context->port, USERPCKT_SERVICE, sizeof(context->port)); } } if (*context->srv_addr == '\0') { if (nu_client_default_hostname()) { SECURE_STRNCPY(context->srv_addr, nu_client_default_hostname(), sizeof(context->srv_addr)); } else { SECURE_STRNCPY(context->srv_addr, NUAUTH_IP, sizeof(context->srv_addr)); } } if (context->pkcs12file) { if (!nu_client_set_pkcs12(session, context->pkcs12file, context->pkcs12password, err)) { goto init_failed; } } else { if (!nu_client_set_key(session, context->keyfile, context->certfile, err)) { goto init_failed; } } if (!context->cafile) { if (!suppress_ca_warning) { char *reply; reply = get_user_validation( "******* WARNING ******\n" "You are trying to connect to nuauth without configuring a certificate authority (CA).\n" "You are vulnerable to attacks like man-in-the-middle.\n" "Do you really want to do that ? Type \"yes\" to continue: "); if (reply==NULL || strcasecmp(reply,"YES")!=0) { fprintf(stderr,"Aborted"); goto init_failed; } free(reply); } nu_client_set_cert_suppress_verif(session, 1); } if (!nu_client_set_ca(session, context->cafile, err)) { goto init_failed; } nu_client_set_ca_suppress_warning(session,suppress_ca_warning); if (suppress_fqdn_verif) nu_client_set_fqdn_suppress_verif(session, 1); if (context->nuauthdn) { if (!nu_client_set_nuauth_cert_dn(session, context->nuauthdn, err)) { goto init_failed; } } if (!context->crlfile) context->crlfile = (char *)nu_client_default_tls_crl(); if (context->crlfile) { if (!nu_client_set_crlfile(session, context->crlfile, err)) { goto init_failed; } } if (context->krb5_service) { if (!nu_client_set_krb5_service(session, context->krb5_service)) { nu_client_delete(session); fprintf(stderr, "Unable to setup Kerberos5 service\n"); return NULL; } } if (context->sasl_mechlist) nu_client_set_sasl_mechlist(session, context->sasl_mechlist); if (!nu_client_connect(session, context->srv_addr, context->port, err)) { goto init_failed; } return session; init_failed: printf("Initialization error: %s\n", nu_client_strerror(session, err)); nu_client_delete(session); return NULL; } /** * Main loop: program stay in this loop until it stops. */ void main_loop(nutcpc_context_t * context) { int connected = 1; int ret; for (;;) { if (!connected) { if (forced_reconnect == 0) { usleep((unsigned long) context->tempo * 1000000); } else { context->tempo = 1; forced_reconnect = 0; } if (context->tempo < MAX_RETRY_TIME) { context->tempo *= 2; } /* try to reconnect to nuauth */ if (nu_client_connect (session, context->srv_addr, context->port, err) != 0) { connected = 1; context->tempo = 1; /* second */ } else { printf("Reconnection error: %s\n", nu_client_strerror(session, err)); nu_client_reset(session); } } else { forced_reconnect = 0; ret = nu_client_check(session, err); if (ret < 0) { /* on error: reset the session */ nu_client_reset(session); connected = 0; printf("%s\n", nu_client_strerror(session, err)); } } } } /** * Copy a filename given on the command line. * If it doesn't start with '/', add current directory as prefix. * * Returns NULL on error, new allocated string otherwise. */ char* copy_filename(char* name) { char cwd[PATH_MAX]; char buffer[PATH_MAX]; int ok; char* ret; if (name[0] != '/') { ret = getcwd(cwd, sizeof(cwd)); if (!ret) { printf("Unable to get current working directory\n"); return NULL; } ok = secure_snprintf(buffer, sizeof(buffer), "%s/%s", cwd, name); if (!ok) { printf("Unable to copy filename\n"); return NULL; } RETURN_NO_LOG strdup(buffer); } else { RETURN_NO_LOG strdup(name); } } /** * Parse command line options */ void parse_cmdline_options(int argc, char **argv, nutcpc_context_t * context, char **username) { int ch; int index; int stealth = 0; /* set default values */ context->interval = 100; context->donotuselock = 0; context->debug_mode = 0; context->tempo = 1; /* Parse all command line arguments */ opterr = 0; while ((ch = getopt_long(argc, argv, "kcldqNQFGVvmu:H:I:U:p:P:a:K:C:A:R:W:S:Z:M:", long_options, NULL)) != -1) { switch (ch) { case 'H': SECURE_STRNCPY(context->srv_addr, optarg, sizeof(context->srv_addr)); break; case 'P': SECURE_STRNCPY(context->password, optarg, sizeof(context->password)); stealth = 1; break; case 'd': context->debug_mode = 1; break; case 'v': debug_level++; break; case 'I': context->interval = atoi(optarg); if (context->interval == 0) { fprintf(stderr, "nutcpc: bad interval\n"); exit(EXIT_FAILURE); } break; case 'l': context->donotuselock = 1; break; case 'U': *username = strdup(optarg); break; case 'c': { pid_t pid; if (test_nutcpc(&pid) == EXIT_SUCCESS) { printf("nutcpc already running (pid %u)\n", pid); exit(EXIT_SUCCESS); } printf("No running nutcpc\n"); exit(EXIT_FAILURE); } break; case 'k': kill_nutcpc(); break; case 'V': printf("nutcpc (version " NUTCPC_VERSION ")\n"); exit(0); case 'p': SECURE_STRNCPY(context->port, optarg, sizeof(context->port)); break; case 'q': stealth = 1; break; case 'N': suppress_fqdn_verif = 1; break; case 'Q': suppress_ca_warning = 1; break; case 'F': do_not_load_config = 1; do_not_load_plugins = 1; break; case 'G': do_not_load_plugins = 1; break; case 'm': mono_user = 1; break; case 'a': SECURE_STRNCPY(context->nuauthdn, optarg, sizeof(context->nuauthdn)); break; case 'C': context->certfile = copy_filename(optarg); break; case 'K': context->keyfile = copy_filename(optarg); break; case 'A': context->cafile = copy_filename(optarg); break; case 'R': context->crlfile = copy_filename(optarg); break; case 'S': context->pkcs12file = copy_filename(optarg); break; case 'W': context->pkcs12password = strdup(optarg); break; case 'Z': context->krb5_service = strdup(optarg); case 'M': context->sasl_mechlist = strdup(optarg); break; default: usage(); } } if (context->password[0] != 0 && !context->debug_mode) { fprintf(stderr, "Don't use -P option outside debugging, it's not safe!\n"); exit(EXIT_FAILURE); } if ((context->keyfile || context->certfile) && (context->pkcs12file || context->pkcs12password)) { fprintf(stderr, "Don't mix PKCS12 options with X509/RSA options.\n"); exit(EXIT_FAILURE); } /* fill argument with nul byte */ if (stealth == 1) { for (index = argc; 1 < index; index--) { memset(argv[index - 1], '\0', strlen(argv[index - 1])); } } } /** * Initialize nuclient library */ void init_library(nutcpc_context_t * context, char *username) { struct rlimit core_limit; /* Avoid creation of core file which may contains username and password */ if (!context->debug_mode && getrlimit(RLIMIT_CORE, &core_limit) == 0) { core_limit.rlim_cur = 0; setrlimit(RLIMIT_CORE, &core_limit); } /* Prepare error structure */ if (nu_client_error_init(&err) != 0) { printf("Cannot init error structure!\n"); exit(EXIT_FAILURE); } /* global libnuclient init */ if (!nu_client_global_init(err)) { printf("Unable to initiate nuclient library!\n"); printf("Problem: %s\n", nu_client_strerror(session, err)); exit(EXIT_FAILURE); } if (do_not_load_config != 1) { nu_client_init_config(); if (do_not_load_plugins != 1) nu_client_init_plugins(); } /* options specificied on command line are taken prior * to options from configuration file */ suppress_fqdn_verif |= nu_client_default_suppress_fqdn_verif(); if (!context->cafile) context->cafile = (char *)nu_client_default_tls_ca(); if (!context->certfile) context->certfile = (char *)nu_client_default_tls_cert(); if (!context->keyfile) context->keyfile = (char *)nu_client_default_tls_key(); if (mono_user) { nu_client_set_capability(NU_HELLO_CAPABILITIES); } /* Init. library */ printf("Connecting to NuFW gateway (%s)\n", context->srv_addr); session = do_connect(context, username); if (session) { display_cert(session); } /* Library failure? */ if (session == NULL) { printf("Unable to initiate connection to NuFW gateway\n"); if (err->error != 0) printf("Problem: %s\n", nu_client_strerror(session, err)); printf("Authentication failed (check parameters)\n"); exit(EXIT_FAILURE); } } int main(int argc, char **argv) { char *runpid = compute_run_pid(); char *username = NULL; char *default_username = NULL; nutcpc_context_t context; memset(&context, 0, sizeof(context)); default_username = nu_get_user_name(); /* needed by iconv */ setlocale(LC_ALL, ""); log_engine = LOG_TO_STD; debug_areas = DEFAULT_DEBUG_AREAS; debug_level = DEBUG_LEVEL_SERIOUS_MESSAGE; if (!nu_check_version(NUCLIENT_VERSION)) { fprintf(stderr, "Wrong version of libnuclient (%s instead of %s)\n", nu_get_version(), NUCLIENT_VERSION); exit(EXIT_FAILURE); } if (runpid == NULL) { fprintf(stderr, "Can not determine runpid, leaving\n"); exit(EXIT_FAILURE); } /* parse command line options */ parse_cmdline_options(argc, argv, &context, &username); if (!context.debug_mode) { if (context.donotuselock == 0) { if (!access(runpid, R_OK)) { FILE *fd; printf("Lock file found: %s\n", runpid); if ((fd = fopen(runpid, "r"))) { char line[20]; if (fgets(line, 19, fd)) { pid_t pid = (pid_t) atoi(line); fclose(fd); if (kill(pid, 0)) { printf("No running process, starting anyway (deleting lockfile)\n"); unlink(runpid); } else { printf("Kill existing process with \"-k\" or ignore it with \"-l\" option\n"); exit(EXIT_FAILURE); } } } } } } install_signals(); if (!username) username = default_username; init_library(&context, username); /* * Become a daemon by double-forking and detaching completely from * the terminal. */ if (!context.debug_mode) { daemonize_process(&context, runpid); } else { fprintf(stderr, "nutcpc " NUTCPC_VERSION " started (debug)\n"); } free(runpid); main_loop(&context); leave_client(); exit(EXIT_SUCCESS); } nufw-2.4.3/src/clients/nutcpc/valgrind.sh0000755000175000017500000000177511431206275015324 00000000000000#!/bin/bash NUTCPC=.libs/nutcpc NUTCPC_ARGS="-H 192.168.0.2 -U haypo -P haypo -d" echo "Run nutcpc in Valgrind" echo LOG=valgrind.log function stop_valgrind { echo "NuAuth in Valgrind stopped with CTRL+C" echo "Output written in file $LOG" } USER=haypo NUAUTH_PATH=/home/haypo/inl/trunk CLIENT=$NUAUTH_PATH/src/clients export LD_LIBRARY_PATH=$CLIENT/lib/.libs trap stop_valgrind SIGINT SIGTERM export G_SLICE=always-malloc if [ -d /usr/lib/debug ]; then export LD_LIBRARY_PATH=/usr/lib/debug:$LD_LIBRARY_PATH if [ -e /usr/lib/debug/libdl-2.4.so ]; then export LD_PRELOAD=/usr/lib/debug/libdl-2.4.so fi else echo "VALGRIND WARNING: /usr/lib/debug directory is missing, install libc6-dbg" fi echo "Run \"$NUTCPC $NUTCPC_ARGS\"..." valgrind \ --show-reachable=yes -v \ --suppressions=valgrind.supp \ --log-file-exactly=$LOG \ --run-libc-freeres=yes \ --leak-check=full \ --verbose \ $NUTCPC $NUTCPC_ARGS 2>&1 trap - SIGINT SIGTERM echo echo "Quit Valgrind." nufw-2.4.3/src/clients/nutcpc/Makefile.am0000644000175000017500000000070111431206275015177 00000000000000if BUILD_NUTCPC bin_PROGRAMS = nutcpc EXTRA_DIST = valgrind.sh valgrind.supp # nutcpc nutcpc_SOURCES = nutcpc.c nutcpc_CPPFLAGS = -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nussl/ -I$(top_srcdir)/src/clients/lib/ INCLUDES = -I$(top_srcdir)/src/libs/nubase nutcpc_LDFLAGS = -L$(top_builddir)/src/clients/lib/ nutcpc_LDADD = ../lib/libnuclient.la ../../libs/nussl/libnussl.la check: $(top_builddir)/src/clients/nutcpc/nutcpc -V endif nufw-2.4.3/src/clients/nutcpc/valgrind.supp0000644000175000017500000000473711431206275015677 00000000000000# Mysterious ld bug ... { mysterious_ld_bug Memcheck:Cond obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* } # *dlopen and *dlsym() { sasl_get_plugin_cond_quiet Memcheck:Cond obj:/lib/* obj:/lib/* obj:/lib/* obj:/lib/* obj:/lib/* obj:/lib/* obj:/lib/* obj:/lib/* obj:/lib/* fun: *sasl_get_plugin } { ld_level2_cond_quiet Memcheck:Cond obj:/lib/ld-* fun:_dl_open } { dlopen_level5_cond_quiet Memcheck:Cond obj:/lib/ld-* obj:/lib/ld-* obj:*/libc-* obj:/lib/ld-* fun:_dl_open } { dlsym_level4_cond_quiet Memcheck:Cond obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:*/libc-* fun:*dl_sym } { dlopen_level4_cond_quiet Memcheck:Cond obj:/lib/ld-* obj:*/libc-* obj:/lib/ld-* fun:*dl_open } { dlopen_level5_quiet Memcheck:Addr4 obj:/lib/ld-* obj:/lib/ld-* obj:*/libc-* obj:/lib/ld-* fun:*dl_open } { dlopen_level5_cond_quiet Memcheck:Cond obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:*/libc-* obj:/lib/ld-* fun:*dl_open } { dlopen_level6_addr4_quiet Memcheck:Addr4 obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:*/libc-* obj:/lib/ld-* fun:*dl_open } { dlopen_level9_value4_quiet Memcheck:Value4 obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:*/libc-* obj:/lib/ld-* fun:*dl_open } { dlopen_level8_quiet Memcheck:Addr4 obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:*/libc-* obj:/lib/ld-* fun:*dl_open } { dlsym_quiet Memcheck:Addr4 obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:*/libc-* fun:*dl_sym } # SASL and DB { libsasl2_at_level1_cond_quiet Memcheck:Cond obj:/usr/lib/libsasl2.* } { libdb_at_level2_cond_quiet Memcheck:Cond fun:* obj:/usr/lib/libdb-4* } { libdb_at_level2_value4_quiet Memcheck:Value4 fun:* obj:/usr/lib/libdb-4* } { libsasl2_at_level2_cond_quiet Memcheck:Cond fun:* obj:/usr/lib/libsasl2.* } { libsasl2_at_level2_value4_quiet Memcheck:Value4 fun:* obj:/usr/lib/libsasl2.* } { libsasldb_quiet Memcheck:Value4 fun:* obj:/usr/lib/sasl2/libsasldb*.so* } { libsasldb_quiet Memcheck:Cond fun:* obj:/usr/lib/sasl2/libsasldb*.so* } nufw-2.4.3/src/clients/Makefile.am0000644000175000017500000000003611431206275013704 00000000000000SUBDIRS = lib nutcpc pam_nufw nufw-2.4.3/src/clients/pam_nufw/0000777000175000017500000000000011431215440013543 500000000000000nufw-2.4.3/src/clients/pam_nufw/Makefile.in0000644000175000017500000004204211431215377015537 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/clients/pam_nufw DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(modulesdir)" modulesLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(modules_LTLIBRARIES) @BUILD_PAM_NUFW_TRUE@pam_nufw_la_DEPENDENCIES = ../lib/libnuclient.la \ @BUILD_PAM_NUFW_TRUE@ ../../libs/nussl/libnussl.la am__pam_nufw_la_SOURCES_DIST = pam_nufw.c @BUILD_PAM_NUFW_TRUE@am_pam_nufw_la_OBJECTS = pam_nufw_la-pam_nufw.lo pam_nufw_la_OBJECTS = $(am_pam_nufw_la_OBJECTS) pam_nufw_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(pam_nufw_la_CFLAGS) \ $(CFLAGS) $(pam_nufw_la_LDFLAGS) $(LDFLAGS) -o $@ @BUILD_PAM_NUFW_TRUE@am_pam_nufw_la_rpath = -rpath $(modulesdir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(pam_nufw_la_SOURCES) DIST_SOURCES = $(am__pam_nufw_la_SOURCES_DIST) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @BUILD_PAM_NUFW_TRUE@TITLE = pam_nufw @BUILD_PAM_NUFW_TRUE@modulesdir = /lib/security @BUILD_PAM_NUFW_TRUE@pam_nufw_la_CFLAGS = -I$(top_srcdir)/src/clients/lib -I$(top_srcdir)/src/libs/nussl -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/include $(DYNAMIC) @BUILD_PAM_NUFW_TRUE@modules_LTLIBRARIES = pam_nufw.la @BUILD_PAM_NUFW_TRUE@pam_nufw_la_SOURCES = pam_nufw.c @BUILD_PAM_NUFW_TRUE@pam_nufw_la_LDFLAGS = -avoid-version -module -L$(top_srcdir)/src/clients/lib/ @BUILD_PAM_NUFW_TRUE@pam_nufw_la_LIBADD = -lpam ../lib/libnuclient.la ../../libs/nussl/libnussl.la @BUILD_PAM_NUFW_TRUE@CLEANFILES = *~ $(TITLE).so all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/clients/pam_nufw/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/clients/pam_nufw/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-modulesLTLIBRARIES: $(modules_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(modulesdir)" || $(MKDIR_P) "$(DESTDIR)$(modulesdir)" @list='$(modules_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(modulesLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(modulesdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(modulesLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(modulesdir)/$$f"; \ else :; fi; \ done uninstall-modulesLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(modules_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(modulesdir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(modulesdir)/$$p"; \ done clean-modulesLTLIBRARIES: -test -z "$(modules_LTLIBRARIES)" || rm -f $(modules_LTLIBRARIES) @list='$(modules_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_nufw.la: $(pam_nufw_la_OBJECTS) $(pam_nufw_la_DEPENDENCIES) $(pam_nufw_la_LINK) $(am_pam_nufw_la_rpath) $(pam_nufw_la_OBJECTS) $(pam_nufw_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_nufw_la-pam_nufw.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< pam_nufw_la-pam_nufw.lo: pam_nufw.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_nufw_la_CFLAGS) $(CFLAGS) -MT pam_nufw_la-pam_nufw.lo -MD -MP -MF $(DEPDIR)/pam_nufw_la-pam_nufw.Tpo -c -o pam_nufw_la-pam_nufw.lo `test -f 'pam_nufw.c' || echo '$(srcdir)/'`pam_nufw.c @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/pam_nufw_la-pam_nufw.Tpo $(DEPDIR)/pam_nufw_la-pam_nufw.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_nufw.c' object='pam_nufw_la-pam_nufw.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_nufw_la_CFLAGS) $(CFLAGS) -c -o pam_nufw_la-pam_nufw.lo `test -f 'pam_nufw.c' || echo '$(srcdir)/'`pam_nufw.c mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(modulesdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." @BUILD_PAM_NUFW_FALSE@clean-local: clean: clean-am clean-am: clean-generic clean-libtool clean-local \ clean-modulesLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-modulesLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-modulesLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-local clean-modulesLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-modulesLTLIBRARIES \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags uninstall uninstall-am \ uninstall-modulesLTLIBRARIES @BUILD_PAM_NUFW_TRUE@@SET_MAKE@ @BUILD_PAM_NUFW_TRUE@clean-local: @BUILD_PAM_NUFW_TRUE@ rm -rf static # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/clients/pam_nufw/Makefile.am0000644000175000017500000000101511431206275015516 00000000000000if BUILD_PAM_NUFW @SET_MAKE@ TITLE = pam_nufw modulesdir = /lib/security pam_nufw_la_CFLAGS = -I$(top_srcdir)/src/clients/lib -I$(top_srcdir)/src/libs/nussl -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/include $(DYNAMIC) modules_LTLIBRARIES = pam_nufw.la pam_nufw_la_SOURCES = pam_nufw.c pam_nufw_la_LDFLAGS = -avoid-version -module -L$(top_srcdir)/src/clients/lib/ pam_nufw_la_LIBADD = -lpam ../lib/libnuclient.la ../../libs/nussl/libnussl.la CLEANFILES = *~ $(TITLE).so clean-local: rm -rf static endif nufw-2.4.3/src/clients/pam_nufw/pam_nufw.c0000644000175000017500000003672011431206275015455 00000000000000/* ** Copyright 2006-2009 - INL ** Written by Jean Gillaux ** INL http://www.inl.fr/ ** Based on pam_permit by Andrew Morgan 1996/3/11 ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifdef HAVE_CONFIG_H # include #endif #include "../lib/nuclient.h" #include /* setrlimit() */ #include #include #include #include #include #include #include #include #ifdef HAVE_FCNTL_H # include #endif #include #include "security.h" #include /* * here, we make definitions for the externally accessible functions * in this file (these definitions are required for static modules * but strongly encouraged generally) they are used to instruct the * modules include file to define their prototypes. */ #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #define PAM_SM_SESSION #define PAM_SM_PASSWORD #include #include #define NUAUTH_SRV "192.168.12.1" #define NUAUTH_PORT "4129" #define FILE_LOCK ".pam_nufw" #define MAX_RETRY_TIME 30 #define MAX_NOAUTH_USERS 10 const char *DEFAULT_USER = "nobody"; /*int noauth_cpt = 0;*/ char **no_auth_users = NULL; struct pam_nufw_s pn_s; nuauth_session_t *session = NULL; char *locale_charset = NULL; /* internal data */ struct pam_nufw_s { char nuauth_srv[BUFSIZ]; /* auth server to connect to */ char nuauth_port[20]; /* port to use on auth server */ char file_lock[BUFSIZ]; /* file lock used to store pid */ char **no_auth_users; int no_auth_cpt; nuclient_error_t *err; }; /* init pam_nufw info struct. returns error message, or NULL if no error occurs */ static char *_init_pam_nufw_s(struct pam_nufw_s *pn_s) { struct rlimit core_limit; /* Avoid creation of core file which may contains username and password */ if (getrlimit(RLIMIT_CORE, &core_limit) == 0) { core_limit.rlim_cur = 0; setrlimit(RLIMIT_CORE, &core_limit); } /* Setup locale */ setlocale(LC_ALL, ""); /* get local charset */ locale_charset = nl_langinfo(CODESET); if (locale_charset == NULL) { return "Can't get locale charset!"; } /* Move to root directory to not block current working directory */ (void) chdir("/"); memset(pn_s, 0, sizeof(*pn_s)); SECURE_STRNCPY(pn_s->nuauth_srv, NUAUTH_SRV, sizeof(pn_s->nuauth_srv)); SECURE_STRNCPY(pn_s->nuauth_port, NUAUTH_PORT, sizeof(pn_s->nuauth_port)); SECURE_STRNCPY(pn_s->file_lock, FILE_LOCK, sizeof(pn_s->file_lock)); pn_s->no_auth_users = NULL; pn_s->no_auth_cpt = 0; return NULL; } /* function to parse arguments */ static int _pam_parse(int argc, const char **argv, struct pam_nufw_s *pn) { int ctrl = 0; char *noauth; char *user; char *search = ","; int noauth_cpt = 0; char **no_auth_users = malloc(sizeof(char *) * MAX_NOAUTH_USERS); for (ctrl = 0; argc-- > 0; ++argv) { if (!strncmp(*argv, "server=", 7)) { SECURE_STRNCPY(pn->nuauth_srv, *argv + 7, sizeof(pn->nuauth_srv)); } else if (!strncmp(*argv, "port=", 5)) { SECURE_STRNCPY(pn->nuauth_port, *argv + 5, sizeof(pn->nuauth_port)); } else if (!strncmp(*argv, "lock=", 5)) { SECURE_STRNCPY(pn->file_lock, *argv + 5, sizeof(pn->file_lock)); } else if (!strncmp(*argv, "noauth=", 7)) { noauth = strdup(*argv + 7); user = strtok(noauth, search); if (user) { no_auth_users[noauth_cpt] = x_strdup(user); noauth_cpt++; } while ((user = strtok(NULL, search)) != NULL) { no_auth_users[noauth_cpt] = x_strdup(user); noauth_cpt++; } } } pn->no_auth_cpt = noauth_cpt; pn->no_auth_users = no_auth_users; return ctrl; } char *_get_runpid(struct pam_nufw_s *pn_s, char *home) { char path_dir[1024]; int free_home = 0; if (home == NULL) { home = nu_get_home_dir(); free_home = 1; } if (home == NULL) { return NULL; } /* create directory path */ snprintf(path_dir, sizeof(path_dir), "%s/.nufw", home); path_dir[sizeof(path_dir) - 1] = 0; /* if the directory doesn't exist, create it */ if (access(path_dir, R_OK)) { mkdir(path_dir, S_IRWXU); } /* create pid file full path */ snprintf(path_dir, sizeof(path_dir), "%s/.nufw/%s", home, pn_s->file_lock); path_dir[sizeof(path_dir) - 1] = 0; if (free_home) { free(home); } return (char *) strdup(path_dir); } static int _kill_nuclient(char *runpid) { pid_t pid; FILE *FD; int ok, ret; if (runpid) { FD = fopen(runpid, "r"); if (FD) { fscanf(FD, "%d", &pid); fclose(FD); ret = kill(pid, SIGTERM); ok = (ret == 0); if (ok) { syslog(LOG_INFO, "(pam_nufw) process killed (pid %lu)\n", (unsigned long) pid); return 0; } else { syslog(LOG_ERR, "(pam_nufw) fail to kill process: remove pid file\n"); unlink(runpid); return 1; } } free(runpid); } return 0; } /* function used to * kill client * free nuauth session and nuerror */ void exit_client() { char *runpid; if (session) { nu_client_delete(session); } runpid = _get_runpid(&pn_s, NULL); if (runpid != NULL) { unlink(runpid); free(runpid); } nu_client_global_deinit(); nu_client_error_destroy(pn_s.err); exit(EXIT_SUCCESS); } /* test if username is on the list of users that don't have to be authenticated */ int do_auth_on_user(const char *username) { int i; for (i = 0; i < pn_s.no_auth_cpt; i++) { if (strcmp(pn_s.no_auth_users[i], username) == 0) { return 1; } } return 0; } /* --- authentication management functions --- */ /** * Try to connect to nuauth. * * \return The client session, or NULL on error (get description from ::err) */ nuauth_session_t *do_connect(char *username, char *password, nuclient_error_t * err) { nuauth_session_t *session = nu_client_new(username, password, 1, err); if (session == NULL) { return NULL; } nu_client_set_client_info(session, "pam", "unknown version"); /* wipe out username and password, and then freee memory */ memset(username, 0, strlen(username)); memset(password, 0, strlen(password)); free(username); free(password); #if 0 nu_client_set_debug(session, context->debug_mode); if (!nu_client_setup_tls(session, NULL, NULL, NULL, NULL, err)) { nu_client_delete(session); return NULL; } #endif if (!nu_client_connect (session, pn_s.nuauth_srv, pn_s.nuauth_port, err)) { nu_client_delete(session); return NULL; } return session; } static void main_loop(struct pam_nufw_s *pn_s) { int connected = 1; int tempo = 1; for (;;) { if (!connected) { sleep(tempo); if (tempo < MAX_RETRY_TIME) { tempo = tempo * 2; } if (nu_client_connect (session, pn_s->nuauth_srv, pn_s->nuauth_port, pn_s->err) != 0) { tempo = 1; connected = 1; } else { nu_client_reset(session); /* quit if password is wrong. to not lock user account */ syslog(LOG_ERR, "(pam_nufw) unable to reconnect to server: %s", nu_client_strerror(session, pn_s->err)); if (pn_s->err->error == BAD_CREDENTIALS_ERR) { syslog(LOG_ERR, "(pam_nufw) bad credentials: leaving"); exit_client(); } } } else { if (nu_client_check(session, pn_s->err) < 0) { nu_client_reset(session); connected = 0; syslog(LOG_ERR, "(pam_nufw) libnuclient error: %s", nu_client_strerror(session, pn_s->err)); } } } } struct user_info_s { const char *username; const char *password; uid_t uid; gid_t gid; char *home_dir; }; static void clear_user_info(struct user_info_s *user_info) { memset(user_info, 0, sizeof(*user_info)); } static int nufw_client_func(struct pam_nufw_s *pn_s, struct user_info_s *user_info) { int mypid; FILE *RunD; struct sigaction no_action; int res_err; log_engine = LOG_TO_SYSLOG; debug_level = DEBUG_LEVEL_SERIOUS_MESSAGE; debug_areas = 32; init_log_engine("pam_nufw"); /* set user and group identifier, and home directory */ if (setuid(user_info->uid) != 0) { syslog(LOG_ERR, "(pam_nufw) Fail to set sigaction"); return PAM_AUTH_ERR; } setgid(user_info->gid); setenv("HOME", user_info->home_dir, 1); /* catch SIGINT and SIGTERM signals, install handler: exit_client() */ no_action.sa_handler = exit_client; sigemptyset(&(no_action.sa_mask)); no_action.sa_flags = 0; if (sigaction(SIGINT, &no_action, NULL) != 0 || sigaction(SIGTERM, &no_action, NULL) != 0) { syslog(LOG_ERR, "(pam_nufw) Fail to set sigaction"); return PAM_AUTH_ERR; } /* init nuclient_error_t */ res_err = nu_client_error_init(&pn_s->err); if (res_err != 0) { syslog(LOG_ERR, "(pam_nufw) Cannot init error structure! %i", res_err); return PAM_AUTH_ERR; } /* libnuclient init function */ if (!nu_client_global_init(pn_s->err)) { syslog(LOG_ERR, "(pam_nufw) Cannot init nuclient library: %s", nu_client_strerror(session, pn_s->err)); return PAM_AUTH_ERR; } nu_client_init_config(); nu_client_init_plugins(); /* create libnuclient session (connection to nuauth) */ session = do_connect(nu_client_to_utf8 (user_info->username, locale_charset), nu_client_to_utf8(user_info->password, locale_charset), pn_s->err); clear_user_info(user_info); /* fails to connect to nuauth? */ if (session == NULL) { int errno_copy = errno; syslog(LOG_ERR, "(pam_nufw) Cannot connect to nuauth_session_t Server"); syslog(LOG_ERR, "(pam_nufw) Problem: %s\n", strerror(errno_copy)); return PAM_SUCCESS; /* PAM_AUTH_ERR */ } /* session opened to nuauth: write pid in lockfile */ mypid = getpid(); RunD = fopen(_get_runpid(pn_s, user_info->home_dir), "w"); if (RunD != NULL) { fprintf(RunD, "%d", mypid); fclose(RunD); syslog(LOG_INFO, "(pam_nufw) session to Nuauth server opened, username=%s, server=%s (pid=%lu)", user_info->username, pn_s->nuauth_srv, (unsigned long) mypid); } /* and then stay in main loop ... */ main_loop(pn_s); return PAM_SUCCESS; } static int read_user_info(struct user_info_s *user_info, pam_handle_t * pamh, int argc, const char **argv, int *pam_result) { struct passwd *pw; int ctrl; /* init. pam with pam arguments */ ctrl = _pam_parse(argc, argv, &pn_s); /* read user name */ *pam_result = pam_get_user(pamh, &user_info->username, NULL); if (*pam_result != PAM_SUCCESS) { syslog(LOG_ERR, "get user returned error: %s", pam_strerror(pamh, *pam_result)); *pam_result = PAM_AUTH_ERR; return 0; } /* if not username is specified, use default username */ if (user_info->username == NULL || user_info->username[0] == '\0') { user_info->username = DEFAULT_USER; pam_set_item(pamh, PAM_USER, DEFAULT_USER); } /* Test if we have to make a connection on nuauth for this user */ if (do_auth_on_user(user_info->username) != 0) { syslog(LOG_INFO, "(pam_nufw) no auth for user %s", user_info->username); *pam_result = PAM_SUCCESS; return 0; } /* read user password */ if (pam_get_item (pamh, PAM_AUTHTOK, (const void **) &user_info->password) == PAM_SUCCESS) { if (user_info->password == NULL) syslog(LOG_ERR, "(pam_nufw) password is NULL!"); } else { syslog(LOG_ERR, "pam_nufw failed to get password"); *pam_result = PAM_AUTH_ERR; return 0; } /* read password, user and group identifier */ pw = (struct passwd *) getpwnam(user_info->username); user_info->uid = pw->pw_uid; user_info->gid = pw->pw_gid; user_info->home_dir = pw->pw_dir; *pam_result = PAM_SUCCESS; return 1; } /* * used to open the connection to the nuauth server */ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv) { int retval; struct user_info_s user_info; char *errmsg; pid_t child_pid; syslog(LOG_ERR, "(pam_nufw) do authenticate"); /* check libnuclient version */ if (!nu_check_version(NUCLIENT_VERSION)) { syslog(LOG_ERR, "(pam nufw) Wrong version of libnuclient (%s instead of %s)", nu_get_version(), NUCLIENT_VERSION); return PAM_AUTH_ERR; } /* init. our structure */ errmsg = _init_pam_nufw_s(&pn_s); if (errmsg != NULL) { syslog(LOG_ERR, "(pam nufw) init failure: %s", errmsg); return PAM_AUTH_ERR; } /* test if lock file exists */ if (!access(pn_s.file_lock, R_OK)) { FILE *fd; if ((fd = fopen(pn_s.file_lock, "r"))) { char line[20]; if (fgets(line, 19, fd)) { pid_t pid = (pid_t) atoi(line); fclose(fd); if (kill(pid, 0)) { unlink(pn_s.file_lock); } else { return PAM_SUCCESS; } } } } /* test if program is running */ /* read user informations */ if (!read_user_info(&user_info, pamh, argc, argv, &retval)) { clear_user_info(&user_info); return retval; } /* do fork */ child_pid = fork(); if (child_pid < 0) { syslog(LOG_ERR, "(pam_nufw) fork failed"); clear_user_info(&user_info); return PAM_AUTH_ERR; } if (child_pid != 0) { /* in fork parent */ retval = PAM_SUCCESS; } else { /* in fork child */ retval = nufw_client_func(&pn_s, &user_info); } clear_user_info(&user_info); return retval; } PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv) { /*D(("pam_nufw sm_setcred")); */ return PAM_SUCCESS; } /* --- account management functions --- */ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, int argc, const char **argv) { D(("pam_nufw sm_acct_mgmt")); return PAM_SUCCESS; } /* --- password management --- */ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv) { D(("pam_nufw sm_chauthok")); return PAM_SUCCESS; } /* --- session management --- */ PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc, const char **argv) { syslog(LOG_INFO, "(pam_nufw) session opened"); return PAM_SUCCESS; } /* * On session closing, we want to close the connection * -> get pid file, and kill process */ PAM_EXTERN int pam_sm_close_session(pam_handle_t * pamh, int flags, int argc, const char **argv) { /*D(("pam_nufw sm_close_session")); */ int ctrl; struct passwd *pw; const char *user = NULL; char *errmsg; int retval; /* get parameters */ errmsg = _init_pam_nufw_s(&pn_s); if (errmsg != NULL) { syslog(LOG_ERR, "(pam nufw) init failure: %s", errmsg); return PAM_AUTH_ERR; } /*syslog(LOG_INFO, "(pam_nufw) file_lock: %s",pn_s.file_lock); */ ctrl = _pam_parse(argc, argv, &pn_s); /* get username */ retval = pam_get_user(pamh, &user, NULL); if (do_auth_on_user(user) != 0) { return PAM_SUCCESS; } pw = (struct passwd *) getpwnam(user); setenv("HOME", pw->pw_dir, 1); /*syslog(LOG_INFO, "(pam_nufw) file_lock: %s",_get_runpid(&pn_s)); */ /* kill client */ _kill_nuclient(_get_runpid(&pn_s, pw->pw_dir)); syslog(LOG_INFO, "(pam_nufw) session closed"); return PAM_SUCCESS; } /* end of module definition */ #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_permit_modstruct = { "pam_nufw", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok }; #endif nufw-2.4.3/src/clients/lib/0000777000175000017500000000000011431215440012475 500000000000000nufw-2.4.3/src/clients/lib/internal.h0000644000175000017500000000344111431206275014406 00000000000000/* ** Copyright 2004-2007 - INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #define NULL_THREAD 0 extern char* nu_locale_charset; int init_socket(nuauth_session_t * session, const char *hostname, const char *service, nuclient_error_t *err); int tls_handshake(nuauth_session_t * session, nuclient_error_t * err); int init_sasl(nuauth_session_t * session, const char *hostname, nuclient_error_t * err); int send_os(nuauth_session_t * session, nuclient_error_t * err); int send_client(nuauth_session_t * session, nuclient_error_t * err); int send_capa(nuauth_session_t * session, nuclient_error_t * err); char *secure_str_copy(const char *orig); void ask_session_end(nuauth_session_t * session); /** * Free a string allocated by secure_str_copy(). * * If USE_GCRYPT_MALLOC_SECURE compilation option in not set, * free() is used. * * \return Copy of the string, or NULL on error. */ /*#ifdef USE_GCRYPT_MALLOC_SECURE # define secure_str_free(text) gcry_free(text) #else*/ # define secure_str_free(text) free(text) /*#endif*/ nufw-2.4.3/src/clients/lib/Makefile.in0000644000175000017500000005725511431215377014505 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/clients/lib DIST_COMMON = $(am__include_HEADERS_DIST) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(srcdir)/libnuclient.pc.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = libnuclient.pc am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkgconfigdir)" \ "$(DESTDIR)$(includedir)" libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) @BUILD_LIBNUCLIENT_TRUE@libnuclient_la_DEPENDENCIES = \ @BUILD_LIBNUCLIENT_TRUE@ ../../libs/nussl/libnussl.la \ @BUILD_LIBNUCLIENT_TRUE@ ../../libs/nuconfparser/libnuconfparser.la \ @BUILD_LIBNUCLIENT_TRUE@ ../../libs/nubase/libnubase.la am__libnuclient_la_SOURCES_DIST = nuclient.h libnuclient.c proc.c \ iconv.c checks.c getdelim.c sending.c sys_config.c tcptable.c \ internal.c nuclient_conf.c nuclient_plugins.c am__objects_1 = @BUILD_LIBNUCLIENT_TRUE@am_libnuclient_la_OBJECTS = $(am__objects_1) \ @BUILD_LIBNUCLIENT_TRUE@ libnuclient.lo proc.lo iconv.lo \ @BUILD_LIBNUCLIENT_TRUE@ checks.lo getdelim.lo sending.lo \ @BUILD_LIBNUCLIENT_TRUE@ sys_config.lo tcptable.lo internal.lo \ @BUILD_LIBNUCLIENT_TRUE@ nuclient_conf.lo nuclient_plugins.lo libnuclient_la_OBJECTS = $(am_libnuclient_la_OBJECTS) libnuclient_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libnuclient_la_LDFLAGS) $(LDFLAGS) -o $@ @BUILD_LIBNUCLIENT_TRUE@am_libnuclient_la_rpath = -rpath $(libdir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libnuclient_la_SOURCES) DIST_SOURCES = $(am__libnuclient_la_SOURCES_DIST) RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive pkgconfigDATA_INSTALL = $(INSTALL_DATA) DATA = $(pkgconfig_DATA) am__include_HEADERS_DIST = nuclient.h includeHEADERS_INSTALL = $(INSTALL_HEADER) HEADERS = $(include_HEADERS) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive ETAGS = etags CTAGS = ctags DIST_SUBDIRS = tests plugins DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @BUILD_LIBNUCLIENT_TRUE@AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULES_DIR=\"$(libdir)/nuclient/modules/\" @BUILD_LIBNUCLIENT_TRUE@INCLUDES = -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nussl/ -I$(top_srcdir)/src/libs/nubase/ -I$(top_srcdir)/src/libs/nuconfparser/ @BUILD_LIBNUCLIENT_TRUE@SUBDIRS = tests plugins @BUILD_LIBNUCLIENT_TRUE@lib_LTLIBRARIES = libnuclient.la @BUILD_LIBNUCLIENT_TRUE@EXTRA_DIST = checks.h getdelim.h internal.h libnuclient.h \ @BUILD_LIBNUCLIENT_TRUE@ proc.h sys_config.h sending.h tcptable.h \ @BUILD_LIBNUCLIENT_TRUE@ nuclient_conf.h nuclient_plugins.h @BUILD_LIBNUCLIENT_TRUE@include_HEADERS = nuclient.h @BUILD_LIBNUCLIENT_TRUE@libnuclient_la_SOURCES = ${include_HEADERS} libnuclient.c proc.c iconv.c checks.c getdelim.c sending.c \ @BUILD_LIBNUCLIENT_TRUE@ sys_config.c tcptable.c internal.c \ @BUILD_LIBNUCLIENT_TRUE@ nuclient_conf.c nuclient_plugins.c @BUILD_LIBNUCLIENT_TRUE@libnuclient_la_LIBADD = -lsasl2 -L$(top_builddir)/src/include/ ../../libs/nussl/libnussl.la ../../libs/nuconfparser/libnuconfparser.la ../../libs/nubase/libnubase.la @BUILD_LIBNUCLIENT_TRUE@LIBNUCLIENT_AC = 4 @BUILD_LIBNUCLIENT_TRUE@LIBNUCLIENT_REV = 0 @BUILD_LIBNUCLIENT_TRUE@LIBNUCLIENT_ANC = 0 @BUILD_LIBNUCLIENT_TRUE@libnuclient_la_LDFLAGS = -version-info ${LIBNUCLIENT_AC}:${LIBNUCLIENT_REV}:${LIBNUCLIENT_ANC} @BUILD_LIBNUCLIENT_TRUE@pkgconfigdir = $(libdir)/pkgconfig @BUILD_LIBNUCLIENT_TRUE@pkgconfig_DATA = libnuclient.pc all: all-recursive .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/clients/lib/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/clients/lib/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh libnuclient.pc: $(top_builddir)/config.status $(srcdir)/libnuclient.pc.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ else :; fi; \ done uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ done clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done libnuclient.la: $(libnuclient_la_OBJECTS) $(libnuclient_la_DEPENDENCIES) $(libnuclient_la_LINK) $(am_libnuclient_la_rpath) $(libnuclient_la_OBJECTS) $(libnuclient_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/checks.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getdelim.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iconv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/internal.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libnuclient.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nuclient_conf.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nuclient_plugins.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sending.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sys_config.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tcptable.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-pkgconfigDATA: $(pkgconfig_DATA) @$(NORMAL_INSTALL) test -z "$(pkgconfigdir)" || $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)" @list='$(pkgconfig_DATA)'; for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ f=$(am__strip_dir) \ echo " $(pkgconfigDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(pkgconfigdir)/$$f'"; \ $(pkgconfigDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(pkgconfigdir)/$$f"; \ done uninstall-pkgconfigDATA: @$(NORMAL_UNINSTALL) @list='$(pkgconfig_DATA)'; for p in $$list; do \ f=$(am__strip_dir) \ echo " rm -f '$(DESTDIR)$(pkgconfigdir)/$$f'"; \ rm -f "$(DESTDIR)$(pkgconfigdir)/$$f"; \ done install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" @list='$(include_HEADERS)'; for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ f=$(am__strip_dir) \ echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ done uninstall-includeHEADERS: @$(NORMAL_UNINSTALL) @list='$(include_HEADERS)'; for p in $$list; do \ f=$(am__strip_dir) \ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ rm -f "$(DESTDIR)$(includedir)/$$f"; \ done # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ distdir=`$(am__cd) $(distdir) && pwd`; \ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ (cd $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$top_distdir" \ distdir="$$distdir/$$subdir" \ am__remove_distdir=: \ am__skip_length_check=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile $(LTLIBRARIES) $(DATA) $(HEADERS) installdirs: installdirs-recursive installdirs-am: for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkgconfigdir)" "$(DESTDIR)$(includedir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-recursive -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive info: info-recursive info-am: install-data-am: install-includeHEADERS install-pkgconfigDATA install-dvi: install-dvi-recursive install-exec-am: install-libLTLIBRARIES install-html: install-html-recursive install-info: install-info-recursive install-man: install-pdf: install-pdf-recursive install-ps: install-ps-recursive installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES \ uninstall-pkgconfigDATA .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ install-strip .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic \ clean-libLTLIBRARIES clean-libtool ctags ctags-recursive \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am \ install-includeHEADERS install-info install-info-am \ install-libLTLIBRARIES install-man install-pdf install-pdf-am \ install-pkgconfigDATA install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs installdirs-am \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags tags-recursive uninstall uninstall-am \ uninstall-includeHEADERS uninstall-libLTLIBRARIES \ uninstall-pkgconfigDATA # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/clients/lib/getdelim.c0000644000175000017500000000623011431206275014356 00000000000000/* getdelim.c --- Implementation of replacement getdelim function. Copyright (C) 1994, 1996, 1997, 1998, 2001, 2003, 2005, 2006, 2007 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* Ported from glibc by Simon Josefsson. */ #include #ifdef FREEBSD #include #include #include #include #include #ifndef SIZE_MAX # define SIZE_MAX ((size_t) -1) #endif #ifndef SSIZE_MAX # define SSIZE_MAX ((ssize_t) (SIZE_MAX / 2)) #endif #if !HAVE_FLOCKFILE # undef flockfile # define flockfile(x) ((void) 0) #endif #if !HAVE_FUNLOCKFILE # undef funlockfile # define funlockfile(x) ((void) 0) #endif /* Some systems, like OSF/1 4.0 and Woe32, don't have EOVERFLOW. */ #ifndef EOVERFLOW # define EOVERFLOW E2BIG #endif /* Read up to (and including) a DELIMITER from FP into *LINEPTR (and NUL-terminate it). *LINEPTR is a pointer returned from malloc (or NULL), pointing to *N characters of space. It is realloc'ed as necessary. Returns the number of characters read (not including the null terminator), or -1 on error or EOF. */ ssize_t getdelim (char **lineptr, size_t *n, int delimiter, FILE *fp) { ssize_t result; size_t cur_len = 0; if (lineptr == NULL || n == NULL || fp == NULL) { errno = EINVAL; return -1; } flockfile (fp); if (*lineptr == NULL || *n == 0) { *n = 120; *lineptr = (char *) realloc (*lineptr, *n); if (*lineptr == NULL) { result = -1; goto unlock_return; } } for (;;) { int i; i = getc (fp); if (i == EOF) { result = -1; break; } /* Make enough space for len+1 (for final NUL) bytes. */ if (cur_len + 1 >= *n) { size_t needed_max = SSIZE_MAX < SIZE_MAX ? (size_t) SSIZE_MAX + 1 : SIZE_MAX; size_t needed = 2 * *n + 1; /* Be generous. */ char *new_lineptr; if (needed_max < needed) needed = needed_max; if (cur_len + 1 >= needed) { result = -1; errno = EOVERFLOW; goto unlock_return; } new_lineptr = (char *) realloc (*lineptr, needed); if (new_lineptr == NULL) { result = -1; goto unlock_return; } *lineptr = new_lineptr; *n = needed; } (*lineptr)[cur_len] = i; cur_len++; if (i == delimiter) break; } (*lineptr)[cur_len] = '\0'; result = cur_len ? (ssize_t)cur_len : result; unlock_return: funlockfile (fp); /* doesn't set errno */ return result; } #endif /* #ifdef FREEBSD */ nufw-2.4.3/src/clients/lib/nuclient_conf.c0000644000175000017500000000702711431206275015417 00000000000000/* ** Copyright(C) 2009 INL ** Written by Pierre Chifflier ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include "nuclient_conf.h" #include "config-parser.h" #include #include static struct llist_head *nuclient_config_table_list = NULL; /** \file nuclient_conf.c * \brief Read configuration file */ int nuclient_parse_configuration(const char *user_config, const char *global_config) { struct llist_head *new_user_config = NULL, *new_global_config = NULL; if (user_config != NULL && access(user_config,R_OK) == 0) { new_user_config = parse_configuration(user_config); } if (access(global_config,R_OK) == 0) { new_global_config = parse_configuration(global_config); } if (nuclient_config_table_list != NULL) nuclient_config_table_destroy(); if (new_user_config != NULL) { if (new_global_config == NULL) { /* user, but no global config */ nuclient_config_table_list = new_user_config; return 0; } /* we have both config files, merge configs (user values * override global values). * Note: this is a O(n^2) operation, don't abuse it ! */ { struct config_table_t *entry; llist_for_each_entry(entry, new_user_config, list) { nubase_config_table_set(new_global_config, entry->key, entry->value); } nubase_config_table_destroy(new_user_config); nuclient_config_table_list = new_global_config; return 0; } } else { if (new_global_config != NULL) { /* global, but no user config */ nuclient_config_table_list = new_global_config; return 0; } /* no global or user config, defaults to empty */ nuclient_config_table_list = malloc(sizeof(struct llist_head)); INIT_LLIST_HEAD( nuclient_config_table_list ); } return 0; } char *nuclient_config_table_get(const char *key) { return nubase_config_table_get(nuclient_config_table_list, key); } char *nuclient_config_table_get_alwaysstring(char *key) { return nubase_config_table_get_alwaysstring(nuclient_config_table_list, key); } char *nuclient_config_table_get_or_default(char *key, char *replace) { return nubase_config_table_get_or_default(nuclient_config_table_list, key, replace); } int nuclient_config_table_get_or_default_int(char *key, int defint) { return nubase_config_table_get_or_default_int(nuclient_config_table_list, key, defint); } void nuclient_config_table_destroy(void) { return nubase_config_table_destroy(nuclient_config_table_list); nuclient_config_table_list = NULL; } void nuclient_config_table_print(void *userdata, void (*func)(void *data, char *keyeqval)) { return nubase_config_table_print(nuclient_config_table_list,userdata,func); } void nuclient_config_table_walk(void *userdata, void (*func)(void *data, char *key, char *val)) { struct config_table_t *config_table; llist_for_each_entry(config_table, nuclient_config_table_list, list) { func(userdata, config_table->key, config_table->value); } } nufw-2.4.3/src/clients/lib/checks.c0000644000175000017500000002016311431206275014025 00000000000000/* ** Copyright 2005-2009 - INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "nufw_source.h" #include "libnuclient.h" #include "nuclient_plugins.h" #include #include #include #include "proc.h" #include "checks.h" #include "tcptable.h" #include "sending.h" /** \addtogroup libnuclient * @{ */ /** * Thread waiting for nuauth message to do client tasks * * Message from nuauth : * - SRV_REQUIRED_PACKET : awake nu_client_thread_check * - SRV_REQUIRED_HELLO : send hello back to nuauth */ nu_error_t recv_message(nuauth_session_t *session, nuclient_error_t *err) { int ret; char dgram[512]; struct nu_srv_message * hdr = (struct nu_srv_message *) dgram; const size_t message_length = sizeof(struct nu_header) + sizeof(struct nu_authfield_hello) + sizeof(struct nu_authreq); char message[message_length]; struct nu_header *header; struct nu_authreq *authreq; struct nu_authfield_hello *hellofield; /* fill struct */ header = (struct nu_header *) message; header->proto = PROTO_VERSION; header->msg_type = USER_REQUEST; header->option = 0; header->length = htons(message_length); authreq = (struct nu_authreq *) (header + 1); authreq->packet_seq = session->packet_seq++; authreq->packet_length = htons(sizeof(struct nu_authreq) + sizeof(struct nu_authfield_hello)); hellofield = (struct nu_authfield_hello *) (authreq + 1); hellofield->type = HELLO_FIELD; hellofield->option = 0; hellofield->length = htons(sizeof(struct nu_authfield_hello)); ret = nussl_read(session->nussl, dgram, sizeof dgram); if (ret == NUSSL_SOCK_TIMEOUT) { SET_ERROR(err, INTERNAL_ERROR, NO_ERR); return NU_EXIT_CONTINUE; } if (ret <= 0) { ask_session_end(session); SET_ERROR(err, INTERNAL_ERROR, SESSION_NOT_CONNECTED_ERR); return NU_EXIT_ERROR; } switch (hdr->type) { case SRV_REQUIRED_PACKET: if (session->debug_mode) { log_printf(DEBUG_LEVEL_INFO, "[+] Client is asked to send new connections."); } nu_client_real_check(session, err); break; case SRV_REQUIRED_HELLO: hellofield->helloid = ((struct nu_srv_helloreq *) dgram)->helloid; if (session->debug_mode) { log_printf(DEBUG_LEVEL_INFO, "[+] Send HELLO"); } /* send it */ ret = nussl_write(session->nussl, message, message_length); if (ret < 0) { #if DEBUG_ENABLE log_printf(DEBUG_LEVEL_CRITICAL, "write failed at %s:%d", __FILE__, __LINE__); #endif ask_session_end(session); SET_ERROR(err, INTERNAL_ERROR, SESSION_NOT_CONNECTED_ERR); return NU_EXIT_ERROR; } break; case EXTENDED_PROTO: process_ext_message(dgram + sizeof(struct nu_srv_message), ret - sizeof(struct nu_srv_message), &nu_cruise_extproto_l, session); break; default: log_printf(DEBUG_LEVEL_SERIOUS_WARNING, "unknown message %d", hdr->type); return NU_EXIT_CONTINUE; } return NU_EXIT_OK; } nu_error_t increase_refresh_delay(nuauth_session_t *session) { if (session->sleep_delay.tv_sec * 1000000 + session->sleep_delay.tv_usec < session->max_sleep_delay.tv_sec * 1000000 + session->max_sleep_delay.tv_usec) { session->sleep_delay.tv_sec = session->sleep_delay.tv_sec * 2 + (session->sleep_delay.tv_usec * 2) / 1000000; session->sleep_delay.tv_usec = session->sleep_delay.tv_usec * 2 % 1000000; /* Should retest: We may exceed max delay if we don't have * max_delay=min_delay*2^k */ } return NU_EXIT_OK; } nu_error_t reset_refresh_delay(nuauth_session_t *session) { session->sleep_delay.tv_sec = session->min_sleep_delay.tv_sec; session->sleep_delay.tv_usec = session->min_sleep_delay.tv_usec; return NU_EXIT_OK; } /** * \ingroup nuclientAPI * \brief Function called by client to initiate a check * * It has to be run in an endless loop. * * \param session A pointer to a valid ::nuauth_session_t session * \param err A pointer to a allocated ::nuclient_error_t * \return 1 if success, -1 if a problem occurs. Session is destroyed if nu_client_check() return -1; * * \par Internal * It is in charge of cleaning session as the session may be used * by user and we have no control of it. * */ int nu_client_check(nuauth_session_t * session, nuclient_error_t * err) { /* test is a thread has detected problem with the session */ if (session->connected == 0) { SET_ERROR(err, INTERNAL_ERROR, SESSION_NOT_CONNECTED_ERR); return -1; } if (session->server_mode == SRV_TYPE_POLL) { int checkreturn; usleep(session->sleep_delay.tv_sec * 1000000 + session->sleep_delay.tv_usec); checkreturn = nu_client_real_check(session, err); if (checkreturn < 0) { /* error code filled by nu_client_real_check() */ return -1; } else { SET_ERROR(err, INTERNAL_ERROR, NO_ERR); return 1; } } else { struct timeval tv; fd_set select_set; int ret; tv.tv_sec = session->sleep_delay.tv_sec; tv.tv_usec = session->sleep_delay.tv_usec; if (session->nussl == NULL) { SET_ERROR(err, INTERNAL_ERROR, UNKNOWN_ERR); return -1; } /* Going to wait an event */ FD_ZERO(&select_set); FD_SET(nussl_session_get_fd(session->nussl), &select_set); ret = select(nussl_session_get_fd(session->nussl)+1, &select_set, NULL, NULL, &tv); /* catch select() error */ if (ret == -1) { ask_session_end(session); SET_ERROR(err, INTERNAL_ERROR, SESSION_NOT_CONNECTED_ERR); return -1; } if (ret == 0) { int checkreturn; /* start a check */ checkreturn = nu_client_real_check(session, err); if (checkreturn < 0) { /* error code filled by nu_client_real_check() */ return -1; } else { SET_ERROR(err, INTERNAL_ERROR, NO_ERR); if (checkreturn == 0) { increase_refresh_delay(session); } return 1; } /* sending hello if needed */ if ((time(NULL) - session->timestamp_last_sent) > SENT_TEST_INTERVAL) { if (!send_hello_pckt(session)) { SET_ERROR(err, INTERNAL_ERROR, TIMEOUT_ERR); return -1; } session->timestamp_last_sent = time(NULL); } } else { if (recv_message(session, err) == NU_EXIT_ERROR) { return -1; } } } SET_ERROR(err, INTERNAL_ERROR, NO_ERR); return 1; } /** * Function that check connections table and send authentication packets: * - Read the list of connections and build a conntrack table * (call to tcptable_read()) ; * - Initialize program list (/proc/ reading) ; * - Compare current table with old one (compare call) ; * - Free and return. * * \return Number of authenticated packets, or -1 on failure */ int nu_client_real_check(nuauth_session_t * session, nuclient_error_t * err) { conntable_t *new; int nb_packets = 0; if (session->debug_mode) { log_printf(DEBUG_LEVEL_INFO, "[+] Client checking for new connections."); } if (tcptable_init(&new) == 0) { ask_session_end(session); SET_ERROR(err, INTERNAL_ERROR, MEMORY_ERR); return -1; } if (tcptable_read(session, new) == 0) { ask_session_end(session); tcptable_free(new); SET_ERROR(err, INTERNAL_ERROR, TCPTABLE_ERR); return -1; } nb_packets = compare(session, session->ct, new, err); plugin_emit_event(NUCLIENT_EVENT_END_CHECK, session, (void *) (long)nb_packets); /* free link between proc and socket inode */ #ifdef LINUX prg_cache_clear(); #endif tcptable_free(session->ct); /* on error, we ask client to exit */ if (nb_packets < 0) { ask_session_end(session); return nb_packets; } session->ct = new; if (nb_packets > 0) { reset_refresh_delay(session); } return nb_packets; } /** @} */ nufw-2.4.3/src/clients/lib/sys_config.c0000644000175000017500000000676311431206275014742 00000000000000/* ** Copyright 2005-2009 - INL ** Written by Eric Leblond ** Vincent Deffontaines ** Pierre Chifflier ** INL http://www.inl.fr/ ** ** $Id: checks.c 3968 2007-11-26 14:03:43Z lds $ ** ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include #include "nuclient_conf.h" #include "sys_config.h" #include "getdelim.h" #define SYS_CONF_FILE CONFIG_DIR "/nuclient.conf" static int config_loaded = 0; static char* default_hostname = NULL; static char* default_port = NULL; static char* default_tls_ca = NULL; static char* default_tls_cert = NULL; static char* default_tls_key = NULL; static char* default_tls_crl = NULL; static int default_suppress_fqdn_verif = 0; static int str_to_bool(const char *val, int default_value) { if ( (!strcmp(val,"1")) || (!strcasecmp(val,"true")) || (!strcasecmp(val,"yes")) ) return 1; if ( (!strcmp(val,"0")) || (!strcasecmp(val,"false")) || (!strcasecmp(val,"no")) ) return 0; return default_value; } char *compute_user_config_path() { char path_dir[254]; char *home = nu_get_home_dir(); if (home == NULL) return NULL; secure_snprintf(path_dir, sizeof(path_dir), "%s/.nufw", home); if (access(path_dir, R_OK) != 0) { return NULL; } secure_snprintf(path_dir, sizeof(path_dir), "%s/.nufw/nuclient.conf", home); free(home); if (access(path_dir, R_OK) != 0) { return NULL; } return strdup(path_dir); } void nuclient_use_config() { char *value; default_hostname = nuclient_config_table_get("nuauth_ip"); default_port = nuclient_config_table_get("nuauth_port"); default_tls_ca = nuclient_config_table_get("nuauth_tls_ca"); default_tls_cert = nuclient_config_table_get("nuauth_tls_cert"); default_tls_key = nuclient_config_table_get("nuauth_tls_key"); default_tls_crl = nuclient_config_table_get("nuauth_tls_crl"); value = nuclient_config_table_get("nuauth_suppress_fqdn_verif"); if (value) { default_suppress_fqdn_verif = str_to_bool(value,1); } } void load_sys_config() { char* user_config; if (config_loaded) return; config_loaded = 1; user_config = compute_user_config_path(); if (nuclient_parse_configuration(user_config, SYS_CONF_FILE) == 0) { nuclient_use_config(); } free(user_config); } const char* nu_client_default_hostname() { return default_hostname; } const char* nu_client_default_port() { return default_port; } const char* nu_client_default_tls_ca() { return default_tls_ca; } const char* nu_client_default_tls_cert() { return default_tls_cert; } const char* nu_client_default_tls_key() { return default_tls_key; } const char* nu_client_default_tls_crl() { return default_tls_crl; } int nu_client_default_suppress_fqdn_verif() { return default_suppress_fqdn_verif; } nufw-2.4.3/src/clients/lib/tests/0000777000175000017500000000000011431215440013637 500000000000000nufw-2.4.3/src/clients/lib/tests/Makefile.in0000644000175000017500000002251311431215377015634 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/clients/lib/tests DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ EXTRA_DIST = dummy_client.c all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/clients/lib/tests/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/clients/lib/tests/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ distclean distclean-generic distclean-libtool distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am check: gcc -o dummy_client $(srcdir)/dummy_client.c -I$(top_srcdir)/src/clients/lib/ -I$(top_srcdir)/src/libs/nussl -L$(top_builddir)/src/clients/lib/ -L$(top_builddir)/src/clients/lib/.libs -lnuclient rm dummy_client # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/clients/lib/tests/Makefile.am0000644000175000017500000000037111431206275015616 00000000000000EXTRA_DIST = dummy_client.c check: gcc -o dummy_client $(srcdir)/dummy_client.c -I$(top_srcdir)/src/clients/lib/ -I$(top_srcdir)/src/libs/nussl -L$(top_builddir)/src/clients/lib/ -L$(top_builddir)/src/clients/lib/.libs -lnuclient rm dummy_client nufw-2.4.3/src/clients/lib/tests/dummy_client.c0000644000175000017500000000155311431206275016422 00000000000000/* ** Copyright 2007 - INL ** Written by Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include int main(int argc, char **argv) { return 0; } nufw-2.4.3/src/clients/lib/getdelim.h0000644000175000017500000000203511431206275014362 00000000000000/* ** Copyright 2005 - INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** $Id: checks.h 2795 2007-02-26 08:00:17Z regit $ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef GETDELIM_H #define GETDELIM_H #include #ifdef FREEBSD ssize_t getdelim (char **lineptr, size_t *n, int delimiter, FILE *fp); #endif #endif nufw-2.4.3/src/clients/lib/sys_config.h0000644000175000017500000000173711431206275014743 00000000000000/* ** Copyright 2005 - INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** $Id: checks.h 2795 2007-02-26 08:00:17Z regit $ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef SYS_CONFIG_H #define SYS_CONFIG_H #include "nuclient.h" void load_sys_config(); #endif nufw-2.4.3/src/clients/lib/Makefile.am0000644000175000017500000000205611431206275014456 00000000000000if BUILD_LIBNUCLIENT AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULES_DIR=\"$(libdir)/nuclient/modules/\" INCLUDES = -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nussl/ -I$(top_srcdir)/src/libs/nubase/ -I$(top_srcdir)/src/libs/nuconfparser/ SUBDIRS = tests plugins lib_LTLIBRARIES = libnuclient.la EXTRA_DIST = checks.h getdelim.h internal.h libnuclient.h \ proc.h sys_config.h sending.h tcptable.h \ nuclient_conf.h nuclient_plugins.h include_HEADERS = nuclient.h libnuclient_la_SOURCES = ${include_HEADERS} libnuclient.c proc.c iconv.c checks.c getdelim.c sending.c \ sys_config.c tcptable.c internal.c \ nuclient_conf.c nuclient_plugins.c libnuclient_la_LIBADD = -lsasl2 -L$(top_builddir)/src/include/ ../../libs/nussl/libnussl.la ../../libs/nuconfparser/libnuconfparser.la ../../libs/nubase/libnubase.la LIBNUCLIENT_AC=4 LIBNUCLIENT_REV=0 LIBNUCLIENT_ANC=0 libnuclient_la_LDFLAGS=-version-info ${LIBNUCLIENT_AC}:${LIBNUCLIENT_REV}:${LIBNUCLIENT_ANC} pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libnuclient.pc endif nufw-2.4.3/src/clients/lib/nuclient_plugins.c0000644000175000017500000000747711431206275016164 00000000000000/* ** Copyright 2009 - INL ** Written by Pierre Chifflier ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /** * \defgroup libnuclient Libnuclient * @{ */ /*! \file nuclient_plugins.c * \brief Plugins helper functions * * */ #include #include "libnuclient.h" #include "nuclient.h" #include "nufw_source.h" #include "nuclient_plugins.h" #include "nuclient_conf.h" #include #if HAVE_DLFCN_H # include #endif static struct nuclient_plugin_t _nuclient_plugin_list; static int _nuclient_init_plugin(struct nuclient_plugin_t *plugin) { nuclient_plugin_init_func func; int ret; func = dlsym(plugin->handle, NUCLIENT_PLUGIN_INIT_STR); if (func == NULL) return -1; ret = (*func)(PLUGIN_API_NUM, plugin); if (ret != 0) { /* plugin refused init */ return ret; } return 0; } void nuclient_plugin_free(struct nuclient_plugin_t *tmp) { if (tmp) { free(tmp->instance_name); // XXX we should refcount this if (tmp->handle) dlclose(tmp->handle); /* poison data, to prevent re-using */ memset(tmp, 0, sizeof(*tmp)); free(tmp); } } static void _nuclient_load_plugin(void *data, char *key, char *val) { struct nuclient_plugin_t *l = data; struct nuclient_plugin_t *tmp; char *plugins_path = MODULES_DIR; void * handle; int dlopen_args = RTLD_LAZY|RTLD_LOCAL; const char *section_prefix = "plugins/"; const char *instance_name = NULL; if (strncmp(key,section_prefix,strlen(section_prefix)) != 0) return; if (val == NULL || strlen(val) == 0) return; instance_name = key + strlen(section_prefix); printf("DEBUG trying to load instance : %s / %s\n", instance_name, val); if (val[0] == '/') handle = dlopen(val, dlopen_args); else { char buffer[4096]; snprintf(buffer, sizeof(buffer)-1,"%s/%s", plugins_path, val); handle = dlopen(buffer, dlopen_args); } if (handle == NULL) { printf("WARNING Could not load plugin %s : %s\n", instance_name, dlerror()); return; } tmp = malloc(sizeof(*tmp)); memset(tmp, 0, sizeof(*tmp)); tmp->handle = handle; tmp->instance_name = strdup(instance_name); if (_nuclient_init_plugin(tmp) != 0) { printf("WARNING Plugin %s is not a valid plugin\n", instance_name); nuclient_plugin_free(tmp); return; } llist_add(&(tmp->list), &(l->list)); printf("INFO Plugin %s loaded\n", instance_name); /* XXX extract config section corresponding to plugin name * and give it the the plugin, * or find a way to give plugin access to config */ if (tmp->init != NULL) { (tmp->init)(tmp, NULL); return; } } int init_plugins(void) { _nuclient_plugin_list.handle = NULL; _nuclient_plugin_list.instance_name = NULL; INIT_LLIST_HEAD(&_nuclient_plugin_list.list); return 0; } int load_plugins(void) { nuclient_config_table_walk(&_nuclient_plugin_list, _nuclient_load_plugin); return 0; } int plugin_emit_event(plugin_event_t event_id, nuauth_session_t * session, const char *arg) { struct nuclient_plugin_t *tmp; if (llist_empty(&_nuclient_plugin_list.list)) return 0; /* parse table */ llist_for_each_entry(tmp, &_nuclient_plugin_list.list, list){ if (tmp->dispatch) { (tmp->dispatch)(tmp, event_id, session, arg); } } return 0; } /** @} */ nufw-2.4.3/src/clients/lib/libnuclient.h0000644000175000017500000001613211431206275015103 00000000000000/* ** Copyright 2004-2008 - INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef LIBNUCLIENT_H #define LIBNUCLIENT_H #ifdef _FEATURES_H # error "libnuclient.h have to be included before " #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "nufw_source.h" #include "nubase.h" #include "nuclient.h" #include "nussl_hash.h" /* Constants */ #define SENT_TEST_INTERVAL 30 #ifndef CONNTABLE_BUCKETS /** Maximum number of connections in connection table, see ::conntable_t */ #define CONNTABLE_BUCKETS 5003 #endif /*> max number of packets to authenticate in a single tls packet */ #define CONN_MAX 7 #define MIN_DELAY_SEC 0 #define MIN_DELAY_USEC 50*1000 #define MAX_DELAY_SEC 1 #define MAX_DELAY_USEC 600*1000 #define NU_CAPABILITIES "TCP" #define NU_CAPABILITIES_MAXLENGTH 128 char nu_capabilities[NU_CAPABILITIES_MAXLENGTH]; /* Macros declarations */ #define SET_ERROR(ERR, FAMILY, CODE) \ if (ERR != NULL) \ { \ ERR->family = FAMILY; \ ERR->error = CODE; \ } #define PACKET_ITEM_MAXSIZE \ ( sizeof(struct nu_authreq) + sizeof(struct nu_authfield_ipv6) \ + 2 * sizeof(struct nu_authfield_app) + PROGNAME_BASE64_WIDTH \ + 4 * NUSSL_HASH_MAX_SIZE) #define PACKET_SIZE \ ( sizeof(struct nu_header) + CONN_MAX * PACKET_ITEM_MAXSIZE ) /** * \def panic(format, ...) * * Call do_panic(__FILE__, __LINE__, format, ...) */ #define panic(format, args...) \ do_panic(__FILE__, __LINE__, format, ##args ) /** * \def nu_assert(test, format, ...) * * If test fails, call do_panic(__FILE__, __LINE__, format, ...) */ #define nu_assert(test, format, args...) \ do { if (!(test)) do_panic(__FILE__, __LINE__, format, ##args ); } while (0) /* Type declarations */ /** * This structure holds everything we need to know about a connection. * * We use unsigned int and long (instead of exact type) to make * hashing easier. * * \see ::conn_t */ typedef struct conn_type { unsigned int protocol; /*!< IPv4 protocol */ struct in6_addr ip_src; /*!< Local address IPv4 */ unsigned short port_src; /*!< Local address port */ struct in6_addr ip_dst; /*!< Remote address IPv4 */ unsigned short port_dst; /*!< Remote address port */ unsigned long uid; /*!< User identifier */ unsigned long inode; /*!< Inode */ unsigned int retransmit; /*!< Retransmit */ time_t createtime; /*!< Creation time (Epoch format) */ /** Pointer to next connection (NULL if it's as the end) */ struct conn_type *next; } conn_t; /** * A connection table: hash table of single-linked connection lists, * a list stops with NULL value. * * Methods: * - tcptable_init(): create a structure (allocate memory) ; * - tcptable_hash(): compute a connection hash (index in this table) ; * - tcptable_add(): add a new entry ; * - tcptable_find(): fin a connection in a table ; * - tcptable_read(): feed the table using /proc/net/ files (under Linux) ; * - tcptable_free(): destroy a table (free memory). */ typedef struct { conn_t *buckets[CONNTABLE_BUCKETS]; } conntable_t; /* nuauth_session_t structure */ /* -- PRIVATE STRUCTURE -- */ struct nuauth_session { nussl_session* nussl; char *client_name; char *client_version; u_int32_t userid; /*!< Local user identifier (getuid()) */ char *username; /*!< Username (encoded in UTF-8) */ char *password; /*!< Password (encoded in UTF-8) */ char *pem_key; /* Path to file */ char *pem_cert; /* Path to file */ char *pem_ca; /* Path to file */ char *pem_crl; /* Path to file */ char *pkcs12_file; /* Path to file */ char *pkcs12_password; /* Path to file */ /** Callback used to get username */ char* (*username_callback)(); /** Callback used to get password */ char* (*passwd_callback)(); char *nuauth_cert_dn; char *sasl_mechlist; char *krb5_service; conntable_t *ct; /*!< Connection table */ u_int32_t packet_seq; /*!< Packet sequence number (start at zero) */ int auth_by_default; /*!< Auth. by default (=1) */ unsigned char debug_mode; /*!< Debug mode, enabled if different than zero */ unsigned char verbose; /*!< Verbose mode (default: enabled) */ unsigned char diffie_hellman; /*!< Use Diffie Hellman for key exchange? */ int has_src_addr; /*!< Has source address? */ struct sockaddr_storage src_addr; /*!< Source address */ /** Server mode: #SRV_TYPE_POLL or #SRV_TYPE_PUSH */ u_int8_t server_mode; u_int8_t hash; /** * Flag to signal if user is connected or not. * Connected means that TLS tunnel is opened * and that authentication is done. */ unsigned char connected; /** Timestamp (Epoch format) of last packet send to nuauth */ time_t timestamp_last_sent; /** sleep delay between check in microseconds */ struct timeval sleep_delay; /** min sleep delay between check in microseconds */ struct timeval min_sleep_delay; /** max sleep delay between check in microseconds */ struct timeval max_sleep_delay; /** Suppress warning when no CA is configured */ int suppress_ca_warning; /** Suppress certificate FQDN verification */ int suppress_fqdn_verif; /** Suppress certificate verification */ int suppress_cert_verif; char nu_capabilities[NU_CAPABILITIES_MAXLENGTH]; }; struct llist_head nu_postauth_extproto_l; struct llist_head nu_cruise_extproto_l; /* Funstions declarations */ char *locale_to_utf8(char *inbuf); void nu_exit_clean(nuauth_session_t * session); int compare(nuauth_session_t * session, conntable_t * old, conntable_t * new, nuclient_error * err); int add_packet_to_send(nuauth_session_t * session, conn_t ** auth, int *count_p, conn_t * bucket); int send_user_pckt(nuauth_session_t * session, conn_t * carray[CONN_MAX]); int send_hello_pckt(nuauth_session_t * session); void do_panic(const char *filename, unsigned long line, const char *fmt, ...); void ask_session_end(nuauth_session_t * session); #endif nufw-2.4.3/src/clients/lib/tcptable.h0000644000175000017500000000213511431206275014367 00000000000000/* ** Copyright 2005 - INL ** Written by Eric Leblond ** INL http://www.inl.fr ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef TCPTABLE_H #define TCPTABLE_H int tcptable_init(conntable_t ** ct); int tcptable_read(nuauth_session_t * session, conntable_t * ct); void tcptable_add(conntable_t * ct, conn_t * c); void tcptable_free(conntable_t * ct); int tcptable_hash(conn_t * c); conn_t *tcptable_find(conntable_t * ct, conn_t * c); #endif nufw-2.4.3/src/clients/lib/libnuclient.c0000644000175000017500000006745611431206275015115 00000000000000/* ** Copyright 2004-2010 - EdenWall Technologies ** Written by Eric Leblond ** Vincent Deffontaines ** Pierre Chifflier ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /** * \defgroup libnuclient Libnuclient * @{ */ /*! \file libnuclient.c * \brief Main file for libnuclient * * It contains all the exported functions * */ /** * Use gcry_malloc_secure() to disallow a memory page * to be moved to the swap */ #define USE_GCRYPT_MALLOC_SECURE #include "libnuclient.h" #include "nuclient.h" #include "nufw_source.h" #include "nuclient_plugins.h" #include #include #include /* va_list, va_start, ... */ #include #include #include "security.h" #include "sys_config.h" #include "internal.h" #include "tcptable.h" #include #include #include void nu_exit_clean(nuauth_session_t * session) { if (session->ct) { tcptable_free(session->ct); } if (session->nussl) { nussl_session_destroy(session->nussl); session->nussl = NULL; } secure_str_free(session->username); secure_str_free(session->password); free(session); } /** * \defgroup nuclientAPI API of libnuclient * \brief The high level API of libnuclient can be used to build a NuFW client * * A client needs to call a few functions in the correct order to be able to authenticate: * - nu_client_global_init(): To be called once at program start * - nu_client_new() or nu_client_new_callback(): start user session * - nu_client_setup_tls(): (optionnal) setup TLS key/certificate files * - nu_client_connect(): try to connect to nuauth server * - nu_client_check(): check if there is packet to authenticate and send authentication * request to nuauth if needed. It has to be run in a endless loop. * - nu_client_delete(): free a user session * - nu_client_global_deinit(): To be called once at program end * * On error, don't forget to delete session with nu_client_delete() */ /** * \ingroup nuclientAPI * \brief Destroy a client session: free all used memory * * This destroy a session and free all related structures. * * \param session A ::nuauth_session_t session to be cleaned */ void nu_client_delete(nuauth_session_t * session) { ask_session_end(session); /* destroy session */ nu_exit_clean(session); } /** * \ingroup nuclientAPI * \brief global initialisation function * * This function inits all library needed to initiate a connection to a nuauth server * * \param err A pointer to a ::nuclient_error_t which contains at exit the error * * \warning To be called only once. */ int nu_client_global_init(nuclient_error_t * err) { int ret; prg_cache_init(); if (nussl_init() != NUSSL_OK) { SET_ERROR(err, INTERNAL_ERROR, NUSSL_INIT_ERR); /* TODO: patch nussl to handle errors correctly in nussl_sock_init */ return 0; } /* initialize the sasl library */ ret = sasl_client_init(NULL); if (ret != SASL_OK) { SET_ERROR(err, SASL_ERROR, ret); return 0; } /* get local charset */ nu_locale_charset = nl_langinfo(CODESET); if (nu_locale_charset == NULL) { fprintf(stderr, "Can't get locale charset!\n"); return 0; } /* init capabilities string */ ret = snprintf(nu_capabilities, NU_CAPABILITIES_MAXLENGTH, "%s", NU_CAPABILITIES); if (ret <= 0) { return 0; } INIT_LLIST_HEAD(&nu_postauth_extproto_l); INIT_LLIST_HEAD(&nu_cruise_extproto_l); init_plugins(); return 1; } /** * \ingroup nuclientAPI * \brief Initialization: load config file * * This function loads the config file, and must be called after nu_client_global_init() * * \warning To be called only once. */ int nu_client_init_config() { load_sys_config(); return 1; } /** * \ingroup nuclientAPI * \brief Initialization: load plugins * * This function loads the plugins, and must be called after nu_client_global_init() and nu_client_init_config * * \warning To be called only once. */ int nu_client_init_plugins() { load_plugins(); return 1; } /** * \ingroup nuclientAPI * \brief Global de init function * * \warning To be called once, when leaving. */ void nu_client_global_deinit() { sasl_done(); } /** * \ingroup nuclientAPI * \brief Set username * */ void nu_client_set_username(nuauth_session_t *session, const char *username) { char *utf8username = nu_client_to_utf8(username, nu_locale_charset); session->username = secure_str_copy(utf8username); free(utf8username); } /** * \ingroup nuclientAPI * \brief Set password * */ void nu_client_set_password(nuauth_session_t *session, const char *password) { char *utf8pass = nu_client_to_utf8(password, nu_locale_charset); session->password = secure_str_copy(utf8pass); free(utf8pass); } void nu_client_set_debug(nuauth_session_t * session, unsigned char enabled); /** * \ingroup nuclientAPI * Get user home directory * * \return A string that need to be freed */ char *nu_get_home_dir() { uid_t uid; struct passwd *pwd; char *dir = NULL; uid = getuid(); if (!(pwd = getpwuid(uid))) { log_printf(DEBUG_LEVEL_CRITICAL, "Unable to get password file record"); endpwent(); return NULL; } dir = strdup(pwd->pw_dir); endpwent(); return dir; } /** * \ingroup nuclientAPI * Get user name * * \return A string that need to be freed */ char *nu_get_user_name() { uid_t uid; struct passwd *pwd; char *name = NULL; uid = getuid(); if (!(pwd = getpwuid(uid))) { log_printf(DEBUG_LEVEL_CRITICAL,"Unable to get password file record"); endpwent(); return NULL; } name = strdup(pwd->pw_name); endpwent(); return name; } /** * \ingroup nuclientAPI * Add capability to the list of supported capabilities * * \return 0 if ok, < 0 if not */ static int _nu_client_set_capability(char *pcapa, const char *capa) { strncat(pcapa, ";", NU_CAPABILITIES_MAXLENGTH - strlen(pcapa)); strncat(pcapa, capa, NU_CAPABILITIES_MAXLENGTH - strlen(pcapa)); return 0; } /** * \ingroup nuclientAPI * Remove capability from the list of supported capabilities * * \return 0 if ok, < 0 if not */ static int _nu_client_unset_capability(char *pcapa, const char *capa) { char * start, * end; start = strstr(pcapa, capa); if (start == NULL) { return -ENOSTR; } end = strstr(start, ";"); *(start - 1) = '\0'; if (end != NULL) { strcat(pcapa, end); } return 0; } int nu_client_set_capability(const char *capa) { return _nu_client_set_capability(nu_capabilities, capa); } int nu_client_unset_capability(const char *capa) { return _nu_client_unset_capability(nu_capabilities, capa); } int nu_client_set_session_capability(nuauth_session_t *session, const char *capa) { if (session->nu_capabilities[0] == 0) { strcpy(session->nu_capabilities, nu_capabilities); } return _nu_client_set_capability(session->nu_capabilities, capa); } int nu_client_unset_session_capability(nuauth_session_t *session, const char *capa) { return _nu_client_unset_capability(session->nu_capabilities, capa); } void nu_client_set_sasl_mechlist(nuauth_session_t * session, const char *mechlist) { if (mechlist) session->sasl_mechlist = strdup(mechlist); } void nu_client_set_client_info(nuauth_session_t *session, const char *client_name, const char *client_version) { if (client_name) session->client_name = strdup(client_name); if (client_version) session->client_version = strdup(client_version); } int nu_client_set_key(nuauth_session_t* session, const char* keyfile, const char* certfile, nuclient_error_t* err) { if (session->pem_key) free(session->pem_key); if (session->pem_cert) free(session->pem_cert); if (keyfile) { session->pem_key = strdup(keyfile); log_printf(DEBUG_LEVEL_DEBUG, "Using key: %s", keyfile); } if (certfile) { session->pem_cert = strdup(certfile); log_printf(DEBUG_LEVEL_DEBUG, "Using certificate: %s", certfile); } return 1; } int nu_client_set_ca(nuauth_session_t* session, const char* cafile, nuclient_error_t* err) { if (session->pem_ca) free(session->pem_ca); if (cafile) session->pem_ca = strdup(cafile); log_printf(DEBUG_LEVEL_DEBUG, "Using CA: %s", cafile); return 1; } int nu_client_set_pkcs12(nuauth_session_t* session, char* key_file, char* key_password, nuclient_error_t* err) { if (session->pkcs12_file) free(session->pkcs12_file); if (session->pkcs12_password) free(session->pkcs12_password); if (key_file) { log_printf(DEBUG_LEVEL_DEBUG, "Using key: %s", key_file); session->pkcs12_file = strdup(key_file); } if (key_password) session->pkcs12_password = strdup(key_password); return 1; } /** * \ingroup nuclientAPI * Initialize TLS: * - Set key filename (and test if the file does exist) * - Set certificate (if key and cert. are present) * * \param session Pointer to client session * \param keyfile Complete path to a key file stored in PEM format (can be NULL) * \param certfile Complete path to a certificate file stored in PEM format (can be NULL) * \param err Pointer to a nuclient_error_t: which contains the error * \return Returns 0 on error (error description in err), 1 otherwise */ int nu_client_load_key(nuauth_session_t * session, const char *keyfile, const char *certfile, nuclient_error_t * err) { char certstring[256]; char keystring[256]; char *home = nu_get_home_dir(); int exit_on_error = 0; int ret; /* If the user specified a certficate and a key on command line, * exit if we fail loading them. * Elsewise, try loading certs from ~/.nufw/, but continue if we fail */ if (certfile || keyfile) exit_on_error = 1; /* compute patch keyfile */ if (keyfile == NULL && home != NULL) { ret = secure_snprintf(keystring, sizeof(keystring), "%s/.nufw/key.pem", home); if (ret) keyfile = keystring; } if (certfile == NULL && home != NULL) { ret = secure_snprintf(certstring, sizeof(certstring), "%s/.nufw/cert.pem", home); if (ret) certfile = certstring; } if (certfile != NULL || keyfile != NULL) { ret = nussl_ssl_set_keypair(session->nussl, certfile, keyfile); if (ret != NUSSL_OK) { if (exit_on_error) { if (home) free(home); SET_ERROR(err, NUSSL_ERR, ret); return 0; } else { log_printf(DEBUG_LEVEL_WARNING, "Warning: Failed to load default certificate and key."); } } } if (home) free(home); return 1; } /** * \ingroup nuclientAPI * Initialize TLS: * - Set PKCS12 key/certificate filename (and test if the file does exist) * - Set PKCS12 password * * \param session Pointer to client session * \param pkcs12file Complete path to a key and a certificate file stored in PEM format (can be NULL) * \param pkcs12password Password of the pkcs12 file * \param err Pointer to a nuclient_error_t: which contains the error * \return Returns 0 on error (error description in err), 1 otherwise */ int nu_client_load_pkcs12(nuauth_session_t * session, char *pkcs12file, char *pkcs12password, nuclient_error_t * err) { int ret = nussl_ssl_set_pkcs12_keypair(session->nussl, pkcs12file, pkcs12password); if (ret != NUSSL_OK) { SET_ERROR(err, NUSSL_ERR, ret); return 0; } return 1; } /** * \ingroup nuclientAPI * Initialize TLS: * - Set trust file of credentials (if needed) * * \param session Pointer to client session * \param cafile Complete path to a certificate authority file stored in PEM format (can be NULL) * \param err Pointer to a nuclient_error_t: which contains the error * \return Returns 0 on error (error description in err), 1 otherwise */ int nu_client_load_ca(nuauth_session_t * session, const char *cafile, nuclient_error_t * err) { char castring[256]; char *home = nu_get_home_dir(); int exit_on_error = 0; int ret; if (cafile != NULL) exit_on_error = 1; if (cafile == NULL && home != NULL) { ret = secure_snprintf(castring, sizeof(castring), "%s/.nufw/cacert.pem", home); if (ret) cafile = castring; } if (cafile != NULL) { ret = nussl_ssl_trust_cert_file(session->nussl, cafile); if (ret != NUSSL_OK) { if (exit_on_error) { if (home) free(home); SET_ERROR(err, NUSSL_ERR, ret); return 0; } else { if (!session->suppress_ca_warning) { log_printf(DEBUG_LEVEL_WARNING, "\nWARNING: you have not provided any certificate authority.\n" "nutcpc will *NOT* verify server certificate trust.\n" "Use the -A option to set up CA.\n" ); } session->suppress_fqdn_verif = 1; nussl_set_session_flag(session->nussl, NUSSL_SESSFLAG_IGNORE_ID_MISMATCH, 1); } } } else { log_printf(DEBUG_LEVEL_WARNING, "Could not load any CA !"); return 0; } return 1; } int nu_client_load_crl(nuauth_session_t *session, const char *crlfile, const char *cafile, nuclient_error_t * err) { int ret; if (crlfile && *crlfile) { ret = nussl_ssl_set_crl_file(session->nussl, crlfile, cafile); if (ret != NUSSL_OK) { log_printf(DEBUG_LEVEL_WARNING,"TLS error with CRL: %s", nussl_get_error(session->nussl)); return 0; } log_printf(DEBUG_LEVEL_DEBUG, "Using crl: %s", crlfile); } return 1; } /** * \ingroup nuclientAPI * Returns a formatted string containing information about the TLS cipher * used for the connection to the server. * * \param session Pointer to client session * \return */ char* nu_client_get_cipher(nuauth_session_t * session) { char buf[256]; int ret; ret = nussl_session_get_cipher(session->nussl, buf, sizeof(buf)); return (ret==0) ? strdup(buf) : NULL; } /** * \ingroup nuclientAPI * Returns a formatted string containing information about the user certificate * * \param session Pointer to client session * \return */ char* nu_client_get_cert_info(nuauth_session_t * session) { return nussl_get_cert_info(session->nussl); } /** * \ingroup nuclientAPI * Returns a formatted string containing information about the server certificate * * \param session Pointer to client session * \return */ char* nu_client_get_server_cert_info(nuauth_session_t * session) { return nussl_get_server_cert_info(session->nussl); } /** * \ingroup nuclientAPI */ int nu_client_set_nuauth_cert_dn(nuauth_session_t * session, char *nuauth_cert_dn, nuclient_error_t *err) { if (*nuauth_cert_dn) { session->nuauth_cert_dn = nuauth_cert_dn; } return 1; } /** * \ingroup nuclientAPI */ int nu_client_set_crlfile(nuauth_session_t * session, const char *crlfile, nuclient_error_t *err) { if (session->pem_crl) free(session->pem_crl); if (crlfile) session->pem_crl = strdup(crlfile); return 1; } /** * \ingroup nuclientAPI */ int nu_client_set_krb5_service(nuauth_session_t * session, char *service) { if (service) { session->krb5_service = service; } return 1; } /** * \ingroup nuclientAPI */ int nu_client_set_ca_suppress_warning(nuauth_session_t * session, int suppress_ca_warning) { session->suppress_ca_warning = suppress_ca_warning; return 1; } /** * \ingroup nuclientAPI */ int nu_client_set_fqdn_suppress_verif(nuauth_session_t * session, int suppress_fqdn_verif) { session->suppress_fqdn_verif = suppress_fqdn_verif; return 1; } /** * \ingroup nuclientAPI */ int nu_client_set_cert_suppress_verif(nuauth_session_t * session, int suppress_cert_verif) { session->suppress_cert_verif = suppress_cert_verif; if (suppress_cert_verif) session-> suppress_fqdn_verif = 1; return 1; } /** * \ingroup nuclientAPI * Set IP source of the socket used to connect to nuauth server * * \param session Pointer to client session * \param addr Address of the socket */ void nu_client_set_source(nuauth_session_t *session, struct sockaddr_storage *addr) { session->has_src_addr = 1; session->src_addr = *addr; } /** * \brief Init connection to nuauth server * * (very secure but initialization is slower) * \param err Pointer to a nuclient_error_t: which contains the error * \return A pointer to a valid ::nuauth_session_t structure or NULL if init has failed * * \par Internal * Initialisation of nufw authentication session: * - set basic fields and then ; * - allocate x509 credentials ; * - generate Diffie Hellman params. * * If everything is ok, create the connection table using tcptable_init(). */ nuauth_session_t *_nu_client_new(nuclient_error_t * err) { conntable_t *new; nuauth_session_t *session; /* First reset error */ SET_ERROR(err, INTERNAL_ERROR, NO_ERR); /* Allocate a new session */ session = (nuauth_session_t *) calloc(1, sizeof(nuauth_session_t)); if (session == NULL) { SET_ERROR(err, INTERNAL_ERROR, MEMORY_ERR); return NULL; } /* Set basic fields */ session->userid = getuid(); session->connected = 0; session->auth_by_default = 1; session->packet_seq = 0; session->ct = NULL; session->debug_mode = 0; session->verbose = 1; session->timestamp_last_sent = time(NULL); session->min_sleep_delay.tv_sec = MIN_DELAY_SEC; session->min_sleep_delay.tv_usec = MIN_DELAY_USEC; session->max_sleep_delay.tv_sec = MAX_DELAY_SEC; session->max_sleep_delay.tv_usec = MAX_DELAY_USEC; session->sleep_delay.tv_sec = MIN_DELAY_SEC; session->sleep_delay.tv_usec = MIN_DELAY_USEC; session->hash = 0; if (tcptable_init(&new) == 0) { SET_ERROR(err, INTERNAL_ERROR, MEMORY_ERR); nu_exit_clean(session); return NULL; } session->ct = new; nu_client_set_client_info(session, "unknown client", "unknown version"); return session; } /** * \ingroup nuclientAPI * \brief Create new session and use callbacks. * * Callbacks are used to fetch username and password if they are * necessary for SASL negotiation. * * \param username_callback User name retrieving callback * \param passwd_callback Password retrieving callback * \param diffie_hellman If equals to 1, use Diffie Hellman for key exchange * (very secure but initialization is slower) * \param err Pointer to a nuclient_error_t: which contains the error * \return A pointer to a valid ::nuauth_session_t structure or NULL if init has failed */ nuauth_session_t *nu_client_new_callback(void *username_callback, void *passwd_callback, unsigned char diffie_hellman, nuclient_error_t * err) { nuauth_session_t *session = NULL; if (username_callback == NULL || passwd_callback == NULL) { SET_ERROR(err, INTERNAL_ERROR, BAD_CREDENTIALS_ERR); return NULL; } session = _nu_client_new(err); session->username_callback = username_callback; session->passwd_callback = passwd_callback; return session; } /** * \ingroup nuclientAPI * \brief Create new session. * * This function has to be used to create a new ::nuauth_session_t if there * is no plan to use a callback for getting username or password. * * \param username User name string * \param password Password string * \param diffie_hellman If equals to 1, use Diffie Hellman for key exchange * (very secure but initialization is slower) * \param err Pointer to a nuclient_error_t: which contains the error * \return A pointer to a valid ::nuauth_session_t structure or NULL if init has failed */ nuauth_session_t *nu_client_new(const char *username, const char *password, unsigned char diffie_hellman, nuclient_error_t * err) { nuauth_session_t *session = NULL; if (username == NULL || password == NULL) { SET_ERROR(err, INTERNAL_ERROR, BAD_CREDENTIALS_ERR); return NULL; } session = _nu_client_new(err); session->username = secure_str_copy(username); session->password = secure_str_copy(password); session->nu_capabilities[0] = 0; if (session->username == NULL || session->password == NULL) { SET_ERROR(err, INTERNAL_ERROR, MEMORY_ERR); return NULL; } return session; } /** * \ingroup nuclientAPI * Reset a session: close the connection and reset attributes. So the session * can be used as nu_client_connect() input. */ void nu_client_reset(nuauth_session_t * session) { ask_session_end(session); /* reset fields */ session->connected = 0; session->timestamp_last_sent = time(NULL); } static int finish_init(nuauth_session_t * session, nuclient_error_t * err) { int finish = 0; int ret; char buf[1024]; int bufsize; struct nu_srv_message * message = (struct nu_srv_message *) buf; while (! finish) { bufsize = nussl_read(session->nussl, buf, sizeof(buf)); if ((bufsize <= 0) || ((size_t)bufsize < sizeof(struct nu_srv_message))) { /* allo houston */ return 0; } switch (message->type) { case SRV_REQUIRED_INFO: switch (message->option) { case OS_VERSION: if (!send_os(session, err)) { return 0; } break; case CLIENT_VERSION: if (!send_client(session, err)) { return 0; } break; case CLIENT_CAPA: if (!send_capa(session, err)) { return 0; } break; default: return 0; } break; case SRV_TYPE: switch (message->option) { case SRV_TYPE_POLL: case SRV_TYPE_PUSH: session->server_mode = message->option; break; case SRV_HASH_TYPE: session->hash = ntohs(message->length); break; default: break; } break; case SRV_EXTENDED_PROTO: ret = process_ext_message(buf + sizeof(struct nu_srv_message), bufsize - sizeof(struct nu_srv_message), &nu_postauth_extproto_l, session); if (ret != 0) { return 0; } break; case SRV_INIT: finish = 1; switch (message->option) { case INIT_NOK: SET_ERROR(err, INTERNAL_ERROR, NUFW_INITNEGO_ERR); return 0; case INIT_OK: session->connected = 1; break; } break; } } return 1; } /** * \ingroup nuclientAPI * Try to connect to nuauth server: * - init_socket(): create socket to server ; * - tls_handshake(): TLS handshake ; * - init_sasl(): authentication with SASL ; * - send_os(): send OS field. * * \param session Pointer to client session * \param hostname String containing hostname of nuauth server (default: #NUAUTH_IP) * \param service Port number (or string) on which nuauth server is listening (default: #USERPCKT_SERVICE) * \param err Pointer to a nuclient_error_t: which contains the error * \return Returns 0 on error (error description in err), 1 otherwise */ int nu_client_connect(nuauth_session_t * session, const char *hostname, const char *service, nuclient_error_t * err) { int ret; unsigned int port = atoi(service); session->nussl = nussl_session_create(NUSSL_SSL_CTX_CLIENT); if (session->suppress_cert_verif) nussl_ssl_disable_certificate_check(session->nussl,1); if (session->suppress_fqdn_verif) nussl_set_session_flag(session->nussl, NUSSL_SESSFLAG_IGNORE_ID_MISMATCH, 1); nussl_set_hostinfo(session->nussl, hostname, port); if (session->pkcs12_file) { if (!nu_client_load_pkcs12(session, session->pkcs12_file, session->pkcs12_password, err)) return 0; } else { if (!nu_client_load_key(session, session->pem_key, session->pem_cert, err)) return 0; } if (!nu_client_load_ca(session, session->pem_ca, err)) return 0; if (session->pem_crl) { if (!nu_client_load_crl(session, session->pem_crl, session->pem_ca, err)) return 0; } ret = nussl_open_connection(session->nussl); if (ret != NUSSL_OK) { log_printf(DEBUG_LEVEL_CRITICAL, "%s", nussl_get_error(session->nussl)); nussl_session_destroy(session->nussl); session->nussl = NULL; SET_ERROR(err, NUSSL_ERR, ret); return 0; } if (!init_sasl(session, hostname, err)) { plugin_emit_event(NUCLIENT_EVENT_LOGIN_FAILED, session, session->username); return 0; } if (!finish_init(session, err)) { plugin_emit_event(NUCLIENT_EVENT_LOGIN_FAILED, session, session->username); return 0; } plugin_emit_event(NUCLIENT_EVENT_LOGIN_OK, session, session->username); return 1; } /** * \ingroup nuclientAPI * Enable or disabled debug mode * * \param session Pointer to client session * \param enabled Enable debug if different than zero (1), disable otherwise */ void nu_client_set_debug(nuauth_session_t * session, unsigned char enabled) { session->debug_mode = enabled; } /** * \ingroup nuclientAPI * Enable or disabled verbose mode * * \param session Pointer to client session * \param enabled Enable verbose mode if different than zero (1), disable otherwise */ void nu_client_set_verbose(nuauth_session_t * session, unsigned char enabled) { session->verbose = enabled; } /** * \ingroup nuclientAPI * Set minimum delay * * \param session Pointer to client session * \param delay a timeval which will be equal to the minimum delay * between two checks (in ms) */ void nu_client_set_min_delay(nuauth_session_t * session, unsigned int delay) { session->min_sleep_delay.tv_sec = delay / 1000; session->min_sleep_delay.tv_usec = (delay * 1000) % 1000000; } /** * \ingroup nuclientAPI * Set maximum delay * * \param session Pointer to client session * \param delay a timeval which will be equal to the maximum delay * between two checks (in ms) */ void nu_client_set_max_delay(nuauth_session_t * session, unsigned int delay) { session->max_sleep_delay.tv_sec = delay / 1000; session->max_sleep_delay.tv_usec = (delay * 1000) % 1000000; } /** * \ingroup nuclientAPI * \brief Allocate a structure to store client error */ int nu_client_error_init(nuclient_error_t ** err) { if (*err != NULL) return -1; *err = malloc(sizeof(nuclient_error_t)); if (*err == NULL) return -1; return 0; } /** * \ingroup nuclientAPI * \brief Destroy an error (free memory) */ void nu_client_error_destroy(nuclient_error_t * err) { if (err != NULL) free(err); } /** * \ingroup nuclientAPI * \brief Convert an error to an human readable string */ const char *nu_client_strerror(nuauth_session_t * session, nuclient_error_t * err) { if (err == NULL) { return "Error structure was not initialised"; } switch (err->family) { case NUSSL_ERR: if (session == NULL || session->nussl == NULL) return "NuSSL initialization error."; return nussl_get_error(session->nussl); case SASL_ERROR: return sasl_errstring(err->error, NULL, NULL); break; case INTERNAL_ERROR: switch (err->error) { case NO_ERR: return "No error"; case SESSION_NOT_CONNECTED_ERR: return "Session not connected"; case TIMEOUT_ERR: return "Connection timeout"; case DNS_RESOLUTION_ERR: return "DNS resolution error"; case NO_ADDR_ERR: return "Address not recognized"; case FILE_ACCESS_ERR: return "File access error"; case CANT_CONNECT_ERR: return "Connection failed"; case MEMORY_ERR: return "No more memory"; case TCPTABLE_ERR: return "Unable to read connection table"; case SEND_ERR: return "Unable to send packet to nuauth"; case BAD_CREDENTIALS_ERR: return "Bad credentials"; case BINDING_ERR: return "Binding (source address) error"; case NUSSL_INIT_ERR: return "NuSSL initialisation failed."; case NUFW_INITNEGO_ERR: return "NuFW refused connection during init."; case NUFW_CRUISE_ERR: return "NuFW error during cruise protocol."; case PROTO_ERR: return "Protocol error (too old authentication server ?)."; default: return "Unknown internal error code"; } break; default: return "Unknown family error"; } } /** * \ingroup nuclientAPI * Get version of nuclient library (eg. "2.1.1-3") * * \return Nuclient version string */ const char *nu_get_version() { return NUCLIENT_VERSION; } /** * \ingroup nuclientAPI * Check if libnuclient if the specified version. Use #NUCLIENT_VERSION * as argument. See also function nu_get_version(). * * \return Return 1 if ok, 0 if versions are different. */ int nu_check_version(const char *version) { if (strcmp(NUCLIENT_VERSION, version) == 0) return 1; else return 0; } /** @} */ nufw-2.4.3/src/clients/lib/iconv.c0000644000175000017500000000602611431206275013705 00000000000000/* ** Copyright 2004,2005 - INL ** Written by Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "libnuclient.h" #include #include #include #include #include #include #include /** * \addtogroup libnuclient * @{ */ /** * Convert a locale in locale charset to Unicode charset using UTF-8 encoding. * Maximum length of output buffer is four times of inbuf length. * * \param inbuf Input buffer written in locale charset * \param from_charset Target charset * \return New allocated buffer, which need to be freed */ char *nu_client_to_utf8(const char *inbuf, char *from_charset) { iconv_t ctx; size_t inlen = strlen(inbuf); size_t maxlen = inlen * 4; char *outbuf; char *targetbuf; size_t real_outlen; size_t orig_inlen = inlen; size_t outbuflen = 3; size_t outbufleft; int ret; /* just returns NULL if input is NULL */ if (inbuf == NULL) { return NULL; } /* create an iconv context to convert locale charset to UTF-8 */ ctx = iconv_open("UTF-8", from_charset); /* allocate a buffer */ outbuf = calloc(outbuflen, sizeof(char)); nu_assert(outbuf != NULL, "iconv fail to allocate output buffer!"); /* iconv convert */ outbufleft = outbuflen - 1; /* -1 because we keep last byte for nul byte */ targetbuf = outbuf; ret = iconv(ctx, (char **) &inbuf, &inlen, &targetbuf, &outbufleft); real_outlen = targetbuf - outbuf; /* is buffer too small? */ if (ret == -1) { if (errno != E2BIG) { free(outbuf); iconv_close(ctx); panic("iconv error code %i!", ret); } while ((ret == -1) && (errno == E2BIG) && (outbuflen < maxlen)) { /* realloc outbuf */ outbuflen += orig_inlen; outbuf = realloc(outbuf, outbuflen); if (outbuf == NULL) { free(outbuf); iconv_close(ctx); panic ("iconv error: can't rellocate buffer!"); } /* run iconv once more */ outbufleft = outbuflen - real_outlen - 1; /* -1 because we keep last byte for nul byte */ targetbuf = outbuf + real_outlen; ret = iconv(ctx, (char **) &inbuf, &inlen, &targetbuf, &outbufleft); real_outlen = targetbuf - outbuf; } } /* close iconv context */ iconv_close(ctx); /* realloc output to have a correct size */ outbuflen = real_outlen + 1; outbuf = realloc(outbuf, outbuflen); outbuf[outbuflen - 1] = 0; return outbuf; } /** @} */ nufw-2.4.3/src/clients/lib/nuclient.h0000644000175000017500000001452511431206275014420 00000000000000/* ** Copyright 2004-2009 - INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NUCLIENT_H #define NUCLIENT_H #include #ifdef __cplusplus extern "C" { #if 0 /* dummy code to make vim indentation works */ } #endif #endif #define NUCLIENT_VERSION_MAJOR 4 #define NUCLIENT_VERSION_MINOR 0 #define NUCLIENT_VERSION_REVISION 0 #define NUCLIENT_VERSION "4.0.0" /** Default nuauth IP address */ #define NUAUTH_IP "192.168.1.1" /** Default Kerberos realm */ #define DEFAULT_KRB5_REALM "nuauth" #define NU_HELLO_CAPABILITIES "HELLO" /** Timeout of UDP connections */ #define UDP_TIMEOUT 30 enum { ERROR_OK = 0, ERROR_LOGIN = 1, ERROR_NETWORK = 2 }; /** Error family */ typedef enum { INTERNAL_ERROR = 0, NUSSL_ERR = 1, SASL_ERROR = 2 } nuclient_error_family_t; /* INTERNAL ERROR CODES */ enum { NO_ERR = 0, /** No error */ SESSION_NOT_CONNECTED_ERR = 1, /** Session not connected */ UNKNOWN_ERR = 2, /** Unknown error */ TIMEOUT_ERR = 3, /** Connection timeout */ DNS_RESOLUTION_ERR = 4, /** DNS resolution error */ NO_ADDR_ERR = 5, /** Address not recognized */ FILE_ACCESS_ERR = 6, /** File access error */ CANT_CONNECT_ERR = 7,/** Connection failed */ MEMORY_ERR = 8, /** No more memory */ TCPTABLE_ERR = 9, /** Fail to read connection table */ SEND_ERR = 10, /** Fail to send packet to nuauth */ BAD_CREDENTIALS_ERR, /** Username/password error */ BINDING_ERR, /** bind() call failed */ NUSSL_INIT_ERR, /** NuSSL initialisation failed */ NUFW_INITNEGO_ERR, /** Error during initial negotiation phase */ NUFW_CRUISE_ERR, /** Error during cruise mode extension protocol */ PROTO_ERR, /** Protocol error, for example to old nuauth */ }; /* Define for backward compatibility */ #define nuclient_error nuclient_error_t typedef struct nuauth_session nuauth_session_t; /* libnuclient return code structure */ typedef struct { nuclient_error_family_t family; int error; } nuclient_error_t; /* Exported functions */ int nu_client_check(nuauth_session_t *session, nuclient_error_t *err); int nu_client_error_init(nuclient_error_t **err); void nu_client_error_destroy(nuclient_error_t *err); const char *nu_client_strerror(nuauth_session_t *session, nuclient_error_t *err); int nu_client_global_init(nuclient_error_t *err); void nu_client_global_deinit(); int nu_client_init_config(); int nu_client_init_plugins(); nuauth_session_t *nu_client_new(const char *username, const char *password, unsigned char diffie_hellman, nuclient_error_t *err); nuauth_session_t *nu_client_new_callback(void *username_callback, void *passwd_callback, unsigned char diffie_hellman, nuclient_error_t * err); void nu_client_set_username(nuauth_session_t *session, const char *username); void nu_client_set_password(nuauth_session_t *session, const char *password); const char* nu_client_default_hostname(); const char* nu_client_default_port(); const char* nu_client_default_tls_ca(); const char* nu_client_default_tls_cert(); const char* nu_client_default_tls_key(); const char* nu_client_default_tls_crl(); int nu_client_default_suppress_fqdn_verif(); void nu_client_set_client_info(nuauth_session_t *session, const char *client_name, const char *client_version); void nu_client_set_debug(nuauth_session_t * session, unsigned char enabled); void nu_client_set_verbose(nuauth_session_t * session, unsigned char enabled); void nu_client_set_source(nuauth_session_t *session, struct sockaddr_storage *addr); int nu_client_set_key(nuauth_session_t * session, const char *keyfile, const char *certfile, nuclient_error_t *err); int nu_client_set_pkcs12(nuauth_session_t * session, char *pkcs12file, char *pkcs12password, nuclient_error_t *err); int nu_client_set_ca(nuauth_session_t * session, const char *cafile, nuclient_error_t *err); int nu_client_set_nuauth_cert_dn(nuauth_session_t * session, char *nuauth_cert_dn, nuclient_error_t *err); int nu_client_set_crlfile(nuauth_session_t * session, const char *crlfile, nuclient_error_t *err); char* nu_client_get_cipher(nuauth_session_t * session); char* nu_client_get_cert_info(nuauth_session_t * session); char* nu_client_get_server_cert_info(nuauth_session_t * session); int nu_client_set_crlfile(nuauth_session_t * session, const char *crlfile, nuclient_error_t *err); int nu_client_set_krb5_service(nuauth_session_t * session, char *service); int nu_client_set_ca_suppress_warning(nuauth_session_t * session, int suppress_ca_warning); int nu_client_set_fqdn_suppress_verif(nuauth_session_t * session, int suppress_fqdn_verif); int nu_client_set_cert_suppress_verif(nuauth_session_t * session, int suppress_cert_verif); int nu_client_connect(nuauth_session_t * session, const char *hostname, const char *service, nuclient_error_t *err); void nu_client_reset(nuauth_session_t * session); void nu_client_delete(nuauth_session_t * session); char *nu_client_to_utf8(const char *inbuf, char *from_charset); const char *nu_get_version(); int nu_check_version(const char *version); void nu_client_set_min_delay(nuauth_session_t * session, unsigned int delay); void nu_client_set_max_delay(nuauth_session_t * session, unsigned int delay); int nu_client_set_capability(const char *capa); int nu_client_unset_capability(const char *capa); int nu_client_set_session_capability(nuauth_session_t * session, const char *capa); int nu_client_unset_session_capability(nuauth_session_t * session, const char *capa); void nu_client_set_sasl_mechlist(nuauth_session_t * session, const char *mechlist); char *nu_get_home_dir(); char *nu_get_user_name(); #ifdef __cplusplus } #endif #endif /* #ifndef NUCLIENT_H */ nufw-2.4.3/src/clients/lib/sending.h0000644000175000017500000000176711431206275014232 00000000000000/* ** Copyright 2005 - INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef SENDING_H #define SENDING_H int send_hello_pckt(nuauth_session_t * session); int send_user_pckt(nuauth_session_t * session, conn_t * c[CONN_MAX]); #endif nufw-2.4.3/src/clients/lib/plugins/0000777000175000017500000000000011431215440014156 500000000000000nufw-2.4.3/src/clients/lib/plugins/Makefile.in0000644000175000017500000003516311431215377016160 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/clients/lib/plugins DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = luser all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/clients/lib/plugins/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/clients/lib/plugins/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ distdir=`$(am__cd) $(distdir) && pwd`; \ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ (cd $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$top_distdir" \ distdir="$$distdir/$$subdir" \ am__remove_distdir=: \ am__skip_length_check=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-exec-am: install-html: install-html-recursive install-info: install-info-recursive install-man: install-pdf: install-pdf-recursive install-ps: install-ps-recursive installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ install-strip .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic clean-libtool \ ctags ctags-recursive distclean distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/clients/lib/plugins/luser/0000777000175000017500000000000011431215440015310 500000000000000nufw-2.4.3/src/clients/lib/plugins/luser/Makefile.in0000644000175000017500000003657211431215377017317 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # postauth_localuser plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/clients/lib/plugins/luser DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) luser_la_LIBADD = am_luser_la_OBJECTS = luser_main.lo luser_la_OBJECTS = $(am_luser_la_OBJECTS) luser_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(luser_la_LDFLAGS) \ $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(luser_la_SOURCES) DIST_SOURCES = $(luser_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = -I$(top_srcdir)/src/clients/lib/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuclient/modules plugin_LTLIBRARIES = luser.la luser_la_SOURCES = luser_main.c luser_la_LDFLAGS = -module -avoid-version ../../../../libs/nubase/libnubase.la all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/clients/lib/plugins/luser/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/clients/lib/plugins/luser/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/luser_main.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES luser.la: $(luser_la_OBJECTS) $(luser_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(luser_la_LDFLAGS) $(luser_la_OBJECTS) $(luser_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/clients/lib/plugins/luser/Makefile.am0000644000175000017500000000106411431206275017267 00000000000000# postauth_localuser plugin AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = -I$(top_srcdir)/src/clients/lib/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuclient/modules plugin_LTLIBRARIES = luser.la luser_la_SOURCES = luser_main.c luser_la_LDFLAGS = -module -avoid-version ../../../../libs/nubase/libnubase.la luser.la: $(luser_la_OBJECTS) $(luser_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(luser_la_LDFLAGS) $(luser_la_OBJECTS) $(luser_la_LIBADD) nufw-2.4.3/src/clients/lib/plugins/luser/luser_main.c0000644000175000017500000001053111431206275017534 00000000000000/* ** Copyright(C) 2009 INL ** Written by Eric Leblond ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ** */ #include #include #include #include "nubase.h" #include "proto.h" #define LUSER_EXT_NAME "LUSER" #define LUSER_USER_CMD "LOCALUSER" int send_username(char **dbuf, int dbufsize, void *data); int send_username_cruise(char **dbuf, int dbufsize, void *data); struct proto_ext_t localuser_ext = { .name = LUSER_EXT_NAME, .ncmd = 1, .cmd = { { .cmdname = LUSER_USER_CMD, .nargs = 0, .callback = &send_username, }, } }; struct proto_ext_t cr_localuser_ext = { .name = LUSER_EXT_NAME, .ncmd = 1, .cmd = { { .cmdname = LUSER_USER_CMD, .nargs = 0, .callback = &send_username_cruise, }, } }; int NUCLIENT_PLUGIN_INIT(unsigned int api_num, struct nuclient_plugin_t *plugin) { if (PLUGIN_API_NUM != api_num) return -1; plugin->dispatch = NULL; plugin->close = NULL; nu_client_set_capability(LUSER_EXT_NAME); /* register postauth protocol extension */ INIT_LLIST_HEAD(&(localuser_ext.list)); llist_add(&nu_postauth_extproto_l, &(localuser_ext.list)); /* register cruise protocol extension */ INIT_LLIST_HEAD(&(cr_localuser_ext.list)); llist_add(&nu_cruise_extproto_l, &(cr_localuser_ext.list)); return 0; } /** * Create the username information packet and send it to nuauth. * Packet is in format ::nuv2_authfield. * * \param session Pointer to client session * \param err Pointer to a nuclient_error_t: which contains the error */ int send_username(char **dbuf,int dbufsize, void *data) { nuauth_session_t * session = (nuauth_session_t *) data; char buf[1024]; struct nu_authfield *vfield = (struct nu_authfield *) buf; char *enc_capa = buf + sizeof(struct nu_authfield); char buffer[512]; struct passwd result_buf; struct passwd *result_bufp = NULL; int ret; ret = getpwuid_r(getuid(), &result_buf, buffer, sizeof(buffer), &result_bufp); if (ret != 0) { /* SET_ERROR(err, NUSSL_ERR, ret); */ return -1; } ret = snprintf(enc_capa, sizeof(buf) - sizeof(*vfield), "BEGIN\n" LUSER_EXT_NAME "\n" LUSER_USER_CMD " %s\nEND\n", result_bufp->pw_name); /* build packet header */ vfield->type = EXTENDED_PROTO_FIELD; vfield->option = 0; vfield->length = sizeof(struct nu_authfield) + ret; /* add packet body */ vfield->length = htons(vfield->length); /* Send capabilities field over network */ ret = nussl_write(session->nussl, buf, ntohs(vfield->length)); if (ret < 0) { if (session->verbose) printf("Error sending tls data: ..."); /* SET_ERROR(err, NUSSL_ERR, ret); */ return -1; } return 0; } int send_username_cruise(char **dbuf,int dbufsize, void *data) { nuauth_session_t * session = (nuauth_session_t *) data; char buf[1024]; struct nu_header *header; char *enc_capa = buf + sizeof(struct nu_header); char buffer[512]; struct passwd result_buf; struct passwd *result_bufp = NULL; int ret; header = (struct nu_header *) buf; header->proto = PROTO_VERSION; header->msg_type = EXTENDED_PROTO; header->option = 0; ret = getpwuid_r(getuid(), &result_buf, buffer, sizeof(buffer), &result_bufp); if (ret != 0) { /* SET_ERROR(err, NUSSL_ERR, ret); */ return -1; } ret = snprintf(enc_capa, sizeof(buf) - sizeof(*header), "BEGIN\n" LUSER_EXT_NAME "\n" LUSER_USER_CMD " %s\nEND\n", result_bufp->pw_name); header->length = sizeof(struct nu_header) + ret; /* add packet body */ header->length = htons(header->length); /* Send capabilities field over network */ ret = nussl_write(session->nussl, buf, ntohs(header->length)); if (ret < 0) { if (session->verbose) printf("Error sending tls data: ..."); /* SET_ERROR(err, NUSSL_ERR, ret); */ return -1; } return 0; } nufw-2.4.3/src/clients/lib/plugins/Makefile.am0000644000175000017500000000002011431206275016124 00000000000000SUBDIRS = luser nufw-2.4.3/src/clients/lib/sending.c0000644000175000017500000001306011431206275014212 00000000000000/* ** Copyright 2005-2009 - INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "libnuclient.h" #include #include #include #include "sending.h" #include "proc.h" /** * \addtogroup libnuclient * @{ */ #if DEBUG_ENABLE int count; #endif int send_hello_pckt(nuauth_session_t * session) { struct nu_header header; /* fill struct */ header.proto = PROTO_VERSION; header.msg_type = USER_HELLO; header.option = 0; header.length = htons(sizeof(struct nu_header)); #if XXX /* send it */ if (session->tls) { if (gnutls_record_send (session->tls, &header, sizeof(struct nu_header)) <= 0) { #if DEBUG_ENABLE printf("write failed at %s:%d\n", __FILE__, __LINE__); #endif return 0; } } #else if (nussl_write(session->nussl, (char*)&header, sizeof(struct nu_header)) < 0) { #if DEBUG_ENABLE printf("write failed at %s:%d\n", __FILE__, __LINE__); #endif return 0; } #endif return 1; } /** * Send connections to nuauth: between 1 and #CONN_MAX connections * in a big packet of format: * [ nu_header + nu_authfield_ipv6 * N ] */ int send_user_pckt(nuauth_session_t * session, conn_t * carray[CONN_MAX]) { char data[PACKET_SIZE]; char *pointer; unsigned int item; struct nu_header *header; struct nu_authreq *authreq; struct nu_authfield_ipv6 *authfield; struct nu_authfield_app *appfield; unsigned len; const char *appname; char *app_ptr; session->timestamp_last_sent = time(NULL); memset(data, 0, sizeof data); header = (struct nu_header *) data; header->proto = PROTO_VERSION; header->msg_type = USER_REQUEST; header->option = 0; header->length = sizeof(struct nu_header); pointer = (char *) (header + 1); for (item = 0; ((item < CONN_MAX) && carray[item] != NULL); item++) { #if DEBUG printf("adding one authreq\n"); #endif #ifdef LINUX /* get application name from inode */ appname = prg_cache_get(carray[item]->inode); #else appname = "UNKNOWN"; #endif header->length += sizeof(struct nu_authreq) + sizeof(struct nu_authfield_ipv6); authreq = (struct nu_authreq *) pointer; authreq->packet_seq = session->packet_seq++; authreq->packet_length = sizeof(struct nu_authreq) + sizeof(struct nu_authfield_ipv6); authfield = (struct nu_authfield_ipv6 *) (authreq + 1); authfield->type = IPV6_FIELD; authfield->option = 0; authfield->src = carray[item]->ip_src; authfield->dst = carray[item]->ip_dst; authfield->proto = carray[item]->protocol; authfield->flags = 0; authfield->FUSE = 0; #ifdef _I386__ENDIAN_H_ #ifdef __DARWIN_LITTLE_ENDIAN authfield->sport = carray[item]->port_src; authfield->dport = carray[item]->port_dst; #else authfield->sport = htons(carray[item]->port_src); authfield->dport = htons(carray[item]->port_dst); #endif /* DARWIN LITTLE ENDIAN */ #else authfield->sport = htons(carray[item]->port_src); authfield->dport = htons(carray[item]->port_dst); #endif /* I386 ENDIAN */ /* application field */ appfield = (struct nu_authfield_app *) (authfield + 1); appfield->type = APP_FIELD; appfield->option = APP_TYPE_NAME; app_ptr = (char *) (appfield + 1); sasl_encode64(appname, strlen(appname), app_ptr, PROGNAME_BASE64_WIDTH, &len); appfield->length = sizeof(struct nu_authfield_app) + len; authreq->packet_length += appfield->length; /* glue piece together on data if packet is not too long */ header->length += appfield->length; if (session->hash) { struct nu_authfield_app *sigfield; const char *appsig; appsig = prg_cache_getsig(session->hash, carray[item]->inode); sigfield = (struct nu_authfield_app *) ((char*)appfield + appfield->length); sigfield->type = HASH_FIELD; sigfield->option = 0; app_ptr = (char *) (sigfield + 1); memcpy(app_ptr, appsig, strlen(appsig)); sigfield->length = sizeof(struct nu_authfield_app) + strlen(appsig); authreq->packet_length += sigfield->length; /* glue piece together on data if packet is not too long */ header->length += sigfield->length; sigfield->length = htons(sigfield->length); } assert(header->length < PACKET_SIZE); pointer += authreq->packet_length; appfield->length = htons(appfield->length); authreq->packet_length = htons(authreq->packet_length); authfield->length = htons(sizeof(struct nu_authfield_ipv6)); } header->length = htons(header->length); if (session->debug_mode) { log_printf(DEBUG_LEVEL_INFO, "[+] Send %u new connection(s) to nuauth\n", item); } /* and send it */ #if XXX if (session->tls) { if (gnutls_record_send (session->tls, data, pointer - data) <= 0) { log_printf(DEBUG_LEVEL_CRITICAL, "write failed\n"); return 0; } } #else if (nussl_write(session->nussl, (char*)data, pointer - data) < 0) { log_printf(DEBUG_LEVEL_CRITICAL, "write failed\n"); return 0; } #endif return 1; } /** @} */ nufw-2.4.3/src/clients/lib/proc.c0000644000175000017500000002017011431206275013526 00000000000000/* ** Copyright 2005-2007 - INL ** Written by Eric Leblond ** Victor Stinner ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include "libnuclient.h" #include "proc.h" #include #ifdef LINUX #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "security.h" #include #include #define BLOCKSIZE 64 /** * \addtogroup libnuclient * @{ */ static struct prg_node { struct prg_node *next; /** Pointer to next element in the single chained list */ unsigned long inode; /** Inode of the program executable binary */ char name[PROGNAME_WIDTH]; /** Name of the program (encoded in UTF-8) */ char sig[4 * NUSSL_HASH_MAX_SIZE + 48]; /* HASH size + prefix */ } *prg_hash[PRG_HASH_SIZE]; #define PROGNAME_WIDTHs PROGNAME_WIDTH1(PROGNAME_WIDTH) #define PROGNAME_WIDTH1(s) PROGNAME_WIDTH2(s) #define PROGNAME_WIDTH2(s) #s #define PRG_HASHIT(x) ((x) % PRG_HASH_SIZE) #define PRG_LOCAL_ADDRESS "local_address" #define PRG_INODE "inode" #define PRG_SOCKET_PFX "socket:[" #define PRG_SOCKET_PFXl (strlen(PRG_SOCKET_PFX)) #define PRG_SOCKET_PFX2 "[0000]:" #define PRG_SOCKET_PFX2l (strlen(PRG_SOCKET_PFX2)) #ifndef PATH_MAX # define PATH_MAX 4096 #endif static void prg_cache_add(unsigned long inode, char *name) { unsigned hi = PRG_HASHIT(inode); struct prg_node **pnp, *pn; prg_cache_loaded = 2; for (pnp = prg_hash + hi; (pn = *pnp); pnp = &pn->next) { if (pn->inode == inode) { /* Some warning should be appropriate here as we got multiple processes for one i-node */ return; } } *pnp = malloc(sizeof(**pnp)); if (*pnp == NULL) return; pn = *pnp; pn->next = NULL; pn->inode = inode; SECURE_STRNCPY(pn->name, name, sizeof(pn->name)); pn->sig[0] = 0; } const char *prg_cache_get(unsigned long inode) { unsigned hi = PRG_HASHIT(inode); struct prg_node *pn; for (pn = prg_hash[hi]; pn; pn = pn->next) if (pn->inode == inode) return (pn->name); return ("-"); } const char *prg_cache_getsig(int algo, unsigned long inode) { unsigned hi = PRG_HASHIT(inode); struct prg_node *pn; size_t size; unsigned char pnsig[4 * NUSSL_HASH_MAX_SIZE]; int ret; #define SHA512_PREFIX "{SHA512}" for (pn = prg_hash[hi]; pn; pn = pn->next) { if (pn->inode == inode) { if (pn->sig[0] == 0) { char * hexnum; ret = nussl_hash_file(algo, pn->name, pnsig, &size); if (ret == 0) { hexnum = pn->sig + strlen(SHA512_PREFIX); memcpy(pn->sig, SHA512_PREFIX, strlen(SHA512_PREFIX)); bin2hex(size, pnsig, hexnum); } else { pn->sig[0] = '\0'; } } return (pn->sig); } } return "-"; } void prg_cache_clear(void) { struct prg_node **pnp; if (prg_cache_loaded == 2) { for (pnp = prg_hash; pnp < prg_hash + PRG_HASH_SIZE; pnp++) { struct prg_node *it = *pnp; struct prg_node *node; while (it != NULL) { node = it; if (node == NULL) break; it = node->next; free(node); } *pnp = NULL; } } prg_cache_loaded = 0; } static int extract_type_1_socket_inode(char lname[], unsigned long *inode_p) { char *inode_str; char *serr; size_t len = strlen(lname); /* If lname is of the form "socket:[12345]", extract the "12345" as *inode_p. Otherwise, return -1 as *inode_p. */ if (len < PRG_SOCKET_PFXl + 3) return (-1); if (memcmp(lname, PRG_SOCKET_PFX, PRG_SOCKET_PFXl)) return (-1); if (lname[len - 1] != ']') return (-1); inode_str = lname + PRG_SOCKET_PFXl; lname[len - 1] = '\0'; *inode_p = strtol(inode_str, &serr, 0); if (serr == NULL || *serr != '\0' || *inode_p >= INT_MAX) { lname[len - 1] = ']'; printf("no %s\n", lname); return (-1); } lname[len - 1] = ']'; return (0); } static int extract_type_2_socket_inode(const char lname[], unsigned long *inode_p) { char *serr; /* If lname is of the form "[0000]:12345", extract the "12345" as *inode_p. Otherwise, return -1 as *inode_p. */ if (strlen(lname) < PRG_SOCKET_PFX2l + 1) return (-1); if (memcmp(lname, PRG_SOCKET_PFX2, PRG_SOCKET_PFX2l)) return (-1); *inode_p = strtol(lname + PRG_SOCKET_PFX2l, &serr, 0); if (serr == NULL || *serr != '\0' || *inode_p >= INT_MAX) return (-1); return (0); } /** * Check if a string contains an integer * * \return 1 if it's a number, 0 otherwise */ int str_is_integer(const char *str) { for (; *str != '\0'; ++str) { if (!isdigit(*str)) return 0; } return 1; } /** * Secure version of readlink() * * \return 0 if an error occurs, 1 if ok */ int secure_readlink(const char *filename, char *buffer, unsigned int buflen) { int ret; /* call readlink (add 'canary' to check "buffer overflow") */ buffer[buflen - 1] = '\0'; ret = readlink(filename, buffer, buflen); /* error if readlink fails */ if (ret < 0) return 0; /* error if buffer is too small ("buffer overflow") */ if (buffer[buflen - 1] != '\0') return 0; /* that should never happens, but ... */ if (((int) buflen - 1) < ret) return 0; /* write nul byte at the end */ buffer[ret] = '\0'; return 1; } /** * Walk in directoty like "/proc/123/fd/" */ void prg_cache_load_sub(DIR * dir, const char *path_process, const char *path_fd) { char path[PATH_MAX]; char lname[30]; char finbuf[PROGNAME_WIDTH]; unsigned long inode; struct dirent *file; while ((file = readdir(dir)) != NULL) { #ifdef HAVE_STRUCT_DIRENT_D_TYPE if (file->d_type != DT_LNK) continue; #endif /* read link of "/proc/123/fd/FILENAME" */ if (!secure_snprintf (path, sizeof(path), "%s/%s", path_fd, file->d_name)) continue; if (!secure_readlink(path, lname, sizeof(lname))) continue; /* * extract inode number from name like "socket:[12345]" * or "[0000]:12345" */ if (extract_type_1_socket_inode(lname, &inode) < 0) if (extract_type_2_socket_inode(lname, &inode) < 0) continue; /* get exec fullpath */ if (!secure_snprintf (path, sizeof(path), "%s/exe", path_process)) continue; if (!secure_readlink(path, finbuf, sizeof(finbuf))) continue; /* add item to the cache */ prg_cache_add(inode, finbuf); } } void prg_cache_init() { memset(prg_hash, 0, sizeof(prg_hash)); } /** * Load program cache */ void prg_cache_load() { char path_process[PATH_MAX]; char path_fd[PATH_MAX]; DIR *dirproc = NULL; DIR *dirfd = NULL; struct dirent *file; if (prg_cache_loaded) return; prg_cache_loaded = 1; /* open directory "/proc" */ dirproc = opendir("/proc"); if (dirproc == NULL) panic("Fail to open /proc directory!"); while ((file = readdir(dirproc)) != NULL) { #ifdef HAVE_STRUCT_DIRENT_D_TYPE if (file->d_type != DT_DIR) continue; #endif if (!str_is_integer(file->d_name)) continue; /* create path like "/proc/123" */ if (!secure_snprintf (path_process, sizeof(path_process), "/proc/%s", file->d_name)) continue; /* create path like "/proc/123/fd" */ if (!secure_snprintf (path_fd, sizeof(path_fd), "%s/fd", path_process)) continue; /* open directory like "/proc/123/fd" */ dirfd = opendir(path_fd); if (dirfd != NULL) { prg_cache_load_sub(dirfd, path_process, path_fd); closedir(dirfd); } } closedir(dirproc); } /** @} */ #endif /* of #ifdef LINUX */ nufw-2.4.3/src/clients/lib/checks.h0000644000175000017500000000221211431206275014025 00000000000000/* ** Copyright 2005 - INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef CHECKS_H #define CHECKS_H nu_error_t recv_message(nuauth_session_t *session, nuclient_error_t *err); int nu_client_check(nuauth_session_t * session, nuclient_error * err); void *nu_client_thread_check(void *session); int nu_client_real_check(nuauth_session_t * session, nuclient_error * err); #endif nufw-2.4.3/src/clients/lib/nuclient_plugins.h0000644000175000017500000000702511431206275016156 00000000000000/* ** Copyright 2009 - INL ** Written by Pierre Chifflier ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /** * \defgroup libnuclient Libnuclient * @{ */ /*! \file nuclient_plugins.h * \brief Plugins helper functions * * */ #ifndef __NUCLIENT_PLUGINS_H__ #define __NUCLIENT_PLUGINS_H__ typedef enum { NUCLIENT_EVENT_NULL = 0, NUCLIENT_EVENT_LOGIN_OK, NUCLIENT_EVENT_LOGIN_FAILED, NUCLIENT_EVENT_NEW_CONNECTION, NUCLIENT_EVENT_RETRANSMIT_CONNECTION, NUCLIENT_EVENT_END_CHECK, /* never change this one, it must be the last one */ NUCLIENT_EVENT_MAX } plugin_event_t; #define PLUGIN_MAGIC 0x37c00000 #define PLUGIN_API_NUM (PLUGIN_MAGIC + \ (sizeof(struct nuclient_plugin_t) << 4) + \ (sizeof(int) << 12) + \ NUCLIENT_EVENT_MAX) struct nuclient_plugin_t; /** \brief Signature for plugin instance init function * * Argument are: * - plugin instance * - (optional) arguments */ typedef int (*nuclient_plugin_instance_init_func)(struct nuclient_plugin_t *, void *args); /** \brief Signature for plugin dispatch function * * Argument are: * - event id * - nuauth session * - (optional) arguments */ typedef int (*nuclient_plugin_dispatch_func)(struct nuclient_plugin_t *, unsigned int, nuauth_session_t *, const char*); /** \brief Signature for plugin close function */ typedef int (*nuclient_plugin_close_func)(struct nuclient_plugin_t *); /* \cond DOXYGEN_EXCLUDE * required to export header without linuxlist.h */ #ifndef _LINUX_LLIST_H struct llist_head { struct llist_head *next, *prev; }; #endif /* \endcond */ /** \brief Structure for nuclient plugin instance */ struct nuclient_plugin_t { struct llist_head list; /**< Doubly-linked list of plugins */ void *handle; /**< Handle to the dynamic library, returned by dlopen() */ char *instance_name; /**< Plugin instance name */ void *plugin_data; /**< Pointer to instance-specific data (can be used by plugin) */ nuclient_plugin_instance_init_func init; /**< Plugin instance init function */ nuclient_plugin_dispatch_func dispatch; /**< Event dispatch function */ nuclient_plugin_close_func close; /**< Plugin close function */ }; /** \brief Signature for plugin init function * * Argument are: * - api version (to be compared with PLUGIN_API_NUM) * - plugin instance * The function should register callbacks into struct nuclient_plugin_t */ typedef int (*nuclient_plugin_init_func)(unsigned int, struct nuclient_plugin_t *); #define NUCLIENT_PLUGIN_INIT nuclient_plugin_init #define NUCLIENT_PLUGIN_INIT_STR "nuclient_plugin_init" /** \brief Init plugins infrastructure */ int init_plugins(void); /** \brief Load all plugins (from configuration file) */ int load_plugins(void); /** \brief Dispatch event to all loaded plugins */ int plugin_emit_event(plugin_event_t event_id, nuauth_session_t * session, const char *arg); #endif /* __NUCLIENT_PLUGINS_H__ */ /** @} */ nufw-2.4.3/src/clients/lib/nuclient_conf.h0000644000175000017500000000262111431206275015417 00000000000000/* ** Copyright(C) 2009 INL ** Written by Pierre Chifflier ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NUCLIENT_CONF_H #define NUCLIENT_CONF_H int nuclient_parse_configuration(const char *user_config, const char *global_config); char *nuclient_config_table_get(const char *key); char *nuclient_config_table_get_alwaysstring(char *key); char *nuclient_config_table_get_or_default(char *key, char *replace); int nuclient_config_table_get_or_default_int(char *key, int defint); void nuclient_config_table_destroy(void); void nuclient_config_table_print(void *userdata, void (*func)(void *data, char *keyeqval)); void nuclient_config_table_walk(void *userdata, void (*func)(void *data, char *key, char *val)); #endif /* NUCLIENT_CONF_H */ nufw-2.4.3/src/clients/lib/tcptable.c0000644000175000017500000002321011431206275014357 00000000000000/* ** Copyright 2005-2007 - INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr ** ** $Id$ ** ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "libnuclient.h" #include "proto.h" #include "tcptable.h" #include #define USE_JHASH3 #include #ifdef FREEBSD #include #include #include #include #include #include #include #include #include #include #endif #include /** * \addtogroup libnuclient * @{ */ /** \file tcptable.c * \brief TCP parsing function * * Here are functions to get live connection table from the operating system. * Main function is tcptable_read(). */ #ifdef LINUX /** * Parse a Linux connection table (/proc/net/tcp or /proc/net/udp) and filter * connection: only keep session user connections in state "SYN packet sent". * Add connections to the our table using tcptable_add(). */ int parse_tcptable_file(nuauth_session_t * session, conntable_t * ct, char *filename, FILE ** file, int protocol, int use_ipv6) { char *buf; char fullbuf[1024*256]; conn_t c; const char state_char = '2'; /* TCP_SYN_SENT written in hexadecimal */ int state_pos; int uid_pos; char session_uid[20]; int session_uid_len; int ret; char *pos; int fdfile; int i = 0; int readlen = 0; fdfile = open(filename, O_RDONLY); if (fdfile == -1) { panic("Unable to open proc file"); } /* read all file */ buf = fullbuf; while ( ((1024*256 - (buf - fullbuf)) > 0) && (i = read(fdfile, buf, 1024*256 - (buf - fullbuf)))) { buf += i; readlen += i; } close(fdfile); /* convert session user identifier to string */ secure_snprintf(session_uid, sizeof(session_uid), "%5lu", (long)session->userid); session_uid_len = strlen(session_uid); /* get state field position in header */ pos = strstr(fullbuf, " st "); if (pos == NULL) panic ("Can't find position of state field in /proc/net/tcp header!"); state_pos = pos - fullbuf + 2; /* get user identifier position in header (it's just after 'retrnsmt' field) */ pos = strstr(fullbuf, " retrnsmt "); if (pos == NULL) panic ("Can't find position of user identifier field in /proc/net/tcp header!"); uid_pos = pos - fullbuf + strlen(" retrnsmt "); buf = fullbuf; while (buf - fullbuf < readlen - uid_pos) { buf = strchr(buf, '\n') + 1; /* only keep connections in state "SYN packet sent" */ if (buf[state_pos] != state_char) { continue; } /* only keep session user connections */ if (strncmp(buf + uid_pos, session_uid, session_uid_len) != 0) { continue; } /* get all fields */ if (!use_ipv6) { uint32_t src, dst; ret = sscanf(buf, "%*d: " "%" SCNx32 ":%hx " "%" SCNx32 ":%hx " "%*x %*x:%*x %*x:%*x %x " "%lu %*d %lu", &src, &c.port_src, &dst, &c.port_dst, &c.retransmit, &c.uid, &c.inode); if (ret != 7) { continue; } uint32_to_ipv6(src, &c.ip_src); uint32_to_ipv6(dst, &c.ip_dst); } else { char ip_src[33]; char ip_dst[33]; ret = sscanf(buf, "%*d: " "%32s" ":%hx " "%32s" ":%hx " "%*x %*x:%*x %*x:%*x %x " "%lu %*d %lu", ip_src, &c.port_src, ip_dst, &c.port_dst, &c.retransmit, &c.uid, &c.inode); if (ret != 7) { continue; } if (!hex2ipv6(ip_src, &c.ip_src)) continue; if (!hex2ipv6(ip_dst, &c.ip_dst)) continue; } /* skip nul inodes */ if (c.inode == 0) { continue; } #if DEBUG /* Check if there is a matching rule in the filters list */ printf("Packet dst = %ld (%lx)\n", c.rmt, c.rmt); #endif c.protocol = protocol; tcptable_add(ct, &c); } return 1; } #endif /** * On Linux: Parse connection table /proc/net/tcp and /proc/net/udp to get * connections in state "SYN sent" from session user. * * On FreeBSD: Use sysctl with "net.inet.tcp.pcblist" to get the connection * table. Add connections to the our table using tcptable_add(). */ int tcptable_read(nuauth_session_t * session, conntable_t * ct) { #ifdef LINUX static FILE *fd_tcp = NULL; static FILE *fd_tcp6 = NULL; static FILE *fd_udp = NULL; #if DEBUG assert(ct != NULL); assert(TCP_SYN_SENT == 2); #endif if (!parse_tcptable_file (session, ct, "/proc/net/tcp", &fd_tcp, IPPROTO_TCP, 0)) return 0; parse_tcptable_file(session, ct, "/proc/net/tcp6", &fd_tcp6, IPPROTO_TCP, 1); if (!parse_tcptable_file (session, ct, "/proc/net/udp", &fd_udp, IPPROTO_UDP, 0)) return 0; return 1; #elif defined(FREEBSD) conn_t c; int istcp; char *buf; const char *mibvar; struct tcpcb *tp = NULL; struct inpcb *inp; struct xinpgen *xig, *oxig; struct xsocket *so; size_t len; int proto = IPPROTO_TCP; #if 0 istcp = 0; switch (proto) { case IPPROTO_TCP: #endif istcp = 1; mibvar = "net.inet.tcp.pcblist"; #if 0 break; case IPPROTO_UDP: mibvar = "net.inet.udp.pcblist"; break; } #endif /* get connection table size, and then allocate a buffer */ len = 0; if (sysctlbyname(mibvar, 0, &len, 0, 0) < 0) { if (errno != ENOENT) printf("sysctl: %s", mibvar); return 0; } buf = malloc(len); if (buf == NULL) { printf("malloc %lu bytes", (u_long) len); return 0; } /* read connection table */ if (sysctlbyname(mibvar, buf, &len, 0, 0) < 0) { printf("sysctl: %s", mibvar); free(buf); return 0; } oxig = xig = (struct xinpgen *) buf; for (xig = (struct xinpgen *) ((char *) xig + xig->xig_len); xig->xig_len > sizeof(struct xinpgen); xig = (struct xinpgen *) ((char *) xig + xig->xig_len)) { if (istcp) { tp = &((struct xtcpcb *) xig)->xt_tp; inp = &((struct xtcpcb *) xig)->xt_inp; so = &((struct xtcpcb *) xig)->xt_socket; } else { inp = &((struct xinpcb *) xig)->xi_inp; so = &((struct xinpcb *) xig)->xi_socket; } /* Ignore sockets for protocols other than the desired one. */ if (so->xso_protocol != (int) proto) continue; /* Ignore PCBs which were freed during copyout. */ if (inp->inp_gencnt > oxig->xig_gen) continue; /* only do IPV4 for now */ if ((inp->inp_vflag & INP_IPV4) == 0) continue; /* check SYN_SENT and get rid of NULL address */ if ((istcp && tp->t_state != TCPS_SYN_SENT) || (inet_lnaof(inp->inp_laddr) == INADDR_ANY)) continue; uint32_to_ipv6(inp->inp_laddr.s_addr, &c.ip_src); c.port_src = ntohs(inp->inp_lport); uint32_to_ipv6(inp->inp_faddr.s_addr, &c.ip_dst); c.port_dst = ntohs(inp->inp_fport); c.protocol = IPPROTO_TCP; tcptable_add(ct, &c); } free(buf); return 1; #endif } /** * Create a connection table: allocate memory with zero bytes, * and init. each list with NULL pointer. * * \return Returns 0 on error (no more memory), 1 otherwise. */ int tcptable_init(conntable_t ** ct) { int i; (*ct) = (conntable_t *) calloc(1, sizeof(conntable_t)); if (*ct == NULL) { return 0; } for (i = 0; i < CONNTABLE_BUCKETS; i++) { (*ct)->buckets[i] = NULL; } return 1; } /** * Compute connection hash (index in a connection table, see ::conntable_t). * Hash is an integer in interval 0..(::CONNTABLE_BUCKETS-1). */ int tcptable_hash(conn_t * c) { /** \todo Hash the whole ip address! */ #ifndef FREEBSD return (jhash_3words(c->ip_src.s6_addr32[3], c->ip_dst.s6_addr32[3], (c->port_dst | c->port_src << 16), 32)) % CONNTABLE_BUCKETS; #else return (jhash_3words(c->ip_src.__u6_addr.__u6_addr32[3], c->ip_dst.__u6_addr.__u6_addr32[3], (c->port_dst | c->port_src << 16), 32)) % CONNTABLE_BUCKETS; #endif } /** * Add a connection entry to a connection table. */ void tcptable_add(conntable_t * ct, conn_t * c) { conn_t *old, *newc; int bi; #if DEBUG assert(ct != NULL); assert(c != NULL); #endif newc = (conn_t *) calloc(1, sizeof(conn_t)); if (!newc) { panic("memory exhausted"); } c->createtime = time(NULL); memcpy(newc, c, sizeof(conn_t)); bi = tcptable_hash(c); old = ct->buckets[bi]; ct->buckets[bi] = newc; ct->buckets[bi]->next = old; } /** * Find a connection in a table. * * \return The connection if found, NULL if it doesn't exist */ conn_t *tcptable_find(conntable_t * ct, conn_t * c) { conn_t *bucket; #if DEBUG assert(ct != NULL); assert(c != NULL); #endif bucket = ct->buckets[tcptable_hash(c)]; while (bucket != NULL) { if ((c->protocol == bucket->protocol) && ipv6_equal(&c->ip_dst, &bucket->ip_dst) && (c->port_dst == bucket->port_dst) && ipv6_equal(&c->ip_src, &bucket->ip_src) && (c->port_src == bucket->port_src) ) { return bucket; } bucket = bucket->next; } return NULL; } /** * Destroy a connection table (free memory). */ void tcptable_free(conntable_t * ct) { int i; if (ct == NULL) return; for (i = 0; i < CONNTABLE_BUCKETS; i++) { conn_t *c0, *c1; c0 = ct->buckets[i]; while (c0 != NULL) { c1 = c0->next; free(c0); c0 = c1; } ct->buckets[i] = NULL; } /* free structure */ free(ct); } /** @} */ nufw-2.4.3/src/clients/lib/internal.c0000644000175000017500000004574411431206275014415 00000000000000/* ** Copyright 2004-2010 - EdenWall Technologies ** Written by Eric Leblond ** Vincent Deffontaines ** Pierre Chifflier ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "nufw_source.h" #include "libnuclient.h" #include "nuclient_plugins.h" #include "sending.h" #include "tcptable.h" #include #include /* va_list, va_start, ... */ #include #include #include "proc.h" #include "security.h" #include "internal.h" #include #include #include char* nu_locale_charset; /** * \ingroup libnuclient * @{ */ /** * Display an error message, prefixed by "Fatal error: ", and then exit the * program. If filename is not NULL and line different than zero, also prefix * the message with them. * * Example: "checks.c:45:Fatal error: Message ..." */ void do_panic(const char *filename, unsigned long line, const char *fmt, ...) { va_list args; va_start(args, fmt); printf("\n"); if (filename != NULL && line != 0) { printf("%s:%lu:", filename, line); } printf("Fatal error: "); vprintf(fmt, args); printf("\n"); fflush(stdout); exit(EXIT_FAILURE); va_end(args); } static int samp_send(nuauth_session_t* session, const char *buffer, unsigned length, nuclient_error_t * err) { char *buf; unsigned len, alloclen; int result; /* prefix ("C: ") + base64 length + 1 nul byte */ alloclen = 3 + ((length+2)/3)*4 + 1; buf = malloc(alloclen); if (buf == NULL) { SET_ERROR(err, INTERNAL_ERROR, MEMORY_ERR); return 0; } result = sasl_encode64(buffer, length, buf + 3, alloclen - 3, &len); if (result != SASL_OK) { SET_ERROR(err, SASL_ERROR, result); free(buf); return 0; } memcpy(buf, "C: ", 3); result = nussl_write(session->nussl, buf, len + 3); if (result < 0) { SET_ERROR(err, NUSSL_ERR, result); free(buf); return 0; } free(buf); return 1; } /* XXX: Move this fuction into nussl */ static unsigned samp_recv(nuauth_session_t* session, char *buf, int bufsize, nuclient_error_t * err) { unsigned len; int result; int tls_len; tls_len = nussl_read(session->nussl, buf, bufsize); if (tls_len <= 0) { log_printf(DEBUG_LEVEL_CRITICAL, "ERROR nussl_read returned %d (requested %d bytes)", tls_len, bufsize); SET_ERROR(err, NUSSL_ERR, tls_len); return 0; } result = sasl_decode64(buf + 3, (unsigned) strlen(buf + 3), buf, bufsize, &len); if (result != SASL_OK) { log_printf(DEBUG_LEVEL_CRITICAL, "ERROR sasl_decode64 returned %d", result); SET_ERROR(err, SASL_ERROR, result); return 0; } buf[len] = '\0'; return len; } int mysasl_negotiate(nuauth_session_t * session, sasl_conn_t * conn, nuclient_error_t * err) { char buf[8192]; const char *data; const char *mechlist = session->sasl_mechlist; const char *chosenmech; unsigned len; int result; int retry_auth = 1; /* gnutls_session session = session->tls; */ memset(buf, 0, sizeof buf); /* get the capability list */ len = samp_recv(session, buf, 8192, err); if (len == 0) { return SASL_FAIL; } if (mechlist == NULL) mechlist = buf; while (retry_auth > 0) { retry_auth--; if (session->verbose) { log_printf(DEBUG_LEVEL_DEBUG, "Server mechanisms %s", buf); log_printf(DEBUG_LEVEL_DEBUG, "Client mechanisms %s", mechlist); } result = sasl_client_start(conn, mechlist, NULL, &data, &len, &chosenmech); if (result == -1) { char * smech = strcasestr(mechlist, chosenmech); int strclen = strlen(chosenmech); /* remove chosenmech */ if (smech == mechlist) { if (strcmp(mechlist, chosenmech) == 0) { break; } /* need only to offset mechlist */ mechlist += strclen + 1; } else { int i = 0; /* comma need to be suppressed */ smech--; /* copy string with offset */ while (smech[i + strclen + 1]) { smech[i] = smech[i + strclen + 1]; i++; } /* nullify end of string */ smech[i] = 0; } /* try again with updated mechlist */ log_printf(DEBUG_LEVEL_WARNING, "SASL negotiation with mechanism %s failed, retrying with %s", chosenmech, mechlist); retry_auth = 1; } } if (session->verbose) { log_printf(DEBUG_LEVEL_INFO, "Using mechanism %s", chosenmech); } if (result != SASL_OK && result != SASL_CONTINUE) { if (session->verbose) { log_printf(DEBUG_LEVEL_CRITICAL, "Error starting SASL negotiation"); log_printf(DEBUG_LEVEL_CRITICAL, "\n%s\n", sasl_errdetail(conn)); } SET_ERROR(err, SASL_ERROR, result); return SASL_FAIL; } strcpy(buf, chosenmech); if (data) { if (8192 - strlen(buf) - 1 < len) { return SASL_FAIL; } memcpy(buf + strlen(buf) + 1, data, len); len += (unsigned) strlen(buf) + 1; data = NULL; } else { len = (unsigned) strlen(buf); } if (!samp_send(session, buf, len, err)) { return SASL_FAIL; } while (result == SASL_CONTINUE) { if (session->verbose) { log_printf(DEBUG_LEVEL_DEBUG, "Waiting for server reply..."); } memset(buf, 0, sizeof(buf)); len = samp_recv(session, buf, sizeof(buf), err); if (len <= 0) { log_printf(DEBUG_LEVEL_CRITICAL, "server problem, recv fail..."); return SASL_FAIL; } result = sasl_client_step(conn, buf, len, NULL, &data, &len); if (result != SASL_OK && result != SASL_CONTINUE) { if (session->verbose) log_printf(DEBUG_LEVEL_DEBUG, "Performing SASL negotiation"); SET_ERROR(err, SASL_ERROR, result); } if (data && len) { if (session->verbose) puts("Sending response...\n"); if (!samp_send(session, data, len, err)) { return SASL_FAIL; } } else if (result != SASL_OK) { if (!samp_send(session, "", 0, err)) { return SASL_FAIL; } } } len = samp_recv(session, buf, 42, err); if (buf[0] != 'Y') { result = SASL_BADAUTH; SET_ERROR(err, SASL_ERROR, SASL_BADAUTH); } if (result != SASL_OK) { if (session->verbose) puts("Authentication failed..."); return SASL_FAIL; } else { if (session->verbose) puts("Authentication started..."); } return SASL_OK; } int add_packet_to_send(nuauth_session_t * session, conn_t ** auth, int *count_p, conn_t * bucket) { int count = *count_p; if (count < CONN_MAX - 1) { auth[count] = bucket; (*count_p)++; } else { int i; auth[count] = bucket; if (send_user_pckt(session, auth) != 1) { /* error sending */ #if DEBUG log_printf(DEBUG_LEVEL_CRITICAL, "error when sending"); #endif return -1; } for (i = 0; i < CONN_MAX; i++) { auth[i] = NULL; } *count_p = 0; } return 1; } /** * \brief Compare connection tables and send packets * * Compare the `old' and `new' tables, sending packet to nuauth * if differences are found. * * \return -1 if error (then disconnect is needed) or the number of * authenticated packets if it has succeeded */ int compare(nuauth_session_t * session, conntable_t * old, conntable_t * new, nuclient_error_t * err) { int i; int count = 0; conn_t *auth[CONN_MAX]; int nb_packets = 0; assert(old != NULL); assert(new != NULL); for (i = 0; i < CONNTABLE_BUCKETS; i++) { conn_t *bucket; conn_t *same_bucket; bucket = new->buckets[i]; while (bucket != NULL) { same_bucket = tcptable_find(old, bucket); if (same_bucket == NULL) { #if DEBUG log_printf(DEBUG_LEVEL_DEBUG, "sending new"); #endif #ifdef LINUX prg_cache_load(); #endif if (add_packet_to_send (session, auth, &count, bucket) == -1) { /* problem when sending we exit */ return -1; } plugin_emit_event(NUCLIENT_EVENT_NEW_CONNECTION, session, (char *)bucket); nb_packets++; } else { /* compare values of retransmit */ if (bucket->retransmit > same_bucket->retransmit) { #if DEBUG log_printf(DEBUG_LEVEL_DEBUG, "sending retransmit"); #endif #ifdef LINUX prg_cache_load(); #endif if (add_packet_to_send (session, auth, &count, bucket) == -1) { /* problem when sending we exit */ return -1; } plugin_emit_event(NUCLIENT_EVENT_RETRANSMIT_CONNECTION, session, (char *)bucket); nb_packets++; } /* solve timeout issue on UDP */ if (bucket->protocol == IPPROTO_UDP) { /* send an auth packet if netfilter timeout may have been reached */ if (same_bucket->createtime < time(NULL) - UDP_TIMEOUT) { #if DEBUG log_printf(DEBUG_LEVEL_DEBUG, "working on timeout issue"); #endif #ifdef LINUX prg_cache_load(); #endif if (add_packet_to_send (session, auth, &count, bucket) == -1) { return -1; } nb_packets++; } else { bucket->createtime = same_bucket-> createtime; } } } bucket = bucket->next; } } if (count > 0) { if (count < CONN_MAX) { auth[count] = NULL; } if (send_user_pckt(session, auth) != 1) { /* error sending */ return -1; } } return nb_packets; } /** * Create the operating system packet and send it to nuauth. * Packet is in format ::nuv2_authfield. * * \param session Pointer to client session * \param err Pointer to a nuclient_error_t: which contains the error */ int send_os(nuauth_session_t * session, nuclient_error_t * err) { /* announce our OS */ struct utsname info; char oses[256]; char buf[1024]; char *enc_oses = buf + sizeof(struct nu_authfield); struct nu_authfield *osfield = (struct nu_authfield *) buf; unsigned stringlen; unsigned actuallen; int ret; /* read OS informations */ uname(&info); /* encode OS informations in base64 */ stringlen = strlen(info.sysname) + 1 + strlen(info.release) + 1 + strlen(info.version) + 1; (void) secure_snprintf(oses, stringlen, "%s;%s;%s", info.sysname, info.release, info.version); if (sasl_encode64(oses, strlen(oses), enc_oses, 4 * stringlen, &actuallen) == SASL_BUFOVER) { SET_ERROR(err, SASL_ERROR, SASL_BUFOVER); /* TODO set explicit string message */ return 0; } /* build packet header */ osfield->type = OS_FIELD; osfield->option = OS_SRV; osfield->length = sizeof(struct nu_authfield) + actuallen; /* add packet body */ osfield->length = htons(osfield->length); /* Send OS field over network */ ret = nussl_write(session->nussl, buf, ntohs(osfield->length)); if (ret < 0) { if (session->verbose) log_printf(DEBUG_LEVEL_CRITICAL, "Error sending tls data: ..."); SET_ERROR(err, NUSSL_ERR, ret); return 0; } return 1; } /** * Create the client information packet and send it to nuauth. * Packet is in format ::nuv2_authfield. * * \param session Pointer to client session * \param err Pointer to a nuclient_error_t: which contains the error */ int send_client(nuauth_session_t * session, nuclient_error_t * err) { char version[256]; char buf[1024]; struct nu_authfield *vfield = (struct nu_authfield *) buf; char *enc_version = buf + sizeof(struct nu_authfield); unsigned stringlen = 256; unsigned actuallen; int ret; (void) secure_snprintf(version, stringlen, "%s;%s", session->client_name, session->client_version); if (sasl_encode64(version, strlen(version), enc_version, 4 * stringlen, &actuallen) == SASL_BUFOVER) { SET_ERROR(err, SASL_ERROR, SASL_BUFOVER); /* TODO set explicit string message */ return 0; } /* build packet header */ vfield->type = VERSION_FIELD; vfield->option = CLIENT_SRV; vfield->length = sizeof(struct nu_authfield) + actuallen; /* add packet body */ vfield->length = htons(vfield->length); /* Send Client version field over network */ ret = nussl_write(session->nussl, buf, ntohs(vfield->length)); if (ret < 0) { if (session->verbose) log_printf(DEBUG_LEVEL_CRITICAL, "Error sending tls data: ..."); SET_ERROR(err, NUSSL_ERR, ret); return 0; } return 1; } /** * Create the client information packet and send it to nuauth. * Packet is in format ::nuv2_authfield. * * \param session Pointer to client session * \param err Pointer to a nuclient_error_t: which contains the error */ int send_capa(nuauth_session_t * session, nuclient_error_t * err) { char buf[1024]; struct nu_authfield *vfield = (struct nu_authfield *) buf; char *enc_capa = buf + sizeof(struct nu_authfield); unsigned stringlen = sizeof(nu_capabilities); unsigned actuallen; char *capa; int ret; if (session->nu_capabilities[0]) capa = session->nu_capabilities; else capa = nu_capabilities; if (sasl_encode64(capa, strlen(capa), enc_capa, 4 * stringlen, &actuallen) == SASL_BUFOVER) { SET_ERROR(err, SASL_ERROR, SASL_BUFOVER); /* TODO set explicit string message */ return 0; } /* build packet header */ vfield->type = CAPA_FIELD; vfield->option = CLIENT_SRV; vfield->length = sizeof(struct nu_authfield) + actuallen; /* add packet body */ vfield->length = htons(vfield->length); /* Send capabilities field over network */ ret = nussl_write(session->nussl, buf, ntohs(vfield->length)); if (ret < 0) { if (session->verbose) log_printf(DEBUG_LEVEL_CRITICAL, "Error sending tls data: ..."); SET_ERROR(err, NUSSL_ERR, ret); return 0; } return 1; } /** * SASL callback used to get password * * \return SASL_OK if ok, EXIT_FAILURE on error */ static int nu_get_usersecret(sasl_conn_t * conn __attribute__ ((unused)), void *context __attribute__ ((unused)), int id, sasl_secret_t ** psecret) { size_t len; nuauth_session_t *session = (nuauth_session_t *) context; if (id != SASL_CB_PASS) { if (session->verbose) log_printf(DEBUG_LEVEL_CRITICAL, "getsecret not looking for pass"); return SASL_BADPARAM; } if ((session->password == NULL) && session->passwd_callback) { #if USE_UTF8 char *utf8pass; #endif char *givenpass=session->passwd_callback(); if (!givenpass){ return SASL_FAIL; } #if USE_UTF8 utf8pass = nu_client_to_utf8(givenpass, nu_locale_charset); free(givenpass); givenpass = utf8pass; if (!givenpass){ return SASL_FAIL; } #endif session->password = givenpass; } if (!psecret) return SASL_BADPARAM; len = strlen(session->password); *psecret = (sasl_secret_t *) calloc(sizeof(sasl_secret_t) + len + 1, sizeof(char)); (*psecret)->len = len; SECURE_STRNCPY((char *) (*psecret)->data, session->password, len + 1); return SASL_OK; } static int nu_get_userdata(void *context __attribute__ ((unused)), int id, const char **result, unsigned *len) { nuauth_session_t *session = (nuauth_session_t *) context; /* paranoia check */ if (!result) return SASL_BADPARAM; switch (id) { case SASL_CB_USER: case SASL_CB_AUTHNAME: if ((session->username == NULL) && session->username_callback) { #if USE_UTF8 char *utf8name; #endif char *givenuser=session->username_callback(); #if USE_UTF8 utf8name = nu_client_to_utf8(givenuser, nu_locale_charset); free(givenuser); givenuser = utf8name; if (givenuser == NULL){ return SASL_FAIL; } #endif session->username = givenuser; } *result = session->username; break; default: return SASL_BADPARAM; } if (len) *len = strlen(*result); return SASL_OK; } /** * Initialize SASL: create an client, set properties * and then call mysasl_negotiate() * * \param session Pointer to client session * \param hostname Name (FQDN) of the Nuauth server * \param err Pointer to a nuclient_error_t: which contains the error */ int init_sasl(nuauth_session_t * session, const char *hostname, nuclient_error_t * err) { int ret; sasl_conn_t *conn; sasl_ssf_t extssf = 0; char * krb5_service = NULL; const char * server_fqdn = hostname; sasl_security_properties_t secprops; char buffer[12]; /* SASL time */ sasl_callback_t callbacks[] = { {SASL_CB_USER, &nu_get_userdata, session}, {SASL_CB_AUTHNAME, &nu_get_userdata, session}, {SASL_CB_PASS, &nu_get_usersecret, session}, {SASL_CB_LIST_END, NULL, NULL} }; ret = nussl_write(session->nussl, "PROTO 6", strlen("PROTO 6")); if (ret < 0) { SET_ERROR(err, NUSSL_ERR, ret); return 0; } /* wait of "OK" from server, an other chain will be a failure * because we can not yet downgrade our protocol */ ret = nussl_read(session->nussl, buffer, sizeof(buffer)); if (ret <= 0) { log_printf(DEBUG_LEVEL_CRITICAL, "nussl_read() failed: %s", nussl_get_error(session->nussl)); SET_ERROR(err, NUSSL_ERR, ret); return 0; } if (strncmp("OK", buffer, 2)) { log_printf(DEBUG_LEVEL_CRITICAL, "received: \"%s\"", buffer); SET_ERROR(err, INTERNAL_ERROR, PROTO_ERR); return 0; } krb5_service = session->krb5_service; if (krb5_service == NULL) krb5_service = DEFAULT_KRB5_REALM; /* client new connection */ ret = sasl_client_new(krb5_service, server_fqdn, NULL, NULL, callbacks, 0, &conn); if (ret != SASL_OK) { if (session->verbose) log_printf(DEBUG_LEVEL_CRITICAL, "Failed allocating connection state"); errno = EAGAIN; SET_ERROR(err, SASL_ERROR, ret); return 0; } if (! session->username){ /* set username taken from console */ if (session->username_callback){ session->username = session->username_callback(); } else { if (session->verbose) log_printf(DEBUG_LEVEL_CRITICAL, "Can't call username callback"); } } secprops.min_ssf = 0; secprops.max_ssf = UINT_MAX; secprops.property_names = NULL; secprops.property_values = NULL; secprops.security_flags = SASL_SEC_NOANONYMOUS; /* as appropriate */ secprops.maxbufsize = 65536; sasl_setprop(conn, SASL_SEC_PROPS, &secprops); sasl_setprop(conn, SASL_SSF_EXTERNAL, &extssf); ret = sasl_setprop(conn, SASL_AUTH_EXTERNAL, session->username); if (ret != SASL_OK) { errno = EACCES; SET_ERROR(err, SASL_ERROR, ret); return 0; } ret = mysasl_negotiate(session, conn, err); if (ret != SASL_OK) { errno = EACCES; /* SET_ERROR(err, SASL_ERROR, ret); */ return 0; } sasl_dispose(&conn); return 1; } /** * Make a copy in a string in a secure memory buffer, ie. buffer never moved * to swap (hard drive). Use secure_str_free() to free the memory when you * don't need the string anymore. * * If USE_GCRYPT_MALLOC_SECURE compilation option in not set, * strdup() is used. * * \return Copy of the string, or NULL on error. */ char *secure_str_copy(const char *orig) { #ifdef USE_GCRYPT_MALLOC_SECURE size_t len = strlen(orig); char *new = gcry_calloc_secure(len + 1, sizeof(char)); if (new != NULL) { SECURE_STRNCPY(new, orig, len + 1); } return new; #else return strdup(orig); #endif } void ask_session_end(nuauth_session_t * session) { /* sanity checks */ if (session == NULL) { return; } if (session->nussl) { nussl_session_destroy(session->nussl); session->nussl = NULL; } session->connected = 0; } /** @} */ nufw-2.4.3/src/clients/lib/proc.h0000644000175000017500000000226211431206275013535 00000000000000/* ** Copyright 2005 - INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef PROC_H #define PROC_H #define PROGNAME_WIDTH 64 #define PROGNAME_BASE64_WIDTH (PROGNAME_WIDTH*2) #ifdef LINUX #define PRG_HASH_SIZE 211 int prg_cache_loaded; void prg_cache_load(void); const char *prg_cache_get(unsigned long inode); const char *prg_cache_getsig(int algo, unsigned long inode); void prg_cache_clear(void); #endif #endif nufw-2.4.3/src/clients/lib/libnuclient.pc.in0000644000175000017500000000042211431206275015656 00000000000000prefix=@prefix@ exec_prefix=${prefix} libdir=${exec_prefix}/lib includedir=${prefix}/include Name: libnuclient Description: NuFW client library Version: @PACKAGE_VERSION@ Requires: libnussl Libs: -L${libdir} -lnuclient Libs.private: -ldl -lpthread Cflags: -I${includedir} nufw-2.4.3/src/nufw/0000777000175000017500000000000011431215437011253 500000000000000nufw-2.4.3/src/nufw/nufw.h0000644000175000017500000001135211431206275012321 00000000000000/* ** Copyright (C) 2007 INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NUFW_HEADER_H #define NUFW_HEADER_H /** \file nufw.h * \brief Common functions and variables to NuFW * * Some structures, functions, global variables and \#define common to NuFW. */ /* Disable inline keyword when compiling in strict ANSI conformance */ #ifdef __STRICT_ANSI__ # define inline #endif /*#define PERF_DISPLAY_ENABLE 1*/ #ifdef HAVE_CONFIG_H # include "config.h" #endif #include "nufw_source.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include "security.h" #include "structure.h" #if USE_NFQUEUE #include /* for NF_ACCEPT */ #include /** Default value of config file */ #define DEFAULT_NUFW_CONF_FILE CONFIG_DIR "/nufw.conf" /** Default value of ::nfqueue_num */ #define DEFAULT_NFQUEUE 0 /** Default value of ::handle_conntrack_event */ #define CONNTRACK_HANDLE_DEFAULT 0 #define QUEUE_MAXLEN 0 /** NetFilter queue number, default value: #DEFAULT_NFQUEUE */ uint16_t nfqueue_num; /** Netfilter queue handle */ struct nfq_handle *h; /** Netfilter queue max length */ uint32_t queue_maxlen; #else /* redhat like hack */ # ifdef HAVE_LIBIPQ_LIBIPQ_H # include # else # ifdef HAVE_LIBIPQ_H # include # else # error "libipq needed for NuFW compilation" # endif /* ifdef HAVE_LIBIPQ_H */ # endif /* ifdef HAVE_LIBIPQ_LIBIPQ_H */ #endif /* if USE_NFQUEUE */ /* conntrack things */ #ifdef HAVE_LIBCONNTRACK # include struct nfct_handle *cth; unsigned char handle_conntrack_event; unsigned char nufw_conntrack_uses_mark; void *conntrack_event_handler(void *data); #endif #include #include /** If equals to 1, compile with x509 certificate support */ #define USE_X509 1 /** Default value, prefixed with CONFIG_DIR, of ::key_file */ #define KEYFILE "/nufw-key.pem" #define DEFAULT_NUFW_KEY CONFIG_DIR KEYFILE /** Default value, prefixed with CONFIG_DIR, of ::cert_file */ #define CERTFILE "/nufw-cert.pem" #define DEFAULT_NUFW_CERT CONFIG_DIR CERTFILE struct nuauth_conn { nussl_session *session; pthread_mutex_t mutex; unsigned char auth_server_running; pthread_t auth_server; pthread_mutex_t auth_server_mutex; #ifdef HAVE_LIBCONNTRACK pthread_t conntrack_event_handler; #endif }; struct queued_pckt { uint32_t packet_id; char indev[IFNAMSIZ]; char physindev[IFNAMSIZ]; char outdev[IFNAMSIZ]; char physoutdev[IFNAMSIZ]; u_int32_t mark; time_t timestamp; char *payload; int payload_len; }; struct nuauth_conn tls; int init_x509_filenames(); void tls_connect(); pthread_cond_t *session_destroyed_cond; pthread_cond_t *session_active_cond; pthread_mutex_t *session_destroyed_mutex; pthread_mutex_t *session_active_mutex; /** * Address informations of NuAuth server: hostname ::authreq_addr, * port ::authreq_port. Used in tls_connect(). */ struct addrinfo *adr_srv; /* Raw IPv4 socket we use for sending ICMP messages */ int raw_sock4; /* Raw IPv6 socket we use for sending ICMPv6 messages */ int raw_sock6; /* * all functions */ /* IP packet catcher */ void *packetsrv(void *data); /* IP auth server */ void *authsrv(void *data); /* send an auth request packet given a payload (raw packet) */ int auth_request_send(uint8_t type, struct queued_pckt *pckt); void close_tls_session(); void shutdown_tls(); int padd(packet_idl * packet); int psearch_and_destroy(uint32_t packet_id, uint32_t * mark); void clear_packet_list(); void clean_old_packets(); void process_usr1(int signum); void process_usr2(int signum); void process_poll(int signum); void process_hup(int signum); int send_icmp_unreach(char *payload, int payload_len); #endif /* _NUFW_HEADER_H */ nufw-2.4.3/src/nufw/authsrv.c0000644000175000017500000003451611431206275013040 00000000000000/* ** Copyright (C) 2002-2009 INL ** Written by Éric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "nufw.h" #include /* Mutex used to lock acces to nfqueue or ipqueue (see strcture.h) */ pthread_mutex_t ipq_mutex = PTHREAD_MUTEX_INITIALIZER; /** \file nufw/authsrv.c * \brief Process NuAuth packets * * authsrv() thread (created by auth_request_send()) wait for new NuAuth packets, * and then call auth_packet_to_decision() to process packet. */ /** * Process NuAuth message of type #AUTH_ANSWER */ int auth_process_answer(char *dgram, int dgram_size) { nuv4_nuauth_decision_response_t *answer; uint32_t nfmark; int sandf; u_int32_t packet_id; int payload_len; /* check packet size */ if (dgram_size < (int) sizeof(nuv4_nuauth_decision_response_t)) { return -1; } answer = (nuv4_nuauth_decision_response_t *) dgram; /* check payload length */ payload_len = ntohs(answer->payload_len); if (dgram_size < (int) (sizeof(nuv4_nuauth_decision_response_t) + payload_len) || ((payload_len != 0) && (payload_len != (20 + 8)) && (payload_len != (40 + 8)) && (dgram_size != (int) (sizeof(nuv4_nuauth_decision_response_t) + payload_len)))) { log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_WARNING, "[!] Packet with improper size: payload of %d, received %d (vs %d)", payload_len, dgram_size, (int) (sizeof(nuv4_nuauth_decision_response_t) + payload_len)); return -1; } /* get packet id and user id */ packet_id = ntohl(answer->packet_id); /* search and destroy packet by packet_id */ pthread_mutex_lock(&packets_list.mutex); sandf = psearch_and_destroy(packet_id, &nfmark); pthread_mutex_unlock(&packets_list.mutex); if (!sandf) { log_area_printf(DEBUG_AREA_GW | DEBUG_AREA_GW, DEBUG_LEVEL_WARNING, "[!] Packet without a known ID: %u", packet_id); return -1; } switch (answer->decision) { case DECISION_ACCEPT: /* accept packet */ debug_log_printf(DEBUG_AREA_PACKET, DEBUG_LEVEL_VERBOSE_DEBUG, "(*) Accepting packet with id=%u", packet_id); #if HAVE_LIBIPQ_MARK || USE_NFQUEUE if (nufw_set_mark) { debug_log_printf(DEBUG_AREA_PACKET, DEBUG_LEVEL_VERBOSE_DEBUG, "(*) Marking packet with %d", ntohl(answer->tcmark)); IPQ_SET_VWMARK(packet_id, NF_ACCEPT, answer->tcmark); } else { IPQ_SET_VERDICT(packet_id, NF_ACCEPT); } #else IPQ_SET_VERDICT(packet_id, NF_ACCEPT); #endif /* HAVE_LIBIPQ_MARK || USE_NFQUEUE */ pckt_tx++; break; case DECISION_REJECT: /* Packet is rejected, ie. dropped and ICMP signalized */ log_area_printf(DEBUG_AREA_PACKET, DEBUG_LEVEL_VERBOSE_DEBUG, "(*) Rejecting %" PRIu32, packet_id); IPQ_SET_VERDICT(packet_id, NF_DROP); if (send_icmp_unreach(dgram + sizeof(nuv4_nuauth_decision_response_t), payload_len) == -1) { log_area_printf(DEBUG_AREA_PACKET, DEBUG_LEVEL_WARNING, "(*) Could not sent ICMP reject for %" PRIu32, packet_id); } break; default: /* drop packet */ debug_log_printf(DEBUG_AREA_PACKET, DEBUG_LEVEL_VERBOSE_DEBUG, "(*) Drop packet %u", packet_id); IPQ_SET_VERDICT(packet_id, NF_DROP); } return sizeof(nuv4_nuauth_decision_response_t) + payload_len; } #ifdef HAVE_LIBCONNTRACK #ifdef HAVE_NEW_NFCT_API static int conn_update_cb(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data) { uint32_t *status = (uint32_t *) data; *status = nfct_get_attr_u32(ct, ATTR_STATUS); return NFCT_CB_CONTINUE; } static int build_nfct_from_message(struct nf_conntrack *ct, struct nuv4_conntrack_message_t *packet_hdr) { /* use setters to build entry */ nfct_set_attr_u8(ct, ATTR_L4PROTO, packet_hdr->ip_protocol); if (is_ipv4(&packet_hdr->ip_src) && is_ipv4(&packet_hdr->ip_dst)) { nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET); nfct_set_attr_u32(ct, ATTR_IPV4_SRC, packet_hdr->ip_src.s6_addr32[3]); nfct_set_attr_u32(ct, ATTR_IPV4_DST, packet_hdr->ip_dst.s6_addr32[3]); } else { nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET6); #if 0 memcpy(&orig->src.v6, &packet_hdr->ip_src, sizeof(orig->src.v6)); memcpy(&orig->dst.v6, &packet_hdr->ip_dst, sizeof(orig->dst.v6)); #endif } switch (packet_hdr->ip_protocol) { case IPPROTO_TCP: case IPPROTO_UDP: nfct_set_attr_u16(ct, ATTR_PORT_SRC, packet_hdr->src_port); nfct_set_attr_u16(ct, ATTR_PORT_DST, packet_hdr->dest_port); break; default: return 0; } nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY); return 1; } /** * Process NuAuth message of type #AUTH_CONN_DESTROY */ int auth_process_conn_destroy(char *dgram, int dgram_size) { struct nuv4_conntrack_message_t *packet_hdr; struct nf_conntrack *ct; /* check packet size */ if (dgram_size < (int) sizeof(struct nuv4_conntrack_message_t)) { return -1; } packet_hdr = (struct nuv4_conntrack_message_t *) dgram; if (ntohs(packet_hdr->msg_length) != sizeof(struct nuv4_conntrack_message_t)) { return -1; } ct = nfct_new(); if (build_nfct_from_message(ct, packet_hdr)) { debug_log_printf(DEBUG_AREA_GW | DEBUG_AREA_PACKET, DEBUG_LEVEL_VERBOSE_DEBUG, "Deleting entry from conntrack after NuAuth request"); (void) nfct_query(cth, NFCT_Q_DESTROY, ct); } nfct_destroy(ct); return ntohs(packet_hdr->msg_length); } /** * Process NuAuth message of type #AUTH_CONN_UPDATE */ int auth_process_conn_update(char *dgram, int dgram_size) { struct nuv4_conntrack_message_t *packet_hdr; uint32_t status; struct nf_conntrack *ct; /* check packet size */ if (dgram_size < (int) sizeof(struct nuv4_conntrack_message_t)) { debug_log_printf(DEBUG_AREA_GW, DEBUG_LEVEL_DEBUG, "NuAuth sent too small message"); return -1; } packet_hdr = (struct nuv4_conntrack_message_t *) dgram; if (ntohs(packet_hdr->msg_length) != sizeof(struct nuv4_conntrack_message_t)) { return -1; } if (packet_hdr->timeout) { ct = nfct_new(); if (build_nfct_from_message(ct, packet_hdr)) { int ret; /* getting conn to be able to update status without * breaking anything */ nfct_callback_register(cth, NFCT_T_ALL, conn_update_cb, &status); ret = nfct_query(cth, NFCT_Q_GET, ct); if (ret != 0) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "Conntrack fetching was impossible: %s", strerror(errno)); nfct_callback_unregister(cth); nfct_destroy(ct); return ret; } debug_log_printf(DEBUG_AREA_GW, DEBUG_LEVEL_VERBOSE_DEBUG, "conn status is %d", status); debug_log_printf(DEBUG_AREA_GW, DEBUG_LEVEL_VERBOSE_DEBUG, "Will set timeout to %d after NuAuth request (was %d)", ntohl(packet_hdr->timeout), nfct_get_attr_u32(ct, ATTR_TIMEOUT) ); nfct_set_attr_u32(ct, ATTR_TIMEOUT, ntohl(packet_hdr->timeout)); status |= IPS_FIXED_TIMEOUT; nfct_set_attr_u32(ct, ATTR_STATUS, status); debug_log_printf(DEBUG_AREA_GW, DEBUG_LEVEL_VERBOSE_DEBUG, "setting conn status to %d", status); ret = nfct_query(cth, NFCT_Q_UPDATE, ct); if (ret != 0) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "Conntrack update was impossible: %s", strerror(errno)); nfct_callback_unregister(cth); nfct_destroy(ct); return ret; } nfct_callback_unregister(cth); } nfct_destroy(ct); } return ntohs(packet_hdr->msg_length); } #else int build_nfct_tuple_from_message(struct nfct_tuple *orig, struct nuv4_conntrack_message_t *packet_hdr) { orig->protonum = packet_hdr->ip_protocol; if (is_ipv4(&packet_hdr->ip_src) && is_ipv4(&packet_hdr->ip_dst)) { orig->l3protonum = AF_INET; orig->src.v4 = packet_hdr->ip_src.s6_addr32[3]; orig->dst.v4 = packet_hdr->ip_dst.s6_addr32[3]; } else { orig->l3protonum = AF_INET6; memcpy(&orig->src.v6, &packet_hdr->ip_src, sizeof(orig->src.v6)); memcpy(&orig->dst.v6, &packet_hdr->ip_dst, sizeof(orig->dst.v6)); } switch (packet_hdr->ip_protocol) { case IPPROTO_TCP: orig->l4src.tcp.port = packet_hdr->src_port; orig->l4dst.tcp.port = packet_hdr->dest_port; break; case IPPROTO_UDP: orig->l4src.udp.port = packet_hdr->src_port; orig->l4dst.udp.port = packet_hdr->dest_port; break; default: return 0; } return 1; } /** * Process NuAuth message of type #AUTH_CONN_DESTROY */ int auth_process_conn_destroy(char *dgram, int dgram_size) { struct nuv4_conntrack_message_t *packet_hdr; struct nfct_tuple orig; int id = 0; /* check packet size */ if (dgram_size < (int) sizeof(struct nuv4_conntrack_message_t)) { return -1; } packet_hdr = (struct nuv4_conntrack_message_t *) dgram; if (ntohs(packet_hdr->msg_length) != sizeof(struct nuv4_conntrack_message_t)) { return -1; } if (build_nfct_tuple_from_message(&orig, packet_hdr)) { debug_log_printf(DEBUG_AREA_GW | DEBUG_AREA_PACKET, DEBUG_LEVEL_VERBOSE_DEBUG, "Deleting entry from conntrack after NuAuth request"); (void) nfct_delete_conntrack(cth, &orig, NFCT_DIR_ORIGINAL, id); } return ntohs(packet_hdr->msg_length); } /** * Process NuAuth message of type #AUTH_CONN_UPDATE */ int auth_process_conn_update(char *dgram, int dgram_size) { struct nuv4_conntrack_message_t *packet_hdr; struct nfct_conntrack *ct; struct nfct_tuple orig; struct nfct_tuple reply; union nfct_protoinfo proto; /* check packet size */ if (dgram_size < (int) sizeof(struct nuv4_conntrack_message_t)) { debug_log_printf(DEBUG_AREA_GW, DEBUG_LEVEL_DEBUG, "NuAuth sent too small message"); return -1; } packet_hdr = (struct nuv4_conntrack_message_t *) dgram; if (ntohs(packet_hdr->msg_length) != sizeof(struct nuv4_conntrack_message_t)) { return -1; } if (build_nfct_tuple_from_message(&orig, packet_hdr)) { /* generate reply : this is stupid but done by conntrack tool */ memset(&reply, 0, sizeof(reply)); reply.l3protonum = orig.l3protonum; #if 0 /* we set it to 0 to avoid problem with NAT */ memset(&reply.src, 0, sizeof(reply.src)); memset(&reply.dst, 0, sizeof(reply.dst)); memset(&reply.l4src, 0, sizeof(reply.l4src)); memset(&reply.l4dst, 0, sizeof(reply.l4dst)); #endif proto.tcp.state = 3; #ifdef HAVE_LIBCONNTRACK_FIXEDTIMEOUT ct = nfct_conntrack_alloc(&orig, &reply, 0, &proto, IPS_ASSURED | IPS_SEEN_REPLY | IPS_FIXED_TIMEOUT, 0, 0, NULL); #else ct = nfct_conntrack_alloc(&orig, &reply, 0, &proto, IPS_ASSURED | IPS_SEEN_REPLY, 0, 0, NULL); #endif #ifdef HAVE_LIBCONNTRACK_FIXEDTIMEOUT if (packet_hdr->timeout) { debug_log_printf(DEBUG_AREA_GW, DEBUG_LEVEL_VERBOSE_DEBUG, "Setting timeout to %d after NuAuth request", ntohl(packet_hdr->timeout)); ct->timeout = ntohl(packet_hdr->timeout); } #endif /* HAVE_LIBCONNTRACK_FIXEDTIMEOUT */ if (nfct_update_conntrack(cth, ct) != 0) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "Conntrack update was impossible"); } nfct_conntrack_free(ct); } return ntohs(packet_hdr->msg_length); } #endif /* HAVE_NEW_NFCT_API */ #endif /* HAVE_LIBCONNTRACK */ /** * Process authentication server (NuAuth) packet answer. Different answers * can be: * - Decision answer: packet accepted/rejected * - Connection destroy: ask conntrack to destroy a connection * - Connection update: ask conntrack to set connection timeout to given * value * * \return -1 in case of error */ static int auth_packet_to_decision(char *dgram, int dgram_size) { if (dgram_size < 2) { debug_log_printf(DEBUG_AREA_GW, DEBUG_LEVEL_DEBUG, "NuAuth sent too small message"); return -1; } if (dgram[0] != PROTO_NUFW_VERSION) { debug_log_printf(DEBUG_AREA_GW, DEBUG_LEVEL_DEBUG, "Wrong protocol version from authentication server answer."); return -1; } switch (dgram[1]) { case AUTH_ANSWER: return auth_process_answer(dgram, dgram_size); #ifdef HAVE_LIBCONNTRACK case AUTH_CONN_DESTROY: return auth_process_conn_destroy(dgram, dgram_size); case AUTH_CONN_UPDATE: return auth_process_conn_update(dgram, dgram_size); #else case AUTH_CONN_DESTROY: log_area_printf(DEBUG_AREA_MAIN | DEBUG_AREA_GW, DEBUG_LEVEL_WARNING, "Connection destroy message not supported"); break; case AUTH_CONN_UPDATE: log_area_printf(DEBUG_AREA_MAIN | DEBUG_AREA_GW, DEBUG_LEVEL_WARNING, "Connection update message not supported"); break; #endif default: log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_DEBUG, "NuAuth message type %d not for me", dgram[1]); break; } return -1; } /** * Thread waiting to authentication server (NuAuth) answer. * Call auth_packet_to_decision() on new packet. */ void *authsrv(void *data) { int ret; int read_size; char cdgram[512]; char *dgram = cdgram; log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_VERBOSE_DEBUG, "[+] Start auth server thread"); while (pthread_mutex_trylock(&tls.auth_server_mutex) == 0) { pthread_mutex_unlock(&tls.auth_server_mutex); /* memset(dgram, 0, sizeof dgram); */ pthread_mutex_lock(&tls.mutex); if (tls.session) ret = nussl_read(tls.session, dgram, sizeof cdgram); else ret = 0; pthread_mutex_unlock(&tls.mutex); if (ret == NUSSL_SOCK_TIMEOUT) { usleep(10000); /* Without that, the other thread can't get the lock to tls.mutex */ continue; } if (ret <= 0) { log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_VERBOSE_DEBUG, "Error during nussl_read: %s", nussl_get_error(tls.session)); break; } else { do { read_size = auth_packet_to_decision(dgram, ret); ret -= read_size; dgram = dgram + read_size; } while (ret > 0 && (read_size != -1)); } dgram = cdgram; } log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_VERBOSE_DEBUG, "[+] Leave auth server thread"); pthread_mutex_lock(&tls.mutex); /* warn sender thread that it will need to reconnect at next access */ tls.auth_server_running = 0; pthread_mutex_unlock(&tls.mutex); pthread_exit(NULL); } nufw-2.4.3/src/nufw/Makefile.in0000644000175000017500000004440011431215402013226 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @BUILD_NUFW_TRUE@sbin_PROGRAMS = nufw$(EXEEXT) subdir = src/nufw DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__installdirs = "$(DESTDIR)$(sbindir)" sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(sbin_PROGRAMS) am__nufw_SOURCES_DIST = authsrv.c common.c main.c packetsrv.c tls.c \ audit.c conntrack.c iface.c nufwconf.c iface.h nufw.h \ structure.h nufwconf.h am__objects_1 = @BUILD_NUFW_TRUE@am_nufw_OBJECTS = authsrv.$(OBJEXT) common.$(OBJEXT) \ @BUILD_NUFW_TRUE@ main.$(OBJEXT) packetsrv.$(OBJEXT) \ @BUILD_NUFW_TRUE@ tls.$(OBJEXT) audit.$(OBJEXT) \ @BUILD_NUFW_TRUE@ conntrack.$(OBJEXT) iface.$(OBJEXT) \ @BUILD_NUFW_TRUE@ nufwconf.$(OBJEXT) $(am__objects_1) nufw_OBJECTS = $(am_nufw_OBJECTS) @BUILD_NUFW_TRUE@@HAVE_CONNTRACK_ONLY_FALSE@@HAVE_IPQ_FALSE@@HAVE_NFQUEUE_CONNTRACK_FALSE@@HAVE_NFQUEUE_ONLY_TRUE@nufw_DEPENDENCIES = ../libs/nussl/libnussl.la \ @BUILD_NUFW_TRUE@@HAVE_CONNTRACK_ONLY_FALSE@@HAVE_IPQ_FALSE@@HAVE_NFQUEUE_CONNTRACK_FALSE@@HAVE_NFQUEUE_ONLY_TRUE@ ../libs/nuconfparser/libnuconfparser.la \ @BUILD_NUFW_TRUE@@HAVE_CONNTRACK_ONLY_FALSE@@HAVE_IPQ_FALSE@@HAVE_NFQUEUE_CONNTRACK_FALSE@@HAVE_NFQUEUE_ONLY_TRUE@ ../libs/nubase/libnubase.la @BUILD_NUFW_TRUE@@HAVE_CONNTRACK_ONLY_FALSE@@HAVE_IPQ_FALSE@@HAVE_NFQUEUE_CONNTRACK_TRUE@nufw_DEPENDENCIES = ../libs/nussl/libnussl.la \ @BUILD_NUFW_TRUE@@HAVE_CONNTRACK_ONLY_FALSE@@HAVE_IPQ_FALSE@@HAVE_NFQUEUE_CONNTRACK_TRUE@ ../libs/nuconfparser/libnuconfparser.la \ @BUILD_NUFW_TRUE@@HAVE_CONNTRACK_ONLY_FALSE@@HAVE_IPQ_FALSE@@HAVE_NFQUEUE_CONNTRACK_TRUE@ ../libs/nubase/libnubase.la @BUILD_NUFW_TRUE@@HAVE_CONNTRACK_ONLY_FALSE@@HAVE_IPQ_TRUE@nufw_DEPENDENCIES = ../libs/nussl/libnussl.la \ @BUILD_NUFW_TRUE@@HAVE_CONNTRACK_ONLY_FALSE@@HAVE_IPQ_TRUE@ ../libs/nuconfparser/libnuconfparser.la \ @BUILD_NUFW_TRUE@@HAVE_CONNTRACK_ONLY_FALSE@@HAVE_IPQ_TRUE@ ../libs/nubase/libnubase.la @BUILD_NUFW_TRUE@@HAVE_CONNTRACK_ONLY_TRUE@nufw_DEPENDENCIES = ../libs/nussl/libnussl.la \ @BUILD_NUFW_TRUE@@HAVE_CONNTRACK_ONLY_TRUE@ ../libs/nuconfparser/libnuconfparser.la \ @BUILD_NUFW_TRUE@@HAVE_CONNTRACK_ONLY_TRUE@ ../libs/nubase/libnubase.la DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(nufw_SOURCES) DIST_SOURCES = $(am__nufw_SOURCES_DIST) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @BUILD_NUFW_TRUE@AM_CPPFLAGS = -DLOCAL_STATE_DIR=\"$(localstatedir)\" -DCONFIG_DIR=\"$(sysconfdir)\" @BUILD_NUFW_TRUE@INCLUDES = -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase/ -I$(top_srcdir)/src/libs/nussl/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nuconfparser -D_REENTRANT @BUILD_NUFW_TRUE@EXTRA_DIST = valgrind.sh # nufw @BUILD_NUFW_TRUE@noinst_nufw_SOURCES = iface.h nufw.h structure.h nufwconf.h @BUILD_NUFW_TRUE@nufw_SOURCES = authsrv.c common.c main.c packetsrv.c \ @BUILD_NUFW_TRUE@ tls.c audit.c conntrack.c iface.c \ @BUILD_NUFW_TRUE@ nufwconf.c \ @BUILD_NUFW_TRUE@ ${noinst_nufw_SOURCES} @BUILD_NUFW_TRUE@@HAVE_CONNTRACK_ONLY_TRUE@nufw_LDADD = -lnfnetlink -lipq -lnetfilter_conntrack -ldl ../libs/nussl/libnussl.la ../libs/nuconfparser/libnuconfparser.la ../libs/nubase/libnubase.la @BUILD_NUFW_TRUE@@HAVE_IPQ_TRUE@nufw_LDADD = -lipq ../libs/nussl/libnussl.la ../libs/nuconfparser/libnuconfparser.la ../libs/nubase/libnubase.la @BUILD_NUFW_TRUE@@HAVE_NFQUEUE_CONNTRACK_TRUE@nufw_LDADD = -lnfnetlink -lnetfilter_queue -lnetfilter_conntrack -ldl ../libs/nussl/libnussl.la ../libs/nuconfparser/libnuconfparser.la ../libs/nubase/libnubase.la @BUILD_NUFW_TRUE@@HAVE_NFQUEUE_ONLY_TRUE@nufw_LDADD = -lnfnetlink -lnetfilter_queue ../libs/nussl/libnussl.la ../libs/nuconfparser/libnuconfparser.la ../libs/nubase/libnubase.la all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nufw/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nufw/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-sbinPROGRAMS: $(sbin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" @list='$(sbin_PROGRAMS)'; for p in $$list; do \ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ if test -f $$p \ || test -f $$p1 \ ; then \ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \ else :; fi; \ done uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(sbin_PROGRAMS)'; for p in $$list; do \ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \ rm -f "$(DESTDIR)$(sbindir)/$$f"; \ done clean-sbinPROGRAMS: @list='$(sbin_PROGRAMS)'; for p in $$list; do \ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ echo " rm -f $$p $$f"; \ rm -f $$p $$f ; \ done @BUILD_NUFW_FALSE@nufw$(EXEEXT): $(nufw_OBJECTS) $(nufw_DEPENDENCIES) @BUILD_NUFW_FALSE@ @rm -f nufw$(EXEEXT) @BUILD_NUFW_FALSE@ $(LINK) $(nufw_OBJECTS) $(nufw_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audit.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/authsrv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/conntrack.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iface.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/main.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nufwconf.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/packetsrv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(PROGRAMS) installdirs: for dir in "$(DESTDIR)$(sbindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-exec-am: install-sbinPROGRAMS install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-sbinPROGRAMS .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-sbinPROGRAMS ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-sbinPROGRAMS install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-sbinPROGRAMS @BUILD_NUFW_TRUE@nufw$(EXEEXT): $(nufw_OBJECTS) $(nufw_DEPENDENCIES) @BUILD_NUFW_TRUE@ @rm -f nufw$(EXEEXT) @BUILD_NUFW_TRUE@ $(LINK) $(nufw_LDFLAGS) $(nufw_OBJECTS) $(nufw_LDADD) -L$(top_builddir)/src/include/ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nufw/valgrind.sh0000755000175000017500000000207211431206275013335 00000000000000#!/bin/bash echo "Run nuauth in Valgrind" echo echo "!!! Valgrind makes NuAuth very slow, system auth. doesn't work because of timeouts." echo "!!! Use NuAuth with plaintext auth" echo LOG=valgrind.log function stop_valgrind { echo "Interrupt nufw (in Valgrind) with CTRL+C." echo "Output written in file $LOG" } trap stop_valgrind SIGINT SIGTERM # Some interesting options: # --gen-suppressions=yes # --gen-suppressions=yes \ # Explains: # --run-libc-freeres=no: Valgrind free all memory that libc allocates # Disabled: # --suppressions=valgrind.supp \ if [ -d /usr/lib/debug ]; then export LD_LIBRARY_PATH=/usr/lib/debug:$LD_LIBRARY_PATH if [ -e /usr/lib/debug/libdl-2.4.so ]; then export LD_PRELOAD=/usr/lib/debug/libdl-2.4.so fi else echo "VALGRIND WARNING: /usr/lib/debug directory is missing, install libc6-dbg" fi sudo valgrind \ --show-reachable=yes -v \ --log-file-exactly=$LOG \ --run-libc-freeres=yes \ --leak-check=full \ --verbose \ ./nufw "$@" 2>&1 trap - SIGINT SIGTERM echo "Quit valgrind.sh" nufw-2.4.3/src/nufw/Makefile.am0000644000175000017500000000255011431206275013225 00000000000000if BUILD_NUFW AM_CPPFLAGS = -DLOCAL_STATE_DIR=\"$(localstatedir)\" -DCONFIG_DIR=\"$(sysconfdir)\" INCLUDES = -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase/ -I$(top_srcdir)/src/libs/nussl/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nuconfparser -D_REENTRANT sbin_PROGRAMS = nufw EXTRA_DIST = valgrind.sh # nufw noinst_nufw_SOURCES = iface.h nufw.h structure.h nufwconf.h nufw_SOURCES = authsrv.c common.c main.c packetsrv.c \ tls.c audit.c conntrack.c iface.c \ nufwconf.c \ ${noinst_nufw_SOURCES} if HAVE_IPQ nufw_LDADD = -lipq ../libs/nussl/libnussl.la ../libs/nuconfparser/libnuconfparser.la ../libs/nubase/libnubase.la endif if HAVE_NFQUEUE_CONNTRACK nufw_LDADD = -lnfnetlink -lnetfilter_queue -lnetfilter_conntrack -ldl ../libs/nussl/libnussl.la ../libs/nuconfparser/libnuconfparser.la ../libs/nubase/libnubase.la endif if HAVE_NFQUEUE_ONLY nufw_LDADD = -lnfnetlink -lnetfilter_queue ../libs/nussl/libnussl.la ../libs/nuconfparser/libnuconfparser.la ../libs/nubase/libnubase.la endif if HAVE_CONNTRACK_ONLY nufw_LDADD = -lnfnetlink -lipq -lnetfilter_conntrack -ldl ../libs/nussl/libnussl.la ../libs/nuconfparser/libnuconfparser.la ../libs/nubase/libnubase.la endif nufw$(EXEEXT): $(nufw_OBJECTS) $(nufw_DEPENDENCIES) @rm -f nufw$(EXEEXT) $(LINK) $(nufw_LDFLAGS) $(nufw_OBJECTS) $(nufw_LDADD) -L$(top_builddir)/src/include/ endif nufw-2.4.3/src/nufw/tls.c0000644000175000017500000002010111431206275012127 00000000000000/* ** Copyright (C) 2002-2008 INL ** Written by Eric Leblond ** Vincent Deffontaines ** Pierre Chifflier ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "nufw.h" #include #include #include #include /* see for details - value is hardcoded */ #define UNIX_MAX_PATH 108 /** * \file nufw/tls.c * \brief Create a TLS connection to NuAuth * * Create a TLS connection to NuAuth using tls_connect(). */ /** * Check nuauth certification domain name (DN). * * Returns 1 on error, 0 if the domain name is valid. */ #if 0 unsigned int check_nuauth_cert_dn(gnutls_session *tls_session) { /* we check that dn provided in nuauth certificate is valid */ char dn[128]; size_t size; int ret; #if 0 unsigned int algo, bits; time_t expiration_time, activation_time; #endif const gnutls_datum *cert_list; unsigned int cert_list_size = 0; gnutls_x509_crt cert; /* This function only works for X.509 certificates. */ if (gnutls_certificate_type_get(*tls_session) != GNUTLS_CRT_X509) return 0; cert_list = gnutls_certificate_get_peers(*tls_session, &cert_list_size); if (cert_list_size == 0) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "TLS: cannot get the peer certificate"); return 1; } /* we only print information about the first certificate */ ret = gnutls_x509_crt_init(&cert); if (ret != 0) { log_area_printf (DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "TLS: cannot init x509 cert: %s", gnutls_strerror(ret)); return 0; } ret = gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER); if (ret != 0) { log_area_printf (DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "TLS: cannot import x509 cert: %s", gnutls_strerror(ret)); return 0; } /* TODO: verify date */ #if 0 expiration_time = gnutls_x509_crt_get_expiration_time(cert); activation_time = gnutls_x509_crt_get_activation_time(cert); /* Extract some of the public key algorithm's parameters */ algo = gnutls_x509_crt_get_pk_algorithm(cert, &bits); #endif size = sizeof(dn); ret = gnutls_x509_crt_get_dn(cert, dn, &size); if (ret != 0) { log_area_printf (DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "TLS: cannot copy x509 cert name into buffer: %s", gnutls_strerror(ret)); return 0; } dn[sizeof(dn)-1] = 0; if (strcmp(dn, nuauth_cert_dn)) { log_area_printf (DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "TLS: bad certificate DN received from nuauth server: %s", dn); return 0; } return 1; } #endif /** * Inialialize key_file and cert_file variables */ int init_x509_filenames() { #if USE_X509 if (!key_file) { key_file = (char *) calloc(strlen(CONFIG_DIR) + strlen(KEYFILE) + 2, sizeof(char)); if (!key_file) { log_area_printf (DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "TLS: cannot allocate the key file"); return 0; } strcat(key_file, CONFIG_DIR); strcat(key_file, "/"); strcat(key_file, KEYFILE); } if (!cert_file) { cert_file = (char *) calloc(strlen(CONFIG_DIR) + strlen(CERTFILE) + 2, sizeof(char)); if (!cert_file) { log_area_printf (DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "TLS: cannot allocate the cert file"); return 0; } strcat(cert_file, CONFIG_DIR); strcat(cert_file, "/"); strcat(cert_file, CERTFILE); } #endif return 1; } /** * Create auth server thread */ void create_authserver() { pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE); /* create joinable thread for auth server */ pthread_mutex_init(&tls.auth_server_mutex, NULL); if (pthread_create (&tls.auth_server, &attr, authsrv, NULL) == EAGAIN) { exit(EXIT_FAILURE); } tls.auth_server_running = 1; } void tls_connect_unix() { struct sockaddr_un remote; socklen_t len; int s; int ret; nussl_session* sess; log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_FATAL, "Trying to connect to unix socket: %s", authreq_addr); s = socket(AF_UNIX, SOCK_STREAM, 0); if (s < 0) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_DEBUG, "Couldn't create socket"); return; } remote.sun_family = AF_UNIX; strncpy(remote.sun_path, authreq_addr, UNIX_MAX_PATH-1); len = strlen(remote.sun_path) + sizeof(remote.sun_family); ret = connect(s, (struct sockaddr *)&remote, len); if (ret < 0) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_DEBUG, "Couldn't connect to unix socket"); return; } sess = nussl_session_create_with_fd(s, 0 /* verify */); /* time *must* be set to 0 (non-blocking calls) to avoid a deadlock * between auth_request_send and authsrv */ nussl_set_read_timeout(sess, 0); tls.session = sess; create_authserver(); } /** * Create a TLS connection to NuAuth: create a TCP socket and connect * to NuAuth using ::adr_srv. * * If x509 is enable (USE_X509 equals to 1), create credentials and check * NuAuth's one. This function modify the tls variable and in particular * set tls.session. * */ void tls_connect() { int ret; nussl_session* sess; tls.session = NULL; if (authreq_addr[0] == '/') return tls_connect_unix(); if (!init_x509_filenames()) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_DEBUG, "Couldn't malloc for key or cert filename!"); return; } sess = nussl_session_create(NUSSL_SSL_CTX_CLIENT); if (!sess) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_FATAL, "Unable to create NuSSL session: %s", nussl_get_error(sess)); return; } log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_FATAL, "Loading certificate:%s", cert_file); log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_FATAL, "Loading key:%s", key_file); ret = nussl_ssl_set_keypair(sess, cert_file, key_file); if (ret != NUSSL_OK) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_FATAL, "TLS: can not set nussl certificate or keyfile: %s", nussl_get_error(sess)); nussl_session_destroy(sess); return; } /* sets the trusted CA file */ if (ca_file) { ret = nussl_ssl_trust_cert_file(sess, ca_file); if (ret != NUSSL_OK) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_FATAL, "TLS: can not set nussl CA file: %s", nussl_get_error(sess)); nussl_session_destroy(sess); return; } } /* sets the CRL */ if (crl_file) { ret = nussl_ssl_set_crl_file(sess, crl_file, ca_file); if (ret != NUSSL_OK) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_FATAL, "TLS: can not set nussl CRL file: %s", nussl_get_error(sess)); nussl_session_destroy(sess); return; } } nussl_set_hostinfo(sess, authreq_addr, authreq_port); nussl_set_read_timeout(sess, 0); if (!nufw_strict_tls) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "TLS: disabling certificate verification, as asked."); nussl_ssl_disable_certificate_check(sess, 1); } if (!nufw_fqdn_check) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "TLS: disabling FQDN verification, as asked."); nussl_set_session_flag(sess, NUSSL_SESSFLAG_IGNORE_ID_MISMATCH, 1); } if (nussl_open_connection(sess) != NUSSL_OK) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "TLS: cannot connect to tls_socket (%s)", nussl_get_error(sess)); nussl_session_destroy(sess); return; } #ifdef XXX if (ca_file) { if (nuauth_cert_dn) { if (!check_nuauth_cert_dn(tls_session)) { log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_WARNING, "TLS: Cannot check the certificate DN"); return; } } } #endif tls.session = sess; create_authserver(); } nufw-2.4.3/src/nufw/nufwconf.c0000644000175000017500000000442411431206275013164 00000000000000/* ** Copyright(C) 2009 INL ** Written by Pierre Chifflier ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include "nufwconf.h" #include "config-parser.h" #include #include static struct llist_head *nufw_config_table_list = NULL; /** \file nufwconf.c * \brief Read configuration file */ int nufw_parse_configuration(const char *filename) { struct llist_head *new_config = NULL; if (access(filename,R_OK) == 0) { new_config = parse_configuration(filename); if (new_config == NULL) { return -1; } } if (new_config == NULL) { new_config = malloc(sizeof(struct llist_head)); INIT_LLIST_HEAD( new_config ); } if (nufw_config_table_list != NULL) nufw_config_table_destroy(); nufw_config_table_list = new_config; return 0; } char *nufw_config_table_get(const char *key) { return nubase_config_table_get(nufw_config_table_list, key); } char *nufw_config_table_get_alwaysstring(char *key) { return nubase_config_table_get_alwaysstring(nufw_config_table_list, key); } char *nufw_config_table_get_or_default(char *key, char *replace) { return nubase_config_table_get_or_default(nufw_config_table_list, key, replace); } int nufw_config_table_get_or_default_int(char *key, int defint) { return nubase_config_table_get_or_default_int(nufw_config_table_list, key, defint); } void nufw_config_table_destroy(void) { return nubase_config_table_destroy(nufw_config_table_list); nufw_config_table_list = NULL; } void nufw_config_table_print(void *userdata, void (*func)(void *data, char *keyeqval)) { return nubase_config_table_print(nufw_config_table_list,userdata,func); } nufw-2.4.3/src/nufw/audit.c0000644000175000017500000000436411431206275012450 00000000000000/* ** Copyright (C) 2002-2007 INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /** \file nufw/audit.c * \brief Signal handlers (SIGPOLL, SIGUSR1, SIGUSR2). * * Signal handlers: * - process_poll() is called by SIGPOLL * - process_usr1() is called by SIGUSR1 * - process_usr2() is called by SIGUSR2 */ #include #include /** * Output traffic statistics (packets received/accepted). * \see pckt_rx and pckt_tx: Received and transmitted packets count. */ void process_poll(int signum) { /* log_area_printf(DEBUG_AREA_MAIN, #ifdef DEBUG_ENABLE DEBUG_LEVEL_SERIOUS_WARNING, #else DEBUG_LEVEL_FATAL, #endif "AUDIT: rx=%d tx=%d track_size=%d list=%s", pckt_rx, pckt_tx, packets_list.length, (packets_list.start == NULL) ? "empty" : "one packet or more"); */ } /** * Increase debug verbosity. * \see debug_level */ void process_usr1(int signum) { debug_level += 1; if (debug_level > 20) debug_level = 20; log_printf(DEBUG_LEVEL_FATAL, "USR1: Setting debug level to %d", debug_level); } /** * Decrease debug verbosity. * \see debug_level */ void process_usr2(int signum) { debug_level -= 1; if (debug_level < 0) debug_level = 0; log_printf(DEBUG_LEVEL_FATAL, "USR2: Setting debug level to %d", debug_level); } /** * Restart current TLS connection. */ void process_hup(int signum) { log_printf(DEBUG_LEVEL_FATAL, "HUP: restarting TLS connection"); pthread_mutex_lock(&tls.mutex); shutdown_tls(); pthread_mutex_unlock(&tls.mutex); } nufw-2.4.3/src/nufw/structure.h0000644000175000017500000001423011431206275013400 00000000000000/* ** Copyright (C) 2002-2008 INL ** Written by Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation; version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /** \file structure.h * \brief Global variables with their default value * * Global variables with their default value. Most important one is * the ::packets_list. */ #ifndef STRUCTURE_HEADER #define STRUCTURE_HEADER #ifndef NUFW_HEADER_H # error "include nufw.h instead of structure.h" #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #include "config.h" #include "proto.h" #define AUTHREQ_ADDR "127.0.0.1" /*!< Default value of ::authreq_addr */ #define TRACK_SIZE 1000 /*!< Default value of ::track_size */ #define PACKET_TIMEOUT 15 /*!< Default value of ::packet_timeout */ #define HOSTNAME_SIZE 256 /*!< Maximum size of hostnames (::authreq_addr) */ #define FILENAME_SIZE 256 /*!< Maximum length of filenames */ extern char *cert_file; /*!< Certificatename used in TLS connection, default value: NULL */ extern char *key_file; /*!< Key filename used in TLS connection, default value: NULL */ char *ca_file; /*!< Trust filename used in TLS connection, default value: NULL */ char *crl_file; /*!< CRL filename used in TLS connection, default value: NULL */ char *nuauth_cert_dn; /*!< NuAuth certificate filename, default value: NULL */ /*! IP or hostname of NuAuth server address (::adr_srv), default value: #AUTHREQ_ADDR */ char authreq_addr[HOSTNAME_SIZE]; /*! Port of NuAuth server address (::adr_srv), default value: #AUTHREQ_PORT */ unsigned int authreq_port; /*! Number of second before a packet is dropped, default value: #PACKET_TIMEOUT */ int packet_timeout; /*! Maximum size of the packet list (::packets_list), default value: #TRACK_SIZE */ int track_size; /*! If equals to 1, set mark on packet using #IPQ_SET_VWMARK. Default value: 0 */ int nufw_set_mark; /*! If equals to 1, do a strict check of all TLS property */ int nufw_strict_tls; /*! If equals to 1, do a strict check of nuauth FQDN vs certificate CN field */ int nufw_fqdn_check; /*! Restrict to IPv4 (use this if your system lacks IPv6 support for nfnetlink) */ int nufw_no_ipv6; /** * This enum is used to code the state of a packet * with respect to nufw nuauth interaction */ typedef enum { PCKT_NONE = 0, PCKT_WAITING, PCKT_SENT, PCKT_ANSWERED } pckt_state_t; /** * Informations about one packet: unique identifier in netfilter queue, * timestamp (initialized by NuFW) and mark (if NuFW compiled with * mark support). */ typedef struct Packet_Ids { /*! Unique identifier in netfilter queue, comes * from nfq_get_msg_packet_hdr() */ unsigned long id; pckt_state_t state; /*! Timestamp in Epoch format, value comes from netfilter or time(NULL) */ long timestamp; #ifdef PERF_DISPLAY_ENABLE struct timeval arrival_time; #endif #if (HAVE_LIBIPQ_MARK || USE_NFQUEUE) /*! Packet mark, comes from nfq_get_nfmark() */ unsigned long nfmark; #endif /*! Pointer to next packet entry in ::packets_list, * set by padd() and psuppress() */ struct Packet_Ids *next; } packet_idl; /***** Pack list ****/ /** * Packet list used to store packet until NuAuth answer. * clean_old_packets() and psearch_and_destroy() remove old packets (after * ::packet_timeout secondes). */ struct packets_list_t { packet_idl *start; /*!< Begin of the list (NULL if the list is empty) */ packet_idl *end; /*!< End of the list (NULL if the list is empty) */ int length; /*!< Length of the list */ pthread_mutex_t mutex; } packets_list; /** * Store old signal handlers */ struct nufw_signals { struct sigaction old_sigterm_hdl; struct sigaction old_sigint_hdl; }; #if USE_NFQUEUE struct nfq_q_handle *hndl; #else /* ipq handler */ struct ipq_handle *hndl; #endif /** * All data of a thread (use for packetsrv()) */ struct nufw_threadtype { pthread_t thread; pthread_mutex_t mutex; }; /** * Structure to send arguments to the thread. */ struct nufw_threadargument { struct nufw_threadtype *thread; int parent_pid; }; /* mutex */ extern pthread_mutex_t ipq_mutex; /** \def IPQ_SET_VERDICT(PACKETID, DECISION) * Set decision (NF_ACCEPT or NF_DROP) of a packet. Call nfq_set_verdict() * or ipq_set_verdict(). */ /** \def IPQ_SET_VWMARK(PACKETID, DECISION, NFMARK) * Set decision (NF_ACCEPT or NF_DROP) of a packet and add a marker. Call * nfq_set_verdict_mark() or ipq_set_vwmark(). */ #if USE_NFQUEUE #define IPQ_SET_VERDICT(PACKETID, DECISION) \ do { \ pthread_mutex_lock(&ipq_mutex); \ nfq_set_verdict(hndl, PACKETID, DECISION, 0 , NULL); \ pthread_mutex_unlock(&ipq_mutex); \ } while(0) #define IPQ_SET_VWMARK(PACKETID, DECISION, NFMARK) \ do { \ pthread_mutex_lock(&ipq_mutex); \ nfq_set_verdict_mark(hndl, PACKETID, DECISION, NFMARK, 0, NULL); \ pthread_mutex_unlock(&ipq_mutex); \ } while(0) #else #define IPQ_SET_VERDICT(PACKETID, DECISION) \ do { \ pthread_mutex_lock(&ipq_mutex); \ ipq_set_verdict(hndl, PACKETID, DECISION,0,NULL); \ pthread_mutex_unlock(&ipq_mutex); \ } while(0) #define IPQ_SET_VWMARK(PACKETID, DECISION, NFMARK) \ do { \ pthread_mutex_lock(&ipq_mutex); \ ipq_set_vwmark(hndl, PACKETID, DECISION, NFMARK,0,NULL); \ pthread_mutex_unlock(&ipq_mutex); \ } while(0) #endif int pckt_tx; /*!< Number of transmitted packets since NuFW is running */ int pckt_rx; /*!< Number of received packets since NuFW is running */ #endif /* ifndef STRUCTURE_HEADER */ nufw-2.4.3/src/nufw/iface.c0000644000175000017500000000606211431206275012406 00000000000000/* ** Copyright (C) 2007,2009 INL ** Written by Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "nufw.h" #include #ifdef HAVE_NFQ_INDEV_NAME /* mutex used to get around non thread-safeness of iface resolution * in libnfnetlink */ pthread_mutex_t iface_mutex; int get_interface_information(struct nlif_handle *inst, struct queued_pckt *q_pckt, struct nfq_data *nfad) { pthread_mutex_lock(&iface_mutex); nfq_get_indev_name(inst, nfad, q_pckt->indev); if (q_pckt->indev[0] == '*') { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_DEBUG, "Can not get indev information"); } nfq_get_physindev_name(inst, nfad, q_pckt->physindev); if (q_pckt->physindev[0] == '*') { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_DEBUG, "Can not get physindev information"); } nfq_get_outdev_name(inst, nfad, q_pckt->outdev); if (q_pckt->outdev[0] == '*') { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_DEBUG, "Can not get outdev information"); } else { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_DEBUG, "Get outdev information: %s", q_pckt->outdev); } nfq_get_physoutdev_name(inst, nfad, q_pckt->physoutdev); if (q_pckt->physoutdev[0] == '*') { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_DEBUG, "Can not get physoutdev information"); } else { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_DEBUG, "Get physoutdev information: %s", q_pckt->physoutdev); } pthread_mutex_unlock(&iface_mutex); return 1; } struct nlif_handle *iface_table_open() { struct nlif_handle *inst; pthread_mutex_init(&iface_mutex, NULL); /* opening ifname resolution handle */ inst = nlif_open(); if (inst == NULL) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL, "[!] Error during nlif_table_init()"); return NULL; } nlif_query(inst); return inst; } int iface_treat_message(struct nlif_handle *inst) { int ret; debug_log_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_DEBUG, "Network interface event"); pthread_mutex_lock(&iface_mutex); ret = nlif_catch(inst); pthread_mutex_unlock(&iface_mutex); return ret; } void iface_table_close(struct nlif_handle *inst) { debug_log_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_DEBUG, "Free iface resolution instance"); pthread_mutex_lock(&iface_mutex); nlif_close(inst); pthread_mutex_unlock(&iface_mutex); pthread_mutex_destroy(&iface_mutex); } #endif /* #ifdef HAVE_NFQ_INDEV_NAME */ nufw-2.4.3/src/nufw/common.c0000644000175000017500000002111311431206275012621 00000000000000/* ** ** Copyright 2002 - 2007 INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /** \file common.c * \brief Common tools to manage ::packets_list. * * Function to add (padd()), suppress (psuppress() and psearch_and_destroy()) and clean up * (clean_old_packets()) packets from packet list (::packets_list). */ #include "nufw.h" #include #include #include /* icmphdr */ #include /* icmp6_hdr */ #include /* iphdr */ #include /* ip6_hdr */ #include /* data stuff */ #ifdef PERF_DISPLAY_ENABLE /** * Subtract the `struct timeval' values X and Y, * storing the result in RESULT. * Return 1 if the difference is negative, otherwise 0. */ int timeval_substract(struct timeval *result, struct timeval *x, struct timeval *y) { /* Perform the carry for the later subtraction by updating y. */ if (x->tv_usec < y->tv_usec) { int nsec = (y->tv_usec - x->tv_usec) / 1000000 + 1; y->tv_usec -= 1000000 * nsec; y->tv_sec += nsec; } if (x->tv_usec - y->tv_usec > 1000000) { int nsec = (x->tv_usec - y->tv_usec) / 1000000; y->tv_usec += 1000000 * nsec; y->tv_sec -= nsec; } /* Compute the time remaining to wait. * tv_usec is certainly positive. */ result->tv_sec = x->tv_sec - y->tv_sec; result->tv_usec = x->tv_usec - y->tv_usec; /* Return 1 if result is negative. */ return x->tv_sec < y->tv_sec; } #endif /** * Close the TLS session */ void close_tls_session() { if (tls.session == NULL) return; pthread_mutex_destroy(&tls.auth_server_mutex); nussl_session_destroy(tls.session); tls.session = NULL; } /** * Suppress the packet current from the packet list (::packets_list). * * \param previous Packet before current * \param current Packet to remove */ void psuppress(packet_idl * previous, packet_idl * current) { if (previous != NULL) previous->next = current->next; else packets_list.start = current->next; if (current->next == NULL) { packets_list.end = previous; } free(current); packets_list.length--; } /** * Try to add a packet to the end of ::packets_list. If we exceed max length * (::track_size), just drop the packet. * * \return 0 if ok, -1 if list is full. */ int padd(packet_idl * current) { if (track_size <= packets_list.length) { log_area_printf(DEBUG_AREA_PACKET, DEBUG_LEVEL_WARNING, "Warning: queue is full, dropping element"); IPQ_SET_VERDICT(current->id, NF_DROP); return -1; } packets_list.length++; current->next = NULL; if (current->timestamp == 0) { current->timestamp = time(NULL); } if (packets_list.end != NULL) packets_list.end->next = current; packets_list.end = current; if (packets_list.start == NULL) packets_list.start = current; return 0; } /* called by authsrv */ /** * Search an entry in packet list (::packets_list), and drop and * suppress old packets (using ::packet_timeout). If the packet can be found, * delete it and copy it's mark into nfmark. * * \return Returns 1 and the mark (in nfmark) if the packet can be found, 0 else. */ int psearch_and_destroy(uint32_t packet_id, uint32_t * nfmark) { packet_idl *current = packets_list.start, *previous = NULL; int timestamp = time(NULL); /** \todo Do benchmarks and check if an hash-table + list (instead of just * list) wouldn't be faster than just a list when NuAuth is slow */ while (current != NULL) { if (current->id == packet_id) { #if HAVE_LIBIPQ_MARK || USE_NFQUEUE *nfmark = current->nfmark; #endif #ifdef PERF_DISPLAY_ENABLE { struct timeval elapsed_time, leave_time; double ms; gettimeofday(&leave_time, NULL); timeval_substract(&elapsed_time, &leave_time, &(current-> arrival_time)); ms = (double) elapsed_time.tv_sec * 1000 + (double) elapsed_time.tv_usec / 1000; log_area_printf(DEBUG_AREA_PACKET, DEBUG_LEVEL_INFO, "Treatment time for connection: %.1f ms", ms); } #endif psuppress(previous, current); return 1; /* we want to suppress first element if it is too old */ } else if (timestamp - current->timestamp > packet_timeout) { IPQ_SET_VERDICT(current->id, NF_DROP); debug_log_printf(DEBUG_AREA_PACKET, DEBUG_LEVEL_INFO, "Dropped: %lu", current->id); psuppress(previous, current); current = packets_list.start; previous = NULL; } else { previous = current; current = current->next; } } return 0; } /** * Clear packet list: delete all elements */ void clear_packet_list() { packet_idl *current = packets_list.start, *next; while (current != NULL) { next = current->next; free(current); current = next; } packets_list.start = NULL; packets_list.end = NULL; packets_list.length = 0; } /** * Walk in the packet list (::packets_list) and remove old packets (using ::packet_timeout limit). */ void clean_old_packets() { packet_idl *current = packets_list.start, *previous = NULL; int timestamp = time(NULL); while (current != NULL) { /* we want to suppress first element if it is too old */ if (timestamp - current->timestamp > packet_timeout) { IPQ_SET_VERDICT(current->id, NF_DROP); debug_log_printf(DEBUG_AREA_PACKET, DEBUG_LEVEL_DEBUG, "Dropped: %lu", current->id); psuppress(previous, current); current = packets_list.start; previous = NULL; } else { current = NULL; } } } /* * Copy taken from hping2 project, original comment was: * "from R. Stevens's Network Programming" */ __u16 icmp_cksum(__u16 * buf, int nbytes) { __u32 sum; __u16 oddbyte; sum = 0; while (nbytes > 1) { sum += *buf++; nbytes -= 2; } if (nbytes == 1) { oddbyte = 0; *((__u16 *) & oddbyte) = *(__u16 *) buf; sum += oddbyte; } sum = (sum >> 16) + (sum & 0xffff); sum += (sum >> 16); return (__u16) ~ sum; } int send_icmp_ipv4_unreach(char *payload, int payload_len) { struct sockaddr_in to; char buffer[256]; struct iphdr *ip = (struct iphdr *) payload; struct icmphdr *icmp = (struct icmphdr *) buffer; if (payload_len + sizeof(struct icmphdr) > 256) { return -1; } /* write ICMP header */ icmp->type = 3; icmp->code = 3; icmp->checksum = 0x0000; icmp->un.frag.__unused = 0; icmp->un.frag.mtu = 0; /* copy old packet header */ memcpy(buffer + sizeof(struct icmphdr), (char *)payload + sizeof(*ip), payload_len - sizeof(*ip)); /* get destination IPv4 address */ memset(&to, 0, sizeof(to)); to.sin_family = AF_INET; to.sin_addr.s_addr = ip->saddr; /* compute icmp checksum */ icmp->checksum = icmp_cksum((__u16 *) buffer, sizeof(struct icmphdr) + payload_len - sizeof(*ip)); /* send packet */ return sendto(raw_sock4, buffer, sizeof(struct icmphdr) + payload_len - sizeof(*ip), 0, (struct sockaddr *) &to, sizeof(to)); } int send_icmp_ipv6_unreach(char *payload, int payload_len) { struct sockaddr_in6 to; char buffer[256]; struct ip6_hdr *ip = (struct ip6_hdr *) payload; struct icmp6_hdr *icmp = (struct icmp6_hdr *) buffer; if (payload_len + sizeof(struct icmp6_hdr) > 256) { return -1; } /* write ICMP header */ memset(icmp, 0, sizeof(*icmp)); icmp->icmp6_type = 1; icmp->icmp6_code = 0; /* checksum and data are nul */ /* copy old packet header */ memcpy(buffer + sizeof(*icmp), payload, payload_len); /* get destination IPv6 address */ memset(&to, 0, sizeof(to)); to.sin6_family = AF_INET6; to.sin6_addr = ip->ip6_src; #ifdef LINUX /* don't compute icmp checksum, Linux do it for us */ #else # error "You may compute the checksum!" #endif if (raw_sock6 > 0) { /* send packet */ return sendto(raw_sock6, buffer, payload_len + sizeof(struct icmp6_hdr), 0, (struct sockaddr *) &to, sizeof(to)); } else { return 0; } } int send_icmp_unreach(char *payload, int payload_len) { struct iphdr *ip4 = (struct iphdr *) payload; if (ip4->version == AF_INET) { return send_icmp_ipv4_unreach(payload, payload_len); } else { return send_icmp_ipv6_unreach(payload, payload_len); } } nufw-2.4.3/src/nufw/nufwconf.h0000644000175000017500000000235011431206275013165 00000000000000/* ** Copyright(C) 2009 INL ** Written by Pierre Chifflier ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NUFWCONF_H #define NUFWCONF_H int nufw_parse_configuration(const char *filename); char *nufw_config_table_get(const char *key); char *nufw_config_table_get_alwaysstring(char *key); char *nufw_config_table_get_or_default(char *key, char *replace); int nufw_config_table_get_or_default_int(char *key, int defint); void nufw_config_table_destroy(void); void nufw_config_table_print(void *userdata, void (*func)(void *data, char *keyeqval)); #endif /* NUFWCONF_H */ nufw-2.4.3/src/nufw/iface.h0000644000175000017500000000216711431206275012415 00000000000000/* ** Copyright (C) 2007 INL ** Written by Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef IFACE_H #define IFACE_H #ifdef HAVE_NFQ_INDEV_NAME int get_interface_information(struct nlif_handle *inst, struct queued_pckt *q_pckt, struct nfq_data *nfad); struct nlif_handle *iface_table_open(); int iface_treat_message(struct nlif_handle *inst); void iface_table_close(struct nlif_handle *inst); #endif #endif nufw-2.4.3/src/nufw/conntrack.c0000644000175000017500000001733211431206275013323 00000000000000/* ** Copyright (C) 2005-2006 INL ** Written by Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /** \file nufw/conntrack.c * \brief Connection tracking * * Connection tracking function if NuFW is compiled with \#HAVE_LIBCONNTRACK. */ #define DEBUG_CONNTRACK #include "nufw.h" #ifdef HAVE_LIBCONNTRACK #include #include #ifdef HAVE_NEW_NFCT_API # define MSG_DESTROY NFCT_T_DESTROY # define MSG_UPDATE NFCT_T_UPDATE #else # define MSG_DESTROY NFCT_MSG_DESTROY # define MSG_UPDATE NFCT_MSG_UPDATE #endif void fill_message(struct nuv4_conntrack_message_t *message, #ifdef HAVE_NEW_NFCT_API struct nf_conntrack *conn) #else struct nfct_conntrack *conn) #endif { #ifdef DEBUG_CONNTRACK char ascii[INET6_ADDRSTRLEN]; #endif #ifdef HAVE_NEW_NFCT_API message->ip_protocol = nfct_get_attr_u8(conn, ATTR_ORIG_L4PROTO); if (nfct_get_attr_u8(conn, ATTR_ORIG_L3PROTO) == AF_INET) { uint32_to_ipv6(nfct_get_attr_u32(conn, ATTR_ORIG_IPV4_SRC), &message->ip_src); uint32_to_ipv6(nfct_get_attr_u32(conn, ATTR_ORIG_IPV4_DST), &message->ip_dst); } else { memcpy(&message->ip_src, nfct_get_attr(conn, ATTR_ORIG_IPV6_SRC), sizeof(message->ip_src)); memcpy(&message->ip_dst, nfct_get_attr(conn, ATTR_ORIG_IPV6_DST), sizeof(message->ip_dst)); } switch (message->ip_protocol) { case IPPROTO_TCP: case IPPROTO_UDP: message->src_port = nfct_get_attr_u16(conn, ATTR_ORIG_PORT_SRC); message->dest_port = nfct_get_attr_u16(conn, ATTR_ORIG_PORT_DST); break; default: message->src_port = 0; message->dest_port = 0; break; } message->mark = nfct_get_attr_u32(conn, ATTR_MARK); message->packets_in = nfct_get_attr_u32(conn, ATTR_ORIG_COUNTER_PACKETS); message->bytes_in = nfct_get_attr_u32(conn, ATTR_ORIG_COUNTER_BYTES); message->packets_out = nfct_get_attr_u32(conn, ATTR_REPL_COUNTER_PACKETS); message->bytes_out = nfct_get_attr_u32(conn, ATTR_REPL_COUNTER_BYTES); #else message->ip_protocol = conn->tuple[0].protonum; if (conn->tuple[0].l3protonum == AF_INET) { uint32_to_ipv6(conn->tuple[0].src.v4, &message->ip_src); uint32_to_ipv6(conn->tuple[0].dst.v4, &message->ip_dst); } else { memcpy(&message->ip_src, &conn->tuple[0].src.v6, sizeof(message->ip_src)); memcpy(&message->ip_dst, &conn->tuple[0].dst.v6, sizeof(message->ip_dst)); } switch (message->ip_protocol) { case IPPROTO_TCP: message->src_port = conn->tuple[0].l4src.tcp.port; message->dest_port = conn->tuple[0].l4dst.tcp.port; break; case IPPROTO_UDP: message->src_port = conn->tuple[0].l4src.udp.port; message->dest_port = conn->tuple[0].l4dst.udp.port; break; default: message->src_port = 0; message->dest_port = 0; break; } message->mark = conn->mark; message->packets_in = conn->counters[1].packets; message->bytes_in = conn->counters[1].bytes; message->packets_out = conn->counters[0].packets; message->bytes_out = conn->counters[0].bytes; #endif #ifdef DEBUG_CONNTRACK printf("(*) New conntrack event: "); format_ipv6(&message->ip_src, ascii, INET6_ADDRSTRLEN, NULL); printf(" src=%s", ascii); format_ipv6(&message->ip_dst, ascii, INET6_ADDRSTRLEN, NULL); printf(" dst=%s\n", ascii); #endif } /** * Send message to TLS tunnel on new netfilter conntrack event. * * \param type Event type (IPCTNL_MSG_CT_DELETE, IPCTNL_MSG_CT_NEW, ...) * \param conn Pointer to a connection of type ::nfct_conntrack * \param flags Event flags (no used) * \param data (no data, NULL pointer) * \return If an error occurs returns -1, else returns 0 */ #ifdef HAVE_NEW_NFCT_API int update_handler(enum nf_conntrack_msg_type type, struct nf_conntrack *conn, void *data) #else int update_handler(struct nfct_conntrack *conn, unsigned int flags, int type, void *data) #endif { struct nuv4_conntrack_message_t message; int ret; #ifdef HAVE_NEW_NFCT_API int callback_ret = NFCT_CB_CONTINUE; #else int callback_ret = 0; #endif /* switch can be done with a signal */ if (handle_conntrack_event == 0) { #ifdef HAVE_NEW_NFCT_API return NFCT_CB_STOP; #else return -1; #endif } /* if nufw_conntrack_uses_mark is set we should have mark set here * This REQUIRES correct CONNMARK rules and correct kernel */ if (nufw_conntrack_uses_mark == 1) { #ifdef HAVE_NEW_NFCT_API if (nfct_get_attr_u32(conn, ATTR_MARK) == 0) return callback_ret; #else if (conn->mark == 0) return callback_ret; #endif } message.protocol_version = PROTO_NUFW_VERSION; message.msg_length = htons(sizeof(struct nuv4_conntrack_message_t)); switch (type) { case MSG_DESTROY: message.msg_type = AUTH_CONN_DESTROY; debug_log_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_VERBOSE_DEBUG, "Destroy event to be send to nuauth."); break; case MSG_UPDATE: #ifdef HAVE_NEW_NFCT_API if (!(nfct_get_attr_u32(conn, ATTR_STATUS) & IPS_ASSURED)) { return callback_ret; } else { /* We only want to log ESTABLISHED for TCP state */ if (nfct_get_attr_u8(conn, ATTR_ORIG_L4PROTO) == IPPROTO_TCP) { if (nfct_get_attr_u8(conn, ATTR_TCP_STATE) != TCP_CONNTRACK_ESTABLISHED) { return callback_ret; } } } #else if (!(conn->status & IPS_ASSURED)) { return callback_ret; } #endif message.msg_type = AUTH_CONN_UPDATE; debug_log_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_VERBOSE_DEBUG, "Update event to be send to nuauth."); break; default: debug_log_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_INFO, "Strange, get message (type %d) not %d or %d", type, MSG_DESTROY, MSG_UPDATE); return callback_ret; } fill_message(&message, conn); pthread_mutex_lock(&tls.mutex); if (tls.session) { debug_log_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_DEBUG, "Sending conntrack event to nuauth."); ret = nussl_write(tls.session, (char*)&message, sizeof(struct nuv4_conntrack_message_t) ); if (ret < 0) { /* warn sender thread that it will need to reconnect at next access */ debug_log_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_DEBUG, "Error during nussl_write."); shutdown_tls(); pthread_mutex_unlock(&tls.mutex); return callback_ret; } } pthread_mutex_unlock(&tls.mutex); return callback_ret; } /** * Install netfilter conntrack event handler: update_handler(). * * \return NULL pointer */ void *conntrack_event_handler(void *data) { struct nfct_handle *cth; int res; debug_log_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_VERBOSE_DEBUG, "Starting conntrack thread"); cth = nfct_open(CONNTRACK, NF_NETLINK_CONNTRACK_DESTROY | NF_NETLINK_CONNTRACK_UPDATE); if (!cth) log_printf(DEBUG_LEVEL_WARNING, "Not enough memory to open netfilter conntrack"); #ifdef HAVE_NEW_NFCT_API nfct_callback_register(cth, NFCT_T_UPDATE | NFCT_T_DESTROY, update_handler, NULL); res = nfct_catch(cth); #else nfct_register_callback(cth, update_handler, NULL); res = nfct_event_conntrack(cth); #endif nfct_close(cth); debug_log_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_VERBOSE_DEBUG, "Conntrack thread has exited"); return NULL; } #endif /* ifdef HAVE_LIBCONNTRACK */ nufw-2.4.3/src/nufw/packetsrv.c0000644000175000017500000005012011431206275013333 00000000000000/* ** Copyright (C) 2002-2008 INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "nufw.h" #include #ifdef HAVE_NFQ_INDEV_NAME # include "iface.h" #endif /** \file packetsrv.c * \brief Packet server thread * * packetsrv() is a thread which read packet from netfilter queue. If packet * content match to IPv4 TCP/UDP, add it to the packet list (::packets_list) * and ask NuAuth an authentication or control using auth_request_send(). * * When using NetFilter queue, treat_packet() is used as callback to parse * new packets. Function look_for_tcp_flags() is a tool to check TCP flags * in a IPv4 packet. */ /** * Parse an packet and check if it's TCP in IPv4 packet with TCP flag * ACK, FIN or RST set. * * \param dgram Pointer to data to parse * \param datalen Length of the data * \return If the TCP if the packet matchs, returns 1. Else, returns 0. */ int look_for_tcp_flags(unsigned char *dgram, unsigned int datalen) { struct iphdr *iphdrs = (struct iphdr *) dgram; /* check need some data */ if (datalen < sizeof(struct iphdr) + sizeof(struct tcphdr)) { log_area_printf(DEBUG_AREA_PACKET, DEBUG_LEVEL_VERBOSE_DEBUG, "Incorrect packet data length"); return 0; } /* check IP version */ if (iphdrs->version == 4) { if (iphdrs->protocol == IPPROTO_TCP) { struct tcphdr *tcphdrs = (struct tcphdr *) (dgram + 4 * iphdrs->ihl); if (tcphdrs->fin || tcphdrs->ack || tcphdrs->rst) { RETURN_NO_LOG 1; } } } return 0; } #ifdef USE_NFQUEUE /** * \brief Callback called by NetFilter when a packet with target QUEUE is matched. * * For TCP packet with flags different than SYN, just send it to NuAuth and * accept it. * * For other packet: First of all, fill a structure ::packet_idl (identifier, * timestamp, ...). Try to add the new packet to ::packets_list (fails if the * list is full). Ask an authentication to NuAuth using auth_request_send(), * If the packet can't be sended, remove it from the list. * * \return If an error occurs, returns 0, else returns 1. */ static int treat_packet(struct nfq_handle *qh, struct nfgenmsg *nfmsg, struct nfq_data *nfa, void *data) { packet_idl *current; struct queued_pckt q_pckt; struct nfqnl_msg_packet_hdr *ph; struct timeval timestamp; int ret; #ifdef HAVE_NFQ_INDEV_NAME struct nlif_handle *nlif_handle = (struct nlif_handle *) data; #endif debug_log_printf(DEBUG_AREA_PACKET, DEBUG_LEVEL_VERBOSE_DEBUG, "(*) New packet"); q_pckt.payload_len = nfq_get_payload(nfa, &(q_pckt.payload)); if (q_pckt.payload_len == -1) { log_area_printf(DEBUG_AREA_PACKET, DEBUG_LEVEL_INFO, "Unable to get payload"); return 0; } q_pckt.mark = nfq_get_nfmark(nfa); #ifdef HAVE_NFQ_INDEV_NAME if (!get_interface_information(nlif_handle, &q_pckt, nfa)) { log_area_printf(DEBUG_AREA_PACKET, DEBUG_LEVEL_INFO, "Can not get interfaces information for message"); return 0; } #else snprintf(q_pckt.indev, sizeof(q_pckt.indev), "*"); snprintf(q_pckt.physindev, sizeof(q_pckt.physindev), "*"); snprintf(q_pckt.outdev, sizeof(q_pckt.outdev), "*"); snprintf(q_pckt.physoutdev, sizeof(q_pckt.physoutdev), "*"); #endif ret = nfq_get_timestamp(nfa, ×tamp); if (ret == 0) { q_pckt.timestamp = timestamp.tv_sec; } else { q_pckt.timestamp = time(NULL); } if (look_for_tcp_flags ((unsigned char *) q_pckt.payload, q_pckt.payload_len)) { ph = nfq_get_msg_packet_hdr(nfa); if (ph) { q_pckt.packet_id = ntohl(ph->packet_id); auth_request_send(AUTH_CONTROL, &q_pckt); IPQ_SET_VERDICT(q_pckt.packet_id, NF_ACCEPT); RETURN_NO_LOG 1; } else { log_area_printf(DEBUG_AREA_PACKET, DEBUG_LEVEL_VERBOSE_DEBUG, "Can not get the packet headers"); return 0; } } current = calloc(1, sizeof(packet_idl)); current->nfmark = q_pckt.mark; current->timestamp = q_pckt.timestamp ; current->id = 0; if (current == NULL) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_MESSAGE, "Can not allocate packet_id"); return 0; } #ifdef PERF_DISPLAY_ENABLE gettimeofday(&(current->arrival_time), NULL); #endif /* Get unique identifier of packet in queue */ ph = nfq_get_msg_packet_hdr(nfa); if (ph) { current->id = ntohl(ph->packet_id); } else { free(current); log_area_printf(DEBUG_AREA_PACKET, DEBUG_LEVEL_INFO, "Can not get id for message"); return 0; } /* Try to add the packet to the list */ pthread_mutex_lock(&packets_list.mutex); ret = padd(current); q_pckt.packet_id = current->id; pthread_mutex_unlock(&packets_list.mutex); if (ret == 0) { /* send an auth request packet */ if (!auth_request_send(AUTH_REQUEST, &q_pckt)) { int sandf = 0; /* send failure dropping packet */ IPQ_SET_VERDICT(q_pckt.packet_id, NF_DROP); /* we fail to send the packet so we free packet related to current */ pthread_mutex_lock(&packets_list.mutex); /* search and destroy packet by packet_id */ sandf = psearch_and_destroy(q_pckt.packet_id, &(q_pckt.mark)); pthread_mutex_unlock(&packets_list.mutex); if (!sandf) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "Packet could not be removed: %u", q_pckt.packet_id); } } } return 1; } /** * Open a netlink connection and returns file descriptor */ int packetsrv_open(void *data) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_DEBUG, "Opening netfilter queue socket"); log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_DEBUG, "[!] Don't forget to load kernel modules nfnetlink and nfnetlink_queue (using modprobe command)"); /* opening library handle */ h = nfq_open(); if (!h) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL, "[!] Error during nfq_open()"); return -1; } /* unbinding existing nf_queue handler for AF_INET (if any) */ /* ignoring return, see http://www.spinics.net/lists/netfilter/msg42063.html */ nfq_unbind_pf(h, AF_INET); /* binding nfnetlink_queue as nf_queue handler for AF_INET */ if (nfq_bind_pf(h, AF_INET) < 0) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL, "[!] Error during nfq_bind_pf()"); return -1; } if (!nufw_no_ipv6) { /* unbinding existing nf_queue handler for AF_INET6 (if any) */ nfq_unbind_pf(h, AF_INET6); /* binding nfnetlink_queue as nf_queue handler for AF_INET6 */ if (nfq_bind_pf(h, AF_INET6) < 0) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL, "[!] Error during nfq_bind_pf()"); log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL, "Maybe you need to compile NF_NETLINK* kernel options as modules (not built in the kernel!)"); return -1; } } /* binding this socket to queue number ::nfqueue_num * and install our packet handler */ hndl = nfq_create_queue(h, nfqueue_num, (nfq_callback *) & treat_packet, data); if (!hndl) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL, "[!] Error during nfq_create_queue() (queue %d busy ?)", nfqueue_num); return -1; } /* setting copy_packet mode */ if (nfq_set_mode(hndl, NFQNL_COPY_PACKET, 0xffff) < 0) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL, "[!] Can't set packet_copy mode"); return -1; } #ifdef HAVE_NFQ_SET_QUEUE_MAXLEN /* setting queue length */ if (queue_maxlen) { if (nfq_set_queue_maxlen(hndl, queue_maxlen) < 0) { if (nufw_set_mark) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL, "[!] Can't set queue length, and mark will be set, leaving !"); exit(EXIT_FAILURE); } else { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL, "[!] Can't set queue length, continuing anyway"); } } } #endif return nfq_fd(h); } void packetsrv_close(int smart) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_SERIOUS_MESSAGE, "Destroy netfilter queue socket"); if (smart) nfq_destroy_queue(hndl); nfq_close(h); } #else /* USE_NFQUEUE */ /** * Process an IP message received from IPQ * \return Returns 1 if it's ok, 0 otherwise. */ void packetsrv_ipq_process(unsigned char *buffer) { ipq_packet_msg_t *msg_p = NULL; packet_idl *current; struct queued_pckt q_pckt; uint32_t pcktid; int ret; pckt_rx++; /* printf("Working on IP packet\n"); */ msg_p = ipq_get_packet(buffer); q_pckt.packet_id = msg_p->packet_id; q_pckt.payload = (char *) msg_p->payload; q_pckt.payload_len = msg_p->data_len; /* need to parse to see if it's an end connection packet */ if (look_for_tcp_flags(msg_p->payload, msg_p->data_len)) { auth_request_send(AUTH_CONTROL, &q_pckt); IPQ_SET_VERDICT(msg_p->packet_id, NF_ACCEPT); RETURN_NO_LOG; } /* Create packet */ current = calloc(1, sizeof(packet_idl)); if (current == NULL) { /* no more memory: drop packet and exit */ IPQ_SET_VERDICT(msg_p->packet_id, NF_DROP); log_area_printf(DEBUG_AREA_MAIN | DEBUG_AREA_PACKET, DEBUG_LEVEL_SERIOUS_WARNING, "[+] Can not allocate packet_id (drop packet)"); return; } current->id = msg_p->packet_id; current->timestamp = msg_p->timestamp_sec; #ifdef HAVE_LIBIPQ_MARK current->nfmark = msg_p->mark; #endif /* Adding packet to list */ pthread_mutex_lock(&packets_list.mutex); ret = padd(current); pcktid = current->id; pthread_mutex_unlock(&packets_list.mutex); if (ret != 0) { log_area_printf(DEBUG_AREA_MAIN | DEBUG_AREA_PACKET, DEBUG_LEVEL_VERBOSE_DEBUG, "Can not add packet to packet list (so already dropped): exit"); return; } /* send an auth request packet */ if (!auth_request_send(AUTH_REQUEST, &q_pckt)) { int sandf = 0; /* we fail to send the packet so we free packet related to current */ pthread_mutex_lock(&packets_list.mutex); /* search and destroy packet by packet_id */ sandf = psearch_and_destroy(msg_p->packet_id, (uint32_t *) & msg_p->mark); pthread_mutex_unlock(&packets_list.mutex); if (!sandf) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "Packet could not be removed: %lu", msg_p->packet_id); } } } #endif /* USE_NFQUEUE */ /** * \brief Packet server thread function. * * Connect to netfilter to ask a netlink. Read packet * on this link. Check if packet useful for NuFW. If yes, add it to packet * list and/or send it to NuAuth. * * When using NetFilter queue, it uses treat_packet() as callback. * In ipq mode it uses an internal packet parser and process mechanism. * * \return NULL */ void *packetsrv(void *void_arg) { struct nufw_threadargument *thread_arg = void_arg; struct nufw_threadtype *this = thread_arg->thread; int fatal_error = 0; #ifdef USE_NFQUEUE unsigned char buffer[BUFSIZ]; struct timeval tv; int fd; #ifdef HAVE_NFQ_INDEV_NAME struct nlif_handle *nlif_handle; int if_fd; #endif int rv; int select_result; int max_fd; fd_set wk_set; #ifdef HAVE_NFQ_INDEV_NAME nlif_handle = iface_table_open(); if (!nlif_handle) exit(EXIT_FAILURE); if_fd = nlif_fd(nlif_handle); if (if_fd < 0) { exit(EXIT_FAILURE); } fd = packetsrv_open((void *) nlif_handle); #else fd = packetsrv_open(NULL); #endif if (fd < 0) { exit(EXIT_FAILURE); } log_area_printf(DEBUG_AREA_MAIN | DEBUG_AREA_PACKET, DEBUG_LEVEL_DEBUG, "[+] Packet server started"); /* loop until main process ask to stop */ while (pthread_mutex_trylock(&this->mutex) == 0) { pthread_mutex_unlock(&this->mutex); /* Set timeout: one second */ tv.tv_sec = 1; tv.tv_usec = 0; /* wait new event on socket */ FD_ZERO(&wk_set); FD_SET(fd, &wk_set); #ifdef HAVE_NFQ_INDEV_NAME FD_SET(if_fd, &wk_set); if (fd >= if_fd) { max_fd = fd + 1; } else { max_fd = if_fd + 1; } #else max_fd = fd + 1; #endif select_result = select(max_fd, &wk_set, NULL, NULL, &tv); if (select_result == -1) { int err = errno; if (err == EINTR) { continue; } if (err == EBADF) { struct stat s; #ifdef HAVE_NFQ_INDEV_NAME if ((fstat(if_fd, &s)<0)) { iface_table_close(nlif_handle); nlif_handle = iface_table_open(); if (!nlif_handle) exit(EXIT_FAILURE); if_fd = nlif_fd(nlif_handle); if (if_fd < 0) { exit(EXIT_FAILURE); } } #endif if ((fstat(fd, &s)<0)) { packetsrv_close(0); #ifdef HAVE_NFQ_INDEV_NAME fd = packetsrv_open(nlif_handle); #else fd = packetsrv_open(NULL); #endif } continue; } log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL, "[!] FATAL ERROR: Error of select() in netfilter queue thread (code %i)!", err); fatal_error = 1; break; } /* catch timeout */ if (select_result == 0) { /* timeout! */ continue; } #ifdef HAVE_NFQ_INDEV_NAME if (FD_ISSET(if_fd, &wk_set)) { iface_treat_message(nlif_handle); continue; } #endif /* read one packet */ rv = recv(fd, buffer, sizeof(buffer), 0); if (rv < 0) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "[!] Error of read on netfilter queue socket (code %i)!", rv); log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_SERIOUS_MESSAGE, "Reopen netlink connection."); packetsrv_close(0); #ifdef HAVE_NFQ_INDEV_NAME fd = packetsrv_open(nlif_handle); #else fd = packetsrv_open(NULL); #endif if (fd < 0) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL, "[!] FATAL ERROR: Fail to reopen netlink connection!"); fatal_error = 1; break; } continue; } /* process the packet */ nfq_handle_packet(h, (char *) buffer, rv); pckt_rx++; } #ifdef HAVE_NFQ_INDEV_NAME iface_table_close(nlif_handle); #endif packetsrv_close(!fatal_error); #else /* USE_NFQUEUE */ unsigned char buffer[BUFSIZ]; int size; log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_MESSAGE, "Try to connect to netlink (IPQ)"); log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_SERIOUS_WARNING, "Don't forget to load Linux kernel module ip_queue (using modprobe command)"); /* init netlink connection */ hndl = ipq_create_handle(0, PF_INET); if (!hndl) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL, "[!] FATAL ERROR: Could not create ipq handle!"); kill(thread_arg->parent_pid, SIGTERM); pthread_exit(NULL); } ipq_set_mode(hndl, IPQ_COPY_PACKET, BUFSIZ); log_area_printf(DEBUG_AREA_MAIN | DEBUG_AREA_PACKET, DEBUG_LEVEL_FATAL, "[+] Packet server started"); /* loop until main process ask this thread to stop using its mutex */ while (pthread_mutex_trylock(&this->mutex) != EBUSY) { pthread_mutex_unlock(&this->mutex); /* wait netfilter event with a timeout of one second */ size = ipq_read(hndl, buffer, sizeof(buffer), 1000000); /* is timeout recheaded */ if (size == 0) { continue; } /* Check buffer size */ if (size == -1) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_DEBUG, "BUFSIZ too small (size == %d)", size); continue; } if (BUFSIZ <= size) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_DEBUG, "BUFSIZ too small (size == %d)", size); continue; } /* skip message different than packets */ if (ipq_message_type(buffer) != IPQM_PACKET) { /* if it's an error, display it and stop NuFW !!! */ if (ipq_message_type(buffer) == NLMSG_ERROR) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL, "[!] FATAL ERROR: libipq error (code %d)!", ipq_get_msgerr(buffer)); fatal_error = 1; break; } continue; } /* process packet */ packetsrv_ipq_process(buffer); } ipq_destroy_handle(hndl); #endif log_area_printf(DEBUG_AREA_MAIN | DEBUG_AREA_PACKET, DEBUG_LEVEL_WARNING, "[+] Leave packet server thread"); if (fatal_error) { kill(thread_arg->parent_pid, SIGTERM); } pthread_exit(NULL); } /** * Halt TLS threads and close socket */ void shutdown_tls() { if (!tls.auth_server_running) return; log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_CRITICAL, "tls send failure when sending request"); pthread_cancel(tls.auth_server); close_tls_session(); /* put auth_server_running to 0 because this is this thread which has * just killed auth_server */ tls.auth_server_running = 0; } /** * Send an authentication request to NuAuth. May restart TLS session * and/or open TLS connection (if closed). * * Create the thread authsrv() when opening a new session. * * Packet maximum size is 512 bytes, * and it's structure is ::nufw_to_nuauth_auth_message_t. * * \param type Type of request (::AUTH_REQUEST, ::AUTH_CONTROL, ...) * \param pckt_data A pointer to a queued_pckt:: holding packet information * \return If an error occurs returns 0, else return 1. */ int auth_request_send(uint8_t type, struct queued_pckt *pckt_data) { unsigned char data[512]; nuv4_nufw_to_nuauth_auth_message_t *msg_header = (nuv4_nufw_to_nuauth_auth_message_t *) & data; unsigned char *msg_content = data + sizeof(nuv4_nufw_to_nuauth_auth_message_t); int msg_length; /* Drop non-IPv(4|6) packet */ if ((((struct iphdr *) (pckt_data->payload))->version != 4) && (((struct iphdr *) (pckt_data->payload))->version != 6)) { log_area_printf(DEBUG_AREA_PACKET, DEBUG_LEVEL_DEBUG, "Dropping non-IPv4/non-IPv6 packet (version %u)", ((struct iphdr *) (pckt_data->payload))-> version); return 0; } /* Truncate packet content if needed */ if (sizeof(data) < sizeof(nuv4_nufw_to_nuauth_auth_message_t) + pckt_data->payload_len) { debug_log_printf(DEBUG_AREA_PACKET, DEBUG_LEVEL_DEBUG, "Very long packet: truncating!"); pckt_data->payload_len = sizeof(data) - sizeof(nuv4_nufw_to_nuauth_auth_message_t); } msg_length = sizeof(nuv4_nufw_to_nuauth_auth_message_t) + pckt_data->payload_len; /* Fill message header */ msg_header->protocol_version = PROTO_NUFW_VERSION; msg_header->msg_type = type; msg_header->msg_length = htons(msg_length); msg_header->packet_id = htonl(pckt_data->packet_id); msg_header->timestamp = htonl(pckt_data->timestamp); /* Add info about interfaces */ msg_header->mark = pckt_data->mark; memcpy(msg_header->indev, pckt_data->indev, IFNAMSIZ * sizeof(char)); memcpy(msg_header->outdev, pckt_data->outdev, IFNAMSIZ * sizeof(char)); memcpy(msg_header->physindev, pckt_data->physindev, IFNAMSIZ * sizeof(char)); memcpy(msg_header->physoutdev, pckt_data->physoutdev, IFNAMSIZ * sizeof(char)); /* Copy (maybe truncated) packet content */ memcpy(msg_content, pckt_data->payload, pckt_data->payload_len); /* Display message */ log_area_printf(DEBUG_AREA_PACKET, DEBUG_LEVEL_DEBUG, "Sending request for %lu", (long)pckt_data->packet_id); /* cleaning up current session : auth_server has detected a problem */ pthread_mutex_lock(&tls.mutex); if ((tls.auth_server_running == 0) && tls.session != NULL) { close_tls_session(); } pthread_mutex_unlock(&tls.mutex); /* negotiate TLS connection if needed */ if (!tls.session) { log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_INFO, "Not connected, trying TLS connection"); tls_connect(); if (tls.session) { char buf[256]; buf[0] = '\0'; nussl_session_get_cipher(tls.session, buf, sizeof(buf)); log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_WARNING, "[+] TLS connection to nuauth restored (%s:%d), cipher is %s", authreq_addr, authreq_port, (buf[0] != '\0') ? buf : "none" ); } else { log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_WARNING, "[!] TLS connection to nuauth can NOT be restored (%s:%d)", authreq_addr, authreq_port); return 0; } } /* send packet */ pthread_mutex_lock(&tls.mutex); if (nussl_write(tls.session, (char*)data, msg_length) < 0) { debug_log_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_DEBUG, "Error during nussl_write (auth_request_send)."); shutdown_tls(); pthread_mutex_unlock(&tls.mutex); log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_WARNING, "[!] TLS send failure"); return 0; } pthread_mutex_unlock(&tls.mutex); return 1; } nufw-2.4.3/src/nufw/main.c0000644000175000017500000005030011431206275012255 00000000000000/* ** Copyright (C) 2002-2009 INL ** Written by Eric Leblond ** Vincent Deffontaines ** Pierre Chifflier ** INL http://www.inl.fr/ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /** * \defgroup Nufw Nufw * \file main.c * \brief Function main() * * See function main(). */ #include "nufw.h" #ifdef HAVE_GETOPT_H # include #endif #include #include #include #include #include #include #include #include #include /* O_RDWR */ #include #include "nufwconf.h" char *key_file = NULL; char *cert_file = NULL; /* packet server thread */ struct nufw_threadtype thread; /* packet server thread */ struct nufw_signals signals; /*! Name of pid file prefixed by LOCAL_STATE_DIR (variable defined * during compilation/installation) */ #define NUFW_PID_FILE LOCAL_STATE_DIR "/run/nufw.pid" char * nufw_config_file = DEFAULT_NUFW_CONF_FILE; /** * Stop threads and then wait until threads exit. */ void nufw_stop_thread() { /* ask threads to stop */ pthread_mutex_lock(&tls.auth_server_mutex); pthread_mutex_lock(&thread.mutex); /* wait for thread end */ log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_MESSAGE, "Wait threads end"); if (tls.auth_server_running) { pthread_join(tls.auth_server, NULL); } pthread_mutex_unlock(&tls.auth_server_mutex); pthread_join(thread.thread, NULL); pthread_mutex_unlock(&thread.mutex); } /** * Clean mutex, memory, etc. before exiting NuFW */ void nufw_prepare_quit() { /* clear packet list: use trylock() instead of lock() because the * mutex may already be locked */ clear_packet_list(); pthread_mutex_destroy(&packets_list.mutex); /* close tls session */ close_tls_session(); pthread_mutex_destroy(&tls.mutex); /* destroy conntrack handle */ #ifdef HAVE_LIBCONNTRACK nfct_close(cth); #endif /* free memory */ free(key_file); free(cert_file); free(ca_file); free(crl_file); freeaddrinfo(adr_srv); /* destroy pid file */ unlink(NUFW_PID_FILE); } /** * "Hard" cleanup before leaving: called when SIGINT/SIGTERM is called twice. * Don't wait for thread end. */ void nufw_hard_cleanup(int signal) { /* reinstall old handlers */ (void) sigaction(SIGTERM, &signals.old_sigterm_hdl, NULL); (void) sigaction(SIGINT, &signals.old_sigint_hdl, NULL); log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_FATAL, "[+] NuFW \"hard\" cleanup (catch double signal)"); nufw_prepare_quit(); log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_FATAL, "[+] Exit NuFW"); exit(EXIT_SUCCESS); } /** * Cleanup before leaving: * - Destroy netfilter queue/handler * - Close conntrack * - Unlink pid file * - Call exit(EXIT_SUCCESS) */ void nufw_cleanup(int signal) { struct sigaction action; /* install "hard cleanup" for SIGTERM */ memset(&action, 0, sizeof(action)); action.sa_handler = nufw_hard_cleanup; sigemptyset(&(action.sa_mask)); action.sa_flags = 0; sigaction(SIGTERM, &action, NULL); /* install "hard cleanup" for SIGINT */ memset(&action, 0, sizeof(action)); action.sa_handler = nufw_hard_cleanup; sigemptyset(&(action.sa_mask)); action.sa_flags = 0; sigaction(SIGINT, &action, NULL); log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_FATAL, "[+] Stop NuFW (catch signal)"); nufw_stop_thread(); nufw_prepare_quit(); log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_FATAL, "[+] Exit NuFW"); exit(EXIT_SUCCESS); } /** * Create packet server thread: init mutex and create thread * with packetsrv() function. Send pointer to ::thread to * the function. */ void create_thread() { /* should be static because thread may read data after this function exits */ static struct nufw_threadargument arg; arg.thread = &thread; arg.parent_pid = getpid(); /* set attribute to "joinable thread" */ pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE); /* create mutex */ pthread_mutex_init(&thread.mutex, NULL); /* try to create the thread */ if (pthread_create(&thread.thread, &attr, packetsrv, &arg) != 0) { pthread_mutex_destroy(&thread.mutex); log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_FATAL, "Fail to create thread!"); exit(EXIT_FAILURE); } #ifdef HAVE_LIBCONNTRACK if (handle_conntrack_event) { if (pthread_create (&(tls.conntrack_event_handler), NULL, conntrack_event_handler, NULL) == EAGAIN) { exit(EXIT_FAILURE); } } #endif } /** * Install signals: * - Set SIGTERM handler to nufw_cleanup() * - Set SIGINT handler to nufw_cleanup() * - Ignore SIGPIPE * - Set SIGUSR1 handler to process_usr1() * - Set SIGUSR2 handler to process_usr2() * - Set SIGPOLL handler to process_poll() */ void install_signals() { struct sigaction action; /* intercept SIGTERM */ memset(&action, 0, sizeof(action)); action.sa_handler = nufw_cleanup; sigemptyset(&(action.sa_mask)); action.sa_flags = 0; if (sigaction(SIGTERM, &action, &signals.old_sigterm_hdl) != 0) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_FATAL, "Fail to install SIGTERM handler: %d \n", errno); exit(EXIT_FAILURE); } /* intercept SIGINT */ memset(&action, 0, sizeof(action)); action.sa_handler = nufw_cleanup; sigemptyset(&(action.sa_mask)); action.sa_flags = 0; if (sigaction(SIGINT, &action, &signals.old_sigint_hdl) != 0) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_FATAL, "Fail to install SIGINT handler: %d \n", errno); exit(EXIT_FAILURE); } /* ignore "broken pipe" signal */ signal(SIGPIPE, SIG_IGN); /* intercept SIGUSR1 */ memset(&action, 0, sizeof(action)); action.sa_handler = &process_usr1; action.sa_flags = SIGUSR1; if (sigaction(SIGUSR1, &action, NULL) == -1) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "Warning: Could not set signal USR1"); } /* intercept SIGUSR2 */ memset(&action, 0, sizeof(action)); action.sa_handler = &process_usr2; action.sa_flags = SIGUSR2; if (sigaction(SIGUSR2, &action, NULL) == -1) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "Warning: Could not set signal USR2"); } /* intercept SIGPOLL */ memset(&action, 0, sizeof(action)); action.sa_handler = &process_poll; action.sa_flags = SIGPOLL; if (sigaction(SIGPOLL, &action, NULL) == -1) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "Warning: Could not set signal POLL"); } /* intercept SIGHUP */ memset(&action, 0, sizeof(action)); action.sa_handler = &process_hup; action.sa_flags = SIGHUP; if (sigaction(SIGHUP, &action, NULL) == -1) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "Warning: Could not set signal HUP"); } } /** * Daemonize current process. */ void nufw_daemonize() { FILE *pf; pid_t pidf; if (access(NUFW_PID_FILE, R_OK) == 0) { /* Check if the existing process is still alive. */ pid_t pidv; pf = fopen(NUFW_PID_FILE, "r"); if (pf != NULL && fscanf(pf, "%d", &pidv) == 1 && kill(pidv, 0) == 0) { fclose(pf); printf ("pid file exists. Is nufw already running? Aborting!\n"); exit(EXIT_FAILURE); } if (pf != NULL) fclose(pf); } pidf = fork(); if (pidf < 0) { log_printf(DEBUG_LEVEL_FATAL, "Unable to fork. Aborting!"); exit(-1); } else { /* parent */ if (pidf > 0) { if ((pf = fopen(NUFW_PID_FILE, "w")) != NULL) { fprintf(pf, "%d\n", (int) pidf); fclose(pf); } else { printf("Dying, can not create PID file : " NUFW_PID_FILE "\n"); exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } } chdir("/"); setsid(); /* set log engine */ log_engine = LOG_TO_SYSLOG; /* warning: do not close fd (0 1 2), or this will create problems when trying * to create child process with a pipe (dup2 fails with error EBADF) */ { int fd = open("/dev/null",O_RDWR); dup2(fd, STDIN_FILENO); dup2(fd, STDOUT_FILENO); dup2(fd, STDERR_FILENO); close(fd); } } /** * Parse configuration values and set variables */ int nufw_use_config() { char * value; value = nufw_config_table_get("nufw_tls_cacert"); if (value != NULL && ca_file == NULL) { ca_file = strdup(value); } value = nufw_config_table_get_or_default("nufw_tls_cert",DEFAULT_NUFW_CERT); if (value != NULL && cert_file == NULL) { cert_file = strdup(value); } value = nufw_config_table_get_or_default("nufw_tls_key",DEFAULT_NUFW_KEY); if (value != NULL && key_file == NULL) { key_file = strdup(value); } value = nufw_config_table_get("nufw_tls_crl"); if (value != NULL && crl_file == NULL) { crl_file = strdup(value); } value = nufw_config_table_get_or_default("nufw_destination", AUTHREQ_ADDR); if (value != NULL && strlen(authreq_addr) == 0) { SECURE_STRNCPY(authreq_addr, value, sizeof authreq_addr); printf("Sending Auth request to %s\n", authreq_addr); } return 0; } /** * Initialization checks * - check key and cert files */ int init_checks() { #if USE_X509 if (!init_x509_filenames()) { printf("ERROR: Unable to allocate memory for " "key or cert filename!\n"); return 0; } if (access(key_file, R_OK)) { printf("ERROR: Unable to read key file: %s\n", key_file); return 0; } if (access(cert_file, R_OK)) { printf("ERROR: Unable to read key file: %s\n", cert_file); return 0; } #endif return 1; } static struct option long_options[] = { {"help", 0, NULL, 'h'}, {"version", 0, NULL, 'V'}, {"daemon", 0, NULL, 'D'}, {"no-strict", 0, NULL, 's'}, {"strict", 0, NULL, 'S'}, {"no-fqdn", 0, NULL, 'N'}, {"key", 1, NULL, 'k'}, {"cert", 1, NULL, 'c'}, {"ca", 1, NULL, 'a'}, {"crl", 1, NULL, 'r'}, {"check-dn", 1, NULL, 'n'}, {"verbose", 0, NULL, 'v'}, {"debug-area", 1, NULL, 'A'}, {"ipv4", 0, NULL, '4'}, {"mark", 0, NULL, 'm'}, {"conntrack", 0, NULL, 'C'}, {"marked-only", 0, NULL, 'M'}, {"destination", 1, NULL, 'd'}, {"port", 1, NULL, 'p'}, {"queue", 1, NULL, 'q'}, {"queue-len", 1, NULL, 'L'}, {"timeout", 1, NULL, 't'}, {"track-size", 1, NULL, 'T'}, {0, 0, 0, 0} }; void display_usage(void) { fprintf(stdout, "%s [-hVc" #ifdef HAVE_LIBCONNTRACK "CM" #endif "v[v[v[v[v[v[v[v[v[v]]]]]]]]]] [-d remote_addr] [-p remote_port] [-t packet_timeout] [-T track_size]" #ifdef USE_NFQUEUE " [-q queue_num]" #ifdef HAVE_NFQ_SET_QUEUE_MAXLEN " [-L queue_maxlen]" #endif #endif "\n\ \t-h (--help ): display this help and exit\n\ \t-V (--version ): display version and exit\n\ \t-D (--daemon ): daemonize\n\ \t-f (--config ): use specific config file\n\ \t-s (--no-strict ): do not enforce strict checking of TLS certificates\n\ \t-S (--strict ): this option does nothing, it is here for backward compatibility\n\ \t-N (--no-fqdn ): do not check nuauth fqdn (-d params) against provided certificate\n\ \t-k (--key ): certificate key file\n\ \t-c (--cert ): certificate file\n\ \t-a (--ca ): certificate authority file (strict checking is done if selected) (default: none)\n\ \t-r (--crl ): use specified file as crl file (default: none)\n\ \t-n (--check-dn ): use specified string as the needed DN of nuauth (enforce certificate checking) (default is to)\n\ \t\tcheck the DN against nuauth FQDN specified using the -d option)\n\ \t-v (--verbose ): increase debug level (+1 for each 'v') (max useful number: 10)\n\ \t-A (--debug-area ): debug areas (see man page for details)\n\ \t-4 (--ipv4 ): use this flag if your system does not have IPv6 support for nfnetlink\n\ \t-m (--mark ): mark packet with nuauth provided mark\n" #ifdef HAVE_LIBCONNTRACK "\t-C (--conntrack ): listen to conntrack events (needed for connection expiration)\n\ \t-M (--marked-only): only report event on marked connections to nuauth (implies -C and -m)\n" #endif "\t-d (--destination): remote address we send auth requests to (address of the nuauth server) (default: 127.0.0.1)\n\ \t-p (--port ): remote port we send auth requests to (TCP port nuauth server listens on) (default: 4128)\n" #if USE_NFQUEUE "\t-q (--queue ): use nfqueue number (default: 0)\n" #ifdef HAVE_NFQ_SET_QUEUE_MAXLEN "\t-L (--queue-len ): set queue max len (default: 1024)\n" #endif #endif "\t-t (--timeout ): timeout to forget about packets when they don't match (default: 15 s)\n\ \t-T (--track-size ): track size (default : 1000)\n", PACKAGE_TARNAME); } /** * Main function of NuFW: * - Initialize variables * - Parse command line options * - Dameonize it if nequired * - Initialize log engine (see init_log_engine()). * - Initialiaze mutex * - Create TLS tunnel * - Install signal handlers: * - Ignore SIGPIPE * - SIGTERM quit the program (see nufw_cleanup()) * - SIGUSR1 increase debug verbosity (see process_usr1()) * - SIGUSR2 decrease debug verbosity (see process_usr2()) * - SIGPOLL display statistics (see process_poll()) * - Open conntrack * - Create packet server thread: packetsrv() * - Run main loop * * When NuFW is running, main loop and two threads (packetsrv() and * authsrv()) and are running. * * The most interresting things are done in the packet server (thread * packetsrv()). The main loop just clean up old packets and display * statistics. */ int main(int argc, char *argv[]) { /* option */ #if USE_NFQUEUE char *options_list = "4sSNDf:hVvmq:" #ifdef HAVE_NFQ_SET_QUEUE_MAXLEN "L:" #endif "c:k:a:n:r:d:p:t:T:A:" #ifdef HAVE_LIBCONNTRACK "CM" #endif ; #else char *options_list = "4sSNDf:hVvmc:k:a:n:r:d:p:t:T:A:"; #endif int option, daemonize = 0; char *version = PACKAGE_VERSION; nufw_no_ipv6 = 0; /* initialize variables */ log_engine = LOG_TO_STD; /* default is to send debug messages to stdout + stderr */ authreq_port = AUTHREQ_PORT; packet_timeout = PACKET_TIMEOUT; track_size = TRACK_SIZE; cert_file = NULL; key_file = NULL; ca_file = NULL; crl_file = NULL; nuauth_cert_dn = NULL; authreq_addr[0] = '\0'; debug_level = DEFAULT_DEBUG_LEVEL; debug_areas = DEFAULT_DEBUG_AREAS; #if USE_NFQUEUE nfqueue_num = DEFAULT_NFQUEUE; #ifdef HAVE_LIBCONNTRACK handle_conntrack_event = CONNTRACK_HANDLE_DEFAULT; nufw_conntrack_uses_mark = 0; #endif #ifdef HAVE_NFQ_SET_QUEUE_MAXLEN queue_maxlen = QUEUE_MAXLEN; #endif #endif nufw_set_mark = 0; nufw_strict_tls = 1; nufw_fqdn_check = 1; log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_VERBOSE_DEBUG, "[+] Start NuFW"); /*parse options */ while ((option = getopt_long(argc, argv, options_list, long_options, NULL)) != -1) { switch (option) { case 'f': nufw_config_file = strdup(optarg); if (nufw_config_file == NULL) { fprintf(stderr, "Couldn't malloc! Exiting"); exit(EXIT_FAILURE); } break; case 'k': key_file = strdup(optarg); if (key_file == NULL) { fprintf(stderr, "Couldn't malloc! Exiting"); exit(EXIT_FAILURE); } break; case 'c': cert_file = strdup(optarg); if (cert_file == NULL) { fprintf(stderr, "Couldn't malloc! Exiting"); exit(EXIT_FAILURE); } break; case 'a': ca_file = strdup(optarg); if (ca_file == NULL) { fprintf(stderr, "Couldn't malloc! Exiting"); exit(EXIT_FAILURE); } break; case 'r': crl_file = strdup(optarg); if (crl_file == NULL) { fprintf(stderr, "Couldn't malloc! Exiting"); exit(EXIT_FAILURE); } break; case 'n': nuauth_cert_dn = strdup(optarg); if (nuauth_cert_dn == NULL) { fprintf(stderr, "Couldn't malloc! Exiting"); exit(EXIT_FAILURE); } break; case 'V': fprintf(stdout, "%s (version %s)\n", PACKAGE_NAME, version); return 1; case 'D': daemonize = 1; break; case 'v': /*fprintf (stdout, "Debug should be On\n"); */ debug_level += 1; break; case 'p': authreq_port = atoi(optarg); break; /* destination IP */ case 'd': SECURE_STRNCPY(authreq_addr, optarg, sizeof authreq_addr); printf("Sending Auth request to %s\n", authreq_addr); break; /* packet timeout */ case 't': sscanf(optarg, "%d", &packet_timeout); break; /* max size of packet list */ case 'T': sscanf(optarg, "%d", &track_size); break; case 'A': sscanf(optarg, "%d", &debug_areas); break; case 'm': nufw_set_mark = 1; break; case 's': nufw_strict_tls = 0; nufw_fqdn_check = 0; break; case 'S': break; case 'N': nufw_fqdn_check = 0; break; case '4': nufw_no_ipv6 = 1; break; #if USE_NFQUEUE case 'q': sscanf(optarg, "%hu", &nfqueue_num); break; case 'C': #if HAVE_LIBCONNTRACK handle_conntrack_event = 1; break; case 'M': nufw_conntrack_uses_mark = 1; /* this implies -C */ handle_conntrack_event = 1; /* and -m */ nufw_set_mark = 1; break; #endif /* HAVE_LIBCONNTRACK */ #ifdef HAVE_NFQ_SET_QUEUE_MAXLEN case 'L': sscanf(optarg, "%u", &queue_maxlen); break; #endif #endif /* USE_NFQUEUE */ case 'h': display_usage(); exit(EXIT_SUCCESS); } } if (nufw_parse_configuration(nufw_config_file) != 0) { printf("Error while parsing configuration file\n"); exit(EXIT_FAILURE); } if (nufw_use_config() != 0) { printf("Error while setting configuration values from file\n"); exit(EXIT_FAILURE); } if (getuid()) { printf("nufw must be run as root! Sorry\n"); exit(EXIT_FAILURE); } if (!init_checks()) { exit(EXIT_FAILURE); } /* Nice nufw to increase performance of nfnetlink layer */ nice(-1); /* Daemon code */ if (daemonize == 1) { nufw_daemonize(); } install_signals(); init_log_engine("nufw"); /* open ICMP (IPv4) socket */ raw_sock4 = socket(PF_INET, SOCK_RAW, 1); /* 1: ICMP protocol */ if (raw_sock4 == -1) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL, "Fail to create socket for ICMP!"); exit(EXIT_FAILURE); } if (!nufw_no_ipv6) { /* open ICMPv6 socket */ raw_sock6 = socket(PF_INET6, SOCK_RAW, 58); /* 58: ICMPv6 protocol */ if (raw_sock6 == -1) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL, "Fail to create socket for ICMPv6!"); } } /* create packet list */ packets_list.start = NULL; packets_list.end = NULL; packets_list.length = 0; pthread_mutex_init(&packets_list.mutex, NULL); /* init. tls */ tls.session = NULL; tls.auth_server_running = 0; pthread_mutex_init(&tls.mutex, NULL); /* start GNU TLS library */ if (nussl_init() != NUSSL_OK) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_FATAL, "Unable to initialize NuSSL library."); } #ifdef HAVE_LIBCONNTRACK cth = nfct_open(CONNTRACK, 0); #endif log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_INFO, "[+] NuFW server starting"); /* do initial connect */ tls_connect(); if (tls.session) { char buf[256]; buf[0] = '\0'; nussl_session_get_cipher(tls.session, buf, sizeof(buf)); log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_WARNING, "[+] TLS connection to nuauth established (%s:%d), cipher is %s", authreq_addr, authreq_port, (buf[0] != '\0') ? buf : "none" ); } else { log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_CRITICAL, "[!] TLS connection to nuauth can NOT be established (%s:%d)", authreq_addr, authreq_port); } /* create packet server thread */ create_thread(); log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_FATAL, "[+] NuFW " VERSION " started"); if (daemonize == 0) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL, "NuFW launched in foreground (without -D option), " "logging to stdout and stderr only (no syslog)."); } /* control stuff */ pckt_tx = pckt_rx = 0; while (1 == 1) { int stat = pckt_tx; const int seconds = 5; sleep(seconds); stat = pckt_tx - stat; /* clean old packets */ pthread_mutex_lock(&packets_list.mutex); clean_old_packets(); pthread_mutex_unlock(&packets_list.mutex); #ifdef DEBUG_ENABLE /* display stats */ process_poll(0); printf("Average: %u\n", stat / seconds); #endif } nufw_stop_thread(); nufw_prepare_quit(); return EXIT_SUCCESS; } nufw-2.4.3/src/Makefile.am0000644000175000017500000000021611431206275012243 00000000000000EXTRA_DIST = doxygen.cfg doxygen.sh if BUILD_NUAUTH SUBDIRS = include libs nuauth nufw clients else SUBDIRS = include libs nufw clients endif nufw-2.4.3/src/nuauth/0000777000175000017500000000000011431215440011572 500000000000000nufw-2.4.3/src/nuauth/splint.sh0000755000175000017500000000172011431206275013364 00000000000000#!/bin/sh # Option details: # # -unrecog: SPlint doesn't read /usr/include/asm-generic/errno.h # (haypo doesn't understand why) # # -nullassign: that's because gcry_threads_gthread initialize some functions # to NULL (gcrypt_init.h) # # -nullret -nullstate -nullstate: Because I'm (haypo) too lazy to check # all warnings :-P # # -predboolint: "if (x)" is clear enough (I (haypo) think) # # +boolint -mustfreefresh -mustfreeonly -exportlocal -paramuse -branchstate -compdef # SPlint is toooo much verbose without them splint \ -I /usr/lib/gcc-lib/i486-linux-gnu/3.3.6/include/ \ -I /usr/include/glib-2.0/ -I /usr/include/glib-2.0/glib \ -I /usr/lib/glib-2.0/include/ \ -I ../include/ -I ./ -I ./include/ \ -warnposix \ -unrecog \ -nullassign \ -nullret -nullstate -nullpass \ -predboolint \ +boolint -mustfreefresh -mustfreeonly -exportlocal -paramuse -branchstate -compdef \ $* nufw-2.4.3/src/nuauth/period.c0000644000175000017500000001621711431206275013151 00000000000000/* ** Copyright(C) 2005-2007 INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "auth_srv.h" /** * \addtogroup NuauthConntrack * @{ */ /** * \file period.c * \brief Provide a set of functions for period and time calculation */ static GStaticMutex period_mutex = G_STATIC_MUTEX_INIT; static inline unsigned int get_start_of_day_from_time_t(time_t pckt_time, int offset) { return pckt_time - pckt_time % 86400 - offset; } /** * Compute end of period for a given time (second since epoch) * * \return return value of end period * - 0 if time not in period * - -1 if there's no end */ static time_t get_end_of_period_item_for_time(struct period_item *perioditem, time_t pckt_time) { time_t endtime = -1; if (perioditem->duration > 0) { endtime = pckt_time + perioditem->duration; return endtime; } if ((perioditem->start_date != -1) || (perioditem->end_date != -1)) { if (perioditem->start_date != -1) { if (perioditem->start_date > pckt_time) { return 0; } } if (perioditem->end_date != -1) { if (perioditem->end_date >= pckt_time) { return perioditem->end_date; } else { return 0; } } } else { struct tm tmtime; localtime_r(&pckt_time, &tmtime); /* compare day if this is not a time only period */ if (perioditem->start_day != -1) { if (perioditem->start_day <= perioditem->end_day) { /* week day has to be between start and end day */ if ((tmtime.tm_wday >= perioditem->start_day) && (tmtime.tm_wday <= perioditem->end_day)) { /* time is valid, we compute end time as start time of current day plus offset of the number of day to end_day */ endtime = get_start_of_day_from_time_t(pckt_time, tmtime.tm_gmtoff) + 86400 * (perioditem->end_day - tmtime.tm_wday + 1); } else { return 0; } } else { if ((tmtime.tm_wday >= perioditem->start_day) || (tmtime.tm_wday <= perioditem->end_day)) { if (tmtime.tm_wday >= perioditem->start_day) { /* compute time remaingin to end_time (number of days to end of week and adding time a start of week. Formula is (noting the fact that 0 is sunday, and 6 saturday): [time to end of week] 6 [last day of week] - tw_wday + 1 [interval computation] [time at start of week] + end_day + 1 [interval computation] */ endtime = get_start_of_day_from_time_t(pckt_time, tmtime.tm_gmtoff) + 86400 * (8 - tmtime.tm_wday + perioditem->end_day); } else if (tmtime.tm_wday <= perioditem->end_day) { /* time is valid, we compute end time as start time of current day plus offset of the number of day to end_day */ endtime = get_start_of_day_from_time_t(pckt_time, tmtime.tm_gmtoff) + 86400 * (perioditem->end_day - tmtime.tm_wday + 1); } } else { return 0; } } } /* compare time */ if (perioditem->start_hour != -1) { if ((tmtime.tm_hour >= perioditem->start_hour) && ((tmtime.tm_hour < perioditem->end_hour) || (perioditem->end_hour == -1))) { if (perioditem->end_hour == -1) { return endtime; } else { return get_start_of_day_from_time_t(pckt_time, tmtime.tm_gmtoff) + 3600 * perioditem->end_hour; } } else { /* out of bound */ return 0; } } } return endtime; } /** * return : * - 0 if time_t is not in period * - -1 if no limit */ time_t get_end_of_period_for_time_t(const gchar * period, time_t pckt_time) { struct period *pperiod = NULL; time_t result = -1; g_static_mutex_lock(&period_mutex); /* get period in hash */ pperiod = g_hash_table_lookup(nuauthconf->periods, period); if (pperiod == NULL) { log_message(WARNING, DEBUG_AREA_MAIN, "period can not be found, typo ?"); g_static_mutex_unlock(&period_mutex); return 0; } else { GSList *pointer; time_t provend; /* iter on period_item */ for (pointer = pperiod->items; pointer; pointer = pointer->next) { provend = get_end_of_period_item_for_time((struct period_item *) (pointer-> data), pckt_time); /* we've got three cases : * - provend is 0, out of period, we drop * - provend is -1 (illimited) we do nothing as it is default * value of result * - provend is >0 we update result */ switch (provend) { case 0: g_static_mutex_unlock(&period_mutex); return 0; default: /* here provend is > 0 */ /* we modify result if and only if previous period items give * drop or if provend is more limitative than current result */ if ((result == -1) || (provend < result)) { result = provend; } } } } g_static_mutex_unlock(&period_mutex); return result; } void free_period(gpointer data) { struct period *period = (struct period *) data; g_slist_free(period->items); g_free(period->description); g_free(period->name); g_free(period); } gboolean delete_period(GHashTable * periods, gchar * name) { return g_hash_table_remove(periods, name); } void destroy_periods(GHashTable * periods) { g_hash_table_destroy(periods); } gboolean define_new_period(GHashTable * periods, gchar * name, gchar * description) { /* alloc struct */ struct period *periodelt = g_new0(struct period, 1); /* insert in hash */ periodelt->name = g_strdup(name); periodelt->description = g_strdup(description); periodelt->items = NULL; g_hash_table_insert(periods, g_strdup(name), periodelt); return TRUE; } gboolean add_perioditem_to_period(GHashTable * periods, gchar * name, struct period_item * perioditem) { /* search entry in hash */ struct period *periodelt = g_hash_table_lookup(periods, name); /* add iperioditem to GSList items (but do sanity check on perioditem) */ if (periodelt && perioditem) { /* set used to TRUE */ periodelt->items = g_slist_prepend(periodelt->items, perioditem); periodelt->used = TRUE; } else { log_message(WARNING, DEBUG_AREA_MAIN, "Can not add period item (%p) to period (%s at %p)", perioditem, name, periodelt); return FALSE; } return TRUE; } /** can have no parameter as a module reload is needed */ GHashTable *init_periods() { GHashTable *periods = NULL; periods = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, (GDestroyNotify) free_period); modules_parse_periods(periods); return periods; } void reload_periods(GHashTable **periods) { g_static_mutex_lock(&period_mutex); destroy_periods(*periods); *periods = init_periods(); g_static_mutex_unlock(&period_mutex); } /** @} */ nufw-2.4.3/src/nuauth/authsrv.c0000644000175000017500000007245311431206275013367 00000000000000/* ** Copyright(C) 2004-2008 INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /** * \defgroup Nuauth Nuauth * * @{ */ /* } */ /*! \file nuauth/authsrv.c \brief Main file It takes care of init stuffs and runs sheduled tasks at a given interval. */ #include #include #include "sasl.h" #include "security.h" #include /* setrlimit() */ #include /* O_RDWR */ #include #include #include "nuauthconf.h" #ifdef HAVE_GETOPT_H # include #endif typedef struct { int daemonize; int debug_level; char *configfile; char *userpckt_port; char *authreq_port; char *client_srv; char *nufw_srv; } command_line_params_t; int nuauth_running = 1; GList *cleanup_func_list = NULL; static int quiet_mode = 0; /** * Add a cleanup function: it would be called every second. * Functions are stored in ::cleanup_func_list list. * * See also cleanup_func_remove() */ void cleanup_func_push(cleanup_func_t func) { cleanup_func_list = g_list_append(cleanup_func_list, func); } /** * Remove a cleanup function from ::cleanup_func_list list. * * See also cleanup_func_push() */ void cleanup_func_remove(cleanup_func_t func) { cleanup_func_list = g_list_remove(cleanup_func_list, func); } /* * wait one thread pool */ void wait_thread_pool(const char *name, GThreadPool *pool) { gint count = 1; while (count) { count = g_thread_pool_unprocessed(pool); usleep(10000); } log_message(DEBUG, DEBUG_AREA_MAIN, "thread pool '%s' free", name); } void wait_all_thread_pools() { wait_thread_pool("session logger", nuauthdatas->user_session_loggers); wait_thread_pool("packet logger", nuauthdatas->user_loggers); wait_thread_pool("acl checker", nuauthdatas->acl_checkers); wait_thread_pool("users checker", nuauthdatas->user_checkers); if (nuauthconf->log_users_sync) { wait_thread_pool("decision worker", nuauthdatas->decisions_workers); } if (nuauthconf->do_ip_authentication) { wait_thread_pool("ip auth worker", nuauthdatas->ip_authentication_workers); } } void block_thread_pools() { nuauthdatas->need_reload = 1; } void release_thread_pools() { /* liberate threads by broadcasting condition */ nuauthdatas->need_reload = 0; g_mutex_lock(nuauthdatas->reload_cond_mutex); g_cond_broadcast(nuauthdatas->reload_cond); g_mutex_unlock(nuauthdatas->reload_cond_mutex); } void start_all_thread_pools() { if (nuauthconf->do_ip_authentication) { /* create thread of pool */ nuauthdatas->ip_authentication_workers = g_thread_pool_new((GFunc) external_ip_auth, NULL, nuauthconf->nbipauth_check, POOL_TYPE, NULL); } else { nuauthdatas->ip_authentication_workers = NULL; } /* create acl checker workers */ log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Creating %d acl checker threads", nuauthconf->nbacl_check); nuauthdatas->acl_checkers = g_thread_pool_new((GFunc) acl_check_and_decide, NULL, nuauthconf->nbacl_check, POOL_TYPE, NULL); /* create user checker workers */ log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Creating %d user checker threads", nuauthconf->nbuser_check); nuauthdatas->user_checkers = g_thread_pool_new((GFunc) user_check_and_decide, NULL, nuauthconf->nbuser_check, POOL_TYPE, NULL); /* create user logger workers */ log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Creating %d user logger threads", nuauthconf->nbloggers); nuauthdatas->user_loggers = g_thread_pool_new((GFunc) real_log_user_packet, NULL, nuauthconf->nbloggers, POOL_TYPE, NULL); log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Creating %d user session logger threads", nuauthconf->nbloggers); nuauthdatas->user_session_loggers = g_thread_pool_new((GFunc) log_user_session_thread, NULL, nuauthconf->nbloggers, POOL_TYPE, NULL); /* create decisions workers (if needed) */ if (nuauthconf->log_users_sync) { log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Creating %d decision worker threads", nuauthconf->nbloggers); nuauthdatas->decisions_workers = g_thread_pool_new((GFunc) decisions_queue_work, NULL, nuauthconf->nbloggers, POOL_TYPE, NULL); } } /** * Stop one thread pool */ void stop_thread_pool(const char *name, GThreadPool **pool) { log_message(DEBUG, DEBUG_AREA_MAIN, "Stopping thread pool '%s'", name); g_thread_pool_free(*pool, TRUE, TRUE); *pool = NULL; } /** * Stop all nuauth thread pools * If soft is true, destroy pools. */ void stop_all_thread_pools(gboolean soft) { /* end logging threads */ if (soft) { stop_thread_pool("session logger", &nuauthdatas->user_session_loggers); stop_thread_pool("packet logger", &nuauthdatas->user_loggers); stop_thread_pool("acl checker", &nuauthdatas->acl_checkers); stop_thread_pool("users checker", &nuauthdatas->user_checkers); if (nuauthconf->log_users_sync) { stop_thread_pool("decision worker", &nuauthdatas->decisions_workers); } if (nuauthconf->do_ip_authentication) { stop_thread_pool("ip auth worker", &nuauthdatas->ip_authentication_workers); } } g_thread_pool_stop_unused_threads(); } /** * Ask all threads to stop (by locking their mutex), and then wait * until they really stop (if wait is TRUE) using g_thread_join() * and g_thread_pool_free(). * * \param wait If wait is TRUE, the function will block until all threads * stopped. Else, it will just ask all threads to stop. */ void stop_threads(gboolean wait) { log_message(INFO, DEBUG_AREA_MAIN, "Asking threads to stop."); #ifdef BUILD_NUAUTH_COMMAND /* stop command server */ if (nuauthconf->use_command_server) { thread_stop(&nuauthdatas->command_thread); } #endif /* ask theads to stop */ if (nuauthconf->push && nuauthconf->hello_authentication) { thread_stop(&nuauthdatas->localid_auth_thread); } /* wait thread end */ if (wait) { log_message(INFO, DEBUG_AREA_MAIN, "Waiting for threads end ..."); } /* kill push worker */ thread_stop(&nuauthdatas->tls_pusher); if (wait) { log_message(DEBUG, DEBUG_AREA_MAIN, "Waiting for thread 'tls pusher'"); g_thread_join(nuauthdatas->tls_pusher.thread); } /* kill entries point */ thread_list_stop(nuauthdatas->tls_auth_servers); thread_list_stop(nuauthdatas->tls_nufw_servers); thread_stop(&nuauthdatas->pre_client_thread); if (wait) { thread_list_wait_end(nuauthdatas->tls_auth_servers); thread_list_wait_end(nuauthdatas->tls_nufw_servers); thread_wait_end(&nuauthdatas->pre_client_thread); } /* Close nufw and client connections */ log_message(INFO, DEBUG_AREA_MAIN, "Closing nufw connections"); close_nufw_servers(); log_message(INFO, DEBUG_AREA_MAIN, "Closing client connections"); close_clients(); thread_stop(&nuauthdatas->limited_connections_handler); thread_stop(&nuauthdatas->search_and_fill_worker); if (wait) { thread_wait_end(&nuauthdatas->limited_connections_handler); thread_wait_end(&nuauthdatas->search_and_fill_worker); } #ifdef BUILD_NUAUTH_COMMAND if (nuauthconf->use_command_server) { thread_wait_end(&nuauthdatas->command_thread); } #endif if (nuauthconf->push && nuauthconf->hello_authentication && wait) { thread_wait_end(&nuauthdatas->localid_auth_thread); } stop_all_thread_pools(wait); /* done! */ log_message(INFO, DEBUG_AREA_MAIN, "Threads stopped."); } void free_threads() { /* free all thread mutex */ thread_destroy(&nuauthdatas->tls_pusher); thread_destroy(&nuauthdatas->search_and_fill_worker); thread_list_destroy(nuauthdatas->tls_auth_servers); thread_list_destroy(nuauthdatas->tls_nufw_servers); thread_destroy(&nuauthdatas->limited_connections_handler); if (nuauthconf->push && nuauthconf->hello_authentication) { thread_destroy(&nuauthdatas->localid_auth_thread); } } /** * Delete all items (call g_free()) of nuauthdatas->tls_push_queue queue. */ void clear_push_queue() { struct internal_message *message; do { message = g_async_queue_try_pop(nuauthdatas->tls_push_queue); if (!message) break; if (message->type == INSERT_MESSAGE || message->type == WARN_MESSAGE) { g_free(message->datas); } g_free(message); } while (1); } /** * Deinit NuAuth: * - Stop NuAuth: close_nufw_servers(), close_clients(), end_tls(), end_audit() ; * - Free memory ; * - Unload modules: unload_modules() ; * - Destroy pid file ; * - And finally exit. * */ void nuauth_deinit(gboolean soft) { log_message(CRITICAL, DEBUG_AREA_MAIN, "[+] NuAuth deinit"); #if 0 signal(SIGTERM, SIG_DFL); signal(SIGKILL, SIG_DFL); signal(SIGHUP, SIG_DFL); #endif stop_threads(soft); log_message(INFO, DEBUG_AREA_MAIN, "Unloading modules"); unload_modules(); #if 0 end_tls(); #endif log_message(INFO, DEBUG_AREA_MAIN, "Ending audit"); end_audit(); log_message(INFO, DEBUG_AREA_MAIN, "Freeing memory"); free_nuauth_params(nuauthconf); if (nuauthconf->acl_cache) { cache_destroy(nuauthdatas->acl_cache); } if (nuauthconf->user_cache) { cache_destroy(nuauthdatas->user_cache); } g_free(nuauthdatas->program_fullpath); free_threads(); clear_push_queue(); g_hash_table_destroy(conn_list); g_static_mutex_free(&insert_mutex); /* destroy pid file */ unlink(NUAUTH_PID_FILE); } /** * Call this function to stop nuauth. */ void nuauth_ask_exit() { if (g_atomic_int_compare_and_exchange(&nuauth_running, 1, 0)) { kill(getpid(), SIGTERM); } } /** * This is exit() handler. It's used on fatal error of NuAuth. * nuauth_cleanup() also call it, but this call is ignored, * because nuauth_cleanup() set nuauth_running to 0. */ void nuauth_atexit() { if (g_atomic_int_compare_and_exchange(&nuauth_running, 1, 0)) { log_message(FATAL, DEBUG_AREA_MAIN, "[+] Stopping NuAuth server (exit)"); nuauth_deinit(FALSE); } } /** * Function called when a SIGTERM or SIGINT is received: * - Reinstall old signal handlers (for SIGTERM and SIGINT) ; * - Deinit NuAuth: call nuauth_deinit() (in soft mode) * * \param recv_signal Code of raised signal */ void nuauth_cleanup(int recv_signal) { (void) g_atomic_int_dec_and_test(&nuauth_running); /* first of all, reinstall old handlers (ignore errors) */ nuauth_install_signals(FALSE); if (recv_signal == SIGINT) log_message(CRITICAL, DEBUG_AREA_MAIN, "[+] Stopping NuAuth server (SIGINT)"); else if (recv_signal == SIGTERM) log_message(CRITICAL, DEBUG_AREA_MAIN, "[+] Stopping NuAuth server (SIGTERM)"); nuauth_deinit(TRUE); log_message(FATAL, DEBUG_AREA_MAIN, "[+] NuAuth exiting"); exit(EXIT_SUCCESS); } /** * Daemonize the process: * - If a pid file already exists: if it's valid, just quit, else delete it * - Call fork(): the child will just write the pid in the pid file * and then exit * - Set current directory to "/" * - Call setsid() * - close stdin, stdout and stderr */ void daemonize() { FILE *pf; pid_t pidf; if (access(NUAUTH_PID_FILE, R_OK) == 0) { /* Check if the existing process is still alive. */ pid_t pidv; pf = fopen(NUAUTH_PID_FILE, "r"); if (pf != NULL && fscanf(pf, "%d", &pidv) == 1 && kill(pidv, 0) == 0) { fclose(pf); log_message(FATAL, DEBUG_AREA_MAIN, "pid file exists. Is nuauth already running? Aborting!\n"); exit(EXIT_FAILURE); } if (pf != NULL) fclose(pf); } pidf = fork(); if (pidf < 0) { log_message(FATAL, DEBUG_AREA_MAIN, "Unable to fork"); exit(EXIT_FAILURE); /* this should be useless !! */ } else { if (pidf > 0) { /* child process */ pf = fopen(NUAUTH_PID_FILE, "w"); if (pf != NULL) { fprintf(pf, "%d\n", (int) pidf); fclose(pf); } else { printf("Dying, can not create PID file \"" NUAUTH_PID_FILE "\".\n"); exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } } setsid(); /* warning: do not close fd (0 1 2), or this will create problems when trying * to create child process with a pipe (dup2 fails with error EBADF) */ { int fd = open("/dev/null",O_RDWR); dup2(fd, STDIN_FILENO); dup2(fd, STDOUT_FILENO); dup2(fd, STDERR_FILENO); close(fd); } } static struct option long_options[] = { {"help", 0, NULL, 'h'}, {"config", 1, NULL, 'c'}, {"daemon", 0, NULL, 'D'}, {"quiet", 0, NULL, 'q'}, {"version", 0, NULL, 'V'}, {"verbose", 0, NULL, 'v'}, {"nufw-port", 1, NULL, 'p'}, {"client-port", 1, NULL, 'l'}, {"nufw-address", 1, NULL, 'L'}, {"client-address", 1, NULL, 'C'}, {"timeout", 1, NULL, 't'}, {0, 0, 0, 0} }; /** * Display all command line options of NuAuth */ void print_usage() { fprintf(stdout, "nuauth [-hDVv[v[v[v[v[v[v[v[v]]]]]]]]] [-l user_packet_port] [-C local_addr] [-L local_addr] \n" "\t\t[-t packet_timeout]\n" "\t-h (--help ): display this help and exit\n" "\t-c (--config ): use alternate configuration file\n" "\t-D (--daemon ): run as a daemon, send debug messages to syslog (else stdout/stderr)\n" "\t-q (--quiet ): do not log to stdout/stderr\n" "\t-V (--version ): display version and exit\n" "\t-v (--verbose ): increase debug level (+1 for each 'v') (max useful number : 10)\n" "\t-p (--nufw-port ): specify listening TCP port (this port waits for nufw) (default : 4128)\n" "\t-l (--client-port ): specify listening TCP port (this port waits for clients) (default : 4129)\n" "\t-L (--nufw-address ): specify NUFW listening IP address (local) (this address waits for nufw data) (default : 127.0.0.1)\n" "\t-C (--client-address): specify clients listening IP address (local) (this address waits for clients auth) (default : 0.0.0.0)\n" "\t-t (--timeout ): timeout to forget about packets when they don't match (default : 15 s)\n"); } /** * Parse command line options using getopt library. */ void parse_options(int argc, char **argv, command_line_params_t * params) { char *options_list = "DqhVvc:l:L:C:p:t:T:"; int option; int local_debug_level = 0; /*parse options */ while ((option = getopt_long(argc, argv, options_list, long_options, NULL)) != -1) { switch (option) { case 'c': /* configuration file */ g_free(params->configfile); params->configfile = g_strdup(optarg); break; case 'V': fprintf(stdout, "nuauth (version %s)\n", NUAUTH_FULL_VERSION); exit(EXIT_SUCCESS); break; case 'v': local_debug_level++; break; case 'q': quiet_mode++; break; case 'l': /* port we listen for auth answer */ g_free(params->userpckt_port); params->userpckt_port = g_strdup(optarg); break; case 'p': /* port we listen for auth answer */ g_free(params->authreq_port); params->authreq_port = g_strdup(optarg); break; case 'L': /* Address we listen on for NUFW originating packets */ g_free(params->nufw_srv); params->nufw_srv = g_strdup(optarg); break; case 'C': /* Address we listen on for client originating packets */ g_free(params->client_srv); params->client_srv = g_strdup(optarg); break; case 't': /* packet timeout */ sscanf(optarg, "%d", &(nuauthconf->packet_timeout)); break; case 'D': params->daemonize = 1; break; case 'h': print_usage(); exit(EXIT_SUCCESS); } } if (local_debug_level) { params->debug_level = local_debug_level; } } void no_action_signals(int recv_signal); /** * Install all signals used in NuAuth: * - SIGTERM and SIGINT: install nuauth_cleanup() handler ; * - SIGHUP: install nuauth_reload() handler ; * - SIGPIPE: ignore signal. * * \see init_audit() */ void nuauth_install_signals(gboolean sig_action) { struct sigaction action; atexit(nuauth_atexit); memset(&action, 0, sizeof(action)); if (sig_action) { action.sa_handler = nuauth_cleanup; } else { action.sa_handler = no_action_signals; } sigemptyset(&(action.sa_mask)); action.sa_flags = 0; /* intercept SIGTERM */ if (sigaction(SIGTERM, &action, &nuauthdatas->old_sigterm_hdl) != 0) { log_message(FATAL, DEBUG_AREA_MAIN, "Error modifying sigaction"); exit(EXIT_FAILURE); } /* intercept SIGINT */ if (sigaction(SIGINT, &action, &nuauthdatas->old_sigint_hdl) != 0) { log_message(FATAL, DEBUG_AREA_MAIN, "Error modifying sigaction"); exit(EXIT_FAILURE); } /* intercept SIGHUP */ memset(&action, 0, sizeof(action)); action.sa_handler = (__sighandler_t) nuauth_reload; sigemptyset(&(action.sa_mask)); action.sa_flags = 0; if (sigaction(SIGHUP, &action, &nuauthdatas->old_sighup_hdl) != 0) { log_message(FATAL, DEBUG_AREA_MAIN, "Error modifying sigaction"); exit(EXIT_FAILURE); } /* ignore SIGPIPE */ signal(SIGPIPE, SIG_IGN); } void no_action_signals(int recv_signal) { switch (recv_signal) { case SIGINT: log_message(CRITICAL, DEBUG_AREA_MAIN, "[+] Nuauth received SIGINT (leaving)"); tls_common_deinit(); exit(EXIT_FAILURE); break; case SIGTERM: log_message(CRITICAL, DEBUG_AREA_MAIN, "[+] Nuauth received SIGTERM (leaving)"); tls_common_deinit(); exit(EXIT_FAILURE); break; case SIGHUP: log_message(CRITICAL, DEBUG_AREA_MAIN, "[+] Nuauth received SIGHUP (ignoring)"); tls_common_deinit(); break; } } #define OVERWRITE_DATA(x) \ if (params->x) { \ g_free(nuauthconf->x); \ nuauthconf->x = g_strdup(params->x); \ } static void nuauthconf_from_cmdline(command_line_params_t *params) { OVERWRITE_DATA(client_srv); OVERWRITE_DATA(nufw_srv); OVERWRITE_DATA(userpckt_port); OVERWRITE_DATA(authreq_port); nuauthconf->debug_level = params->debug_level; } #undef OVERWRITE_DATA /** * Configure NuAuth: * - Init. glib threads: g_thread_init() ; * - Read command line options: parse_options() ; * - Read NuAuth configuration file: init_nuauthconf() ; * - Build configuration options: build_prenuauthconf() ; * - Init SSL library: nussl_init() ; * - Create credentials: create_x509_credentials() ; * - Daemonize the process if asked: daemonize(). */ void configure_app(int argc, char **argv) { command_line_params_t params; int ret; struct rlimit r_limit; struct nuauth_params initconf; struct nuauth_params *conf; /* Avoid creation of core file which may contains username and password */ if (getrlimit(RLIMIT_CORE, &r_limit) == 0) { #ifdef DEBUG_ENABLE r_limit.rlim_cur = RLIM_INFINITY; #else r_limit.rlim_cur = 0; #endif setrlimit(RLIMIT_CORE, &r_limit); } if (getrlimit(RLIMIT_NOFILE, &r_limit) == 0) { r_limit.rlim_cur = 8096; r_limit.rlim_max = 8096; setrlimit(RLIMIT_NOFILE, &r_limit); } #ifndef DEBUG_ENABLE /* Move to root directory to not block current working directory */ (void) chdir("/"); #endif #ifdef DEBUG_MEMORY g_mem_set_vtable(glib_mem_profiler_table); #endif /* Initialize glib thread system */ g_thread_init(NULL); g_thread_pool_set_max_unused_threads(5); /* init nuauthdatas */ nuauthdatas = g_new0(struct nuauth_datas, 1); nuauthdatas->is_starting = TRUE; nuauthdatas->reload_cond = g_cond_new(); nuauthdatas->reload_cond_mutex = g_mutex_new(); nuauthdatas->program_fullpath = g_strdup(argv[0]); /* set default parameters */ params.debug_level = 0; params.daemonize = 0; params.client_srv = NULL; params.nufw_srv = NULL; params.userpckt_port = NULL; params.authreq_port = NULL; params.configfile = NULL; nuauthconf = &initconf; /* check if configuration file is not given on command line */ parse_options(argc, argv, ¶ms); if (params.debug_level) { nuauthconf->debug_level = params.debug_level; } else { nuauthconf->debug_level = DEFAULT_DEBUG_LEVEL; } nuauthconf->debug_areas = DEFAULT_DEBUG_AREAS; if (params.configfile == NULL) { nuauthconf->configfile = g_strdup(DEFAULT_CONF_FILE); } else { nuauthconf->configfile = g_strdup(params.configfile); } ret = nuauth_parse_configuration(nuauthconf->configfile); if (ret < 0) { log_message(FATAL, DEBUG_AREA_MAIN, "Cannot load configuration (file '%s')", nuauthconf->configfile); exit(EXIT_FAILURE); } /* load configuration */ if (!init_nuauthconf(&conf)) { log_message(FATAL, DEBUG_AREA_MAIN, "Unable to load configuration"); exit(EXIT_FAILURE); } conf->configfile = nuauthconf->configfile; nuauthconf = conf; /* build configuration by overwritting config file option by * command line one */ nuauthconf_from_cmdline(¶ms); build_prenuauthconf(nuauthconf, NULL, 0); ret = nussl_init(); if ( ret != NUSSL_OK ) { log_message(FATAL, DEBUG_AREA_MAIN, "FATAL ERROR: NuSSL global initialisation failed."); exit(EXIT_FAILURE); } if (nuauthconf->uses_utf8) { setlocale(LC_ALL, ""); } /* debug cannot be above 10 */ if (nuauthconf->debug_level > MAX_DEBUG_LEVEL) nuauthconf->debug_level = MAX_DEBUG_LEVEL; if (nuauthconf->debug_level < MIN_DEBUG_LEVEL) nuauthconf->debug_level = MIN_DEBUG_LEVEL; log_message(INFO, DEBUG_AREA_MAIN, "Debug_level is %i", nuauthconf->debug_level); #if 0 /* init credential */ if (! create_x509_credentials()) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_FATAL, "Certificate initialization failed"); exit(EXIT_FAILURE); } #endif /* free command line structure */ g_free(params.client_srv); g_free(params.nufw_srv); g_free(params.userpckt_port); g_free(params.authreq_port); g_free(params.configfile); debug_areas = DEFAULT_DEBUG_AREAS; debug_level = nuauthconf->debug_level; /* init gcrypt and gnutls */ if (params.daemonize == 1) { daemonize(); set_glib_loghandlers(0, 1 /* use only syslog */); } else { int use_stdout = (quiet_mode == 0); set_glib_loghandlers(use_stdout, 0 /* use syslog and stdout */); log_message(FATAL, DEBUG_AREA_MAIN, "[+] NuAuth ($Revision$) with config %s", nuauthconf->configfile); log_message(FATAL, DEBUG_AREA_MAIN, "Nuauth started in foreground (without -D option), " "logging on stderr, stdout and syslog"); } /* declare default capabilities */ register_client_capa("HELLO", &(nuauthdatas->hello_capa)); register_client_capa("TCP", &(nuauthdatas->tcp_capa)); register_client_capa("UDP", &(nuauthdatas->udp_capa)); } /** * Initialize all data: * - Create different queues: * - tls_push_queue: read in push_worker() ; * - connections_queue: read in search_and_fill() ; * - localid_auth_queue: read in localid_auth(). * - Create hash table ::conn_list * - Init. modules: init_modules_system(), load_modules() * - Init. periods: init_periods() * - Init. cache: init_acl_cache() and init_user_cache() (if enabled) * - Create thread pools: * - ip_authentication_workers with external_ip_auth() (if enabled) ; * - acl_checkers with acl_check_and_decide() ; * - user_checkers with user_check_and_decide() ; * - user_loggers with real_log_user_packet() ; * - user_session_loggers with log_user_session_thread() ; * - decisions_workers with decisions_queue_work(). * - Create threads: * - tls_pusher with push_worker() ; * - search_and_fill_worker with search_and_fill() ; * - localid_auth_thread with localid_auth() (if needed) ; * - tls_auth_servers with tls_user_start_servers() ; * - tls_nufw_servers with tls_nufw_start_servers() ; * - limited_connections_handler with limited_connection_handler(). * * Other queue, threads, etc. are created elsewhere: * - in tls_user_init(): tls_sasl_worker thread pool, tls_sasl_connect(). */ void init_nuauthdata() { block_thread_pools(); nuauthdatas->tls_push_queue = g_async_queue_new(); if (!nuauthdatas->tls_push_queue) exit(EXIT_FAILURE); /* initialize packets list */ conn_list = g_hash_table_new_full((GHashFunc) hash_connection, (GEqualFunc) tracking_equal, NULL, (GDestroyNotify) free_connection); /* async queue initialisation */ nuauthdatas->connections_queue = g_async_queue_new(); if (!nuauthdatas->connections_queue) exit(EXIT_FAILURE); init_protocol_extension(nuauthdatas); /* init and load modules */ init_modules_system(); if (!load_modules()) exit(EXIT_FAILURE); /* init periods */ nuauthconf->periods = init_periods(nuauthconf); if (nuauthconf->acl_cache) init_acl_cache(); /* create user cache thread */ if (nuauthconf->user_cache) init_user_cache(); start_all_thread_pools(); null_message = g_new0(struct cache_message, 1); null_queue_datas = g_new0(gchar, 1); /* init private datas for pool thread */ nuauthdatas->aclqueue = g_private_new((GDestroyNotify) g_async_queue_unref); nuauthdatas->userqueue = g_private_new((GDestroyNotify) g_async_queue_unref); g_static_mutex_init(&insert_mutex); /* create thread for search_and_fill thread */ log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Creating search_and_fill thread"); thread_new(&nuauthdatas->search_and_fill_worker, "search&fill", search_and_fill); if (nuauthconf->push && nuauthconf->hello_authentication) { log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Creating hello mode authentication thread"); nuauthdatas->localid_auth_queue = g_async_queue_new(); thread_new(&nuauthdatas->localid_auth_thread, "localid", localid_auth); } #ifdef BUILD_NUAUTH_COMMAND if (nuauthconf->use_command_server) { log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Creating command thread"); thread_new(&nuauthdatas->command_thread, "command", command_server); } #endif /* create thread for client request sender */ thread_new(&nuauthdatas->tls_pusher, "tls pusher", push_worker); if (nuauthconf->nufw_has_conntrack) { thread_new(&nuauthdatas->limited_connections_handler, "limited connections", limited_connection_handler); } /* create TLS authentication server threads (auth + nufw) */ tls_common_init(); log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Creating tls authentication server threads"); tls_user_start_servers(nuauthdatas->tls_auth_servers); log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Creating tls nufw server threads"); tls_nufw_start_servers(nuauthdatas->tls_nufw_servers); log_message(INFO, DEBUG_AREA_MAIN, "Threads system started"); release_thread_pools(); nuauthdatas->is_starting = FALSE; } /** * Function called every second to cleanup things: * - remove old connections * - refresh ACL cache * - refresh localid auth cache * - refresh limited connection */ void main_cleanup() { struct cache_message *cmessage; struct internal_message *int_message; /* remove old connections */ clean_connections_list(); /* info message about thread pools */ if (DEBUG_OR_NOT(DEBUG_LEVEL_INFO, DEBUG_AREA_MAIN)) { if (g_thread_pool_unprocessed(nuauthdatas->user_checkers) || g_thread_pool_unprocessed(nuauthdatas-> acl_checkers) || g_thread_pool_unprocessed(nuauthdatas-> user_loggers)) { g_message ("%u user/%u acl/%u log unassigned task(s), %d " "connection(s)", g_thread_pool_unprocessed(nuauthdatas-> user_checkers), g_thread_pool_unprocessed(nuauthdatas-> acl_checkers), g_thread_pool_unprocessed(nuauthdatas-> user_loggers), g_hash_table_size(conn_list) ); } } act_on_loggers_processing(); if (nuauthconf->acl_cache) { /* send refresh message to acl cache thread */ cmessage = g_new0(struct cache_message, 1); cmessage->type = REFRESH_MESSAGE; g_async_queue_push(nuauthdatas->acl_cache->queue, cmessage); } if (nuauthconf->push && nuauthconf->hello_authentication) { /* refresh localid_auth_queue queue */ int_message = g_new0(struct internal_message, 1); int_message->type = REFRESH_MESSAGE; g_async_queue_push(nuauthdatas->localid_auth_queue, int_message); } if (nuauthconf->nufw_has_conntrack) { /* refresh limited_connections_queue queue */ int_message = g_new0(struct internal_message, 1); int_message->type = REFRESH_MESSAGE; g_async_queue_push(nuauthdatas->limited_connections_queue, int_message); } } /** * Main loop: refresh connection queue and all other queues */ void nuauth_main_loop() { struct timespec sleep; GList *cleanup_it; GTimer *timer; double sec; unsigned long ms; log_message(FATAL, DEBUG_AREA_MAIN, "[+] NuAuth started."); /* create timer and add main cleanup function to cleanup list */ timer = g_timer_new(); cleanup_func_push(main_cleanup); cleanup_func_push(kill_expired_clients_session); /* first sleep is one full second */ sleep.tv_sec = 1; sleep.tv_nsec = 0; /* * Main loop: call functions listed in ::cleanup_func_list every second. * If functions take long time, next sleep will be shorter. */ for (;;) { /* a little sleep (one second) */ nanosleep(&sleep, NULL); for (cleanup_it = cleanup_func_list; cleanup_it != NULL; cleanup_it = cleanup_it->next) { cleanup_func_t cleanup = cleanup_it->data; cleanup(); } sleep.tv_sec = 1; sleep.tv_nsec = 0; } g_timer_destroy(timer); } /** * NuAuth entry point: * - Configure application with: configure_app() * - Install signals: nuauth_install_signals() * - Init. all data: init_nuauthdata() * - Init. autdit: init_audit() * - Run main loop: nuauth_main_loop() */ int main(int argc, char *argv[]) { configure_app(argc, argv); init_nuauthdata(); nuauth_install_signals(TRUE); init_audit(); nuauth_main_loop(); return EXIT_SUCCESS; } /** @} */ nufw-2.4.3/src/nuauth/conntrack.h0000644000175000017500000000244111431206275013650 00000000000000/* ** Copyright(C) 2005 INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef CONNTRACK_H #define CONNTRACK_H struct limited_connection { struct in6_addr gwaddr; time_t expire; /**< expiration time of connection */ tracking_t tracking; }; struct accounted_connection { tracking_t tracking; time_t timestamp; /* counters fields */ u_int64_t packets_in; u_int64_t bytes_in; u_int64_t packets_out; u_int64_t bytes_out; }; void *limited_connection_handler(GMutex * mutex); nu_error_t send_conntrack_message(struct limited_connection *lconn, unsigned char msgtype); #endif /* CONNTRACK_H */ nufw-2.4.3/src/nuauth/pckt_authsrv_v3.h0000644000175000017500000000205611431206275015015 00000000000000/* ** Copyright(C) 2006, INL ** Written by Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef PCKT_AUTHSRV_V3_H #define PCKT_AUTHSRV_V3_H nu_error_t authpckt_conntrack_v3(unsigned char *dgram, unsigned int dgram_size); nu_error_t authpckt_new_connection_v3(unsigned char *dgram, unsigned int dgram_size, connection_t ** conn); #endif nufw-2.4.3/src/nuauth/Makefile.in0000644000175000017500000005611511431215400013557 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ sbin_PROGRAMS = nuauth$(EXEEXT) subdir = src/nuauth DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__installdirs = "$(DESTDIR)$(sbindir)" sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(sbin_PROGRAMS) am__objects_1 = am_nuauth_OBJECTS = nuthread.$(OBJEXT) acls.$(OBJEXT) audit.$(OBJEXT) \ auth_common.$(OBJEXT) authsrv.$(OBJEXT) cache.$(OBJEXT) \ check_acls.$(OBJEXT) client_mngr.$(OBJEXT) debug.$(OBJEXT) \ gcrypt.$(OBJEXT) ip_auth.$(OBJEXT) localid_auth.$(OBJEXT) \ parsing.$(OBJEXT) pckt_authsrv.$(OBJEXT) \ pckt_authsrv_v3.$(OBJEXT) sasl.$(OBJEXT) tls.$(OBJEXT) \ tls_user.$(OBJEXT) tls_nufw.$(OBJEXT) tls_sasl.$(OBJEXT) \ user_authsrv.$(OBJEXT) user_logs.$(OBJEXT) users.$(OBJEXT) \ modules.$(OBJEXT) nuauthconf.$(OBJEXT) conntrack.$(OBJEXT) \ period.$(OBJEXT) auth_hash.$(OBJEXT) take_decision.$(OBJEXT) \ command.$(OBJEXT) command_enc.$(OBJEXT) nufw_servers.$(OBJEXT) \ connections.$(OBJEXT) $(am__objects_1) nodist_nuauth_OBJECTS = nuauth_OBJECTS = $(am_nuauth_OBJECTS) $(nodist_nuauth_OBJECTS) am__DEPENDENCIES_1 = nuauth_DEPENDENCIES = $(am__DEPENDENCIES_1) \ ../libs/nubase/libnubase.la ../libs/nussl/libnussl.la \ ../libs/nuconfparser/libnuconfparser.la DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(nuauth_SOURCES) $(nodist_nuauth_SOURCES) DIST_SOURCES = $(nuauth_SOURCES) RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = modules AM_CFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" -DLOCAL_STATE_DIR=\"$(localstatedir)\" -L$(top_srcdir)/src/include/ -L$(top_srcdir)/src/nuauth/ -D_REENTRANT INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/libs/nussl/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nuconfparser EXTRA_DIST = splint.sh valgrind.sh valgrind.supp #authsrv nodist_nuauth_SOURCES = acls.h audit.h auth_common.h auth_srv.h cache.h client_mngr.h command_codec.h \ command_enc.h command.h connections.h conntrack.h gcrypt_init.h \ internal_messages.h ip_auth.h localid_auth.h log.h modules_definition.h \ modules.h nuauthconf.h nuauth_debug.h nuauth_gcrypt.h nuauth_params.h \ nufw_servers.h nu_gcrypt.h nuthread.h parsing.h pckt_authsrv.h \ pckt_authsrv_v3.h period.h sasl.h take_decision.h tls.h user_authsrv.h \ user_logs.h users.h nuauth_SOURCES = nuthread.c acls.c audit.c auth_common.c authsrv.c cache.c \ check_acls.c client_mngr.c debug.c gcrypt.c ip_auth.c \ localid_auth.c parsing.c pckt_authsrv.c pckt_authsrv_v3.c\ sasl.c tls.c tls_user.c tls_nufw.c tls_sasl.c user_authsrv.c user_logs.c users.c \ modules.c nuauthconf.c conntrack.c period.c auth_hash.c take_decision.c \ command.c command_enc.c nufw_servers.c connections.c \ ${nodist_nuauth_SOURCES} nuauth_LDADD = $(GLIB_LIBS) -lm -lsasl2 ../libs/nubase/libnubase.la ../libs/nussl/libnussl.la ../libs/nuconfparser/libnuconfparser.la all: all-recursive .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-sbinPROGRAMS: $(sbin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" @list='$(sbin_PROGRAMS)'; for p in $$list; do \ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ if test -f $$p \ || test -f $$p1 \ ; then \ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \ else :; fi; \ done uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(sbin_PROGRAMS)'; for p in $$list; do \ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \ rm -f "$(DESTDIR)$(sbindir)/$$f"; \ done clean-sbinPROGRAMS: @list='$(sbin_PROGRAMS)'; for p in $$list; do \ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ echo " rm -f $$p $$f"; \ rm -f $$p $$f ; \ done mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/acls.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audit.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_hash.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/authsrv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cache.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/check_acls.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/client_mngr.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/command.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/command_enc.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/connections.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/conntrack.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/debug.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcrypt.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ip_auth.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/localid_auth.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/modules.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nuauthconf.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nufw_servers.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nuthread.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parsing.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pckt_authsrv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pckt_authsrv_v3.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/period.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sasl.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/take_decision.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls_nufw.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls_sasl.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls_user.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/user_authsrv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/user_logs.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/users.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ distdir=`$(am__cd) $(distdir) && pwd`; \ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ (cd $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$top_distdir" \ distdir="$$distdir/$$subdir" \ am__remove_distdir=: \ am__skip_length_check=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile $(PROGRAMS) installdirs: installdirs-recursive installdirs-am: for dir in "$(DESTDIR)$(sbindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." @BUILD_NUAUTH_COMMAND_FALSE@install-exec-local: clean: clean-recursive clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \ mostlyclean-am distclean: distclean-recursive -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-exec-am: install-exec-local install-sbinPROGRAMS install-html: install-html-recursive install-info: install-info-recursive install-man: install-pdf: install-pdf-recursive install-ps: install-ps-recursive installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: uninstall-sbinPROGRAMS .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ install-strip .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic clean-libtool \ clean-sbinPROGRAMS ctags ctags-recursive distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-exec-local \ install-html install-html-am install-info install-info-am \ install-man install-pdf install-pdf-am install-ps \ install-ps-am install-sbinPROGRAMS install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-recursive uninstall uninstall-am \ uninstall-sbinPROGRAMS @BUILD_NUAUTH_COMMAND_TRUE@install-exec-local: @BUILD_NUAUTH_COMMAND_TRUE@ install -d "$(DESTDIR)$(localstatedir)/run/nuauth/" nuauth$(EXEEXT): $(nuauth_OBJECTS) $(nuauth_DEPENDENCIES) @rm -f nuauth$(EXEEXT) $(LINK) $(nuauth_LDFLAGS) $(nuauth_OBJECTS) $(nuauth_LDADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/connections.c0000644000175000017500000003372111431206275014210 00000000000000/* ** Copyright(C) 2007 INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL : http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "auth_srv.h" /** * \addtogroup NuauthCore * @{ */ void free_connection_callback(gpointer conn, gpointer unused) { free_connection((connection_t *) conn); } void free_connection_list(GSList * list) { if (list == NULL) return; g_slist_foreach(list, free_connection_callback, NULL); g_slist_free(list); } /** * Compare non null iface value of a to value in b * * \return NU_EXIT_OK on match, NU_EXIT_ERROR on failure */ nu_error_t compare_iface_nfo_t(iface_nfo_t *a, iface_nfo_t *b) { #define compare_iface(x) if (a->x[0]) { \ if (b->x[0]) { \ if (strncmp(a->x, b->x, IFNAMSIZ)) { \ return NU_EXIT_ERROR; \ } \ } else { \ return NU_EXIT_ERROR; \ } \ } compare_iface(indev); compare_iface(outdev); compare_iface(physindev); compare_iface(physoutdev); return NU_EXIT_OK; } /** * Delete a connection and free all the memory used. * * This is the output function for every connection_t::. It * \b must be called to destroy every connection. * * This includes: * - Connection created after nufw and client request * - Connection created after a call do duplicate_connection() * * May call log_user_packet() with ::TCP_STATE_DROP state if connection was * waiting for its authentication. * * \param conn Pointer to a connection * \return None */ void free_connection(connection_t * conn) { g_assert(conn != NULL); /* log if necessary (only state authreq) with user log module * AUTH_STATE_COMPLETING is reached when no acl is found for packet */ if (conn->state == AUTH_STATE_AUTHREQ) { /* copy message */ log_user_packet(conn, TCP_STATE_DROP); } else if (conn->state == AUTH_STATE_SPOOFING) { /* we also log spoofing attempt */ log_user_packet(conn, TCP_STATE_DROP); } /* * tell cache we don't use the ressource anymore */ if (conn->acl_groups) { if (nuauthconf->acl_cache) { struct cache_message *message = g_new0(struct cache_message, 1); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Sending free to acl cache"); message->key = acl_create_and_alloc_key(conn); message->type = FREE_MESSAGE; message->datas = conn->acl_groups; g_async_queue_push(nuauthdatas->acl_cache->queue, message); } else { free_acl_groups(conn->acl_groups, NULL); } } /* free user group */ if (conn->cacheduserdatas) { if (conn->username) { struct cache_message *message = g_new0(struct cache_message, 1); if (!message) { log_message(CRITICAL, DEBUG_AREA_MAIN, "Could not g_new0(). No more memory?"); /* GRYZOR should we do something special here? */ } else { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Sending free to user cache"); message->key = g_strdup(conn->username); message->type = FREE_MESSAGE; message->datas = conn->cacheduserdatas; g_async_queue_push(nuauthdatas-> user_cache->queue, message); } } else { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Can not free user cache, username is null"); } } else { g_free(conn->username); } g_slist_free(conn->packet_id); g_slist_free(conn->user_groups); g_free(conn->app_name); g_free(conn->app_sig); g_free(conn->os_sysname); g_free(conn->os_release); g_free(conn->os_version); g_free(conn->log_prefix); g_free(conn); } /** Duplicate an iface_nfo * * Do a copy of field \b only if it is not NULL * * \param copy pointer to the target ::iface_nfo_t (MUST be allocated before) * \param orig pointer to the ::iface_nfo_t to copy */ void duplicate_iface_nfo(iface_nfo_t * copy, iface_nfo_t * orig) { memcpy(copy, orig, sizeof(iface_nfo_t)); } #undef COPY_IFACE_NAME /** Used for logging purpose \b only. * * It does not duplicate internal data. This includes all * cache datas used to take the decision * - connection_t::acl_groups * - connection_t::user_groups * - ... * * connection_t::state is switched to ::AUTH_STATE_DONE as the * connection will be used for logging only. * * \param element a pointer to a connection_t * \return the duplicated connection_t */ connection_t *duplicate_connection(connection_t * element) { connection_t *conn_copy = g_memdup(element, sizeof(*element)); if (conn_copy == NULL) { log_message(WARNING, DEBUG_AREA_MAIN, "memory duplication failed"); return NULL; } conn_copy->username = g_strdup(element->username); conn_copy->app_name = g_strdup(element->app_name); conn_copy->app_sig = g_strdup(element->app_sig); conn_copy->os_sysname = g_strdup(element->os_sysname); conn_copy->os_release = g_strdup(element->os_release); conn_copy->os_version = g_strdup(element->os_version); conn_copy->log_prefix = g_strdup(element->log_prefix); conn_copy->flags = element->flags; /* Nullify needed internal field */ conn_copy->acl_groups = NULL; conn_copy->user_groups = NULL; conn_copy->packet_id = NULL; conn_copy->cacheduserdatas = NULL; conn_copy->state = AUTH_STATE_DONE; /* copy payload */ conn_copy->payload_len = element->payload_len; memcpy(conn_copy->payload, element->payload, conn_copy->payload_len); return conn_copy; } /** * Remove element from hash table * * It only steal the ::connection_t from the connection * hash ::conn_list * * \param conn a pointer to a ::connection_t * \return Returns 1 if success, 0 if it fails */ int conn_cl_remove(gconstpointer conn) { if (!g_hash_table_steal(conn_list, &(((connection_t *) conn)->tracking))) { log_message(WARNING, DEBUG_AREA_MAIN, "Removal of conn in hash failed"); return 0; } return 1; } /** * Remove a connection from the connection hash table (::conn_list) * and free its memory using free_connection(). * * \param conn A ::connection_t * \return Returns 1 if succeeded, 0 otherwise */ int conn_cl_delete(gconstpointer conn) { g_assert(conn != NULL); if (conn_cl_remove(conn) == 0) { return 0; } /* free isolated structure */ free_connection((connection_t *) conn); return 1; } /** * \brief This function is used by clean_connections_list() to check if a * connection is 'old' (outdated) or not. * * It checks timeout with current * timestamp (see member packet_timeout of ::nuauthconf) and skip connection * in state ::AUTH_STATE_COMPLETING (because of an evil hack in * search_and_fill_complete_of_userpckt() :-)). * It is needed as we can't suppress an entry which is not currently * proceeded by the search_and_fill() thread and its associates. * * \param key Key in hash of the connection (not used in the function) * \param value Pointer to a ::connection_t * \param user_data Current timestamp (get by time(NULL)) * \return TRUE if the connection is old, FALSE else */ gboolean get_old_conn(gpointer key, gpointer value, gpointer user_data) { long current_timestamp = GPOINTER_TO_INT(user_data); /* Don't remove connection in state AUTH_STATE_COMPLETING because of * an evil hack in search_and_fill_complete_of_userpckt() :-) */ if ((current_timestamp - ((connection_t *) value)->timestamp > nuauthconf->packet_timeout) && (((connection_t *) value)->state != AUTH_STATE_COMPLETING) && (((connection_t *) value)->state != AUTH_STATE_READY) ) { return TRUE; } return FALSE; } static void clean_connection_list_callback(gpointer key, gpointer value, gpointer data) { GSList **list_ptr = (GSList **) data; time_t current_timestamp = time(NULL); if (get_old_conn(key, value, GINT_TO_POINTER(current_timestamp))) { *list_ptr = g_slist_prepend(*list_ptr, key); } } /** * \brief Find old connection and delete them. * * This function is called periodically by main thread to * clean the connection table ::conn_list. * * It uses get_old_conn() to check if a connection is 'old' or not. */ void clean_connections_list() { GSList *old_keyconn_list = NULL; GSList *old_conn_list = NULL; GSList *iterator; int nb_deleted; /* extract the list of old connections */ g_static_mutex_lock(&insert_mutex); g_hash_table_foreach(conn_list, clean_connection_list_callback, &old_keyconn_list); /* remove old connections from connection list */ nb_deleted = 0; for (iterator = old_keyconn_list; iterator != NULL;) { gpointer key = iterator->data; gpointer value = g_hash_table_lookup(conn_list, key); if (value != NULL) { g_hash_table_steal(conn_list, key); old_conn_list = g_slist_prepend(old_conn_list, value); nb_deleted += 1; } else { log_message(WARNING, DEBUG_AREA_MAIN, "Clean connection: no entry found in hash"); } iterator = iterator->next; } g_static_mutex_unlock(&insert_mutex); g_slist_free(old_keyconn_list); /* reject all old connections */ for (iterator = old_conn_list; iterator != NULL;) { connection_t *element = iterator->data; iterator = iterator->next; if (nuauthconf->reject_after_timeout != 0) element->decision = DECISION_REJECT; else element->decision = DECISION_DROP; if (element->state == AUTH_STATE_AUTHREQ) { apply_decision(element); element->state = AUTH_STATE_DONE; } free_connection(element); } g_slist_free(old_conn_list); /* display number of deleted elements */ if (0 < nb_deleted) { log_message(INFO, DEBUG_AREA_MAIN, "Clean connection list: %d connection(s) suppressed", nb_deleted); } } static char * decision_to_str(decision_t decision) { switch(decision) { case DECISION_ACCEPT: return g_strdup("ACCEPT"); case DECISION_REJECT: return g_strdup("REJECT"); case DECISION_DROP: return g_strdup("DROP"); case DECISION_NODECIDE: break; } return NULL; } static char * str_print_tracking_t(tracking_t *tracking) { char src_ascii[INET6_ADDRSTRLEN]; char dst_ascii[INET6_ADDRSTRLEN]; char * ip_header, * proto_header, *message; format_ipv6(&tracking->saddr, src_ascii, INET6_ADDRSTRLEN, NULL); format_ipv6(&tracking->daddr, dst_ascii, INET6_ADDRSTRLEN, NULL); ip_header = g_strdup_printf(" src=%s dst=%s proto=%u", src_ascii, dst_ascii, tracking->protocol); switch (tracking->protocol) { case IPPROTO_TCP: case IPPROTO_UDP: proto_header = g_strdup_printf(" sport=%d dport=%d", tracking->source, tracking->dest); break; default: return ip_header; } message = g_strconcat(ip_header, proto_header, NULL); g_free(ip_header); g_free(proto_header); return message; } nu_error_t print_tracking_t(tracking_t *tracking) { char * tracking_display = str_print_tracking_t(tracking); if (! tracking_display) return NU_EXIT_ERROR; g_message("%s", tracking_display); g_free(tracking_display); return NU_EXIT_OK; } gint print_connection_wid(gpointer data, gpointer userdata, gboolean pid, uint32_t packet_id) { connection_t *conn = (connection_t *) data; char * prefix = userdata; char * str_tracking = NULL; char * str_state = NULL; char * str_iface = NULL; char * str_id = NULL; char * str_mark = NULL; char * str_user = NULL; char * str_os = NULL; char * str_app = NULL; char * str_sig = NULL; char * str_exptime = NULL; char * message = NULL; str_tracking = str_print_tracking_t(&(conn->tracking)); if (str_tracking == NULL) { return -1; } if (conn->decision != DECISION_NODECIDE) { char * str_decision = decision_to_str(conn->decision); str_state = g_strdup_printf(", decision=%s", str_decision); g_free(str_decision); } else { str_state = g_strdup(""); } if (conn->iface_nfo.indev[0] || conn->iface_nfo.outdev[0]) { str_iface = g_strdup_printf(", IN=%s OUT=%s", conn->iface_nfo.indev, conn->iface_nfo.outdev); } else { str_iface = g_strdup(""); } if (pid != TRUE) { if (conn->packet_id) { str_id = g_strdup_printf(", packet_id=%d", GPOINTER_TO_UINT(conn->packet_id->data)); } else { str_id = g_strdup(""); } } else { str_id = g_strdup_printf(", packet_id=%d", packet_id); } str_mark = g_strdup_printf(", mark=%d", conn->mark); if (conn->username) { str_user = g_strdup_printf(", user=%s", conn->username); } else { str_user = g_strdup(""); } if (conn->os_sysname || conn->os_release || conn->os_version) { str_os = g_strdup_printf(", OS=%s %s %s", conn->os_sysname, conn->os_release, conn->os_version); } else { str_os = g_strdup(""); } if (conn->app_name) { str_app = g_strdup_printf(", app=%s", conn->app_name); } else { str_app = g_strdup(""); } if (conn->app_sig) { str_sig = g_strdup_printf(", appsig=%s", conn->app_sig); } else { str_sig = g_strdup(""); } if (conn->expire) { str_exptime = g_strdup_printf(", exptime=%d", (int)conn->expire); } else { str_exptime = g_strdup(""); } message = g_strconcat(prefix, ":", str_tracking, str_state, str_iface, str_id, str_mark, str_user, str_os, str_app, str_sig, str_exptime, NULL); g_free(str_tracking); g_free(str_state); g_free(str_iface); g_free(str_id); g_free(str_mark); g_free(str_user); g_free(str_os); g_free(str_app); g_free(str_sig); g_free(str_exptime); g_message("%s", message); g_free(message); return 1; } /** * Display connection parameters using g_message(): IP+TCP/UDP headers, * OS name, OS release and OS version, and application name. * * Only display the connection if ::debug_level is #DEBUG_LEVEL_VERBOSE_DEBUG * or greater. * * \return Returns -1 if an error occurs, 1 else. */ gint print_connection(gpointer data, gpointer userdata) { return print_connection_wid(data, userdata, FALSE, 0); } /** * @} */ nufw-2.4.3/src/nuauth/modules/0000777000175000017500000000000011431215442013244 500000000000000nufw-2.4.3/src/nuauth/modules/ipauth_guest/0000777000175000017500000000000011431215441015744 500000000000000nufw-2.4.3/src/nuauth/modules/ipauth_guest/Makefile.in0000644000175000017500000003702711431215400017731 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # ipauth_guest plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/ipauth_guest DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libipauth_guest_la_LIBADD = am_libipauth_guest_la_OBJECTS = libipauth_guest.lo libipauth_guest_la_OBJECTS = $(am_libipauth_guest_la_OBJECTS) libipauth_guest_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libipauth_guest_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libipauth_guest_la_SOURCES) DIST_SOURCES = $(libipauth_guest_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libipauth_guest.la libipauth_guest_la_SOURCES = libipauth_guest.c libipauth_guest_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/ipauth_guest/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/ipauth_guest/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libipauth_guest.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES libipauth_guest.la: $(libipauth_guest_la_OBJECTS) $(libipauth_guest_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libipauth_guest_la_LDFLAGS) $(libipauth_guest_la_OBJECTS) $(libipauth_guest_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/ipauth_guest/libipauth_guest.c0000644000175000017500000000357011431206275021226 00000000000000/* ** Copyright(C) 2006-2008 INL ** written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include "nuauthconf.h" /** * \ingroup NuauthModules */ #define IP_AUTH_GUEST_USERNAME "guest" struct ipauth_guest_params { gchar *username; }; /* * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } G_MODULE_EXPORT gchar *unload_module_with_params(gpointer params_p) { struct ipauth_guest_params *params = (struct ipauth_guest_params *) params_p; g_free(params->username); g_free(params); return NULL; } G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { struct ipauth_guest_params *params = g_new0(struct ipauth_guest_params, 1); log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Ipauth_guest module ($Revision$)"); params->username = nuauth_config_table_get_or_default("ipauth_guest_username", IP_AUTH_GUEST_USERNAME); module->params = (gpointer) params; return TRUE; } /** * @{ */ G_MODULE_EXPORT gchar *ip_authentication(auth_pckt_t * pckt, struct ipauth_guest_params * params) { if (params->username) { return g_strdup(params->username); } else { return NULL; } } /** @} */ nufw-2.4.3/src/nuauth/modules/ipauth_guest/Makefile.am0000644000175000017500000000116111431206275017720 00000000000000# ipauth_guest plugin AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libipauth_guest.la libipauth_guest_la_SOURCES = libipauth_guest.c libipauth_guest_la_LDFLAGS = -module -avoid-version libipauth_guest.la: $(libipauth_guest_la_OBJECTS) $(libipauth_guest_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libipauth_guest_la_LDFLAGS) $(libipauth_guest_la_OBJECTS) $(libipauth_guest_la_LIBADD) nufw-2.4.3/src/nuauth/modules/log_mysql/0000777000175000017500000000000011431215440015250 500000000000000nufw-2.4.3/src/nuauth/modules/log_mysql/log_mysql.h0000644000175000017500000000452611431206275017360 00000000000000/* ** Copyright(C) 2003-2006 INL ** written by Eric Leblond ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation; version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include #define MYSQL_SERVER "127.0.0.1" #define MYSQL_SERVER_PORT 3306 /*#define LDAP_USER NULL #define LDAP_CRED NULL */ #define MYSQL_USER "nufw" #define MYSQL_PASSWD "mypassword" #define MYSQL_DB_NAME "nufw" #define MYSQL_TABLE_NAME "ulog" #define MYSQL_USERS_TABLE_NAME "users" #define MYSQL_REQUEST_TIMEOUT 10 #define MYSQL_USE_IPV4_SCHEMA 1 /* use IPV4 schema by default for compatibility */ /* SSL options */ #define MYSQL_USE_SSL 1 /* use ssl by default */ #define MYSQL_SSL_KEYFILE NULL #define MYSQL_SSL_CERTFILE NULL #define MYSQL_SSL_CA NULL #define MYSQL_SSL_CAPATH NULL #define MYSQL_SSL_CIPHER "ALL:!ADH:+RC4:@STRENGTH" #define OSNAME_MAX_SIZE 100 #define APPNAME_MAX_SIZE 256 #define SHORT_REQUEST_SIZE 512 #define LONG_REQUEST_SIZE 1024 #define INSERT_REQUEST_FIELDS_SIZE 200 #define INSERT_REQUEST_VALUES_SIZE 800 #define REQUEST_TMP_BUFFER 500 typedef enum { PREFIX_VERSION_ORIG, PREFIX_VERSION_NULOG2, } prefix_version_t; struct log_mysql_params { module_hook_t hook; int mysql_request_timeout; char *mysql_user; char *mysql_passwd; char *mysql_server; char *mysql_db_name; char *mysql_table_name; char *mysql_users_table_name; int mysql_server_port; unsigned char mysql_use_ipv4_schema; unsigned char mysql_admin_bofh; int mysql_bofh_victim_group; prefix_version_t mysql_prefix_version; unsigned char mysql_use_ssl; char *mysql_ssl_keyfile; char *mysql_ssl_certfile; char *mysql_ssl_ca; char *mysql_ssl_capath; char *mysql_ssl_cipher; GPrivate *mysql_priv; /* private pointer for mysql database access */ }; GSList *mysql_conn_list; nufw-2.4.3/src/nuauth/modules/log_mysql/Makefile.in0000644000175000017500000004031411431215400017227 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # MYSQL log plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/log_mysql DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libmysql_la_LIBADD = am__libmysql_la_SOURCES_DIST = mysql.c log_mysql.h am__objects_1 = @USE_MYSQL_LOG_TRUE@am_libmysql_la_OBJECTS = mysql.lo $(am__objects_1) libmysql_la_OBJECTS = $(am_libmysql_la_OBJECTS) libmysql_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libmysql_la_LDFLAGS) $(LDFLAGS) -o $@ @USE_MYSQL_LOG_TRUE@am_libmysql_la_rpath = -rpath $(plugindir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libmysql_la_SOURCES) DIST_SOURCES = $(am__libmysql_la_SOURCES_DIST) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @USE_MYSQL_LOG_TRUE@AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" @HAVE_MYSQL_CONFIG_TRUE@@USE_MYSQL_LOG_TRUE@MYSQL_INCLUDE = `mysql_config --include` @HAVE_MYSQL_CONFIG_TRUE@@USE_MYSQL_LOG_TRUE@MYSQL_LIBS = `mysql_config --libs_r` @USE_MYSQL_LOG_TRUE@INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase/ -I$(top_srcdir)/src/libs/nussl/ $(MYSQL_INCLUDE) @USE_MYSQL_LOG_TRUE@plugindir = $(libdir)/nuauth/modules @USE_MYSQL_LOG_TRUE@plugin_LTLIBRARIES = libmysql.la @USE_MYSQL_LOG_TRUE@noinst_libmysql_la_SOURCES = log_mysql.h @USE_MYSQL_LOG_TRUE@libmysql_la_SOURCES = mysql.c ${noinst_libmysql_la_SOURCES} @USE_MYSQL_LOG_TRUE@libmysql_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/log_mysql/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/log_mysql/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done @USE_MYSQL_LOG_FALSE@libmysql.la: $(libmysql_la_OBJECTS) $(libmysql_la_DEPENDENCIES) @USE_MYSQL_LOG_FALSE@ $(libmysql_la_LINK) $(am_libmysql_la_rpath) $(libmysql_la_OBJECTS) $(libmysql_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mysql.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES @USE_MYSQL_LOG_TRUE@libmysql.la: $(libmysql_la_OBJECTS) $(libmysql_la_DEPENDENCIES) @USE_MYSQL_LOG_TRUE@ $(LINK) -rpath $(plugindir) $(am_libmysql_la_rpath) $(libmysql_la_LDFLAGS) $(libmysql_la_OBJECTS) $(MYSQL_LIBS) $(libmysql_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/log_mysql/Makefile.am0000644000175000017500000000145511431206275017233 00000000000000# MYSQL log plugin if USE_MYSQL_LOG AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" if HAVE_MYSQL_CONFIG MYSQL_INCLUDE = `mysql_config --include` MYSQL_LIBS = `mysql_config --libs_r` endif INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase/ -I$(top_srcdir)/src/libs/nussl/ $(MYSQL_INCLUDE) plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libmysql.la noinst_libmysql_la_SOURCES = log_mysql.h libmysql_la_SOURCES = mysql.c ${noinst_libmysql_la_SOURCES} libmysql_la_LDFLAGS = -module -avoid-version libmysql.la: $(libmysql_la_OBJECTS) $(libmysql_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(am_libmysql_la_rpath) $(libmysql_la_LDFLAGS) $(libmysql_la_OBJECTS) $(MYSQL_LIBS) $(libmysql_la_LIBADD) endif nufw-2.4.3/src/nuauth/modules/log_mysql/mysql.c0000644000175000017500000007541411431206275016516 00000000000000/* ** Copyright(C) 2003-2008 INL ** Written by Eric Leblond ** Vincent Deffontaines ** Victor Stinner ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include #include #include #include #include "nuauthconf.h" #include "strings.h" /** Minimum buffer size to write an IPv6 in SQL syntax */ #define IPV6_SQL_STRLEN (2+16*2+1) /* * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } /** * Convert an IPv6 address to SQL binary string. * Eg. ::1 => "0x0000000000000001" * * \return Returns -1 if fails, 0 otherwise. */ static int ipv6_to_sql( struct log_mysql_params *params, struct in6_addr *addr, char *buffer, size_t buflen, int use_ntohl) { unsigned char i; unsigned char *addr8; size_t written; if (!params->mysql_use_ipv4_schema) { /* format IPv6 to BINARY(16) as "0x..." */ if (buflen < IPV6_SQL_STRLEN) { buffer[0] = 0; return -1; } buffer[0] = '0'; buffer[1] = 'x'; buffer += 2; addr8 = &addr->s6_addr[0]; for (i = 0; i < 4; i++) { written = sprintf(buffer, "%02x%02x%02x%02x", addr8[0], addr8[1], addr8[2], addr8[3]); if (written != 2 * 4) { buffer[0] = 0; return -1; } buffer += written; addr8 += 4; } buffer[0] = 0; } else { int ok; uint32_t ip; /* format IPv6 to "a.b.c.d" but only for IPv4 in IPv6 */ if (!is_ipv4(addr)) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "MySQL: Packet has IPV6 address but MySQL use IPV4 only schema"); return -1; } ip = addr->s6_addr32[3]; if (use_ntohl) ip = ntohl(ip); ok = secure_snprintf(buffer, buflen, "%u", ip); if (!ok) return -1; } return 0; } static nu_error_t mysql_close_open_user_sessions(struct log_mysql_params *params); static MYSQL *mysql_conn_init(struct log_mysql_params *params); static MYSQL *get_mysql_handler(struct log_mysql_params *params); /** * * \ingroup LoggingNuauthModules * \defgroup MySQLModule MySQL logging module * * @{ */ static nu_error_t mysql_close_current(struct log_mysql_params* params) { MYSQL* ld = get_mysql_handler(params); if (ld) { mysql_close(ld); } g_private_set(params->mysql_priv, NULL); return NU_EXIT_OK; } G_MODULE_EXPORT gchar *unload_module_with_params(gpointer params_p) { struct log_mysql_params *params = (struct log_mysql_params *) params_p; if (params) { if ((!nuauth_is_reloading()) && (params->hook == MOD_LOG_SESSION)) { if (mysql_close_open_user_sessions(params) != NU_EXIT_OK) { log_message(WARNING, DEBUG_AREA_MAIN, "Could not close session when unloading module"); } } g_free(params->mysql_user); g_free(params->mysql_passwd); g_free(params->mysql_server); g_free(params->mysql_db_name); g_free(params->mysql_table_name); g_free(params->mysql_users_table_name); g_free(params->mysql_ssl_keyfile); g_free(params->mysql_ssl_certfile); g_free(params->mysql_ssl_ca); g_free(params->mysql_ssl_capath); g_free(params->mysql_ssl_cipher); } g_free(params); return NULL; } /** * \brief Close all open user sessions * * \return A nu_error_t */ static nu_error_t mysql_close_open_user_sessions(struct log_mysql_params *params) { MYSQL *ld = NULL; char request[LONG_REQUEST_SIZE]; int mysql_ret; int ok; ld = mysql_conn_init(params); if (!ld) { return NU_EXIT_ERROR; } ok = secure_snprintf(request, sizeof(request), "UPDATE %s SET end_time=FROM_UNIXTIME(%lu) where end_time is NULL", params->mysql_users_table_name, time(NULL)); if (!ok) { mysql_close(ld); return NU_EXIT_ERROR; } /* execute query */ mysql_ret = mysql_real_query(ld, request, strlen(request)); if (mysql_ret != 0) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[MySQL] Cannot execute request: %s", mysql_error(ld)); mysql_close(ld); return NU_EXIT_ERROR; } mysql_close(ld); return NU_EXIT_OK; } /* Init mysql system */ G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { /* char *ldap_base_dn=LDAP_BASE; */ struct log_mysql_params *params = g_new0(struct log_mysql_params, 1); log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Log_mysql module ($Revision$)"); /* init global variables */ params->mysql_ssl_cipher = MYSQL_SSL_CIPHER; params->hook = module->hook; /* set variables */ params->mysql_server = nuauth_config_table_get_or_default("mysql_server_addr", MYSQL_SERVER); params->mysql_user = nuauth_config_table_get_or_default("mysql_user", MYSQL_USER); params->mysql_passwd = nuauth_config_table_get_or_default("mysql_passwd", MYSQL_PASSWD); params->mysql_db_name = nuauth_config_table_get_or_default("mysql_db_name", MYSQL_DB_NAME); params->mysql_table_name = nuauth_config_table_get_or_default("mysql_table_name", MYSQL_TABLE_NAME); params->mysql_users_table_name = nuauth_config_table_get_or_default("mysql_users_table_name", MYSQL_USERS_TABLE_NAME); params->mysql_ssl_keyfile = nuauth_config_table_get_or_default("mysql_ssl_keyfile", MYSQL_SSL_KEYFILE); params->mysql_ssl_certfile = nuauth_config_table_get_or_default("mysql_ssl_certfile", MYSQL_SSL_CERTFILE); params->mysql_ssl_ca = nuauth_config_table_get_or_default("mysql_ssl_ca", MYSQL_SSL_CA); params->mysql_ssl_capath = nuauth_config_table_get_or_default("mysql_ssl_capath", MYSQL_SSL_CAPATH); params->mysql_ssl_cipher = nuauth_config_table_get_or_default("mysql_ssl_cipher", MYSQL_SSL_CIPHER); params->mysql_server_port = nuauth_config_table_get_or_default_int("mysql_server_port", MYSQL_SERVER_PORT); params->mysql_request_timeout = nuauth_config_table_get_or_default_int("mysql_request_timeout", MYSQL_REQUEST_TIMEOUT); params->mysql_use_ssl = nuauth_config_table_get_or_default_int("mysql_use_ssl", MYSQL_USE_SSL); params->mysql_use_ipv4_schema = nuauth_config_table_get_or_default_int("mysql_use_ipv4_schema", MYSQL_USE_IPV4_SCHEMA); params->mysql_admin_bofh = nuauth_config_table_get_or_default_int("mysql_admin_bofh", 0); params->mysql_prefix_version = nuauth_config_table_get_or_default_int("mysql_prefix_version", PREFIX_VERSION_NULOG2); /* XXX: Was previously initialized as PREFIX_VERSION_ORIG*/ params->mysql_bofh_victim_group = nuauth_config_table_get_or_default_int("mysql_bofh_victim_group", 0); if (params->mysql_admin_bofh) { if (nuauthconf->single_user_client_limit != 1 ) { log_message(WARNING, DEBUG_AREA_MAIN, "Resetting mysql_admin_bofh to 0 because multiple logins are allowed"); params->mysql_admin_bofh = 0; } log_message(WARNING, DEBUG_AREA_MAIN, "mysql_admin_bofh will not work properly if you have multiple nufw"); } /* init thread private stuff */ params->mysql_priv = g_private_new(NULL); log_message(DEBUG, DEBUG_AREA_MAIN, "mysql part of the config file is parsed"); module->params = (gpointer) params; /* do initial update of user session if needed */ if ((!nuauth_is_reloading()) && (params->hook == MOD_LOG_SESSION)) { mysql_close_open_user_sessions(params); } return TRUE; } /* * Initialize connection to mysql server */ static MYSQL *mysql_conn_init(struct log_mysql_params *params) { MYSQL *ld = NULL; #ifdef MYSQL_OPT_RECONNECT my_bool trueval = 1; #endif /* init connection */ ld = mysql_init(ld); if (ld == NULL) { log_message(WARNING, DEBUG_AREA_MAIN, "mysql init error: %s", strerror(errno)); return NULL; } #if HAVE_MYSQL_SSL /* Set SSL options, if configured to do so */ if (params->mysql_use_ssl) mysql_ssl_set(ld, params->mysql_ssl_keyfile, params->mysql_ssl_certfile, params->mysql_ssl_ca, params->mysql_ssl_capath, params->mysql_ssl_cipher); #endif #if 0 /* Set MYSQL object properties */ if (mysql_options(ld, MYSQL_OPT_CONNECT_TIMEOUT, mysql_conninfo) != 0) { log_message(WARNING, DEBUG_AREA_MAIN, "mysql options setting failed : %s", mysql_error(ld)); } #endif #ifdef MYSQL_OPT_RECONNECT # if defined(MYSQL_VERSION_ID) && (MYSQL_VERSION_ID >= 50019) mysql_options(ld, MYSQL_OPT_RECONNECT, &trueval); # endif #endif if (!mysql_real_connect (ld, params->mysql_server, params->mysql_user, params->mysql_passwd, params->mysql_db_name, params->mysql_server_port, NULL, 0)) { log_message(WARNING, DEBUG_AREA_MAIN, "mysql connection failed: %s", mysql_error(ld)); mysql_close(ld); return NULL; } #ifdef MYSQL_OPT_RECONNECT # if defined(MYSQL_VERSION_ID) && (MYSQL_VERSION_ID < 50019) mysql_options(ld, MYSQL_OPT_RECONNECT, &trueval); # endif #endif mysql_conn_list = g_slist_prepend(mysql_conn_list, ld); return ld; } static gchar *generate_osname(gchar * Name, gchar * Version, gchar * Release) { if (Name != NULL && Release != NULL && Version != NULL && ((strlen(Name) + strlen(Release) + strlen(Version) + 3) <= OSNAME_MAX_SIZE)) { return g_strjoin("-", Name, Version, Release, NULL); } else { return g_strdup(""); } } static gchar *generate_appname(gchar * appname) { if (appname != NULL && strlen(appname) < APPNAME_MAX_SIZE) { return g_strdup(appname); } else { return g_strdup(""); } } static char *quote_string(MYSQL * mysql, char *text) { unsigned int length = strlen(text); char *quoted; if (length == 0) return strdup(text); quoted = (char *) malloc(length * 2 + 1); if (mysql_real_escape_string(mysql, quoted, text, length) == 0) { g_free(quoted); return NULL; } return quoted; } char* create_log_prefix(int prefix_version, const char* oob_sufix, connection_t *element) { const gchar *place; if (prefix_version == PREFIX_VERSION_ORIG) { /* old log format: "42:ETH-IF ACCEPT" */ const gchar *prefix; if (element->log_prefix) { prefix = element->log_prefix; } else { prefix = "Default"; } return g_strdup_printf("%s %s", prefix, oob_sufix); } /* new log format: "F42A:message" */ if (!element->log_prefix) { return g_strdup_printf("F0%c:Default DROP", oob_sufix[0]); } /* prefix is "[FIO]${ID_ACL}?:${description}", * replace ? by decision (in fact first letter of prefix) */ place = strchr(element->log_prefix, '?'); if (place) { char *log_prefix = g_strdup(element->log_prefix); log_prefix[place - element->log_prefix] = oob_sufix[0]; return log_prefix; } else { /* old log format? (eg. log prefix from plaintext module) */ return g_strdup_printf("%s %s", element->log_prefix, oob_sufix); } } static char *build_insert_request(MYSQL * ld, connection_t * element, tcp_state_t state, char *auth_oob_prefix, char *unauth_oob_prefix, struct log_mysql_params *params) { char request_fields[INSERT_REQUEST_FIELDS_SIZE]; char request_values[INSERT_REQUEST_VALUES_SIZE]; char src_ascii[IPV6_SQL_STRLEN]; char dst_ascii[IPV6_SQL_STRLEN]; char tmp_buffer[REQUEST_TMP_BUFFER]; char *log_prefix; short unsigned int proto; gboolean ok; const char* oob_prefix; /* Write common informations */ ok = secure_snprintf(request_fields, sizeof(request_fields), "INSERT INTO %s (state, oob_time_sec, ip_protocol, ip_saddr, ip_daddr, ", params->mysql_table_name); if (!ok) { return NULL; } if (ipv6_to_sql (params, &element->tracking.saddr, src_ascii, sizeof(src_ascii), 1) != 0) return NULL; if (ipv6_to_sql (params, &element->tracking.daddr, dst_ascii, sizeof(dst_ascii), 1) != 0) return NULL; proto = (short unsigned int) element->tracking.protocol; ok = secure_snprintf(request_values, sizeof(request_values), "VALUES ('%hu', '%lu', '%hu', %s, %s, ", (short unsigned int) state, (long unsigned int) element-> timestamp, proto, src_ascii, dst_ascii); if (!ok) { return NULL; } if (element->iface_nfo.indev) { g_strlcat(request_fields, "oob_in, ", INSERT_REQUEST_FIELDS_SIZE); g_strlcat(request_values, "'", INSERT_REQUEST_VALUES_SIZE); g_strlcat(request_values, element->iface_nfo.indev, INSERT_REQUEST_VALUES_SIZE); g_strlcat(request_values, "', ", INSERT_REQUEST_VALUES_SIZE); } if (element->iface_nfo.outdev) { g_strlcat(request_fields, "oob_out,", INSERT_REQUEST_FIELDS_SIZE); g_strlcat(request_values, "'", INSERT_REQUEST_VALUES_SIZE); g_strlcat(request_values, element->iface_nfo.outdev, INSERT_REQUEST_VALUES_SIZE); g_strlcat(request_values, "', ", INSERT_REQUEST_VALUES_SIZE); } if (element->username) { oob_prefix = auth_oob_prefix; } else { oob_prefix = unauth_oob_prefix; } log_prefix = create_log_prefix(params->mysql_prefix_version, oob_prefix, element); /* Add user informations */ if (element->username) { /* Get OS and application names */ char *osname = generate_osname(element->os_sysname, element->os_version, element->os_release); char *appname = generate_appname(element->app_name); /*Just a size check actually */ /* Quote strings send to MySQL */ char *quoted_username = quote_string(ld, element->username); char *quoted_osname = quote_string(ld, osname); char *quoted_appname = quote_string(ld, appname); g_free(osname); g_free(appname); ok = (quoted_username != NULL) && (quoted_osname != NULL) && (quoted_appname != NULL); if (ok) { /* Add oob prefix, informations about user, OS an application */ g_strlcat(request_fields, "oob_prefix, user_id, username, client_os, client_app", sizeof(request_fields)); ok = secure_snprintf(tmp_buffer, sizeof(tmp_buffer), "'%s', '%lu', '%s', '%s', '%s'", log_prefix, (long unsigned int) element-> user_id, quoted_username, quoted_osname, quoted_appname); } g_free(quoted_username); g_free(quoted_osname); g_free(quoted_appname); if (!ok) { return NULL; } g_strlcat(request_values, tmp_buffer, sizeof(request_values)); } else { /* Add oob prefix */ g_strlcat(request_fields, "oob_prefix", sizeof(request_fields)); ok = secure_snprintf(tmp_buffer, sizeof(tmp_buffer), "'%s'", log_prefix); if (!ok) { return NULL; } g_strlcat(request_values, tmp_buffer, sizeof(request_values)); } g_free(log_prefix); /* Add TCP/UDP parameters */ if ((element->tracking.protocol == IPPROTO_TCP) || (element->tracking.protocol == IPPROTO_UDP)) { if (element->tracking.protocol == IPPROTO_TCP) { g_strlcat(request_fields, ", tcp_sport, tcp_dport)", sizeof(request_fields)); } else { g_strlcat(request_fields, ", udp_sport, udp_dport)", sizeof(request_fields)); } ok = secure_snprintf(tmp_buffer, sizeof(tmp_buffer), ", '%hu', '%hu')", element->tracking.source, element->tracking.dest); if (!ok) { return NULL; } g_strlcat(request_values, tmp_buffer, sizeof(request_values)); } else { g_strlcat(request_fields, ")", sizeof(request_fields)); g_strlcat(request_values, ")", sizeof(request_values)); } /* Check overflow */ if (((sizeof(request_fields) - 1) <= strlen(request_fields)) || ((sizeof(request_values) - 1) <= strlen(request_values))) { return NULL; } /* do the mysql request */ return g_strconcat(request_fields, "\n", request_values, NULL); } static inline int log_state_open(MYSQL * ld, connection_t * element, struct log_mysql_params *params) { char *request; int mysql_ret; if (element->tracking.protocol == IPPROTO_TCP && (nuauthconf->log_users_strict || (element->flags & ACL_FLAGS_STRICT))) { gboolean ok; char request[SHORT_REQUEST_SIZE]; char src_ascii[IPV6_SQL_STRLEN]; if (ipv6_to_sql (params, &element->tracking.saddr, src_ascii, sizeof(src_ascii), 1) != 0) return -1; ok = secure_snprintf(request, sizeof(request), "UPDATE %s SET state='%hu', end_timestamp=FROM_UNIXTIME('%lu') " "WHERE (ip_saddr=%s AND tcp_sport='%u' AND (state=1 OR state=2))", params->mysql_table_name, TCP_STATE_CLOSE, element->timestamp, src_ascii, (element->tracking).source); /* need to update table to suppress double field */ if (!ok) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "Building mysql update query, the SHORT_REQUEST_SIZE limit was reached!"); return -1; } mysql_ret = mysql_real_query(ld, request, strlen(request)); if (mysql_ret != 0) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[MySQL] Cannot update data: %s", mysql_error(ld)); mysql_close_current(params); return -1; } } /* build sql request */ request = build_insert_request(ld, element, TCP_STATE_OPEN, "ACCEPT", "ACCEPT", params); if (request == NULL) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "Error while building MySQL insert query (state OPEN)!"); return -1; } /* do query */ mysql_ret = mysql_real_query(ld, request, strlen(request)); g_free(request); /* check request error code */ if (mysql_ret != 0) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[MySQL] Cannot insert data: %s", mysql_error(ld)); mysql_close_current(params); return -1; } return 0; } static inline int log_state_established(MYSQL * ld, struct accounted_connection *element, struct log_mysql_params *params) { char request[LONG_REQUEST_SIZE]; char src_ascii[IPV6_SQL_STRLEN]; char dst_ascii[IPV6_SQL_STRLEN]; int Result; int update_status = 0; gboolean ok; if (ipv6_to_sql (params, &element->tracking.saddr, src_ascii, sizeof(src_ascii), 1) != 0) return -1; if (ipv6_to_sql (params, &element->tracking.daddr, dst_ascii, sizeof(dst_ascii), 1) != 0) return -1; while (update_status < 2) { update_status++; ok = secure_snprintf(request, sizeof(request), "UPDATE %s SET state=%hu, start_timestamp=FROM_UNIXTIME(%lu) " "WHERE (ip_daddr=%s AND ip_saddr=%s " "AND tcp_dport='%hu' AND tcp_sport='%hu' AND state='%hu')", params->mysql_table_name, TCP_STATE_ESTABLISHED, element->timestamp, src_ascii, dst_ascii, (element->tracking).source, (element->tracking).dest, TCP_STATE_OPEN); if (!ok) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "Building mysql update query, the SHORT_REQUEST_SIZE limit was reached!"); return -1; } Result = mysql_real_query(ld, request, strlen(request)); if (Result != 0) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "Can not update Data: %s", mysql_error(ld)); mysql_close_current(params); return -1; } if (mysql_affected_rows(ld) >= 1) { return 0; } else { /* If logging pool is full then waiting for entry will slow down * recovery by a huge time (and entry has probably to update has * probably not been updated. */ if (nuauthdatas->loggers_pool_full == TRUE) { return 0; } if (update_status < 2) { /* Sleep for 1/3 sec */ struct timespec sleep; sleep.tv_sec = 0; sleep.tv_nsec = 333333333; nanosleep(&sleep, NULL); } else { debug_log_message(DEBUG, DEBUG_AREA_MAIN, "Tried to update MYSQL entry twice, looks like data to update wasn't inserted"); } } } return 0; } static inline int log_state_close(MYSQL * ld, struct accounted_connection *element, struct log_mysql_params *params) { char request[LONG_REQUEST_SIZE]; int Result; int update_status = 0; gboolean ok; while (update_status < 2) { char src_ascii[IPV6_SQL_STRLEN]; char dst_ascii[IPV6_SQL_STRLEN]; update_status++; if (ipv6_to_sql (params, &element->tracking.saddr, src_ascii, sizeof(src_ascii), 1) != 0) return -1; if (ipv6_to_sql (params, &element->tracking.daddr, dst_ascii, sizeof(dst_ascii), 1) != 0) return -1; ok = secure_snprintf(request, sizeof(request), "UPDATE %s SET end_timestamp=FROM_UNIXTIME(%lu), state=%hu," " packets_in=%" PRIu64 ", packets_out=%" PRIu64 "," " bytes_in=%" PRIu64 ", bytes_out=%" PRIu64 " " "WHERE (ip_saddr=%s AND ip_daddr=%s " "AND tcp_sport='%hu' AND tcp_dport='%hu' AND (state='%hu' OR state='%hu'))", params->mysql_table_name, element->timestamp, TCP_STATE_CLOSE, element->packets_in, element->packets_out, element->bytes_in, element->bytes_out, src_ascii, dst_ascii, (element->tracking).source, (element->tracking).dest, TCP_STATE_ESTABLISHED, TCP_STATE_OPEN); if (!ok) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "Building mysql update query, the SHORT_REQUEST_SIZE limit was reached!"); return -1; } } Result = mysql_real_query(ld, request, strlen(request)); if (Result != 0) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "Can not update Data: %s", mysql_error(ld)); mysql_close_current(params); return -1; } if (mysql_affected_rows(ld) >= 1) { return 0; } else { /* If logging pool is full then waiting for entry will slow down * recovery by a huge time (and entry has probably to update has * probably not been updated. */ if (nuauthdatas->loggers_pool_full == TRUE) { return 0; } if (update_status < 2) { /* Sleep for 2/3 sec */ struct timespec sleep; sleep.tv_sec = 0; sleep.tv_nsec = 666666666; nanosleep(&sleep, NULL); } else { debug_log_message(WARNING, DEBUG_AREA_MAIN, "Tried to update MYSQL entry twice, " "looks like data to update wasn't inserted"); } } return 0; } static int log_state_drop(MYSQL * ld, connection_t * element, struct log_mysql_params *params) { int mysql_ret; /* build sql request */ char *request = build_insert_request(ld, element, TCP_STATE_DROP, "DROP", "UNAUTHENTICATED DROP", params); if (request == NULL) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "Error while building MySQL insert query (state DROP)!"); return -1; } /* do query */ mysql_ret = mysql_real_query(ld, request, strlen(request)); g_free(request); /* check request error code */ if (mysql_ret != 0) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[MySQL] Cannot insert data: %s", mysql_error(ld)); mysql_close_current(params); return -1; } return 0; } static MYSQL *get_mysql_handler(struct log_mysql_params *params) { MYSQL *ld = g_private_get(params->mysql_priv); if (ld) { return ld; } ld = mysql_conn_init(params); if (ld == NULL) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "Can not initiate MYSQL connection"); return NULL; } g_private_set(params->mysql_priv, ld); return ld; } /** * \brief User packet logging * * This function is exported by the module and called by nuauth core when a packet needs to be logged * * \param element A pointer to a ::connection_t containing all information about the packet to be logged * \param state A ::tcp_state_t that indicate the state of the packet * \param params_p A pointer to the parameters of the module instance we're working for * \return -1 in case of error, 0 if there is no problem */ G_MODULE_EXPORT gint user_packet_logs(void *element, tcp_state_t state, gpointer params_p) { struct log_mysql_params *params = (struct log_mysql_params *) params_p; MYSQL *ld = get_mysql_handler(params); if (ld == NULL) { return -1; } /* contruct request */ switch (state) { case TCP_STATE_OPEN: return log_state_open(ld, (connection_t *) element, params); case TCP_STATE_ESTABLISHED: if ((((struct accounted_connection *) element)->tracking). protocol == IPPROTO_TCP) { return log_state_established(ld, (struct accounted_connection *) element, params); } else { return 0; } case TCP_STATE_CLOSE: if ((((struct accounted_connection *) element)->tracking). protocol == IPPROTO_TCP) { return log_state_close(ld, (struct accounted_connection *) element, params); } else { return 0; } case TCP_STATE_DROP: return log_state_drop(ld, (connection_t *) element, params); default: /* Ignore other states */ return 0; } } #define CONN_SELECT_FIELDS "ip_protocol,ip_saddr,ip_daddr,tcp_sport,tcp_dport,udp_sport,udp_dport,icmp_type,icmp_code" static nu_error_t build_conntrack_msg_from_mysql(MYSQL_ROW row, struct limited_connection *msgdatas, struct log_mysql_params *params) { /* clear tracking */ memset(&(msgdatas->tracking), 0, sizeof(tracking_t)); /* fill msgdatas.tracking with datas */ if (params->mysql_use_ipv4_schema) { uint32_to_ipv6(atol(row[1]), &msgdatas->tracking.saddr); uint32_to_ipv6(atol(row[2]), &msgdatas->tracking.daddr); } else { memcpy(&(msgdatas->tracking.saddr), row[1], sizeof(msgdatas->tracking.saddr)); memcpy(&(msgdatas->tracking.daddr), row[2], sizeof(msgdatas->tracking.daddr)); } msgdatas->tracking.protocol = atoi(row[0]); switch (msgdatas->tracking.protocol) { case IPPROTO_TCP: msgdatas->tracking.source = atoi(row[3]); msgdatas->tracking.dest = atoi(row[4]); break; case IPPROTO_UDP: msgdatas->tracking.source = atoi(row[5]); msgdatas->tracking.dest = atoi(row[6]); break; case IPPROTO_ICMP: msgdatas->tracking.source = atoi(row[7]); msgdatas->tracking.dest = atoi(row[8]); break; default: return NU_EXIT_ERROR; } if (DEBUG_OR_NOT(DEBUG_LEVEL_VERBOSE_DEBUG, DEBUG_AREA_MAIN)) { if (print_tracking_t(&(msgdatas->tracking)) == NU_EXIT_ERROR) return NU_EXIT_ERROR; } return NU_EXIT_OK; } /** * Destroy all users connections when session terminate */ nu_error_t destroy_user_connections(user_session_t * c_session, session_state_t state, gpointer params_p) { struct log_mysql_params *params = (struct log_mysql_params *) params_p; char request[LONG_REQUEST_SIZE]; char ip_ascii[IPV6_SQL_STRLEN]; MYSQL *ld; gboolean ok; struct limited_connection msgdatas; nufw_session_t* nufw_session; MYSQL_ROW row; if (ipv6_to_sql(params, &c_session->addr, ip_ascii, sizeof(ip_ascii), 1) != 0) return NU_EXIT_ERROR; ld = get_mysql_handler(params); if (ld == NULL) { return NU_EXIT_ERROR; } /* select existing user connection */ ok = secure_snprintf(request, sizeof(request), "SELECT " CONN_SELECT_FIELDS " FROM %s " "WHERE ip_saddr=%s AND username='%s'" " AND (state = 1 OR state =2)", params->mysql_table_name, ip_ascii, c_session->user_name); if (!ok) { return NU_EXIT_ERROR; } nufw_session = get_nufw_session(); if (nufw_session == NULL) return NU_EXIT_ERROR; memcpy(&(msgdatas.gwaddr), &(nufw_session->peername), sizeof(struct in6_addr)); /* execute query */ ok = mysql_real_query(ld, request, strlen(request)); if (ok != 0) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[MySQL] Cannot execute request: %s", mysql_error(ld)); mysql_close_current(params); return NU_EXIT_ERROR; } else { /* * For each answer: * - generate conntrack message * - send destroy message to nufw */ MYSQL_RES *result = mysql_store_result(ld); while ((row = mysql_fetch_row(result))) { if (build_conntrack_msg_from_mysql(row, &msgdatas, params) != NU_EXIT_OK) { mysql_free_result(result); return NU_EXIT_ERROR; } if (send_conntrack_message (&msgdatas, AUTH_CONN_DESTROY) != NU_EXIT_OK) { mysql_free_result(result); return NU_EXIT_ERROR; } } mysql_free_result(result); } return NU_EXIT_OK; } /** * \brief User session logging * * This function is exported by the module and called by nuauth core when a user connect or disconnect * * \param c_session A pointer to a ::user_session_t containing all information about the user * \param state A ::session_state_t that indicate the state of the user session (basically starting or ending) * \param params_p A pointer to the parameters of the module instance we're working for * \return -1 in case of error, 1 if there is no problem */ G_MODULE_EXPORT int user_session_logs(user_session_t * c_session, session_state_t state, gpointer params_p) { struct log_mysql_params *params = (struct log_mysql_params *) params_p; char request[LONG_REQUEST_SIZE]; char ip_ascii[IPV6_SQL_STRLEN]; int mysql_ret; MYSQL *ld; gboolean ok; ld = get_mysql_handler(params); if (ld == NULL) { return -1; } if (ipv6_to_sql(params, &c_session->addr, ip_ascii, sizeof(ip_ascii), 0) != 0) return -1; switch (state) { case SESSION_OPEN: { /* create new user session */ char *quoted_username = quote_string(ld, c_session->user_name); char *quoted_osname = quote_string(ld, c_session->sysname); ok = (quoted_username != NULL) && (quoted_osname != NULL); if (ok) { ok = secure_snprintf(request, sizeof(request), "INSERT INTO %s (user_id, username, ip_saddr, " "os_sysname, os_release, os_version, socket, start_time) " "VALUES ('%lu', '%s', '%s', '%s', '%s', '%s', '%u', FROM_UNIXTIME(%lu))", params->mysql_users_table_name, (unsigned long)c_session->user_id, quoted_username, ip_ascii, quoted_osname, c_session->release, c_session->version, c_session->socket, time(NULL)); } g_free(quoted_username); g_free(quoted_osname); } break; case SESSION_CLOSE: /* update existing user session */ ok = secure_snprintf(request, sizeof(request), "UPDATE %s SET end_time=FROM_UNIXTIME(%lu) " "WHERE socket=%u AND ip_saddr=%s AND end_time IS NULL", params->mysql_users_table_name, time(NULL), c_session->socket, ip_ascii); break; default: return -1; } if (!ok) { return -1; } /* execute query */ mysql_ret = mysql_real_query(ld, request, strlen(request)); if (mysql_ret != 0) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[MySQL] Cannot execute request: %s", mysql_error(ld)); mysql_close_current(params); return -1; } if (params->mysql_admin_bofh && (state == SESSION_CLOSE)) { if (params->mysql_bofh_victim_group) { if (! g_slist_find( c_session->groups, GINT_TO_POINTER( params->mysql_bofh_victim_group)) ) return 1; if (destroy_user_connections(c_session, state, params_p) == NU_EXIT_ERROR) return -1; } } return 1; } const gchar *g_module_check_init(GModule *module) { mysql_conn_list = NULL; mysql_server_init(0, NULL, NULL); return NULL; } void g_module_unload(GModule *module) { #if 0 GSList* pointer = mysql_conn_list; /* comment code as it seems to cause a crash when nuauth terminate */ if (mysql_conn_list) { while (pointer) { mysql_close((MYSQL *)pointer->data); pointer = pointer->next; } g_slist_free(mysql_conn_list); } #endif mysql_server_end(); } /** @} */ nufw-2.4.3/src/nuauth/modules/x509_std/0000777000175000017500000000000011431215441014622 500000000000000nufw-2.4.3/src/nuauth/modules/x509_std/Makefile.in0000644000175000017500000003703211431215402016605 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # x509_std plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/x509_std DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libx509_std_la_LIBADD = am__objects_1 = am_libx509_std_la_OBJECTS = x509_std.lo $(am__objects_1) libx509_std_la_OBJECTS = $(am_libx509_std_la_OBJECTS) libx509_std_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libx509_std_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libx509_std_la_SOURCES) DIST_SOURCES = $(libx509_std_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libx509_std.la noinst_libx509_std_la_SOURCES = x509_std.h libx509_std_la_SOURCES = x509_std.c ${noinst_libx509_std_la_SOURCES} libx509_std_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/x509_std/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/x509_std/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_std.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES libx509_std.la: $(libx509_std_la_OBJECTS) $(libx509_std_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libx509_std_la_LDFLAGS) $(libx509_std_la_OBJECTS) $(libx509_std_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/x509_std/x509_std.h0000644000175000017500000000144611431206275016300 00000000000000/* ** Copyright(C) 2006 INL ** written by Eric Leblond ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation; version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ struct x509_std_params { gchar *trusted_issuer_dn; }; nufw-2.4.3/src/nuauth/modules/x509_std/Makefile.am0000644000175000017500000000121511431206275016576 00000000000000# x509_std plugin AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libx509_std.la noinst_libx509_std_la_SOURCES = x509_std.h libx509_std_la_SOURCES = x509_std.c ${noinst_libx509_std_la_SOURCES} libx509_std_la_LDFLAGS = -module -avoid-version libx509_std.la: $(libx509_std_la_OBJECTS) $(libx509_std_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libx509_std_la_LDFLAGS) $(libx509_std_la_OBJECTS) $(libx509_std_la_LIBADD) nufw-2.4.3/src/nuauth/modules/x509_std/x509_std.c0000644000175000017500000001013211431206275016263 00000000000000/* ** Copyright(C) 2006-2008 INL ** written by Eric Leblond ** Pierre Chifflier ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation; version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include #include "x509_std.h" /** * \ingroup NuauthModules * \defgroup X509NuauthModules X509 Checking modules */ /** * * \ingroup X509NuauthModules * \defgroup X509STDModule X509 standard checking module * * @{ */ #define DN_LENGTH 256 /* * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } G_MODULE_EXPORT gboolean unload_module_with_params(gpointer params_p) { struct x509_std_params *params = (struct x509_std_params *) params_p; /* Free user list */ if (params) { g_free(params->trusted_issuer_dn); } g_free(params); return TRUE; } G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { struct x509_std_params *params = g_new0(struct x509_std_params, 1); log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "X509_std module ($Revision$)"); /* set variables */ params->trusted_issuer_dn = nuauth_config_table_get("nauth_tls_trusted_issuer_dn"); module->params = (gpointer) params; return TRUE; } G_MODULE_EXPORT int certificate_check(nussl_session* session, gpointer params_p) { #if 0 struct x509_std_params *params = (struct x509_std_params *) params_p; time_t expiration_time, activation_time; expiration_time = gnutls_x509_crt_get_expiration_time(cert); activation_time = gnutls_x509_crt_get_activation_time(cert); if (expiration_time == (time_t)-1 || activation_time == (time_t)-1) { log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Unable to check certificate date validity" ); return SASL_DISABLED; } log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Certificate validity starts at: %s", ctime(&activation_time) ); log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Certificate expires: %s", ctime(&expiration_time)); /* verify date */ if (expiration_time < time(NULL)) { log_message(INFO, DEBUG_AREA_USER, "Certificate expired at: %s", ctime(&expiration_time)); /* gnutls_x509_crt_deinit(cert); */ return SASL_EXPIRED; } if (activation_time > time(NULL)) { log_message(INFO, DEBUG_AREA_USER, "Certificate only activates at: %s", ctime(&activation_time)); /* gnutls_x509_crt_deinit(cert); */ return SASL_DISABLED; } if (params->trusted_issuer_dn) { size_t size; char dn[DN_LENGTH]; size = sizeof(dn); gnutls_x509_crt_get_issuer_dn(cert, dn, &size); if (strcmp(dn, params->trusted_issuer_dn)) { log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "\tIssuer's DN is not trusted: %s", dn); /* gnutls_x509_crt_deinit(cert); */ return SASL_DISABLED; } } #endif return SASL_OK; } G_MODULE_EXPORT gchar *certificate_to_uid(nussl_session* session, gpointer params) { size_t size; char dn[DN_LENGTH]; gchar *pointer; gchar *delim; size = sizeof(dn); nussl_get_peer_dn(session, dn, &size); log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "\tDN: %s", dn); /* parse DN and extract username is there is one */ pointer = g_strrstr_len(dn, DN_LENGTH - 1, "CN="); if (pointer) { char *string_end = NULL; pointer += 3; delim = strpbrk(pointer,",/"); if (delim) *delim = '\0'; string_end = g_strrstr_len(pointer, (DN_LENGTH - 1 ) - (pointer - dn), ","); if (string_end) { *string_end = 0; } return g_strdup(pointer); } return NULL; } /** @} */ nufw-2.4.3/src/nuauth/modules/Makefile.in0000644000175000017500000003551211431215400015225 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = ldap log_syslog log_script log_mysql log_pgsql plaintext system xml_defs \ x509_std log_nuprelude mark_uid session_expire ipauth_guest \ mark_group mark_field mark_flag auth_mysql session_authtype \ log_ulogd2 postauth_localuser all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ distdir=`$(am__cd) $(distdir) && pwd`; \ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ (cd $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$top_distdir" \ distdir="$$distdir/$$subdir" \ am__remove_distdir=: \ am__skip_length_check=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-exec-am: install-html: install-html-recursive install-info: install-info-recursive install-man: install-pdf: install-pdf-recursive install-ps: install-ps-recursive installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ install-strip .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic clean-libtool \ ctags ctags-recursive distclean distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/ldap/0000777000175000017500000000000011431215440014162 500000000000000nufw-2.4.3/src/nuauth/modules/ldap/Makefile.in0000644000175000017500000003771111431215400016150 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # LDAP plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/ldap DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libldap_la_DEPENDENCIES = am__libldap_la_SOURCES_DIST = ldap.c auth_ldap.h am__objects_1 = @USE_LDAP_TRUE@am_libldap_la_OBJECTS = ldap.lo $(am__objects_1) libldap_la_OBJECTS = $(am_libldap_la_OBJECTS) libldap_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libldap_la_LDFLAGS) $(LDFLAGS) -o $@ @USE_LDAP_TRUE@am_libldap_la_rpath = -rpath $(plugindir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libldap_la_SOURCES) DIST_SOURCES = $(am__libldap_la_SOURCES_DIST) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @USE_LDAP_TRUE@AM_CPPFLAGS = -fPIC -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" @USE_LDAP_TRUE@INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase/ -I$(top_srcdir)/src/libs/nussl/ @USE_LDAP_TRUE@plugindir = $(libdir)/nuauth/modules/ @USE_LDAP_TRUE@plugin_LTLIBRARIES = libldap.la @USE_LDAP_TRUE@noinst_libldap_la_SOURCES = auth_ldap.h @USE_LDAP_TRUE@libldap_la_SOURCES = ldap.c ${noinst_libldap_la_SOURCES} @USE_LDAP_TRUE@libldap_la_LIBADD = -lldap_r @USE_LDAP_TRUE@libldap_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/ldap/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/ldap/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done @USE_LDAP_FALSE@libldap.la: $(libldap_la_OBJECTS) $(libldap_la_DEPENDENCIES) @USE_LDAP_FALSE@ $(libldap_la_LINK) $(am_libldap_la_rpath) $(libldap_la_OBJECTS) $(libldap_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ldap.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES @USE_LDAP_TRUE@libldap.la: $(libldap_la_OBJECTS) $(libldap_la_DEPENDENCIES) @USE_LDAP_TRUE@ $(LINK) -rpath $(plugindir) $(am_libldap_la_rpath) $(libldap_la_LDFLAGS) $(libldap_la_OBJECTS) $(libldap_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/ldap/Makefile.am0000644000175000017500000000125311431206275016141 00000000000000# LDAP plugin if USE_LDAP AM_CPPFLAGS = -fPIC -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase/ -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules/ plugin_LTLIBRARIES = libldap.la noinst_libldap_la_SOURCES = auth_ldap.h libldap_la_SOURCES = ldap.c ${noinst_libldap_la_SOURCES} libldap_la_LIBADD = -lldap_r libldap_la_LDFLAGS = -module -avoid-version libldap.la: $(libldap_la_OBJECTS) $(libldap_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(am_libldap_la_rpath) $(libldap_la_LDFLAGS) $(libldap_la_OBJECTS) $(libldap_la_LIBADD) endif nufw-2.4.3/src/nuauth/modules/ldap/auth_ldap.h0000644000175000017500000000270211431206275016217 00000000000000/* ** Copyright(C) 2003-2007 INL ** Written by Eric Leblond ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation; version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include GPrivate *ldap_priv; /* private pointer to ldap connection */ #define LDAP_SERVER "127.0.0.1" #define LDAP_SERVER_PORT 389 /*#define LDAP_USER NULL #define LDAP_CRED NULL */ #define LDAP_USER "cn=admin,dc=nufw,dc=org" #define LDAP_CRED "mypassword" #define LDAP_REQUEST_TIMEOUT 10 #define LDAP_BASE "dc=nufw,dc=org" /* Maximum size of a LDAP query */ #define LDAP_QUERY_SIZE 512 struct ldap_params { int ldap_request_timeout; char *binddn; char *bindpasswd; char *ldap_server; char *ldap_acls_base_dn; char *ldap_acls_timerange_base_dn; char *ldap_users_base_dn; int ldap_server_port; int ldap_filter_type; int ldap_use_ipv4_schema; GPrivate *ldap_priv; }; nufw-2.4.3/src/nuauth/modules/ldap/ldap.c0000644000175000017500000005333611431206275015202 00000000000000/* ** Copyright(C) 2003-2008 INL ** written by Eric Leblond ** Vincent Deffontaines ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include #include "security.h" #include "nubase.h" #include "nuauthconf.h" /** * \ingroup NuauthModules * \defgroup AuthNuauthModules Authentication and acls checking modules * * \brief These type modules permit user authentication and acl checking * * It can export : * - an user check function named user_check() function which realise user authentication. * - an acl checking function named acl_check() function to get the acls matching a packet. * * \par * A special case is the ip authentication mechanism which require the export of function called ip_authentication(). * It is used to authenticate people based on a method which does not involve a NuFW client. For the moment, only an ident * module is available. */ /*--- Decimal string <-> Base 10^n number type config --*/ typedef unsigned long digit_t; #define BASE 1000000 /** Use 6 decimal digits in each number digit */ #define BASE_LOG10 6 #define BASE2STR "%06lu" #define IPADDR_STRLEN 42 #define DIGIT_COUNT 7 /** BASE ^ DIGIT_COUNT should be able to store 2 ^ 128 */ #define INIT_NUMBER {0, 0, 0, 0, 0, 0, 0} #if ULONG_MAX < (BASE*256) # error "Base is too big" #endif typedef digit_t number_t[DIGIT_COUNT]; #define LDAP_MAX_TRY 2 /** * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } /** * * \ingroup AuthNuauthModules * \defgroup LdapModule LDAP authentication and acl module * * @{ */ /** * Multiply a "Base 10^n" number by a factor */ void number_multiply(number_t number, digit_t factor) { unsigned char index; digit_t value = 0; for (index = 0; index < DIGIT_COUNT; index++) { value += (number[index] * factor); number[index] = value % BASE; value /= BASE; } } /** * * \file ldap.c * \brief Contains all LDAP modules functions */ /** * Add a value to a "Base 10^n" number * * \return Returns 0 on error, 1 otherwise */ int number_add(number_t number, digit_t value) { unsigned char index = 0; for (; value != 0; index++) { value += number[index]; number[index] = value % BASE; value /= BASE; if (index == DIGIT_COUNT) { return 0; } } return 1; } /** * Convert a "Base 10^n" number to decimal string. * * \return Returns new allocated string */ static nu_error_t number_to_decimal(number_t number, char *ipaddr) { char ascii[DIGIT_COUNT * BASE_LOG10 + 1]; gchar *text; signed char index; for (index = DIGIT_COUNT - 1; 0 <= index; index--) { sprintf(ascii + (DIGIT_COUNT - index - 1) * BASE_LOG10, BASE2STR, number[index]); } text = ascii; while (text[0] == '0') text++; if (strlen(text) < IPADDR_STRLEN) { memcpy(ipaddr, text, strlen(text)); } else { return NU_EXIT_ERROR; } return NU_EXIT_OK; } static void ldap_conn_destroy(void * connection) { if (connection) { ldap_unbind_ext_s(connection, NULL, NULL); } } G_MODULE_EXPORT gboolean unload_module_with_params(gpointer params_p) { struct ldap_params *params = (struct ldap_params *) params_p; if (params) { g_free(params->binddn); g_free(params->bindpasswd); g_free(params->ldap_server); g_free(params->ldap_acls_base_dn); g_free(params->ldap_users_base_dn); } g_free(params); return TRUE; } /** * Init ldap system. */ G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { struct ldap_params *params = g_new0(struct ldap_params, 1); char *ldap_base_dn = LDAP_BASE; log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Ldap module ($Revision$)"); /* set variables */ params->ldap_server = nuauth_config_table_get_or_default("ldap_server_addr", LDAP_SERVER); params->ldap_server_port = nuauth_config_table_get_or_default_int("ldap_server_port", LDAP_SERVER_PORT); params->binddn = nuauth_config_table_get_or_default("ldap_bind_dn",LDAP_USER); ldap_base_dn = nuauth_config_table_get_or_default("ldap_base_dn",LDAP_BASE); params->ldap_users_base_dn = nuauth_config_table_get_or_default("ldap_users_base_dn",LDAP_BASE); params->ldap_acls_base_dn = nuauth_config_table_get_or_default("ldap_acls_base_dn",LDAP_BASE); if (!strcmp(params->ldap_acls_base_dn, LDAP_BASE)) { params->ldap_acls_base_dn = ldap_base_dn; } if (!strcmp(params->ldap_users_base_dn, LDAP_BASE)) { params->ldap_users_base_dn = ldap_base_dn; } params->bindpasswd = nuauth_config_table_get_or_default("ldap_bind_password",LDAP_CRED); params->ldap_request_timeout = nuauth_config_table_get_or_default_int("ldap_request_timeout",LDAP_REQUEST_TIMEOUT); params->ldap_use_ipv4_schema = nuauth_config_table_get_or_default_int("ldap_use_ipv4_schema", 1); params->ldap_filter_type = nuauth_config_table_get_or_default_int("ldap_filter_type", 1); /* init thread private stuff */ params->ldap_priv = g_private_new((GDestroyNotify) ldap_conn_destroy); module->params = params; return TRUE; } /** * unload function. */ G_MODULE_EXPORT gchar *g_module_unload(void) { return NULL; } /** * Initialize connection to ldap server. */ static LDAP *ldap_conn_init(struct ldap_params *params) { LDAP *ld = NULL; int err, version = 3; char uri[1024]; struct berval password; /* init connection */ if ( ! secure_snprintf(uri, 1024, "%s://%s:%u", (params->ldap_server_port == LDAPS_PORT) ? "ldaps" : "ldap", params->ldap_server, params->ldap_server_port) ) { log_message(WARNING, DEBUG_AREA_MAIN, "LDAP: could not build URI"); return NULL; } ldap_initialize(&ld, uri); if (!ld) { log_message(WARNING, DEBUG_AREA_MAIN, "Ldap init error"); return NULL; } if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) { /* Goes to ssl if needed */ #if 0 #ifdef LDAP_OPT_X_TLS if (params->ldap_server_port == LDAPS_PORT) { int tls_option; tls_option = LDAP_OPT_X_TLS_HARD; err = ldap_set_option(ld, LDAP_OPT_X_TLS, (void *) &tls_option); if (err != LDAP_OPT_SUCCESS) { log_message(SERIOUS_WARNING, DEBUG_AREA_AUTH, "Can not set tls option: %s", ldap_err2string(err)); return NULL; } } #endif /* LDAP_OPT_X_TLS */ #endif password.bv_val = params->bindpasswd; password.bv_len = strlen(password.bv_val); err = ldap_sasl_bind_s(ld, params->binddn, LDAP_SASL_SIMPLE, &password, NULL, NULL, NULL); if (err != LDAP_SUCCESS) { if (err == LDAP_SERVER_DOWN) { log_message(INFO, DEBUG_AREA_AUTH, "Can not connect to ldap: %s", ldap_err2string(err)); /* we lost connection, so disable current one */ ldap_unbind_ext_s(ld, NULL, NULL); ld = NULL; g_private_set(params->ldap_priv, ld); return NULL; } log_message(SERIOUS_WARNING, DEBUG_AREA_AUTH, "Ldap bind error : %s", ldap_err2string(err)); return NULL; } } return ld; } static nu_error_t ipv6_to_base10(struct in6_addr *addr, gchar *ipaddr) { number_t number = INIT_NUMBER; unsigned char index = 0; for (index = 0; index < 16; index++) { if (number_add(number, addr->s6_addr[index]) != 1) return NU_EXIT_ERROR; number_multiply(number, 256); } return number_to_decimal(number, ipaddr); } /** * \brief Escape character to protect them in query * * \verbatim Abstract from RFC 2254 Character ASCII value --------------------------- * 0x2a ( 0x28 ) 0x29 \ 0x5c NUL 0x00 For example * is coded \2a \endverbatim * * \param basestring the string to convert * \return a newly allocated string */ gchar *escape_string_for_ldap(const gchar * basestring) { int length = strlen(basestring) + 1; gchar *result = g_new0(gchar, length); const gchar *c_char = basestring; int i = 0; while (*c_char) { switch (*c_char) { case '*': length += 2; result = g_realloc(result, length); g_strlcat(result, "\\2a", length); i += 3; break; case '(': length += 2; result = g_realloc(result, length); g_strlcat(result, "\\28", length); i += 3; break; case ')': length += 2; result = g_realloc(result, length); g_strlcat(result, "\\29", length); i += 3; break; case '\\': length += 2; result = g_realloc(result, length); g_strlcat(result, "\\5c", length); i += 3; break; default: result[i] = *c_char; i++; } c_char++; } result[length - 1] = 0; return result; } struct weighted_acl { struct acl_group *acl; int weight; }; gint compare_acl_weight(gconstpointer data1, gconstpointer data2) { return ((struct weighted_acl *)data1)->weight - ((struct weighted_acl *)data2)->weight; } static void local_free(gpointer data, gpointer userdata) { g_free(data); } /** * \return A nu_error_t::, NU_EXIT_CONTINUE if filter did not match, NU_EXIT_OK if filter did match. */ static nu_error_t field_match_pattern(gchar * value, LDAP *ld, LDAPMessage *result, gchar *attribute) { nu_error_t ret = NU_EXIT_CONTINUE; struct berval **attrs_array; struct berval **pattrs_array; attrs_array = ldap_get_values_len(ld, result, attribute); if (attrs_array && *attrs_array) { pattrs_array = attrs_array; while (*pattrs_array) { if (g_pattern_match_simple( (*pattrs_array)->bv_val, value )) { ret = NU_EXIT_OK; break; } pattrs_array++; } } else { /* No attributes in LDAP, thus criteria filtering is a success */ ret = NU_EXIT_OK; } ldap_value_free_len(attrs_array); return ret; } /** * \brief Acl check function * * This function realise the matching of a packet against the set of rules. It is exported * by the modules and called by nuauth core. * * \param element A pointer to a ::connection_t which contains all informations available about the packet * \param params_p A pointer to the parameters of the module instance we're working for * \return A chained list of struct ::acl_group which is the set of acl that match the given packet * * The returned GSList has to be ordered because take_decision() will do a interative loop on the chained list. This * can be used to achieve complicated setup. */ G_MODULE_EXPORT GSList *acl_check(connection_t * element, gpointer params_p) { GSList *g_list = NULL; GSList *g_acl_list = NULL; GSList *temp_list = NULL; char filter[LDAP_QUERY_SIZE]; struct berval **attrs_array, **walker; int attrs_array_len, i, integer; struct timeval timeout; struct acl_group *this_acl; struct weighted_acl *this = NULL; LDAPMessage *res, *result; int ok, err, try; struct ldap_params *params = (struct ldap_params *) params_p; LDAP *ld = g_private_get(params->ldap_priv); gchar ip_src[IPADDR_STRLEN]; gchar ip_dst[IPADDR_STRLEN]; if (params->ldap_use_ipv4_schema) { struct in_addr ipv4; if (!is_ipv4(&element->tracking.saddr) || !is_ipv4(&element->tracking.daddr)) { log_message(SERIOUS_WARNING, DEBUG_AREA_AUTH, "ldap: IPv4 schema but IPv6 address\n"); return NULL; } ipv6_to_ipv4(&element->tracking.saddr, &ipv4); snprintf(ip_src, IPADDR_STRLEN, "%u", ipv4.s_addr); ipv6_to_ipv4(&element->tracking.daddr, &ipv4); snprintf(ip_dst, IPADDR_STRLEN, "%u", ipv4.s_addr); } else { if (ipv6_to_base10(&element->tracking.saddr, ip_src) == NU_EXIT_ERROR) { return NULL; } if (ipv6_to_base10(&element->tracking.daddr, ip_dst) == NU_EXIT_ERROR) { return NULL; } } /* contruct filter */ if ((element->tracking).protocol == IPPROTO_TCP || (element->tracking).protocol == IPPROTO_UDP) { switch (params->ldap_filter_type) { case 1: ok = secure_snprintf(filter, sizeof(filter), "(&(objectClass=NuAccessControlList)" "(Proto=%d)" "(DstPort=%d)" "(SrcIPStart<=%s)(SrcIPEnd>=%s)" "(DstIPStart<=%s)(DstIPEnd>=%s)", element->tracking.protocol, element->tracking.dest, ip_src, ip_src, ip_dst, ip_dst); if (!ok) { log_message(WARNING, DEBUG_AREA_MAIN, "LDAP query too big (more than %d bytes)\n", LDAP_QUERY_SIZE); return NULL; } break; case 0: ok = secure_snprintf(filter, sizeof(filter), "(&(objectClass=NuAccessControlList)" "(SrcIPStart<=%s)(SrcIPEnd>=%s)" "(DstIPStart<=%s)(DstIPEnd>=%s)" "(Proto=%d)" "(DstPortStart<=%d)(DstPortEnd>=%d)", ip_src, ip_src, ip_dst, ip_dst, element->tracking.protocol, element->tracking.dest, element->tracking.dest); if (!ok) { log_message(WARNING, DEBUG_AREA_MAIN, "LDAP query too big (more than %d bytes)\n", LDAP_QUERY_SIZE); return NULL; } } /* finish filter */ if (! element->os_sysname) { g_strlcat(filter, "(!(OsName=*))", LDAP_QUERY_SIZE); } if (! element->os_release) { g_strlcat(filter, "(!(OsRelease=*))", LDAP_QUERY_SIZE); } if (! element->os_version) { g_strlcat(filter, "(!(OsVersion=*))", LDAP_QUERY_SIZE); } if (! element->app_name) { g_strlcat(filter, "(!(AppName=*))", LDAP_QUERY_SIZE); } if (! element->app_sig) { g_strlcat(filter, "(!(AppSig=*))", LDAP_QUERY_SIZE); } else { gchar iffilter[256]; g_snprintf(iffilter, 256, "(|(AppSig=%s)(!(AppSig=*)))", element->app_sig); g_strlcat(filter, iffilter, LDAP_QUERY_SIZE); } if (element->iface_nfo.indev[0] == '\0') { g_strlcat(filter, "(!(InDev=*))", LDAP_QUERY_SIZE); } else { gchar iffilter[256]; g_snprintf(iffilter, 256, "(|(InDev=%s)(!(InDev=*)))", element->iface_nfo.indev); g_strlcat(filter, iffilter, LDAP_QUERY_SIZE); } if (element->iface_nfo.outdev[0] == '\0') { g_strlcat(filter, "(!(OutDev=*))", LDAP_QUERY_SIZE); } else { gchar iffilter[256]; g_snprintf(iffilter, 256, "(|(OutDev=%s)(!(OutDev=*)))", element->iface_nfo.outdev); g_strlcat(filter, iffilter, LDAP_QUERY_SIZE); } if (element->iface_nfo.physindev[0] == '\0') { g_strlcat(filter, "(!(PhysInDev=*))", LDAP_QUERY_SIZE); } else { gchar iffilter[256]; g_snprintf(iffilter, 256, "(|(PhysInDev=%s)(!(PhysInDev=*)))", element->iface_nfo.physindev); g_strlcat(filter, iffilter, LDAP_QUERY_SIZE); } if (element->iface_nfo.physoutdev[0] == '\0') { g_strlcat(filter, "(!(PhysOutDev=*))", LDAP_QUERY_SIZE); } else { gchar iffilter[256]; g_snprintf(iffilter, 256, "(|(PhysOutDev=%s)(!(PhysOutDev=*)))", element->iface_nfo.physoutdev); g_strlcat(filter, iffilter, LDAP_QUERY_SIZE); } g_strlcat(filter, ")", LDAP_QUERY_SIZE); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "LDAP filter : \n%s\n", filter); } else if ((element->tracking).protocol == IPPROTO_ICMP) { ok = secure_snprintf(filter, sizeof(filter), "(&(objectClass=NuAccessControlList)" "(SrcIPStart<=%s)(SrcIPEnd>=%s)" "(DstIPStart<=%s)(DstIPEnd>=%s)" "(Proto=%d)" "(SrcPortStart<=%d)(SrcPortEnd>=%d)" "(DstPortStart<=%d)(DstPortEnd>=%d))", ip_src, ip_src, ip_dst, ip_dst, element->tracking.protocol, element->tracking.type, element->tracking.type, element->tracking.code, element->tracking.code); if (!ok) { log_message(WARNING, DEBUG_AREA_MAIN, "LDAP query too big (more than %d bytes)\n", LDAP_QUERY_SIZE); return NULL; } } try = 0; do { try++; if (ld == NULL) { /* init ldap has never been done */ ld = ldap_conn_init(params); if (ld == NULL) { log_message(SERIOUS_WARNING, DEBUG_AREA_AUTH, "Can not initiate LDAP conn\n"); return NULL; } g_private_set(params->ldap_priv, ld); } /* send query and wait result */ timeout.tv_sec = params->ldap_request_timeout; timeout.tv_usec = 0; #ifdef PERF_DISPLAY_ENABLE { struct timeval tvstart, tvend, result; if (nuauthconf->debug_areas & DEBUG_AREA_PERF) { gettimeofday(&tvstart, NULL); } #endif err = ldap_search_ext_s(ld, params->ldap_acls_base_dn, LDAP_SCOPE_SUBTREE, filter, NULL, 0, NULL, NULL, &timeout, LDAP_NO_LIMIT, &res); #ifdef PERF_DISPLAY_ENABLE if (nuauthconf->debug_areas & DEBUG_AREA_PERF) { gettimeofday(&tvend, NULL); timeval_substract(&result, &tvend, &tvstart); log_message(INFO, DEBUG_AREA_PERF, "Ldap query time: %.1f msec", (double)result.tv_sec*1000+(double)(result.tv_usec/1000)); } } #endif if (err != LDAP_SUCCESS) { if (err == LDAP_SERVER_DOWN) { /* we lost connection, so disable current one */ log_message(WARNING, DEBUG_AREA_MAIN, "disabling current connection"); ldap_unbind_ext_s(ld, NULL, NULL); ld = NULL; g_private_set(params->ldap_priv, ld); } else { break; } } } while ((err != LDAP_SUCCESS) || (try < LDAP_MAX_TRY)); if ((try == LDAP_MAX_TRY) && (err != LDAP_SUCCESS)) { log_message(WARNING, DEBUG_AREA_MAIN, "invalid return from ldap_search_st : %s\n", ldap_err2string(err)); return NULL; } /* parse result to feed a group_list */ if (ldap_count_entries(ld, res) >= 1) { for(result=ldap_first_entry(ld, res); result; result=ldap_next_entry(ld, result)) { gboolean break_loop = FALSE; #define TEST_PATTERN(x, y) switch (field_match_pattern(element->x, ld, result, y)) { \ case NU_EXIT_OK: \ break; \ case NU_EXIT_CONTINUE: \ /* this is not a match, going to test next acl */ \ break_loop = TRUE; \ break; \ case NU_EXIT_ERROR: \ log_message(WARNING, DEBUG_AREA_MAIN, \ "Invalid return from field_match_pattern"); \ return NULL; \ default: \ log_message(WARNING, DEBUG_AREA_MAIN, \ "Impossible return from field_match_pattern"); \ return NULL; \ break; \ } \ if (break_loop) { \ continue; \ } TEST_PATTERN(app_name, "AppName"); TEST_PATTERN(os_sysname, "OsName"); TEST_PATTERN(os_release, "OsRelease"); TEST_PATTERN(os_version, "OsVersion"); #undef TEST_PATTERN /* allocate a new acl_group */ this_acl = g_new0(struct acl_group, 1); if (nuauthconf->prio_to_nok == 2) { this = g_new0(struct weighted_acl, 1); } g_assert(this_acl); this_acl->users = NULL; this_acl->groups = NULL; this_acl->period = NULL; this_acl->log_prefix = NULL; this_acl->flags = ACL_FLAGS_NONE; this_acl->auth_quality = 0; /* get period */ attrs_array = ldap_get_values_len(ld, result, "TimeRange"); if (attrs_array && *attrs_array) { this_acl->period = g_strdup((*attrs_array)->bv_val); } ldap_value_free_len(attrs_array); /* get description (log prefix) */ attrs_array = ldap_get_values_len(ld, result, "description"); if (attrs_array && *attrs_array) { this_acl->log_prefix = g_strdup((*attrs_array)->bv_val); } ldap_value_free_len(attrs_array); /* get flags */ attrs_array = ldap_get_values_len(ld, result, "AclFlags"); if (attrs_array && *attrs_array) { sscanf((*attrs_array)->bv_val, "%d", (int *) &(this_acl->flags)); } ldap_value_free_len(attrs_array); /* get auth quality */ attrs_array = ldap_get_values_len(ld, result, "AuthQuality"); if (attrs_array && *attrs_array) { sscanf((*attrs_array)->bv_val, "%d", (int *) &(this_acl->auth_quality)); } ldap_value_free_len(attrs_array); if (nuauthconf->prio_to_nok == 2) { /* get weight */ attrs_array = ldap_get_values_len(ld, result, "AclWeight"); if (attrs_array && *attrs_array) { sscanf((*attrs_array)->bv_val, "%d", (int *) &(this->weight)); } else { this->weight = 0; } ldap_value_free_len(attrs_array); } /* get decision */ attrs_array = ldap_get_values_len(ld, result, "Decision"); sscanf((*attrs_array)->bv_val, "%d", (int *) &(this_acl->answer)); debug_log_message(DEBUG, DEBUG_AREA_AUTH, "Acl found with decision %d (timerange: %s)\n", this_acl->answer, this_acl->period); ldap_value_free_len(attrs_array); /* build groups list */ attrs_array = ldap_get_values_len(ld, result, "Group"); attrs_array_len = ldap_count_values_len(attrs_array); walker = attrs_array; for (i = 0; i < attrs_array_len; i++) { sscanf((*walker)->bv_val, "%d", &integer); this_acl->groups = g_slist_prepend(this_acl->groups, GINT_TO_POINTER (integer)); walker++; } ldap_value_free_len(attrs_array); /* build users list */ attrs_array = ldap_get_values_len(ld, result, "User"); attrs_array_len = ldap_count_values_len(attrs_array); walker = attrs_array; for (i = 0; i < attrs_array_len; i++) { sscanf((*walker)->bv_val, "%d", &integer); this_acl->users = g_slist_prepend(this_acl->users, GINT_TO_POINTER (integer)); walker++; } ldap_value_free_len(attrs_array); if (nuauthconf->prio_to_nok == 2) { this->acl = this_acl; } /* add when acl is filled */ if (this_acl->groups || this_acl->users) { if (nuauthconf->prio_to_nok == 2) { g_list = g_slist_insert_sorted(g_list, this, compare_acl_weight); } else { g_list = g_slist_prepend(g_list, this_acl); } } else { g_free(this_acl); if (nuauthconf->prio_to_nok == 2) { g_free(this); } } } ldap_msgfree(res); if (nuauthconf->prio_to_nok == 2) { for (temp_list = g_list; temp_list; temp_list = temp_list->next) { g_acl_list = g_slist_append( g_acl_list, ((struct weighted_acl *)temp_list->data)->acl ); } g_slist_foreach(g_list, local_free, NULL); g_slist_free(g_list); return g_acl_list; } else { return g_list; } } else { debug_log_message(DEBUG, DEBUG_AREA_AUTH, "No acl found\n"); ldap_msgfree(res); } return NULL; } /* @} */ nufw-2.4.3/src/nuauth/modules/log_script/0000777000175000017500000000000011431215440015407 500000000000000nufw-2.4.3/src/nuauth/modules/log_script/Makefile.in0000644000175000017500000003657111431215401017401 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/log_script DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libscript_la_LIBADD = am_libscript_la_OBJECTS = script.lo libscript_la_OBJECTS = $(am_libscript_la_OBJECTS) libscript_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libscript_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libscript_la_SOURCES) DIST_SOURCES = $(libscript_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libscript.la libscript_la_SOURCES = script.c libscript_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/log_script/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/log_script/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/script.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES libscript.la: $(libscript_la_OBJECTS) $(libscript_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libscript_la_LDFLAGS) $(libscript_la_OBJECTS) $(libscript_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/log_script/Makefile.am0000644000175000017500000000103311431206275017362 00000000000000AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libscript.la libscript_la_SOURCES = script.c libscript_la_LDFLAGS = -module -avoid-version libscript.la: $(libscript_la_OBJECTS) $(libscript_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libscript_la_LDFLAGS) $(libscript_la_OBJECTS) $(libscript_la_LIBADD) nufw-2.4.3/src/nuauth/modules/log_script/script.c0000644000175000017500000000451711431206275017010 00000000000000/* ** Copyright(C) 2005-2007 INL ** written by Eric Leblond ** ** Changelog: ** IPv6 port by Victor Stinner ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include #include #include /** * * \ingroup LoggingNuauthModules * \defgroup ScriptModule Script logging module * * @{ */ /* * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } G_MODULE_EXPORT int user_session_logs(user_session_t * c_session, session_state_t state, gpointer params) { char address[INET6_ADDRSTRLEN]; char cmdbuffer[200]; char *quoted_username = g_shell_quote(c_session->user_name); char *quoted_address; char *format; gboolean ok; format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); quoted_address = g_shell_quote(address); if (state == SESSION_OPEN) { format = CONFIG_DIR "/user-up.sh %s %s"; } else { /* state == SESSION_CLOSE */ format = CONFIG_DIR "/user-down.sh %s %s"; } ok = secure_snprintf(cmdbuffer, sizeof(cmdbuffer), format, quoted_username, quoted_address); if (ok) { if (system(cmdbuffer) == -1) { log_message(WARNING, DEBUG_AREA_MAIN, "Can't execute command (%s)!", cmdbuffer); } } else { log_message(WARNING, DEBUG_AREA_MAIN, "Can't call script, command line truncated!"); } g_free(quoted_username); g_free(quoted_address); return 1; } G_MODULE_EXPORT gboolean unload_module_with_params(gpointer params_p) { return TRUE; } G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Log_script module ($Revision$)"); return TRUE; } /** @} */ nufw-2.4.3/src/nuauth/modules/mark_field/0000777000175000017500000000000011431215441015340 500000000000000nufw-2.4.3/src/nuauth/modules/mark_field/Makefile.in0000644000175000017500000004027011431215401017320 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # mark field plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/mark_field DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libmark_field_la_LIBADD = am__libmark_field_la_SOURCES_DIST = mark_field.c mark_field.h am__objects_1 = @USE_MARK_FIELD_TRUE@am_libmark_field_la_OBJECTS = mark_field.lo \ @USE_MARK_FIELD_TRUE@ $(am__objects_1) libmark_field_la_OBJECTS = $(am_libmark_field_la_OBJECTS) libmark_field_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libmark_field_la_LDFLAGS) $(LDFLAGS) -o $@ @USE_MARK_FIELD_TRUE@am_libmark_field_la_rpath = -rpath $(plugindir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libmark_field_la_SOURCES) DIST_SOURCES = $(am__libmark_field_la_SOURCES_DIST) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @USE_MARK_FIELD_TRUE@AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" @USE_MARK_FIELD_TRUE@INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ @USE_MARK_FIELD_TRUE@plugindir = $(libdir)/nuauth/modules @USE_MARK_FIELD_TRUE@plugin_LTLIBRARIES = libmark_field.la @USE_MARK_FIELD_TRUE@noinst_libmark_field_la_SOURCES = mark_field.h @USE_MARK_FIELD_TRUE@libmark_field_la_SOURCES = mark_field.c ${noinst_libmark_field_la_SOURCES} @USE_MARK_FIELD_TRUE@libmark_field_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/mark_field/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/mark_field/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done @USE_MARK_FIELD_FALSE@libmark_field.la: $(libmark_field_la_OBJECTS) $(libmark_field_la_DEPENDENCIES) @USE_MARK_FIELD_FALSE@ $(libmark_field_la_LINK) $(am_libmark_field_la_rpath) $(libmark_field_la_OBJECTS) $(libmark_field_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mark_field.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES @USE_MARK_FIELD_TRUE@libmark_field.la: $(libmark_field_la_OBJECTS) $(libmark_field_la_DEPENDENCIES) @USE_MARK_FIELD_TRUE@ $(LINK) -rpath $(plugindir) $(libmark_field_la_LDFLAGS) $(libmark_field_la_OBJECTS) $(libmark_field_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/mark_field/mark_field.h0000644000175000017500000000165111431206275017532 00000000000000/* ** Copyright(C) 2007, INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation; version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef MARK_FIELD #define MARK_FIELD #include #define MARK_FIELD_CONF (CONFIG_DIR "/mark_field.conf") nu_error_t finalize_packet(connection_t * session, gpointer params); #endif nufw-2.4.3/src/nuauth/modules/mark_field/Makefile.am0000644000175000017500000000130411431206275017313 00000000000000# mark field plugin if USE_MARK_FIELD AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libmark_field.la noinst_libmark_field_la_SOURCES = mark_field.h libmark_field_la_SOURCES = mark_field.c ${noinst_libmark_field_la_SOURCES} libmark_field_la_LDFLAGS = -module -avoid-version libmark_field.la: $(libmark_field_la_OBJECTS) $(libmark_field_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libmark_field_la_LDFLAGS) $(libmark_field_la_OBJECTS) $(libmark_field_la_LIBADD) endif nufw-2.4.3/src/nuauth/modules/mark_field/mark_field.c0000644000175000017500000001410211431206275017520 00000000000000/* ** Copyright(C) 2007-2008 INL ** Written by Eric Leblond ** Based on mark_group module by Victor Stinner ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation; version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include #include "mark_field.h" #include "nuauthconf.h" typedef struct { /** Identifier of the field */ GPatternSpec* pattern; /** The mark (truncated the 'nbits' bits) */ uint32_t mark; } field_mark_t; typedef struct { /** position of the mark (in bits) in the packet mark */ unsigned int shift; /** field to match * - 0: match on application name (default) * - 1: match on osname */ gchar type; /** mask to remove current mark of the packet */ uint32_t mask; /** default mark if no field does match */ uint32_t default_mark; /** list of pattern with associated mark */ GList *fields; } mark_field_config_t; /** * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } /** * Parse field list file. Line format is "mark:blob", * where mark is integer in [0; 4294967295] and blob is a * free character string * * Spaces are not allowed. */ void parse_field_file(mark_field_config_t * config, const char *filename) { FILE *file = fopen(filename, "r"); unsigned int line_number = 0; char line[4096]; if (file == NULL) { /* fatal error, exit nuauth! */ log_message(FATAL, DEBUG_AREA_MAIN, "mark_field: Unable to open field list (file %s)!", filename); exit(EXIT_FAILURE); } config->fields = NULL; while (fgets(line, sizeof(line), file) != NULL) { char *separator = strchr(line, ':'); field_mark_t *field; size_t len; uint32_t mark; /* update line number */ line_number++; /* remove \n at the end of the line */ len = strlen(line); if (0 < len && line[len - 1] == '\n') line[len - 1] = 0; if (line[0] == 0) { /* skip empty lines */ continue; } /* find separator */ if (separator == NULL) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "mark_field:%s:%u: Unable to find separator ':' in field list, stop parser.", filename, line_number); break; } /* read mark */ *separator = 0; if (!str_to_uint32(line, &mark)) { log_message(WARNING, DEBUG_AREA_MAIN, "mark_field:%s:%u: Invalid mark (%s), skip line.", filename, line_number, line); continue; } field = g_new0(field_mark_t, 1); field->mark = mark; field->pattern = g_pattern_spec_new(separator+1); config->fields = g_list_append(config->fields, field); } fclose(file); } /** * Load configuration of the module */ G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { mark_field_config_t *config = g_new0(mark_field_config_t, 1); unsigned int nbits; char *field_filename; log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Mark_field module ($Revision$)"); /* read options */ field_filename = nuauth_config_table_get_or_default("mark_field_file", MARK_FIELD_CONF); nbits = nuauth_config_table_get_or_default_int("mark_field_nbits", 32); config->shift = nuauth_config_table_get_or_default_int("mark_field_shift", 0); config->type = nuauth_config_table_get_or_default_int("mark_field_type", 0); if (config->type < 0 && config->type > 1) { log_message(WARNING, DEBUG_AREA_MAIN, "mark_field: found unknown type, resetting to 0" ); } config->default_mark = nuauth_config_table_get_or_default_int("mark_field_default_mark", 0); /* create mask to remove nbits at position shift */ config->mask = SHR32(0xFFFFFFFF, 32 - config->shift) | SHL32(0xFFFFFFFF, nbits + config->shift); /* parse field list */ parse_field_file(config, field_filename); free(field_filename); /* store config and exit */ module->params = config; return TRUE; } /** * Function called when the module is unloaded: free memory */ G_MODULE_EXPORT gboolean unload_module_with_params(gpointer params) { mark_field_config_t *config = params; if (config) { GList *iter; /* free list content */ for (iter = config->fields; iter != NULL; iter = iter->next) { g_pattern_spec_free(( (field_mark_t *)(iter->data))->pattern ); g_free(iter->data); } /* free list container */ g_list_free(config->fields); } g_free(config); return TRUE; } /** * Check if one of the user fields of the connection match our field * with mark. If yes use the mark, otherwise use default mark. * * Change the mark of the packet in all cases. */ G_MODULE_EXPORT nu_error_t finalize_packet(connection_t * conn, gpointer params) { mark_field_config_t *config = params; uint32_t mark = config->default_mark; GList *iter; gchar *string; switch (config->type) { case 0: string = conn->app_name; break; case 1: string = conn->os_sysname; break; default: log_message(WARNING, DEBUG_AREA_MAIN, "mark_field: found unknown type" ); return NU_EXIT_ERROR; } /* * Search first matching field with mark and * stop when first field match */ for (iter = config->fields; iter != NULL; iter = iter->next) { gboolean result; field_mark_t *field = iter->data; /* field in one of the user fields */ result = g_pattern_match_string( ((field_mark_t *)(iter->data))->pattern, string ); if (result) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "mark_field: found mark %d for %s", field->mark, conn->app_name); mark = field->mark; break; } } conn->mark = (conn->mark & config->mask) | ((mark << config->shift) & ~config->mask); return NU_EXIT_OK; } nufw-2.4.3/src/nuauth/modules/xml_defs/0000777000175000017500000000000011431215441015044 500000000000000nufw-2.4.3/src/nuauth/modules/xml_defs/Makefile.in0000644000175000017500000003703211431215402017027 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # xml_defs plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/xml_defs DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libxml_defs_la_LIBADD = am__objects_1 = am_libxml_defs_la_OBJECTS = xml_defs.lo $(am__objects_1) libxml_defs_la_OBJECTS = $(am_libxml_defs_la_OBJECTS) libxml_defs_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libxml_defs_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libxml_defs_la_SOURCES) DIST_SOURCES = $(libxml_defs_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libxml_defs.la noinst_libxml_defs_la_SOURCES = xml_defs.h libxml_defs_la_SOURCES = xml_defs.c ${noinst_libxml_defs_la_SOURCES} libxml_defs_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/xml_defs/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/xml_defs/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xml_defs.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES libxml_defs.la: $(libxml_defs_la_OBJECTS) $(libxml_defs_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libxml_defs_la_LDFLAGS) $(libxml_defs_la_OBJECTS) $(libxml_defs_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/xml_defs/xml_defs.c0000644000175000017500000001545411431206275016743 00000000000000/* ** Copyright(C) 2006-2008 INL ** written by Eric Leblond ** Pierre Chifflier ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation; version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include "nuauthconf.h" #include "xml_defs.h" /** * \ingroup NuauthModules * \defgroup PeriodNuauthModules Period definition modules */ /** * * \ingroup PeriodNuauthModules * \defgroup XMLModule XML period definition module * * @{ */ #define XML_DEFS_PERIODFILE CONFIG_DIR "/" "periods.xml" /* * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } G_MODULE_EXPORT gboolean unload_module_with_params(gpointer params_p) { struct xml_defs_params *params = (struct xml_defs_params *) params_p; /* Free user list */ if (params) { g_free(params->xml_defs_periodfile); } g_free(params); return TRUE; } G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { struct xml_defs_params *params = g_new0(struct xml_defs_params, 1); log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Xml_defs module ($Revision$)"); /* init global variables */ params->xml_defs_periodfile = nuauth_config_table_get_or_default("xml_defs_periodfile", XML_DEFS_PERIODFILE); module->params = (gpointer) params; return TRUE; } struct xml_period_context { gchar *periodname; struct period_item *perioditem; GHashTable *periods; }; static void period_start_element_handler(GMarkupParseContext * context, const gchar * element_name, const gchar ** attribute_names, const gchar ** attribute_values, gpointer user_data, GError ** error) { struct xml_period_context *curcontext = (struct xml_period_context *) user_data; int i; if (!strcmp(element_name, "period")) { const char *p_name = NULL; const char *p_desc = NULL; for (i = 0; attribute_names[i]; i++) { if (!strcmp(attribute_names[i], "name")) { p_name = attribute_values[i]; } else if (!strcmp(attribute_names[i], "desc")) { p_desc = attribute_values[i]; } } if (p_name) { if (!p_desc) { p_desc = ""; } define_new_period(curcontext->periods, g_strdup(p_name), g_strdup(p_desc)); curcontext->periodname = g_strdup(p_name); log_message(DEBUG, DEBUG_AREA_MAIN, "Adding period %s (%s)", p_name, p_desc); } } else if (!strcmp(element_name, "perioditem")) { curcontext->perioditem = g_new0(struct period_item, 1); curcontext->perioditem->start_date = -1; curcontext->perioditem->end_date = -1; curcontext->perioditem->start_day = -1; curcontext->perioditem->end_day = -1; curcontext->perioditem->start_hour = -1; curcontext->perioditem->end_hour = -1; } else if (!strcmp(element_name, "days")) { if (curcontext->perioditem) { for (i = 0; attribute_names[i]; i++) { if (!strcmp(attribute_names[i], "start")) { curcontext->perioditem->start_day = atoi(attribute_values[i]); } else if (!strcmp(attribute_names[i], "end")) { curcontext->perioditem->end_day = atoi(attribute_values[i]); } } } } else if (!strcmp(element_name, "hours")) { if (curcontext->perioditem) { for (i = 0; attribute_names[i]; i++) { if (!strcmp(attribute_names[i], "start")) { curcontext->perioditem-> start_hour = atoi(attribute_values[i]); } else if (!strcmp(attribute_names[i], "end")) { curcontext->perioditem->end_hour = atoi(attribute_values[i]); } } } } else if (!strcmp(element_name, "dates")) { if (curcontext->perioditem) { for (i = 0; attribute_names[i]; i++) { if (!strcmp(attribute_names[i], "start")) { curcontext->perioditem-> start_date = atoi(attribute_values[i]); } else if (!strcmp(attribute_names[i], "end")) { curcontext->perioditem->end_date = atoi(attribute_values[i]); } } } } else if (!strcmp(element_name, "duration")) { if (curcontext->perioditem) { for (i = 0; attribute_names[i]; i++) { if (!strcmp(attribute_names[i], "length")) { curcontext->perioditem->duration = atoi(attribute_values[i]); } } } } } static void period_end_element_handler(GMarkupParseContext * context, const gchar * element_name, gpointer user_data, GError ** error) { struct xml_period_context *curcontext = (struct xml_period_context *) user_data; if (!strcmp(element_name, "perioditem")) { if (curcontext->periodname) { add_perioditem_to_period(curcontext->periods, g_strdup(curcontext-> periodname), curcontext->perioditem); } else { log_message(WARNING, DEBUG_AREA_MAIN, "not in period but end of perioditem"); } curcontext->perioditem = NULL; } else if (!strcmp(element_name, "period")) { g_free(curcontext->periodname); curcontext->periodname = NULL; } } static GMarkupParser period_parser = { period_start_element_handler, period_end_element_handler, NULL, NULL, NULL }; /** * \brief Period parsing function * * This function is exported by the module and fill the hash table containing the periods. * * \param periods A hash table containing all the periods. * \param params A pointer to the parameters of the module instance we're working for * * The hash table keys are the name of the periods. * * \remark The conflict between period definition (with same name) is not resolved. */ G_MODULE_EXPORT void define_periods(GHashTable * periods, struct xml_defs_params *params) { gchar *contents = NULL; GError *error = NULL; gsize length; if (g_file_get_contents (params->xml_defs_periodfile, &contents, &length, &error)) { GMarkupParseContext *context; struct xml_period_context *curcontext; curcontext = g_new0(struct xml_period_context, 1); curcontext->periods = periods; context = g_markup_parse_context_new(&period_parser, 0, curcontext, NULL); (void) g_markup_parse_context_parse(context, contents, length, NULL); g_markup_parse_context_free(context); g_free(curcontext); } else { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "Error reading period: %s", error->message); } if (error) { g_error_free(error); } g_free(contents); } /** @} */ nufw-2.4.3/src/nuauth/modules/xml_defs/xml_defs.h0000644000175000017500000000144711431206275016745 00000000000000/* ** Copyright(C) 2006 INL ** written by Eric Leblond ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation; version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ struct xml_defs_params { char *xml_defs_periodfile; }; nufw-2.4.3/src/nuauth/modules/xml_defs/Makefile.am0000644000175000017500000000121511431206275017020 00000000000000# xml_defs plugin AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libxml_defs.la noinst_libxml_defs_la_SOURCES = xml_defs.h libxml_defs_la_SOURCES = xml_defs.c ${noinst_libxml_defs_la_SOURCES} libxml_defs_la_LDFLAGS = -module -avoid-version libxml_defs.la: $(libxml_defs_la_OBJECTS) $(libxml_defs_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libxml_defs_la_LDFLAGS) $(libxml_defs_la_OBJECTS) $(libxml_defs_la_LIBADD) nufw-2.4.3/src/nuauth/modules/log_nuprelude/0000777000175000017500000000000011431215441016107 500000000000000nufw-2.4.3/src/nuauth/modules/log_nuprelude/Makefile.in0000644000175000017500000004051011431215401020064 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Prelude log plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/log_nuprelude DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libnuprelude_la_DEPENDENCIES = am__libnuprelude_la_SOURCES_DIST = nuprelude.c log_prelude.h am__objects_1 = @USE_PRELUDE_LOG_TRUE@am_libnuprelude_la_OBJECTS = nuprelude.lo \ @USE_PRELUDE_LOG_TRUE@ $(am__objects_1) libnuprelude_la_OBJECTS = $(am_libnuprelude_la_OBJECTS) libnuprelude_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libnuprelude_la_LDFLAGS) $(LDFLAGS) -o $@ @USE_PRELUDE_LOG_TRUE@am_libnuprelude_la_rpath = -rpath $(plugindir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libnuprelude_la_SOURCES) DIST_SOURCES = $(am__libnuprelude_la_SOURCES_DIST) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @USE_PRELUDE_LOG_TRUE@AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" # XXX: Forcing the prelude inclusion path is evil @USE_PRELUDE_LOG_TRUE@INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase/ -I$(top_srcdir)/src/libs/nussl/ -I/usr/include/libprelude/ @USE_PRELUDE_LOG_TRUE@plugindir = $(libdir)/nuauth/modules @USE_PRELUDE_LOG_TRUE@plugin_LTLIBRARIES = libnuprelude.la @USE_PRELUDE_LOG_TRUE@noinst_libnuprelude_la_SOURCES = log_prelude.h @USE_PRELUDE_LOG_TRUE@libnuprelude_la_SOURCES = nuprelude.c ${noinst_libnuprelude_la_SOURCES} @USE_PRELUDE_LOG_TRUE@libnuprelude_la_LIBADD = -lprelude @USE_PRELUDE_LOG_TRUE@libnuprelude_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/log_nuprelude/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/log_nuprelude/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done @USE_PRELUDE_LOG_FALSE@libnuprelude.la: $(libnuprelude_la_OBJECTS) $(libnuprelude_la_DEPENDENCIES) @USE_PRELUDE_LOG_FALSE@ $(libnuprelude_la_LINK) $(am_libnuprelude_la_rpath) $(libnuprelude_la_OBJECTS) $(libnuprelude_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nuprelude.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES @USE_PRELUDE_LOG_TRUE@libnuprelude.la: $(libnuprelude_la_OBJECTS) $(libnuprelude_la_DEPENDENCIES) @USE_PRELUDE_LOG_TRUE@ $(LINK) $(am_libnuprelude_la_rpath) $(libnuprelude_la_LDFLAGS) $(libnuprelude_la_OBJECTS) $(libnuprelude_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/log_nuprelude/Makefile.am0000644000175000017500000000146611431206275020073 00000000000000# Prelude log plugin if USE_PRELUDE_LOG AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" # XXX: Forcing the prelude inclusion path is evil INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase/ -I$(top_srcdir)/src/libs/nussl/ -I/usr/include/libprelude/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libnuprelude.la noinst_libnuprelude_la_SOURCES = log_prelude.h libnuprelude_la_SOURCES = nuprelude.c ${noinst_libnuprelude_la_SOURCES} libnuprelude_la_LIBADD = -lprelude libnuprelude_la_LDFLAGS = -module -avoid-version libnuprelude.la: $(libnuprelude_la_OBJECTS) $(libnuprelude_la_DEPENDENCIES) $(LINK) $(am_libnuprelude_la_rpath) $(libnuprelude_la_LDFLAGS) $(libnuprelude_la_OBJECTS) $(libnuprelude_la_LIBADD) endif nufw-2.4.3/src/nuauth/modules/log_nuprelude/log_prelude.h0000644000175000017500000000203711431206275020504 00000000000000/* ** Copyright(C) 2003-2006 Victor Stinner ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NUAUTH_MODULE_LOG_PRELUDE #define NUAUTH_MODULE_LOG_PRELUDE #include "auth_srv.h" /** Prelude version required for the module */ #define PRELUDE_VERSION_REQUIRE "0.9.0" struct log_prelude_params { GPrivate *packet_tpl; GPrivate *session_tpl; GPrivate *autherr_tpl; }; #endif nufw-2.4.3/src/nuauth/modules/log_nuprelude/nuprelude.c0000644000175000017500000005365411431206275020214 00000000000000/* ** Copyright(C) 2006,2007,2008 INL ** written by Pierre Chifflier ** written by Victor Stinner ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "log_prelude.h" #include "strings.h" #include #include #include /** * * \ingroup LoggingNuauthModules * \defgroup PreludeModule Prelude logging module * * @{ */ #define NUFW_ANALYZER_MANUFACTURER "http://www.nufw.org/" #define NUFW_ANALYZER_CLASS "Firewall" #define NUFW_ANALYZER_VERSION VERSION #define NUFW_ANALYZER_MODEL "NuFW" #define CLIENT_ANALYZER_NAME "libnuclient" #define CLIENT_ANALYZER_MANUFACTURER NUFW_ANALYZER_MANUFACTURER #define CLIENT_ANALYZER_CLASS "NuFW client" #define CLIENT_ANALYZER_MODEL "NuFW" GMutex *global_client_mutex; prelude_client_t *global_client; /* private pointer for prelude client connection */ /* * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } G_MODULE_EXPORT gchar *unload_module_with_params(gpointer params_ptr) { return NULL; } /** * Function called every second to update timer (Prelude "heartbeat") */ void update_prelude_timer() { prelude_timer_wake_up(); } /** * Function called only once: when the module is unloaded. * * \return NULL */ G_MODULE_EXPORT void g_module_unload(GModule * module) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[+] Prelude log: Close client connection"); prelude_client_destroy(global_client, PRELUDE_CLIENT_EXIT_STATUS_SUCCESS); g_mutex_free(global_client_mutex); cleanup_func_remove(update_prelude_timer); log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[+] Prelude log: Deinit library"); prelude_deinit(); } /** * Destroy a private IDMEF message when a thread stops. */ void destroy_idmef(idmef_message_t * idmef) { idmef_message_destroy(idmef); } G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { struct log_prelude_params *params = g_new0(struct log_prelude_params, 1); log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Log_nuprelude module ($Revision$)"); params->packet_tpl = g_private_new((GDestroyNotify) destroy_idmef); params->session_tpl = g_private_new((GDestroyNotify) destroy_idmef); module->params = (gpointer) params; return TRUE; } /** * Delete an IDMEF object */ static void del_idmef_object(idmef_message_t * message, const char *object) { idmef_value_t *val; idmef_path_t *path; if (idmef_path_new(&path, "%s", object) < 0) { return; } if (0 < idmef_path_get(path, message, &val)) { idmef_value_destroy(val); } idmef_path_destroy(path); return; } /** * Add an IDMEF object */ static int add_idmef_object(idmef_message_t * message, const char *object, const char *value) { int ret; idmef_value_t *val, *oldval; idmef_path_t *path; ret = idmef_path_new(&path, "%s", object); if (ret < 0) { log_message(DEBUG, DEBUG_AREA_MAIN, "Prelude: Fail to set attribute %s=%s: %s", object, value, prelude_strerror(ret)); return -1; } /* remove old value if it does exist */ ret = idmef_path_get(path, message, &oldval); if (0 < ret) { idmef_value_destroy(oldval); } /* set new value */ ret = idmef_value_new_from_path(&val, path, value); if (ret < 0) { log_message(DEBUG, DEBUG_AREA_MAIN, "Prelude: Fail to set attribute %s=%s: %s", object, value, prelude_strerror(ret)); idmef_path_destroy(path); return -1; } ret = idmef_path_set(path, message, val); idmef_value_destroy(val); idmef_path_destroy(path); return ret; } /** * Set default values in an IDMEF template */ static int feed_template(idmef_message_t * idmef) { idmef_analyzer_t *client_analyzer, *analyzer; idmef_alert_t *alert; prelude_string_t *string; int ret; /* set assessment */ add_idmef_object(idmef, "alert.assessment.impact.type", "user"); /* create analyzer */ alert = idmef_message_get_alert(idmef); if (!alert) { return 0; } #if 0 ret = idmef_alert_new_analyzer(alert, &analyzer, 1); if (ret < 0) return 0; #else client_analyzer = prelude_client_get_analyzer(global_client); ret = idmef_analyzer_clone(client_analyzer, &analyzer); if (ret < 0) return 0; idmef_alert_set_analyzer(alert, analyzer, 1); /*IDMEF_LIST_APPEND */ #endif /* configure analyzer */ ret = idmef_analyzer_new_model(analyzer, &string); if (ret < 0) return 0; prelude_string_set_constant(string, NUFW_ANALYZER_MODEL); ret = idmef_analyzer_new_class(analyzer, &string); if (ret < 0) return 0; prelude_string_set_constant(string, NUFW_ANALYZER_CLASS); ret = idmef_analyzer_new_version(analyzer, &string); if (ret < 0) return 0; prelude_string_set_constant(string, NUFW_ANALYZER_VERSION); ret = idmef_analyzer_new_manufacturer(analyzer, &string); if (ret < 0) return 0; prelude_string_set_constant(string, NUFW_ANALYZER_MANUFACTURER); return 1; } /** * Create Prelude alert message template. * * \return NULL on error, or new allocated idmef message on succes. */ static idmef_message_t *create_alert_template() { idmef_message_t *idmef; int ret; ret = idmef_message_new(&idmef); if (ret < 0) { prelude_perror(ret, "unable to create IDMEF message"); return NULL; } ret = feed_template(idmef); if (!ret) { prelude_perror(ret, "unable to create IDMEF message"); idmef_message_destroy(idmef); return NULL; } return idmef; } /** * Create Prelude packet message template * * \return NULL on error, or new allocated idmef message on succes. */ static idmef_message_t *create_packet_template() { idmef_message_t *idmef = create_alert_template(); if (!idmef) return NULL; return idmef; } /** * Set libnuclient as IDMEF source #0: protocol version and service name */ static void feed_source_libnuclient(idmef_message_t *idmef) { add_idmef_object(idmef, "alert.source(0).service.iana_protocol_number", "6"); add_idmef_object(idmef, "alert.source(0).service.protocol", "tcp"); } /** * Set nuauth as IDMEF target #0: process path and pid, source IPv6, protocol */ static void feed_target_nuauth(idmef_message_t *idmef) { char buffer[50]; char *process_name; add_idmef_object(idmef, "alert.target(0).process.path", nuauthdatas->program_fullpath); process_name = g_path_get_basename(nuauthdatas->program_fullpath); add_idmef_object(idmef, "alert.target(0).process.name", process_name); g_free(process_name); secure_snprintf(buffer, sizeof(buffer), "%lu", (unsigned long) getpid()); add_idmef_object(idmef, "alert.target(0).process.pid", buffer); add_idmef_object(idmef, "alert.target(0).service.port", nuauthconf->userpckt_port); add_idmef_object(idmef, "alert.target(0).service.protocol", "tcp"); } /** * Create Prelude authentication error message template * * \return NULL on error, or new allocated idmef message on succes. */ static idmef_message_t *create_autherr_template() { idmef_message_t *idmef = create_alert_template(); if (!idmef) return NULL; feed_source_libnuclient(idmef); feed_target_nuauth(idmef); return idmef; } /** * Create Prelude session message template * * \return NULL on error, or new allocated idmef message on succes. */ static idmef_message_t *create_session_template() { idmef_message_t *idmef = create_alert_template(); if (!idmef) return NULL; feed_source_libnuclient(idmef); feed_target_nuauth(idmef); return idmef; } /** * Create an IDMEF message from a template and set common parameters */ idmef_message_t* create_from_template(idmef_message_t *tpl, connection_t *conn) { idmef_message_t *idmef; idmef_alert_t *alert; idmef_time_t *create_time; idmef_time_t *detect_time; time_t now; int ret; time_t *creation_timestamp; /* copy the message */ if (idmef_message_clone(tpl, &idmef) < 0) { return NULL; } now = time(NULL); ret = idmef_message_new_alert(idmef, &alert); if (ret < 0) { idmef_message_destroy(idmef); return 0; } /* set create time */ if (conn) { creation_timestamp = &conn->timestamp; } else { creation_timestamp = &now; } ret = idmef_time_new_from_time(&create_time, creation_timestamp); if (ret < 0) { idmef_message_destroy(idmef); return 0; } idmef_alert_set_create_time(alert, create_time); /* set detect time */ ret = idmef_alert_new_detect_time(alert, &detect_time); if (ret < 0) { idmef_message_destroy(idmef); return 0; } idmef_time_set_from_time(detect_time, &now); return idmef; } /** * Set operating system information on the client (OS type and version) */ static void set_os_info(idmef_message_t *idmef, const char* osname, const char *osrelease, const char *osversion) { char buffer[256]; add_idmef_object(idmef, "alert.additional_data(0).type", "string"); add_idmef_object(idmef, "alert.additional_data(0).meaning", "Client OS"); secure_snprintf(buffer, sizeof(buffer), "%s %s %s", osname, osrelease, osversion); add_idmef_object(idmef, "alert.additional_data(0).data", buffer); } /** * Set information on NuFW (ip address, port) */ static void set_nufw_info(idmef_message_t *idmef, const char *nufw_address, const char *nufw_port) { char buffer[256]; add_idmef_object(idmef, "alert.additional_data(1).type", "string"); add_idmef_object(idmef, "alert.additional_data(1).meaning", "NuFW server address"); secure_snprintf(buffer, sizeof(buffer), "%s:%s", nufw_address, nufw_port); add_idmef_object(idmef, "alert.additional_data(1).data", buffer); } void set_source0_address(idmef_message_t *idmef, struct in6_addr *addr) { char ip_ascii[INET6_ADDRSTRLEN]; format_ipv6(addr, ip_ascii, INET6_ADDRSTRLEN, NULL); add_idmef_object(idmef, "alert.source(0).node.address(0).address", ip_ascii); add_idmef_object(idmef, "alert.source(0).spoofed", "no"); } /** * Create IDMEF message for NuFW packet message */ static idmef_message_t *create_message_packet(idmef_message_t * tpl, tcp_state_t state, connection_t * conn, char *state_text, char *impact, char *severity) { idmef_message_t *idmef; char buffer[50]; char ip_ascii[INET6_ADDRSTRLEN]; char *tmp_buffer; unsigned short psrc, pdst; idmef = create_from_template(tpl, conn); if (!idmef) { return NULL; } if (state == TCP_STATE_DROP) { tmp_buffer = "failed"; } else { tmp_buffer = "succeeded"; } add_idmef_object(idmef, "alert.assessment.impact.completion", tmp_buffer); add_idmef_object(idmef, "alert.classification.text", state_text); add_idmef_object(idmef, "alert.assessment.impact.severity", severity); add_idmef_object(idmef, "alert.assessment.impact.description", impact); /* IP source/dest */ set_source0_address(idmef, &conn->tracking.saddr); format_ipv6(&conn->tracking.daddr, ip_ascii, INET6_ADDRSTRLEN, NULL); add_idmef_object(idmef, "alert.target(0).node.address(0).address", ip_ascii); /* IP protocol */ if (secure_snprintf(buffer, sizeof(buffer), "%hu", conn->tracking.protocol)) { add_idmef_object(idmef, "alert.source(0).service.iana_protocol_number", buffer); add_idmef_object(idmef, "alert.target(0).service.iana_protocol_number", buffer); } /* TCP/UDP ports */ if (conn->tracking.protocol == IPPROTO_TCP || conn->tracking.protocol == IPPROTO_UDP) { if ((state == TCP_STATE_ESTABLISHED) /* || (state == TCP_STATE_DROP) */ ) { psrc = conn->tracking.dest; pdst = conn->tracking.source; } else { psrc = conn->tracking.source; pdst = conn->tracking.dest; } if (secure_snprintf(buffer, sizeof(buffer), "%hu", psrc)) { add_idmef_object(idmef, "alert.source(0).service.port", buffer); } if (secure_snprintf(buffer, sizeof(buffer), "%hu", pdst)) { add_idmef_object(idmef, "alert.target(0).service.port", buffer); } } else { del_idmef_object(idmef, "alert.source(0).service.port"); del_idmef_object(idmef, "alert.target(0).service.port"); if (conn->tracking.protocol == IPPROTO_ICMP) { add_idmef_object(idmef, "alert.source(0).service.name", "icmp"); add_idmef_object(idmef, "alert.target(0).service.name", "icmp"); } } /* user informations */ if (conn->username != NULL) { add_idmef_object(idmef, "alert.source(0).user.user_id(0).type", "current-user"); add_idmef_object(idmef, "alert.source(0).user.category", "application"); /* os-device */ add_idmef_object(idmef, "alert.source(0).user.user_id(0).name", conn->username); if (secure_snprintf (buffer, sizeof(buffer), "%lu", (long)conn->user_id)) { add_idmef_object(idmef, "alert.source(0).user.user_id(0).number", buffer); } } else { del_idmef_object(idmef, "alert.source(0).user"); } /* source process */ if (conn->app_name != NULL) { tmp_buffer = g_path_get_basename(conn->app_name); add_idmef_object(idmef, "alert.source(0).process.name", tmp_buffer); g_free(tmp_buffer); add_idmef_object(idmef, "alert.source(0).process.path", conn->app_name); } else { del_idmef_object(idmef, "alert.source(0).process"); } /* os informations */ if (conn->os_sysname != NULL) { set_os_info(idmef, conn->os_sysname, conn->os_release, conn->os_version); } /* informations about nufw server */ if (conn->tls != NULL) { format_ipv6(&conn->tls->peername, ip_ascii, INET6_ADDRSTRLEN, NULL); set_nufw_info(idmef, ip_ascii, nuauthconf->authreq_port); } return idmef; } /** * Add NuFW client informations to an IDMEF message: user name and identifier */ static void add_user_information(idmef_message_t * idmef, user_session_t * session, int userid_is_valid) { char buffer[50]; if (session->user_name != NULL) { add_idmef_object(idmef, "alert.source(0).user.user_id(0).type", "current-user"); add_idmef_object(idmef, "alert.source(0).user.category", "application"); /* os-device */ add_idmef_object(idmef, "alert.source(0).user.user_id(0).name", session->user_name); if (userid_is_valid && secure_snprintf (buffer, sizeof(buffer), "%lu", (long)session->user_id)) { add_idmef_object(idmef, "alert.source(0).user.user_id(0).number", buffer); } } else { del_idmef_object(idmef, "alert.source(0).user"); } } /** * Create IDMEF message for a NuFW session message */ static idmef_message_t *create_message_session(idmef_message_t * tpl, user_session_t * session, char *state_text, char *impact, char *severity) { idmef_message_t *idmef; char buffer[50]; char ip_ascii[INET6_ADDRSTRLEN]; idmef = create_from_template(tpl, NULL); if (!idmef) { return NULL; } add_idmef_object(idmef, "alert.classification.text", state_text); add_idmef_object(idmef, "alert.assessment.impact.completion", "succeeded"); add_idmef_object(idmef, "alert.assessment.impact.severity", severity); /* info | low | medium | high */ add_idmef_object(idmef, "alert.assessment.impact.description", impact); /* source address/service */ secure_snprintf(buffer, sizeof(buffer), "%hu", session->sport); add_idmef_object(idmef, "alert.source(0).service.port", buffer); set_source0_address(idmef, &session->addr); /* set user informations */ add_user_information(idmef, session, 1); format_ipv6(&session->server_addr, ip_ascii, INET6_ADDRSTRLEN, NULL); add_idmef_object(idmef, "alert.target(0).node.address(0).address", ip_ascii); /* os informations */ set_os_info(idmef, session->sysname, session->release, session->version); return idmef; } static idmef_message_t *create_message_autherr(idmef_message_t * tpl, user_session_t * session, const char *text, const char *severity) { idmef_message_t *idmef; char buffer[50]; char ip_ascii[INET6_ADDRSTRLEN]; idmef = create_from_template(tpl, NULL); if (!idmef) { return NULL; } add_idmef_object(idmef, "alert.assessment.impact.completion", "failed"); add_idmef_object(idmef, "alert.assessment.impact.severity", severity); add_idmef_object(idmef, "alert.classification.text", "Authentication error"); add_idmef_object(idmef, "alert.assessment.impact.description", text); /* source address */ set_source0_address(idmef, &session->addr); secure_snprintf(buffer, sizeof(buffer), "%hu", session->sport); add_idmef_object(idmef, "alert.source(0).service.port", buffer); format_ipv6(&session->server_addr, ip_ascii, INET6_ADDRSTRLEN, NULL); add_idmef_object(idmef, "alert.target(0).node.address(0).address", ip_ascii); /* set user informations */ add_user_information(idmef, session, 0); return idmef; } G_MODULE_EXPORT gint user_packet_logs(void *pelement, tcp_state_t state, gpointer params_ptr) { struct log_prelude_params *params = params_ptr; connection_t *element = (connection_t *)pelement; idmef_message_t *tpl; idmef_message_t *message; char *impact; char *state_text; char *severity; state_text = "Connection state change"; switch (state) { case TCP_STATE_OPEN: impact = "Connection opened"; severity = "low"; break; case TCP_STATE_ESTABLISHED: impact = "Connection established"; severity = "info"; break; case TCP_STATE_CLOSE: impact = "Connection closed"; severity = "low"; break; case TCP_STATE_DROP: if (element->username != NULL) { impact = "Authenticated connection dropped"; severity = "high"; } else { impact = "Unauthenticated connection dropped"; severity = "medium"; } break; default: return -1; } /* get message template (or create it if needed) */ tpl = g_private_get(params->packet_tpl); if (!tpl) { tpl = create_packet_template(); if (!tpl) { return -1; } g_private_set(params->packet_tpl, tpl); } /* feed message fields */ message = create_message_packet(tpl, state, element, state_text, impact, severity); if (!message) { return -1; } /* send message */ g_mutex_lock(global_client_mutex); prelude_client_send_idmef(global_client, message); g_mutex_unlock(global_client_mutex); idmef_message_destroy(message); return 0; } G_MODULE_EXPORT int user_session_logs(user_session_t * c_session, session_state_t state, gpointer params_ptr) { struct log_prelude_params *params = params_ptr; idmef_message_t *tpl; idmef_message_t *message; char *impact = NULL; char *severity; char *state_text; switch (state) { case SESSION_OPEN: state_text = "User login"; severity = "medium"; impact = g_strdup_printf("User \"%s\" logged in", c_session->user_name); break; case SESSION_CLOSE: state_text = "User logout"; severity = "low"; impact = g_strdup_printf("User \"%s\" logged out", c_session->user_name); break; default: return -1; } /* get message template (or create it if needed) */ tpl = g_private_get(params->session_tpl); if (!tpl) { tpl = create_session_template(); if (!tpl) { g_free(impact); return -1; } g_private_set(params->session_tpl, tpl); } /* feed message fields */ message = create_message_session(tpl, c_session, state_text, impact, severity); g_free(impact); if (!message) { return -1; } /* send message */ g_mutex_lock(global_client_mutex); prelude_client_send_idmef(global_client, message); g_mutex_unlock(global_client_mutex); idmef_message_destroy(message); return 0; } /** * Function called only once: when the module is loaded. * * \return NULL */ G_MODULE_EXPORT gchar *g_module_check_init() { const char *version; int argc = 1; char *argv[2]; int ret; argv[0] = nuauthdatas->program_fullpath; argv[1] = NULL; log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[+] Prelude log: Init Prelude library"); version = prelude_check_version(PRELUDE_VERSION_REQUIRE); if (version == NULL) { log_message(FATAL, DEBUG_AREA_MAIN, "Fatal error: Prelude module needs prelude version %s (installed version is %s)!", PRELUDE_VERSION_REQUIRE, prelude_check_version(NULL)); exit(EXIT_FAILURE); } ret = prelude_init(&argc, argv); if (ret < 0) { log_message(FATAL, DEBUG_AREA_MAIN, "Fatal error: Fail to init Prelude module: %s!", prelude_strerror(ret)); exit(EXIT_FAILURE); } log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[+] Prelude log: Open client connection"); /* Ask Prelude to don't log anything */ prelude_log_set_flags(PRELUDE_LOG_FLAGS_QUIET); /* create a new client */ global_client_mutex = g_mutex_new(); ret = prelude_client_new(&global_client, "nufw"); if (!global_client) { log_message(FATAL, DEBUG_AREA_MAIN, "Fatal error: Unable to create a prelude client object: %s!", prelude_strerror(ret)); exit(EXIT_FAILURE); } ret = prelude_client_start(global_client); if (ret < 0) { log_message(FATAL, DEBUG_AREA_MAIN, "Fatal error: Unable to start prelude client: %s!", prelude_strerror(ret)); exit(EXIT_FAILURE); } cleanup_func_push(update_prelude_timer); return NULL; } G_MODULE_EXPORT void auth_error_log(user_session_t * session, nuauth_auth_error_t error, const char *text, gpointer params_ptr) { struct log_prelude_params *params = params_ptr; idmef_message_t *tpl; idmef_message_t *message; const char *severity; /* get message template (or create it if needed) */ tpl = g_private_get(params->autherr_tpl); if (!tpl) { tpl = create_autherr_template(); if (!tpl) { return; } g_private_set(params->autherr_tpl, tpl); } /* feed message fields */ if (error == AUTH_ERROR_CREDENTIALS) { severity = "high"; } else { severity = "medium"; } message = create_message_autherr(tpl, session, text, severity); if (!message) { return; } /* send message */ g_mutex_lock(global_client_mutex); prelude_client_send_idmef(global_client, message); g_mutex_unlock(global_client_mutex); idmef_message_destroy(message); } /** @} */ nufw-2.4.3/src/nuauth/modules/Makefile.am0000644000175000017500000000036611431206275015225 00000000000000SUBDIRS = ldap log_syslog log_script log_mysql log_pgsql plaintext system xml_defs \ x509_std log_nuprelude mark_uid session_expire ipauth_guest \ mark_group mark_field mark_flag auth_mysql session_authtype \ log_ulogd2 postauth_localuser nufw-2.4.3/src/nuauth/modules/log_ulogd2/0000777000175000017500000000000011431215442015301 500000000000000nufw-2.4.3/src/nuauth/modules/log_ulogd2/Makefile.in0000644000175000017500000004036611431215401017266 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # ulogd2 log plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/log_ulogd2 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libulogd2_la_LIBADD = am__libulogd2_la_SOURCES_DIST = ulogd2.c log_ulogd2_request.c \ log_ulogd2.h log_ulogd2_request.h am__objects_1 = @USE_ULOGD2_LOG_TRUE@am_libulogd2_la_OBJECTS = ulogd2.lo \ @USE_ULOGD2_LOG_TRUE@ log_ulogd2_request.lo $(am__objects_1) libulogd2_la_OBJECTS = $(am_libulogd2_la_OBJECTS) libulogd2_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libulogd2_la_LDFLAGS) $(LDFLAGS) -o $@ @USE_ULOGD2_LOG_TRUE@am_libulogd2_la_rpath = -rpath $(plugindir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libulogd2_la_SOURCES) DIST_SOURCES = $(am__libulogd2_la_SOURCES_DIST) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @USE_ULOGD2_LOG_TRUE@AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" @USE_ULOGD2_LOG_TRUE@INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth -I$(top_srcdir)/src/include -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ @USE_ULOGD2_LOG_TRUE@plugindir = $(libdir)/nuauth/modules @USE_ULOGD2_LOG_TRUE@plugin_LTLIBRARIES = libulogd2.la @USE_ULOGD2_LOG_TRUE@noinst_libulogd2_la_SOURCES = log_ulogd2.h log_ulogd2_request.h @USE_ULOGD2_LOG_TRUE@libulogd2_la_SOURCES = ulogd2.c log_ulogd2_request.c ${noinst_libulogd2_la_SOURCES} @USE_ULOGD2_LOG_TRUE@libulogd2_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/log_ulogd2/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/log_ulogd2/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done @USE_ULOGD2_LOG_FALSE@libulogd2.la: $(libulogd2_la_OBJECTS) $(libulogd2_la_DEPENDENCIES) @USE_ULOGD2_LOG_FALSE@ $(libulogd2_la_LINK) $(am_libulogd2_la_rpath) $(libulogd2_la_OBJECTS) $(libulogd2_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log_ulogd2_request.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ulogd2.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES @USE_ULOGD2_LOG_TRUE@libulogd2.la: $(libulogd2_la_OBJECTS) $(libulogd2_la_DEPENDENCIES) @USE_ULOGD2_LOG_TRUE@ $(LINK) -rpath $(plugindir) $(libulogd2_la_LDFLAGS) $(libulogd2_la_OBJECTS) $(libulogd2_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/log_ulogd2/ulogd2.c0000644000175000017500000001561511431206275016571 00000000000000/* ** Copyright(C) 2008-2009 INL ** Written by Pierre Chifflier ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include #include #include #include #include #include #include "log_ulogd2.h" #include "security.h" /** * \ingroup LoggingNuauthModules * \defgroup Ulogd2Module Ulogd2 logging module * * @{ */ static int _connect_ulogd2_socket(struct log_ulogd2_params *params); /* * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } static ssize_t _ulogd2_write(struct log_ulogd2_params *params, const void *data, size_t count) { ssize_t sz; int ret; unsigned int retry_count = 0; unsigned int max_retry_count = 1; if (params->fd < 0) { ret = _connect_ulogd2_socket(params); if (ret < 0) { return -1; } log_message(DEBUG, DEBUG_AREA_MAIN, "ulogd2: reconnection successful"); } do { sz = write(params->fd, data, count); if (sz <= 0) { if (errno == EPIPE) { retry_count++; ret = _connect_ulogd2_socket(params); if (ret >= 0) { log_message(DEBUG, DEBUG_AREA_MAIN, "ulogd2: reconnection successful"); } } else break; } } while (sz <= 0 && retry_count <= max_retry_count); if (sz <= 0) { log_message(DEBUG, DEBUG_AREA_MAIN, "ulogd2: write() failed: %s (%d)", strerror(errno), errno); return -1; } return sz; } static ssize_t ulogd2_send_request(struct log_ulogd2_params *params, struct ulogd2_request*req) { unsigned char buf[1024]; int ret; ret = ulogd2_request_format(req, buf, sizeof(buf)); if (ret < 0) { log_message(WARNING, DEBUG_AREA_MAIN, "ulogd2: unable to format request"); return -1; } ret = _ulogd2_write(params, buf, ret); return ret; } G_MODULE_EXPORT gint user_packet_logs(void *element, tcp_state_t state, gpointer params_p) { struct log_ulogd2_params *params = (struct log_ulogd2_params*)params_p; char *str_state; const connection_t *connection = element; struct ulogd2_request *req; u_int32_t u_time_sec; u_int8_t u_state; /* contruct request */ switch (state) { case TCP_STATE_OPEN: str_state = "Open "; break; case TCP_STATE_CLOSE: str_state = "Close "; break; case TCP_STATE_ESTABLISHED: str_state = "Established "; break; case TCP_STATE_DROP: str_state = "Drop "; break; default: str_state = "Unknown "; } if (connection->payload_len > sizeof(connection->payload)) { log_message(WARNING, DEBUG_AREA_MAIN, "ulogd2: invalid payload len %d, ignoring packet !", connection->payload_len); return 0; } req = ulogd2_request_new(); if (req == NULL) { log_message(WARNING, DEBUG_AREA_MAIN, "ulogd2: unable to allocate request"); return 0; } ulogd2_request_set_payload(req, (unsigned char*)connection->payload, connection->payload_len); if (connection->log_prefix) { gchar *place; place = strchr(connection->log_prefix, '?'); if (place) { switch (state) { case TCP_STATE_OPEN: *place = 'A'; break; case TCP_STATE_DROP: *place = 'D'; break; case TCP_STATE_ESTABLISHED: case TCP_STATE_CLOSE: default: break; } } ulogd2_request_add_option(req, ULOGD2_OPT_PREFIX, connection->log_prefix, strlen(connection->log_prefix)); } else { ulogd2_request_add_option(req, ULOGD2_OPT_PREFIX, str_state, strlen(str_state)); } u_state = (u_int8_t)state; ulogd2_request_add_option(req, ULOGD2_OPT_STATE, (void*)&u_state, sizeof(u_int8_t)); /* this will work until 2038 */ u_time_sec = (u_int32_t)connection->timestamp; ulogd2_request_add_option(req, ULOGD2_OPT_OOB_TIME_SEC, (void*)&u_time_sec, sizeof(u_int32_t)); if (connection->iface_nfo.indev[0] != '\0') { ulogd2_request_add_option(req, ULOGD2_OPT_OOB_IN, (void*)connection->iface_nfo.indev, strlen(connection->iface_nfo.indev)); } if (connection->iface_nfo.outdev[0] != '\0') { ulogd2_request_add_option(req, ULOGD2_OPT_OOB_OUT, (void*)connection->iface_nfo.outdev, strlen(connection->iface_nfo.outdev)); } if (connection->username) ulogd2_request_add_option(req, ULOGD2_OPT_USER, connection->username, strlen(connection->username)); if (connection->user_id) ulogd2_request_add_option(req, ULOGD2_OPT_USERID, (void*)&connection->user_id, sizeof(u_int32_t)); if (connection->os_sysname) ulogd2_request_add_option(req, ULOGD2_OPT_OSNAME, connection->os_sysname, strlen(connection->os_sysname)); if (connection->os_release) ulogd2_request_add_option(req, ULOGD2_OPT_OSREL, connection->os_release, strlen(connection->os_release)); if (connection->os_version) ulogd2_request_add_option(req, ULOGD2_OPT_OSVERS, connection->os_version, strlen(connection->os_version)); if (connection->app_name) ulogd2_request_add_option(req, ULOGD2_OPT_APPNAME, connection->app_name, strlen(connection->app_name)); ulogd2_send_request(params, req); ulogd2_request_free(req); return 0; } G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { struct log_ulogd2_params * params = g_new0(struct log_ulogd2_params, 1); int ret; log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Log_ulogd2 module ($Revision$)"); module->params = (gpointer) params; params->path = nuauth_config_table_get_or_default("ulogd2_socket", DEFAULT_ULOGD2_SOCKET); params->fd = -1; ret = _connect_ulogd2_socket(params); return TRUE; } G_MODULE_EXPORT gboolean unload_module_with_params(gpointer params_p) { return TRUE; } static int _connect_ulogd2_socket(struct log_ulogd2_params *params) { const char *socket_location = params->path; struct sockaddr_un server_sock; int s; socklen_t len; int ret; if (params->fd >= 0) { close(params->fd); params->fd = -1; } s = socket(AF_UNIX, SOCK_STREAM, 0); if (s < 0) return -1; server_sock.sun_family = AF_UNIX; /* server_sock is declared before socket() ^ */ strncpy(server_sock.sun_path, socket_location, sizeof(server_sock.sun_path)-1); len = strlen(server_sock.sun_path) + sizeof(server_sock.sun_family); ret = connect(s, (struct sockaddr *)&server_sock, len); if (ret < 0) { log_message(WARNING, DEBUG_AREA_MAIN, "ulogd2: could not connect to unix socket \'%s\'", server_sock.sun_path); close(s); return -1; } params->fd = s; return s; } /** @} */ nufw-2.4.3/src/nuauth/modules/log_ulogd2/log_ulogd2.h0000644000175000017500000000174111431206275017432 00000000000000/* ** Copyright(C) 2008-2009 INL ** Written by Pierre Chifflier ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef __LOG_ULOGD2_H__ #define __LOG_ULOGD2_H__ struct log_ulogd2_params { char *path; int fd; }; #define DEFAULT_ULOGD2_SOCKET "/var/run/ulogd2.sock" #include "log_ulogd2_request.h" #endif /* __LOG_ULOGD2_H__ */ nufw-2.4.3/src/nuauth/modules/log_ulogd2/log_ulogd2_request.c0000644000175000017500000001016111431206275021171 00000000000000/* ** Copyright(C) 2008-2010 INL ** Written by Pierre Chifflier ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include #include #include #include #include #include #include #include #include "log_ulogd2.h" #include "security.h" /** * \ingroup Ulogd2Module * * @{ */ /***** Keep this in sync with ulogd2 **********/ struct ulogd_unixsock_packet_t { uint32_t marker; uint16_t total_size; uint32_t version:4, reserved:28; uint16_t payload_length; } __attribute__((packed)); struct ulogd_unixsock_option_t { uint32_t option_id; uint32_t option_length; char option_value[0]; } __attribute__((packed)); #define USOCK_ALIGNTO 8 #define USOCK_ALIGN(len) ( ((len)+USOCK_ALIGNTO-1) & ~(USOCK_ALIGNTO-1) ) /***** end of sync **********/ struct ulogd2_request * ulogd2_request_new(void) { struct ulogd2_request *req; req = g_new0(struct ulogd2_request, 1); req->payload = NULL; req->payload_len = 0; req->options = g_new0(struct ulogd2_option, 1); req->options->opt = -1; req->options->value = NULL; req->options->length = 0; INIT_LLIST_HEAD( &req->options->list ); return req; } void ulogd2_request_set_payload(struct ulogd2_request *req, unsigned char *payload, unsigned int payload_len) { req->payload = payload; req->payload_len = payload_len; } void ulogd2_request_add_option(struct ulogd2_request *req, unsigned int opt, void *value, unsigned int length) { struct ulogd2_option *option = NULL; option = g_new0(struct ulogd2_option, 1); option->opt = opt; option->value = value; option->length = length; INIT_LLIST_HEAD( &option->list ); llist_add(&option->list, &req->options->list); } #define INC_RET(value) do { ret += value; if (ret >= bufsz) return -1; } while(0) ssize_t ulogd2_request_format(struct ulogd2_request *req, unsigned char*buf, unsigned int bufsz) { struct ulogd2_option *opt, *optbkp; size_t ret=0; int padded_length; struct ulogd_unixsock_packet_t pkt; if (bufsz < sizeof(struct ulogd_unixsock_packet_t)) return -1; pkt.marker = htonl(ULOGD_SOCKET_MARK); pkt.total_size = 0; /* stored later */ pkt.version = 0; pkt.reserved = 0; pkt.payload_length = htons(req->payload_len); memcpy(buf, &pkt, sizeof(pkt)); INC_RET(sizeof(pkt)); memcpy(buf+ret, req->payload, req->payload_len); padded_length = USOCK_ALIGN(req->payload_len); INC_RET(padded_length); /* Options, in KLV (Key Length Value) format */ llist_for_each_entry_safe(opt, optbkp, &req->options->list, list) { /* Key ID */ *(u_int32_t*)(buf + ret) = htonl(opt->opt); INC_RET(sizeof(u_int32_t)); /* Length */ /* always write a \0 after option data, hence the +1 */ *(u_int32_t*)(buf + ret) = htonl(opt->length + 1); INC_RET(sizeof(u_int32_t)); /* Value */ memcpy(buf+ret, opt->value, opt->length); buf[ret + opt->length] = '\0'; padded_length = USOCK_ALIGN(opt->length); INC_RET(padded_length); } /* finally, set options length */ *(u_int16_t*)(buf + sizeof(u_int32_t)) = htons(ret - sizeof(u_int32_t)); return ret; } void ulogd2_request_free(struct ulogd2_request *req) { if (req->options) { struct ulogd2_option *opt, *optbkp; llist_for_each_entry_safe(opt, optbkp, &req->options->list, list) { g_free(opt); } //while (!llist_empty(&req->options->list)) { // opt = llist_entry(&req->options->list, struct ulogd2_option, list); // llist_del(&req->options->list); //} g_free(req->options); } g_free(req); } /** @} */ nufw-2.4.3/src/nuauth/modules/log_ulogd2/Makefile.am0000644000175000017500000000127411431206275017261 00000000000000# ulogd2 log plugin if USE_ULOGD2_LOG AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth -I$(top_srcdir)/src/include -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libulogd2.la noinst_libulogd2_la_SOURCES = log_ulogd2.h log_ulogd2_request.h libulogd2_la_SOURCES = ulogd2.c log_ulogd2_request.c ${noinst_libulogd2_la_SOURCES} libulogd2_la_LDFLAGS = -module -avoid-version libulogd2.la: $(libulogd2_la_OBJECTS) $(libulogd2_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libulogd2_la_LDFLAGS) $(libulogd2_la_OBJECTS) $(libulogd2_la_LIBADD) endif nufw-2.4.3/src/nuauth/modules/log_ulogd2/log_ulogd2_request.h0000644000175000017500000000454411431206275021206 00000000000000/* ** Copyright(C) 2008-2010 INL ** Written by Pierre Chifflier ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef __LOG_ULOGD2_REQUEST_H__ #define __LOG_ULOGD2_REQUEST_H__ #include "nubase.h" enum ulogd2_option_type { ULOGD2_OPT_UNUSED = 0, ULOGD2_OPT_PREFIX, /* log prefix (string) */ ULOGD2_OPT_OOB_IN, /* input device (string) */ ULOGD2_OPT_OOB_OUT, /* output device (string) */ ULOGD2_OPT_OOB_TIME_SEC, /* packet arrival time (u_int32_t) */ /* NuFW specific options */ ULOGD2_OPT_USER=200, /* user name (string) */ ULOGD2_OPT_USERID, /* user id (u_int32_t) */ ULOGD2_OPT_OSNAME, /* OS name (string) */ ULOGD2_OPT_OSREL, /* OS release (string) */ ULOGD2_OPT_OSVERS, /* OS version (string) */ ULOGD2_OPT_APPNAME, /* application name (string) */ ULOGD2_OPT_STATE, /* connection state: 0 (drop), 1 (open), 2 (established), 3 (close), 4 (unknown) */ }; struct ulogd2_option { /* must come first */ struct llist_head list; unsigned int opt; void * value; unsigned int length; }; /* Unique value used as a signature to ensure received data is really * a packet */ #define ULOGD_SOCKET_MARK 0x41c90fd4 struct ulogd2_request { /* fields to be sent to ulogd2 */ unsigned int payload_len; unsigned char *payload; struct ulogd2_option *options; }; struct ulogd2_request * ulogd2_request_new(void); void ulogd2_request_set_payload(struct ulogd2_request *ur, unsigned char *payload, unsigned int payload_len); void ulogd2_request_add_option(struct ulogd2_request *req, unsigned int opt, void *value, unsigned int length); ssize_t ulogd2_request_format(struct ulogd2_request *ur, unsigned char *buf, unsigned int bufsz); void ulogd2_request_free(struct ulogd2_request *ur); #endif /* __LOG_ULOGD2_REQUEST_H__ */ nufw-2.4.3/src/nuauth/modules/plaintext/0000777000175000017500000000000011431215440015252 500000000000000nufw-2.4.3/src/nuauth/modules/plaintext/Makefile.in0000644000175000017500000004036011431215402017234 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # plaintext plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/plaintext DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libplaintext_la_LIBADD = am__libplaintext_la_SOURCES_DIST = plaintext.c auth_plaintext.h am__objects_1 = @USE_PLAINTEXT_AUTH_TRUE@am_libplaintext_la_OBJECTS = plaintext.lo \ @USE_PLAINTEXT_AUTH_TRUE@ $(am__objects_1) libplaintext_la_OBJECTS = $(am_libplaintext_la_OBJECTS) libplaintext_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libplaintext_la_LDFLAGS) $(LDFLAGS) -o $@ @USE_PLAINTEXT_AUTH_TRUE@am_libplaintext_la_rpath = -rpath \ @USE_PLAINTEXT_AUTH_TRUE@ $(plugindir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libplaintext_la_SOURCES) DIST_SOURCES = $(am__libplaintext_la_SOURCES_DIST) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @USE_PLAINTEXT_AUTH_TRUE@AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" @USE_PLAINTEXT_AUTH_TRUE@INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ @USE_PLAINTEXT_AUTH_TRUE@plugindir = $(libdir)/nuauth/modules @USE_PLAINTEXT_AUTH_TRUE@plugin_LTLIBRARIES = libplaintext.la @USE_PLAINTEXT_AUTH_TRUE@noinst_libplaintext_la_SOURCES = auth_plaintext.h @USE_PLAINTEXT_AUTH_TRUE@libplaintext_la_SOURCES = plaintext.c ${noinst_libplaintext_la_SOURCES} @USE_PLAINTEXT_AUTH_TRUE@libplaintext_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/plaintext/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/plaintext/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done @USE_PLAINTEXT_AUTH_FALSE@libplaintext.la: $(libplaintext_la_OBJECTS) $(libplaintext_la_DEPENDENCIES) @USE_PLAINTEXT_AUTH_FALSE@ $(libplaintext_la_LINK) $(am_libplaintext_la_rpath) $(libplaintext_la_OBJECTS) $(libplaintext_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/plaintext.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES @USE_PLAINTEXT_AUTH_TRUE@libplaintext.la: $(libplaintext_la_OBJECTS) $(libplaintext_la_DEPENDENCIES) @USE_PLAINTEXT_AUTH_TRUE@ $(LINK) -rpath $(plugindir) $(libplaintext_la_LDFLAGS) $(libplaintext_la_OBJECTS) $(libplaintext_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/plaintext/Makefile.am0000644000175000017500000000127711431206275017237 00000000000000# plaintext plugin if USE_PLAINTEXT_AUTH AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libplaintext.la noinst_libplaintext_la_SOURCES = auth_plaintext.h libplaintext_la_SOURCES = plaintext.c ${noinst_libplaintext_la_SOURCES} libplaintext_la_LDFLAGS = -module -avoid-version libplaintext.la: $(libplaintext_la_OBJECTS) $(libplaintext_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libplaintext_la_LDFLAGS) $(libplaintext_la_OBJECTS) $(libplaintext_la_LIBADD) endif nufw-2.4.3/src/nuauth/modules/plaintext/plaintext.c0000644000175000017500000010542011431206275017352 00000000000000/* ** "plaintext" module ** Copyright(C) 2004-2005 Mikael Berthe ** Copyright(C) 2005-2008 INL ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "auth_srv.h" #include #include "auth_plaintext.h" #include "nuauthconf.h" /** * * \ingroup AuthNuauthModules * \defgroup PlaintextModule Plaintext authentication and acl module * * @{ */ /** * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } /** * strip_line() * Returns a pointer on stripped line or * NULL if the line should be skipped and acceptnull is true. */ static char *strip_line(char *line, int acceptnull) { char *p_tmp; /* Let's get rid of tabs and spaces */ while ((*line == ' ') || (*line == '\t')) line++; /* Let's get rid of trailing characters */ for (p_tmp = line; *p_tmp; p_tmp++); if (p_tmp != line) p_tmp--; for (; p_tmp > line && (*p_tmp == '\n' || *p_tmp == '\r' || *p_tmp == ' ' || *p_tmp == '\t'); *p_tmp-- = 0); if (!acceptnull) return line; /* Discard comments and empty lines */ if (*line == '#' || *line == 0 || *line == '\r' || *line == '\n') return NULL; return line; } /** * parse_ints() * Extracts integers (like group ids) in intline and fills *p_intlist. * prefix is displayed in front of the log messages. * Returns 0 if successful. */ static int parse_ints(char *intline, GSList ** p_intlist, char *prefix) { char *p_nextint; char *p_ints = intline; GSList *intlist = *p_intlist; int number; /* parsing ints */ while (p_ints) { p_nextint = strchr(p_ints, ','); if (p_nextint) { *p_nextint = 0; } if (sscanf(p_ints, "%u", &number) != 1) { /* We can't read a number. This will be an error only if we can */ /* see a comma next. */ if (p_nextint) { log_message(FATAL, DEBUG_AREA_MAIN, "%s parse_ints: Malformed line", prefix); *p_intlist = intlist; return 1; } log_message(WARNING, DEBUG_AREA_MAIN, "%s parse_ints: Garbarge at end of line", prefix); } else { /* One number (group, integer...) to add */ intlist = g_slist_prepend(intlist, GUINT_TO_POINTER((u_int32_t) number)); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "%s Added group/int %d", prefix, number); } if ((p_ints = p_nextint)) p_ints++; } *p_intlist = intlist; return 0; } /** * parse_ports() * Extracts ports from groupline and fills *p_portslist. * prefix is displayed in front of the log messages. * Returns 0 if successful. */ static int parse_ports(char *portsline, GSList ** p_portslist, char *prefix) { char *p_nextports; char *p_ports = portsline; GSList *portslist = *p_portslist; struct plaintext_ports ports; int n, fport, lastport; /* parsing ports */ while (p_ports) { p_nextports = strchr(p_ports, ','); if (p_nextports) { *p_nextports = 0; } n = sscanf(p_ports, "%d-%d", &fport, &lastport); ports.firstport = (uint16_t) fport; if ((n != 1) && (n != 2)) { /* We can't read a port number. This will be an error only if we can */ /* see a comma next. */ if (p_nextports) { log_message(FATAL, DEBUG_AREA_MAIN, "%s parse_ports: Malformed line", prefix); *p_portslist = portslist; return 1; } log_message(WARNING, DEBUG_AREA_MAIN, "%s parse_ports: Garbarge at end of line", prefix); } else { struct plaintext_ports *this_port; /* One port or ports range to add... */ if (n == 2) { /* That's a range */ if (lastport >= fport) { ports.nbports = lastport - fport; } else { ports.nbports = -1; log_message(WARNING, DEBUG_AREA_MAIN, "%s parse_ports: Malformed line", prefix); } } else ports.nbports = 0; if (ports.nbports >= 0) { this_port = g_new0(struct plaintext_ports, 1); this_port->firstport = ports.firstport; this_port->nbports = ports.nbports; portslist = g_slist_prepend(portslist, this_port); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "%s Adding Port = %d, number = %d", prefix, ports.firstport, ports.nbports); } } if ((p_ports = p_nextports)) p_ports++; } *p_portslist = portslist; return 0; } /** * Try to match an address from an IP/mask list. * * \param ip_list Single linked list of plaintext_ip items * \param addr Address to match * \return 1 if addr match ip_list, 0 otherwise */ static int match_ip(GSList * ip_list, struct in6_addr *addr) { if (!ip_list) return 1; for (; ip_list != NULL; ip_list = g_slist_next(ip_list)) { struct plaintext_ip *item = (struct plaintext_ip *) ip_list->data; if (compare_ipv6_with_mask (&item->addr, addr, &item->netmask) == 0) return 1; } return 0; } /** * parse_ips() * Extracts IP addresses from ipsline and fills *ipslist. * prefix is displayed in front of the log messages. * Returns 0 if successful. */ static int parse_ips(char *ipsline, GSList ** ip_list, char *prefix) { char addr_ascii[INET6_ADDRSTRLEN]; char mask_ascii[INET6_ADDRSTRLEN]; struct in_addr ip_addr4; struct in6_addr ip_addr6; char *p_tmp; gchar **ip_items = g_strsplit(ipsline, ",", 0); gchar **iter = ip_items; gchar *line; struct plaintext_ip this_ip, *this_ip_copy; int result = 0; /* parsing IPs */ for (iter = ip_items; iter != NULL && *iter != NULL; iter++) { int32_t mask = 0; int n; line = strip_line(*iter, FALSE); /* Is there a netmask? */ p_tmp = strchr(line, '/'); if (p_tmp != NULL) { *p_tmp++ = 0; n = sscanf(p_tmp, "%u", &mask); if (n != 1) { log_message(FATAL, DEBUG_AREA_MAIN, "plaintext warning: wrong network mask (%s)", p_tmp); result = 1; break; } } else { /* no -> default netmask is 32 bits */ mask = 128; } if (0 < inet_pton(AF_INET, line, &ip_addr4)) { ipv4_to_ipv6(ip_addr4, &this_ip.addr); mask += (128 - 32); } else if (0 < inet_pton(AF_INET6, line, &ip_addr6)) { this_ip.addr = ip_addr6; } else { /* We can't read an IP address. This will be an error only if we can */ /* see a comma next. */ log_message(FATAL, DEBUG_AREA_MAIN, "%s parse_ips: Unable to parse IP address: %s", prefix, line); result = 1; break; } /* Create netmask IPv6 address from netmask in bits */ create_ipv6_netmask(&this_ip.netmask, mask); if (compare_ipv6_with_mask (&this_ip.addr, &this_ip.addr, &this_ip.netmask) != 0) { format_ipv6(&this_ip.addr, addr_ascii, INET6_ADDRSTRLEN, NULL); format_ipv6(&this_ip.netmask, mask_ascii, INET6_ADDRSTRLEN, NULL); log_message(FATAL, DEBUG_AREA_MAIN, "%s parse_ips: Invalid network specification: IP=%s, netmask=%s!", prefix, addr_ascii, mask_ascii); result = 1; break; } this_ip_copy = g_memdup(&this_ip, sizeof(this_ip)); *ip_list = g_slist_prepend(*ip_list, this_ip_copy); #ifdef DEBUG_ENABLE format_ipv6(&this_ip_copy->addr, addr_ascii, INET6_ADDRSTRLEN, NULL); format_ipv6(&this_ip_copy->netmask, mask_ascii, INET6_ADDRSTRLEN, NULL); log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "%s Adding IP = %s, netmask = %s", prefix, addr_ascii, mask_ascii); #endif } g_strfreev(ip_items); return result; } /** * read_user_list() * Reads users conf file and fills the *plaintext_userlist structure. * Returns 0 if successful. * Line format: "username:passwd:gid1,gid2,gid3" (gid are numbers) */ static int read_user_list(struct plaintext_params *params) { struct plaintext_user *plaintext_user; FILE *fd; char line[1024]; char *p_username, *p_passwd, *p_uid, *p_groups; u_int32_t uid; char log_prefix[16]; int ln = 0; /* Line number */ log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "[plaintext] read_user_list: reading [%s]", params->plaintext_userfile); fd = fopen(params->plaintext_userfile, "r"); if (!fd) { log_message(WARNING, DEBUG_AREA_AUTH, "read_user_list: fopen error"); return 1; } while (fgets(line, sizeof(line), fd) != NULL) { ln++; p_username = strip_line(line, TRUE); if (!p_username) continue; /* User Name */ if (!p_username) { log_message(WARNING, DEBUG_AREA_AUTH, "L.%d: read_user_list: Malformed line (no username)", ln); fclose(fd); return 2; } /* Password */ p_passwd = strchr(p_username, ':'); if (!p_passwd) { log_message(WARNING, DEBUG_AREA_AUTH, "L.%d: read_user_list: Malformed line (no passwd)", ln); fclose(fd); return 2; } *p_passwd++ = 0; /* UID */ p_uid = strchr(p_passwd, ':'); if (!p_uid) { log_message(WARNING, DEBUG_AREA_AUTH, "L.%d: read_user_list: Malformed line (no uid)", ln); fclose(fd); return 2; } *p_uid++ = 0; if (sscanf(p_uid, "%d", &uid) != 1) { log_message(WARNING, DEBUG_AREA_AUTH, "L.%d: read_user_list: Malformed line " "(uid should be a number)", ln); fclose(fd); return 2; } /* List of groups */ p_groups = strchr(p_uid, ':'); if (!p_groups) { log_message(WARNING, DEBUG_AREA_AUTH, "L.%d: read_user_list: Malformed line (no groups)", ln); fclose(fd); return 2; } *p_groups++ = 0; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "L.%d: Read username=[%s], uid=%d", ln, p_username, uid); /* Let's create an user node */ plaintext_user = g_new0(struct plaintext_user, 1); if (!plaintext_user) { log_message(WARNING, DEBUG_AREA_AUTH, "read_user_list: Cannot allocate plaintext_user!"); fclose(fd); return 5; } plaintext_user->groups = NULL; plaintext_user->passwd = g_strdup(p_passwd); plaintext_user->username = g_strdup(p_username); plaintext_user->uid = uid; snprintf(log_prefix, sizeof(log_prefix) - 1, "L.%d: ", ln); /* parsing groups */ if (parse_ints (p_groups, &plaintext_user->groups, log_prefix)) { g_free(plaintext_user); fclose(fd); return 2; } /* User node is ready */ params->plaintext_userlist = g_slist_prepend(params->plaintext_userlist, plaintext_user); } fclose(fd); return 0; } /** * read_acl_list() * Reads acls conf file and fills the *plaintext_acllist structure. * Returns 0 if successful. * * ACL begins with "[ACL name]", then each line should have the structure * "key = value". For example "proto = 6". */ static int read_acl_list(struct plaintext_params *params) { FILE *fd; char line[1024]; char *p_key, *p_value, *p_tmp; struct plaintext_acl *newacl = NULL; int ln = 0; /* Line number */ log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "[plaintext] read_acl_list: reading [%s]", params->plaintext_aclfile); fd = fopen(params->plaintext_aclfile, "r"); if (!fd) { log_message(FATAL, DEBUG_AREA_MAIN, "read_acl_list: fopen error"); return 1; } while (fgets(line, 1000, fd)) { ln++; p_key = strip_line(line, TRUE); if (!p_key) continue; /* New ACL? */ if (p_key[0] == '[') { if (newacl) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Done with ACL [%s]", newacl->aclname); /* check if ACL node has minimal information */ /* Warning: this code is duplicated after the loop */ if (!(newacl->groups || newacl->users)) { log_message(WARNING, DEBUG_AREA_MAIN, "L.%d: No user or group(s) declared in ACL %s", ln, newacl->aclname); fclose(fd); return 2; } else if (newacl->proto == IPPROTO_TCP || newacl->proto == IPPROTO_UDP || newacl->proto == IPPROTO_ICMP) { /* ACL node is ready */ params->plaintext_acllist = g_slist_append(params-> plaintext_acllist, newacl); } else { log_message(WARNING, DEBUG_AREA_MAIN, "No valid protocol declared in ACL %s", newacl->aclname); } } debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "L.%d: New ACL", ln); p_tmp = strchr(++p_key, ']'); if (!p_tmp) { log_message(FATAL, DEBUG_AREA_MAIN, "L.%d: Malformed line (ACLname)", ln); fclose(fd); return 2; } *p_tmp = 0; /* Ok, new ACL declaration here. Let's allocate a structure! */ newacl = g_new0(struct plaintext_acl, 1); if (!newacl) { log_message(FATAL, DEBUG_AREA_MAIN, "read_acl_list: Cannot allocate plaintext_acl!"); fclose(fd); return 5; } newacl->aclname = g_strdup(p_key); newacl->proto = IPPROTO_TCP; newacl->period = NULL; newacl->log_prefix = NULL; newacl->flags = ACL_FLAGS_NONE; newacl->auth_quality = 0; newacl->decision = DECISION_ACCEPT; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "L.%d: ACL name found: [%s]", ln, newacl->aclname); /* We're done with this line */ continue; } /* We shouldn't be here if we aren't in an ACL declaration */ if (!newacl) { log_message(FATAL, DEBUG_AREA_MAIN, "L.%d: Malformed line (Not in an ACL declaration)", ln); fclose(fd); return 2; } p_value = strchr(p_key, '='); if (!p_value) { log_message(FATAL, DEBUG_AREA_MAIN, "L.%d: Malformed line (No '=' inside)", ln); fclose(fd); return 2; } *p_value++ = 0; p_key = strip_line(p_key, FALSE); p_value = strip_line(p_value, FALSE); /* Ok. Let's study the key/value we've found, now. */ if (!strcasecmp("decision", p_key)) { /* Decision */ unsigned int decis = atoi(p_value); switch (decis) { case DECISION_ACCEPT: newacl->decision = DECISION_ACCEPT; break; case DECISION_DROP: newacl->decision = DECISION_DROP; break; case DECISION_REJECT: newacl->decision = DECISION_REJECT; break; default: { log_message(FATAL, DEBUG_AREA_MAIN, "L.%d: Malformed line, decision should be 0 (DROP) or 1 (ACCEPT) or 3 (REJECT)", ln); fclose(fd); return 2; } } debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "L.%d: Read decision = %d", ln, newacl->decision); } else if (!strcasecmp("gid", p_key)) { /* Groups */ char log_prefix[16]; snprintf(log_prefix, sizeof(log_prefix) - 1, "L.%d: ", ln); /* parsing groups */ if (parse_ints (p_value, &newacl->groups, log_prefix)) { fclose(fd); return 2; } } else if (!strcasecmp("uid", p_key)) { /* Users */ char log_prefix[16]; snprintf(log_prefix, sizeof(log_prefix) - 1, "L.%d: ", ln); /* parsing groups */ if (parse_ints (p_value, &newacl->users, log_prefix)) { fclose(fd); return 2; } } else if (!strcasecmp("proto", p_key)) { /* Protocol */ if (sscanf(p_value, "%d", &newacl->proto) != 1) { log_message(FATAL, DEBUG_AREA_MAIN, "L.%d: Malformed line (proto should be a number)", ln); fclose(fd); return 2; } if (newacl->proto != IPPROTO_TCP && newacl->proto != IPPROTO_UDP && newacl->proto != IPPROTO_ICMP) { log_message(FATAL, DEBUG_AREA_MAIN, "L.%d: Unsupported protocol: %d", ln, newacl->proto); fclose(fd); return 2; } debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "L.%d: Read proto = %d", ln, newacl->proto); } else if (!strcasecmp("type", p_key)) { /* Type (icmp) */ char log_prefix[16]; snprintf(log_prefix, sizeof(log_prefix) - 1, "L.%d: type ", ln); /* parse type values */ if (parse_ints (p_value, &newacl->types, log_prefix)) { fclose(fd); return 2; } } else if (!strcasecmp("srcip", p_key)) { /* SrcIP */ char log_prefix[16]; snprintf(log_prefix, sizeof(log_prefix) - 1, "L.%d: ", ln); /* parsing IPs */ if (parse_ips (p_value, &newacl->src_ip, log_prefix)) { fclose(fd); return 2; } } else if (!strcasecmp("srcport", p_key)) { /* SrcPort */ char log_prefix[16]; snprintf(log_prefix, sizeof(log_prefix) - 1, "L.%d: ", ln); /* parsing ports */ if (parse_ports (p_value, &newacl->src_ports, log_prefix)) { fclose(fd); return 2; } } else if (!strcasecmp("dstip", p_key)) { /* DstIP */ char log_prefix[16]; snprintf(log_prefix, sizeof(log_prefix) - 1, "L.%d: ", ln); /* parsing IPs */ if (parse_ips (p_value, &newacl->dst_ip, log_prefix)) { fclose(fd); return 2; } } else if (!strcasecmp("dstport", p_key)) { /* DstPort */ char log_prefix[16]; snprintf(log_prefix, sizeof(log_prefix) - 1, "L.%d: ", ln); /* parsing ports */ if (parse_ports (p_value, &newacl->dst_ports, log_prefix)) { fclose(fd); return 2; } } else if (!strcasecmp("app", p_key)) { /* App */ char *sep; struct plaintext_app *newapp = g_new0(struct plaintext_app, 1); sep = strchr(p_value, ';'); if (sep) *sep++ = 0; newapp->appname = g_strdup(strip_line(p_value, 0)); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "L.%d: Read App name [%s]", ln, newapp->appname); newacl->apps = g_slist_prepend(newacl->apps, newapp); } else if (!strcasecmp("os", p_key)) { /* OS */ char *sep; struct plaintext_os *newos = g_new0(struct plaintext_os, 1); sep = strchr(p_value, ';'); if (sep) *sep++ = 0; newos->sysname = g_strdup(strip_line(p_value, 0)); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "L.%d: Read OS sysname [%s]", ln, newos->sysname); /* Release: */ if (sep) { p_value = sep; sep = strchr(p_value, ';'); if (sep) *sep++ = 0; newos->release = g_strdup(strip_line(p_value, 0)); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "L.%d: Read OS release [%s]", ln, newos->release); } /* Version: */ if (sep) { p_value = sep; newos->version = g_strdup(strip_line(p_value, 0)); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "L.%d: Read OS version [%s]", ln, newos->version); } newacl->os = g_slist_prepend(newacl->os, newos); } else if (!strcasecmp("period", p_key)) { /* Period */ newacl->period = g_strdup(p_value); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "L.%d: Read period [%s]", ln, newacl->period); } else if (!strcasecmp("indev", p_key)) { /* input dev */ memcpy(newacl->iface_nfo.indev, p_value, IFNAMSIZ); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "L.%d: Read indev [%s]", ln, newacl->iface_nfo.indev); } else if (!strcasecmp("physindev", p_key)) { /* phys input dev */ memcpy(newacl->iface_nfo.physindev, p_value, IFNAMSIZ); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "L.%d: Read physindev [%s]", ln, newacl->iface_nfo.physindev); } else if (!strcasecmp("outdev", p_key)) { /* output dev */ memcpy(newacl->iface_nfo.outdev, p_value, IFNAMSIZ); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "L.%d: Read indev [%s]", ln, newacl->iface_nfo.outdev); } else if (!strcasecmp("physoutdev", p_key)) { /* phys output dev */ memcpy(newacl->iface_nfo.physoutdev, p_value, IFNAMSIZ); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "L.%d: Read physoutdev [%s]", ln, newacl->iface_nfo.physoutdev); } else if (!strcasecmp("log_prefix", p_key)) { newacl->log_prefix = g_strdup(p_value); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "L.%d: Read log_prefix [%s]", ln, newacl->log_prefix); } else if (!strcasecmp("flags", p_key)) { if (sscanf(p_value, "%d", &newacl->flags) != 1) { log_message(FATAL, DEBUG_AREA_MAIN, "L.%d: Malformed line (flags should be a number)", ln); fclose(fd); return 2; } debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "L.%d: Read acl flags [%d]", ln, newacl->flags); } else if (!strcasecmp("authquality", p_key)) { if (sscanf(p_value, "%d", &newacl->auth_quality) != 1) { log_message(FATAL, DEBUG_AREA_MAIN, "L.%d: Malformed line (flags should be a number)", ln); fclose(fd); return 2; } debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "L.%d: Read acl authquality [%d]", ln, newacl->auth_quality); } else { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "L.%d: Unknown key [%s] in ACL %s", ln, p_key, newacl->aclname); } /* End of key/value parsing */ } if (newacl) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Done with ACL [%s]", newacl->aclname); /* check if ACL node has minimal information */ /* Warning: this code is duplicated after the loop */ if (!(newacl->groups || newacl->users)) { log_message(WARNING, DEBUG_AREA_MAIN, "No user or group(s) declared in ACL %s", newacl->aclname); } else if (newacl->proto == IPPROTO_TCP || newacl->proto == IPPROTO_UDP || newacl->proto == IPPROTO_ICMP) { /* ACL node is ready */ params->plaintext_acllist = g_slist_append(params->plaintext_acllist, newacl); } else { log_message(WARNING, DEBUG_AREA_MAIN, "No valid protocol declared in ACL %s", newacl->aclname); } } fclose(fd); return 0; } G_MODULE_EXPORT gboolean unload_module_with_params(struct plaintext_params * params) { if (!params) { return TRUE; } if (params->plaintext_userlist) { GSList *p_userlist; struct plaintext_user *p_user; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Freeing users list"); /* Let's free each node separately */ for (p_userlist = params->plaintext_userlist; p_userlist; p_userlist = g_slist_next(p_userlist)) { p_user = (struct plaintext_user *) p_userlist->data; g_free(p_user->passwd); g_free(p_user->username); if (p_user->groups) g_slist_free(p_user->groups); } /* Now we can free the list */ g_slist_free(params->plaintext_userlist); } /* Free acl list */ if (params->plaintext_acllist) { GSList *p_acllist; GSList *p_app; GSList *p_os; GSList *p_ip; struct plaintext_acl *p_acl; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Freeing ACLs"); /* Let's free each node separately */ for (p_acllist = params->plaintext_acllist; p_acllist; p_acllist = g_slist_next(p_acllist)) { p_acl = (struct plaintext_acl *) p_acllist->data; /* Let's free app attributes */ for (p_app = p_acl->apps; p_app != NULL; p_app = g_slist_next(p_app)) { struct plaintext_app *app = p_app->data; g_free(app->appname); g_free(app); } /* Free OS attributes */ for (p_os = p_acl->os; p_os != NULL; p_os = g_slist_next(p_os)) { struct plaintext_os *os = p_os->data; g_free(os->version); g_free(os->release); g_free(os->sysname); g_free(os); } /* Free IPs */ p_ip = p_acl->src_ip; for (; p_ip != NULL; p_ip = g_slist_next(p_ip)) { g_free(p_ip->data); } p_ip = p_acl->dst_ip; for (; p_ip != NULL; p_ip = g_slist_next(p_ip)) { g_free(p_ip->data); } g_slist_free(p_acl->apps); g_slist_free(p_acl->os); g_slist_free(p_acl->types); g_slist_free(p_acl->src_ip); g_slist_free(p_acl->dst_ip); g_slist_foreach(p_acl->src_ports, (GFunc) g_free, NULL); g_slist_free(p_acl->src_ports); g_slist_foreach(p_acl->dst_ports, (GFunc) g_free, NULL); g_slist_free(p_acl->dst_ports); g_slist_free(p_acl->users); g_slist_free(p_acl->groups); g_free(p_acl->aclname); g_free(p_acl->period); g_free(p_acl); } /* Now we can free the list */ g_slist_free(params->plaintext_acllist); } g_free(params->plaintext_userfile); g_free(params->plaintext_aclfile); g_free(params); return TRUE; } G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { struct plaintext_params *params = g_new0(struct plaintext_params, 1); log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Plaintext module ($Revision$)"); /* set variables */ params->plaintext_userfile = nuauth_config_table_get_or_default("plaintext_userfile", TEXplaintext_USERFILE); params->plaintext_aclfile = nuauth_config_table_get_or_default("plaintext_aclfile", TEXplaintext_ACLFILE); params->plaintext_userlist = NULL; params->plaintext_acllist = NULL; module->params = (gpointer) params; /* Depending on the use of the module load user list or acl list */ if (module->hook == MOD_USER_CHECK || module->hook == MOD_USER_ID || module->hook == MOD_USER_GROUPS) { /* Initialization of the user list */ if (read_user_list(params)) { log_message(FATAL, DEBUG_AREA_AUTH, "Can't parse users file [%s]", ((struct plaintext_params *) params)-> plaintext_userfile); return FALSE; } } else if (module->hook == MOD_ACL_CHECK) { /* Initialization of the ACL list */ if (read_acl_list(params)) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "Can't parse ACLs file [%s]", ((struct plaintext_params *) params)-> plaintext_aclfile); return FALSE; } } else { log_message(CRITICAL, DEBUG_AREA_MAIN, "Wrong plugin use: %i", module->hook); return FALSE; } return TRUE; } /* This function is used by g_slist_find_custom() in user_check(). */ static gint find_by_username(struct plaintext_user *a, struct plaintext_user *b) { return strcmp(a->username, b->username); } static GSList *fill_user_by_username(const char *username, gpointer params) { struct plaintext_user ref; GSList *res; /* strip username from domain */ ref.username = get_rid_of_domain((char *) username); /* Let's look for the first node with matching username */ res = g_slist_find_custom(((struct plaintext_params *) params)-> plaintext_userlist, &ref, (GCompareFunc) find_by_username); g_free(ref.username); if (!res) { log_message(WARNING, DEBUG_AREA_AUTH, "Unknown user [%s]!", username); return NULL; } return res; } /** * user_check() * * \param username user name string * \param clientpass user provided password * \param passlen password length * \param session pointer to the user_session_t:: that we working on * \param params module related parameter * \return SASL_OK if password is correct, other values are authentication * failures */ G_MODULE_EXPORT int user_check(const char *username, const char *clientpass, unsigned passlen, user_session_t *session, gpointer params) { GSList *res; char *realpass; res = fill_user_by_username(username, params); if (res == NULL) { return SASL_BADAUTH; } realpass = ((struct plaintext_user *) res->data)->passwd; if (!strcmp(realpass, "*") || !strcmp(realpass, "!")) { log_message(INFO, DEBUG_AREA_AUTH, "user_check: Account is disabled (%s)", username); return SASL_BADAUTH; } /* If both clientpass and passlen are null, we just need to */ /* return the groups list (no checks needed) */ if (clientpass) { if (verify_user_password(clientpass, realpass) != SASL_OK) { log_message(INFO, DEBUG_AREA_AUTH, "user_check: Wrong password for %s", username); return SASL_BADAUTH; } } debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "We are leaving (plaintext) user_check()"); return SASL_OK; } G_MODULE_EXPORT uint32_t get_user_id(const char *username, gpointer params) { GSList *res; res = fill_user_by_username(username, params); if (res == NULL) return 0; return ((struct plaintext_user *) res->data)->uid; } G_MODULE_EXPORT GSList *get_user_groups(const char *username, gpointer params) { GSList *res; res = fill_user_by_username(username, params); if (res == NULL) { return NULL; } return g_slist_copy(((struct plaintext_user *) res->data)-> groups); } /* acl_check() */ G_MODULE_EXPORT GSList *acl_check(connection_t * element, gpointer params) { GSList *g_list = NULL; GSList *p_acllist; struct acl_group *this_acl; tracking_t *netdata = &element->tracking; struct plaintext_acl *p_acl; /* netdata.protocol IPPROTO_TCP || IPPROTO_UDP || IPPROTO_ICMP */ /* netdata.type for ICMP */ /* netdata.code for ICMP */ /* netdata.saddr IP source */ /* netdata.daddr IP destination */ /* netdata.source Port source */ /* netdata.dest Port destination */ for (p_acllist = ((struct plaintext_params *) params)->plaintext_acllist; p_acllist; p_acllist = g_slist_next(p_acllist)) { p_acl = (struct plaintext_acl *) p_acllist->data; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "(DBG) [plaintext] test acl %s", p_acl->aclname); if (netdata->protocol != p_acl->proto) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "(DBG) skip ACL %s: protocol doesn't match", p_acl->aclname); continue; } /* ICMP? */ if (netdata->protocol == IPPROTO_ICMP) { if (p_acl->proto == IPPROTO_ICMP) { int found = 0; GSList *sl_type = p_acl->types; for (; sl_type; sl_type = g_slist_next(sl_type)) { if (GPOINTER_TO_INT(sl_type->data) == netdata->type) { found = 1; break; } } if (!found) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "(DBG) skip ACL %s: ICMP type doesn't match", p_acl->aclname); continue; } } } else { /* Check destination port */ if (p_acl->dst_ports) { int found = 0; struct plaintext_ports *p_ports; GSList *pl_ports = p_acl->dst_ports; for (; pl_ports; pl_ports = g_slist_next(pl_ports)) { p_ports = (struct plaintext_ports *) pl_ports-> data; if (!p_ports->firstport || ((netdata->dest >= p_ports->firstport) && (netdata->dest <= p_ports->firstport + p_ports->nbports))) { found = 1; break; } } if (!found) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "(DBG) skip ACL %s: TCP/UDP destination port doesn't match", p_acl->aclname); continue; } } /* Check source port */ if (p_acl->src_ports) { int found = 0; struct plaintext_ports *p_ports; GSList *pl_ports = p_acl->src_ports; for (; pl_ports; pl_ports = g_slist_next(pl_ports)) { p_ports = (struct plaintext_ports *) pl_ports-> data; if (!p_ports->firstport || ((netdata->source >= p_ports->firstport) && (netdata->source <= p_ports->firstport + p_ports->nbports))) { found = 1; break; } } if (!found) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "(DBG) skip ACL %s: TCP/UDP source port doesn't match", p_acl->aclname); continue; } } } /* Check source address */ if (!match_ip(p_acl->src_ip, &netdata->saddr)) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "(DBG) skip ACL %s: source IP doesn't match", p_acl->aclname); continue; } /* Check destination address */ if (!match_ip(p_acl->dst_ip, &netdata->daddr)) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "(DBG) skip ACL %s: destination IP doesn't match", p_acl->aclname); continue; } if (compare_iface_nfo_t(&p_acl->iface_nfo, &element->iface_nfo) == NU_EXIT_ERROR) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "(DBG) skip ACL %s: interfaces doesn't match", p_acl->aclname); continue; } /* O.S. filtering? */ debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "(DBG) current ACL os=%p", p_acl->os); if (element->os_sysname && p_acl->os) { GSList *p_os = p_acl->os; gchar *p_sysname, *p_release, *p_version; int found = 0; /* sysname */ log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "[plaintext] Checking for OS sysname=[%s]", element->os_sysname); for (; p_os; p_os = g_slist_next(p_os)) { p_sysname = ((struct plaintext_os *) p_os->data)->sysname; p_release = ((struct plaintext_os *) p_os->data)->release; p_version = ((struct plaintext_os *) p_os->data)->version; if (!strcasecmp (p_sysname, element->os_sysname)) { if (element->os_release && p_release) { if (!strcasecmp (p_release, element-> os_release)) { if (element-> os_version && p_version) { if (!strcasecmp(p_version, element->os_version)) { found = 1; break; } } else { found = 1; break; } } } else { found = 1; break; } } } debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "(DBG) Checking OS sysname ACL found=%d", found); if (!found) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "(DBG) skip ACL %s: OS doesn't match", p_acl->aclname); continue; } log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "[plaintext] OS match (%s)", element->os_sysname); } /* Application filtering? */ debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "(DBG) current ACL apps=%p", p_acl->apps); if (element->app_name && p_acl->apps) { GSList *p_app = p_acl->apps; int found = 0; log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "[plaintext] Checking for App=[%s]", element->app_name); for (; p_app; p_app = g_slist_next(p_app)) { if (g_pattern_match_simple (((struct plaintext_app *) p_app->data)-> appname, element->app_name)) { found = 1; break; } } log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "(DBG) Checking App ACL found=%d", found); if (!found) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "(DBG) skip ACL %s: Application doesn't match", p_acl->aclname); continue; } log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "[plaintext] App match (%s)", element->app_name); } /* period checking * */ /* We have a match 8-) */ log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "[plaintext] matching with ACL %s and decision %d", p_acl->aclname, p_acl->decision); this_acl = g_new0(struct acl_group, 1); g_assert(this_acl); this_acl->answer = p_acl->decision; this_acl->users = g_slist_copy(p_acl->users); this_acl->groups = g_slist_copy(p_acl->groups); if (p_acl->period) { this_acl->period = g_strdup(p_acl->period); } else { this_acl->period = NULL; } if (p_acl->log_prefix) { this_acl->log_prefix = g_strdup(p_acl->log_prefix); } else { this_acl->log_prefix = NULL; } this_acl->flags = p_acl->flags; this_acl->auth_quality = p_acl->auth_quality; g_list = g_slist_append(g_list, this_acl); } debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "[plaintext] We are leaving acl_check()"); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "(DBG) [plaintext] check_acls leaves with %p", g_list); return g_list; } /** @} */ nufw-2.4.3/src/nuauth/modules/plaintext/auth_plaintext.h0000644000175000017500000000322611431206275020401 00000000000000/* $Id$ */ /* ** Copyright(C) 2004 Mikael Berthe ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation; version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #define TEXplaintext_USERFILE CONFIG_DIR "/users.nufw" #define TEXplaintext_ACLFILE CONFIG_DIR "/acls.nufw" struct plaintext_user { char *username; char *passwd; u_int32_t uid; GSList *groups; }; struct plaintext_app { gchar *appname; }; struct plaintext_os { char *sysname; char *release; char *version; }; struct plaintext_ip { struct in6_addr addr; struct in6_addr netmask; }; struct plaintext_ports { uint16_t firstport; int nbports; }; struct plaintext_acl { char *aclname; decision_t decision; int proto; GSList *users; GSList *groups; GSList *apps; GSList *os; GSList *types; GSList *src_ip; GSList *src_ports; GSList *dst_ip; GSList *dst_ports; iface_nfo_t iface_nfo; gchar *period; gchar *log_prefix; gint flags; gint auth_quality; }; struct plaintext_params { char *plaintext_userfile; char *plaintext_aclfile; GSList *plaintext_userlist; GSList *plaintext_acllist; }; nufw-2.4.3/src/nuauth/modules/session_authtype/0000777000175000017500000000000011431215441016651 500000000000000nufw-2.4.3/src/nuauth/modules/session_authtype/Makefile.in0000644000175000017500000003715511431215402020642 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # session_authtype plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/session_authtype DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libsession_authtype_la_LIBADD = am_libsession_authtype_la_OBJECTS = session_authtype.lo libsession_authtype_la_OBJECTS = $(am_libsession_authtype_la_OBJECTS) libsession_authtype_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libsession_authtype_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libsession_authtype_la_SOURCES) DIST_SOURCES = $(libsession_authtype_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libsession_authtype.la libsession_authtype_la_SOURCES = session_authtype.c libsession_authtype_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/session_authtype/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/session_authtype/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/session_authtype.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES libsession_authtype.la: $(libsession_authtype_la_OBJECTS) $(libsession_authtype_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libsession_authtype_la_LDFLAGS) $(libsession_authtype_la_OBJECTS) $(libsession_authtype_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/session_authtype/Makefile.am0000644000175000017500000000123111431206275020623 00000000000000# session_authtype plugin AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libsession_authtype.la libsession_authtype_la_SOURCES = session_authtype.c libsession_authtype_la_LDFLAGS = -module -avoid-version libsession_authtype.la: $(libsession_authtype_la_OBJECTS) $(libsession_authtype_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libsession_authtype_la_LDFLAGS) $(libsession_authtype_la_OBJECTS) $(libsession_authtype_la_LIBADD) nufw-2.4.3/src/nuauth/modules/session_authtype/session_authtype.c0000644000175000017500000001073411431206275022351 00000000000000/* ** Copyright(C) 2008 INL ** written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include "nuauthconf.h" typedef struct { GSList * blacklist_groups; GSList * whitelist_groups; GSList * sasl_groups; GSList * ssl_groups; } session_authtype_config_t; /* * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } G_MODULE_EXPORT gboolean unload_module_with_params(gpointer params_p) { return TRUE; } static GSList * parse_group_list(gchar *string) { gchar **groups_list; gchar **groups_item; uint32_t group_id; GSList *result = NULL; if (! string) { RETURN_NO_LOG NULL; } groups_list = g_strsplit(string, ",", 0); groups_item = groups_list; while (*groups_item) { /* read group */ if (!str_to_uint32(*groups_item, &group_id)) { log_message(WARNING, DEBUG_AREA_MAIN, "session_authtype: Invalid group identifier (%s)", *groups_item); break; } result = g_slist_append(result, GUINT_TO_POINTER(group_id)); groups_item++; } g_strfreev(groups_list); return result; } G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { session_authtype_config_t *config = g_new0(session_authtype_config_t, 1); gchar *result = NULL; log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Session_authtype module ($Revision$)"); result = nuauth_config_table_get("session_authtype_blacklist_groups"); config->blacklist_groups = parse_group_list(result); result = nuauth_config_table_get("session_authtype_whitelist_groups"); config->whitelist_groups = parse_group_list(result); result = nuauth_config_table_get("session_authtype_sasl_groups"); config->sasl_groups = parse_group_list(result); result = nuauth_config_table_get("session_authtype_ssl_groups"); config->ssl_groups = parse_group_list(result); /* store config and exit */ module->params = config; return TRUE; } static gboolean groups_intersect(GSList * a, GSList * b) { GSList *iter; if (a && b) { for (iter = a; iter != NULL; iter = iter->next) { /* group in one of the b groups */ if (g_slist_find(b, iter->data)) { return TRUE; } } } return FALSE; } G_MODULE_EXPORT int user_session_modify(user_session_t * session, gpointer params) { session_authtype_config_t *config = params; /* check if user has the right to use NuFW */ if (config->blacklist_groups && groups_intersect(session->groups, config->blacklist_groups)) { log_message(INFO, DEBUG_AREA_USER, "User %s is in user blacklist: not allowed to connect", session->user_name); return SASL_FAIL; } if (config->whitelist_groups && (! groups_intersect(session->groups, config->whitelist_groups))) { log_message(INFO, DEBUG_AREA_USER, "User %s is not in user whitelist: not allowed to connect", session->user_name); return SASL_FAIL; } switch (session->auth_type) { case AUTH_TYPE_INTERNAL: /* no filtering on SASL asked */ if (config->sasl_groups == NULL) { RETURN_NO_LOG SASL_OK; } /* check if user has the right to use SASL auth */ if (groups_intersect(session->groups, config->sasl_groups)) { RETURN_NO_LOG SASL_OK; } else { log_message(INFO, DEBUG_AREA_USER, "User %s is not in SASL list: not allowed to connect", session->user_name); } break; case AUTH_TYPE_EXTERNAL: /* no filtering on ssl asked */ if (config->ssl_groups == NULL) { RETURN_NO_LOG SASL_OK; } /* check if user has the right to use SSL auth */ if (groups_intersect(session->groups, config->ssl_groups)) { RETURN_NO_LOG SASL_OK; } else { log_message(INFO, DEBUG_AREA_USER, "User %s is not in SSL list: not allowed to connect", session->user_name); } break; default: log_message(WARNING, DEBUG_AREA_MAIN, "Should not be there"); } /* check us*/ return SASL_FAIL; } nufw-2.4.3/src/nuauth/modules/log_pgsql/0000777000175000017500000000000011431215440015231 500000000000000nufw-2.4.3/src/nuauth/modules/log_pgsql/Makefile.in0000644000175000017500000004012411431215401017210 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # PGSQL log plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/log_pgsql DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libpgsql_la_DEPENDENCIES = am__libpgsql_la_SOURCES_DIST = pgsql.c log_pgsql.h am__objects_1 = @USE_PGSQL_LOG_TRUE@am_libpgsql_la_OBJECTS = pgsql.lo $(am__objects_1) libpgsql_la_OBJECTS = $(am_libpgsql_la_OBJECTS) libpgsql_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libpgsql_la_LDFLAGS) $(LDFLAGS) -o $@ @USE_PGSQL_LOG_TRUE@am_libpgsql_la_rpath = -rpath $(plugindir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libpgsql_la_SOURCES) DIST_SOURCES = $(am__libpgsql_la_SOURCES_DIST) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @USE_PGSQL_LOG_TRUE@AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" @USE_PGSQL_LOG_TRUE@INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I/usr/include/postgresql/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ @USE_PGSQL_LOG_TRUE@plugindir = $(libdir)/nuauth/modules @USE_PGSQL_LOG_TRUE@plugin_LTLIBRARIES = libpgsql.la @USE_PGSQL_LOG_TRUE@noinst_libpgsql_la_SOURCES = log_pgsql.h @USE_PGSQL_LOG_TRUE@libpgsql_la_SOURCES = pgsql.c ${noinst_libpgsql_la_SOURCES} @USE_PGSQL_LOG_TRUE@libpgsql_la_LDFLAGS = -module -avoid-version @USE_PGSQL_LOG_TRUE@libpgsql_la_LIBADD = -lpq all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/log_pgsql/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/log_pgsql/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done @USE_PGSQL_LOG_FALSE@libpgsql.la: $(libpgsql_la_OBJECTS) $(libpgsql_la_DEPENDENCIES) @USE_PGSQL_LOG_FALSE@ $(libpgsql_la_LINK) $(am_libpgsql_la_rpath) $(libpgsql_la_OBJECTS) $(libpgsql_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pgsql.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES @USE_PGSQL_LOG_TRUE@libpgsql.la: $(libpgsql_la_OBJECTS) $(libpgsql_la_DEPENDENCIES) @USE_PGSQL_LOG_TRUE@ $(LINK) -rpath $(plugindir) $(am_libpgsql_la_rpath) $(libpgsql_la_LDFLAGS) $(libpgsql_la_OBJECTS) $(libpgsql_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/log_pgsql/pgsql.c0000644000175000017500000005442711431206275016461 00000000000000/* ** Copyright(C) 2003-2010 INL ** Written by Eric Leblond ** Vincent Deffontaines ** Pierre Chifflier ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* SSL notes : * the client cert needs to go in * $HOME/.postgresql/root.crt see the comments at the top of * src/interfaces/libpq/fe-secure.c */ #include #include #include #include #include #include #include "security.h" #include "nuauthconf.h" #include "nubase.h" static nu_error_t pgsql_close_open_user_sessions(struct log_pgsql_params *params); static PGconn *pgsql_conn_init(struct log_pgsql_params *params); /* * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } /** * * \ingroup LoggingNuauthModules * \defgroup PGSQLModule PgSQL logging module * * @{ */ /** * Convert an IPv6 address to PostgreSQL SQL format. * * \return Returns 0 on error, 1 otherwise. */ static int formatINET(struct log_pgsql_params *params, char *buffer, socklen_t buflen, const struct in6_addr *addr6, int use_ntohl) { struct in_addr addr4; int af; const char *ret; const void *addr; if (params->pgsql_use_ipv4) { if (!is_ipv4(addr6)) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "PostgreSQL: Packet has IPV6 address but PostgreSQL use IPV4 only schema"); return 0; } addr4.s_addr = addr6->s6_addr32[3]; if (use_ntohl) { addr4.s_addr = ntohl(addr4.s_addr); } af = AF_INET; addr = &addr4; } else { af = AF_INET6; addr = addr6; } ret = inet_ntop (af, addr, buffer, buflen); if (ret == NULL) { buffer[0] = 0; return 0; } buffer[buflen-1] = 0; return 1; } G_MODULE_EXPORT gboolean unload_module_with_params(gpointer params_p) { struct log_pgsql_params *params = (struct log_pgsql_params *) params_p; if (params) { if (!nuauth_is_reloading()) { if (pgsql_close_open_user_sessions(params) != NU_EXIT_OK) { log_message(WARNING, DEBUG_AREA_MAIN, "Could not close session when unloading module"); } } g_free(params->pgsql_user); g_free(params->pgsql_passwd); g_free(params->pgsql_server); g_free(params->pgsql_ssl); g_free(params->pgsql_db_name); g_free(params->pgsql_table_name); g_free(params->pgsql_users_table_name); g_free(params->pgsql_auth_failure_table_name); } g_free(params); return TRUE; } /** * \brief Close all open user sessions * * \return A nu_error_t */ static nu_error_t pgsql_close_open_user_sessions(struct log_pgsql_params *params) { PGconn *ld = pgsql_conn_init(params); char request[INSERT_REQUEST_VALUES_SIZE]; gboolean ok; PGresult *Result; if (!ld) { return NU_EXIT_ERROR; } ok = secure_snprintf(request, sizeof(request), "UPDATE %s SET end_time=ABSTIME(%lu) WHERE end_time is NULL", params->pgsql_users_table_name, time(NULL)); if (!ok) { if (ld) { PQfinish(ld); } return NU_EXIT_ERROR; } /* do the query */ Result = PQexec(ld, request); /* check error */ if (!Result || PQresultStatus(Result) != PGRES_COMMAND_OK) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[PostgreSQL] Cannot insert session: %s", PQerrorMessage(ld)); PQclear(Result); PQfinish(ld); return NU_EXIT_ERROR; } PQclear(Result); PQfinish(ld); return NU_EXIT_OK; } /* Init pgsql system */ G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { struct log_pgsql_params *params = g_new0(struct log_pgsql_params, 1); module->params = params; log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Log_pgsql module ($Revision$)"); /* set variables */ params->pgsql_server = nuauth_config_table_get_or_default("pgsql_server_addr", PGSQL_SERVER); params->pgsql_server_port = nuauth_config_table_get_or_default_int("pgsql_server_port", PGSQL_SERVER_PORT); params->pgsql_user = nuauth_config_table_get_or_default("pgsql_user", PGSQL_USER); params->pgsql_passwd = nuauth_config_table_get_or_default("pgsql_passwd", PGSQL_PASSWD); params->pgsql_ssl = nuauth_config_table_get_or_default("pgsql_ssl", PGSQL_SSL); params->pgsql_db_name = nuauth_config_table_get_or_default("pgsql_db_name", PGSQL_DB_NAME); params->pgsql_table_name = nuauth_config_table_get_or_default("pgsql_table_name", PGSQL_TABLE_NAME); params->pgsql_users_table_name = nuauth_config_table_get_or_default("pgsql_users_table_name", PGSQL_USERS_TABLE_NAME); params->pgsql_auth_failure_table_name = nuauth_config_table_get_or_default("pgsql_auth_failure_table_name", PGSQL_AUTH_FAILURE_TABLE_NAME); params->pgsql_request_timeout = nuauth_config_table_get_or_default_int("pgsql_request_timeout", PGSQL_REQUEST_TIMEOUT); params->pgsql_use_ipv4 = nuauth_config_table_get_or_default_int("pgsql_use_ipv4", PGSQL_USE_IPV4); /* init thread private stuff */ params->pgsql_priv = g_private_new((GDestroyNotify) PQfinish); /* do initial update of user session if needed */ if (!nuauth_is_reloading()) { pgsql_close_open_user_sessions(params); } module->params = (gpointer) params; return TRUE; } /* * Initialize connection to pgsql server */ static PGconn *pgsql_conn_init(struct log_pgsql_params *params) { char *pgsql_conninfo; PGconn *ld = NULL; int pgsql_status; log_message(DEBUG, DEBUG_AREA_MAIN, "Going to init PostgreSQL connection."); pgsql_conninfo = g_strdup_printf ("host=%s port=%d dbname=%s user=%s password=%s connect_timeout=%d", /* " sslmode=%s" */ params->pgsql_server, params->pgsql_server_port, params->pgsql_db_name, params->pgsql_user, params->pgsql_passwd, params->pgsql_request_timeout /* params->pgsql_ssl */ ); ld = PQconnectdb(pgsql_conninfo); pgsql_status = PQstatus(ld); if (pgsql_status != CONNECTION_OK) { log_message(WARNING, DEBUG_AREA_MAIN, "PostgreSQL init error: %s", strerror(errno)); g_free(pgsql_conninfo); PQfinish(ld); return NULL; } log_message(DEBUG, DEBUG_AREA_MAIN, "PostgreSQL init done"); g_free(pgsql_conninfo); return ld; } static char *quote_pgsql_string(PGconn *ld, char *text) { unsigned int length = 0; char *quoted = NULL; if (text == NULL) { return NULL; } length = strlen(text); quoted = g_new0(char, length * 2 + 1); if (PQescapeStringConn(ld, quoted, text, length, NULL) == 0) { g_free(quoted); return NULL; } return quoted; } static gchar *generate_osname(PGconn *ld, gchar * Name, gchar * Version, gchar * Release) { char *all, *quoted; if (Name == NULL || Release == NULL || Version == NULL || OSNAME_MAX_SIZE < (strlen(Name) + strlen(Release) + strlen(Version) + 3)) { return g_strdup(""); } all = g_strjoin("-", Name, Version, Release, NULL); quoted = quote_pgsql_string(ld, all); g_free(all); return quoted; } static int pgsql_insert(PGconn * ld, connection_t * element, char *oob_prefix, tcp_state_t state, struct log_pgsql_params *params) { char request_fields[INSERT_REQUEST_FIELDS_SIZE]; char request_values[INSERT_REQUEST_VALUES_SIZE]; char tmp_buffer[INSERT_REQUEST_VALUES_SIZE]; char ip_src[INET6_ADDRSTRLEN]; char ip_dst[INET6_ADDRSTRLEN]; gboolean ok; PGresult *Result; char *sql_query; char *log_prefix = "Default"; if (!formatINET(params, ip_src, sizeof(ip_src), &element->tracking.saddr, 0)) { return -1; } if (!formatINET(params, ip_dst, sizeof(ip_dst), &element->tracking.daddr, 0)) { return -1; } if (element->log_prefix) { log_prefix = element->log_prefix; } /* Write common informations */ ok = secure_snprintf(request_fields, sizeof(request_fields), "INSERT INTO %s (oob_prefix, state, " "oob_time_sec, oob_time_usec, start_timestamp, " "ip_protocol, ip_saddr, ip_daddr", params->pgsql_table_name); if (!ok) { return -1; } ok = secure_snprintf(request_values, sizeof(request_values), "VALUES ('%s: %s', '%hu', " "'%lu', '0', '%lu', " "'%u', '%s', '%s'", log_prefix, oob_prefix, state, element->timestamp, element->timestamp, element->tracking.protocol, ip_src, ip_dst); if (!ok) { return -1; } /* Add user informations */ if (element->username) { /* Get OS and application names */ char *quoted_username = quote_pgsql_string(ld, element->username); char *quoted_osname = generate_osname(ld, element->os_sysname, element->os_version, element->os_release); char *quoted_appname; if (element->app_name != NULL && strlen(element->app_name) < APPNAME_MAX_SIZE) quoted_appname = quote_pgsql_string(ld, element->app_name); else quoted_appname = g_strdup(""); /* Quote strings send to PostgreSQL */ g_strlcat(request_fields, ", user_id, username, client_os, client_app", sizeof(request_fields)); ok = secure_snprintf(tmp_buffer, sizeof(tmp_buffer), ", '%u', E'%s', E'%s', E'%s'", element->user_id, quoted_username, quoted_osname, quoted_appname); g_free(quoted_username); g_free(quoted_osname); g_free(quoted_appname); if (!ok) { return -1; } g_strlcat(request_values, tmp_buffer, sizeof(request_values)); } /* Add TCP/UDP parameters */ if ((element->tracking.protocol == IPPROTO_TCP) || (element->tracking.protocol == IPPROTO_UDP)) { if (element->tracking.protocol == IPPROTO_TCP) { g_strlcat(request_fields, ", tcp_sport, tcp_dport)", sizeof(request_fields)); } else { g_strlcat(request_fields, ", udp_sport, udp_dport)", sizeof(request_fields)); } ok = secure_snprintf(tmp_buffer, sizeof(tmp_buffer), ", '%hu', '%hu');", element->tracking.source, element->tracking.dest); if (!ok) { return -1; } g_strlcat(request_values, tmp_buffer, sizeof(request_values)); } else { g_strlcat(request_fields, ")", sizeof(request_fields)); g_strlcat(request_values, ");", sizeof(request_values)); } /* Check overflow */ if (((sizeof(request_fields) - 1) <= strlen(request_fields)) || ((sizeof(request_values) - 1) <= strlen(request_values))) { return -1; } /* create the sql query */ sql_query = g_strconcat(request_fields, "\n", request_values, NULL); if (sql_query == NULL) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "Fail to build PostgreSQL query (maybe too long)!"); return -1; } /* do the query */ Result = PQexec(ld, sql_query); g_free(sql_query); /* check error */ if (!Result || PQresultStatus(Result) != PGRES_COMMAND_OK) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[PostgreSQL] Cannot insert data: %s", PQerrorMessage(ld)); PQclear(Result); return -1; } PQclear(Result); return 0; } static int pgsql_update_close(PGconn * ld, connection_t * element, struct log_pgsql_params *params) { char ip_src[INET6_ADDRSTRLEN]; char request[SHORT_REQUEST_SIZE]; PGresult *Result; gboolean ok; if (!formatINET(params, ip_src, sizeof(ip_src), &element->tracking.saddr, 1)) { return -1; } ok = secure_snprintf(request, sizeof(request), "UPDATE %s SET state='%hu', end_timestamp='%lu' " "WHERE (ip_saddr='%s' AND tcp_sport='%u' " "AND (state=1 OR state=2));", params->pgsql_table_name, TCP_STATE_CLOSE, element->timestamp, ip_src, element->tracking.source); if (!ok) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "Fail to build PostgreSQL query (maybe too long)!"); return -1; } /* do the query */ Result = PQexec(ld, request); if (!Result || PQresultStatus(Result) != PGRES_COMMAND_OK) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[PostgreSQL] Cannot update data: %s", PQerrorMessage(ld)); PQclear(Result); return -1; } PQclear(Result); return 0; } static int pgsql_update_state(PGconn * ld, struct accounted_connection *element, tcp_state_t old_state, tcp_state_t new_state, int reverse, struct log_pgsql_params *params) { char request[SHORT_REQUEST_SIZE]; PGresult *Result; char tmp_inet1[INET6_ADDRSTRLEN + 1]; char tmp_inet2[INET6_ADDRSTRLEN + 1]; u_int16_t tcp_src, tcp_dst; char *ip_src, *ip_dst; int nb_try = 0; int nb_tuple; gboolean ok = 0; /* setup IP/TCP parameters */ if (!formatINET(params, tmp_inet1, sizeof(tmp_inet1), &element->tracking.saddr, 1)) { return -1; } if (!formatINET(params, tmp_inet2, sizeof(tmp_inet2), &element->tracking.daddr, 1)) { return -1; } if (reverse) { ip_src = tmp_inet2; ip_dst = tmp_inet1; tcp_src = element->tracking.dest; tcp_dst = element->tracking.source; } else { ip_src = tmp_inet1; ip_dst = tmp_inet2; tcp_src = element->tracking.source; tcp_dst = element->tracking.dest; } /* build sql query */ switch (new_state) { case TCP_STATE_ESTABLISHED: ok = secure_snprintf(request, sizeof(request), "UPDATE %s SET state='%hu', start_timestamp='%lu' " "WHERE (ip_daddr='%s' AND ip_saddr='%s' " "AND tcp_dport='%hu' AND tcp_sport='%hu' AND state='%hu');", params->pgsql_table_name, new_state, element->timestamp, ip_src, ip_dst, tcp_src, tcp_dst, old_state); break; case TCP_STATE_CLOSE: ok = secure_snprintf(request, sizeof(request), "UPDATE %s SET state='%hu', end_timestamp='%lu'," " packets_in=%" PRIu64 ", packets_out=%" PRIu64 "," " bytes_in=%" PRIu64 ", bytes_out=%" PRIu64 " " "WHERE (ip_daddr='%s' AND ip_saddr='%s' " "AND tcp_dport='%hu' AND tcp_sport='%hu' AND state='%hu');", params->pgsql_table_name, new_state, element->timestamp, element->packets_in, element->packets_out, element->bytes_in, element->bytes_out, ip_src, ip_dst, tcp_src, tcp_dst, old_state); break; default: log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "Unknown tcp state, should not be there"); } if (!ok) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "Fail to build PostgreSQL query (maybe too long)!"); return -1; } debug_log_message(DEBUG, DEBUG_AREA_MAIN, "PostgreSQL: update state \"%s\".", request); while (nb_try < 2) { /* build the query */ nb_try++; /* do the query */ Result = PQexec(ld, request); if (!Result || PQresultStatus(Result) != PGRES_COMMAND_OK) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[PostgreSQL] Cannot update data: %s", PQerrorMessage(ld)); PQclear(Result); return -1; } nb_tuple = atoi(PQcmdTuples(Result)); PQclear(Result); /* ok */ if (nb_tuple >= 1) { return 0; } /* error */ if (nb_try < 2) { /* Sleep for 1/3 sec */ struct timespec sleep; sleep.tv_sec = 0; sleep.tv_nsec = 333333333; nanosleep(&sleep, NULL); } } debug_log_message(WARNING, DEBUG_AREA_MAIN, "Tried to update PGSQL entry twice, looks like data to update wasn't inserted"); return -1; } static PGconn *get_pgsql_handler(struct log_pgsql_params *params) { /* get/open postgresql connection */ PGconn *ld = g_private_get(params->pgsql_priv); if (ld == NULL) { ld = pgsql_conn_init(params); if (ld == NULL) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "Can not initiate PgSQL connection!"); return NULL; } g_private_set(params->pgsql_priv, ld); } return ld; } G_MODULE_EXPORT gint user_packet_logs(void *element, tcp_state_t state, gpointer params_p) { struct log_pgsql_params *params = (struct log_pgsql_params *) params_p; PGconn *ld = get_pgsql_handler(params); if (ld == NULL) return -1; switch (state) { case TCP_STATE_OPEN: if (((connection_t *)element)->tracking.protocol == IPPROTO_TCP && (nuauthconf->log_users_strict || (((connection_t *)element)->flags & ACL_FLAGS_STRICT))) { int ret = pgsql_update_close(ld, (connection_t *)element, params); if (ret != 0) { return ret; } } return pgsql_insert(ld, (connection_t *)element, "ACCEPT", state, params); case TCP_STATE_ESTABLISHED: if (((struct accounted_connection *)element) ->tracking.protocol == IPPROTO_TCP) return pgsql_update_state(ld, (struct accounted_connection *) element, TCP_STATE_OPEN, TCP_STATE_ESTABLISHED, 0, params); else return 0; case TCP_STATE_CLOSE: if (((struct accounted_connection *)element) ->tracking.protocol == IPPROTO_TCP) return pgsql_update_state(ld, (struct accounted_connection *) element, TCP_STATE_ESTABLISHED, TCP_STATE_CLOSE, 1, params); else return 0; case TCP_STATE_DROP: return pgsql_insert(ld, (connection_t *)element, "DROP", state, params); /* Skip other messages */ default: return 0; } } G_MODULE_EXPORT int user_session_logs(user_session_t * c_session, session_state_t state, gpointer params_p) { char request[INSERT_REQUEST_VALUES_SIZE]; char addr_ascii[INET6_ADDRSTRLEN]; gchar *str_groups; struct log_pgsql_params *params = (struct log_pgsql_params *) params_p; gboolean ok; PGresult *Result; PGconn *ld = get_pgsql_handler(params); gchar *q_user_name; gchar *q_sysname; gchar *q_release; gchar *q_version; if (ld == NULL) return -1; if (!formatINET(params, addr_ascii, sizeof(addr_ascii), &c_session->addr, 0)) { return -1; } switch (state) { case SESSION_OPEN: /* build list of user groups */ str_groups = str_print_group(c_session); /* quote pgsql strings */ q_user_name = quote_pgsql_string(ld, c_session->user_name); q_sysname = quote_pgsql_string(ld, c_session->sysname); q_release = quote_pgsql_string(ld, c_session->release); q_version = quote_pgsql_string(ld, c_session->version); /* create new user session */ ok = secure_snprintf(request, sizeof(request), "INSERT INTO %s (user_id, username, user_groups, ip_saddr, " "os_sysname, os_release, os_version, socket, start_time) " "VALUES ('%lu', E'%s', '%s', '%s', E'%s', E'%s', E'%s', '%u', ABSTIME(%lu))", params->pgsql_users_table_name, (unsigned long)c_session->user_id, q_user_name, str_groups, addr_ascii, q_sysname, q_release, q_version, c_session->socket, time(NULL)); g_free(q_user_name); g_free(q_sysname); g_free(q_release); g_free(q_version); g_free(str_groups); break; case SESSION_CLOSE: /* update existing user session */ ok = secure_snprintf(request, sizeof(request), "UPDATE %s SET end_time=ABSTIME(%lu) " "WHERE socket='%u' and ip_saddr='%s' AND end_time IS NULL", params->pgsql_users_table_name, time(NULL), c_session->socket, addr_ascii); break; default: return -1; } if (!ok) { return -1; } /* do the query */ Result = PQexec(ld, request); /* check error */ if (!Result || PQresultStatus(Result) != PGRES_COMMAND_OK) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[PostgreSQL] Cannot insert session: %s", PQerrorMessage(ld)); PQclear(Result); return -1; } PQclear(Result); return 0; } G_MODULE_EXPORT void auth_error_log(user_session_t * c_session, nuauth_auth_error_t error, const char *text, gpointer params_p) { struct log_pgsql_params *params = (struct log_pgsql_params *) params_p; char addr_ascii[INET6_ADDRSTRLEN]; char request_values[INSERT_REQUEST_VALUES_SIZE]; char request_fields[INSERT_REQUEST_FIELDS_SIZE]; char tmp_buffer[INSERT_REQUEST_VALUES_SIZE]; char * quoted_username = NULL; gchar *str_groups; gchar * sql_query; gboolean ok; PGresult *Result; PGconn *ld = get_pgsql_handler(params); if (ld == NULL) return; if (!formatINET(params, addr_ascii, sizeof(addr_ascii), &c_session->addr, 0)) { return; } quoted_username = quote_pgsql_string(ld, c_session->user_name); /* create new user session */ ok = secure_snprintf(request_fields, sizeof(request_fields), "INSERT INTO %s (username, ip_saddr, reason, time, " "sport", params->pgsql_auth_failure_table_name); if (!ok) { g_free(quoted_username); return; } ok = secure_snprintf(request_values, sizeof(request_values), "VALUES (E'%s', '%s', '%s', ABSTIME(%lu), '%d'", quoted_username, addr_ascii, text, time(NULL), c_session->sport); g_free(quoted_username); if (!ok) { return; } if (c_session->groups) { g_strlcat(request_fields, ",user_id, user_groups", sizeof(request_fields)); /* build list of user groups */ str_groups = str_print_group(c_session); ok = secure_snprintf(tmp_buffer, sizeof(tmp_buffer), ", '%u', '%s'", c_session->user_id, str_groups); g_free(str_groups); if (!ok) { return; } g_strlcat(request_values, tmp_buffer, sizeof(request_values)); } if (c_session->sysname) { char * q_sysname = quote_pgsql_string(ld, c_session->sysname); char * q_release = quote_pgsql_string(ld, c_session->release); char * q_version = quote_pgsql_string(ld, c_session->version); g_strlcat(request_fields, "os_sysname, os_release, os_version)", sizeof(request_fields)); ok = secure_snprintf(tmp_buffer, sizeof(tmp_buffer), ", E'%s', E'%s', E'%s')", q_sysname, q_release, q_version); g_free(q_sysname); g_free(q_release); g_free(q_version); if (!ok) { return; } g_strlcat(request_values, tmp_buffer, sizeof(request_values)); } else { g_strlcat(request_fields, ")", sizeof(request_fields)); g_strlcat(request_values, ");", sizeof(request_values)); } /* create the sql query */ sql_query = g_strconcat(request_fields, "\n", request_values, NULL); if (sql_query == NULL) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "Fail to build PostgreSQL query (maybe too long)!"); return; } /* do the query */ Result = PQexec(ld, sql_query); g_free(sql_query); /* check error */ if (!Result || PQresultStatus(Result) != PGRES_COMMAND_OK) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[PostgreSQL] Cannot insert session: %s", PQerrorMessage(ld)); } PQclear(Result); return; } /** @} */ nufw-2.4.3/src/nuauth/modules/log_pgsql/Makefile.am0000644000175000017500000000132611431206275017211 00000000000000# PGSQL log plugin if USE_PGSQL_LOG AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I/usr/include/postgresql/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libpgsql.la noinst_libpgsql_la_SOURCES = log_pgsql.h libpgsql_la_SOURCES = pgsql.c ${noinst_libpgsql_la_SOURCES} libpgsql_la_LDFLAGS = -module -avoid-version libpgsql_la_LIBADD = -lpq libpgsql.la: $(libpgsql_la_OBJECTS) $(libpgsql_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(am_libpgsql_la_rpath) $(libpgsql_la_LDFLAGS) $(libpgsql_la_OBJECTS) $(libpgsql_la_LIBADD) endif nufw-2.4.3/src/nuauth/modules/log_pgsql/log_pgsql.h0000644000175000017500000000347611431206275017325 00000000000000/* $Id: log_pgsql.h,v 1.3 2003/11/26 00:10:24 gryzor Exp $ */ /* ** Copyright(C) 2003 - 2004 Eric Leblond ** Vincent Deffontaines ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation; version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include #define PGSQL_SERVER "127.0.0.1" #define PGSQL_SERVER_PORT 5432 /*#define LDAP_USER NULL #define LDAP_CRED NULL */ #define PGSQL_USER "nufw" #define PGSQL_PASSWD "mypassword" #define PGSQL_SSL "prefer" #define PGSQL_DB_NAME "nufw" #define PGSQL_REQUEST_TIMEOUT 10 #define PGSQL_TABLE_NAME "ulog" #define PGSQL_USERS_TABLE_NAME "users" #define PGSQL_AUTH_FAILURE_TABLE_NAME "authfail" #define PGSQL_USE_IPV4 1 #define OSNAME_MAX_SIZE 64 #define APPNAME_MAX_SIZE 256 #define SHORT_REQUEST_SIZE 400 #define INSERT_REQUEST_FIELDS_SIZE 200 #define INSERT_REQUEST_VALUES_SIZE 800 struct log_pgsql_params { int pgsql_request_timeout; char *pgsql_user; char *pgsql_passwd; char *pgsql_server; char *pgsql_ssl; char *pgsql_db_name; char *pgsql_table_name; char *pgsql_users_table_name; char *pgsql_auth_failure_table_name; int pgsql_server_port; int pgsql_use_ipv4; GPrivate *pgsql_priv; /* private pointer for pgsql database access */ }; nufw-2.4.3/src/nuauth/modules/mark_flag/0000777000175000017500000000000011431215441015166 500000000000000nufw-2.4.3/src/nuauth/modules/mark_flag/Makefile.in0000644000175000017500000003670511431215401017156 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # mark_flag plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/mark_flag DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libmark_flag_la_LIBADD = am_libmark_flag_la_OBJECTS = mark_flag.lo libmark_flag_la_OBJECTS = $(am_libmark_flag_la_OBJECTS) libmark_flag_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libmark_flag_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libmark_flag_la_SOURCES) DIST_SOURCES = $(libmark_flag_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libmark_flag.la libmark_flag_la_SOURCES = mark_flag.c libmark_flag_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/mark_flag/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/mark_flag/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mark_flag.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES libmark_flag.la: $(libmark_flag_la_OBJECTS) $(libmark_flag_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libmark_flag_la_LDFLAGS) $(libmark_flag_la_OBJECTS) $(libmark_flag_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/mark_flag/Makefile.am0000644000175000017500000000111411431206275017140 00000000000000# mark_flag plugin AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libmark_flag.la libmark_flag_la_SOURCES = mark_flag.c libmark_flag_la_LDFLAGS = -module -avoid-version libmark_flag.la: $(libmark_flag_la_OBJECTS) $(libmark_flag_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libmark_flag_la_LDFLAGS) $(libmark_flag_la_OBJECTS) $(libmark_flag_la_LIBADD) nufw-2.4.3/src/nuauth/modules/mark_flag/mark_flag.c0000644000175000017500000000524411431206275017203 00000000000000/* ** Copyright(C) 2007-2008 INL ** written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation; version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include "nuauthconf.h" /** * \ingroup NuauthModules */ /** * @{ */ typedef struct { /** position (in bits) in the mark */ unsigned int mark_shift; /** position (in bits) in the flag */ unsigned int flag_shift; /** mask to insert new data in packet mark */ uint32_t mark_mask; } mark_flag_config_t; /* * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } G_MODULE_EXPORT gboolean unload_module_with_params(gpointer params_p) { mark_flag_config_t *config = params_p; g_free(config); return TRUE; } G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { mark_flag_config_t *config = g_new0(mark_flag_config_t, 1); unsigned int nbits; log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Mark_flag module ($Revision$)"); /* read options */ nbits = nuauth_config_table_get_or_default_int("mark_flag_nbits", 16); config->mark_shift = nuauth_config_table_get_or_default_int("mark_flag_mark_shift", 0); config->flag_shift = nuauth_config_table_get_or_default_int("mark_flag_flag_shift", 0); config->mark_mask = (SHR32(0xFFFFFFFF, 32 - config->mark_shift) | SHL32(0xFFFFFFFF, nbits + config->mark_shift)); /* store config and exit */ module->params = config; return TRUE; } G_MODULE_EXPORT nu_error_t finalize_packet(connection_t * connection, gpointer params) { #ifdef DEBUG_ENABLE uint32_t old_mark = connection->mark; #endif uint32_t flag; mark_flag_config_t *config = (mark_flag_config_t *) params; flag = SHR32(connection->flags, config->flag_shift); flag = SHL32(flag, config->mark_shift); connection->mark = (connection->mark & config->mark_mask) | (flag & ~config->mark_mask); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "mark_flag: Set mark to %08X (mark mask=%08X, flag=%u), was %08X", connection->mark, config->mark_mask, connection->flags, old_mark); return NU_EXIT_OK; } /** @} */ nufw-2.4.3/src/nuauth/modules/postauth_localuser/0000777000175000017500000000000011431215442017164 500000000000000nufw-2.4.3/src/nuauth/modules/postauth_localuser/libpostauth_localuser.c0000644000175000017500000001233511431206275023663 00000000000000/* ** Copyright(C) 2009 INL ** written by Eric Leblond ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include "nuauthconf.h" #include #include /** * \ingroup NuauthModules */ #define LUSER_EXT_NAME "LUSER" #define LUSER_USER_CMD "LOCALUSER" #define POSTAUTH_DEFAULT_USERNAME "unknown" #define POSTAUTH_DEFAULT_MODE 0 struct postauth_localuser_params { int require_capa; unsigned int capa_index; }; /* * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } /** * @{ */ int assign_username(char **buf, int bufsize, void *data) { char pbuf[1024]; char **username = data; sscanf(*buf,"%s", pbuf); if (pbuf[strlen(pbuf)] != 0) { return SASL_FAIL; } if (username) { *username = g_strdup(pbuf); } else { debug_log_message(DEBUG, DEBUG_AREA_USER, "Remote username is \"%s\"", pbuf); } *buf += strlen(pbuf) + 1; return SASL_OK; } struct proto_ext_t localuser_ext = { .name = LUSER_EXT_NAME, .ncmd = 1, .cmd = { { .cmdname = LUSER_USER_CMD, .nargs = 1, .callback = &assign_username, }, } }; G_MODULE_EXPORT int postauth_proto(user_session_t * session, struct postauth_localuser_params * params) { struct nu_srv_message *msg; char buf[8192]; char *content; int buf_size, ret; char * username; char address[INET6_ADDRSTRLEN]; struct llist_head prot_list; if (session->capa_flags & (1 << params->capa_index)) { debug_log_message(WARNING, DEBUG_AREA_USER, "Asking remote username to user"); msg = (struct nu_srv_message *) buf; /* ask OS to client */ msg->type = SRV_EXTENDED_PROTO; msg->option = CLIENT_SRV; content = buf + sizeof(*msg); ret = snprintf(content, sizeof(buf) - sizeof(*msg), "BEGIN\n" LUSER_EXT_NAME "\n" LUSER_USER_CMD "\nEND\n"); msg->length = htons(sizeof(*msg) + ret); if (nussl_write(session->nussl, buf, sizeof(*msg) + ret) < 0) { log_message(WARNING, DEBUG_AREA_USER, "nussl_write() failure at %s:%d", __FILE__, __LINE__); return SASL_FAIL; } buf_size = nussl_read(session->nussl, buf, sizeof buf); /* FIXME add test on type of field */ INIT_LLIST_HEAD(&prot_list); INIT_LLIST_HEAD(&localuser_ext.list); /* add protocol modification to local list to be able to use process_ext_message */ llist_add(&prot_list, &localuser_ext.list); ret = process_ext_message(buf + sizeof(struct nu_authfield), buf_size - sizeof(struct nu_authfield), &prot_list, &username); if (ret != SASL_OK) return ret; format_ipv6(&session->addr, address, INET6_ADDRSTRLEN, NULL); log_message(DEBUG, DEBUG_AREA_USER, "User \"%s\" at %s seems to be \"%s\" remotely", session->user_name, address, username); g_free(username); } else { format_ipv6(&session->addr, address, INET6_ADDRSTRLEN, NULL); if (params->require_capa) { log_message(INFO, DEBUG_AREA_USER, "User \"%s\" at %s does not support local user announce, rejecting", session->user_name, address); } else { log_message(INFO, DEBUG_AREA_USER, "User \"%s\" at %s does not support local user announce", session->user_name, address); } if (params->require_capa) { return SASL_FAIL; } } return SASL_OK; } /** @} */ G_MODULE_EXPORT gchar *unload_module_with_params(gpointer params_p) { struct postauth_localuser_params *params = (struct postauth_localuser_params *) params_p; g_free(params); if (unregister_client_capa(params->capa_index) != NU_EXIT_OK) { log_message(WARNING, DEBUG_AREA_MAIN, "Unable to unregister capability LUSER"); return NULL; } if (unregister_protocol_extension(&localuser_ext) != NU_EXIT_OK) { log_message(WARNING, DEBUG_AREA_MAIN, "Unable to unregister protocol extension for LUSER"); return NULL; } return NULL; } G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { struct postauth_localuser_params *params = g_new0(struct postauth_localuser_params, 1); log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Postauth_localuser module"); params->require_capa = nuauth_config_table_get_or_default_int("postauth_localuser_require_capa", POSTAUTH_DEFAULT_MODE); if (register_client_capa(LUSER_EXT_NAME, &(params->capa_index)) != NU_EXIT_OK) { log_message(WARNING, DEBUG_AREA_MAIN, "Unable to register capability LUSER"); return FALSE; } if (register_protocol_extension(nuauthdatas, &localuser_ext) != NU_EXIT_OK) { log_message(WARNING, DEBUG_AREA_MAIN, "Unable to register protocol extension for LUSER"); return FALSE; } module->params = (gpointer) params; return TRUE; } nufw-2.4.3/src/nuauth/modules/postauth_localuser/Makefile.in0000644000175000017500000003731411431215402021151 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # postauth_localuser plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/postauth_localuser DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libpostauth_localuser_la_LIBADD = am_libpostauth_localuser_la_OBJECTS = libpostauth_localuser.lo libpostauth_localuser_la_OBJECTS = \ $(am_libpostauth_localuser_la_OBJECTS) libpostauth_localuser_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libpostauth_localuser_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libpostauth_localuser_la_SOURCES) DIST_SOURCES = $(libpostauth_localuser_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libpostauth_localuser.la libpostauth_localuser_la_SOURCES = libpostauth_localuser.c libpostauth_localuser_la_LDFLAGS = -module -avoid-version ../../../libs/nubase/libnubase.la all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/postauth_localuser/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/postauth_localuser/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpostauth_localuser.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES libpostauth_localuser.la: $(libpostauth_localuser_la_OBJECTS) $(libpostauth_localuser_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libpostauth_localuser_la_LDFLAGS) $(libpostauth_localuser_la_OBJECTS) $(libpostauth_localuser_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/postauth_localuser/Makefile.am0000644000175000017500000000132411431206275021140 00000000000000# postauth_localuser plugin AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libpostauth_localuser.la libpostauth_localuser_la_SOURCES = libpostauth_localuser.c libpostauth_localuser_la_LDFLAGS = -module -avoid-version ../../../libs/nubase/libnubase.la libpostauth_localuser.la: $(libpostauth_localuser_la_OBJECTS) $(libpostauth_localuser_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libpostauth_localuser_la_LDFLAGS) $(libpostauth_localuser_la_OBJECTS) $(libpostauth_localuser_la_LIBADD) nufw-2.4.3/src/nuauth/modules/system/0000777000175000017500000000000011431215441014567 500000000000000nufw-2.4.3/src/nuauth/modules/system/Makefile.in0000644000175000017500000004032211431215402016546 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # LDAP plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/system DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) am__DEPENDENCIES_1 = @USE_SYSTEM_AUTH_TRUE@libsystem_la_DEPENDENCIES = \ @USE_SYSTEM_AUTH_TRUE@ $(am__DEPENDENCIES_1) am__libsystem_la_SOURCES_DIST = system.c getugroups.c @USE_SYSTEM_AUTH_TRUE@am_libsystem_la_OBJECTS = system.lo \ @USE_SYSTEM_AUTH_TRUE@ getugroups.lo libsystem_la_OBJECTS = $(am_libsystem_la_OBJECTS) libsystem_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libsystem_la_LDFLAGS) $(LDFLAGS) -o $@ @USE_SYSTEM_AUTH_TRUE@am_libsystem_la_rpath = -rpath $(plugindir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libsystem_la_SOURCES) DIST_SOURCES = $(am__libsystem_la_SOURCES_DIST) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @USE_SYSTEM_AUTH_TRUE@AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" @USE_SYSTEM_AUTH_TRUE@INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ @USE_SYSTEM_AUTH_TRUE@plugindir = $(libdir)/nuauth/modules @USE_SYSTEM_AUTH_TRUE@plugin_LTLIBRARIES = libsystem.la @USE_SYSTEM_AUTH_TRUE@libsystem_la_SOURCES = system.c getugroups.c @USE_SYSTEM_AUTH_TRUE@libsystem_la_LDFLAGS = -module -avoid-version @USE_SYSTEM_AUTH_TRUE@libsystem_la_LIBADD = -lpam $(GLIB_LIBS) all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/system/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/system/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done @USE_SYSTEM_AUTH_FALSE@libsystem.la: $(libsystem_la_OBJECTS) $(libsystem_la_DEPENDENCIES) @USE_SYSTEM_AUTH_FALSE@ $(libsystem_la_LINK) $(am_libsystem_la_rpath) $(libsystem_la_OBJECTS) $(libsystem_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getugroups.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/system.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES @USE_SYSTEM_AUTH_TRUE@libsystem.la: $(libsystem_la_OBJECTS) $(libsystem_la_DEPENDENCIES) @USE_SYSTEM_AUTH_TRUE@ $(LINK) -rpath $(plugindir) $(am_libsystem_la_rpath) $(libsystem_la_LDFLAGS) $(libsystem_la_OBJECTS) $(libsystem_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/system/system.c0000644000175000017500000001663211431206275016210 00000000000000/* ** Copyright(C) 2004-2009 INL ** written by Eric Leblond ** Pierre Chifflier ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include /** * \ingroup AuthNuauthModules * \defgroup SystemModule PAM+NSS authentication module * * @{ */ /** * \file system.c * * \brief Core file for system module * */ #include "../../nuauth_gcrypt.h" #include #include GStaticMutex pam_mutex = G_STATIC_MUTEX_INIT; GSList *getugroups(char *username, gid_t gid); typedef struct { char *name; const char *pw; } auth_pam_userinfo; gint system_pam_module_not_threadsafe; extern gint system_glibc_cant_guess_maxgroups; gint system_suppress_prefixed_domain; /* * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } /* Init module system */ G_MODULE_EXPORT gchar *g_module_check_init(GModule * module) { /* set variables */ system_pam_module_not_threadsafe = nuauth_config_table_get_or_default_int("system_pam_module_not_threadsafe", 1); system_glibc_cant_guess_maxgroups = nuauth_config_table_get_or_default_int("system_glibc_cant_guess_maxgroups", 0); system_suppress_prefixed_domain = nuauth_config_table_get_or_default_int("system_suppress_prefixed_domain", 0); return NULL; } /** * auth_pam_talker: supply authentication information to PAM when asked * * Assumptions: * A password is asked for by requesting input without echoing * A username is asked for by requesting input _with_ echoing * */ static int auth_pam_talker(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) { unsigned short i = 0; auth_pam_userinfo *userinfo = (auth_pam_userinfo *) appdata_ptr; struct pam_response *response = 0; /* parameter sanity checking */ if (!resp || !msg || !userinfo) return PAM_CONV_ERR; /* allocate memory to store response */ response = malloc(num_msg * sizeof(struct pam_response)); if (!response) return PAM_CONV_ERR; /* copy values */ for (i = 0; i < num_msg; i++) { /* initialize to safe values */ response[i].resp_retcode = 0; response[i].resp = 0; /* select response based on requested output style */ switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_ON: /* on memory allocation failure, auth fails */ response[i].resp = g_strdup(userinfo->name); break; case PAM_PROMPT_ECHO_OFF: response[i].resp = g_strdup(userinfo->pw); break; default: if (response) g_free(response); return PAM_CONV_ERR; } } /* everything okay, set PAM response values */ *resp = response; return PAM_SUCCESS; } static char *normalize_username(const char *username) { /* compute user name */ char *user = get_rid_of_domain(username); if (!user) return NULL; if (system_suppress_prefixed_domain) { char *pv_user = get_rid_of_prefix_domain(user); g_free(user); user = pv_user; } return user; } /** * \brief user_check realise user authentication * * It has to be exported by all user authentication modules * * \param username User name string * \param pass User provided password * \param passlen Password length * \param session pointer to the user_session_t:: that we working on * \param params Pointer to the parameter of the module instance * \return SASL_OK if password is correct, other return are authentication failure */ G_MODULE_EXPORT int user_check(const char *username, const char *pass, user_session_t *session, unsigned passlen, gpointer params) { char *user; int ret; user = normalize_username(username); if (user == NULL) { return SASL_BADAUTH; } if (pass != NULL) { auth_pam_userinfo userinfo; pam_handle_t *pamh; struct pam_conv conv_info = { &auth_pam_talker, &userinfo }; userinfo.name = user; userinfo.pw = pass; if (system_pam_module_not_threadsafe) { g_static_mutex_lock(&pam_mutex); } #ifdef PERF_DISPLAY_ENABLE { struct timeval tvstart, tvend, result; if (nuauthconf->debug_areas & DEBUG_AREA_PERF) { gettimeofday(&tvstart, NULL); } #endif ret = pam_start("nuauth", user, &conv_info, &pamh); if (ret != PAM_SUCCESS) { g_warning("Can not initiate pam, dying"); if (system_pam_module_not_threadsafe) { g_static_mutex_unlock(&pam_mutex); } return SASL_BADAUTH; } ret = pam_authenticate(pamh, 0); /* is user really user? */ /* check auth */ if (ret != PAM_SUCCESS) { log_message(INFO, DEBUG_AREA_AUTH, "Bad password for user \"%s\"", user); pam_end(pamh, PAM_DATA_SILENT); if (system_pam_module_not_threadsafe) { g_static_mutex_unlock(&pam_mutex); } return SASL_BADAUTH; } pam_end(pamh, PAM_DATA_SILENT); if (system_pam_module_not_threadsafe) { g_static_mutex_unlock(&pam_mutex); } #ifdef PERF_DISPLAY_ENABLE if (nuauthconf->debug_areas & DEBUG_AREA_PERF) { gettimeofday(&tvend, NULL); timeval_substract(&result, &tvend, &tvstart); log_message(INFO, DEBUG_AREA_PERF, "PAM Auth duration: %.1f msec", (double)result.tv_sec*1000+ (double)(result.tv_usec/1000)); } } #endif } return SASL_OK; } G_MODULE_EXPORT uint32_t get_user_id(const char *username, gpointer params) { int ret; char *user; char buffer[512]; struct passwd result_buf; struct passwd *result_bufp = NULL; user = normalize_username(username); if (system_pam_module_not_threadsafe) { g_static_mutex_lock(&pam_mutex); } ret = getpwnam_r(user, &result_buf, buffer, sizeof(buffer), &result_bufp); if (system_pam_module_not_threadsafe) { g_static_mutex_unlock(&pam_mutex); } if (ret != 0 || (!result_bufp)) { g_free(user); return SASL_BADAUTH; } g_free(user); return result_bufp->pw_uid; } G_MODULE_EXPORT GSList *get_user_groups(const char *username, gpointer params) { int ret; char *user; char buffer[512]; struct passwd result_buf; struct passwd *result_bufp = NULL; GSList *userlist = NULL; user = normalize_username(username); if (system_pam_module_not_threadsafe) { g_static_mutex_lock(&pam_mutex); } ret = getpwnam_r(user, &result_buf, buffer, sizeof(buffer), &result_bufp); if (system_pam_module_not_threadsafe) { g_static_mutex_unlock(&pam_mutex); } if (ret != 0 || (!result_bufp)) { g_free(user); return NULL; } if (system_pam_module_not_threadsafe) { g_static_mutex_lock(&pam_mutex); userlist = getugroups(user, result_bufp->pw_gid); g_static_mutex_unlock(&pam_mutex); } else { userlist = getugroups(user, result_bufp->pw_gid); } g_free(user); return userlist; } G_MODULE_EXPORT gboolean unload_module_with_params(gpointer params_p) { return TRUE; } G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "System module ($Revision$)"); return TRUE; } /** @} */ nufw-2.4.3/src/nuauth/modules/system/Makefile.am0000644000175000017500000000122411431206275016543 00000000000000# LDAP plugin if USE_SYSTEM_AUTH AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libsystem.la libsystem_la_SOURCES = system.c getugroups.c libsystem_la_LDFLAGS = -module -avoid-version libsystem_la_LIBADD = -lpam $(GLIB_LIBS) libsystem.la: $(libsystem_la_OBJECTS) $(libsystem_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(am_libsystem_la_rpath) $(libsystem_la_LDFLAGS) $(libsystem_la_OBJECTS) $(libsystem_la_LIBADD) endif nufw-2.4.3/src/nuauth/modules/system/getugroups.c0000644000175000017500000000570111431206275017063 00000000000000/* getugroups.c -- return a list of the groups a user is in Copyright (C) 2007 INL Written by Eric Leblond $Id$ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 3 of the license. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /** * \ingroup SystemModule * @{ */ /** * \file getugroups.c * * \brief Contains getugroups() which is used to retrieve user's group */ #ifdef HAVE_CONFIG_H # include #endif #include "auth_srv.h" #include #include /* grp.h on alpha OSF1 V2.0 uses "FILE *". */ #include #define BUFLEN 4096 #ifdef HAVE_UNISTD_H # include #endif #include GStaticMutex group_mutex; gint system_glibc_cant_guess_maxgroups; /** * \brief Get list of group a user belong to * * Like `getgroups', but for user USERNAME instead of for the current process. If GID is not -1, store it first (if possible). GID should be the group ID (pw_gid) obtained from getpwuid, in case USERNAME is not listed in /etc/groups. Always return the number of groups of which USERNAME is a member. \param username String containing the username \param gid This is the primary group of the user \return A list of group under the form of a GSList */ GSList *getugroups(char *username, gid_t gid) { GSList *grouplist = NULL; int i, ng = 0; gid_t *groups = NULL; /* need to lock as position is common to all thread */ g_static_mutex_lock(&group_mutex); #ifdef PERF_DISPLAY_ENABLE { struct timeval tvstart, tvend, result; if (nuauthconf->debug_areas & DEBUG_AREA_PERF) { gettimeofday(&tvstart, NULL); } #endif if (system_glibc_cant_guess_maxgroups) { ng = system_glibc_cant_guess_maxgroups; } else { if (getgrouplist(username, gid, NULL, &ng) >= 0) { return NULL; } } groups = g_new0(gid_t, ng); getgrouplist(username, gid, groups, &ng); for (i = 0; i < ng; i++) { grouplist = g_slist_prepend(grouplist, GINT_TO_POINTER(groups[i])); } g_free(groups); #ifdef PERF_DISPLAY_ENABLE if (nuauthconf->debug_areas & DEBUG_AREA_PERF) { gettimeofday(&tvend, NULL); timeval_substract(&result, &tvend, &tvstart); log_message(INFO, DEBUG_AREA_PERF, "Group list fetching duration: %.1f msec", (double)result.tv_sec*1000+ (double)(result.tv_usec/1000)); } } #endif /* release lock */ g_static_mutex_unlock(&group_mutex); return grouplist; } /** * @} */ nufw-2.4.3/src/nuauth/modules/session_expire/0000777000175000017500000000000011431215441016302 500000000000000nufw-2.4.3/src/nuauth/modules/session_expire/Makefile.in0000644000175000017500000003707511431215402020274 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # session_expire plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/session_expire DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libsession_expire_la_LIBADD = am_libsession_expire_la_OBJECTS = session_expire.lo libsession_expire_la_OBJECTS = $(am_libsession_expire_la_OBJECTS) libsession_expire_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libsession_expire_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libsession_expire_la_SOURCES) DIST_SOURCES = $(libsession_expire_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libsession_expire.la libsession_expire_la_SOURCES = session_expire.c libsession_expire_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/session_expire/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/session_expire/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/session_expire.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES libsession_expire.la: $(libsession_expire_la_OBJECTS) $(libsession_expire_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libsession_expire_la_LDFLAGS) $(libsession_expire_la_OBJECTS) $(libsession_expire_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/session_expire/Makefile.am0000644000175000017500000000120311431206275020253 00000000000000# session_expire plugin AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libsession_expire.la libsession_expire_la_SOURCES = session_expire.c libsession_expire_la_LDFLAGS = -module -avoid-version libsession_expire.la: $(libsession_expire_la_OBJECTS) $(libsession_expire_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libsession_expire_la_LDFLAGS) $(libsession_expire_la_OBJECTS) $(libsession_expire_la_LIBADD) nufw-2.4.3/src/nuauth/modules/session_expire/session_expire.c0000644000175000017500000000271511431206275021433 00000000000000/* ** Copyright(C) 2006 INL ** written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include /** * \ingroup NuauthModules */ /** * @{ */ /* * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } G_MODULE_EXPORT gboolean unload_module_with_params(gpointer params_p) { return TRUE; } G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Session_expire module ($Revision$)"); return TRUE; } G_MODULE_EXPORT int user_session_modify(user_session_t * session, gpointer params) { if (nuauthconf->session_duration) { session->expire = time(NULL) + nuauthconf->session_duration; } else { session->expire = -1; } return SASL_OK; } /** @} */ nufw-2.4.3/src/nuauth/modules/auth_mysql/0000777000175000017500000000000011431215441015431 500000000000000nufw-2.4.3/src/nuauth/modules/auth_mysql/Makefile.in0000644000175000017500000004073111431215400017412 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # auth_mysql plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/auth_mysql DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libauth_mysql_la_LIBADD = am__libauth_mysql_la_SOURCES_DIST = mysql_auth.c mysql_auth.h mysql.h am__objects_1 = @USE_MYSQL_AUTH_TRUE@am_libauth_mysql_la_OBJECTS = mysql_auth.lo \ @USE_MYSQL_AUTH_TRUE@ $(am__objects_1) libauth_mysql_la_OBJECTS = $(am_libauth_mysql_la_OBJECTS) libauth_mysql_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libauth_mysql_la_LDFLAGS) $(LDFLAGS) -o $@ @USE_MYSQL_AUTH_TRUE@am_libauth_mysql_la_rpath = -rpath $(plugindir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libauth_mysql_la_SOURCES) DIST_SOURCES = $(am__libauth_mysql_la_SOURCES_DIST) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @USE_MYSQL_AUTH_TRUE@AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" @HAVE_MYSQL_CONFIG_TRUE@@USE_MYSQL_AUTH_TRUE@MYSQL_INCLUDE = `mysql_config --include` @HAVE_MYSQL_CONFIG_TRUE@@USE_MYSQL_AUTH_TRUE@MYSQL_LIBS = `mysql_config --libs_r` @USE_MYSQL_AUTH_TRUE@INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ $(MYSQL_INCLUDE) -I$(top_srcdir)/src/libs/nussl/ -I$(top_srcdir)/src/libs/nubase/ @USE_MYSQL_AUTH_TRUE@plugindir = $(libdir)/nuauth/modules @USE_MYSQL_AUTH_TRUE@plugin_LTLIBRARIES = libauth_mysql.la @USE_MYSQL_AUTH_TRUE@noinst_libauth_mysql_la_SOURCES = mysql_auth.h mysql.h @USE_MYSQL_AUTH_TRUE@libauth_mysql_la_SOURCES = mysql_auth.c ${noinst_libauth_mysql_la_SOURCES} #libauth_mysql_la_LIBADD = -lmysqlclient_r @USE_MYSQL_AUTH_TRUE@libauth_mysql_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/auth_mysql/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/auth_mysql/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done @USE_MYSQL_AUTH_FALSE@libauth_mysql.la: $(libauth_mysql_la_OBJECTS) $(libauth_mysql_la_DEPENDENCIES) @USE_MYSQL_AUTH_FALSE@ $(libauth_mysql_la_LINK) $(am_libauth_mysql_la_rpath) $(libauth_mysql_la_OBJECTS) $(libauth_mysql_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mysql_auth.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES @USE_MYSQL_AUTH_TRUE@libauth_mysql.la: $(libauth_mysql_la_OBJECTS) $(libauth_mysql_la_DEPENDENCIES) @USE_MYSQL_AUTH_TRUE@ $(LINK) -rpath $(plugindir) $(am_libauth_mysql_la_rpath) $(libauth_mysql_la_LDFLAGS) $(libauth_mysql_la_OBJECTS) $(MYSQL_LIBS) $(libauth_mysql_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/auth_mysql/mysql_auth.c0000644000175000017500000004600611431206275017712 00000000000000/* ** Copyright(C) 2003-2007 Wi-Next ** Written by Francesco Varano - ** Gabriele Messineo- ** Copyright(C) 2003-2008 Wi-Next ** Written by Pierre Chifflier ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* code inspired from log_mysql & plaintext */ #include #include #include "nuauthconf.h" #include "mysql_auth.h" /* MySQL schema * * create table userinfo(uid int primary key auto_increment,username varchar(256)); * create table groups(gid int primary key auto_increment,groupname varchar(256)); * create table groupinfo(uid int, gid int,PRIMARY KEY(uid,gid)); * */ /** Minimum buffer size to write an IPv6 in SQL syntax */ #define IPV6_SQL_STRLEN (2+16*2+1) /* * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } static MYSQL *mysql_conn_init(struct ipauth_mysql_params *params); static MYSQL *get_mysql_handler(struct ipauth_mysql_params *params); static int ipv6_to_sql(struct ipauth_mysql_params *params, struct in6_addr *addr, char *buffer, size_t buflen, int use_ntohl); static void free_ipauth_user(gpointer); static nu_error_t mysql_close_current(struct ipauth_mysql_params* params); /** * * \ingroup AuthNuauthModules * \defgroup MySQLAuthentication MySQL authentication module * * @{ */ /** * \file mysql_auth.c * * \brief Core file for mysql authentication module * */ G_MODULE_EXPORT gboolean unload_module_with_params(gpointer params_p) { struct ipauth_params *params = (struct ipauth_params *) params_p; struct ipauth_mysql_params *mysql = params->mysql; if (mysql) { g_free(mysql->mysql_user); g_free(mysql->mysql_passwd); g_free(mysql->mysql_server); g_free(mysql->mysql_db_name); g_free(mysql->mysql_ipauth_table_name); g_free(mysql->mysql_userinfo_table_name); g_free(mysql->mysql_groups_table_name); g_free(mysql->mysql_groupinfo_table_name); g_free(mysql->mysql_ssl_keyfile); g_free(mysql->mysql_ssl_certfile); g_free(mysql->mysql_ssl_ca); g_free(mysql->mysql_ssl_capath); g_free(mysql->mysql_ssl_cipher); g_free(mysql); } if (params->users) g_hash_table_remove_all(params->users); g_free(params->guest_username); params->mysql = NULL; params->users = NULL; return TRUE; } /* Init mysql system */ G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { /* char *ldap_base_dn=LDAP_BASE; */ struct ipauth_params *ipauth = g_new0(struct ipauth_params, 1); struct ipauth_mysql_params *mysql = g_new0(struct ipauth_mysql_params, 1); log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "IPAUTH MySQL module Revision: "IPAUTH_REV); /* init global variables */ mysql->mysql_ssl_cipher = MYSQL_SSL_CIPHER; /* mysql->hook = module->hook; */ mysql->mysql_server = nuauth_config_table_get_or_default("mysql_server_addr", MYSQL_SERVER); mysql->mysql_user = nuauth_config_table_get_or_default("mysql_user", MYSQL_USER); mysql->mysql_passwd = nuauth_config_table_get_or_default("mysql_passwd", MYSQL_PASSWD); mysql->mysql_db_name = nuauth_config_table_get_or_default("mysql_db_name", MYSQL_DB_NAME); /* ipauth specific tables */ mysql->mysql_ipauth_table_name = nuauth_config_table_get_or_default("mysql_ipauth_table_name", MYSQL_IPAUTH_TABLE_NAME); mysql->mysql_userinfo_table_name = nuauth_config_table_get_or_default("mysql_userinfo_table_name", MYSQL_USERINFO_TABLE_NAME); mysql->mysql_groups_table_name = nuauth_config_table_get_or_default("mysql_groups_table_name", MYSQL_GROUPS_TABLE_NAME); mysql->mysql_groupinfo_table_name = nuauth_config_table_get_or_default("mysql_groupinfo_table_name", MYSQL_GROUPINFO_TABLE_NAME); mysql->mysql_ipauth_check_netmask = nuauth_config_table_get_or_default_int("mysql_ipauth_check_netmask", MYSQL_IPAUTH_CHECK_NETMASK); /* endof ipauth specific tables */ /* guest user */ ipauth->fallback_to_guest = nuauth_config_table_get_or_default_int("mysql_auth_fallback_to_guest", AUTH_MYSQL_FALLBACK_TO_GUEST); ipauth->guest_username = nuauth_config_table_get_or_default("mysql_auth_guest_username", AUTH_MYSQL_GUEST_USERNAME); ipauth->guest_uid = nuauth_config_table_get_or_default_int("mysql_auth_guest_userid", AUTH_MYSQL_GUEST_USERID); ipauth->guest_gid = nuauth_config_table_get_or_default_int("mysql_auth_guest_groupid", AUTH_MYSQL_GUEST_GROUPID); /* endof guest user */ mysql->mysql_ssl_keyfile = nuauth_config_table_get_or_default("mysql_ssl_keyfile", MYSQL_SSL_KEYFILE); mysql->mysql_ssl_certfile = nuauth_config_table_get_or_default("mysql_ssl_certfile", MYSQL_SSL_CERTFILE); mysql->mysql_ssl_ca = nuauth_config_table_get_or_default("mysql_ssl_ca", MYSQL_SSL_CA); mysql->mysql_ssl_capath = nuauth_config_table_get_or_default("mysql_ssl_capath", MYSQL_SSL_CAPATH); mysql->mysql_ssl_cipher = nuauth_config_table_get_or_default("mysql_ssl_cipher", MYSQL_SSL_CIPHER); mysql->mysql_server_port = nuauth_config_table_get_or_default_int("mysql_server_port", MYSQL_SERVER_PORT); mysql->mysql_request_timeout = nuauth_config_table_get_or_default_int("mysql_request_timeout", MYSQL_REQUEST_TIMEOUT); mysql->mysql_use_ssl = nuauth_config_table_get_or_default_int("mysql_use_ssl", MYSQL_USE_SSL); mysql->mysql_use_ipv4_schema = nuauth_config_table_get_or_default_int("mysql_use_ipv4_schema", MYSQL_USE_IPV4_SCHEMA); /* init thread private stuff */ mysql->mysql_priv = g_private_new(NULL); log_message(DEBUG, DEBUG_AREA_MAIN, "mysql part of the config file is parsed"); ipauth->users = g_hash_table_new_full(g_str_hash, g_str_equal, NULL, free_ipauth_user); ipauth->mysql = mysql; module->params = (gpointer) ipauth; return TRUE; } /* * Initialize connection to mysql server */ static MYSQL *mysql_conn_init(struct ipauth_mysql_params *params) { MYSQL *ld = NULL; #ifdef MYSQL_OPT_RECONNECT my_bool trueval = 1; #endif /* init connection */ ld = mysql_init(ld); if (ld == NULL) { log_message(WARNING, DEBUG_AREA_MAIN, "mysql init error : %s", strerror(errno)); return NULL; } #if HAVE_MYSQL_SSL /* Set SSL options, if configured to do so */ if (params->mysql_use_ssl) mysql_ssl_set(ld, params->mysql_ssl_keyfile, params->mysql_ssl_certfile, params->mysql_ssl_ca, params->mysql_ssl_capath, params->mysql_ssl_cipher); #endif #if 0 /* Set MYSQL object properties */ if (mysql_options(ld, MYSQL_OPT_CONNECT_TIMEOUT, mysql_conninfo) != 0) { log_message(WARNING, DEBUG_AREA_MAIN, "mysql options setting failed : %s", mysql_error(ld)); } #endif #ifdef MYSQL_OPT_RECONNECT # if defined(MYSQL_VERSION_ID) && (MYSQL_VERSION_ID >= 50019) mysql_options(ld, MYSQL_OPT_RECONNECT, &trueval); # endif #endif if (!mysql_real_connect (ld, params->mysql_server, params->mysql_user, params->mysql_passwd, params->mysql_db_name, params->mysql_server_port, NULL, 0)) { log_message(WARNING, DEBUG_AREA_MAIN, "mysql connection failed : %s", mysql_error(ld)); mysql_close(ld); return NULL; } #ifdef MYSQL_OPT_RECONNECT # if defined(MYSQL_VERSION_ID) && (MYSQL_VERSION_ID < 50019) mysql_options(ld, MYSQL_OPT_RECONNECT, &trueval); # endif #endif ipauth_mysql_conn_list = g_slist_prepend(ipauth_mysql_conn_list, ld); return ld; } static char *quote_string(MYSQL * mysql, const char *text) { unsigned int length = strlen(text); char *quoted; if (length == 0) return strdup(text); quoted = (char *) malloc(length * 2 + 1); if (mysql_real_escape_string(mysql, quoted, text, length) == 0) { g_free(quoted); return NULL; } return quoted; } #define SELECT_FIELDS "username" G_MODULE_EXPORT gchar* ip_authentication(auth_pckt_t * pckt, struct ipauth_params* params) { char request[LONG_REQUEST_SIZE]; char ip_ascii[IPV6_SQL_STRLEN]; tracking_t * header = & pckt->header; /* char ip_ascii[40]; */ MYSQL *ld; gboolean ok; MYSQL_ROW row; char *username = NULL; char ip_check[256]; /* u_int32_t saddr=htonl(header->saddr); */ /*!< IPv4 source address */ if (ipv6_to_sql(params->mysql, &header->saddr, ip_ascii, sizeof(ip_ascii), 1) != 0) return NULL; ld = get_mysql_handler(params->mysql); if (ld == NULL) { return NULL; } if (params->mysql->mysql_ipauth_check_netmask) { if (params->mysql->mysql_use_ipv4_schema) { ok = secure_snprintf(ip_check, sizeof(ip_check), "ip_saddr = (%s & netmask)", ip_ascii); } else { ok = secure_snprintf(ip_check, sizeof(ip_check), "check_net(ip_saddr, %s, netmask)", ip_ascii); } } else { ok = secure_snprintf(ip_check, sizeof(ip_check), "ip_saddr = %s", ip_ascii); } if (!ok) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[IPAUTH MySQL] cannot check IP query: %s", ip_check); return NULL; } ok = secure_snprintf(request, sizeof(request), "SELECT " SELECT_FIELDS " FROM %s " "WHERE %s AND" "(end_time is NULL OR " "end_time > NOW())", params->mysql->mysql_ipauth_table_name, ip_check); if (!ok) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[IPAUTH MySQL] cannot create query: %s", request); return NULL; } /* execute query */ if ( (ok = mysql_real_query(ld, request, strlen(request))) ) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[IPAUTH MySQL] Cannot execute request: %s", mysql_error(ld)); mysql_close_current(params->mysql); return NULL; } else { MYSQL_RES *result = mysql_store_result(ld); if ( (row = mysql_fetch_row(result) )) username = g_strdup(row[0]); else if (params->fallback_to_guest) username = g_strdup(params->guest_username); mysql_free_result(result); } return username; } G_MODULE_EXPORT int user_check(const char *username, const char *clientpass, unsigned passlen, user_session_t *session, struct ipauth_params* params) { struct ipauth_mysql_params *mysql = params->mysql; MYSQL *ld = NULL; char request[LONG_REQUEST_SIZE]; int ret; char *quoted_username = NULL; char *quoted_clientpass = NULL; if (!(ld = get_mysql_handler(mysql))) return SASL_BADAUTH; quoted_username = quote_string(ld, username); if (! quoted_username) return SASL_BADAUTH; quoted_clientpass = quote_string(ld, clientpass); if (! quoted_clientpass) return SASL_BADAUTH; if (!secure_snprintf(request, sizeof(request), "SELECT uid FROM %s WHERE username='%s' AND " "password=PASSWORD('%s')", mysql->mysql_userinfo_table_name, quoted_username, quoted_clientpass)) { g_free(quoted_username); g_free(quoted_clientpass); return SASL_BADAUTH; } g_free(quoted_username); g_free(quoted_clientpass); /* execute query */ if ( mysql_real_query(ld, request, strlen(request)) ) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[IPAUTH MySQL] Cannot execute request: %s", mysql_error(ld)); mysql_close_current(params->mysql); return SASL_BADAUTH; } else { MYSQL_RES *result = mysql_store_result(ld); if (mysql_affected_rows(ld)) ret = SASL_OK; else ret = SASL_BADAUTH; mysql_free_result(result); } return ret; } G_MODULE_EXPORT uint32_t get_user_id(const char *username, struct ipauth_params* params) { struct ipauth_mysql_params *mysql = params->mysql; MYSQL *ld = NULL; char request[LONG_REQUEST_SIZE]; int ok; uint32_t uid = params->guest_uid; MYSQL_ROW row; char *endptr=NULL; struct ipauth_user *user; char *quoted_username = NULL; if ( (user=g_hash_table_lookup(params->users, username)) ) { /* log_message(INFO, DEBUG_AREA_AUTH, */ debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "[IPAUTH MySQL:get_user_id] found user in hash table"); return user->uid; } /* log_message(INFO, DEBUG_AREA_AUTH, */ debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "[IPAUTH MySQL:get_user_id] searching user in mysql table"); if (!(ld = get_mysql_handler(mysql))) return params->guest_uid; /* SASL_BADAUTH; error code? */ quoted_username = quote_string(ld, username); if (! quoted_username) return params->guest_uid; /* SASL_BADAUTH; error code? */ if (!(ok = secure_snprintf(request, sizeof(request), "SELECT uid FROM %s WHERE username='%s'", mysql->mysql_userinfo_table_name, quoted_username))) { g_free(quoted_username); return params->guest_uid; /* SASL_BADAUTH; error code? */ } /* execute query */ if ( (ok = mysql_real_query(ld, request, strlen(request))) ) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[IPAUTH MySQL] Cannot execute request: %s", mysql_error(ld)); mysql_close_current(params->mysql); return params->guest_uid; /* SASL_BADAUTH; error code? */ } else { MYSQL_RES *result = mysql_store_result(ld); if ((ok = mysql_affected_rows(ld)) == 1) { if ( (row = mysql_fetch_row(result) )) { uid = strtol(row[0],&endptr,10); if (*endptr) { uid = params->guest_uid; /* SASL_BADAUTH; error code? */ } else { user = g_new0(struct ipauth_user, 1); user->username = g_strdup(username); user->uid = uid; g_hash_table_insert(params->users, user->username, user); } } } else if (ok > 1) uid = params->guest_uid; /* SASL_BADAUTH; */ mysql_free_result(result); } return uid; } G_MODULE_EXPORT GSList *get_user_groups(const char *username, struct ipauth_params* params) { struct ipauth_mysql_params *mysql = params->mysql; MYSQL *ld = NULL; char request[LONG_REQUEST_SIZE]; /* int mysql_ret; */ int ok; MYSQL_ROW row; GSList *grouplist = NULL; gid_t gid; int ng=0; char *endptr=NULL; struct ipauth_user *user; int64_t uid = -1; if ( (user=g_hash_table_lookup(params->users, username)) && user->groups ) { /* log_message(INFO, DEBUG_AREA_AUTH, */ debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "[IPAUTH MySQL:get_user_groups] found user in hash table"); return g_slist_copy(user->groups); } /* log_message(INFO, DEBUG_AREA_AUTH, */ debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "[IPAUTH MySQL:get_user_groups] searching user in mysql table"); if (!(ld = get_mysql_handler(mysql))) return NULL; if (!(ok = secure_snprintf(request, sizeof(request), "SELECT gid,%s.uid FROM %s JOIN %s ON %s.uid=%s.uid WHERE username='%s'", mysql->mysql_userinfo_table_name, mysql->mysql_groupinfo_table_name, mysql->mysql_userinfo_table_name, mysql->mysql_groupinfo_table_name, mysql->mysql_userinfo_table_name, username)) ) { /* "SELECT gid,users.uid FROM groupinfo JOIN users ON groupinfo.uid=users.uid WHERE username='%s'", username)) ) */ /* "SELECT groupinfo.gid,users.uid FROM groupinfo,users WHERE groupinfo.uid=users.uid and users.username='%s'",username)) ) */ /* "SELECT gid FROM groupinfo WHERE uid IN (SELECT uid FROM users where username='%s')",username)) ) */ return NULL; } /* execute query */ if ( (ok = mysql_real_query(ld, request, strlen(request)))) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "[IPAUTH MySQL] Cannot execute request: %s", mysql_error(ld)); mysql_close_current(params->mysql); return NULL; } else { MYSQL_RES *result = mysql_store_result(ld); if ((ng=mysql_affected_rows(ld))<1) { if (params->fallback_to_guest) grouplist = g_slist_prepend(grouplist, GINT_TO_POINTER(params->guest_gid)); } else { for(ok=0;okusername = g_strdup(username); user->uid = uid; g_hash_table_insert(params->users, user->username, user); } user->groups = grouplist; return g_slist_copy(user->groups); } /* ------------------------------------------------------------------------------------- */ /* --------------------------- STATIC FUNCTIONS ---------------------------------------- */ /* ------------------------------------------------------------------------------------- */ static MYSQL *get_mysql_handler(struct ipauth_mysql_params *params) { MYSQL *ld = g_private_get(params->mysql_priv); if (ld) return ld; ld = mysql_conn_init(params); if (ld == NULL) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "Can not initiate MYSQL connection"); return NULL; } g_private_set(params->mysql_priv, ld); return ld; } const gchar *g_module_check_init(GModule *module) { ipauth_mysql_conn_list = NULL; mysql_server_init(0, NULL, NULL); return NULL; } void g_module_unload(GModule *module) { GSList* pointer = ipauth_mysql_conn_list; if (ipauth_mysql_conn_list) { while (pointer) { mysql_close((MYSQL *)pointer->data); pointer=pointer->next; } g_slist_free(ipauth_mysql_conn_list); } ipauth_mysql_conn_list = NULL; /* mysql_server_end(); */ } /** * Convert an IPv6 address to SQL binary string. * Eg. ::1 => "0x0000000000000001" * * \return Returns -1 if fails, 0 otherwise. */ static int ipv6_to_sql( struct ipauth_mysql_params *params, struct in6_addr *addr, char *buffer, size_t buflen, int use_ntohl) { unsigned char i; unsigned char *addr8; size_t written; if (!params->mysql_use_ipv4_schema) { /* format IPv6 to BINARY(16) as "0x..." */ if (buflen < IPV6_SQL_STRLEN) { buffer[0] = 0; return -1; } buffer[0] = '0'; buffer[1] = 'x'; buffer += 2; addr8 = &addr->s6_addr[0]; for (i = 0; i < 4; i++) { written = sprintf(buffer, "%02x%02x%02x%02x", addr8[0], addr8[1], addr8[2], addr8[3]); if (written != 2 * 4) { buffer[0] = 0; return -1; } buffer += written; addr8 += 4; } buffer[0] = 0; } else { int ok; uint32_t ip; /* format IPv6 to "a.b.c.d" but only for IPv4 in IPv6 */ if (!is_ipv4(addr)) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "MySQL: Packet has IPV6 address but MySQL use IPV4 only schema"); return -1; } ip = addr->s6_addr32[3]; if (use_ntohl) ip = ntohl(ip); ok = secure_snprintf(buffer, buflen, "%u", ip); if (!ok) return -1; } return 0; } static void free_ipauth_user(gpointer user) { if (user) { g_free(((struct ipauth_user *)user)->username); g_slist_free(((struct ipauth_user *)user)->groups); } } static nu_error_t mysql_close_current(struct ipauth_mysql_params* params) { MYSQL* ld = get_mysql_handler(params); if (ld) { mysql_close(ld); } g_private_set(params->mysql_priv, NULL); return NU_EXIT_OK; } /** @} */ nufw-2.4.3/src/nuauth/modules/auth_mysql/mysql.h0000644000175000017500000000510311431206275016667 00000000000000/* ** Copyright(C) 2003-2006 INL ** written by Eric Leblond ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation; version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef IPAUTH_MYSQL_H #define IPAUTH_MYSQL_H #include #include #define MYSQL_SERVER "127.0.0.1" #define MYSQL_SERVER_PORT 3306 #define MYSQL_USER "nufw" #define MYSQL_PASSWD "mypassword" #define MYSQL_DB_NAME "nufw" #define MYSQL_TABLE_NAME "ulog" #define MYSQL_USERS_TABLE_NAME "users" #define MYSQL_REQUEST_TIMEOUT 10 #define MYSQL_USE_IPV4_SCHEMA 1 /* use IPV4 schema by default for compatibility */ #define MYSQL_IPAUTH_TABLE_NAME "ipauth_sessions" #define MYSQL_USERINFO_TABLE_NAME "userinfo" #define MYSQL_GROUPS_TABLE_NAME "groups" #define MYSQL_GROUPINFO_TABLE_NAME "groupinfo" #define MYSQL_IPAUTH_CHECK_NETMASK 1 /* SSL options */ #define MYSQL_USE_SSL 1 /* use ssl by default */ #define MYSQL_SSL_KEYFILE NULL #define MYSQL_SSL_CERTFILE NULL #define MYSQL_SSL_CA NULL #define MYSQL_SSL_CAPATH NULL #define MYSQL_SSL_CIPHER "ALL:!ADH:+RC4:@STRENGTH" #define OSNAME_MAX_SIZE 100 #define APPNAME_MAX_SIZE 256 #define SHORT_REQUEST_SIZE 512 #define LONG_REQUEST_SIZE 1024 #define INSERT_REQUEST_FIELDS_SIZE 200 #define INSERT_REQUEST_VALUES_SIZE 800 #define REQUEST_TMP_BUFFER 500 struct ipauth_mysql_params { /* module_hook_t hook; */ int mysql_request_timeout; char *mysql_user; char *mysql_passwd; char *mysql_server; char *mysql_db_name; char *mysql_ipauth_table_name; char *mysql_userinfo_table_name; char *mysql_groups_table_name; char *mysql_groupinfo_table_name; unsigned char mysql_ipauth_check_netmask; int mysql_server_port; unsigned char mysql_use_ipv4_schema; unsigned char mysql_use_ssl; char *mysql_ssl_keyfile; char *mysql_ssl_certfile; char *mysql_ssl_ca; char *mysql_ssl_capath; char *mysql_ssl_cipher; GPrivate *mysql_priv; /* private pointer for mysql database access */ }; /* we use mysql.h only in ipauth.c */ GSList *ipauth_mysql_conn_list; #endif /* IPAUTH_MYSQL_H */ nufw-2.4.3/src/nuauth/modules/auth_mysql/Makefile.am0000644000175000017500000000164111431206275017410 00000000000000# auth_mysql plugin if USE_MYSQL_AUTH AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" if HAVE_MYSQL_CONFIG MYSQL_INCLUDE = `mysql_config --include` MYSQL_LIBS = `mysql_config --libs_r` endif INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ $(MYSQL_INCLUDE) -I$(top_srcdir)/src/libs/nussl/ -I$(top_srcdir)/src/libs/nubase/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libauth_mysql.la noinst_libauth_mysql_la_SOURCES = mysql_auth.h mysql.h libauth_mysql_la_SOURCES = mysql_auth.c ${noinst_libauth_mysql_la_SOURCES} #libauth_mysql_la_LIBADD = -lmysqlclient_r libauth_mysql_la_LDFLAGS = -module -avoid-version libauth_mysql.la: $(libauth_mysql_la_OBJECTS) $(libauth_mysql_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(am_libauth_mysql_la_rpath) $(libauth_mysql_la_LDFLAGS) $(libauth_mysql_la_OBJECTS) $(MYSQL_LIBS) $(libauth_mysql_la_LIBADD) endif nufw-2.4.3/src/nuauth/modules/auth_mysql/mysql_auth.h0000644000175000017500000000256611431206275017722 00000000000000/* ** Copyright(C) 2003-2007 Wi-Next ** Written by Francesco Varano - ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef IPAUTH_H #define IPAUTH_H #include #include #include #include "mysql.h" #define AUTH_MYSQL_FALLBACK_TO_GUEST 1 #define AUTH_MYSQL_GUEST_USERNAME "guest" #define AUTH_MYSQL_GUEST_USERID 0 #define AUTH_MYSQL_GUEST_GROUPID 99 #define IPAUTH_REV "0.0.1" struct ipauth_user { char *username; /* char *passwd; */ u_int32_t uid; GSList *groups; }; struct ipauth_params { struct ipauth_mysql_params *mysql; unsigned char fallback_to_guest; char *guest_username; unsigned guest_uid; unsigned guest_gid; GHashTable *users; }; #endif /* IPAUTH_H */ nufw-2.4.3/src/nuauth/modules/mark_uid/0000777000175000017500000000000011431215441015036 500000000000000nufw-2.4.3/src/nuauth/modules/mark_uid/Makefile.in0000644000175000017500000003665511431215401017032 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # mark_uid plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/mark_uid DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libmark_uid_la_LIBADD = am_libmark_uid_la_OBJECTS = mark_uid.lo libmark_uid_la_OBJECTS = $(am_libmark_uid_la_OBJECTS) libmark_uid_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libmark_uid_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libmark_uid_la_SOURCES) DIST_SOURCES = $(libmark_uid_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libmark_uid.la libmark_uid_la_SOURCES = mark_uid.c libmark_uid_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/mark_uid/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/mark_uid/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mark_uid.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES libmark_uid.la: $(libmark_uid_la_OBJECTS) $(libmark_uid_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libmark_uid_la_LDFLAGS) $(libmark_uid_la_OBJECTS) $(libmark_uid_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/mark_uid/Makefile.am0000644000175000017500000000110111431206275017004 00000000000000# mark_uid plugin AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libmark_uid.la libmark_uid_la_SOURCES = mark_uid.c libmark_uid_la_LDFLAGS = -module -avoid-version libmark_uid.la: $(libmark_uid_la_OBJECTS) $(libmark_uid_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libmark_uid_la_LDFLAGS) $(libmark_uid_la_OBJECTS) $(libmark_uid_la_LIBADD) nufw-2.4.3/src/nuauth/modules/mark_uid/mark_uid.c0000644000175000017500000000264211431206275016722 00000000000000/* ** Copyright(C) 2006 INL ** written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation; version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include /** * \ingroup NuauthModules */ /** * @{ */ /* * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } G_MODULE_EXPORT gboolean unload_module_with_params(gpointer params_p) { return TRUE; } G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Mark_uid module ($Revision$)"); return TRUE; } G_MODULE_EXPORT nu_error_t finalize_packet(connection_t * connection, gpointer params) { connection->mark = (connection->user_id & 0xFFFF) | (connection-> mark & 0xffff0000); return NU_EXIT_OK; } /** @} */ nufw-2.4.3/src/nuauth/modules/log_syslog/0000777000175000017500000000000011431215440015423 500000000000000nufw-2.4.3/src/nuauth/modules/log_syslog/Makefile.in0000644000175000017500000003762011431215401017411 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # MYSQL log plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/log_syslog DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libsyslog_la_LIBADD = am__libsyslog_la_SOURCES_DIST = syslog.c @USE_SYSLOG_LOG_TRUE@am_libsyslog_la_OBJECTS = syslog.lo libsyslog_la_OBJECTS = $(am_libsyslog_la_OBJECTS) libsyslog_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libsyslog_la_LDFLAGS) $(LDFLAGS) -o $@ @USE_SYSLOG_LOG_TRUE@am_libsyslog_la_rpath = -rpath $(plugindir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libsyslog_la_SOURCES) DIST_SOURCES = $(am__libsyslog_la_SOURCES_DIST) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @USE_SYSLOG_LOG_TRUE@AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" @USE_SYSLOG_LOG_TRUE@INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth -I$(top_srcdir)/src/include -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ @USE_SYSLOG_LOG_TRUE@plugindir = $(libdir)/nuauth/modules @USE_SYSLOG_LOG_TRUE@plugin_LTLIBRARIES = libsyslog.la @USE_SYSLOG_LOG_TRUE@libsyslog_la_SOURCES = syslog.c @USE_SYSLOG_LOG_TRUE@libsyslog_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/log_syslog/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/log_syslog/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done @USE_SYSLOG_LOG_FALSE@libsyslog.la: $(libsyslog_la_OBJECTS) $(libsyslog_la_DEPENDENCIES) @USE_SYSLOG_LOG_FALSE@ $(libsyslog_la_LINK) $(am_libsyslog_la_rpath) $(libsyslog_la_OBJECTS) $(libsyslog_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/syslog.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES @USE_SYSLOG_LOG_TRUE@libsyslog.la: $(libsyslog_la_OBJECTS) $(libsyslog_la_DEPENDENCIES) @USE_SYSLOG_LOG_TRUE@ $(LINK) -rpath $(plugindir) $(libsyslog_la_LDFLAGS) $(libsyslog_la_OBJECTS) $(libsyslog_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/log_syslog/syslog.c0000644000175000017500000001340211431206275017031 00000000000000/* ** Copyright(C) 2003-2009 Eric Leblond ** Vincent Deffontaines ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include #include #include #include "security.h" /** * \ingroup NuauthModules * \defgroup LoggingNuauthModules Logging modules */ /** * \ingroup LoggingNuauthModules * \defgroup SyslogModule Syslog logging module * * @{ */ /* * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } /** * This one forgot the treatment of ESTABLISHED and CLOSE case. * */ G_MODULE_EXPORT gint user_packet_logs(void *element, tcp_state_t state, gpointer params) { char *prefix = "[nuauth] "; char *str_state; char source_addr[INET6_ADDRSTRLEN]; char dest_addr[INET6_ADDRSTRLEN]; char *saddr; char *daddr; char *log_prefix = "Default"; u_int16_t sport; u_int16_t dport; /* contruct request */ switch (state) { case TCP_STATE_OPEN: str_state = "Open "; break; case TCP_STATE_CLOSE: str_state = "Close "; break; case TCP_STATE_ESTABLISHED: str_state = "Established "; break; case TCP_STATE_DROP: str_state = "Drop "; break; default: str_state = "Unknown "; } if ((state == TCP_STATE_OPEN) || (state == TCP_STATE_DROP)) { const connection_t *connection = element; /* convert IP source and destination addresses to string */ format_ipv6(&connection->tracking.saddr, source_addr, INET6_ADDRSTRLEN, NULL); format_ipv6(&connection->tracking.daddr, dest_addr, INET6_ADDRSTRLEN, NULL); if (connection->log_prefix) { log_prefix = connection->log_prefix; } saddr = source_addr; daddr = dest_addr; if (((connection->tracking).protocol == IPPROTO_TCP) || ((connection->tracking).protocol == IPPROTO_UDP)) { sport = (connection->tracking).source; dport = (connection->tracking).dest; g_message ("%s%s %s[%s] %ld : IN=%s OUT=%s SRC=%s DST=%s PROTO=%d SPT=%u DPT=%u", prefix, log_prefix, str_state, connection->username, connection->timestamp, connection->iface_nfo.indev, connection->iface_nfo.outdev, saddr, daddr, connection->tracking.protocol, sport, dport); } else { g_message ("%s%s %s[%s] %ld : IN=%s OUT=%s SRC=%s DST=%s PROTO=%d", prefix, log_prefix, str_state, connection->username, connection->timestamp, connection->iface_nfo.indev, connection->iface_nfo.outdev, source_addr, dest_addr, connection->tracking.protocol); } } else { struct accounted_connection *connection = element; /* convert IP source and destination addresses to string */ format_ipv6(&connection->tracking.saddr, source_addr, INET6_ADDRSTRLEN, NULL); format_ipv6(&connection->tracking.daddr, dest_addr, INET6_ADDRSTRLEN, NULL); saddr = dest_addr; daddr = source_addr; if (((connection->tracking). protocol == IPPROTO_TCP) || ((connection->tracking). protocol == IPPROTO_UDP)) { sport = connection-> tracking.dest; dport = connection-> tracking.source; g_message ("%s%s %ld : SRC=%s DST=%s PROTO=%d SPT=%u DPT=%u (in: %" PRIu64 " pckts/%" PRIu64 " bytes, out: %" PRIu64 " pckts/%" PRIu64 " bytes)", prefix, str_state, connection->timestamp, saddr, daddr, connection->tracking.protocol, sport, dport, connection->packets_in, connection->bytes_in, connection->packets_out, connection->bytes_out); } else { g_message ("%s%s %ld : SRC=%s DST=%s PROTO=%d (in: %" PRIu64 " pckts/%" PRIu64 " bytes, out: %" PRIu64 " pckts/%" PRIu64 " bytes)", prefix, str_state, connection->timestamp, source_addr, dest_addr, connection->tracking.protocol, connection->packets_in, connection->bytes_in, connection->packets_out, connection->bytes_out); } } return 0; } G_MODULE_EXPORT int user_session_logs(user_session_t * c_session, session_state_t state, gpointer params) { char *prefix = "[nuauth] "; char address[INET6_ADDRSTRLEN]; format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); switch (state) { case SESSION_OPEN: g_message("%sUser %s connect on %s", prefix, c_session->user_name, address); break; case SESSION_CLOSE: g_message("%sUser %s disconnect on %s", prefix, c_session->user_name, address); break; } return 1; } G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Log_syslog module ($Revision$)"); return TRUE; } G_MODULE_EXPORT gboolean unload_module_with_params(gpointer params_p) { return TRUE; } G_MODULE_EXPORT void auth_error_log(user_session_t * session, nuauth_auth_error_t error, const char *text, gpointer params_ptr) { char ipaddr[INET6_ADDRSTRLEN]; format_ipv6(&session->addr, ipaddr, INET6_ADDRSTRLEN, NULL); g_message("Authentication error: %s", text); g_message("Authentication error: user: %s from %s (port %d), protocol version %d", session->user_name, ipaddr, session->sport, session->proto_version); } /** @} */ nufw-2.4.3/src/nuauth/modules/log_syslog/Makefile.am0000644000175000017500000000110711431206275017400 00000000000000# MYSQL log plugin if USE_SYSLOG_LOG AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth -I$(top_srcdir)/src/include -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libsyslog.la libsyslog_la_SOURCES = syslog.c libsyslog_la_LDFLAGS = -module -avoid-version libsyslog.la: $(libsyslog_la_OBJECTS) $(libsyslog_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libsyslog_la_LDFLAGS) $(libsyslog_la_OBJECTS) $(libsyslog_la_LIBADD) endif nufw-2.4.3/src/nuauth/modules/mark_group/0000777000175000017500000000000011431215441015411 500000000000000nufw-2.4.3/src/nuauth/modules/mark_group/Makefile.in0000644000175000017500000004027011431215401017371 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # mark group plugin VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/nuauth/modules/mark_group DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(plugindir)" pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libmark_group_la_LIBADD = am__libmark_group_la_SOURCES_DIST = mark_group.c mark_group.h am__objects_1 = @USE_MARK_GROUP_TRUE@am_libmark_group_la_OBJECTS = mark_group.lo \ @USE_MARK_GROUP_TRUE@ $(am__objects_1) libmark_group_la_OBJECTS = $(am_libmark_group_la_OBJECTS) libmark_group_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libmark_group_la_LDFLAGS) $(LDFLAGS) -o $@ @USE_MARK_GROUP_TRUE@am_libmark_group_la_rpath = -rpath $(plugindir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libmark_group_la_SOURCES) DIST_SOURCES = $(am__libmark_group_la_SOURCES_DIST) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @USE_MARK_GROUP_TRUE@AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" @USE_MARK_GROUP_TRUE@INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ @USE_MARK_GROUP_TRUE@plugindir = $(libdir)/nuauth/modules @USE_MARK_GROUP_TRUE@plugin_LTLIBRARIES = libmark_group.la @USE_MARK_GROUP_TRUE@noinst_libmark_group_la_SOURCES = mark_group.h @USE_MARK_GROUP_TRUE@libmark_group_la_SOURCES = mark_group.c ${noinst_libmark_group_la_SOURCES} @USE_MARK_GROUP_TRUE@libmark_group_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nuauth/modules/mark_group/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nuauth/modules/mark_group/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ else :; fi; \ done uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ done clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done @USE_MARK_GROUP_FALSE@libmark_group.la: $(libmark_group_la_OBJECTS) $(libmark_group_la_DEPENDENCIES) @USE_MARK_GROUP_FALSE@ $(libmark_group_la_LINK) $(am_libmark_group_la_rpath) $(libmark_group_la_OBJECTS) $(libmark_group_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mark_group.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-pluginLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-pluginLTLIBRARIES \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES @USE_MARK_GROUP_TRUE@libmark_group.la: $(libmark_group_la_OBJECTS) $(libmark_group_la_DEPENDENCIES) @USE_MARK_GROUP_TRUE@ $(LINK) -rpath $(plugindir) $(libmark_group_la_LDFLAGS) $(libmark_group_la_OBJECTS) $(libmark_group_la_LIBADD) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/nuauth/modules/mark_group/mark_group.c0000644000175000017500000001417211431206275017651 00000000000000/* ** Copyright(C) 2006-2008 INL ** Written by Victor Stinner ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation; version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include #include "mark_group.h" #include "nuauthconf.h" typedef struct { /** Identifier of the group */ uint32_t id; /** The mark (truncated the 'nbits' bits) */ uint32_t mark; } group_mark_t; typedef struct { /** position of the mark (in bits) in the packet mark */ unsigned int shift; /** mask to remove current mark of the packet */ uint32_t mask; /** default mark if no group does match */ uint32_t default_mark; /** list of group with a known mark */ GList *groups; } mark_group_config_t; /** * Returns version of nuauth API */ G_MODULE_EXPORT uint32_t get_api_version() { return NUAUTH_API_VERSION; } /** * Parse group list file. Line format is "gid1,gid2,...,gidn:mark", * where gid and mark are integers in [0; 4294967295]. * * Spaces are not allowed between group name and ":", but are allowed * between ":" and mark. */ void parse_group_file(mark_group_config_t * config, const char *filename) { FILE *file = fopen(filename, "r"); unsigned int line_number = 0; char line[4096]; if (file == NULL) { /* fatal error, exit nuauth! */ log_message(FATAL, DEBUG_AREA_MAIN, "mark_group: Unable to open group list (file %s)!", filename); exit(EXIT_FAILURE); } else { log_message(DEBUG, DEBUG_AREA_MAIN, "mark_group: Using group file \"%s\"", filename); } while (fgets(line, sizeof(line), file) != NULL) { char *separator = strchr(line, ':'); char *mark_str; group_mark_t *group; size_t len; uint32_t group_id; uint32_t mark; gchar **groups_list; gchar **groups_item; /* update line number */ line_number++; /* remove \n at the end of the line */ len = strlen(line); if (0 < len && line[len - 1] == '\n') line[len - 1] = 0; if (line[0] == 0) { /* skip empty lines */ continue; } /* find separator */ if (separator == NULL) { log_message(SERIOUS_WARNING, DEBUG_AREA_MAIN, "mark_group:%s:%u: Unable to find separator ':' in group list, stop parser.", filename, line_number); break; } /* read mark */ *separator = 0; mark_str = separator + 1; if (!str_to_uint32(separator + 1, &mark)) { log_message(WARNING, DEBUG_AREA_MAIN, "mark_group:%s:%u: Invalid mark (%s), skip line.", filename, line_number, separator + 1); continue; } groups_list = g_strsplit(line, ",", 0); groups_item = groups_list; while (*groups_item) { /* read group */ if (!str_to_uint32(*groups_item, &group_id)) { log_message(WARNING, DEBUG_AREA_MAIN, "mark_group:%s:%u: Invalid group identifier (%s), skip line.", filename, line_number, *groups_item); continue; } /* add group */ group = g_new(group_mark_t, 1); group->id = group_id; group->mark = mark; config->groups = g_list_append(config->groups, group); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "mark_group: Will mark group %d with mark %d", group->id, group->mark); groups_item++; } g_strfreev(groups_list); } fclose(file); } /** * Load configuration of the module */ G_MODULE_EXPORT gboolean init_module_from_conf(module_t * module) { mark_group_config_t *config = g_new0(mark_group_config_t, 1); unsigned int nbits; char *group_filename; log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Mark_group module ($Revision$)"); /* read options */ group_filename = nuauth_config_table_get_or_default("mark_group_group_file", MARK_GROUP_CONF); nbits = nuauth_config_table_get_or_default_int("mark_group_nbits", 32); config->shift = nuauth_config_table_get_or_default_int("mark_group_shift", 0); config->default_mark = nuauth_config_table_get_or_default_int("mark_group_default_mark", 0); /* create mask to remove nbits at position shift */ config->mask = SHR32(0xFFFFFFFF, 32 - config->shift) | SHL32(0xFFFFFFFF, nbits + config->shift); /* parse group list */ parse_group_file(config, group_filename); free(group_filename); /* store config and exit */ module->params = config; return TRUE; } /** * Function called when the module is unloaded: free memory */ G_MODULE_EXPORT gboolean unload_module_with_params(gpointer params) { mark_group_config_t *config = params; if (config) { GList *iter; /* free list content */ for (iter = config->groups; iter != NULL; iter = iter->next) { g_free(iter->data); } /* free list container */ g_list_free(config->groups); } g_free(config); return TRUE; } /** * Check if one of the user groups of the connection match our group * with mark. If yes use the mark, otherwise use default mark. * * Change the mark of the packet in all cases. */ G_MODULE_EXPORT nu_error_t finalize_packet(connection_t * conn, gpointer params) { mark_group_config_t *config = params; uint32_t mark = config->default_mark; GList *iter; /* * Search first matching group with mark and * stop when first group match */ for (iter = config->groups; iter != NULL; iter = iter->next) { GSList *result; group_mark_t *group = iter->data; /* group in one of the user groups */ result = g_slist_find(conn->user_groups, GUINT_TO_POINTER(group->id)); if (result) { mark = group->mark; break; } } conn->mark = (conn->mark & config->mask) | ((mark << config->shift) & ~config->mask); log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "mark_group: Setting mark %d on conn (init mark: %d)", conn->mark, mark); return NU_EXIT_OK; } nufw-2.4.3/src/nuauth/modules/mark_group/Makefile.am0000644000175000017500000000130411431206275017364 00000000000000# mark group plugin if USE_MARK_GROUP AM_CPPFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nussl/ plugindir = $(libdir)/nuauth/modules plugin_LTLIBRARIES = libmark_group.la noinst_libmark_group_la_SOURCES = mark_group.h libmark_group_la_SOURCES = mark_group.c ${noinst_libmark_group_la_SOURCES} libmark_group_la_LDFLAGS = -module -avoid-version libmark_group.la: $(libmark_group_la_OBJECTS) $(libmark_group_la_DEPENDENCIES) $(LINK) -rpath $(plugindir) $(libmark_group_la_LDFLAGS) $(libmark_group_la_OBJECTS) $(libmark_group_la_LIBADD) endif nufw-2.4.3/src/nuauth/modules/mark_group/mark_group.h0000644000175000017500000000170211431206275017651 00000000000000/* ** Copyright(C) 2006,2007 - INL ** Written by Victor Stinner ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation; version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef MARK_GROUP #define MARK_GROUP #include #define MARK_GROUP_CONF (CONFIG_DIR "/mark_group.conf") nu_error_t finalize_packet(connection_t * session, gpointer params); #endif nufw-2.4.3/src/nuauth/localid_auth.c0000644000175000017500000001652111431206275014315 00000000000000/* ** Copyright(C) 2005, 2009 INL ** Written by Eric Leblond ** INL : http://www.inl.fr/ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #define PORTAL_STRING "Java portal" /** \ingroup Nuauth * \defgroup NuauthHello Hello Authentication * @{ */ static gboolean capa_support_check(user_session_t * session, gpointer data) { if (session->proto_version < PROTO_VERSION_V22_1) return TRUE; if (session->capa_flags & (1 << GPOINTER_TO_INT(data))) { return TRUE; } return FALSE; } static gboolean fallback_to_hello_check(user_session_t * session, gpointer data) { /* Is client protocol recent enough ? */ if (session->proto_version < PROTO_VERSION_V22_1) return FALSE; /* If protocol is directly supported, localid will not be used */ if (session->capa_flags & (1 << GPOINTER_TO_INT(data))) { return FALSE; } /* If HELLO support is present, we will used it */ if (session->capa_flags & (1 << nuauthdatas->hello_capa)) { return TRUE; } return FALSE; } /** * Check if localid authentication has to be used for connection * * \return FALSE if not, TRUE if localid will be used * */ char localid_authenticated_protocol(connection_t *conn) { int protocol = conn->tracking.protocol; int capa = 0; /* we can't use HELLO if there is multiple sessions on host */ if (g_slist_length(get_client_sockets_by_ip(&conn->tracking.saddr)) > 1) { return FALSE; } switch (protocol) { case IPPROTO_TCP: capa = nuauthdatas->tcp_capa; break; case IPPROTO_UDP: capa = nuauthdatas->udp_capa; break; default: /* can't authenticate directly connection, localid * is the only alternative */ return check_property_clients(&conn->tracking.saddr, &capa_support_check, 1, GINT_TO_POINTER(nuauthdatas->hello_capa)); } return check_property_clients(&conn->tracking.saddr, &fallback_to_hello_check, 1, GINT_TO_POINTER(capa)); } /** * Insert a packet in localid hash table: * - Connection state #AUTH_STATE_AUTHREQ: Generate an unique identifier, * add the connection to the hash table, and then call warn_clients() * - State #AUTH_STATE_USERPCKT: Add connection to acl_checkers queue (see * acl_check_and_decide()) */ void localid_insert_message(connection_t * pckt, GHashTable * localid_auth_hash, struct msg_addr_set *global_msg) { connection_t *element = NULL; u_int32_t randomid; switch (pckt->state) { case AUTH_STATE_AUTHREQ: /* add in struct */ /* generete an unique identifier (32 bits) */ randomid = random(); while (g_hash_table_lookup (localid_auth_hash, GINT_TO_POINTER(randomid))) { randomid++; } /* send message to clients */ ((struct nu_srv_helloreq *) global_msg->msg)->helloid = randomid; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "[localid] Generated local ID %u\n", randomid); global_msg->addr = pckt->tracking.saddr; global_msg->found = FALSE; /* if return is 1 we have somebody connected */ if (warn_clients(global_msg, NULL, (void *)0x1)) { /* add element to hash with computed key */ g_hash_table_insert(localid_auth_hash, GINT_TO_POINTER(randomid), pckt); } else { free_connection(pckt); } break; case AUTH_STATE_USERPCKT: /* search in struct */ debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "[localid] Looking for packet with ID %u\n", GPOINTER_TO_UINT((pckt->packet_id)->data)); element = (connection_t *) g_hash_table_lookup(localid_auth_hash, (GSList *) (pckt-> packet_id)-> data); /* if found ask for completion */ if (element) { if (ipv6_equal(&element->tracking.saddr, &pckt->tracking.saddr)) { element->state = AUTH_STATE_HELLOMODE; element->user_id = pckt->user_id; element->mark = pckt->mark; element->username = pckt->username; element->user_groups = pckt->user_groups; element->app_name = g_strdup(PORTAL_STRING); element->auth_quality = AUTHQ_HELLO; /* do asynchronous call to acl check */ thread_pool_push(nuauthdatas-> acl_checkers, element, NULL); } else { log_message(WARNING, DEBUG_AREA_USER, "Looks like a spoofing attempt from %s.", pckt->username); } /* remove element from hash without destroy */ g_hash_table_steal(localid_auth_hash, (GSList *) (pckt->packet_id)->data); pckt->user_groups = NULL; pckt->username = NULL; /* free pckt */ free_connection(pckt); } else { free_connection(pckt); g_warning("Packet ID is unknown."); } break; case AUTH_STATE_HELLOMODE: take_decision(pckt, PACKET_ALONE); break; case AUTH_STATE_DONE: /* packet has already been dropped, need only cleaning */ free_connection(pckt); break; default: g_warning("Should not have this at %s:%d.", __FILE__, __LINE__); } } /** * Local id auth. Process messages on localid_auth_queue queue: * - #INSERT_MESSAGE: insert a packet with localid_insert_message() * - #REFRESH_MESSAGE: delete all old messages, use get_old_conn() to check * if a connection is expired or not. * * Thread running until mutex (function argument) is locked. * * \param mutex Mutex used to stop the thread * \return NULL */ void *localid_auth(GMutex * mutex) { connection_t *pckt = NULL; struct msg_addr_set global_msg; struct nu_srv_helloreq *msg = g_new0(struct nu_srv_helloreq, 1); GHashTable *localid_auth_hash; struct internal_message *message = NULL; long current_timestamp; GTimeVal tv; global_msg.msg = (struct nu_srv_message *) msg; msg->type = SRV_REQUIRED_HELLO; msg->option = 0; msg->length = htons(sizeof(struct nu_srv_helloreq)); /* init hash table */ localid_auth_hash = g_hash_table_new(NULL, NULL); g_async_queue_ref(nuauthdatas->localid_auth_queue); g_async_queue_ref(nuauthdatas->tls_push_queue); while (g_mutex_trylock(mutex)) { g_mutex_unlock(mutex); /* wait a message during POP_DELAY */ g_get_current_time(&tv); g_time_val_add(&tv, POP_DELAY); message = g_async_queue_timed_pop(nuauthdatas-> localid_auth_queue, &tv); if (message == NULL) continue; switch (message->type) { case INSERT_MESSAGE: pckt = message->datas; g_free(message); localid_insert_message(pckt, localid_auth_hash, &global_msg); break; case REFRESH_MESSAGE: g_free(message); current_timestamp = time(NULL); g_hash_table_foreach_remove(localid_auth_hash, get_old_conn, GINT_TO_POINTER (current_timestamp)); break; default: g_warning("Should not have this at %s:%d.", __FILE__, __LINE__); g_free(message); } } g_async_queue_unref(nuauthdatas->localid_auth_queue); g_async_queue_unref(nuauthdatas->tls_push_queue); g_hash_table_destroy(localid_auth_hash); return NULL; } /** @} */ nufw-2.4.3/src/nuauth/auth_srv.h0000644000175000017500000001547411431206275013533 00000000000000/* ** Copyright(C) 2003-2007 Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef AUTH_SRV_H #define AUTH_SRV_H #include "nufw_source.h" /* workaround SPlint error (don't know __gnuc_va_list) */ #ifdef S_SPLINT_S # include # define CONFIG_DIR "/etc/nufw" # define MODULE_DIR "/usr/local/lib" # define LOCAL_STATE_DIR "/usr/local/var" #endif #define DEFAULT_CONF_FILE CONFIG_DIR "/nuauth.conf" #define MODULES_CONF_DIR "modules" #define MODULES_CONF_EXTENSION ".conf" #define TRACKING_WITH_PAYLOAD /* Use glib to treat data structures */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include /* config dependant */ #include #include #include #include #ifdef FD_SETSIZE # undef FD_SETSIZE #endif #define FD_SETSIZE 8192 #ifdef DEBUG_ENABLE /* Some code change to help debug using Valgrind */ /*# define DEBUG_WITH_VALGRIND*/ #endif #include "nubase.h" #define PROTO_IPV4 4 #define PROTO_IPV6 6 /* NUFW Protocol */ #include /*debug functions*/ #include "nuauth_debug.h" /* config file related */ #include "nuthread.h" #include "log.h" #include "tls.h" #include "nufw_servers.h" #include "connections.h" #include "conntrack.h" #include "auth_common.h" #include "take_decision.h" #include "period.h" #include "users.h" #include "user_logs.h" #include "pckt_authsrv.h" #include "cache.h" #include "acls.h" #include "user_authsrv.h" #include "internal_messages.h" #include "client_mngr.h" #include "nu_gcrypt.h" #include "ip_auth.h" #include "parsing.h" #include "localid_auth.h" #include "audit.h" #include "sasl.h" #include "command.h" #include "nuauth_params.h" #include "nuauthconf.h" #include "modules.h" nu_error_t treat_user_request(user_session_t * c_session, struct tls_buffer_read **datas); /* * declare some global variables and do some definitions */ #define NUAUTH_TLS_MAX_CLIENTS 1024 #define NUAUTH_TLS_MAX_SERVERS 16 #define TLS_CLIENT_MIN_DELAY 25000 #define AUTH_NEGO_TIMEOUT 30 /* define maximum of messages that can wait on a logging pool */ #define MAX_UNASSIGNED_MESSAGES 2000 #define PUSH_DELAY 150000 #define POP_DELAY 500000 /* delay in nanosecond for timed pop call */ #define UNKNOWN_STRING "UNKNOWN" #define POOL_TYPE TRUE #define AUTHREQ_CLIENT_LISTEN_ADDR "0.0.0.0" #define AUTHREQ_NUFW_LISTEN_ADDR "127.0.0.1" #define GWSRV_ADDR "127.0.0.1" /** Maximum length of a hostname (including final '\\0') */ #define HOSTNAME_SIZE 128 /** * Default value of packet timeout (in second), * option "nuauth_packet_timeout" */ #define PACKET_TIMEOUT 15 /** * Default value of session duration (in second), * option "nuauth_session_duration". See member session_duration of ::nuauth_params. */ #define SESSION_DURATION 0 #define DEFAULT_PROTO_WAIT_DELAY 2 #define DEFAULT_USERAUTH_MODULE "libplaintext" #define DEFAULT_ACLS_MODULE "libplaintext" #define DEFAULT_PERIODS_MODULE "libxml_defs" #define DEFAULT_LOGS_MODULE "libsyslog" #define DEFAULT_IPAUTH_MODULE "ipauth_guest" #define DEFAULT_CERTIFICATE_CHECK_MODULE NULL #define DEFAULT_CERTIFICATE_TO_UID_MODULE "libx509_std" #define DEFAULT_USER_SESSION_MODIFY_MODULE "libsession_expire" #define DEFAULT_FINALIZE_PACKET_MODULE "libmark_uid" #define MODULE_PATH MODULE_DIR "/nuauth/modules" #ifdef S_SPLINT_S # define NUAUTH_PID_FILE "/usr/local/var/run/nuauth/nuauth.pid" #else # define NUAUTH_PID_FILE LOCAL_STATE_DIR "/run/nuauth/nuauth.pid" #endif /* define the number of threads that will do user check */ #define NB_USERCHECK 5 /* define the number of threads that will check acls */ #define NB_ACLCHECK 5 /* define the number of threads that will log */ #define NB_LOGGERS 3 /** * "Classic" size of buffer used to store one packet read * on TLS connection (from NuFW or the users) */ #define CLASSIC_NUFW_PACKET_SIZE 1400 /** * Maximum size of buffer used to store one packet read * on TLS connection (from NuFW or the users) */ #define MAX_NUFW_PACKET_SIZE 1800 /*----------------------- SSL stuff ----------------------------------*/ /** * Default value for "nuauth_tls_key" option: filename of * the key file. Value used in ::create_x509_credentials(). */ #define NUAUTH_KEYFILE CONFIG_DIR "/nuauth-key.pem" /** * Default value for "nuauth_tls_cert" option: file name of the * certification. Value used in ::create_x509_credentials(). */ #define NUAUTH_CERTFILE CONFIG_DIR "/nuauth-cert.pem" /** * Default value for "nuauth_tls_cacert" option: filename of the * CA certificate. Value used in ::create_x509_credentials(). */ #define NUAUTH_CACERTFILE CONFIG_DIR "/NuFW-cacert.pem" /** * Default value for "nuauth_tls_max_clients" option: maximum number * of SSL users. Value used in ::tls_user_init(). */ #define NUAUTH_SSL_MAX_CLIENTS 256 /** * Identifier used to generate #NUAUTH_API_VERSION value. Increment it * if you changed API internals (eg. change public function prototype). */ #define _NUAUTH_API_ID 20004000 /** * Version of nuauth API, used by module to check if * everybody have the same API version. */ #define NUAUTH_API_VERSION ((uint32_t)( _NUAUTH_API_ID + sizeof(connection_t) \ + sizeof(module_t) + sizeof(nufw_session_t) + sizeof(struct nuauth_datas) \ + sizeof(tracking_t) + sizeof(user_session_t) )) /** * Nuauth full version, eg. "nuauth 2.1.2 (Revision: 2730)" */ #define NUAUTH_FULL_VERSION (VERSION " ($Revision$)") void nuauth_ask_exit(); void stop_all_thread_pools(gboolean wait); void block_thread_pools(); void wait_all_thread_pools(); void release_thread_pools(); void start_all_thread_pools(); void stop_thread_pool(const char *name, GThreadPool **pool); void nuauth_install_signals(gboolean action); int nuauth_bind(char **errmsg, const char *addr, const char *port, char *context); int nuauth_bind_unix(char **errmsg, const char *unix_path); /*----------------------- Kerberos stuff ----------------------------------*/ /** * Default value for "nuauth_krb5_service" option: * Service name to use for Kerberos 5 authentication */ #define DEFAULT_KRB5_SERVICE "nuauth" #endif nufw-2.4.3/src/nuauth/pckt_authsrv_v3.c0000644000175000017500000001300511431206275015004 00000000000000/* ** Copyright(C) 2006, INL ** Written by Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include #include "pckt_authsrv_v3.h" nu_error_t parse_dgram(connection_t * connection, unsigned char *dgram, unsigned int dgram_size, connection_t ** conn, nufw_message_t msg_type); /** * Parse message content for message of type #AUTH_REQUEST or #AUTH_CONTROL * using structure ::nufw_to_nuauth_auth_message_t. * * \param dgram Pointer to packet datas * \param dgram_size Number of bytes in the packet * \param conn Pointer of pointer to the ::connection_t that we have to authenticate * \return A nu_error_t */ nu_error_t authpckt_new_connection_v3(unsigned char *dgram, unsigned int dgram_size, connection_t ** conn) { nuv3_nufw_to_nuauth_auth_message_t *msg = (nuv3_nufw_to_nuauth_auth_message_t *) dgram; connection_t *connection; nu_error_t ret; if (dgram_size < sizeof(nuv3_nufw_to_nuauth_auth_message_t)) { log_message(INFO, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "Undersized message from nufw server"); return NU_EXIT_ERROR; } dgram += sizeof(nuv3_nufw_to_nuauth_auth_message_t); dgram_size -= sizeof(nuv3_nufw_to_nuauth_auth_message_t); /* allocate new connection */ connection = g_new0(connection_t, 1); if (connection == NULL) { log_message(WARNING, DEBUG_AREA_PACKET, "Can not allocate connection"); return NU_EXIT_ERROR; } #ifdef PERF_DISPLAY_ENABLE if (nuauthconf->debug_areas & DEBUG_AREA_PERF) { gettimeofday(&(connection->arrival_time), NULL); } #endif connection->username = NULL; connection->acl_groups = NULL; connection->user_groups = NULL; connection->decision = DECISION_NODECIDE; connection->expire = -1; connection->flags = ACL_FLAGS_NONE; connection->packet_id = g_slist_append(NULL, GUINT_TO_POINTER(ntohl(msg->packet_id))); debug_log_message(DEBUG, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "Auth pckt: Working on new connection (id=%u)", (uint32_t) GPOINTER_TO_UINT(connection-> packet_id->data)); /* timestamp */ connection->timestamp = ntohl(msg->timestamp); if (connection->timestamp == 0) connection->timestamp = time(NULL); /* compat version: nufw is v2.0 */ connection->nufw_version = PROTO_VERSION_NUFW_V20; ret = parse_dgram(connection, dgram, dgram_size, conn, msg->msg_type); if (ret != NU_EXIT_CONTINUE) { return ret; } #ifdef DEBUG_ENABLE if (DEBUG_OR_NOT(DEBUG_LEVEL_DEBUG, DEBUG_AREA_PACKET)) { print_connection(connection, "NuFW Packet"); } #endif *conn = connection; return NU_EXIT_OK; } /** * Parse message content for message of type #AUTH_CONN_DESTROY * or #AUTH_CONN_UPDATE using structure ::nu_conntrack_message_t structure. * * Send a message FREE_MESSAGE or UPDATE_MESSAGE to limited_connections_queue * (member of ::nuauthdatas). * * \param dgram Pointer to packet datas * \param dgram_size Number of bytes in the packet * \return a ::nu_error_t containing success or failure */ nu_error_t authpckt_conntrack_v3(unsigned char *dgram, unsigned int dgram_size) { struct nuv3_conntrack_message_t *conntrack; struct accounted_connection *datas; struct internal_message *message; tcp_state_t pstate; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "Auth conntrack: Working on new packet"); /* Check message content size */ if (dgram_size != sizeof(struct nuv4_conntrack_message_t)) { debug_log_message(WARNING, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "Auth conntrack: Improper length of packet"); return NU_EXIT_ERROR; } /* Create a message for limited_connexions_queue */ conntrack = (struct nuv3_conntrack_message_t *) dgram; datas = g_new0(struct accounted_connection, 1); message = g_new0(struct internal_message, 1); datas->tracking.protocol = conntrack->ipv4_protocol; uint32_to_ipv6(conntrack->ipv4_src, &datas->tracking.saddr); uint32_to_ipv6(conntrack->ipv4_dst, &datas->tracking.daddr); if (conntrack->ipv4_protocol == IPPROTO_ICMP) { datas->tracking.type = ntohs(conntrack->src_port); datas->tracking.code = ntohs(conntrack->dest_port); } else { datas->tracking.source = ntohs(conntrack->src_port); datas->tracking.dest = ntohs(conntrack->dest_port); } datas->packets_in = 0; datas->bytes_in = 0; datas->packets_out = 0; datas->bytes_out = 0; message->datas = datas; if (conntrack->msg_type == AUTH_CONN_DESTROY) { message->type = FREE_MESSAGE; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_PACKET, "Auth conntrack: Sending free message"); pstate = TCP_STATE_CLOSE; } else { message->type = UPDATE_MESSAGE; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_PACKET, "Auth conntrack: Sending Update message"); pstate = TCP_STATE_ESTABLISHED; } log_user_packet_from_accounted_connection(datas, pstate); g_async_queue_push(nuauthdatas->limited_connections_queue, message); return NU_EXIT_OK; } nufw-2.4.3/src/nuauth/nuauth_gcrypt.h0000644000175000017500000000146011431206275014562 00000000000000/* ** Copyright(C) 2007 INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ int verify_user_password(const char *given, const char *ours); nufw-2.4.3/src/nuauth/audit.h0000644000175000017500000000215611431206275012777 00000000000000/* ** Copyright(C) 2003-2005 Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef AUDIT_H #define AUDIT_H /* AUDIT */ struct audit_struct { GThreadPool *users; GThreadPool *acls; GThreadPool *loggers; GHashTable *conn_list; GHashTable *aclcache; gint cache_req_nb; gint cache_hit_nb; }; struct audit_struct *myaudit; void process_usr1(int signum); void process_usr2(int signum); void process_poll(int signum); void init_audit(); void end_audit(); #endif nufw-2.4.3/src/nuauth/take_decision.h0000644000175000017500000000211211431206275014462 00000000000000/* ** Copyright(C) 2006 INL ** Written by Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef TAKE_DECISION_H #define TAKE_DECISION_H nu_error_t take_decision(connection_t * element, packet_place_t place); nu_error_t apply_decision(connection_t * element); void decisions_queue_work(gpointer userdata, gpointer data); void send_auth_response(gpointer data, gpointer userdata); #endif nufw-2.4.3/src/nuauth/pckt_authsrv.c0000644000175000017500000003520611431206275014403 00000000000000/* ** Copyright(C) 2003-2009 INL ** Written by Eric Leblond ** INL http://www.inl.fr/ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /** \file pckt_authsrv.c * \brief Functions to parse a packet sent by NuFW * * Function authpckt_decode() parse a packet sent by NuFW. Depends on * message type (see ::nufw_message_t), send a message to * limited_connections_queue (member of ::nuauthdatas), may log packet * (log_user_packet()) and/or create a new connection * (of type ::connection_t). * * This function is called by treat_nufw_request() * which is called in the thread tls_nufw_authsrv(). */ #include #include #include #include #include "pckt_authsrv_v3.h" /** * Parse packet payload */ nu_error_t parse_dgram(connection_t * connection, unsigned char *dgram, unsigned int dgram_size, connection_t ** conn, nufw_message_t msg_type) { unsigned char *orig_dgram = dgram; unsigned int ip_hdr_size; struct iphdr *ip = (struct iphdr *) dgram; /* get ip headers till tracking is filled */ ip_hdr_size = get_ip_headers(&connection->tracking, dgram, dgram_size); if (ip_hdr_size == 0) { log_message(WARNING, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "Can't parse IP headers"); free_connection(connection); return NU_EXIT_ERROR; } dgram += ip_hdr_size; dgram_size -= ip_hdr_size; /* get saddr and daddr */ /* check if proto is in Hello mode list (when hello authentication is used) */ if (nuauthconf->hello_authentication && localid_authenticated_protocol(connection)) { connection->state = AUTH_STATE_HELLOMODE; connection->auth_quality = AUTHQ_HELLO; *conn = connection; } else { connection->state = AUTH_STATE_AUTHREQ; } switch (connection->tracking.protocol) { case IPPROTO_TCP: { tcp_state_t tcp_state = get_tcp_headers(&connection->tracking, dgram, dgram_size); switch (tcp_state) { case TCP_STATE_OPEN: break; case TCP_STATE_CLOSE: if (msg_type == AUTH_CONTROL) { connection->state = AUTH_STATE_DONE; log_message(WARNING, DEBUG_AREA_GW, "nufw sends non SYN TCP packet, ignoring"); free_connection(connection); return NU_EXIT_NO_RETURN; } break; case TCP_STATE_ESTABLISHED: if (msg_type == AUTH_CONTROL) { connection->state = AUTH_STATE_DONE; log_message(WARNING, DEBUG_AREA_GW, "nufw sends SYN ACK TCP packet, ignoring"); free_connection(connection); return NU_EXIT_NO_RETURN; } break; default: log_message(WARNING, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "Non-SYN TCP headers, we should not have received this packet"); connection->state = AUTH_STATE_DONE; free_connection(connection); return NU_EXIT_NO_RETURN; } break; } break; case IPPROTO_UDP: if (get_udp_headers (&connection->tracking, dgram, dgram_size) < 0) { free_connection(connection); return NU_EXIT_OK; } break; case IPPROTO_ICMP: if (get_icmp_headers (&connection->tracking, dgram, dgram_size) < 0) { free_connection(connection); return NU_EXIT_OK; } break; case IPPROTO_ICMPV6: if (get_icmpv6_headers (&connection->tracking, dgram, dgram_size) < 0) { free_connection(connection); return NU_EXIT_OK; } break; default: if (connection->state != AUTH_STATE_HELLOMODE) { log_message(WARNING, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "Can't parse protocol %u", connection->tracking.protocol); free_connection(connection); return NU_EXIT_ERROR; } } if (ntohs(ip->tot_len) > STORED_PAYLOAD_SIZE) connection->payload_len = STORED_PAYLOAD_SIZE; else connection->payload_len = ntohs(ip->tot_len); memcpy(connection->payload, orig_dgram, connection->payload_len); return NU_EXIT_CONTINUE; } #define GET_IFACE_FROM_MSG(conn, msg, iface) \ do { if (msg->iface) \ { if (msg->iface[0] != '*') \ memcpy(conn->iface_nfo.iface, msg->iface, IFNAMSIZ); } \ else { conn->iface_nfo.iface[0] = '\0'; } \ } while (0) /** * Parse fields of the message * * Add mark and interface information to the * connection * * \param msg the message from nufw * \param conn the connection to be filled * \return a nu_error_t */ nu_error_t parse_v4_fields(nuv4_nufw_to_nuauth_auth_message_t * msg, connection_t * conn) { conn->mark = ntohl(msg->mark); GET_IFACE_FROM_MSG(conn, msg, indev); GET_IFACE_FROM_MSG(conn, msg, physindev); GET_IFACE_FROM_MSG(conn, msg, outdev); GET_IFACE_FROM_MSG(conn, msg, physoutdev); return NU_EXIT_OK; } #undef GET_IFACE_FROM_MSG /** * Parse message content for message of type #AUTH_REQUEST or #AUTH_CONTROL * using structure ::nufw_to_nuauth_auth_message_t. * * \param dgram Pointer to packet datas * \param dgram_size Number of bytes in the packet * \param conn Pointer of pointer to the ::connection_t that we have to authenticate * \return A nu_error_t */ nu_error_t authpckt_new_connection(unsigned char *dgram, unsigned int dgram_size, connection_t ** conn) { nuv4_nufw_to_nuauth_auth_message_t *msg = (nuv4_nufw_to_nuauth_auth_message_t *) dgram; connection_t *connection; nu_error_t ret; if (dgram_size < sizeof(nuv4_nufw_to_nuauth_auth_message_t)) { log_message(WARNING, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "NuFW packet too small: %d for a minimum of %lu", dgram_size, (unsigned long)sizeof(nuv4_nufw_to_nuauth_auth_message_t)); return NU_EXIT_ERROR; } dgram += sizeof(nuv4_nufw_to_nuauth_auth_message_t); dgram_size -= sizeof(nuv4_nufw_to_nuauth_auth_message_t); /* allocate new connection */ connection = g_new0(connection_t, 1); if (connection == NULL) { log_message(WARNING, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "Can not allocate connection"); return NU_EXIT_ERROR; } #ifdef PERF_DISPLAY_ENABLE if (nuauthconf->debug_areas & DEBUG_AREA_PERF) { gettimeofday(&(connection->arrival_time), NULL); } #endif connection->acl_groups = NULL; connection->user_groups = NULL; connection->decision = DECISION_NODECIDE; connection->expire = -1; connection->payload_len = 0; connection->packet_id = g_slist_append(NULL, GUINT_TO_POINTER(ntohl(msg->packet_id))); debug_log_message(DEBUG, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "Auth pckt: Working on new connection (id=%u)", (uint32_t) GPOINTER_TO_UINT(connection-> packet_id->data)); /* timestamp */ connection->timestamp = ntohl(msg->timestamp); if (connection->timestamp == 0) { connection->timestamp = time(NULL); } connection->flags = ACL_FLAGS_NONE; /* connection is proto v4 because we are here */ connection->nufw_version = PROTO_NUFW_VERSION; ret = parse_dgram(connection, dgram, dgram_size, conn, msg->msg_type); if (ret != NU_EXIT_CONTINUE) { return ret; } /* parse supplementary fields */ if (parse_v4_fields(msg, connection) != NU_EXIT_OK) { return ret; } if (DEBUG_OR_NOT(DEBUG_LEVEL_DEBUG, DEBUG_AREA_PACKET)) { print_connection(connection, "NuFW Packet"); } *conn = connection; return NU_EXIT_OK; } /** * Parse message content for message of type #AUTH_CONN_DESTROY * or #AUTH_CONN_UPDATE using structure ::nu_conntrack_message_t structure. * * Send a message FREE_MESSAGE or UPDATE_MESSAGE to limited_connections_queue * (member of ::nuauthdatas). * * \param dgram Pointer to packet datas * \param dgram_size Number of bytes in the packet * \return a ::nu_error_t containing success or failure */ nu_error_t authpckt_conntrack(unsigned char *dgram, unsigned int dgram_size) { struct nuv4_conntrack_message_t *conntrack; struct accounted_connection *datas; struct internal_message *message; tcp_state_t pstate; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_PACKET, "Auth conntrack: Working on new packet"); /* Check message content size */ if (dgram_size != sizeof(struct nuv4_conntrack_message_t)) { log_message(CRITICAL, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "Auth conntrack: Improper length of packet (%d instead of %lu)", dgram_size, (unsigned long)sizeof(struct nuv4_conntrack_message_t)); return NU_EXIT_ERROR; } /* Create a message for limited_connexions_queue */ conntrack = (struct nuv4_conntrack_message_t *) dgram; datas = g_new0(struct accounted_connection, 1); message = g_new0(struct internal_message, 1); datas->tracking.protocol = conntrack->ip_protocol; datas->tracking.saddr.s6_addr32[0] = conntrack->ip_src.s6_addr32[0]; datas->tracking.saddr.s6_addr32[1] = conntrack->ip_src.s6_addr32[1]; datas->tracking.saddr.s6_addr32[2] = conntrack->ip_src.s6_addr32[2]; datas->tracking.saddr.s6_addr32[3] = conntrack->ip_src.s6_addr32[3]; datas->tracking.daddr.s6_addr32[0] = conntrack->ip_dst.s6_addr32[0]; datas->tracking.daddr.s6_addr32[1] = conntrack->ip_dst.s6_addr32[1]; datas->tracking.daddr.s6_addr32[2] = conntrack->ip_dst.s6_addr32[2]; datas->tracking.daddr.s6_addr32[3] = conntrack->ip_dst.s6_addr32[3]; if ((conntrack->ip_protocol == IPPROTO_ICMP) || (conntrack->ip_protocol == IPPROTO_ICMPV6)) { datas->tracking.type = ntohs(conntrack->src_port); datas->tracking.code = ntohs(conntrack->dest_port); } else { datas->tracking.source = ntohs(conntrack->src_port); datas->tracking.dest = ntohs(conntrack->dest_port); } datas->packets_in = conntrack->packets_in; datas->bytes_in = conntrack->bytes_in; datas->packets_out = conntrack->packets_out; datas->bytes_out = conntrack->bytes_out; /* timestamp is not set in conntrack message, thus best guest */ datas->timestamp = time(NULL); message->datas = datas; if (conntrack->msg_type == AUTH_CONN_DESTROY) { message->type = FREE_MESSAGE; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_PACKET, "Auth conntrack: Sending free message"); pstate = TCP_STATE_CLOSE; } else { message->type = UPDATE_MESSAGE; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_PACKET, "Auth conntrack: Sending Update message"); pstate = TCP_STATE_ESTABLISHED; } log_user_packet_from_accounted_connection(datas, pstate); g_async_queue_push(nuauthdatas->limited_connections_queue, message); return NU_EXIT_OK; } /** * Parse a datagram packet from NuFW using structure * ::nufw_to_nuauth_message_header_t. Create a connection * (type ::connection_t) for message of type #AUTH_REQUEST or #AUTH_CONTROL. * Update conntrack for message of type #AUTH_CONN_DESTROY * or #AUTH_CONN_UPDATE. * * Call: * - authpckt_new_connection(): Message type #AUTH_REQUEST or #AUTH_CONTROL * - authpckt_conntrack(): Message type #AUTH_CONN_DESTROY * or #AUTH_CONN_UPDATE * * \param pdgram Pointer to datagram * \param pdgram_size Pointer to size of the datagram (in bytes) * \param conn Pointer of pointer to the ::connection_t that will be modified * \return * - #NU_EXIT_ERROR if failure * - #NU_EXIT_OK if ok and conn created * - #NU_EXIT_NO_RETURN if no conn is needed but work is ok */ nu_error_t authpckt_decode(unsigned char **pdgram, unsigned int *pdgram_size, connection_t ** conn) { unsigned char *dgram = *pdgram; unsigned int dgram_size = *pdgram_size; nufw_to_nuauth_message_header_t *header; int ret; /* Switch following protocol version */ header = (nufw_to_nuauth_message_header_t *) dgram; switch (header->protocol_version) { case PROTO_VERSION_NUFW_V22_2: switch (header->msg_type) { case AUTH_REQUEST: case AUTH_CONTROL: ret = authpckt_new_connection(dgram, dgram_size, conn); if (ret == NU_EXIT_ERROR) { return NU_EXIT_ERROR; } if (ntohs(header->msg_length) < dgram_size) { *pdgram_size = dgram_size - ntohs(header->msg_length); *pdgram = dgram + ntohs(header->msg_length); } else { *pdgram_size = 0; } return ret; break; case AUTH_CONN_DESTROY: case AUTH_CONN_UPDATE: ret = authpckt_conntrack(dgram, dgram_size); *conn = NULL; if (ret == NU_EXIT_ERROR) { return ret; } if (ntohs(header->msg_length) < dgram_size) { *pdgram_size = dgram_size - ntohs(header->msg_length); *pdgram = dgram + ntohs(header->msg_length); } else { *pdgram_size = 0; } return NU_EXIT_NO_RETURN; default: log_message(CRITICAL, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "NuFW packet type is unknown"); return NU_EXIT_ERROR; } return NU_EXIT_OK; case PROTO_VERSION_NUFW_V20: switch (header->msg_type) { case AUTH_REQUEST: case AUTH_CONTROL: ret = authpckt_new_connection_v3(dgram, dgram_size, conn); if (ret == NU_EXIT_ERROR) { return NU_EXIT_ERROR; } if (ntohs(header->msg_length) < dgram_size) { *pdgram_size = dgram_size - ntohs(header->msg_length); *pdgram = dgram + ntohs(header->msg_length); } else { *pdgram_size = 0; } return ret; break; case AUTH_CONN_DESTROY: case AUTH_CONN_UPDATE: ret = authpckt_conntrack_v3(dgram, dgram_size); *conn = NULL; if (ret == NU_EXIT_ERROR) { return ret; } if (ntohs(header->msg_length) < dgram_size) { *pdgram_size = dgram_size - ntohs(header->msg_length); *pdgram = dgram + ntohs(header->msg_length); } else { *pdgram_size = 0; } return NU_EXIT_NO_RETURN; default: log_message(CRITICAL, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "NuFW packet type is unknown"); return NU_EXIT_ERROR; } return NU_EXIT_OK; case PROTO_VERSION_NUFW_V22: log_message(CRITICAL, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "nufw server runs pre 2.2.2 protocol: please upgrade"); return NU_EXIT_OK; default: { log_message(CRITICAL, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "NuFW protocol is unknown"); } return NU_EXIT_ERROR; } return NU_EXIT_OK; } /** * \return 0 if there is an error, value of protocol elsewhere */ unsigned char get_proto_version_from_packet(const unsigned char *dgram, size_t dgram_size) { nufw_to_nuauth_message_header_t *header; if (dgram_size < sizeof(nufw_to_nuauth_message_header_t)) { return 0; } /* Check protocol version */ header = (nufw_to_nuauth_message_header_t *) dgram; /* Is protocol supported */ if (check_protocol_version(NUFW_PROTO, header->protocol_version) == NU_EXIT_OK) { return header->protocol_version; } else { return 0; } } nufw-2.4.3/src/nuauth/sasl.c0000644000175000017500000006171611431206275012635 00000000000000/* ** Copyright(C) 2005-2009 INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ** ** In addition, as a special exception, the copyright holders give ** permission to link the code of portions of this program with the ** Cyrus SASL library under certain conditions as described in each ** individual source file, and distribute linked combinations ** including the two. ** You must obey the GNU General Public License in all respects ** for all of the code used other than Cyrus SASL. If you modify ** file(s) with this exception, you may extend this exception to your ** version of the file(s), but you are not obligated to do so. If you ** do not wish to do so, delete this exception statement from your ** version. If you delete this exception statement from all source ** files in the program, then also delete it here. ** ** This product includes software developed by Computing Services ** at Carnegie Mellon University (http://www.cmu.edu/computing/). ** */ /** * \addtogroup TLSUser * @{ */ /** \file sasl.c * \brief Manage clients authentication. * * This file contains functions used for sasl negotiation. The more important of the is mysasl_negotiate(). */ #include #include #include "security.h" #include gchar *mech_string_internal; gchar *mech_string_external; /* sasl init function */ void *sasl_gthread_mutex_init(void) { GMutex *lock = g_mutex_new(); if (!lock) return NULL; return lock; } int sasl_gthread_mutex_lock(void *lock) { g_mutex_lock(lock); return 0; } int sasl_gthread_mutex_unlock(void *lock) { g_mutex_unlock(lock); return 0; } void sasl_gthread_mutex_free(void *lock) { g_mutex_free(lock); } /* where using private datas to avoid over allocating */ static int external_get_opt(void *context, const char *plugin_name, const char *option, const char **result, unsigned *len) { if (!strcmp(option, "mech_list")) { *result = mech_string_external; return SASL_OK; } return SASL_FAIL; } static int internal_get_opt(void *context, const char *plugin_name, const char *option, const char **result, unsigned *len) { if (!strcmp(option, "mech_list")) { *result = mech_string_internal; return SASL_OK; } return SASL_FAIL; } static int userdb_checkpass(sasl_conn_t * conn, void *context, const char *user, const char *pass, unsigned passlen, struct propctx *propctx) { char *dec_user = NULL; int ret; /* * call module to get password * and additional properties */ /* pass can not be null */ if (pass == NULL || passlen == 0) { log_message(INFO, DEBUG_AREA_AUTH, "Password sent by user %s is NULL", user); return SASL_BADAUTH; } /* convert username from utf-8 to locale */ if (nuauthconf->uses_utf8) { size_t bwritten; dec_user = g_locale_from_utf8(user, -1, NULL, &bwritten, NULL); if (!dec_user) { log_message(SERIOUS_WARNING, DEBUG_AREA_AUTH, "Can not convert username at %s:%d", __FILE__, __LINE__); /* return to fallback */ sasl_seterror(conn, 0, "Can not convert username to locale" ); return SASL_NOUSER; } } else { dec_user = (char *) user; } ret = modules_user_check(dec_user, pass, passlen, (user_session_t *)context); if (ret == SASL_OK) { /* we're done */ if (nuauthconf->uses_utf8) g_free(dec_user); return SASL_OK; } if (nuauthconf->uses_utf8) g_free(dec_user); /* return to fallback */ log_message(INFO, DEBUG_AREA_AUTH, "Bad auth from user at %s:%d", __FILE__, __LINE__); sasl_seterror(conn, 0, "Bad auth from user"); return ret; } /** * called in tls_user_init() */ void my_sasl_init() { int ret; sasl_set_mutex(sasl_gthread_mutex_init, sasl_gthread_mutex_lock, sasl_gthread_mutex_unlock, sasl_gthread_mutex_free); /* initialize SASL */ ret = sasl_server_init(NULL, "nuauth"); if (ret != SASL_OK) { log_message(CRITICAL, DEBUG_AREA_AUTH, "Fail to init SASL library!"); exit(EXIT_FAILURE); } mech_string_internal = g_strdup("plain"); mech_string_external = g_strdup("external"); } static int samp_send(nussl_session* nussl, const char *buffer, unsigned length) { char *buf; unsigned len, alloclen; int result; /* prefix ("S: ") + base64 length + 1 nul byte */ alloclen = 3 + ((length+2)/3)*4 + 1; buf = g_new(char, alloclen); result = sasl_encode64(buffer, length, buf + 3, alloclen - 3, &len); if (result != SASL_OK) { g_free(buf); log_message(WARNING, DEBUG_AREA_AUTH, "Encoding data in base64 failed"); return result; } memcpy(buf, "S: ", 3); result = nussl_write(nussl, buf, len + 3); if (result < 0) log_message(WARNING, DEBUG_AREA_AUTH, "nussl_write() failed: %s", nussl_get_error(nussl)); g_free(buf); return result; } static unsigned samp_recv(nussl_session* nussl, char *buf, int bufsize) { unsigned int len; int result; result = nussl_read(nussl, buf, bufsize); if (result < 0) { log_message(WARNING, DEBUG_AREA_AUTH, "nussl_read() failed: %s", nussl_get_error(nussl)); return 0; } len = (unsigned int)result; result = sasl_decode64(buf + 3, (unsigned) strlen(buf + 3), buf, bufsize, &len); if (result != SASL_OK) { log_message(INFO, DEBUG_AREA_AUTH, "Decoding data in base64"); return 0; } buf[len] = '\0'; return len; } #define MAX_TRY 2 nu_error_t negotiate_proto_version(user_session_t *c_session) { int i = 0; int n = 0; while ((c_session->proto_version > PROTO_VERSION) && (i < MAX_TRY)) { char data[10]; n = snprintf(data, 10, "%s %d", PROTO_STRING, PROTO_VERSION); if (n <= 0) { return NU_EXIT_ERROR; } n = nussl_write(c_session->nussl, data, strlen(data)); if (n < 0) { return NU_EXIT_ERROR; } n = nussl_read(c_session->nussl, data, sizeof(data)); if (n<0) { return NU_EXIT_ERROR; } if (((int) strlen(PROTO_STRING) + 2) <= n && strncmp(data, PROTO_STRING, strlen(PROTO_STRING)) == 0) { data[n] = 0; c_session->proto_version = atoi((char *) data + strlen(PROTO_STRING)); } else { return NU_EXIT_ERROR; } i++; } if (c_session->proto_version <= PROTO_VERSION) { n = nussl_write(c_session->nussl, "OK", strlen("OK")); if (n < 0) { return NU_EXIT_ERROR; } return NU_EXIT_OK; } else { nussl_write(c_session->nussl, "NOK", strlen("NOK")); return NU_EXIT_ERROR; } return NU_EXIT_ERROR; } /** * fetch protocol version (or guess) * * - start a select waiting for protocol announce from client * - if there is nothing it is PROTO_V20 else get datas and fetch PROTO * * \param a ::user_session_t * \return a ::nu_error_t set to NU_EXIT_OK if there is no problem */ #define MAX_WAIT_ITER 5 nu_error_t get_proto_info(user_session_t * c_session) { int ret; fd_set wk_set; /* working set */ struct timeval tv; /* wait new events during 1 second */ FD_ZERO(&wk_set); FD_SET(c_session->socket, &wk_set); tv.tv_sec = nuauthconf->proto_wait_delay; tv.tv_usec = 0; ret = select(c_session->socket + 1, &wk_set, NULL, NULL, &tv); /* catch select() error */ switch (ret) { case -1: { if (errno == EINTR) { log_message(CRITICAL, DEBUG_AREA_MAIN | DEBUG_AREA_AUTH, "Warning: tls user select() failed: signal was catched."); break; } else { return NU_EXIT_ERROR; } } case 0: { log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "Falling back to v3 protocol"); c_session->proto_version = PROTO_VERSION_V20; } break; default: { if (FD_ISSET(c_session->socket, &wk_set)) { char buffer[20]; memset(buffer, 0, sizeof(buffer)); log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "Getting protocol information"); ret = nussl_read(c_session->nussl, buffer, sizeof(buffer) - 1); if (ret <= 0) { log_message(INFO, DEBUG_AREA_AUTH, "nussl_read() failed: %s", nussl_get_error(c_session->nussl)); return NU_EXIT_ERROR; } if (((int) strlen(PROTO_STRING) + 2) <= ret && strncmp(buffer, PROTO_STRING, strlen(PROTO_STRING)) == 0) { buffer[ret] = 0; c_session->proto_version = atoi((char *) buffer + strlen(PROTO_STRING)); log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "Protocol information: %d", c_session-> proto_version); if (c_session->proto_version >= PROTO_VERSION_V24) { int ret = negotiate_proto_version(c_session); if (ret != NU_EXIT_OK) { log_message(INFO, DEBUG_AREA_AUTH, "Unable to negotiate proto"); c_session->proto_version = PROTO_VERSION_NONE; } return; } /* sanity check on know protocol */ switch (c_session->proto_version) { case PROTO_VERSION_V22: case PROTO_VERSION_V22_1: case PROTO_VERSION_V24: break; default: log_message(INFO, DEBUG_AREA_AUTH, "Bad protocol, announced %d", c_session->proto_version ); return NU_EXIT_ERROR; } return NU_EXIT_OK; } else { log_message(INFO, DEBUG_AREA_AUTH, "Error bad proto string"); return NU_EXIT_ERROR; } } } } return NU_EXIT_OK; } #undef MAX_WAIT_ITER #undef PROTO_WAIT_DELAY /** * do the sasl negotiation. * * \param c_session A ::user_session_t * \param conn A ::sasl_conn_t * \return -1 if it fails */ static int mysasl_negotiate(user_session_t * c_session, sasl_conn_t * conn) { char buf[8192]; const char *data = NULL; int tls_len = 0; unsigned sasl_len = 0; int count; #if 0 gnutls_session session = *(c_session->tls); #endif ssize_t record_send; unsigned len = tls_len; int result, auth_result; result = sasl_listmech(conn, NULL, NULL, ",", NULL, &data, &sasl_len, &count); if (result != SASL_OK) { log_message(WARNING, DEBUG_AREA_AUTH, "generating mechanism list"); return result; } log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "%d mechanisms : %s (length: %d)", count, data, sasl_len); /* send capability list to client */ record_send = samp_send(c_session->nussl, data, sasl_len); tls_len = sasl_len; #if 0 if ((record_send == GNUTLS_E_INTERRUPTED) || (record_send == GNUTLS_E_AGAIN)) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "sasl nego: need to resend packet"); record_send = samp_send(c_session->nussl, data, tls_len); } #endif if (record_send < 0) { return SASL_FAIL; } debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "Now we know record_send >= 0"); memset(buf, 0, sizeof(buf)); tls_len = samp_recv(c_session->nussl, buf, sizeof(buf)); if (tls_len <= 0) { if (tls_len == 0) { log_message(INFO, DEBUG_AREA_AUTH, "client didn't choose mechanism"); if (samp_send(c_session->nussl, "N", 1) <= 0) /* send NO to client */ return SASL_FAIL; return SASL_BADPARAM; } else { log_message(INFO, DEBUG_AREA_AUTH, "sasl nego : tls crash"); return SASL_FAIL; } } log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "client chose mechanism %s", buf); if (strlen(buf) < (size_t) tls_len) { /* Hmm, there's an initial response here */ data = buf + strlen(buf) + 1; len = tls_len - strlen(buf) - 1; } else { data = NULL; len = 0; } auth_result = sasl_server_start(conn, buf, data, len, &data, (unsigned *) &len); if (auth_result != SASL_OK && auth_result != SASL_CONTINUE) { char *tempname = NULL; log_message(INFO, DEBUG_AREA_AUTH, "Error starting SASL negotiation: %s (%d)", sasl_errstring(auth_result, NULL, NULL), auth_result); result = sasl_getprop(conn, SASL_AUTHUSER, (const void **) &(tempname)); if (result != SASL_OK) { g_warning("get user failed: %s", sasl_errstring(result, NULL, NULL)); return result; } if (tempname == NULL) { g_warning("sasl_getprop(SASL_AUTHUSER): username is NULL!"); return SASL_BADPARAM; } c_session->user_name = g_strdup(tempname); return auth_result; } while (auth_result == SASL_CONTINUE) { if (data) { samp_send(c_session->nussl, data, len); } else { log_message(WARNING, DEBUG_AREA_AUTH, "No data to send--something's wrong"); } debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "Waiting for client reply..."); memset(buf, 0, sizeof(buf)); len = samp_recv(c_session->nussl, buf, sizeof(buf)); data = NULL; auth_result = sasl_server_step(conn, buf, len, &data, &len); } if (auth_result != SASL_OK) { log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "incorrect authentication"); if (c_session->proto_version >= PROTO_VERSION_V22_1) { samp_send(c_session->nussl, "N", 1); } } else { log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "correct authentication"); if (c_session->proto_version >= PROTO_VERSION_V22_1) { samp_send(c_session->nussl, "Y", 1); } } if (c_session->user_name) { if (auth_result != SASL_OK) { return auth_result; } } if (c_session->auth_type != AUTH_TYPE_EXTERNAL) { char *tempname = NULL; result = sasl_getprop(conn, SASL_AUTHUSER, (const void **) &(tempname)); if (result != SASL_OK) { g_warning("get user failed: %s", sasl_errstring(result, NULL, NULL)); return result; } if (tempname == NULL) { g_warning("sasl_getprop(SASL_AUTHUSER): username is NULL!"); return SASL_BADPARAM; } c_session->user_name = g_strdup(tempname); if (auth_result != SASL_OK) { return auth_result; } /* in case no call to user_checkdb has been done we need to fill the group */ c_session->groups = modules_get_user_groups(c_session->user_name); if (c_session->groups == NULL) { log_message(INFO, DEBUG_AREA_AUTH, "error when searching user groups for %s", c_session->user_name); return SASL_BADAUTH; } c_session->user_id = modules_get_user_id(c_session->user_name); if (c_session->user_id == 0) { log_message(INFO, DEBUG_AREA_AUTH, "Couldn't get user ID for \"%s\"!", c_session->user_name); return SASL_BADAUTH; } } #if 0 if (nussl_write(c_session->nussl, "O", 1) < 0) /* send YES to client */ return SASL_FAIL; #endif /* negotiation complete */ return SASL_OK; } /** * do the sasl negotiation, protocol v3 * * return -1 if it fails */ static int mysasl_negotiate_v3(user_session_t * c_session, sasl_conn_t * conn) { char buf[8192]; char chosenmech[128]; const char *data = NULL; int tls_len = 0; unsigned sasl_len = 0; int r = SASL_FAIL; int count; int ret = 0; #if 0 gnutls_session session = *(c_session->tls); #endif ssize_t record_send; r = sasl_listmech(conn, NULL, "(", ",", ")", &data, &sasl_len, &count); if (r != SASL_OK) { log_message(WARNING, DEBUG_AREA_AUTH, "proto v3: generating mechanism list"); return r; } log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "proto v3: %d mechanisms : %s", count, data); tls_len = sasl_len; /* send capability list to client */ record_send = nussl_write(c_session->nussl, (char*)data, tls_len); #if 0 if ((record_send == GNUTLS_E_INTERRUPTED) || (record_send == GNUTLS_E_AGAIN)) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "proto v3: sasl nego : need to resend packet"); record_send = nussl_write(c_session->nussl, data, tls_len); } #endif if (record_send < 0) { return SASL_FAIL; } debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "proto v3: Now we know record_send >= 0"); memset(chosenmech, 0, sizeof chosenmech); tls_len = nussl_read(c_session->nussl, chosenmech, sizeof chosenmech); if (tls_len <= 0) { if (tls_len == 0) { log_message(INFO, DEBUG_AREA_AUTH, "proto v3: client didn't choose mechanism"); if (nussl_write(c_session->nussl, "N", 1) < 0) /* send NO to client */ return SASL_FAIL; return SASL_BADPARAM; } else { log_message(INFO, DEBUG_AREA_AUTH, "proto v3: sasl nego : tls crash"); return SASL_FAIL; } } log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "proto v3: client chose mechanism %s", chosenmech); memset(buf, 0, sizeof buf); tls_len = nussl_read(c_session->nussl, buf, sizeof(buf)); if (tls_len != 1) { if (tls_len <= 0) { log_message(INFO, DEBUG_AREA_AUTH, "nussl_read() error: %s", nussl_get_error(c_session->nussl)); return SASL_FAIL; } log_message(DEBUG, DEBUG_AREA_AUTH, "proto v3: didn't receive first-sent parameter correctly"); if (nussl_write(c_session->nussl, "N", 1) < 0) /* send NO to client */ { log_message(INFO, DEBUG_AREA_AUTH, "nussl_write() error: %s", nussl_get_error(c_session->nussl)); return SASL_FAIL; } return SASL_BADPARAM; } if (buf[0] == 'Y') { /* receive initial response (if any) */ memset(buf, 0, sizeof(buf)); tls_len = nussl_read(c_session->nussl, buf, sizeof(buf)); if (tls_len <= 0) { log_message(INFO, DEBUG_AREA_AUTH, "nussl_read() error: %s", nussl_get_error(c_session->nussl)); return SASL_FAIL; } /* start libsasl negotiation */ r = sasl_server_start(conn, chosenmech, buf, tls_len, &data, &sasl_len); } else { log_message(DEBUG, DEBUG_AREA_AUTH, "proto v3: start with no msg"); r = sasl_server_start(conn, chosenmech, NULL, 0, &data, &sasl_len); } if (r != SASL_OK && r != SASL_CONTINUE) { gchar *user_name = NULL; log_message(INFO, DEBUG_AREA_AUTH, "proto v3: sasl negotiation error: %d", r); ret = sasl_getprop(conn, SASL_AUTHUSER, (const void **) &(user_name)); if (ret == SASL_OK) { c_session->user_name = g_strdup(user_name); } else { c_session->user_name = NULL; } if (nussl_write(c_session->nussl, "N", 1) < 0) /* send NO to client */ { log_message(INFO, DEBUG_AREA_AUTH, "nussl_write() error: %s", nussl_get_error(c_session->nussl)); return SASL_FAIL; } return SASL_BADPARAM; } while (r == SASL_CONTINUE) { if (nussl_write(c_session->nussl, "C", 1) < 0) /* send CONTINUE to client */ return SASL_FAIL; if (data) { if (nussl_write(c_session->nussl, (char*)data, tls_len) < 0) return SASL_FAIL; } else { if (nussl_write(c_session->nussl, "", 0) < 0) return SASL_FAIL; } memset(buf, 0, sizeof buf); tls_len = nussl_read(c_session->nussl, buf, sizeof buf); if (tls_len < 0) { #ifdef DEBUG_ENABLE if (!tls_len) { log_message(VERBOSE_DEBUG, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "proto v3: Client disconnected during sasl negotiation"); } else { log_message(VERBOSE_DEBUG, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "proto v3: TLS error during sasl negotiation"); } #endif return SASL_FAIL; } r = sasl_server_step(conn, buf, tls_len, &data, &sasl_len); if (r != SASL_OK && r != SASL_CONTINUE) { #ifdef DEBUG_ENABLE log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "proto v3: error performing SASL negotiation: %s", sasl_errdetail(conn)); #endif if (nussl_write(c_session->nussl, "N", 1) < 0) /* send NO to client */ return SASL_FAIL; return SASL_BADPARAM; } } /* while continue */ if (r != SASL_OK) { log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "proto v3: incorrect authentication"); /* try to get username */ if (c_session->user_name == NULL) { char *tempname = NULL; ret = sasl_getprop(conn, SASL_AUTHUSER, (const void **) &(tempname)); if (ret != SASL_OK) { g_warning("proto v3: get user failed"); return ret; } else { c_session->user_name = g_strdup(tempname); } } if (nussl_write(c_session->nussl, "N", 1) < 0) /* send NO to client */ return SASL_FAIL; return SASL_BADAUTH; } if (c_session->user_name) c_session->auth_type = AUTH_TYPE_EXTERNAL; if (c_session->auth_type != AUTH_TYPE_EXTERNAL) { char *tempname = NULL; ret = sasl_getprop(conn, SASL_AUTHUSER, (const void **) &(tempname)); if (ret != SASL_OK) { g_warning("proto v3: get user failed"); return ret; } else { c_session->user_name = g_strdup(tempname); } /* in case no call to user_checkdb has been done we need to fill the group */ c_session->groups = modules_get_user_groups(c_session->user_name); if (c_session->groups == NULL) { log_message(DEBUG, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "proto v3: Couldn't get user groups"); if (nussl_write(c_session->nussl, "N", 1) < 0) /* send NO to client */ return SASL_FAIL; return SASL_BADAUTH; } c_session->user_id = modules_get_user_id(c_session->user_name); if (c_session->user_id == 0) { log_message(INFO, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "proto v3: Couldn't get user ID!"); } } if (nussl_write(c_session->nussl, "O", 1) < 0) /* send YES to client */ return SASL_FAIL; /* negotiation complete */ return SASL_OK; } /** * realize user negotiation from after TLS to the end. */ int sasl_user_check(user_session_t * c_session) { sasl_conn_t *conn = NULL; sasl_security_properties_t secprops; char iplocalport[INET6_ADDRSTRLEN +20]; char ipremoteport[INET6_ADDRSTRLEN +20]; int len; int ret; sasl_callback_t internal_callbacks[] = { {SASL_CB_GETOPT, &internal_get_opt, c_session}, {SASL_CB_SERVER_USERDB_CHECKPASS, &userdb_checkpass, c_session}, {SASL_CB_LIST_END, NULL, NULL} }; sasl_callback_t external_callbacks[] = { {SASL_CB_GETOPT, &external_get_opt, c_session}, {SASL_CB_SERVER_USERDB_CHECKPASS, &userdb_checkpass, c_session}, {SASL_CB_LIST_END, NULL, NULL} }; sasl_callback_t *callbacks; if (c_session->user_name) { c_session->auth_type = AUTH_TYPE_EXTERNAL; c_session->auth_quality = AUTHQ_SSL; callbacks = external_callbacks; } else { callbacks = internal_callbacks; c_session->auth_type = AUTH_TYPE_INTERNAL; c_session->auth_quality = AUTHQ_SASL; if (!nuauthconf->nuauth_uses_fake_sasl) { callbacks = NULL; } } /* format "ip;port" */ format_ipv6(&c_session->addr, ipremoteport, INET6_ADDRSTRLEN, NULL); len = strlen(ipremoteport); secure_snprintf(ipremoteport+len, sizeof(ipremoteport)-len, ";%hu", c_session->sport); /* format "ip;port" */ format_ipv6(&c_session->server_addr, iplocalport, INET6_ADDRSTRLEN, NULL); len = strlen(iplocalport); secure_snprintf(iplocalport+len, sizeof(iplocalport)-len, ";%s", nuauthconf->userpckt_port); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "Starting SASL server: service=%s, hostname=%s, realm=%s, iplocal=%s, ipremote=%s", nuauthconf->krb5_service, nuauthconf->krb5_hostname, nuauthconf->krb5_realm, iplocalport, ipremoteport ); ret = sasl_server_new(nuauthconf->krb5_service, nuauthconf->krb5_hostname, nuauthconf->krb5_realm, iplocalport, ipremoteport, callbacks, 0, &conn); if (ret != SASL_OK) { g_warning ("allocating connection state - failure at sasl_server_new()"); return ret; } secprops.min_ssf = 0; secprops.max_ssf = UINT_MAX; secprops.property_names = NULL; secprops.property_values = NULL; secprops.security_flags = SASL_SEC_NOANONYMOUS; /* as appropriate */ secprops.maxbufsize = 65536; sasl_setprop(conn, SASL_SEC_PROPS, &secprops); if (c_session->auth_type == AUTH_TYPE_EXTERNAL) { sasl_ssf_t extssf = 0; #ifdef DEBUG_ENABLE log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "setting params for external"); log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "TLS gives user %s, trying EXTERNAL", c_session->user_name); #endif ret = sasl_setprop(conn, SASL_AUTH_EXTERNAL, c_session->user_name); if (ret != SASL_OK) { sasl_dispose(&conn); log_message(INFO, DEBUG_AREA_AUTH, "Error setting external auth"); return ret; } ret = sasl_setprop(conn, SASL_SSF_EXTERNAL, &extssf); if (ret != SASL_OK) { sasl_dispose(&conn); log_message(INFO, DEBUG_AREA_AUTH, "Error setting external SSF"); return ret; } } ret = get_proto_info(c_session); if (ret != NU_EXIT_OK) { sasl_dispose(&conn); log_message(INFO, DEBUG_AREA_AUTH, "Could not fetch proto info"); return SASL_BADPARAM; } switch (c_session->proto_version) { case PROTO_VERSION_V22: case PROTO_VERSION_V22_1: case PROTO_VERSION_V24: ret = mysasl_negotiate(c_session, conn); break; case PROTO_VERSION_V20: ret = mysasl_negotiate_v3(c_session, conn); break; default: log_message(WARNING, DEBUG_AREA_AUTH, "Unknown protocol"); ret = SASL_BADPARAM; } sasl_dispose(&conn); if (ret != SASL_OK) { nuauth_auth_error_t err; const char *message; if (ret == SASL_BADAUTH || ret == SASL_NOUSER) { err = AUTH_ERROR_CREDENTIALS; message = "Invalid credentials (username or password)"; } else { err = AUTH_ERROR_INTERRUPTED; message = "Authentication process interrupted"; } modules_auth_error_log(c_session, err, message); return ret; } /* sasl connection is not used anymore */ return SASL_OK; } /** * @} */ nufw-2.4.3/src/nuauth/users.c0000644000175000017500000001224111431206275013021 00000000000000/** ** Copyright(C) 2005 INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include "cache.h" /** * \addtogroup Cache * @{ */ /** * \file users.c * \brief User cache system * * Functions necessary to cache user information */ /** * used when destroying value from hash * hash value is a gslist of entry * * \param datas Pointer to struct user_cached_datas: * \param userdata Not used */ void free_user_struct(struct user_cached_datas *datas, gpointer userdata) { g_slist_free(datas->groups); g_free(datas); } void free_user_cache(cache_entry_t * entry) { GSList *list = entry->datas; if (list != NULL) { g_slist_foreach(list, (GFunc) cache_entry_content_destroy, free_user_struct); g_slist_free(list); debug_log_message(DEBUG, DEBUG_AREA_MAIN | DEBUG_AREA_USER, "user datas freed %p", list); } g_free(entry); } /** * handle discussion with user cache */ void get_users_from_cache(connection_t * conn_elt) { struct cache_message message; /* Going to ask to the cache */ /* prepare message */ message.type = GET_MESSAGE; message.key = conn_elt->username; message.datas = NULL; message.reply_queue = g_private_get(nuauthdatas->userqueue); if (message.reply_queue == NULL) { message.reply_queue = g_async_queue_new(); g_private_set(nuauthdatas->userqueue, message.reply_queue); } /* send message */ debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "[user cache] going to send cache request for %s", conn_elt->username); g_async_queue_push(nuauthdatas->user_cache->queue, &message); /* lock */ g_atomic_int_inc(&(myaudit->cache_req_nb)); /*release */ debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "[user cache] request sent"); /* wait for answer */ conn_elt->cacheduserdatas = g_async_queue_pop(message.reply_queue); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "[user cache] cache answered"); if (conn_elt->cacheduserdatas == null_queue_datas) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "[user cache] setting cached user datas to NULL"); conn_elt->cacheduserdatas = NULL; } /* check if answer is NULL */ if (conn_elt->cacheduserdatas == null_message) { struct cache_message *rmessage; struct user_cached_datas *userdatas = g_new0(struct user_cached_datas, 1); userdatas->groups = NULL; userdatas->uid = 0; /* cache wants an update * external check of user */ userdatas->uid = modules_get_user_id(conn_elt->username); userdatas->groups = modules_get_user_groups(conn_elt->username); if (userdatas->groups == NULL) { /*user has not been found or problem occurs we must fail * returning NULL is enough (don't want to be DOSsed)*/ log_message(WARNING, DEBUG_AREA_USER, "User not found"); return; } rmessage = g_new0(struct cache_message, 1); rmessage->type = INSERT_MESSAGE; rmessage->key = g_strdup(conn_elt->username); rmessage->datas = userdatas; rmessage->reply_queue = NULL; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "[user cache] answering for key %p", rmessage->key); /* reply to the cache */ g_async_queue_push(nuauthdatas->user_cache->queue, rmessage); /* fill connection datas */ conn_elt->user_groups = userdatas->groups; conn_elt->user_id = userdatas->uid; conn_elt->cacheduserdatas = userdatas; } else { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "[user cache] cache call succedeed"); conn_elt->user_groups = conn_elt->cacheduserdatas->groups; conn_elt->user_id = (conn_elt->cacheduserdatas)->uid; g_atomic_int_inc(&(myaudit->cache_hit_nb)); } } gpointer user_duplicate_key(gpointer datas) { return (void *) g_strdup((gchar *) datas); } int init_user_cache() { GThread *user_cache_thread; log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN | DEBUG_AREA_USER, "creating user cache thread"); nuauthdatas->user_cache = g_new0(cache_class_t, 1); nuauthdatas->user_cache->hash = g_hash_table_new_full((GHashFunc) g_str_hash, g_str_equal, (GDestroyNotify) g_free, (GDestroyNotify) free_user_cache); nuauthdatas->user_cache->queue = g_async_queue_new(); nuauthdatas->user_cache->delete_elt = (CacheDeleteFunc) free_user_struct; nuauthdatas->user_cache->duplicate_key = user_duplicate_key; nuauthdatas->user_cache->free_key = g_free; nuauthdatas->user_cache->equal_key = g_str_equal; user_cache_thread = g_thread_create((GThreadFunc) cache_manager, nuauthdatas->user_cache, FALSE, NULL); if (!user_cache_thread) exit(EXIT_FAILURE); return 1; } /** @} */ nufw-2.4.3/src/nuauth/nu_gcrypt.h0000644000175000017500000000160711431206275013703 00000000000000/* ** Copyright(C) 2005 Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NU_GCRYPT_H #define NU_GCRYPT_H /* crypt */ int verify_user_password(const char *given, const char *ours); #endif nufw-2.4.3/src/nuauth/take_decision.c0000644000175000017500000004124211431206275014464 00000000000000/* ** Copyright(C) 2006,2008,2008 INL ** Written by Eric Leblond ** INL : http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "auth_srv.h" #include #include /** * \ingroup NuauthCore * * @{ */ static inline void update_connection_datas(connection_t *element, struct acl_group *datas) { if (datas->log_prefix) { g_free(element->log_prefix); element->log_prefix = g_strdup(datas->log_prefix); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Setting log prefix to %s", datas->log_prefix); } element->flags = datas->flags; } typedef enum { TEST_NODECIDE, /*prio_to_nok) { case 1: if ((*answer == DECISION_DROP) || (*answer == DECISION_REJECT)) { /* if prio is to not ok, then a DROP or REJECT is a final decision */ *test = TEST_DECIDED; update_connection_datas (element,datas); } else { /* we can have multiple accept, last one with a log prefix will be displayed */ update_connection_datas (element,datas); } break; case 0: if (*answer == DECISION_ACCEPT) { *test = TEST_DECIDED; update_connection_datas (element,datas); } break; case 2: *test = TEST_DECIDED; update_connection_datas (element,datas); break; default: debug_log_message(WARNING, DEBUG_AREA_MAIN, "BUG: Should not have %i for prio_to_nok", nuauthconf->prio_to_nok); } /* complete decision with check on period (This can change an ACCEPT answer) */ if (*answer == DECISION_ACCEPT) { time_t periodend = -1; /* compute end of period for this acl */ if (datas->period) { periodend = get_end_of_period_for_time_t( datas->period, time(NULL)); if (periodend == 0) { /* this is not a correct time going to drop */ *answer = DECISION_NODECIDE; *test = TEST_DECIDED; update_connection_datas (element,datas); } else { debug_log_message (VERBOSE_DEBUG, DEBUG_AREA_MAIN, "end of period for %s in %ld", datas->period, periodend); } } if ((*expire == -1) || ((periodend != -1) && (*expire != -1) && (*expire > periodend))) { debug_log_message (DEBUG, DEBUG_AREA_MAIN, " ... modifying expire"); *expire = periodend; } } } static void search_user_group_in_acl_groups(struct acl_group *datas, decision_t *answer, test_t *test, connection_t *element, time_t *expire, GSList *user_group) { if (g_slist_find(datas-> groups, (gconstpointer) user_group->data)) { /* find a group match, time to update decision */ *answer = datas->answer; update_decision(datas, answer, test, element, expire); } else { if (*answer == DECISION_NODECIDE) { update_connection_datas (element,datas); } } } static void search_user_id_in_acl_groups(struct acl_group *datas, decision_t *answer, test_t *test, connection_t *element, time_t *expire, uint32_t userid) { if (g_slist_find(datas-> users, GUINT_TO_POINTER(userid))) { /* find a group match, time to update decision */ *answer = datas->answer; update_decision(datas, answer, test, element, expire); } else { if (*answer == DECISION_NODECIDE) { update_connection_datas (element,datas); } } } /** * \brief Take a decision of a connection authentication, and send it to NuFW. * * The process may be asynchronous (using decisions_workers, * member of ::nuauthdatas) * * It iters on each element of connection_t::acl_groups. * For each element, it test every groups to check * if the users belongs to one of them. * When a match is found, there is three cases: * - if nuauth_params::prio_to_nok is 0 then we continue till we fing a acl with * ACCEPT decision. * - if nuauth_params::prio_to_nok is set to 1, we stop if the decision is to * block the packet. * - if nuauth_params::prio_to_nok is set to 2, we stop on first acl where a * group matches * * \param element A pointer to a ::connection_t * \param place Place where the connection is stored, see ::packet_place_t * \return Returns a ::nu_error_t */ nu_error_t take_decision(connection_t * element, packet_place_t place) { GSList *parcours = NULL; decision_t answer = DECISION_NODECIDE; test_t test; GSList *user_group = element->user_groups; time_t expire = -1; /* no expiration by default */ debug_log_message(DEBUG, DEBUG_AREA_MAIN, "Trying to take decision on %p", element); element->decision = DECISION_NODECIDE; /*even firster we check if we have an actual element */ if (element == NULL) return NU_EXIT_ERROR; /* first check if we have found acl */ if (element->acl_groups == NULL) { answer = DECISION_DROP; } else { decision_t start_test, stop_test; if (nuauthconf->prio_to_nok == 1) { start_test = DECISION_ACCEPT; stop_test = DECISION_DROP; } else { start_test = DECISION_DROP; stop_test = DECISION_ACCEPT; } test = TEST_NODECIDE; for (parcours = element->acl_groups; (parcours != NULL && test == TEST_NODECIDE); parcours = g_slist_next(parcours)) { if (parcours->data != NULL) { if (((struct acl_group *)(parcours->data))->auth_quality > element->auth_quality) { if (nuauthconf->reject_authenticated_drop) { answer = DECISION_REJECT; } else { answer = DECISION_DROP; } update_decision((struct acl_group *)(parcours->data), &answer, &test, element, &expire); } else { /* search for a userid-based rule */ search_user_id_in_acl_groups(((struct acl_group *)(parcours->data)), &answer, &test, element, &expire, element->user_id); /* for each user group */ for (user_group = element->user_groups; user_group != NULL && test == TEST_NODECIDE; user_group = g_slist_next(user_group)) { /* search user group in acl_groups */ if (((struct acl_group *)(parcours->data))->groups) { search_user_group_in_acl_groups( ((struct acl_group *)(parcours->data)), &answer, &test, element, &expire, user_group); } } /* end of user group loop */ } } else { debug_log_message(DEBUG, DEBUG_AREA_MAIN, "Empty acl : bad things ..."); answer = DECISION_DROP; test = TEST_DECIDED; } } /* end of acl groups loop */ } /* answer is DECISION_NODECIDE if we did not found any matching group */ if (answer == DECISION_NODECIDE) { if (nuauthconf->reject_authenticated_drop) { answer = DECISION_REJECT; } else { answer = DECISION_DROP; } } /** Drop per expiration (packet out of time window) */ if (expire == 0) { if (nuauthconf->reject_authenticated_drop) { answer = DECISION_REJECT; } else { answer = DECISION_DROP; } } element->decision = answer; element->expire = expire; /* Call modules to do final tuning of packet (setting mark, expire modification ...) */ modules_finalize_packet(element); /* we must put element in expire list if needed before decision is taken */ if (element->expire > 0) { if (nuauthconf->nufw_has_conntrack) { struct limited_connection *datas = g_new0(struct limited_connection, 1); struct internal_message *message = g_new0(struct internal_message, 1); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Sending connection with fixed timeout to thread"); memcpy(&(datas->tracking), &(element->tracking), sizeof(tracking_t)); datas->expire = expire; datas->gwaddr = element->tls->peername; message->datas = datas; message->type = INSERT_MESSAGE; g_async_queue_push(nuauthdatas-> limited_connections_queue, message); } } if (nuauthconf->log_users_sync) { /* copy current element */ if (place == PACKET_IN_HASH) { conn_cl_remove(element); } /* push element to decision workers */ thread_pool_push(nuauthdatas->decisions_workers, element, NULL); } else { apply_decision(element); element->packet_id = NULL; if (place == PACKET_IN_HASH) { if (conn_cl_delete(element) == 0) { log_message(CRITICAL, DEBUG_AREA_MAIN, "Unable to suppress packet from hash"); } } else { free_connection(element); } } return NU_EXIT_OK; } /** * Log (using log_user_packet()) and send answer (using send_auth_response()) * for a given connection. * * \param element A pointer to a ::connection_t * \return Returns a ::nu_error_t */ nu_error_t apply_decision(connection_t * element) { decision_t decision = element->decision; nu_error_t ret; #ifdef PERF_DISPLAY_ENABLE struct timeval leave_time, elapsed_time; #endif if (element->state == AUTH_STATE_USERPCKT) { log_message(WARNING, DEBUG_AREA_MAIN, "BUG: Should not be in apply_decision for user only packet"); return NU_EXIT_ERROR; } if (decision == DECISION_ACCEPT) { ret = log_user_packet(element, TCP_STATE_OPEN); } else { ret = log_user_packet(element, TCP_STATE_DROP); } if ((ret != NU_EXIT_OK) && nuauthconf->drop_if_no_logging) { element->decision = DECISION_DROP; } g_slist_foreach(element->packet_id, send_auth_response, element); #ifdef PERF_DISPLAY_ENABLE if (nuauthconf->debug_areas & DEBUG_AREA_PERF) { gettimeofday(&leave_time, NULL); timeval_substract(&elapsed_time, &leave_time, &(element->arrival_time)); log_message(MESSAGE, DEBUG_AREA_PERF, "Treatment time for packet_id=%u: %.1f msec", GPOINTER_TO_UINT(element->packet_id->data), (double)elapsed_time.tv_sec*1000+ (double)(elapsed_time.tv_usec/1000) ); } #endif /* free packet_id */ if (element->packet_id != NULL) { g_slist_free(element->packet_id); element->packet_id = NULL; } return NU_EXIT_OK; } /** * This is a callback to apply a decision from the decision thread * pool (decisions_workers member of ::nuauthdatas). * * The queue is feeded by take_decision(). * * \param userdata Pointer to a connection (of type ::connection_t) * \param data NULL pointer (unused) */ void decisions_queue_work(gpointer userdata, gpointer data) { connection_t *element = (connection_t *) userdata; apply_decision(element); free_connection(element); } /** * Send authentication response (decision of type ::decision_t) to the NuFW. * * Use ::nuauth_decision_response_t structure to build the packet. * * \param packet_id_ptr NetFilter packet unique identifier (32 bits) * \param userdata Pointer to an answer of type ::auth_answer */ void send_auth_response(gpointer packet_id_ptr, gpointer userdata) { connection_t *element = (connection_t *) userdata; uint32_t packet_id = GPOINTER_TO_UINT(packet_id_ptr); int payload_size = 0; int total_size = 0; nu_error_t ret = NU_EXIT_OK; char buffer[sizeof(nuv3_nuauth_decision_response_t) + IPHDR_REJECT_LENGTH + IP6HDR_REJECT_LENGTH + STORED_PAYLOAD_SIZE]; switch (element->nufw_version) { case PROTO_VERSION_NUFW_V20: { nuv3_nuauth_decision_response_t *response = (nuv3_nuauth_decision_response_t *) buffer; uint16_t mark16; /* check if user id fit in 16 bits */ if (0xFFFF < element->mark) { log_message(WARNING, DEBUG_AREA_MAIN, "Mark don't fit in 16 bits, not to truncate the value."); } mark16 = (element->mark & 0xFFFF); if (element->decision == DECISION_REJECT) { payload_size = IPHDR_REJECT_LENGTH + element->payload_len; } /* allocate */ total_size = sizeof(nuv3_nuauth_decision_response_t) + payload_size; response->protocol_version = PROTO_VERSION_NUFW_V20; response->msg_type = AUTH_ANSWER; response->mark = htons(mark16); response->decision = element->decision; response->priority = 1; response->padding = 0; response->packet_id = htonl(packet_id); response->payload_len = htons(payload_size); if (element->decision == DECISION_REJECT) { char payload[IPHDR_REJECT_LENGTH + STORED_PAYLOAD_SIZE]; struct iphdr *ip = (struct iphdr *) payload; /* create ip header */ memset(payload, 0, IPHDR_REJECT_LENGTH); ip->version = AF_INET; ip->ihl = IPHDR_REJECT_LENGTH_BWORD; ip->tot_len = htons(IPHDR_REJECT_LENGTH + element->payload_len); ip->ttl = 64; /* write dummy ttl */ ip->protocol = element->tracking.protocol; /* dummy convert to IPv4 as nufw on the other side does not support IPv6 at all */ ip->saddr = element->tracking.saddr.s6_addr32[3]; ip->daddr = element->tracking.daddr.s6_addr32[3]; /* write transport layer */ memcpy(payload + IPHDR_REJECT_LENGTH, element->payload, element->payload_len); /* write icmp reject packet */ memcpy((char *) response + sizeof (nuv3_nuauth_decision_response_t), payload, payload_size); } } break; case PROTO_VERSION_NUFW_V22_2: { nuv4_nuauth_decision_response_t *response = (nuv4_nuauth_decision_response_t *) buffer; int use_icmp6 = 0; uint32_t mark = element->mark; use_icmp6 = (!is_ipv4(&element->tracking.saddr) || !is_ipv4(&element->tracking. daddr)); if (element->decision == DECISION_REJECT) { if (use_icmp6) payload_size = IP6HDR_REJECT_LENGTH + element->payload_len; else payload_size = IPHDR_REJECT_LENGTH + element->payload_len; } /* allocate */ total_size = sizeof(nuv4_nuauth_decision_response_t) + payload_size; response->protocol_version = PROTO_VERSION_NUFW_V22_2; response->msg_type = AUTH_ANSWER; response->tcmark = htonl(mark); response->decision = element->decision; response->priority = 1; response->padding = 0; response->packet_id = htonl(packet_id); response->payload_len = htons(payload_size); if (element->decision == DECISION_REJECT) { if (use_icmp6) { char payload[IP6HDR_REJECT_LENGTH + STORED_PAYLOAD_SIZE]; struct ip6_hdr *ip = (struct ip6_hdr *) payload; /* create ip header */ memset(payload, 0, IPHDR_REJECT_LENGTH); ip->ip6_flow = 0x60000000; ip->ip6_plen = htons(payload_size); ip->ip6_hops = 64; /* write dummy hop limit */ ip->ip6_nxt = element->tracking.protocol; ip->ip6_src = element->tracking.saddr; ip->ip6_dst = element->tracking.daddr; /* write transport layer */ memcpy(payload + IP6HDR_REJECT_LENGTH, element->payload, element->payload_len); /* write icmp reject packet */ memcpy((char *) response + sizeof (nuv4_nuauth_decision_response_t), payload, payload_size); } else { char payload[IPHDR_REJECT_LENGTH + STORED_PAYLOAD_SIZE]; struct iphdr *ip = (struct iphdr *) payload; /* create ip header */ memset(payload, 0, IPHDR_REJECT_LENGTH); ip->version = AF_INET; ip->ihl = IPHDR_REJECT_LENGTH_BWORD; ip->tot_len = htons(IPHDR_REJECT_LENGTH + element->payload_len); ip->ttl = 64; /* write dummy ttl */ ip->protocol = element->tracking.protocol; ip->saddr = element->tracking.saddr.s6_addr32[3]; ip->daddr = element->tracking.daddr.s6_addr32[3]; /* write transport layer */ memcpy(payload + IPHDR_REJECT_LENGTH, element->payload, element->payload_len); /* write icmp reject packet */ memcpy((char *) response + sizeof (nuv4_nuauth_decision_response_t), payload, payload_size); } } } break; default: log_message(WARNING, DEBUG_AREA_GW, "Unknown nufw protocol at %s:%d", __FILE__, __LINE__); return; } if (DEBUG_OR_NOT (DEBUG_LEVEL_DEBUG, DEBUG_AREA_PACKET)) { print_connection_wid(element, "Answ Packet", TRUE, packet_id); } ret = nufw_session_send(element->tls, buffer, total_size); if (ret != NU_EXIT_OK) { declare_dead_nufw_session(element->tls); } else { release_nufw_session(element->tls); } } /** @} */ nufw-2.4.3/src/nuauth/auth_common.h0000644000175000017500000000410111431206275014172 00000000000000/* ** Copyright(C) 2005-2007 Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef AUTH_COMMON_H #define AUTH_COMMON_H #define SHL32(x, n) (((int)(n)<=0)?(x):(((n) < 32)?((x) << (n)):0)) #define SHR32(x, n) (((int)(n)<=0)?(x):(((n) < 32)?((x) >> (n)):0)) typedef enum { PACKET_ALONE = 0, /*!< The packet is not linked with the main hash ::conn_list */ PACKET_IN_HASH /*!< Packet is stored inside ::conn_list */ } packet_place_t; gboolean tracking_equal(const tracking_t *trck1, const tracking_t *trck2); void *search_and_fill(GMutex * mutex); int sck_auth_reply; char *get_rid_of_domain(const char *user); char *get_rid_of_prefix_domain(const char *user); void free_buffer_read(struct tls_buffer_read *datas); /* * Keep connection in a hash */ #ifdef PERF_DISPLAY_ENABLE int timeval_substract(struct timeval *result, struct timeval *x, struct timeval *y); #endif nu_error_t check_protocol_version(enum proto_type_t type, int version); int str_to_int(const char *text, int *value); int str_to_uint32(const char *text, uint32_t *value); int str_to_long(const char *text, long *value); int str_to_ulong(const char *text, unsigned long *value); char *int_to_str(int value); void thread_pool_push(GThreadPool *pool, gpointer data, GError **error); int parse_addr_port(const char *text, const char* default_port, char **addr, char **port); int user_pipefd[2]; #endif nufw-2.4.3/src/nuauth/cache.h0000644000175000017500000000370511431206275012735 00000000000000/* ** Copyright(C) 2003-2005 Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef CACHE_H #define CACHE_H /** * \addtogroup NuauthCache * @{ */ typedef struct { GSList *datas; time_t create_timestamp; time_t refresh_timestamp; gboolean refreshing; } cache_entry_t; typedef struct { gpointer datas; guint usage; } cache_entry_content_t; void cache_entry_content_destroy(cache_entry_content_t * content, GFunc free_datas); typedef void (*CacheDeleteFunc) (gpointer, gpointer); /** * struct needed for initialisation of cache manager occurence */ typedef struct { GAsyncQueue *queue; GHashTable *hash; CacheDeleteFunc delete_elt; void *(*duplicate_key) (gpointer); void (*free_key) (gpointer); gboolean(*equal_key) (gconstpointer, gconstpointer); } cache_class_t; void cache_manager(cache_class_t * this); void cache_destroy(cache_class_t * datas); void cache_reset(cache_class_t * this); /** * generic message send between thread working with the * cache system */ struct cache_message { guint type; /*< message type */ gpointer key; /*< key that identify datas in hash */ gpointer datas; /*< datas to store */ GAsyncQueue *reply_queue; /*< reply has to be sent to */ }; gpointer null_message; gpointer null_queue_datas; /** @} */ #endif nufw-2.4.3/src/nuauth/command_enc.h0000644000175000017500000000323211431206275014130 00000000000000/* ** Copyright(C) 2007 INL ** Written by Victor Stinner ** ** $Id: command.h 2738 2007-02-17 13:59:56Z regit $ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef COMMAND_NEW_H #define COMMAND_NEW_H #include "auth_srv.h" typedef struct { char *data; size_t size; size_t alloc_size; } encoder_t; encoder_t* encoder_new(); void encoder_destroy(encoder_t* encoder); void encoder_slist_destroy(GSList *item_list); void encoder_add_int32(encoder_t* encoder, uint32_t value); void encoder_add_ipv6(encoder_t* encoder, const struct in6_addr *ipv6); void encoder_add_string(encoder_t* encoder, const char *string); void encoder_add_tuple(encoder_t* encoder, size_t count, encoder_t *items); void encoder_add_tuple_from_slist(encoder_t* encoder, GSList *item_list); void encoder_add_uptime(encoder_t* encoder, time_t start, time_t diff); encoder_t* encode_answer(uint8_t ok, encoder_t *data); encoder_t* encode_user(user_session_t *session); encoder_t* encode_nufw(nufw_session_t *session); #endif /* COMMAND_NEW_H */ nufw-2.4.3/src/nuauth/users.h0000644000175000017500000000604411431206275013032 00000000000000/* ** Copyright(C) 2005-2009 INL ** Written by Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef USERS_H #define USERS_H #include #include "cache.h" int init_user_cache(); void get_users_from_cache(connection_t * conn_elt); gpointer user_duplicate_key(gpointer datas); struct user_cached_datas { uint32_t uid; GSList *groups; }; typedef enum { AUTH_TYPE_EXTERNAL, /*!< authentication SSL */ AUTH_TYPE_INTERNAL, /*!< authentication SASL */ } auth_type_t; /** * \brief Stores all information relative to a TLS user session. * * We don't want to have this information in all authentication packet. * Thus, once a user has managed to authenticate and has given * all the informations nuauth needs, we store it in this structure for * later use. * * When an authentication packet is received from the socket link to the user, * we add the informations contained in this strucuture to the just created * ::connection_t (see user_request()). * * An "user" is a person authenticated with a NuFW client. */ typedef struct { struct in6_addr addr; /*!< \brief IPv6 address of the client */ struct in6_addr server_addr; /*!< \brief IPv6 address of the server */ unsigned short sport; /*!< \brief source port */ /** \brief socket used by tls session. * It identify the client and it is used as the key */ int32_t socket; /* tls should be removed by ssl */ nussl_session *nussl; /*!< \brief SSL session opened with tls_connect() */ GMutex *tls_lock; /*!< \brief Mutex to lock use of TLS */ char *user_name; /*!< \brief User name */ uint32_t user_id; /*!< \brief User identifier */ GSList *groups; /*!< \brief List of groups the user belongs to */ gchar *sysname; /*!< \brief OS system name (eg. "Linux") */ gchar *release; /*!< \brief OS release (eg. "2.6.12") */ gchar *version; /*!< \brief OS full version */ gchar *client_name; /*!< \brief Client full name */ gchar *client_version; /*!< \brief Client full version */ uint32_t capa_flags; /*!< \brief Handle client capabilities */ time_t expire; /*!< \brief Timeout of the session (-1 means unlimited) */ int proto_version; /*!< \brief Client protocol version */ auth_type_t auth_type; int auth_quality; time_t connect_timestamp; time_t last_request; gboolean activated; /*!< \brief TRUE if user server listen for event for this session */ } user_session_t; char *capa_array[32]; #endif nufw-2.4.3/src/nuauth/nuauth_debug.h0000644000175000017500000000213711431206275014342 00000000000000/* ** ** Copyright(C) 2005 INL ** Written by Vincent Deffontaines ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include void set_glib_loghandlers(int use_stdout, int use_syslog); void process_g_message(const gchar * log_domain, GLogLevelFlags log_level, const gchar * message, gpointer user_data); void process_g_fatal(const gchar * log_domain, GLogLevelFlags log_level, const gchar * message, gpointer user_data); nufw-2.4.3/src/nuauth/log.h0000644000175000017500000000317011431206275012447 00000000000000/* ** Copyright(C) 2005 INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NUAUTH_LOG_H #define NUAUTH_LOG_H #include "auth_srv.h" #include #include #include #define DEBUG_OR_NOT(LOGLEVEL, LOGAREA) \ ((nuauthconf->debug_areas & LOGAREA) == LOGAREA \ && \ (nuauthconf->debug_level >=LOGLEVEL )) #define log_message(level, area, format, args...) \ do { \ if (((area) & nuauthconf->debug_areas) == (area) && (nuauthconf->debug_level >= DEBUG_LEVEL_##level)) \ g_message("[%u] " format, DEBUG_LEVEL_##level, ##args); \ } while (0) #ifdef DEBUG_ENABLE /* copy/paste of log_message macro */ #define debug_log_message(level, area, format, args...) \ do { \ if (((area) & nuauthconf->debug_areas) == (area) && (nuauthconf->debug_level >= DEBUG_LEVEL_##level)) \ g_message("[%u] " format, DEBUG_LEVEL_##level, ##args); \ } while (0) #else # define debug_log_message(level, area, format, ...) #endif #endif nufw-2.4.3/src/nuauth/gcrypt_init.h0000644000175000017500000000370111431206275014221 00000000000000/* ** Copyright(C) 2005 INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef GCRYPT_NUAUTH_H #define GCRYPT_NUAUTH_H /*! \file nuauth/gcrypt_init.h \brief Contains gcrypt init functions */ /*#define GCRYPT_PTHEAD_IMPLEMENTATION */ #ifdef GCRYPT_PTHEAD_IMPLEMENTATION #include /****************** gcrypt use 'pthread' thread implementation *************/ GCRY_THREAD_OPTION_PTHREAD_IMPL; #else /****************** gcrypt use 'glib' thread implementation ****************/ /* gcrypt init function */ static int gcry_gthread_mutex_init(void **priv) { /* to check */ GMutex *lock = g_mutex_new(); if (!lock) return ENOMEM; *priv = lock; return 0; } static int gcry_gthread_mutex_destroy(void **lock) { g_mutex_free(*lock); return 0; } static int gcry_gthread_mutex_lock(void **lock) { g_mutex_lock(*lock); return 0; } static int gcry_gthread_mutex_unlock(void **lock) { g_mutex_unlock(*lock); return 0; } static struct gcry_thread_cbs gcry_threads_gthread = { GCRY_THREAD_OPTION_USER, NULL, gcry_gthread_mutex_init, gcry_gthread_mutex_destroy, gcry_gthread_mutex_lock, gcry_gthread_mutex_unlock, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; #endif /* #ifdef GCRYPT_PTHEAD_IMPLEMENTATION */ #endif /* #ifndef GCRYPT_NUAUTH_H */ nufw-2.4.3/src/nuauth/command_codec.h0000644000175000017500000000227011431206275014441 00000000000000/* ** Copyright(C) 2007 INL ** Written by Victor Stinner ** ** $Id: command.h 2738 2007-02-17 13:59:56Z regit $ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef COMMAND_CODEC_H #define COMMAND_CODEC_H #define BYTECODE_BOOL 'b' #define BYTECODE_INT32 'i' #define BYTECODE_INT64 'I' #define BYTECODE_IPV6 'p' #define BYTECODE_STRING 's' #define BYTECODE_TIMESTAMP 't' #define BYTECODE_TUPLE '(' #define BYTECODE_ANSWER 'a' #define BYTECODE_USER 'u' #define BYTECODE_NUFW 'w' #define BYTECODE_UPTIME 'U' #endif /* COMMAND_CODEC_H */ nufw-2.4.3/src/nuauth/localid_auth.h0000644000175000017500000000163211431206275014317 00000000000000/* ** Copyright(C) 2005,2009 INL ** Written by Eric Leblond ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef LOCALID_AUTH_H #define LOCALID_AUTH_H /* from localid_auth */ char localid_authenticated_protocol(connection_t *conn); void *localid_auth(GMutex * mutex); #endif nufw-2.4.3/src/nuauth/nufw_servers.c0000644000175000017500000001324511431206275014415 00000000000000/* ** Copyright(C) 2007 INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ** */ #include "auth_srv.h" #include /** * \ingroup TLSNufw * @{ */ /** \file nufw_servers.c * \brief Manage nufw servers */ GHashTable *nufw_servers = NULL; GStaticMutex nufw_servers_mutex = G_STATIC_MUTEX_INIT; extern int nufw_servers_connected; void init_nufw_servers() { nufw_servers = g_hash_table_new_full(NULL, NULL, NULL, (GDestroyNotify) clean_nufw_session); } nu_error_t add_nufw_server(int conn_fd, nufw_session_t * nu_session) { g_static_mutex_lock(&nufw_servers_mutex); g_hash_table_insert(nufw_servers, GINT_TO_POINTER(conn_fd), nu_session); g_atomic_int_inc(&nufw_servers_connected); g_static_mutex_unlock(&nufw_servers_mutex); return NU_EXIT_OK; } /** * Close the TLS NuFW servers */ void close_nufw_servers() { g_static_mutex_lock(&nufw_servers_mutex); if (nufw_servers != NULL) g_hash_table_destroy(nufw_servers); nufw_servers = NULL; g_static_mutex_unlock(&nufw_servers_mutex); } /** * Suppress entry from nufw_servers hash when a * problem occurs */ static nu_error_t suppress_nufw_session(nufw_session_t * session) { g_hash_table_steal(nufw_servers, GINT_TO_POINTER (nussl_session_get_fd(session->nufw_client))); return NU_EXIT_OK; } extern int nufw_servers_connected; /** * Clean a NuFW TLS session: send "bye", deinit the connection * and free the memory. */ void clean_nufw_session(nufw_session_t * c_session) { nussl_session_destroy(c_session->nufw_client); g_mutex_free(c_session->tls_lock); g_free(c_session); g_atomic_int_dec_and_test(&nufw_servers_connected); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_GW, "close nufw session: done"); } nu_error_t declare_dead_nufw_session(nufw_session_t * session) { g_static_mutex_lock(&nufw_servers_mutex); /* session is dead, clean tls and remove session from nufw_servers * hash */ if (session->alive == TRUE) { suppress_nufw_session(session); nussl_session_destroy(session->nufw_client); session->nufw_client = NULL; session->alive = FALSE; } /* if no one is using nufw session, destroy it */ if (g_atomic_int_dec_and_test(&(session->usage))) { clean_nufw_session(session); } g_static_mutex_unlock(&nufw_servers_mutex); return NU_EXIT_OK; } gboolean ghrfunc_true(gpointer key, gpointer value, gpointer user_data) { if (((nufw_session_t *)value)->alive == TRUE) return TRUE; else return FALSE; } static gboolean get_nufw_server_by_addr(gpointer key, gpointer value, gpointer user_data) { const nufw_session_t* session = value; const struct in6_addr *addr = user_data; if (ipv6_equal(&session->peername, addr)) { return TRUE; } else { return FALSE; } } /** * get first alive nufw_session_t:: * * session need to be released with a call to release_nufw_session() */ nufw_session_t * get_nufw_session() { nufw_session_t * value = NULL; g_static_mutex_lock(&nufw_servers_mutex); value = (nufw_session_t *) g_hash_table_find(nufw_servers, ghrfunc_true, NULL); if (value) { g_atomic_int_inc(&(value->usage)); } g_static_mutex_unlock(&nufw_servers_mutex); return value; } nufw_session_t * acquire_nufw_session_by_socket(int c) { nufw_session_t * c_session = NULL; g_static_mutex_lock(&nufw_servers_mutex); c_session = g_hash_table_lookup(nufw_servers, GINT_TO_POINTER (c)); if (c_session) { g_atomic_int_inc(&(c_session->usage)); } g_static_mutex_unlock(&nufw_servers_mutex); return c_session; } nufw_session_t * acquire_nufw_session_by_addr(struct in6_addr * addr) { nufw_session_t * session; g_static_mutex_lock(&nufw_servers_mutex); session = g_hash_table_find(nufw_servers, get_nufw_server_by_addr, addr); if (session) { g_atomic_int_inc(&(session->usage)); } g_static_mutex_unlock(&nufw_servers_mutex); return session; } nu_error_t increase_nufw_session_usage(nufw_session_t * session) { if (session) { g_atomic_int_inc(&(session->usage)); return NU_EXIT_OK; } return NU_EXIT_ERROR; } void release_nufw_session(nufw_session_t * session) { g_static_mutex_lock(&nufw_servers_mutex); if (g_atomic_int_dec_and_test(&(session->usage)) && (session->alive == FALSE)) { clean_nufw_session(session); } g_static_mutex_unlock(&nufw_servers_mutex); } nu_error_t nufw_session_send(nufw_session_t * session, char * buffer, int length) { int ret; if (session->alive == FALSE) return NU_EXIT_ERROR; g_mutex_lock(session->tls_lock); // XXX: make me non-blockant ret = nussl_write(session->nufw_client, buffer, length); if (ret < 0) { log_message(DEBUG, DEBUG_AREA_GW, "nufw_servers: send failure (%s)", nussl_get_error(session->nufw_client)); g_mutex_unlock(session->tls_lock); return NU_EXIT_ERROR; } g_mutex_unlock(session->tls_lock); return NU_EXIT_OK; } /** * Iterate on each nufw using callback. */ void foreach_nufw_server(GHFunc callback, void * data) { g_static_mutex_lock(&nufw_servers_mutex); g_hash_table_foreach(nufw_servers, callback, data); g_static_mutex_unlock(&nufw_servers_mutex); } /** * @} */ nufw-2.4.3/src/nuauth/valgrind.sh0000755000175000017500000000226411431206275013665 00000000000000#!/bin/bash echo "Run nuauth in Valgrind" echo echo "!!! Valgrind makes NuAuth very slow, system auth. doesn't work because of timeouts." echo "!!! Use NuAuth with plaintext auth" echo LOG=valgrind.log function stop_valgrind { echo "NuAuth in Valgrind stopped with CTRL+C" echo "Output written in file $LOG" } trap stop_valgrind SIGINT SIGTERM # glib don't use slices, use classic malloc() instead # so Valgrind is able to match memory leaks export G_SLICE=always-malloc # Some interesting options: # --gen-suppressions=yes # --gen-suppressions=yes \ # Explains: # --run-libc-freeres=no: Valgrind free all memory that libc allocates if [ -d /usr/lib/debug ]; then export LD_LIBRARY_PATH=/usr/lib/debug:$LD_LIBRARY_PATH if [ -e /usr/lib/debug/libdl-2.4.so ]; then export LD_PRELOAD=/usr/lib/debug/libdl-2.4.so fi else echo "VALGRIND WARNING: /usr/lib/debug directory is missing, install libc6-dbg" fi valgrind \ --show-reachable=yes -v \ --suppressions=valgrind.supp \ --log-file=$LOG \ --run-libc-freeres=yes \ --leak-check=full \ --verbose \ ./nuauth "$@" 2>&1 unset LD_PRELOAD LD_LIBRARY_PATH trap - SIGINT SIGTERM echo "Quit." nufw-2.4.3/src/nuauth/modules.c0000644000175000017500000005335511431206275013343 00000000000000/* ** Copyright(C) 2005,2006,2007,2008 INL ** Written by Eric Leblond ** Pierre Chifflier ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /** * * \ingroup Nuauth * \defgroup NuauthModules Nuauth Modules * * \brief Modules are used for every interaction with the outside. They are implemented using Glib modules. * * A module has to export a set of functions to be able to initialize : * - init_module_from_conf() : Init module with respect to a configuration file * - unload_module_with_params() : Clean a module instance and free related parameter * Optionally, the initialisation function of the glib can be used * * After this, it has to export the functions that are used by hook : * - define_periods(): define period that can be used in time-based acls * - user_check(): verify user credentials * - get_user_groups(): found groups the user belong to * - get_user_id(): get user id * - acl_check(): verify acl for a packet * - ip_authentication(): authenticate user packet by using external method * - certificate_check(): check validity of user's certicate * - certificate_to_uid(): build user ID from user's certicate * - user_session_logs(): log user connection and disconnection * - auth_error_log(): log failure of user authentication * - user_session_modify(): modify user session just after authentication * - user_packet_logs(): log packet * - finalize_packet(): modify packet before sending answer to nufw * * @{ */ /** * \file modules.c * \brief Take care of interaction with modules * * It contains the functions that load and unload modules as well as all * ..._check functions use in the code to interact with the modules */ #include #include "modules_definition.h" #include "nuauthconf.h" /** This is a static variable to initiate all pointers to zero */ static hook_t hooks[MOD_END] = { { "nuauth_user_check_module", NULL, NULL, "user_check", "user checking" }, { "nuauth_get_user_id_module", NULL, NULL, "get_user_id", "user id fetching" }, { "nuauth_get_user_groups_module", NULL, NULL, "get_user_groups", "user groups fetching" }, { "nuauth_auth_error_log_module", NULL, NULL, "auth_error_log", "auth error log" }, { "nuauth_acl_check_module", NULL, NULL, "acl_check", "acls checking" }, { "nuauth_user_session_modify_module", NULL, NULL, "user_session_modify", "user session modify" }, { "nuauth_user_logs_module", NULL, NULL, "user_packet_logs", "user packet logging" }, { "nuauth_user_session_logs_module", NULL, NULL, "user_session_logs", "user session logging" }, { "nuauth_finalize_packet_module", NULL, NULL, "finalize_packet", "finalize packet" }, { "nuauth_periods_module", NULL, NULL, "define_periods", "define periods checking" }, { "nuauth_certificate_check_module", NULL, NULL, "certificate_check", "certificate check" }, { "nuauth_certificate_to_uid_module", NULL, NULL, "certificate_to_uid", "certificate to uid" }, { "nuauth_postauth_proto_module", NULL, NULL, "postauth_proto", "post auth proto" }, { "nuauth_ip_authentication_module", NULL, NULL, "ip_authentication", "ip authentication" }, }; /** * Check a user/password against the list of modules used for user authentication * It returns the decision using SASL defined return value. */ int modules_user_check(const char *user, const char *pass, unsigned passlen, user_session_t *session) { /* iter through module list and stop when user is found */ GSList *walker = hooks[MOD_USER_CHECK].modules; int walker_return = 0; block_on_conf_reload(); for (; walker != NULL; walker = walker->next) { walker_return = (*(user_check_callback *) (((module_t *) walker->data))->func) (user, pass, passlen, session, ((module_t *) walker->data)-> params); if (walker_return == SASL_OK) return SASL_OK; } return SASL_NOAUTHZ; } /** * Get group for a given user */ GSList *modules_get_user_groups(const char *user) { /* iter through module list and stop when an acl is found */ GSList *walker = hooks[MOD_USER_GROUPS].modules; GSList *walker_return = NULL; block_on_conf_reload(); for (; walker != NULL; walker = walker->next) { walker_return = (*(get_user_groups_callback *) (((module_t *) walker->data))->func) (user, ((module_t *) walker->data)-> params); if (walker_return) return walker_return; } return NULL; } uint32_t modules_get_user_id(const char *user) { /* iter through module list and stop when an acl is found */ GSList *walker = hooks[MOD_USER_ID].modules; uint32_t walker_return = 0; block_on_conf_reload(); for (; walker != NULL; walker = walker->next) { walker_return = (*(get_user_id_callback *) (((module_t *) walker->data))->func) (user, ((module_t *) walker->data)-> params); if (walker_return) return walker_return; } return 0; } /** * Check a connection and return a list of acl that match the information * contained in the connection. */ GSList *modules_acl_check(connection_t * element) { /* iter through module list and stop when an acl is found */ GSList *walker = hooks[MOD_ACL_CHECK].modules; GSList *walker_return = NULL; block_on_conf_reload(); for (; walker != NULL; walker = walker->next) { walker_return = (*(acl_check_callback *) (((module_t *) walker->data))->func) (element, ((module_t *) walker->data)-> params); if (walker_return) return walker_return; } return NULL; } /* ip auth */ gchar *modules_ip_auth(auth_pckt_t * header) { /* iter through module list and stop when decision is made */ GSList *walker = hooks[MOD_IP_AUTH].modules; gchar *walker_return = NULL; block_on_conf_reload(); for (; walker != NULL; walker = walker->next) { walker_return = (*(ip_auth_callback *) (((module_t *) walker->data))-> func) (header, ((module_t *) walker->data)->params); if (walker_return) return walker_return; } return NULL; } /** * log authenticated packets */ nu_error_t modules_user_logs(void *element, tcp_state_t state) { /* iter through all modules list */ GSList *walker = hooks[MOD_LOG_PACKETS].modules; nu_error_t ret = NU_EXIT_OK; block_on_conf_reload(); for (; walker != NULL; walker = walker->next) { user_logs_callback *handler = (user_logs_callback *) ((module_t *) walker->data)-> func; if (handler(element, state, ((module_t *) walker->data)->params) == -1) { ret = NU_EXIT_ERROR; /* A module has failed, this packet will be dropped if * drop_if_no_logging is set */ if (nuauthconf->drop_if_no_logging) { ((connection_t *)element)->decision = DECISION_DROP; /* stop iterating over modules (nuauth is in DOS mode there) */ return ret; } } } return ret; } /** * log user connection and disconnection */ int modules_user_session_logs(user_session_t * user, session_state_t state) { /* iter through all modules list */ GSList *walker = hooks[MOD_LOG_SESSION].modules; block_on_conf_reload(); for (; walker != NULL; walker = walker->next) { user_session_logs_callback *handler = (user_session_logs_callback *) ((module_t *) walker-> data)->func; handler(user, state, ((module_t *) walker->data)->params); } return 0; } /** * parse time period configuration for each module * and fille the given hash (first argument) */ void modules_parse_periods(GHashTable * periods) { /* iter through all modules list */ GSList *walker = hooks[MOD_PERIOD].modules; for (; walker != NULL; walker = walker->next) { define_period_callback *handler = (define_period_callback *) (((module_t *) walker->data)->func); handler(periods, ((module_t *) walker->data)->params); } } /** * Check certificate * * \param nussl NuSSL connection * \return SASL_OK if certificate is correct */ int modules_check_certificate(nussl_session* nussl) { /* iter through all modules list */ GSList *walker = hooks[MOD_CERT_CHECK].modules; int ret; log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "module check certificate"); block_on_conf_reload(); for (; walker != NULL; walker = walker->next) { certificate_check_callback *handler = (certificate_check_callback *) ((module_t *) walker-> data)->func; ret = handler(nussl, ((module_t *) walker->data)->params); if (ret != SASL_OK) { return ret; } } return SASL_OK; } /** * certificate to uid * * \param nussl NuSSL connection * \return uid */ gchar *modules_certificate_to_uid(nussl_session* nussl) { /* iter through all modules list */ GSList *walker = hooks[MOD_CERT_TO_UID].modules; gchar *uid; block_on_conf_reload(); for (; walker != NULL; walker = walker->next) { certificate_to_uid_callback *handler = (certificate_to_uid_callback *) ((module_t *) walker-> data)->func; uid = handler(nussl, ((module_t *) walker->data)->params); if (uid) { return uid; } } return NULL; } /** * Modify user session * */ int modules_user_session_modify(user_session_t * c_session) { /* iter through all modules list */ GSList *walker = hooks[MOD_SESSION_MODIFY].modules; int ret; block_on_conf_reload(); for (; walker != NULL; walker = walker->next) { user_session_modify_callback *handler = (user_session_modify_callback *) (((module_t *) walker->data)->func); ret = handler(c_session, ((module_t *) walker->data)->params); if (ret != SASL_OK) { return ret; } } return SASL_OK; } /** * Compute packet mark * */ nu_error_t modules_finalize_packet(connection_t * connection) { /* iter through all modules list */ GSList *walker = hooks[MOD_FINALIZE_PACKET].modules; block_on_conf_reload(); for (; walker != NULL; walker = walker->next) { finalize_packet_callback *handler = (finalize_packet_callback *) (((module_t *) walker->data)->func); handler(connection, ((module_t *) walker->data)->params); } return NU_EXIT_OK; } /** * Log authentication error */ void modules_auth_error_log(user_session_t * session, nuauth_auth_error_t error, const char *message) { GSList *walker = hooks[MOD_USER_FAIL].modules; block_on_conf_reload(); for (; walker != NULL; walker = walker->next) { auth_error_log_callback *handler = (auth_error_log_callback *) (((module_t *) walker->data)->func); handler(session, error, message, ((module_t *) walker->data)->params); } } /** * custom modification of post authentication exchange */ int modules_postauth_proto(user_session_t * user) { /* iter through all modules list */ GSList *walker = hooks[MOD_POSTAUTH_PROTO].modules; int ret; block_on_conf_reload(); for (; walker != NULL; walker = walker->next) { postauth_proto_callback *handler = (postauth_proto_callback *) ((module_t *) walker-> data)->func; ret = handler(user, ((module_t *) walker->data)->params); if (ret != SASL_OK) { return ret; } } return SASL_OK; } void clean_module_t(module_t *module) { if (module) { log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Module %s cleaning", module->name); if (module->free_params) { module->free_params(module->params); module->params = NULL; } } } void free_module_t(module_t * module) { if (module) { #ifndef DEBUG_WITH_VALGRIND log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Module %s closing", module->name); if (! g_module_close(module->module)) { log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Module %s can't be closed", module->name); } else { log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Module %s closed", module->name); } #endif g_free(module->module_name); g_free(module->name); g_free(module->configfile); } g_free(module); module = NULL; } /** * Initialise module system * * Please note it has only to be called once * */ int init_modules_system() { /* init modules list mutex */ modules_mutex = g_mutex_new(); return 1; } /** * Check API version of a module: should be NUAUTH_API_VERSION. * Use the function 'get_api_version' of the module. * * \return Returns 0 if the function missing or the function is different, * and 1 otherwise. */ int check_module_version(GModule * module) { get_module_version_func_t get_version; uint32_t api_version; /* get module function handler */ if (!g_module_symbol (module, "get_api_version", (gpointer *) & get_version)) { g_warning ("Unable to load function 'get_api_version' from module %s", g_module_name(module)); exit(EXIT_FAILURE); } api_version = get_version(); if (NUAUTH_API_VERSION != api_version) { g_warning ("Not loading module %s: wrong API version (%u instead of %u)", g_module_name(module), api_version, NUAUTH_API_VERSION); exit(EXIT_FAILURE); } return 1; } /** * Load module for a task * * Please note that last args is a pointer of pointer */ static int load_modules_from(gchar * confvar, gchar * func, GSList ** target, module_hook_t hook) { gchar **modules_list; gchar *module_path; init_module_from_conf_t *initmod; gchar **params_list; module_t *current_module; int i; if (confvar == NULL) return 1; modules_list = g_strsplit(confvar, " ", 0); if (modules_list == NULL) return 1; for (i = 0; modules_list[i] != NULL; i++) { current_module = g_new0(module_t, 1); /* var format is NAME:MODULE:CONFFILE */ params_list = g_strsplit(modules_list[i], ":", 3); current_module->name = g_strdup(params_list[0]); if (params_list[1]) { current_module->module_name = g_strdup(params_list[1]); if (params_list[2]) { current_module->configfile = g_strdup(params_list[2]); } else { /* we build config file name */ current_module->configfile = g_strjoin(NULL, CONFIG_DIR, "/", MODULES_CONF_DIR, "/", current_module->name, MODULES_CONF_EXTENSION, NULL); } } else { current_module->module_name = g_strdup(current_module->name); current_module->configfile = NULL; } /* Open dynamic library */ module_path = g_module_build_path(MODULE_PATH, current_module->module_name); current_module->module = g_module_open(module_path, 0); g_free(module_path); log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "\tmodule %s: using %s with configfile %s", current_module->name, current_module->module_name, current_module->configfile); if (current_module->module == NULL) { log_message(FATAL, DEBUG_AREA_MAIN, "Unable to load module %s in %s\nError: %s", modules_list[i], MODULE_PATH, g_module_error ()); free_module_t(current_module); exit(EXIT_FAILURE); } /* check module version */ if (!check_module_version(current_module->module)) { free_module_t(current_module); return 0; } /* get module function handler */ if (!g_module_symbol (current_module->module, func, (gpointer *) & current_module->func)) { log_message(FATAL, DEBUG_AREA_MAIN, "Unable to load function %s in %s", func, g_module_name(current_module->module)); free_module_t(current_module); g_strfreev(params_list); exit(EXIT_FAILURE); } current_module->hook = hook; /* get params for module by calling module exported function */ if (g_module_symbol (current_module->module, INIT_MODULE_FROM_CONF, (gpointer *) & initmod)) { /* Initialize module */ if (!initmod(current_module)) { g_warning ("Unable to init module"); current_module->params = NULL; return 0; } } else { log_message(WARNING, DEBUG_AREA_MAIN, "No init function for module %s: PLEASE UPGRADE!", current_module->module_name); current_module->params = NULL; return 0; } /* get params for module by calling module exported function */ if (!g_module_symbol (current_module->module, "unload_module_with_params", (gpointer *) & (current_module->free_params))) { log_message(WARNING, DEBUG_AREA_MAIN, "No unload function for module %s: PLEASE UPGRADE!", current_module->module_name); current_module->free_params = NULL; return 0; } /* store module in module list */ *target = g_slist_append(*target, (gpointer) current_module); nuauthdatas->modules = g_slist_prepend(nuauthdatas->modules, current_module); /* free memory */ g_strfreev(params_list); } g_strfreev(modules_list); return 1; } static char *module_default_value(int type) { switch (type) { case MOD_USER_CHECK: case MOD_USER_ID: case MOD_USER_GROUPS: return DEFAULT_USERAUTH_MODULE; break; case MOD_USER_FAIL: case MOD_POSTAUTH_PROTO: return ""; break; case MOD_ACL_CHECK: return DEFAULT_ACLS_MODULE; break; case MOD_SESSION_MODIFY: return DEFAULT_USER_SESSION_MODIFY_MODULE; break; case MOD_LOG_PACKETS: case MOD_LOG_SESSION: return DEFAULT_LOGS_MODULE; break; case MOD_FINALIZE_PACKET: return DEFAULT_FINALIZE_PACKET_MODULE; break; case MOD_PERIOD: return DEFAULT_PERIODS_MODULE; break; case MOD_CERT_CHECK: return DEFAULT_CERTIFICATE_CHECK_MODULE; break; case MOD_CERT_TO_UID: return DEFAULT_CERTIFICATE_TO_UID_MODULE; break; case MOD_IP_AUTH: return DEFAULT_IPAUTH_MODULE; break; default: return NULL; } } /** * Load modules for user and acl checking as well as for user logging and ip authentication */ int load_modules() { int i; hooks[MOD_USER_CHECK].config = nuauth_config_table_get_or_default(hooks[MOD_USER_CHECK].configstring, module_default_value(MOD_USER_CHECK)); for (i = MOD_SIMPLE; i < MOD_OPTIONAL; i++) { hooks[i].config = nuauth_config_table_get_or_default(hooks[i].configstring, module_default_value(i)); } if (nuauthconf->do_ip_authentication) { hooks[MOD_IP_AUTH].config = nuauth_config_table_get_or_default(hooks[MOD_IP_AUTH].configstring, module_default_value(MOD_IP_AUTH)); } /* MOD_USER_CHECK is *always* set to something */ hooks[MOD_USER_ID].config = nuauth_config_table_get_or_default(hooks[MOD_USER_ID].configstring, hooks[MOD_USER_CHECK].config); hooks[MOD_USER_GROUPS].config = nuauth_config_table_get_or_default(hooks[MOD_USER_GROUPS].configstring, hooks[MOD_USER_CHECK].config); /* external auth module loading */ g_mutex_lock(modules_mutex); #define LOAD_MODULE(HOOK) \ log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Loading %s modules:", hooks[HOOK].message); \ if (!load_modules_from(hooks[HOOK].config, hooks[HOOK].funcstring, &(hooks[HOOK].modules), HOOK)) \ { \ log_message(FATAL, DEBUG_AREA_MAIN, "Failed to load modules %s", hooks[HOOK].message); \ return 0; \ } /* loading modules */ for (i = MOD_FIRST; i < MOD_OPTIONAL; i++) { LOAD_MODULE(i); } if (nuauthconf->do_ip_authentication) { LOAD_MODULE(MOD_IP_AUTH); } g_mutex_unlock(modules_mutex); return 1; } /** * Unload all modules of NuAuth (variable ::nuauthdatas->modules). */ void unload_modules() { GSList *c_module; unsigned int i; g_mutex_lock(modules_mutex); /* call cleaning function before free */ for (c_module = nuauthdatas->modules; c_module; c_module = c_module->next) { clean_module_t((module_t *) c_module->data); } for (c_module = nuauthdatas->modules; c_module; c_module = c_module->next) { free_module_t((module_t *) c_module->data); } /* free nuauthdatas modules list */ g_slist_free(nuauthdatas->modules); nuauthdatas->modules = NULL; /* free all lists */ for(i = 0; i < (sizeof(hooks) / sizeof(*hooks)); ++i) { g_slist_free(hooks[i].modules); hooks[i].modules = NULL; g_free(hooks[i].config); } g_mutex_unlock(modules_mutex); } /** * \brief Test if this is initial start of nuauth * * \return TRUE if this is the initial start, FALSE if this is not the case */ gboolean nuauth_is_reloading() { gboolean reloading = FALSE; if (nuauthdatas->is_starting == TRUE) { return FALSE; } g_mutex_lock(nuauthdatas->reload_cond_mutex); if (nuauthdatas->need_reload) { reloading = TRUE; } g_mutex_unlock(nuauthdatas->reload_cond_mutex); return reloading; } /** * \brief Block till reload is over * */ void block_on_conf_reload() { g_mutex_lock(nuauthdatas->reload_cond_mutex); if (nuauthdatas->need_reload) { g_mutex_unlock(nuauthdatas->reload_cond_mutex); while (nuauthdatas->need_reload) { g_cond_wait(nuauthdatas->reload_cond, nuauthdatas->reload_cond_mutex); } } g_mutex_unlock(nuauthdatas->reload_cond_mutex); } /** * \brief Register client capabilities (for plugin) */ nu_error_t register_client_capa(const char * name, unsigned int * index) { int i; for (i = 0; i < 32; i++) { if (! capa_array[i]) { capa_array[i] = g_strdup(name); *index = i; return NU_EXIT_OK; } } return NU_EXIT_ERROR; } /** * \brief Unregister client capabilities (for plugin) */ nu_error_t unregister_client_capa(int index) { g_free(capa_array[index]); capa_array[index] = NULL; return NU_EXIT_OK; } /* * protocol extension handling */ nu_error_t init_protocol_extension(struct nuauth_datas * ndatas) { INIT_LLIST_HEAD(&(ndatas->ext_proto_l)); return NU_EXIT_OK; } nu_error_t register_protocol_extension(struct nuauth_datas * ndatas, struct proto_ext_t *extproto) { INIT_LLIST_HEAD(&(extproto->list)); llist_add(&(ndatas->ext_proto_l), &(extproto->list)); return NU_EXIT_OK; } nu_error_t unregister_protocol_extension(struct proto_ext_t *extproto) { llist_del(&(extproto->list)); return NU_EXIT_OK; } /* @} */ nufw-2.4.3/src/nuauth/debug.c0000644000175000017500000000373111431206275012752 00000000000000/* ** Copyrigh 2002-2004 Vincent Deffontaines ** INL http://www.inl.fr/ ** ** $Id$ ** ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "auth_srv.h" #include "nuauth_debug.h" #include #include #include static inline int _map_g_loglevel_to_debuglevel(int log_level) { if (log_level & G_LOG_FLAG_FATAL) return DEBUG_LEVEL_FATAL; if (log_level & G_LOG_LEVEL_ERROR) return DEBUG_LEVEL_CRITICAL; if (log_level & G_LOG_LEVEL_WARNING) return DEBUG_LEVEL_WARNING; if (log_level & G_LOG_LEVEL_MESSAGE) return DEBUG_LEVEL_SERIOUS_MESSAGE; if (log_level & G_LOG_LEVEL_INFO) return DEBUG_LEVEL_INFO; if (log_level & G_LOG_LEVEL_DEBUG) return DEBUG_LEVEL_DEBUG; return log_level; } /* sweet formula : GLIB_LOG_LEVEL=2^SYSLOG_LOG_LEVEL */ void process_g_syslog(const gchar * log_domain, GLogLevelFlags log_level, const gchar * message, gpointer user_data) { int debug_level; debug_level = _map_g_loglevel_to_debuglevel(log_level); log_printf(debug_level, message); } void set_glib_loghandlers(int use_stdout, int use_syslog) { int flags = 0; if (use_stdout) flags |= LOG_TO_STD; if (use_syslog) flags |= LOG_TO_SYSLOG; nubase_log_engine_set(flags); init_log_engine("nuauth"); g_log_set_handler(NULL, G_LOG_LEVEL_MASK | G_LOG_FLAG_FATAL | G_LOG_FLAG_RECURSION, process_g_syslog, NULL); } nufw-2.4.3/src/nuauth/parsing.h0000644000175000017500000000247411431206275013337 00000000000000/* ** Copyright(C) 2005 Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef PARSING_H #define PARSING_H /* parsing function */ struct in6_addr *generate_inaddr_list(gchar * gwsrv_addr); gboolean check_inaddr_in_array(struct in6_addr *check_ip, struct in6_addr *iparray); gboolean check_string_in_array(gchar * checkstring, gchar ** stringarray); /** * Check validity of data before inserting them to SQL * This allocates a new string. * Returns NULL is the original string contains ' or ; * Else returns escaped char (with glib function g_strescape() */ gchar *string_escape(const gchar * orig); gchar *str_print_group(user_session_t * usession); #endif nufw-2.4.3/src/nuauth/gcrypt.c0000644000175000017500000001305311431206275013172 00000000000000/* ** Copyright(C) 2004-2009 INL ** Written by Eric Leblond ** Pierre Chifflier ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ** ** Changelog : ** 20/06/2005 : deal with seeded/unseeded cases. Patch from Julian Reich ** 02/06/2009 : use hash functions from NuSSL. Recode hash format ** */ #include #include #include #include "../include/security.h" #include /** * \ingroup TLSUser * @{ * * \file gcrypt.c * \brief Contain function used to ease authentication task * * In particular, it does handle hash verification */ /** * verify user password against user authentication module. */ int verify_user_password(const char *given, const char *ours) { int ret; char *decoded; unsigned int decoded_len; char **splitted_secret; int algo = 0; int seeded = 0; char seed[NUSSL_HASH_MAX_SIZE]; unsigned int seed_len; char res[NUSSL_HASH_MAX_SIZE]; size_t res_len; if (g_str_has_prefix(ours, "{")) { splitted_secret = g_strsplit(ours, "}", 2); if (splitted_secret == NULL) /* We received an empty string */ return SASL_BADAUTH; if (strncmp("{", splitted_secret[0], 1)) { /* Not starting with "{" means this is plaintext */ if (strcmp(given, splitted_secret[0])) { g_strfreev(splitted_secret); return SASL_BADAUTH; } else { g_strfreev(splitted_secret); return SASL_OK; } } if (!(strcmp("{SSHA", splitted_secret[0]))) { /* SHA1 (seeded) */ algo = NUSSL_HASH_SHA1; seeded = 1; } else if (!(strcmp("{SMD5", splitted_secret[0]))) { /* MD5 (seeded) */ algo = NUSSL_HASH_MD5; seeded = 1; } else if (!(strcmp("{SHA1", splitted_secret[0]))) /* SHA1 */ algo = NUSSL_HASH_SHA1; else if (!(strcmp("{SHA", splitted_secret[0]))) /* SHA1 */ algo = NUSSL_HASH_SHA1; else if (!(strcmp("{MD5", splitted_secret[0]))) /* MD5 */ algo = NUSSL_HASH_MD5; else { log_message(WARNING, DEBUG_AREA_AUTH, "verify_user_password() : Unsupported hash algorithm"); g_strfreev(splitted_secret); return SASL_BADAUTH; } if (seeded) { /* get seed */ if (sasl_decode64(splitted_secret[1], strlen(splitted_secret[1]), seed, sizeof(seed), &seed_len) != SASL_OK) { log_message(INFO, DEBUG_AREA_AUTH, "sasl_decode64 failed in gcrypt.c, where seeded is used"); g_strfreev(splitted_secret); return SASL_BADAUTH; } ret = nussl_hash_compute_with_salt(algo, given, strlen(given), seed, seed_len, res, &res_len); } else { ret = nussl_hash_compute(algo, given, strlen(given), res, &res_len); } /* alloc decoded to reasonnable length */ decoded = g_new0(char, 50); if (sasl_encode64(res, res_len, decoded, 50, &decoded_len) != SASL_OK) { log_message(INFO, DEBUG_AREA_AUTH, "sasl_encode64 failed in gcrypt.c"); g_strfreev(splitted_secret); return SASL_BADAUTH; } /* convert password from utf-8 to locale */ if (nuauthconf->uses_utf8) { size_t bwritten = 0; gchar *traduc; traduc = g_locale_from_utf8(decoded, -1, NULL, &bwritten, NULL); if (traduc) { g_free(decoded); decoded = traduc; } else { log_message(WARNING, DEBUG_AREA_AUTH, "can not convert password %s at %s:%d", decoded, __FILE__, __LINE__); } } debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_AUTH, "given %s, decoded %s, stored : %s", given, decoded, ours); if (memcmp(decoded, splitted_secret[1+seeded], decoded_len) == 0) { #ifdef DEBUG_ENABLE if (DEBUG_OR_NOT (DEBUG_LEVEL_VERBOSE_DEBUG, DEBUG_AREA_MAIN)) { char temp_decoded[NUSSL_HASH_MAX_SIZE]; char temp_stored[NUSSL_HASH_MAX_SIZE]; SECURE_STRNCPY(temp_decoded, decoded, sizeof(temp_decoded)); SECURE_STRNCPY(temp_stored, decoded, sizeof(temp_stored)); g_message("%s == %s", temp_decoded, temp_stored); } #endif g_strfreev(splitted_secret); g_free(decoded); return SASL_OK; } else { log_message(DEBUG, DEBUG_AREA_AUTH, "given (%s) != stored (%s)", decoded, splitted_secret[1+seeded]); g_strfreev(splitted_secret); g_free(decoded); return SASL_BADAUTH; } } else { /* convert password from utf-8 to locale */ if (nuauthconf->uses_utf8) { size_t bwritten = 0; gchar *traduc; traduc = g_locale_from_utf8(given, strlen(given), NULL, &bwritten, NULL); if (traduc) { given = traduc; } else { if (DEBUG_OR_NOT (DEBUG_LEVEL_WARNING, DEBUG_AREA_MAIN)) { const char *ccharset; g_get_charset(&ccharset); g_message ("Can not convert password %s to %s at %s:%d", given, ccharset, __FILE__, __LINE__); } } } if (!strcmp(given, ours)) { if (nuauthconf->uses_utf8) { g_free((char *) given); } return SASL_OK; } else { if (nuauthconf->uses_utf8) { g_free((char *) given); } return SASL_BADAUTH; } } return SASL_BADAUTH; } /* @} */ nufw-2.4.3/src/nuauth/Makefile.am0000644000175000017500000000334611431206275013556 00000000000000SUBDIRS = modules AM_CFLAGS = -DCONFIG_DIR=\"$(sysconfdir)\" -DMODULE_DIR=\"$(libdir)\" -DLOCAL_STATE_DIR=\"$(localstatedir)\" -L$(top_srcdir)/src/include/ -L$(top_srcdir)/src/nuauth/ -D_REENTRANT INCLUDES = $(GLIB_CFLAGS) -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/nuauth/ -I$(top_srcdir)/src/libs/nussl/ -I$(top_srcdir)/src/libs/nubase -I$(top_srcdir)/src/libs/nuconfparser sbin_PROGRAMS = nuauth EXTRA_DIST = splint.sh valgrind.sh valgrind.supp #authsrv nodist_nuauth_SOURCES = acls.h audit.h auth_common.h auth_srv.h cache.h client_mngr.h command_codec.h \ command_enc.h command.h connections.h conntrack.h gcrypt_init.h \ internal_messages.h ip_auth.h localid_auth.h log.h modules_definition.h \ modules.h nuauthconf.h nuauth_debug.h nuauth_gcrypt.h nuauth_params.h \ nufw_servers.h nu_gcrypt.h nuthread.h parsing.h pckt_authsrv.h \ pckt_authsrv_v3.h period.h sasl.h take_decision.h tls.h user_authsrv.h \ user_logs.h users.h nuauth_SOURCES = nuthread.c acls.c audit.c auth_common.c authsrv.c cache.c \ check_acls.c client_mngr.c debug.c gcrypt.c ip_auth.c \ localid_auth.c parsing.c pckt_authsrv.c pckt_authsrv_v3.c\ sasl.c tls.c tls_user.c tls_nufw.c tls_sasl.c user_authsrv.c user_logs.c users.c \ modules.c nuauthconf.c conntrack.c period.c auth_hash.c take_decision.c \ command.c command_enc.c nufw_servers.c connections.c \ ${nodist_nuauth_SOURCES} nuauth_LDADD = $(GLIB_LIBS) -lm -lsasl2 ../libs/nubase/libnubase.la ../libs/nussl/libnussl.la ../libs/nuconfparser/libnuconfparser.la if BUILD_NUAUTH_COMMAND install-exec-local: install -d "$(DESTDIR)$(localstatedir)/run/nuauth/" endif nuauth$(EXEEXT): $(nuauth_OBJECTS) $(nuauth_DEPENDENCIES) @rm -f nuauth$(EXEEXT) $(LINK) $(nuauth_LDFLAGS) $(nuauth_OBJECTS) $(nuauth_LDADD) nufw-2.4.3/src/nuauth/tls.c0000644000175000017500000001022511431206275012462 00000000000000/* ** Copyright(C) 2004-2009 INL ** Written by Eric Leblond ** Vincent Deffontaines ** ** $Id$ ** tls.c: Common functions for TLS nufw and user management ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ** */ #include "auth_srv.h" #include #include #include #include #include #include #include #include #include "nuauthconf.h" /** * \addtogroup TLS * @{ */ /* } <- Added to avoid false positive * with check_log introduced by the * comment just above ;-) */ /** * \file nuauth/tls.c * \brief Functions use to create/destroy a TLS connection * * Contain common functions tor TLS handling */ /* These are global */ extern struct nuauth_tls_t nuauth_tls; struct tls_nufw_context_t { char *addr; char *port; int mx; int sck_inet; fd_set tls_rx_set; /* read set */ GMutex *mutex; nussl_session *server; }; void tls_common_init(void) { struct stat stats; nuauth_tls.key = nuauth_config_table_get_or_default("nuauth_tls_key", NUAUTH_KEYFILE); nuauth_tls.cert = nuauth_config_table_get_or_default("nuauth_tls_cert", NUAUTH_CERTFILE); nuauth_tls.ca = nuauth_config_table_get_or_default("nuauth_tls_cacert", NUAUTH_CACERTFILE); nuauth_tls.capath = nuauth_config_table_get("nuauth_tls_ca_path"); nuauth_tls.crl_file = nuauth_config_table_get("nuauth_tls_crl"); nuauth_tls.crl_refresh = nuauth_config_table_get_or_default_int("nuauth_tls_crl_refresh", DEFAULT_REFRESH_CRL_INTERVAL); nuauth_tls.ciphers = nuauth_config_table_get("nuauth_tls_ciphers"); /* {"nuauth_tls_key_passwd", G_TOKEN_STRING, 0, NULL}, */ log_message(VERBOSE_DEBUG, DEBUG_AREA_GW | DEBUG_AREA_USER, "Certificate authority: %s", nuauth_tls.ca); log_message(VERBOSE_DEBUG, DEBUG_AREA_GW | DEBUG_AREA_USER, "Server certificate: %s", nuauth_tls.cert); log_message(VERBOSE_DEBUG, DEBUG_AREA_GW | DEBUG_AREA_USER, "Server certificate key: %s", nuauth_tls.key); if ( nuauth_tls.crl_file ) { log_message(VERBOSE_DEBUG, DEBUG_AREA_GW | DEBUG_AREA_USER, "Certificate revocation list: %s", nuauth_tls.crl_file); if (access(nuauth_tls.crl_file, R_OK)) { log_message(WARNING, DEBUG_AREA_MAIN, "TLS : can not access crl file %s", nuauth_tls.crl_file); nuauth_ask_exit(); } stat(nuauth_tls.crl_file, &stats); nuauth_tls.crl_file_mtime = stats.st_mtime; } else { g_warning ("[%i] nuauth: no revocation list configured.\n", getpid()); } } /* * This function is called * when NuAuth traps a signal. * Which is always the case when the * application terminates (since we send it anyway). */ void tls_common_deinit(void) { #if 0 /* XXX: Of course we must deallocate, but considering the new config API */ g_free(nuauth_tls.key); g_free(nuauth_tls.cert); g_free(nuauth_tls.ca); g_free(nuauth_tls.crl_file); #endif } /** * Refresh crl file * * This function is run periodically because it is pushed with * cleanup_func_push() to the list of nuauth periodically run * function. */ void refresh_crl_file(void) { nuauth_tls.crl_refresh_counter++; if (nuauth_tls.crl_refresh == nuauth_tls.crl_refresh_counter) { force_refresh_crl_file(); } } void force_refresh_crl_file(void) { struct stat stats; if (nuauth_tls.crl_file == NULL) { return; } stat(nuauth_tls.crl_file, &stats); if (nuauth_tls.crl_file_mtime < stats.st_mtime) { tls_crl_update_nufw_session(nuauthdatas->tls_nufw_servers); tls_crl_update_user_session(nuauthdatas->tls_auth_servers); } nuauth_tls.crl_refresh_counter = 0; } /**@}*/ nufw-2.4.3/src/nuauth/nuauthconf.h0000644000175000017500000000301611431206275014037 00000000000000/* ** Copyright(C) 2005-2008 INL ** Written by Eric Leblond ** Pierre Chifflier ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NUAUTHCONF_H #define NUAUTHCONF_H int init_nuauthconf(struct nuauth_params **); int build_prenuauthconf(struct nuauth_params *prenuauthconf, char *gwsrv_addr, policy_t connect_policy); gboolean nuauth_reload(int signal); void free_nuauth_params(struct nuauth_params *data); int nuauth_parse_configuration(const char *filename); char *nuauth_config_table_get(const char *key); char *nuauth_config_table_get_alwaysstring(char *key); char *nuauth_config_table_get_or_default(char *key, char *replace); int nuauth_config_table_get_or_default_int(char *key, int defint); void nuauth_config_table_destroy(void); void nuauth_config_table_print(void *userdata, void (*func)(void *data, char *keyeqval)); #endif nufw-2.4.3/src/nuauth/audit.c0000644000175000017500000000747011431206275012776 00000000000000/* ** Copyright(C) 2005-2007 INL ** Written by Eric Leblond ** Vincent Deffontaines ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include /** * Print performance information. * This is the handler of SIGPOLL signal. */ void nuauth_process_poll(int signum) { g_message("AUDIT : users threads : %u/%u max/unassigned", g_thread_pool_get_max_threads(myaudit->users), g_thread_pool_unprocessed(myaudit->users)); g_message("AUDIT : acls threads : %u/%u max/unassigned", g_thread_pool_get_max_threads(myaudit->acls), g_thread_pool_unprocessed(myaudit->acls)); if (nuauthconf->acl_cache) { g_message("AUDIT : acls cache : - contains %d elements", (g_hash_table_size(myaudit->aclcache))); g_message("AUDIT : - %u/%u hits/requests", myaudit->cache_hit_nb, myaudit->cache_req_nb); } g_message("AUDIT : loggers threads : %u/%u max/unassigned", g_thread_pool_get_max_threads(myaudit->loggers), g_thread_pool_unprocessed(myaudit->loggers)); g_message("AUDIT : %d connections waiting to be sent packets for.", (g_hash_table_size(myaudit->conn_list))); /* g_message("AUDIT : overall number of unused threads : %u", g_thread_pool_get_num_unused_threads());*/ #ifdef DEBUG_MEMORY g_mem_profile(); #endif } /** * Increase debug level (see ::nuauthconf->debug_level). * This is the handler of SIGUSR1 signal. */ void nuauth_process_usr1(int signum) { nuauthconf->debug_level += 1; if (nuauthconf->debug_level > 20) nuauthconf->debug_level = 20; g_message("USR1 : setting debug level to %d", nuauthconf->debug_level); } /** * Decrease debug level (see ::nuauthconf->debug_level). * This is the handler of SIGUSR2 signal. */ void nuauth_process_usr2(int signum) { nuauthconf->debug_level -= 1; if (nuauthconf->debug_level < 0) nuauthconf->debug_level = 0; g_message("USR2 : setting debug level to %d", nuauthconf->debug_level); } /** * Install signals used in audit: * - Set SIGPOLL handler to nuauth_process_poll() ; * - Set SIGUSR1 handler to nuauth_process_usr1() ; * - Set SIGUSR2 handler to nuauth_process_usr2() ; */ void init_audit() { struct sigaction act; myaudit = g_new0(struct audit_struct, 1); myaudit->users = nuauthdatas->user_checkers; myaudit->acls = nuauthdatas->acl_checkers; myaudit->loggers = nuauthdatas->user_loggers; myaudit->conn_list = conn_list; if (nuauthconf->acl_cache) { myaudit->aclcache = nuauthdatas->acl_cache->hash; } myaudit->cache_req_nb = 0; myaudit->cache_hit_nb = 0; memset(&act, 0, sizeof(act)); act.sa_handler = &nuauth_process_poll; act.sa_flags = SIGPOLL; if (sigaction(SIGPOLL, &act, NULL) == -1) { printf("could not set signal"); exit(EXIT_FAILURE); } memset(&act, 0, sizeof(act)); act.sa_handler = &nuauth_process_usr1; act.sa_flags = SIGUSR1; if (sigaction(SIGUSR1, &act, NULL) == -1) { printf("could not set signal"); exit(EXIT_FAILURE); } memset(&act, 0, sizeof(act)); act.sa_handler = &nuauth_process_usr2; act.sa_flags = SIGUSR2; if (sigaction(SIGUSR2, &act, NULL) == -1) { printf("could not set signal"); exit(EXIT_FAILURE); } } void end_audit() { g_free(myaudit); } nufw-2.4.3/src/nuauth/sasl.h0000644000175000017500000000160711431206275012633 00000000000000/* ** Copyright(C) 2005 INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NU_SASL_H #define NU_SASL_H void my_sasl_init(); int sasl_user_check(user_session_t * c_session); #endif /* SASL_H */ nufw-2.4.3/src/nuauth/ip_auth.c0000644000175000017500000000427411431206275013320 00000000000000/* ** Copyright(C) 2004 INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include /** * check given ip for ip authentication. * * Use module to check if we can found the user logged on ip. * * Algorithm : * - Send request to module provided function * - if a username is returned * - get groups for user * - build corresponding connection structure * - feed search_and_fill with it * - else free header (userdata) * */ void external_ip_auth(gpointer userdata, gpointer data) { char *username = NULL; username = modules_ip_auth(userdata); if (username) { GSList *groups = NULL; uint32_t uid; /** * \todo set a cache for such query */ uid = modules_get_user_id(username); groups = modules_get_user_groups(username); /* if search succeed process to packet transmission */ if (groups) { connection_t *connection = g_new0(connection_t, 1); connection->state = AUTH_STATE_USERPCKT; connection->decision = DECISION_NODECIDE; connection->user_groups = groups; connection->user_id = uid; connection->username = username; connection->os_sysname = NULL; connection->app_name = NULL; connection->app_sig = NULL; connection->flags = ACL_FLAGS_NONE; connection->auth_quality = AUTHQ_BYIP; /* copy ipv4 header */ memcpy(&(connection->tracking), &((auth_pckt_t *) userdata)->header, sizeof(tracking_t)); g_async_queue_push(nuauthdatas->connections_queue, connection); } } g_free(userdata); } nufw-2.4.3/src/nuauth/internal_messages.h0000644000175000017500000000267111431206275015376 00000000000000/* ** Copyright(C) 2005 Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef INTERNAL_MESSAGES_H #define INTERNAL_MESSAGES_H /* * message structure for async communication * between cache thread and others * * See push_worker(). */ typedef enum { FREE_MESSAGE = 0, /*!< Call delete_client_by_socket() / used in cache_manager() */ WARN_MESSAGE, /*!< Warn clients: see warn_clients() */ INSERT_MESSAGE, /*!< Call add_client() / used in cache_manager() */ UPDATE_MESSAGE, /*!< Used in cache_manager() */ GET_MESSAGE, /*!< Used in cache_manager() */ REFRESH_MESSAGE, /*!< Used in cache_manager() */ RESET_MESSAGE /*!< Used in cache_manager() to make all entry perish */ } internal_message_type_t; struct internal_message { internal_message_type_t type; gpointer datas; }; #endif nufw-2.4.3/src/nuauth/nufw_servers.h0000644000175000017500000000275411431206275014425 00000000000000/* ** Copyright(C) 2007 INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ** */ #ifndef NUFW_SERVERS_H #define NUFW_SERVERS_H void init_nufw_servers(); nu_error_t add_nufw_server(int conn_fd, nufw_session_t * nu_session); nufw_session_t *get_nufw_session(); nufw_session_t * acquire_nufw_session_by_addr(struct in6_addr * addr); nufw_session_t * acquire_nufw_session_by_socket(int c); nu_error_t increase_nufw_session_usage(nufw_session_t * session); nu_error_t nufw_session_send(nufw_session_t * session, char* buffer, int length); void release_nufw_session(nufw_session_t * session); nu_error_t declare_dead_nufw_session(nufw_session_t * session); void clean_nufw_session(nufw_session_t * c_session); void close_nufw_servers(); void foreach_nufw_server(GHFunc callback, void *data); #endif nufw-2.4.3/src/nuauth/nuthread.h0000644000175000017500000000267511431206275013511 00000000000000/* ** Copyright(C) 2007 INL ** Written by Victor Stinner ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NUTHREAD_H #define NUTHREAD_H struct nuauth_thread_t { int valid; GThread *thread; GMutex *mutex; const char *name; gpointer data; }; void thread_new(struct nuauth_thread_t *thread, const char* name, void *(*func) (GMutex *)); void thread_new_wdata(struct nuauth_thread_t *thread, const char* name, gpointer data, void *(*func) (struct nuauth_thread_t *)); void thread_stop(struct nuauth_thread_t *thread); void thread_list_stop(GSList *thread_list); void thread_wait_end(struct nuauth_thread_t *thread); void thread_list_wait_end(GSList *thread_list); void thread_destroy(struct nuauth_thread_t *thread); void thread_list_destroy(GSList *thread_list); #endif nufw-2.4.3/src/nuauth/valgrind.supp0000644000175000017500000000473711431206275014246 00000000000000# Mysterious ld bug ... { mysterious_ld_bug Memcheck:Cond obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* } # *dlopen and *dlsym() { sasl_get_plugin_cond_quiet Memcheck:Cond obj:/lib/* obj:/lib/* obj:/lib/* obj:/lib/* obj:/lib/* obj:/lib/* obj:/lib/* obj:/lib/* obj:/lib/* fun: *sasl_get_plugin } { ld_level2_cond_quiet Memcheck:Cond obj:/lib/ld-* fun:_dl_open } { dlopen_level5_cond_quiet Memcheck:Cond obj:/lib/ld-* obj:/lib/ld-* obj:*/libc-* obj:/lib/ld-* fun:_dl_open } { dlsym_level4_cond_quiet Memcheck:Cond obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:*/libc-* fun:*dl_sym } { dlopen_level4_cond_quiet Memcheck:Cond obj:/lib/ld-* obj:*/libc-* obj:/lib/ld-* fun:*dl_open } { dlopen_level5_quiet Memcheck:Addr4 obj:/lib/ld-* obj:/lib/ld-* obj:*/libc-* obj:/lib/ld-* fun:*dl_open } { dlopen_level5_cond_quiet Memcheck:Cond obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:*/libc-* obj:/lib/ld-* fun:*dl_open } { dlopen_level6_addr4_quiet Memcheck:Addr4 obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:*/libc-* obj:/lib/ld-* fun:*dl_open } { dlopen_level9_value4_quiet Memcheck:Value4 obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:*/libc-* obj:/lib/ld-* fun:*dl_open } { dlopen_level8_quiet Memcheck:Addr4 obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:*/libc-* obj:/lib/ld-* fun:*dl_open } { dlsym_quiet Memcheck:Addr4 obj:/lib/ld-* obj:/lib/ld-* obj:/lib/ld-* obj:*/libc-* fun:*dl_sym } # SASL and DB { libsasl2_at_level1_cond_quiet Memcheck:Cond obj:/usr/lib/libsasl2.* } { libdb_at_level2_cond_quiet Memcheck:Cond fun:* obj:/usr/lib/libdb-4* } { libdb_at_level2_value4_quiet Memcheck:Value4 fun:* obj:/usr/lib/libdb-4* } { libsasl2_at_level2_cond_quiet Memcheck:Cond fun:* obj:/usr/lib/libsasl2.* } { libsasl2_at_level2_value4_quiet Memcheck:Value4 fun:* obj:/usr/lib/libsasl2.* } { libsasldb_quiet Memcheck:Value4 fun:* obj:/usr/lib/sasl2/libsasldb*.so* } { libsasldb_quiet Memcheck:Cond fun:* obj:/usr/lib/sasl2/libsasldb*.so* } nufw-2.4.3/src/nuauth/parsing.c0000644000175000017500000001001711431206275013322 00000000000000/* ** Copyright(C) INL 2005 ** Written by Eric Leblond ** Vincent Deffontaines ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ** */ #include #define INVALID_ENC_NAME "INVALID NAME" /** \addtogroup NuauthCore * @{ */ /* * Parse a string containing a list of addresses (separated by spaces). * Skip invalid addresses. * * \return Returns an array of in_addr, or NULL if no valid address has been found. * The array always finish with an INADDR_NONE value. */ struct in6_addr *generate_inaddr_list(gchar * gwsrv_addr) { gchar **gwsrv_addr_list = NULL; gchar **iter = NULL; struct in6_addr *authorized_server = NULL; struct in6_addr *addrs_array = NULL; struct in6_addr addr6; struct in_addr addr4; unsigned int count = 0; if (gwsrv_addr == NULL) return NULL; /* parse nufw server address */ gwsrv_addr_list = g_strsplit(gwsrv_addr, " ", 0); /* compute array length */ for (iter = gwsrv_addr_list; *iter != NULL; iter++) { if (0 < inet_pton(AF_INET6, *iter, &addr6) || 0 < inet_pton(AF_INET, *iter, &addr4)) { count++; } } /* allocate array of struct sock_addr */ if (0 < count) { addrs_array = g_new0(struct in6_addr, count + 1); authorized_server = addrs_array; for (iter = gwsrv_addr_list; *iter != NULL; iter++) { if (0 < inet_pton(AF_INET6, *iter, &addr6)) { *authorized_server = addr6; authorized_server++; } else if (0 < inet_pton(AF_INET, *iter, &addr4)) { ipv4_to_ipv6(addr4, authorized_server); authorized_server++; } } *authorized_server = in6addr_any; } g_strfreev(gwsrv_addr_list); return addrs_array; } gboolean check_inaddr_in_array(struct in6_addr *check_ip, struct in6_addr *iparray) { struct in6_addr *ipitem; /* test if server is in the list of authorized servers */ if (iparray) { ipitem = iparray; while (!ipv6_equal(ipitem, &in6addr_any)) { if (ipv6_equal(ipitem, check_ip)) return TRUE; ipitem++; } } return FALSE; } gboolean check_string_in_array(gchar * checkstring, gchar ** stringarray) { gchar **stringitem; /* test if server is in the list of authorized servers */ if (stringarray) { stringitem = stringarray; while (*stringitem) { if (!strcmp(*stringitem, checkstring)) return TRUE; stringitem++; } } return FALSE; } gchar *string_escape(const gchar * orig) { gchar *traduc; /* convert from utf-8 to locale if needed */ if (nuauthconf->uses_utf8) { size_t bwritten; traduc = g_locale_from_utf8(orig, -1, NULL, &bwritten, NULL); if (!traduc) { log_message(DEBUG, DEBUG_AREA_PACKET | DEBUG_AREA_USER, "UTF-8 conversion failed at %s:%d: %s", __FILE__, __LINE__, orig); return g_strdup(INVALID_ENC_NAME); } } else { traduc = g_strdup(orig); } return traduc; } static void print_group(gpointer group, gpointer userdata); gchar *str_print_group(user_session_t * usession) { gchar *str_groups = NULL; if (usession->groups) { g_slist_foreach(usession->groups, print_group, &str_groups); } return str_groups; } static void print_group(gpointer group, gpointer userdata) { char ** str_groups = (char **) userdata; char * userdata_p = *(char **) userdata; if (userdata_p) { *str_groups = g_strdup_printf("%s,%d", userdata_p, GPOINTER_TO_INT(group)); } else { *str_groups = g_strdup_printf("%d", GPOINTER_TO_INT(group)); } g_free(userdata_p); } /** @} */ nufw-2.4.3/src/nuauth/user_logs.c0000644000175000017500000002073511431206275013671 00000000000000/* ** Copyright(C) 2003-2008 INL ** Written by Eric Leblond ** Vincent Deffontaines ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include struct conn_state { void *conn; tcp_state_t state; }; /** * \brief Log user packet via modules * * Log user packet or by a direct call to log module or by sending log * message to logger thread pool. * * If nuauth_params::log_users_sync is set to 1, we log synchronously * to be sure that the packet is logged by all the modules before * the decision leaves nuauth and reach nufw. This is only done for * packet which initiate a connection (in Netfilter meaning). * * If nuauth_params::log_users_sync is set to 0, log_user_packet() directly * sends packet to the pool of threads waiting for logging. * * \param element A connection * \param state A ::tcp_state_t, TCP state of the connection */ nu_error_t log_user_packet(connection_t * element, tcp_state_t state) { if (element->flags & ACL_FLAGS_NOLOG) { RETURN_NO_LOG NU_EXIT_OK; } if (nuauthdatas->loggers_pool_full == TRUE) { log_message(INFO, DEBUG_AREA_USER, "No packet logging to avoid logger DOS"); return NU_EXIT_ERROR; } if ((state == TCP_STATE_OPEN) && ( ( (nuauthconf->log_users_sync) && (!(element->flags & ACL_FLAGS_ASYNC)) ) || element->flags & ACL_FLAGS_SYNC ) ) { if (nuauthconf->log_users & 8) { return modules_user_logs(element, state); } } else { if (((nuauthconf->log_users & 2) && (state == TCP_STATE_DROP)) || ((nuauthconf->log_users & 4) && (state == TCP_STATE_OPEN)) || (nuauthconf->log_users & 8) ) { struct conn_state *conn_state_copy; conn_state_copy = g_new0(struct conn_state, 1); conn_state_copy->conn = (void *) duplicate_connection(element); if (!conn_state_copy->conn) { g_free(conn_state_copy); log_message(MESSAGE, DEBUG_AREA_MAIN, "Unable to duplicate connection"); return NU_EXIT_ERROR; } conn_state_copy->state = state; thread_pool_push(nuauthdatas->user_loggers, conn_state_copy, NULL); } } /* end */ return NU_EXIT_OK; } /** * \brief log user packet from a single ::accounted_connection * * This is always asynchronous and we directly push the ::accounted_connection to the * user_loggers pool. */ void log_user_packet_from_accounted_connection(struct accounted_connection *datas, tcp_state_t state) { struct conn_state *conn_state_copy; conn_state_copy = g_new0(struct conn_state, 1); conn_state_copy->conn = g_memdup(datas, sizeof(*datas)); if (!conn_state_copy->conn) { g_free(conn_state_copy); log_message(MESSAGE, DEBUG_AREA_MAIN, "Unable to duplicate connection"); return; } conn_state_copy->state = state; thread_pool_push(nuauthdatas->user_loggers, conn_state_copy, NULL); } /** * \brief Interface to logging module function for thread pool worker. * * This function is used in nuauthdatas->user_loggers thread pool. * * \param userdata A ::conn_state * \param data Unused * \return None */ void real_log_user_packet(gpointer userdata, gpointer data) { modules_user_logs(((struct conn_state *) userdata)->conn, ((struct conn_state *) userdata)->state); /* free userdata */ switch (((struct conn_state *) userdata)->state) { case TCP_STATE_OPEN: case TCP_STATE_DROP: ((connection_t *) ((struct conn_state *) userdata)->conn)->state = AUTH_STATE_DONE; free_connection((connection_t *) ((struct conn_state *) userdata)->conn); break; case TCP_STATE_ESTABLISHED: case TCP_STATE_CLOSE: g_free(((struct conn_state *)userdata)->conn); break; case TCP_STATE_UNKNOW: default: g_warning("Should not be there, bad TCP state (%s:%d)", __FILE__, __LINE__); } g_free(userdata); } /** * \brief High level function used to log an user session * * It logs connection and disconnection of user. * * It duplicates the user session and push it in * nuauthdatas->user_session_loggers thread pool. * This calls log_user_session_thread() on the session. */ void log_user_session(user_session_t * usession, session_state_t state) { struct session_event *sessevent; char * str_groups = NULL; if (nuauthdatas->session_loggers_pool_full == TRUE) { log_message(INFO, DEBUG_AREA_USER, "No session logging to avoid logger DOS"); return; } if (state == SESSION_OPEN) { str_groups = str_print_group(usession); log_message(MESSAGE, DEBUG_AREA_USER, "[+] User \"%s\" connected, groups: %s", usession->user_name, str_groups); g_free(str_groups); } else log_message(MESSAGE, DEBUG_AREA_USER, "[+] User \"%s\" disconnected.", usession->user_name); if ((nuauthconf->log_users & 1) == 0) { RETURN_NO_LOG; } /* copy interesting informations of the session */ sessevent = g_new0(struct session_event, 1); if (sessevent == NULL) { /* no more memory :-( */ log_message(WARNING, DEBUG_AREA_MAIN, "No more memory"); return; } sessevent->session = g_memdup(usession, sizeof(*usession)); sessevent->session->user_name = g_strdup(usession->user_name); sessevent->session->nussl = NULL; sessevent->session->socket = usession->socket; sessevent->session->groups = g_slist_copy(usession->groups); sessevent->session->sysname = g_strdup(usession->sysname); sessevent->session->version = g_strdup(usession->version); sessevent->session->release = g_strdup(usession->release); sessevent->state = state; /* feed thread pool */ thread_pool_push(nuauthdatas->user_session_loggers, sessevent, NULL); } /** * \brief Function of session loggers thread pool * * Thread of nuauthdatas->user_session_loggers thread pool: * - block during nuauth reload * - call modules_user_session_logs() * - free memory * * \attention Don't use this function directly! Use log_user_session(). */ void log_user_session_thread(gpointer event_ptr, gpointer unused_optional) { struct session_event *event = (struct session_event *) event_ptr; user_session_t *session = event->session; modules_user_session_logs(session, event->state); g_free(session->user_name); g_free(session->sysname); g_free(session->version); g_free(session->release); g_slist_free(session->groups); g_free(session); g_free(event); } /** If there is too much unhandled messages modify * switch to enable action in other nuauth part.*/ void act_on_loggers_processing() { if (g_thread_pool_unprocessed(nuauthdatas->user_loggers) > nuauthconf->max_unassigned_messages) { if (nuauthdatas->loggers_pool_full == FALSE) { nuauthdatas->loggers_pool_full = TRUE; log_message(CRITICAL, DEBUG_AREA_MAIN, "Switching to DOS conditions mode: packet logging" " system too slow (%d msgs in queue)", g_thread_pool_unprocessed(nuauthdatas->user_loggers)); } } else { if (nuauthdatas->loggers_pool_full == TRUE) { nuauthdatas->loggers_pool_full = FALSE; log_message(CRITICAL, DEBUG_AREA_USER, "Switching to standard conditions: packet logging system" " recovered from DOS (%d msgs in queue)", g_thread_pool_unprocessed(nuauthdatas->user_loggers)); } } if (g_thread_pool_unprocessed(nuauthdatas->user_session_loggers) > nuauthconf->max_unassigned_messages) { if (nuauthdatas->session_loggers_pool_full == FALSE) { nuauthdatas->session_loggers_pool_full = TRUE; log_message(CRITICAL, DEBUG_AREA_MAIN, "Switching to DOS conditions mode, user logging system" " too slow (%d msgs in queue)", g_thread_pool_unprocessed(nuauthdatas->user_session_loggers)); } } else { if (nuauthdatas->session_loggers_pool_full == TRUE) { nuauthdatas->session_loggers_pool_full = FALSE; log_message(CRITICAL, DEBUG_AREA_MAIN, "Switching to standard conditions: user logging system" " recovered from DOS (%d msgs in queue)", g_thread_pool_unprocessed(nuauthdatas->user_session_loggers)); } } } nufw-2.4.3/src/nuauth/user_authsrv.h0000644000175000017500000000153111431206275014417 00000000000000/* ** Copyright(C) 2003-2005 Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef USER_AUTHSRV_H #define USER_AUTHSRV_H void user_check_and_decide(gpointer userdata, gpointer data); #endif nufw-2.4.3/src/nuauth/user_logs.h0000644000175000017500000000321711431206275013672 00000000000000/* ** Copyright(C) 2005-2008 Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef USER_LOGS_H #define USER_LOGS_H #define SPOOFED_LOG_PREFIX "Spoofed auth packet" typedef enum { SESSION_CLOSE = 0, SESSION_OPEN /* =1 */ } session_state_t; struct session_event { user_session_t *session; session_state_t state; }; int check_fill_user_counters(u_int16_t userid, long time, unsigned long packet_id, u_int32_t ip); void print_users_list(); nu_error_t log_user_packet(connection_t * element, tcp_state_t state); void log_user_packet_from_tracking_t(tracking_t * datas, tcp_state_t pstate); void real_log_user_packet(gpointer userdata, gpointer data); void log_user_packet_from_accounted_connection(struct accounted_connection *datas, tcp_state_t state); void log_user_session(user_session_t * element, session_state_t state); void log_user_session_thread(gpointer element, gpointer state); void act_on_loggers_processing(); #endif nufw-2.4.3/src/nuauth/cache.c0000644000175000017500000002073411431206275012731 00000000000000/* ** Copyright(C) 2003-2006, INL ** Written by Eric Leblond ** Vincent Deffontaines ** ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include "cache.h" /** * \ingroup Nuauth * \defgroup Cache Cache system * * @{ */ /** * \file cache.c * \brief Generic cache system * * An implementation of a generic cache system */ void cache_entry_content_destroy(cache_entry_content_t * item, GFunc free_data) { if (item != NULL && item->datas != NULL) { free_data(item->datas, NULL); item->datas = NULL; } g_free(item); } /** * compare cache datas */ int cache_entry_content_compare(const cache_entry_content_t * content, gconstpointer data) { if (content) { return (data - content->datas); } else { return 1; } } int cache_entry_content_used(const cache_entry_content_t * content, gconstpointer b) { return content->usage; } /** * cleaning purpose function, find if an entry is old an unused. */ gboolean cache_entry_is_old(gpointer key, gpointer value, gpointer user_data) { cache_entry_t *entry = value; cache_entry_content_t *data; GSList *list; /* test if refresh is too late */ if (entry->refreshing || (time(NULL) <= entry->refresh_timestamp)) { return FALSE; } list = entry->datas; if (!list) { return FALSE; } /* test if datas are all unused */ data = list->data; if ((list->next == NULL) && (data->usage == 0)) { return TRUE; } else { return FALSE; } } void cache_reset_timestamp(gpointer key, gpointer value, gpointer user_data) { cache_entry_t *entry = value; entry->refresh_timestamp = 0; } void cache_insert(cache_class_t * this, struct cache_message *message) { /* nothing in cache */ cache_entry_t *cache_elt; gpointer key; /* creating container for datas */ cache_elt = g_new0(cache_entry_t, 1); cache_elt->create_timestamp = time(NULL); cache_elt->refresh_timestamp = cache_elt->create_timestamp + nuauthconf->datas_persistance; cache_elt->refreshing = TRUE; cache_elt->datas = NULL; key = this->duplicate_key(message->key); g_hash_table_insert(this->hash, key, cache_elt); /* return we don't have */ g_async_queue_push(message->reply_queue, null_message); } void cache_get(cache_class_t * this, cache_entry_t * entry, struct cache_message *message, GSList ** local_queue) { GSList *list; cache_entry_content_t *item; if (entry->refreshing) { /* don't answer now. wait till data is put by working thread * put message in local queue */ *local_queue = g_slist_append(*local_queue, message); return; } list = entry->datas; if (entry->refresh_timestamp < time(NULL)) { /* we need refresh */ GSList *iter; /* we need refresh is element in use ? */ entry->refreshing = TRUE; /* delete all elements of the list which are unused */ do { /* find unused items */ iter = g_slist_find_custom(list, GUINT_TO_POINTER(0), (GCompareFunc) cache_entry_content_used); if (iter == NULL) { break; } /* delete item if needed */ item = iter->data; if (item->datas != NULL) { GFunc free_data = (GFunc) this->delete_elt; free_data(item->datas, NULL); } list = g_slist_remove(list, item); g_free(item); } while (1); entry->datas = list; /* prepend null container element, and ask refresh */ g_async_queue_push(message->reply_queue, null_message); } else { item = list->data; /* cache is clean, increase usage */ item->usage++; /* and push data to queue */ if (item->datas) { g_async_queue_push(message->reply_queue, item->datas); } else { g_async_queue_push(message->reply_queue, null_queue_datas); } } } void cache_message_destroy(cache_class_t * this, cache_entry_t * entry, struct cache_message *message) { cache_entry_content_t *content; GSList *cache_data_list = entry->datas; GSList *concerned_data = g_slist_find_custom(cache_data_list, message->datas, (GCompareFunc) cache_entry_content_compare); if (concerned_data == NULL) { return; } content = concerned_data->data; if (content->usage > 0) { content->usage--; } if (content->usage > 0) { return; } /* it's the most recent element, we do anything but decrease usage */ if (concerned_data == cache_data_list) { content->usage = 0; return; } /* free datas */ this->delete_elt(content->datas, NULL); g_free(content); entry->datas = g_slist_delete_link(entry->datas, concerned_data); } void cache_refresh(cache_class_t * this, cache_entry_t * entry, struct cache_message *message, GSList ** local_queue) { GSList *iter; /* fine we really wait message and can update, alloc cache_datas element */ cache_entry_content_t *elt = g_new0(cache_entry_content_t, 1); /* update NULL element waiting for completion */ elt->datas = message->datas; elt->usage = 1; /* answer to waiting thread */ for (iter = *local_queue; iter; iter = iter->next) { struct cache_message *datas = (struct cache_message *) (iter->data); /* where message->key is the same reply */ if (this->equal_key(message->key, datas->key)) { g_async_queue_push(datas->reply_queue, message->datas); elt->usage++; /* set data to NULL to initiate message removal */ iter->data = NULL; } } /* remove message with data equal to NULL */ *local_queue = g_slist_remove_all(*local_queue, NULL); entry->datas = g_slist_prepend(entry->datas, elt); entry->refreshing = FALSE; entry->refresh_timestamp = time(NULL) + nuauthconf->datas_persistance; } /** * Thread function that wait for cache query. * * The algorithm is the following : * - If we found something, we send it back * - If not we warn the client to look by itself and give us the answer when it has found it */ void cache_manager(cache_class_t * this) { struct cache_message *message; cache_entry_t *entry; GSList *local_queue = NULL; /* wait for message */ while (1) { message = g_async_queue_pop(this->queue); if (message == NULL) { /* should never appens */ continue; } switch (message->type) { case GET_MESSAGE: /* look for data */ entry = g_hash_table_lookup(this->hash, message->key); if (entry == NULL) { cache_insert(this, message); } else { cache_get(this, entry, message, &local_queue); } break; case INSERT_MESSAGE: /* look for data */ entry = g_hash_table_lookup(this->hash, message->key); g_assert(entry != NULL); if (entry->refreshing) { cache_refresh(this, entry, message, &local_queue); } else { log_message(CRITICAL, DEBUG_AREA_MAIN, "Error when trying to refresh cache entry (INSERT_MESSAGE)"); } this->free_key(message->key); g_free(message); break; case FREE_MESSAGE: entry = g_hash_table_lookup(this->hash, message->key); if (entry != NULL) { cache_message_destroy(this, entry, message); } this->free_key(message->key); g_free(message); break; case REFRESH_MESSAGE: /* iter on each element */ g_hash_table_foreach_remove(this->hash, cache_entry_is_old, NULL); g_free(message); break; case RESET_MESSAGE: /* iter on each element */ g_hash_table_foreach(this->hash, cache_reset_timestamp, NULL); log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Cache reset done"); g_free(message); break; } } } void cache_destroy(cache_class_t * this) { struct cache_message *message; if (this == NULL) return; while ((message = g_async_queue_try_pop(this->queue)) != NULL) { g_free(message); } g_hash_table_destroy(this->hash); } void cache_reset(cache_class_t * this) { struct cache_message *cmessage; /* send refresh message to acl cache thread */ cmessage = g_new0(struct cache_message, 1); cmessage->type = RESET_MESSAGE; g_async_queue_push(this->queue, cmessage); } /** @} */ nufw-2.4.3/src/nuauth/acls.c0000644000175000017500000001610311431206275012603 00000000000000/* ** Copyright(C) 2004-2007 INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /** * \addtogroup Cache * @{ */ /*! \file acls.c * \brief Acls manipulations and cache * It implements the functions needed to activate cache for acls and basic * acl manipulations tasks */ #include #define USE_JHASH2 #include #include "cache.h" /** * identify a acl in the cache */ struct acl_key { tracking_t *acl_tracking; /** operating system name. */ gchar *sysname; /** operating system release. */ gchar *release; /** operating system version. */ gchar *version; /** application name. * * application full path */ gchar *appname; gchar *appsig; /* * interfaces */ iface_nfo_t iface_nfo; }; /** * Function used for connection hash. * * Params : a "struct acl_key" * Return : the associated key */ guint32 hash_acl(gconstpointer key) { tracking_t *tracking = (tracking_t *) ((struct acl_key *) key)->acl_tracking; return jhash2((guint32 *) tracking, (sizeof(struct in6_addr) * 2 + 4) / 4, tracking->dest); } /** * Internal string comparison function */ gint strcmp_null(gchar * a, gchar * b) { if (a == NULL) { if (b == NULL) return FALSE; else return TRUE; } else { if (b) return strcmp(a, b); else return TRUE; } } gboolean compare_acls(gconstpointer a, gconstpointer b) { struct acl_key *acl_key1 = (struct acl_key *) a; struct acl_key *acl_key2 = (struct acl_key *) b; if (!tracking_equal (acl_key1->acl_tracking, acl_key2->acl_tracking)) { return FALSE; } if (strcmp_null(acl_key1->appname, acl_key2->appname)) return FALSE; if (strcmp_null(acl_key1->sysname, acl_key2->sysname)) return FALSE; if (strcmp_null(acl_key1->release, acl_key2->release)) return FALSE; if (strcmp_null(acl_key1->version, acl_key2->version)) return FALSE; if (compare_iface_nfo_t(&acl_key1->iface_nfo, &acl_key2->iface_nfo) == NU_EXIT_ERROR) return FALSE; return TRUE; } void free_acl_key(gpointer datas) { struct acl_key *kdatas = (struct acl_key *) datas; g_free(kdatas->acl_tracking); g_free(kdatas->sysname); g_free(kdatas->release); g_free(kdatas->version); g_free(kdatas->appname); g_free(kdatas); } void free_one_acl_group(struct acl_group *acl, gpointer userdata) { if (acl) { g_slist_free(acl->users); g_slist_free(acl->groups); g_free(acl->period); g_free(acl->log_prefix); g_free(acl); } } void free_acl_groups(GSList * acl_groups, gpointer userdata) { g_slist_foreach(acl_groups, (GFunc) free_one_acl_group, NULL); g_slist_free(acl_groups); } /** * destroy function for acl cache datas. * hash value is a gslist of entry */ void free_acl_cache(cache_entry_t * entry) { GSList *list = entry->datas; if (list != NULL) { g_slist_foreach(list, (GFunc) cache_entry_content_destroy, free_acl_groups); g_slist_free(list); } g_free(entry); } gpointer acl_create_and_alloc_key(connection_t * kdatas) { struct acl_key key; key.acl_tracking = &(kdatas->tracking); key.sysname = kdatas->os_sysname; key.release = kdatas->os_release; key.version = kdatas->os_version; key.appname = kdatas->app_name; key.appsig = kdatas->app_sig; duplicate_iface_nfo(&(key.iface_nfo), &(kdatas->iface_nfo)); return acl_duplicate_key(&key); } gpointer acl_duplicate_key(gpointer datas) { struct acl_key *key = g_new0(struct acl_key, 1); struct acl_key *kdatas = (struct acl_key *) datas; key->acl_tracking = g_memdup(kdatas->acl_tracking, sizeof(*(kdatas->acl_tracking))); /* Normalize source port */ key->acl_tracking->source = 1024; key->sysname = g_strdup(kdatas->sysname); key->release = g_strdup(kdatas->release); key->version = g_strdup(kdatas->version); key->appname = g_strdup(kdatas->appname); duplicate_iface_nfo(&key->iface_nfo, &kdatas->iface_nfo); return key; } /** * ask the acl cache information about a received packet. * */ void get_acls_from_cache(connection_t * conn_elt) { struct cache_message message; /* Going to ask to the cache */ /* prepare message */ message.type = GET_MESSAGE; message.key = acl_create_and_alloc_key(conn_elt); message.datas = NULL; message.reply_queue = g_private_get(nuauthdatas->aclqueue); if (message.reply_queue == NULL) { message.reply_queue = g_async_queue_new(); g_private_set(nuauthdatas->aclqueue, message.reply_queue); } /* send message */ debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "[acl cache] going to send cache request"); g_async_queue_push(nuauthdatas->acl_cache->queue, &message); /* lock */ g_atomic_int_inc(&(myaudit->cache_req_nb)); /*release */ debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "[acl cache] request sent"); /* wait for answer */ conn_elt->acl_groups = g_async_queue_pop(message.reply_queue); if (conn_elt->acl_groups == null_queue_datas) { conn_elt->acl_groups = NULL; } else if (conn_elt->acl_groups == null_message) { struct cache_message *rmessage; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "[acl cache] We are about to search entry"); /* cache wants an update * external check of acl */ conn_elt->acl_groups = modules_acl_check(conn_elt); rmessage = g_new0(struct cache_message, 1); rmessage->type = INSERT_MESSAGE; rmessage->key = message.key; rmessage->datas = conn_elt->acl_groups; rmessage->reply_queue = NULL; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "[acl cache] answering for key %p", rmessage->key); /* reply to the cache */ g_async_queue_push(nuauthdatas->acl_cache->queue, rmessage); return; } else { g_atomic_int_inc(&(myaudit->cache_hit_nb)); } /* free initial key */ free_acl_key(message.key); } int init_acl_cache() { GThread *acl_cache_thread; /* create acl cache thread */ log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "creating acl cache thread"); nuauthdatas->acl_cache = g_new0(cache_class_t, 1); nuauthdatas->acl_cache->hash = g_hash_table_new_full((GHashFunc) hash_acl, compare_acls, (GDestroyNotify) free_acl_key, (GDestroyNotify) free_acl_cache); nuauthdatas->acl_cache->queue = g_async_queue_new(); nuauthdatas->acl_cache->delete_elt = (GFunc) free_acl_groups; nuauthdatas->acl_cache->duplicate_key = acl_duplicate_key; nuauthdatas->acl_cache->free_key = free_acl_key; nuauthdatas->acl_cache->equal_key = compare_acls; acl_cache_thread = g_thread_create((GThreadFunc) cache_manager, nuauthdatas->acl_cache, FALSE, NULL); if (!acl_cache_thread) exit(EXIT_FAILURE); return 1; } /** @} */ nufw-2.4.3/src/nuauth/check_acls.c0000644000175000017500000000547611431206275013753 00000000000000/* ** Copyright(C) 2003-2007, INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include /** * \addtogroup NuauthCore * @{ */ /** * \file check_acls.c * \brief check packet contained in element against an external base */ /** * (acl_ckeckers function). * Treat a connection from insertion to decision * * We use this function when * decision is ready to be taken for the connection * * \param userdata a connection * \param data unused * \return None */ void acl_check_and_decide(gpointer userdata, gpointer data) { connection_t *conn_elt = userdata; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "entering acl_check"); if (conn_elt == NULL) { log_message(WARNING, DEBUG_AREA_PACKET, "This is no good : elt is NULL at %s:%d", __FILE__, __LINE__); } else { /* if AUTH_STATE_COMPLETING packet comes from search and fill * research need to be done, same if state is AUTH_STATE_HELLOMODE * but here this is a packet from localid_auth_queue * */ if ((conn_elt->state == AUTH_STATE_COMPLETING) || (nuauthconf->hello_authentication && (conn_elt->state == AUTH_STATE_HELLOMODE)) ) { if (nuauthconf->acl_cache) { get_acls_from_cache(conn_elt); } else { conn_elt->acl_groups = modules_acl_check(conn_elt); } switch (conn_elt->state) { /* packet is coming from hello authentication, sending it back */ case AUTH_STATE_HELLOMODE: { struct internal_message *message = g_new0(struct internal_message, 1); message->type = INSERT_MESSAGE; message->datas = conn_elt; /* well this is an localid auth packet */ g_async_queue_push(nuauthdatas-> localid_auth_queue, message); } break; /* give packet to search and fill */ case AUTH_STATE_COMPLETING: { g_async_queue_push(nuauthdatas-> connections_queue, conn_elt); } break; default: log_message(WARNING, DEBUG_AREA_PACKET, "This is no good : conn state is invalid at %s:%d", __FILE__, __LINE__); } } } debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "leaving acl_check"); } /** @} */ nufw-2.4.3/src/nuauth/ip_auth.h0000644000175000017500000000156211431206275013322 00000000000000/* ** Copyright(C) 2005 Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef IP_AUTH_H #define IP_AUTH_H void external_ip_auth(gpointer userdata, gpointer data); #endif nufw-2.4.3/src/nuauth/pckt_authsrv.h0000644000175000017500000000213611431206275014404 00000000000000/* ** Copyright(C) 2005 Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef PCKT_AUTHSR_H #define PCKT_AUTHSR_H void *packet_authsrv(); nu_error_t authpckt_decode(unsigned char **dgram, unsigned int *dgramsize, connection_t **); void acl_check_and_decide(gpointer userdata, gpointer data); unsigned char get_proto_version_from_packet(const unsigned char *dgram, size_t dgram_size); #endif nufw-2.4.3/src/nuauth/tls.h0000644000175000017500000001301311431206275012465 00000000000000/* ** Copyright(C) 2005,2006,2007 INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef TLS_H #define TLS_H #include /** * \ingroup Nuauth * \defgroup TLS TLS servers * */ /** * Number of bits for use in an Diffie Hellman key exchange, * used in gnutls_dh_set_prime_bits() call. */ #define DH_BITS 1024 /** * default interval between CRL refresh */ #define DEFAULT_REFRESH_CRL_INTERVAL 30 /** * Default number of thread in tls_sasl_connect() thread pool */ #define NB_AUTHCHECK 10 typedef enum { NO_AUTH_BY_CERT = 0x0, DO_AUTH_BY_CERT = 0x1, MANDATORY_AUTH_BY_CERT = 0x2, MAX_AUTH_BY_CERT } auth_cert_type_t; /** * Queue used to exchange messages between tls_sasl_connect_ok() * function and tls_user_authsrv() thread */ GAsyncQueue *mx_queue; /* cache system related */ struct client_connection { /** Socket file descriptor, init. with accept() and set to SO_KEEPALIVE mode */ int socket; /** IPv6 address */ struct in6_addr addr; /** String version of the source address */ char *str_addr; /** Source port */ int sport; /** Nussl server structure */ nussl_session* nussl; /* server context, used to create client ssl structure */ struct tls_user_context_t *srv_context; }; /** * Store information from an user packet read on a TLS connection. * Structure is feeded by function treat_user_request() which is part of * the thread tls_user_authsrv(). */ struct tls_buffer_read { int socket; /*!< Socket file descriptor (value from accept()) */ struct in6_addr ip_addr; /*!< User IPv6 address */ char *user_name; /*!< User name string */ uint32_t user_id; /*!< User identifier (16 bits */ GSList *groups; /*!< User groups */ char *os_sysname; /*!< Operation system name */ char *os_release; /*!< Operation system release */ char *os_version; /*!< Operation system version */ char *buffer; /*!< Content of the received packet */ int32_t buffer_len; /*!< Length of the buffer */ int proto_version; /*!< Protocol version of client */ int auth_quality; /*!< Quality of client authentication */ }; /** * This structure stores all information relative to a connection * from a nufw server. */ typedef struct { /* nussl_session_server is in tls_nufw_context_t */ nussl_session *nufw_client; /** * This lock has to be used before any call to gnutls_record function * on TLS session pointed by the ::nufw_session_t */ GMutex *tls_lock; struct in6_addr peername; unsigned char proto_version; /** * usage stores the number of packets currently depending of this session * for their answer. It is modified by atomic operation. */ gint usage; /** This flag is used to indicate that current session is dead and * wait for cleaning (when set to FALSE). This is needed to avoid a * structure destruction whereas there is ::connection_t that depends * on it to send answer to nufw server. */ gboolean alive; /** Connection timestamp */ time_t connect_timestamp; } nufw_session_t; struct tls_insert_data { int socket; gpointer data; }; /* TODO: move-me into tls_user.h */ struct nuauth_tls_t { nussl_session *nussl_server; int request_cert; auth_cert_type_t auth_by_cert; /* Common (user/nufw) configuration options */ char *key; /* nuauth_tls_key */ char *cert; /* nuauth_tls_cert */ char *ca; /* nuauth_tls_cacert */ char *capath; /* nuauth_tls_ca_path */ char *crl_file; /* nuauth_tls_crl */ int crl_refresh; /* nuauth_tls_crl_refresh */ char *key_password; /* nuauth_tls_key_passwd */ char *ciphers; /* nuauth_tls_ciphers */ /* TLS helpers, no configuration */ int crl_refresh_counter; time_t crl_file_mtime; }; void clean_nufw_session(nufw_session_t * c_session); void *tls_nufw_authsrv(struct nuauth_thread_t *thread); void tls_nufw_start_servers(GSList *servers); extern GHashTable *nufw_servers; extern GStaticMutex nufw_servers_mutex; void close_nufw_servers(); /* * For user authentication */ void *tls_user_authsrv(struct nuauth_thread_t *thread); void *push_worker(GMutex * mutex); gboolean remove_socket_from_pre_client_list(int c); void tls_sasl_connect(gpointer userdata, gpointer data); struct tls_user_context_t { int mx; int sck_inet; fd_set tls_rx_set; /* read set */ unsigned int nuauth_tls_max_clients; int nuauth_number_authcheckers; int nuauth_auth_nego_timeout; char *addr; char *port; GAsyncQueue* cmd_queue; nussl_session* nussl; }; typedef struct { int socket; GMutex *mutex; int result; } disconnect_user_msg_t; extern struct tls_user_context_t tls_user_context; void tls_user_remove_client(int sock); void tls_user_start_servers(GSList *servers); void tls_common_init(void); void tls_common_deinit(void); void refresh_crl_file(void); void force_refresh_crl_file(void); void tls_crl_update_nufw_session(GSList *session); void tls_crl_update_user_session(GSList *session); int tls_user_do_handshake(struct client_connection *current_client_conn, struct tls_user_context_t *context); #endif nufw-2.4.3/src/nuauth/nuauthconf.c0000644000175000017500000003276611431206275014050 00000000000000/* ** Copyright(C) 2005-2009 INL ** Written by Eric Leblond ** Pierre Chifflier ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include #include #include #include "nuauthconf.h" #include "config-parser.h" static struct llist_head *nuauth_config_table_list = NULL; /** * \addtogroup NuauthConf * @{ */ /** \file nuauthconf.c * \brief Contain functions used to regenerate configuration and reload */ int nuauth_parse_configuration(const char *filename) { struct llist_head *new_config; new_config = parse_configuration(filename); if (new_config == NULL) return -1; if (nuauth_config_table_list != NULL) nuauth_config_table_destroy(); nuauth_config_table_list = new_config; return 0; } int build_prenuauthconf(struct nuauth_params *prenuauthconf, char *gwsrv_addr, policy_t connect_policy) { if ((!prenuauthconf->push) && prenuauthconf->hello_authentication) { g_message ("nuauth_hello_authentication required nuauth_push to be 1, resetting to 0"); prenuauthconf->hello_authentication = 0; } if (gwsrv_addr) { /* parse nufw server address */ prenuauthconf->authorized_servers = generate_inaddr_list(gwsrv_addr); } if (prenuauthconf->nufw_has_fixed_timeout) { prenuauthconf->nufw_has_conntrack = 1; } if ((!prenuauthconf->single_user_client_limit) && (!prenuauthconf->single_ip_client_limit) && (connect_policy != POLICY_MULTIPLE_LOGIN)) { /* config file has a deprecated option, send warning and * modify value */ log_message(CRITICAL, DEBUG_AREA_MAIN, "nuauth_connect_policy variable is deprecated. DO NOT use it."); switch (connect_policy) { case POLICY_ONE_LOGIN: prenuauthconf->single_user_client_limit = 1; break; case POLICY_PER_IP_ONE_LOGIN: prenuauthconf->single_ip_client_limit = 1; break; case POLICY_MULTIPLE_LOGIN: default: break; } } return 1; } int init_nuauthconf(struct nuauth_params **result) { struct nuauth_params *conf; char *gwsrv_addr = NULL; int connect_policy = POLICY_MULTIPLE_LOGIN; conf = g_new0(struct nuauth_params, 1); *result = conf; conf->client_srv = nuauth_config_table_get_or_default("nuauth_client_listen_addr", AUTHREQ_CLIENT_LISTEN_ADDR); conf->nufw_srv = nuauth_config_table_get_or_default("nuauth_nufw_listen_addr", AUTHREQ_NUFW_LISTEN_ADDR); gwsrv_addr = nuauth_config_table_get_or_default("nufw_gw_addr", GWSRV_ADDR); conf->authreq_port = nuauth_config_table_get_or_default("nuauth_gw_packet_port", str_itoa(AUTHREQ_PORT)); conf->userpckt_port = nuauth_config_table_get_or_default("nuauth_user_packet_port", str_itoa(USERPCKT_PORT)); conf->nbuser_check = nuauth_config_table_get_or_default_int("nuauth_number_usercheckers", NB_USERCHECK); conf->nbacl_check = nuauth_config_table_get_or_default_int("nuauth_number_aclcheckers", NB_ACLCHECK); conf->nbipauth_check = nuauth_config_table_get_or_default_int("nuauth_number_ipauthcheckers", NB_ACLCHECK); conf->log_users = nuauth_config_table_get_or_default_int("nuauth_log_users", 9); conf->log_users_sync = nuauth_config_table_get_or_default_int("nuauth_log_users_sync", 1); conf->log_users_strict = nuauth_config_table_get_or_default_int("nuauth_log_users_strict", 1); conf->log_users_without_realm = nuauth_config_table_get_or_default_int("nuauth_log_users_without_realm", 1); conf->prio_to_nok = nuauth_config_table_get_or_default_int("nuauth_prio_to_nok", 2); conf->single_user_client_limit = nuauth_config_table_get_or_default_int("nuauth_single_user_client_limit", 0); conf->single_ip_client_limit = nuauth_config_table_get_or_default_int("nuauth_single_ip_client_limit", 0); connect_policy = nuauth_config_table_get_or_default_int("nuauth_connect_policy", POLICY_MULTIPLE_LOGIN); conf->reject_after_timeout = nuauth_config_table_get_or_default_int("nuauth_reject_after_timeout", 0); conf->reject_authenticated_drop = nuauth_config_table_get_or_default_int("nuauth_reject_authenticated_drop", 0); conf->nbloggers = nuauth_config_table_get_or_default_int("nuauth_number_loggers", NB_LOGGERS); conf->nb_session_loggers = nuauth_config_table_get_or_default_int("nuauth_number_session_loggers", NB_LOGGERS); conf->nb_auth_checkers = nuauth_config_table_get_or_default_int("nuauth_number_authcheckers", NB_AUTHCHECK); conf->packet_timeout = nuauth_config_table_get_or_default_int("nuauth_packet_timeout", PACKET_TIMEOUT); conf->session_duration = nuauth_config_table_get_or_default_int("nuauth_session_duration", SESSION_DURATION); conf->datas_persistance = nuauth_config_table_get_or_default_int("nuauth_datas_persistance", 9); conf->push = nuauth_config_table_get_or_default_int("nuauth_push_to_client", 1); conf->user_check_ip_equality = nuauth_config_table_get_or_default_int("nuauth_user_check_ip_equality", 1); conf->do_ip_authentication = nuauth_config_table_get_or_default_int("nuauth_do_ip_authentication", 0); conf->acl_cache = nuauth_config_table_get_or_default_int("nuauth_acl_cache", 0); conf->user_cache = nuauth_config_table_get_or_default_int("nuauth_user_cache", 0); #if USE_UTF8 conf->uses_utf8 = nuauth_config_table_get_or_default_int("nuauth_uses_utf8", 1); #else conf->uses_utf8 = nuauth_config_table_get_or_default_int("nuauth_uses_utf8", 0); #endif conf->hello_authentication = nuauth_config_table_get_or_default_int("nuauth_hello_authentication", 0); conf->debug_areas = nuauth_config_table_get_or_default_int("nuauth_debug_areas", DEFAULT_DEBUG_AREAS); debug_areas = conf->debug_areas; conf->debug_level = nuauth_config_table_get_or_default_int("nuauth_debug_level", DEFAULT_DEBUG_LEVEL); debug_level = conf->debug_level; conf->nufw_has_conntrack = nuauth_config_table_get_or_default_int("nufw_has_conntrack", 1); conf->nufw_has_fixed_timeout = nuauth_config_table_get_or_default_int("nufw_has_fixed_timeout", 1); conf->nuauth_uses_fake_sasl = nuauth_config_table_get_or_default_int("nuauth_uses_fake_sasl", 1); #ifdef BUILD_NUAUTH_COMMAND conf->use_command_server = nuauth_config_table_get_or_default_int("nuauth_use_command_server", 1); #endif conf->proto_wait_delay = nuauth_config_table_get_or_default_int("nuauth_proto_wait_delay", DEFAULT_PROTO_WAIT_DELAY); conf->drop_if_no_logging = nuauth_config_table_get_or_default_int("nuauth_drop_if_no_logging", FALSE); conf->max_unassigned_messages = nuauth_config_table_get_or_default_int("nuauth_max_unassigned_messages", MAX_UNASSIGNED_MESSAGES); conf->push_delay = nuauth_config_table_get_or_default_int("nuauth_push_delay", PUSH_DELAY); conf->krb5_service = nuauth_config_table_get_or_default("nuauth_krb5_service", DEFAULT_KRB5_SERVICE); conf->krb5_hostname = nuauth_config_table_get("nuauth_krb5_hostname"); conf->krb5_realm = nuauth_config_table_get("nuauth_krb5_realm"); conf->hash_algo = nuauth_config_table_get_or_default_int("nuauth_client_hash_algo", NUSSL_HASH_SHA512); if (conf->debug_level > 9) { conf->debug_level = 9; } build_prenuauthconf(conf, gwsrv_addr, connect_policy); //g_free(gwsrv_addr); return 1; } void free_nuauth_params(struct nuauth_params *conf) { destroy_periods(nuauthconf->periods); g_free(conf->authreq_port); g_free(conf->userpckt_port); g_free(conf->authorized_servers); g_free(conf->configfile); } void apply_new_config(struct nuauth_params *conf) { /* checking nuauth tuning parameters */ g_thread_pool_set_max_threads(nuauthdatas->user_checkers, conf->nbuser_check, NULL); g_thread_pool_set_max_threads(nuauthdatas->acl_checkers, conf->nbacl_check, NULL); if (conf->do_ip_authentication) { g_thread_pool_set_max_threads(nuauthdatas-> ip_authentication_workers, conf->nbipauth_check, NULL); } if (conf->log_users_sync) { g_thread_pool_set_max_threads(nuauthdatas-> decisions_workers, conf->nbloggers, NULL); } g_thread_pool_set_max_threads(nuauthdatas->user_loggers, conf->nbloggers, NULL); g_thread_pool_set_max_threads(nuauthdatas-> user_session_loggers, conf->nb_session_loggers, NULL); } static gboolean compare_nuauthparams( struct nuauth_params *current, struct nuauth_params *new); /** * exit function if a signal is received in daemon mode. * * Argument: signal number * Return: None */ gboolean nuauth_reload(int signum) { struct nuauth_params *newconf = NULL; gboolean restart; int retval; g_message("[+] Reload NuAuth server"); nuauth_install_signals(FALSE); /* Reload the configuration file */ retval = nuauth_parse_configuration(nuauthconf->configfile); if (retval != 0) { log_message(CRITICAL, DEBUG_AREA_MAIN, "Cannot reload configuration (file '%s')", nuauthconf->configfile); return -1; } init_nuauthconf(&newconf); g_message("nuauth module reloading"); /* block threads of pool at start */ block_thread_pools(); /* we have to wait that all threads are blocked */ wait_all_thread_pools(); /* unload modules */ unload_modules(); /* Only duplicate configfile info, if configfile has not been set */ if (! newconf->configfile) { newconf->configfile = g_strdup(nuauthconf->configfile); } /* switch conf before loading modules */ restart = compare_nuauthparams(nuauthconf, newconf); if (restart == FALSE) { apply_new_config(newconf); /* debug is set via command line thus duplicate */ newconf->debug_level = nuauthconf->debug_level; free_nuauth_params(nuauthconf); g_free(nuauthconf); nuauthconf = newconf; } else { free_nuauth_params(newconf); } /* reload modules with new conf */ load_modules(); /* init period */ nuauthconf->periods = init_periods(nuauthconf); /* ask cache to reset */ if (nuauthconf->acl_cache) { cache_reset(nuauthdatas->acl_cache); } release_thread_pools(); nuauth_install_signals(TRUE); force_refresh_crl_file(); g_message("[+] NuAuth server reloaded"); return restart; } static gboolean compare_nuauthparams( struct nuauth_params *current, struct nuauth_params *new) { gboolean restart = FALSE; if (strcmp(current->authreq_port, new->authreq_port) != 0) { g_warning("authreq_port has changed, please restart"); restart = TRUE; } if (strcmp(current->userpckt_port, new->userpckt_port) != 0) { g_warning("userpckt_port has changed, please restart"); restart = TRUE; } if (current->push != new->push) { g_warning ("switch between push and poll mode has been asked, please restart"); restart = TRUE; } if (current->acl_cache != new->acl_cache) { g_warning ("switch between acl caching or not has been asked, please restart"); restart = TRUE; } if (current->user_cache != new->user_cache) { g_warning ("switch between user caching or not has been asked, please restart"); restart = TRUE; } if (current->hello_authentication != new->hello_authentication) { g_warning ("switch on ip authentication feature has been asked, please restart"); restart = TRUE; } if (strcmp(current->nufw_srv, new->nufw_srv) != 0) { g_warning("nufw listening ip has changed, please restart"); restart = TRUE; } if (strcmp(current->client_srv, new->client_srv) != 0) { g_warning ("client listening ip has changed, please restart"); restart = TRUE; } if (current->nufw_has_conntrack != new->nufw_has_conntrack) { g_warning ("nufw conntrack mode has changed, please restart"); restart = TRUE; } #ifdef BUILD_NUAUTH_COMMAND if (current->use_command_server != new->use_command_server) { g_warning ("command server option has been modified, please restart"); restart = TRUE; } #endif if (current->do_ip_authentication != new->do_ip_authentication) { g_warning ("nuauth_do_ip_authentication has been modified, please restart"); restart = TRUE; } if (current->log_users_sync != new->log_users_sync) { if (new->log_users_sync) { log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Creating %d decision worker threads", nuauthconf->nbloggers); nuauthdatas->decisions_workers = g_thread_pool_new((GFunc) decisions_queue_work, NULL, new->nbloggers, POOL_TYPE, NULL); } else { stop_thread_pool("decision worker", &nuauthdatas->decisions_workers); } } return restart; } char *nuauth_config_table_get(const char *key) { return nubase_config_table_get(nuauth_config_table_list, key); } char *nuauth_config_table_get_alwaysstring(char *key) { return nubase_config_table_get_alwaysstring(nuauth_config_table_list, key); } char *nuauth_config_table_get_or_default(char *key, char *replace) { return nubase_config_table_get_or_default(nuauth_config_table_list, key, replace); } int nuauth_config_table_get_or_default_int(char *key, int defint) { return nubase_config_table_get_or_default_int(nuauth_config_table_list, key, defint); } void nuauth_config_table_destroy(void) { return nubase_config_table_destroy(nuauth_config_table_list); nuauth_config_table_list = NULL; } void nuauth_config_table_print(void *userdata, void (*func)(void *data, char *keyeqval)) { return nubase_config_table_print(nuauth_config_table_list,userdata,func); } /** @} */ nufw-2.4.3/src/nuauth/command.h0000644000175000017500000000174111431206275013306 00000000000000/* ** Copyright(C) 2007 INL ** Written by Victor Stinner ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef COMMAND_SERVER_H #define COMMAND_SERVER_H #include "auth_srv.h" #ifdef BUILD_NUAUTH_COMMAND void *command_server(GMutex * mutex); #endif /* BUILD_NUAUTH_COMMAND */ #endif /* COMMAND_SERVER_H */ nufw-2.4.3/src/nuauth/modules_definition.h0000644000175000017500000000464011431206275015551 00000000000000/* ** Copyright(C) 2005-2006 Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef MODULES_DEFINITION_H #define MODULES_DEFINITION_H /** \addtogroup NuauthModules * @{ */ #include "modules.h" GMutex *modules_mutex; /** callback definition */ typedef gboolean init_module_from_conf_t(module_t * module); typedef int user_check_callback(const char *user, const char *pass, unsigned passlen, user_session_t *session, gpointer params); typedef GSList *get_user_groups_callback(const char *user, gpointer params); typedef uint32_t get_user_id_callback(const char *user, gpointer params); typedef GSList *acl_check_callback(connection_t * element, gpointer params); typedef void define_period_callback(GHashTable * periods, gpointer params); /* ip auth */ typedef gchar *ip_auth_callback(auth_pckt_t * pckt, gpointer params); typedef int user_logs_callback(void *element, tcp_state_t state, gpointer params); typedef int user_session_logs_callback(user_session_t * element, session_state_t state, gpointer params); /* certificate stuff */ typedef int certificate_check_callback(nussl_session *nussl, gpointer params); /* certificate to uid function */ typedef gchar *certificate_to_uid_callback(nussl_session *nussl, gpointer params); typedef nu_error_t user_session_modify_callback(user_session_t * session, gpointer params); typedef nu_error_t finalize_packet_callback(connection_t * session, gpointer params); typedef void auth_error_log_callback(user_session_t * session, nuauth_auth_error_t error, const char *message, gpointer params); typedef int postauth_proto_callback(user_session_t * session, gpointer params); /** @} */ #endif nufw-2.4.3/src/nuauth/command_enc.c0000644000175000017500000001705511431206275014133 00000000000000/* ** Copyright(C) 2007 INL ** Written by Victor Stinner ** ** $Id: command.h 2738 2007-02-17 13:59:56Z regit $ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "command_enc.h" #include "command_codec.h" /** * Create a new encoder */ encoder_t* encoder_new() { return g_new0(encoder_t, 1); } /** * Allocate more size bytes to the encoder */ void encoder_grow(encoder_t* encoder, size_t size) { size_t newsize = encoder->size + size; if (encoder->alloc_size < newsize) { newsize = newsize * 3 / 2; if (newsize < 16) newsize = 16; encoder->data = g_realloc(encoder->data, newsize); encoder->alloc_size = newsize; } } /** * Write a bytecode in the encoder */ void encoder_write_bytecode(encoder_t* encoder, char bytecode) { encoder->data[encoder->size] = bytecode; encoder->size += 1; } /** * Write a boolean in the encoder */ void encoder_write_bool(encoder_t* encoder, int value) { unsigned char *ptr = (unsigned char*)(encoder->data + encoder->size); if (value != 0) *ptr = 1; else *ptr = 0; encoder->size += 1; } /** * Write a 32-bit integer in the encoder */ void encoder_write_int32(encoder_t* encoder, int32_t value) { int32_t *ptr = (int32_t*)(encoder->data + encoder->size); *ptr = htonl(value); encoder->size += 4; } /** * Write bytes in the encoder */ void encoder_write_bytes(encoder_t* encoder, int size, const void* data) { memcpy(encoder->data + encoder->size, data, size); encoder->size += size; } /** * Add a bytecode to the encoder */ void encoder_add_bytecode(encoder_t* encoder, char bytecode) { encoder_grow(encoder, 1); encoder_write_bytecode(encoder, bytecode); } /** * Add a boolean to the encoder: ('b', value) */ void encoder_add_bool(encoder_t* encoder, int value) { encoder_grow(encoder, 2); encoder_write_bytecode(encoder, BYTECODE_BOOL); encoder_write_bool(encoder, value); } /** * Add a 32-bit integer to the encoder: ('i', value) */ void encoder_add_int32(encoder_t* encoder, uint32_t value) { encoder_grow(encoder, 5); encoder_write_bytecode(encoder, BYTECODE_INT32); encoder_write_int32(encoder, value); } /** * Add a (32-bit) timestamp to the encoder: ('t', value) */ void encoder_add_timestamp(encoder_t* encoder, time_t value) { encoder_grow(encoder, 5); encoder_write_bytecode(encoder, BYTECODE_TIMESTAMP); encoder_write_int32(encoder, value); } /** * Add an IPv6 address: ('p', data) */ void encoder_add_ipv6(encoder_t* encoder, const struct in6_addr *ipv6) { const unsigned int len = 16; encoder_grow(encoder, 1 + len); encoder_write_bytecode(encoder, BYTECODE_IPV6); encoder_write_bytes(encoder, len, ipv6); } /** * Add a string to the encoder: ('s', length, data) */ void encoder_add_string(encoder_t* encoder, const char *string) { size_t len = strlen(string); encoder_grow(encoder, 5 + len); encoder_write_bytecode(encoder, BYTECODE_STRING); encoder_write_int32(encoder, len); encoder_write_bytes(encoder, len, string); } /** * Add a tuple to the encoder: ('(', count, item0, item1, ...) */ void encoder_add_tuple(encoder_t* encoder, size_t count, encoder_t *items) { size_t len = 0; size_t index; for (index=0; indexsize, item->data); } } /** * Add a tuple from a single linked list of encoders: * ('(', count, item0, item1, ...) * * Then you can use encoder_slist_destroy() to delete your list. */ void encoder_add_tuple_from_slist(encoder_t* encoder, GSList *item_list) { size_t count = 0; size_t size = 0; GSList* iter; /* count number of item and total message size */ for (iter=item_list; iter; iter=iter->next) { encoder_t *item = iter->data; count += 1; size += item->size; } /* write data */ encoder_grow(encoder, 5 + size); encoder_write_bytecode(encoder, BYTECODE_TUPLE); encoder_write_int32(encoder, count); for (iter=item_list; iter; iter=iter->next) { encoder_t *item = iter->data; encoder_write_bytes(encoder, item->size, item->data); } } /** * Add an answer: ('a', datalen, ok, data) */ encoder_t* encode_answer(uint8_t ok, encoder_t *data) { encoder_t* encoder = encoder_new(); encoder_add_bytecode(encoder, BYTECODE_ANSWER); encoder_add_int32(encoder, data->size); encoder_add_int32(encoder, ok); encoder_grow(encoder, data->size); encoder_write_bytes(encoder, data->size, data->data); return encoder; } /** * Add uptime message: ('U', start, diff) */ void encoder_add_uptime(encoder_t *encoder, time_t start, time_t diff) { encoder_add_bytecode(encoder, BYTECODE_UPTIME); encoder_add_timestamp(encoder, start); encoder_add_int32(encoder, diff); } /** * Add user message: ('u', ...) */ encoder_t* encode_user(user_session_t* session) { encoder_t* encoder = encoder_new(); GSList *group; GSList *groups = NULL; /* create group list */ for (group=session->groups; group; group=g_slist_next(group)) { encoder_t *group_data; unsigned int gid = GPOINTER_TO_UINT(group->data); group_data = encoder_new(); encoder_add_int32(group_data, gid); groups = g_slist_prepend(groups, group_data); } /* encode user entry */ encoder_add_bytecode(encoder, BYTECODE_USER); encoder_add_int32(encoder, session->proto_version); encoder_add_int32(encoder, session->socket); encoder_add_string(encoder, session->user_name); encoder_add_ipv6(encoder, &session->addr); encoder_add_int32(encoder, session->sport); encoder_add_int32(encoder, session->user_id); encoder_add_tuple_from_slist(encoder, groups); encoder_add_timestamp(encoder, session->connect_timestamp); encoder_add_int32(encoder, time(NULL) - session->connect_timestamp); encoder_add_int32(encoder, session->expire); encoder_add_string(encoder, session->sysname); encoder_add_string(encoder, session->release); encoder_add_string(encoder, session->version); encoder_add_bool(encoder, session->activated); /* destroy group list */ encoder_slist_destroy(groups); return encoder; } /** * Add nufw message: ('w', ...) */ encoder_t* encode_nufw(nufw_session_t* session) { encoder_t* encoder = encoder_new(); encoder_add_bytecode(encoder, BYTECODE_NUFW); encoder_add_int32(encoder, session->proto_version); encoder_add_int32(encoder, nussl_session_get_fd(session->nufw_client)); encoder_add_ipv6(encoder, &session->peername); encoder_add_timestamp(encoder, session->connect_timestamp); encoder_add_int32(encoder, time(NULL) - session->connect_timestamp); encoder_add_int32(encoder, session->usage); encoder_add_bool(encoder, session->alive); return encoder; } /** * Destroy an encoder (free memory) */ void encoder_destroy(encoder_t *encoder) { g_free(encoder->data); g_free(encoder); } /** * Delete a single linked list of encoders. */ void encoder_slist_destroy(GSList *item_list) { g_slist_foreach(item_list, (GFunc)encoder_destroy, NULL); g_slist_free(item_list); } nufw-2.4.3/src/nuauth/acls.h0000644000175000017500000000230011431206275012602 00000000000000/* ** Copyright(C) 2005 Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef ACLS_H #define ACLS_H int init_acl_cache(); void free_acl_groups(GSList * acl_groups, gpointer uda); gboolean compare_acls(gconstpointer tracking_hdrs1, gconstpointer tracking_hdrs2); gpointer acl_create_and_alloc_key(connection_t * kdatas); guint hash_acl(gconstpointer headers); void free_acl_list(void *datas); void get_acls_from_cache(connection_t * conn_elt); gpointer acl_duplicate_key(gpointer datas); #endif nufw-2.4.3/src/nuauth/auth_hash.c0000644000175000017500000003010211431206275013620 00000000000000/* ** Copyright(C) 2006-2008 INL ** Written by Eric Leblond ** Victor Stinner ** INL : http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "auth_srv.h" #define USE_JHASH2 #include /** * \addtogroup NuauthCore * @{ */ /** \file auth_hash.c * \brief Connections hash handling */ /* should never be called !!! */ void search_and_fill_catchall(connection_t * new, connection_t * packet) { if (DEBUG_OR_NOT(DEBUG_LEVEL_WARNING, DEBUG_AREA_MAIN)) { g_message ("state of new packet: %d, state of existing packet: %d", new->state, packet->state); } } #define SEARCH_AND_FILL_CATCHALL(new,packet) g_warning \ ("%s:%d Should not have this. Please email Nufw developpers!", \ __FILE__, __LINE__); \ search_and_fill_catchall(new, packet); /** * Compute the key (hash) of a connection tracking. * * \param data IPv4 tracking headers (of type tracking_t) of a connection * \return Computed hash */ guint32 hash_connection(gconstpointer data) { tracking_t *tracking = (tracking_t *) data; return jhash2((uint32_t *)&(tracking->saddr), 4, tracking->source); } /** * Check if two connections are equal. * * \param trck1 Tracking headers compared with trck2 * \param trck2 Tracking headers compared with trck1 * \return TRUE is they are equal, FALSE otherwise */ gboolean tracking_equal(const tracking_t *trck1, const tracking_t *trck2) { /* compare proto */ if (trck1->protocol != trck2->protocol) return FALSE; /* compare proto headers */ switch (trck1->protocol) { case IPPROTO_TCP: if (trck1->source == trck2->source && trck1->dest == trck2->dest && ipv6_equal(&trck1->daddr, &trck2->daddr) && ipv6_equal(&trck1->saddr, &trck2->saddr)) return TRUE; else return FALSE; case IPPROTO_UDP: if (trck1->source == trck2->source && trck1->dest == trck2->dest && ipv6_equal(&trck1->daddr, &trck2->daddr) && ipv6_equal(&trck1->saddr, &trck2->saddr)) return TRUE; else return FALSE; case IPPROTO_ICMP: case IPPROTO_ICMPV6: if (trck1->type == trck2->type && trck1->code == trck2->code && ipv6_equal(&trck1->daddr, &trck2->daddr) && ipv6_equal(&trck1->saddr, &trck2->saddr)) return TRUE; else return FALSE; default: return FALSE; } } nu_error_t merge_nufw_session(connection_t * old, connection_t * new) { int usage; if (old->tls == new->tls) { return NU_EXIT_OK; } /* initiate merge */ usage = g_slist_length(old->packet_id); g_atomic_int_exchange_and_add(&(new->tls->usage), usage); if (usage > 1) { g_atomic_int_exchange_and_add(&(old->tls->usage), -usage + 1); } release_nufw_session(old->tls); /* swap tls entry */ old->tls = new->tls; return NU_EXIT_OK; } /** * Send the a #WARN_MESSAGE to nuauthdatas->tls_push_queue (see ::push_worker()). */ void search_and_push(connection_t * new) { /* push data to sender */ struct internal_message *message = g_new0(struct internal_message, 1); auth_pckt_t * pcktdata = g_new0(auth_pckt_t, 1); if (!message) { log_message(CRITICAL, DEBUG_AREA_USER, "search&push: Couldn't g_new0(). No more memory?"); return; } debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "search&push: need to warn client"); /* duplicate tracking */ message->type = WARN_MESSAGE; memcpy(&(pcktdata->header), &(new->tracking), sizeof(tracking_t)); duplicate_iface_nfo(&(pcktdata->iface_nfo), &(new->iface_nfo)); message->datas = pcktdata; if (message->datas) { g_async_queue_push(nuauthdatas->tls_push_queue, message); } else { g_free(message); log_message(CRITICAL, DEBUG_AREA_USER, "search&push: g_memdup returned NULL"); } } void search_and_fill_complete_of_authreq(connection_t * new, connection_t * packet) { switch (new->state) { case AUTH_STATE_AUTHREQ: debug_log_message(DEBUG, DEBUG_AREA_PACKET, "Complete authreq: Adding a packet_id to a connection (id=%u)", GPOINTER_TO_UINT((new->packet_id)->data) ); /* merge TLS */ merge_nufw_session(packet, new); packet->packet_id = g_slist_prepend(packet->packet_id, GUINT_TO_POINTER((new->packet_id)-> data)); new->state = AUTH_STATE_DONE; break; case AUTH_STATE_USERPCKT: debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "Complete authreq: Filling user data for %s", new->username); new->state = AUTH_STATE_COMPLETING; packet->state = AUTH_STATE_COMPLETING; packet->user_groups = new->user_groups; new->user_groups = NULL; packet->user_id = new->user_id; packet->username = new->username; /* application */ packet->app_name = new->app_name; packet->app_sig = new->app_sig; /* system */ packet->os_sysname = new->os_sysname; packet->os_release = new->os_release; packet->os_version = new->os_version; packet->proto_version = new->proto_version; packet->auth_quality = new->auth_quality; /* user cache system */ packet->cacheduserdatas = new->cacheduserdatas; /* Add interfaces information needed for ACLs checking */ duplicate_iface_nfo(&new->iface_nfo, &packet->iface_nfo); thread_pool_push(nuauthdatas->acl_checkers, new, NULL); return; /* don't free new connection */ default: SEARCH_AND_FILL_CATCHALL(new, packet); } free_connection(new); } /** * An user tells that he is the owner of a connection: * - #AUTH_STATE_AUTHREQ: push a copy of the connection 'new' to nuauthdatas->acl_checkers * - #AUTH_STATE_USERPCKT: that's a duplicate * - other: error! */ void search_and_fill_complete_of_userpckt(connection_t * new, connection_t * packet) { switch (new->state) { case AUTH_STATE_AUTHREQ: packet->state = AUTH_STATE_COMPLETING; /* Copy packet members needed by ACL checker into new. * We don't use strdup/free because it's slow. * So clean_connections_list() don't remove connection * in state AUTH_STATE_COMPLETING :-) */ new->state = AUTH_STATE_COMPLETING; /* application */ new->app_name = packet->app_name; new->app_sig = packet->app_sig; /* system */ new->os_sysname = packet->os_sysname; new->os_release = packet->os_release; new->os_version = packet->os_version; new->proto_version = packet->proto_version; new->auth_quality = packet->auth_quality; /* copy iface info */ duplicate_iface_nfo(&(packet->iface_nfo), &(new->iface_nfo)); packet->packet_id = new->packet_id; new->packet_id = NULL; packet->mark = new->mark; packet->socket = new->socket; /* transfert nufw tls session to initial packet */ packet->tls = new->tls; packet->nufw_version = new->nufw_version; new->tls = NULL; /* copy payload to user pckt */ packet->payload_len = new->payload_len; memcpy(packet->payload, new->payload, new->payload_len); thread_pool_push(nuauthdatas->acl_checkers, new, NULL); return; /* don't free connection */ case AUTH_STATE_USERPCKT: debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "Complete user packet: Found a duplicate user packet"); break; default: SEARCH_AND_FILL_CATCHALL(new, packet); } free_connection(new); } void search_and_fill_done(connection_t * new, connection_t * packet) { /* if new is a nufw request respond with correct decision */ switch (new->state) { case AUTH_STATE_AUTHREQ: g_slist_foreach(new->packet_id, (GFunc) send_auth_response, packet); break; case AUTH_STATE_USERPCKT: break; default: SEARCH_AND_FILL_CATCHALL(new, packet); } free_connection(new); } void search_and_fill_completing(connection_t * new, connection_t * packet) { switch (new->state) { case AUTH_STATE_COMPLETING: /* fill acl this is a return from acl search */ packet->acl_groups = new->acl_groups; g_free(new); packet->state = AUTH_STATE_READY; take_decision(packet, PACKET_IN_HASH); return; case AUTH_STATE_AUTHREQ: debug_log_message(DEBUG, DEBUG_AREA_GW, "Completing (auth): Adding a packet_id to a completing connection (id=%u)", GPOINTER_TO_UINT((new->packet_id)->data) ); packet->packet_id = g_slist_prepend(packet->packet_id, GUINT_TO_POINTER((new->packet_id)-> data)); new->state = AUTH_STATE_DONE; break; case AUTH_STATE_USERPCKT: log_message(DEBUG, DEBUG_AREA_USER, "Completing (user): User packet in state completing"); break; default: SEARCH_AND_FILL_CATCHALL(new, packet); } free_connection(new); } void search_and_fill_ready(connection_t * new, connection_t * packet) { debug_log_message(DEBUG, DEBUG_AREA_MAIN, "search&fill ready: Element is in state %d but received packet has state %d", packet->state, new->state); switch (new->state) { case AUTH_STATE_AUTHREQ: debug_log_message(DEBUG, DEBUG_AREA_GW, "search&fill ready: Adding a packet_id to a connection (id=%u)", GPOINTER_TO_UINT((new->packet_id)->data) ); packet->packet_id = g_slist_prepend(packet->packet_id, GUINT_TO_POINTER((new->packet_id)->data)); new->state = AUTH_STATE_DONE; break; case AUTH_STATE_USERPCKT: debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "search&fill ready: Need only cleaning"); break; default: SEARCH_AND_FILL_CATCHALL(new, packet); } free_connection(new); } /** * Update an existing connection. Depending on connection state, * call function: * - #AUTH_STATE_AUTHREQ: search_and_fill_complete_of_authreq() ; * - #AUTH_STATE_USERPCKT: search_and_fill_complete_of_userpckt() ; * - #AUTH_STATE_COMPLETING: search_and_fill_completing() ; * - #AUTH_STATE_READY: search_and_fill_ready(). */ void search_and_fill_update(connection_t * new, connection_t * packet) { switch (packet->state) { case AUTH_STATE_AUTHREQ: search_and_fill_complete_of_authreq(new, packet); break; case AUTH_STATE_USERPCKT: search_and_fill_complete_of_userpckt(new, packet); break; case AUTH_STATE_DONE: search_and_fill_done(new, packet); break; case AUTH_STATE_COMPLETING: search_and_fill_completing(new, packet); break; case AUTH_STATE_READY: search_and_fill_ready(new, packet); break; default: SEARCH_AND_FILL_CATCHALL(new, packet); free_connection(new); } } /** * Thread created in ::init_nuauthdata(). * Try to insert a connection in Struct. * Fetch datas in connections queue. * * Call search_and_fill_update() if the connection exists in ::conn_list, * else call search_and_push(). */ void *search_and_fill(GMutex * mutex) { connection_t *packet; connection_t *new; GTimeVal tv; g_async_queue_ref(nuauthdatas->connections_queue); g_async_queue_ref(nuauthdatas->tls_push_queue); /* wait for message */ while (g_mutex_trylock(mutex)) { g_mutex_unlock(mutex); /* wait a message during POP_DELAY */ g_get_current_time(&tv); g_time_val_add(&tv, POP_DELAY); new = g_async_queue_timed_pop(nuauthdatas->connections_queue, &tv); if (new == NULL) continue; /* search pckt */ g_static_mutex_lock(&insert_mutex); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN, "Starting search and fill"); packet = (connection_t *) g_hash_table_lookup(conn_list, &(new->tracking)); if (packet == NULL) { debug_log_message(DEBUG, DEBUG_AREA_MAIN, "Creating new packet"); g_hash_table_insert(conn_list, &(new->tracking), new); g_static_mutex_unlock(&insert_mutex); if (nuauthconf->push && new->state == AUTH_STATE_AUTHREQ) { search_and_push(new); } } else { search_and_fill_update(new, packet); g_static_mutex_unlock(&insert_mutex); } } g_async_queue_unref(nuauthdatas->connections_queue); g_async_queue_unref(nuauthdatas->tls_push_queue); return NULL; } /* @} */ nufw-2.4.3/src/nuauth/client_mngr.h0000644000175000017500000000403711431206275014172 00000000000000/* ** Copyright(C) 2005-2007 INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef CLIENT_MNGR_H #define CLIENT_MNGR_H /** * \addtogroup NuauthCore * @{ */ void init_client_struct(); void add_client(int socket, gpointer datas); nu_error_t delete_client_by_socket(int c); user_session_t *get_client_datas_by_socket(int c); GSList *get_client_sockets_by_ip(struct in6_addr *ip); user_session_t *look_for_username(const gchar * username); gboolean test_username_count_vs_max(const gchar * username, int maxcount); void log_clean_session(user_session_t *); void clean_session(user_session_t *); void foreach_session(GHFunc callback, void *data); struct msg_addr_set { struct in6_addr addr; struct nu_srv_message *msg; gboolean found; }; typedef gboolean user_session_check_t(user_session_t * session, gpointer data); char warn_clients(struct msg_addr_set *global_msg, user_session_check_t *scheck, gpointer data); gboolean check_property_clients(struct in6_addr *addr, user_session_check_t *scheck, int mode, gpointer data); void clean_client_session_bycallback(GHRFunc cb, gpointer data); void close_clients(); nu_error_t kill_all_clients(); void kill_expired_clients_session(); nu_error_t activate_client_by_socket(int socket); guint get_number_of_clients(); struct username_counter { const char* name; int max; int counter; }; /** @} */ #endif nufw-2.4.3/src/nuauth/modules.h0000644000175000017500000001042211431206275013334 00000000000000/* ** Copyright(C) 2005 Eric Leblond ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef MODULES_H #define MODULES_H /** * \ingroup NuauthModulesHandling * @{ */ #define INIT_MODULE_FROM_CONF "init_module_from_conf" typedef gboolean module_params_unload_t(gpointer params); typedef enum { MOD_FIRST = 0, MOD_USER_CHECK = MOD_FIRST, MOD_USER_ID, MOD_USER_GROUPS, MOD_USER_FAIL, MOD_SIMPLE = MOD_USER_FAIL, MOD_ACL_CHECK, MOD_SESSION_MODIFY, MOD_LOG_PACKETS, MOD_LOG_SESSION, MOD_FINALIZE_PACKET, MOD_PERIOD, MOD_CERT_CHECK, MOD_CERT_TO_UID, MOD_POSTAUTH_PROTO, MOD_IP_AUTH, MOD_OPTIONAL = MOD_IP_AUTH, MOD_END, } module_hook_t; typedef struct { gchar *configstring; gchar *config; GSList *modules; gchar *funcstring; gchar *message; } hook_t; /** * Structure use to store a module instance */ typedef struct { /** * Module name */ gchar *name; /** * Module name */ gchar *module_name; /** * glib module structure */ GModule *module; /** * Filename of configuration file. If it's NULL, * you should use #DEFAULT_CONF_FILE. */ gchar *configfile; /** * Function used in the module: * - user_check(): prototype is ::user_check_callback ; * - acl_check(): prototype is ::acl_check_callback ; * - define_periods(): prototype is ::define_period_callback ; * - user_packet_logs(): prototype is ::user_logs_callback ; * - user_session_logs(): prototype is ::user_session_logs_callback ; * - ip_authentication(): prototype is ::ip_auth_callback ; * - certificate_check(): prototype is ::certificate_check_callback ; * - certificate_to_uid(): prototype is ::certificate_to_uid_callback. */ gpointer func; /** * Structure where module store all its options */ gpointer params; /** * Function used to unload module parameters */ module_params_unload_t *free_params; /** * Role for module (which hook) */ module_hook_t hook; } module_t; typedef enum { AUTH_ERROR_CREDENTIALS, AUTH_ERROR_INTERRUPTED } nuauth_auth_error_t; int init_modules_system(); int load_modules(); void unload_modules(); int modules_user_check(const char *user, const char *pass, unsigned passlen, user_session_t *session); uint32_t modules_get_user_id(const char *user); GSList *modules_get_user_groups(const char *user); GSList *modules_acl_check(connection_t * element); /* ip auth */ gchar *modules_ip_auth(auth_pckt_t * pcktdata); nu_error_t modules_user_logs(void *element, tcp_state_t state); int modules_user_session_logs(user_session_t * user, session_state_t state); void modules_parse_periods(GHashTable * periods); int modules_check_certificate(nussl_session* nussl); gchar *modules_certificate_to_uid(nussl_session* nussl); int modules_user_session_modify(user_session_t * c_session); nu_error_t modules_finalize_packet(connection_t * connection); void modules_auth_error_log(user_session_t * session, nuauth_auth_error_t error, const char *message); int modules_postauth_proto(user_session_t * user); gboolean nuauth_is_reloading(); void block_on_conf_reload(); typedef void (*cleanup_func_t) (void); void cleanup_func_push(cleanup_func_t func); void cleanup_func_remove(cleanup_func_t func); typedef uint32_t(*get_module_version_func_t) (void); nu_error_t register_client_capa(const char * name, unsigned int * index); nu_error_t unregister_client_capa(int index); nu_error_t init_protocol_extension(struct nuauth_datas * ndatas); nu_error_t register_protocol_extension(struct nuauth_datas * ndatas, struct proto_ext_t *extproto); nu_error_t unregister_protocol_extension(struct proto_ext_t *extproto); /** * @} */ #endif nufw-2.4.3/src/nuauth/tls_sasl.c0000644000175000017500000005632711431206275013521 00000000000000/* ** Copyright(C) 2004,2005,2006,2007,2008 INL ** Written by Eric Leblond ** Vincent Deffontaines ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ** */ #include "auth_srv.h" #include #include "tls.h" #include #include /** * \addtogroup TLSUser * @{ */ /** * \file tls_sasl.c * \brief Handle phase after authentication and till client is active * * It also handle preclient list to be able to disconnect user if authentication take too long. */ struct nuauth_tls_t nuauth_tls; static void policy_refuse_user(user_session_t * c_session, int c, policy_refused_reason_t reason) { switch (reason) { case PER_USER_TOO_MANY_LOGINS: log_message(INFO, DEBUG_AREA_USER, "Policy: Too many opened sessions for user \"%s\", closing socket", c_session->user_name); modules_auth_error_log(c_session, AUTH_ERROR_INTERRUPTED, "Too many opened sessions for user"); break; case PER_IP_TOO_MANY_LOGINS: log_message(INFO, DEBUG_AREA_USER, "Policy: User \"%s\" trying to connect from already overused IP, closing socket", c_session->user_name); modules_auth_error_log(c_session, AUTH_ERROR_INTERRUPTED, "Connection from already overused IP"); break; default: log_message(WARNING, DEBUG_AREA_USER, "Policy (bug!): User \"%s\" has to disconnect for UNKNOWN reason, closing socket", c_session->user_name); } /* get rid of client */ clean_session(c_session); } static void tls_sasl_connect_ok(user_session_t * c_session, int c) { struct nu_srv_message msg; /* Success place */ if (nuauthconf->log_users_without_realm) { gchar *username = get_rid_of_domain(c_session->user_name); g_free(c_session->user_name); c_session->user_name = username; } if (c_session->proto_version < PROTO_VERSION_V24) { /* send mode to client */ msg.type = SRV_TYPE; if (nuauthconf->push) { msg.option = SRV_TYPE_PUSH; } else { msg.option = SRV_TYPE_POLL; } msg.length = 0; if (nussl_write(c_session->nussl, (char*)&msg, sizeof(msg)) < 0) { log_message(WARNING, DEBUG_AREA_USER, "nussl_write() failure at %s:%d", __FILE__, __LINE__); if (nuauthconf->push) { clean_session(c_session); return; } else { return; } } } /* unlock hash client */ if (nuauthconf->push) { struct internal_message *message = g_new0(struct internal_message, 1); struct tls_insert_data *datas = g_new0(struct tls_insert_data, 1); if ((message == NULL) || (datas == NULL)) { clean_session(c_session); return; } datas->socket = c; datas->data = c_session; c_session->activated = FALSE; message->datas = datas; message->type = INSERT_MESSAGE; g_async_queue_push(nuauthdatas->tls_push_queue, message); } else { add_client(c, c_session); } c_session->connect_timestamp = time(NULL); /* send new valid session to user session logging system */ log_user_session(c_session, SESSION_OPEN); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "Says we need to work on %d", c); g_async_queue_push(mx_queue, GINT_TO_POINTER(c)); } static int add_client_capa(user_session_t * c_session, const char * value) { int i; if (! value) return SASL_FAIL; for (i = 0; i < 32; i++) { if (! capa_array[i]) { return SASL_NOTDONE; } if (!strcmp(capa_array[i], value)) { c_session->capa_flags = c_session->capa_flags | (1 << i); return SASL_OK; } } return SASL_NOTDONE; } static int parse_user_capabilities(user_session_t * c_session, char *buf, int buf_size) { unsigned int len; int decode; struct nu_authfield *vfield; gchar *dec_buf = NULL; gchar **v_strings; int dec_buf_size; char address[INET6_ADDRSTRLEN]; vfield = (struct nu_authfield *) buf; /* check buffer underflow */ if (buf_size < (int) sizeof(struct nu_authfield)) { format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); g_message("%s sent a too small vfield", address); return SASL_FAIL; } if (vfield->type != CAPA_FIELD) { #ifdef DEBUG_ENABLE log_message(DEBUG, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "capa field received %d,%d,%d from %s", vfield->type, vfield->option, ntohs(vfield->length), address); #endif return SASL_FAIL; } dec_buf_size = ntohs(vfield->length); if (dec_buf_size > 1024 || (ntohs(vfield->length) <= 4)) { format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); log_message(WARNING, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "error capa field from %s is uncorrect, announced %d", address, ntohs(vfield->length)); /* One more gryzor hack */ if (dec_buf_size > 4096) log_message(WARNING, DEBUG_AREA_USER | DEBUG_AREA_AUTH, " Is %s running a 1.0 client?", address); #ifdef DEBUG_ENABLE log_message(DEBUG, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "%s:%d version field received %d,%d,%d ", __FILE__, __LINE__, vfield->type, vfield->option, ntohs(vfield->length)); #endif return SASL_BADAUTH; } dec_buf = g_new0(gchar, dec_buf_size); decode = sasl_decode64(buf + sizeof(struct nu_authfield), ntohs(vfield->length) - sizeof(struct nu_authfield), dec_buf, dec_buf_size, &len); if (decode != SASL_OK) { g_free(dec_buf); return SASL_BADAUTH; } /* should always be true for the moment */ if (vfield->option == CLIENT_SRV) { char *value; int i, ret; v_strings = g_strsplit(dec_buf, ";", 0); for (value = v_strings[0], i = 0; value != NULL; i++, value = v_strings[i]) { debug_log_message(DEBUG, DEBUG_AREA_USER, "client capa field: %s", value); ret = add_client_capa(c_session, value); if (ret == SASL_FAIL) { g_strfreev(v_strings); g_free(dec_buf); return SASL_FAIL; } } /* print information */ if (c_session->capa_flags) { #ifdef DEBUG_ENABLE if (DEBUG_OR_NOT(DEBUG_LEVEL_DEBUG, DEBUG_AREA_USER)) { format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); g_message ("user %s at %s uses client with capabilities %d", c_session->user_name, address, c_session->capa_flags); } #endif } g_strfreev(v_strings); } else { format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); log_message(DEBUG, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "from %s : vfield->option is not CLIENT_SRV ?!", address); g_free(dec_buf); return SASL_FAIL; } g_free(dec_buf); return SASL_OK; } static int parse_user_version(user_session_t * c_session, char *buf, int buf_size) { unsigned int len; int decode; struct nu_authfield *vfield; gchar *dec_buf = NULL; gchar **v_strings; int dec_buf_size; char address[INET6_ADDRSTRLEN]; vfield = (struct nu_authfield *) buf; /* check buffer underflow */ if (buf_size < (int) sizeof(struct nu_authfield)) { format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); g_message("%s sent a too small vfield", address); return SASL_FAIL; } if (vfield->type != VERSION_FIELD) { #ifdef DEBUG_ENABLE log_message(DEBUG, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "osfield received %d,%d,%d from %s", vfield->type, vfield->option, ntohs(vfield->length), address); #endif return SASL_FAIL; } dec_buf_size = ntohs(vfield->length); if (dec_buf_size > 1024 || (ntohs(vfield->length) <= 4)) { format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); log_message(WARNING, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "error osfield from %s is uncorrect, announced %d", address, ntohs(vfield->length)); /* One more gryzor hack */ if (dec_buf_size > 4096) log_message(WARNING, DEBUG_AREA_USER | DEBUG_AREA_AUTH, " Is %s running a 1.0 client?", address); #ifdef DEBUG_ENABLE log_message(DEBUG, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "%s:%d version field received %d,%d,%d ", __FILE__, __LINE__, vfield->type, vfield->option, ntohs(vfield->length)); #endif return SASL_BADAUTH; } dec_buf = g_new0(gchar, dec_buf_size); decode = sasl_decode64(buf + sizeof(struct nu_authfield), ntohs(vfield->length) - sizeof(struct nu_authfield), dec_buf, dec_buf_size, &len); if (decode != SASL_OK) { g_free(dec_buf); return SASL_BADAUTH; } /* should always be true for the moment */ if (vfield->option == CLIENT_SRV) { v_strings = g_strsplit(dec_buf, ";", 2); if (v_strings[0] == NULL || v_strings[1] == NULL) { g_strfreev(v_strings); g_free(dec_buf); return SASL_BADAUTH; } if (strlen(v_strings[0]) < 128) { c_session->client_name = string_escape(v_strings[0]); if (c_session->client_name == NULL) { format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); log_message(WARNING, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "received client name with invalid characters from %s", address); g_strfreev(v_strings); g_free(dec_buf); return SASL_BADAUTH; } } else { c_session->client_name = g_strdup(UNKNOWN_STRING); } if (strlen(v_strings[1]) < 128) { c_session->client_version = string_escape(v_strings[1]); if (c_session->client_version == NULL) { format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); log_message(WARNING, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "received client version with invalid characters from %s", address); g_strfreev(v_strings); g_free(dec_buf); return SASL_BADAUTH; } } else { c_session->client_version = g_strdup(UNKNOWN_STRING); } /* print information */ if (c_session->client_name && c_session->client_version) { #ifdef DEBUG_ENABLE if (DEBUG_OR_NOT(DEBUG_LEVEL_DEBUG, DEBUG_AREA_USER)) { format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); g_message ("user %s at %s uses client %s, %s", c_session->user_name, address, c_session->client_name, c_session->client_version); } #endif } g_strfreev(v_strings); } else { format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); log_message(DEBUG, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "from %s : vfield->option is not CLIENT_SRV ?!", address); g_free(dec_buf); return SASL_FAIL; } g_free(dec_buf); return SASL_OK; } static int parse_user_os(user_session_t * c_session, char *buf, int buf_size) { unsigned int len; int decode; struct nu_authfield *osfield; gchar *dec_buf = NULL; gchar **os_strings; int dec_buf_size; char address[INET6_ADDRSTRLEN]; osfield = (struct nu_authfield *) buf; /* check buffer underflow */ if (buf_size < (int) sizeof(struct nu_authfield)) { format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); g_message("%s sent a too small osfield", address); return SASL_FAIL; } if (osfield->type != OS_FIELD) { #ifdef DEBUG_ENABLE log_message(DEBUG, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "osfield received %d,%d,%d from %s", osfield->type, osfield->option, ntohs(osfield->length), address); #endif return SASL_FAIL; } dec_buf_size = ntohs(osfield->length); if (dec_buf_size > 1024 || (ntohs(osfield->length) <= 4)) { format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); log_message(WARNING, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "error osfield from %s is uncorrect, announced %d", address, ntohs(osfield->length)); /* One more gryzor hack */ if (dec_buf_size > 4096) log_message(WARNING, DEBUG_AREA_USER | DEBUG_AREA_AUTH, " Is %s running a 1.0 client?", address); #ifdef DEBUG_ENABLE log_message(DEBUG, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "%s:%d osfield received %d,%d,%d ", __FILE__, __LINE__, osfield->type, osfield->option, ntohs(osfield->length)); #endif return SASL_BADAUTH; } dec_buf = g_new0(gchar, dec_buf_size); decode = sasl_decode64(buf + sizeof(struct nu_authfield), ntohs(osfield->length) - sizeof(struct nu_authfield), dec_buf, dec_buf_size, &len); if (decode != SASL_OK) { log_message(WARNING, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "Unable to base64 decode field"); g_free(dec_buf); return SASL_BADAUTH; } /* should always be true for the moment */ if (osfield->option == OS_SRV) { os_strings = g_strsplit(dec_buf, ";", 5); if (os_strings[0] == NULL || os_strings[1] == NULL || os_strings[2] == NULL) { log_message(WARNING, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "Unable to split OS field"); g_strfreev(os_strings); g_free(dec_buf); return SASL_BADAUTH; } if (strlen(os_strings[0]) < 128) { c_session->sysname = string_escape(os_strings[0]); if (c_session->sysname == NULL) { format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); log_message(WARNING, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "received sysname with invalid characters from %s", address); g_strfreev(os_strings); g_free(dec_buf); return SASL_BADAUTH; } } else { c_session->sysname = g_strdup(UNKNOWN_STRING); } if (strlen(os_strings[1]) < 128) { c_session->release = string_escape(os_strings[1]); if (c_session->release == NULL) { format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); log_message(WARNING, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "received release with invalid characters from %s", address); g_strfreev(os_strings); g_free(dec_buf); return SASL_BADAUTH; } } else { c_session->release = g_strdup(UNKNOWN_STRING); } if (strlen(os_strings[2]) < 128) { c_session->version = string_escape(os_strings[2]); if (c_session->version == NULL) { format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); log_message(WARNING, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "received version with invalid characters from %s", address); g_strfreev(os_strings); g_free(dec_buf); return SASL_BADAUTH; } } else { c_session->version = g_strdup(UNKNOWN_STRING); } if (os_strings[3]) { } /* print information */ if (c_session->sysname && c_session->release && c_session->version) { #ifdef DEBUG_ENABLE if (DEBUG_OR_NOT(DEBUG_LEVEL_DEBUG, DEBUG_AREA_USER)) { format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); g_message ("user %s at %s uses OS %s ,%s, %s", c_session->user_name, address, c_session->sysname, c_session->release, c_session->version); } #endif } g_strfreev(os_strings); } else { format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); log_message(DEBUG, DEBUG_AREA_USER | DEBUG_AREA_AUTH, "from %s : osfield->option is not OS_SRV ?!", address); g_free(dec_buf); return SASL_FAIL; } g_free(dec_buf); return SASL_OK; } static int wait_client_os(user_session_t * c_session) { char buf[8192]; int buf_size, ret; /* recv OS datas from client */ buf_size = nussl_read(c_session->nussl, buf, sizeof buf); if (buf_size < 0) { /* allo houston */ debug_log_message(DEBUG, DEBUG_AREA_USER, "error when receiving user OS"); return SASL_FAIL; } /* parse and validate OS */ ret = parse_user_os(c_session, buf, buf_size); if (ret != SASL_OK) return ret; return SASL_OK; } static int finish_nego(user_session_t * c_session) { char buf[8192]; struct nu_srv_message msg; int buf_size, ret; /* ask OS to client */ msg.type = SRV_REQUIRED_INFO; msg.option = OS_VERSION; if (nussl_write(c_session->nussl, (char*)&msg, sizeof(msg)) < 0) { log_message(WARNING, DEBUG_AREA_USER, "nussl_write() failure at %s:%d", __FILE__, __LINE__); return SASL_FAIL; } debug_log_message(DEBUG, DEBUG_AREA_USER, "OS version asked"); buf_size = nussl_read(c_session->nussl, buf, sizeof buf); ret = parse_user_os(c_session, buf, buf_size); if (ret != SASL_OK) return ret; debug_log_message(DEBUG, DEBUG_AREA_USER, "user OS read"); /* ask version to client */ msg.option = CLIENT_VERSION; if (nussl_write(c_session->nussl, (char*)&msg, sizeof(msg)) < 0) { log_message(WARNING, DEBUG_AREA_USER, "nussl_write() failure at %s:%d", __FILE__, __LINE__); return SASL_FAIL; } debug_log_message(DEBUG, DEBUG_AREA_USER, "user version asked"); buf_size = nussl_read(c_session->nussl, buf, sizeof buf); ret = parse_user_version(c_session, buf, buf_size); if (ret != SASL_OK) return ret; debug_log_message(DEBUG, DEBUG_AREA_USER, "user version read"); /* ask version to client */ msg.option = CLIENT_CAPA; if (nussl_write(c_session->nussl, (char*)&msg, sizeof(msg)) < 0) { log_message(WARNING, DEBUG_AREA_USER, "nussl_write() failure at %s:%d", __FILE__, __LINE__); return SASL_FAIL; } debug_log_message(DEBUG, DEBUG_AREA_USER, "user capabilities asked"); buf_size = nussl_read(c_session->nussl, buf, sizeof buf); ret = parse_user_capabilities(c_session, buf, buf_size); if (ret != SASL_OK) return ret; debug_log_message(DEBUG, DEBUG_AREA_USER, "user version read"); /* call module for plugin modification of protocol */ ret = modules_postauth_proto(c_session); if (ret != SASL_OK) { return SASL_FAIL; } /* send mode to client */ msg.type = SRV_TYPE; if (nuauthconf->push) { msg.option = SRV_TYPE_PUSH; } else { msg.option = SRV_TYPE_POLL; } msg.length = 0; if (nussl_write(c_session->nussl, (char*)&msg, sizeof(msg)) < 0) { log_message(WARNING, DEBUG_AREA_USER, "nussl_write() failure at %s:%d", __FILE__, __LINE__); return SASL_FAIL; } /* send mode to client */ msg.type = SRV_TYPE; msg.option = SRV_HASH_TYPE; msg.length = htons(nuauthconf->hash_algo); if (nussl_write(c_session->nussl, (char*)&msg, sizeof(msg)) < 0) { log_message(WARNING, DEBUG_AREA_USER, "nussl_write() failure at %s:%d", __FILE__, __LINE__); return SASL_FAIL; } debug_log_message(DEBUG, DEBUG_AREA_USER, "negotation finished"); return SASL_OK; } static int send_nego_end(user_session_t * c_session, int result) { struct nu_srv_message msg; /* send nego done */ msg.type = SRV_INIT; msg.option = result; if (nussl_write(c_session->nussl, (char*)&msg, sizeof(msg)) < 0) { log_message(WARNING, DEBUG_AREA_USER, "nussl_write() failure at %s:%d", __FILE__, __LINE__); return SASL_FAIL; } return SASL_OK; } /** * \brief Complete all user connection from SSL to authentication. * * \param userdata A client_connection: * \param data Unused */ void tls_sasl_connect(gpointer userdata, gpointer data) { /* session will be removed by nussl */ user_session_t *c_session; int ret; /*unsigned int size = 1;*/ struct client_connection *client; int socket_fd; if ( ! userdata ) { log_message(INFO, DEBUG_AREA_USER, "Unable to connect: client structure empty"); return; } client = (struct client_connection *)userdata; socket_fd = client->socket; /* complete handshake */ ret = tls_user_do_handshake(client, client->srv_context); if (ret != 0) { remove_socket_from_pre_client_list(socket_fd); /* error, cleanup & exit */ log_message(INFO, DEBUG_AREA_USER, "Handshake failed, exiting client %s\n", client->str_addr); nussl_session_destroy(client->nussl); g_free(client->str_addr); g_free(userdata); return; } c_session = g_new0(user_session_t, 1); c_session->nussl = client->nussl; c_session->socket = socket_fd; c_session->tls_lock = g_mutex_new(); c_session->addr = client->addr; (void)getsockname_ipv6(socket_fd, &c_session->server_addr); c_session->sport = client->sport; c_session->groups = NULL; c_session->user_name = NULL; c_session->user_id = 0; c_session->last_request = time(NULL); c_session->expire = -1; g_free(client->str_addr); g_free(userdata); /* Check the user is authorized to connect * when he already have an open connection */ if (nuauthconf->single_ip_client_limit > 0) { if (g_slist_length(get_client_sockets_by_ip(&c_session->addr)) >= nuauthconf->single_ip_client_limit) { char address[INET6_ADDRSTRLEN]; format_ipv6(&c_session->addr, address, INET6_ADDRSTRLEN, NULL); clean_session(c_session); remove_socket_from_pre_client_list(socket_fd); log_message(INFO, DEBUG_AREA_USER, "Policy: too many connection attempts from already overused IP %s, closing socket", address); return; } } if ((nuauth_tls.auth_by_cert > NO_AUTH_BY_CERT)) { gchar *username = NULL; /* need to parse the certificate to see if it is a sufficient credential */ username = modules_certificate_to_uid(c_session->nussl); /* parsing complete */ if (username) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "Using username %s from certificate", username); c_session->groups = modules_get_user_groups(username); c_session->user_id = modules_get_user_id(username); if (c_session->groups == NULL) { debug_log_message(DEBUG, DEBUG_AREA_USER, "error when searching user groups"); c_session->groups = NULL; c_session->user_id = 0; /* we free username as it is not a good one */ g_free(username); } else { c_session->user_name = username; } } } if ((nuauth_tls.auth_by_cert == NUSSL_CERT_REQUIRE) && (c_session->groups == NULL)) { log_message(INFO, DEBUG_AREA_AUTH | DEBUG_AREA_USER, "Certificate authentication failed, closing session"); ret = SASL_BADAUTH; } else { ret = sasl_user_check(c_session); } remove_socket_from_pre_client_list(socket_fd); switch (ret) { case SASL_OK: /* finish init phase */ switch (c_session->proto_version) { case PROTO_VERSION_V20: case PROTO_VERSION_V22: case PROTO_VERSION_V22_1: debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "Wait for OS"); ret = wait_client_os(c_session); break; case PROTO_VERSION_V24: debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "Finishing nego"); ret = finish_nego(c_session); break; default: log_message(WARNING, DEBUG_AREA_AUTH, "Bad user protocol"); } if (ret != SASL_OK) { /* get rid of client */ clean_session(c_session); break; } /* Tuning of user_session */ ret = modules_user_session_modify(c_session); if (ret != SASL_OK) { if (c_session->proto_version >= PROTO_VERSION_V24) { ret = send_nego_end(c_session, INIT_NOK); } /* get rid of client */ clean_session(c_session); break; } if (nuauthconf->single_user_client_limit > 0) { if (!test_username_count_vs_max(c_session->user_name, nuauthconf->single_user_client_limit)) { send_nego_end(c_session, INIT_NOK); policy_refuse_user(c_session, socket_fd, PER_USER_TOO_MANY_LOGINS); break; } } /* accept client for PROTO >= PROTO_VERSION_V24 */ if (c_session->proto_version >= PROTO_VERSION_V24) { ret = send_nego_end(c_session, INIT_OK); if (ret != SASL_OK) { clean_session(c_session); break; } } tls_sasl_connect_ok(c_session, socket_fd); break; case SASL_FAIL: default: if (ret == SASL_FAIL) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "Crash on user side, closing socket"); } else { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "Problem with user, closing socket"); } clean_session(c_session); } } /** * @} */ nufw-2.4.3/src/nuauth/command.c0000644000175000017500000003614211431206275013304 00000000000000/* ** Copyright(C) 2007,2008 INL ** Written by Victor Stinner ** Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "command.h" #ifdef BUILD_NUAUTH_COMMAND #include "auth_srv.h" #include "command_enc.h" #include "security.h" #include #include /* unix socket */ #include /* fchmod() */ #include /* mode_t */ #include #include "nuauthconf.h" #define SOCKET_PATH LOCAL_STATE_DIR "/run/nuauth/" #define SOCKET_FILENAME "nuauth-command.socket" #define SOCKET_TARGET SOCKET_PATH SOCKET_FILENAME GHashTable *client_conn_hash; const char* COMMAND_HELP = "version: display nuauth version\n" "confdump: dump configuration\n" "users: list connected users\n" "firewalls: list connected nufw firewalls\n" "packets count: display number of decision waiting packets\n" "user count: display number of connected clients\n" "refresh cache: refresh all caches\n" "refresh crl: refresh the TLS crl file\n" "disconnect ID: disconnect an user with his session identifier\n" "disconnect all: disconnect all users\n" "uptime: display nuauth starting time and uptime\n" "reload: reload nuauth configuration\n" "reload periods: reload the time periods\n" "display debug_level\n" "display debug_areas\n" "display threads\n" "debug_level LEVEL\n" "debug_areas AREAS\n" "help: display this help\n" "quit: disconnect"; const char* PYTHON_PROTO_VERSION = "NuFW 0.1"; typedef struct { time_t start_timestamp; int socket; int client; struct sockaddr_un client_addr; int select_max; fd_set select_set; } command_t; int command_new(command_t * this) { struct sockaddr_un addr; int len; int ret; int on = 1; this->start_timestamp = time(NULL); this->socket = -1; this->client = -1; this->select_max = 0; /* Create socket dir */ ret = mkdir(SOCKET_PATH, S_IRWXU); if ( ret != 0 ) { log_area_printf(DEBUG_AREA_AUTH, DEBUG_LEVEL_FATAL, "Cannot create socket directory %s: %s", SOCKET_PATH, strerror(errno)); } /* Remove socket file */ (void) unlink(SOCKET_TARGET); /* set address */ addr.sun_family = AF_UNIX; SECURE_STRNCPY(addr.sun_path, SOCKET_TARGET, sizeof(addr.sun_path)); addr.sun_path[sizeof(addr.sun_path) - 1] = 0; len = strlen(addr.sun_path) + sizeof(addr.sun_family); /* create socket */ this->socket = socket(AF_UNIX, SOCK_STREAM, 0); if (this->socket == -1) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL, "Command server: unable to create UNIX socket %s: %s", addr.sun_path, g_strerror(errno)); return 0; } this->select_max = this->socket + 1; /* Set file mode */ (void)fchmod(this->socket, 0600); /* set reuse option */ ret = setsockopt(this->socket, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on)); if ( ret != 0 ) { log_area_printf(DEBUG_AREA_AUTH, DEBUG_LEVEL_FATAL, "Cannot set sockets options: %s.", strerror(errno)); } /* bind socket */ ret = bind(this->socket, (struct sockaddr *) &addr, len); if (ret == -1) { g_warning("[%i] Command server: UNIX socket bind(%s) error: %s", getpid(), SOCKET_TARGET, g_strerror(errno)); return 0; } /* listen */ if (listen(this->socket, 1) == -1) { g_warning("[%i] Command server: UNIX socket listen() error: %s", getpid(), g_strerror(errno)); return 0; } return 1; } void command_client_close(command_t * this) { log_message(WARNING, DEBUG_AREA_MAIN, "Command server: close client connection"); close(this->client); this->client = -1; this->select_max = this->socket + 1; } int command_client_accept(command_t * this) { char buffer[9]; int ret; /* accept client socket */ socklen_t len = sizeof(this->client_addr); this->client = accept(this->socket, (struct sockaddr *) &this->client_addr, &len); if (this->client < 0) { log_message(CRITICAL, DEBUG_AREA_MAIN, "Command server: accept() error: %s", g_strerror(errno)); return 0; } log_message(WARNING, DEBUG_AREA_MAIN, "Command server: client connection"); /* read client version */ buffer[sizeof(buffer)-1] = 0; ret = recv(this->client, buffer, sizeof(buffer)-1, 0); if (ret < 0) { log_message(CRITICAL, DEBUG_AREA_MAIN, "Command server: client doesn't send version"); command_client_close(this); return 0; } buffer[ret] = 0; /* send server version */ send(this->client, PYTHON_PROTO_VERSION, 8, 0); /* check client version */ if (strcmp(buffer, PYTHON_PROTO_VERSION) != 0) { log_message(CRITICAL, DEBUG_AREA_MAIN, "Command server: invalid client version: \"%s\"", buffer); command_client_close(this); return 0; } /* client connected */ log_message(WARNING, DEBUG_AREA_MAIN, "Command server: client connected"); if (this->socket < this->client) this->select_max = this->client + 1; else this->select_max = this->socket + 1; return 1; } void command_uptime(encoder_t* encoder, command_t *this) { time_t diff = time(NULL) - this->start_timestamp; return encoder_add_uptime(encoder, this->start_timestamp, diff); } void command_users_callback(int sock, user_session_t *session, GSList **users) { encoder_t *encoder = encode_user(session); *users = g_slist_prepend(*users, encoder); } void command_users(command_t *this, encoder_t *encoder) { /* read user list */ GSList *users = NULL; foreach_session((GHFunc)command_users_callback, &users); /* encode user list */ encoder_add_tuple_from_slist(encoder, users); encoder_slist_destroy(users); } void command_server_callback(int sock, nufw_session_t *session, GSList **servers) { encoder_t *encoder = encode_nufw(session); *servers = g_slist_prepend(*servers, encoder); } void command_servers(command_t *this, encoder_t *encoder) { /* read user list */ GSList *servers = NULL; foreach_nufw_server((GHFunc)command_server_callback, &servers); /* encode user list */ encoder_add_tuple_from_slist(encoder, servers); encoder_slist_destroy(servers); } /** * Internal function do disconnect a client */ int command_do_disconnect(int sock) { int ok = 1; GSList *thread_p; /* iter on each server thread */ for (thread_p=nuauthdatas->tls_auth_servers; thread_p; thread_p = thread_p->next) { struct tls_user_context_t *this = ((struct nuauth_thread_t *)thread_p->data)->data; /* send query to disconnect all users */ disconnect_user_msg_t *msg = g_new(disconnect_user_msg_t, 1); msg->socket = sock; msg->mutex = g_mutex_new(); g_async_queue_push(this->cmd_queue, msg); /* wait until clients are disconnected */ g_mutex_lock(msg->mutex); g_mutex_lock(msg->mutex); g_mutex_unlock(msg->mutex); g_mutex_free(msg->mutex); /* write answer */ if (msg->result == NU_EXIT_OK) { ok = 1; g_free(msg); break; } else { ok = 0; } /* return in case we've just send a global disconnect message */ if (sock == -1) { break; } } return ok; } /** * Disconnect all client **/ int command_disconnect_all(command_t *this, encoder_t *encoder) { if (command_do_disconnect(-1)) { encoder_add_string(encoder, "users disconnected"); return 1; } else { encoder_add_string(encoder, "no user connected"); return 0; } } /** * Disconnect a client */ int command_disconnect(command_t *this, encoder_t *encoder, char *command) { int sock; /* convert socket number to integer and create mutex */ if (!str_to_int(command, &sock)) { return 0; } if (command_do_disconnect(sock)) { encoder_add_string(encoder, "users disconnected"); return 1; } else { encoder_add_string(encoder, "no user connected"); return 0; } } char* FORTUNES[] = { " gryzor: c'est pratique subversion hein ? " \ "surtout les lendemains de fete", " J'ai un cerveau de mulot en bas age", " c'est debian, c'est credible", " naotemp_home: windows me fait pas peur :P\n" \ " lodesi: bon ben on t envoie au kosovo", " C'est pas un veterinaire, qu'il faut, pour un troll ?", "\"impossible\" (c) gryzor", }; const int NB_FORTUNE = sizeof(FORTUNES) / sizeof(FORTUNES[0]); const char* fortune() { double index = (double)random() * NB_FORTUNE / RAND_MAX; return FORTUNES[(int)index]; } static void conf_server_side_print(void *encoder, char *buffer) { encoder_add_string(encoder, buffer); } void command_execute(command_t * this, char *command) { encoder_t *encoder, *answer; int ret; int ok; /* process command */ ok = 1; encoder = encoder_new(); if (strcmp(command, "quit") == 0) { /* nothing */ } else if (strcmp(command, "help") == 0) { encoder_add_string(encoder, COMMAND_HELP); } else if (strcmp(command, "uptime") == 0) { command_uptime(encoder, this); } else if (strcmp(command, "nupik!") == 0) { encoder_add_string(encoder, fortune()); } else if (strcmp(command, "users") == 0) { command_users(this, encoder); } else if (strcmp(command, "firewalls") == 0) { command_servers(this, encoder); } else if (strcmp(command, "version") == 0) { encoder_add_string(encoder, NUAUTH_FULL_VERSION); } else if (strcmp(command, "confdump") == 0) { nuauth_config_table_print(encoder, conf_server_side_print); } else if (strcmp(command, "disconnect all") == 0) { ok = command_disconnect_all(this, encoder); force_refresh_crl_file(); } else if (strncmp(command, "disconnect ", 10) == 0) { ok = command_disconnect(this, encoder, command+10); force_refresh_crl_file(); } else if (strcmp(command, "reload") == 0) { gboolean restart = nuauth_reload(0); if (restart) { encoder_add_string(encoder, "Configuration change requires Nuauth restart"); } else { encoder_add_string(encoder, "Configuration reloaded"); } } else if (strcmp(command, "reload periods") == 0) { reload_periods(&nuauthconf->periods); encoder_add_string(encoder, "Periods reloaded"); } else if (strcmp(command, "refresh cache") == 0) { if (nuauthconf->acl_cache) { cache_reset(nuauthdatas->acl_cache); encoder_add_string(encoder, "Cache refreshed"); } else { encoder_add_string(encoder, "Cache disabled"); } } else if (strcmp(command, "refresh crl") == 0) { force_refresh_crl_file(); encoder_add_string(encoder, "Refresh of CRL file done"); } else if (strncmp(command, "debug_level ", 12) == 0) { int debug_level = atoi(command+12); if ((0 < debug_level) && (debug_level <= 9)) { nuauthconf->debug_level = debug_level; log_message(INFO, DEBUG_AREA_MAIN, "Debug level set to %d", debug_level); encoder_add_string(encoder,"Debug level changed"); } else { encoder_add_string(encoder,"Improper debug level (not in 1..9)"); ok = 0; } } else if (strncmp(command, "debug_areas ", 12) == 0) { int debug_areas = atoi(command+12); if (debug_areas > 0) { nuauthconf->debug_areas = debug_areas; log_message(INFO, DEBUG_AREA_MAIN, "Debug areas set to %d", debug_areas); encoder_add_string(encoder,"Debug areas changed"); } else { encoder_add_string(encoder,"Improper debug areas"); ok = 0; } } else if (strcmp(command, "display debug_level") == 0) { encoder_add_int32(encoder, nuauthconf->debug_level); } else if (strcmp(command, "display debug_areas") == 0) { encoder_add_int32(encoder, nuauthconf->debug_areas); } else if (strcmp(command, "display threads") == 0) { char buffer [450]; snprintf (buffer, sizeof(buffer), "User threads: %u\n" "User session threads: %u\n" "Unprocessed user threads: %u\n" "Unprocessed user session threads: %u\n" "Max user threads: %u\n" "Max user session threads: %u\n" "logger user pool full: %s\n" "logger session pool full: %s\n", g_thread_pool_get_num_threads(nuauthdatas->user_loggers), g_thread_pool_get_num_threads(nuauthdatas->user_session_loggers), g_thread_pool_unprocessed(nuauthdatas->user_loggers), g_thread_pool_unprocessed(nuauthdatas->user_session_loggers), g_thread_pool_get_max_threads(nuauthdatas->user_loggers), g_thread_pool_get_max_threads(nuauthdatas->user_session_loggers), (nuauthdatas->loggers_pool_full)?"true":"false", (nuauthdatas->session_loggers_pool_full)?"true":"false" ); buffer[sizeof(buffer)-1] = '\0'; encoder_add_string(encoder,buffer); } else if (strcmp(command, "packets count") == 0) { encoder_add_int32(encoder, g_hash_table_size(conn_list)); } else if (strcmp(command, "user count") == 0) { encoder_add_int32(encoder, g_hash_table_size(client_conn_hash)); } else { /* unknown command => disconnect */ } /* on error (invalid input): disconnect client */ if (encoder->size == 0) { command_client_close(this); encoder_destroy(encoder); return; } /* create answer */ answer = encode_answer(ok, encoder); encoder_destroy(encoder); /* send answer */ ret = send(this->client, answer->data, answer->size, 0); if (ret < 0) { log_message(WARNING, DEBUG_AREA_MAIN, "Command server: client send() error: %s", g_strerror(errno)); command_client_close(this); } encoder_destroy(answer); } void command_client_run(command_t * this) { char buffer[40]; int ret; ret = recv(this->client, buffer, sizeof(buffer) - 1, 0); if (ret <= 0) { if (ret == 0) { log_message(WARNING, DEBUG_AREA_MAIN, "Command server: " "lost connection with client"); } else { log_message(WARNING, DEBUG_AREA_MAIN, "Command server: " "error on recv() from client: %s", g_strerror(errno)); } command_client_close(this); return; } if (ret == (sizeof(buffer)-1)) { log_message(WARNING, DEBUG_AREA_MAIN, "Command server: client command is too long, " "disconnect him."); command_client_close(this); } buffer[ret] = 0; command_execute(this, buffer); } int command_main(command_t * this) { struct timeval tv; int ret; /* Wait activity on the socket */ FD_ZERO(&this->select_set); FD_SET(this->socket, &this->select_set); if (0 <= this->client) FD_SET(this->client, &this->select_set); tv.tv_sec = 1; tv.tv_usec = 0; ret = select(this->select_max, &this->select_set, NULL, NULL, &tv); /* catch select() error */ if (ret == -1) { /* Signal was catched: just ignore it */ if (errno == EINTR) { return 1; } log_message(CRITICAL, DEBUG_AREA_MAIN, "Command server: select() fatal error: %s", g_strerror(errno)); return 0; } /* timeout: continue */ if (ret == 0) { return 1; } if (0 <= this->client && FD_ISSET(this->client, &this->select_set)) { command_client_run(this); } if (FD_ISSET(this->socket, &this->select_set)) { if (!command_client_accept(this)) return 0; } return 1; } void *command_server(GMutex * mutex) { command_t command; if (!command_new(&command)) { nuauth_ask_exit(); return NULL; } while (g_mutex_trylock(mutex)) { g_mutex_unlock(mutex); command_main(&command); } return NULL; } #endif nufw-2.4.3/src/nuauth/user_authsrv.c0000644000175000017500000004375711431206275014432 00000000000000/* ** Copyright(C) 2004-2009 INL http://www.inl.fr/ ** Written by Eric Leblond ** Vincent Deffontaines ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include #include #include #define RETURN_NO_LOG return static GSList *userpckt_decode(struct tls_buffer_read *data); /** * Get user data (containing datagram) and goes till inclusion * (or decision) on packet. * * Call userpckt_decode() * * \param user_session Pointer to a struct user_session_t: containing the data to treat * \param data NULL (unused) */ void user_check_and_decide(gpointer user_session, gpointer data) { GSList *conn_elts = NULL; GSList *conn_elt_l; connection_t *conn_elt; struct tls_buffer_read *userdata = NULL; nu_error_t u_request; user_session_t *usersession = user_session; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "entering user_check"); /* Call treat user request */ u_request = treat_user_request(usersession, &userdata); if (u_request == NU_EXIT_OK) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "client disconnect"); /* clean client structure */ delete_client_by_socket(usersession->socket); RETURN_NO_LOG; } else if (u_request != NU_EXIT_CONTINUE) { #ifdef DEBUG_ENABLE log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "treat_user_request() failure"); #endif /* better to disconnect: cleaning client structure */ delete_client_by_socket(usersession->socket); RETURN_NO_LOG; } /* send socket back to user select */ write(user_pipefd[1], &usersession->socket, sizeof(usersession->socket)); if (userdata == NULL) { RETURN_NO_LOG; } /* reload condition */ conn_elts = userpckt_decode(userdata); if (conn_elts == NULL) { if (((struct nu_header *) userdata->buffer)->msg_type != EXTENDED_PROTO) { log_message(INFO, DEBUG_AREA_USER, "User packet decoding failed"); } free_buffer_read(userdata); return; } /* if OK search and fill */ for (conn_elt_l = conn_elts; conn_elt_l != NULL; conn_elt_l = conn_elt_l->next) { const struct tls_buffer_read *tlsdata = userdata; conn_elt = conn_elt_l->data; /* in this case we have an HELLO MODE packet */ if (conn_elt->packet_id) { struct internal_message *message = g_new0(struct internal_message, 1); /* We assume the source address we try to authenticate is source address * of client connection */ conn_elt->tracking.saddr = tlsdata->ip_addr; message->type = INSERT_MESSAGE; message->datas = conn_elt; g_async_queue_push(nuauthdatas->localid_auth_queue, message); continue; } if (nuauthconf->user_check_ip_equality) { /* Sanity check : verify source IP equality */ if (! ipv6_equal(&tlsdata->ip_addr, &conn_elt->tracking.saddr)) { if (DEBUG_OR_NOT (DEBUG_LEVEL_INFO, DEBUG_AREA_USER)) { char ip_ascii[INET6_ADDRSTRLEN]; format_ipv6(&tlsdata->ip_addr, ip_ascii, INET6_ADDRSTRLEN, NULL); g_message ("User \"%s\" on %s tried to authenticate packet from other ip", conn_elt->username, ip_ascii); conn_elt->log_prefix = g_strdup(SPOOFED_LOG_PREFIX); print_connection(conn_elt, "User spoofed Packet"); } /* free connection */ free_connection(conn_elt); continue; } } if (DEBUG_OR_NOT (DEBUG_LEVEL_DEBUG, DEBUG_AREA_PACKET)) { print_connection(conn_elt, "User Packet"); } g_async_queue_push(nuauthdatas->connections_queue, conn_elt); } g_slist_free(conn_elts); free_buffer_read(userdata); } void user_process_field_hello(connection_t * connection, struct nu_authfield_hello *hellofield) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "\tgot hello field"); connection->packet_id = g_slist_prepend(NULL, GINT_TO_POINTER(hellofield->helloid)); } int user_process_field_ipv6(connection_t * connection, struct nu_authfield_ipv6 *ipfield) { connection->tracking.saddr = ipfield->src; connection->tracking.daddr = ipfield->dst; connection->tracking.protocol = ipfield->proto; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "\tgot IPv4 field"); switch (connection->tracking.protocol) { case IPPROTO_TCP: case IPPROTO_UDP: connection->tracking.source = ntohs(ipfield->sport); connection->tracking.dest = ntohs(ipfield->dport); connection->tracking.type = 0; connection->tracking.code = 0; break; case IPPROTO_ICMP: case IPPROTO_ICMPV6: connection->tracking.source = 0; connection->tracking.dest = 0; connection->tracking.type = ntohs(ipfield->sport); connection->tracking.code = ntohs(ipfield->dport); break; default: return -1; } return 0; } int user_process_field_ipv4(connection_t * connection, struct nu_authfield_ipv4 *ipfield) { uint32_to_ipv6(ipfield->src, &connection->tracking.saddr); uint32_to_ipv6(ipfield->dst, &connection->tracking.daddr); connection->tracking.protocol = ipfield->proto; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "\tgot IPv4 field"); switch (connection->tracking.protocol) { case IPPROTO_TCP: case IPPROTO_UDP: connection->tracking.source = ntohs(ipfield->sport); connection->tracking.dest = ntohs(ipfield->dport); connection->tracking.type = 0; connection->tracking.code = 0; break; case IPPROTO_ICMP: connection->tracking.source = 0; connection->tracking.dest = 0; connection->tracking.type = ntohs(ipfield->sport); connection->tracking.code = ntohs(ipfield->dport); break; /* Non supported protocol HAVE to be rejected */ default: return -1; } return 0; } int user_process_field_app(struct nu_authreq *authreq, connection_t * connection, int field_buffer_len, struct nu_authfield_app *appfield) { unsigned int reallen = 0; gchar *dec_appname = NULL; unsigned int len = appfield->length - 4; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "\tgot APP field"); /* this has to be smaller than field size */ if (field_buffer_len < (int) appfield->length) { log_message(WARNING, DEBUG_AREA_USER, "Improper application field length signaled in authreq header %d < %d", field_buffer_len, appfield->length); return -1; } if (len > 512 || (len <= 0)) { /* it is reaaally long (or too short), we ignore packet (too lasy to kill client) */ log_message(INFO, DEBUG_AREA_USER, "user packet announced a bad length app name : %d", len); return -1; } dec_appname = g_new0(gchar, len + 1); int ret; if ((ret = sasl_decode64((char *) appfield + 4, len, dec_appname, len, &reallen)) != SASL_OK) { log_message(INFO, DEBUG_AREA_USER, "user packet announced a badly encoded app name, sasl_error %d", ret); if (ret == SASL_BADPROT) log_message(INFO, DEBUG_AREA_USER, "Try upgrading your client"); g_free(dec_appname); return -1; } dec_appname = g_try_realloc(dec_appname, reallen + 1); dec_appname[reallen] = 0; if (dec_appname != NULL) { connection->app_name = string_escape(dec_appname); if (connection->app_name == NULL) log_message(WARNING, DEBUG_AREA_USER, "user packet received an invalid app name"); } else { log_message(WARNING, DEBUG_AREA_USER, "User packet contained an undecodable app name"); connection->app_name = NULL; } g_free(dec_appname); return 1; } int user_process_field_hash(struct nu_authreq *authreq, connection_t * connection, int field_buffer_len, struct nu_authfield_app *appfield) { gchar *appsig = NULL; unsigned int len = appfield->length - sizeof(struct nu_authfield_app); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "\tgot HASH field"); /* this has to be smaller than field size */ if (field_buffer_len < (int) appfield->length) { log_message(WARNING, DEBUG_AREA_USER, "Improper application field length signaled in authreq header %d < %d", field_buffer_len, appfield->length); return -1; } if (len > 256 || (len <= 0)) { /* it is reaaally long (or too short), we ignore packet (too lasy to kill client) */ log_message(INFO, DEBUG_AREA_USER, "user packet announced a bad length app name : %d", len); return -1; } appsig = g_new0(gchar, len + 1); memcpy(appsig, (char *)appfield + sizeof(struct nu_authfield_app), len); appsig[len] = 0; connection->app_sig = appsig; return 1; } int user_process_field(struct nu_authreq *authreq, uint8_t header_option, connection_t * connection, int auth_buffer_len, struct nu_authfield *field) { /* check field length */ field->length = ntohs(field->length); if (auth_buffer_len < (int) field->length) { log_message(WARNING, DEBUG_AREA_USER, "Too big field length: (%d>%d)", field->length, auth_buffer_len); return -1; } switch (field->type) { case IPV6_FIELD: debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "IPV6_FIELD"); if (auth_buffer_len < (int) sizeof(struct nu_authfield_ipv6)) { log_message(WARNING, DEBUG_AREA_USER, "Auth buffer too small for field type"); return -1; } if (user_process_field_ipv6 (connection, (struct nu_authfield_ipv6 *) field)) return -1; break; case IPV4_FIELD: if (auth_buffer_len < (int) sizeof(struct nu_authfield_ipv4)) { log_message(WARNING, DEBUG_AREA_USER, "Auth buffer too small for field type"); return -1; } switch (connection->proto_version) { case PROTO_VERSION_V20: if (user_process_field_ipv4 (connection, (struct nu_authfield_ipv4 *) field)) return -1; break; case PROTO_VERSION_V22: case PROTO_VERSION_V24: log_message(WARNING, DEBUG_AREA_USER, "Proto V4 user sends an IPV4_FIELD"); return -1; default: log_message(WARNING, DEBUG_AREA_USER, "Unknown protocol %d client has sent an IPV4_FIELD", connection->proto_version); } break; case APP_FIELD: debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "APP_FIELD"); if (auth_buffer_len < (int) sizeof(struct nu_authfield_app)) { return -1; } if (user_process_field_app (authreq, connection, field->length, (struct nu_authfield_app *) field) < 0) return -1; break; case HASH_FIELD: debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "HASH_FIELD"); if (auth_buffer_len < (int) sizeof(struct nu_authfield_app)) { return -1; } if (user_process_field_hash (authreq, connection, field->length, (struct nu_authfield_app *) field) < 0) return -1; break; case HELLO_FIELD: debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "HELLO_FIELD"); if (auth_buffer_len < (int) sizeof(struct nu_authfield_hello)) { return -1; } user_process_field_hello(connection, (struct nu_authfield_hello *) field); break; default: log_message(INFO, DEBUG_AREA_USER, "unknown field type: %d", field->type); return -1; } return field->length; } /** * \brief Parse user request * * \param data Buffer read on a TLS socket * \return Single linked list of connections (of type ::connection_t). */ GSList *user_request(struct tls_buffer_read * data) { char *dgram = data->buffer; struct nu_header *header = (struct nu_header *) dgram; GSList *conn_elts = NULL; connection_t *connection = NULL; char *start; int buffer_len = data->buffer_len; int auth_buffer_len; int field_length; struct nu_authreq *authreq; char *req_start; for (start = dgram + sizeof(struct nu_header), buffer_len -= sizeof(struct nu_header); 0 < buffer_len; start += authreq->packet_length, buffer_len -= authreq->packet_length) { /* check buffer underflow */ if (buffer_len < (int) sizeof(struct nu_authreq)) { free_connection_list(conn_elts); log_message(WARNING, DEBUG_AREA_USER, "Received buffer too small to read request"); return NULL; } authreq = (struct nu_authreq *) start; authreq->packet_length = ntohs(authreq->packet_length); if (authreq->packet_length == 0 || buffer_len < (int) authreq->packet_length) { log_message(WARNING, DEBUG_AREA_USER, "Improper length signaled in authreq header: %d", authreq->packet_length); free_connection_list(conn_elts); return NULL; } connection = g_new0(connection_t, 1); connection->acl_groups = NULL; connection->user_groups = NULL; connection->app_name = NULL; connection->app_sig = NULL; connection->username = NULL; connection->cacheduserdatas = NULL; connection->packet_id = NULL; connection->expire = -1; connection->flags = ACL_FLAGS_NONE; connection->proto_version = data->proto_version; connection->auth_quality = data->auth_quality; connection->decision = DECISION_NODECIDE; #ifdef PERF_DISPLAY_ENABLE if (nuauthconf->debug_areas & DEBUG_AREA_PERF) { gettimeofday(&(connection->arrival_time), NULL); } #endif /*** process all fields ***/ debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "Authreq start"); req_start = start + sizeof(struct nu_authreq); auth_buffer_len = authreq->packet_length - sizeof(struct nu_authreq); for (; 0 < auth_buffer_len; req_start += field_length, auth_buffer_len -= field_length) { struct nu_authfield *field = (struct nu_authfield *) req_start; /* check buffer underflow */ if (auth_buffer_len < (int) sizeof(struct nu_authfield)) { free_connection_list(conn_elts); free_connection(connection); log_message(WARNING, DEBUG_AREA_USER, "Received buffer too small to read authfield"); return NULL; } /* process field */ field_length = user_process_field(authreq, header->option, connection, auth_buffer_len, field); if (field_length < 0) { free_connection_list(conn_elts); free_connection(connection); log_message(WARNING, DEBUG_AREA_USER, "Error in parsing of user field"); return NULL; } } /* Sanity check on received packet : * Source address can be 0 only if it's a hello mode packet * we also want to have APPNAME defined * We destroy all the received message and stop parsing */ if ((ipv6_equal(&connection->tracking.saddr, &in6addr_any) || (connection->app_name == NULL)) && (connection->packet_id == NULL) ) { free_connection_list(conn_elts); free_connection(connection); log_message(WARNING, DEBUG_AREA_USER, "Invalid authentication request"); return NULL; } /* here all packet related information are filled-in */ if (connection->username == NULL) { connection->username = g_strdup(data->user_name); } connection->user_id = data->user_id; connection->user_groups = g_slist_copy(data->groups); connection->os_sysname = g_strdup(data->os_sysname); connection->os_release = g_strdup(data->os_release); connection->os_version = g_strdup(data->os_version); /* copy client version information */ connection->proto_version = data->proto_version; if (connection->user_groups == NULL) { log_message(INFO, DEBUG_AREA_USER, "User_check return is bad"); free_connection_list(conn_elts); free_connection(connection); return NULL; } connection->state = AUTH_STATE_USERPCKT; connection->acl_groups = NULL; /* acl part is NULL */ connection->timestamp = time(NULL); /* first reset timestamp to now */ conn_elts = g_slist_prepend(conn_elts, connection); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "Authreq end"); } return conn_elts; } static GSList *treat_extended_proto(struct tls_buffer_read *data) { int ret; struct nu_header *header = (struct nu_header *) data->buffer; if (sizeof(*header) > (size_t)data->buffer_len) { log_message(WARNING, DEBUG_AREA_USER, "Error: too small message"); return NULL; } if (header->length > data->buffer_len) { log_message(WARNING, DEBUG_AREA_USER, "Error: message bigger than buffer (%d vs %d)", header->length, data->buffer_len); return NULL; } if (! llist_empty(&(nuauthdatas->ext_proto_l))) { ret = process_ext_message(data->buffer + sizeof(struct nu_header), data->buffer_len - sizeof(struct nu_header), &(nuauthdatas->ext_proto_l), data); if (ret != SASL_OK) { log_message(WARNING, DEBUG_AREA_USER, "Error when processing extended proto message"); } } else { log_message(WARNING, DEBUG_AREA_USER, "No protocol extension supported but extended proto message"); } return NULL; } /** * Decode user datagram packet and fill a connection with data * (called by user_check_and_decide()). * * \param data Pointer to a struct tls_buffer_read: * \return Single linked list of connections (of type connection_t). */ static GSList *userpckt_decode(struct tls_buffer_read *data) { char *dgram = data->buffer; struct nu_header *header = (struct nu_header *) dgram; /* check buffer underflow */ if (data->buffer_len < (int) sizeof(struct nu_header)) { log_message(WARNING, DEBUG_AREA_USER, "Received buffer too small to read header"); return NULL; } /* check protocol version */ if (check_protocol_version(CLIENT_PROTO, header->proto) != NU_EXIT_OK) { log_message(WARNING, DEBUG_AREA_USER, "Unsupported protocol, got protocol %d (msg %d) with option %d (length %d)", header->proto, header->msg_type, header->option, header->length); return NULL; } header->length = ntohs(header->length); if (header->length > MAX_NUFW_PACKET_SIZE) { log_message(WARNING, DEBUG_AREA_USER, "Improper length signaled in packet header"); return NULL; } switch (header->msg_type) { case USER_REQUEST: return user_request(data); case EXTENDED_PROTO: return treat_extended_proto(data); default: log_message(WARNING, DEBUG_AREA_USER, "Unsupported message type"); return NULL; } } nufw-2.4.3/src/nuauth/tls_nufw.c0000644000175000017500000005173311431206275013532 00000000000000/* ** Copyright(C) 2004-2009 INL ** Written by Eric Leblond ** Vincent Deffontaines ** Pierre Chifflier ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ** */ #include "auth_srv.h" #include #include #include #include #include "nuauthconf.h" /** * \ingroup TLS * \defgroup TLSNufw TLS Nufw server * @{ */ /** \file tls_nufw.c * \brief Manage NuFW firewall connections and messages. * * The main thread is tls_nufw_authsrv() which call tls_nufw_main_loop(). */ int nuauth_tls_max_servers = NUAUTH_TLS_MAX_SERVERS; int nufw_servers_connected = 0; extern struct nuauth_tls_t nuauth_tls; struct tls_nufw_context_t { char *addr; char *port; int mx; int sck_inet; int sck_unix; fd_set tls_rx_set; /* read set */ GMutex *mutex; nussl_session *server; }; /** * Get RX paquet from a TLS client connection and send it to user * authentication threads: * - nuauthdatas->localid_auth_queue (see ::localid_auth()), if connection * state is #AUTH_STATE_HELLOMODE * - nuauthdatas->connections_queue (see search_and_fill()), otherwise * * \param c_session SSL RX packet * \return Returns 1 if read is done, EOF if read is completed */ static int treat_nufw_request(nufw_session_t * c_session) { unsigned char cdgram[CLASSIC_NUFW_PACKET_SIZE]; unsigned char *dgram = cdgram; int dgram_size; connection_t *current_conn; int ret; if (c_session == NULL) return NU_EXIT_OK; /* read data from nufw */ /* g_mutex_lock(c_session->tls_lock); */ dgram_size = nussl_read(c_session->nufw_client, (char *)dgram, CLASSIC_NUFW_PACKET_SIZE); /* g_mutex_unlock(c_session->tls_lock);*/ if (dgram_size < 0) { log_message(INFO, DEBUG_AREA_GW, "nufw failure at %s:%d (%s)", __FILE__, __LINE__, nussl_get_error(c_session->nufw_client)); return NU_EXIT_ERROR; } else if (dgram_size == 0) { log_message(INFO, DEBUG_AREA_GW, "nufw disconnect at %s:%d", __FILE__, __LINE__); return NU_EXIT_ERROR; } /* Bad luck, this is first packet, we have to test nufw proto version */ if (c_session->proto_version == PROTO_UNKNOWN) { c_session->proto_version = get_proto_version_from_packet(dgram, (size_t) dgram_size); if (!c_session->proto_version) { return NU_EXIT_ERROR; } } /* decode data */ do { ret = authpckt_decode(&dgram, (unsigned int *) &dgram_size, ¤t_conn); switch (ret) { case NU_EXIT_ERROR: return NU_EXIT_ERROR; case NU_EXIT_OK: if (current_conn != NULL) { current_conn->socket = 0; /* session will be used by created element */ increase_nufw_session_usage(c_session); current_conn->tls = c_session; /* if we absolutely want to log we've got to have a working pool thread */ if (nuauthconf->drop_if_no_logging && (nuauthdatas->loggers_pool_full == TRUE)) { current_conn->decision = DECISION_DROP; current_conn->state = AUTH_STATE_DONE; apply_decision(current_conn); free_connection(current_conn); return NU_EXIT_ERROR; } /* gonna feed the birds */ if (current_conn->state == AUTH_STATE_HELLOMODE) { debug_log_message(DEBUG, DEBUG_AREA_GW, "(*) NuFW auth request (hello mode): packetid=%u", (uint32_t) GPOINTER_TO_UINT (current_conn-> packet_id-> data)); struct internal_message *message = g_new0(struct internal_message, 1); message->type = INSERT_MESSAGE; message->datas = current_conn; current_conn->state = AUTH_STATE_AUTHREQ; g_async_queue_push(nuauthdatas-> localid_auth_queue, message); } else { debug_log_message(DEBUG, DEBUG_AREA_GW, "(*) NuFW auth request (nufw mode): packetid=%u", (uint32_t) GPOINTER_TO_UINT (current_conn-> packet_id-> data)); g_async_queue_push(nuauthdatas-> connections_queue, current_conn); } } break; case NU_EXIT_NO_RETURN: debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_GW, "Nufw gateway sending control message"); break; } #if 0 g_message("dgram_size at %d: %d", __LINE__, dgram_size); #endif } while (dgram_size > 0); return NU_EXIT_OK; } static int get_reverse_dns_info(struct sockaddr_storage *addr, char *buffer, size_t size) { int ret; ret = getnameinfo((const struct sockaddr*)addr, sizeof(*addr), buffer, size, NULL, 0, 0); return ret; } /** * Function called on new NuFW connection: create a new TLS session using * tls_connect(). * * \return If an error occurs returns 1, else returns 0. */ int tls_nufw_accept(struct tls_nufw_context_t *context) { int conn_fd; struct sockaddr_storage sockaddr; struct sockaddr_in *sockaddr4 = (struct sockaddr_in *) &sockaddr; struct sockaddr_in6 *sockaddr6 = (struct sockaddr_in6 *) &sockaddr; char address[INET6_ADDRSTRLEN]; int ret; char peername[256]; int port; socklen_t len_inet = sizeof(sockaddr); char cipher[256]; nufw_session_t *nu_session; /* initialize TLS */ nu_session = g_new0(nufw_session_t, 1); nu_session->connect_timestamp = time(NULL); nu_session->usage = 0; nu_session->alive = TRUE; /* We have to wait the first packet */ nu_session->proto_version = PROTO_UNKNOWN; nu_session->nufw_client = nussl_session_accept(context->server); if ( ! nu_session->nufw_client ) { g_free(nu_session); log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_WARNING, "Unable to allocate nufw server connection : %s", nussl_get_error(context->server)); return 1; } /* Check number of connected servers */ if ( nufw_servers_connected >= nuauth_tls_max_servers ) { log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_WARNING, "too many servers (%d configured)", nuauth_tls_max_servers); nussl_session_destroy(nu_session->nufw_client); g_free(nu_session); return 1; } if (nussl_session_getpeer(nu_session->nufw_client, (struct sockaddr *) &sockaddr, &len_inet) != NUSSL_OK) { log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_WARNING, "Unable to get peername of NuFW dameon : %s", nussl_get_error(nu_session->nufw_client)); nussl_session_destroy(nu_session->nufw_client); g_free(nu_session); return 1; } /* Extract client address (convert it to IPv6 if it's IPv4) */ if (sockaddr6->sin6_family == AF_INET) { ipv4_to_ipv6(sockaddr4->sin_addr, &nu_session->peername); port = ntohs(sockaddr4->sin_port); } else { nu_session->peername = sockaddr6->sin6_addr; port = ntohs(sockaddr6->sin6_port); } format_ipv6(&nu_session->peername, address, sizeof(address), NULL); log_message(DEBUG, DEBUG_AREA_MAIN, "nuauth: nufw connection attempt from %s\n", address); /* get canonical (first) name and set it in ssl session, so that * we can verify if peer name matches certificate CN entry */ ret = get_reverse_dns_info(&sockaddr, peername, sizeof(peername)); nussl_set_hostinfo(nu_session->nufw_client, peername, port); /* copy verification flag from server session */ nussl_set_session_flag(nu_session->nufw_client, NUSSL_SESSFLAG_IGNORE_ID_MISMATCH, nussl_get_session_flag(context->server, NUSSL_SESSFLAG_IGNORE_ID_MISMATCH) ); // XXX default value is 30s, should be a configuration value nussl_set_connect_timeout(nu_session->nufw_client, 30); ret = nussl_session_handshake(nu_session->nufw_client, context->server); if ( ret ) { log_message(WARNING, DEBUG_AREA_MAIN, "Error during TLS handshake with nufw server %s : %s", address, nussl_get_error(context->server)); nussl_session_destroy(nu_session->nufw_client); g_free(nu_session); return 1; } cipher[0] = '\0'; nussl_session_get_cipher(nu_session->nufw_client, cipher, sizeof(cipher)); log_message(INFO, DEBUG_AREA_MAIN | DEBUG_AREA_USER, "TLS handshake with nufw server %s succeeded, cipher is %s", address, cipher); /* Check certificate hook */ ret = modules_check_certificate(nu_session->nufw_client); if ( ret ) { log_message(WARNING, DEBUG_AREA_MAIN, "New client connection from %s failed during modules_check_certificate()", address); nussl_session_destroy(nu_session->nufw_client); g_free(nu_session); return 1; } conn_fd = nussl_session_get_fd(nu_session->nufw_client); nu_session->tls_lock = g_mutex_new(); add_nufw_server(conn_fd, nu_session); FD_SET(conn_fd, &context->tls_rx_set); if (conn_fd + 1 > context->mx) context->mx = conn_fd + 1; g_message("[+] NuFW: new NuFW server (%s) connected on socket %d", address, conn_fd); return 0; } int tls_nufw_accept_unix(struct tls_nufw_context_t *context) { int conn_fd; struct sockaddr_un sockaddr; socklen_t len_unix = sizeof(sockaddr); nufw_session_t *nu_session; /* initialize TLS */ nu_session = g_new0(nufw_session_t, 1); nu_session->connect_timestamp = time(NULL); nu_session->usage = 0; nu_session->alive = TRUE; /* We have to wait the first packet */ nu_session->proto_version = PROTO_UNKNOWN; nu_session->nufw_client = NULL; conn_fd = accept(context->sck_unix, (struct sockaddr*)&sockaddr, &len_unix); if ( conn_fd < 0 ) { g_free(nu_session); log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_WARNING, "Error while accepting nufw server connection"); return 1; } /* Check number of connected servers */ if ( nufw_servers_connected >= nuauth_tls_max_servers ) { log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_WARNING, "too many servers (%d configured)", nuauth_tls_max_servers); close(conn_fd); g_free(nu_session); return 1; } nu_session->nufw_client = nussl_session_create_with_fd(conn_fd, 0 /* verify */); if ( ! nu_session->nufw_client ) { close(conn_fd); g_free(nu_session); log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_WARNING, "Unable to allocate nufw server connection : %s", nussl_get_error(context->server)); return 1; } nu_session->tls_lock = g_mutex_new(); add_nufw_server(conn_fd, nu_session); FD_SET(conn_fd, &context->tls_rx_set); if (conn_fd + 1 > context->mx) context->mx = conn_fd + 1; g_message("[+] NuFW: new NuFW server connected on unix socket %d", conn_fd); return 0; } /** * NuFW TLS thread main loop: * - Wait events (message/new connection) using select() with a timeout * of one second * - Accept new connections: call tls_nufw_accept() * - Read and process new packets using treat_nufw_request() */ void tls_nufw_main_loop(struct tls_nufw_context_t *context, GMutex * mutex) { int n, c, z; fd_set wk_set; /* working set */ struct timeval tv; char *unix_path; unix_path = nuauth_config_table_get("nuauth_client_listen_socket"); log_message(INFO, DEBUG_AREA_GW, "[+] NuAuth is waiting for NuFW connections."); while (g_mutex_trylock(mutex)) { g_mutex_unlock(mutex); /* copy rx set to working set */ FD_ZERO(&wk_set); for (z = 0; z < context->mx; ++z) { if (FD_ISSET(z, &context->tls_rx_set)) FD_SET(z, &wk_set); } /* wait new events during 1 second */ tv.tv_sec = 1; tv.tv_usec = 0; n = select(context->mx, &wk_set, NULL, NULL, &tv); if (n == -1) { /* Signal was catched: just ignore it */ if (errno == EINTR) { log_message(CRITICAL, DEBUG_AREA_GW, "Warning: tls nufw select() failed: signal was catched."); continue; } if (errno == EBADF) { int i; /* A client disconnects between FD_SET and select. * Will try to find it */ for (i=0; imx; ++i){ struct stat s; if (FD_ISSET(i, &context->tls_rx_set)){ if (fstat(i, &s)<0) { log_message(CRITICAL, DEBUG_AREA_USER, "Warning: %d is a bad file descriptor.", i); FD_CLR(i, &context->tls_rx_set); } } } continue; } log_message(FATAL, DEBUG_AREA_MAIN | DEBUG_AREA_GW, "select() %s:%u failure: %s", __FILE__, __LINE__, g_strerror(errno)); nuauth_ask_exit(); break; } else if (!n) { continue; } /* Check if a connect has occured */ if (FD_ISSET(context->sck_inet, &wk_set)) { if (tls_nufw_accept(context)) { continue; } } /* Check if a connect has occured */ if (context->sck_unix > 0 && FD_ISSET(context->sck_unix, &wk_set)) { if (tls_nufw_accept_unix(context)) { continue; } } /* check for server activity */ for (c = 0; c < context->mx; ++c) { if (c == context->sck_inet) continue; if (c == context->sck_unix) continue; if (FD_ISSET(c, &wk_set)) { nufw_session_t *c_session; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_GW, "nufw activity on socket %d", c); c_session = acquire_nufw_session_by_socket(c); if (! c_session) { FD_CLR(c, &context->tls_rx_set); continue; } if (treat_nufw_request(c_session) == NU_EXIT_ERROR) { release_nufw_session(c_session); /* get session link with c */ debug_log_message(DEBUG, DEBUG_AREA_GW, "nufw server disconnect on %d", c); FD_CLR(c, &context->tls_rx_set); declare_dead_nufw_session(c_session); } else { release_nufw_session(c_session); } } } for (c = context->mx - 1; c >= 0 && !FD_ISSET(c, &context->tls_rx_set); c = context->mx - 1) { context->mx = c; } } close(context->sck_inet); close(context->sck_unix); if (unix_path) unlink(unix_path); } /** * Initialize the NuFW TLS servers thread * 0 if error, 1 on success */ int tls_nufw_init(struct tls_nufw_context_t *context) { int socket_fd; int unix_socket_fd; char *errmsg; char *unix_path; /* config init */ int ret; int int_requestcert; int int_disable_fqdn_check; char *dh_params_file; context->sck_inet = nuauth_bind(&errmsg, context->addr, context->port, "nufw"); if (context->sck_inet < 0) { log_message(FATAL, DEBUG_AREA_GW | DEBUG_AREA_MAIN, "FATAL ERROR: NuFW bind error: %s", errmsg); log_message(FATAL, DEBUG_AREA_GW | DEBUG_AREA_MAIN, "Check that nuauth is not running twice. Exiting nuauth!"); return 0; } unix_path = nuauth_config_table_get("nuauth_client_listen_socket"); if (unix_path) { context->sck_unix = nuauth_bind_unix(&errmsg, unix_path); if (context->sck_unix < 0) { log_message(FATAL, DEBUG_AREA_GW | DEBUG_AREA_MAIN, "FATAL ERROR: NuFW unix bind error: %s", errmsg); log_message(FATAL, DEBUG_AREA_GW | DEBUG_AREA_MAIN, "Check that nuauth is not running twice. Exiting nuauth!"); return 0; } } else { context->sck_unix = -1; } #if 0 /* XXX: Already commented in 2.2 */ struct sigaction action; char *configfile = nuauthconf->configfile; gpointer vpointer; confparams_t nuauth_tls_vars[] = { {"nuauth_tls_max_servers", G_TOKEN_INT, NUAUTH_TLS_MAX_SERVERS, NULL} }; int nuauth_tls_max_servers = NUAUTH_TLS_MAX_SERVERS; /* get config file setup */ /* parse conf file */ if (!parse_conffile(configfile, sizeof(nuauth_tls_vars) / sizeof(confparams_t), nuauth_tls_vars)) { log_message(FATAL, DEBUG_AREA_MAIN, "Failed to load config file %s", configfile); return 0; } /* set variable value from config file */ vpointer = get_confvar_value(nuauth_tls_vars, sizeof(nuauth_tls_vars) / sizeof(confparams_t), "nuauth_tls_max_servers"); nuauth_tls_max_servers = *(int *) (vpointer ? vpointer : &nuauth_tls_max_servers); #endif /* Listen ! */ socket_fd = listen(context->sck_inet, 20); if (socket_fd == -1) { log_message(FATAL, DEBUG_AREA_MAIN, "nufw listen() failed, exiting"); exit(EXIT_FAILURE); } if (context->sck_unix >= 0) { unix_socket_fd = listen(context->sck_unix, 20); if (unix_socket_fd == -1) { log_message(FATAL, DEBUG_AREA_MAIN, "nufw unix_socket listen() failed, exiting"); exit(EXIT_FAILURE); } } /* init fd_set */ context->mx = context->sck_inet + 1; if (context->sck_unix > context->sck_inet) context->mx = context->sck_unix + 1; FD_ZERO(&context->tls_rx_set); FD_SET(context->sck_inet, &context->tls_rx_set); if (context->sck_unix >=0) FD_SET(context->sck_unix, &context->tls_rx_set); /* TODO: read values specific to nufw connection */ nuauth_tls_max_servers = nuauth_config_table_get_or_default_int("nuauth_tls_max_servers", NUAUTH_TLS_MAX_SERVERS); int_requestcert = nuauth_config_table_get_or_default_int("nuauth_tls_request_cert", FALSE); dh_params_file = nuauth_config_table_get("nuauth_tls_dh_params"); /* {"nuauth_tls_auth_by_cert", G_TOKEN_INT, FALSE, NULL}, */ int_disable_fqdn_check = nuauth_config_table_get_or_default_int("nuauth_tls_disable_nufw_fqdn_check", FALSE); /* TODO: use a nufw specific value of request_cert */ context->server = nussl_session_create_with_fd(context->sck_inet, nuauth_tls.request_cert); if ( ! context->server ) { log_message(FATAL, DEBUG_AREA_MAIN, "Cannot create NuSSL session!"); exit(EXIT_FAILURE); } ret = NUSSL_ERROR; if (dh_params_file) { ret = nussl_session_set_dh_file(context->server, dh_params_file); } if (ret != NUSSL_OK && nussl_session_set_dh_bits(context->server, DH_BITS) != NUSSL_OK) { log_message(FATAL, DEBUG_AREA_MAIN, "Unable to initialize Diffie Hellman params."); exit(EXIT_FAILURE); } ret = nussl_ssl_set_keypair(context->server, nuauth_tls.cert, nuauth_tls.key); if ( ret != NUSSL_OK ) { log_message(FATAL, DEBUG_AREA_MAIN, "Failed to load nufw key/certificate: %s", nussl_get_error(context->server)); exit(EXIT_FAILURE); } ret = nussl_ssl_trust_cert_file(context->server, nuauth_tls.ca); if ( ret != NUSSL_OK ) { log_message(FATAL, DEBUG_AREA_MAIN, "Failed to load nufw certificate authority (nuauth_tls_cacert): %s", nussl_get_error(context->server)); exit(EXIT_FAILURE); } if (nuauth_tls.capath) { ret = nussl_ssl_trust_dir(context->server, nuauth_tls.capath); if ( ret != NUSSL_OK ) { log_message(FATAL, DEBUG_AREA_MAIN, "Failed to load user certificate authority directory: %s", nussl_get_error(context->server)); exit(EXIT_FAILURE); } } if (nuauth_tls.crl_file) { ret = nussl_ssl_set_crl_file(context->server, nuauth_tls.crl_file, nuauth_tls.ca); if ( ret != NUSSL_OK ) { log_message(FATAL, DEBUG_AREA_MAIN, "Failed to load certificate revocation list (CRL): %s", nussl_get_error(context->server)); exit(EXIT_FAILURE); } } if (nuauth_tls.ciphers) { nussl_session_set_ciphers(context->server, nuauth_tls.ciphers); } if (int_disable_fqdn_check) nussl_set_session_flag(context->server, NUSSL_SESSFLAG_IGNORE_ID_MISMATCH, 1); return 1; } /** * TLS nufw packet server thread: call tls_nufw_init() and then live * in tls_nufw_main_loop(). * * \return NULL */ void *tls_nufw_authsrv(struct nuauth_thread_t *thread) { struct tls_nufw_context_t *context = thread->data; int ok; ok = tls_nufw_init(context); if (ok) { tls_nufw_main_loop(context, thread->mutex); } else { nuauth_ask_exit(); } return NULL; } void tls_nufw_start_servers(GSList *servers) { char **nufw_servers; int i; /* build servers hash */ init_nufw_servers(); nuauthdatas->tls_nufw_servers = NULL; /* get raw string from configuration */ nufw_servers = g_strsplit(nuauthconf->nufw_srv, " ", 0); for (i=0; nufw_servers[i]; i++) { /** \todo free context at program exit */ struct tls_nufw_context_t *context = g_new0(struct tls_nufw_context_t, 1); struct nuauth_thread_t *srv_thread = g_new0(struct nuauth_thread_t, 1); if (!parse_addr_port(nufw_servers[i], nuauthconf->authreq_port, &context->addr, &context->port)) { log_message(FATAL, DEBUG_AREA_MAIN | DEBUG_AREA_GW, "Address parsing error at %s:%d (\"%s\")", __FILE__, __LINE__, nufw_servers[i]); nuauth_ask_exit(); } thread_new_wdata(srv_thread, "tls nufw server", (gpointer) context, tls_nufw_authsrv); /* Append newly created server to list */ nuauthdatas->tls_nufw_servers = g_slist_prepend(nuauthdatas->tls_nufw_servers, srv_thread); } g_strfreev(nufw_servers); } /** * Refresh crl in the nufw contexts * */ void tls_crl_update_nufw_session(GSList *session) { GSList *listrunner = session; int ret; while ( listrunner ) { struct nuauth_thread_t *nuauth_thread = listrunner->data; struct tls_nufw_context_t *context = nuauth_thread->data; // Don't update the CRL when nufw is not yet connected if (context->server == NULL) { listrunner = g_slist_next(listrunner); continue; } ret = nussl_ssl_set_crl_file(context->server, nuauth_tls.crl_file, nuauth_tls.ca); if (ret != NUSSL_OK) { log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_CRITICAL, "[%i] NuFW TLS: CRL file reloading failed (%s)", getpid(), nussl_get_error(context->server)); } listrunner = g_slist_next(listrunner); } g_slist_free(listrunner); } /** * @} */ nufw-2.4.3/src/nuauth/period.h0000644000175000017500000000433011431206275013147 00000000000000/* ** Copyright(C) 2005 INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef PERIOD_H #define PERIOD_H /* period are weekly based */ /** define a period item * * This is a interval of days linked to a hour period * */ struct period_item { time_t duration; /**< specify that connection will expire after duration delay */ time_t start_date; /**< specify an interval in date, set to -1 to ignore */ time_t end_date; /**< end of date interval set to -1 to ignore */ int start_day; /**< week day start, set to -1 to ignore interval check, day from O (sunday) to 6 (saturday) */ int end_day; /**< week day end, set to -1 to ignore */ char start_hour; /**< 0-24 start hour, set to -1 to ignore */ char end_hour; /**< O-24 end hour, set to -1 to ignore */ }; /** * define a period * - this is a GSList of period_item * - a name * - a description * - a flag to indicate if is is used or not */ struct period { GSList *items; gchar *description; gchar *name; gboolean used; }; gboolean is_time_t_in_period(const gchar * period, time_t time); time_t get_end_of_period_for_time_t(const gchar * period, time_t time); gboolean define_new_period(GHashTable * periods, gchar * name, gchar * description); gboolean add_perioditem_to_period(GHashTable * periods, gchar * name, struct period_item *perioditem); gboolean delete_period(GHashTable * periods, gchar * name); void destroy_periods(GHashTable * periods); GHashTable *init_periods(); void reload_periods(GHashTable **periods); #endif nufw-2.4.3/src/nuauth/auth_common.c0000644000175000017500000002144411431206275014176 00000000000000/* ** Copyright(C) 2003-2009 INL ** Written by Eric Leblond ** Vincent Deffontaines ** Pierre Chifflier ** INL : http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "auth_srv.h" #include #include #include #include #include /* isspace() */ #include /* See tv_usec < y->tv_usec) { int nsec = (y->tv_usec - x->tv_usec) / 1000000 + 1; y->tv_usec -= 1000000 * nsec; y->tv_sec += nsec; } if (x->tv_usec - y->tv_usec > 1000000) { int nsec = (x->tv_usec - y->tv_usec) / 1000000; y->tv_usec += 1000000 * nsec; y->tv_sec -= nsec; } /* Compute the time remaining to wait. * tv_usec is certainly positive. */ result->tv_sec = x->tv_sec - y->tv_sec; result->tv_usec = x->tv_usec - y->tv_usec; /* Return 1 if result is negative. */ return x->tv_sec < y->tv_sec; } #endif /** * Suppress domain from "user\@domain" string (returns "user"). * * \return Username which need to be freed */ char *get_rid_of_domain(const char *user_domain) { char *username = NULL; char **user_realm; user_realm = g_strsplit(user_domain, "@", 2); if (user_realm[0] != NULL) { username = g_strdup(user_realm[0]); } else { username = g_strdup(user_domain); } g_strfreev(user_realm); return username; } /** * Suppress domain from "DOMAIN\user" string (returns "user"). * * \return Username which need to be freed */ char *get_rid_of_prefix_domain(const char *user_domain) { char *username = NULL; char **user_realm; user_realm = g_strsplit(user_domain, "\\", 2); if (user_realm[0] && user_realm[1]) { username = g_strdup(user_realm[1]); } else { username = g_strdup(user_domain); } g_strfreev(user_realm); return username; } /** * Free a ::tls_buffer_read buffer and all of its memory. */ void free_buffer_read(struct tls_buffer_read *datas) { g_free(datas->os_sysname); g_free(datas->os_release); g_free(datas->os_version); g_free(datas->buffer); g_free(datas->user_name); if (datas->groups != NULL) { g_slist_free(datas->groups); } g_free(datas); } /** * Check Protocol version agains supported one * * \param type An ::proto_type_t used to select if we need to check against nufw or client supported protocols * \param version A integer coding protocol version to test * \return a ::nu_error_t */ nu_error_t check_protocol_version(enum proto_type_t type, int version) { switch (type) { case NUFW_PROTO: switch (version) { case PROTO_VERSION_NUFW_V20: return NU_EXIT_OK; case PROTO_VERSION_NUFW_V22: log_message(CRITICAL, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "nufw server runs pre 2.2.2 protocol: please upgrade"); return NU_EXIT_ERROR; case PROTO_VERSION_NUFW_V22_2: return NU_EXIT_OK; default: log_message(CRITICAL, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "NUFW protocol is unknown"); return NU_EXIT_ERROR; } break; case CLIENT_PROTO: switch (version) { case PROTO_VERSION_V20: return NU_EXIT_OK; case PROTO_VERSION_V22: case PROTO_VERSION_V22_1: case PROTO_VERSION_V24: return NU_EXIT_OK; default: log_message(CRITICAL, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "Client protocol is unknown"); return NU_EXIT_ERROR; } break; default: return NU_EXIT_ERROR; } return NU_EXIT_ERROR; } /** * Convert an integer to a string. * Return NULL on error, new allocated string otherwise. */ char* int_to_str(int value) { return g_strdup_printf("%i", value); } /** * Wrapper to g_thread_pool_push(): block on server reload. */ void thread_pool_push(GThreadPool *pool, gpointer data, GError **error) { block_on_conf_reload(); g_thread_pool_push(pool, data, error); } int nuauth_bind(char **errmsg, const char *addr, const char *port, char *context) { struct addrinfo *res; struct addrinfo hints; int ecode; int sck_inet; gint option_value; int result; memset(&hints, 0, sizeof hints); hints.ai_flags = AI_PASSIVE; hints.ai_socktype = SOCK_STREAM; hints.ai_family = PF_UNSPEC; ecode = getaddrinfo(addr, port, &hints, &res); if (ecode != 0) { *errmsg = g_strdup_printf ("Invalid %s listening address %s:%s, error: %s", context, addr, port, gai_strerror(ecode)); return -1; } /* open the socket */ if (res->ai_family == PF_INET) log_message(DEBUG, DEBUG_AREA_USER | DEBUG_AREA_MAIN, "Creating server IPv4 socket (%s:%s)", addr, port); else if (res->ai_family == PF_INET6) log_message(DEBUG, DEBUG_AREA_USER | DEBUG_AREA_MAIN, "Creating server IPv6 socket ([%s]:%s)", addr, port); else log_message(DEBUG, DEBUG_AREA_USER | DEBUG_AREA_MAIN, "Creating server (any) socket"); sck_inet = socket(res->ai_family, res->ai_socktype, res->ai_protocol); if (sck_inet == -1) { *errmsg = g_strdup("Socket creation failed."); return -1; } /* set socket reuse and keep alive option */ option_value = 1; setsockopt(sck_inet, SOL_SOCKET, SO_REUSEADDR, &option_value, sizeof(option_value)); setsockopt(sck_inet, SOL_SOCKET, SO_KEEPALIVE, &option_value, sizeof(option_value)); if (res->ai_family == PF_INET6) { setsockopt(sck_inet, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&option_value, sizeof (option_value)); } /* bind */ result = bind(sck_inet, res->ai_addr, res->ai_addrlen); if (result < 0) { *errmsg = g_strdup_printf("Unable to bind %s socket %s:%s.", context, addr, port); close(sck_inet); return -1; } freeaddrinfo(res); return sck_inet; } int nuauth_bind_unix(char **errmsg, const char *unix_path) { struct sockaddr_un s_addr; int sck_unix; socklen_t len; log_message(DEBUG, DEBUG_AREA_USER | DEBUG_AREA_MAIN, "Creating server (unix socket) on %s", unix_path); sck_unix = socket(AF_UNIX, SOCK_STREAM, 0); if (sck_unix == -1) { *errmsg = g_strdup("Socket creation failed."); return -1; } s_addr.sun_family = AF_UNIX; strncpy(s_addr.sun_path, unix_path, UNIX_MAX_PATH-1); /* ignore errors, socket may not exist */ unlink(s_addr.sun_path); len = strlen(s_addr.sun_path) + sizeof(s_addr.sun_family); if (bind(sck_unix, (struct sockaddr *)&s_addr, len) == -1) { *errmsg = g_strdup_printf("Unable to bind socket to %s.", unix_path); close(sck_unix); return -1; } return sck_unix; } /** * Parse "[ipv6]:port", "[ipv6]", "ipv4:port" or "ipv4" string */ int parse_addr_port( const char *text, const char* default_port, char **addr, char **port) { char *pos; if (text[0] == '[') { pos = strchr(text+1, ']'); } else { pos = NULL; } if (pos) { size_t len = pos - text - 1; if (*(pos+1) && *(pos+1) != ':') { /* eg. "[ipv6]port", invalid syntax */ return 0; } if (*(pos+1) == ':') { if (!strlen(pos+2)) { /* eg. "[ipv6]:", missing port */ return 0; } *port = g_strdup(pos+2); } else { *port = g_strdup(default_port); } *addr = g_strndup(text+1, len); } else { char **context_datas = g_strsplit(text, ":", 2); if (!context_datas[0]) { g_strfreev(context_datas); return 0; } *addr = g_strdup(context_datas[0]); if (context_datas[1]) { *port = g_strdup(context_datas[1]); } else { *port = g_strdup(default_port); } g_strfreev(context_datas); } return 1; } /** @} */ nufw-2.4.3/src/nuauth/connections.h0000644000175000017500000001464311431206275014217 00000000000000/* ** Copyright(C) 2005,2006,2007 Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef CONNECTIONS_H #define CONNECTIONS_H #include "packet_parser.h" /* tracking_t structure and packet parsing functions */ /** * \addtogroup NuauthCore * @{ */ /** * State of a connection (type ::connection_t) in the authentication server. * See field state of a structure ::connection_t and function * change_state(). */ typedef enum { AUTH_STATE_NONE = 0, /*!< Unknow state (when a connection is created) */ AUTH_STATE_AUTHREQ = 1, /*!< Waiting for authentication */ AUTH_STATE_USERPCKT, /*!< Connection received from an user: see user_request() */ AUTH_STATE_READY, /*!< (see search_and_fill_completing()) */ /** * State used when a connection is send to acl_checkers queue: read ACLs * from cache or external source. See acl_check_and_decide(). */ AUTH_STATE_COMPLETING, AUTH_STATE_DONE, /*!< This state is set when the connection will be only used for logging purpose */ AUTH_STATE_HELLOMODE, /*!< This connection is treated by the HELLO authentication mode */ AUTH_STATE_SPOOFING, /*!< This connection is a spoofed one */ } auth_state_t; typedef enum { ACL_FLAGS_NONE = 0, /* This ACL wants asynchronous logging */ ACL_FLAGS_ASYNC_BIT = 0, ACL_FLAGS_ASYNC = (1 << ACL_FLAGS_ASYNC_BIT), /* This ACL don't want to log */ ACL_FLAGS_NOLOG_BIT = 1, ACL_FLAGS_NOLOG = (1 << ACL_FLAGS_NOLOG_BIT), /* This ACL wants synchronous logging */ ACL_FLAGS_SYNC_BIT = 2, ACL_FLAGS_SYNC = (1 << ACL_FLAGS_SYNC_BIT), /* This ACL wants strict logging */ ACL_FLAGS_STRICT_BIT = 3, ACL_FLAGS_STRICT = (1 << ACL_FLAGS_STRICT_BIT), } acl_flags_t; #define IPHDR_REJECT_LENGTH 20 #define IP6HDR_REJECT_LENGTH 40 /** * this is IPHDR_REJECT_LENGTH / 4 */ #define IPHDR_REJECT_LENGTH_BWORD 5 typedef enum { AUTHQ_NONE, AUTHQ_BYIP, AUTHQ_HELLO, AUTHQ_SASL, AUTHQ_SSL, AUTHQ_SSLHARD, AUTHQ_MAX = AUTHQ_SSLHARD, } auth_quality_t; /** * Used to store the acl that apply for a packet */ struct acl_group { GSList *users; /*!< List of users ID on which the acl apply */ GSList *groups; /*!< List of users groups on which the acl apply */ decision_t answer; /*!< Answer relative to the acl */ gchar *period; /*!< Period linked to the acl */ gchar *log_prefix; /*!< Log prefix used for the acl */ gint flags; /*!< flags used to set some acl properties */ gint auth_quality; /*!< Minimum authentication quality required for a match */ }; typedef struct { char indev[IFNAMSIZ]; /*!< Input device set to "\0" if not available */ char physindev[IFNAMSIZ]; /*!< Input physical device set to "\0" if not available */ char outdev[IFNAMSIZ]; /*!< Output device set to "\0" if not available */ char physoutdev[IFNAMSIZ]; /*!< Output physical device set to "\0" if not available */ } iface_nfo_t; typedef struct { tracking_t header; iface_nfo_t iface_nfo; } auth_pckt_t; /** * \brief Size of payload we keep for parsing (must be > headers) */ #define STORED_PAYLOAD_SIZE 128 /** * This is a packet blocked by NuFW and waiting for an authentication * of NuAuth. They are created in authpckt_new_connection(). * * It contains all datas relative to a packet */ typedef struct { GSList *packet_id; /*!< Netfilter unique identifier */ time_t timestamp; /*!< Packet arrival time (seconds) */ int socket; /*!< Socket (file descriptor) from which NuFW request is coming */ nufw_session_t *tls; /*!< TLS connection to NuFW from which comes the packet */ tracking_t tracking; /*!< IPv4 connection tracking (headers) */ iface_nfo_t iface_nfo; /*!< Information about network interfaces */ uint32_t user_id; /*!< User identifier (32-bit) */ uint32_t mark; /*!< Number used for marking set to user numeric identity at start */ char *username; /*!< User name */ /** * ACL related groups. * * Contains the list of acl corresponding to the IPv4 header */ GSList *acl_groups; /*!< ACL group list (of type ::acl_group) */ GSList *user_groups; /*!< User groups */ struct user_cached_datas *cacheduserdatas; /* Pointer to cache */ gchar *os_sysname; /*!< Operating system name */ gchar *os_release; /*!< Operating system release */ gchar *os_version; /*!< Operating system version */ gchar *app_name; /*!< Application name (full path) */ gchar *app_sig; /*!< Application hash (SHA1 to SHA512) */ auth_state_t state; /*!< State of the packet */ decision_t decision; /*!< Decision on packet. */ gchar *log_prefix; /*!< Log prefix. */ gint flags; /*!< Flags used to store some properties */ time_t expire; /*!< Expire time (never: -1) */ int nufw_version; /*!< Store the version of the nufw server which has sent the request */ int proto_version; /*!< Store protocol version of the client which has sent the packet */ int auth_quality; #ifdef PERF_DISPLAY_ENABLE struct timeval arrival_time; /*!< Performance datas */ #endif unsigned char payload[STORED_PAYLOAD_SIZE]; unsigned int payload_len; } connection_t; guint hash_connection(gconstpointer conn_p); /** hash table containing the connections. */ GHashTable *conn_list; /** global lock for the conn list. */ GStaticMutex insert_mutex; void duplicate_iface_nfo(iface_nfo_t * copy, iface_nfo_t * orig); nu_error_t compare_iface_nfo_t(iface_nfo_t *a, iface_nfo_t *b); gboolean get_old_conn(gpointer key, gpointer value, gpointer user_data); int conn_cl_remove(gconstpointer conn); int conn_cl_delete(gconstpointer conn); nu_error_t print_tracking_t(tracking_t *tracking); gint print_connection(gpointer data, gpointer userdata); gint print_connection_wid(gpointer data, gpointer userdata, gboolean pid, uint32_t pckt_id); void free_connection_list(GSList * list); connection_t *duplicate_connection(connection_t * element); void free_connection(connection_t * conn); int lock_and_free_connection(connection_t * conn); void clean_connections_list(); /** @} */ #endif nufw-2.4.3/src/nuauth/tls_user.c0000644000175000017500000007071011431206275013525 00000000000000/* ** Copyright(C) 2004-2009 INL ** Written by Eric Leblond ** Vincent Deffontaines ** Pierre Chifflier ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ** */ #include "auth_srv.h" #include "tls.h" #include #include "nuauthconf.h" /** * \ingroup TLS * \defgroup TLSUser TLS User server * @{ */ /** * \brief Handle phase after authentication and till client is active. Defined in tls_sasl.c * * It also handle preclient list to be able to disconnect user if authentication take too long. */ extern struct nuauth_tls_t nuauth_tls; /** * List of new clients which are in authentication state. This list is * feeded by tls_user_accept(), and read by pre_client_check() and * remove_socket_from_pre_client_list(). * * Lock ::pre_client_list_mutex when you access to this list. */ GSList *pre_client_list; /** * Mutex used to access ::pre_client_list. */ GStaticMutex pre_client_list_mutex; struct pre_client_elt { int socket; time_t validity; }; /** * Drop a client from the ::pre_client_list. */ gboolean remove_socket_from_pre_client_list(int socket) { GSList *client_runner = NULL; g_static_mutex_lock(&pre_client_list_mutex); for (client_runner = pre_client_list; client_runner; client_runner = client_runner->next) { /* if entry older than delay then close socket */ if (client_runner->data) { if (((struct pre_client_elt *) (client_runner-> data))->socket == socket) { g_free(client_runner->data); client_runner->data = NULL; pre_client_list = g_slist_remove_all(pre_client_list, NULL); g_static_mutex_unlock (&pre_client_list_mutex); return TRUE; } } } g_static_mutex_unlock(&pre_client_list_mutex); return FALSE; } /** * Check pre client list to disconnect connections * that have been open for too long */ void* pre_client_check(GMutex *mutex) { GSList *client_runner = NULL; time_t current_timestamp; while (g_mutex_trylock(mutex)) { g_mutex_unlock(mutex); current_timestamp = time(NULL); /* lock client list */ g_static_mutex_lock(&pre_client_list_mutex); /* iter on pre_client_list */ for (client_runner = pre_client_list; client_runner; client_runner = client_runner->next) { /* if entry older than delay then close socket */ if (client_runner->data) { if (((struct pre_client_elt *) (client_runner->data))->validity < current_timestamp) { log_message(INFO, DEBUG_AREA_USER, "closing socket %d due to timeout", ((struct pre_client_elt *) (client_runner-> data))->socket); shutdown(((struct pre_client_elt *) (client_runner-> data))->socket, SHUT_RDWR); close(((struct pre_client_elt *) (client_runner->data))-> socket); g_free(client_runner->data); client_runner->data = NULL; } } } pre_client_list = g_slist_remove_all(pre_client_list, NULL); /* unlock client list */ g_static_mutex_unlock(&pre_client_list_mutex); /* sleep */ sleep(1); } return NULL; } /** * get RX paquet from a TLS client connection and send it to user * authentication threads. * * \param c_session SSL RX packet * \param c_data pointer that will point to the parsed data * \return a nu_error_t::, NU_EXIT_CONTINUE if read done, NU_EXIT_OK if read complete, NU_EXIT_ERROR on error */ nu_error_t treat_user_request(user_session_t * c_session, struct tls_buffer_read **c_data) { int header_length; struct nu_header *header; struct tls_buffer_read *data; if (c_session == NULL) return NU_EXIT_ERROR; data = g_new0(struct tls_buffer_read, 1); if (data == NULL) return NU_EXIT_ERROR; data->socket = 0; data->ip_addr = c_session->addr; data->proto_version = c_session->proto_version; data->auth_quality = c_session->auth_quality; /* copy packet data */ data->buffer = g_new0(char, CLASSIC_NUFW_PACKET_SIZE); if (data->buffer == NULL) { g_free(data); return NU_EXIT_ERROR; } g_mutex_lock(c_session->tls_lock); data->buffer_len = nussl_read(c_session->nussl, data->buffer, CLASSIC_NUFW_PACKET_SIZE); g_mutex_unlock(c_session->tls_lock); if (data->buffer_len < (int) sizeof(struct nu_header)) { #ifdef DEBUG_ENABLE if (data->buffer_len <= 0) log_message(DEBUG, DEBUG_AREA_USER, "Received error from user %s (%s)", c_session->user_name, nussl_get_error(c_session->nussl)); #endif free_buffer_read(data); return NU_EXIT_OK; } /* get header to check if we need to get more data */ header = (struct nu_header *) data->buffer; header_length = ntohs(header->length); /* is it an "USER HELLO" message ? */ if (header->proto == PROTO_VERSION && header->msg_type == USER_HELLO) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "tls user: HELLO from user \"%s\"", c_session->user_name); free_buffer_read(data); return NU_EXIT_CONTINUE; } /* if message content is bigger than CLASSIC_NUFW_PACKET_SIZE, */ /* continue to read the content */ if (header->proto == PROTO_VERSION && header_length > data->buffer_len && header_length < MAX_NUFW_PACKET_SIZE) { int tmp_len; /* we realloc and get what we miss */ data->buffer = g_realloc(data->buffer, header_length); header = (struct nu_header *) data->buffer; g_mutex_lock(c_session->tls_lock); tmp_len = nussl_read(c_session->nussl, data->buffer + CLASSIC_NUFW_PACKET_SIZE, header_length - data->buffer_len); g_mutex_unlock(c_session->tls_lock); if (tmp_len <= 0) { free_buffer_read(data); return NU_EXIT_ERROR; } data->buffer_len += tmp_len; } /* check message type because USER_HELLO has to be ignored */ if (header->msg_type == USER_HELLO) { free_buffer_read(data); return NU_EXIT_CONTINUE; } /* looks like a regular auth attempt, update last_request */ c_session->last_request = time(NULL); /* check authorization if we're facing a multi user packet */ if (header->option == 0x0) { /* this is an authorized packet we fill the buffer_read structure */ data->user_name = g_strdup(c_session->user_name); data->user_id = c_session->user_id; data->groups = g_slist_copy(c_session->groups); if (c_session->sysname) { data->os_sysname = g_strdup(c_session->sysname); if (data->os_sysname == NULL) { free_buffer_read(data); return NU_EXIT_ERROR; } } if (c_session->release) { data->os_release = g_strdup(c_session->release); if (data->os_release == NULL) { free_buffer_read(data); return NU_EXIT_ERROR; } } if (c_session->version) { data->os_version = g_strdup(c_session->version); if (data->os_version == NULL) { free_buffer_read(data); return NU_EXIT_ERROR; } } } else { log_message(INFO, DEBUG_AREA_USER, "Bad packet, option of header is not set or unauthorized option from user \"%s\".", c_session->user_name); free_buffer_read(data); return NU_EXIT_OK; } *c_data = data; return NU_EXIT_CONTINUE; } /** * Function called by client sasl thread, to complete TLS handshake * - Call nussl_session_handshake() * - Check client certificate * * \return If an error occurs returns 1, else returns 0. */ int tls_user_do_handshake(struct client_connection *current_client_conn, struct tls_user_context_t *context) { int ret; char cipher[256]; /* do not verify FQDN field from client */ nussl_set_session_flag(current_client_conn->nussl, NUSSL_SESSFLAG_IGNORE_ID_MISMATCH, 1 ); // XXX default value is 30s, should be a configuration value nussl_set_connect_timeout(current_client_conn->nussl, 30); ret = nussl_session_handshake(current_client_conn->nussl,context->nussl); if ( ret ) { log_message(WARNING, DEBUG_AREA_MAIN | DEBUG_AREA_USER, "New client connection from %s failed during nussl_session_handshake(): %s", current_client_conn->str_addr, nussl_get_error(context->nussl)); return 1; } nussl_session_get_cipher(current_client_conn->nussl, cipher, sizeof(cipher)); log_message(INFO, DEBUG_AREA_MAIN | DEBUG_AREA_USER, "TLS handshake with client %s succeeded, cipher is %s", current_client_conn->str_addr, cipher); /* Check certificate hook */ ret = modules_check_certificate(current_client_conn->nussl); if ( ret ) { log_message(WARNING, DEBUG_AREA_MAIN | DEBUG_AREA_USER, "New client connection from %s failed during modules_check_certificate()", current_client_conn->str_addr); return 1; } return 0; } /** * Function called on new client connection: * - Call accept() * - Drop client if there are to much clients or if NuAuth is in reload * - Create a client_connection structure * - Add client to ::pre_client_list * - Add client to ::tls_sasl_worker queue (see sasl_worker()) * * \return If an error occurs returns 1, else returns 0. */ int tls_user_accept(struct tls_user_context_t *context) { struct sockaddr_storage sockaddr; struct sockaddr_in *sockaddr4 = (struct sockaddr_in *) &sockaddr; struct sockaddr_in6 *sockaddr6 = (struct sockaddr_in6 *) &sockaddr; struct in6_addr addr; unsigned int len_inet = sizeof sockaddr; struct client_connection *current_client_conn; struct pre_client_elt *new_pre_client; int socket; gint option_value; unsigned short sport; char address[INET6_ADDRSTRLEN]; current_client_conn = g_new0(struct client_connection, 1); current_client_conn->nussl = nussl_session_accept(context->nussl); if ( ! current_client_conn->nussl ) { log_message(WARNING, DEBUG_AREA_MAIN | DEBUG_AREA_USER, "New client connection failed during nussl_session_accept(): %s", nussl_get_error(context->nussl)); g_free(current_client_conn); return 1; } if (nussl_session_getpeer(current_client_conn->nussl, (struct sockaddr *) &sockaddr, &len_inet) != NUSSL_OK) { log_message(WARNING, DEBUG_AREA_MAIN | DEBUG_AREA_USER, "New client connection failed during nussl_session_getpeer(): %s", nussl_get_error(context->nussl)); g_free(current_client_conn); return 1; } socket = nussl_session_get_fd(current_client_conn->nussl); /* if system is in reload: drop new client */ if (nuauthdatas->need_reload) { shutdown(socket, SHUT_RDWR); close(socket); return 0; } /* Extract client address (convert it to IPv6 if it's IPv4) */ /* if (sockaddr.ss_family == AF_INET) { -> same as tls_nufw.c */ if (sockaddr6->sin6_family == AF_INET) { ipv4_to_ipv6(sockaddr4->sin_addr, &addr); sport = ntohs(sockaddr4->sin_port); } else { addr = sockaddr6->sin6_addr; sport = ntohs(sockaddr6->sin6_port); } format_ipv6(&addr, address, sizeof(address), NULL); log_message(DEBUG, DEBUG_AREA_MAIN | DEBUG_AREA_USER, "nuauth: user connection attempt from %s\n", address); if (get_number_of_clients() >= context->nuauth_tls_max_clients) { log_message(WARNING, DEBUG_AREA_MAIN | DEBUG_AREA_USER, "too many clients (%d configured)", context->nuauth_tls_max_clients); shutdown(socket, SHUT_RDWR); close(socket); return 1; } current_client_conn->socket = socket; current_client_conn->addr = addr; current_client_conn->sport = sport; current_client_conn->str_addr = g_strdup(address); current_client_conn->srv_context = context; /* Set KEEP ALIVE on connection */ option_value = 1; setsockopt(socket, SOL_SOCKET, SO_KEEPALIVE, &option_value, sizeof(option_value)); /* give the connection to a separate thread */ /* add element to pre_client create pre_client_elt */ new_pre_client = g_new0(struct pre_client_elt, 1); new_pre_client->socket = socket; new_pre_client->validity = time(NULL) + context->nuauth_auth_nego_timeout; g_static_mutex_lock(&pre_client_list_mutex); pre_client_list = g_slist_prepend(pre_client_list, new_pre_client); g_static_mutex_unlock(&pre_client_list_mutex); thread_pool_push(nuauthdatas->tls_sasl_worker, current_client_conn, NULL); return 0; } /** * Process client events: * - Delete client if its session expired: delete_client_by_socket() * - Call treat_user_request(). If it gets EOF, delete the client: * send #FREE_MESSAGE to tls_push_queue (see push_worker()) if using * PUSH mode (::nuauthconf->push), or call delete_client_by_socket(). */ void tls_user_check_activity(struct tls_user_context_t *context, int socket) { user_session_t *c_session; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "user activity on socket %d", socket); /* we lock here but can do other thing on hash as it is not destructive * in push mode modification of hash are done in push_worker */ c_session = get_client_datas_by_socket(socket); if (c_session == NULL) { log_message(INFO, DEBUG_AREA_MAIN | DEBUG_AREA_USER, "User session can not be found"); return; } if (nuauthconf->session_duration && c_session->expire < time(NULL)) { delete_client_by_socket(socket); return; } debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_MAIN | DEBUG_AREA_USER, "Pushing packet to user_checker"); thread_pool_push(nuauthdatas->user_checkers, c_session, NULL); } /** * Fix this->mx value if needed (after changing this->tls_rx_set) * * This function has to be called when mutex is locked. */ void tls_user_update_mx(struct tls_user_context_t *this) { int i; for (i = this->mx - 1; i >= 0 && !FD_ISSET(i, &this->tls_rx_set); i = this->mx - 1) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "setting mx to %d", i); this->mx = i; } } /** * Remove a client from rx set * * This function has to be called when mutex is locked. */ void tls_user_remove_client(int sock) { struct tls_user_context_t *this; GSList *thread_p = nuauthdatas->tls_auth_servers; while (thread_p) { this = ((struct nuauth_thread_t *)thread_p->data)->data; /* search sock among existing select */ FD_CLR(sock, &this->tls_rx_set); tls_user_update_mx(this); thread_p = thread_p->next; } } /** * Wait for new client connection or client event using ::mx_queue * and select(). * * It calls tls_user_accept() on new client connection, and * tls_user_check_activity() on user event. */ void tls_user_main_loop(struct tls_user_context_t *context, GMutex * mutex) { gpointer c_pop; int i, nb_active_clients; fd_set wk_set; /* working set */ struct timeval tv; disconnect_user_msg_t *disconnect_msg; /* create unix pipe */ if (pipe(user_pipefd) == -1) { log_message(CRITICAL, DEBUG_AREA_MAIN, "[+] Unable to open user pipe."); nuauth_ask_exit(); } if (fcntl(user_pipefd[0], F_SETFL, (fcntl(user_pipefd[0], F_GETFL)|O_NONBLOCK))) { log_message(CRITICAL, DEBUG_AREA_MAIN, "[+] Unable to set pipe to non-blocking."); nuauth_ask_exit(); } FD_SET(user_pipefd[0], &context->tls_rx_set); log_message(INFO, DEBUG_AREA_USER, "[+] NuAuth is waiting for client connections."); while (g_mutex_trylock(mutex)) { g_mutex_unlock(mutex); /* * Try to get new file descriptor to update set. Messages come from * tls_sasl_connect_ok() and are send when a new user is connected. */ c_pop = g_async_queue_try_pop(mx_queue); while (c_pop) { int socket = GPOINTER_TO_INT(c_pop); debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "checking mx against %d", socket); if (socket + 1 > context->mx) context->mx = socket + 1; /* * change FD_SET */ FD_SET(socket, &context->tls_rx_set); activate_client_by_socket(socket); c_pop = g_async_queue_try_pop(mx_queue); } /* * execute client destruction task */ while ((disconnect_msg = g_async_queue_try_pop(context->cmd_queue)) != NULL){ if (disconnect_msg->socket == -1) { disconnect_msg->result = kill_all_clients(); } else { disconnect_msg->result = delete_client_by_socket(disconnect_msg->socket); } g_mutex_unlock(disconnect_msg->mutex); } /* wait new events during 1 second */ FD_ZERO(&wk_set); for (i = 0; i < context->mx; ++i) { if (FD_ISSET(i, &context->tls_rx_set)) FD_SET(i, &wk_set); if (i == user_pipefd[0]) { FD_SET(i, &wk_set); } } tv.tv_sec = 0; tv.tv_usec = 250000; nb_active_clients = select(context->mx, &wk_set, NULL, NULL, &tv); /* catch select() error */ if (nb_active_clients == -1) { /* Signal was catched: just ignore it */ if (errno == EINTR) { log_message(CRITICAL, DEBUG_AREA_USER, "Warning: tls user select() failed: signal was catched."); continue; } if (errno == EBADF) { /* A client disconnects between FD_SET and select. * Will try to find it */ for (i=0; imx; ++i){ struct stat s; if (FD_ISSET(i, &context->tls_rx_set)){ if (fstat(i, &s)<0) { log_message(CRITICAL, DEBUG_AREA_USER, "Warning: %d is a bad file descriptor.", i); FD_CLR(i, &context->tls_rx_set); } } } continue; } log_message(FATAL, DEBUG_AREA_MAIN | DEBUG_AREA_USER, "select() %s:%d failure: %s", __FILE__, __LINE__, g_strerror(errno)); nuauth_ask_exit(); break; } else if (nb_active_clients > 0) { /* * Check if a connect has occured */ if (FD_ISSET(context->sck_inet, &wk_set)) { if (tls_user_accept(context) != 0) continue; } if (FD_ISSET(user_pipefd[0], &wk_set)) { int32_t gb_socket; while (read(user_pipefd[0], &gb_socket, sizeof(gb_socket)) >0) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "FD %d return to working set", gb_socket); FD_SET(gb_socket, &context->tls_rx_set); } if (gb_socket + 1 > context->mx) context->mx = gb_socket + 1; continue; } /* * check for client activity */ for (i = 0; i < context->mx; ++i) { if (i == context->sck_inet) continue; if (FD_ISSET(i, &wk_set)) { tls_user_check_activity(context, i); /* remove socket from wk_set it will be added * back by user checker. */ FD_CLR(i, &context->tls_rx_set); } } } tls_user_update_mx(context); } close(context->sck_inet); } void tls_user_servers_init() { /* init sasl stuff */ my_sasl_init(); init_client_struct(); /* pre client list */ pre_client_list = NULL; thread_new(&nuauthdatas->pre_client_thread, "pre client thread", pre_client_check); /* create tls sasl worker thread pool */ nuauthdatas->tls_sasl_worker = g_thread_pool_new((GFunc) tls_sasl_connect, NULL, nuauthconf->nb_auth_checkers, FALSE, NULL); } /** * Set request_cert and auth_by_cert params depending on the configuration */ int tls_user_setcert_auth_params(int requestcert, int authcert) { int disable_request_warning; disable_request_warning = nuauth_config_table_get_or_default_int("nuauth_tls_disable_request_warning", FALSE); nuauth_tls.auth_by_cert = authcert; if (NUSSL_VALID_REQ_TYPE(requestcert)) { nuauth_tls.request_cert = requestcert; } else { log_message(INFO, DEBUG_AREA_AUTH | DEBUG_AREA_USER, "[%i] config: Invalid nuauth_tls_auth_by_cert value: %d", getpid(), authcert); return 0; } if ((nuauth_tls.auth_by_cert == MANDATORY_AUTH_BY_CERT) && (nuauth_tls.request_cert != NUSSL_CERT_REQUIRE)) { log_message(INFO, DEBUG_AREA_AUTH | DEBUG_AREA_USER, "Mandatory certificate authentication asked, asking certificate"); nuauth_tls.request_cert = NUSSL_CERT_REQUIRE; } /* always ask for certificates - but don't error if none were sent */ if (nuauth_tls.request_cert == 0) nuauth_tls.request_cert = 1; log_message(INFO, DEBUG_AREA_AUTH | DEBUG_AREA_USER,"request_cert = %i", nuauth_tls.request_cert); log_message(INFO, DEBUG_AREA_AUTH | DEBUG_AREA_USER,"auth_by_cert = %i", nuauth_tls.auth_by_cert); if (!disable_request_warning) { if (nuauth_tls.request_cert != 2) { g_warning ("[%i] nuauth: client certificates are not required\n" "nuauth will *NOT* check client certificates.\n" "Set nuauth_tls_request_cert=2 to request certificates.\n", getpid()); } else { log_message(INFO, DEBUG_AREA_AUTH | DEBUG_AREA_USER, "Client certificates are required."); } } return 1; } /** * Create TLS user context. */ int tls_user_init(struct tls_user_context_t *context) { char *errmsg; int result; int ret; /*const unsigned int nb_params = sizeof(nuauth_tls_vars) / sizeof(confparams_t);*/ int int_authcert; int int_requestcert; char *dh_params_file; context->sck_inet = nuauth_bind(&errmsg, context->addr, context->port, "user"); if (context->sck_inet < 0) { log_message(FATAL, DEBUG_AREA_MAIN | DEBUG_AREA_USER, "FATAL ERROR: User bind error: %s", errmsg); log_message(FATAL, DEBUG_AREA_MAIN | DEBUG_AREA_USER, "Check that nuauth is not running twice. nuauth exiting!"); exit(EXIT_FAILURE); } context->cmd_queue = g_async_queue_new(); /* listen */ result = listen(context->sck_inet, 20); if (result == -1) { log_message(FATAL, DEBUG_AREA_MAIN, "user listen() failed, exiting"); exit(EXIT_FAILURE); } /* init fd_set */ FD_ZERO(&context->tls_rx_set); FD_SET(context->sck_inet, &context->tls_rx_set); context->mx = context->sck_inet + 1; mx_queue = g_async_queue_new(); /* Init ssl session */ /* TODO: make sure request_cert | auth_by_cert is for user and change to nufw if required */ context->nuauth_tls_max_clients = nuauth_config_table_get_or_default_int("nuauth_tls_max_clients", NUAUTH_TLS_MAX_CLIENTS); context->nuauth_auth_nego_timeout = nuauth_config_table_get_or_default_int("nuauth_auth_nego_timeout", NUAUTH_TLS_MAX_CLIENTS); /* ssl related conf */ int_requestcert = nuauth_config_table_get_or_default_int("nuauth_tls_request_cert", 2); int_authcert = nuauth_config_table_get_or_default_int("nuauth_tls_auth_by_cert", FALSE); dh_params_file = nuauth_config_table_get("nuauth_tls_dh_params"); if (!tls_user_setcert_auth_params(int_requestcert, int_authcert)) { log_message(FATAL, DEBUG_AREA_MAIN, "Invalid request_cert or auth_by_cert option"); exit(EXIT_FAILURE); } /* We add the crl file function check every second only if we have a crl */ if ( nuauth_tls.crl_file ) { cleanup_func_push(refresh_crl_file); } context->nussl = nussl_session_create_with_fd(context->sck_inet, nuauth_tls.request_cert); if (!context->nussl ) { log_message(FATAL, DEBUG_AREA_MAIN, "Cannot create session from fd!"); exit(EXIT_FAILURE); } ret = nussl_ssl_set_keypair(context->nussl, nuauth_tls.cert, nuauth_tls.key); if ( ret != NUSSL_OK ) { log_message(FATAL, DEBUG_AREA_MAIN, "Failed to load user key/certificate: %s", nussl_get_error(context->nussl)); exit(EXIT_FAILURE); } ret = nussl_ssl_trust_cert_file(context->nussl, nuauth_tls.ca); if ( ret != NUSSL_OK ) { log_message(FATAL, DEBUG_AREA_MAIN, "Failed to load user certificate authority: %s", nussl_get_error(context->nussl)); exit(EXIT_FAILURE); } if (nuauth_tls.capath) { ret = nussl_ssl_trust_dir(context->nussl, nuauth_tls.capath); if ( ret != NUSSL_OK ) { log_message(FATAL, DEBUG_AREA_MAIN, "Failed to load user certificate authority directory: %s", nussl_get_error(context->nussl)); exit(EXIT_FAILURE); } } if (nuauth_tls.crl_file) { ret = nussl_ssl_set_crl_file(context->nussl, nuauth_tls.crl_file, nuauth_tls.ca); if ( ret != NUSSL_OK ) { log_message(FATAL, DEBUG_AREA_MAIN, "Failed to load certificate revocation list (CRL): %s", nussl_get_error(context->nussl)); exit(EXIT_FAILURE); } } ret = NUSSL_ERROR; if (dh_params_file) { ret = nussl_session_set_dh_file(context->nussl, dh_params_file); } if (ret != NUSSL_OK && nussl_session_set_dh_bits(context->nussl, DH_BITS) != NUSSL_OK) { log_message(FATAL, DEBUG_AREA_MAIN, "Unable to initialize Diffie Hellman params."); exit(EXIT_FAILURE); } if (nuauth_tls.ciphers) { nussl_session_set_ciphers(context->nussl, nuauth_tls.ciphers); } return 1; } /** * Thread which process addresses on tls push queue (tls_push_queue member * of ::nuauthdatas) which need an authentication. * * Lock is only needed when modifications are done, because when this thread * work (push mode) it's the only one who can modify the hash. * * Use a switch: * - #WARN_MESSAGE: call warn_clients() (and may call ip_authentication_workers()) * - #INSERT_MESSAGE: call add_client() */ void *push_worker(GMutex * mutex) { struct msg_addr_set *global_msg = g_new0(struct msg_addr_set, 1); struct nu_srv_message *msg = g_new0(struct nu_srv_message, 1); struct internal_message *message; GTimeVal tv; msg->type = SRV_REQUIRED_PACKET; msg->option = 0; msg->length = htons(4); global_msg->msg = msg; g_async_queue_ref(nuauthdatas->tls_push_queue); /* wait for message */ while (g_mutex_trylock(mutex)) { g_mutex_unlock(mutex); /* wait a message during POP_DELAY */ g_get_current_time(&tv); g_time_val_add(&tv, POP_DELAY); message = g_async_queue_timed_pop(nuauthdatas->tls_push_queue, &tv); if (message == NULL) continue; switch (message->type) { case WARN_MESSAGE: global_msg->addr = (((auth_pckt_t *) message->datas)->header).saddr; global_msg->found = FALSE; /* search in client array */ warn_clients(global_msg, NULL, NULL); /* do we have found something */ if (!ipv6_equal(&global_msg->addr, &in6addr_any)) { if (global_msg->found == FALSE) { /* if we do ip authentication send request to pool */ if (nuauthconf-> do_ip_authentication) { thread_pool_push (nuauthdatas-> ip_authentication_workers, message->datas, NULL); } else { g_free(message->datas); } } else { /* free header */ g_free(message->datas); } } break; case INSERT_MESSAGE: { struct tls_insert_data *data = message->datas; if (data->data) { add_client(data->socket, data->data); } g_free(data); } break; default: g_message("lost"); } g_free(message); } g_free(msg); g_free(global_msg); g_async_queue_unref(nuauthdatas->tls_push_queue); return NULL; } /** * TLS user packet server. * Thread function serving user connection. * * \return NULL */ void *tls_user_authsrv(struct nuauth_thread_t *thread) { struct tls_user_context_t *context = thread->data; int ok = 0; ok = tls_user_init(context); if (ok) { tls_user_main_loop(context, thread->mutex); } else { nuauth_ask_exit(); } return NULL; } void tls_user_start_servers(GSList *servers) { char **user_servers; int i; nuauthdatas->tls_auth_servers = NULL; tls_user_servers_init(); /* get raw string from configuration */ user_servers = g_strsplit(nuauthconf->client_srv, " ", 0); for (i=0; user_servers[i]; i++) { /** \todo free context at program exit */ struct tls_user_context_t *context = g_new0(struct tls_user_context_t, 1); struct nuauth_thread_t *srv_thread = g_new0(struct nuauth_thread_t, 1); if (!parse_addr_port(user_servers[i], nuauthconf->userpckt_port, &context->addr, &context->port)) { log_message(FATAL, DEBUG_AREA_MAIN | DEBUG_AREA_GW, "Address parsing error at %s:%d (\"%s\")", __FILE__, __LINE__, user_servers[i]); nuauth_ask_exit(); } log_message(INFO, DEBUG_AREA_MAIN | DEBUG_AREA_USER, "Creating user socket %s:%s", context->addr, context->port); thread_new_wdata(srv_thread, "tls auth server", (gpointer) context, tls_user_authsrv); /* Append newly created server to list */ nuauthdatas->tls_auth_servers = g_slist_prepend(nuauthdatas->tls_auth_servers, srv_thread); } g_strfreev(user_servers); } /** * Refresh crl in the user contexts * */ void tls_crl_update_user_session(GSList *session) { GSList *listrunner = session; int ret; while ( listrunner ) { struct nuauth_thread_t *nuauth_thread = listrunner->data; struct tls_user_context_t *context = nuauth_thread->data; // Don't update the CRL when nufw is not yet connected if (context->nussl == NULL) { listrunner = g_slist_next(listrunner); continue; } ret = nussl_ssl_set_crl_file(context->nussl, nuauth_tls.crl_file, nuauth_tls.ca); if (ret != NUSSL_OK) { log_area_printf(DEBUG_AREA_GW, DEBUG_LEVEL_CRITICAL, "[%i] User TLS: CRL file reloading failed (%s)", getpid(), nussl_get_error(context->nussl)); } listrunner = g_slist_next(listrunner); } g_slist_free(listrunner); } /** * @} */ nufw-2.4.3/src/nuauth/client_mngr.c0000644000175000017500000003333311431206275014166 00000000000000/* ** Copyright(C) 2005-2009 INL ** Written by Eric Leblond ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ** */ #include #define USE_JHASH2 #include /** * \addtogroup NuauthCore * @{ */ /** \file client_mngr.c * \brief Manage client related structure * * Provide a set of functions that are used to interact with client related structure. * This aims to provide an abstraction to avoid change in other parts of the code. */ /** global lock for client hash. */ GMutex *client_mutex; /** Client structure */ GHashTable *client_conn_hash = NULL; GHashTable *client_ip_hash = NULL; typedef struct { GSList *sessions; int proto_version; struct timeval last_message; } ip_sessions_t; static uint32_t hash_ipv6(struct in6_addr *addr) { return jhash2(addr->s6_addr32, sizeof(*addr) / 4, 0); } /** * Log and free structure relative to a user_session_t * * Used as destroy function for #client_conn_hash */ void log_clean_session(user_session_t * c_session) { log_user_session(c_session, SESSION_CLOSE); clean_session(c_session); } void clean_session(user_session_t * c_session) { if (c_session->nussl) nussl_session_destroy(c_session->nussl); if (c_session->user_name) g_free(c_session->user_name); if (c_session->groups) g_slist_free(c_session->groups); if (c_session->sysname) g_free(c_session->sysname); if (c_session->release) g_free(c_session->release); if (c_session->version) g_free(c_session->version); if (c_session->client_name) g_free(c_session->client_name); if (c_session->client_version) g_free(c_session->client_version); g_mutex_free(c_session->tls_lock); g_free(c_session); } void init_client_struct() { client_mutex = g_mutex_new(); /* build client hash */ client_conn_hash = g_hash_table_new_full(NULL, NULL, NULL, (GDestroyNotify) log_clean_session); /* build client hash */ client_ip_hash = g_hash_table_new_full((GHashFunc)hash_ipv6, (GEqualFunc)ipv6_equal, (GDestroyNotify) g_free, (GDestroyNotify) g_free); } void add_client(int socket, gpointer datas) { user_session_t *c_session = (user_session_t *) datas; ip_sessions_t *ipsessions; gpointer key; g_mutex_lock(client_mutex); g_hash_table_insert(client_conn_hash, GINT_TO_POINTER(socket), datas); /* need to create entry in ip hash ? */ ipsessions = g_hash_table_lookup(client_ip_hash, &c_session->addr); if (ipsessions == NULL) { ipsessions = g_new0(ip_sessions_t, 1); ipsessions->proto_version = c_session->proto_version; ipsessions->sessions = NULL; key = g_memdup(&c_session->addr, sizeof(c_session->addr)); g_hash_table_replace(client_ip_hash, key, ipsessions); } /* let's assume backward compatibility, older client wins */ /* TODO: Add a configuration variable for this choice */ if (c_session->proto_version < ipsessions->proto_version) { char buffer[256]; format_ipv6(&c_session->addr, buffer, 256, NULL); ipsessions->proto_version = c_session->proto_version; log_message(WARNING, DEBUG_AREA_USER, "User %s on %s uses older version of client", c_session->user_name, buffer); } if (c_session->proto_version > ipsessions->proto_version) { char buffer[256]; format_ipv6(&c_session->addr, buffer, 256, NULL); log_message(WARNING, DEBUG_AREA_USER, "User %s on %s uses newer version of client", c_session->user_name, buffer); } ipsessions->sessions = g_slist_prepend(ipsessions->sessions, c_session); g_mutex_unlock(client_mutex); } static ip_sessions_t *delete_session_from_hash(ip_sessions_t *ipsessions, user_session_t *session, int destroy) { gpointer key; key = g_memdup(&session->addr, sizeof(session->addr)); ipsessions->sessions = g_slist_remove(ipsessions->sessions, session); if (ipsessions->sessions == NULL) { g_hash_table_remove(client_ip_hash, key); g_free(key); ipsessions = NULL; } if (destroy) { /* remove entry from hash */ key = GINT_TO_POINTER(session->socket); g_hash_table_remove(client_conn_hash, key); } return ipsessions; } static nu_error_t cleanup_session(user_session_t * session) { ip_sessions_t *ipsessions; /* destroy entry in IP hash */ ipsessions = g_hash_table_lookup(client_ip_hash, &session->addr); if (ipsessions) { delete_session_from_hash(ipsessions, session, 0); } else { log_message(CRITICAL, DEBUG_AREA_USER, "Could not find entry in ip hash"); return NU_EXIT_ERROR; } tls_user_remove_client(session->socket); return NU_EXIT_OK; } static nu_error_t delete_client_by_session(user_session_t * session) { nu_error_t ret; ret = cleanup_session(session); if (ret != NU_EXIT_OK) { return ret; } return NU_EXIT_OK; } nu_error_t delete_client_by_socket_ext(int socket, int use_lock) { gpointer key; user_session_t *session; nu_error_t ret; if (use_lock) { g_mutex_lock(client_mutex); } session = (user_session_t *) (g_hash_table_lookup(client_conn_hash, GINT_TO_POINTER(socket))); if (!session) { log_message(WARNING, DEBUG_AREA_USER, "Could not find user session in hash"); if (use_lock) g_mutex_unlock(client_mutex); return NU_EXIT_ERROR; } ret = cleanup_session(session); if (ret != NU_EXIT_OK) { if (use_lock) g_mutex_unlock(client_mutex); return ret; } if (shutdown(socket, SHUT_RDWR) != 0) { log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "Could not shutdown socket: %s", strerror(errno)); } if (close(socket) != 0) { log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "Could not close socket: %s", strerror(errno)); } key = GINT_TO_POINTER(session->socket); g_hash_table_remove(client_conn_hash, key); if (use_lock) { g_mutex_unlock(client_mutex); } return NU_EXIT_OK; } nu_error_t delete_client_by_socket(int socket) { return delete_client_by_socket_ext(socket, 1); } user_session_t *get_client_datas_by_socket(int socket) { void *ret; g_mutex_lock(client_mutex); ret = g_hash_table_lookup(client_conn_hash, GINT_TO_POINTER(socket)); g_mutex_unlock(client_mutex); return ret; } GSList *get_client_sockets_by_ip(struct in6_addr * ip) { ip_sessions_t *session; GSList *ret = NULL; g_mutex_lock(client_mutex); session = g_hash_table_lookup(client_ip_hash, ip); if (session) ret = session->sessions; g_mutex_unlock(client_mutex); return ret; } guint get_number_of_clients() { return g_hash_table_size(client_conn_hash); } static gboolean look_for_username_callback(gpointer key, gpointer value, gpointer user_data) { if (strcmp(((user_session_t *) value)->user_name, user_data) == 0) { return TRUE; } else { return FALSE; } } user_session_t *look_for_username(const gchar * username) { void *ret; g_mutex_lock(client_mutex); ret = g_hash_table_find(client_conn_hash, look_for_username_callback, (void *) username); g_mutex_unlock(client_mutex); return ret; } static gboolean count_username_callback(gpointer key, user_session_t *value, struct username_counter *count_user) { if (strcmp(value->user_name, count_user->name) == 0) { count_user->counter++; if (count_user->counter >= count_user->max) { return TRUE; } else { return FALSE; } } else { return FALSE; } } gboolean test_username_count_vs_max(const gchar * username, int maxcount) { struct username_counter *count_user; count_user = g_new0(struct username_counter, 1); count_user->name = username; count_user->max = maxcount; count_user->counter = 0; void *usersession; g_mutex_lock(client_mutex); usersession = g_hash_table_find(client_conn_hash, (GHRFunc)count_username_callback, count_user); g_mutex_unlock(client_mutex); g_free(count_user); if (usersession) { return FALSE; } else { return TRUE; } } /** * Property check */ gboolean check_property_clients(struct in6_addr *addr, user_session_check_t *scheck, int mode, gpointer data) { gboolean cst = FALSE; ip_sessions_t *ipsessions = NULL; GSList *ipsockets = NULL; g_mutex_lock(client_mutex); ipsessions = g_hash_table_lookup(client_ip_hash, addr); if (ipsessions) { for (ipsockets = ipsessions->sessions; ipsockets; ipsockets = ipsockets->next) { user_session_t *session = (user_session_t *)ipsockets->data; cst = scheck(session, data); if (mode) { if (cst == TRUE) { g_mutex_unlock(client_mutex); return TRUE; } } } g_mutex_unlock(client_mutex); return cst; } else { g_mutex_unlock(client_mutex); return FALSE; } g_mutex_unlock(client_mutex); return FALSE; } /** * Ask each client of global_msg address set to send their new connections * (connections in stage "SYN SENT"). * * \param global_msg Address set of clients * \return Returns 0 on error, 1 otherwise */ char warn_clients(struct msg_addr_set *global_msg, user_session_check_t *scheck, gpointer data) { ip_sessions_t *ipsessions = NULL; GSList *ipsockets = NULL; GSList *badsockets = NULL; struct timeval timestamp; struct timeval interval; #if DEBUG_ENABLE if (DEBUG_OR_NOT(DEBUG_LEVEL_VERBOSE_DEBUG, DEBUG_AREA_USER)) { char addr_ascii[INET6_ADDRSTRLEN]; format_ipv6(&global_msg->addr, addr_ascii, INET6_ADDRSTRLEN, NULL); g_message("Warn client(s) on IP %s", addr_ascii); } #endif g_mutex_lock(client_mutex); ipsessions = g_hash_table_lookup(client_ip_hash, &global_msg->addr); if (ipsessions) { global_msg->found = TRUE; if ((!(data || scheck)) && ipsessions->proto_version >= PROTO_VERSION_V22_1) { gettimeofday(×tamp, NULL); timeval_substract(&interval, ×tamp, &(ipsessions->last_message)); if (interval.tv_sec || ((unsigned)interval.tv_usec < nuauthconf->push_delay)) { g_mutex_unlock(client_mutex); return 1; } else { ipsessions->last_message.tv_sec = timestamp.tv_sec; ipsessions->last_message.tv_usec = timestamp.tv_usec; } } for (ipsockets = ipsessions->sessions; ipsockets; ipsockets = ipsockets->next) { user_session_t *session = (user_session_t *)ipsockets->data; int ret; if ((!scheck) || scheck(session, data)) { ret = nussl_write(session->nussl, (char*)global_msg->msg, ntohs(global_msg->msg->length)); if (ret < 0) { log_message(WARNING, DEBUG_AREA_USER, "Failed to send warning to client(s): %s", nussl_get_error(session->nussl)); badsockets = g_slist_prepend(badsockets, GINT_TO_POINTER(ipsockets->data)); } #if DEBUG_ENABLE else { log_message(VERBOSE_DEBUG, DEBUG_AREA_USER, "Message sent to client."); } #endif /* DEBUG_ENABLE */ } } if (badsockets) { for (; badsockets; badsockets = badsockets->next) { int sockno = GPOINTER_TO_INT(badsockets->data); nu_error_t ret = delete_client_by_socket_ext(sockno, 0); if (ret != NU_EXIT_OK) { log_message(WARNING, DEBUG_AREA_USER, "Fails to destroy socket in hash."); } } g_slist_free(badsockets); } g_mutex_unlock(client_mutex); return 1; } else { global_msg->found = FALSE; g_mutex_unlock(client_mutex); return 0; } } gboolean hash_delete_client(gpointer key, gpointer value, gpointer userdata) { ip_sessions_t *ipsessions = (ip_sessions_t *) value; if (ipsessions->sessions) { g_slist_free(ipsessions->sessions); } return TRUE; } void close_clients(int signal) { if (client_conn_hash != NULL) g_hash_table_destroy(client_conn_hash); if (client_ip_hash != NULL) { g_hash_table_foreach_remove(client_ip_hash, hash_delete_client, NULL); g_hash_table_destroy(client_ip_hash); } } gboolean is_expired_client(gpointer key, gpointer value, gpointer user_data) { if (! value) { return FALSE; } if (((user_session_t *) value)->expire == -1) { return FALSE; } if (((user_session_t *) value)->expire < *((time_t *) user_data)) { return TRUE; } else { return FALSE; } } void clean_client_session_bycallback(GHRFunc cb, gpointer data) { g_mutex_lock(client_mutex); g_hash_table_foreach_remove(client_conn_hash, cb, data); g_mutex_unlock(client_mutex); } void kill_expired_clients_session() { time_t current_time = time(NULL); clean_client_session_bycallback(is_expired_client, ¤t_time); } /** * Iterate on each client session using callback. */ void foreach_session(GHFunc callback, void *data) { g_mutex_lock(client_mutex); g_hash_table_foreach(client_conn_hash, callback, data); g_mutex_unlock(client_mutex); } gboolean kill_all_clients_cb(gpointer sock, user_session_t* session, gpointer data) { if (session->activated == FALSE) return FALSE; if (delete_client_by_session(session) == NU_EXIT_OK) return TRUE; else return FALSE; } /** * Delete all client sessions in hash tables * * \return NU_EXIT_ERROR if tables were empty, NU_EXIT_OK otherwise. */ nu_error_t kill_all_clients() { int count; g_mutex_lock(client_mutex); count = g_hash_table_foreach_remove(client_conn_hash, (GHRFunc)kill_all_clients_cb, NULL); g_mutex_unlock(client_mutex); if (count) return NU_EXIT_OK; else return NU_EXIT_ERROR; } nu_error_t activate_client_by_socket(int socket) { g_mutex_lock(client_mutex); user_session_t *session = (user_session_t *) (g_hash_table_lookup(client_conn_hash, GINT_TO_POINTER(socket))); if (session) { session->activated = TRUE; g_mutex_unlock(client_mutex); return NU_EXIT_OK; } g_mutex_unlock(client_mutex); return NU_EXIT_ERROR; } /** @} */ nufw-2.4.3/src/nuauth/nuthread.c0000644000175000017500000000712711431206275013501 00000000000000/* ** Copyright(C) 2007 INL ** Written by Victor Stinner ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "auth_srv.h" #include "nuthread.h" /** * Create one NuAuth thread: * - Create a new mutex (use in thread loop) * - Create the thread with glib. * * The mutex is used to stop a thread: to stop a thread, just lock its mutex. */ void thread_new(struct nuauth_thread_t *thread, const char* name, void *(*func) (GMutex *)) { thread->name = name; thread->mutex = g_mutex_new(); thread->thread = g_thread_create((GThreadFunc) func, thread->mutex, TRUE, NULL); if (thread->thread == NULL) { log_message(FATAL, DEBUG_AREA_MAIN, "FATAL ERROR: Unable to create thread %s!", name); exit(EXIT_FAILURE); } thread->valid = 1; } void thread_new_wdata(struct nuauth_thread_t *thread, const char* name, gpointer data, void *(*func) (struct nuauth_thread_t *)) { thread->name = name; thread->mutex = g_mutex_new(); thread->data = data; thread->thread = g_thread_create((GThreadFunc) func, thread , TRUE, NULL); if (thread->thread == NULL) { log_message(FATAL, DEBUG_AREA_MAIN, "FATAL ERROR: Unable to create thread %s!", name); exit(EXIT_FAILURE); } thread->valid = 1; } /** * Stop a thread: lock its mutex to ask it to leave. */ void thread_stop(struct nuauth_thread_t *thread) { if (!thread->valid) return; (void)g_mutex_trylock(thread->mutex); } void thread_list_stop(GSList *thread_list) { GSList *thread_p = thread_list; while (thread_p) { thread_stop((struct nuauth_thread_t *)thread_p->data); thread_p = thread_p->next; } return; } /** * Wait the end of thread using g_thread_join(). Avoid deadlock: if the * active thread is the thread to join, we just skip it. */ void thread_wait_end(struct nuauth_thread_t *thread) { GThread *self; if (!thread->valid) return; log_message(DEBUG, DEBUG_AREA_MAIN, "Wait end of thread '%s'", thread->name); self = g_thread_self(); if (self == thread->thread) { log_message(INFO, DEBUG_AREA_MAIN, "Information: Avoid deadlock: don't wait end of active thread!"); return; } g_thread_join(thread->thread); } void thread_list_wait_end(GSList *thread_list) { GSList *thread_p = thread_list; while (thread_p) { thread_wait_end((struct nuauth_thread_t *)thread_p->data); thread_p = thread_p->next; } return; } /** * Wait the end of thread using g_thread_join(). Avoid deadlock: if the * active thread is the thread to join, we just skip it. */ void thread_destroy(struct nuauth_thread_t *thread) { if (!thread->valid) return; /* make sure that the mutex is unlocked */ (void)g_mutex_trylock(thread->mutex); g_mutex_unlock(thread->mutex); /* destroy the mutex */ g_mutex_free(thread->mutex); thread->valid = 0; } void thread_list_destroy(GSList *thread_list) { GSList *thread_p = thread_list; while (thread_p) { thread_destroy((struct nuauth_thread_t *)thread_p->data); thread_p = thread_p->next; } return; } nufw-2.4.3/src/nuauth/conntrack.c0000644000175000017500000002103111431206275013637 00000000000000/* ** Copyright(C) 2005-2007 INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "auth_srv.h" /** \ingroup Nuauth * \defgroup NuauthConntrack Fixed timeout connections handling * @{ */ /** * \file nuauth/conntrack.c * \brief Conntrack handling (used for fixed timeout) */ /** Send conntrack message to nufw server * * \param lconn Pointer to a ::limited_connection which contains informations about the connection to modify * \param msgtype Action to take against connection * \return a ::nu_error_t */ nu_error_t send_conntrack_message(struct limited_connection * lconn, unsigned char msgtype) { nufw_session_t *session = NULL; int ret = 0; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_GW, "going to send conntrack message"); session = acquire_nufw_session_by_addr(&lconn->gwaddr); if (session) { switch (session->proto_version) { case PROTO_VERSION_NUFW_V22_2: { struct nuv4_conntrack_message_t message; /* send message */ message.protocol_version = PROTO_VERSION_NUFW_V22_2; message.msg_type = msgtype; if (lconn->expire != -1) { message.timeout = htonl(lconn->expire - time(NULL)); } else { debug_log_message(WARNING, DEBUG_AREA_PACKET, "not modifying fixed timeout"); message.timeout = 0; } message.ip_protocol = lconn->tracking.protocol; message.ip_src.s6_addr32[0] = lconn->tracking.saddr. s6_addr32[0]; message.ip_src.s6_addr32[1] = lconn->tracking.saddr. s6_addr32[1]; message.ip_src.s6_addr32[2] = lconn->tracking.saddr. s6_addr32[2]; message.ip_src.s6_addr32[3] = lconn->tracking.saddr. s6_addr32[3]; message.ip_dst.s6_addr32[0] = lconn->tracking.daddr. s6_addr32[0]; message.ip_dst.s6_addr32[1] = lconn->tracking.daddr. s6_addr32[1]; message.ip_dst.s6_addr32[2] = lconn->tracking.daddr. s6_addr32[2]; message.ip_dst.s6_addr32[3] = lconn->tracking.daddr. s6_addr32[3]; message.msg_length = htons(sizeof(message)); if ((message.ip_protocol == IPPROTO_ICMP) || (message.ip_protocol == IPPROTO_ICMPV6)) { message.src_port = lconn->tracking.type; message.dest_port = lconn->tracking.code; } else { message.src_port = htons(lconn->tracking. source); message.dest_port = htons(lconn->tracking. dest); } ret = nufw_session_send( session, (char *) &message, sizeof (message)); if (ret != NU_EXIT_OK) { declare_dead_nufw_session(session); return NU_EXIT_ERROR; } else { release_nufw_session(session); } } break; case PROTO_VERSION_NUFW_V20: { struct nuv3_conntrack_message_t message; /* send message */ message.protocol_version = PROTO_VERSION_NUFW_V20; message.msg_type = msgtype; if (lconn->expire != -1) { message.timeout = htonl(lconn->expire - time(NULL)); } else { debug_log_message(WARNING, DEBUG_AREA_PACKET, "not modifying fixed timeout"); message.timeout = 0; } message.ipv4_protocol = lconn->tracking.protocol; message.ipv4_src = lconn->tracking.saddr. s6_addr[3]; message.ipv4_dst = lconn->tracking.daddr. s6_addr[3]; if (message.ipv4_protocol == IPPROTO_ICMP) { message.src_port = lconn->tracking.type; message.dest_port = lconn->tracking.code; } else { message.src_port = htons(lconn->tracking. source); message.dest_port = htons(lconn->tracking. dest); } ret = nufw_session_send( session, (char *) &message, sizeof (message)); if (ret != NU_EXIT_OK) { declare_dead_nufw_session(session); return NU_EXIT_ERROR; } else { release_nufw_session(session); } } break; default: log_message(WARNING, DEBUG_AREA_GW, "Invalid protocol %d", session->proto_version); release_nufw_session(session); return NU_EXIT_ERROR; } } else { log_message(WARNING, DEBUG_AREA_GW, "correct session not found among nufw servers"); return NU_EXIT_ERROR; } return NU_EXIT_OK; } void send_destroy_message_and_free(gpointer user_data) { struct limited_connection *data = (struct limited_connection *) user_data; debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "connection will be destroyed"); /* look for corresponding nufw tls session */ send_conntrack_message(data, AUTH_CONN_DESTROY); /* free */ g_free(data); } /** * get old entry */ static gboolean get_old_entry(gpointer key, gpointer value, gpointer user_data) { if (((struct limited_connection *) value)->expire < GPOINTER_TO_INT(user_data)) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_PACKET | DEBUG_AREA_GW, "found connection to be destroyed"); return TRUE; } else { return FALSE; } } /** * search and destroy expired connections */ void destroy_expired_connection(GHashTable * lim_conn_list) { g_hash_table_foreach_remove(lim_conn_list, get_old_entry, GUINT_TO_POINTER(time(NULL))); } /** *\brief Unique thread to be able to access to list of connections to expire. * Wait for messages */ void *limited_connection_handler(GMutex * mutex) { GHashTable *lim_conn_list; struct internal_message *message = NULL; struct limited_connection *elt; GTimeVal tv; nuauthdatas->limited_connections_queue = g_async_queue_new(); /* initialize packets list */ lim_conn_list = g_hash_table_new_full((GHashFunc) hash_connection, (GEqualFunc) tracking_equal, NULL, (GDestroyNotify) send_destroy_message_and_free); g_async_queue_ref(nuauthdatas->limited_connections_queue); while (g_mutex_trylock(mutex)) { g_mutex_unlock(mutex); /* wait for message */ g_get_current_time(&tv); g_time_val_add(&tv, POP_DELAY); message = g_async_queue_timed_pop(nuauthdatas-> limited_connections_queue, &tv); if (message == NULL) continue; switch (message->type) { case INSERT_MESSAGE: g_hash_table_insert(lim_conn_list, &(((struct limited_connection *) message->datas)-> tracking), message->datas); break; case REFRESH_MESSAGE: destroy_expired_connection(lim_conn_list); break; case FREE_MESSAGE: elt = (struct limited_connection *) g_hash_table_lookup(lim_conn_list, message->datas); if (elt) { elt->expire = 0; g_hash_table_remove(lim_conn_list, message->datas); } #ifdef DEBUG_ENABLE else { log_message(VERBOSE_DEBUG, DEBUG_AREA_PACKET, "connection not found can not be destroyed"); } #endif g_free(message->datas); break; case UPDATE_MESSAGE: /** here we get message from nufw kernel connection is ASSURED * we have to limit it if needed and log the state change if needed */ debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_GW, "received update message for a conntrack entry"); elt = (struct limited_connection *) g_hash_table_lookup(lim_conn_list, message->datas); if (elt == NULL) { debug_log_message(VERBOSE_DEBUG, DEBUG_AREA_GW | DEBUG_AREA_PACKET, "Can't find conntrack entry to update"); } else { if (nuauthconf->nufw_has_fixed_timeout) { send_conntrack_message(elt, AUTH_CONN_UPDATE); /* this has to be removed from hash */ g_hash_table_steal(lim_conn_list, message->datas); g_free(elt); } } g_free(message->datas); break; default: g_free(message->datas); break; } g_free(message); } g_async_queue_unref(nuauthdatas->limited_connections_queue); g_hash_table_destroy(lim_conn_list); return NULL; } /** @} */ nufw-2.4.3/src/nuauth/nuauth_params.h0000644000175000017500000001400111431206275014530 00000000000000/* ** Copyright(C) 2003-2009 INL ** Written by Eric Leblond ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NUAUTH_PARAMS_H #define NUAUTH_PARAMS_H /** \addtogroup NuauthConf * @{ */ /** Policy rule, see tls_sasl_connect_ok() */ typedef enum { PER_IP_TOO_MANY_LOGINS=1, PER_USER_TOO_MANY_LOGINS, } policy_refused_reason_t; /** \warning Deprecated. Do not use it ! */ typedef enum { /** Allow multiple login per IP (accept any connection) (default rule) */ POLICY_MULTIPLE_LOGIN=0, /** Allow an user can only be connected once (test based on username) */ POLICY_ONE_LOGIN, /** Allow only an user session per IP (test based on IP) */ POLICY_PER_IP_ONE_LOGIN } policy_t; struct nuauth_params { char *configfile; /* Sockets related */ char *authreq_port; /*/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ distdir=`$(am__cd) $(distdir) && pwd`; \ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ (cd $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$top_distdir" \ distdir="$$distdir/$$subdir" \ am__remove_distdir=: \ am__skip_length_check=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-exec-am: install-html: install-html-recursive install-info: install-info-recursive install-man: install-pdf: install-pdf-recursive install-ps: install-ps-recursive installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ install-strip .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic clean-libtool \ ctags ctags-recursive distclean distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/libs/nussl/0000777000175000017500000000000011431215437012371 500000000000000nufw-2.4.3/src/libs/nussl/nussl_utils.c0000644000175000017500000001232711431206275015042 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* HTTP utility functions Copyright (C) 1999-2006, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #include "nussl_config.h" #include #include #include #include /* isdigit() for nussl_parse_statusline */ #ifdef NUSSL_HAVE_ZLIB #include #endif #ifdef HAVE_OPENSSL #include #endif #ifdef HAVE_GNUTLS #include #endif /* libxml2: pick up the version string. */ #if defined(HAVE_LIBXML) #include #elif defined(HAVE_EXPAT) && !defined(HAVE_XMLPARSE_H) #include #endif #include #include #ifdef HAVE_UNISTD_H # include #endif #include "nussl_utils.h" #include "nussl_string.h" /* for nussl_strdup */ #include "nussl_dates.h" int nussl_debug_mask = 0; FILE *nussl_debug_stream = NULL; void nussl_debug_init(FILE * stream, int mask) { nussl_debug_stream = stream; nussl_debug_mask = mask; #if defined(HAVE_SETVBUF) && defined(_IONBF) /* If possible, turn off buffering on the debug log. this is very * helpful if debugging segfaults. */ if (stream) setvbuf(stream, NULL, _IONBF, 0); #endif } void nussl_debug(int ch, const char *template, ...) { va_list params; if ((ch & nussl_debug_mask) == 0) return; fflush(stdout); va_start(params, template); vfprintf(nussl_debug_stream, template, params); va_end(params); /* if ((ch & NUSSL_DBG_FLUSH) == NUSSL_DBG_FLUSH) fflush(nussl_debug_stream);*/ } #define NUSSL_STRINGIFY(x) # x #define NUSSL_EXPAT_VER(x,y,z) NUSSL_STRINGIFY(x) "." NUSSL_STRINGIFY(y) "." NUSSL_STRINGIFY(z) static const char version_string[] = "neon " NEON_VERSION ": " #ifdef NEON_IS_LIBRARY "Library build" #else "Bundled build" #endif #ifdef NUSSL_HAVE_IPV6 ", IPv6" #endif #ifdef HAVE_EXPAT ", Expat" /* expat >=1.95.2 exported the version */ #ifdef XML_MAJOR_VERSION " " NUSSL_EXPAT_VER(XML_MAJOR_VERSION, XML_MINOR_VERSION, XML_MICRO_VERSION) #endif #else /* !HAVE_EXPAT */ #ifdef HAVE_LIBXML ", libxml " LIBXML_DOTTED_VERSION #endif /* HAVE_LIBXML */ #endif /* !HAVE_EXPAT */ #if defined(NUSSL_HAVE_ZLIB) && defined(ZLIB_VERSION) ", zlib " ZLIB_VERSION #endif /* NUSSL_HAVE_ZLIB && ... */ #ifdef NUSSL_HAVE_SOCKS ", SOCKSv5" #endif #ifdef HAVE_OPENSSL #ifdef OPENSSL_VERSION_TEXT ", " OPENSSL_VERSION_TEXT #else "OpenSSL (unknown version)" #endif /* OPENSSL_VERSION_TEXT */ #endif /* HAVE_OPENSSL */ #ifdef HAVE_GNUTLS ", GNU TLS " LIBGNUTLS_VERSION #endif /* HAVE_GNUTLS */ "."; const char *nussl_version_string(void) { return version_string; } int nussl_version_match(int major, int minor) { return NUSSL_VERSION_MAJOR != major || NUSSL_VERSION_MINOR < minor || (NUSSL_VERSION_MAJOR == 0 && NUSSL_VERSION_MINOR != minor); } int nussl_has_support(int feature) { switch (feature) { #if defined(NUSSL_HAVE_ZLIB) || defined(NUSSL_HAVE_IPV6) \ || defined(NUSSL_HAVE_SOCKS) || defined(NUSSL_HAVE_LFS) \ || defined(NUSSL_HAVE_TS_SSL) || defined(NUSSL_HAVE_I18N) case NUSSL_FEATURE_SSL: #ifdef NUSSL_HAVE_ZLIB case NUSSL_FEATURE_ZLIB: #endif #ifdef NUSSL_HAVE_IPV6 case NUSSL_FEATURE_IPV6: #endif #ifdef NUSSL_HAVE_SOCKS case NUSSL_FEATURE_SOCKS: #endif #ifdef NUSSL_HAVE_LFS case NUSSL_FEATURE_LFS: #endif #ifdef NUSSL_HAVE_TS_SSL case NUSSL_FEATURE_TS_SSL: #endif #ifdef NUSSL_HAVE_I18N case NUSSL_FEATURE_I18N: #endif return 1; #endif /* NUSSL_HAVE_* */ default: return 0; } } int check_key_perms(const char *filename) { struct stat info; if (stat(filename, &info) != 0) return NUSSL_ERROR; #ifndef _WIN32 /* File should not be readable or writable by others */ if (info.st_mode & S_IROTH || info.st_mode & S_IWOTH) return NUSSL_ERROR; #endif return NUSSL_OK; } nufw-2.4.3/src/libs/nussl/nussl_utils.h0000644000175000017500000001204011431206275015037 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* HTTP utility functions Copyright (C) 1999-2006, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #ifndef NUSSL_UTILS_H #define NUSSL_UTILS_H #include #include #include #include "nussl_config.h" #include "nussl_constants.h" #include "nussl_defs.h" #ifdef NEON_TRIO #include #endif NUSSL_BEGIN_DECLS /* Returns a human-readable library version string describing the * version and build information; for example: * "neon 0.2.0: Library build, OpenSSL support" */ const char *nussl_version_string(void); /* Returns non-zero if library version is not of major version * 'major', or if minor version is not greater than or equal to * 'minor'. For neon versions with major == 0, all minor versions are * presumed to be incompatible. */ int nussl_version_match(int major, int minor); /* Feature codes: */ #define NUSSL_FEATURE_SSL (1) /* SSL/TLS support */ #define NUSSL_FEATURE_ZLIB (2) /* zlib compression in compress interface */ #define NUSSL_FEATURE_IPV6 (3) /* IPv6 is supported in resolver */ #define NUSSL_FEATURE_LFS (4) /* large file support */ #define NUSSL_FEATURE_SOCKS (5) /* SOCKSv5 support */ #define NUSSL_FEATURE_TS_SSL (6) /* Thread-safe SSL/TLS support */ #define NUSSL_FEATURE_I18N (7) /* i18n error message support */ /* Returns non-zero if library is built with support for the given * NUSSL_FEATURE_* feature code 'code'. */ int nussl_has_support(int feature); /* Debugging macro to allow code to be optimized out if debugging is * disabled at build time. */ #if 0 #ifndef NUSSL_DEBUGGING #define NUSSL_DEBUG if (0) nussl_debug #else /* DEBUGGING */ #define NUSSL_DEBUG nussl_debug #endif /* DEBUGGING */ #endif /* Debugging masks. */ #if 0 #define NUSSL_DBG_SOCKET (1<<0) /* raw socket */ #define NUSSL_DBG_HTTP (1<<1) /* HTTP request/response handling */ #define NUSSL_DBG_XML (1<<2) /* XML parser */ #define NUSSL_DBG_HTTPAUTH (1<<3) /* HTTP authentication (hiding credentials) */ #define NUSSL_DBG_HTTPPLAIN (1<<4) /* plaintext HTTP authentication */ #define NUSSL_DBG_LOCKS (1<<5) /* WebDAV locking */ #define NUSSL_DBG_XMLPARSE (1<<6) /* low-level XML parser */ #define NUSSL_DBG_HTTPBODY (1<<7) /* HTTP response body blocks */ #define NUSSL_DBG_SSL (1<<8) /* SSL/TLS */ #define NUSSL_DBG_FLUSH (1<<30) /* always flush debugging */ #endif #define NUSSL_DEBUG fprintf #define NUSSL_DBG_SOCKET stderr #define NUSSL_DBG_HTTP stderr #define NUSSL_DBG_XML stderr #define NUSSL_DBG_HTTPAUTH stderr #define NUSSL_DBG_HTTPPLAIN stderr #define NUSSL_DBG_LOCKS stderr #define NUSSL_DBG_XMLPARSE stderr #define NUSSL_DBG_HTTPBODY stderr #define NUSSL_DBG_SSL stderr #define NUSSL_DBG_FLUSH stderr /* Send debugging output to 'stream', for all of the given debug * channels. To disable debugging, pass 'stream' as NULL and 'mask' * as 0. */ void nussl_debug_init(FILE * stream, int mask); /* The current debug mask and stream set by the last call to * nussl_debug_init. */ extern int nussl_debug_mask; extern FILE *nussl_debug_stream; /* Produce debug output if any of channels 'ch' is enabled for * debugging. */ void nussl_debug(int ch, const char *, ...) nussl_attribute((format(printf, 2, 3))); /* Storing an HTTP status result */ typedef struct { int major_version; int minor_version; int code; /* Status-Code value */ int klass; /* Class of Status-Code (1-5) */ char *reason_phrase; } nussl_status; /* NB: couldn't use 'class' in nussl_status because it would clash with * the C++ reserved word. */ int check_key_perms(const char *filename); NUSSL_END_DECLS #endif /* NUSSL_UTILS_H */ nufw-2.4.3/src/libs/nussl/nussl_session.c0000644000175000017500000004567311431206275015377 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** Pierre Chifflier ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* HTTP session handling Copyright (C) 1999-2007, Joe Orton Portions are: Copyright (C) 1999-2000 Tommi Komulainen This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ /** \defgroup NuSSL NuSSL Library * \brief This is a library used in NuFW to be independant from a specific TLS/SLL implementation. * * @{ */ /** * \file nussl_session.c * \brief nussl session handling */ #include #include #include #include #include #include #include #include "nussl_privssl.h" #include "nussl_session.h" #include "nussl_alloc.h" #include "nussl_utils.h" #include "nussl_internal.h" #include "nussl_string.h" #include "nussl_dates.h" #include "nussl_socket.h" #include "nussl_private.h" #ifdef NUSSL_HAVE_TS_SSL # include #endif /* pre-declration list */ int nussl_session_get_fd(nussl_session * sess); extern int nussl_ssl_set_ca_file(nussl_session *sess, const char *cafile); #if 0 /* Destroy a a list of hooks. */ static void destroy_hooks(struct hook *hooks) { struct hook *nexthk; while (hooks) { nexthk = hooks->next; nussl_free(hooks); hooks = nexthk; } } #endif void nussl_session_destroy(nussl_session * sess) { NUSSL_DEBUG(NUSSL_DBG_HTTP, "nussl_session_destroy called.\n"); if (!sess) return; /* Close the connection; note that the notifier callback could * still be invoked here. */ nussl_close_connection(sess); nussl_free(sess->server.hostname); if (sess->server.address) nussl_addr_destroy(sess->server.address); if (sess->ssl_context) nussl_ssl_context_destroy(sess->ssl_context); if (sess->peer_cert) nussl_ssl_cert_free(sess->peer_cert); if (sess->my_cert) nussl_ssl_clicert_free(sess->my_cert); nussl_free(sess); } /* Stores the hostname/port in *sess, setting up the "hostport" * segment correctly. */ void nussl_set_hostinfo(nussl_session * sess, const char *hostname, unsigned int port) { if (!sess) return; if (sess->server.hostname) nussl_free(sess->server.hostname); sess->server.hostname = nussl_strdup(hostname); sess->server.port = port; } /* Set list of allowed ciphers for TLS negotiation */ void nussl_session_set_ciphers(nussl_session * sess, const char *cipher_list) { if (!sess) return; if (!sess->ssl_context) return; sess->ssl_context->ciphers = nussl_strdup(cipher_list); } nussl_session *nussl_session_create(int mode) { nussl_session *sess = nussl_calloc(sizeof *sess); /* NUSSL_DEBUG(NUSSL_DBG_HTTP, "session to ://%s:%d begins.\n", hostname, port); */ if (!sess) return NULL; strcpy(sess->error, "Unknown error."); sess->ssl_context = nussl_ssl_context_create(mode); sess->flags[NUSSL_SESSFLAG_SSLv2] = 1; sess->flags[NUSSL_SESSFLAG_TLS_SNI] = 1; /* Set flags which default to on: */ sess->flags[NUSSL_SESSFLAG_PERSIST] = 1; /* Set default read timeout */ sess->rdtimeout = SOCKET_READ_TIMEOUT; /* check certificates by default */ sess->check_peer_cert = 1; sess->mode = mode; return sess; } /* Server function */ nussl_session *nussl_session_create_with_fd(int server_fd, int verify) { nussl_session *srv_sess; srv_sess = nussl_session_create(NUSSL_SSL_CTX_SERVER); if (!srv_sess) { return NULL; } srv_sess->socket = nussl_sock_create_with_fd(server_fd); /* verify: one of NUSSL_CERT_IGNORE, NUSSL_CERT_REQUEST or NUSSL_CERT_REQUIRE */ srv_sess->ssl_context->verify = verify; return srv_sess; } /* Server function */ nussl_session *nussl_session_accept(nussl_session * srv_sess) { nussl_session *client_sess; if (!srv_sess) return NULL; client_sess = nussl_session_create(NUSSL_SSL_CTX_SERVER); if (!client_sess) { nussl_set_error(srv_sess, _("Not enough memory")); return NULL; } if (srv_sess->ssl_context->verify) client_sess->check_peer_cert = 1; if (srv_sess->ssl_context->ciphers != NULL) nussl_session_set_ciphers(client_sess, srv_sess->ssl_context->ciphers); client_sess->socket = nussl_sock_create(); /* TDOD: make nussl_sock_accept return a real error.. */ if (nussl_sock_accept(client_sess->socket, nussl_sock_fd(srv_sess->socket)) != 0) { nussl_set_error(srv_sess, "Error during nussl_session_accept()\n"); nussl_session_destroy(client_sess); return NULL; } return client_sess; } int nussl_session_handshake(nussl_session * client_sess, nussl_session * srv_sess) { int fd; if (nussl_sock_accept_ssl(client_sess->socket, srv_sess->ssl_context)) { /* nussl_sock_accept_ssl already sets an error */ nussl_set_error(srv_sess, "%s", nussl_sock_error(client_sess->socket)); return -1; } // Post handshake needed to retrieve the peers certificate if (nussl__ssl_post_handshake(client_sess) != NUSSL_OK) { /* nussl__ssl_post_handshake already sets an error */ nussl_set_error(srv_sess, "%s", nussl_get_error(client_sess)); return -1; } if (client_sess->rdtimeout > 0) { // Set non-blocking mode NUSSL_DEBUG(NUSSL_DBG_SSL, "Setting non-blocking mode\n"); fd = nussl_session_get_fd(client_sess); fcntl(fd,F_SETFL,(fcntl(fd,F_GETFL)|O_NONBLOCK)); } return 0; } int nussl_session_get_fd(nussl_session * sess) { if (!sess) return -1; return nussl_sock_fd(sess->socket); } int nussl_session_get_cipher(nussl_session * sess, char *buf, size_t bufsz) { char *cipher = NULL; if (!sess) return -1; cipher = nussl_sock_cipher(sess->socket); if (!cipher) return -1; strncpy(buf, cipher, bufsz); nussl_free(cipher); return 0; } int nussl_session_set_dh_bits(nussl_session * sess, unsigned int dh_bits) { if (!sess) return NUSSL_ERROR; return nussl_ssl_context_set_dh_bits(sess->ssl_context, dh_bits); } int nussl_session_set_dh_file(nussl_session * sess, const char *file) { if (!sess) return NUSSL_ERROR; return nussl_ssl_context_set_dh_file(sess->ssl_context, file); } void nussl_set_addrlist(nussl_session * sess, const nussl_inet_addr ** addrs, size_t n) { if (!sess) return; sess->addrlist = addrs; sess->numaddrs = n; } void nussl_set_error(nussl_session * sess, const char *format, ...) { va_list params; if (!sess) return; va_start(params, format); nussl_vsnprintf(sess->error, sizeof sess->error, format, params); va_end(params); } void nussl_set_session_flag(nussl_session * sess, nussl_session_flag flag, int value) { if (!sess) return; if (flag < NUSSL_SESSFLAG_LAST) { sess->flags[flag] = value; if (flag == NUSSL_SESSFLAG_SSLv2 && sess->ssl_context) { nussl_ssl_context_set_flag(sess->ssl_context, NUSSL_SSL_CTX_SSLv2, value); } } } int nussl_get_session_flag(nussl_session * sess, nussl_session_flag flag) { if (!sess) return -1; if (flag < NUSSL_SESSFLAG_LAST) { int sess_flag = sess->flags[flag]; return sess_flag; } return -1; } /* static void progress_notifier(void *userdata, nussl_session_status status, */ /* const nussl_session_status_info *info) */ /* { */ /* nussl_session *sess = userdata; */ /* if (status == nussl_status_sending || status == nussl_status_recving) { */ /* sess->progress_cb(sess->progress_ud, info->sr.progress, info->sr.total); */ /* } */ /* } */ /* void nussl_set_progress(nussl_session *sess, nussl_progress progress, void *userdata) */ /* { */ /* sess->progress_cb = progress; */ /* sess->progress_ud = userdata; */ /* nussl_set_notifier(sess, progress_notifier, sess); */ /* } */ /* void nussl_set_notifier(nussl_session *sess, */ /* nussl_notify_status status, void *userdata) */ /* { */ /* sess->notify_cb = status; */ /* sess->notify_ud = userdata; */ /* } */ void nussl_set_read_timeout(nussl_session * sess, int timeout) { if (!sess) return; sess->rdtimeout = timeout; if (sess->socket) nussl_sock_read_timeout(sess->socket, timeout); } void nussl_set_connect_timeout(nussl_session * sess, int timeout) { if (!sess) return; sess->cotimeout = timeout; if (sess->socket) nussl_sock_connect_timeout(sess->socket, timeout); } const char *nussl_get_error(nussl_session * sess) { char *ret; if (!sess) return NULL; ret = nussl_strclean(sess->error); return ret; } void nussl_close_connection(nussl_session * sess) { if (!sess) return; if (sess->socket) { NUSSL_DEBUG(NUSSL_DBG_SOCKET, "Closing connection.\n"); nussl_sock_close(sess->socket); sess->socket = NULL; NUSSL_DEBUG(NUSSL_DBG_SOCKET, "Connection closed.\n"); } else { NUSSL_DEBUG(NUSSL_DBG_SOCKET, "(Not closing closed connection!).\n"); } } void nussl_ssl_disable_certificate_check(nussl_session * sess, int is_disabled) { if (!sess) return; sess->check_peer_cert = !is_disabled; } #if 0 void nussl_ssl_set_verify(nussl_session * sess, nussl_ssl_verify_fn fn, void *userdata) { sess->ssl_verify_fn = fn; sess->ssl_verify_ud = userdata; } void nussl_ssl_provide_clicert(nussl_session * sess, nussl_ssl_provide_fn fn, void *userdata) { sess->ssl_provide_fn = fn; sess->ssl_provide_ud = userdata; } #endif int nussl_ssl_trust_cert_file(nussl_session * sess, const char *cert_file) { int ret; if (!sess) return NUSSL_ERROR; ret = nussl_ssl_set_ca_file(sess, cert_file); if (ret == NUSSL_OK) sess->check_peer_cert = 1; return ret; } int nussl_ssl_trust_dir(nussl_session * sess, const char *dir) { int ret; if (!sess) return NUSSL_ERROR; ret = nussl_ssl_context_trustdir(sess->ssl_context, dir); if (ret == NUSSL_OK) sess->check_peer_cert = 1; return ret; } void nussl_ssl_cert_validity(const nussl_ssl_certificate * cert, char *from, char *until) { time_t tf, tu; char *date; if (!cert) return; nussl_ssl_cert_validity_time(cert, &tf, &tu); if (from) { if (tf != (time_t) - 1) { date = nussl_rfc1123_date(tf); nussl_strnzcpy(from, date, NUSSL_SSL_VDATELEN); nussl_free(date); } else { nussl_strnzcpy(from, _("[invalid date]"), NUSSL_SSL_VDATELEN); } } if (until) { if (tu != (time_t) - 1) { date = nussl_rfc1123_date(tu); nussl_strnzcpy(until, date, NUSSL_SSL_VDATELEN); nussl_free(date); } else { nussl_strnzcpy(until, _("[invalid date]"), NUSSL_SSL_VDATELEN); } } } void nussl__ssl_set_verify_err(nussl_session * sess, int failures) { static const struct { int bit; const char *str; } reasons[] = { { NUSSL_SSL_NOTYETVALID, N_("certificate is not yet valid")}, { NUSSL_SSL_EXPIRED, N_("certificate has expired")}, { NUSSL_SSL_IDMISMATCH, N_ ("certificate issued for a different hostname")}, { NUSSL_SSL_UNTRUSTED, N_("issuer is not trusted")}, { NUSSL_SSL_INVALID, N_("certificate is not a valid certificate")}, { NUSSL_SSL_REVOKED, N_("certificate is revoked")}, { NUSSL_SSL_SIGNER_NOT_FOUND, N_("signer not found")}, { NUSSL_SSL_SIGNER_NOT_CA, N_("signer not a CA")}, { 0, NULL} }; int n, flag = 0; strcpy(sess->error, _("Peer certificate verification failed: ")); for (n = 0; reasons[n].bit; n++) { if (failures & reasons[n].bit) { if (flag) strncat(sess->error, ", ", sizeof sess->error); strncat(sess->error, _(reasons[n].str), sizeof sess->error); flag = 1; } } } #if 0 typedef void (*void_fn) (void); #define ADD_HOOK(hooks, fn, ud) add_hook(&(hooks), NULL, (void_fn)(fn), (ud)) static void add_hook(struct hook **hooks, const char *id, void_fn fn, void *ud) { struct hook *hk = nussl_malloc(sizeof(struct hook)), *pos; if (*hooks != NULL) { for (pos = *hooks; pos->next != NULL; pos = pos->next) /* nullop */ ; pos->next = hk; } else { *hooks = hk; } hk->id = id; hk->fn = fn; hk->userdata = ud; hk->next = NULL; } #endif /* void nussl_hook_create_request(nussl_session *sess, */ /* nussl_create_request_fn fn, void *userdata) */ /* { */ /* ADD_HOOK(sess->create_req_hooks, fn, userdata); */ /* } */ /* void nussl_hook_pre_send(nussl_session *sess, nussl_pre_send_fn fn, void *userdata) */ /* { */ /* ADD_HOOK(sess->pre_send_hooks, fn, userdata); */ /* } */ /* void nussl_hook_post_send(nussl_session *sess, nussl_post_send_fn fn, void *userdata) */ /* { */ /* ADD_HOOK(sess->post_send_hooks, fn, userdata); */ /* } */ /* void nussl_hook_post_headers(nussl_session *sess, nussl_post_headers_fn fn, */ /* void *userdata) */ /* { */ /* ADD_HOOK(sess->post_headers_hooks, fn, userdata); */ /* } */ /* void nussl_hook_destroy_request(nussl_session *sess, */ /* nussl_destroy_req_fn fn, void *userdata) */ /* { */ /* ADD_HOOK(sess->destroy_req_hooks, fn, userdata); */ /* } */ /* void nussl_hook_destroy_session(nussl_session *sess, */ /* nussl_destroy_sess_fn fn, void *userdata) */ /* { */ /* ADD_HOOK(sess->destroy_sess_hooks, fn, userdata); */ /* } */ /* static void remove_hook(struct hook **hooks, void_fn fn, void *ud) { struct hook **p = hooks; while (*p) { if ((*p)->fn == fn && (*p)->userdata == ud) { struct hook *next = (*p)->next; nussl_free(*p); (*p) = next; break; } p = &(*p)->next; } } #define REMOVE_HOOK(hooks, fn, ud) remove_hook(&hooks, (void_fn)fn, ud) */ /* void nussl_unhook_create_request(nussl_session *sess, */ /* nussl_create_request_fn fn, void *userdata) */ /* { */ /* REMOVE_HOOK(sess->create_req_hooks, fn, userdata); */ /* } */ /* void nussl_unhook_pre_send(nussl_session *sess, nussl_pre_send_fn fn, void *userdata) */ /* { */ /* REMOVE_HOOK(sess->pre_send_hooks, fn, userdata); */ /* } */ /* void nussl_unhook_post_headers(nussl_session *sess, nussl_post_headers_fn fn, */ /* void *userdata) */ /* { */ /* REMOVE_HOOK(sess->post_headers_hooks, fn, userdata); */ /* } */ /* void nussl_unhook_post_send(nussl_session *sess, nussl_post_send_fn fn, void *userdata) */ /* { */ /* REMOVE_HOOK(sess->post_send_hooks, fn, userdata); */ /* } */ /* void nussl_unhook_destroy_request(nussl_session *sess, */ /* nussl_destroy_req_fn fn, void *userdata) */ /* { */ /* REMOVE_HOOK(sess->destroy_req_hooks, fn, userdata); */ /* } */ /* void nussl_unhook_destroy_session(nussl_session *sess, nussl_destroy_sess_fn fn, void *userdata) { REMOVE_HOOK(sess->destroy_sess_hooks, fn, userdata); } */ int nussl_write(nussl_session * session, const char *buffer, size_t count) { int ret; if (!session) return NUSSL_ERROR; ret = nussl_sock_fullwrite(session->socket, buffer, count); if (ret < 0) nussl_set_error(session, "%s", nussl_sock_error(session->socket)); return ret; } ssize_t nussl_read(nussl_session * session, char *buffer, size_t count) { int ret; if (!session) return NUSSL_ERROR; ret = nussl_sock_read(session->socket, buffer, count); if (ret < 0) nussl_set_error(session, "%s", nussl_sock_error(session->socket)); return ret; } int nussl_ssl_set_keypair(nussl_session * session, const char *cert_file, const char *key_file) { nussl_ssl_client_cert *cert; int ret; struct stat key_stat; if (!session) return NUSSL_ERROR; /* Try opening the keys */ if (stat(key_file, &key_stat) != 0) { nussl_set_error(session, _("Unable to open private key %s: %s"), key_file, strerror(errno)); return NUSSL_ERROR; } if (check_key_perms(key_file) != NUSSL_OK) { nussl_set_error(session, _("Permissions on private key %s are not restrictive enough, file should not be readable or writable by others."), key_file); return NUSSL_ERROR; } cert = nussl_ssl_import_keypair(cert_file, key_file); if (cert == NULL) { nussl_set_error(session, _ ("Unable to load private key or certificate file")); return NUSSL_ERROR; } ret = nussl_ssl_set_clicert(session, cert); return ret; } int nussl_ssl_set_pkcs12_keypair(nussl_session * session, const char *pkcs12_file, const char *password) { struct stat key_stat; int ret = NUSSL_OK; nussl_ssl_client_cert *cert; if (!session) return NUSSL_ERROR; /* Try opening the keys */ if (stat(pkcs12_file, &key_stat) != 0) { nussl_set_error(session, _("Unable to open private key %s: %s"), pkcs12_file, strerror(errno)); return NUSSL_ERROR; } if (check_key_perms(pkcs12_file) != NUSSL_OK) { nussl_set_error(session, _("Permissions on private key %s are not restrictive enough, file should not be readable or writable by others."), pkcs12_file); return NUSSL_ERROR; } cert = nussl_ssl_clicert_read(pkcs12_file); if (cert == NULL) { nussl_set_error(session, _ ("Unable to load PKCS12 certificate file")); return NUSSL_ERROR; } if (nussl_ssl_clicert_encrypted(cert)) { if (password) { if (nussl_ssl_clicert_decrypt(cert, password) != 0) { nussl_set_error(session, _ ("Bad password to decrypt the PKCS key")); return NUSSL_ERROR; } } else { nussl_set_error(session, _ ("PKCS12 file is encrypted, please supply a password")); return NUSSL_ERROR; } } else { if (password) fprintf(stderr, "Warning, the key is not encrypted, but a password was supplied\n"); } ret = nussl_ssl_set_clicert(session, cert); return ret; } int nussl_session_getpeer(nussl_session * sess, struct sockaddr *addr, socklen_t * addrlen) { int fd; int ret; if (!sess) return NUSSL_ERROR; fd = nussl_session_get_fd(sess); memset(addr, 0, *addrlen); ret = getpeername(fd, addr, addrlen); if (ret == -1) { nussl_set_error(sess, "%s", strerror(errno)); return NUSSL_ERROR; } return NUSSL_OK; } void *nussl_get_socket(nussl_session * sess) { if (!sess) return NULL; return nussl__sock_sslsock(sess->socket); } int nussl_init() { return nussl_sock_init(); } /** @} */ nufw-2.4.3/src/libs/nussl/nussl_socket.c0000644000175000017500000013130511431206275015170 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* Socket handling routines Copyright (C) 1998-2007, Joe Orton , Copyright (C) 1999-2000 Tommi Komulainen Copyright (C) 2004 Aleix Conchillo Flaque This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ /* portions were originally under GPL in Mutt, http://www.mutt.org/ Relicensed under LGPL for neon, http://www.webdav.org/neon/ */ /** * \addtogroup NuSSL * * @{ */ /** * \file nussl_socket.c * \brief Socket and I/O handling functions */ #include #include "nussl_config.h" #include #include #ifdef HAVE_SYS_TIME_H #include #endif #include #ifdef HAVE_SYS_SOCKET_H #include #endif #ifdef NUSSL_USE_POLL #include #elif defined(HAVE_SYS_SELECT_H) #include #endif #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_NETINET_TCP_H #include #endif #ifdef HAVE_ARPA_INET_H #include #endif #ifdef HAVE_NETDB_H #include #endif #ifdef WIN32 #include #include #ifdef USE_GETADDRINFO #include #endif #endif #if defined(HAVE_OPENSSL) && defined(HAVE_LIMITS_H) #include /* for INT_MAX */ #endif #ifdef HAVE_STRING_H #include #endif #ifdef HAVE_STRINGS_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_SIGNAL_H #include #endif #ifdef HAVE_ERRNO_H #include #endif #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_FCNTL_H #include #endif #ifdef HAVE_SOCKS_H #include #endif #ifdef HAVE_OPENSSL #include #include #include /* for PKCS12_PBE_add */ #include #include /* for OPENSSL_VERSION_NUMBER */ #endif #ifdef HAVE_GNUTLS #include #endif #define NUSSL_INET_ADDR_DEFINED /* A slightly ugly hack: change the nussl_inet_addr definition to be the * real address type used. The API only exposes nussl_inet_addr as a * pointer to an opaque object, so this should be well-defined * behaviour. It avoids the hassle of a real wrapper nussl_inet_addr * structure, or losing type-safety by using void *. */ #ifdef USE_GETADDRINFO typedef struct addrinfo nussl_inet_addr; #else typedef struct in_addr nussl_inet_addr; #endif #include "nussl_privssl.h" /* MUST come after nussl_inet_addr is defined */ /* To avoid doing AAAA queries unless absolutely necessary, either use * AI_ADDRCONFIG where available, or a run-time check for working IPv6 * support; the latter is only known to work on Linux. */ #if defined(USE_GETADDRINFO) && !defined(USE_GAI_ADDRCONFIG) && defined(__linux__) #define USE_CHECK_IPV6 #endif /* "Be Conservative In What You Build". */ #if defined(HAVE_FCNTL) && defined(O_NONBLOCK) && defined(F_SETFL) \ && defined(HAVE_GETSOCKOPT) && defined(SO_ERROR) \ && defined(HAVE_SOCKLEN_T) && defined(SOL_SOCKET) \ && defined(EINPROGRESS) #define USE_NONBLOCKING_CONNECT #endif #include "nussl_internal.h" #include "nussl_utils.h" #include "nussl_string.h" #include "nussl_socket.h" #include "nussl_alloc.h" #ifdef HAVE_SSPI #include "nussl_sspi.h" #endif #if defined(__BEOS__) && !defined(BONE_VERSION) /* pre-BONE */ #define nussl_close(s) closesocket(s) #define nussl_errno errno #elif defined(WIN32) #define nussl_close(s) closesocket(s) #define nussl_errno WSAGetLastError() #else /* really Unix! */ #define nussl_close(s) close(s) #define nussl_errno errno #endif #ifdef WIN32 #define NUSSL_ISRESET(e) ((e) == WSAECONNABORTED || (e) == WSAETIMEDOUT || \ (e) == WSAECONNRESET || (e) == WSAENETRESET) #define NUSSL_ISCLOSED(e) ((e) == WSAESHUTDOWN || (e) == WSAENOTCONN) #define NUSSL_ISINTR(e) (0) #define NUSSL_ISINPROGRESS(e) ((e) == WSAEWOULDBLOCK) /* says MSDN */ #else /* Unix */ /* Also treat ECONNABORTED and ENOTCONN as "connection reset" errors; * both can be returned by Winsock-based sockets layers e.g. CygWin */ #ifndef ECONNABORTED #define ECONNABORTED ECONNRESET #endif #ifndef ENOTCONN #define ENOTCONN ECONNRESET #endif #define NUSSL_ISRESET(e) ((e) == ECONNRESET || (e) == ECONNABORTED || (e) == ENOTCONN) #define NUSSL_ISCLOSED(e) ((e) == EPIPE) #define NUSSL_ISINTR(e) ((e) == EINTR) #define NUSSL_ISINPROGRESS(e) ((e) == EINPROGRESS) #endif #include /* Critical I/O functions on a socket: useful abstraction for easily * handling SSL I/O alongside raw socket I/O. */ struct iofns { /* Read up to 'len' bytes into 'buf' from socket. Return <0 on * error or EOF, or >0; number of bytes read. */ ssize_t(*sread) (nussl_socket * s, char *buf, size_t len); /* Write up to 'len' bytes from 'buf' to socket. Return number of * bytes written on success, or <0 on error. */ ssize_t(*swrite) (nussl_socket * s, const char *buf, size_t len); /* Wait up to 'n' seconds for socket to become readable. Returns * 0 when readable, otherwise NUSSL_SOCK_TIMEOUT or NUSSL_SOCK_ERROR. */ int (*readable) (nussl_socket * s, int n); }; static const nussl_inet_addr dummy_laddr; struct nussl_socket_s { int fd; unsigned int lport; const nussl_inet_addr *laddr; void *progress_ud; int rdtimeout, cotimeout; /* timeouts */ const struct iofns *ops; nussl_ssl_socket ssl; /* The read buffer: ->buffer stores byte which have been read; as * these are consumed and passed back to the caller, bufpos * advances through ->buffer. ->bufavail gives the number of * bytes which remain to be consumed in ->buffer (from ->bufpos), * and is hence always <= RDBUFSIZ. */ char *bufpos; size_t bufavail; #define RDBUFSIZ 4096 char buffer[RDBUFSIZ]; /* Error string. */ char error[192]; }; /* nussl_sock_addr represents an Internet address. */ struct nussl_sock_addr_s { #ifdef USE_GETADDRINFO struct addrinfo *result, *cursor; #else struct in_addr *addrs; size_t cursor, count; #endif int errnum; }; /* set_error: set socket error string to 'str'. */ #define set_error(s, str) nussl_strnzcpy((s)->error, (str), sizeof (s)->error) /* set_strerror: set socket error to system error string for 'errnum' */ #ifdef WIN32 /* Print system error message to given buffer. */ static void print_error(int errnum, char *buffer, size_t buflen) { if (FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, (DWORD) errnum, 0, buffer, buflen, NULL) == 0) nussl_snprintf(buffer, buflen, "Socket error %d", errnum); } #define set_strerror(s, e) print_error((e), (s)->error, sizeof (s)->error) #else /* not WIN32 */ #define set_strerror(s, e) nussl_strerror((e), (s)->error, sizeof (s)->error) #endif #ifdef HAVE_OPENSSL /* Seed the SSL PRNG, if necessary; returns non-zero on failure. */ static int seed_ssl_prng(void) { /* Check whether the PRNG has already been seeded. */ if (RAND_status() == 1) return 0; #if defined(EGD_PATH) NUSSL_DEBUG(NUSSL_DBG_SOCKET, "Seeding PRNG from " EGD_PATH "...\n"); if (RAND_egd(EGD_PATH) != -1) return 0; #elif defined(ENABLE_EGD) { static const char *paths[] = { "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy" }; size_t n; for (n = 0; n < sizeof(paths) / sizeof(char *); n++) { NUSSL_DEBUG(NUSSL_DBG_SOCKET, "Seeding PRNG from %s...\n", paths[n]); if (RAND_egd(paths[n]) != -1) return 0; } } #endif /* EGD_PATH */ NUSSL_DEBUG(NUSSL_DBG_SOCKET, "No entropy source found; could not seed PRNG.\n"); return -1; } #endif /* HAVE_OPENSSL */ #ifdef USE_CHECK_IPV6 static int ipv6_disabled = 0; /* On Linux kernels, IPv6 is typically built as a loadable module, and * socket(AF_INET6, ...) will fail if this module is not loaded, so * the slow AAAA lookups can be avoided for this common case. */ static void init_ipv6(void) { int fd = socket(AF_INET6, SOCK_STREAM, 0); if (fd < 0) ipv6_disabled = 1; else close(fd); } #else #define ipv6_disabled (0) #endif /* If init_state is N where > 0, nussl_sock_init has been called N times; * if == 0, library is not initialized; if < 0, library initialization * has failed. */ static int init_state = 0; int nussl_sock_init(void) { #ifdef WIN32 WORD wVersionRequested; WSADATA wsaData; int err; #endif if (init_state > 0) { init_state++; return 0; } else if (init_state < 0) { return -1; } #ifdef WIN32 wVersionRequested = MAKEWORD(2, 2); err = WSAStartup(wVersionRequested, &wsaData); if (err != 0) { return init_state = -1; } #ifdef HAVE_SSPI if (nussl_sspi_init() < 0) { return init_state = -1; } #endif #endif #ifdef NUSSL_HAVE_SOCKS SOCKSinit("nussl"); #endif #if defined(HAVE_SIGNAL) && defined(SIGPIPE) (void) signal(SIGPIPE, SIG_IGN); #endif #ifdef USE_CHECK_IPV6 init_ipv6(); #endif if (nussl__ssl_init()) { return init_state = -1; } init_state = 1; return 0; } void nussl_sock_exit(void) { if (init_state > 0 && --init_state == 0) { #ifdef WIN32 WSACleanup(); #endif nussl__ssl_exit(); #ifdef HAVE_SSPI nussl_sspi_deinit(); #endif } } /* Await readability (rdwr = 0) or writability (rdwr != 0) for socket * fd for secs seconds. Returns <0 on error, zero on timeout, >0 if * data is available. */ static int raw_poll(int fdno, int rdwr, int secs) { int ret; #ifdef NUSSL_USE_POLL struct pollfd fds; int timeout = secs >= 0 ? secs * 1000 : -1; fds.fd = fdno; fds.events = rdwr == 0 ? POLLIN : POLLOUT; fds.revents = 0; do { ret = poll(&fds, 1, timeout); } while (ret < 0 && NUSSL_ISINTR(nussl_errno)); #else fd_set rdfds, wrfds; struct timeval timeout, *tvp = (secs >= 0 ? &timeout : NULL); /* Init the fd set */ FD_ZERO(&rdfds); FD_ZERO(&wrfds); if (rdwr == 0) FD_SET(fdno, &rdfds); else FD_SET(fdno, &wrfds); if (tvp) { tvp->tv_sec = secs; tvp->tv_usec = 0; } do { ret = select(fdno + 1, &rdfds, &wrfds, NULL, tvp); } while (ret < 0 && NUSSL_ISINTR(nussl_errno)); #endif return ret; } int nussl_sock_block(nussl_socket * sock, int n) { if (sock->bufavail) return 0; return sock->ops->readable(sock, n); } /* Cast address object AD to type 'sockaddr_TY' */ #define SACAST(ty, ad) ((struct sockaddr_##ty *)(ad)) ssize_t nussl_sock_read(nussl_socket * sock, char *buffer, size_t buflen) { ssize_t bytes; #if 0 NUSSL_DEBUG(NUSSL_DBG_SOCKET, "buf: at %d, %d avail [%s]\n", sock->bufpos - sock->buffer, sock->bufavail, sock->bufpos); #endif if (sock->bufavail > 0) { /* Deliver buffered data. */ if (buflen > sock->bufavail) buflen = sock->bufavail; memcpy(buffer, sock->bufpos, buflen); sock->bufpos += buflen; sock->bufavail -= buflen; return buflen; } else if (buflen >= sizeof sock->buffer) { /* No need for read buffer. */ return sock->ops->sread(sock, buffer, buflen); } else { /* Fill read buffer. */ bytes = sock->ops->sread(sock, sock->buffer, sizeof sock->buffer); if (bytes <= 0) return bytes; if (buflen > (size_t) bytes) buflen = bytes; memcpy(buffer, sock->buffer, buflen); sock->bufpos = sock->buffer + buflen; sock->bufavail = bytes - buflen; return buflen; } } ssize_t nussl_sock_peek(nussl_socket * sock, char *buffer, size_t buflen) { ssize_t bytes; if (sock->bufavail) { /* just return buffered data. */ bytes = sock->bufavail; } else { /* fill the buffer. */ bytes = sock->ops->sread(sock, sock->buffer, sizeof sock->buffer); if (bytes <= 0) return bytes; sock->bufpos = sock->buffer; sock->bufavail = bytes; } if (buflen > (size_t) bytes) buflen = bytes; memcpy(buffer, sock->bufpos, buflen); return buflen; } /* Await data on raw fd in socket. */ static int readable_raw(nussl_socket * sock, int secs) { int ret = raw_poll(sock->fd, 0, secs); if (ret < 0) { set_strerror(sock, nussl_errno); return NUSSL_SOCK_ERROR; } else if (ret == 0) { set_error(sock, _("Read timed out")); return NUSSL_SOCK_TIMEOUT; } return 0; } static ssize_t read_raw(nussl_socket * sock, char *buffer, size_t len) { ssize_t ret; ret = readable_raw(sock, sock->rdtimeout); if (ret) return ret; do { ret = recv(sock->fd, buffer, len, 0); } while (ret == -1 && NUSSL_ISINTR(nussl_errno)); if (ret == 0) { set_error(sock, _("Connection closed")); ret = NUSSL_SOCK_CLOSED; } else if (ret < 0) { int errnum = nussl_errno; ret = NUSSL_ISRESET(errnum) ? NUSSL_SOCK_RESET : NUSSL_SOCK_ERROR; set_strerror(sock, errnum); } return ret; } #define MAP_ERR(e) (NUSSL_ISCLOSED(e) ? NUSSL_SOCK_CLOSED : \ (NUSSL_ISRESET(e) ? NUSSL_SOCK_RESET : NUSSL_SOCK_ERROR)) static ssize_t write_raw(nussl_socket * sock, const char *data, size_t length) { ssize_t ret; #ifdef __QNX__ /* Test failures seen on QNX over loopback, if passing large * buffer lengths to send(). */ if (length > 8192) length = 8192; #endif do { ret = send(sock->fd, data, length, 0); } while (ret == -1 && NUSSL_ISINTR(nussl_errno)); if (ret < 0) { int errnum = nussl_errno; set_strerror(sock, errnum); return MAP_ERR(errnum); } return ret; } static const struct iofns iofns_raw = { read_raw, write_raw, readable_raw }; #ifdef HAVE_OPENSSL /* OpenSSL I/O function implementations. */ static int readable_ossl(nussl_socket * sock, int secs) { if (SSL_pending(sock->ssl)) return 0; return readable_raw(sock, secs); } /* SSL error handling, according to SSL_get_error(3). */ static int error_ossl(nussl_socket * sock, int sret) { int errnum = SSL_get_error(sock->ssl, sret); unsigned long err; if (errnum == SSL_ERROR_ZERO_RETURN) { set_error(sock, _("Connection closed")); return NUSSL_SOCK_CLOSED; } /* for all other errors, look at the OpenSSL error stack */ err = ERR_get_error(); if (err == 0) { /* Empty error stack, presume this is a system call error: */ if (sret == 0) { /* EOF without close_notify, possible truncation */ set_error(sock, _("Secure connection truncated")); return NUSSL_SOCK_TRUNC; } else { /* Other socket error. */ errnum = nussl_errno; set_strerror(sock, errnum); return MAP_ERR(errnum); } } if (ERR_reason_error_string(err)) { nussl_snprintf(sock->error, sizeof sock->error, _("SSL error: %s"), ERR_reason_error_string(err)); } else { nussl_snprintf(sock->error, sizeof sock->error, _("SSL error code %d/%d/%lu"), sret, errnum, err); } /* make sure the error stack is now empty. */ ERR_clear_error(); return NUSSL_SOCK_ERROR; } /* Work around OpenSSL's use of 'int' rather than 'size_t', to prevent * accidentally passing a negative number, etc. */ #define CAST2INT(n) (((n) > INT_MAX) ? INT_MAX : (n)) static ssize_t read_ossl(nussl_socket * sock, char *buffer, size_t len) { int ret; ret = readable_ossl(sock, sock->rdtimeout); if (ret) return ret; ret = SSL_read(sock->ssl, buffer, CAST2INT(len)); if (ret <= 0) ret = error_ossl(sock, ret); return ret; } static ssize_t write_ossl(nussl_socket * sock, const char *data, size_t len) { int ret, ilen = CAST2INT(len); ret = SSL_write(sock->ssl, data, ilen); /* ssl.h says SSL_MODE_ENABLE_PARTIAL_WRITE must be enabled to * have SSL_write return < length... so, SSL_write should never * return < length. */ if (ret != ilen) return error_ossl(sock, ret); return ret; } static const struct iofns iofns_ssl = { read_ossl, write_ossl, readable_ossl }; #elif defined(HAVE_GNUTLS) static const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 }; /* Return zero if an alert value can be ignored. */ static int check_alert(nussl_socket * sock, ssize_t ret) { const char *alert; if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED) { alert = gnutls_alert_get_name(gnutls_alert_get(sock->ssl)); NUSSL_DEBUG(NUSSL_DBG_SOCKET, "TLS warning alert: %s\n", alert); return 0; } else if (ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { alert = gnutls_alert_get_name(gnutls_alert_get(sock->ssl)); NUSSL_DEBUG(NUSSL_DBG_SOCKET, "TLS fatal alert: %s\n", alert); return -1; } return ret; } static int readable_gnutls(nussl_socket * sock, int secs) { if (gnutls_record_check_pending(sock->ssl)) { return 0; } return readable_raw(sock, secs); } static ssize_t error_gnutls(nussl_socket * sock, ssize_t sret) { ssize_t ret; switch (sret) { case 0: ret = NUSSL_SOCK_CLOSED; set_error(sock, _("Connection closed")); break; case GNUTLS_E_FATAL_ALERT_RECEIVED: ret = NUSSL_SOCK_ERROR; nussl_snprintf(sock->error, sizeof sock->error, _("SSL alert received: %s"), gnutls_alert_get_name(gnutls_alert_get (sock->ssl))); break; case GNUTLS_E_UNEXPECTED_PACKET_LENGTH: /* It's not exactly an API guarantee but this error will * always mean a premature EOF. */ ret = NUSSL_SOCK_TRUNC; set_error(sock, _("Secure connection truncated")); break; case GNUTLS_E_PUSH_ERROR: ret = NUSSL_SOCK_RESET; set_error(sock, ("SSL socket write failed")); break; case GNUTLS_E_PULL_ERROR: ret = NUSSL_SOCK_RESET; set_error(sock, _("SSL socket read failed")); break; default: ret = NUSSL_SOCK_ERROR; nussl_snprintf(sock->error, sizeof sock->error, _("SSL error: %s"), gnutls_strerror(sret)); } return ret; } #define RETRY_GNUTLS(sock, ret) ((ret < 0) \ && (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN \ || check_alert(sock, ret) == 0)) static ssize_t read_gnutls(nussl_socket * sock, char *buffer, size_t len) { ssize_t ret; ret = readable_gnutls(sock, sock->rdtimeout); if (ret) return ret; do { ret = gnutls_record_recv(sock->ssl, buffer, len); } while (RETRY_GNUTLS(sock, ret)); if (ret <= 0) ret = error_gnutls(sock, ret); return ret; } static ssize_t write_gnutls(nussl_socket * sock, const char *data, size_t len) { ssize_t ret; do { ret = gnutls_record_send(sock->ssl, data, len); } while (RETRY_GNUTLS(sock, ret)); if (ret < 0) return error_gnutls(sock, ret); return ret; } static const struct iofns iofns_ssl = { read_gnutls, write_gnutls, readable_gnutls }; #endif int nussl_sock_fullwrite(nussl_socket * sock, const char *data, size_t len) { ssize_t ret; do { ret = sock->ops->swrite(sock, data, len); if (ret > 0) { data += ret; len -= ret; } } while (ret > 0 && len > 0); return ret < 0 ? ret : 0; } ssize_t nussl_sock_readline(nussl_socket * sock, char *buf, size_t buflen) { char *lf; size_t len; if ((lf = memchr(sock->bufpos, '\n', sock->bufavail)) == NULL && sock->bufavail < RDBUFSIZ) { /* The buffered data does not contain a complete line: move it * to the beginning of the buffer. */ if (sock->bufavail) memmove(sock->buffer, sock->bufpos, sock->bufavail); sock->bufpos = sock->buffer; /* Loop filling the buffer whilst no newline is found in the data * buffered so far, and there is still buffer space available */ do { /* Read more data onto end of buffer. */ ssize_t ret = sock->ops->sread(sock, sock->buffer + sock->bufavail, RDBUFSIZ - sock->bufavail); if (ret < 0) return ret; sock->bufavail += ret; } while ((lf = memchr(sock->buffer, '\n', sock->bufavail)) == NULL && sock->bufavail < RDBUFSIZ); } if (lf) len = lf - sock->bufpos + 1; else len = buflen; /* fall into "line too long" error... */ if ((len + 1) > buflen) { set_error(sock, _("Line too long")); return NUSSL_SOCK_ERROR; } memcpy(buf, sock->bufpos, len); buf[len] = '\0'; /* consume the line from buffer: */ sock->bufavail -= len; sock->bufpos += len; return len; } ssize_t nussl_sock_fullread(nussl_socket * sock, char *buffer, size_t buflen) { ssize_t len; while (buflen > 0) { len = nussl_sock_read(sock, buffer, buflen); if (len < 0) return len; buflen -= len; buffer += len; } return 0; } #ifndef INADDR_NONE #define INADDR_NONE ((in_addr_t) -1) #endif #if !defined(USE_GETADDRINFO) && !defined(WIN32) && !HAVE_DECL_H_ERRNO /* Ancient versions of netdb.h don't export h_errno. */ extern int h_errno; #endif /* This implemementation does not attempt to support IPv6 using * gethostbyname2 et al. */ nussl_sock_addr *nussl_addr_resolve(const char *hostname, int flags) { nussl_sock_addr *addr = nussl_calloc(sizeof *addr); #ifdef USE_GETADDRINFO struct addrinfo hints = { 0 }; char *pnt; hints.ai_socktype = SOCK_STREAM; if (hostname[0] == '[' && ((pnt = strchr(hostname, ']')) != NULL)) { char *hn = nussl_strdup(hostname + 1); hn[pnt - hostname - 1] = '\0'; #ifdef AI_NUMERICHOST /* added in the RFC2553 API */ hints.ai_flags = AI_NUMERICHOST; #endif hints.ai_family = AF_INET6; addr->errnum = getaddrinfo(hn, NULL, &hints, &addr->result); nussl_free(hn); } else { #ifdef USE_GAI_ADDRCONFIG /* added in the RFC3493 API */ hints.ai_flags = AI_ADDRCONFIG; hints.ai_family = AF_UNSPEC; addr->errnum = getaddrinfo(hostname, NULL, &hints, &addr->result); #else hints.ai_family = ipv6_disabled ? AF_INET : AF_UNSPEC; addr->errnum = getaddrinfo(hostname, NULL, &hints, &addr->result); #endif } #else /* Use gethostbyname() */ in_addr_t laddr; struct hostent *hp; laddr = inet_addr(hostname); if (laddr == INADDR_NONE) { hp = gethostbyname(hostname); if (hp == NULL) { #ifdef WIN32 addr->errnum = WSAGetLastError(); #else addr->errnum = h_errno; #endif } else if (hp->h_length != sizeof(struct in_addr)) { /* fail gracefully if somebody set RES_USE_INET6 */ addr->errnum = NO_RECOVERY; } else { size_t n; /* count addresses */ for (n = 0; hp->h_addr_list[n] != NULL; n++) /* noop */ ; addr->count = n; addr->addrs = nussl_malloc(n * sizeof *addr->addrs); for (n = 0; n < addr->count; n++) memcpy(&addr->addrs[n], hp->h_addr_list[n], hp->h_length); } } else { addr->addrs = nussl_malloc(sizeof *addr->addrs); addr->count = 1; memcpy(addr->addrs, &laddr, sizeof *addr->addrs); } #endif return addr; } int nussl_addr_result(const nussl_sock_addr * addr) { return addr->errnum; } const nussl_inet_addr *nussl_addr_first(nussl_sock_addr * addr) { #ifdef USE_GETADDRINFO addr->cursor = addr->result->ai_next; return addr->result; #else addr->cursor = 0; return &addr->addrs[0]; #endif } const nussl_inet_addr *nussl_addr_next(nussl_sock_addr * addr) { #ifdef USE_GETADDRINFO struct addrinfo *ret = addr->cursor; if (addr->cursor) addr->cursor = addr->cursor->ai_next; #else struct in_addr *ret; if (++addr->cursor < addr->count) ret = &addr->addrs[addr->cursor]; else ret = NULL; #endif return ret; } char *nussl_addr_error(const nussl_sock_addr * addr, char *buf, size_t bufsiz) { #ifdef WIN32 print_error(addr->errnum, buf, bufsiz); #else const char *err; #ifdef USE_GETADDRINFO /* override horrible generic "Name or service not known" error. */ if (addr->errnum == EAI_NONAME) err = _("Host not found"); else err = gai_strerror(addr->errnum); #elif defined(HAVE_HSTRERROR) err = hstrerror(addr->errnum); #else err = _("Host not found"); #endif nussl_strnzcpy(buf, err, bufsiz); #endif /* WIN32 */ return buf; } char *nussl_iaddr_print(const nussl_inet_addr * ia, char *buf, size_t bufsiz) { #if defined(USE_GETADDRINFO) && defined(HAVE_INET_NTOP) const char *ret; #ifdef AF_INET6 if (ia->ai_family == AF_INET6) { struct sockaddr_in6 *in6 = SACAST(in6, ia->ai_addr); ret = inet_ntop(AF_INET6, &in6->sin6_addr, buf, bufsiz); } else #endif if (ia->ai_family == AF_INET) { struct sockaddr_in *in = SACAST(in, ia->ai_addr); ret = inet_ntop(AF_INET, &in->sin_addr, buf, bufsiz); } else ret = NULL; if (ret == NULL) nussl_strnzcpy(buf, "[IP address]", bufsiz); #elif defined(USE_GETADDRINFO) && defined(NI_NUMERICHOST) /* use getnameinfo instead for Win32, which lacks inet_ntop: */ if (getnameinfo(ia->ai_addr, ia->ai_addrlen, buf, bufsiz, NULL, 0, NI_NUMERICHOST)) nussl_strnzcpy(buf, "[IP address]", bufsiz); #else /* USE_GETADDRINFO */ nussl_strnzcpy(buf, inet_ntoa(*ia), bufsiz); #endif return buf; } int nussl_iaddr_reverse(const nussl_inet_addr * ia, char *buf, size_t bufsiz) { #ifdef USE_GETADDRINFO return getnameinfo(ia->ai_addr, ia->ai_addrlen, buf, bufsiz, NULL, 0, 0); #else struct hostent *hp; hp = gethostbyaddr(ia, sizeof *ia, AF_INET); if (hp && hp->h_name) { nussl_strnzcpy(buf, hp->h_name, bufsiz); return 0; } return -1; #endif } void nussl_addr_destroy(nussl_sock_addr * addr) { #ifdef USE_GETADDRINFO if (addr->result) freeaddrinfo(addr->result); #else if (addr->addrs) nussl_free(addr->addrs); #endif nussl_free(addr); } /* Perform a connect() for fd to address sa of length salen, with a * timeout if supported on this platform. Returns zero on success or * NUSSL_SOCK_* on failure, with sock->error set appropriately. */ static int timed_connect(nussl_socket * sock, int fd, const struct sockaddr *sa, size_t salen) { int ret; #ifdef USE_NONBLOCKING_CONNECT if (sock->cotimeout) { int errnum, flags; /* Get flags and then set O_NONBLOCK. */ flags = fcntl(fd, F_GETFL); if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) { set_strerror(sock, errno); return NUSSL_SOCK_ERROR; } ret = connect(fd, sa, salen); if (ret == -1) { errnum = nussl_errno; if (NUSSL_ISINPROGRESS(errnum)) { ret = raw_poll(fd, 1, sock->cotimeout); if (ret > 0) { /* poll got data */ socklen_t len = sizeof(errnum); /* Check whether there is a pending error for the * socket. Per Stevens UNPv1§15.4, Solaris will * return a pending error via errno by failing the * getsockopt() call. */ errnum = 0; if (getsockopt (fd, SOL_SOCKET, SO_ERROR, &errnum, &len)) errnum = errno; if (errnum == 0) { ret = 0; } else { set_strerror(sock, errnum); ret = NUSSL_SOCK_ERROR; } } else if (ret == 0) { /* poll timed out */ set_error(sock, _ ("Connection timed out")); ret = NUSSL_SOCK_TIMEOUT; } else { /* poll failed */ set_strerror(sock, errno); ret = NUSSL_SOCK_ERROR; } } else { /* non-EINPROGRESS error from connect() */ set_strerror(sock, errnum); ret = NUSSL_SOCK_ERROR; } } /* Reset to old flags: */ if (fcntl(fd, F_SETFL, flags) == -1) { set_strerror(sock, errno); ret = NUSSL_SOCK_ERROR; } } else #endif /* USE_NONBLOCKING_CONNECT */ { ret = connect(fd, sa, salen); if (ret < 0) { set_strerror(sock, errno); ret = NUSSL_SOCK_ERROR; } } return ret; } /* Connect socket to address 'addr' on given 'port'. Returns zero on * success or NUSSL_SOCK_* on failure with sock->error set * appropriately. */ static int connect_socket(nussl_socket * sock, int fd, const nussl_inet_addr * addr, unsigned int port) { #ifdef USE_GETADDRINFO #ifdef AF_INET6 /* fill in the _family field for AIX 4.3, which forgets to do so. */ if (addr->ai_family == AF_INET6) { struct sockaddr_in6 in6; memcpy(&in6, addr->ai_addr, sizeof in6); in6.sin6_port = port; in6.sin6_family = AF_INET6; return timed_connect(sock, fd, (struct sockaddr *) &in6, sizeof in6); } else #endif if (addr->ai_family == AF_INET) { struct sockaddr_in in; memcpy(&in, addr->ai_addr, sizeof in); in.sin_port = port; in.sin_family = AF_INET; return timed_connect(sock, fd, (struct sockaddr *) &in, sizeof in); } else { set_strerror(sock, EINVAL); return NUSSL_SOCK_ERROR; } #else struct sockaddr_in sa; sa.sin_family = AF_INET; sa.sin_port = port; sa.sin_addr = *addr; return timed_connect(sock, fd, (struct sockaddr *) &sa, sizeof sa); #endif } nussl_socket *nussl_sock_create(void) { nussl_socket *sock = nussl_calloc(sizeof *sock); sock->rdtimeout = SOCKET_READ_TIMEOUT; sock->cotimeout = 0; sock->bufpos = sock->buffer; sock->ops = &iofns_raw; sock->fd = -1; return sock; } /* XXX: INL Addition */ nussl_socket *nussl_sock_create_with_fd(int fd) { nussl_socket *sock = nussl_sock_create(); sock->fd = fd; return sock; } #ifdef USE_GETADDRINFO #define ia_family(a) ((a)->ai_family) #define ia_proto(a) ((a)->ai_protocol) #else #define ia_family(a) AF_INET #define ia_proto(a) 0 #endif void nussl_sock_prebind(nussl_socket * sock, const nussl_inet_addr * addr, unsigned int port) { sock->lport = port; sock->laddr = addr ? addr : &dummy_laddr; } /* Bind socket 'fd' to address/port 'addr' and 'port', for subsequent * connect() to address of family 'peer_family'. */ static int do_bind(int fd, int peer_family, const nussl_inet_addr * addr, unsigned int port) { #if defined(HAVE_SETSOCKOPT) && defined(SO_REUSEADDR) && defined(SOL_SOCKET) { int flag = 1; (void) setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &flag, sizeof flag); /* An error here is not fatal, so ignore it. */ } #endif #ifdef USE_GETADDRINFO /* Use a sockaddr_in6 if an AF_INET6 local address is specifed, or * if no address is specified and the peer address is AF_INET6: */ if ((addr != &dummy_laddr && addr->ai_family == AF_INET6) || (addr == &dummy_laddr && peer_family == AF_INET6)) { struct sockaddr_in6 in6; if (addr == &dummy_laddr) memset(&in6, 0, sizeof in6); else memcpy(&in6, addr->ai_addr, sizeof in6); in6.sin6_port = htons(port); /* fill in the _family field for AIX 4.3, which forgets to do so. */ in6.sin6_family = AF_INET6; return bind(fd, (struct sockaddr *) &in6, sizeof in6); } else #endif { struct sockaddr_in in; if (addr == &dummy_laddr) memset(&in, 0, sizeof in); else { #ifdef USE_GETADDRINFO memcpy(&in, addr->ai_addr, sizeof in); #else in.sin_addr = *addr; #endif } in.sin_port = htons(port); in.sin_family = AF_INET; return bind(fd, (struct sockaddr *) &in, sizeof in); } } int nussl_sock_connect(nussl_socket * sock, const nussl_inet_addr * addr, unsigned int port) { int fd, ret; /* use SOCK_STREAM rather than ai_socktype: some getaddrinfo * implementations do not set ai_socktype, e.g. RHL6.2. */ fd = socket(ia_family(addr), SOCK_STREAM, ia_proto(addr)); if (fd < 0) { set_strerror(sock, nussl_errno); return -1; } #if !defined(NUSSL_USE_POLL) && !defined(WIN32) if (fd > FD_SETSIZE) { nussl_close(fd); set_error(sock, _ ("Socket descriptor number exceeds FD_SETSIZE")); return NUSSL_SOCK_ERROR; } #endif #if defined(HAVE_FCNTL) && defined(F_GETFD) && defined(F_SETFD) && defined(FD_CLOEXEC) /* Set the FD_CLOEXEC bit for the new fd. */ if ((ret = fcntl(fd, F_GETFD)) >= 0) { fcntl(fd, F_SETFD, ret | FD_CLOEXEC); /* ignore failure; not a critical error. */ } #endif if (sock->laddr && (sock->laddr == &dummy_laddr || ia_family(sock->laddr) == ia_family(addr))) { ret = do_bind(fd, ia_family(addr), sock->laddr, sock->lport); if (ret < 0) { int errnum = errno; nussl_close(fd); set_strerror(sock, errnum); return NUSSL_SOCK_ERROR; } } #if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT) && defined(IPPROTO_TCP) { /* Disable the Nagle algorithm; better to add write buffering * instead of doing this. */ int flag = 1; setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &flag, sizeof flag); } #endif ret = connect_socket(sock, fd, addr, htons(port)); if (ret == 0) sock->fd = fd; else nussl_close(fd); return ret; } nussl_inet_addr *nussl_sock_peer(nussl_socket * sock, unsigned int *port) { union saun { struct sockaddr_in sin; #ifdef USE_GETADDRINFO struct sockaddr_in6 sin6; #endif } saun; socklen_t len = sizeof saun; nussl_inet_addr *ia; struct sockaddr *sad = (struct sockaddr *) &saun; if (getpeername(sock->fd, sad, &len) != 0) { set_strerror(sock, errno); return NULL; } ia = nussl_calloc(sizeof *ia); #ifdef USE_GETADDRINFO ia->ai_addr = nussl_malloc(sizeof *ia); ia->ai_addrlen = len; memcpy(ia->ai_addr, sad, len); ia->ai_family = sad->sa_family; #else memcpy(ia, &saun.sin.sin_addr.s_addr, sizeof *ia); #endif #ifdef USE_GETADDRINFO *port = ntohs(sad->sa_family == AF_INET ? saun.sin.sin_port : saun.sin6.sin6_port); #else *port = ntohs(saun.sin.sin_port); #endif return ia; } nussl_inet_addr *nussl_iaddr_make(nussl_iaddr_type type, const unsigned char *raw) { nussl_inet_addr *ia; #if !defined(AF_INET6) || !defined(USE_GETADDRINFO) /* fail if IPv6 address is given if IPv6 is not supported. */ if (type == nussl_iaddr_ipv6) return NULL; #endif ia = nussl_calloc(sizeof *ia); #ifdef USE_GETADDRINFO /* ai_protocol and ai_socktype aren't used by connect_socket() so * ignore them here. (for now) */ if (type == nussl_iaddr_ipv4) { struct sockaddr_in *in4 = nussl_calloc(sizeof *in4); ia->ai_family = AF_INET; ia->ai_addr = (struct sockaddr *) in4; ia->ai_addrlen = sizeof *in4; in4->sin_family = AF_INET; memcpy(&in4->sin_addr.s_addr, raw, sizeof in4->sin_addr.s_addr); } #ifdef AF_INET6 else { struct sockaddr_in6 *in6 = nussl_calloc(sizeof *in6); ia->ai_family = AF_INET6; ia->ai_addr = (struct sockaddr *) in6; ia->ai_addrlen = sizeof *in6; in6->sin6_family = AF_INET6; memcpy(&in6->sin6_addr, raw, sizeof in6->sin6_addr.s6_addr); } #endif #else /* !USE_GETADDRINFO */ memcpy(&ia->s_addr, raw, sizeof ia->s_addr); #endif return ia; } nussl_iaddr_type nussl_iaddr_typeof(const nussl_inet_addr * ia) { #ifdef USE_GETADDRINFO return ia->ai_family == AF_INET6 ? nussl_iaddr_ipv6 : nussl_iaddr_ipv4; #else return nussl_iaddr_ipv4; #endif } int nussl_iaddr_cmp(const nussl_inet_addr * i1, const nussl_inet_addr * i2) { #ifdef USE_GETADDRINFO if (i1->ai_family != i2->ai_family) return i2->ai_family - i1->ai_family; if (i1->ai_family == AF_INET) { struct sockaddr_in *in1 = SACAST(in, i1->ai_addr), *in2 = SACAST(in, i2->ai_addr); return memcmp(&in1->sin_addr.s_addr, &in2->sin_addr.s_addr, sizeof in1->sin_addr.s_addr); } else if (i1->ai_family == AF_INET6) { struct sockaddr_in6 *in1 = SACAST(in6, i1->ai_addr), *in2 = SACAST(in6, i2->ai_addr); return memcmp(in1->sin6_addr.s6_addr, in2->sin6_addr.s6_addr, sizeof in1->sin6_addr.s6_addr); } else return -1; #else return memcmp(&i1->s_addr, &i2->s_addr, sizeof i1->s_addr); #endif } void nussl_iaddr_free(nussl_inet_addr * addr) { #ifdef USE_GETADDRINFO nussl_free(addr->ai_addr); #endif nussl_free(addr); } int nussl_sock_accept(nussl_socket * sock, int listener) { int fd = accept(listener, NULL, NULL); if (fd < 0) return -1; sock->fd = fd; return 0; } int nussl_sock_accept_full(nussl_socket * sock, int listener, struct sockaddr *addr, socklen_t * addrlen) { int fd = accept(listener, addr, addrlen); if (fd < 0) return -1; sock->fd = fd; return 0; } int nussl_sock_fd(const nussl_socket * sock) { return sock->fd; } void nussl_sock_read_timeout(nussl_socket * sock, int timeout) { sock->rdtimeout = timeout; } void nussl_sock_connect_timeout(nussl_socket * sock, int timeout) { sock->cotimeout = timeout; } #ifdef HAVE_GNUTLS /* Dumb server session cache implementation for GNUTLS; holds a single * session. */ /* Copy datum 'src' to 'dest'. */ static void copy_datum(gnutls_datum * dest, gnutls_datum * src) { dest->size = src->size; dest->data = memcpy(gnutls_malloc(src->size), src->data, src->size); } /* Callback to store a session 'data' with id 'key'. */ static int store_sess(void *userdata, gnutls_datum key, gnutls_datum data) { nussl_ssl_context *ctx = userdata; if (ctx->cache.server.key.data) { gnutls_free(ctx->cache.server.key.data); gnutls_free(ctx->cache.server.data.data); } copy_datum(&ctx->cache.server.key, &key); copy_datum(&ctx->cache.server.data, &data); return 0; } /* Returns non-zero if d1 and d2 are the same datum. */ static int match_datum(gnutls_datum * d1, gnutls_datum * d2) { return d1->size == d2->size && memcmp(d1->data, d2->data, d1->size) == 0; } /* Callback to retrieve a session of id 'key'. */ static gnutls_datum retrieve_sess(void *userdata, gnutls_datum key) { nussl_ssl_context *ctx = userdata; gnutls_datum ret = { NULL, 0 }; if (match_datum(&ctx->cache.server.key, &key)) { copy_datum(&ret, &ctx->cache.server.data); } return ret; } /* Callback to remove a session of id 'key'; stub needed but * implementation seems unnecessary. */ static int remove_sess(void *userdata, gnutls_datum key) { return -1; } #endif int nussl_sock_accept_ssl(nussl_socket * sock, nussl_ssl_context * ctx) { int ret; nussl_ssl_socket ssl; char errmsg[1024]; #if defined(HAVE_OPENSSL) nussl_ssl_context_set_verify(ctx, ctx->verify, NULL, NULL); ssl = SSL_new(ctx->ctx); SSL_set_fd(ssl, sock->fd); if (ctx->ciphers != NULL) SSL_set_cipher_list(ssl, ctx->ciphers); sock->ssl = ssl; ret = nussl_ssl_accept(&ssl, sock->cotimeout, errmsg, sizeof(errmsg)); if (ret == 0) { /* timeout */ nussl_snprintf(sock->error, (sizeof sock->error), _("SSL handshake timeout")); return NUSSL_SOCK_ERROR; } if (ret != 1) { int ret_verif; ret_verif = SSL_get_verify_result(ssl); if (ret_verif != 0) { nussl_snprintf(sock->error, sizeof(sock->error), _("Error is %s\nCertificate verification: %s"), errmsg, X509_verify_cert_error_string(ret_verif)); return NUSSL_SOCK_ERROR; } else { nussl_snprintf(sock->error, sizeof(sock->error), _("%s"), errmsg); return NUSSL_SOCK_ERROR; } return error_ossl(sock, ret); } #elif defined(HAVE_GNUTLS) gnutls_init(&ssl, GNUTLS_SERVER); gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); if (ctx->ciphers != NULL) { #ifdef HAVE_GNUTLS_STRING_PRIORITY gnutls_priority_t prio; const char *err_pos; ret = gnutls_priority_init (&prio, ctx->ciphers, &err_pos); if (ret != GNUTLS_E_SUCCESS) { nussl_snprintf(sock->error, sizeof sock->error, _("Could not init cipher list %s: %s"), err_pos, gnutls_strerror(ret)); return NUSSL_SOCK_ERROR; } ret = gnutls_priority_set(ssl, prio); if (ret != GNUTLS_E_SUCCESS) { nussl_snprintf(sock->error, sizeof sock->error, _("Could not set cipher list: %s"), gnutls_strerror(ret)); return NUSSL_SOCK_ERROR; } gnutls_priority_deinit (prio); #else /* HAVE_GNUTLS_STRING_PRIORITY */ nussl_snprintf(sock->error, sizeof sock->error, _("GnuTLS library is too old (%s) and does not support gnutls_priority_set. Upgrade library, or comment cipherlist option."), gnutls_check_version(NULL)); return NUSSL_SOCK_ERROR; #endif /* HAVE_GNUTLS_STRING_PRIORITY */ } else { gnutls_set_default_priority(ssl); } /* Set up dummy session cache. */ gnutls_db_set_store_function(ssl, store_sess); gnutls_db_set_retrieve_function(ssl, retrieve_sess); gnutls_db_set_remove_function(ssl, remove_sess); gnutls_db_set_ptr(ssl, ctx); gnutls_certificate_server_set_request(ssl, ctx->verify); gnutls_dh_set_prime_bits(ssl, ctx->dh_bits); sock->ssl = ssl; gnutls_transport_set_ptr((gnutls_session_t) sock->ssl, (gnutls_transport_ptr) (long) sock->fd); ret = nussl_ssl_accept(&ssl, sock->cotimeout, errmsg, sizeof(errmsg)); if (ret == 0) { /* timeout */ nussl_snprintf(sock->error, sizeof sock->error, _("SSL handshake timeout")); return NUSSL_SOCK_ERROR; } if (ret < 0) { nussl_snprintf(sock->error, sizeof(sock->error), _("%s"), errmsg); return NUSSL_SOCK_ERROR; } #if 0 /* done from session.*_post_handshake in nussl_gnutls.c */ if (ctx->verify && gnutls_certificate_verify_peers(ssl)) { set_error(sock, _("Client certificate verification failed")); return NUSSL_SOCK_ERROR; } #endif #endif sock->ops = &iofns_ssl; return 0; } int nussl_sock_connect_ssl(nussl_socket * sock, nussl_ssl_context * ctx, void *userdata) { int ret; #if defined(HAVE_OPENSSL) SSL *ssl; if (seed_ssl_prng()) { set_error(sock, _("SSL disabled due to lack of entropy")); return NUSSL_SOCK_ERROR; } /* If runtime library version differs from compile-time version * number in major/minor/fix level, abort soon. */ if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & 0xFFFFF000) { set_error(sock, _ ("SSL disabled due to library version mismatch")); return NUSSL_SOCK_ERROR; } sock->ssl = ssl = SSL_new(ctx->ctx); if (!ssl) { set_error(sock, _("Could not create SSL structure")); return NUSSL_SOCK_ERROR; } SSL_set_app_data(ssl, userdata); SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); SSL_set_fd(ssl, sock->fd); sock->ops = &iofns_ssl; #ifdef SSL_set_tlsext_host_name if (ctx->hostname) { /* Try to enable SNI, but ignore failure (should only fail for * >255 char hostnames, which are probably not legal * anyway). */ if (SSL_set_tlsext_host_name(ssl, ctx->hostname) != 1) { ERR_clear_error(); } } #endif if (ctx->sess) SSL_set_session(ssl, ctx->sess); ret = SSL_connect(ssl); if (ret != 1) { error_ossl(sock, ret); SSL_free(ssl); sock->ssl = NULL; return NUSSL_SOCK_ERROR; } #elif defined(HAVE_GNUTLS) /* DH and RSA params are set in nussl_ssl_context_create * */ gnutls_init(&sock->ssl, GNUTLS_CLIENT); gnutls_set_default_priority(sock->ssl); gnutls_certificate_type_set_priority(sock->ssl, cert_type_priority); gnutls_session_set_ptr(sock->ssl, userdata); gnutls_credentials_set(sock->ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); #ifdef XXX /* keep or drop ? */ if (ctx->hostname) { gnutls_server_name_set(sock->ssl, GNUTLS_NAME_DNS, ctx->hostname, strlen(ctx->hostname)); } #endif gnutls_transport_set_ptr(sock->ssl, (gnutls_transport_ptr) (long) sock->fd); if (ctx->cache.client.data) { #if defined(HAVE_GNUTLS_SESSION_GET_DATA2) gnutls_session_set_data(sock->ssl, ctx->cache.client.data, ctx->cache.client.size); #else gnutls_session_set_data(sock->ssl, ctx->cache.client.data, ctx->cache.client.len); #endif } sock->ops = &iofns_ssl; ret = gnutls_handshake(sock->ssl); if (ret < 0) { gnutls_deinit(sock->ssl); sock->ssl = NULL; error_gnutls(sock, ret); return NUSSL_SOCK_ERROR; } if (!gnutls_session_is_resumed(sock->ssl)) { /* New session. The old method of using the _get_data * function seems to be broken with 1.3.0 and later*/ #if defined(HAVE_GNUTLS_SESSION_GET_DATA2) gnutls_session_get_data2(sock->ssl, &ctx->cache.client); #else ctx->cache.client.len = 0; if (gnutls_session_get_data(sock->ssl, NULL, &ctx->cache.client.len) == 0) { ctx->cache.client.data = nussl_malloc(ctx->cache.client.len); gnutls_session_get_data(sock->ssl, ctx->cache.client.data, &ctx->cache.client.len); } #endif } #endif return 0; } nussl_ssl_socket nussl__sock_sslsock(nussl_socket * sock) { return sock->ssl; } #if 0 /* Unused */ int nussl_sock_sessid(nussl_socket * sock, unsigned char *buf, size_t * buflen) { #ifdef HAVE_GNUTLS if (sock->ssl) { return gnutls_session_get_id(sock->ssl, buf, buflen); } else { return -1; } #else SSL_SESSION *sess; if (!sock->ssl) { return -1; } sess = SSL_get0_session(sock->ssl); if (!buf) { *buflen = sess->session_id_length; return 0; } if (*buflen < sess->session_id_length) { return -1; } *buflen = sess->session_id_length; memcpy(buf, sess->session_id, *buflen); return 0; #endif } #endif char *nussl_sock_cipher(nussl_socket * sock) { if (sock->ssl) { #ifdef HAVE_OPENSSL const char *name = SSL_get_cipher(sock->ssl); return nussl_strdup(name); #elif defined(HAVE_GNUTLS) const char *name = gnutls_cipher_get_name(gnutls_cipher_get(sock->ssl)); return nussl_strdup(name); #endif } else { return NULL; } } const char *nussl_sock_error(const nussl_socket * sock) { return sock->error; } /* Closes given nussl_socket */ int nussl_sock_close(nussl_socket * sock) { int ret; #if defined(HAVE_OPENSSL) if (sock->ssl) { SSL_shutdown(sock->ssl); SSL_free(sock->ssl); } #elif defined(HAVE_GNUTLS) if (sock->ssl) { int try = 0; do { ret = gnutls_bye(sock->ssl, GNUTLS_SHUT_RDWR); } while (ret < 0 && try++ < 2 && (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN)); gnutls_deinit(sock->ssl); } #endif if (sock->fd < 0) ret = 0; else { shutdown(sock->fd, SHUT_RDWR); ret = nussl_close(sock->fd); } nussl_free(sock); return ret; } /** @} */ nufw-2.4.3/src/libs/nussl/nussl_openssl.c0000644000175000017500000011727711431206275015377 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** Pierre Chifflier ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* neon SSL/TLS support using OpenSSL Copyright (C) 2007, Joe Orton Portions are: Copyright (C) 1999-2000 Tommi Komulainen This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #include "config.h" #ifdef HAVE_OPENSSL #include "nussl_privssl.h" #include #ifdef HAVE_STRING_H #include #endif #include #include #include #include #include #include #ifdef NUSSL_HAVE_TS_SSL #include /* for abort() */ #include #endif #include #include "nussl_ssl.h" #include "nussl_ssl_common.h" #include "nussl_string.h" #include "nussl_session.h" #include "nussl_internal.h" #include "nussl_private.h" #include "nussl_privssl.h" #include "nussl_utils.h" /* OpenSSL 0.9.6 compatibility */ #if OPENSSL_VERSION_NUMBER < 0x0090700fL #define PKCS12_unpack_authsafes M_PKCS12_unpack_authsafes #define PKCS12_unpack_p7data M_PKCS12_unpack_p7data /* cast away lack of const-ness */ #define OBJ_cmp(a,b) OBJ_cmp((ASN1_OBJECT *)(a), (ASN1_OBJECT *)(b)) #endif /* Second argument for d2i_X509() changed type in 0.9.8. */ #if OPENSSL_VERSION_NUMBER < 0x0090800fL typedef unsigned char nussl_d2i_uchar; #else typedef const unsigned char nussl_d2i_uchar; #endif /* Append an ASN.1 DirectoryString STR to buffer BUF as UTF-8. * Returns zero on success or non-zero on error. */ static int append_dirstring(nussl_buffer * buf, ASN1_STRING * str) { unsigned char *tmp = (unsigned char *) ""; /* initialize to workaround 0.9.6 bug */ int len; switch (str->type) { case V_ASN1_UTF8STRING: case V_ASN1_IA5STRING: /* definitely ASCII */ case V_ASN1_VISIBLESTRING: /* probably ASCII */ case V_ASN1_PRINTABLESTRING: /* subset of ASCII */ nussl_buffer_append(buf, (char *) str->data, str->length); break; case V_ASN1_UNIVERSALSTRING: case V_ASN1_T61STRING: /* let OpenSSL convert it as ISO-8859-1 */ case V_ASN1_BMPSTRING: len = ASN1_STRING_to_UTF8(&tmp, str); if (len > 0) { nussl_buffer_append(buf, (char *) tmp, len); OPENSSL_free(tmp); break; } else { ERR_clear_error(); return -1; } break; default: NUSSL_DEBUG(NUSSL_DBG_SSL, "Could not convert DirectoryString type %d\n", str->type); return -1; } return 0; } /* Returns a malloc-allocate version of IA5 string AS. Really only * here to prevent char * vs unsigned char * type mismatches without * losing all hope at type-safety. */ static char *dup_ia5string(const ASN1_IA5STRING * as) { unsigned char *data = as->data; return nussl_strndup((char *) data, as->length); } char *nussl_ssl_readable_dname(const nussl_ssl_dname * name) { int n, flag = 0; nussl_buffer *dump = nussl_buffer_create(); const ASN1_OBJECT *const cname = OBJ_nid2obj(NID_commonName), *const email = OBJ_nid2obj(NID_pkcs9_emailAddress); for (n = X509_NAME_entry_count(name->dn); n > 0; n--) { X509_NAME_ENTRY *ent = X509_NAME_get_entry(name->dn, n - 1); /* Skip commonName or emailAddress except if there is no other * attribute in dname. */ if ((OBJ_cmp(ent->object, cname) && OBJ_cmp(ent->object, email)) || (!flag && n == 1)) { if (flag++) nussl_buffer_append(dump, ", ", 2); if (append_dirstring(dump, ent->value)) nussl_buffer_czappend(dump, "???"); } } return nussl_buffer_finish(dump); } int nussl_ssl_dname_cmp(const nussl_ssl_dname * dn1, const nussl_ssl_dname * dn2) { return X509_NAME_cmp(dn1->dn, dn2->dn); } void nussl_ssl_clicert_free(nussl_ssl_client_cert * cc) { if (cc->p12) PKCS12_free(cc->p12); if (cc->decrypted) { if (cc->cert.identity) nussl_free(cc->cert.identity); EVP_PKEY_free(cc->pkey); X509_free(cc->cert.subject); } if (cc->friendly_name) nussl_free(cc->friendly_name); nussl_free(cc); } /* Format an ASN1 time to a string. 'buf' must be at least of size * 'NUSSL_SSL_VDATELEN'. */ static time_t asn1time_to_timet(const ASN1_TIME * atm) { struct tm tm; int i = atm->length; if (i < 10) return (time_t) - 1; tm.tm_year = (atm->data[0] - '0') * 10 + (atm->data[1] - '0'); /* Deal with Year 2000 */ if (tm.tm_year < 70) tm.tm_year += 100; tm.tm_mon = (atm->data[2] - '0') * 10 + (atm->data[3] - '0') - 1; tm.tm_mday = (atm->data[4] - '0') * 10 + (atm->data[5] - '0'); tm.tm_hour = (atm->data[6] - '0') * 10 + (atm->data[7] - '0'); tm.tm_min = (atm->data[8] - '0') * 10 + (atm->data[9] - '0'); tm.tm_sec = (atm->data[10] - '0') * 10 + (atm->data[11] - '0'); #ifdef HAVE_TIMEZONE /* ANSI C time handling is... interesting. */ return mktime(&tm) - timezone; #else return mktime(&tm); #endif } void nussl_ssl_cert_validity_time(const nussl_ssl_certificate * cert, time_t * from, time_t * until) { if (from) { *from = asn1time_to_timet(X509_get_notBefore(cert->subject)); } if (until) { *until = asn1time_to_timet(X509_get_notAfter(cert->subject)); } } /* Return non-zero if hostname from certificate (cn) matches hostname * used for session (hostname). Doesn't implement complete RFC 2818 * logic; omits "f*.example.com" support for simplicity. */ static int match_hostname(char *cn, const char *hostname) { const char *dot; dot = strchr(hostname, '.'); if (dot == NULL) { char *pnt = strchr(cn, '.'); /* hostname is not fully-qualified; unqualify the cn. */ if (pnt != NULL) { *pnt = '\0'; } } else if (strncmp(cn, "*.", 2) == 0) { hostname = dot + 1; cn += 2; } return !nussl_strcasecmp(cn, hostname); } /* Check certificate identity. Returns zero if identity matches; 1 if * identity does not match, or <0 if the certificate had no identity. * If 'identity' is non-NULL, store the malloc-allocated identity in * *identity. Logic specified by RFC 2818 and RFC 3280. */ /* static int check_identity(const nussl_uri *server, X509 *cert, char **identity) */ static int check_identity(const char *expected_hostname, X509 * cert, char **identity) { STACK_OF(GENERAL_NAME) * names; int match = 0, found = 0; char *found_hostname = NULL; /* hostname = server ? server->host : ""; */ names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); /* if expected_hostname is NULL, do not check subjectAltName, * we are only looking for the CN */ if (names && expected_hostname != NULL) { int n; /* subjectAltName contains a sequence of GeneralNames */ for (n = 0; n < sk_GENERAL_NAME_num(names) && !match; n++) { GENERAL_NAME *nm = sk_GENERAL_NAME_value(names, n); /* handle dNSName and iPAddress name extensions only. */ if (nm->type == GEN_DNS) { found_hostname = dup_ia5string(nm->d.ia5); match = match_hostname(found_hostname, expected_hostname); if (match) { found = 1; if (identity) *identity = nussl_strdup(found_hostname); } } else if (nm->type == GEN_IPADD) { /* compare IP address with server IP address. */ nussl_inet_addr *ia; if (nm->d.ip->length == 4) ia = nussl_iaddr_make(nussl_iaddr_ipv4, nm->d.ip->data); else if (nm->d.ip->length == 16) ia = nussl_iaddr_make(nussl_iaddr_ipv6, nm->d.ip->data); else ia = NULL; /* nussl_iaddr_make returns NULL if address type is unsupported */ /* if (ia != NULL) { /\* address type was supported. *\/ */ /* char buf[128]; */ /* match = strcmp(hostname, */ /* nussl_iaddr_print(ia, buf, sizeof buf)) == 0; */ /* found = 1; */ /* nussl_iaddr_free(ia); */ /* } else { */ /* NUSSL_DEBUG(NUSSL_DBG_SSL, "iPAddress name with unsupported " */ /* "address type (length %d), skipped.\n", */ /* nm->d.ip->length); */ /* } */ } /* else if (nm->type == GEN_URI) { */ /* char *name = dup_ia5string(nm->d.ia5); */ /* nussl_uri uri; */ /* if (nussl_uri_parse(name, &uri) == 0 && uri.host && uri.scheme) { */ /* nussl_uri tmp; */ /* if (identity && !found) *identity = nussl_strdup(name); */ /* found = 1; */ /* if (server) { */ /* /\* For comparison purposes, all that matters is */ /* * host, scheme and port; ignore the rest. *\/ */ /* memset(&tmp, 0, sizeof tmp); */ /* tmp.host = uri.host; */ /* tmp.scheme = uri.scheme; */ /* tmp.port = uri.port; */ /* match = nussl_uri_cmp(server, &tmp) == 0; */ /* } */ /* } */ /* nussl_uri_free(&uri); */ /* nussl_free(name); */ /* } */ } } /* free the whole stack. */ if (names) sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); /* Check against the commonName if no DNS alt. names were found, * as per RFC3280. */ if (!found) { X509_NAME *subj = X509_get_subject_name(cert); X509_NAME_ENTRY *entry; nussl_buffer *cname = nussl_buffer_ncreate(30); int idx = -1, lastidx; /* find the most specific commonName attribute. */ do { lastidx = idx; idx = X509_NAME_get_index_by_NID(subj, NID_commonName, lastidx); } while (idx >= 0); if (lastidx < 0) { /* no commonName attributes at all. */ nussl_buffer_destroy(cname); return -1; } /* extract the string from the entry */ entry = X509_NAME_get_entry(subj, lastidx); if (append_dirstring(cname, X509_NAME_ENTRY_get_data(entry))) { nussl_buffer_destroy(cname); return -1; } found_hostname = nussl_strdup(cname->data); if (expected_hostname != NULL) match = match_hostname(found_hostname, expected_hostname); nussl_buffer_destroy(cname); } /*NUSSL_DEBUG(NUSSL_DBG_SSL, "Identity match for '%s' (identity: %s): %s\n", expected_hostname, found_hostname, match ? "good" : "bad");*/ if (identity != NULL) *identity = nussl_strdup(found_hostname); nussl_free(found_hostname); return match ? 0 : 1; } /* Populate an nussl_ssl_certificate structure from an X509 object. */ static nussl_ssl_certificate *populate_cert(nussl_ssl_certificate * cert, X509 * x5) { cert->subj_dn.dn = X509_get_subject_name(x5); cert->issuer_dn.dn = X509_get_issuer_name(x5); cert->issuer = NULL; cert->subject = x5; /* Retrieve the cert identity; pass a dummy hostname to match. */ cert->identity = NULL; check_identity(NULL, x5, &cert->identity); return cert; } /* Return a linked list of certificate objects from an OpenSSL chain. */ static nussl_ssl_certificate *make_chain(STACK_OF(X509) * chain) { int n, count = sk_X509_num(chain); nussl_ssl_certificate *top = NULL, *current = NULL; NUSSL_DEBUG(NUSSL_DBG_SSL, "Chain depth: %d\n", count); for (n = 0; n < count; n++) { nussl_ssl_certificate *cert = nussl_malloc(sizeof *cert); populate_cert(cert, X509_dup(sk_X509_value(chain, n))); #if defined(NUSSL_DEBUGGING) && !defined(_WIN32) if (nussl_debug_mask & NUSSL_DBG_SSL) { fprintf(nussl_debug_stream, "Cert #%d:\n", n); X509_print_fp(nussl_debug_stream, cert->subject); } #endif if (top == NULL) { current = top = cert; } else { current->issuer = cert; current = cert; } } return top; } /* Verifies an SSL server certificate. */ static int check_certificate(nussl_session * sess, SSL * ssl, nussl_ssl_certificate * chain) { X509 *cert = chain->subject; ASN1_TIME *notBefore = X509_get_notBefore(cert); ASN1_TIME *notAfter = X509_get_notAfter(cert); int ret, failures = 0; long result; /* check expiry dates */ if (X509_cmp_current_time(notBefore) >= 0) failures |= NUSSL_SSL_NOTYETVALID; else if (X509_cmp_current_time(notAfter) <= 0) failures |= NUSSL_SSL_EXPIRED; /* Check certificate was issued to this server; pass URI of * server. */ ret = check_identity(sess->server.hostname, cert, NULL); if (ret < 0) { nussl_set_error(sess, _("Server certificate was missing commonName " "attribute in subject name")); return NUSSL_ERROR; } else if (ret > 0) { if (sess->flags[NUSSL_SESSFLAG_IGNORE_ID_MISMATCH] == 0) failures |= NUSSL_SSL_IDMISMATCH; } /* get the result of the cert verification out of OpenSSL */ result = SSL_get_verify_result(ssl); NUSSL_DEBUG(NUSSL_DBG_SSL, "Verify result: %ld = %s\n", result, X509_verify_cert_error_string(result)); switch (result) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: /* TODO: and probably more result codes here... */ failures |= NUSSL_SSL_UNTRUSTED; break; /* ignore these, since we've already noticed them: */ case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_CERT_HAS_EXPIRED: /* cert was trusted: */ case X509_V_OK: break; default: /* TODO: tricky to handle the 30-odd failure cases OpenSSL * presents here (see x509_vfy.h), and present a useful API to * the application so it in turn can then present a meaningful * UI to the user. The only thing to do really would be to * pass back the error string, but that's not localisable. So * just fail the verification here - better safe than * sorry. */ nussl_set_error(sess, _("Certificate verification error: %s"), X509_verify_cert_error_string(result)); return NUSSL_ERROR; } if (failures == 0) { /* verified OK! */ ret = NUSSL_OK; } else { /* Set up the error string. */ nussl__ssl_set_verify_err(sess, failures); ret = NUSSL_ERROR; /* Allow manual override */ #if XXX if (sess->ssl_verify_fn && sess->ssl_verify_fn(sess->ssl_verify_ud, failures, chain) == 0) ret = NUSSL_OK; #endif } return ret; } /* Duplicate a client certificate, which must be in the decrypted state. */ static nussl_ssl_client_cert *dup_client_cert(const nussl_ssl_client_cert * cc) { nussl_ssl_client_cert *newcc = nussl_calloc(sizeof *newcc); newcc->decrypted = 1; newcc->pkey = cc->pkey; if (cc->friendly_name) newcc->friendly_name = nussl_strdup(cc->friendly_name); populate_cert(&newcc->cert, cc->cert.subject); cc->cert.subject->references++; cc->pkey->references++; return newcc; } #if 0 /* Callback invoked when the SSL server requests a client certificate. */ static int provide_client_cert(SSL * ssl, X509 ** cert, EVP_PKEY ** pkey) { nussl_session *const sess = SSL_get_app_data(ssl); #if XXX if (!sess->my_cert && sess->ssl_provide_fn) { nussl_ssl_dname **dnames = NULL; int n, count = 0; STACK_OF(X509_NAME) * ca_list = SSL_get_client_CA_list(ssl); count = ca_list ? sk_X509_NAME_num(ca_list) : 0; if (count > 0) { dnames = nussl_malloc(count * sizeof(nussl_ssl_dname *)); for (n = 0; n < count; n++) { dnames[n] = nussl_malloc(sizeof(nussl_ssl_dname)); dnames[n]->dn = sk_X509_NAME_value(ca_list, n); } } NUSSL_DEBUG(NUSSL_DBG_SSL, "Calling client certificate provider...\n"); sess->ssl_provide_fn(sess->ssl_provide_ud, sess, (const nussl_ssl_dname * const *) dnames, count); if (count) { for (n = 0; n < count; n++) nussl_free(dnames[n]); nussl_free(dnames); } } #endif if (sess->my_cert) { nussl_ssl_client_cert *const cc = sess->my_cert; NUSSL_DEBUG(NUSSL_DBG_SSL, "Supplying client certificate.\n"); cc->pkey->references++; cc->cert.subject->references++; *cert = cc->cert.subject; *pkey = cc->pkey; return 1; } else { NUSSL_DEBUG(NUSSL_DBG_SSL, "No client certificate supplied.\n"); return 0; } } #endif int nussl_ssl_set_clicert(nussl_session * sess, const nussl_ssl_client_cert * cc) { sess->my_cert = dup_client_cert(cc); if (!sess->my_cert) return NUSSL_ERROR; return nussl_ssl_context_keypair_from_data(sess->ssl_context, sess->my_cert); } #ifdef BLAH int nussl_ssl_set_clicert(nussl_session * sess, const nussl_ssl_client_cert * cc) { int ret; sess->my_cert = dup_client_cert(cc); if (sess->my_cert == NULL) return NUSSL_ERROR; ret = SSL_CTX_use_PrivateKey(sess->ssl_context->ctx, cc->pkey); if (ret != 1) return NUSSL_ERROR; ret = SSL_CTX_use_certificate(sess->ssl_context->ctx->ctx, cc->cert.subject); return (ret == 1) ? NUSSL_OK : NUSSL_ERROR; } #endif int nussl__ssl_post_handshake(nussl_session * sess) { nussl_ssl_context *ctx = sess->ssl_context; SSL *ssl; STACK_OF(X509) * chain; int freechain = 0; /* non-zero if chain should be free'd. */ NUSSL_DEBUG(NUSSL_DBG_SSL, "Doing SSL post-handshake checks. (check: %d)\n", sess->check_peer_cert); if (!sess->check_peer_cert) return NUSSL_OK; /* Pass through the hostname if SNI is enabled. */ ctx->hostname = sess->flags[NUSSL_SESSFLAG_TLS_SNI] ? sess->server.hostname : NULL; ssl = nussl__sock_sslsock(sess->socket); chain = SSL_get_peer_cert_chain(ssl); /* For an SSLv2 connection, the cert chain will always be NULL. */ /* The server-side must call SSL_get_peer_certificate * (see SSL_get_peer_cert_chain(3) */ if (chain == NULL || sess->mode == NUSSL_SSL_CTX_SERVER) { X509 *cert = SSL_get_peer_certificate(ssl); if (cert) { chain = sk_X509_new_null(); sk_X509_push(chain, cert); freechain = 1; } } if (sess->check_peer_cert) { if (chain == NULL || sk_X509_num(chain) == 0) { NUSSL_DEBUG(NUSSL_DBG_SSL, "SSL peer did not present certificate\n"); nussl_set_error(sess, _("SSL peer did not present certificate")); if (sess->ssl_context->verify < 2) { /* certificates are not mandatory, so continue */ return NUSSL_OK; } return NUSSL_ERROR; } if (sess->peer_cert) { int diff = X509_cmp(sk_X509_value(chain, 0), sess->peer_cert->subject); if (freechain) sk_X509_free(chain); /* no longer need the chain */ if (diff) { /* This could be a MITM attack: fail the request. */ nussl_set_error(sess, _("Server certificate changed: " "connection intercepted?")); return NUSSL_ERROR; } /* certificate has already passed verification: no need to * verify it again. */ } else { /* new connection: create the chain. */ nussl_ssl_certificate *cert = make_chain(chain); if (freechain) sk_X509_free(chain); /* no longer need the chain */ if (check_certificate(sess, ssl, cert)) { NUSSL_DEBUG(NUSSL_DBG_SSL, "SSL certificate checks failed: %s\n", sess->error); nussl_ssl_cert_free(cert); return NUSSL_ERROR; } /* remember the chain. */ sess->peer_cert = cert; } } if (ctx->sess) { SSL_SESSION *newsess = SSL_get0_session(ssl); /* Replace the session if it has changed. */ if (newsess != ctx->sess || SSL_SESSION_cmp(ctx->sess, newsess)) { SSL_SESSION_free(ctx->sess); ctx->sess = SSL_get1_session(ssl); /* bumping the refcount */ } } else { /* Store the session. */ ctx->sess = SSL_get1_session(ssl); } return NUSSL_OK; } /* For internal use only. */ int nussl__negotiate_ssl(nussl_session * sess) { nussl_ssl_context *ctx = sess->ssl_context; SSL *ssl; STACK_OF(X509) * chain; int freechain = 0; /* non-zero if chain should be free'd. */ NUSSL_DEBUG(NUSSL_DBG_SSL, "Doing SSL negotiation.\n"); /* Pass through the hostname if SNI is enabled. */ ctx->hostname = sess->flags[NUSSL_SESSFLAG_TLS_SNI] ? sess->server. hostname : NULL; if (nussl_sock_connect_ssl(sess->socket, ctx, sess)) { if (ctx->sess) { /* remove cached session. */ SSL_SESSION_free(ctx->sess); ctx->sess = NULL; } nussl_set_error(sess, _("SSL negotiation failed: %s"), nussl_sock_error(sess->socket)); return NUSSL_ERROR; } ssl = nussl__sock_sslsock(sess->socket); chain = SSL_get_peer_cert_chain(ssl); /* For an SSLv2 connection, the cert chain will always be NULL. */ if (chain == NULL) { X509 *cert = SSL_get_peer_certificate(ssl); if (cert) { chain = sk_X509_new_null(); sk_X509_push(chain, cert); freechain = 1; } } if (sess->check_peer_cert) { if (chain == NULL || sk_X509_num(chain) == 0) { nussl_set_error(sess, _ ("SSL server did not present certificate")); return NUSSL_ERROR; } if (sess->peer_cert) { int diff = X509_cmp(sk_X509_value(chain, 0), sess->peer_cert->subject); if (freechain) sk_X509_free(chain); /* no longer need the chain */ if (diff) { /* This could be a MITM attack: fail the request. */ nussl_set_error(sess, _ ("Server certificate changed: " "connection intercepted?")); return NUSSL_ERROR; } /* certificate has already passed verification: no need to * verify it again. */ } else { /* new connection: create the chain. */ nussl_ssl_certificate *cert = make_chain(chain); if (freechain) sk_X509_free(chain); /* no longer need the chain */ if (check_certificate(sess, ssl, cert)) { NUSSL_DEBUG(NUSSL_DBG_SSL, "SSL certificate checks failed: %s\n", sess->error); nussl_ssl_cert_free(cert); return NUSSL_ERROR; } /* remember the chain. */ sess->peer_cert = cert; } } if (ctx->sess) { SSL_SESSION *newsess = SSL_get0_session(ssl); /* Replace the session if it has changed. */ if (newsess != ctx->sess || SSL_SESSION_cmp(ctx->sess, newsess)) { SSL_SESSION_free(ctx->sess); ctx->sess = SSL_get1_session(ssl); /* bumping the refcount */ } } else { /* Store the session. */ ctx->sess = SSL_get1_session(ssl); } return NUSSL_OK; } const nussl_ssl_dname *nussl_ssl_cert_issuer(const nussl_ssl_certificate * cert) { return &cert->issuer_dn; } const nussl_ssl_dname *nussl_ssl_cert_subject(const nussl_ssl_certificate * cert) { return &cert->subj_dn; } const nussl_ssl_certificate *nussl_ssl_cert_signedby(const nussl_ssl_certificate * cert) { return cert->issuer; } const char *nussl_ssl_cert_identity(const nussl_ssl_certificate * cert) { return cert->identity; } void nussl_ssl_trust_default_ca(nussl_session * sess) { X509_STORE *store = SSL_CTX_get_cert_store(sess->ssl_context->ctx); #ifdef NUSSL_SSL_CA_BUNDLE X509_STORE_load_locations(store, NUSSL_SSL_CA_BUNDLE, NULL); #else X509_STORE_set_default_paths(store); #endif } /* Find a friendly name in a PKCS12 structure the hard way, without * decrypting the parts which are encrypted.. */ static char *find_friendly_name(PKCS12 * p12) { STACK_OF(PKCS7) * safes = PKCS12_unpack_authsafes(p12); int n, m; char *name = NULL; if (safes == NULL) return NULL; /* Iterate over the unpacked authsafes: */ for (n = 0; n < sk_PKCS7_num(safes) && !name; n++) { PKCS7 *safe = sk_PKCS7_value(safes, n); STACK_OF(PKCS12_SAFEBAG) * bags; /* Only looking for unencrypted authsafes. */ if (OBJ_obj2nid(safe->type) != NID_pkcs7_data) continue; bags = PKCS12_unpack_p7data(safe); if (!bags) continue; /* Iterate through the bags, picking out a friendly name */ for (m = 0; m < sk_PKCS12_SAFEBAG_num(bags) && !name; m++) { PKCS12_SAFEBAG *bag = sk_PKCS12_SAFEBAG_value(bags, m); name = PKCS12_get_friendlyname(bag); } sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); } sk_PKCS7_pop_free(safes, PKCS7_free); return name; } nussl_ssl_client_cert *nussl_ssl_clicert_read(const char *filename) { PKCS12 *p12; FILE *fp; X509 *cert; EVP_PKEY *pkey; nussl_ssl_client_cert *cc; fp = fopen(filename, "rb"); if (fp == NULL) return NULL; p12 = d2i_PKCS12_fp(fp, NULL); fclose(fp); if (p12 == NULL) { ERR_clear_error(); return NULL; } /* Try parsing with no password. */ if (PKCS12_parse(p12, NULL, &pkey, &cert, NULL) == 1) { /* Success - no password needed for decryption. */ int len = 0; unsigned char *name = X509_alias_get0(cert, &len); cc = nussl_calloc(sizeof *cc); cc->pkey = pkey; cc->decrypted = 1; if (name && len > 0) cc->friendly_name = nussl_strndup((char *) name, len); populate_cert(&cc->cert, cert); PKCS12_free(p12); return cc; } else { /* Failed to parse the file */ int err = ERR_get_error(); ERR_clear_error(); if (ERR_GET_LIB(err) == ERR_LIB_PKCS12 && ERR_GET_REASON(err) == PKCS12_R_MAC_VERIFY_FAILURE) { /* Decryption error due to bad password. */ cc = nussl_calloc(sizeof *cc); cc->friendly_name = find_friendly_name(p12); cc->p12 = p12; return cc; } else { /* Some parse error, give up. */ PKCS12_free(p12); return NULL; } } } int nussl_ssl_clicert_encrypted(const nussl_ssl_client_cert * cc) { return !cc->decrypted; } int nussl_ssl_clicert_decrypt(nussl_ssl_client_cert * cc, const char *password) { X509 *cert; EVP_PKEY *pkey; if (PKCS12_parse(cc->p12, password, &pkey, &cert, NULL) != 1) { ERR_clear_error(); return -1; } if (X509_check_private_key(cert, pkey) != 1) { ERR_clear_error(); X509_free(cert); EVP_PKEY_free(pkey); NUSSL_DEBUG(NUSSL_DBG_SSL, "Decrypted private key/cert are not matched."); return -1; } PKCS12_free(cc->p12); populate_cert(&cc->cert, cert); cc->pkey = pkey; cc->decrypted = 1; cc->p12 = NULL; return 0; } const nussl_ssl_certificate *nussl_ssl_clicert_owner(const nussl_ssl_client_cert * cc) { return &cc->cert; } const char *nussl_ssl_clicert_name(const nussl_ssl_client_cert * ccert) { return ccert->friendly_name; } nussl_ssl_certificate *nussl_ssl_cert_mem_read_x509(void *cert_x509) { X509 *cert = (X509 *) cert_x509; if (cert == NULL) { NUSSL_DEBUG(NUSSL_DBG_SSL, "d2i_X509_fp failed: %s\n", ERR_reason_error_string(ERR_get_error())); ERR_clear_error(); return NULL; } return populate_cert(nussl_calloc(sizeof(struct nussl_ssl_certificate_s)), cert); } nussl_ssl_certificate *nussl_ssl_cert_file_read(const char *filename) { FILE *fp = fopen(filename, "r"); X509 *cert; if (fp == NULL) return NULL; cert = PEM_read_X509(fp, NULL, NULL, NULL); fclose(fp); if (cert == NULL) { NUSSL_DEBUG(NUSSL_DBG_SSL, "d2i_X509_fp failed: %s\n", ERR_reason_error_string(ERR_get_error())); ERR_clear_error(); return NULL; } return populate_cert(nussl_calloc(sizeof(struct nussl_ssl_certificate_s)), cert); } int nussl_ssl_cert_write(const nussl_ssl_certificate * cert, const char *filename) { FILE *fp = fopen(filename, "w"); if (fp == NULL) return -1; if (PEM_write_X509(fp, cert->subject) != 1) { ERR_clear_error(); fclose(fp); return -1; } if (fclose(fp) != 0) return -1; return 0; } void nussl_ssl_cert_free(nussl_ssl_certificate * cert) { X509_free(cert->subject); if (cert->issuer) nussl_ssl_cert_free(cert->issuer); if (cert->identity) nussl_free(cert->identity); nussl_free(cert); } int nussl_ssl_cert_cmp(const nussl_ssl_certificate * c1, const nussl_ssl_certificate * c2) { return X509_cmp(c1->subject, c2->subject); } static int check_crl_validity(nussl_session * sess, const char *crl_file, const char *ca_file) { BIO* crl_bio; BIO* ca_bio; X509_CRL* crl; X509 *ca=NULL; EVP_PKEY *pkey; int ret; NUSSL_DEBUG(NUSSL_DBG_SOCKET, "Loading CRL: %s\n", crl_file); crl_bio = BIO_new(BIO_s_file()); BIO_read_filename(crl_bio, crl_file); if (crl_bio == NULL) return NUSSL_FAILED; crl = PEM_read_bio_X509_CRL(crl_bio, NULL, NULL, NULL); BIO_free(crl_bio); if (crl == NULL) return NUSSL_FAILED; ca_bio = BIO_new_file(ca_file, "rb"); if (ca_bio == NULL) return NUSSL_FAILED; ca = PEM_read_bio_X509(ca_bio, NULL, NULL, NULL); if (ca == NULL) return NUSSL_FAILED; pkey = X509_get_pubkey(ca); BIO_free(ca_bio); if (pkey == NULL) { EVP_PKEY_free(pkey); X509_CRL_free(crl); nussl_set_error(sess, _("CRL check failed: could not extract certificate authority public key from %s: %s\n"),ca_file,ERR_error_string(ERR_get_error(), NULL)); return NUSSL_FAILED; } // Check the validity of the CRL against the CA ret = X509_CRL_verify(crl, pkey); EVP_PKEY_free(pkey); if (ret <= 0) { X509_CRL_free(crl); /* Note that we cannot use ERR_error_string(ERR_get_error(), NULL) * here, it returns something completely useless like: * Error: 67567722 : error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01 * In human-readable form, this means the CRL is not signed by the CA ... */ nussl_set_error(sess, "CRL check failed. Is CRL issued by the same Certificate Authority ?\n"); return NUSSL_FAILED; } if (X509_cmp_current_time(X509_CRL_get_nextUpdate(crl)) < 0 || X509_cmp_current_time(X509_CRL_get_lastUpdate(crl)) > 0) { X509_CRL_free(crl); nussl_set_error(sess, "CRL check failed: CRL has expired\n"); return NUSSL_FAILED; } return NUSSL_OK; } int nussl_ssl_set_crl_file(nussl_session * sess, const char *crl_file, const char *ca_file) { X509_STORE *store = SSL_CTX_get_cert_store(sess->ssl_context->ctx); X509_LOOKUP* lu; int ret; if (store == NULL) return NUSSL_ERROR; if (check_crl_validity(sess, crl_file, ca_file) != 0) { return NUSSL_FAILED; } lu = X509_STORE_add_lookup(store, X509_LOOKUP_file()); if (lu == NULL) return NUSSL_ERROR; //ret = X509_load_crl_file(lu, crl_file, X509_FILETYPE_ASN1); ret = X509_load_crl_file(lu, crl_file, X509_FILETYPE_PEM); if (ret == 1) { X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); return NUSSL_OK; } return NUSSL_ERROR; } int nussl_ssl_set_ca_file(nussl_session *sess, const char *cafile) { STACK_OF(X509_INFO) *sk = NULL; STACK_OF(X509) *stack = NULL; nussl_ssl_certificate *ca; BIO *in = NULL; X509_INFO *xi; int num_certs, num_checked = 0; int i, ret = NUSSL_ERROR; if (sess == NULL || sess->ssl_context == NULL) return NUSSL_ERROR; stack = sk_X509_new_null(); if ( !stack ) { nussl_set_error(sess, _("trust cert : memory allocation failure")); goto end; } in = BIO_new_file(cafile, "r"); if ( !in ) { nussl_set_error(sess, _("trust cert : error opening the file")); goto end; } sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); if ( !sk ) { nussl_set_error(sess, _("trust cert : error reading the file")); goto end; } while ( sk_X509_INFO_num(sk) ) { xi = sk_X509_INFO_shift(sk); if ( xi->x509 != NULL ) { sk_X509_push(stack, xi->x509); xi->x509 = NULL; } X509_INFO_free(xi); } num_certs = sk_X509_num(stack); for ( i=0; i < num_certs; i++ ) { X509 *ucert = NULL; int res; ucert = sk_X509_value(stack, i); ca = nussl_ssl_cert_mem_read_x509(ucert); if ( ca ) { res = nussl_ssl_context_trustcert(sess->ssl_context, ca); if ( res == NUSSL_OK ) num_checked++; } } if ( num_checked ) { if ( num_checked == num_certs ) { ret = NUSSL_OK; } } end: if (in) BIO_free(in); if (sk) sk_X509_INFO_free(sk); if ( stack ) sk_X509_free(stack); return ret; } nussl_ssl_client_cert *nussl_ssl_import_keypair(const char *cert_file, const char *key_file) { FILE *fp; nussl_ssl_client_cert *keypair = NULL; keypair = nussl_calloc(sizeof(nussl_ssl_client_cert)); if (keypair == NULL) return NULL; keypair->decrypted = 1; keypair->p12 = NULL; keypair->friendly_name = NULL; // Load the certificate fp = fopen(cert_file, "r"); if (fp == NULL) { nussl_free(keypair); return NULL; } keypair->cert.subject = PEM_read_X509(fp, NULL, NULL, NULL); fclose(fp); if (keypair->cert.subject == NULL) return NULL; if (populate_cert(&keypair->cert, keypair->cert.subject) == NULL) return NULL; // Load the private key fp = fopen(key_file, "r"); if (fp == NULL) { nussl_free(keypair); return NULL; } keypair->pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL); fclose(fp); if (keypair->pkey == NULL) return NULL; return keypair; } /* The certificate import/export format is the base64 encoding of the * raw DER; PEM without the newlines and wrapping. */ nussl_ssl_certificate *nussl_ssl_cert_import(const char *data) { unsigned char *der; nussl_d2i_uchar *p; size_t len; X509 *x5; /* decode the base64 to get the raw DER representation */ len = nussl_unbase64(data, &der); if (len == 0) return NULL; p = der; x5 = d2i_X509(NULL, &p, len); /* p is incremented */ nussl_free(der); if (x5 == NULL) { ERR_clear_error(); return NULL; } return populate_cert(nussl_calloc (sizeof(struct nussl_ssl_certificate_s)), x5); } char *nussl_ssl_cert_export(const nussl_ssl_certificate * cert) { int len; unsigned char *der, *p; char *ret; /* find the length of the DER encoding. */ len = i2d_X509(cert->subject, NULL); p = der = nussl_malloc(len); i2d_X509(cert->subject, &p); /* p is incremented */ ret = nussl_base64(der, len); nussl_free(der); return ret; } #if SHA_DIGEST_LENGTH != 20 # error SHA digest length is not 20 bytes #endif int nussl_ssl_cert_digest(const nussl_ssl_certificate * cert, char *digest) { unsigned char sha1[EVP_MAX_MD_SIZE]; unsigned int len, j; char *p; if (!X509_digest(cert->subject, EVP_sha1(), sha1, &len) || len != 20) { ERR_clear_error(); return -1; } for (j = 0, p = digest; j < 20; j++) { *p++ = NUSSL_HEX2ASC((sha1[j] >> 4) & 0x0f); *p++ = NUSSL_HEX2ASC(sha1[j] & 0x0f); *p++ = ':'; } p[-1] = '\0'; return 0; } int nussl_get_peer_dn(nussl_session * sess, char *buf, size_t * buf_size) { BIO *mem; char *data = NULL; size_t datalen; int flags = XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV; if (!sess || !sess->peer_cert || !sess->peer_cert->subj_dn.dn) return NUSSL_ERROR; mem = BIO_new(BIO_s_mem()); if (X509_NAME_print_ex(mem, sess->peer_cert->subj_dn.dn, 0, flags)) { datalen = BIO_get_mem_data(mem, &data); if (datalen > *buf_size) datalen = *buf_size; memcpy(buf, data, datalen); buf[datalen] = '\0'; *buf_size = datalen; BIO_free(mem); return NUSSL_OK; } BIO_free(mem); return NUSSL_ERROR; } void *nussl_get_ctx(nussl_session * sess) { if (!sess || !sess->ssl_context) return NULL; return sess->ssl_context->ctx; } #ifdef NUSSL_HAVE_TS_SSL /* Implementation of locking callbacks to make OpenSSL thread-safe. * If the OpenSSL API was better designed, this wouldn't be necessary. * In OpenSSL releases without CRYPTO_set_idptr_callback, it's not * possible to implement the locking in a POSIX-compliant way, since * it's necessary to cast from a pthread_t to an unsigned long at some * point. */ static pthread_mutex_t *locks; static size_t num_locks; #ifndef HAVE_CRYPTO_SET_IDPTR_CALLBACK /* Named to be obvious when it shows up in a backtrace. */ static unsigned long thread_id_neon(void) { /* This will break if pthread_t is a structure; upgrading OpenSSL * >= 0.9.9 (which does not require this callback) is the only * solution. */ return (unsigned long) pthread_self(); } #endif /* Another great API design win for OpenSSL: no return value! So if * the lock/unlock fails, all that can be done is to abort. */ static void thread_lock_neon(int mode, int n, const char *file, int line) { if (mode & CRYPTO_LOCK) { if (pthread_mutex_lock(&locks[n])) { abort(); } } else { if (pthread_mutex_unlock(&locks[n])) { abort(); } } } #endif /* ID_CALLBACK_IS_{NEON,OTHER} evaluate as true if the currently * registered OpenSSL ID callback is the neon function (_NEON), or has * been overwritten by some other app (_OTHER). */ #ifdef HAVE_CRYPTO_SET_IDPTR_CALLBACK #define ID_CALLBACK_IS_OTHER (0) #define ID_CALLBACK_IS_NEON (1) #else #define ID_CALLBACK_IS_OTHER (CRYPTO_get_id_callback() != NULL) #define ID_CALLBACK_IS_NEON (CRYPTO_get_id_callback() == thread_id_neon) #endif int nussl__ssl_init(void) { CRYPTO_malloc_init(); SSL_load_error_strings(); SSL_library_init(); OpenSSL_add_all_algorithms(); #ifdef NUSSL_HAVE_TS_SSL /* If some other library has already come along and set up the * thread-safety callbacks, then it must be presumed that the * other library will have a longer lifetime in the process than * neon. If the library which has installed the callbacks is * unloaded, then all bets are off. */ if (ID_CALLBACK_IS_OTHER || CRYPTO_get_locking_callback() != NULL) { NUSSL_DEBUG(NUSSL_DBG_SOCKET, "ssl: OpenSSL thread-safety callbacks already installed.\n"); NUSSL_DEBUG(NUSSL_DBG_SOCKET, "ssl: neon will not replace existing callbacks.\n"); } else { size_t n; num_locks = CRYPTO_num_locks(); /* For releases where CRYPTO_set_idptr_callback is present, * the default ID callback should be sufficient. */ #ifndef HAVE_CRYPTO_SET_IDPTR_CALLBACK CRYPTO_set_id_callback(thread_id_neon); #endif CRYPTO_set_locking_callback(thread_lock_neon); locks = malloc(num_locks * sizeof *locks); for (n = 0; n < num_locks; n++) { if (pthread_mutex_init(&locks[n], NULL)) { NUSSL_DEBUG(NUSSL_DBG_SOCKET, "ssl: Failed to initialize pthread mutex.\n"); return -1; } } NUSSL_DEBUG(NUSSL_DBG_SOCKET, "ssl: Initialized OpenSSL thread-safety callbacks " "for %" NUSSL_FMT_SIZE_T " locks.\n", num_locks); } #endif return 0; } void nussl__ssl_exit(void) { /* Cannot call ERR_free_strings() etc here in case any other code * in the process using OpenSSL. */ #ifdef NUSSL_HAVE_TS_SSL /* Only unregister the callbacks if some *other* library has not * come along in the mean-time and trampled over the callbacks * installed by neon. */ if (CRYPTO_get_locking_callback() == thread_lock_neon && ID_CALLBACK_IS_NEON) { size_t n; #ifndef HAVE_CRYPTO_SET_IDPTR_CALLBACK CRYPTO_set_id_callback(NULL); #endif CRYPTO_set_locking_callback(NULL); for (n = 0; n < num_locks; n++) { pthread_mutex_destroy(&locks[n]); } free(locks); } #endif } int nussl_ssl_accept(nussl_ssl_socket * ssl_sock, unsigned int timeout, char *errbuf, size_t errbufsz) { int ret, status, sslerr; int sock; int blocking_state; fd_set fd_r, fd_w; struct timeval tv; SSL *ssl = *ssl_sock; if (timeout == 0) { return SSL_accept(ssl); } sock = SSL_get_fd(ssl); blocking_state = fcntl(sock,F_GETFL); fcntl(sock,F_SETFL,(fcntl(sock,F_GETFL)|O_NONBLOCK)); ret = -1; do { status = SSL_accept(ssl); sslerr = SSL_get_error(ssl,status); if (status == 1) { ret = 1; /* ok */ break; } else { FD_ZERO(&fd_r); FD_ZERO(&fd_w); tv.tv_usec = 0; tv.tv_sec = timeout; switch (sslerr) { case SSL_ERROR_WANT_READ: FD_SET(sock,&fd_r); break; case SSL_ERROR_WANT_WRITE: FD_SET(sock,&fd_w); break; default: snprintf(errbuf, errbufsz, "%s", ERR_error_string(ERR_get_error(),NULL)); ret = -1; /* error */ goto exit_accept_handshake; } ret = select(sock + 1, &fd_r, &fd_w, NULL, &tv); if ( ! (FD_ISSET(sock,&fd_r) || FD_ISSET(sock,&fd_w)) ) { /* timeout */ ret = 0; /* timeout */ goto exit_accept_handshake; } } } while (status == -1 && ret != 0); exit_accept_handshake: /* restore blocking state */ fcntl(sock,F_SETFL,blocking_state); return ret; } #endif /* HAVE_OPENSSL */ nufw-2.4.3/src/libs/nussl/nussl_private.h0000644000175000017500000000775411431206275015371 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** Pierre Chifflier ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* HTTP Request Handling Copyright (C) 1999-2006, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ /* THIS IS NOT A PUBLIC INTERFACE. You CANNOT include this header file * from an application. */ #ifndef NUSSL_PRIVATE_H #define NUSSL_PRIVATE_H /* #include "nussl_request.h" */ #include "nussl_socket.h" #include "nussl_ssl.h" struct host_info { char *hostname; unsigned int port; nussl_sock_addr *address; /* if non-NULL, result of resolving 'hostname'. */ /* current network address obtained from 'address' being used. */ const nussl_inet_addr *current; }; /* Store every registered callback in a generic container, and cast * the function pointer when calling it. */ struct hook { void (*fn) (void); void *userdata; const char *id; /* non-NULL for accessors. */ struct hook *next; }; #define HAVE_HOOK(st,func) (st->hook->hooks->func != NULL) #define HOOK_FUNC(st, func) (*st->hook->hooks->func) /* Session support. */ struct nussl_session_s { /* Connection information */ nussl_socket *socket; /* non-zero if connection has persisted beyond one request. */ int persisted; struct host_info server; /* application-provided address list */ const nussl_inet_addr **addrlist; size_t numaddrs, curaddr; int flags[NUSSL_SESSFLAG_LAST]; int rdtimeout, cotimeout; /* read, connect timeouts. */ /* rename into my_cert & peer_cert */ nussl_ssl_client_cert *my_cert; nussl_ssl_certificate *peer_cert; nussl_ssl_context *ssl_context; #if 0 /* Server cert verification callback: */ nussl_ssl_verify_fn ssl_verify_fn; void *ssl_verify_ud; /* Client cert provider callback: */ nussl_ssl_provide_fn ssl_provide_fn; void *ssl_provide_ud; #endif nussl_session_status_info status; int check_peer_cert; /* NUSSL_SSL_CTX_SERVER or NUSSL_SSL_CTX_CLIENT */ int mode; /* Error string */ char error[512]; }; #if 0 /* Pushes block of 'count' bytes at 'buf'. Returns non-zero on * error. */ typedef int (*nussl_push_fn) (void *userdata, const char *buf, size_t count); #endif /* Generate DH prime number. */ int nussl_ssl_create_dh_params(nussl_session * sess, unsigned int dh_bits); /* Do the SSL negotiation. */ int nussl__negotiate_ssl(nussl_session * sess); /* Set the session error appropriate for SSL verification failures. */ void nussl__ssl_set_verify_err(nussl_session * sess, int failures); /* Check certificates after the SSL handshake */ int nussl__ssl_post_handshake(nussl_session * sess); #endif /* HTTP_PRIVATE_H */ nufw-2.4.3/src/libs/nussl/Makefile.in0000644000175000017500000004654711431215400014360 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libs/nussl DIST_COMMON = README $(include_HEADERS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(srcdir)/libnussl.pc.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = libnussl.pc am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkgconfigdir)" \ "$(DESTDIR)$(includedir)" libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) libnussl_la_DEPENDENCIES = am__objects_1 = am_libnussl_la_OBJECTS = nussl_alloc.lo nussl_dates.lo \ nussl_openssl.lo nussl_openssl_ctx.lo nussl_gnutls.lo \ nussl_gnutls_ctx.lo nussl_ssl_common.lo nussl_request.lo \ nussl_session.lo nussl_socket.lo nussl_string.lo \ nussl_utils.lo nussl_openssl_local.lo nussl_gnutls_local.lo \ nussl_hash.lo $(am__objects_1) $(am__objects_1) libnussl_la_OBJECTS = $(am_libnussl_la_OBJECTS) libnussl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libnussl_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libnussl_la_SOURCES) DIST_SOURCES = $(libnussl_la_SOURCES) pkgconfigDATA_INSTALL = $(INSTALL_DATA) DATA = $(pkgconfig_DATA) includeHEADERS_INSTALL = $(INSTALL_HEADER) HEADERS = $(include_HEADERS) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ lib_LTLIBRARIES = libnussl.la EXTRA_DIST = README # headers to be installed include_HEADERS = nussl.h nussl_constants.h nussl_hash.h # headers required for build noinst_libnussl_la_SOURCES = nussl_alloc.h nussl_config.h \ nussl_dates.h nussl_defs.h nussl_internal.h \ nussl_private.h nussl_privssl.h nussl_request.h \ nussl_session.h nussl_socket.h \ nussl_ssl_common.h nussl_ssl.h nussl_string.h nussl_utils.h # sources libnussl_la_SOURCES = nussl_alloc.c nussl_dates.c nussl_openssl.c \ nussl_openssl_ctx.c nussl_gnutls.c nussl_gnutls_ctx.c \ nussl_ssl_common.c nussl_request.c nussl_session.c nussl_socket.c \ nussl_string.c nussl_utils.c \ nussl_openssl_local.c nussl_gnutls_local.c \ nussl_hash.c \ ${include_HEADERS} \ ${noinst_libnussl_la_SOURCES} AM_CPPFLAGS = -I$(top_srcdir)/src/include/ -D_REENTRANT LIBNUSSL_AC = 1 LIBNUSSL_REV = 0 LIBNUSSL_ANC = 0 @USE_OPENSSL_TRUE@AM_CFLAGS = $(AM_CPPFLAGS) @OPENSSL_CFLAGS@ @USE_OPENSSL_FALSE@libnussl_la_LIBADD = -lpthread -lgcrypt -lgnutls @USE_OPENSSL_TRUE@libnussl_la_LIBADD = -lpthread @OPENSSL_LIBS@ libnussl_la_LDFLAGS = -version-info ${LIBNUSSL_AC}:${LIBNUSSL_REV}:${LIBNUSSL_ANC} pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libnussl.pc all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libs/nussl/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libs/nussl/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh libnussl.pc: $(top_builddir)/config.status $(srcdir)/libnussl.pc.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ else :; fi; \ done uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ done clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done libnussl.la: $(libnussl_la_OBJECTS) $(libnussl_la_DEPENDENCIES) $(libnussl_la_LINK) -rpath $(libdir) $(libnussl_la_OBJECTS) $(libnussl_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nussl_alloc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nussl_dates.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nussl_gnutls.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nussl_gnutls_ctx.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nussl_gnutls_local.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nussl_hash.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nussl_openssl.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nussl_openssl_ctx.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nussl_openssl_local.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nussl_request.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nussl_session.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nussl_socket.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nussl_ssl_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nussl_string.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nussl_utils.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-pkgconfigDATA: $(pkgconfig_DATA) @$(NORMAL_INSTALL) test -z "$(pkgconfigdir)" || $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)" @list='$(pkgconfig_DATA)'; for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ f=$(am__strip_dir) \ echo " $(pkgconfigDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(pkgconfigdir)/$$f'"; \ $(pkgconfigDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(pkgconfigdir)/$$f"; \ done uninstall-pkgconfigDATA: @$(NORMAL_UNINSTALL) @list='$(pkgconfig_DATA)'; for p in $$list; do \ f=$(am__strip_dir) \ echo " rm -f '$(DESTDIR)$(pkgconfigdir)/$$f'"; \ rm -f "$(DESTDIR)$(pkgconfigdir)/$$f"; \ done install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" @list='$(include_HEADERS)'; for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ f=$(am__strip_dir) \ echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ done uninstall-includeHEADERS: @$(NORMAL_UNINSTALL) @list='$(include_HEADERS)'; for p in $$list; do \ f=$(am__strip_dir) \ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ rm -f "$(DESTDIR)$(includedir)/$$f"; \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) $(DATA) $(HEADERS) installdirs: for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkgconfigdir)" "$(DESTDIR)$(includedir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-includeHEADERS install-pkgconfigDATA install-dvi: install-dvi-am install-exec-am: install-libLTLIBRARIES install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES \ uninstall-pkgconfigDATA .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libLTLIBRARIES clean-libtool ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-includeHEADERS install-info \ install-info-am install-libLTLIBRARIES install-man install-pdf \ install-pdf-am install-pkgconfigDATA install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags uninstall uninstall-am \ uninstall-includeHEADERS uninstall-libLTLIBRARIES \ uninstall-pkgconfigDATA # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/libs/nussl/nussl_gnutls_local.c0000644000175000017500000001516411431206275016372 00000000000000/* ** Copyright (C) 2009 INL ** Written by Pierre Chifflier ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #include "config.h" #ifdef HAVE_GNUTLS #include #include #include #ifdef HAVE_STRING_H #include #endif #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_ICONV #include #endif #include "nussl_config.h" #include "nussl_ssl_common.h" #include "nussl_ssl.h" #include "nussl_string.h" #include "nussl_session.h" #include "nussl_internal.h" #include "nussl_private.h" #include "nussl_privssl.h" #include "nussl_utils.h" int read_to_datum(const char *filename, gnutls_datum * datum); /* append src to dst, guaranteeing a null terminator. * If dst+src is too big, truncate it. * Return strlen(old dst)+dstrlen(src). */ size_t safe_strlcat(char *dst, const char *src, size_t size) { size_t n=0; /* find the end of string in dst */ #ifdef STRLEN_FASTER if (!size) return strlen(src); n = strlen(dst); dst += n; #else while (n < size && *dst++) ++n; if (n >= size) return size + strlen(src); /* back up over the '\0' */ --dst; #endif /* copy bytes from src to dst. * If there's no space left, stop copying * if we copy a '\0', stop copying */ while (n < size) { if (!(*dst++ = *src++)) return n; ++n; } if (n == size) { /* overflow, so truncate the string, and ... */ if (size) dst[-1] = '\0'; /* ... work out what the length would have been had there been * enough space in the buffer */ n += strlen(dst); } return n; } /* Verifies a certificate against an other certificate * which is supposed to be it's issuer. Also checks the * crl_list if the certificate is revoked. */ static int verify_cert2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, gnutls_x509_crl_t * crl_list, int crl_list_size, char *buf, size_t buf_sz) { unsigned int output; int ret; time_t now = time (0); int result = 0; /* Do the actual verification. */ gnutls_x509_crt_verify (crt, &issuer, 1, 0, &output); if (output & GNUTLS_CERT_INVALID) { result++; if (buf != NULL && buf_sz > 0) snprintf(buf, buf_sz, "Not trusted"); if (output & GNUTLS_CERT_SIGNER_NOT_FOUND) if (buf != NULL && buf_sz > 0) safe_strlcat(buf, ": no issuer was found", buf_sz); if (output & GNUTLS_CERT_SIGNER_NOT_CA) if (buf != NULL && buf_sz > 0) safe_strlcat(buf, ": issuer is not a CA", buf_sz); } else if (buf != NULL && buf_sz > 0) snprintf(buf, buf_sz, "Trusted"); /* Now check the expiration dates. */ if (gnutls_x509_crt_get_activation_time (crt) > now) { result++; if (buf != NULL && buf_sz > 0) safe_strlcat(buf, " / Not yet activated", buf_sz); } if (gnutls_x509_crt_get_expiration_time (crt) < now) { result++; if (buf != NULL && buf_sz > 0) safe_strlcat(buf, " / Expired", buf_sz); } /* Check if the certificate is revoked. */ ret = gnutls_x509_crt_check_revocation (crt, crl_list, crl_list_size); if (ret == 1) { /* revoked */ result++; if (buf != NULL && buf_sz > 0) safe_strlcat(buf, " / Revoked", buf_sz); } return result; } /* local check of certificate against CA and CRL (optional) */ int nussl_local_check_certificate(const char *cert_file, const char *ca_cert_file, const char *ca_path, const char *crl_file, char *ret_message, size_t message_sz) { gnutls_datum datum_cert, datum_ca, datum_crl; gnutls_x509_crt_t cert; gnutls_x509_crt_t ca; gnutls_x509_crl_t crl; int ret; int result=-1; datum_cert.data = NULL; datum_ca.data = NULL; datum_crl.data = NULL; if (read_to_datum(cert_file, &datum_cert)) return -1; gnutls_x509_crt_init(&cert); ret = gnutls_x509_crt_import(cert, &datum_cert, GNUTLS_X509_FMT_PEM); if (ret) { if (ret_message != NULL && message_sz > 0) snprintf(ret_message, message_sz, "TLS: Could not import cert data\n"); goto label_local_check_certificate; } if (ca_cert_file != NULL) { ret = read_to_datum(ca_cert_file, &datum_ca); if (ret != 0) goto label_local_check_certificate; gnutls_x509_crt_init(&ca); ret = gnutls_x509_crt_import(ca, &datum_ca, GNUTLS_X509_FMT_PEM); if (ret) { if (ret_message != NULL && message_sz > 0) snprintf(ret_message, message_sz, "TLS: Could not import CA data\n"); goto label_local_check_certificate; } } if (crl_file != NULL) { ret = read_to_datum(crl_file, &datum_crl); if (ret != 0) goto label_local_check_certificate; gnutls_x509_crl_init(&crl); ret = gnutls_x509_crl_import(crl, &datum_crl, GNUTLS_X509_FMT_PEM); if (ret) { if (ret_message != NULL && message_sz > 0) snprintf(ret_message, message_sz, "TLS: Could not import CRL data\n"); goto label_local_check_certificate; } } result = verify_cert2(cert, ca, &crl, 1 /* crl list size */, ret_message, message_sz); label_local_check_certificate: if (datum_cert.data != NULL) { gnutls_free(datum_cert.data); } if (datum_ca.data != NULL) { gnutls_x509_crt_deinit(ca); gnutls_free(datum_ca.data); } if (datum_crl.data != NULL) { gnutls_x509_crl_deinit(crl); gnutls_free(datum_crl.data); } gnutls_x509_crt_deinit(cert); return result; } #endif /* HAVE_GNUTLS */ nufw-2.4.3/src/libs/nussl/README0000644000175000017500000000053011431206275013163 00000000000000libnussl: Library to manage SSL dependent from GnuTLS or OpenSSL ================================================================ Based on libneon code available at: http://www.webdav.org/neon/ Written by: - Sebastien Tricaud, - Laurent Defert, - Pierre Chifflier, nufw-2.4.3/src/libs/nussl/nussl_ssl.h0000644000175000017500000002230611431206275014506 00000000000000/* ** Copyright (C) 20072009 INL ** Written by S.Tricaud ** L.Defert ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* SSL/TLS abstraction layer for neon Copyright (C) 2003-2006, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ /* nussl_ssl.h defines an interface for loading and accessing the * properties of SSL certificates. */ #ifndef NUSSL_SSL_H #define NUSSL_SSL_H 1 #include #include "nussl_defs.h" /* NUSSL_BEGIN_DECLS */ /* A "distinguished name"; a unique name for some entity. */ typedef struct nussl_ssl_dname_s nussl_ssl_dname; /* Returns a single-line string representation of a distinguished * name, intended to be human-readable (e.g. "Acme Ltd., Norfolk, * GB"). Return value is a UTF-8-encoded malloc-allocated string and * must be free'd by the caller. */ char *nussl_ssl_readable_dname(const nussl_ssl_dname * dn); /* Returns zero if 'dn1' and 'dn2' refer to same name, or non-zero if * they are different. */ int nussl_ssl_dname_cmp(const nussl_ssl_dname * dn1, const nussl_ssl_dname * dn2); /* An SSL certificate. */ typedef struct nussl_ssl_certificate_s nussl_ssl_certificate; /* Read a certificate from a file in PEM format; returns NULL if the * certificate could not be parsed. */ nussl_ssl_certificate *nussl_ssl_cert_file_read(const char *filename); /* Write a certificate to a file in PEM format; returns non-zero if * the certificate could not be written. */ int nussl_ssl_cert_write(const nussl_ssl_certificate * cert, const char *filename); /* Export a certificate to a base64-encoded, NUL-terminated string. * The returned string is malloc-allocated and must be free()d by the * caller. */ char *nussl_ssl_cert_export(const nussl_ssl_certificate * cert); /* Import a certificate from a base64-encoded string as returned by * nussl_ssl_cert_export(). Returns a certificate object or NULL if * 'data' was not valid. */ nussl_ssl_certificate *nussl_ssl_cert_import(const char *data); /** * Retrieves the “identity†of a certificate; for an SSL server certificate, * this will be the hostname for which the certificate was issued. * In PKI parlance, the identity is the common name attribute of the * distinguished name of the certificate subject. * @param cert a nussl certificate * @see nussl_ssl_cert_subject * @see nussl_ssl_cert_issuer * @return the identity of the certificate as UTF-8-encoded string * or NULL if none is given. * */ const char *nussl_ssl_cert_identity(const nussl_ssl_certificate * cert); /* Return the certificate of the entity which signed certificate * 'cert'. Returns NULL if 'cert' is self-signed or the issuer * certificate is not available. */ const nussl_ssl_certificate *nussl_ssl_cert_signedby(const nussl_ssl_certificate * cert); /* Returns the distinguished name of the certificate issuer. */ const nussl_ssl_dname *nussl_ssl_cert_issuer(const nussl_ssl_certificate * cert); /* Returns the distinguished name of the certificate subject. */ const nussl_ssl_dname *nussl_ssl_cert_subject(const nussl_ssl_certificate * cert); #define NUSSL_SSL_DIGESTLEN (60) /* Calculate the certificate digest ("fingerprint") and format it as a * NUL-terminated hex string in 'digest', of the form "aa:bb:...:ff". * Returns zero on success or non-zero if there was an internal error * whilst calculating the digest. 'digest' must be at least * NUSSL_SSL_DIGESTLEN bytes in length. */ int nussl_ssl_cert_digest(const nussl_ssl_certificate * cert, char *digest); /* Copy the validity times for the certificate 'cert' into 'from' and * 'until' (either may be NULL). If the time cannot be represented by * a time_t value, then (time_t)-1 will be written. */ void nussl_ssl_cert_validity_time(const nussl_ssl_certificate * cert, time_t * from, time_t * until); #define NUSSL_SSL_VDATELEN (30) /* Copy the validity times into buffers 'from' and 'until' as * NUL-terminated human-readable strings, using RFC 1123-style date * formatting (and not localized, so always using English month/week * names). The buffers must be at least NUSSL_SSL_VDATELEN bytes in * length, and either may be NULL. */ void nussl_ssl_cert_validity(const nussl_ssl_certificate * cert, char *from, char *until); /* Returns zero if 'c1' and 'c2' refer to the same certificate, or * non-zero otherwise. */ int nussl_ssl_cert_cmp(const nussl_ssl_certificate * c1, const nussl_ssl_certificate * c2); /* Deallocate memory associated with certificate. */ void nussl_ssl_cert_free(nussl_ssl_certificate * cert); /* A client certificate (and private key). */ typedef struct nussl_ssl_client_cert_s nussl_ssl_client_cert; /* Read a client certificate and private key from a PKCS12 file; * returns NULL if the file could not be parsed, or otherwise * returning a client certificate object. */ nussl_ssl_client_cert *nussl_ssl_clicert_read(const char *filename); /* Returns the "friendly name" given for the client cert, or NULL if * none given. This can be called before or after the client cert has * been decrypted. Returns a NUL-terminated, UTF-8-encoded string. */ const char *nussl_ssl_clicert_name(const nussl_ssl_client_cert * ccert); /* Returns non-zero if client cert is encrypted. */ int nussl_ssl_clicert_encrypted(const nussl_ssl_client_cert * ccert); /* Decrypt the encrypted client cert using given password. Returns * non-zero on failure, in which case, the function can be called * again with a different password. For a ccert on which _encrypted() * returns 0, calling _decrypt results in undefined behaviour. */ int nussl_ssl_clicert_decrypt(nussl_ssl_client_cert * ccert, const char *password); /* Return the actual certificate part of the client certificate (never * returns NULL). */ const nussl_ssl_certificate *nussl_ssl_clicert_owner(const nussl_ssl_client_cert * ccert); /* Destroy a client certificate object. */ void nussl_ssl_clicert_free(nussl_ssl_client_cert * ccert); /* SSL context object. The interfaces to manipulate an SSL context * are only needed when interfacing directly with nussl_socket.h. */ typedef struct nussl_ssl_context_s nussl_ssl_context; /* Create an SSL context. */ nussl_ssl_context *nussl_ssl_context_create(int mode); /* Client mode: trust the given certificate 'cert' in context 'ctx'. */ int nussl_ssl_context_trustcert(nussl_ssl_context * ctx, const nussl_ssl_certificate * cert); /* Add directory of trusted certificates */ int nussl_ssl_context_trustdir(nussl_ssl_context * ctx, const char *capath); /* Set the client certificate */ int nussl_ssl_context_keypair_from_data(nussl_ssl_context * ctx, nussl_ssl_client_cert * cert); /* Server mode: use given cert and key (filenames to PEM certificates). */ int nussl_ssl_context_keypair(nussl_ssl_context * ctx, const char *cert, const char *key); /* Server mode: Set DH parameters */ int nussl_ssl_context_set_dh_bits(nussl_ssl_context * ctx, unsigned int dh_bits); /* Server mode: Set DH parameters */ int nussl_ssl_context_set_dh_file(nussl_ssl_context * ctx, const char *file); /* Server mode: set client cert verification options: required is non-zero if * a client cert is required, if ca_names is non-NULL it is a filename containing * a set of PEM certs from which CA names are sent in the ccert request. */ /* * This function has been replaced by: * int nussl_ssl_context_set_verify(nussl_session *session, int required, * const char *verify_cas) * int nussl_ssl_context_set_verify(nussl_ssl_context *ctx, int required, const char *ca_names, const char *verify_cas); */ #define NUSSL_SSL_CTX_SSLv2 (0) /* Set a flag for the SSL context. */ void nussl_ssl_context_set_flag(nussl_ssl_context * ctx, int flag, int value); /* Destroy an SSL context. */ void nussl_ssl_context_destroy(nussl_ssl_context * ctx); /* NUSSL_END_DECLS */ #endif nufw-2.4.3/src/libs/nussl/nussl_internal.h0000644000175000017500000000745111431206275015525 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ /* Global interfaces private to neon. Copyright (C) 2005-2006, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ /* NOTE WELL: The interfaces defined in this file are internal to neon * and MUST NOT be used by neon-based applications. */ #ifndef NUSSL_INTERNAL_H #define NUSSL_INTERNAL_H 1 #include "nussl_config.h" #ifdef HAVE_SYS_LIMITS_H #include #endif #ifdef HAVE_LIMITS_H #include /* for UINT_MAX etc */ #endif #include "nussl_defs.h" #undef _ #ifdef NUSSL_HAVE_I18N #include #define _(str) dgettext(PACKAGE_NAME, str) #else #define _(str) (str) #endif /* NUSSL_ENABLE_NLS */ #define N_(str) (str) #if !defined(LONG_LONG_MAX) && defined(LLONG_MAX) #define LONG_LONG_MAX LLONG_MAX #elif !defined(LONG_LONG_MAX) && defined(LONGLONG_MAX) #define LONG_LONG_MAX LONGLONG_MAX #endif #if defined(NUSSL_LFS) #define nussl_lseek lseek64 #define FMT_NE_OFF_T NUSSL_FMT_OFF64_T #define NUSSL_OFFT_MAX LONG_LONG_MAX #ifdef HAVE_STRTOLL #define nussl_strtoff strtoll #else #define nussl_strtoff strtoq #endif #else /* !NUSSL_LFS */ #define nussl_lseek lseek #define FMT_NE_OFF_T NUSSL_FMT_OFF_T #if defined(SIZEOF_LONG_LONG) && defined(LONG_LONG_MAX) \ && SIZEOF_OFF_T == SIZEOF_LONG_LONG #define NUSSL_OFFT_MAX LONG_LONG_MAX #else #define NUSSL_OFFT_MAX LONG_MAX #endif #if SIZEOF_OFF_T > SIZEOF_LONG && defined(HAVE_STRTOLL) #define nussl_strtoff strtoll #elif SIZEOF_OFF_T > SIZEOF_LONG && defined(HAVE_STRTOQ) #define nussl_strtoff strtoq #else #define nussl_strtoff strtol #endif #endif /* NUSSL_LFS */ #endif /* NUSSL_INTERNAL_H */ nufw-2.4.3/src/libs/nussl/nussl_gnutls_ctx.c0000644000175000017500000001447611431206275016103 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* neon SSL/TLS support using GNU TLS Copyright (C) 2007, Joe Orton Copyright (C) 2004, Aleix Conchillo Flaque This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #include "config.h" #ifdef HAVE_GNUTLS #include #include #include #ifdef HAVE_STRING_H #include #endif #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_ICONV #include #endif #include "nussl_config.h" #include "nussl_ssl_common.h" #include "nussl_ssl.h" #include "nussl_string.h" #include "nussl_session.h" #include "nussl_internal.h" #include "nussl_private.h" #include "nussl_privssl.h" #include "nussl_utils.h" int read_to_datum(const char *filename, gnutls_datum * datum); nussl_ssl_context *nussl_ssl_context_create(int flags) { nussl_ssl_context *ctx = nussl_calloc(sizeof *ctx); gnutls_certificate_allocate_credentials(&ctx->cred); /* if (flags == NUSSL_SSL_CTX_CLIENT) { gnutls_certificate_client_set_retrieve_function(ctx->cred, provide_client_cert); }*/ return ctx; } #if 0 int nussl_ssl_context_keypair(nussl_ssl_context * ctx, const char *cert, const char *key) { return (gnutls_certificate_set_x509_key_file(ctx->cred, cert, key, GNUTLS_X509_FMT_PEM) == 0) ? NUSSL_OK : NUSSL_ERROR; } #endif int nussl_ssl_context_keypair_from_data(nussl_ssl_context * ctx, nussl_ssl_client_cert * cert) { int ret; ret = gnutls_certificate_set_x509_key(ctx->cred, &cert->cert.subject, 1, cert->pkey); if (ret != 0) return NUSSL_ERROR; gnutls_certificate_set_dh_params(ctx->cred, ctx->dh); return (ret == 0) ? NUSSL_OK : NUSSL_ERROR; } /* Server mode: Set DH parameters */ int nussl_ssl_context_set_dh_bits(nussl_ssl_context * ctx, unsigned int dh_bits) { ctx->dh_bits = dh_bits; if (gnutls_dh_params_init(&ctx->dh) < 0) return NUSSL_ERROR; if (gnutls_dh_params_generate2(ctx->dh, ctx->dh_bits) < 0) return NUSSL_ERROR; return NUSSL_OK; } int nussl_ssl_context_set_dh_file(nussl_ssl_context * ctx, const char *filename) { gnutls_datum_t datum_dh; int ret; datum_dh.data = NULL; if (!filename) return NUSSL_ERROR; /* read CRL and CA */ ret = read_to_datum(filename, &datum_dh); if (ret != 0) return NUSSL_ERROR; if (gnutls_dh_params_init(&ctx->dh) < 0) { free(datum_dh.data); return NUSSL_ERROR; } if (gnutls_dh_params_import_pkcs3(ctx->dh, &datum_dh, GNUTLS_X509_FMT_PEM) < 0) { free(datum_dh.data); return NUSSL_ERROR; } free(datum_dh.data); return NUSSL_OK; } #if 0 int nussl_ssl_context_set_verify(nussl_ssl_context * ctx, int required, const char *ca_names, const char *verify_cas) { ctx->verify = required; if (verify_cas) { gnutls_certificate_set_x509_trust_file(ctx->cred, verify_cas, GNUTLS_X509_FMT_PEM); } /* gnutls_certificate_send_x509_rdn_sequence in gnutls >= 1.2 can * be used to *suppress* sending the CA names, but not control it, * it seems. */ return 0; } #endif void nussl_ssl_context_set_flag(nussl_ssl_context * ctx, int flag, int value) { /* SSLv2 not supported. */ } void nussl_ssl_context_destroy(nussl_ssl_context * ctx) { gnutls_certificate_free_credentials(ctx->cred); gnutls_dh_params_deinit(ctx->dh); if (ctx->cache.client.data) { nussl_free(ctx->cache.client.data); } else if (ctx->cache.server.key.data) { gnutls_free(ctx->cache.server.key.data); gnutls_free(ctx->cache.server.data.data); } if (ctx->ciphers) nussl_free(ctx->ciphers); nussl_free(ctx); } int nussl_ssl_context_trustcert(nussl_ssl_context * ctx, const nussl_ssl_certificate * cert) { gnutls_x509_crt certs = cert->subject; return (gnutls_certificate_set_x509_trust(ctx->cred, &certs, 1) == 0) ? NUSSL_OK : NUSSL_ERROR; } /* Note: adding all CA here will cause the server to send the * complete list to the client when requesting cert, unless * gnutls_certificate_send_x509_rdn_sequence() is used. */ int nussl_ssl_context_trustdir(nussl_ssl_context * ctx, const char *capath) { DIR *dirca = NULL; struct dirent *file; char path_fd[PATH_MAX]; dirca = opendir(capath); if (dirca == NULL) return NUSSL_ERROR; while ((file = readdir(dirca)) != NULL) { #ifdef HAVE_STRUCT_DIRENT_D_TYPE if (!(file->d_type == DT_REG || file->d_type == DT_LNK)) continue; #endif if (!nussl_snprintf(path_fd, sizeof(path_fd), "%s/%s", capath, file->d_name)) continue; if (gnutls_certificate_set_x509_trust_file(ctx->cred, path_fd, GNUTLS_X509_FMT_PEM) < 0) { NUSSL_DEBUG(NUSSL_DBG_SSL, "Ignoring CA file %s\n", path_fd); continue; } } closedir(dirca); return NUSSL_OK; } #endif /* HAVE_GNUTLS */ nufw-2.4.3/src/libs/nussl/nussl_constants.h0000644000175000017500000000751411431206275015725 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #ifndef __NUSSL_CONSTANTS__ #define __NUSSL_CONSTANTS__ /* Context creation modes: */ typedef enum { NUSSL_SSL_CTX_CLIENT, /* client context */ NUSSL_SSL_CTX_SERVER, /* default server context */ NUSSL_SSL_CTX_SERVERv2, /* SSLv2 specific server context */ } nussl_mode_t; typedef enum { NUSSL_CERT_IGNORE, NUSSL_CERT_REQUEST, NUSSL_CERT_REQUIRE, } nussl_cert_t; typedef enum { NUSSL_OK=0, /*!< Success */ NUSSL_ERROR, /*!< Generic error; use nussl_get_error(session) for message */ NUSSL_LOOKUP, /*!< Server or proxy hostname lookup failed */ NUSSL_AUTH, /*!< User authentication failed on server */ NUSSL_PROXYAUTH, /*!< User authentication failed on proxy */ NUSSL_CONNECT, /*!< Could not connect to server */ NUSSL_TIMEOUT, /*!< Connection timed out */ NUSSL_FAILED, /*!< The precondition failed */ NUSSL_RETRY, /*!< Retry request (nussl_end_request ONLY) */ NUSSL_REDIRECT, /*!< See nussl_redirect.h */ } nussl_error_t; typedef enum { NUSSL_SOCK_ERROR=-1, /* Read/Write timed out */ NUSSL_SOCK_TIMEOUT=-2, /* Socket was closed */ NUSSL_SOCK_CLOSED=-3, /* Connection was reset (e.g. server crashed) */ NUSSL_SOCK_RESET=-4, /* Secure connection was closed without proper SSL shutdown. */ NUSSL_SOCK_TRUNC=-5, } ssl_sock_error_t; /* Defined session flags: */ typedef enum nussl_session_flag_e { NUSSL_SESSFLAG_PERSIST = 0, /* disable this flag to prevent use of * persistent connections. */ NUSSL_SESSFLAG_ICYPROTO, /* enable this flag to enable support for * non-HTTP ShoutCast-style "ICY" responses. */ NUSSL_SESSFLAG_SSLv2, /* disable this flag to disable support for * SSLv2, if supported by the SSL library. */ NUSSL_SESSFLAG_RFC4918, /* enable this flag to enable support for * RFC4918-only WebDAV features; losing * backwards-compatibility with RFC2518 * servers. */ NUSSL_SESSFLAG_CONNAUTH, /* enable this flag if an awful, broken, * RFC-violating, connection-based HTTP * authentication scheme is in use. */ NUSSL_SESSFLAG_TLS_SNI, /* disable this flag to disable use of the * TLS Server Name Indication extension. */ NUSSL_SESSFLAG_IGNORE_ID_MISMATCH, /* Enable this flag to ignore mismatch * between server FQDN and certificate CN value. */ NUSSL_SESSFLAG_LAST /* enum sentinel value */ } nussl_session_flag; #endif /* __NUSSL_CONSTANTS__ */ nufw-2.4.3/src/libs/nussl/nussl_hash.c0000644000175000017500000001370011431206275014621 00000000000000/* ** Copyright (C) 2009 INL ** Written by Pierre Chifflier ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #include "config.h" #include "nussl_privssl.h" #include #ifdef HAVE_STRING_H #include #endif #include #include "nussl_hash.h" #define BLOCKSIZE 64 #ifdef HAVE_OPENSSL #include #include #include int nussl_hash_file(nussl_hash_algo_t algo, const char * filename, unsigned char *out, size_t *outsz) { const EVP_MD *md; EVP_MD_CTX mdctx; FILE *stream; size_t n, sum; char buffer[BLOCKSIZE + 72]; int fini = 0; switch (algo) { case NUSSL_HASH_MD5: md = EVP_md5(); break; case NUSSL_HASH_SHA1: md = EVP_sha1(); break; case NUSSL_HASH_SHA256: md = EVP_sha256(); break; case NUSSL_HASH_SHA512: md = EVP_sha512(); break; default: return -1; }; EVP_MD_CTX_init(&mdctx); EVP_DigestInit_ex(&mdctx, md, NULL); stream = fopen(filename, "r"); if (stream == NULL) return -1; while (1) { sum = 0; while (1) { n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); sum += n; if (sum == BLOCKSIZE) break; if (n == 0) { if (ferror (stream)) { return 1; } fini = 1; break; } if (feof (stream)) { fini = 1; break; } } EVP_DigestUpdate(&mdctx, (unsigned char*)buffer, sum); if (fini) { break; } } EVP_DigestFinal_ex(&mdctx, (unsigned char*)out, (unsigned int*)outsz); EVP_MD_CTX_cleanup(&mdctx); fclose(stream); return 0; } int nussl_hash_compute(nussl_hash_algo_t algo, const char *data, size_t datasz, char *out, size_t *outsz) { return nussl_hash_compute_with_salt(algo, data, datasz, NULL, 0, out, outsz); } int nussl_hash_compute_with_salt(nussl_hash_algo_t algo, const char *data, size_t datasz, const char *salt, size_t saltsz, char *out, size_t *outsz) { const EVP_MD *md; EVP_MD_CTX mdctx; switch (algo) { case NUSSL_HASH_MD5: md = EVP_md5(); break; case NUSSL_HASH_SHA1: md = EVP_sha1(); break; case NUSSL_HASH_SHA256: md = EVP_sha256(); break; case NUSSL_HASH_SHA512: md = EVP_sha512(); break; default: return -1; }; EVP_MD_CTX_init(&mdctx); EVP_DigestInit_ex(&mdctx, md, NULL); EVP_DigestUpdate(&mdctx, (unsigned char*)data, datasz); if (salt != NULL && saltsz > 0) { EVP_DigestUpdate(&mdctx, (unsigned char*)salt, saltsz); } EVP_DigestFinal_ex(&mdctx, (unsigned char*)out, (unsigned int*)outsz); EVP_MD_CTX_cleanup(&mdctx); return 0; } #else /* HAVE_OPENSSL */ #include int nussl_hash_file(nussl_hash_algo_t algo, const char * filename, unsigned char *out, size_t *outsz) { gcry_md_hd_t hd; int g_algo = 0; unsigned char *res; FILE *stream; size_t n, sum; char buffer[BLOCKSIZE + 72]; int fini = 0; switch (algo) { case NUSSL_HASH_MD5: g_algo = GCRY_MD_MD5; break; case NUSSL_HASH_SHA1: g_algo = GCRY_MD_SHA1; break; case NUSSL_HASH_SHA256: g_algo = GCRY_MD_SHA256; break; case NUSSL_HASH_SHA512: g_algo = GCRY_MD_SHA512; break; default: return -1; }; gcry_md_open(&hd, g_algo, 0); stream = fopen(filename, "r"); if (stream == NULL) return -1; while (1) { sum = 0; while (1) { n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); sum += n; if (sum == BLOCKSIZE) break; if (n == 0) { if (ferror (stream)) { return 1; } fini = 1; break; } if (feof (stream)) { fini = 1; break; } } gcry_md_write(hd, buffer, sum); if (fini) { break; } } res = (unsigned char *) gcry_md_read(hd, g_algo); *outsz = strlen((char *)res); strncpy((char *)out, (char *)res, *outsz); gcry_md_close(hd); return 0; } int nussl_hash_compute(nussl_hash_algo_t algo, const char *data, size_t datasz, char *out, size_t *outsz) { return nussl_hash_compute_with_salt(algo, data, datasz, NULL, 0, out, outsz); } int nussl_hash_compute_with_salt(nussl_hash_algo_t algo, const char *data, size_t datasz, const char *salt, size_t saltsz, char *out, size_t *outsz) { gcry_md_hd_t hd; int g_algo = 0; char *res; switch (algo) { case NUSSL_HASH_MD5: g_algo = GCRY_MD_MD5; break; case NUSSL_HASH_SHA1: g_algo = GCRY_MD_SHA1; break; case NUSSL_HASH_SHA256: g_algo = GCRY_MD_SHA256; break; case NUSSL_HASH_SHA512: g_algo = GCRY_MD_SHA512; break; default: return -1; }; gcry_md_open(&hd, g_algo, 0); gcry_md_write(hd, data, datasz); if (salt != NULL && saltsz > 0) { gcry_md_write(hd, salt, saltsz); } res = (char *) gcry_md_read(hd, g_algo); *outsz = strlen(res); strncpy(out, res, *outsz); gcry_md_close(hd); return 0; } #endif /* HAVE_OPENSSL */ nufw-2.4.3/src/libs/nussl/nussl_openssl_ctx.c0000644000175000017500000001443411431206275016244 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** Pierre Chifflier ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* neon SSL/TLS support using OpenSSL Copyright (C) 2007, Joe Orton Portions are: Copyright (C) 1999-2000 Tommi Komulainen This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #include "config.h" #ifdef HAVE_OPENSSL #include "nussl_privssl.h" #include #ifdef HAVE_STRING_H #include #endif #include #include #include #include #include #include #ifdef NUSSL_HAVE_TS_SSL #include /* for abort() */ #include #endif #include "nussl_ssl.h" #include "nussl_ssl_common.h" #include "nussl_string.h" #include "nussl_session.h" #include "nussl_internal.h" #include "nussl_private.h" #include "nussl_privssl.h" #include "nussl_utils.h" nussl_ssl_context *nussl_ssl_context_create(int mode) { nussl_ssl_context *ctx = nussl_calloc(sizeof *ctx); if (mode == NUSSL_SSL_CTX_CLIENT) { ctx->ctx = SSL_CTX_new(SSLv23_client_method()); ctx->sess = NULL; /* set client cert callback. */ //SSL_CTX_set_client_cert_cb(ctx->ctx, provide_client_cert); /* enable workarounds for buggy SSL server implementations */ SSL_CTX_set_options(ctx->ctx, SSL_OP_ALL); } else if (mode == NUSSL_SSL_CTX_SERVER) { ctx->ctx = SSL_CTX_new(SSLv23_server_method()); SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_CLIENT); } else { ctx->ctx = SSL_CTX_new(SSLv2_server_method()); SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_CLIENT); } return ctx; } void nussl_ssl_context_set_flag(nussl_ssl_context * ctx, int flag, int value) { long opts = SSL_CTX_get_options(ctx->ctx); switch (flag) { case NUSSL_SSL_CTX_SSLv2: if (value) { /* Enable SSLv2 support; clear the "no SSLv2" flag. */ opts &= ~SSL_OP_NO_SSLv2; } else { /* Disable it: set the flag. */ opts |= SSL_OP_NO_SSLv2; } break; } SSL_CTX_set_options(ctx->ctx, opts); } int nussl_ssl_context_keypair(nussl_ssl_context * ctx, const char *cert, const char *key) { int ret; ret = SSL_CTX_use_PrivateKey_file(ctx->ctx, key, SSL_FILETYPE_PEM); if (ret == 1) { ret = SSL_CTX_use_certificate_file(ctx->ctx, cert, SSL_FILETYPE_PEM); } return ret == 1 ? 0 : -1; } int nussl_ssl_context_keypair_from_data(nussl_ssl_context * ctx, nussl_ssl_client_cert * cert) { int ret; ret = SSL_CTX_use_PrivateKey(ctx->ctx, cert->pkey); if (ret != 1) return NUSSL_ERROR; ret = SSL_CTX_use_certificate(ctx->ctx, cert->cert.subject); return (ret == 1) ? NUSSL_OK : NUSSL_ERROR; } int nussl_ssl_context_set_verify(nussl_ssl_context * ctx, int required, const char *ca_names, const char *verify_cas) { if (required) { int verify_mode = SSL_VERIFY_PEER; if (required == NUSSL_CERT_REQUIRE) verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; SSL_CTX_set_verify(ctx->ctx, verify_mode, NULL); } if (ca_names) { SSL_CTX_set_client_CA_list(ctx->ctx, SSL_load_client_CA_file (ca_names)); } if (verify_cas) { SSL_CTX_load_verify_locations(ctx->ctx, verify_cas, NULL); } return 0; } void nussl_ssl_context_destroy(nussl_ssl_context * ctx) { SSL_CTX_free(ctx->ctx); if (ctx->sess) SSL_SESSION_free(ctx->sess); if (ctx->ciphers) nussl_free(ctx->ciphers); nussl_free(ctx); } int nussl_ssl_context_trustcert(nussl_ssl_context * ctx, const nussl_ssl_certificate * cert) { X509_STORE *store = SSL_CTX_get_cert_store(ctx->ctx); if (store == NULL) return NUSSL_ERROR; return (X509_STORE_add_cert(store, cert->subject) == 1) ? NUSSL_OK : NUSSL_ERROR; } int nussl_ssl_context_trustdir(nussl_ssl_context * ctx, const char *capath) { X509_STORE *store = SSL_CTX_get_cert_store(ctx->ctx); X509_LOOKUP *lookup; int ret; if (store == NULL) return NUSSL_ERROR; lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); ret = X509_LOOKUP_add_dir(lookup, capath, X509_FILETYPE_PEM); return (ret > 0) ? NUSSL_OK : NUSSL_ERROR; } /* Server mode: Set DH parameters */ int nussl_ssl_context_set_dh_bits(nussl_ssl_context * ctx, unsigned int dh_bits) { DH *dh; ERR_clear_error(); dh = DH_new(); if (!DH_generate_parameters_ex(dh, dh_bits, 2, NULL)) { DH_free(dh); return NUSSL_ERROR; } if (SSL_CTX_set_tmp_dh(ctx->ctx, dh) != 1) { DH_free(dh); return NUSSL_ERROR; } ctx->dh = dh; return NUSSL_OK; } int nussl_ssl_context_set_dh_file(nussl_ssl_context * ctx, const char *filename) { FILE *fp; DH *dh; fp = fopen(filename, "r+"); if (fp == NULL) return NUSSL_ERROR; dh = PEM_read_DHparams(fp, NULL, NULL, NULL); fclose(fp); if (dh == NULL) return NUSSL_ERROR; if (SSL_CTX_set_tmp_dh(ctx->ctx, dh) != 1) { DH_free(dh); return NUSSL_ERROR; } ctx->dh = dh; return NUSSL_OK; } #endif /* HAVE_OPENSSL */ nufw-2.4.3/src/libs/nussl/nussl_hash.h0000644000175000017500000000467311431206275014637 00000000000000/* ** Copyright (C) 2009 INL ** Written by Pierre Chifflier ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #ifndef NUSSL_HASH_H #define NUSSL_HASH_H 1 #ifdef __cplusplus extern "C" { #endif /* don't change order or it will break compatibility between client and server */ typedef enum { NUSSL_HASH_NONE = 0, NUSSL_HASH_MD5, NUSSL_HASH_SHA1, NUSSL_HASH_SHA256, NUSSL_HASH_SHA512, } nussl_hash_algo_t; #define NUSSL_HASH_MAX_SIZE 64 /* longest known is SHA512 */ /* out buffer must at least NUSSL_HASH_MAX_SIZE bytes long */ int nussl_hash_compute(nussl_hash_algo_t algo, const char *data, size_t datasz, char *out, size_t *outsz); /* out buffer must at least NUSSL_HASH_MAX_SIZE bytes long */ int nussl_hash_compute_with_salt(nussl_hash_algo_t algo, const char *data, size_t datasz, const char *salt, size_t saltsz, char *out, size_t *outsz); int nussl_hash_file(nussl_hash_algo_t algo, const char * filename, unsigned char *out, size_t *outsz) #ifdef __GNUC__ __attribute__ ((warn_unused_result)) #endif ; #ifdef __cplusplus } #endif #endif /* NUSSL_HASH_H */ nufw-2.4.3/src/libs/nussl/nussl_dates.h0000644000175000017500000000420211431206275015000 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* Date manipulation routines Copyright (C) 1999-2002, 2005, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #ifndef NUSSL_DATES_H #define NUSSL_DATES_H #include #include "nussl_defs.h" NUSSL_BEGIN_DECLS /* Date manipulation routines as per RFC1123 and RFC1036 */ /* Return current date/time in RFC1123 format */ char *nussl_rfc1123_date(time_t anytime); /* Returns time from date/time using the subset of the ISO8601 format * referenced in RFC2518 (e.g as used in the creationdate property in * the DAV: namespace). */ time_t nussl_iso8601_parse(const char *date); NUSSL_END_DECLS #endif /* NUSSL_DATES_H */ nufw-2.4.3/src/libs/nussl/nussl_session.h0000644000175000017500000002740611431206275015376 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** Pierre Chifflier ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* HTTP session handling Copyright (C) 1999-2007, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #ifndef NUSSL_SESSION_H #define NUSSL_SESSION_H 1 #include #include "nussl_ssl.h" /* #include "nussl_uri.h" /\* for nussl_uri *\/ */ #include "nussl_defs.h" #include "nussl_socket.h" #include "nussl_constants.h" #include "nussl_privssl.h" NUSSL_BEGIN_DECLS typedef struct nussl_session_s nussl_session; /* Create a session to the given server, using the given mode. * mode can be one of NUSSL_SSL_CTX_CLIENT, NUSSL_SSL_CTX_SERVER, * or NUSSL_SSL_CTX_SERVERv2 */ nussl_session *nussl_session_create(int mode); void nussl_session_destroy(nussl_session * sess); /* Prematurely force the connection to be closed for the given * session. */ void nussl_close_connection(nussl_session * sess); /* Set the proxy server to be used for the session. */ /*void nussl_session_proxy(nussl_session *sess, const char *hostname, unsigned int port); */ /* Set a new value for a particular session flag. */ void nussl_set_session_flag(nussl_session * sess, nussl_session_flag flag, int value); /* Return 0 if the given flag is not set, >0 it is set, or -1 if the * flag is not supported. */ int nussl_get_session_flag(nussl_session * sess, nussl_session_flag flag); /* Bypass the normal name resolution; force the use of specific set of * addresses for this session, addrs[0]...addrs[n-1]. The addrs array * must remain valid until the session is destroyed. */ void nussl_set_addrlist(nussl_session * sess, const nussl_inet_addr ** addrs, size_t n); /* DEPRECATED: Progress callback. */ typedef void (*nussl_progress) (void *userdata, nussl_off_t progress, nussl_off_t total); /* DEPRECATED API: Set a progress callback for the session; this is * deprecated in favour of nussl_set_notifier(). The progress callback * is invoked for after each block of the request and response body to * indicate request and response progress (there is no way to * distinguish between the two using this interface alone). * * NOTE: Use of this interface is mutually exclusive with the use of * nussl_set_notifier(). A call to nussl_set_progress() removes the * notifier callback, and vice versa. */ void nussl_set_progress(nussl_session * sess, nussl_progress progress, void *userdata); /* Store an opaque context for the session, 'priv' is returned by a * call to nussl_session_get_private with the same ID. */ void nussl_set_session_private(nussl_session * sess, const char *id, void *priv); void *nussl_get_session_private(nussl_session * sess, const char *id); /* Status event type. NOTE: More event types may be added in * subsequent releases, so callers must ignore unknown status types * for forwards-compatibility. */ typedef enum { nussl_status_lookup = 0, /* looking up hostname */ nussl_status_connecting, /* connecting to host */ nussl_status_connected, /* connected to host */ nussl_status_sending, /* sending a request body */ nussl_status_recving, /* receiving a response body */ nussl_status_disconnected /* disconnected from host */ } nussl_session_status; /* Status event information union; the relevant structure within * corresponds to the event type. WARNING: the size of this union is * not limited by ABI constraint; it may be extended with additional * members of different size, or existing members may be extended. */ typedef union nussl_session_status_info_u { struct { /* nussl_status_lookup */ /* The hostname which is being resolved: */ const char *hostname; } lu; struct { /* nussl_status_connecting */ /* The hostname and network address to which a connection * attempt is being made: */ const char *hostname; const nussl_inet_addr *address; } ci; struct { /* nussl_status_connected, nussl_status_disconnected */ /* The hostname to which a connection has just been * established or closed: */ const char *hostname; } cd; struct { /* nussl_status_sending and nussl_status_recving */ /* Request/response body transfer progress; if total == -1, the * total size is unknown; else 0 <= progress <= total: */ nussl_off_t progress, total; } sr; } nussl_session_status_info; /* Callback invoked to notify a new session status event, given by the * 'status' argument. On invocation, the contents of exactly one of * the structures in the info union will be valid, as indicated * above. */ typedef void (*nussl_notify_status) (void *userdata, nussl_session_status status, const nussl_session_status_info * info); /* Set a status notification callback for the session, to report * session status events. Only one notification callback per session * can be registered; the most recent of successive calls to this * function takes effect. Note that * * NOTE: Use of this interface is mutually exclusive with the use of * nussl_set_progress(). A call to nussl_set_notifier() removes the * progress callback, and vice versa. */ void nussl_set_notifier(nussl_session * sess, nussl_notify_status status, void *userdata); /* Certificate verification failures. * The certificate is not yet valid: */ #define NUSSL_SSL_NOTYETVALID (0x01) /* The certificate has expired: */ #define NUSSL_SSL_EXPIRED (0x02) /* The hostname for which the certificate was issued does not * match the hostname of the server; this could mean that the * connection is being intercepted: */ #define NUSSL_SSL_IDMISMATCH (0x04) /* The certificate authority which signed the server certificate is * not trusted: there is no indicatation the server is who they claim * to be: */ #define NUSSL_SSL_UNTRUSTED (0x08) /* The certificate is invalid */ #define NUSSL_SSL_INVALID (0x10) /* The certificate has been revoked */ #define NUSSL_SSL_REVOKED (0x20) /* The certificate issuer has not been found in the trust chain */ #define NUSSL_SSL_SIGNER_NOT_FOUND (0x40) /* The certificate is not signed by a CA */ #define NUSSL_SSL_SIGNER_NOT_CA (0x80) /* The bitmask of known failure bits: if (failures & ~NUSSL_SSL_FAILMASK) * is non-zero, an unrecognized failure is given, and the verification * should be failed. */ #define NUSSL_SSL_FAILMASK (0xff) #if 0 /* A callback which is used when server certificate verification is * needed. The reasons for verification failure are given in the * 'failures' parameter, which is a binary OR of one or more of the * above NUSSL_SSL_* values. failures is guaranteed to be non-zero. The * callback must return zero to accept the certificate: a non-zero * return value will fail the SSL negotiation. */ typedef int (*nussl_ssl_verify_fn) (void *userdata, int failures, const nussl_ssl_certificate * cert); /* Install a callback to handle server certificate verification. This * is required when the CA certificate is not known for the server * certificate, or the server cert has other verification problems. */ void nussl_ssl_set_verify(nussl_session * sess, nussl_ssl_verify_fn fn, void *userdata); #endif /* Use the given client certificate for the session. The client cert * MUST be in the decrypted state, otherwise behaviour is undefined. * The 'clicert' object is duplicated internally so can be destroyed * by the caller. */ int nussl_ssl_set_clicert(nussl_session * sess, const nussl_ssl_client_cert * clicert); #if 0 /* Indicate that the certificate 'cert' is trusted; the 'cert' object * is duplicated internally so can be destroyed by the caller. This * function has no effect for non-SSL sessions. */ void nussl_ssl_trust_cert(nussl_session * sess, const nussl_ssl_certificate * cert); /* If the SSL library provided a default set of CA certificates, trust * this set of CAs. */ void nussl_ssl_trust_default_ca(nussl_session * sess); /* Callback used to load a client certificate on demand. If dncount * is > 0, the 'dnames' array dnames[0] through dnames[dncount-1] * gives the list of CA names which the server indicated were * acceptable. The callback should load an appropriate client * certificate and then pass it to 'nussl_ssl_set_clicert'. */ typedef void (*nussl_ssl_provide_fn) (void *userdata, nussl_session * sess, const nussl_ssl_dname * const *dnames, int dncount); /* Register a function to be called when the server requests a client * certificate. */ void nussl_ssl_provide_clicert(nussl_session * sess, nussl_ssl_provide_fn fn, void *userdata); #endif /* Set the timeout (in seconds) used when reading from a socket. The * timeout value must be greater than zero. */ void nussl_set_read_timeout(nussl_session * sess, int timeout); /* Set the timeout (in seconds) used when making a connection. The * timeout value must be greater than zero. */ void nussl_set_connect_timeout(nussl_session * sess, int timeout); /* Set the error string for the session; takes printf-like format * string. */ void nussl_set_error(nussl_session * sess, const char *format, ...) nussl_attribute((format(printf, 2, 3))); /* Retrieve the error string for the session */ const char *nussl_get_error(nussl_session * sess); /* Set destination hostname / port */ void nussl_set_hostinfo(nussl_session * sess, const char *hostname, unsigned int port); /* Write to session */ /* Return NUSSL_OK on success * Returns a NUSSL_SOCK_* on failure */ int nussl_write(nussl_session * session, const char *buffer, size_t count); /* Read from session */ /* Return the number of bytes read on success * Returns a NUSSL_SOCK_* on failure */ ssize_t nussl_read(nussl_session * session, char *buffer, size_t count); /* Set private key and certificate */ int nussl_ssl_set_keypair(nussl_session * session, const char *cert_file, const char *key_file); /* Set private key and certificate */ int nussl_ssl_set_pkcs12_keypair(nussl_session * session, const char *cert_file, const char *key_file); /* Indicate that the certificate 'cert' is trusted */ int nussl_ssl_trust_cert_file(nussl_session * sess, const char *cert_file); /* Add directory of trusted certificates */ int nussl_ssl_trust_dir(nussl_session * sess, const char *dir); nussl_ssl_client_cert *nussl_ssl_import_keypair(const char *cert_file, const char *key_file); char *nussl_get_cert_info(nussl_session * sess); char *nussl_get_server_cert_dn(nussl_session * sess); char *nussl_get_server_cert_info(nussl_session * sess); int nussl_init(); NUSSL_END_DECLS #endif /* NUSSL_SESSION_H */ nufw-2.4.3/src/libs/nussl/libnussl.pc.in0000644000175000017500000000040111431206275015064 00000000000000prefix=@prefix@ exec_prefix=${prefix} libdir=${exec_prefix}/lib includedir=${prefix}/include Name: libnussl Description: NuFW SSL library Version: @PACKAGE_VERSION@ Requires: Libs: -L${libdir} -lnussl Libs.private: -ldl -lpthread Cflags: -I${includedir} nufw-2.4.3/src/libs/nussl/nussl_dates.c0000644000175000017500000001222611431206275015000 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* Date manipulation routines Copyright (C) 1999-2006, Joe Orton Copyright (C) 2004 Jiang Lei This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #include #include "nussl_config.h" #include #include #ifdef HAVE_STDLIB_H #include #endif #include #ifdef HAVE_STRING_H #include #endif #ifdef WIN32 #include /* for TIME_ZONE_INFORMATION */ #endif #include "nussl_alloc.h" #include "nussl_dates.h" #include "nussl_string.h" /* Generic date manipulation routines. */ /* ISO8601: 2001-01-01T12:30:00Z */ #define ISO8601_FORMAT_Z "%04d-%02d-%02dT%02d:%02d:%lfZ" #define ISO8601_FORMAT_M "%04d-%02d-%02dT%02d:%02d:%lf-%02d:%02d" #define ISO8601_FORMAT_P "%04d-%02d-%02dT%02d:%02d:%lf+%02d:%02d" /* RFC1123: Sun, 06 Nov 1994 08:49:37 GMT */ #define RFC1123_FORMAT "%3s, %02d %3s %4d %02d:%02d:%02d GMT" /* RFC850: Sunday, 06-Nov-94 08:49:37 GMT */ #define RFC1036_FORMAT "%10s %2d-%3s-%2d %2d:%2d:%2d GMT" /* asctime: Wed Jun 30 21:49:08 1993 */ #define ASCTIME_FORMAT "%3s %3s %2d %2d:%2d:%2d %4d" static const char rfc1123_weekdays[7][4] = { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" }; static const char short_months[12][4] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; #if defined(HAVE_STRUCT_TM_TM_GMTOFF) #define GMTOFF(t) ((t).tm_gmtoff) #elif defined(HAVE_STRUCT_TM___TM_GMTOFF) #define GMTOFF(t) ((t).__tm_gmtoff) #elif defined(WIN32) #define GMTOFF(t) (gmt_to_local_win32()) #else /* FIXME: work out the offset anyway. */ #define GMTOFF(t) (0) #endif #ifdef WIN32 time_t gmt_to_local_win32(void) { TIME_ZONE_INFORMATION tzinfo; DWORD dwStandardDaylight; long bias; dwStandardDaylight = GetTimeZoneInformation(&tzinfo); bias = tzinfo.Bias; if (dwStandardDaylight == TIME_ZONE_ID_STANDARD) bias += tzinfo.StandardBias; if (dwStandardDaylight == TIME_ZONE_ID_DAYLIGHT) bias += tzinfo.DaylightBias; return (-bias * 60); } #endif /* Returns the time/date GMT, in RFC1123-type format: eg * Sun, 06 Nov 1994 08:49:37 GMT. */ char *nussl_rfc1123_date(time_t anytime) { struct tm *gmt; char *ret; gmt = gmtime(&anytime); if (gmt == NULL) return NULL; ret = nussl_malloc(29 + 1); /* dates are 29 chars long */ /* it goes: Sun, 06 Nov 1994 08:49:37 GMT */ nussl_snprintf(ret, 30, RFC1123_FORMAT, rfc1123_weekdays[gmt->tm_wday], gmt->tm_mday, short_months[gmt->tm_mon], 1900 + gmt->tm_year, gmt->tm_hour, gmt->tm_min, gmt->tm_sec); return ret; } /* Takes an ISO-8601-formatted date string and returns the time_t. * Returns (time_t)-1 if the parse fails. */ time_t nussl_iso8601_parse(const char *date) { struct tm gmt; int off_hour, off_min; double sec; off_t fix; int n; /* it goes: ISO8601: 2001-01-01T12:30:00+03:30 */ if ((n = sscanf(date, ISO8601_FORMAT_P, &gmt.tm_year, &gmt.tm_mon, &gmt.tm_mday, &gmt.tm_hour, &gmt.tm_min, &sec, &off_hour, &off_min)) == 8) { gmt.tm_sec = (int) sec; fix = -off_hour * 3600 - off_min * 60; } /* it goes: ISO8601: 2001-01-01T12:30:00-03:30 */ else if ((n = sscanf(date, ISO8601_FORMAT_M, &gmt.tm_year, &gmt.tm_mon, &gmt.tm_mday, &gmt.tm_hour, &gmt.tm_min, &sec, &off_hour, &off_min)) == 8) { gmt.tm_sec = (int) sec; fix = off_hour * 3600 + off_min * 60; } /* it goes: ISO8601: 2001-01-01T12:30:00Z */ else if ((n = sscanf(date, ISO8601_FORMAT_Z, &gmt.tm_year, &gmt.tm_mon, &gmt.tm_mday, &gmt.tm_hour, &gmt.tm_min, &sec)) == 6) { gmt.tm_sec = (int) sec; fix = 0; } else { return (time_t) - 1; } gmt.tm_year -= 1900; gmt.tm_isdst = -1; gmt.tm_mon--; return mktime(&gmt) + fix + GMTOFF(gmt); } nufw-2.4.3/src/libs/nussl/Makefile.am0000644000175000017500000000224111431206275014340 00000000000000lib_LTLIBRARIES = libnussl.la EXTRA_DIST = README # headers to be installed include_HEADERS = nussl.h nussl_constants.h nussl_hash.h # headers required for build noinst_libnussl_la_SOURCES = nussl_alloc.h nussl_config.h \ nussl_dates.h nussl_defs.h nussl_internal.h \ nussl_private.h nussl_privssl.h nussl_request.h \ nussl_session.h nussl_socket.h \ nussl_ssl_common.h nussl_ssl.h nussl_string.h nussl_utils.h # sources libnussl_la_SOURCES = nussl_alloc.c nussl_dates.c nussl_openssl.c \ nussl_openssl_ctx.c nussl_gnutls.c nussl_gnutls_ctx.c \ nussl_ssl_common.c nussl_request.c nussl_session.c nussl_socket.c \ nussl_string.c nussl_utils.c \ nussl_openssl_local.c nussl_gnutls_local.c \ nussl_hash.c \ ${include_HEADERS} \ ${noinst_libnussl_la_SOURCES} AM_CPPFLAGS = -I$(top_srcdir)/src/include/ -D_REENTRANT LIBNUSSL_AC=1 LIBNUSSL_REV=0 LIBNUSSL_ANC=0 if USE_OPENSSL AM_CFLAGS=$(AM_CPPFLAGS) @OPENSSL_CFLAGS@ libnussl_la_LIBADD = -lpthread @OPENSSL_LIBS@ else libnussl_la_LIBADD = -lpthread -lgcrypt -lgnutls endif libnussl_la_LDFLAGS = -version-info ${LIBNUSSL_AC}:${LIBNUSSL_REV}:${LIBNUSSL_ANC} pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libnussl.pc nufw-2.4.3/src/libs/nussl/nussl_string.h0000644000175000017500000001742111431206275015215 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* String utility functions Copyright (C) 1999-2007, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #ifndef NUSSL_STRING_H #define NUSSL_STRING_H #include "nussl_defs.h" #include "nussl_alloc.h" #include #include NUSSL_BEGIN_DECLS /* nussl_token and nussl_qtoken return the next token in *str before either * the next separator character 'sep' or the NUL terminator. * nussl_qtoken skips over any parts quoted using a pair of any one of * the characters given in 'quotes'. After returning, *str will point * to the next character after the separator, or NULL if no separator * character was found. * * nussl_qtoken will return NULL if unterminated quotes are found. */ char *nussl_token(char **str, char sep); char *nussl_qtoken(char **str, char sep, const char *quotes); /* Return portion of 'str' with any characters in 'whitespace' shaved * off the beginning and end. Modifies str in-place. */ char *nussl_shave(char *str, const char *whitespace); /* Cleanse 'str' of non-printable (e.g. control) characters. 'str' is * modified in-place, and returned. */ char *nussl_strclean(char *str); /* Encode 'len' bytes of 'text' to base64. Returns malloc-allocated * NUL-terminated buffer which the caller must free(). */ char *nussl_base64(const unsigned char *text, size_t len); /* Decode NUL-terminated base64-encoded string 'data', placing * malloc-allocated raw decoder output in '*out'. Returns length, or * zero on decode error (in which case the content of *out is * undefined). */ size_t nussl_unbase64(const char *data, unsigned char **out); /* Dynamically-allocated string buffer. A string buffer which grows * dynamically . (Strings are zero-terminated still). A * string buffer nussl_buffer which grows dynamically with the string. */ typedef struct { char *data; /* contents: NUL-terminated string */ size_t used; /* strlen(data) + 1 */ size_t length; /* number of bytes allocated */ } nussl_buffer; /* Create a new string buffer object. */ nussl_buffer *nussl_buffer_create(void); /* Create a new string buffer object with at least 'size' bytes of * allocated space. */ nussl_buffer *nussl_buffer_ncreate(size_t size); /* Returns size of data in buffer, equiv to strlen(nussl_buffer_data(buf)) */ #define nussl_buffer_size(buf) ((buf)->used - 1) /* Concatenate all given strings onto the end of the buffer. The * strings must all be NUL-terminated, and MUST be followed by a NULL * argument marking the end of the list. */ void nussl_buffer_concat(nussl_buffer * buf, ...); /* Append a NUL-terminated string 'str' to buf. */ void nussl_buffer_zappend(nussl_buffer * buf, const char *str); /* Append 'len' bytes of 'data' to buf, where 'data' does not contain * a NUL terminator. (A NUL terminator is appended to buf) */ void nussl_buffer_append(nussl_buffer * buf, const char *data, size_t len); /* Print a string to the end of the buffer using printf-style format * string 'format' and subsqeuent arguments. At most 'max' characters * are appended; the number of characters appended (excluding the NUL * terminator) is returned. Behaviour is undefined if 'max' is passed * as zero. */ size_t nussl_buffer_snprintf(nussl_buffer * buf, size_t max, const char *format, ...) nussl_attribute((format(printf, 3, 4))); /* Append a literal, NUL-terminated constant string 'str' to buffer * 'buf'. */ #define nussl_buffer_czappend(buf, str) \ nussl_buffer_append((buf), (str), sizeof((str)) - 1) /* Clear the string buffer 'buf', making it equivalent to the empty * string. */ void nussl_buffer_clear(nussl_buffer * buf); /* Grow the allocated size of string buffer 'buf' to at least 'size' * bytes. */ void nussl_buffer_grow(nussl_buffer * buf, size_t size); /* Re-establish the 'used' invariant if the string buffer data field is * altered directly. */ void nussl_buffer_altered(nussl_buffer * buf); /* Destroy the string buffer object 'buf' without deallocating the * data string. The data string must subsequently be freed using * nussl_free(). */ char *nussl_buffer_finish(nussl_buffer * buf); /* Destroy a string buffer object. */ void nussl_buffer_destroy(nussl_buffer * buf); /* Thread-safe strerror() wrapper; place system error for errno value * 'errnum' in 'buffer', which is of length 'buflen'. Returns * 'buffer'. */ char *nussl_strerror(int errnum, char *buffer, size_t buflen); /* nussl_strnzcpy copies at most 'n'-1 bytes of 'src' to 'dest', and * ensures that 'dest' is subsequently NUL-terminated. */ #define nussl_strnzcpy(dest, src, n) do { size_t nussl__nm1 = (n) - 1; \ strncpy(dest, src, nussl__nm1); dest[nussl__nm1] = '\0'; } while (0) /* Return malloc-allocated concatenation of all NUL-terminated string * arguments, up to a terminating NULL pointer. */ char *nussl_concat(const char *str, ...); /* Wrapper for snprintf: always NUL-terminates returned buffer, and * returns strlen(str). */ size_t nussl_snprintf(char *str, size_t size, const char *fmt, ...) nussl_attribute((format(printf, 3, 4))); /* Wrapper for vsnprintf. */ size_t nussl_vsnprintf(char *str, size_t size, const char *fmt, va_list ap) nussl_attribute((format(printf, 3, 0))); /* Implementations of strcasecmp and strncasecmp which behave as * defined by the ANSI C strcasecmp() and strncasecmp() when in the * POSIX locale; i.e. ignoring the process locale. */ /* Compares 's1' and 's2', ignoring differences in case. */ int nussl_strcasecmp(const char *s1, const char *s2); /* Compares up to 'n' characters of 's1' and 's2', ignoring * differences in case. */ int nussl_strncasecmp(const char *s1, const char *s2, size_t n); /* Return lowercase 'c' as in POSIX locale; note difference from ANSI * C semantics as both the argument and return value are unsigned * char. */ #define nussl_tolower(c) (nussl_tolower_array()[(unsigned char)c]) const unsigned char *nussl_tolower_array(void); /* Convert an ASCII hexadecimal character in the ranges '0'..'9' * 'a'..'f' 'A'..'F' to its numeric equivalent. */ #define NUSSL_ASC2HEX(x) (((x) <= '9') ? ((x) - '0') : \ (nussl_tolower((x)) + 10 - 'a')) /* Convert an integer in the range 0..15 to the equivalent (lowercase) * ASCII hexadecimal equivalent character, in the range '0..9,'a..f' */ #define NUSSL_HEX2ASC(x) ((char) ((x) > 9 ? ((x) - 10 + 'a') : ((x) + '0'))) NUSSL_END_DECLS #endif /* NUSSL_STRING_H */ nufw-2.4.3/src/libs/nussl/nussl_request.h0000644000175000017500000000347211431206275015400 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by Pierre Chifflier ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* HTTP Request Handling Copyright (C) 1999-2006, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #ifndef NUSSL_REQUEST_H #define NUSSL_REQUEST_H #include #include "nussl_config.h" #include "nussl_session.h" NUSSL_BEGIN_DECLS int nussl_open_connection(nussl_session * sess); NUSSL_END_DECLS #endif /* NUSSL_REQUEST_H */ nufw-2.4.3/src/libs/nussl/nussl_alloc.h0000644000175000017500000000521611431206275015000 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* Replacement memory allocation handling etc. Copyright (C) 1999-2005, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #ifndef NUSSL_ALLOC_H #define NUSSL_ALLOC_H #ifdef WIN32 #include #else #include #endif #include "nussl_defs.h" NUSSL_BEGIN_DECLS typedef void (*nussl_oom_callback_fn) (void); /* Set callback which is called if malloc() returns NULL. */ void nussl_oom_callback(nussl_oom_callback_fn callback); #ifndef NEON_MEMLEAK /* Replacements for standard C library memory allocation functions, * which never return NULL. If the C library malloc() returns NULL, * neon will abort(); calling an OOM callback beforehand if one is * registered. The C library will only ever return NULL if the * operating system does not use optimistic memory allocation. */ void *nussl_malloc(size_t size) nussl_attribute_malloc; void *nussl_calloc(size_t size) nussl_attribute_malloc; void *nussl_realloc(void *ptr, size_t s); char *nussl_strdup(const char *s) nussl_attribute_malloc; char *nussl_strndup(const char *s, size_t n) nussl_attribute_malloc; #define nussl_free free #endif NUSSL_END_DECLS #endif /* NUSSL_ALLOC_H */ nufw-2.4.3/src/libs/nussl/nussl_alloc.c0000644000175000017500000000512311431206275014770 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* Replacement memory allocation handling etc. Copyright (C) 1999-2005, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #include #include "nussl_config.h" #include #include #include #include "nussl_alloc.h" static nussl_oom_callback_fn oom; void nussl_oom_callback(nussl_oom_callback_fn callback) { oom = callback; } #define DO_MALLOC(ptr, len) do { \ ptr = malloc((len)); \ if (!ptr) { \ if (oom != NULL) \ oom(); \ abort(); \ } \ } while(0); void *nussl_malloc(size_t len) { void *ptr; DO_MALLOC(ptr, len); return ptr; } void *nussl_calloc(size_t len) { void *ptr; DO_MALLOC(ptr, len); return memset(ptr, 0, len); } void *nussl_realloc(void *ptr, size_t len) { void *ret = realloc(ptr, len); if (!ret) { if (oom) oom(); abort(); } return ret; } char *nussl_strdup(const char *s) { char *ret; DO_MALLOC(ret, strlen(s) + 1); return strcpy(ret, s); } char *nussl_strndup(const char *s, size_t n) { char *new; DO_MALLOC(new, n + 1); new[n] = '\0'; memcpy(new, s, n); return new; } nufw-2.4.3/src/libs/nussl/nussl_string.c0000644000175000017500000003115711431206275015212 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* String utility functions Copyright (C) 1999-2007, Joe Orton strcasecmp/strncasecmp implementations are: Copyright (C) 1991, 1992, 1995, 1996, 1997 Free Software Foundation, Inc. This file is part of the GNU C Library. This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ /* Enable C99 features like vsnprintf() */ /* #define _ISOC99_SOURCE */ #include #include "nussl_config.h" #include #include #ifdef HAVE_UNISTD_H # include #endif #include #include /* for isprint() etc in nussl_strclean() */ #include "nussl_alloc.h" #include "nussl_string.h" char *nussl_token(char **str, char separator) { char *ret = *str, *pnt = strchr(*str, separator); if (pnt) { *pnt = '\0'; *str = pnt + 1; } else { /* no separator found: return end of string. */ *str = NULL; } return ret; } char *nussl_qtoken(char **str, char separator, const char *quotes) { char *pnt, *ret = NULL; for (pnt = *str; *pnt != '\0'; pnt++) { char *quot = strchr(quotes, *pnt); if (quot) { char *qclose = strchr(pnt + 1, *quot); if (!qclose) { /* no closing quote: invalid string. */ return NULL; } pnt = qclose; } else if (*pnt == separator) { /* found end of token. */ *pnt = '\0'; ret = *str; *str = pnt + 1; return ret; } } /* no separator found: return end of string. */ ret = *str; *str = NULL; return ret; } char *nussl_shave(char *str, const char *whitespace) { char *pnt, *ret = str; while (*ret != '\0' && strchr(whitespace, *ret) != NULL) { ret++; } /* pnt points at the NUL terminator. */ pnt = &ret[strlen(ret)]; while (pnt > ret && strchr(whitespace, *(pnt - 1)) != NULL) { pnt--; } *pnt = '\0'; return ret; } void nussl_buffer_clear(nussl_buffer * buf) { memset(buf->data, 0, buf->length); buf->used = 1; } /* Grows for given size, returns 0 on success, -1 on error. */ void nussl_buffer_grow(nussl_buffer * buf, size_t newsize) { #define NUSSL_BUFFER_GROWTH 512 if (newsize > buf->length) { /* If it's not big enough already... */ buf->length = ((newsize / NUSSL_BUFFER_GROWTH) + 1) * NUSSL_BUFFER_GROWTH; /* Reallocate bigger buffer */ buf->data = nussl_realloc(buf->data, buf->length); } } static size_t count_concat(va_list * ap) { size_t total = 0; char *next; while ((next = va_arg(*ap, char *)) != NULL) total += strlen(next); return total; } static void do_concat(char *str, va_list * ap) { char *next; while ((next = va_arg(*ap, char *)) != NULL) { #ifdef HAVE_STPCPY str = stpcpy(str, next); #else size_t len = strlen(next); memcpy(str, next, len); str += len; #endif } } void nussl_buffer_concat(nussl_buffer * buf, ...) { va_list ap; ssize_t total; va_start(ap, buf); total = buf->used + count_concat(&ap); va_end(ap); /* Grow the buffer */ nussl_buffer_grow(buf, total); va_start(ap, buf); do_concat(buf->data + buf->used - 1, &ap); va_end(ap); buf->used = total; buf->data[total - 1] = '\0'; } char *nussl_concat(const char *str, ...) { va_list ap; size_t total, slen = strlen(str); char *ret; va_start(ap, str); total = slen + count_concat(&ap); va_end(ap); ret = memcpy(nussl_malloc(total + 1), str, slen); va_start(ap, str); do_concat(ret + slen, &ap); va_end(ap); ret[total] = '\0'; return ret; } /* Append zero-terminated string... returns 0 on success or -1 on * realloc failure. */ void nussl_buffer_zappend(nussl_buffer * buf, const char *str) { nussl_buffer_append(buf, str, strlen(str)); } void nussl_buffer_append(nussl_buffer * buf, const char *data, size_t len) { nussl_buffer_grow(buf, buf->used + len); memcpy(buf->data + buf->used - 1, data, len); buf->used += len; buf->data[buf->used - 1] = '\0'; } size_t nussl_buffer_snprintf(nussl_buffer * buf, size_t max, const char *fmt, ...) { va_list ap; size_t ret; nussl_buffer_grow(buf, buf->used + max); va_start(ap, fmt); ret = nussl_vsnprintf(buf->data + buf->used - 1, max, fmt, ap); va_end(ap); buf->used += ret; return ret; } nussl_buffer *nussl_buffer_create(void) { return nussl_buffer_ncreate(512); } nussl_buffer *nussl_buffer_ncreate(size_t s) { nussl_buffer *buf = nussl_malloc(sizeof(*buf)); buf->data = nussl_malloc(s); buf->data[0] = '\0'; buf->length = s; buf->used = 1; return buf; } void nussl_buffer_destroy(nussl_buffer * buf) { nussl_free(buf->data); nussl_free(buf); } char *nussl_buffer_finish(nussl_buffer * buf) { char *ret = buf->data; nussl_free(buf); return ret; } void nussl_buffer_altered(nussl_buffer * buf) { buf->used = strlen(buf->data) + 1; } static const char b64_alphabet[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz" "0123456789+/="; char *nussl_base64(const unsigned char *text, size_t inlen) { /* The tricky thing about this is doing the padding at the end, * doing the bit manipulation requires a bit of concentration only */ char *buffer, *point; size_t outlen; /* Use 'buffer' to store the output. Work out how big it should be... * This must be a multiple of 4 bytes */ outlen = (inlen * 4) / 3; if ((inlen % 3) > 0) /* got to pad */ outlen += 4 - (inlen % 3); buffer = nussl_malloc(outlen + 1); /* +1 for the \0 */ /* now do the main stage of conversion, 3 bytes at a time, * leave the trailing bytes (if there are any) for later */ for (point = buffer; inlen >= 3; inlen -= 3, text += 3) { *(point++) = b64_alphabet[(*text) >> 2]; *(point++) = b64_alphabet[((*text) << 4 & 0x30) | (*(text + 1)) >> 4]; *(point++) = b64_alphabet[((*(text + 1)) << 2 & 0x3c) | (*(text + 2)) >> 6]; *(point++) = b64_alphabet[(*(text + 2)) & 0x3f]; } /* Now deal with the trailing bytes */ if (inlen > 0) { /* We always have one trailing byte */ *(point++) = b64_alphabet[(*text) >> 2]; *(point++) = b64_alphabet[(((*text) << 4 & 0x30) | (inlen == 2 ? (*(text + 1)) >> 4 : 0))]; *(point++) = (inlen == 1 ? '=' : b64_alphabet[(*(text + 1)) << 2 & 0x3c]); *(point++) = '='; } /* Null-terminate */ *point = '\0'; return buffer; } /* VALID_B64: fail if 'ch' is not a valid base64 character */ #define VALID_B64(ch) (((ch) >= 'A' && (ch) <= 'Z') || \ ((ch) >= 'a' && (ch) <= 'z') || \ ((ch) >= '0' && (ch) <= '9') || \ (ch) == '/' || (ch) == '+' || (ch) == '=') /* DECODE_B64: decodes a valid base64 character. */ #define DECODE_B64(ch) ((ch) >= 'a' ? ((ch) + 26 - 'a') : \ ((ch) >= 'A' ? ((ch) - 'A') : \ ((ch) >= '0' ? ((ch) + 52 - '0') : \ ((ch) == '+' ? 62 : 63)))) size_t nussl_unbase64(const char *data, unsigned char **out) { size_t inlen = strlen(data); unsigned char *outp; const unsigned char *in; if (inlen == 0 || (inlen % 4) != 0) return 0; outp = *out = nussl_malloc(inlen * 3 / 4); for (in = (const unsigned char *) data; *in; in += 4) { unsigned int tmp; if (!VALID_B64(in[0]) || !VALID_B64(in[1]) || !VALID_B64(in[2]) || !VALID_B64(in[3]) || in[0] == '=' || in[1] == '=' || (in[2] == '=' && in[3] != '=')) { nussl_free(*out); return 0; } tmp = (DECODE_B64(in[0]) & 0x3f) << 18 | (DECODE_B64(in[1]) & 0x3f) << 12; *outp++ = (tmp >> 16) & 0xff; if (in[2] != '=') { tmp |= (DECODE_B64(in[2]) & 0x3f) << 6; *outp++ = (tmp >> 8) & 0xff; if (in[3] != '=') { tmp |= DECODE_B64(in[3]) & 0x3f; *outp++ = tmp & 0xff; } } } return outp - *out; } char *nussl_strclean(char *str) { char *pnt; for (pnt = str; *pnt; pnt++) if (iscntrl(*pnt) || !isprint(*pnt)) *pnt = ' '; return str; } char *nussl_strerror(int errnum, char *buf, size_t buflen) { #ifdef HAVE_STRERROR_R #ifdef STRERROR_R_CHAR_P /* glibc-style strerror_r which may-or-may-not use provided buffer. */ char *ret = strerror_r(errnum, buf, buflen); if (ret != buf) nussl_strnzcpy(buf, ret, buflen); #else /* POSIX-style strerror_r: */ char tmp[256]; if (strerror_r(errnum, tmp, sizeof tmp) == 0) nussl_strnzcpy(buf, tmp, buflen); else nussl_snprintf(buf, buflen, "Unknown error %d", errnum); #endif #else /* no strerror_r: */ nussl_strnzcpy(buf, strerror(errnum), buflen); #endif return buf; } /* Wrapper for nussl_snprintf. */ size_t nussl_snprintf(char *str, size_t size, const char *fmt, ...) { va_list ap; va_start(ap, fmt); #ifdef HAVE_TRIO trio_vsnprintf(str, size, fmt, ap); #else vsnprintf(str, size, fmt, ap); #endif va_end(ap); str[size - 1] = '\0'; return strlen(str); } /* Wrapper for nussl_vsnprintf. */ size_t nussl_vsnprintf(char *str, size_t size, const char *fmt, va_list ap) { #ifdef HAVE_TRIO trio_vsnprintf(str, size, fmt, ap); #else vsnprintf(str, size, fmt, ap); #endif str[size - 1] = '\0'; return strlen(str); } /* Locale-independent strcasecmp implementations. */ static const unsigned char ascii_tolower[256] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff }; #define TOLOWER(ch) ascii_tolower[ch] const unsigned char *nussl_tolower_array(void) { return ascii_tolower; } int nussl_strcasecmp(const char *s1, const char *s2) { const unsigned char *p1 = (const unsigned char *) s1; const unsigned char *p2 = (const unsigned char *) s2; unsigned char c1, c2; if (p1 == p2) return 0; do { c1 = TOLOWER(*p1++); c2 = TOLOWER(*p2++); if (c1 == '\0') break; } while (c1 == c2); return c1 - c2; } int nussl_strncasecmp(const char *s1, const char *s2, size_t n) { const unsigned char *p1 = (const unsigned char *) s1; const unsigned char *p2 = (const unsigned char *) s2; unsigned char c1, c2; if (p1 == p2 || n == 0) return 0; do { c1 = TOLOWER(*p1++); c2 = TOLOWER(*p2++); if (c1 == '\0' || c1 != c2) return c1 - c2; } while (--n > 0); return c1 - c2; } nufw-2.4.3/src/libs/nussl/nussl_socket.h0000644000175000017500000002474611431206275015207 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* socket handling interface Copyright (C) 1999-2007, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #ifndef NUSSL_SOCKET_H #define NUSSL_SOCKET_H #include #include "nussl_defs.h" #include "nussl_ssl.h" /* for nussl_ssl_context */ /* Socket read timeout */ #define SOCKET_READ_TIMEOUT 120 NUSSL_BEGIN_DECLS /* nussl_socket represents a TCP socket. */ typedef struct nussl_socket_s nussl_socket; /* nussl_sock_addr represents an address object. */ typedef struct nussl_sock_addr_s nussl_sock_addr; #ifndef NUSSL_INET_ADDR_DEFINED typedef struct nussl_inet_addr_s nussl_inet_addr; #endif /* Perform process-global initialization of any libraries in use. * Returns non-zero on error. */ int nussl_sock_init(void); /* Perform process-global shutdown of any libraries in use. This * function only has effect when it has been called an equal number of * times to nussl_sock_init() for the process. */ void nussl_sock_exit(void); /* Resolve the given hostname. 'flags' must be zero. Hex * string IPv6 addresses (e.g. `::1') may be enclosed in brackets * (e.g. `[::1]'). */ nussl_sock_addr *nussl_addr_resolve(const char *hostname, int flags); /* Returns zero if name resolution was successful, non-zero on * error. */ int nussl_addr_result(const nussl_sock_addr * addr); /* Returns the first network address associated with the 'addr' * object. Undefined behaviour if nussl_addr_result returns non-zero for * 'addr'; otherwise, never returns NULL. */ const nussl_inet_addr *nussl_addr_first(nussl_sock_addr * addr); /* Returns the next network address associated with the 'addr' object, * or NULL if there are no more. */ const nussl_inet_addr *nussl_addr_next(nussl_sock_addr * addr); /* NB: the pointers returned by nussl_addr_first and nussl_addr_next are * valid until nussl_addr_destroy is called for the corresponding * nussl_sock_addr object. They must not be passed to nussl_iaddr_free. */ /* If name resolution fails, copies the error string into 'buffer', * which is of size 'bufsiz'. 'buffer' is returned. */ char *nussl_addr_error(const nussl_sock_addr * addr, char *buffer, size_t bufsiz); /* Destroys an address object created by nussl_addr_resolve. */ void nussl_addr_destroy(nussl_sock_addr * addr); /* Network address type; IPv4 or IPv6 */ typedef enum { nussl_iaddr_ipv4 = 0, nussl_iaddr_ipv6 } nussl_iaddr_type; /* Create a network address object from raw byte representation (in * network byte order) of given type. 'raw' must be four bytes for an * IPv4 address, 16 bytes for an IPv6 address. May return NULL if * address type is not supported. */ nussl_inet_addr *nussl_iaddr_make(nussl_iaddr_type type, const unsigned char *raw); /* Compare two network address objects i1 and i2; returns zero if they * are equivalent or non-zero otherwise. */ int nussl_iaddr_cmp(const nussl_inet_addr * i1, const nussl_inet_addr * i2); /* Return the type of the given network address object. */ nussl_iaddr_type nussl_iaddr_typeof(const nussl_inet_addr * ia); /* Print the string representation of network address 'ia' into the * buffer 'buffer', which is of length 'bufsiz'. Returns 'buffer'. */ char *nussl_iaddr_print(const nussl_inet_addr * ia, char *buffer, size_t bufsiz); /* Perform the reverse name lookup on network address 'ia', placing * the returned name in the 'buf' buffer (of length 'bufsiz') if * successful. Returns zero on success, or non-zero on error. */ int nussl_iaddr_reverse(const nussl_inet_addr * ia, char *buf, size_t bufsiz); /* Destroy a network address object created using nussl_iaddr_make. */ void nussl_iaddr_free(nussl_inet_addr * addr); /* Create a socket object; returns NULL on error. */ nussl_socket *nussl_sock_create(void); /* Create a socket object from a file descriptor; returns NULL on error. */ nussl_socket *nussl_sock_create_with_fd(int fd); /* Specify an address to which the local end of the socket will be * bound during a subsequent nussl_sock_connect() call. If the address * passed to nussl_sock_connect() is of a different type (family) to * 'addr', 'addr' is ignored. Either 'addr' may be NULL, to use the * given port with unspecified address, or 'port' may be 0, to use the * given address with an unspecified port. * * (Note: This function is not equivalent to a BSD socket bind(), it * only takes effect during the _connect() call). */ void nussl_sock_prebind(nussl_socket * sock, const nussl_inet_addr * addr, unsigned int port); /* Connect the socket to server at address 'addr' on port 'port'. * Returns zero on success, NUSSL_SOCK_TIMEOUT if a timeout occurs when a * non-zero connect timeout is configured (and is supported), or * NUSSL_SOCK_ERROR on failure. */ int nussl_sock_connect(nussl_socket * sock, const nussl_inet_addr * addr, unsigned int port); /* Read up to 'count' bytes from socket into 'buffer'. Returns: * NUSSL_SOCK_* on error, * >0 length of data read into buffer (may be less than 'count') */ ssize_t nussl_sock_read(nussl_socket * sock, char *buffer, size_t count); /* Read up to 'count' bytes into 'buffer', leaving the data available * in the socket buffer to be returned by a subsequent call to * nussl_sock_read or nussl_sock_peek. Returns: * NUSSL_SOCK_* on error, * >0 length of data read into buffer. */ ssize_t nussl_sock_peek(nussl_socket * sock, char *buffer, size_t count); /* Block for up to 'n' seconds until data becomes available for reading * from the socket. Returns: * NUSSL_SOCK_* on error, * NUSSL_SOCK_TIMEOUT if no data arrives in 'n' seconds, * 0 if data arrived on the socket. */ int nussl_sock_block(nussl_socket * sock, int n); /* Write 'count' bytes of 'data' to the socket. Guarantees to either * write all the bytes or to fail. Returns 0 on success, or NUSSL_SOCK_* * on error. */ int nussl_sock_fullwrite(nussl_socket * sock, const char *data, size_t count); /* Read an LF-terminated line into 'buffer', and NUL-terminate it. * At most 'len' bytes are read (including the NUL terminator). * Returns: * NUSSL_SOCK_* on error, * >0 number of bytes read (including NUL terminator) */ ssize_t nussl_sock_readline(nussl_socket * sock, char *buffer, size_t len); /* Read exactly 'len' bytes into buffer, or fail; returns 0 on * success, NUSSL_SOCK_* on error. */ ssize_t nussl_sock_fullread(nussl_socket * sock, char *buffer, size_t len); /* Accepts a connection from listening socket 'fd' and places the * socket in 'sock'. Returns zero on success or -1 on failure. */ int nussl_sock_accept(nussl_socket * sock, int fd); /* INL: Same than nussl_sock_accept(), but with provide every info we have */ int nussl_sock_accept_full(nussl_socket * sock, int listener, struct sockaddr *addr, socklen_t * addrlen); /* Returns the file descriptor used for socket 'sock'. */ int nussl_sock_fd(const nussl_socket * sock); /* Return address of peer, or NULL on error. The returned address * must be destroyed by caller using nussl_iaddr_free. */ nussl_inet_addr *nussl_sock_peer(nussl_socket * sock, unsigned int *port); /* Close the socket and destroy the socket object. Returns zero on * success, or an errno value if close() failed. */ int nussl_sock_close(nussl_socket * sock); /* Return current error string for socket. */ const char *nussl_sock_error(const nussl_socket * sock); /* Set read timeout for socket, in seconds; must be a non-zero * positive integer. */ void nussl_sock_read_timeout(nussl_socket * sock, int timeout); /* Set connect timeout for socket, in seconds; must be a positive * integer. If a timeout of 'zero' is used then then no explicit * timeout handling will be used for nussl_sock_connect(), and the * connect call will only timeout as dictated by the TCP stack. */ void nussl_sock_connect_timeout(nussl_socket * sock, int timeout); /* Negotiate an SSL connection on socket as an SSL server, using given * SSL context. */ int nussl_sock_accept_ssl(nussl_socket * sock, nussl_ssl_context * ctx); /* Negotiate an SSL connection on socket as an SSL client, using given * SSL context. The 'userdata' parameter is associated with the * underlying SSL library's socket structure for use in callbacks. * Returns zero on success, or non-zero on error. */ int nussl_sock_connect_ssl(nussl_socket * sock, nussl_ssl_context * ctx, void *userdata); /* Retrieve the session ID of the current SSL session. If 'buf' is * non-NULL, on success, copies at most *buflen bytes to 'buf' and * sets *buflen to the exact number of bytes copied. If 'buf' is * NULL, on success, sets *buflen to the length of the session ID. * Returns zero on success, non-zero on error. */ int nussl_sock_sessid(nussl_socket * sock, unsigned char *buf, size_t * buflen); /* Return human-readable name of SSL/TLS cipher used for connection, * or NULL if none. The format of this string is not intended to be * fixed or parseable, but is informational only. Return value is * NUL-terminated malloc-allocated string if not NULL, which must be * freed by the caller. */ char *nussl_sock_cipher(nussl_socket * sock); NUSSL_END_DECLS #endif /* NUSSL_SOCKET_H */ nufw-2.4.3/src/libs/nussl/nussl_request.c0000644000175000017500000001504711431206275015374 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by Pierre Chifflier ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* HTTP request/response handling Copyright (C) 1999-2007, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ /* This is the HTTP client request/response implementation. * The goal of this code is to be modular and simple. */ #include #include "nussl_config.h" #include #include #include #ifdef HAVE_STRING_H #include #endif #ifdef HAVE_STRINGS_H #include #endif #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #include "nussl_privssl.h" #include "nussl_internal.h" #include "nussl_alloc.h" #include "nussl_request.h" #include "nussl_string.h" /* for nussl_buffer */ #include "nussl_utils.h" #include "nussl_socket.h" #include "nussl_session.h" #include "nussl_private.h" #define SOCK_ERR(req, op, msg) do { ssize_t sret = (op); \ if (sret < 0) return aborted(req, msg, sret); } while (0) #define EOL "\r\n" struct field { char *name, *value; size_t vlen; struct field *next; }; /* Maximum number of header fields per response: */ #define MAX_HEADER_FIELDS (100) /* Size of hash table; 43 is the smallest prime for which the common * header names hash uniquely using the *33 hash function. */ #define HH_HASHSIZE (43) /* Hash iteration step: *33 known to be a good hash for ASCII, see RSE. */ #define HH_ITERATE(hash, ch) (((hash)*33 + (unsigned char)(ch)) % HH_HASHSIZE) /* pre-calculated hash values for given header names: */ #define HH_HV_CONNECTION (0x14) #define HH_HV_CONTENT_LENGTH (0x13) #define HH_HV_TRANSFER_ENCODING (0x07) /* Return the first resolved address for the given host. */ static const nussl_inet_addr *resolve_first(nussl_session * sess, struct host_info *host) { if (sess->addrlist) { sess->curaddr = 0; return sess->addrlist[0]; } else { return nussl_addr_first(host->address); } } /* Return the next resolved address for the given host or NULL if * there are no more addresses. */ static const nussl_inet_addr *resolve_next(nussl_session * sess, struct host_info *host) { if (sess->addrlist) { if (sess->curaddr++ < sess->numaddrs) return sess->addrlist[sess->curaddr]; else return NULL; } else { return nussl_addr_next(host->address); } } /* Make new TCP connection to server at 'host' of type 'name'. Note * that once a connection to a particular network address has * succeeded, that address will be used first for the next attempt to * connect. */ static int do_connect(nussl_session * sess, struct host_info *host, const char *err) { int ret; if ((sess->socket = nussl_sock_create()) == NULL) { nussl_set_error(sess, _("Could not create socket")); return NUSSL_ERROR; } if (sess->cotimeout) nussl_sock_connect_timeout(sess->socket, sess->cotimeout); if (host->current == NULL) host->current = resolve_first(sess, host); sess->status.ci.hostname = host->hostname; do { sess->status.ci.address = host->current; /* notify_status(sess, nussl_status_connecting); */ #if defined(NUSSL_DEBUGGING) && !defined(_WIN32) if (nussl_debug_mask & NUSSL_DBG_HTTP) { char buf[150]; NUSSL_DEBUG(NUSSL_DBG_HTTP, "Connecting to %s\n", nussl_iaddr_print(host->current, buf, sizeof buf)); } #endif ret = nussl_sock_connect(sess->socket, host->current, host->port); } while (ret && /* try the next address... */ (host->current = resolve_next(sess, host)) != NULL); if (ret) { nussl_set_error(sess, "%s: %s", err, nussl_sock_error(sess->socket)); return NUSSL_CONNECT; } /* notify_status(sess, nussl_status_connected); */ nussl_sock_read_timeout(sess->socket, sess->rdtimeout); /* clear persistent connection flag. */ sess->persisted = 0; return NUSSL_OK; } /* Perform any necessary DNS lookup for the host given by *info; * return NUSSL_ code. */ static int lookup_host(nussl_session * sess, struct host_info *info) { if (sess->addrlist) return NUSSL_OK; NUSSL_DEBUG(NUSSL_DBG_HTTP, "Doing DNS lookup on %s...\n", info->hostname); sess->status.lu.hostname = info->hostname; /*notify_status(sess, nussl_status_lookup); */ info->address = nussl_addr_resolve(info->hostname, 0); if (nussl_addr_result(info->address)) { char buf[256]; nussl_set_error(sess, _("Could not resolve hostname `%s': %s"), info->hostname, nussl_addr_error(info->address, buf, sizeof buf)); nussl_addr_destroy(info->address); info->address = NULL; return NUSSL_LOOKUP; } else { return NUSSL_OK; } } int nussl_open_connection(nussl_session * sess) { int ret; struct host_info *host; if (sess->socket) return NUSSL_OK; /* Resolve hostname if necessary. */ host = &sess->server; if (host->address == NULL) { ret = lookup_host(sess, host); if (ret) return ret; } ret = do_connect(sess, host, _("Could not connect to server")); if (ret != NUSSL_OK) return ret; /* Negotiate SSL layer. */ #ifdef XXX if ( /*sess->use_ssl && */ !sess->in_connect) { /* CONNECT tunnel */ /* if (sess->use_proxy) ret = proxy_tunnel(sess); */ #endif if (ret == NUSSL_OK) { ret = nussl__negotiate_ssl(sess); } #ifdef XXX } #endif return ret; } nufw-2.4.3/src/libs/nussl/nussl_openssl_local.c0000644000175000017500000001064411431206275016537 00000000000000/* ** Copyright (C) 2009 INL ** Written by Pierre Chifflier ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #include "config.h" #ifdef HAVE_OPENSSL #include "nussl_privssl.h" #include #ifdef HAVE_STRING_H #include #endif #include #include #include #include #include #include #include "nussl_ssl.h" #include "nussl_ssl_common.h" #include "nussl_string.h" #include "nussl_session.h" #include "nussl_internal.h" #include "nussl_private.h" #include "nussl_privssl.h" #include "nussl_utils.h" /* caller must free result using X509_free */ static X509 * read_pem(const char *name) { X509 *cert = NULL; BIO *bio; bio = BIO_new_file(name, "r"); if (!bio) return NULL; cert = (X509*)PEM_read_bio_X509(bio, NULL, NULL, NULL); BIO_free(bio); return cert; } /* local check of certificate against CA and CRL (optional) */ int nussl_local_check_certificate(const char *cert, const char *ca_cert, const char *ca_path, const char *crl, char *ret_message, size_t message_sz) { X509_STORE *cert_ctx = NULL; X509_LOOKUP *lookup = NULL; /* free "lookup" -> crash & burn */ X509_STORE_CTX *cert_store_ctx = NULL; int result = -1; int err; X509 *cert_x509 = NULL; cert_x509 = read_pem(cert); if (cert_x509 == NULL) { if (ret_message != NULL && message_sz > 0) snprintf (ret_message, message_sz, "Could not read file\n"); return -1; } cert_ctx = X509_STORE_new(); if (cert_ctx == NULL) goto label_local_check_cleanup; // set trusted authority if (ca_cert != NULL) { lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); result = X509_LOOKUP_load_file(lookup, ca_cert, X509_FILETYPE_PEM); } // CRL if (crl != NULL) { lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); result = X509_load_crl_file(lookup, crl, X509_FILETYPE_PEM); X509_STORE_set_flags(cert_ctx, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); } // CA path if (ca_path != NULL) { lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); result = X509_LOOKUP_add_dir(lookup, ca_path, X509_FILETYPE_PEM); // CA path can contain both CA and CRL files X509_STORE_set_flags(cert_ctx, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); } cert_store_ctx = X509_STORE_CTX_new(); if (cert_store_ctx == NULL) goto label_local_check_cleanup; result = X509_STORE_CTX_init(cert_store_ctx, cert_ctx, cert_x509, NULL); if (result != 1) goto label_local_check_cleanup; result = X509_verify_cert(cert_store_ctx); // if result == 0, then verification failed. otherwise, verification passed. if (ret_message != NULL && message_sz > 0) { err = X509_STORE_CTX_get_error (cert_store_ctx); snprintf (ret_message, message_sz, "%s (%d)", X509_verify_cert_error_string(err), err); } label_local_check_cleanup: X509_free(cert_x509); if (cert_store_ctx) { X509_STORE_CTX_cleanup(cert_store_ctx); X509_STORE_CTX_free(cert_store_ctx); } if (cert_ctx) X509_STORE_free(cert_ctx); return result; } #endif /* HAVE_OPENSSL */ nufw-2.4.3/src/libs/nussl/nussl.h0000644000175000017500000001420311431206275013622 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** Pierre Chifflier ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #ifndef NUSSL_H #define NUSSL_H #include #include #include "nussl_constants.h" #ifdef __cplusplus extern "C" { #endif struct nussl_nession_t; typedef struct nussl_session_t nussl_session; typedef void *nussl_ptr; /* Global library initialisation */ int nussl_init(); /* Create a session to the given server, using the given mode. * mode can be one of NUSSL_SSL_CTX_CLIENT, NUSSL_SSL_CTX_SERVER, * or NUSSL_SSL_CTX_SERVERv2 */ nussl_session *nussl_session_create(int mode); /* Finish an HTTP session */ void nussl_session_destroy(nussl_session * sess); /* Set destination hostname / port */ void nussl_set_hostinfo(nussl_session * sess, const char *hostname, unsigned int port); /* Open the connection */ int nussl_open_connection(nussl_session * sess); /* Prematurely force the connection to be closed for the given * session. */ void nussl_close_connection(nussl_session * sess); /* Set the timeout (in seconds) used when reading from a socket. The * timeout value must be greater than zero. */ void nussl_set_read_timeout(nussl_session * sess, int timeout); /* Set the timeout (in seconds) used when making a connection. The * timeout value must be greater than zero. */ void nussl_set_connect_timeout(nussl_session * sess, int timeout); /* Retrieve the error string for the session */ const char *nussl_get_error(nussl_session * sess); /* Write to session */ int nussl_write(nussl_session * sess, const char *buffer, size_t count); /* Read from session */ /* returns the number of octets read on success */ /* returns a NUSSL_SOCK_* error on failure */ ssize_t nussl_read(nussl_session * sess, char *buffer, size_t count); /* Set private key and certificate */ int nussl_ssl_set_keypair(nussl_session * sess, const char *cert_file, const char *key_file); /* Set private key and certificate */ int nussl_ssl_set_pkcs12_keypair(nussl_session * sess, const char *cert_file, const char *key_file); /* Indicate that the certificate 'cert' is trusted */ int nussl_ssl_trust_cert_file(nussl_session * sess, const char *cert_file); /* Add directory of trusted certificates */ int nussl_ssl_trust_dir(nussl_session * sess, const char *dir); /* TODO: factorize those functions */ /* Returns a string containing informations about the certificate */ char *nussl_get_cert_info(nussl_session * sess); /* Returns a string containing informations about the peer certificate */ char *nussl_get_server_cert_info(nussl_session * sess); /* Returns a string containing informations about the peer certificate */ char *nussl_get_server_cert_dn(nussl_session * sess); /* Returns a string containing informations about the peer certificate */ char *nussl_get_peer_dn(nussl_session * sess, char *buf, size_t * buf_size); /* Server related functions */ /* Create session server from sock fd */ nussl_session *nussl_session_create_with_fd(int fd, int verify); nussl_session *nussl_session_accept(nussl_session * srv_sess); int nussl_session_handshake(nussl_session * client_sess, nussl_session * srv_sess); int nussl_session_get_fd(nussl_session * sess); /* Set list of allowed ciphers for TLS negotiation */ void nussl_session_set_ciphers(nussl_session * sess, const char *cipher_list); int nussl_session_get_cipher(nussl_session * sess, char *buf, size_t bufsz); int nussl_session_getpeer(nussl_session * sess, struct sockaddr *addr, socklen_t * addrlen); int nussl_session_set_dh_bits(nussl_session * sess, unsigned int dh_bits); int nussl_session_set_dh_file(nussl_session * sess, const char *filename); int nussl_ssl_set_crl_file(nussl_session * sess, const char *crl_file, const char *ca_file); /* This function accepts several certificates in the CA file */ int nussl_ssl_set_ca_file(nussl_session *sess, const char *cafile); void nussl_ssl_disable_certificate_check(nussl_session * sess, int is_disabled); /* Set a new value for a particular session flag. */ void nussl_set_session_flag(nussl_session * sess, nussl_session_flag flag, int value); int nussl_get_session_flag(nussl_session * sess, nussl_session_flag flag); void *nussl_get_ctx(nussl_session * sess); void *nussl_get_socket(nussl_session * sess); #define NUSSL_VALID_REQ_TYPE(n) (n >= NUSSL_CERT_IGNORE && n <= NUSSL_CERT_REQUIRE) /* local check of certificate against CA and CRL (optional) */ int nussl_local_check_certificate(const char *cert, const char *ca_cert, const char *ca_path, const char *crl, char *ret_message, size_t message_sz); #ifdef __cplusplus } #endif #endif /* NUSSL_H */ nufw-2.4.3/src/libs/nussl/nussl_ssl_common.h0000644000175000017500000000533111431206275016055 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #ifndef NUSSL_SSL_COMMON_H #define NUSSL_SSL_COMMON_H #include #include "nussl_config.h" #include "nussl_privssl.h" #include "nussl_session.h" #ifdef HAVE_GNUTLS #include #include struct nussl_ssl_dname_s { int subject; /* non-zero if this is the subject DN object */ gnutls_x509_crt cert; }; struct nussl_ssl_certificate_s { nussl_ssl_dname subj_dn, issuer_dn; gnutls_x509_crt subject; nussl_ssl_certificate *issuer; char *identity; }; struct nussl_ssl_client_cert_s { gnutls_pkcs12 p12; int decrypted; /* non-zero if successfully decrypted. */ nussl_ssl_certificate cert; gnutls_x509_privkey pkey; char *friendly_name; }; #endif /* HAVE_GNUTLS */ #ifdef HAVE_OPENSSL #include #include #include struct nussl_ssl_dname_s { X509_NAME *dn; }; struct nussl_ssl_certificate_s { nussl_ssl_dname subj_dn, issuer_dn; X509 *subject; nussl_ssl_certificate *issuer; char *identity; }; struct nussl_ssl_client_cert_s { PKCS12 *p12; int decrypted; /* non-zero if successfully decrypted. */ nussl_ssl_certificate cert; EVP_PKEY *pkey; char *friendly_name; }; #endif #endif /* NUSSL_SSL_COMMON_H */ nufw-2.4.3/src/libs/nussl/nussl_privssl.h0000644000175000017500000000757111431206275015416 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** Pierre Chifflier ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon * * ChangeLog: * 2008-22-01: Sebastien Tricaud * * Added dh parameter to nussl_ssl_context_t */ /* SSL interface definitions internal to neon. Copyright (C) 2003-2005, Joe Orton Copyright (C) 2004, Aleix Conchillo Flaque This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ /* THIS IS NOT A PUBLIC INTERFACE. You CANNOT include this header file * from an application. */ #ifndef NUSSL_PRIVSSL_H #define NUSSL_PRIVSSL_H /* This is the private interface between nussl_socket, nussl_gnutls and * nussl_openssl. */ #include #include "nussl_config.h" #ifdef HAVE_SYS_SOCKET_H # include #endif #include "nussl_ssl.h" #include "nussl_socket.h" #define DH_BITS 1024 #ifdef HAVE_OPENSSL #include struct nussl_ssl_context_s { SSL_CTX *ctx; SSL_SESSION *sess; const char *hostname; /* for SNI */ int verify; /* non-zero if client cert verification required */ char *ciphers; /* allowed cipher list */ DH *dh; }; typedef SSL *nussl_ssl_socket; #endif /* HAVE_OPENSSL */ #ifdef HAVE_GNUTLS #include struct nussl_ssl_context_s { gnutls_certificate_credentials cred; gnutls_dh_params dh; unsigned int dh_bits; int verify; /* non-zero if client cert verification required */ char *ciphers; /* allowed cipher list */ int use_cert; const char *hostname; /* for SNI */ /* Session cache. */ union nussl_ssl_scache { struct { gnutls_datum key, data; } server; #if defined(HAVE_GNUTLS_SESSION_GET_DATA2) gnutls_datum client; #else struct { char *data; size_t len; } client; #endif } cache; }; typedef gnutls_session nussl_ssl_socket; #endif /* HAVE_GNUTLS */ nussl_ssl_socket nussl__sock_sslsock(nussl_socket * sock); /* Process-global initialization of the SSL library; returns non-zero * on error. */ int nussl__ssl_init(void); /* Process-global de-initialization of the SSL library. */ void nussl__ssl_exit(void); /* Set certificate verification options */ int nussl_ssl_context_set_verify(nussl_ssl_context * ctx, int required, const char *ca_names, const char *verify_cas); /* SSL accept function (with handshake), with timeout. * If timeout is 0, use blocking mode */ int nussl_ssl_accept(nussl_ssl_socket * ssl_sock, unsigned int timeout, char *errbuf, size_t errbufsz); #endif /* NUSSL_PRIVSSL_H */ nufw-2.4.3/src/libs/nussl/nussl_defs.h0000644000175000017500000000464511431206275014634 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* Standard definitions for neon headers Copyright (C) 2003-2006, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #undef NUSSL_BEGIN_DECLS #undef NUSSL_END_DECLS #ifdef __cplusplus # define NUSSL_BEGIN_DECLS extern "C" { # define NUSSL_END_DECLS } #else # define NUSSL_BEGIN_DECLS /* empty */ # define NUSSL_END_DECLS /* empty */ #endif #ifndef NUSSL_DEFS_H #define NUSSL_DEFS_H #include #ifdef NUSSL_LFS typedef off64_t nussl_off_t; #else typedef off_t nussl_off_t; #endif /* define ssize_t for Win32 */ #if defined(WIN32) && !defined(ssize_t) #define ssize_t int #endif #ifdef __GNUC__ #if __GNUC__ >= 3 #define nussl_attribute_malloc __attribute__((malloc)) #else #define nussl_attribute_malloc #endif #define nussl_attribute(x) __attribute__(x) #else #define nussl_attribute(x) #define nussl_attribute_malloc #endif #ifndef NUSSL_BUFSIZ #define NUSSL_BUFSIZ 8192 #endif #endif /* NUSSL_DEFS_H */ nufw-2.4.3/src/libs/nussl/nussl_ssl_common.c0000644000175000017500000001054411431206275016052 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #include #include #include #include "nussl_ssl_common.h" #include "nussl_private.h" #include "nussl_privssl.h" #include "nussl_ssl.h" #include "nussl_internal.h" #include "nussl_alloc.h" char *nussl_get_cert_info(nussl_session * sess) { char valid_from[NUSSL_SSL_VDATELEN]; char valid_until[NUSSL_SSL_VDATELEN]; char *ret, *dn, *issuer_dn, *dn_str, *issuer_str, *from_str, *until_str; if (!sess->my_cert) return NULL; dn = nussl_ssl_readable_dname(&sess->my_cert->cert.subj_dn); issuer_dn = nussl_ssl_readable_dname(&sess->my_cert->cert.issuer_dn); nussl_ssl_cert_validity(&sess->my_cert->cert, valid_from, valid_until); dn_str = _("DN: "); issuer_str = _("Issuer DN: "); from_str = _("Valid from: "); until_str = _("Valid until: "); ret = (char *) malloc(strlen(dn) + strlen(issuer_dn) + strlen(valid_from) + strlen(valid_until) + strlen(dn_str) + strlen(issuer_str) + strlen(from_str) + strlen(until_str) + 5); /* 5 = 4 '\n' and 1 '\0' */ if (!ret) { nussl_free(dn); nussl_free(issuer_dn); return NULL; } strcpy(ret, dn_str); strcat(ret, dn); strcat(ret, "\n"); strcat(ret, issuer_str); strcat(ret, issuer_dn); strcat(ret, "\n"); strcat(ret, from_str); strcat(ret, valid_from); strcat(ret, "\n"); strcat(ret, until_str); strcat(ret, valid_until); strcat(ret, "\n"); nussl_free(dn); nussl_free(issuer_dn); return ret; } char *nussl_get_server_cert_info(nussl_session * sess) { char valid_from[NUSSL_SSL_VDATELEN]; char valid_until[NUSSL_SSL_VDATELEN]; char *ret, *dn, *issuer_dn, *dn_str, *issuer_str, *from_str, *until_str; if (!sess->peer_cert) return NULL; dn = nussl_ssl_readable_dname(&sess->peer_cert->subj_dn); issuer_dn = nussl_ssl_readable_dname(&sess->peer_cert->issuer_dn); nussl_ssl_cert_validity(sess->peer_cert, valid_from, valid_until); dn_str = _("DN: "); issuer_str = _("Issuer DN: "); from_str = _("Valid from: "); until_str = _("Valid until: "); ret = (char *) nussl_malloc(strlen(dn) + strlen(issuer_dn) + strlen(valid_from) + strlen(valid_until) + strlen(dn_str) + strlen(issuer_str) + strlen(from_str) + strlen(until_str) + 5); /* 5 = 4 '\n' and 1 '\0' */ if (!ret) { nussl_free(dn); nussl_free(issuer_dn); return NULL; } strcpy(ret, dn_str); strcat(ret, dn); strcat(ret, "\n"); strcat(ret, issuer_str); strcat(ret, issuer_dn); strcat(ret, "\n"); strcat(ret, from_str); strcat(ret, valid_from); strcat(ret, "\n"); strcat(ret, until_str); strcat(ret, valid_until); strcat(ret, "\n"); nussl_free(dn); nussl_free(issuer_dn); return ret; } char *nussl_get_server_cert_dn(nussl_session * sess) { char *tmp, *dn; if (!sess->peer_cert) { nussl_set_error(sess, _("The peer didn't send a certificate.")); return NULL; } tmp = nussl_ssl_readable_dname(&sess->peer_cert->subj_dn); dn = strdup(tmp); nussl_free(tmp); return dn; } nufw-2.4.3/src/libs/nussl/nussl_config.h0000644000175000017500000000626011431206275015153 00000000000000/* ** Copyright (C) 2007-2009 INL ** Written by S.Tricaud ** L.Defert ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* -*- c -*- Win32 config.h Copyright (C) 1999-2000, Peter Boos Copyright (C) 2002-2006, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #if defined(_WIN32) && !defined(WIN32) #define WIN32 #endif /* #define NUSSL_DBG_SSL fprintf */ #define HAVE_FNCTL #define NEON_VERSION "NuNeon" /*#define NUSSL_USE_POLL 1 XXX: remove anything related to me*/ #define NUSSL_VERSION_MAJOR 0 #define NUSSL_VERSION_MINOR 1 #define HAVE_SIGNAL_H #define HAVE_SIGNAL #define NUSSL_HAVE_TS_SSL /* TS = Thread Safe */ /* #define HAVE_OPENSSL */ #define NUSSL_FMT_SIZE_T "zu" #define NUSSL_FMT_SSIZE_T "d" #define NUSSL_FMT_OFF_T "ld" #define NUSSL_FMT_NE_OFF_T NUSSL_FMT_OFF_T #ifndef NUSSL_FMT_XML_SIZE #define NUSSL_FMT_XML_SIZE "d" #endif /* needs adjusting for Win64... */ #define SIZEOF_INT 4 #define SIZEOF_LONG 4 #ifdef WIN32 #define HAVE_SETSOCKOPT //#define HAVE_SSPI #undef NUSSL_HAVE_TS_SSL /* Define to enable debugging */ #define NUSSL_DEBUGGING 1 #define SHUT_RDWR SD_BOTH #include #if 0 /* Win32 uses a underscore, so we use a macro to eliminate that. */ #define snprintf _snprintf #define vsnprintf _vsnprintf #if defined(_MSC_VER) && _MSC_VER >= 1400 #define strcasecmp _strcmpi #define strncasecmp _strnicmp #else #define strcasecmp strcmpi #define strncasecmp strnicmp #endif #define ssize_t int #define inline __inline #define off_t _off_t #endif /* 0 */ #ifndef USE_GETADDRINFO #define in_addr_t unsigned int #endif #define socklen_t int #include #define read _read #endif nufw-2.4.3/src/libs/nussl/nussl_gnutls.c0000644000175000017500000010142411431206275015213 00000000000000/* ** Copyright (C) 2009 INL ** Written by S.Tricaud ** L.Defert ** Pierre Chifflier ** INL http://www.inl.fr/ ** ** NuSSL: OpenSSL / GnuTLS layer based on libneon */ /* neon SSL/TLS support using GNU TLS Copyright (C) 2007, Joe Orton Copyright (C) 2004, Aleix Conchillo Flaque This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA In addition, as a special exception, INL gives permission to link the code of its release of NuSSL with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ #include "config.h" #ifdef HAVE_GNUTLS #include #include #include #ifdef HAVE_STRING_H #include #endif #include #include #include #include #include #include #ifdef HAVE_ICONV #include #endif #include "nussl_privssl.h" #include "nussl_ssl_common.h" #ifdef NUSSL_HAVE_TS_SSL #include #include #include GCRY_THREAD_OPTION_PTHREAD_IMPL; #endif #include #include "nussl_ssl.h" #include "nussl_string.h" #include "nussl_session.h" #include "nussl_internal.h" #include "nussl_private.h" #include "nussl_privssl.h" #include "nussl_utils.h" int read_to_datum(const char *filename, gnutls_datum * datum); nussl_ssl_certificate *nussl_ssl_cert_read(const char *filename); /* Returns the highest used index in subject (or issuer) DN of * certificate CERT for OID, or -1 if no RDNs are present in the DN * using that OID. */ static int oid_find_highest_index(gnutls_x509_crt cert, int subject, const char *oid) { int ret, idx = -1; do { size_t len = 0; if (subject) ret = gnutls_x509_crt_get_dn_by_oid(cert, oid, ++idx, 0, NULL, &len); else ret = gnutls_x509_crt_get_issuer_dn_by_oid(cert, oid, ++idx, 0, NULL, &len); } while (ret == GNUTLS_E_SHORT_MEMORY_BUFFER); return idx - 1; } #ifdef HAVE_GNUTLS_X509_DN_GET_RDN_AVA /* New-style RDN handling introduced in GnuTLS 1.7.x. */ #ifdef HAVE_ICONV static void convert_dirstring(nussl_buffer * buf, const char *charset, gnutls_datum * data) { iconv_t id = iconv_open("UTF-8", charset); size_t inlen = data->size, outlen = buf->length - buf->used; char *inbuf = (char *) data->data; char *outbuf = buf->data + buf->used - 1; if (id == (iconv_t) - 1) { char err[128], err2[128]; nussl_snprintf(err, sizeof err, "[unprintable in %s: %s]", charset, nussl_strerror(errno, err2, sizeof err2)); nussl_buffer_zappend(buf, err); return; } nussl_buffer_grow(buf, buf->used + 64); while (inlen && outlen && iconv(id, &inbuf, &inlen, &outbuf, &outlen) == 0); iconv_close(id); buf->used += buf->length - buf->used - outlen; buf->data[buf->used - 1] = '\0'; } #endif /* From section 11.13 of the Dubuisson ASN.1 bible: */ #define TAG_UTF8 (12) #define TAG_PRINTABLE (19) #define TAG_T61 (20) #define TAG_IA5 (22) #define TAG_VISIBLE (26) #define TAG_UNIVERSAL (28) #define TAG_BMP (30) static void append_dirstring(nussl_buffer * buf, gnutls_datum * data, unsigned long tag) { switch (tag) { case TAG_UTF8: case TAG_IA5: case TAG_PRINTABLE: case TAG_VISIBLE: nussl_buffer_append(buf, (char *) data->data, data->size); break; #ifdef HAVE_ICONV case TAG_T61: convert_dirstring(buf, "ISO-8859-1", data); break; case TAG_BMP: convert_dirstring(buf, "UCS-2BE", data); break; #endif default:{ char tmp[128]; nussl_snprintf(tmp, sizeof tmp, _("[unprintable:#%lu]"), tag); nussl_buffer_zappend(buf, tmp); } break; } } /* OIDs to not include in readable DNs by default: */ #define OID_emailAddress "1.2.840.113549.1.9.1" #define OID_commonName "2.5.4.3" #define CMPOID(a,o) ((a)->oid.size == sizeof(o) \ && memcmp((a)->oid.data, o, strlen(o)) == 0) char *nussl_ssl_readable_dname(const nussl_ssl_dname * name) { gnutls_x509_dn_t dn; int ret, rdn = 0, flag = 0; nussl_buffer *buf; gnutls_x509_ava_st val; if (name->subject) ret = gnutls_x509_crt_get_subject(name->cert, &dn); else ret = gnutls_x509_crt_get_issuer(name->cert, &dn); if (ret) return nussl_strdup(_("[unprintable]")); buf = nussl_buffer_create(); /* Find the highest rdn... */ while (gnutls_x509_dn_get_rdn_ava(dn, rdn++, 0, &val) == 0); /* ..then iterate back to the first: */ while (--rdn >= 0) { int ava = 0; /* Iterate through all AVAs for multivalued AVAs; better than * nussl_openssl can do! */ do { ret = gnutls_x509_dn_get_rdn_ava(dn, rdn, ava, &val); /* If the *only* attribute to append is the common name or * email address, use it; otherwise skip those * attributes. */ if (ret == 0 && val.value.size > 0 && ((!CMPOID(&val, OID_emailAddress) && !CMPOID(&val, OID_commonName)) || (buf->used == 1 && rdn == 0))) { flag = 1; if (buf->used > 1) nussl_buffer_append(buf, ", ", 2); append_dirstring(buf, &val.value, val.value_tag); } ava++; } while (ret == 0); } return nussl_buffer_finish(buf); } #else /* !HAVE_GNUTLS_X509_DN_GET_RDN_AVA */ /* Appends the value of RDN with given oid from certitifcate x5 * subject (if subject is non-zero), or issuer DN to buffer 'buf': */ static void append_rdn(nussl_buffer * buf, gnutls_x509_crt x5, int subject, const char *oid) { int idx, top, ret; char rdn[50]; top = oid_find_highest_index(x5, subject, oid); for (idx = top; idx >= 0; idx--) { size_t rdnlen = sizeof rdn; if (subject) ret = gnutls_x509_crt_get_dn_by_oid(x5, oid, idx, 0, rdn, &rdnlen); else ret = gnutls_x509_crt_get_issuer_dn_by_oid(x5, oid, idx, 0, rdn, &rdnlen); if (ret < 0) return; if (buf->used > 1) { nussl_buffer_append(buf, ", ", 2); } nussl_buffer_append(buf, rdn, rdnlen); } } char *nussl_ssl_readable_dname(const nussl_ssl_dname * name) { nussl_buffer *buf = nussl_buffer_create(); int ret, idx = 0; do { char oid[32] = { 0 }; size_t oidlen = sizeof oid; ret = name->subject ? gnutls_x509_crt_get_dn_oid(name->cert, idx, oid, &oidlen) : gnutls_x509_crt_get_issuer_dn_oid(name->cert, idx, oid, &oidlen); if (ret == 0) { append_rdn(buf, name->cert, name->subject, oid); idx++; } } while (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); return nussl_buffer_finish(buf); } #endif /* HAVE_GNUTLS_X509_DN_GET_RDN_AVA */ int nussl_ssl_dname_cmp(const nussl_ssl_dname * dn1, const nussl_ssl_dname * dn2) { char c1[1024], c2[1024]; size_t s1 = sizeof c1, s2 = sizeof c2; int ret; if (dn1->subject) ret = gnutls_x509_crt_get_dn(dn1->cert, c1, &s1); else ret = gnutls_x509_crt_get_issuer_dn(dn1->cert, c1, &s1); if (ret) return 1; if (dn2->subject) ret = gnutls_x509_crt_get_dn(dn2->cert, c2, &s2); else ret = gnutls_x509_crt_get_issuer_dn(dn2->cert, c2, &s2); if (ret) return -1; if (s1 != s2) return s2 - s1; return memcmp(c1, c2, s1); } void nussl_ssl_clicert_free(nussl_ssl_client_cert * cc) { if (cc->p12) gnutls_pkcs12_deinit(cc->p12); if (cc->decrypted) { if (cc->cert.identity) nussl_free(cc->cert.identity); if (cc->pkey) gnutls_x509_privkey_deinit(cc->pkey); if (cc->cert.subject) gnutls_x509_crt_deinit(cc->cert.subject); } if (cc->friendly_name) nussl_free(cc->friendly_name); nussl_free(cc); } void nussl_ssl_cert_validity_time(const nussl_ssl_certificate * cert, time_t * from, time_t * until) { if (from) { *from = gnutls_x509_crt_get_activation_time(cert->subject); } if (until) { *until = gnutls_x509_crt_get_expiration_time(cert->subject); } } /* Check certificate identity. Returns zero if identity matches or could * not be checked; 1 if identity does not match, or <0 if the certificate had * no identity. * if hostname is not NULL, store certificate identity */ static int check_identity(const char *expected_hostname, gnutls_x509_crt cert, char **hostname) { char name[255]; int ret; size_t len; len = sizeof(name); ret = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, 0, /* the first and only one */ 0, name, &len); if (ret) { if (expected_hostname != NULL) NUSSL_DEBUG(NUSSL_DBG_SSL, "TLS: error fetching CN from cert: %s", gnutls_strerror(ret)); return -1; } if (hostname) { *hostname = nussl_strdup(name); } /* we can't check the identifity .. */ if (!expected_hostname) return 0; /* This function will check if the given certificate's subject matches the * given hostname. This is a basic implementation of the matching described * in RFC2818 (HTTPS), which takes into account wildcards, and the subject * alternative name PKIX extension. Returns non zero on success, and zero on * failure. */ ret = gnutls_x509_crt_check_hostname(cert, expected_hostname); if (!ret) { NUSSL_DEBUG(NUSSL_DBG_SSL, "SSL: certificate subject name (%s) does not match target host name '%s'\n", name, expected_hostname); return 1; } return 0; } /* Populate an nussl_ssl_certificate structure from an X509 object. */ static nussl_ssl_certificate *populate_cert(nussl_ssl_certificate * cert, gnutls_x509_crt x5) { cert->subj_dn.cert = x5; cert->subj_dn.subject = 1; cert->issuer_dn.cert = x5; cert->issuer_dn.subject = 0; cert->issuer = NULL; cert->subject = x5; cert->identity = NULL; check_identity(NULL, x5, &cert->identity); /* TODO: return the error of check_identity ... */ return cert; } /* Returns a copy certificate of certificate SRC. */ static gnutls_x509_crt x509_crt_copy(gnutls_x509_crt src) { int ret; size_t size = 0; gnutls_datum tmp; gnutls_x509_crt dest; if (gnutls_x509_crt_init(&dest) != 0) { return NULL; } if (gnutls_x509_crt_export(src, GNUTLS_X509_FMT_DER, NULL, &size) != GNUTLS_E_SHORT_MEMORY_BUFFER) { gnutls_x509_crt_deinit(dest); return NULL; } tmp.data = nussl_malloc(size); ret = gnutls_x509_crt_export(src, GNUTLS_X509_FMT_DER, tmp.data, &size); if (ret == 0) { tmp.size = size; ret = gnutls_x509_crt_import(dest, &tmp, GNUTLS_X509_FMT_DER); } if (ret) { gnutls_x509_crt_deinit(dest); dest = NULL; } nussl_free(tmp.data); return dest; } /* Duplicate a client certificate, which must be in the decrypted state. */ static nussl_ssl_client_cert *dup_client_cert(const nussl_ssl_client_cert * cc) { int ret; nussl_ssl_client_cert *newcc = nussl_calloc(sizeof *newcc); newcc->decrypted = 1; ret = gnutls_x509_privkey_init(&newcc->pkey); if (ret != 0) goto dup_error; ret = gnutls_x509_privkey_cpy(newcc->pkey, cc->pkey); if (ret != 0) goto dup_error; newcc->cert.subject = x509_crt_copy(cc->cert.subject); if (!newcc->cert.subject) goto dup_error; if (cc->friendly_name) newcc->friendly_name = nussl_strdup(cc->friendly_name); populate_cert(&newcc->cert, newcc->cert.subject); return newcc; dup_error: if (newcc->pkey) gnutls_x509_privkey_deinit(newcc->pkey); if (newcc->cert.subject) gnutls_x509_crt_deinit(newcc->cert.subject); nussl_free(newcc); return NULL; } #if 0 /* Use gnutls function, no callback needed */ /* Callback invoked when the SSL server requests a client certificate. */ static int provide_client_cert(gnutls_session session, const gnutls_datum * req_ca_rdn, int nreqs, const gnutls_pk_algorithm * sign_algos, int sign_algos_length, gnutls_retr_st * st) { nussl_session *sess = gnutls_session_get_ptr(session); if (!sess) { return -1; } if (!sess->my_cert && sess->ssl_provide_fn) { /* The dname array cannot be converted without better dname * support from GNUTLS. */ sess->ssl_provide_fn(sess->ssl_provide_ud, sess, NULL, 0); } NUSSL_DEBUG(NUSSL_DBG_SSL, "In client cert provider callback.\n"); if (sess->my_cert) { gnutls_certificate_type type = gnutls_certificate_type_get(session); if (type == GNUTLS_CRT_X509) { NUSSL_DEBUG(NUSSL_DBG_SSL, "Supplying client certificate.\n"); st->type = type; st->ncerts = 1; st->cert.x509 = &sess->my_cert->cert.subject; st->key.x509 = sess->my_cert->pkey; /* tell GNU TLS not to deallocate the certs. */ st->deinit_all = 0; } else { return -1; } } else { NUSSL_DEBUG(NUSSL_DBG_SSL, "No client certificate supplied.\n"); } return 0; } #endif int nussl_ssl_set_clicert(nussl_session * sess, const nussl_ssl_client_cert * cc) { sess->my_cert = dup_client_cert(cc); if (!sess->my_cert) return NUSSL_ERROR; return nussl_ssl_context_keypair_from_data(sess->ssl_context, sess->my_cert); } /* Return the certificate chain sent by the peer, or NULL on error. */ static nussl_ssl_certificate *make_peers_chain(gnutls_session sock) { nussl_ssl_certificate *current = NULL, *top = NULL; const gnutls_datum *certs; unsigned int n, count; certs = gnutls_certificate_get_peers(sock, &count); if (!certs) { return NULL; } for (n = 0; n < count; n++) { nussl_ssl_certificate *cert; gnutls_x509_crt x5; if (gnutls_x509_crt_init(&x5) || gnutls_x509_crt_import(x5, &certs[n], GNUTLS_X509_FMT_DER)) { nussl_ssl_cert_free(top); return NULL; } cert = populate_cert(nussl_malloc(sizeof *cert), x5); if (top == NULL) { current = top = cert; } else { current->issuer = cert; current = cert; } } return top; } /* Verifies an SSL server certificate. */ static int check_certificate(nussl_session * sess, gnutls_session sock, nussl_ssl_certificate * chain) { time_t before, after, now = time(NULL); int ret, failures = 0; unsigned int status; /* nussl_uri server; */ before = gnutls_x509_crt_get_activation_time(chain->subject); after = gnutls_x509_crt_get_expiration_time(chain->subject); if (now < before) failures |= NUSSL_SSL_NOTYETVALID; else if (now > after) failures |= NUSSL_SSL_EXPIRED; ret = check_identity(sess->server.hostname, chain->subject, NULL); if (ret < 0) { nussl_set_error(sess, _("Server certificate was missing commonName " "attribute in subject name")); return NUSSL_ERROR; } else if (ret > 0) { if (sess->flags[NUSSL_SESSFLAG_IGNORE_ID_MISMATCH] == 0) failures |= NUSSL_SSL_IDMISMATCH; } ret = gnutls_certificate_verify_peers2(sock, &status); if (ret < 0) { NUSSL_DEBUG(NUSSL_DBG_SSL, "Certificate verification failed: %s\n", gnutls_strerror(ret)); failures |= NUSSL_SSL_UNTRUSTED; } if (status || failures) { NUSSL_DEBUG(NUSSL_DBG_SSL, "Certificate verification failed: "); if (status & GNUTLS_CERT_INVALID) { NUSSL_DEBUG(NUSSL_DBG_SSL, "invalid, "); failures |= NUSSL_SSL_INVALID; } if (status & GNUTLS_CERT_REVOKED) { NUSSL_DEBUG(NUSSL_DBG_SSL, "revoked, "); failures |= NUSSL_SSL_REVOKED; } if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) { NUSSL_DEBUG(NUSSL_DBG_SSL, "signer not found, "); failures |= NUSSL_SSL_SIGNER_NOT_FOUND; } if (status & GNUTLS_CERT_SIGNER_NOT_CA) { NUSSL_DEBUG(NUSSL_DBG_SSL, "signer not a CA, "); failures |= NUSSL_SSL_SIGNER_NOT_CA; } if (failures & NUSSL_SSL_UNTRUSTED) { NUSSL_DEBUG(NUSSL_DBG_SSL, "untrusted, "); } if (failures & NUSSL_SSL_EXPIRED) { NUSSL_DEBUG(NUSSL_DBG_SSL, "expired, "); } if (failures & NUSSL_SSL_NOTYETVALID) { NUSSL_DEBUG(NUSSL_DBG_SSL, "not yet valid, "); } if (failures & NUSSL_SSL_IDMISMATCH) { NUSSL_DEBUG(NUSSL_DBG_SSL, "FQDN mismatch, "); } failures |= NUSSL_SSL_UNTRUSTED; } NUSSL_DEBUG(NUSSL_DBG_SSL, "\nFailures = %d\n", failures); if (failures == 0) { ret = NUSSL_OK; } else { nussl__ssl_set_verify_err(sess, failures); ret = NUSSL_ERROR; #if 0 if (sess->ssl_verify_fn && sess->ssl_verify_fn(sess->ssl_verify_ud, failures, chain) == 0) ret = NUSSL_OK; #endif } return ret; } int nussl__ssl_post_handshake(nussl_session * sess) { nussl_ssl_certificate *chain; gnutls_session sock = nussl__sock_sslsock(sess->socket); if (!sess->check_peer_cert) return NUSSL_OK; chain = make_peers_chain(sock); if (chain == NULL) { nussl_set_error(sess, _("Peer did not send certificate chain")); if (sess->ssl_context->verify < 2) { /* certificates are not mandatory, so continue */ return NUSSL_OK; } return NUSSL_ERROR; } if (sess->peer_cert && nussl_ssl_cert_cmp(sess->peer_cert, chain) == 0) { /* Same cert as last time; presume OK. This is not optimal as * make_peers_chain() has already gone through and done the * expensive DER parsing stuff for the whole chain by now. */ nussl_ssl_cert_free(chain); return NUSSL_OK; } if (check_certificate(sess, sock, chain) != NUSSL_OK && sess->check_peer_cert != 0) { nussl_ssl_cert_free(chain); nussl_set_error(sess, "Certificate verification failed"); return NUSSL_ERROR; } sess->peer_cert = chain; return NUSSL_OK; } /* Negotiate an SSL connection. */ int nussl__negotiate_ssl(nussl_session * sess) { nussl_ssl_context *const ctx = sess->ssl_context; NUSSL_DEBUG(NUSSL_DBG_SSL, "Negotiating SSL connection.\n"); /* Pass through the hostname if SNI is enabled. */ ctx->hostname = sess->flags[NUSSL_SESSFLAG_TLS_SNI] ? sess->server. hostname : NULL; if (nussl_sock_connect_ssl(sess->socket, ctx, sess)) { nussl_set_error(sess, _("SSL negotiation failed: %s"), nussl_sock_error(sess->socket)); return NUSSL_ERROR; } return nussl__ssl_post_handshake(sess); } const nussl_ssl_dname *nussl_ssl_cert_issuer(const nussl_ssl_certificate * cert) { return &cert->issuer_dn; } const nussl_ssl_dname *nussl_ssl_cert_subject(const nussl_ssl_certificate * cert) { return &cert->subj_dn; } const nussl_ssl_certificate *nussl_ssl_cert_signedby(const nussl_ssl_certificate * cert) { return cert->issuer; } const char *nussl_ssl_cert_identity(const nussl_ssl_certificate * cert) { return cert->identity; } static int check_crl_validity(nussl_session * sess, const char *crl_file, const char *ca_file) { gnutls_datum_t datum_crl; gnutls_datum_t datum_ca; gnutls_x509_crt_t ca; gnutls_x509_crl_t crl; time_t t, now; int return_value; char buffer[256]; size_t s; int ret; datum_ca.data = NULL; datum_crl.data = NULL; NUSSL_DEBUG(NUSSL_DBG_SSL, "Checking CRL file %s against %s", crl_file, ca_file); if (!ca_file || !crl_file) return -1; /* read CRL and CA */ ret = read_to_datum(crl_file, &datum_crl); if (ret != 0) return -1; ret = read_to_datum(ca_file, &datum_ca); if (ret != 0) { nussl_free(datum_crl.data); return -1; } gnutls_x509_crt_init(&ca); gnutls_x509_crl_init(&crl); ret = gnutls_x509_crl_import(crl, &datum_crl, GNUTLS_X509_FMT_PEM); if (ret) { nussl_set_error(sess,_("TLS: Could not import CRL data\n")); nussl_free(datum_ca.data); nussl_free(datum_crl.data); return -1; } ret = gnutls_x509_crt_import(ca, &datum_ca, GNUTLS_X509_FMT_PEM); if (ret) { nussl_set_error(sess,_("TLS: Could not import CA data\n")); gnutls_free(datum_ca.data); gnutls_free(datum_crl.data); return -1; } /* debug stuff */ s = sizeof(buffer); ret = gnutls_x509_crl_get_issuer_dn(crl, buffer, &s); NUSSL_DEBUG(NUSSL_DBG_SSL, "TLS: CRL issuer DN: %s.\n", buffer); /* Check if CRL was signed by configured CA */ return_value = 0; ret = gnutls_x509_crl_check_issuer (crl, ca); if (ret != 1) { nussl_set_error(sess,_("TLS: CRL issuer is NOT the configured certificate authority\n")); return_value--; } /* Check if CRL has expired */ now = time(NULL); t = gnutls_x509_crl_get_next_update (crl); /* This field is optional in a CRL */ if (t != (time_t)-1 ) { if (now > t) { /* XXX how can we send a warning to caller from nussl ? */ //nussl_set_error(sess,_("TLS: CRL has expired and should be re-issued\n")); NUSSL_DEBUG(NUSSL_DBG_SSL, _("TLS: CRL has expired and should be re-issued\n")); return_value--; } } gnutls_x509_crt_deinit(ca); gnutls_x509_crl_deinit(crl); nussl_free(datum_ca.data); nussl_free(datum_crl.data); return return_value; } int nussl_ssl_set_crl_file(nussl_session * sess, const char *crl_file, const char *ca_file) { int ret; if (check_crl_validity(sess, crl_file, ca_file) != 0) { return NUSSL_FAILED; } /* this function returns the number of CRLs processed * or a negative value on error. */ ret = gnutls_certificate_set_x509_crl_file(sess->ssl_context->cred, crl_file, GNUTLS_X509_FMT_PEM); return (ret > 0) ? NUSSL_OK : NUSSL_FAILED; } int nussl_ssl_set_ca_file(nussl_session *sess, const char *cafile) { int ret; nussl_ssl_certificate *ca; ca = nussl_ssl_cert_read(cafile); if (ca == NULL) { nussl_set_error(sess, _("Unable to load trust certificate")); return NUSSL_ERROR; } ret = nussl_ssl_context_trustcert(sess->ssl_context, ca); if (ret == NUSSL_OK) sess->check_peer_cert = 1; return ret; } /* Read the contents of file FILENAME into *DATUM. */ int read_to_datum(const char *filename, gnutls_datum * datum) { FILE *f = fopen(filename, "r"); nussl_buffer *buf; char tmp[4192]; size_t len; if (!f) { return -1; } buf = nussl_buffer_ncreate(8192); while ((len = fread(tmp, 1, sizeof tmp, f)) > 0) { nussl_buffer_append(buf, tmp, len); } if (!feof(f)) { nussl_buffer_destroy(buf); return -1; } datum->size = nussl_buffer_size(buf); datum->data = (unsigned char *) nussl_buffer_finish(buf); return 0; } /* Parses a PKCS#12 structure and loads the certificate, private key * and friendly name if possible. Returns zero on success, non-zero * on error. */ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey * pkey, gnutls_x509_crt * x5, char **friendly_name, const char *password) { gnutls_pkcs12_bag bag = NULL; int i, j, ret = 0; for (i = 0; ret == 0; ++i) { if (bag) gnutls_pkcs12_bag_deinit(bag); ret = gnutls_pkcs12_bag_init(&bag); if (ret < 0) continue; ret = gnutls_pkcs12_get_bag(p12, i, bag); if (ret < 0) continue; gnutls_pkcs12_bag_decrypt(bag, password); for (j = 0; ret == 0 && j < gnutls_pkcs12_bag_get_count(bag); ++j) { gnutls_pkcs12_bag_type type; gnutls_datum data; if (friendly_name && *friendly_name == NULL) { char *name = NULL; gnutls_pkcs12_bag_get_friendly_name(bag, j, &name); if (name) { if (name[0] == '.') name++; /* weird GnuTLS bug? */ *friendly_name = nussl_strdup(name); } } type = gnutls_pkcs12_bag_get_type(bag, j); switch (type) { case GNUTLS_BAG_PKCS8_KEY: case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: gnutls_x509_privkey_init(pkey); ret = gnutls_pkcs12_bag_get_data(bag, j, &data); if (ret < 0) continue; ret = gnutls_x509_privkey_import_pkcs8(*pkey, &data, GNUTLS_X509_FMT_DER, password, 0); if (ret < 0) continue; break; case GNUTLS_BAG_CERTIFICATE: gnutls_x509_crt_init(x5); ret = gnutls_pkcs12_bag_get_data(bag, j, &data); if (ret < 0) continue; ret = gnutls_x509_crt_import(*x5, &data, GNUTLS_X509_FMT_DER); if (ret < 0) continue; break; default: break; } } } /* Make sure last bag is freed */ if (bag) gnutls_pkcs12_bag_deinit(bag); /* Free in case of error */ if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { if (*x5) gnutls_x509_crt_deinit(*x5); if (*pkey) gnutls_x509_privkey_deinit(*pkey); if (friendly_name && *friendly_name) nussl_free(*friendly_name); } if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) ret = 0; return ret; } nussl_ssl_client_cert *nussl_ssl_clicert_read(const char *filename) { int ret; gnutls_datum data; gnutls_pkcs12 p12; nussl_ssl_client_cert *cc; char *friendly_name = NULL; gnutls_x509_crt cert = NULL; gnutls_x509_privkey pkey = NULL; if (read_to_datum(filename, &data)) return NULL; if (gnutls_pkcs12_init(&p12) != 0) { return NULL; } ret = gnutls_pkcs12_import(p12, &data, GNUTLS_X509_FMT_DER, 0); nussl_free(data.data); if (ret < 0) { gnutls_pkcs12_deinit(p12); return NULL; } if (gnutls_pkcs12_verify_mac(p12, "") == 0) { if (pkcs12_parse(p12, &pkey, &cert, &friendly_name, "") != 0) { gnutls_pkcs12_deinit(p12); return NULL; } cc = nussl_calloc(sizeof *cc); cc->pkey = pkey; cc->decrypted = 1; cc->friendly_name = friendly_name; populate_cert(&cc->cert, cert); gnutls_pkcs12_deinit(p12); cc->p12 = NULL; return cc; } else { /* TODO: calling pkcs12_parse() here to find the friendly_name * seems to break horribly. */ cc = nussl_calloc(sizeof *cc); cc->p12 = p12; return cc; } } int nussl_ssl_clicert_encrypted(const nussl_ssl_client_cert * cc) { return !cc->decrypted; } int nussl_ssl_clicert_decrypt(nussl_ssl_client_cert * cc, const char *password) { int ret; gnutls_x509_crt cert = NULL; gnutls_x509_privkey pkey = NULL; if (gnutls_pkcs12_verify_mac(cc->p12, password) != 0) { return -1; } ret = pkcs12_parse(cc->p12, &pkey, &cert, NULL, password); if (ret < 0) return ret; gnutls_pkcs12_deinit(cc->p12); populate_cert(&cc->cert, cert); cc->pkey = pkey; cc->decrypted = 1; cc->p12 = NULL; return 0; } const nussl_ssl_certificate *nussl_ssl_clicert_owner(const nussl_ssl_client_cert * cc) { return &cc->cert; } const char *nussl_ssl_clicert_name(const nussl_ssl_client_cert * ccert) { return ccert->friendly_name; } nussl_ssl_certificate *nussl_ssl_cert_read(const char *filename) { int ret; gnutls_datum data; gnutls_x509_crt x5; if (read_to_datum(filename, &data)) return NULL; if (gnutls_x509_crt_init(&x5) != 0) return NULL; ret = gnutls_x509_crt_import(x5, &data, GNUTLS_X509_FMT_PEM); nussl_free(data.data); if (ret < 0) { gnutls_x509_crt_deinit(x5); return NULL; } return populate_cert(nussl_calloc (sizeof(struct nussl_ssl_certificate_s)), x5); } int nussl_ssl_cert_write(const nussl_ssl_certificate * cert, const char *filename) { unsigned char buffer[10 * 1024]; size_t len = sizeof buffer; FILE *fp = fopen(filename, "w"); if (fp == NULL) return -1; if (gnutls_x509_crt_export (cert->subject, GNUTLS_X509_FMT_PEM, buffer, &len) < 0) { fclose(fp); return -1; } if (fwrite(buffer, len, 1, fp) != 1) { fclose(fp); return -1; } if (fclose(fp) != 0) return -1; return 0; } void nussl_ssl_cert_free(nussl_ssl_certificate * cert) { gnutls_x509_crt_deinit(cert->subject); if (cert->identity) nussl_free(cert->identity); if (cert->issuer) nussl_ssl_cert_free(cert->issuer); nussl_free(cert); } int nussl_ssl_cert_cmp(const nussl_ssl_certificate * c1, const nussl_ssl_certificate * c2) { char digest1[NUSSL_SSL_DIGESTLEN], digest2[NUSSL_SSL_DIGESTLEN]; if (nussl_ssl_cert_digest(c1, digest1) || nussl_ssl_cert_digest(c2, digest2)) { return -1; } return strcmp(digest1, digest2); } nussl_ssl_client_cert *nussl_ssl_import_keypair(const char *cert_file, const char *key_file) { nussl_ssl_client_cert *keypair = NULL; gnutls_datum cert_raw; gnutls_datum key_raw; keypair = nussl_calloc(sizeof(nussl_ssl_client_cert)); if (keypair == NULL) return NULL; keypair->decrypted = 1; keypair->p12 = NULL; keypair->friendly_name = NULL; if (gnutls_x509_crt_init(&keypair->cert.subject) < 0) return NULL; if (read_to_datum(cert_file, &cert_raw) != NUSSL_OK) return NULL; if (gnutls_x509_crt_import (keypair->cert.subject, &cert_raw, GNUTLS_X509_FMT_PEM) < 0) return NULL; if (populate_cert(&keypair->cert, keypair->cert.subject) == NULL) return NULL; if (gnutls_x509_privkey_init(&keypair->pkey) < 0) return NULL; if (read_to_datum(key_file, &key_raw) != NUSSL_OK) return NULL; if (gnutls_x509_privkey_import (keypair->pkey, &key_raw, GNUTLS_X509_FMT_PEM) < 0) return NULL; return keypair; } /* The certificate import/export format is the base64 encoding of the * raw DER; PEM without the newlines and wrapping. */ nussl_ssl_certificate *nussl_ssl_cert_import(const char *data) { int ret; size_t len; unsigned char *der; gnutls_datum buffer = { NULL, 0 }; gnutls_x509_crt x5; if (gnutls_x509_crt_init(&x5) != 0) return NULL; /* decode the base64 to get the raw DER representation */ len = nussl_unbase64(data, &der); if (len == 0) return NULL; buffer.data = der; buffer.size = len; ret = gnutls_x509_crt_import(x5, &buffer, GNUTLS_X509_FMT_DER); nussl_free(der); if (ret < 0) { gnutls_x509_crt_deinit(x5); return NULL; } return populate_cert(nussl_calloc (sizeof(struct nussl_ssl_certificate_s)), x5); } char *nussl_ssl_cert_export(const nussl_ssl_certificate * cert) { unsigned char *der; size_t len = 0; char *ret; /* find the length of the DER encoding. */ if (gnutls_x509_crt_export (cert->subject, GNUTLS_X509_FMT_DER, NULL, &len) != GNUTLS_E_SHORT_MEMORY_BUFFER) { return NULL; } der = nussl_malloc(len); if (gnutls_x509_crt_export (cert->subject, GNUTLS_X509_FMT_DER, der, &len)) { nussl_free(der); return NULL; } ret = nussl_base64(der, len); nussl_free(der); return ret; } int nussl_ssl_cert_digest(const nussl_ssl_certificate * cert, char *digest) { char sha1[20], *p; int j; size_t len = sizeof sha1; if (gnutls_x509_crt_get_fingerprint(cert->subject, GNUTLS_DIG_SHA, sha1, &len) < 0) return -1; for (j = 0, p = digest; j < 20; j++) { *p++ = NUSSL_HEX2ASC((sha1[j] >> 4) & 0x0f); *p++ = NUSSL_HEX2ASC(sha1[j] & 0x0f); *p++ = ':'; } *--p = '\0'; return 0; } int nussl_get_peer_dn(nussl_session * sess, char *buf, size_t * buf_size) { if (sess->peer_cert == NULL) return NUSSL_ERROR; if (gnutls_x509_crt_get_dn (sess->peer_cert->subj_dn.cert, buf, buf_size)) return NUSSL_ERROR; return NUSSL_OK; } void *nussl_get_ctx(nussl_session * sess) { if (!sess || !sess->ssl_context) return NULL; return NULL; } int nussl__ssl_init(void) { #ifdef NUSSL_HAVE_TS_SSL gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); #endif return gnutls_global_init(); } void nussl__ssl_exit(void) { /* No way to unregister the thread callbacks. Doomed. */ #if LIBGNUTLS_VERSION_MAJOR > 1 || LIBGNUTLS_VERSION_MINOR > 3 \ || (LIBGNUTLS_VERSION_MINOR == 3 && LIBGNUTLS_VERSION_PATCH >= 3) /* It's safe to call gnutls_global_deinit() here only with * gnutls >= 1.3., since older versions don't refcount and * doing so would prevent any other use of gnutls within * the process. */ gnutls_global_deinit(); #endif } int nussl_ssl_accept(nussl_ssl_socket * ssl, unsigned int timeout, char *errbuf, size_t errbufsz) { gnutls_session session = *(gnutls_session*)ssl; int ret, continue_loop=1; int sock; int blocking_state; int was_writing=0; fd_set fd_r, fd_w; struct timeval tv; if (timeout == 0) { ret = gnutls_handshake(session); if (ret == 0) return 1; /* success */ else return -1; } sock = (int) (long)gnutls_transport_get_ptr(session); blocking_state = fcntl(sock,F_GETFL); fcntl(sock,F_SETFL,(fcntl(sock,F_GETFL)|O_NONBLOCK)); ret = -1; do { ret = gnutls_handshake(session); if (ret == 0) { /* handshake ok */ ret = 1; continue_loop = 0; break; } if (gnutls_error_is_fatal(ret)) { snprintf(errbuf, errbufsz, "%s", gnutls_strerror(ret)); ret = -1; continue_loop = 0; break; } switch (ret) { case GNUTLS_E_AGAIN: case GNUTLS_E_INTERRUPTED: was_writing = gnutls_record_get_direction(session); break; default: snprintf(errbuf, errbufsz, "%s", gnutls_strerror(ret)); ret = -1; continue_loop = 0; break; } /* we need to wait before continuing the handshake */ FD_ZERO(&fd_r); FD_ZERO(&fd_w); tv.tv_usec = 0; tv.tv_sec = timeout; if (was_writing) { FD_SET(sock,&fd_w); } else { FD_SET(sock,&fd_r); } ret = select(sock + 1, &fd_r, &fd_w, NULL, &tv); if ( ! (FD_ISSET(sock,&fd_r) || FD_ISSET(sock,&fd_w)) ) { /* timeout */ continue_loop = 0; ret = 0; break; } ret = 1; } while (continue_loop); /* restore blocking state */ fcntl(sock,F_SETFL,blocking_state); return ret; } #endif /* HAVE_GNUTLS */ nufw-2.4.3/src/libs/nubase/0000777000175000017500000000000011431215437012502 500000000000000nufw-2.4.3/src/libs/nubase/ext_proto.c0000644000175000017500000000430511431206275014607 00000000000000/* ** Copyright(C) 2009 INL ** Written by Eric Leblond ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifdef HAVE_CONFIG_H #include #endif #include "nubase.h" #include /* sscanf() */ #include /* sscanf() */ #include #define NU_SASL_FAIL -1 #define NU_SASL_OK 0 int process_ext_message(char *buf, int bufsize, struct llist_head * ext_proto_l, void *data) { char pbuf[1024]; char *lbuf = buf; int state = EXT_PROTO_OUTSIDE; int i, ret; struct proto_ext_t *p_ext_proto = NULL; struct proto_ext_t *pos; do { sscanf(lbuf,"%s", pbuf); lbuf += strlen(pbuf) + 1; switch (state) { case EXT_PROTO_OUTSIDE: /* should find "BEGIN" */ if (! strcmp(pbuf, "BEGIN")) { state = EXT_PROTO_START; p_ext_proto = NULL; } break; case EXT_PROTO_START: /* iter on entries */ llist_for_each_entry(pos, ext_proto_l, list) { if (! strcmp(pbuf, pos->name)) { p_ext_proto = pos; state = EXT_PROTO_CMD; break; } } if (p_ext_proto == NULL) { /* unknown protocol */ return NU_SASL_FAIL; } break; case EXT_PROTO_CMD: if (! strcmp(pbuf, "END")) { state = EXT_PROTO_OUTSIDE; } for (i = 0; i < p_ext_proto->ncmd; i++) { if (! strcmp(pbuf, p_ext_proto->cmd[i].cmdname)) { /* call callback */ ret = p_ext_proto->cmd[i].callback(&lbuf, bufsize - (lbuf - buf), data); if (ret != NU_SASL_OK) { return ret; } } } break; } } while (lbuf < buf + bufsize); return NU_SASL_OK; } nufw-2.4.3/src/libs/nubase/Makefile.in0000644000175000017500000003410211431215400014451 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libs/nubase DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = LTLIBRARIES = $(noinst_LTLIBRARIES) libnubase_la_LIBADD = am_libnubase_la_OBJECTS = config-table.lo log.lo ipv6.lo \ packet_parser.lo strings.lo ext_proto.lo libnubase_la_OBJECTS = $(am_libnubase_la_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libnubase_la_SOURCES) DIST_SOURCES = $(libnubase_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ noinst_LTLIBRARIES = libnubase.la EXTRA_DIST = linuxlist.h config-table.h ipv6.h log.h nubase.h packet_parser.h strings.h ext_proto.h AM_CPPFLAGS = -I$(top_srcdir)/src/include/ libnubase_la_SOURCES = \ config-table.c \ log.c \ ipv6.c \ packet_parser.c \ strings.c \ ext_proto.c all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libs/nubase/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libs/nubase/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh clean-noinstLTLIBRARIES: -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done libnubase.la: $(libnubase_la_OBJECTS) $(libnubase_la_DEPENDENCIES) $(LINK) $(libnubase_la_OBJECTS) $(libnubase_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/config-table.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext_proto.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipv6.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/packet_parser.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strings.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-noinstLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/libs/nubase/config-table.h0000644000175000017500000000412211431206275015120 00000000000000/* ** Copyright(C) 2008-2009 INL ** Written by Sebastien Tricaud ** Pierre Chifflier ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef _CONFIG_TABLE_H_ #define _CONFIG_TABLE_H_ #include "linuxlist.h" struct config_table_t { struct llist_head list; void *key; void *value; } config_table_t; char *nubase_config_table_get(struct llist_head *config_table_list, const char *key); char *nubase_config_table_get_alwaysstring(struct llist_head *config_table_list, char *key); char *nubase_config_table_get_or_default(struct llist_head *config_table_list, char *key, char *replace); int nubase_config_table_get_or_default_int(struct llist_head *config_table_list, char *key, int defint); struct config_table_t *nubase_config_table_append(struct llist_head *config_table_list, char *key, char *value); struct config_table_t *nubase_config_table_append_with_section(struct llist_head *config_table_list, char *section, char *key, char *value); void nubase_config_table_destroy(struct llist_head *config_table_list); struct config_table_t *nubase_config_table_set(struct llist_head *config_table_list, char *key, char *value); struct config_table_t *nubase_config_table_set_with_section(struct llist_head *config_table_list, char *section, char *key, char *value); void nubase_config_table_print(struct llist_head *config_table_list, void *userdata, void (*func)(void *data, char *keyeqval)); #endif /* _CONFIG_TABLE_H_ */ nufw-2.4.3/src/libs/nubase/log.h0000644000175000017500000000554411431206275013360 00000000000000/* ** Copyright(C) 2006-2009 INL ** Written by Victor Stinner ** Pierre Chifflier ** INL http://www.inl.fr/ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NUBASE_LOG_HEADER #define NUBASE_LOG_HEADER #ifdef HAVE_CONFIG_H # include "config.h" #endif #include #ifdef HAVE_STDARG_H # include #endif #include "debug.h" /** \file libs/nubase/log.h * \brief Initialize and write messages in log. * * Some constants used in log, and function prototypes. */ #define SYSLOG_OPTS \ LOG_CONS||LOG_PID /*!< Syslog options of NuFW */ enum log_type_t { LOG_NONE = 0, LOG_TO_STD = 1 << 0, /*!< Value of ::log_engine when using printf() */ LOG_TO_SYSLOG = 1 << 1, /*!< Value of ::log_engine when using syslog() */ LOG_TO_CALLBACK = 1 << 2, /*!< Value of ::log_engine when using a callback */ }; /** \brief Callback prototype, for logs */ typedef void (*log_callback_t)(debug_area_t area, debug_level_t priority, const char *format, va_list args); /** * Log engine used: * - if equals to #LOG_TO_SYSLOG, use syslog * - else use printf() * \see log_printf() */ extern int log_engine; extern int debug_level; /*!< Debug level, default valut: #DEFAULT_DEBUG_LEVEL */ extern int debug_areas; /*!< Debug areas, default value: #DEFAULT_DEBUG_AREAS (all areas) */ void init_log_engine(const char* log_id); void log_printf(debug_level_t priority, const char *format, ...) #ifdef __GNUC__ __attribute__((__format__(printf,2,3))) #endif ; void log_area_printf(debug_area_t area, debug_level_t priority, const char *format, ...) #ifdef __GNUC__ __attribute__((__format__(printf,3,4))) #endif ; /** \def debug_log_printf(area, priority, format, ...) * Call log_area_printf(area, priority, ...) if DEBUG_ENABLE is defined */ #ifdef DEBUG_ENABLE # define debug_log_printf(area, priority, format, args...) \ log_area_printf(area, priority, format, ##args ) #else # define debug_log_printf(area, priority, format, ...) #endif /** \brief Set callback function for log * * This only makes sense when ::log_engine is #LOG_TO_CALLBACK * \return The previously set callback */ log_callback_t nubase_log_set_callback(log_callback_t cb); #endif /* ifndef NUBASE_LOG_HEADER */ nufw-2.4.3/src/libs/nubase/strings.c0000644000175000017500000001136611431206275014262 00000000000000/* ** Copyright (C) 2008 INL ** Written by Sebastien Tricaud ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include #include #include #include /* isspace() */ #include /** * \addtogroup Nubase * * @{ */ /** * * \file nubase/strings.c * \brief String utility functions */ /** * Function snprintf() which check buffer overflow, and always write a '\\0' * to the end of the buffer. * * \param buffer Buffer where characters are written * \param buffer_size Buffer size (in bytes), usually equals to sizeof(buffer) * \param format Format string (see printf() documentation) * \return Returns FALSE if a buffer overflow occurs, TRUE is everything goes fine. */ int secure_snprintf(char *buffer, size_t buffer_size, char *format, ...) { va_list args; int ret; va_start(args, format); #ifdef DEBUG_ENABLE memset(buffer, 0, buffer_size); #else buffer[0] = 0; #endif ret = vsnprintf(buffer, buffer_size, format, args); va_end(args); buffer[buffer_size - 1] = '\0'; if (0 <= ret && ret <= ((int) buffer_size - 1)) return TRUE; else return FALSE; } /** * Function which extracts a string until char 'c' * is found * * \param str input string * \param c character to match the string until * \return Returns NULL if error, or the new allocated string */ char *str_extract_until(const char *str, int c) { unsigned int i; char *newstr; char *last_str; size_t last_size; size_t str_size; size_t newstr_size; last_str = strrchr(str, c); if ( ! last_str ) return NULL; last_size = strlen(last_str); str_size = strlen(str); newstr_size = str_size - last_size; newstr = malloc(newstr_size + 2); if ( ! newstr ) return NULL; for (i=0;i> 4]; hexnum[i * 2 + 1] = hex[val & 0xf]; } hexnum[len * 2] = 0; } /** @} */ nufw-2.4.3/src/libs/nubase/packet_parser.c0000644000175000017500000001715011431206275015411 00000000000000/* ** Copyright(C) 2003-2006 - INL ** Written by Eric Leblond ** Victor Stinner ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /** * \addtogroup Nubase * * @{ */ /** \file packet_parser.c * \brief Functions to parse a network packet * * Functions fill ::tracking_t structure fields. Parser are: IPv4, IPv6, UDP, * TCP, ICMP and ICMP6. */ #include "packet_parser.h" #include #include #include #include #include #include #include /** * Fill IP fields (saddr, daddr and protocol) of the a connection tracking * (::tracking_t) structure. * * \param tracking Pointer to a connection tracking * \param dgram Pointer to packet datas * \param dgram_size Number of bytes in the packet * \return Offset to next type of headers, or 0 if the packet is not recognized */ unsigned int get_ip_headers(tracking_t * tracking, const unsigned char *dgram, unsigned int dgram_size) { #ifdef LINUX struct iphdr *ip = (struct iphdr *) dgram; #endif #ifdef FREEBSD struct ip *ip = (struct ip*) dgram; #endif struct ip6_hdr *ip6 = (struct ip6_hdr *) dgram; unsigned int offset; /* check ip headers minimum size */ #ifdef LINUX if (dgram_size < sizeof(struct iphdr)) #elif defined(FREEBSD) if (dgram_size < sizeof(struct ip)) #endif return 0; /* check IP version (should be IPv4) */ #ifdef LINUX if (ip->version == 4) { /* convert IPv4 addresses to IPv6 addresses in format "::ffff:IPv4" */ uint32_to_ipv6(ip->saddr, &tracking->saddr); uint32_to_ipv6(ip->daddr, &tracking->daddr); /* compute offset to next header and copy protocol */ offset = 4 * ip->ihl; tracking->protocol = ip->protocol; } else if (ip->version == 6) { #else if (ip->ip_v == 4) { /* convert IPv4 addresses to IPv6 addresses in format "::ffff:IPv4" */ uint32_to_ipv6(ip->ip_src.s_addr, &tracking->saddr); uint32_to_ipv6(ip->ip_dst.s_addr, &tracking->daddr); /* compute offset to next header and copy protocol */ offset = 4 * ip->ip_hl; tracking->protocol = ip->ip_p; } else if (ip->ip_v == 6) { #endif unsigned char found_transport_layer = 0; struct ip6_ext *generic_hdr; struct ip6_frag *frag_hdr; /* check buffer underflow */ if (dgram_size < sizeof(struct ip6_hdr)) return 0; /* copy ipv6 addresses */ tracking->saddr = ip6->ip6_src; tracking->daddr = ip6->ip6_dst; /* copy protocol */ tracking->protocol = ip6->ip6_nxt; /* compute offset of next interresting header (udp/tcp/icmp): * skip custom ipv6 headers like Hop-by-hop */ offset = sizeof(struct ip6_hdr); /* offset=40 */ found_transport_layer = 0; do { switch (tracking->protocol) { case IPPROTO_HOPOPTS: case IPPROTO_ROUTING: case IPPROTO_DSTOPTS: case IPPROTO_AH: /* we can use generic extension header since we just need * next header and length of this header */ generic_hdr = (struct ip6_ext *) (dgram + offset); tracking->protocol = generic_hdr->ip6e_nxt; offset += (unsigned int) (generic_hdr-> ip6e_len) * 8; break; case IPPROTO_FRAGMENT: frag_hdr = (struct ip6_frag *) (dgram + offset); tracking->protocol = frag_hdr->ip6f_nxt; offset += 8; /* fragment header has fixed size */ break; case IPPROTO_ESP: case IPPROTO_NONE: /* * - RFC 2460 asks to ignore payload is last "Next Header" * is IPPROTO_NONE. * - For ESP, it's not possible to extract any useful * informations to match ACLs */ found_transport_layer = 1; break; default: /* TCP, UDP, ICMP */ found_transport_layer = 1; break; } } while (!found_transport_layer); } else { offset = 0; } return offset; } /** * Fill UDP fields (source and dest) of a connection tracking * (::tracking_t) structure. * * \param tracking Pointer to a connection tracking * \param dgram Pointer to packet datas * \param dgram_size Number of bytes in the packet * \return If an error occurs return 1, else returns 0 */ int get_udp_headers(tracking_t * tracking, const unsigned char *dgram, unsigned int dgram_size) { #ifdef LINUX struct udphdr *udp = (struct udphdr *) dgram; /* check udp headers minimum size */ if (dgram_size < sizeof(struct udphdr)) return -1; tracking->source = ntohs(udp->source); tracking->dest = ntohs(udp->dest); tracking->type = 0; tracking->code = 0; #else /* TODO ;) */ #endif return 0; } /** * Fill TCP fields (source and dest) of the connection tracking * (::tracking_t) structure. * * \param tracking Pointer to a connection tracking * \param dgram Pointer to packet datas * \param dgram_size Number of bytes in the packet * \return State of the TCP connection (#TCP_STATE_OPEN, * #TCP_STATE_ESTABLISHED, #TCP_STATE_CLOSE), or #TCP_STATE_UNKNOW * if an error occurs. */ tcp_state_t get_tcp_headers(tracking_t * tracking, const unsigned char *dgram, unsigned int dgram_size) { #ifdef LINUX struct tcphdr *tcp = (struct tcphdr *) dgram; /* check icmp headers minimum size */ if (dgram_size < sizeof(struct tcphdr)) return TCP_STATE_UNKNOW; tracking->source = ntohs(tcp->source); tracking->dest = ntohs(tcp->dest); tracking->type = 0; tracking->code = 0; /* test if fin ack or syn */ /* if fin ack return 0 end of connection */ if (tcp->fin || tcp->rst) return TCP_STATE_CLOSE; /* if syn return 1 */ if (tcp->syn) { if (tcp->ack) { return TCP_STATE_ESTABLISHED; } else { return TCP_STATE_OPEN; } } #else /* TODO :P */ #endif return TCP_STATE_UNKNOW; } /** * Fill ICMP fields (type and code) of the connection tracking * (::tracking_t) structure. * * \param tracking Pointer to a connection tracking * \param dgram Pointer to packet datas * \param dgram_size Number of bytes in the packet * \return If an error occurs return 1, else returns 0 */ int get_icmp_headers(tracking_t * tracking, const unsigned char *dgram, unsigned int dgram_size) { #ifdef LINUX struct icmphdr *icmp = (struct icmphdr *) dgram; /* check udp headers minimum size */ if (dgram_size < sizeof(struct icmphdr)) return -1; tracking->source = 0; tracking->dest = 0; tracking->type = icmp->type; tracking->code = icmp->code; #else /* TODO ! */ #endif return 0; } /** * Parse ICMPv6 header: extract type and code fields * for the connection tracking (::tracking_t) structure. * * \param tracking Pointer to a connection tracking * \param dgram Pointer to packet datas * \param dgram_size Number of bytes in the packet * \return If an error occurs return 1, else returns 0 */ int get_icmpv6_headers(tracking_t * tracking, const unsigned char *dgram, unsigned int dgram_size) { struct icmp6_hdr *hdr = (struct icmp6_hdr *) dgram; /* check icmp headers minimum size */ if (dgram_size < sizeof(struct icmp6_hdr)) return -1; tracking->source = 0; tracking->dest = 0; tracking->type = hdr->icmp6_type; tracking->code = hdr->icmp6_code; return 0; } /** @} */ nufw-2.4.3/src/libs/nubase/Makefile.am0000644000175000017500000000045711431206275014460 00000000000000noinst_LTLIBRARIES = libnubase.la EXTRA_DIST = linuxlist.h config-table.h ipv6.h log.h nubase.h packet_parser.h strings.h ext_proto.h AM_CPPFLAGS = -I$(top_srcdir)/src/include/ libnubase_la_SOURCES = \ config-table.c \ log.c \ ipv6.c \ packet_parser.c \ strings.c \ ext_proto.c nufw-2.4.3/src/libs/nubase/ipv6.h0000644000175000017500000000322011431206275013450 00000000000000/* ** Copyright(C) 2007 INL ** Written by Victor Stinner ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NUFW_IPV6_H #define NUFW_IPV6_H #ifdef FREEBSD # include # include #endif #include void clear_ipv6(struct in6_addr *ipv6); void uint32_to_ipv6(const uint32_t ipv4, struct in6_addr *ipv6); void ipv4_to_ipv6(const struct in_addr ipv4, struct in6_addr *ipv6); void ipv6_to_ipv4(const struct in6_addr *ipv6, struct in_addr *ipv4); int is_ipv4(const struct in6_addr *addr); void format_ipv6(const struct in6_addr *addr, char *buffer, size_t buflen, uint8_t *protocol); int getsockname_ipv6(int fileno, struct in6_addr *addr); int hex2ipv6(const char *text, struct in6_addr *ip); int ipv6_equal(const struct in6_addr *ipa, const struct in6_addr *ipb); int compare_ipv6_with_mask(const struct in6_addr *addr1, const struct in6_addr *addr2, const struct in6_addr *mask); void create_ipv6_netmask(struct in6_addr *netmask, int mask); #endif nufw-2.4.3/src/libs/nubase/config-table.c0000644000175000017500000001416411431206275015122 00000000000000/* ** Copyright(C) 2008-2009 INL ** Written by Sebastien Tricaud ** Pierre Chifflier ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include #include #include #include #include "linuxlist.h" #include "config-table.h" /** * \addtogroup Nubase * * @{ */ /** * \file config-table.c * \brief Configuration file parsing function */ char *nubase_config_table_get(struct llist_head *config_table_list, const char *key) { struct config_table_t *config_table; struct llist_head *pos; llist_for_each(pos, config_table_list) { config_table = llist_entry(pos, struct config_table_t, list); if (!strcmp(config_table->key, key)) { return config_table->value; } } return NULL; } char *nubase_config_table_get_alwaysstring(struct llist_head *config_table_list, char *key) { char *str; str = nubase_config_table_get(config_table_list, key); if ( ! str ) return ""; return str; } char *nubase_config_table_get_or_default(struct llist_head *config_table_list, char *key, char *replace) { char *str; str = nubase_config_table_get(config_table_list, key); if (str) { return strdup(str); } else if (replace) { return strdup(replace); } else { return strdup(""); } } struct config_table_t *nubase_config_table_append(struct llist_head *config_table_list, char *key, char *value) { struct config_table_t *config_table; if (nubase_config_table_get(config_table_list, key)) return NULL; config_table = malloc(sizeof(*config_table)); if ( ! config_table ) { errno = ENOMEM; return NULL; } config_table->key = strdup(key); config_table->value = strdup(value); llist_add_tail(&config_table->list, config_table_list); return config_table; } struct config_table_t *nubase_config_table_append_with_section(struct llist_head *config_table_list, char *section, char *key, char *value) { char buffer[4096]; int ret; if (section == NULL || strcasecmp(section,"global")==0) { return nubase_config_table_append(config_table_list, key, value); } ret = snprintf(buffer, sizeof(buffer), "%s/%s", section, key); if (ret >= (int)sizeof(buffer)) return NULL; return nubase_config_table_append(config_table_list, buffer, value); } struct config_table_t *nubase_config_table_set_with_section(struct llist_head *config_table_list, char *section, char *key, char *value) { char buffer[4096]; int ret; if (section == NULL || strcasecmp(section,"global")==0) { return nubase_config_table_set(config_table_list, key, value); } ret = snprintf(buffer, sizeof(buffer), "%s/%s", section, key); if (ret >= (int)sizeof(buffer)) return NULL; return nubase_config_table_set(config_table_list, buffer, value); } void nubase_config_table_destroy(struct llist_head *config_table_list) { struct config_table_t *config_table; while(!llist_empty(config_table_list)) { config_table = llist_entry(config_table_list->next, struct config_table_t, list); llist_del(&config_table->list); free(config_table->key); free(config_table->value); free(config_table); } // Reinitialize the list for reuse INIT_LLIST_HEAD(config_table_list); } /* Similar to nubase_config_table_append, * but does not check for existing value * and if it exists, free() it */ struct config_table_t *nubase_config_table_set(struct llist_head *config_table_list, char *key, char *value) { struct config_table_t *config_table; /* It does not exists so we use _append*/ if ( ! nubase_config_table_get(config_table_list, key) ) { return nubase_config_table_append(config_table_list, key, value); } { struct llist_head *pos; llist_for_each(pos, config_table_list) { config_table = llist_entry(pos, struct config_table_t, list); if (!strncmp(key, config_table->key, strlen(config_table->key))) { llist_del(&config_table->list); return nubase_config_table_append(config_table_list, key, value); } } } return NULL; } int nubase_config_table_get_or_default_int(struct llist_head *config_table_list, char *key, int defint) { char *str; int i; str = nubase_config_table_get_or_default(config_table_list, key, str_itoa(defint)); i = atoi(str); return i; } void nubase_config_table_print(struct llist_head *config_table_list, void *userdata, void (*func)(void *data, char *keyeqval)) { struct config_table_t *config_table; char *buffer; size_t buffer_len; struct llist_head *pos; llist_for_each(pos, config_table_list) { config_table = llist_entry(pos, struct config_table_t, list); buffer_len = strlen((const char *)config_table->key) + 1 + strlen((const char *)config_table->value) + 1; buffer = malloc(buffer_len); secure_snprintf(buffer, buffer_len, "%s=%s",(char *)config_table->key, (char *)config_table->value); func(userdata, buffer); free(buffer); } } #ifdef _UNIT_TEST_ #include int main(void) { struct config_table_t *config_table; int i = 0; nubase_config_table_append("foo", "bar"); nubase_config_table_append("foo", "bar"); nubase_config_table_append("nu", "pik"); nubase_config_table_append("tout", "foulcan"); nubase_config_table_append("jean", "nemard"); printf("\n........................\nllist_for_each_entry\n........................\n"); llist_for_each_entry(config_table, &config_table_list, list) { printf("key=%s, value=%s\n", config_table->key, config_table->value); } printf("\n........................\nnubase_config_table_get\n........................\n"); printf("The value for 'nu' is '%s'\n", nubase_config_table_get("nu")); } #endif /** @} */ nufw-2.4.3/src/libs/nubase/log.c0000644000175000017500000001105411431206275013344 00000000000000/* ** Copyright(C) 2006-2009 INL ** Written by Victor Stinner ** Pierre Chifflier ** INL http://www.inl.fr/ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /** * \addtogroup Nubase * * @{ */ /** \file log.c * \brief Initialize and write messages in log. * * Before using the log, call init_log_engine(). After that call log_printf() * as you call printf, you just need a priority as first argument. * * The global variable log_engine choose between printf() (value #LOG_TO_STD) * and syslog() (value #LOG_TO_SYSLOG). */ #include #include #include #include #include #include #include #include "log.h" /** * Log engine used: * - if equals to #LOG_TO_SYSLOG, use syslog * - else use printf() * \see log_printf() */ int log_engine = 0; int debug_level = DEFAULT_DEBUG_LEVEL; /*!< Debug level, default valut: #DEFAULT_DEBUG_LEVEL */ int debug_areas = DEFAULT_DEBUG_AREAS; /*!< Debug areas, default value: #DEFAULT_DEBUG_AREAS (all areas except perf) */ static log_callback_t _log_cb = NULL; /*!< Log callback */ /** * Convert NuFW verbosity level to syslog priority. */ int syslog_priority_map[MAX_DEBUG_LEVEL - MIN_DEBUG_LEVEL + 1] = { LOG_FACILITY || LOG_ALERT, /* DEBUG_LEVEL_FATAL */ LOG_FACILITY || LOG_CRIT, /* DEBUG_LEVEL_CRITICAL */ LOG_FACILITY || LOG_WARNING, /* DEBUG_LEVEL_SERIOUS_WARNING */ LOG_FACILITY || LOG_WARNING, /* DEBUG_LEVEL_WARNING */ LOG_FACILITY || LOG_NOTICE, /* DEBUG_LEVEL_SERIOUS_MESSAGE */ LOG_FACILITY || LOG_NOTICE, /* DEBUG_LEVEL_MESSAGE */ LOG_FACILITY || LOG_INFO, /* DEBUG_LEVEL_INFO */ LOG_FACILITY || LOG_DEBUG, /* DEBUG_LEVEL_DEBUG */ LOG_FACILITY || LOG_DEBUG /* DEBUG_LEVEL_VERBOSE_DEBUG */ }; /** * Initialize log engine: initialize syslog if it's used (see ::log_engine). */ void init_log_engine(const char* log_id) { if (log_engine & LOG_TO_SYSLOG) { openlog(log_id, SYSLOG_OPTS, LOG_FACILITY); } } void nubase_log_engine_set(int engine) { log_engine = engine; } log_callback_t nubase_log_set_callback(log_callback_t cb) { log_callback_t old_cb = _log_cb; _log_cb = cb; return old_cb; } /** * Display a message to log, the syntax for format is the same as printf(). * The priority is used for syslog. */ void do_log_area_printf(int area, int priority, const char *format, va_list args) { va_list ap; /* Don't display message if area is not enabled * or priority is smaller then debug level */ if (!(area & debug_areas) || (debug_level < priority)) return; if (log_engine & LOG_TO_SYSLOG) { va_copy(ap, args); assert(MIN_DEBUG_LEVEL <= priority && priority <= MAX_DEBUG_LEVEL); priority = syslog_priority_map[priority - MIN_DEBUG_LEVEL]; vsyslog(priority, format, ap); va_end(ap); } if (log_engine & LOG_TO_CALLBACK) { va_copy(ap, args); (_log_cb)(area, priority, format, ap); va_end(ap); } if (log_engine & LOG_TO_STD) { time_t current_time; struct tm *current_time_tm; char time_str[10]; /* get time */ current_time = time(NULL); current_time_tm = gmtime(¤t_time); if (0 < strftime(time_str, sizeof(time_str), "%H:%M:%S", current_time_tm)) printf("[%s] ", time_str); va_copy(ap, args); vprintf(format, ap); va_end(ap); printf("\n"); fflush(stdout); } } /** * Display a message to log, the syntax for format is the same as printf(). * The priority is used for syslog. */ void log_area_printf(debug_area_t area, debug_level_t priority, const char *format, ...) { va_list args; va_start(args, format); do_log_area_printf(area, priority, format, args); va_end(args); } /** * Display a message to log, the syntax for format is the same as printf(). * The priority is used for syslog. */ void log_printf(debug_level_t priority, const char *format, ...) { va_list args; va_start(args, format); do_log_area_printf(DEBUG_AREA_ALL, priority, format, args); va_end(args); } /** @} */ nufw-2.4.3/src/libs/nubase/nubase.h0000644000175000017500000000237511431206275014053 00000000000000/* ** Copyright (C) 2008 INL ** Written by Sebastien Tricaud ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NUBASE_HEADER #define NUBASE_HEADER #ifdef HAVE_CONFIG_H # include "config.h" #endif #ifndef FALSE #define FALSE 0 #endif #ifndef TRUE #define TRUE 1 #endif #include #include "config-table.h" #include "ipv6.h" #include "log.h" #include "packet_parser.h" #include "strings.h" #include "ext_proto.h" typedef enum { NU_EXIT_ERROR = -1, NU_EXIT_OK = 0, NU_EXIT_NO_RETURN, NU_EXIT_CONTINUE } nu_error_t; #endif /* ifndef NUBASE_HEADER */ nufw-2.4.3/src/libs/nubase/ext_proto.h0000644000175000017500000000226111431206275014613 00000000000000/* ** Copyright(C) 2009 INL ** Written by Eric Leblond ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ** */ typedef enum _ext_proto_state_t { EXT_PROTO_OUTSIDE, EXT_PROTO_START, EXT_PROTO_CMD, EXT_PROTO_END, } ext_proto_state_t; struct proto_ext_cmd_t { char *cmdname; int nargs; int (*callback)(char **buf, int bufsize, void *data); }; struct proto_ext_t { struct llist_head list; char * name; int ncmd; struct proto_ext_cmd_t cmd[]; }; int process_ext_message(char *buf, int bufsize, struct llist_head *ext_proto, void *data); nufw-2.4.3/src/libs/nubase/ipv6.c0000644000175000017500000001546411431206275013460 00000000000000/* ** Copyright(C) 2007 INL ** Written by Victor Stinner ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #include #include /* sscanf() */ #include /* SCNx32 */ #include #include #include #ifdef HAVE_CONFIG_H #include #endif /** \defgroup Nubase Nubase Library * \brief This is a convenient library use in different part of NuFW. * * @{ */ /** * \file ipv6.c * \brief IPv6 related function */ /** * Set IPv6 address to "empty" address ("::") */ void clear_ipv6(struct in6_addr *ipv6) { memset(ipv6, 0, sizeof(*ipv6)); } /** * Convert IPv4 address (as 32-bit unsigned integer) to IPv6 address: * add 96 bits prefix "::ffff:" to get IPv6 address "::ffff:a.b.c.d". */ void uint32_to_ipv6(const uint32_t ipv4, struct in6_addr *ipv6) { #ifdef LINUX ipv6->s6_addr32[0] = 0x00000000; ipv6->s6_addr32[1] = 0x00000000; ipv6->s6_addr32[2] = htonl(0xffff); ipv6->s6_addr32[3] = ipv4; #else ipv6->__u6_addr.__u6_addr32[0] = 0x00000000; ipv6->__u6_addr.__u6_addr32[1] = 0x00000000; ipv6->__u6_addr.__u6_addr32[2] = htonl(0xffff); ipv6->__u6_addr.__u6_addr32[3] = ipv4; #endif } /** * Convert IPv4 address (as in_addr struture) to IPv6 address: * add 96 bits prefix "::ffff:" to get IPv6 address "::ffff:a.b.c.d". */ void ipv4_to_ipv6(const struct in_addr ipv4, struct in6_addr *ipv6) { uint32_to_ipv6(ipv4.s_addr, ipv6); } /** * Convert IPv6 address (as in6_addr struture) to IPv4 address (in_addr): * copy 32 bits address. */ void ipv6_to_ipv4(const struct in6_addr *ipv6, struct in_addr *ipv4) { #ifdef LINUX ipv4->s_addr = ntohl(ipv6->s6_addr32[3]); #else ipv4->s_addr = ntohl(ipv6->__u6_addr.__u6_addr32[3]); #endif } /** * Check if a IPv6 address is a IPv4 or not. * * \return 1 for IPv4 and 0 for IPv6 */ int is_ipv4(const struct in6_addr *addr) { #ifdef LINUX if (ntohl(addr->s6_addr32[2]) != 0x0000ffff) return 0; if (addr->s6_addr32[0] != 0 || addr->s6_addr32[1] != 0) return 0; #else if (ntohl(addr->__u6_addr.__u6_addr32[2]) != 0x0000ffff) return 0; if (addr->__u6_addr.__u6_addr32[0] != 0 || addr->__u6_addr.__u6_addr32[1] != 0) return 0; #endif return 1; } /** * Format IPv6 address in specified string buffer. * Use IPv4 format ("192.168.0.1") for IPv4 in IPv6 address (::ffff:192.168.0.2). * * If protocol is not NULL, it will contains the address family: * AF_INET (IPv4) or AF_INET6 (IPv6). * * Returns new allocated string. */ void format_ipv6(const struct in6_addr *addr, char *buffer, size_t buflen, uint8_t *protocol) { if (is_ipv4(addr)) { struct in_addr addr4; #ifdef LINUX addr4.s_addr = addr->s6_addr32[3]; #else addr4.s_addr = addr->__u6_addr.__u6_addr32[3]; #endif if (protocol) *protocol = AF_INET; if (inet_ntop(AF_INET, &addr4, buffer, buflen) == NULL) { /* error */ SECURE_STRNCPY(buffer, "", buflen); } } else { if (protocol) *protocol = AF_INET6; if (inet_ntop(AF_INET6, addr, buffer, buflen) == NULL) { /* error */ SECURE_STRNCPY(buffer, "", buflen); } } /* always write nul byte at the end */ if (0 < buflen) buffer[buflen-1] = 0; } /** * Get socket "name" (local address) as IPv6 address * * \return 0 on error, 1 on success */ int getsockname_ipv6(int fileno, struct in6_addr *addr) { struct sockaddr_storage peer_storage; socklen_t peerlen = sizeof(peer_storage) ; int ret; ret = getsockname(fileno, (struct sockaddr*)&peer_storage, &peerlen); if (ret != 0 ) { clear_ipv6(addr); return 0; } if (peer_storage.ss_family == AF_INET6) { struct sockaddr_in6 *peer6 = (struct sockaddr_in6 *)&peer_storage; *addr = peer6->sin6_addr; return 1; } else if (peer_storage.ss_family == AF_INET) { struct sockaddr_in *peer4 = (struct sockaddr_in *)&peer_storage; ipv4_to_ipv6(peer4->sin_addr, addr); return 1; } else { clear_ipv6(addr); return 0; } } /** * Convert an IPv6 address as hexadecimal without ":" separator (32 characters) * into in6_addr structure. * * \return Returns 0 on failure, or 1 on error. */ int hex2ipv6(const char *text, struct in6_addr *ip) { #ifdef LINUX # define READ(text, index) sscanf((text), "%08" SCNx32, (uint32_t *) &ip->s6_addr32[index]) #else # define READ(text, index) sscanf((text), "%08" SCNx32, (uint32_t *) &ip->__u6_addr.__u6_addr32[index]) #endif /* Copy text */ char copy[33]; if (strlen(text) != 32) return 0; SECURE_STRNCPY(copy, text, sizeof(copy)); if (READ(copy + 8 * 3, 3) != 1) return 0; copy[8 * 3] = 0; if (READ(copy + 8 * 2, 2) != 1) return 0; copy[8 * 2] = 0; if (READ(copy + 8 * 1, 1) != 1) return 0; copy[8] = 0; if (READ(copy + 8 * 0, 0) != 1) return 0; return 1; #undef READ } /** * Compare two IPv6 addresses. * * \return 1 on equality, 0 otherwise. */ int ipv6_equal(const struct in6_addr *ipa, const struct in6_addr *ipb) { return memcmp(ipa, ipb, sizeof(struct in6_addr)) == 0; } /** * Compare addr1 with (addr2 & netmask) * * \return 0 if they match, integer different than zero otherwise (memcmp result) */ int compare_ipv6_with_mask( const struct in6_addr *addr1, const struct in6_addr *addr2, const struct in6_addr *mask) { struct in6_addr masked = *addr2; #ifdef LINUX masked.s6_addr32[0] &= mask->s6_addr32[0]; masked.s6_addr32[1] &= mask->s6_addr32[1]; masked.s6_addr32[2] &= mask->s6_addr32[2]; masked.s6_addr32[3] &= mask->s6_addr32[3]; #else masked.__u6_addr.__u6_addr32[0] &= mask->__u6_addr.__u6_addr32[0]; masked.__u6_addr.__u6_addr32[1] &= mask->__u6_addr.__u6_addr32[1]; masked.__u6_addr.__u6_addr32[2] &= mask->__u6_addr.__u6_addr32[2]; masked.__u6_addr.__u6_addr32[3] &= mask->__u6_addr.__u6_addr32[3]; #endif return memcmp(addr1, &masked, sizeof(struct in6_addr)); } /** * Create an IPv6 netmask */ void create_ipv6_netmask(struct in6_addr *netmask, int mask) { uint32_t *p_netmask; memset(netmask, 0, sizeof(struct in6_addr)); if (mask < 0) { mask = 0; } else if (128 < mask) { mask = 128; } #ifdef LINUX p_netmask = &netmask->s6_addr32[0]; #else p_netmask = &netmask->__u6_addr.__u6_addr32[0]; #endif while (32 < mask) { *p_netmask = 0xffffffff; p_netmask++; mask -= 32; } if (mask != 0) { *p_netmask = htonl(0xFFFFFFFF << (32 - mask)); } } /** @} */ nufw-2.4.3/src/libs/nubase/linuxlist.h0000644000175000017500000002544511431206275014634 00000000000000#ifndef _LINUX_LLIST_H #define _LINUX_LLIST_H #include #ifndef inline #define inline __inline #endif /** \cond LINUX_KERNEL */ static inline void prefetch(const void *x) {;} /** * container_of - cast a member of a structure out to the containing structure * * @ptr: the pointer to the member. * @type: the type of the container struct this is embedded in. * @member: the name of the member within the struct. * */ // KM: #if WIN32 #define container_of(ptr, type, member) \ (type *)( (char *)ptr - offsetof(type,member) ); #else #define container_of(ptr, type, member) ({ \ const typeof( ((type *)0)->member ) *__mptr = (ptr); \ (type *)( (char *)__mptr - offsetof(type,member) );}) #endif /* * These are non-NULL pointers that will result in page faults * under normal circumstances, used to verify that nobody uses * non-initialized llist entries. */ #define LLIST_POISON1 ((void *) 0x00100100) #define LLIST_POISON2 ((void *) 0x00200200) /* * Simple doubly linked llist implementation. * * Some of the internal functions ("__xxx") are useful when * manipulating whole llists rather than single entries, as * sometimes we already know the next/prev entries and we can * generate better code by using them directly rather than * using the generic single-entry routines. */ struct llist_head { struct llist_head *next, *prev; }; #define LLIST_HEAD_INIT(name) { &(name), &(name) } #define LLIST_HEAD(name) \ struct llist_head name = LLIST_HEAD_INIT(name) #define INIT_LLIST_HEAD(ptr) do { \ (ptr)->next = (ptr); (ptr)->prev = (ptr); \ } while (0) /* * Insert a new entry between two known consecutive entries. * * This is only for internal llist manipulation where we know * the prev/next entries already! */ static inline void __llist_add(struct llist_head *new, struct llist_head *prev, struct llist_head *next) { next->prev = new; new->next = next; new->prev = prev; prev->next = new; } /** * llist_add - add a new entry * @new: new entry to be added * @head: llist head to add it after * * Insert a new entry after the specified head. * This is good for implementing stacks. */ static inline void llist_add(struct llist_head *new, struct llist_head *head) { __llist_add(new, head, head->next); } /** * llist_add_tail - add a new entry * @new: new entry to be added * @head: llist head to add it before * * Insert a new entry before the specified head. * This is useful for implementing queues. */ static inline void llist_add_tail(struct llist_head *new, struct llist_head *head) { __llist_add(new, head->prev, head); } /* * Delete a llist entry by making the prev/next entries * point to each other. * * This is only for internal llist manipulation where we know * the prev/next entries already! */ static inline void __llist_del(struct llist_head * prev, struct llist_head * next) { next->prev = prev; prev->next = next; } /** * llist_del - deletes entry from llist. * @entry: the element to delete from the llist. * Note: llist_empty on entry does not return true after this, the entry is * in an undefined state. */ static inline void llist_del(struct llist_head *entry) { __llist_del(entry->prev, entry->next); entry->next = LLIST_POISON1; entry->prev = LLIST_POISON2; } /** * llist_del_init - deletes entry from llist and reinitialize it. * @entry: the element to delete from the llist. */ static inline void llist_del_init(struct llist_head *entry) { __llist_del(entry->prev, entry->next); INIT_LLIST_HEAD(entry); } /** * llist_move - delete from one llist and add as another's head * @llist: the entry to move * @head: the head that will precede our entry */ static inline void llist_move(struct llist_head *llist, struct llist_head *head) { __llist_del(llist->prev, llist->next); llist_add(llist, head); } /** * llist_move_tail - delete from one llist and add as another's tail * @llist: the entry to move * @head: the head that will follow our entry */ static inline void llist_move_tail(struct llist_head *llist, struct llist_head *head) { __llist_del(llist->prev, llist->next); llist_add_tail(llist, head); } /** * llist_empty - tests whether a llist is empty * @head: the llist to test. */ static inline int llist_empty(const struct llist_head *head) { return head->next == head; } static inline void __llist_splice(struct llist_head *llist, struct llist_head *head) { struct llist_head *first = llist->next; struct llist_head *last = llist->prev; struct llist_head *at = head->next; first->prev = head; head->next = first; last->next = at; at->prev = last; } /** * llist_splice - join two llists * @llist: the new llist to add. * @head: the place to add it in the first llist. */ static inline void llist_splice(struct llist_head *llist, struct llist_head *head) { if (!llist_empty(llist)) __llist_splice(llist, head); } /** * llist_splice_init - join two llists and reinitialise the emptied llist. * @llist: the new llist to add. * @head: the place to add it in the first llist. * * The llist at @llist is reinitialised */ static inline void llist_splice_init(struct llist_head *llist, struct llist_head *head) { if (!llist_empty(llist)) { __llist_splice(llist, head); INIT_LLIST_HEAD(llist); } } /** * llist_entry - get the struct for this entry * @ptr: the &struct llist_head pointer. * @type: the type of the struct this is embedded in. * @member: the name of the llist_struct within the struct. */ #define llist_entry(ptr, type, member) \ container_of(ptr, type, member) /** * llist_for_each - iterate over a llist * @pos: the &struct llist_head to use as a loop counter. * @head: the head for your llist. */ #define llist_for_each(pos, head) \ for (pos = (head)->next, prefetch(pos->next); pos != (head); \ pos = pos->next, prefetch(pos->next)) /** * __llist_for_each - iterate over a llist * @pos: the &struct llist_head to use as a loop counter. * @head: the head for your llist. * * This variant differs from llist_for_each() in that it's the * simplest possible llist iteration code, no prefetching is done. * Use this for code that knows the llist to be very short (empty * or 1 entry) most of the time. */ #define __llist_for_each(pos, head) \ for (pos = (head)->next; pos != (head); pos = pos->next) /** * llist_for_each_prev - iterate over a llist backwards * @pos: the &struct llist_head to use as a loop counter. * @head: the head for your llist. */ #define llist_for_each_prev(pos, head) \ for (pos = (head)->prev, prefetch(pos->prev); pos != (head); \ pos = pos->prev, prefetch(pos->prev)) /** * llist_for_each_safe - iterate over a llist safe against removal of llist entry * @pos: the &struct llist_head to use as a loop counter. * @n: another &struct llist_head to use as temporary storage * @head: the head for your llist. */ #define llist_for_each_safe(pos, n, head) \ for (pos = (head)->next, n = pos->next; pos != (head); \ pos = n, n = pos->next) /** * llist_for_each_entry - iterate over llist of given type * @pos: the type * to use as a loop counter. * @head: the head for your llist. * @member: the name of the llist_struct within the struct. */ #define llist_for_each_entry(pos, head, member) \ for (pos = llist_entry((head)->next, typeof(*pos), member), \ prefetch(pos->member.next); \ &pos->member != (head); \ pos = llist_entry(pos->member.next, typeof(*pos), member), \ prefetch(pos->member.next)) /** * llist_for_each_entry_reverse - iterate backwards over llist of given type. * @pos: the type * to use as a loop counter. * @head: the head for your llist. * @member: the name of the llist_struct within the struct. */ #define llist_for_each_entry_reverse(pos, head, member) \ for (pos = llist_entry((head)->prev, typeof(*pos), member), \ prefetch(pos->member.prev); \ &pos->member != (head); \ pos = llist_entry(pos->member.prev, typeof(*pos), member), \ prefetch(pos->member.prev)) /** * llist_for_each_entry_continue - iterate over llist of given type * continuing after existing point * @pos: the type * to use as a loop counter. * @head: the head for your llist. * @member: the name of the llist_struct within the struct. */ #define llist_for_each_entry_continue(pos, head, member) \ for (pos = llist_entry(pos->member.next, typeof(*pos), member), \ prefetch(pos->member.next); \ &pos->member != (head); \ pos = llist_entry(pos->member.next, typeof(*pos), member), \ prefetch(pos->member.next)) /** * llist_for_each_entry_safe - iterate over llist of given type safe against removal of llist entry * @pos: the type * to use as a loop counter. * @n: another type * to use as temporary storage * @head: the head for your llist. * @member: the name of the llist_struct within the struct. */ #define llist_for_each_entry_safe(pos, n, head, member) \ for (pos = llist_entry((head)->next, typeof(*pos), member), \ n = llist_entry(pos->member.next, typeof(*pos), member); \ &pos->member != (head); \ pos = n, n = llist_entry(n->member.next, typeof(*n), member)) /** * llist_for_each_rcu - iterate over an rcu-protected llist * @pos: the &struct llist_head to use as a loop counter. * @head: the head for your llist. */ #define llist_for_each_rcu(pos, head) \ for (pos = (head)->next, prefetch(pos->next); pos != (head); \ pos = pos->next, ({ smp_read_barrier_depends(); 0;}), prefetch(pos->next)) #define __llist_for_each_rcu(pos, head) \ for (pos = (head)->next; pos != (head); \ pos = pos->next, ({ smp_read_barrier_depends(); 0;})) /** * llist_for_each_safe_rcu - iterate over an rcu-protected llist safe * against removal of llist entry * @pos: the &struct llist_head to use as a loop counter. * @n: another &struct llist_head to use as temporary storage * @head: the head for your llist. */ #define llist_for_each_safe_rcu(pos, n, head) \ for (pos = (head)->next, n = pos->next; pos != (head); \ pos = n, ({ smp_read_barrier_depends(); 0;}), n = pos->next) /** * llist_for_each_entry_rcu - iterate over rcu llist of given type * @pos: the type * to use as a loop counter. * @head: the head for your llist. * @member: the name of the llist_struct within the struct. */ #define llist_for_each_entry_rcu(pos, head, member) \ for (pos = llist_entry((head)->next, typeof(*pos), member), \ prefetch(pos->member.next); \ &pos->member != (head); \ pos = llist_entry(pos->member.next, typeof(*pos), member), \ ({ smp_read_barrier_depends(); 0;}), \ prefetch(pos->member.next)) /** * llist_for_each_continue_rcu - iterate over an rcu-protected llist * continuing after existing point. * @pos: the &struct llist_head to use as a loop counter. * @head: the head for your llist. */ #define llist_for_each_continue_rcu(pos, head) \ for ((pos) = (pos)->next, prefetch((pos)->next); (pos) != (head); \ (pos) = (pos)->next, ({ smp_read_barrier_depends(); 0;}), prefetch((pos)->next)) #endif /** \endcond */ nufw-2.4.3/src/libs/nubase/strings.h0000644000175000017500000000236011431206275014261 00000000000000/* ** Copyright(C) 2008 INL ** Written by Sebastien Tricaud ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ int secure_snprintf(char *buffer, size_t buffer_size, char *format, ...) #ifdef __GNUC__ __attribute__((__format__(printf,3,4))) #endif ; char *str_extract_until(const char *str, int c); int str_to_long(const char *text, long *value); int str_to_ulong(const char *text, unsigned long *value); int str_to_int(const char *text, int *value); int str_to_uint32(const char *text, uint32_t * value); char *str_itoa(int i); void bin2hex(int len, unsigned char *binnum, char *hexnum); nufw-2.4.3/src/libs/nubase/packet_parser.h0000644000175000017500000000521311431206275015413 00000000000000/* ** Copyright(C) 2003-2009 - INL ** Written by Eric Leblond ** INL http://www.inl.fr/ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /** \file pckt_authsrv.h * \brief Functions to parse a network packet * * Functions fill ::tracking_t structure fields. Parser are: IPv4, IPv6, UDP, * TCP, ICMP and ICMP6. */ #ifndef PACKET_PARSER_H #define PACKET_PARSER_H #include "ipv6.h" #include /** State of a connection */ typedef enum { TCP_STATE_DROP = 0, /*!< NuAuth decide to drop the connection */ TCP_STATE_OPEN, /*!< A new connection is just created (SYN) */ TCP_STATE_ESTABLISHED, /*!< The connection is established (SYN,ACK) */ TCP_STATE_CLOSE, /*!< The connection is closed (RST) */ TCP_STATE_UNKNOW /*!< Error code of get_tcp_headers() function */ } tcp_state_t; /** * Informations about an IPv4 connection used as key for connection * identification. */ typedef struct { /* Group informations about destination to make * ACL hash function faster. If you change this * structure, please also change hash_acl() and hash_connection() */ struct in6_addr saddr; /*!< IPv6 source address */ struct in6_addr daddr; /*!< IPv6 destination address */ u_int8_t protocol; /*!< IP protocol */ u_int8_t padding; /*!< Padding to 32 bits alignment */ u_int16_t dest; /*!< TCP/UDP destination port */ u_int16_t source; /*!< TCP/UDP source port */ u_int8_t type; /*!< ICMP message type */ u_int8_t code; /*!< ICMP code type */ } tracking_t; unsigned int get_ip_headers(tracking_t * tracking, const unsigned char *dgram, unsigned int dgram_size); int get_udp_headers(tracking_t * tracking, const unsigned char *dgram, unsigned int dgram_size); tcp_state_t get_tcp_headers(tracking_t * tracking, const unsigned char *dgram, unsigned int dgram_size); int get_icmp_headers(tracking_t * tracking, const unsigned char *dgram, unsigned int dgram_size); int get_icmpv6_headers(tracking_t * tracking, const unsigned char *dgram, unsigned int dgram_size); #endif nufw-2.4.3/src/libs/Makefile.am0000644000175000017500000000004511431206275013174 00000000000000SUBDIRS = nubase nuconfparser nussl nufw-2.4.3/src/libs/nuconfparser/0000777000175000017500000000000011431215437013732 500000000000000nufw-2.4.3/src/libs/nuconfparser/t1.conf0000644000175000017500000000036711431206275015047 00000000000000 # comment var_str = "str" var_str_with_comment = "str" # comment var_str2 = "abc#123" var_int = 42 var_redefined = "first" var_redefined = "second" include "t1_included.conf" [section] var_in_section = "str" [global] var_global = "global" nufw-2.4.3/src/libs/nuconfparser/t_conf1.c0000644000175000017500000000544311431206275015351 00000000000000#include #include #include #include "config-parser.h" #include "config-table.h" int assert_conf_vars(struct llist_head *l) { char *var_str; int var_int; /* var_str => "str" */ var_str = nubase_config_table_get(l, "var_str"); if (var_str == NULL || strcmp(var_str,"str") != 0) { fprintf(stderr, "Failed test: nubase_config_table_get(l, \"var_str\")\n"); return 1; } /* var_str2 => "abc#123" */ var_str = nubase_config_table_get(l, "var_str2"); if (var_str == NULL || strcmp(var_str,"abc#123") != 0) { fprintf(stderr, "Failed test: nubase_config_table_get(l, \"var_str2\")\n"); return 1; } /* var_int => "42" */ var_str = nubase_config_table_get(l, "var_int"); if (var_str == NULL || strcmp(var_str,"42") != 0) { fprintf(stderr, "Failed test: nubase_config_table_get(l, \"var_int\")\n"); return 1; } /* var_int => "42" */ var_str = nubase_config_table_get_alwaysstring(l, "var_int"); if (var_str == NULL || strcmp(var_str,"42") != 0) { fprintf(stderr, "Failed test: nubase_config_table_get_alwaysstring(l, \"var_int\")\n"); return 1; } /* var_int => 42 */ var_int = nubase_config_table_get_or_default_int(l, "var_int", -1); if (var_int < 0 || var_int != 42) { fprintf(stderr, "Failed test: nubase_config_table_get_or_default_int(l, \"var_int\", -1)\n"); return 1; } /* var_does_not_exist => NULL */ var_str = nubase_config_table_get(l, "var_does_not_exist"); if (var_str != NULL) { fprintf(stderr, "Failed test: nubase_config_table_get(l, \"var_does_not_exist\")\n"); return 1; } /* var_does_not_exist => "default" */ var_str = nubase_config_table_get_or_default(l, "var_does_not_exist", "default"); if (var_str == NULL || strcmp(var_str,"default") != 0) { fprintf(stderr, "Failed test: nubase_config_table_get_or_default(l, \"var_does_not_exist\", \"default\")\n"); return 1; } /* var_str_included => "str" */ var_str = nubase_config_table_get(l, "var_str_included"); if (var_str == NULL || strcmp(var_str,"str") != 0) { fprintf(stderr, "Failed test: nubase_config_table_get(l, \"var_str_included\")\n"); return 1; } /* var_str_with_comment => "str" */ var_str = nubase_config_table_get(l, "var_str_with_comment"); if (var_str == NULL || strcmp(var_str,"str") != 0) { fprintf(stderr, "Failed test: nubase_config_table_get(l, \"var_str_with_comment\")\n"); fprintf(stderr, "var_str: %s\n", var_str); return 1; } return 0; } int main(int argc, char **argv) { struct llist_head *l; char * srcdir; char conffile[1024]; #ifdef YYDEBUG extern int yydebug; #endif srcdir = getenv("srcdir"); if (srcdir == NULL) exit(1); sprintf(conffile, "%s/%s", srcdir, "t1.conf"); #ifdef YYDEBUG yydebug = 1; #endif l = parse_configuration(conffile); if (l == NULL) exit(1); if (assert_conf_vars(l) != 0) exit(1); exit(0); } nufw-2.4.3/src/libs/nuconfparser/config-parser.lex.c0000644000175000017500000014403111431206275017343 00000000000000 #line 3 "config-parser.lex.c" #define YY_INT_ALIGNED short int /* A lexical scanner generated by flex */ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 #define YY_FLEX_SUBMINOR_VERSION 35 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif /* First, we deal with platform-specific or compiler-specific issues. */ /* begin standard C headers. */ #include #include #include #include /* end standard C headers. */ /* flex integer type definitions */ #ifndef FLEXINT_H #define FLEXINT_H /* C99 systems have . Non-C99 systems may or may not. */ #if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L /* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, * if you want the limit (max/min) macros for int types. */ #ifndef __STDC_LIMIT_MACROS #define __STDC_LIMIT_MACROS 1 #endif #include typedef int8_t flex_int8_t; typedef uint8_t flex_uint8_t; typedef int16_t flex_int16_t; typedef uint16_t flex_uint16_t; typedef int32_t flex_int32_t; typedef uint32_t flex_uint32_t; #else typedef signed char flex_int8_t; typedef short int flex_int16_t; typedef int flex_int32_t; typedef unsigned char flex_uint8_t; typedef unsigned short int flex_uint16_t; typedef unsigned int flex_uint32_t; /* Limits of integral types. */ #ifndef INT8_MIN #define INT8_MIN (-128) #endif #ifndef INT16_MIN #define INT16_MIN (-32767-1) #endif #ifndef INT32_MIN #define INT32_MIN (-2147483647-1) #endif #ifndef INT8_MAX #define INT8_MAX (127) #endif #ifndef INT16_MAX #define INT16_MAX (32767) #endif #ifndef INT32_MAX #define INT32_MAX (2147483647) #endif #ifndef UINT8_MAX #define UINT8_MAX (255U) #endif #ifndef UINT16_MAX #define UINT16_MAX (65535U) #endif #ifndef UINT32_MAX #define UINT32_MAX (4294967295U) #endif #endif /* ! C99 */ #endif /* ! FLEXINT_H */ #ifdef __cplusplus /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST #else /* ! __cplusplus */ /* C99 requires __STDC__ to be defined as 1. */ #if defined (__STDC__) #define YY_USE_CONST #endif /* defined (__STDC__) */ #endif /* ! __cplusplus */ #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif /* Returned upon end-of-file. */ #define YY_NULL 0 /* Promotes a possibly negative, possibly signed char to an unsigned * integer for use as an array index. If the signed char is negative, * we want to instead treat it as an 8-bit unsigned char, hence the * double cast. */ #define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) /* Enter a start condition. This macro really ought to take a parameter, * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ #define BEGIN (yy_start) = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ #define YY_START (((yy_start) - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ #define YY_NEW_FILE yyrestart(yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ #ifndef YY_BUF_SIZE #ifdef __ia64__ /* On IA-64, the buffer size is 16k, not 8k. * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case. * Ditto for the __ia64__ case accordingly. */ #define YY_BUF_SIZE 32768 #else #define YY_BUF_SIZE 16384 #endif /* __ia64__ */ #endif /* The state buf must be large enough to hold one state per character in the main buffer. */ #define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) #ifndef YY_TYPEDEF_YY_BUFFER_STATE #define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; #endif extern int yyleng; extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 #define YY_LESS_LINENO(n) /* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ int yyless_macro_arg = (n); \ YY_LESS_LINENO(yyless_macro_arg);\ *yy_cp = (yy_hold_char); \ YY_RESTORE_YY_MORE_OFFSET \ (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) #define unput(c) yyunput( c, (yytext_ptr) ) #ifndef YY_TYPEDEF_YY_SIZE_T #define YY_TYPEDEF_YY_SIZE_T typedef size_t yy_size_t; #endif #ifndef YY_STRUCT_YY_BUFFER_STATE #define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state { FILE *yy_input_file; char *yy_ch_buf; /* input buffer */ char *yy_buf_pos; /* current position in input buffer */ /* Size of input buffer in bytes, not including room for EOB * characters. */ yy_size_t yy_buf_size; /* Number of characters read into yy_ch_buf, not including EOB * characters. */ int yy_n_chars; /* Whether we "own" the buffer - i.e., we know we created it, * and can realloc() it to grow it, and should free() it to * delete it. */ int yy_is_our_buffer; /* Whether this is an "interactive" input source; if so, and * if we're using stdio for input, then we want to use getc() * instead of fread(), to make sure we stop fetching input after * each newline. */ int yy_is_interactive; /* Whether we're considered to be at the beginning of a line. * If so, '^' rules will be active on the next match, otherwise * not. */ int yy_at_bol; int yy_bs_lineno; /**< The line count. */ int yy_bs_column; /**< The column count. */ /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process * then we mark the buffer as YY_EOF_PENDING, to indicate that we * shouldn't try reading from the input source any more. We might * still have a bunch of tokens to match, though, because of * possible backing-up. * * When we actually see the EOF, we change the status to "new" * (via yyrestart()), so that the user can continue scanning by * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 }; #endif /* !YY_STRUCT_YY_BUFFER_STATE */ /* Stack of input buffers. */ static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". * * Returns the top of the stack, or NULL. */ #define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ : NULL) /* Same as previous macro, but useful when we know that the buffer stack is not * NULL or when we need an lvalue. For internal use only. */ #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; static int yy_n_chars; /* number of characters read into yy_ch_buf */ int yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = (char *) 0; static int yy_init = 0; /* whether we need to initialize */ static int yy_start = 0; /* start state number */ /* Flag which is used to allow yywrap()'s to do buffer switches * instead of setting up a fresh yyin. A bit of a hack ... */ static int yy_did_buffer_switch_on_eof; void yyrestart (FILE *input_file ); void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); void yy_delete_buffer (YY_BUFFER_STATE b ); void yy_flush_buffer (YY_BUFFER_STATE b ); void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); void yypop_buffer_state (void ); static void yyensure_buffer_stack (void ); static void yy_load_buffer_state (void ); static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); #define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); void *yyalloc (yy_size_t ); void *yyrealloc (void *,yy_size_t ); void yyfree (void * ); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ if ( ! YY_CURRENT_BUFFER ){ \ yyensure_buffer_stack (); \ YY_CURRENT_BUFFER_LVALUE = \ yy_create_buffer(yyin,YY_BUF_SIZE ); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ if ( ! YY_CURRENT_BUFFER ){\ yyensure_buffer_stack (); \ YY_CURRENT_BUFFER_LVALUE = \ yy_create_buffer(yyin,YY_BUF_SIZE ); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ } #define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) /* Begin user sect3 */ typedef unsigned char YY_CHAR; FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; typedef int yy_state_type; extern int yylineno; int yylineno = 1; extern char *yytext; #define yytext_ptr yytext static yy_state_type yy_get_previous_state (void ); static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); static int yy_get_next_buffer (void ); static void yy_fatal_error (yyconst char msg[] ); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ (yytext_ptr) = yy_bp; \ yyleng = (size_t) (yy_cp - yy_bp); \ (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ (yy_c_buf_p) = yy_cp; #define YY_NUM_RULES 10 #define YY_END_OF_BUFFER 11 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info { flex_int32_t yy_verify; flex_int32_t yy_nxt; }; static yyconst flex_int16_t yy_accept[38] = { 0, 0, 0, 8, 8, 11, 10, 7, 10, 6, 2, 3, 10, 2, 9, 8, 7, 0, 5, 0, 6, 0, 2, 2, 0, 4, 2, 9, 8, 0, 0, 2, 2, 2, 2, 2, 1, 0 } ; static yyconst flex_int32_t yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 4, 5, 1, 1, 1, 6, 7, 8, 9, 1, 1, 10, 11, 1, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 1, 1, 1, 13, 1, 1, 1, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 15, 16, 17, 1, 14, 1, 14, 14, 18, 19, 20, 14, 14, 14, 21, 14, 14, 22, 14, 23, 14, 14, 14, 14, 14, 14, 24, 14, 14, 14, 14, 14, 1, 25, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 } ; static yyconst flex_int32_t yy_meta[26] = { 0, 1, 2, 3, 1, 1, 1, 4, 5, 1, 6, 6, 6, 1, 6, 1, 1, 1, 6, 6, 6, 6, 6, 6, 6, 5 } ; static yyconst flex_int16_t yy_base[44] = { 0, 0, 0, 24, 26, 89, 108, 28, 28, 0, 26, 108, 68, 28, 0, 82, 38, 32, 108, 49, 0, 33, 48, 39, 52, 44, 31, 0, 53, 50, 51, 42, 42, 43, 49, 50, 24, 108, 74, 80, 86, 89, 95, 101 } ; static yyconst flex_int16_t yy_def[44] = { 0, 37, 1, 38, 38, 37, 37, 37, 39, 40, 41, 37, 42, 41, 43, 37, 37, 39, 37, 39, 40, 37, 13, 41, 42, 42, 13, 43, 37, 37, 37, 13, 23, 13, 13, 13, 13, 0, 37, 37, 37, 37, 37, 37 } ; static yyconst flex_int16_t yy_nxt[134] = { 0, 6, 7, 7, 8, 9, 8, 6, 6, 6, 10, 6, 10, 11, 10, 12, 6, 6, 10, 10, 10, 13, 10, 10, 10, 6, 15, 6, 15, 6, 16, 16, 18, 21, 18, 21, 18, 23, 18, 23, 16, 16, 29, 30, 19, 29, 37, 22, 19, 31, 37, 26, 37, 23, 22, 28, 17, 17, 32, 29, 29, 25, 29, 29, 33, 22, 22, 34, 35, 25, 36, 22, 22, 22, 17, 14, 14, 14, 14, 14, 14, 17, 17, 17, 28, 25, 17, 20, 20, 37, 20, 20, 20, 22, 37, 22, 24, 24, 37, 24, 24, 24, 27, 37, 37, 27, 27, 27, 5, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37 } ; static yyconst flex_int16_t yy_chk[134] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 3, 3, 4, 4, 7, 7, 8, 10, 8, 13, 17, 10, 17, 13, 16, 16, 21, 21, 8, 21, 23, 36, 17, 26, 23, 13, 19, 32, 26, 28, 19, 19, 29, 29, 30, 25, 29, 30, 31, 31, 33, 33, 34, 24, 35, 22, 34, 35, 19, 38, 38, 38, 38, 38, 38, 39, 39, 39, 15, 12, 39, 40, 40, 5, 40, 40, 40, 41, 0, 41, 42, 42, 0, 42, 42, 42, 43, 0, 0, 43, 43, 43, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37 } ; static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; extern int yy_flex_debug; int yy_flex_debug = 0; /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ #define REJECT reject_used_but_not_detected #define yymore() yymore_used_but_not_detected #define YY_MORE_ADJ 0 #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "config-parser.lex.l" /* ** Copyright (C) 2008-2009 INL ** Written by Sebastien Tricaud ** Pierre Chifflier ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 2 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #line 26 "config-parser.lex.l" #include #include #include #include #include "config-parser.yacc.h" /* C declarations */ extern char *path; extern char *filename; static char *realfile; /* For handling the 'include' directive*/ #define MAX_INCLUDE_DEPTH 10 YY_BUFFER_STATE includes[MAX_INCLUDE_DEPTH]; char *filenames[MAX_INCLUDE_DEPTH]; int includes_index = 0; static char *escape_str(char *str) { size_t w = 0, i = 0; int escape_next = 1; for ( i = 0; str[i]; i++ ) { if ( ! escape_next && str[i] == '\\' ) { escape_next = 0; continue; } str[w++] = str[i]; escape_next = 1; } str[w] = 0; return str; } char* str_prepend(char *str, char *prepend) { size_t strsize; char *new; if ( (!str) || (!prepend) ) { return NULL; } strsize = strlen(str) + strlen(prepend) + 1; new = malloc(strsize); if ( ! new ) { errno = ENOMEM; return NULL; } snprintf(new, strsize, "%s%s", prepend, str); return new; } static int can_append_path(char *str) { if ((str[0] == '/') || ((str[0] == '.') && (str[1] == '.'))) { return 0; } return 1; } #line 597 "config-parser.lex.c" #define INITIAL 0 #define incl 1 #ifndef YY_NO_UNISTD_H /* Special case for "unistd.h", since it is non-ANSI. We include it way * down here because we want the user's section 1 to have been scanned first. * The user has a chance to override it with an option. */ #include #endif #ifndef YY_EXTRA_TYPE #define YY_EXTRA_TYPE void * #endif static int yy_init_globals (void ); /* Accessor methods to globals. These are made visible to non-reentrant scanners for convenience. */ int yylex_destroy (void ); int yyget_debug (void ); void yyset_debug (int debug_flag ); YY_EXTRA_TYPE yyget_extra (void ); void yyset_extra (YY_EXTRA_TYPE user_defined ); FILE *yyget_in (void ); void yyset_in (FILE * in_str ); FILE *yyget_out (void ); void yyset_out (FILE * out_str ); int yyget_leng (void ); char *yyget_text (void ); int yyget_lineno (void ); void yyset_lineno (int line_number ); YYSTYPE * yyget_lval (void ); void yyset_lval (YYSTYPE * yylval_param ); YYLTYPE *yyget_lloc (void ); void yyset_lloc (YYLTYPE * yylloc_param ); /* Macros after this point can all be overridden by user definitions in * section 1. */ #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus extern "C" int yywrap (void ); #else extern int yywrap (void ); #endif #endif static void yyunput (int c,char *buf_ptr ); #ifndef yytext_ptr static void yy_flex_strncpy (char *,yyconst char *,int ); #endif #ifdef YY_NEED_STRLEN static int yy_flex_strlen (yyconst char * ); #endif #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput (void ); #else static int input (void ); #endif #endif /* Amount of stuff to slurp up with each read. */ #ifndef YY_READ_BUF_SIZE #ifdef __ia64__ /* On IA-64, the buffer size is 16k, not 8k */ #define YY_READ_BUF_SIZE 16384 #else #define YY_READ_BUF_SIZE 8192 #endif /* __ia64__ */ #endif /* Copy whatever the last rule matched to the standard output. */ #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ #define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0) #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, * is returned in "result". */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ int c = '*'; \ size_t n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ if ( c == '\n' ) \ buf[n++] = (char) c; \ if ( c == EOF && ferror( yyin ) ) \ YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ else \ { \ errno=0; \ while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ { \ if( errno != EINTR) \ { \ YY_FATAL_ERROR( "input in flex scanner failed" ); \ break; \ } \ errno=0; \ clearerr(yyin); \ } \ }\ \ #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - * we don't want an extra ';' after the "return" because that will cause * some compilers to complain about unreachable statements. */ #ifndef yyterminate #define yyterminate() return YY_NULL #endif /* Number of entries by which start-condition stack grows. */ #ifndef YY_START_STACK_INCR #define YY_START_STACK_INCR 25 #endif /* Report a fatal error. */ #ifndef YY_FATAL_ERROR #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif /* end tables serialization structures and prototypes */ /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL #define YY_DECL_IS_OURS 1 extern int yylex \ (YYSTYPE * yylval_param,YYLTYPE * yylloc_param ); #define YY_DECL int yylex \ (YYSTYPE * yylval_param, YYLTYPE * yylloc_param ) #endif /* !YY_DECL */ /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. */ #ifndef YY_USER_ACTION #define YY_USER_ACTION #endif /* Code executed at the end of each rule. */ #ifndef YY_BREAK #define YY_BREAK break; #endif #define YY_RULE_SETUP \ YY_USER_ACTION /** The main scanner function which does all the work. */ YY_DECL { register yy_state_type yy_current_state; register char *yy_cp, *yy_bp; register int yy_act; YYSTYPE * yylval; YYLTYPE * yylloc; #line 114 "config-parser.lex.l" #line 802 "config-parser.lex.c" yylval = yylval_param; yylloc = yylloc_param; if ( !(yy_init) ) { (yy_init) = 1; #ifdef YY_USER_INIT YY_USER_INIT; #endif if ( ! (yy_start) ) (yy_start) = 1; /* first start state */ if ( ! yyin ) yyin = stdin; if ( ! yyout ) yyout = stdout; if ( ! YY_CURRENT_BUFFER ) { yyensure_buffer_stack (); YY_CURRENT_BUFFER_LVALUE = yy_create_buffer(yyin,YY_BUF_SIZE ); } yy_load_buffer_state( ); } while ( 1 ) /* loops until end-of-file is reached */ { yy_cp = (yy_c_buf_p); /* Support of yytext. */ *yy_cp = (yy_hold_char); /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; yy_current_state = (yy_start); yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 38 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; ++yy_cp; } while ( yy_base[yy_current_state] != 108 ); yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ yy_cp = (yy_last_accepting_cpos); yy_current_state = (yy_last_accepting_state); yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; do_action: /* This label is used only to access EOF actions. */ switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ *yy_cp = (yy_hold_char); yy_cp = (yy_last_accepting_cpos); yy_current_state = (yy_last_accepting_state); goto yy_find_action; case 1: YY_RULE_SETUP #line 116 "config-parser.lex.l" { BEGIN(incl); } YY_BREAK case 2: YY_RULE_SETUP #line 118 "config-parser.lex.l" { yylval->string = strdup(yytext); return TOK_WORD; } YY_BREAK case 3: YY_RULE_SETUP #line 123 "config-parser.lex.l" { return TOK_EQUAL; } YY_BREAK case 4: YY_RULE_SETUP #line 125 "config-parser.lex.l" { yylval->string = escape_str(strndup(yytext + 1, yyleng - 2)); return TOK_SECTION; } YY_BREAK case 5: /* rule 5 can match eol */ YY_RULE_SETUP #line 130 "config-parser.lex.l" { yylval->string = escape_str(strndup(yytext + 1, yyleng - 2)); return TOK_STRING; } YY_BREAK case 6: YY_RULE_SETUP #line 135 "config-parser.lex.l" { } YY_BREAK case 7: /* rule 7 can match eol */ YY_RULE_SETUP #line 137 "config-parser.lex.l" { /* We don't care */ } YY_BREAK case 8: YY_RULE_SETUP #line 142 "config-parser.lex.l" /* eat the whitespace */ YY_BREAK case 9: YY_RULE_SETUP #line 143 "config-parser.lex.l" { /* got the include file name */ if (includes_index >= MAX_INCLUDE_DEPTH) { YY_FATAL_ERROR("Includes nested too deeply"); exit(1); } filename = escape_str(strndup(yytext + 1, yyleng - 2)); filenames[includes_index] = filename; includes[includes_index++] = YY_CURRENT_BUFFER; if (can_append_path(filename)) { realfile = str_prepend(filename, path); } else { realfile = strdup(filename); } yyin = fopen(realfile, "r"); if (!yyin) { printf("Can not open %s\n", realfile); exit(1); } free(realfile); free(filename); yy_switch_to_buffer(yy_create_buffer(yyin,YY_BUF_SIZE)); BEGIN(INITIAL); } YY_BREAK case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(incl): #line 172 "config-parser.lex.l" { if (--includes_index < 0) yyterminate(); else { free(filenames[includes_index + 1]); filename = filenames[includes_index]; yy_delete_buffer(YY_CURRENT_BUFFER); yy_switch_to_buffer(includes[includes_index]); } } YY_BREAK case 10: YY_RULE_SETUP #line 183 "config-parser.lex.l" ECHO; YY_BREAK #line 994 "config-parser.lex.c" case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ *yy_cp = (yy_hold_char); YY_RESTORE_YY_MORE_OFFSET if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure * consistency between YY_CURRENT_BUFFER and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position * of the first EOB in the buffer, since yy_c_buf_p will * already have been incremented past the NUL character * (since all states make transitions on EOB to the * end-of-buffer state). Contrast this with the test * in input(). */ if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) { /* This was really a NUL. */ yy_state_type yy_next_state; (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state( ); /* Okay, we're now positioned to make the NUL * transition. We couldn't have * yy_get_previous_state() go ahead and do it * for us because it doesn't know how to deal * with the possibility of jamming (and we don't * want to build jamming into it because then it * will run more slowly). */ yy_next_state = yy_try_NUL_trans( yy_current_state ); yy_bp = (yytext_ptr) + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ yy_cp = ++(yy_c_buf_p); yy_current_state = yy_next_state; goto yy_match; } else { yy_cp = (yy_c_buf_p); goto yy_find_action; } } else switch ( yy_get_next_buffer( ) ) { case EOB_ACT_END_OF_FILE: { (yy_did_buffer_switch_on_eof) = 0; if ( yywrap( ) ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up * yytext, we can now set up * yy_c_buf_p so that if some total * hoser (like flex itself) wants to * call the scanner after we return the * YY_NULL, it'll still work - another * YY_NULL will get returned. */ (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; } else { if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state( ); yy_cp = (yy_c_buf_p); yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: (yy_c_buf_p) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; yy_current_state = yy_get_previous_state( ); yy_cp = (yy_c_buf_p); yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_find_action; } break; } default: YY_FATAL_ERROR( "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ } /* end of yylex */ /* yy_get_next_buffer - try to read in a new buffer * * Returns a code representing an action: * EOB_ACT_LAST_MATCH - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ static int yy_get_next_buffer (void) { register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; register char *source = (yytext_ptr); register int number_to_move, i; int ret_val; if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. */ return EOB_ACT_END_OF_FILE; } else { /* We matched some text prior to the EOB, first * process it. */ return EOB_ACT_LAST_MATCH; } } /* Try to read more data. */ /* First move last chars to start of buffer. */ number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; else { int num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ /* just a shorter name for the current buffer */ YY_BUFFER_STATE b = YY_CURRENT_BUFFER; int yy_c_buf_p_offset = (int) ((yy_c_buf_p) - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { int new_size = b->yy_buf_size * 2; if ( new_size <= 0 ) b->yy_buf_size += b->yy_buf_size / 8; else b->yy_buf_size *= 2; b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ b->yy_ch_buf = 0; if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), (yy_n_chars), (size_t) num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } if ( (yy_n_chars) == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; yyrestart(yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } else ret_val = EOB_ACT_CONTINUE_SCAN; if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { /* Extend the array by 50%, plus the number we really need. */ yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ); if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); } (yy_n_chars) += number_to_move; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; return ret_val; } /* yy_get_previous_state - get the state just before the EOB char was reached */ static yy_state_type yy_get_previous_state (void) { register yy_state_type yy_current_state; register char *yy_cp; yy_current_state = (yy_start); for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 38 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; } return yy_current_state; } /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) { register int yy_is_jam; register char *yy_cp = (yy_c_buf_p); register YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 38 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; yy_is_jam = (yy_current_state == 37); return yy_is_jam ? 0 : yy_current_state; } static void yyunput (int c, register char * yy_bp ) { register char *yy_cp; yy_cp = (yy_c_buf_p); /* undo effects of setting up yytext */ *yy_cp = (yy_hold_char); if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ register int number_to_move = (yy_n_chars) + 2; register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; register char *source = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; (yytext_ptr) = yy_bp; (yy_hold_char) = *yy_cp; (yy_c_buf_p) = yy_cp; } #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput (void) #else static int input (void) #endif { int c; *(yy_c_buf_p) = (yy_hold_char); if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) /* This was really a NUL. */ *(yy_c_buf_p) = '\0'; else { /* need more input */ int offset = (yy_c_buf_p) - (yytext_ptr); ++(yy_c_buf_p); switch ( yy_get_next_buffer( ) ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() * sees that we've accumulated a * token and flags that we need to * try matching the token before * proceeding. But for input(), * there's no matching to consider. * So convert the EOB_ACT_LAST_MATCH * to EOB_ACT_END_OF_FILE. */ /* Reset buffer status. */ yyrestart(yyin ); /*FALLTHROUGH*/ case EOB_ACT_END_OF_FILE: { if ( yywrap( ) ) return EOF; if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); #else return input(); #endif } case EOB_ACT_CONTINUE_SCAN: (yy_c_buf_p) = (yytext_ptr) + offset; break; } } } c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ *(yy_c_buf_p) = '\0'; /* preserve yytext */ (yy_hold_char) = *++(yy_c_buf_p); return c; } #endif /* ifndef YY_NO_INPUT */ /** Immediately switch to a different input stream. * @param input_file A readable stream. * * @note This function does not reset the start condition to @c INITIAL . */ void yyrestart (FILE * input_file ) { if ( ! YY_CURRENT_BUFFER ){ yyensure_buffer_stack (); YY_CURRENT_BUFFER_LVALUE = yy_create_buffer(yyin,YY_BUF_SIZE ); } yy_init_buffer(YY_CURRENT_BUFFER,input_file ); yy_load_buffer_state( ); } /** Switch to a different input buffer. * @param new_buffer The new input buffer. * */ void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) { /* TODO. We should be able to replace this entire function body * with * yypop_buffer_state(); * yypush_buffer_state(new_buffer); */ yyensure_buffer_stack (); if ( YY_CURRENT_BUFFER == new_buffer ) return; if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ *(yy_c_buf_p) = (yy_hold_char); YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } YY_CURRENT_BUFFER_LVALUE = new_buffer; yy_load_buffer_state( ); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ (yy_did_buffer_switch_on_eof) = 1; } static void yy_load_buffer_state (void) { (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; (yy_hold_char) = *(yy_c_buf_p); } /** Allocate and initialize an input buffer state. * @param file A readable stream. * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. * * @return the allocated buffer state. */ YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) { YY_BUFFER_STATE b; b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_buf_size = size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; yy_init_buffer(b,file ); return b; } /** Destroy the buffer. * @param b a buffer created with yy_create_buffer() * */ void yy_delete_buffer (YY_BUFFER_STATE b ) { if ( ! b ) return; if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) yyfree((void *) b->yy_ch_buf ); yyfree((void *) b ); } #ifndef __cplusplus extern int isatty (int ); #endif /* __cplusplus */ /* Initializes or reinitializes a buffer. * This function is sometimes called more than once on the same buffer, * such as during a yyrestart() or at EOF. */ static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) { int oerrno = errno; yy_flush_buffer(b ); b->yy_input_file = file; b->yy_fill_buffer = 1; /* If b is the current buffer, then yy_init_buffer was _probably_ * called from yyrestart() or through yy_get_next_buffer. * In that case, we don't want to reset the lineno or column. */ if (b != YY_CURRENT_BUFFER){ b->yy_bs_lineno = 1; b->yy_bs_column = 0; } b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; errno = oerrno; } /** Discard all buffered characters. On the next scan, YY_INPUT will be called. * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. * */ void yy_flush_buffer (YY_BUFFER_STATE b ) { if ( ! b ) return; b->yy_n_chars = 0; /* We always need two end-of-buffer characters. The first causes * a transition to the end-of-buffer state. The second causes * a jam in that state. */ b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; b->yy_buf_pos = &b->yy_ch_buf[0]; b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; if ( b == YY_CURRENT_BUFFER ) yy_load_buffer_state( ); } /** Pushes the new state onto the stack. The new state becomes * the current state. This function will allocate the stack * if necessary. * @param new_buffer The new state. * */ void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) { if (new_buffer == NULL) return; yyensure_buffer_stack(); /* This block is copied from yy_switch_to_buffer. */ if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ *(yy_c_buf_p) = (yy_hold_char); YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } /* Only push if top exists. Otherwise, replace top. */ if (YY_CURRENT_BUFFER) (yy_buffer_stack_top)++; YY_CURRENT_BUFFER_LVALUE = new_buffer; /* copied from yy_switch_to_buffer. */ yy_load_buffer_state( ); (yy_did_buffer_switch_on_eof) = 1; } /** Removes and deletes the top of the stack, if present. * The next element becomes the new top. * */ void yypop_buffer_state (void) { if (!YY_CURRENT_BUFFER) return; yy_delete_buffer(YY_CURRENT_BUFFER ); YY_CURRENT_BUFFER_LVALUE = NULL; if ((yy_buffer_stack_top) > 0) --(yy_buffer_stack_top); if (YY_CURRENT_BUFFER) { yy_load_buffer_state( ); (yy_did_buffer_switch_on_eof) = 1; } } /* Allocates the stack if it does not exist. * Guarantees space for at least one push. */ static void yyensure_buffer_stack (void) { int num_to_alloc; if (!(yy_buffer_stack)) { /* First allocation is just for 2 elements, since we don't know if this * scanner will even need a stack. We use 2 instead of 1 to avoid an * immediate realloc on the next call. */ num_to_alloc = 1; (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc (num_to_alloc * sizeof(struct yy_buffer_state*) ); if ( ! (yy_buffer_stack) ) YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); (yy_buffer_stack_max) = num_to_alloc; (yy_buffer_stack_top) = 0; return; } if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ /* Increase the buffer to prepare for a possible push. */ int grow_size = 8 /* arbitrary grow size */; num_to_alloc = (yy_buffer_stack_max) + grow_size; (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc ((yy_buffer_stack), num_to_alloc * sizeof(struct yy_buffer_state*) ); if ( ! (yy_buffer_stack) ) YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); /* zero only the new slots.*/ memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); (yy_buffer_stack_max) = num_to_alloc; } } /** Setup the input buffer state to scan directly from a user-specified character buffer. * @param base the character buffer * @param size the size in bytes of the character buffer * * @return the newly allocated buffer state object. */ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) { YY_BUFFER_STATE b; if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ b->yy_buf_pos = b->yy_ch_buf = base; b->yy_is_our_buffer = 0; b->yy_input_file = 0; b->yy_n_chars = b->yy_buf_size; b->yy_is_interactive = 0; b->yy_at_bol = 1; b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; yy_switch_to_buffer(b ); return b; } /** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. * @param yystr a NUL-terminated string to scan * * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use * yy_scan_bytes() instead. */ YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) { return yy_scan_bytes(yystr,strlen(yystr) ); } /** Setup the input buffer state to scan the given bytes. The next call to yylex() will * scan from a @e copy of @a bytes. * @param yybytes the byte buffer to scan * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. * * @return the newly allocated buffer state object. */ YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) { YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; /* Get memory for full buffer, including space for trailing EOB's. */ n = _yybytes_len + 2; buf = (char *) yyalloc(n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); for ( i = 0; i < _yybytes_len; ++i ) buf[i] = yybytes[i]; buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; b = yy_scan_buffer(buf,n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); /* It's okay to grow etc. this buffer, and we should throw it * away when we're done. */ b->yy_is_our_buffer = 1; return b; } #ifndef YY_EXIT_FAILURE #define YY_EXIT_FAILURE 2 #endif static void yy_fatal_error (yyconst char* msg ) { (void) fprintf( stderr, "%s\n", msg ); exit( YY_EXIT_FAILURE ); } /* Redefine yyless() so it works in section 3 code. */ #undef yyless #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ int yyless_macro_arg = (n); \ YY_LESS_LINENO(yyless_macro_arg);\ yytext[yyleng] = (yy_hold_char); \ (yy_c_buf_p) = yytext + yyless_macro_arg; \ (yy_hold_char) = *(yy_c_buf_p); \ *(yy_c_buf_p) = '\0'; \ yyleng = yyless_macro_arg; \ } \ while ( 0 ) /* Accessor methods (get/set functions) to struct members. */ /** Get the current line number. * */ int yyget_lineno (void) { return yylineno; } /** Get the input stream. * */ FILE *yyget_in (void) { return yyin; } /** Get the output stream. * */ FILE *yyget_out (void) { return yyout; } /** Get the length of the current token. * */ int yyget_leng (void) { return yyleng; } /** Get the current token. * */ char *yyget_text (void) { return yytext; } /** Set the current line number. * @param line_number * */ void yyset_lineno (int line_number ) { yylineno = line_number; } /** Set the input stream. This does not discard the current * input buffer. * @param in_str A readable stream. * * @see yy_switch_to_buffer */ void yyset_in (FILE * in_str ) { yyin = in_str ; } void yyset_out (FILE * out_str ) { yyout = out_str ; } int yyget_debug (void) { return yy_flex_debug; } void yyset_debug (int bdebug ) { yy_flex_debug = bdebug ; } static int yy_init_globals (void) { /* Initialization is the same as for the non-reentrant scanner. * This function is called from yylex_destroy(), so don't allocate here. */ (yy_buffer_stack) = 0; (yy_buffer_stack_top) = 0; (yy_buffer_stack_max) = 0; (yy_c_buf_p) = (char *) 0; (yy_init) = 0; (yy_start) = 0; /* Defined in main.c */ #ifdef YY_STDINIT yyin = stdin; yyout = stdout; #else yyin = (FILE *) 0; yyout = (FILE *) 0; #endif /* For future reference: Set errno on error, since we are called by * yylex_init() */ return 0; } /* yylex_destroy is for both reentrant and non-reentrant scanners. */ int yylex_destroy (void) { /* Pop the buffer stack, destroying each element. */ while(YY_CURRENT_BUFFER){ yy_delete_buffer(YY_CURRENT_BUFFER ); YY_CURRENT_BUFFER_LVALUE = NULL; yypop_buffer_state(); } /* Destroy the stack itself. */ yyfree((yy_buffer_stack) ); (yy_buffer_stack) = NULL; /* Reset the globals. This is important in a non-reentrant scanner so the next time * yylex() is called, initialization will occur. */ yy_init_globals( ); return 0; } /* * Internal utility routines. */ #ifndef yytext_ptr static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) { register int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; } #endif #ifdef YY_NEED_STRLEN static int yy_flex_strlen (yyconst char * s ) { register int n; for ( n = 0; s[n]; ++n ) ; return n; } #endif void *yyalloc (yy_size_t size ) { return (void *) malloc( size ); } void *yyrealloc (void * ptr, yy_size_t size ) { /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter * because both ANSI C and C++ allow castless assignment from * any pointer type to void*, and deal with argument conversions * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); } void yyfree (void * ptr ) { free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ } #define YYTABLES_NAME "yytables" #line 183 "config-parser.lex.l" /* remove unused functions */ typedef void (*dummy_function) (); dummy_function nubase_unused[] = { (dummy_function) input, (dummy_function) yyunput }; int yywrap(void) { /* If supporting multiple files, update yyin here. */ return 1; } nufw-2.4.3/src/libs/nuconfparser/Makefile.in0000644000175000017500000004543211431215400015711 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ check_PROGRAMS = t_conf1$(EXEEXT) t_conf2$(EXEEXT) t_conf3$(EXEEXT) TESTS = $(check_PROGRAMS) subdir = src/libs/nuconfparser DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ config-parser.lex.c config-parser.yacc.c config-parser.yacc.h ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = LTLIBRARIES = $(noinst_LTLIBRARIES) libnuconfparser_la_LIBADD = am_libnuconfparser_la_OBJECTS = config-parser.yacc.lo \ config-parser.lex.lo libnuconfparser_la_OBJECTS = $(am_libnuconfparser_la_OBJECTS) am_t_conf1_OBJECTS = t_conf1.$(OBJEXT) t_conf1_OBJECTS = $(am_t_conf1_OBJECTS) t_conf1_DEPENDENCIES = libnuconfparser.la ../nubase/libnubase.la am_t_conf2_OBJECTS = t_conf2.$(OBJEXT) t_conf2_OBJECTS = $(am_t_conf2_OBJECTS) t_conf2_DEPENDENCIES = libnuconfparser.la ../nubase/libnubase.la am_t_conf3_OBJECTS = t_conf3.$(OBJEXT) t_conf3_OBJECTS = $(am_t_conf3_OBJECTS) t_conf3_DEPENDENCIES = libnuconfparser.la ../nubase/libnubase.la DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS) LTLEXCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS) YLWRAP = $(top_srcdir)/ylwrap YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS) LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS) SOURCES = $(libnuconfparser_la_SOURCES) $(t_conf1_SOURCES) \ $(t_conf2_SOURCES) $(t_conf3_SOURCES) DIST_SOURCES = $(libnuconfparser_la_SOURCES) $(t_conf1_SOURCES) \ $(t_conf2_SOURCES) $(t_conf3_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ noinst_LTLIBRARIES = libnuconfparser.la EXTRA_DIST = config-parser.h t1.conf t1_included.conf AM_CPPFLAGS = -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase BUILT_SOURCES = config-parser.yacc.h AM_YFLAGS = -d libnuconfparser_la_SOURCES = \ config-parser.yacc.y \ config-parser.lex.l t_conf1_SOURCES = t_conf1.c t_conf1_LDADD = libnuconfparser.la ../nubase/libnubase.la t_conf2_SOURCES = t_conf2.c t_conf2_LDADD = libnuconfparser.la ../nubase/libnubase.la t_conf3_SOURCES = t_conf3.c t_conf3_LDADD = libnuconfparser.la ../nubase/libnubase.la all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am .SUFFIXES: .SUFFIXES: .c .l .lo .o .obj .y $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libs/nuconfparser/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libs/nuconfparser/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh clean-noinstLTLIBRARIES: -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done config-parser.yacc.h: config-parser.yacc.c @if test ! -f $@; then \ rm -f config-parser.yacc.c; \ $(MAKE) $(AM_MAKEFLAGS) config-parser.yacc.c; \ else :; fi libnuconfparser.la: $(libnuconfparser_la_OBJECTS) $(libnuconfparser_la_DEPENDENCIES) $(LINK) $(libnuconfparser_la_OBJECTS) $(libnuconfparser_la_LIBADD) $(LIBS) clean-checkPROGRAMS: @list='$(check_PROGRAMS)'; for p in $$list; do \ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ echo " rm -f $$p $$f"; \ rm -f $$p $$f ; \ done t_conf1$(EXEEXT): $(t_conf1_OBJECTS) $(t_conf1_DEPENDENCIES) @rm -f t_conf1$(EXEEXT) $(LINK) $(t_conf1_OBJECTS) $(t_conf1_LDADD) $(LIBS) t_conf2$(EXEEXT): $(t_conf2_OBJECTS) $(t_conf2_DEPENDENCIES) @rm -f t_conf2$(EXEEXT) $(LINK) $(t_conf2_OBJECTS) $(t_conf2_LDADD) $(LIBS) t_conf3$(EXEEXT): $(t_conf3_OBJECTS) $(t_conf3_DEPENDENCIES) @rm -f t_conf3$(EXEEXT) $(LINK) $(t_conf3_OBJECTS) $(t_conf3_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/config-parser.lex.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/config-parser.yacc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_conf1.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_conf2.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_conf3.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< .l.c: $(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE) .y.c: $(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE) mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *$$ws$$tst$$ws*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ echo "XPASS: $$tst"; \ ;; \ *) \ echo "PASS: $$tst"; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *$$ws$$tst$$ws*) \ xfail=`expr $$xfail + 1`; \ echo "XFAIL: $$tst"; \ ;; \ *) \ failed=`expr $$failed + 1`; \ echo "FAIL: $$tst"; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ echo "SKIP: $$tst"; \ fi; \ done; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="All $$all tests passed"; \ else \ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all tests failed"; \ else \ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ skipped="($$skip tests were not run)"; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ echo "$$dashes"; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) check-am all-am: Makefile $(LTLIBRARIES) installdirs: install: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -rm -f config-parser.lex.c -rm -f config-parser.yacc.c -rm -f config-parser.yacc.h -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) clean: clean-am clean-am: clean-checkPROGRAMS clean-generic clean-libtool \ clean-noinstLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-checkPROGRAMS clean-generic clean-libtool \ clean-noinstLTLIBRARIES ctags distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/src/libs/nuconfparser/config-parser.lex.l0000644000175000017500000000763011431206275017357 00000000000000/* ** Copyright (C) 2008-2009 INL ** Written by Sebastien Tricaud ** Pierre Chifflier ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 2 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ %x incl %{ #include #include #include #include #include "config-parser.yacc.h" /* C declarations */ extern char *path; extern char *filename; static char *realfile; /* For handling the 'include' directive*/ #define MAX_INCLUDE_DEPTH 10 YY_BUFFER_STATE includes[MAX_INCLUDE_DEPTH]; char *filenames[MAX_INCLUDE_DEPTH]; int includes_index = 0; static char *escape_str(char *str) { size_t w = 0, i = 0; int escape_next = 1; for ( i = 0; str[i]; i++ ) { if ( ! escape_next && str[i] == '\\' ) { escape_next = 0; continue; } str[w++] = str[i]; escape_next = 1; } str[w] = 0; return str; } char* str_prepend(char *str, char *prepend) { size_t strsize; char *new; if ( (!str) || (!prepend) ) { return NULL; } strsize = strlen(str) + strlen(prepend) + 1; new = malloc(strsize); if ( ! new ) { errno = ENOMEM; return NULL; } snprintf(new, strsize, "%s%s", prepend, str); return new; } static int can_append_path(char *str) { if ((str[0] == '/') || ((str[0] == '.') && (str[1] == '.'))) { return 0; } return 1; } %} SECTION \[.*\] SQSTRING \'([^\\\']|\\.)*\' DQSTRING \"([^\\\"]|\\.)*\" STRING (\"|\')([^\\(\"|\')]|\\.)*(\"|\') INCLUDE include WORD ([a-zA-Z0-9_\-]+(\(\-?[0-9\*]+\))?\.?)+ EQUAL \= VOID [ \t\n]+ %option bison-bridge bison-locations %% {INCLUDE} { BEGIN(incl); } {WORD} { yylval->string = strdup(yytext); return TOK_WORD; } {EQUAL} { return TOK_EQUAL; } {SECTION} { yylval->string = escape_str(strndup(yytext + 1, yyleng - 2)); return TOK_SECTION; } {STRING} { yylval->string = escape_str(strndup(yytext + 1, yyleng - 2)); return TOK_STRING; } "#"[^\n]* { } {VOID} { /* We don't care */ } [ \t]* /* eat the whitespace */ [^ \t\n]+ { /* got the include file name */ if (includes_index >= MAX_INCLUDE_DEPTH) { YY_FATAL_ERROR("Includes nested too deeply"); exit(1); } filename = escape_str(strndup(yytext + 1, yyleng - 2)); filenames[includes_index] = filename; includes[includes_index++] = YY_CURRENT_BUFFER; if (can_append_path(filename)) { realfile = str_prepend(filename, path); } else { realfile = strdup(filename); } yyin = fopen(realfile, "r"); if (!yyin) { printf("Can not open %s\n", realfile); exit(1); } free(realfile); free(filename); yy_switch_to_buffer(yy_create_buffer(yyin, YY_BUF_SIZE)); BEGIN(INITIAL); } <> { if (--includes_index < 0) yyterminate(); else { free(filenames[includes_index + 1]); filename = filenames[includes_index]; yy_delete_buffer(YY_CURRENT_BUFFER); yy_switch_to_buffer(includes[includes_index]); } } %% /* remove unused functions */ typedef void (*dummy_function) (); dummy_function nubase_unused[] = { (dummy_function) input, (dummy_function) yyunput }; int yywrap(void) { /* If supporting multiple files, update yyin here. */ return 1; } nufw-2.4.3/src/libs/nuconfparser/t_conf3.c0000644000175000017500000000157111431206275015351 00000000000000#include #include #include #include "config-parser.h" #include "config-table.h" int assert_conf_vars(struct llist_head *l) { char *var_str; /* var_redefined => "second" */ var_str = nubase_config_table_get(l, "var_redefined"); if (var_str == NULL || strcmp(var_str,"second") != 0) { fprintf(stderr, "Failed test: nubase_config_table_get(l, \"var_redefined\")\n"); fprintf(stderr, " var is '%s'\n", var_str); return 1; } return 0; } int main(int argc, char **argv) { struct llist_head *l; char * srcdir; char conffile[1024]; #ifdef YYDEBUG extern int yydebug; #endif srcdir = getenv("srcdir"); if (srcdir == NULL) exit(1); sprintf(conffile, "%s/%s", srcdir, "t1.conf"); #ifdef YYDEBUG yydebug = 1; #endif l = parse_configuration(conffile); if (l == NULL) exit(1); if (assert_conf_vars(l) != 0) exit(1); exit(0); } nufw-2.4.3/src/libs/nuconfparser/config-parser.h0000644000175000017500000000154611431206275016564 00000000000000/* ** Copyright (C) 2008 INL ** Written by Sebastien Tricaud ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ struct llist_head * parse_configuration(const char *config); nufw-2.4.3/src/libs/nuconfparser/t_conf2.c0000644000175000017500000000225111431206275015344 00000000000000#include #include #include #include "config-parser.h" #include "config-table.h" int assert_conf_vars(struct llist_head *l) { char *var_str; /* section/var_in_section => "str" */ var_str = nubase_config_table_get(l, "section/var_in_section"); if (var_str == NULL || strcmp(var_str,"str") != 0) { fprintf(stderr, "Failed test: nubase_config_table_get(l, \"section/var_in_section\")\n"); fprintf(stderr, " var is '%s'\n", var_str); return 1; } /* var_global => "global" */ var_str = nubase_config_table_get(l, "var_global"); if (var_str == NULL || strcmp(var_str,"global") != 0) { fprintf(stderr, "Failed test: nubase_config_table_get(l, \"var_global\")\n"); fprintf(stderr, " var is '%s'\n", var_str); return 1; } return 0; } int main(int argc, char **argv) { struct llist_head *l; char * srcdir; char conffile[1024]; #ifdef YYDEBUG extern int yydebug; #endif srcdir = getenv("srcdir"); if (srcdir == NULL) exit(1); sprintf(conffile, "%s/%s", srcdir, "t1.conf"); #ifdef YYDEBUG yydebug = 1; #endif l = parse_configuration(conffile); if (l == NULL) exit(1); if (assert_conf_vars(l) != 0) exit(1); exit(0); } nufw-2.4.3/src/libs/nuconfparser/config-parser.yacc.y0000644000175000017500000001000311431206275017507 00000000000000/* ** Copyright (C) 2008-2009 INL ** Written by Sebastien Tricaud ** Pierre Chifflier ** INL http://www.inl.fr/ ** ** $Id$ ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation, version 3 of the License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ %{ #include #include #include #define YYDEBUG 0 #define YYERROR_VERBOSE extern FILE *yyin; const char *filename; char *path; typedef struct config_arg_t { struct llist_head* parsed_config; char *current_section; } config_arg_t; /* Pass the argument to yyparse through to yylex. */ #define YYLEX_PARAM config_arg %} %token TOK_EQUAL %token TOK_WORD %token TOK_SECTION %token TOK_STRING %union { char *string; int number; } %debug %destructor { free ($$); } TOK_WORD TOK_SECTION %locations %pure_parser %parse-param { struct config_arg_t* config_arg } %{ #if YYDEBUG static void print_token_value (FILE *, int, YYSTYPE); # define YYPRINT(file, type, value) print_token_value (file, type, value) #endif /* this must come after bison macros, since we need these types to be defined */ int yylex(YYSTYPE* lvalp, YYLTYPE* llocp, struct config_arg_t* config_arg); void yyerror(YYLTYPE* locp, struct config_arg_t *config_arg, const char* err); %} %% config: /* empty */ | config section | config key_value ; section: TOK_SECTION { if (config_arg->current_section) free(config_arg->current_section); config_arg->current_section = $1; } ; key_value: TOK_WORD TOK_EQUAL TOK_WORD { nubase_config_table_set_with_section(config_arg->parsed_config, config_arg->current_section, $1, $3); free($1); free($3); } | TOK_WORD TOK_EQUAL TOK_STRING { nubase_config_table_set_with_section(config_arg->parsed_config, config_arg->current_section, $1, $3); free($1); free($3); } ; %% void yyerror(YYLTYPE* locp, struct config_arg_t *config_arg, const char* err) { fprintf(stderr, "YYERROR:%s\n", err); } struct llist_head * parse_configuration(const char *config) { struct llist_head * config_table_list; struct config_arg_t config_argument; path = str_extract_until(config, '/'); filename = config; yyin = fopen(config, "r"); if ( ! yyin ) { fprintf(stderr, "Cannot open file %s.\n", config); return NULL; } config_table_list = malloc(sizeof(*config_table_list)); INIT_LLIST_HEAD( config_table_list ); config_argument.parsed_config = config_table_list; config_argument.current_section = NULL; yyparse(&config_argument); if (config_argument.current_section) free(config_argument.current_section); return config_table_list; } #if YYDEBUG static void print_token_value (FILE *file, int type, YYSTYPE value) { if (type == TOK_STRING) fprintf (file, "s %s", value.string); else if (type == TOK_WORD) fprintf (file, "w %s", value.string); else if (type == TOK_SECTION) fprintf (file, "section %s", value.string); else if (type == TOK_EQUAL) fprintf (file, "= %s", value.string); else fprintf (file, "unk %s", value.string); } #endif #ifdef _UNIT_TEST_ /* gcc config-parser.lex.c config-parser.yacc.c -o config-parser -D_UNIT_TEST_ -ly -lfl */ int main(void) { #if 0 FILE *fp; fp = fopen("../../../conf/nuauth.conf", "r"); if (!fp) { fprintf(stderr, "Cannot open ../../../conf/nuauth.conf"); return 1; } parse_configuration(fp, "../../../conf/nuauth.conf"); #endif parse_configuration("../../../conf/nuauth.conf"); return 0; } #endif nufw-2.4.3/src/libs/nuconfparser/t1_included.conf0000644000175000017500000000003211431206275016703 00000000000000 var_str_included = "str" nufw-2.4.3/src/libs/nuconfparser/Makefile.am0000644000175000017500000000117311431206275015704 00000000000000noinst_LTLIBRARIES = libnuconfparser.la EXTRA_DIST = config-parser.h t1.conf t1_included.conf AM_CPPFLAGS = -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/libs/nubase BUILT_SOURCES = config-parser.yacc.h AM_YFLAGS = -d libnuconfparser_la_SOURCES = \ config-parser.yacc.y \ config-parser.lex.l check_PROGRAMS = t_conf1 t_conf2 t_conf3 TESTS = ${check_PROGRAMS} t_conf1_SOURCES = t_conf1.c t_conf1_LDADD = libnuconfparser.la ../nubase/libnubase.la t_conf2_SOURCES = t_conf2.c t_conf2_LDADD = libnuconfparser.la ../nubase/libnubase.la t_conf3_SOURCES = t_conf3.c t_conf3_LDADD = libnuconfparser.la ../nubase/libnubase.la nufw-2.4.3/src/libs/nuconfparser/config-parser.yacc.c0000644000175000017500000013363211431206275017477 00000000000000 /* A Bison parser, made by GNU Bison 2.4.1. */ /* Skeleton implementation for Bison's Yacc-like parsers in C Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work under terms of your choice, so long as that work isn't itself a parser generator using the skeleton or a modified version thereof as a parser skeleton. Alternatively, if you modify or redistribute the parser skeleton itself, you may (at your option) remove this special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ /* C LALR(1) parser skeleton written by Richard Stallman, by simplifying the original so-called "semantic" parser. */ /* All symbols defined below should begin with yy or YY, to avoid infringing on user name space. This should be done even for local variables, as they might otherwise be expanded by user macros. There are some unavoidable exceptions within include files to define necessary library symbols; they are noted "INFRINGES ON USER NAME SPACE" below. */ /* Identify Bison output. */ #define YYBISON 1 /* Bison version. */ #define YYBISON_VERSION "2.4.1" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" /* Pure parsers. */ #define YYPURE 1 /* Push parsers. */ #define YYPUSH 0 /* Pull parsers. */ #define YYPULL 1 /* Using locations. */ #define YYLSP_NEEDED 1 /* Copy the first part of user declarations. */ /* Line 189 of yacc.c */ #line 22 "config-parser.yacc.y" #include #include #include #define YYDEBUG 0 #define YYERROR_VERBOSE extern FILE *yyin; const char *filename; char *path; typedef struct config_arg_t { struct llist_head* parsed_config; char *current_section; } config_arg_t; /* Pass the argument to yyparse through to yylex. */ #define YYLEX_PARAM config_arg /* Line 189 of yacc.c */ #line 96 "config-parser.yacc.c" /* Enabling traces. */ #ifndef YYDEBUG # define YYDEBUG 1 #endif /* Enabling verbose error messages. */ #ifdef YYERROR_VERBOSE # undef YYERROR_VERBOSE # define YYERROR_VERBOSE 1 #else # define YYERROR_VERBOSE 0 #endif /* Enabling the token table. */ #ifndef YYTOKEN_TABLE # define YYTOKEN_TABLE 0 #endif /* Tokens. */ #ifndef YYTOKENTYPE # define YYTOKENTYPE /* Put the tokens into the symbol table, so that GDB and other debuggers know about them. */ enum yytokentype { TOK_EQUAL = 258, TOK_WORD = 259, TOK_SECTION = 260, TOK_STRING = 261 }; #endif /* Tokens. */ #define TOK_EQUAL 258 #define TOK_WORD 259 #define TOK_SECTION 260 #define TOK_STRING 261 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE { /* Line 214 of yacc.c */ #line 49 "config-parser.yacc.y" char *string; int number; /* Line 214 of yacc.c */ #line 151 "config-parser.yacc.c" } YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 #endif #if ! defined YYLTYPE && ! defined YYLTYPE_IS_DECLARED typedef struct YYLTYPE { int first_line; int first_column; int last_line; int last_column; } YYLTYPE; # define yyltype YYLTYPE /* obsolescent; will be withdrawn */ # define YYLTYPE_IS_DECLARED 1 # define YYLTYPE_IS_TRIVIAL 1 #endif /* Copy the second part of user declarations. */ /* Line 264 of yacc.c */ #line 62 "config-parser.yacc.y" #if YYDEBUG static void print_token_value (FILE *, int, YYSTYPE); # define YYPRINT(file, type, value) print_token_value (file, type, value) #endif /* this must come after bison macros, since we need these types to be defined */ int yylex(YYSTYPE* lvalp, YYLTYPE* llocp, struct config_arg_t* config_arg); void yyerror(YYLTYPE* locp, struct config_arg_t *config_arg, const char* err); /* Line 264 of yacc.c */ #line 192 "config-parser.yacc.c" #ifdef short # undef short #endif #ifdef YYTYPE_UINT8 typedef YYTYPE_UINT8 yytype_uint8; #else typedef unsigned char yytype_uint8; #endif #ifdef YYTYPE_INT8 typedef YYTYPE_INT8 yytype_int8; #elif (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) typedef signed char yytype_int8; #else typedef short int yytype_int8; #endif #ifdef YYTYPE_UINT16 typedef YYTYPE_UINT16 yytype_uint16; #else typedef unsigned short int yytype_uint16; #endif #ifdef YYTYPE_INT16 typedef YYTYPE_INT16 yytype_int16; #else typedef short int yytype_int16; #endif #ifndef YYSIZE_T # ifdef __SIZE_TYPE__ # define YYSIZE_T __SIZE_TYPE__ # elif defined size_t # define YYSIZE_T size_t # elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) # include /* INFRINGES ON USER NAME SPACE */ # define YYSIZE_T size_t # else # define YYSIZE_T unsigned int # endif #endif #define YYSIZE_MAXIMUM ((YYSIZE_T) -1) #ifndef YY_ # if YYENABLE_NLS # if ENABLE_NLS # include /* INFRINGES ON USER NAME SPACE */ # define YY_(msgid) dgettext ("bison-runtime", msgid) # endif # endif # ifndef YY_ # define YY_(msgid) msgid # endif #endif /* Suppress unused-variable warnings by "using" E. */ #if ! defined lint || defined __GNUC__ # define YYUSE(e) ((void) (e)) #else # define YYUSE(e) /* empty */ #endif /* Identity function, used to suppress warnings about constant conditions. */ #ifndef lint # define YYID(n) (n) #else #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static int YYID (int yyi) #else static int YYID (yyi) int yyi; #endif { return yyi; } #endif #if ! defined yyoverflow || YYERROR_VERBOSE /* The parser invokes alloca or malloc; define the necessary symbols. */ # ifdef YYSTACK_USE_ALLOCA # if YYSTACK_USE_ALLOCA # ifdef __GNUC__ # define YYSTACK_ALLOC __builtin_alloca # elif defined __BUILTIN_VA_ARG_INCR # include /* INFRINGES ON USER NAME SPACE */ # elif defined _AIX # define YYSTACK_ALLOC __alloca # elif defined _MSC_VER # include /* INFRINGES ON USER NAME SPACE */ # define alloca _alloca # else # define YYSTACK_ALLOC alloca # if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) # include /* INFRINGES ON USER NAME SPACE */ # ifndef _STDLIB_H # define _STDLIB_H 1 # endif # endif # endif # endif # endif # ifdef YYSTACK_ALLOC /* Pacify GCC's `empty if-body' warning. */ # define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0)) # ifndef YYSTACK_ALLOC_MAXIMUM /* The OS might guarantee only one guard page at the bottom of the stack, and a page size can be as small as 4096 bytes. So we cannot safely invoke alloca (N) if N exceeds 4096. Use a slightly smaller number to allow for a few compiler-allocated temporary stack slots. */ # define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */ # endif # else # define YYSTACK_ALLOC YYMALLOC # define YYSTACK_FREE YYFREE # ifndef YYSTACK_ALLOC_MAXIMUM # define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM # endif # if (defined __cplusplus && ! defined _STDLIB_H \ && ! ((defined YYMALLOC || defined malloc) \ && (defined YYFREE || defined free))) # include /* INFRINGES ON USER NAME SPACE */ # ifndef _STDLIB_H # define _STDLIB_H 1 # endif # endif # ifndef YYMALLOC # define YYMALLOC malloc # if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ # endif # endif # ifndef YYFREE # define YYFREE free # if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) void free (void *); /* INFRINGES ON USER NAME SPACE */ # endif # endif # endif #endif /* ! defined yyoverflow || YYERROR_VERBOSE */ #if (! defined yyoverflow \ && (! defined __cplusplus \ || (defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL \ && defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) /* A type that is properly aligned for any stack member. */ union yyalloc { yytype_int16 yyss_alloc; YYSTYPE yyvs_alloc; YYLTYPE yyls_alloc; }; /* The size of the maximum gap between one aligned stack and the next. */ # define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) /* The size of an array large to enough to hold all stacks, each with N elements. */ # define YYSTACK_BYTES(N) \ ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE) + sizeof (YYLTYPE)) \ + 2 * YYSTACK_GAP_MAXIMUM) /* Copy COUNT objects from FROM to TO. The source and destination do not overlap. */ # ifndef YYCOPY # if defined __GNUC__ && 1 < __GNUC__ # define YYCOPY(To, From, Count) \ __builtin_memcpy (To, From, (Count) * sizeof (*(From))) # else # define YYCOPY(To, From, Count) \ do \ { \ YYSIZE_T yyi; \ for (yyi = 0; yyi < (Count); yyi++) \ (To)[yyi] = (From)[yyi]; \ } \ while (YYID (0)) # endif # endif /* Relocate STACK from its old location to the new one. The local variables YYSIZE and YYSTACKSIZE give the old and new number of elements in the stack, and YYPTR gives the new location of the stack. Advance YYPTR to a properly aligned location for the next stack. */ # define YYSTACK_RELOCATE(Stack_alloc, Stack) \ do \ { \ YYSIZE_T yynewbytes; \ YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ Stack = &yyptr->Stack_alloc; \ yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ yyptr += yynewbytes / sizeof (*yyptr); \ } \ while (YYID (0)) #endif /* YYFINAL -- State number of the termination state. */ #define YYFINAL 2 /* YYLAST -- Last index in YYTABLE. */ #define YYLAST 5 /* YYNTOKENS -- Number of terminals. */ #define YYNTOKENS 7 /* YYNNTS -- Number of nonterminals. */ #define YYNNTS 4 /* YYNRULES -- Number of rules. */ #define YYNRULES 7 /* YYNRULES -- Number of states. */ #define YYNSTATES 10 /* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ #define YYUNDEFTOK 2 #define YYMAXUTOK 261 #define YYTRANSLATE(YYX) \ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) /* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ static const yytype_uint8 yytranslate[] = { 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, 5, 6 }; #if YYDEBUG /* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in YYRHS. */ static const yytype_uint8 yyprhs[] = { 0, 0, 3, 4, 7, 10, 12, 16 }; /* YYRHS -- A `-1'-separated list of the rules' RHS. */ static const yytype_int8 yyrhs[] = { 8, 0, -1, -1, 8, 9, -1, 8, 10, -1, 5, -1, 4, 3, 4, -1, 4, 3, 6, -1 }; /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ static const yytype_uint8 yyrline[] = { 0, 78, 78, 79, 80, 83, 89, 96 }; #endif #if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { "$end", "error", "$undefined", "TOK_EQUAL", "TOK_WORD", "TOK_SECTION", "TOK_STRING", "$accept", "config", "section", "key_value", 0 }; #endif # ifdef YYPRINT /* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to token YYLEX-NUM. */ static const yytype_uint16 yytoknum[] = { 0, 256, 257, 258, 259, 260, 261 }; # endif /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ static const yytype_uint8 yyr1[] = { 0, 7, 8, 8, 8, 9, 10, 10 }; /* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ static const yytype_uint8 yyr2[] = { 0, 2, 0, 2, 2, 1, 3, 3 }; /* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state STATE-NUM when YYTABLE doesn't specify something else to do. Zero means the default is an error. */ static const yytype_uint8 yydefact[] = { 2, 0, 1, 0, 5, 3, 4, 0, 6, 7 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int8 yydefgoto[] = { -1, 1, 5, 6 }; /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing STATE-NUM. */ #define YYPACT_NINF -4 static const yytype_int8 yypact[] = { -4, 0, -4, -1, -4, -4, -4, -3, -4, -4 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int8 yypgoto[] = { -4, -4, -4, -4 }; /* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If positive, shift that token. If negative, reduce the rule which number is the opposite. If zero, do what YYDEFACT says. If YYTABLE_NINF, syntax error. */ #define YYTABLE_NINF -1 static const yytype_uint8 yytable[] = { 2, 8, 7, 9, 3, 4 }; static const yytype_uint8 yycheck[] = { 0, 4, 3, 6, 4, 5 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const yytype_uint8 yystos[] = { 0, 8, 0, 4, 5, 9, 10, 3, 4, 6 }; #define yyerrok (yyerrstatus = 0) #define yyclearin (yychar = YYEMPTY) #define YYEMPTY (-2) #define YYEOF 0 #define YYACCEPT goto yyacceptlab #define YYABORT goto yyabortlab #define YYERROR goto yyerrorlab /* Like YYERROR except do call yyerror. This remains here temporarily to ease the transition to the new meaning of YYERROR, for GCC. Once GCC version 2 has supplanted version 1, this can go. */ #define YYFAIL goto yyerrlab #define YYRECOVERING() (!!yyerrstatus) #define YYBACKUP(Token, Value) \ do \ if (yychar == YYEMPTY && yylen == 1) \ { \ yychar = (Token); \ yylval = (Value); \ yytoken = YYTRANSLATE (yychar); \ YYPOPSTACK (1); \ goto yybackup; \ } \ else \ { \ yyerror (&yylloc, config_arg, YY_("syntax error: cannot back up")); \ YYERROR; \ } \ while (YYID (0)) #define YYTERROR 1 #define YYERRCODE 256 /* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. If N is 0, then set CURRENT to the empty location which ends the previous symbol: RHS[0] (always defined). */ #define YYRHSLOC(Rhs, K) ((Rhs)[K]) #ifndef YYLLOC_DEFAULT # define YYLLOC_DEFAULT(Current, Rhs, N) \ do \ if (YYID (N)) \ { \ (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ } \ else \ { \ (Current).first_line = (Current).last_line = \ YYRHSLOC (Rhs, 0).last_line; \ (Current).first_column = (Current).last_column = \ YYRHSLOC (Rhs, 0).last_column; \ } \ while (YYID (0)) #endif /* YY_LOCATION_PRINT -- Print the location on the stream. This macro was not mandated originally: define only if we know we won't break user code: when these are the locations we know. */ #ifndef YY_LOCATION_PRINT # if YYLTYPE_IS_TRIVIAL # define YY_LOCATION_PRINT(File, Loc) \ fprintf (File, "%d.%d-%d.%d", \ (Loc).first_line, (Loc).first_column, \ (Loc).last_line, (Loc).last_column) # else # define YY_LOCATION_PRINT(File, Loc) ((void) 0) # endif #endif /* YYLEX -- calling `yylex' with the right arguments. */ #ifdef YYLEX_PARAM # define YYLEX yylex (&yylval, &yylloc, YYLEX_PARAM) #else # define YYLEX yylex (&yylval, &yylloc) #endif /* Enable debugging if requested. */ #if YYDEBUG # ifndef YYFPRINTF # include /* INFRINGES ON USER NAME SPACE */ # define YYFPRINTF fprintf # endif # define YYDPRINTF(Args) \ do { \ if (yydebug) \ YYFPRINTF Args; \ } while (YYID (0)) # define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ do { \ if (yydebug) \ { \ YYFPRINTF (stderr, "%s ", Title); \ yy_symbol_print (stderr, \ Type, Value, Location, config_arg); \ YYFPRINTF (stderr, "\n"); \ } \ } while (YYID (0)) /*--------------------------------. | Print this symbol on YYOUTPUT. | `--------------------------------*/ /*ARGSUSED*/ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static void yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep, YYLTYPE const * const yylocationp, struct config_arg_t* config_arg) #else static void yy_symbol_value_print (yyoutput, yytype, yyvaluep, yylocationp, config_arg) FILE *yyoutput; int yytype; YYSTYPE const * const yyvaluep; YYLTYPE const * const yylocationp; struct config_arg_t* config_arg; #endif { if (!yyvaluep) return; YYUSE (yylocationp); YYUSE (config_arg); # ifdef YYPRINT if (yytype < YYNTOKENS) YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); # else YYUSE (yyoutput); # endif switch (yytype) { default: break; } } /*--------------------------------. | Print this symbol on YYOUTPUT. | `--------------------------------*/ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static void yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep, YYLTYPE const * const yylocationp, struct config_arg_t* config_arg) #else static void yy_symbol_print (yyoutput, yytype, yyvaluep, yylocationp, config_arg) FILE *yyoutput; int yytype; YYSTYPE const * const yyvaluep; YYLTYPE const * const yylocationp; struct config_arg_t* config_arg; #endif { if (yytype < YYNTOKENS) YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); else YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); YY_LOCATION_PRINT (yyoutput, *yylocationp); YYFPRINTF (yyoutput, ": "); yy_symbol_value_print (yyoutput, yytype, yyvaluep, yylocationp, config_arg); YYFPRINTF (yyoutput, ")"); } /*------------------------------------------------------------------. | yy_stack_print -- Print the state stack from its BOTTOM up to its | | TOP (included). | `------------------------------------------------------------------*/ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static void yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop) #else static void yy_stack_print (yybottom, yytop) yytype_int16 *yybottom; yytype_int16 *yytop; #endif { YYFPRINTF (stderr, "Stack now"); for (; yybottom <= yytop; yybottom++) { int yybot = *yybottom; YYFPRINTF (stderr, " %d", yybot); } YYFPRINTF (stderr, "\n"); } # define YY_STACK_PRINT(Bottom, Top) \ do { \ if (yydebug) \ yy_stack_print ((Bottom), (Top)); \ } while (YYID (0)) /*------------------------------------------------. | Report that the YYRULE is going to be reduced. | `------------------------------------------------*/ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static void yy_reduce_print (YYSTYPE *yyvsp, YYLTYPE *yylsp, int yyrule, struct config_arg_t* config_arg) #else static void yy_reduce_print (yyvsp, yylsp, yyrule, config_arg) YYSTYPE *yyvsp; YYLTYPE *yylsp; int yyrule; struct config_arg_t* config_arg; #endif { int yynrhs = yyr2[yyrule]; int yyi; unsigned long int yylno = yyrline[yyrule]; YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n", yyrule - 1, yylno); /* The symbols being reduced. */ for (yyi = 0; yyi < yynrhs; yyi++) { YYFPRINTF (stderr, " $%d = ", yyi + 1); yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], &(yyvsp[(yyi + 1) - (yynrhs)]) , &(yylsp[(yyi + 1) - (yynrhs)]) , config_arg); YYFPRINTF (stderr, "\n"); } } # define YY_REDUCE_PRINT(Rule) \ do { \ if (yydebug) \ yy_reduce_print (yyvsp, yylsp, Rule, config_arg); \ } while (YYID (0)) /* Nonzero means print parse trace. It is left uninitialized so that multiple parsers can coexist. */ int yydebug; #else /* !YYDEBUG */ # define YYDPRINTF(Args) # define YY_SYMBOL_PRINT(Title, Type, Value, Location) # define YY_STACK_PRINT(Bottom, Top) # define YY_REDUCE_PRINT(Rule) #endif /* !YYDEBUG */ /* YYINITDEPTH -- initial size of the parser's stacks. */ #ifndef YYINITDEPTH # define YYINITDEPTH 200 #endif /* YYMAXDEPTH -- maximum size the stacks can grow to (effective only if the built-in stack extension method is used). Do not make this value too large; the results are undefined if YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) evaluated with infinite-precision integer arithmetic. */ #ifndef YYMAXDEPTH # define YYMAXDEPTH 10000 #endif #if YYERROR_VERBOSE # ifndef yystrlen # if defined __GLIBC__ && defined _STRING_H # define yystrlen strlen # else /* Return the length of YYSTR. */ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static YYSIZE_T yystrlen (const char *yystr) #else static YYSIZE_T yystrlen (yystr) const char *yystr; #endif { YYSIZE_T yylen; for (yylen = 0; yystr[yylen]; yylen++) continue; return yylen; } # endif # endif # ifndef yystpcpy # if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE # define yystpcpy stpcpy # else /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in YYDEST. */ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static char * yystpcpy (char *yydest, const char *yysrc) #else static char * yystpcpy (yydest, yysrc) char *yydest; const char *yysrc; #endif { char *yyd = yydest; const char *yys = yysrc; while ((*yyd++ = *yys++) != '\0') continue; return yyd - 1; } # endif # endif # ifndef yytnamerr /* Copy to YYRES the contents of YYSTR after stripping away unnecessary quotes and backslashes, so that it's suitable for yyerror. The heuristic is that double-quoting is unnecessary unless the string contains an apostrophe, a comma, or backslash (other than backslash-backslash). YYSTR is taken from yytname. If YYRES is null, do not copy; instead, return the length of what the result would have been. */ static YYSIZE_T yytnamerr (char *yyres, const char *yystr) { if (*yystr == '"') { YYSIZE_T yyn = 0; char const *yyp = yystr; for (;;) switch (*++yyp) { case '\'': case ',': goto do_not_strip_quotes; case '\\': if (*++yyp != '\\') goto do_not_strip_quotes; /* Fall through. */ default: if (yyres) yyres[yyn] = *yyp; yyn++; break; case '"': if (yyres) yyres[yyn] = '\0'; return yyn; } do_not_strip_quotes: ; } if (! yyres) return yystrlen (yystr); return yystpcpy (yyres, yystr) - yyres; } # endif /* Copy into YYRESULT an error message about the unexpected token YYCHAR while in state YYSTATE. Return the number of bytes copied, including the terminating null byte. If YYRESULT is null, do not copy anything; just return the number of bytes that would be copied. As a special case, return 0 if an ordinary "syntax error" message will do. Return YYSIZE_MAXIMUM if overflow occurs during size calculation. */ static YYSIZE_T yysyntax_error (char *yyresult, int yystate, int yychar) { int yyn = yypact[yystate]; if (! (YYPACT_NINF < yyn && yyn <= YYLAST)) return 0; else { int yytype = YYTRANSLATE (yychar); YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); YYSIZE_T yysize = yysize0; YYSIZE_T yysize1; int yysize_overflow = 0; enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; int yyx; # if 0 /* This is so xgettext sees the translatable formats that are constructed on the fly. */ YY_("syntax error, unexpected %s"); YY_("syntax error, unexpected %s, expecting %s"); YY_("syntax error, unexpected %s, expecting %s or %s"); YY_("syntax error, unexpected %s, expecting %s or %s or %s"); YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); # endif char *yyfmt; char const *yyf; static char const yyunexpected[] = "syntax error, unexpected %s"; static char const yyexpecting[] = ", expecting %s"; static char const yyor[] = " or %s"; char yyformat[sizeof yyunexpected + sizeof yyexpecting - 1 + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) * (sizeof yyor - 1))]; char const *yyprefix = yyexpecting; /* Start YYX at -YYN if negative to avoid negative indexes in YYCHECK. */ int yyxbegin = yyn < 0 ? -yyn : 0; /* Stay within bounds of both yycheck and yytname. */ int yychecklim = YYLAST - yyn + 1; int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; int yycount = 1; yyarg[0] = yytname[yytype]; yyfmt = yystpcpy (yyformat, yyunexpected); for (yyx = yyxbegin; yyx < yyxend; ++yyx) if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) { if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) { yycount = 1; yysize = yysize0; yyformat[sizeof yyunexpected - 1] = '\0'; break; } yyarg[yycount++] = yytname[yyx]; yysize1 = yysize + yytnamerr (0, yytname[yyx]); yysize_overflow |= (yysize1 < yysize); yysize = yysize1; yyfmt = yystpcpy (yyfmt, yyprefix); yyprefix = yyor; } yyf = YY_(yyformat); yysize1 = yysize + yystrlen (yyf); yysize_overflow |= (yysize1 < yysize); yysize = yysize1; if (yysize_overflow) return YYSIZE_MAXIMUM; if (yyresult) { /* Avoid sprintf, as that infringes on the user's name space. Don't have undefined behavior even if the translation produced a string with the wrong number of "%s"s. */ char *yyp = yyresult; int yyi = 0; while ((*yyp = *yyf) != '\0') { if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) { yyp += yytnamerr (yyp, yyarg[yyi++]); yyf += 2; } else { yyp++; yyf++; } } } return yysize; } } #endif /* YYERROR_VERBOSE */ /*-----------------------------------------------. | Release the memory associated to this symbol. | `-----------------------------------------------*/ /*ARGSUSED*/ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static void yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep, YYLTYPE *yylocationp, struct config_arg_t* config_arg) #else static void yydestruct (yymsg, yytype, yyvaluep, yylocationp, config_arg) const char *yymsg; int yytype; YYSTYPE *yyvaluep; YYLTYPE *yylocationp; struct config_arg_t* config_arg; #endif { YYUSE (yyvaluep); YYUSE (yylocationp); YYUSE (config_arg); if (!yymsg) yymsg = "Deleting"; YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); switch (yytype) { case 4: /* "TOK_WORD" */ /* Line 1000 of yacc.c */ #line 55 "config-parser.yacc.y" { free ((yyvaluep->string)); }; /* Line 1000 of yacc.c */ #line 1091 "config-parser.yacc.c" break; case 5: /* "TOK_SECTION" */ /* Line 1000 of yacc.c */ #line 55 "config-parser.yacc.y" { free ((yyvaluep->string)); }; /* Line 1000 of yacc.c */ #line 1100 "config-parser.yacc.c" break; default: break; } } /* Prevent warnings from -Wmissing-prototypes. */ #ifdef YYPARSE_PARAM #if defined __STDC__ || defined __cplusplus int yyparse (void *YYPARSE_PARAM); #else int yyparse (); #endif #else /* ! YYPARSE_PARAM */ #if defined __STDC__ || defined __cplusplus int yyparse (struct config_arg_t* config_arg); #else int yyparse (); #endif #endif /* ! YYPARSE_PARAM */ /*-------------------------. | yyparse or yypush_parse. | `-------------------------*/ #ifdef YYPARSE_PARAM #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) int yyparse (void *YYPARSE_PARAM) #else int yyparse (YYPARSE_PARAM) void *YYPARSE_PARAM; #endif #else /* ! YYPARSE_PARAM */ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) int yyparse (struct config_arg_t* config_arg) #else int yyparse (config_arg) struct config_arg_t* config_arg; #endif #endif { /* The lookahead symbol. */ int yychar; /* The semantic value of the lookahead symbol. */ YYSTYPE yylval; /* Location data for the lookahead symbol. */ YYLTYPE yylloc; /* Number of syntax errors so far. */ int yynerrs; int yystate; /* Number of tokens to shift before error messages enabled. */ int yyerrstatus; /* The stacks and their tools: `yyss': related to states. `yyvs': related to semantic values. `yyls': related to locations. Refer to the stacks thru separate pointers, to allow yyoverflow to reallocate them elsewhere. */ /* The state stack. */ yytype_int16 yyssa[YYINITDEPTH]; yytype_int16 *yyss; yytype_int16 *yyssp; /* The semantic value stack. */ YYSTYPE yyvsa[YYINITDEPTH]; YYSTYPE *yyvs; YYSTYPE *yyvsp; /* The location stack. */ YYLTYPE yylsa[YYINITDEPTH]; YYLTYPE *yyls; YYLTYPE *yylsp; /* The locations where the error started and ended. */ YYLTYPE yyerror_range[2]; YYSIZE_T yystacksize; int yyn; int yyresult; /* Lookahead token as an internal (translated) token number. */ int yytoken; /* The variables used to return semantic value and location from the action routines. */ YYSTYPE yyval; YYLTYPE yyloc; #if YYERROR_VERBOSE /* Buffer for error messages, and its allocated size. */ char yymsgbuf[128]; char *yymsg = yymsgbuf; YYSIZE_T yymsg_alloc = sizeof yymsgbuf; #endif #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N), yylsp -= (N)) /* The number of symbols on the RHS of the reduced rule. Keep to zero when no symbol should be popped. */ int yylen = 0; yytoken = 0; yyss = yyssa; yyvs = yyvsa; yyls = yylsa; yystacksize = YYINITDEPTH; YYDPRINTF ((stderr, "Starting parse\n")); yystate = 0; yyerrstatus = 0; yynerrs = 0; yychar = YYEMPTY; /* Cause a token to be read. */ /* Initialize stack pointers. Waste one element of value and location stack so that they stay on the same level as the state stack. The wasted elements are never initialized. */ yyssp = yyss; yyvsp = yyvs; yylsp = yyls; #if YYLTYPE_IS_TRIVIAL /* Initialize the default location before parsing starts. */ yylloc.first_line = yylloc.last_line = 1; yylloc.first_column = yylloc.last_column = 1; #endif goto yysetstate; /*------------------------------------------------------------. | yynewstate -- Push a new state, which is found in yystate. | `------------------------------------------------------------*/ yynewstate: /* In all cases, when you get here, the value and location stacks have just been pushed. So pushing a state here evens the stacks. */ yyssp++; yysetstate: *yyssp = yystate; if (yyss + yystacksize - 1 <= yyssp) { /* Get the current used size of the three stacks, in elements. */ YYSIZE_T yysize = yyssp - yyss + 1; #ifdef yyoverflow { /* Give user a chance to reallocate the stack. Use copies of these so that the &'s don't force the real ones into memory. */ YYSTYPE *yyvs1 = yyvs; yytype_int16 *yyss1 = yyss; YYLTYPE *yyls1 = yyls; /* Each stack pointer address is followed by the size of the data in use in that stack, in bytes. This used to be a conditional around just the two extra args, but that might be undefined if yyoverflow is a macro. */ yyoverflow (YY_("memory exhausted"), &yyss1, yysize * sizeof (*yyssp), &yyvs1, yysize * sizeof (*yyvsp), &yyls1, yysize * sizeof (*yylsp), &yystacksize); yyls = yyls1; yyss = yyss1; yyvs = yyvs1; } #else /* no yyoverflow */ # ifndef YYSTACK_RELOCATE goto yyexhaustedlab; # else /* Extend the stack our own way. */ if (YYMAXDEPTH <= yystacksize) goto yyexhaustedlab; yystacksize *= 2; if (YYMAXDEPTH < yystacksize) yystacksize = YYMAXDEPTH; { yytype_int16 *yyss1 = yyss; union yyalloc *yyptr = (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); if (! yyptr) goto yyexhaustedlab; YYSTACK_RELOCATE (yyss_alloc, yyss); YYSTACK_RELOCATE (yyvs_alloc, yyvs); YYSTACK_RELOCATE (yyls_alloc, yyls); # undef YYSTACK_RELOCATE if (yyss1 != yyssa) YYSTACK_FREE (yyss1); } # endif #endif /* no yyoverflow */ yyssp = yyss + yysize - 1; yyvsp = yyvs + yysize - 1; yylsp = yyls + yysize - 1; YYDPRINTF ((stderr, "Stack size increased to %lu\n", (unsigned long int) yystacksize)); if (yyss + yystacksize - 1 <= yyssp) YYABORT; } YYDPRINTF ((stderr, "Entering state %d\n", yystate)); if (yystate == YYFINAL) YYACCEPT; goto yybackup; /*-----------. | yybackup. | `-----------*/ yybackup: /* Do appropriate processing given the current state. Read a lookahead token if we need one and don't already have one. */ /* First try to decide what to do without reference to lookahead token. */ yyn = yypact[yystate]; if (yyn == YYPACT_NINF) goto yydefault; /* Not known => get a lookahead token if don't already have one. */ /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ if (yychar == YYEMPTY) { YYDPRINTF ((stderr, "Reading a token: ")); yychar = YYLEX; } if (yychar <= YYEOF) { yychar = yytoken = YYEOF; YYDPRINTF ((stderr, "Now at end of input.\n")); } else { yytoken = YYTRANSLATE (yychar); YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); } /* If the proper action on seeing token YYTOKEN is to reduce or to detect an error, take that action. */ yyn += yytoken; if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) goto yydefault; yyn = yytable[yyn]; if (yyn <= 0) { if (yyn == 0 || yyn == YYTABLE_NINF) goto yyerrlab; yyn = -yyn; goto yyreduce; } /* Count tokens shifted since error; after three, turn off error status. */ if (yyerrstatus) yyerrstatus--; /* Shift the lookahead token. */ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); /* Discard the shifted token. */ yychar = YYEMPTY; yystate = yyn; *++yyvsp = yylval; *++yylsp = yylloc; goto yynewstate; /*-----------------------------------------------------------. | yydefault -- do the default action for the current state. | `-----------------------------------------------------------*/ yydefault: yyn = yydefact[yystate]; if (yyn == 0) goto yyerrlab; goto yyreduce; /*-----------------------------. | yyreduce -- Do a reduction. | `-----------------------------*/ yyreduce: /* yyn is the number of a rule to reduce with. */ yylen = yyr2[yyn]; /* If YYLEN is nonzero, implement the default value of the action: `$$ = $1'. Otherwise, the following line sets YYVAL to garbage. This behavior is undocumented and Bison users should not rely upon it. Assigning to YYVAL unconditionally makes the parser a bit smaller, and it avoids a GCC warning that YYVAL may be used uninitialized. */ yyval = yyvsp[1-yylen]; /* Default location. */ YYLLOC_DEFAULT (yyloc, (yylsp - yylen), yylen); YY_REDUCE_PRINT (yyn); switch (yyn) { case 5: /* Line 1455 of yacc.c */ #line 83 "config-parser.yacc.y" { if (config_arg->current_section) free(config_arg->current_section); config_arg->current_section = (yyvsp[(1) - (1)].string); } break; case 6: /* Line 1455 of yacc.c */ #line 90 "config-parser.yacc.y" { nubase_config_table_set_with_section(config_arg->parsed_config, config_arg->current_section, (yyvsp[(1) - (3)].string), (yyvsp[(3) - (3)].string)); free((yyvsp[(1) - (3)].string)); free((yyvsp[(3) - (3)].string)); } break; case 7: /* Line 1455 of yacc.c */ #line 97 "config-parser.yacc.y" { nubase_config_table_set_with_section(config_arg->parsed_config, config_arg->current_section, (yyvsp[(1) - (3)].string), (yyvsp[(3) - (3)].string)); free((yyvsp[(1) - (3)].string)); free((yyvsp[(3) - (3)].string)); } break; /* Line 1455 of yacc.c */ #line 1464 "config-parser.yacc.c" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); YYPOPSTACK (yylen); yylen = 0; YY_STACK_PRINT (yyss, yyssp); *++yyvsp = yyval; *++yylsp = yyloc; /* Now `shift' the result of the reduction. Determine what state that goes to, based on the state we popped back to and the rule number reduced by. */ yyn = yyr1[yyn]; yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) yystate = yytable[yystate]; else yystate = yydefgoto[yyn - YYNTOKENS]; goto yynewstate; /*------------------------------------. | yyerrlab -- here on detecting error | `------------------------------------*/ yyerrlab: /* If not already recovering from an error, report this error. */ if (!yyerrstatus) { ++yynerrs; #if ! YYERROR_VERBOSE yyerror (&yylloc, config_arg, YY_("syntax error")); #else { YYSIZE_T yysize = yysyntax_error (0, yystate, yychar); if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM) { YYSIZE_T yyalloc = 2 * yysize; if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM)) yyalloc = YYSTACK_ALLOC_MAXIMUM; if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); yymsg = (char *) YYSTACK_ALLOC (yyalloc); if (yymsg) yymsg_alloc = yyalloc; else { yymsg = yymsgbuf; yymsg_alloc = sizeof yymsgbuf; } } if (0 < yysize && yysize <= yymsg_alloc) { (void) yysyntax_error (yymsg, yystate, yychar); yyerror (&yylloc, config_arg, yymsg); } else { yyerror (&yylloc, config_arg, YY_("syntax error")); if (yysize != 0) goto yyexhaustedlab; } } #endif } yyerror_range[0] = yylloc; if (yyerrstatus == 3) { /* If just tried and failed to reuse lookahead token after an error, discard it. */ if (yychar <= YYEOF) { /* Return failure if at end of input. */ if (yychar == YYEOF) YYABORT; } else { yydestruct ("Error: discarding", yytoken, &yylval, &yylloc, config_arg); yychar = YYEMPTY; } } /* Else will try to reuse lookahead token after shifting the error token. */ goto yyerrlab1; /*---------------------------------------------------. | yyerrorlab -- error raised explicitly by YYERROR. | `---------------------------------------------------*/ yyerrorlab: /* Pacify compilers like GCC when the user code never invokes YYERROR and the label yyerrorlab therefore never appears in user code. */ if (/*CONSTCOND*/ 0) goto yyerrorlab; yyerror_range[0] = yylsp[1-yylen]; /* Do not reclaim the symbols of the rule which action triggered this YYERROR. */ YYPOPSTACK (yylen); yylen = 0; YY_STACK_PRINT (yyss, yyssp); yystate = *yyssp; goto yyerrlab1; /*-------------------------------------------------------------. | yyerrlab1 -- common code for both syntax error and YYERROR. | `-------------------------------------------------------------*/ yyerrlab1: yyerrstatus = 3; /* Each real token shifted decrements this. */ for (;;) { yyn = yypact[yystate]; if (yyn != YYPACT_NINF) { yyn += YYTERROR; if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) { yyn = yytable[yyn]; if (0 < yyn) break; } } /* Pop the current state because it cannot handle the error token. */ if (yyssp == yyss) YYABORT; yyerror_range[0] = *yylsp; yydestruct ("Error: popping", yystos[yystate], yyvsp, yylsp, config_arg); YYPOPSTACK (1); yystate = *yyssp; YY_STACK_PRINT (yyss, yyssp); } *++yyvsp = yylval; yyerror_range[1] = yylloc; /* Using YYLLOC is tempting, but would change the location of the lookahead. YYLOC is available though. */ YYLLOC_DEFAULT (yyloc, (yyerror_range - 1), 2); *++yylsp = yyloc; /* Shift the error token. */ YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); yystate = yyn; goto yynewstate; /*-------------------------------------. | yyacceptlab -- YYACCEPT comes here. | `-------------------------------------*/ yyacceptlab: yyresult = 0; goto yyreturn; /*-----------------------------------. | yyabortlab -- YYABORT comes here. | `-----------------------------------*/ yyabortlab: yyresult = 1; goto yyreturn; #if !defined(yyoverflow) || YYERROR_VERBOSE /*-------------------------------------------------. | yyexhaustedlab -- memory exhaustion comes here. | `-------------------------------------------------*/ yyexhaustedlab: yyerror (&yylloc, config_arg, YY_("memory exhausted")); yyresult = 2; /* Fall through. */ #endif yyreturn: if (yychar != YYEMPTY) yydestruct ("Cleanup: discarding lookahead", yytoken, &yylval, &yylloc, config_arg); /* Do not reclaim the symbols of the rule which action triggered this YYABORT or YYACCEPT. */ YYPOPSTACK (yylen); YY_STACK_PRINT (yyss, yyssp); while (yyssp != yyss) { yydestruct ("Cleanup: popping", yystos[*yyssp], yyvsp, yylsp, config_arg); YYPOPSTACK (1); } #ifndef yyoverflow if (yyss != yyssa) YYSTACK_FREE (yyss); #endif #if YYERROR_VERBOSE if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); #endif /* Make sure YYID is used. */ return YYID (yyresult); } /* Line 1675 of yacc.c */ #line 104 "config-parser.yacc.y" void yyerror(YYLTYPE* locp, struct config_arg_t *config_arg, const char* err) { fprintf(stderr, "YYERROR:%s\n", err); } struct llist_head * parse_configuration(const char *config) { struct llist_head * config_table_list; struct config_arg_t config_argument; path = str_extract_until(config, '/'); filename = config; yyin = fopen(config, "r"); if ( ! yyin ) { fprintf(stderr, "Cannot open file %s.\n", config); return NULL; } config_table_list = malloc(sizeof(*config_table_list)); INIT_LLIST_HEAD( config_table_list ); config_argument.parsed_config = config_table_list; config_argument.current_section = NULL; yyparse(&config_argument); if (config_argument.current_section) free(config_argument.current_section); return config_table_list; } #if YYDEBUG static void print_token_value (FILE *file, int type, YYSTYPE value) { if (type == TOK_STRING) fprintf (file, "s %s", value.string); else if (type == TOK_WORD) fprintf (file, "w %s", value.string); else if (type == TOK_SECTION) fprintf (file, "section %s", value.string); else if (type == TOK_EQUAL) fprintf (file, "= %s", value.string); else fprintf (file, "unk %s", value.string); } #endif #ifdef _UNIT_TEST_ /* gcc config-parser.lex.c config-parser.yacc.c -o config-parser -D_UNIT_TEST_ -ly -lfl */ int main(void) { #if 0 FILE *fp; fp = fopen("../../../conf/nuauth.conf", "r"); if (!fp) { fprintf(stderr, "Cannot open ../../../conf/nuauth.conf"); return 1; } parse_configuration(fp, "../../../conf/nuauth.conf"); #endif parse_configuration("../../../conf/nuauth.conf"); return 0; } #endif nufw-2.4.3/src/libs/nuconfparser/config-parser.yacc.h0000644000175000017500000000512411431206275017476 00000000000000 /* A Bison parser, made by GNU Bison 2.4.1. */ /* Skeleton interface for Bison's Yacc-like parsers in C Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work under terms of your choice, so long as that work isn't itself a parser generator using the skeleton or a modified version thereof as a parser skeleton. Alternatively, if you modify or redistribute the parser skeleton itself, you may (at your option) remove this special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ /* Tokens. */ #ifndef YYTOKENTYPE # define YYTOKENTYPE /* Put the tokens into the symbol table, so that GDB and other debuggers know about them. */ enum yytokentype { TOK_EQUAL = 258, TOK_WORD = 259, TOK_SECTION = 260, TOK_STRING = 261 }; #endif /* Tokens. */ #define TOK_EQUAL 258 #define TOK_WORD 259 #define TOK_SECTION 260 #define TOK_STRING 261 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE { /* Line 1676 of yacc.c */ #line 49 "config-parser.yacc.y" char *string; int number; /* Line 1676 of yacc.c */ #line 71 "config-parser.yacc.h" } YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 #endif #if ! defined YYLTYPE && ! defined YYLTYPE_IS_DECLARED typedef struct YYLTYPE { int first_line; int first_column; int last_line; int last_column; } YYLTYPE; # define yyltype YYLTYPE /* obsolescent; will be withdrawn */ # define YYLTYPE_IS_DECLARED 1 # define YYLTYPE_IS_TRIVIAL 1 #endif nufw-2.4.3/src/doxygen.sh0000755000175000017500000000003611431206275012223 00000000000000#!/bin/sh doxygen doxygen.cfg nufw-2.4.3/selinux/0000777000175000017500000000000011431215443011171 500000000000000nufw-2.4.3/selinux/Makefile.in0000644000175000017500000002276311431215376013171 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = selinux DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ EXTRA_DIST = nuauth.fc nuauth.if nuauth.te nufw.fc nufw.if nufw.te README.selinux SEMAKEFILE = /usr/share/doc/selinux-policy-dev/examples/Makefile SEMAKE = $(MAKE) -f $(SEMAKEFILE) all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu selinux/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu selinux/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ clean-local distclean distclean-generic distclean-libtool \ distdir dvi dvi-am html html-am info info-am install \ install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ uninstall uninstall-am nufw.pp: nufw.fc nufw.if nufw.te $(SEMAKEFILE) $(SEMAKE) $@ nuauth.pp: nuauth.fc nuauth.if nuauth.te $(SEMAKEFILE) $(SEMAKE) $@ policy: nufw.pp nuauth.pp load: policy sudo $(SEMAKE) load clean-local: [ ! -f $(SEMAKEFILE) ] || $(SEMAKE) clean # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/selinux/nufw.fc0000644000175000017500000000051611431206275012403 00000000000000# nufw executable will have: # label: system_u:object_r:nufw_exec_t # MLS sensitivity: s0 # MCS categories: /etc/nufw(/.*)? gen_context(system_u:object_r:nufw_etc_t,s0) /usr/sbin/nufw -- gen_context(system_u:object_r:nufw_exec_t,s0) /var/run/nufw.pid gen_context(system_u:object_r:nufw_var_run_t,s0) nufw-2.4.3/selinux/nufw.te0000644000175000017500000000450211431206275012422 00000000000000policy_module(nufw,1.0.0) # add nufw_port_t using: # semanage port -a -t nufw_port_t -p tcp 4128 ######################################## # # Declarations # type nufw_t; type nufw_exec_t; domain_type(nufw_t) init_daemon_domain(nufw_t, nufw_exec_t) # etc files type nufw_etc_t; files_type(nufw_etc_t) # log files type nufw_var_log_t; logging_log_file(nufw_var_log_t) # pid files type nufw_var_run_t; files_pid_file(nufw_var_run_t) ######################################## # # nufw local policy # # Check in /etc/selinux/refpolicy/include for macros to use instead of allow rules. # Some common macros (you might be able to remove some) files_read_etc_files(nufw_t) # configuration files allow nufw_t nufw_etc_t:dir list_dir_perms; read_files_pattern(nufw_t,nufw_etc_t,nufw_etc_t) read_lnk_files_pattern(nufw_t,nufw_etc_t,nufw_etc_t) libs_use_ld_so(nufw_t) libs_use_shared_libs(nufw_t) miscfiles_read_localization(nufw_t) logging_send_syslog_msg(nufw_t) ## internal communication is often done using fifo and unix sockets. #allow nufw_t self:fifo_file { read write }; allow nufw_t self:unix_stream_socket create_stream_socket_perms; # pid file allow nufw_t nufw_var_run_t:file manage_file_perms; #allow nufw_t nufw_var_run_t:sock_file manage_file_perms; allow nufw_t nufw_var_run_t:dir rw_dir_perms; files_pid_filetrans(nufw_t,nufw_var_run_t, { file sock_file }) ## Networking basics (adjust to your needs!) sysnet_dns_name_resolve(nufw_t) corenet_tcp_sendrecv_all_if(nufw_t) corenet_tcp_sendrecv_all_nodes(nufw_t) #corenet_tcp_sendrecv_all_ports(nufw_t) #corenet_non_ipsec_sendrecv(nufw_t) type nufw_port_t; corenet_tcp_connect_nufw_port(nufw_t) corenet_tcp_sendrecv_nufw_port(nufw_t) #corenet_tcp_connect_all_ports(nufw_t) ## if it is a network daemon, consider these: #corenet_tcp_bind_all_ports(nufw_t) #corenet_tcp_bind_all_nodes(nufw_t) allow nufw_t self:tcp_socket { listen accept }; allow nufw_t self:rawip_socket create_socket_perms; allow nufw_t self:netlink_socket create_socket_perms; allow nufw_t self:netlink_route_socket rw_netlink_socket_perms; # Init script handling init_use_fds(nufw_t) init_use_script_ptys(nufw_t) domain_use_interactive_fds(nufw_t) # for crypto dev_read_rand(nufw_t) dev_read_urand(nufw_t) # nufw wants sys_nice allow nufw_t self:capability { sys_nice net_admin net_raw }; allow nufw_t self:process { setsched }; nufw-2.4.3/selinux/nuauth.if0000644000175000017500000000523711431206275012743 00000000000000## policy for nuauth ######################################## ## ## Execute a domain transition to run nuauth. ## ## ## ## Domain allowed to transition. ## ## # interface(`nuauth_domtrans',` gen_require(` type nuauth_t, nuauth_exec_t; ') domain_auto_trans($1,nuauth_exec_t,nuauth_t) allow $1 nuauth_t:fd use; allow nuauth_t $1:fd use; allow nuauth_t $1:fifo_file rw_file_perms; allow nuauth_t $1:process sigchld; ') ######################################## ## ## Allow nuauth to access nufw configuration files ## ## ## ## Domain allowed to access files. ## ## ## # interface(`nuauth_access_nufw_etc_t',` gen_require(` type nufw_etc_t; ') allow $1 nufw_etc_t:dir list_dir_perms; read_files_pattern($1,nufw_etc_t,nufw_etc_t) read_lnk_files_pattern($1,nufw_etc_t,nufw_etc_t) ') ######################################## ## ## Bind TCP sockets to the nufw port. ## ## ## ## Domain allowed access. ## ## ## # interface(`corenet_tcp_bind_nufw_port',` gen_require(` type nufw_port_t; ') allow $1 nufw_port_t:tcp_socket name_bind; ') ######################################## ## ## Bind TCP sockets to the nuauth port. ## ## ## ## Domain allowed access. ## ## ## # interface(`corenet_tcp_bind_nuauth_port',` gen_require(` type nuauth_port_t; ') allow $1 nuauth_port_t:tcp_socket name_bind; ') ######################################## ## ## Send and receive TCP traffic on the nufw port. ## ## ## ## Domain allowed access. ## ## ## # interface(`corenet_tcp_sendrecv_nufw_port',` gen_require(` type nufw_port_t; ') allow $1 nufw_port_t:tcp_socket { send_msg recv_msg }; ') ######################################## ## ## Send and receive TCP traffic on the nuauth port. ## ## ## ## Domain allowed access. ## ## ## # interface(`corenet_tcp_sendrecv_nuauth_port',` gen_require(` type nuauth_port_t; ') allow $1 nuauth_port_t:tcp_socket { send_msg recv_msg }; ') nufw-2.4.3/selinux/Makefile.am0000644000175000017500000000066111431206275013147 00000000000000EXTRA_DIST = nuauth.fc nuauth.if nuauth.te nufw.fc nufw.if nufw.te README.selinux SEMAKEFILE = /usr/share/doc/selinux-policy-dev/examples/Makefile SEMAKE = $(MAKE) -f $(SEMAKEFILE) nufw.pp: nufw.fc nufw.if nufw.te $(SEMAKEFILE) $(SEMAKE) $@ nuauth.pp: nuauth.fc nuauth.if nuauth.te $(SEMAKEFILE) $(SEMAKE) $@ policy: nufw.pp nuauth.pp load: policy sudo $(SEMAKE) load clean-local: [ ! -f $(SEMAKEFILE) ] || $(SEMAKE) clean nufw-2.4.3/selinux/nuauth.fc0000644000175000017500000000041511431206275012726 00000000000000# nuauth executable will have: # label: system_u:object_r:nuauth_exec_t # MLS sensitivity: s0 # MCS categories: /usr/sbin/nuauth -- gen_context(system_u:object_r:nuauth_exec_t,s0) /var/run/nuauth/nuauth.pid gen_context(system_u:object_r:nuauth_var_run_t,s0) nufw-2.4.3/selinux/nuauth.te0000644000175000017500000000577311431206275012762 00000000000000policy_module(nuauth,1.0.0) # add nuauth_port_t using: # semanage port -a -t nuauth_port_t -p tcp 4129 ######################################## # # Declarations # type nuauth_t; type nuauth_exec_t; domain_type(nuauth_t) init_daemon_domain(nuauth_t, nuauth_exec_t) # pid files type nuauth_var_run_t; files_pid_file(nuauth_var_run_t) # configuration files nuauth_access_nufw_etc_t(nuauth_t) ######################################## # # nuauth local policy # # Check in /etc/selinux/refpolicy/include for macros to use instead of allow rules. # Some common macros (you might be able to remove some) files_read_etc_files(nuauth_t) libs_use_ld_so(nuauth_t) libs_use_shared_libs(nuauth_t) miscfiles_read_localization(nuauth_t) logging_send_syslog_msg(nuauth_t) ## internal communication is often done using fifo and unix sockets. #allow nuauth_t self:fifo_file { read write }; allow nuauth_t self:unix_stream_socket create_stream_socket_perms; # pid file #allow nuauth_t nuauth_var_run_t:file manage_file_perms; #allow nuauth_t nuauth_var_run_t:sock_file { unlink create write }; #allow nuauth_t nuauth_var_run_t:dir rw_dir_perms; manage_files_pattern(nuauth_t, nuauth_var_run_t, nuauth_var_run_t) manage_sock_files_pattern(nuauth_t, nuauth_var_run_t, nuauth_var_run_t) delete_sock_files_pattern(nuauth_t, nuauth_var_run_t, nuauth_var_run_t) files_pid_filetrans(nuauth_t,nuauth_var_run_t, { file sock_file }) ## Networking basics (adjust to your needs!) sysnet_dns_name_resolve(nuauth_t) corenet_tcp_sendrecv_all_if(nuauth_t) corenet_tcp_sendrecv_all_nodes(nuauth_t) corenet_tcp_sendrecv_all_ports(nuauth_t) corenet_non_ipsec_sendrecv(nuauth_t) #corenet_tcp_connect_http_port(nuauth_t) #corenet_tcp_connect_all_ports(nuauth_t) ## if it is a network daemon, consider these: #corenet_tcp_bind_all_ports(nuauth_t) corenet_tcp_bind_all_nodes(nuauth_t) allow nuauth_t self:tcp_socket { listen accept }; allow nuauth_t self:unix_dgram_socket create_socket_perms; allow nuauth_t self:netlink_route_socket rw_netlink_socket_perms; type nuauth_port_t; corenet_tcp_bind_nufw_port(nuauth_t); corenet_tcp_bind_nuauth_port(nuauth_t); corenet_port(nuauth_port_t) gen_require(` type nufw_port_t; ') corenet_port(nufw_port_t) corenet_tcp_sendrecv_nufw_port(nuauth_t); corenet_tcp_sendrecv_nuauth_port(nuauth_t); # Init script handling init_use_fds(nuauth_t) init_use_script_ptys(nuauth_t) domain_use_interactive_fds(nuauth_t) # for crypto dev_read_rand(nuauth_t) dev_read_urand(nuauth_t) allow nuauth_t self:process { signal getsched }; allow nuauth_t self:capability { dac_read_search dac_override setuid }; # for the "system" module allow nuauth_t bin_t:dir search; allow nuauth_t self:fifo_file write; auth_use_nsswitch(nuauth_t) auth_domtrans_chk_passwd(nuauth_t) # postgresql logging corenet_tcp_connect_postgresql_port(nuauth_t) corenet_tcp_sendrecv_postgresql_port(nuauth_t) # postgresql searches for file ~/.pgpass files_dontaudit_search_home(nuauth_t) # mysql logging corenet_tcp_connect_mysqld_port(nuauth_t) corenet_tcp_sendrecv_mysqld_port(nuauth_t) nufw-2.4.3/selinux/nufw.if0000644000175000017500000000247411431206275012416 00000000000000## policy for nufw ######################################## ## ## Execute a domain transition to run nufw. ## ## ## ## Domain allowed to transition. ## ## # interface(`nufw_domtrans',` gen_require(` type nufw_t, nufw_exec_t; ') domain_auto_trans($1,nufw_exec_t,nufw_t) allow $1 nufw_t:fd use; allow nufw_t $1:fd use; allow nufw_t $1:fifo_file rw_file_perms; allow nufw_t $1:process sigchld; ') ######################################## ## ## Make a TCP connection to the nufw port. ## ## ## ## Domain allowed access. ## ## # interface(`corenet_tcp_connect_nufw_port',` gen_require(` type nufw_port_t; ') allow $1 nufw_port_t:tcp_socket name_connect; ') ######################################## ## ## Send and receive TCP traffic on the nufw port. ## ## ## ## Domain allowed access. ## ## ## # interface(`corenet_tcp_sendrecv_nufw_port',` gen_require(` type nufw_port_t; ') allow $1 nufw_port_t:tcp_socket { send_msg recv_msg }; ') nufw-2.4.3/selinux/README.selinux0000644000175000017500000000140011431206275013451 00000000000000Installation ============ WARNING this policy is experimental, and still in development. It works, but may need some corrections (patches accepted ;) This policy was written for Debian, so paths may need to be adjusted. Install package selinux-policy-dev. Build the policy modules:: make -f /usr/share/doc/selinux-policy-dev/examples/Makefile As root, create the ports definition for SELinux:: semanage port -a -t nufw_port_t -p tcp 4128 semanage port -a -t nuauth_port_t -p tcp 4129 Then, as root, load the policy modules (choose one):: sudo make -f /usr/share/doc/selinux-policy-dev/examples/Makefile load You will need to wait for restorecond to relabel files, or you can force the relabel, for ex:: restorecon -v -R /etc/nufw/ /usr/bin/nufw [...] nufw-2.4.3/TODO0000644000175000017500000000113011431206275010104 00000000000000# NuSSL - Nuauth/NuFW/Nutcpc: CRL handling -> Done, needs testing - Handle the "CRL distribution point" field in the CA certificate (later) -> Still TODO - Nuauth/NuFW/Nutcpc: Certificate's DN check - Nuauth/NuFW/Nutcpc: Add a config option to specify the authorized cipher list - Nuauth/NuFW/Nutcpc: Add a config option to specify the frequency to renegotiate the TLS session - Nuauth: Split NuFW certificates and users certificates options in nuauth.conf - Nuauth: Nuauth 2.2 uses non-blockant send to NuFW, NuSSL doesn't handle it - Nuauth/NuFW/Nutcpc: Valgrind checks - NuSSL: API documentation nufw-2.4.3/README0000644000175000017500000000317211431206275010304 00000000000000====== README ====== See INSTALL for installation. Howto ===== See http://www.nufw.org/docs/howto22.html TLS usage ========= NuAuth: ------- A key for nuauth can be created wth the following command : openssl req -new -x509 -nodes -days 365 -out nuauth-cert.pem -keyout nuauth-key.pem By default nuauth searches the certificate CONFIGDIR/nuauth-cert.pem and key CONFIGDIR/nuauth-key.pem Kernel: ======== It is recommanded to use a recent kernel to benefit of all latest feature. A kernel superior to 2.6.18 is a good choice. The patch dump-connection-mark.diff (in patches/) can be applied to the kernel to increase performances when doing session logging. This patch is included in 2.6.25 kernel and over. Included documentation ====================== * scripts/README: describe usage of provided scripts * doc/README.mark: small howto about QoS and routing capabilities of NuFW * doc/README.iface: informations about requirements for interface name logging * doc/README.pam_nufw: how to use NuFW pam authentication module * doc/README.ldap: information about ldap usage and tuning * tests/README: information about unitary tests system Contact and support =================== * IRC channel: #nufw on irc.freenode.net server. * Forum: http://forums.inl.fr/ * Mailing lists: http://nufw.org/Contacts.html * Security: Please send any security bug or suggestion to: * Commercial support: http://www.inl.fr/ Legal Notice due to cyrus SASL usage ==================================== This product includes software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/computing/). nufw-2.4.3/conf/0000777000175000017500000000000011431215443010427 500000000000000nufw-2.4.3/conf/nuclient.conf0000644000175000017500000000126711431206275013044 00000000000000#################################################################### #### NuFw global client config file #################################################################### # Set nuauth IP #nuauth_ip="nuauth.nufw.org" # Set nuauth port #nuauth_port="4129" # Set certificate authority #nuauth_tls_ca="/etc/nufw/CA.pem" # Set certificate for client #nuauth_tls_cert="/etc/nufw/client-cert.pem" # Set key for client #nuauth_tls_key="/etc/nufw/client-key.pem" # Set CRL file to use #nuauth_tls_crl="/etc/nufw/crl.pem" # Disable warning about FQDN errors #nuauth_suppress_fqdn_verif="1" # Plugins management #[plugins] #luser = "/usr/lib/nuclient/modules/luser.so" # Per plugin section #[luser] nufw-2.4.3/conf/mark_field.conf0000644000175000017500000000002711431206275013311 000000000000001:*firefox* 2:*telnet* nufw-2.4.3/conf/certs/0000777000175000017500000000000011431215443011547 500000000000000nufw-2.4.3/conf/certs/nuauth-key.pem0000644000175000017500000000625711431206275014275 00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKgIBAAKCAgEAz0VOW2nJnAIJ80H9RXZsLLN+S8TJuEbV817zKAEtc1WefvrD NuvxFsEqy4GUw+sKndtnQqaySwxYoAuJ4tfmuqeI6flw37xNaxjAotkpnaL4xISy b1Pu5Ab7GidHXgF0Ij/pMx7SUIwhvtubI333K6AVb2vHP0YjCNdL/LdPPwUXINi9 srcneYj/3R9VELQlgd4Bjww/CLqwaF2qbIlQWdChXEcHRxQbdwSE/11nvNSKMkVj vLTBcaq54w1G8716xfrn5N+k5Y09F5eb3J3FJf4RLXXwS7DoU/YXOiP24e3745ar VLfC2hc78z2tWOt1AynnK22N8IAKXFPZ/f0zcon9rw29p4OjYEYuWuYLlnvbSz0f HpGskQON3XtTidlc9IPW0cgCuYTzqNk5AAfor0J5C4klOhhtdSsy19DlWc6rHsrA 32lHJ5qq7mCUHr5xs7zCIWHuWNBKP+kk60klMSV42+exoG5kqcotA36C/dRtVxND Ubd6HEKHCGocdSNltpxS+yv0WrruUZG0bnBamHnqdeIWY75Gv0QcVEfD3jCWnz8B x/uPVkqMGa9W1NIzAnGxoRhg1DxDQcWzUvLh2lqTxU0cRc+TVgY2opbBvN4teLkQ 6D6+PUtFPTCXv2AqweK83OyPEHTGH3TsXwYgNOhYp+pmBQE4xG/ADyon+CUCAwEA AQKCAgEAwNFBlqqv4hDHfuPpoEANW/xSxlu4KFTFXhT7cUC/Lmb8/jV7e1E8w6VJ kW3nnea+xqE/y3JVtJk0rRZu3Hdq7kNCjB7/0TNUdgfd1ODe5QWiFPc5I3Xaa4jO +cKGkr4Zcm8wGt1WW5YxImMbTIY3dP8EUdXa0lMF7oiS6PMCpqauoGDhACuAboBz PhqSwOpFZi3IF3IWBaHe0AgqrbOD6zm5kqWE8KuU7UBoFUOoaLL0KNYCdZ9Vwc9I BB/q3H5tg1XpejJPLTkaFyNz3GVs7O4QvtDTjSZyywDJFM42MnF4/XzBwBr/CnHI 1HyREYJhJWNK6UyOWahTexaKWcy9mOiO2s4I6IQGrW2K+OyI0TtfL7A+8POtH6a6 GHKD7rZnfMuJsgXpWc0rqJEh11mxBUj6mKzmEZ/uQoSmon3meTe/O373mGShubtL L/kDKxSXLCq7jMxettPq/xSK9jQzXbi4/PDiivsWdEetiTjWuxBs8q3qgq4fBW4T 1+aZezjOaQsNtdeS4QLM1u4WZLAUHTuiEBSRqPRwx2KAJz5JWTv3JBJwpIB2IQkH 6jdR6Z2T2iPXEAeBDETb8wI4Y7Kh+wjKlBxm5d5gbLzDQSuAh8rJQawmFQUs4pzK GPvJnHUW6p+TcEpBlhtoOlzK1HtPU/lyal5kAjWG2+0rPFpReIECggEBAOa0559Y uSpR3B3iU3H/fOGdRu14diVt+pAfoO96rtnyfFb8lW+ep1Du/4czAcdDKNwTLkzg KQeP9ohMWcSXY3q7Uusv9CneBd9SETV69hUUQ5xsS+nWOAVbnHs1cFqHaO3aloD0 f0OybIKM1ONj+TgsiNksNzlmeTVQgEBkQeRsX9E5fcgVrHcfusO7C5wcZ+lVYtWk Ionpkc+YZ+R9zQ9EmscqItrgZn0etfxuiUhVM7Ks9yfkOR+oGP7fT99119bVdBNS FTYU6di3opOvHfK5R9YdvFOFZywJMxvNcGSZtSw5KoyU6j+PW296MJ4h/WWWJRZ0 1Qt8lPbCWIfeIuECggEBAOX+o9ythVuI4Mg1smiyzzVJzq8ZkRP6JZ2+s3naUehX cnkNwluX2Z+v1Z7jci86RBoi5Ed9lkzH+AAM2Gqik1xjK8xn3BNmiQbndeshVoyX qYkL+KpYfDgLMzAmvF5XOx9Q0WEl3ITdFIUFHAYZXurd3C0xwIJ2MpO0otmTcWTi T/jlEv/BIlfahhSO0Qm+PaqscnwgxWNvkNCSYJ0zVUDYR7REXqsKra4kDH5BdO4e n9t4QRaSP5uQ4GKkid4d9uwSvzF4uEfOLpT3u+WfTGQzLRBRHFf8FyldHJHiWMNt vuhhpLzkmkn/Xo6Fdj8HSRSPTy5cli+zsGCcbLzcQcUCggEBANi/ta0bqjt8VRUu gb9kjWtaXDzXJAjeXr3xOT5FQOk6zF7dR3hq0j9Ti3b2EQGos0awLpvDLkkQlEpR kTUGFkxEmg6kKvz6vwGlFM3uDCyZsTvQ8zFqNY+zFj0bY8dp2Mc+yo+1JavwgcnV jl1km8yO6rM+u1OOVuokC5pzlwSIXS0wml/VHQd+I/WoUawFdArgUc7uOhTgAEHN qi4dkv55MgFUMRL6KM/8fnX/U7NFeSCxKDOuU4zOXU13eI81I+eO+1L7lzoMQ/d7 755YtAZK1JbxsPG3L8tLiVzhkmqxjmlR/AvADKRSh1Egt3SZ8nvyqD2E3nPARCPh S1O6+4ECggEAD14bXtRtU7dqpZYI7Lv94majG8oOipItT0P9xAeVb3vgVzxXHz2f Oe9Ky8oQyB0RjdmE/U3j7A90f7RcBYwFYqfxtj++UcGJKF/w3hwlJ1G+7zxQijlN W4VMD0yXS4pyld4Vj3MzL+GBzH2R6MprMDBQ1Og9H7p8GKh6NSWH7yC8DTppMZOb Etm0Gc2NJCSFBFFveOHLrqA2wej18asLaEDLUb07whv9jOQ1vX3sLTj4n3aCitqM y307sPujhqbj59Q82DZjwdCCBkwjTu188jkFKtDwnuRmO8pP7WN9YNmFZwuXMVPp B0a777P1ObLn7CrDNKrVEizkfSAWl+vzrQKCAQEAyJ146MIKlDh/ewJuhzNXN//q LLBc3OA+fAqFxhPsgq/jWUKWEDDqx9uzGTQibwAbQYqjestaHQb4JgGZsqbTtiqp 0Mix0VxBG3G+QW/0Nrb9s8yeKE+otvswAtQx4gvL5h15lMbDoRIDd0/XPOxkSoge 2FjYmoHmm6hhkQKYRjBC1Fg3aKvZc+YAneTDgqv1KQhK4LKo3DWyALzxY83BDAzU 7W4G3FBLyEY7p1ZYa+NYLsDafkF5Fd7Ydm7+sGdcXSYBAj5x696WVKbtZHrRCVzw XutuLbRT2BpHVnUVO037VHt3LLNzyol0TuhdfWB+RH58tK+9XAGWqgbk6nVPTg== -----END RSA PRIVATE KEY----- nufw-2.4.3/conf/certs/nuauth-cert.pem0000644000175000017500000000464011431206275014434 00000000000000-----BEGIN CERTIFICATE----- MIIG7TCCBNWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCRlIx DDAKBgNVBAgTA0lERjEOMAwGA1UEBxMFUGFyaXMxDTALBgNVBAoTBE51RlcxEjAQ BgNVBAsTCUNvcmUgVGVhbTENMAsGA1UEAxMETnVGVzEmMCQGCSqGSIb3DQEJARYX bnVmdy1jb3JlLXRlYW1AbnVmdy5vcmcwHhcNMDYwMTI3MTMxOTM2WhcNMTYwMTI0 MTMxOTM2WjB/MQswCQYDVQQGEwJGUjEMMAoGA1UECBMDSURGMQ4wDAYDVQQHEwVQ YXJpczENMAsGA1UEChMETnVGVzESMBAGA1UECxMJQ29yZSBUZWFtMQ8wDQYDVQQD EwZudWF1dGgxHjAcBgkqhkiG9w0BCQEWD251YXV0aEBudWZ3Lm9yZzCCAiIwDQYJ KoZIhvcNAQEBBQADggIPADCCAgoCggIBAM9FTltpyZwCCfNB/UV2bCyzfkvEybhG 1fNe8ygBLXNVnn76wzbr8RbBKsuBlMPrCp3bZ0KmsksMWKALieLX5rqniOn5cN+8 TWsYwKLZKZ2i+MSEsm9T7uQG+xonR14BdCI/6TMe0lCMIb7bmyN99yugFW9rxz9G IwjXS/y3Tz8FFyDYvbK3J3mI/90fVRC0JYHeAY8MPwi6sGhdqmyJUFnQoVxHB0cU G3cEhP9dZ7zUijJFY7y0wXGqueMNRvO9esX65+TfpOWNPReXm9ydxSX+ES118Euw 6FP2Fzoj9uHt++OWq1S3wtoXO/M9rVjrdQMp5yttjfCAClxT2f39M3KJ/a8NvaeD o2BGLlrmC5Z720s9Hx6RrJEDjd17U4nZXPSD1tHIArmE86jZOQAH6K9CeQuJJToY bXUrMtfQ5VnOqx7KwN9pRyeaqu5glB6+cbO8wiFh7ljQSj/pJOtJJTEleNvnsaBu ZKnKLQN+gv3UbVcTQ1G3ehxChwhqHHUjZbacUvsr9Fq67lGRtG5wWph56nXiFmO+ Rr9EHFRHw94wlp8/Acf7j1ZKjBmvVtTSMwJxsaEYYNQ8Q0HFs1Ly4dpak8VNHEXP k1YGNqKWwbzeLXi5EOg+vj1LRT0wl79gKsHivNzsjxB0xh907F8GIDToWKfqZgUB OMRvwA8qJ/glAgMBAAGjggFrMIIBZzAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQE AwIGQDArBglghkgBhvhCAQ0EHhYcVGlueUNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0 ZTAdBgNVHQ4EFgQUzcFVXLkIwl4DBdVtent1H37ItV8wgboGA1UdIwSBsjCBr4AU Rrdmpg2BmsrF/5d3Fri8rc1mKPWhgYukgYgwgYUxCzAJBgNVBAYTAkZSMQwwCgYD VQQIEwNJREYxDjAMBgNVBAcTBVBhcmlzMQ0wCwYDVQQKEwROdUZXMRIwEAYDVQQL EwlDb3JlIFRlYW0xDTALBgNVBAMTBE51RlcxJjAkBgkqhkiG9w0BCQEWF251Znct Y29yZS10ZWFtQG51Zncub3JnggkAxNSNk3ecruYwIgYDVR0SBBswGYEXbnVmdy1j b3JlLXRlYW1AbnVmdy5vcmcwGgYDVR0RBBMwEYEPbnVhdXRoQG51Zncub3JnMA0G CSqGSIb3DQEBBQUAA4ICAQBNxPdIon8J3AuvHVqe3w4qi6jjAHhxr3vihEwavUl3 BbS3/JDbxUrPyQ7sPCJo9akK1SNSkBPgrlGuhe6wQudYgX9B+n1fb0EWGyGWpTQB gFqQ26qEjY6pfAsNIYdWAMKHuYQ5YPT4ViY9PCG6InimrZBv8PzbzNHC3Vko+5uq zS20xf9Mpz0kmt25Mbt+RKrgVkdUeKxizpbTTuVbMJrFM3IHhK/yW4CDVwhjpCVK oH8xwqXR/rLBuxuk3QGNCxZxCCabzW29N3AWVuijNN9STk3gg3PElO4NkXV4WlZB da2uC8uLCB9n/rPZMOC+ir86tku4mai/5+r6yNW1C1k/WDMw5AHf2mJd1hMjIhZz vvoNRDQA2VJ1yCGgvkcajIozCYrXGssMCDMqWQO0TqcPCuAuEotiYw+CcpOUrJ1Y X/x1hFxHNOeSoE7ocEzMPgeP958LeJPdtuMKjBVuQvKPT3D2v/6e/c/Ua+DxGX2x 05wkd4LrAN/jSDEqkq5C87u+qUQ+BtQU0+s5NpPL96SYOX/ZpWzzP7q5Y46mmJrX zm8unLWhi0GkFPLidlVj5r/DtD7bHA9tLy4D/0gpr+49/u8z7MvSa3X2FfQb2wIt wzA8dyUSDothW0FuZvhzqFThFPqj5968BjqSBCN42bIq7sxgwVBYdhOVo1xTs/s7 gA== -----END CERTIFICATE----- nufw-2.4.3/conf/certs/nufw-key.pem0000644000175000017500000000625311431206275013744 00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKQIBAAKCAgEAzFUXDUHrmTZ3fRonvCgjCDth5XrpJCWRgSZguBRRx1OjsN6i FLncX3Xo11ZznqMla0Wt7GzGkH6ri/BPA6DtMNGpK4anyKpzX8P6IqfEaMCQZRTU AUc96HOEwuZiJfnRAYgt8ThY7OhumZEuAID/hR1wJ1NE0GQx+XKvXIVMHVfZModX VIDXu+MvIXjgA8YY2M4iMwAe/5VCkBpeYebYn9j8+h3jFVCCbwCcBemCu93l7S20 c3L481wPrkH7pseP2VvkKvMrKgS1VxvVAeh8jynOc4Pz8hc67wV9PIwn3iSpsNmW EvYd9nF6AQcWK6bJ8nfEtWQhS6IqywZ7O6q3uswpf85SCvFqEhjnzFAW5AS+u+1k ce70aFl1/KF7zqqBW+dhsF/otEcHH9/sVRocMElp+5J77LJKZe5FN89nhkGX2lSz NXt6SO7cgbjdlg1GN0VrSl6GSxsQP1b5h/ZNsbWCbauYXz7XFFNhKCHNjys4naYF qgR66gizozx35tfA19819lvy9M8bD1xpwq9IJWUnGZvM5LZ8M8ttDgZihYOWmjQX eNts5nvFB1SRnlpLVH9DmOPHbvFcAcQudYlNX7BwhGDCbk9tsVA+uCJk9VbN6Zys /13l4Lad43te4VRjvcBLFMVsEXrVtJAbsnrLTM/D15Afrddg+xYxnvjcc2ECAwEA AQKCAgEAmvMD0hflM4BsSEAnVbYSKtHtQPpeBf0/Q/L4cV9nTIKOpTePLaxsAzAE 7BcxAmGxpJFofNtYEIceS7ZmFNhaRiUX5lvsrG0lpL+W1eTnOpCcbyrGQlnmBnpj ePEACNBSwJimTkBunuj7xhSkD9nC6w0R2aB5lJYGl6VyefTTbYUKvhiIDxrNfjuf qABj0DjO6soWgRpcZ3Cm02RLom5OY5lG7dzwMV+mKcsKhik37IMvMxbvuoS7aMCt W3XKAgVffnMCqddRKkH7yhzfAN1uZ5pKZqrvuOwI0u0UtW+LZBflXqkB90sQGayf 2lunYl7O0cIlN3DBFvvY+7DkjrC9Ndwml5WBqSEdoqwlbb0Ky80zs+wMD9nVUYSD hSatiic8NjIBH69KG/WCz8467wiWX2Q+DFaOndPMfFkvsjHoEV7vfIIIWbB8b+Gi 0+cTGvDuTWaoRXe3BC/+97RznmCvPItEd5cmmwXxgSDvmdMuxGN555cG9E8qSMXs 9zfO5rKh1bB4HwK0ocZ9+TXTbYcvQR/r4xcnnmG5b3ixYB5+dZDaUmmSph1gfG7t GDDkM5ivpthVfeaJNRKLWQws36H5yG/H+qbny4s/outzxGH4G1AbMDHFTQgP+wYe eAp3xpeTByAnnf6Rb1M6XL2CFlvN0KCugGaZWKZMY47zydx14IkCggEBAPlFVfJQ vGoaxxPdlAHeCDK2y93fI6thQ0FZK/rYudGXUNIFjKXtLPuYp9YgxuFdtl6ap/E1 0iC8h2/BK+k1X34jPCyhSpB43kjKS9bGfSK9t1l+kaTAI7jVc8Vr8NMdW02WReI3 kCgCrbVxaMYLZZlZFBSqGrIiW5iQfY94qfduVfTrHri4n6zq2u7wXaK75ygw7ioG BYIx5Ov3OhYgMp1hSTmiTmOhSCrfP1HtmfqZpPakiBQt5WzxITFXdAZfXFElPhlW mwSRWKUp4a8v5z1wsbzy5+kMFgtzG1HJrfJpkIsnfsq68SmahXhL0aeMzjovrX8B LcumNQn9YlUoGAcCggEBANHZMWkRKz1La6Xgs9uTgOyFRNF9uUtY0SmuzJ8qE9gR TDaGuwXZZAraa0yh1dheqmgZHlf/3xy+9V3otnRgJO9RaFxcExJeo7kAwsmGR2Op DZJ+Jav6E9sUQZAdQCodKKQPyVEzof5WrWFyybKk9TEqKUSiWZBkpsqaPClaxT0p x/gBbm1RcsHIB7zUNlChlnXYZByS46Xc6bRSC0hhnyZJ52l4D/sVdzt98yANMKNN GN++22y2mg25L8JK1bZZ5V01+kO9seB+lb6cYoqCI9iSI6VOO8ZrJoXS/ElwMI2O wG466MmgFj+lmyn9vpIiFslsjpcfGgENFtINJWLVL1cCggEASgM3ULp+JzcKMzDQ WHmXj49NGvS9P46ijI2wjEu7aKr4GVQCfeXdPFsIQoD67EGJ+68J/InReVzhDeKa aiUp1Gcb39iILjtlLNG8EOpgj2crQIxfLD7MnH3sYQr6t4R47qGW4GNFD0w0TbJ9 vIf3w796QeR8BrZC4hrM3UOjm88MAKurNIfFCW+2T8nY04/dQ8a7gIjHK/Aqm5GN krI+tRIEzvMNOXHS3r/oqifVV141Z/JUYUF7ZIx4IZFo5td7rrBTLuzTHFkXq/qy gvTDQS/r5kFtcHnhNccYroEmf9quS1MPx5wYLRUvWheRCaG6PfaYGiS8d0JDb1Ln 1ocQEwKCAQEAjUZUbnChlJVm9nitfWDzhcg+yW6DxYcY4aANoAX68BbNIVRZKpnt MSVU4XV+ezlYLdbjR8k6Eqc4ly1pUDW+B+Pdh3hxWoeeX5l0iam9/Ak+2uXURNCK d45OiVA392JEDxeVp/ZD0+/Ur+tQgNVvQNcqi0tlUsGATJvDbu/uI7wyJPQJvMz9 nholo2mW23e9zL6Ov3HgkrSEHeKyN9uJAoT0p1uuHpKX/9ROTsCygu4Plepu3OSe GCkZTwuEj0w8DyGcx+g4jXOLKpUr/iWZLl9MYiimM3HFsIiXUnWWKmb1hABi4gLF l7nNGVr75nPOtXJBGNpWbmi6eVViWwQ85wKCAQB7HtwT6Apwu3x/W5QKnjAhbF1r HpLeCvWQmRXe6tc391+RNB0aiKnNySGQXbH6NBRbsNcPRJz5qVdd4hr31VLGRVut 12RRD9yxNip991qoz1iJeUbrH9wxuNVGPGF3wQsuFR75qcms9nJ9qipzwWJAzlTY 29H6lqlTWgqAn+R1UEb4VgMW6uVwBxzNclnYux1KNFYA5gonG7sJtxtM28wgUYO5 azr+feSPGhPED6DAo/Npjxlv8E7Kl0XV0z4J0dIIACY1srfZht9GRNb0srWtfaxy djISwylQN/zeFmzWkAQ1hdmxluDl507r9CRa1Z5SKK57pUV6gJJGziOcYupD -----END RSA PRIVATE KEY----- nufw-2.4.3/conf/certs/admin@nufw.org-cert.pem0000644000175000017500000000364011431206275016005 00000000000000-----BEGIN CERTIFICATE----- MIIFczCCA1ugAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCRlIx DDAKBgNVBAgTA0lERjEOMAwGA1UEBxMFUGFyaXMxDTALBgNVBAoTBE51RlcxEjAQ BgNVBAsTCUNvcmUgVGVhbTENMAsGA1UEAxMETnVGVzEmMCQGCSqGSIb3DQEJARYX bnVmdy1jb3JlLXRlYW1AbnVmdy5vcmcwHhcNMDYwMTI3MTQwNjUzWhcNMDcwMTI3 MTQwNjUzWjB9MQswCQYDVQQGEwJGUjEMMAoGA1UECBMDSURGMQ4wDAYDVQQHEwVQ YXJpczENMAsGA1UEChMETnVGVzESMBAGA1UECxMJQ29yZSBUZWFtMQ4wDAYDVQQD EwVhZG1pbjEdMBsGCSqGSIb3DQEJARYOYWRtaW5AbnVmdy5vcmcwgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBAMKCMBRhCBQMkPpJep9DHgzrCRCpScCQVxMW9P1u RVqSNCVp9H4LbZRK7wOLuZ8sj7Y4PPN6S7TQfVUCU5exAPENXUfLdfDUmO8REtIy q7B85YAPsv+Rt8rRAuF5O9itjsPFGhawU8qsUE++CjVD9947P8DnT3Eyos+1dSg/ c0JxAgMBAAGjggF3MIIBczAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIEsDAr BglghkgBhvhCAQ0EHhYcVGlueUNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV HQ4EFgQUkD5wVKsU6BSEvoNsrALT7uKXLzswgboGA1UdIwSBsjCBr4AURrdmpg2B msrF/5d3Fri8rc1mKPWhgYukgYgwgYUxCzAJBgNVBAYTAkZSMQwwCgYDVQQIEwNJ REYxDjAMBgNVBAcTBVBhcmlzMQ0wCwYDVQQKEwROdUZXMRIwEAYDVQQLEwlDb3Jl IFRlYW0xDTALBgNVBAMTBE51RlcxJjAkBgkqhkiG9w0BCQEWF251ZnctY29yZS10 ZWFtQG51Zncub3JnggkAxNSNk3ecruYwIgYDVR0SBBswGYEXbnVmdy1jb3JlLXRl YW1AbnVmdy5vcmcwGQYDVR0RBBIwEIEOYWRtaW5AbnVmdy5vcmcwCwYDVR0PBAQD AgWgMA0GCSqGSIb3DQEBBQUAA4ICAQCuMcb4khip6J6oa/gT9Xc9b3jecBAU+sT/ CB4eS4XzAK9/7u5vsWOSHqWvENGBUOu2awGcPzgvMoxkAbHsmKdKqDwZOSmjkVyC NhPa2qBR9V5rdU487mCfYRKemMXjMixPOhcSUE738wuQy3DOPONo5e778iYjQJbB k3Uq2HhsUdGkKn8Iv822AgTYB/+zci33Fz80Nq62knFSGoPWRqVxJpvhsJpzqeVI 6MiAwiQ0Eow81KgUjIUTy8yashDSA8x0PtfOz6f7PyQboOw6RgnrUxC+iEBSnOsY QlYbA3l6LedFiZRQ+XDUIKaGkIfwCqzcZ8kvsv1JWAMOmhgKWI6QjPDYq+eer7GB trDZuclwbrDLLgfGEYz1QPPv7U0vK7v371b8igSOOZ+SpQwbXk1g3vjWwlV231HT Zlnx5HcGlBHJqDC1vLjkfVDsueZsVmG8bb2kxjfVsMV0JpVcZbTYsVCUUGwgg1i+ sGUqgM63QY12xg9A1n4WKvo7g69WTUX2UYzZHmMa3CT+33lI85Kc1gWSJp6jRcFA MM0Y9SFPcaz7iILPjIjvJmAB5NZS4tXMCPZhmzBJQ6de00lGKyP+G4Gudm3aVlK3 fkKb24hvWzBn4R7vwML6pliJUSSlTgIK51kRwsSYOEJ2PJMpJp3Z3UinOiYExnmg fV3SBsFUjQ== -----END CERTIFICATE----- nufw-2.4.3/conf/certs/user@nufw.org-cert.pem0000644000175000017500000000465011431206275015675 00000000000000-----BEGIN CERTIFICATE----- MIIG9DCCBNygAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCRlIx DDAKBgNVBAgTA0lERjEOMAwGA1UEBxMFUGFyaXMxDTALBgNVBAoTBE51RlcxEjAQ BgNVBAsTCUNvcmUgVGVhbTENMAsGA1UEAxMETnVGVzEmMCQGCSqGSIb3DQEJARYX bnVmdy1jb3JlLXRlYW1AbnVmdy5vcmcwHhcNMDYwMTI3MTMyMTIxWhcNMTYwMTI0 MTMyMTIxWjB7MQswCQYDVQQGEwJGUjEMMAoGA1UECBMDSURGMQ4wDAYDVQQHEwVQ YXJpczENMAsGA1UEChMETnVGVzESMBAGA1UECxMJQ29yZSBUZWFtMQ0wCwYDVQQD EwR1c2VyMRwwGgYJKoZIhvcNAQkBFg11c2VyQG51Zncub3JnMIICIjANBgkqhkiG 9w0BAQEFAAOCAg8AMIICCgKCAgEAm/KA+6/l81BKRozqr5n+HxFYbWUO8siZLJf1 PnFt3+viWsyY/368NNHKVNJikdCsKETYgBM3JpebtnB/zZC6We/HSPtatL/OtAOb mrTb45JkOEwqIyTWnp98R14N8Tm395cuFiOk2BCbZeDSCVP/nkXIGedzxUuASeTe oQyVJAq1KMn7JG5lUyfR4n5E1XLKTBuzEYN3weWovgyLbA/yfv6cMcMKkR/dgFj2 6HeXv0Z5IkQNfELWNfON6IlrvPPscfSAn9NyxTFktUsjIo3zUKoxKxxZ6hQAt0UN x3KAO+tWEo/Yd5pduKbhhe69U7IAXhmwD2knHRtA9LS5kdd7dXcirOhparKdy4QA nObn1ytBvJskPxQqhxsQ/in+V+xqhV+gyBfp1GPLROr7qIkJPG3EkjohknDbmwIc i0su4cj4JsjN+w9PstLoEOmM1uHzLAwYAjxKauEcD/lTLK6bTv6sj+FJrm4QQDQs 3MvP4NAtsXPZg1vyQ95/aBbqbnDIKg6IOQ0I8nA0fv2as1PLbhgFTm3slS4xXvzg EK566/vqREAeX/9suhAegCy6KtBtlaC8Ix2QMRmGjvgDBWtRX85Nmby0cN63GqPE 93mQiL4xhjYM28iebt3BYwGhAnnyrj6sef0GHvM5K4ZOl3sFOk5llZWFb/pj4nRd VhTlw3sCAwEAAaOCAXYwggFyMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgSw MCsGCWCGSAGG+EIBDQQeFhxUaW55Q0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0G A1UdDgQWBBSPuiz2pEFFmVvmgAycYhXq5rNZjDCBugYDVR0jBIGyMIGvgBRGt2am DYGaysX/l3cWuLytzWYo9aGBi6SBiDCBhTELMAkGA1UEBhMCRlIxDDAKBgNVBAgT A0lERjEOMAwGA1UEBxMFUGFyaXMxDTALBgNVBAoTBE51RlcxEjAQBgNVBAsTCUNv cmUgVGVhbTENMAsGA1UEAxMETnVGVzEmMCQGCSqGSIb3DQEJARYXbnVmdy1jb3Jl LXRlYW1AbnVmdy5vcmeCCQDE1I2Td5yu5jAiBgNVHRIEGzAZgRdudWZ3LWNvcmUt dGVhbUBudWZ3Lm9yZzAYBgNVHREEETAPgQ11c2VyQG51Zncub3JnMAsGA1UdDwQE AwIFoDANBgkqhkiG9w0BAQUFAAOCAgEAMGQTZQuV9UvlH1NmrUSnCmdiQ7zlV2fg pMxB/Tcy7VTaYejw6UoCMPkkreLeijJBxamBHuBpEBa437MlUzg1wKgW7LudEmdA sZ6Jr3Wcvo4lFCITwj9q8fMhELNfik6Yih0H8Aix1Mtg2wpHcPXlXkQf/Rx29aPZ 4Dil9Z8EBETJeobuwXVVvnLyeSFKhCvMy5IGpyz48Lg9AlTT4e18+Ww0xf3gX6MM OqGzTTfMY3h5kEPwrET+TUANzpbE2oTdHyT+uvV2pVxh0HOLIWPTFYj2JiMz0tFf WPY4XXrJgPfbIG0247fA0fdqGRftgzsREBDtKa1xYFEDbXBYgUdQ8gnwzLQKmq82 Xq4zEVSTPjoCroICfYQi9S9XEKK7pnDZKHQ1gjzTBTrIe4yil55EqDVqQ/2SeBGQ mmofxWtIi7eUg3eo971CHxfdDANTTKIRcHYqtc/Tkbh4HsT9cgtxEAgdwHG+nrPP v5nTatkw9KJzRMLqY7u9l7Jlx7bxcXKJfm0LguThl75sLwO5E+vtHIw7Ijy4XIkt wQqJy36wz124KnGpVMMERNciolbq1KNg1WSvNYetZeaDdJ2/s64p24j48oLxGr9e gBdD260ADb1J77xGKIkjOZz4f3LLvPhSW4siucYcsUKObeWHFY+lfnh5/qqRXEzl YqafCfFkLJs= -----END CERTIFICATE----- nufw-2.4.3/conf/certs/admin@nufw.org-key.pem0000644000175000017500000000156711431206275015646 00000000000000-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDCgjAUYQgUDJD6SXqfQx4M6wkQqUnAkFcTFvT9bkVakjQlafR+ C22USu8Di7mfLI+2ODzzeku00H1VAlOXsQDxDV1Hy3Xw1JjvERLSMquwfOWAD7L/ kbfK0QLheTvYrY7DxRoWsFPKrFBPvgo1Q/feOz/A509xMqLPtXUoP3NCcQIDAQAB AoGBAITyrWBQjk/94t5geQMAwjp8MB8GRxXq0smGiH/s7lSg2Cm2iVnZ/9U7frFC wOZuc/BN8kNNlQ+K7g+73l0xq/zl/GHZltNgZMj5r4zUP5ipqAivEoB3uunt5U7Y gFqh0aPRweHFIB6PU6dhGa1FqzwhNEI5s5PodOAANmkQqrXRAkEA6vOx/iFGPyMI mnXAvo7QXLumClQqQ5/RCZ/je2OlXfyDVhpwzGSVOLxI89mTNQD9454MX97APwst N0sDK46lLQJBANPu+mbr0JkmxmfX2sqd/kawhCLxsTbHwdwCr4y0fin1t17MbBEV O2MA9GOfuSrpxHfWuFdVRfNpIrCCwM2fpNUCQHXJPAdR+Rx33L1KoRknEZAbxq7Q 6OtD+JDhpjJajzGiANmuobPmDOUHh28wOVtOJvnwZvW8/xXb7YwVv/4bIfUCQFQU KyNJyqf3yh7Ic/SOWaKRxNpYKIYjGbW/GwYnVSYwZV8mmnjsg3LzngEoDL4Jn/gr J1b+bZHz099TAEqTW0ECQQC+9EhQRkQdp4D2vitIJo41sCVtYUDrVF61jomUdfmd 2DeAaMBxqX8ROpWFPG+xKlAkPBmByLBYro126qs3Ouke -----END RSA PRIVATE KEY----- nufw-2.4.3/conf/certs/NuFW-cacert.pem0000644000175000017500000000466411431206275014261 00000000000000-----BEGIN CERTIFICATE----- MIIG/jCCBOagAwIBAgIJAMTUjZN3nK7mMA0GCSqGSIb3DQEBBQUAMIGFMQswCQYD VQQGEwJGUjEMMAoGA1UECBMDSURGMQ4wDAYDVQQHEwVQYXJpczENMAsGA1UEChME TnVGVzESMBAGA1UECxMJQ29yZSBUZWFtMQ0wCwYDVQQDEwROdUZXMSYwJAYJKoZI hvcNAQkBFhdudWZ3LWNvcmUtdGVhbUBudWZ3Lm9yZzAeFw0wNjAxMjcxMzE3MTZa Fw0xNjAxMjUxMzE3MTZaMIGFMQswCQYDVQQGEwJGUjEMMAoGA1UECBMDSURGMQ4w DAYDVQQHEwVQYXJpczENMAsGA1UEChMETnVGVzESMBAGA1UECxMJQ29yZSBUZWFt MQ0wCwYDVQQDEwROdUZXMSYwJAYJKoZIhvcNAQkBFhdudWZ3LWNvcmUtdGVhbUBu dWZ3Lm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOKjsV+hXsxX EzG+39/uzL9Dh/eZyhB7vwuff97n7R522S2mB+ovegxKb0XYgHGADpyZiVWW2TAd olPyi1OvFTIcda2KS0Qq2GZQ3sKYR0pY7mrqWN9zuAodh6iO+1BgbjP5sEIZ34Fw yweQId8/4PAq4IWvjvGzTtuo39ihzrQIdGrISeUA+nRipdTNB7CCtASWczil9AD8 MdVOP9oRtt904wkiTMSZkoTLxuCBfNlNM6TP7LSrPdJv5fjgJgP3tMePwBuEjlRb nGSj0rXPRvPfM2JXajywt+Iy49ItxAZE9yMYEVfhSAn7Xr88MR9OGWpRTq3dVSTh MFQCCZLf7jfmGjHcSv5aJp6/oBVvkJsWdMQZRPwsgP39ZH6wNVZHWr7I22wx4hxb CNgPvf75BNyw2sk2B6rfszy7rh5Vx30Gt2TcwXyYVRYU549XJQeWZr4DlfEEmIv3 Vnf3xJ/tpH+sxFypkqeKpDjADFTVNm1Myn8EetCEJrEfYcuhx2Lp9tzE6zKYU9jm 7zkNdbCldgvKQ7USrU3HDpqoqik2soriMtKeCMktqR8ZF7rXssoFJocFK9zqlUTZ nucUpYLHnc+rZjZPwvWHA41Q6oSzVLQdb+Wcoy2kd1uT4YMEb/neJqJyG9lOBmH+ kVwYNvgB3qkFZVLWcLSLstM5oPnyz6BXAgMBAAGjggFtMIIBaTAdBgNVHQ4EFgQU Rrdmpg2BmsrF/5d3Fri8rc1mKPUwgboGA1UdIwSBsjCBr4AURrdmpg2BmsrF/5d3 Fri8rc1mKPWhgYukgYgwgYUxCzAJBgNVBAYTAkZSMQwwCgYDVQQIEwNJREYxDjAM BgNVBAcTBVBhcmlzMQ0wCwYDVQQKEwROdUZXMRIwEAYDVQQLEwlDb3JlIFRlYW0x DTALBgNVBAMTBE51RlcxJjAkBgkqhkiG9w0BCQEWF251ZnctY29yZS10ZWFtQG51 Zncub3JnggkAxNSNk3ecruYwDwYDVR0TAQH/BAUwAwEB/zARBglghkgBhvhCAQEE BAMCAQYwCQYDVR0SBAIwADArBglghkgBhvhCAQ0EHhYcVGlueUNBIEdlbmVyYXRl ZCBDZXJ0aWZpY2F0ZTAiBgNVHREEGzAZgRdudWZ3LWNvcmUtdGVhbUBudWZ3Lm9y ZzALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggIBALMgzzqmfxVxigPja4LG LO8rNQWY6RiLdEMB7pF9PQIPK5E5c4rLB1ZpZ/4e9vw2MPfwfsVyaqETfRt+WwV/ O77ltZTuWzD26TtptOCqxzLj5XPXreUw2uIidEgzQ54bHzNbfvXJmp4x+wkyCckh nywgqtwSR3zIEahAam+IyGD4hbyoJmwZ7S71KvpOp5T6hiJQ351kQKy0a7Qh8a3z p0TmpBPRZpgpLRO7dPmCC4qjfaHYPZd1o2HUBgOLgeXKwAWS1E8YE9nvPQJT2igv rie1uR2XRcHC0IDJTfsBNyikmpAZP0gHeketw7/m9wurYS56WAQ+Ynm6Zw+MKqwP bJvGWksBsxZ/9d0bYnzKBWPCvWguQ3JTmh0NQphyTxI9q5uT9PSEEuDDX/pxUlY3 kSSMmvJSn7/xmfLbEMYjByuygGzlGS4rFWbls+WTWqG+6VsgjDabGik15HHszCBm +PIw25KG2aT5oHrwmSvaAxP4zgambxQi8da+MIucSo2bnNDsO1WpV4Zxmpgv0JgW xQ5d2qM0RYJbSN9kufaYR4Iek8CU3lqpbWSHsUtzvLqMkgLYNSaOu5CgBuKkP4Sx s0Yh87Q0qykENo6/mSOB/guIsxz7gM8u07MXu587R8PnmOeNx7kUoMqcri7aBXl+ A2aWUDviqoHLSpeOMYcTfwA3 -----END CERTIFICATE----- nufw-2.4.3/conf/certs/user@nufw.org-key.pem0000644000175000017500000000625311431206275015531 00000000000000-----BEGIN RSA PRIVATE KEY----- MIIJKQIBAAKCAgEAm/KA+6/l81BKRozqr5n+HxFYbWUO8siZLJf1PnFt3+viWsyY /368NNHKVNJikdCsKETYgBM3JpebtnB/zZC6We/HSPtatL/OtAObmrTb45JkOEwq IyTWnp98R14N8Tm395cuFiOk2BCbZeDSCVP/nkXIGedzxUuASeTeoQyVJAq1KMn7 JG5lUyfR4n5E1XLKTBuzEYN3weWovgyLbA/yfv6cMcMKkR/dgFj26HeXv0Z5IkQN fELWNfON6IlrvPPscfSAn9NyxTFktUsjIo3zUKoxKxxZ6hQAt0UNx3KAO+tWEo/Y d5pduKbhhe69U7IAXhmwD2knHRtA9LS5kdd7dXcirOhparKdy4QAnObn1ytBvJsk PxQqhxsQ/in+V+xqhV+gyBfp1GPLROr7qIkJPG3EkjohknDbmwIci0su4cj4JsjN +w9PstLoEOmM1uHzLAwYAjxKauEcD/lTLK6bTv6sj+FJrm4QQDQs3MvP4NAtsXPZ g1vyQ95/aBbqbnDIKg6IOQ0I8nA0fv2as1PLbhgFTm3slS4xXvzgEK566/vqREAe X/9suhAegCy6KtBtlaC8Ix2QMRmGjvgDBWtRX85Nmby0cN63GqPE93mQiL4xhjYM 28iebt3BYwGhAnnyrj6sef0GHvM5K4ZOl3sFOk5llZWFb/pj4nRdVhTlw3sCAwEA AQKCAgBbPZ9JorifizJp5LjK1QZhlvxtxNriIYu9E4thZWwrvw9IoLxDgBsNrFD9 H7qcJcMULHOfO57g7YMlUtzzoOHnDOtEQAvqBO8jU5kPAxJEK7qHVcixlzQayqUj /Fub73E7YzCLs38XC2BgUxGQc5zzNVDGFy0dGfeNRGMdRwdbdwhXPRW7Uvvlkz6x jb8oQ2ko7mvuq0S+JWh9CUnph8sRklZApyTflA08stCDYrVeLBVjfv2E3nYGSuGU VBK9EtocMjmvST+1MBkEGVoNNZBOecUavBO/aMSidbyCHPP6Gs7ZPWAhWifLiZgZ jH0pItQkOlNQMO25keCHS9XnBnQsdBcoiSkctvkB81pOSZzel7PMw1SQKXpeFoyZ ++OABK/VIwECww6hwSppLCq87MfBNsPBaMCZD3AyzBSvjKSWVr8PusiOdys9UvZP YVAc9GdIuP16taszSOt9bz+fqRZipAWcD6jwavJxZFgGArT4UWzSYnpY97V5HmQh lwV9pMWO4gJ+WJdL/1ybCx3eAQQKaBiIMnq1Oqo8ewBpn5x29KXVvRuihE52lGA3 JliZ5DPOXBQ4Y3JhUIzWSPFUtE0DXsuNnXNi+GKSkzS0EGYJLbXdBoGumI5m+Sz3 jn3qEWuiYMRww3PEVDBP4FIFpDDaGuQ0fJKS6RZ20jfAAlthAQKCAQEAy4fwdumO X2rPYBC4tgVcPKFvZNZI8NpTj/0+3Sf/jAj+EoWaB63McKFhM/v6MESa270wK7bH rVjmipOyW3C4AhEfXV+/X7s6vNKPtaFyFFbHzI2wUJCEbfdwfoO2hPN7iSyoH9N8 SXEBP2S+nqkYOJ8r5+IMB8U+39rSq/w3MyVkw/X9DJfv01hdRZwNrkiVZn568O83 gFP3IMUw8Uy9XNcFRwbawdtMmDbM7RT6avoU/7vTk7NFqNSMu5AhYLQwKJg0CGKn QO9R0dxVPgXsWDrIHbLHUQ1LmPivgkzaQ9DWbuAtiMN1ZN6w9r3xG+V5FjSWewPH ve9aGY7uzlVhUQKCAQEAxCZEzNJXfZ90+xo8SxapXo9k02DK1aLwL4Mo1mNTJBSo WAOxpDpKLl5uODpRvCKYSWjpKBg0yOWN4B4AL1P2Nn7w0HuT3p+1d7+17BW0/yXx 1utzSCQ8TrmLYPqgCElevUhbaMQD+EWKHSaxhQvlw+g6IoBWCjYzYhzrVdbYC/7T xMRU7JaUwTqZoPfo5hJW7hNLsmGslcesTEoPAfygReZdWCeZiYMlxYUGr8HQ3W2c MJtVan355STncEKfbIFcbxN6eYHNK3GBbIn+cJCVG/7lbhXkpilc5veyuf275d7X CNlfyis3XPhxJ/ztlKbzL/ozY0/vTVLwBXb0UhQFCwKCAQEAyfWnV+ejvezXwCR3 lS62evdZ+L5lfJG4T23k3kDdZBBcRPbLhAkijzSjppjHhvPckmUlkor5knpfsWyj k/bCsFJbRCVJWe4Id+ucbIe6EpKWCdUi+p6cuh3JQ9Dg4QZWNCTa41HQx3NZ4JTQ TdHO1gij4aG9fExuemTBnaVVBOx7E7RZGBEACkBptTQHo0Qk86JXzhIhibZHx/3D 9fzG/oPimbskgS5hz7y5Fhw17Mcg5S504OAIJGJdD5USecny66U0JIn4GwgesVao QzZPcrFJd6a5/yRpOm6ygWJPRvHIhhbvOAFz0Nbk1MJfqOXIhI9ELubuYftK9YeO UbIJMQKCAQEAoXzwP8EdDuvtH56l7RwnLRbZZ73UwLZ5EGTnhjoYBSiMwImqAw+K a0qLa/d3u3Cv+CBLdRsYuh1kBRQuCskReCRilwJm526NtJ09ZbUpYrcWuF74dnh+ vkG8Ioe0oZ3mRegAeeyHaCu4Xe+xT1xQOk5DLoyCSb3959TvW6iaDqYqK2GImZAP wFZCjWgNcv2+XBu+wonv0RCnJdgDKxuVyHa0exN/MNusiUXQD3t+Pg8z/ECmvhoh Vype8Omo32hRdZGPz+GxzQaSC45A0OP4HyhoM44KxVJgjjd4CfCAdexVFZABcSzL U9unLcjqwOwCY4mWLTluRzb1LUqWM80PqQKCAQAuOeBMsbH75DyYAbQrazYiea4J i7yJI73a6xtaTdXIorr93MeZxDXbH7vV3fG81tWDWQzvB984ba06VGAhA46688lJ AvaiqWadVo/U8WPMbvMt1EtJg14GuOGu3D35yUWJXAFZXOedVGncmQEwOCzGw1k+ M92mTdz6C0meHjAvtEIXhL0OR9b/OX8BnHEjAfsGUKJ2AIVVPMZwgDsUVeyXtEIX LanOjm1IP3P65pfwioZfMiSHLo8ohl4GUEkesDvXrqelLkAWhYYTvbb4Iiz0YIet gQdIe/PVLXJW4rsDLi/ag20AxiDmFYvJuvn0uMManY5p75e/FvcTPJ0qfupm -----END RSA PRIVATE KEY----- nufw-2.4.3/conf/certs/nufw-cert.pem0000644000175000017500000000462711431206275014114 00000000000000-----BEGIN CERTIFICATE----- MIIG5zCCBM+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCRlIx DDAKBgNVBAgTA0lERjEOMAwGA1UEBxMFUGFyaXMxDTALBgNVBAoTBE51RlcxEjAQ BgNVBAsTCUNvcmUgVGVhbTENMAsGA1UEAxMETnVGVzEmMCQGCSqGSIb3DQEJARYX bnVmdy1jb3JlLXRlYW1AbnVmdy5vcmcwHhcNMDYwMTI3MTMyMDEwWhcNMTYwMTI0 MTMyMDEwWjB7MQswCQYDVQQGEwJGUjEMMAoGA1UECBMDSURGMQ4wDAYDVQQHEwVQ YXJpczENMAsGA1UEChMETnVGVzESMBAGA1UECxMJQ29yZSBUZWFtMQ0wCwYDVQQD EwRudWZ3MRwwGgYJKoZIhvcNAQkBFg1udWZ3QG51Zncub3JnMIICIjANBgkqhkiG 9w0BAQEFAAOCAg8AMIICCgKCAgEAzFUXDUHrmTZ3fRonvCgjCDth5XrpJCWRgSZg uBRRx1OjsN6iFLncX3Xo11ZznqMla0Wt7GzGkH6ri/BPA6DtMNGpK4anyKpzX8P6 IqfEaMCQZRTUAUc96HOEwuZiJfnRAYgt8ThY7OhumZEuAID/hR1wJ1NE0GQx+XKv XIVMHVfZModXVIDXu+MvIXjgA8YY2M4iMwAe/5VCkBpeYebYn9j8+h3jFVCCbwCc BemCu93l7S20c3L481wPrkH7pseP2VvkKvMrKgS1VxvVAeh8jynOc4Pz8hc67wV9 PIwn3iSpsNmWEvYd9nF6AQcWK6bJ8nfEtWQhS6IqywZ7O6q3uswpf85SCvFqEhjn zFAW5AS+u+1kce70aFl1/KF7zqqBW+dhsF/otEcHH9/sVRocMElp+5J77LJKZe5F N89nhkGX2lSzNXt6SO7cgbjdlg1GN0VrSl6GSxsQP1b5h/ZNsbWCbauYXz7XFFNh KCHNjys4naYFqgR66gizozx35tfA19819lvy9M8bD1xpwq9IJWUnGZvM5LZ8M8tt DgZihYOWmjQXeNts5nvFB1SRnlpLVH9DmOPHbvFcAcQudYlNX7BwhGDCbk9tsVA+ uCJk9VbN6Zys/13l4Lad43te4VRjvcBLFMVsEXrVtJAbsnrLTM/D15Afrddg+xYx nvjcc2ECAwEAAaOCAWkwggFlMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZA MCsGCWCGSAGG+EIBDQQeFhxUaW55Q0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0G A1UdDgQWBBTvrA0aBTc9drdgwRulRue7Ke4UWzCBugYDVR0jBIGyMIGvgBRGt2am DYGaysX/l3cWuLytzWYo9aGBi6SBiDCBhTELMAkGA1UEBhMCRlIxDDAKBgNVBAgT A0lERjEOMAwGA1UEBxMFUGFyaXMxDTALBgNVBAoTBE51RlcxEjAQBgNVBAsTCUNv cmUgVGVhbTENMAsGA1UEAxMETnVGVzEmMCQGCSqGSIb3DQEJARYXbnVmdy1jb3Jl LXRlYW1AbnVmdy5vcmeCCQDE1I2Td5yu5jAiBgNVHRIEGzAZgRdudWZ3LWNvcmUt dGVhbUBudWZ3Lm9yZzAYBgNVHREEETAPgQ1udWZ3QG51Zncub3JnMA0GCSqGSIb3 DQEBBQUAA4ICAQAKqddeALQtsDW7zYB5iqMEQQDXokp85GjophqHvVG6ICICXgHa pgmiz47bwXe/BobD2Zo09XIf4tieJnY5IMiH8rUOqgtpR6kRCMEXdFk1sSUQEul2 ELjlM1mlMb6qW3ELFDR2rE1DvFWW9LXdnsfYucL3oc3GBRa6acw558xTrK26hnHR 3Vqlm9ZjUGHLrgFxkY01KsfwLGJ6N2gH11CIrSJbf1lzLvavgSCY+hHA5sPBG7R9 OIWhDSTE0A8qQo2ASZom8rbHFasb7v8HgceXKZAUC0vl3Odg0upfvpyuP1D466Ln UvaQMHdrjQNlwmjqDJSGc4TS7F9spVk376YyD5n5UMnwdTNxq6XuOGS+Zw5i6+IP I0AN9X+PCqmEcIsR2WNFodbzWM/vGfafTZvzNc2pTuV6ev+UbD0NFHhj8GH4ioXH WrA+RJcDXynMt8kolE5Cj8ZtKAV5Ch89vZDv0XSkH6Gr4+a/9kFDAKYkhhXrPvWw y8tfOUGKjIXLpaCodq6NKEHlYrbrIFcHWRLXjScnkfPzIzw+8K33UdyyPfKiFyMU bBBjTvrVGTnfEfnUkU7dBAdyBOax9xP1FcKe2hUqb+c0TDVXTMj4EXGEdtM4bN9d lT1NbJ1Rxah8xQJlCdOfeDBeYJRpTUp1Jp4bpyoPdbuWsxP5TejyxeXj6A== -----END CERTIFICATE----- nufw-2.4.3/conf/mark_group.conf0000644000175000017500000000002311431206275013356 000000000000001000,1002:1 1100:2 nufw-2.4.3/conf/Makefile.in0000644000175000017500000002371211431215376012422 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = conf DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CONFIG_FILES = acls.nufw mark_field.conf mark_group.conf nuaclgen.conf nuauth.conf nuclient.conf nutop.conf periods.xml users-plaintext.nufw \ nuauth.d/nuauth_ldap.conf nuauth.d/nuauth_mysql.conf nuauth.d/nuauth_pgsql.conf nuauth.d/nuauth_tls.conf nuauth.d/nuauth_tuning.conf \ nuauth.d/nuauth_mark.conf nuauth.d/nuauth_krb5.conf \ nuauth.d/nuauth_authtype.conf \ nufw.conf SQL_DUMP = nulog.ipv4.mysql.dump nulog.ipv6.mysql.dump nulog.pgsql.dump LDAP_FILES = acls.schema timeranges.schema AUTH_MYSQL_FILES = auth_mysql/auth_mysql.ipv4.mysql.dump auth_mysql/auth_mysql.ipv6.mysql.dump auth_mysql/check_net.mysql CERT_FILES = certs/admin@nufw.org-cert.pem certs/admin@nufw.org-key.pem certs/nuauth-cert.pem certs/nuauth-key.pem certs/NuFW-cacert.pem certs/nufw-cert.pem certs/nufw-key.pem certs/user@nufw.org-cert.pem certs/user@nufw.org-key.pem EXTRA_DIST = $(CONFIG_FILES) $(SQL_DUMP) $(LDAP_FILES) $(AUTH_MYSQL_FILES) $(CERT_FILES) all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu conf/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu conf/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ distclean distclean-generic distclean-libtool distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/conf/nuauth.conf0000644000175000017500000003111411431206275012521 00000000000000########################################## # Nuauth Configuration file ########################################## # Nuauth ############################################# # Addresses nuauth listen on for clients, long example: # "0.0.0.0:4129 127.0.0.1:8080 192.168.1.2 [::1] [2a01:e35:8a04::3538]:5000" # will listen on: # * IPv4: 0.0.0.0 port 4129 # * IPv4: 127.0.0.1 port 4129 # * IPv4: 192.168.1.12 port 4129 (default port, nuauth_user_packet_port) # * IPv6: ::1 port 4129 (default port) # * IPv6: 2a01:e35:8a04::3538 port 5000 # Use 0.0.0.0 to bind to all IPv4 addresses, and [::] for all IPv6 addresses #nuauth_client_listen_addr="0.0.0.0" # address nuauth listens on for nufw packets # It uses the same syntax as nuauth_client_listen_addr. #nuauth_nufw_listen_addr="127.0.0.1" # Absolute path to the unix domain socket for nufw servers # If nuauth and nufw are installed on the same machine, # a unix sock can be used between them. # default: none #nuauth_client_listen_socket="/tmp/nuauth_nufw.sock" # Default port for nufw gw request #nuauth_gw_packet_port=4128 # Default port for user authentification packet #nuauth_user_packet_port=4129 # NuFW ############################################ # address of the nufw gw # in UDP clear mode this is the address nuauth # respond to authentication request # In TLS mode transform this variable in a list # containing all the ips used to connect to the # nuauth server : # nufw_gw_addr="192.168.75.1 192.168.75.254" # nufw_gw_addr="127.0.0.1" ############ # Is nufw using able to use libnetfilter_conntrack # and able to kill a session nufw_has_conntrack=1 ############ # Is nufw using able to use libnetfilter_conntrack # and has fixed timeout patch nufw_has_fixed_timeout=1 ############################################################## # Module configuration : # syntax is the following # list of modules separated by space # syntax of a module : # name[:type[:config file]] # if syntax is : # name : load module "name" with config file included in nuauth.conf # name:type : load module "type" with config file CONFIG_DIR/modules/name.conf # name:type:conf : load module "type" with config file "conf" ############################################################## ## Authentication module for user : # It is used if nuauth_uses_fake_sasl is set to 1 # to be choozen in : # - plaintext : user credentials are stored in a text file # - system : authentication is done against PAM and groups are system groups. This provides # a convenient way to use nss features and/or pam-modules nuauth_user_check_module="plaintext" # Set up following variables if you want to differenciate user id and # group fetching from authentication: #nuauth_get_user_id_module="plaintext" #nuauth_get_user_groups_module="plaintext" ## Acl checking module : # to be choozen in : # - ldap # - plaintext nuauth_acl_check_module="plaintext" # Cache acl for more performance ? nuauth_acl_cache=1 ## Period handling module: # to be choozen in: # - xml_defs # nuauth_periods_module="xml_defs" ############################################## #Choose user logging method ############################################## #You can log to MySQL, PostgreSQL, syslog or Prelude #Therefore, acceptable values for this parameter are: # : "mysql", "pgsql", "syslog", "nuprelude", "ulogd2" nuauth_user_logs_module="syslog" # define with nuauth_user_session_logs_module which method you # want to use for user connection and disconnection # Available modules are : # syslog: log message with syslog # script: run a custom script at user connection (CONFDIR/user-up.sh) and disconnection (CONFDIR/user-down.sh) # mysql: log users connection and disconnection in a sql table # nuprelude: log to Prelude IDS # example : nuauth_user_session_logs_module="syslog mysql" nuauth_user_session_logs_module="syslog" # Module to log authentification errors # Available modules: nuprelude, syslog nuauth_auth_error_log_module="syslog" ############################################ # Other nuauth modules ############################################ # Module to modify an user session just after its creation # Choose between : session_expire, session_authtype nuauth_user_session_modify_module="session_expire" # Module to finalize a packet before sending it back to nufw # Available modules: mark_group, mark_uid, mark_field, mark_flag nuauth_finalize_packet_module="mark_uid" ############################################## # Comportemental items ############################################## # Use command server? # nuauth_use_command_server=0 # Debug level (0<=debug_level<=9) nuauth_debug_level=0 # Debug area, binary and between # DEBUG_AREA_MAIN = 1 Main domain # DEBUG_AREA_PACKET = 2 Packet domain # DEBUG_AREA_USER = 4 User domain # DEBUG_AREA_GW = 8 Gateway domain # DEBUG_AREA_AUTH = 16 Auth. domain # DEBUG_AREA_PERF = 32 Performance display # default : DEFAULT_DEBUG_AREA = 31 # nuauth_debug_areas=31 # What to do when several acls are found for a match : # - 0: Accept packet if an ACCEPT acl matches # - 1: Drop packet if there is a DROP acl matching # - 2: First decision match # Default nuauth_prio_to_nok=2 nuauth_prio_to_nok=2 # client can work with two modes : # POLL : client check each time interval if it need to send a packet (traffic economy for WAN) # PUSH : nuauth warn client that they may need to send authentication packet (better response time on LAN) nuauth_push_to_client=1 # If set to 0, it relaxes constraint of check of IP source address of # authenticated packets. This can be useful to authenticate both IPv6 and IPv4 # packet in a simple client. #nuauth_user_check_ip_equality=0 # Set to 1 to use user_check module # Set to 0 to use sasl authentication # # Note: It is a good idea to set nuauth_log_users_without_realm # to 1 it you set nuauth_uses_fake_sasl to 0. # nuauth_uses_fake_sasl=1 # Number of connections a user can run # 0 = unlimited (default) nuauth_single_user_client_limit=0 # Number of connections per IP a user can run # 0 = unlimited (default) nuauth_single_ip_client_limit=0 # Reject (instead drop) when packet is reached # 0: use drop (default) # 1: reject (send icmp unreached message) nuauth_reject_after_timeout=0 # Reject (instead drop) when user is not in any group of a ACCEPT acl # 0: use drop (default) # 1: reject (send icmp unreached message) nuauth_reject_authenticated_drop=0 # DROP packet if logging phase has failed. # The main use of this variable is to decide weither to drop # or not packets when the number of packet in the logging queue # gets too high. # nuauth_drop_if_no_logging = 0 # Maximum number of packets that can remain on a logging queue. # When a packet arrives when this number of packets is queued, it # is not logged and get dropped if nuauth_drop_if_no_logging is 1. # nuauth_max_unassigned_messages = 2000 # Do we use a fallback hello authentication mode for non NuFW supported # protocols ? # This brings authentication for all protocols based on IP # by doing a posteriori IP based authentication. # WARNING : Authentication is FAR less strict than nufw original protocol : # * It authenticates NATed computer (and every computers behind the same firewall) # * It is strictly MONO user # * But, it can authenticate all type of IP flows nuauth_hello_authentication=0 # Do we use fallback mode when no client are found ? # nuauth_push_to_client has to be set to 1 if you choose to enable it nuauth_do_ip_authentication=0 ## ip authentication module # to be chozen in : # ipauth_guest auth_mysql # nuauth_ip_authentication_module="ipauth_guest" # set a user session duration after this duration is is necessary # to reauthenticate: # User is disconnected from the system after the duration. Disconnect # occurs when a packet arrives. # # Please note that asking the password has to be done if needed on client # side. # # Default is 0 which mean unlimited session # example : # nuauth_session_duration=3600 # maximum number of a simultaneously connected # nufw authentication clients # default : 1024 # nuauth_tls_max_clients=1024 # maximum number of simultaneously connected # nufw servers # (not implemented) # default : 16 # nuauth_tls_max_servers=8 ################################################ # Tuning parameters ################################################ include "nuauth.d/nuauth_tuning.conf" ################################################ # TLS parameters ################################################## include "nuauth.d/nuauth_tls.conf" ############################################ # Kerberos 5 authentication ############################################ include "nuauth.d/nuauth_krb5.conf" ############################################ # Users tracking ############################################# # decide if we're logging user activity # log level is the sum of values : # 0 : no log at all # 1 : log new user (in syslog) # 2 : log rejected packets # 4 : log accepted packets # 8 : do session tracking # complete session tracking need special iptables # rules, described in documentation nuauth_log_users=9 #Controls whether the users logging is absolutely safe : access is logged before #granted. This is probably necessary if SQL backend is used for SSO. nuauth_log_users_sync=1 # update log entries to avoid accidental double connection # DO NOT DISABLE IT BY CHANGING IT TO 0 if you want strict security # WHEN USING SSO MODULES nuauth_log_users_strict=1 # remove realm from username before logging # this is the recommanded setting as it is easier # to interact with other authorisation modules when SSO # feature are used. nuauth_log_users_without_realm=1 #################################################### # plaintext parameters ##################################################### #plaintext_userfile="/etc/nufw/users.nufw" #plaintext_aclfile="/etc/nufw/acls.nufw" ################################################### # system parameters ################################################### # add a lock to be able to deal with non thread # safe pam modules. For more safety this is set to 1 by default # NEEDED for winbind. system_pam_module_not_threadsafe=1 # Some glibc (read 2.3.2) have a buggy implementation # of getgrouplist which causes a crash. If this is the case # set the following option to the maximum number of groups # for a single user. #system_glibc_cant_guess_maxgroups=0 # Suppress domain added as prefix during login phase #system_suppress_prefixed_domain=0 ########################################### # Ldap external auth ########################################### include "nuauth.d/nuauth_ldap.conf" ############################################### # Database User Logging config ############################################### include "nuauth.d/nuauth_mysql.conf" include "nuauth.d/nuauth_pgsql.conf" ########################### # # X509 modules ###################### # For x509_std : nuauth_tls_trusted_issuer_dn #This option is used to match issuer of a certificate against this string. #It there is a match, then we trust the give certificate. # nuauth_tls_trusted_issuer_dn=DN ############################### # xml_defs module ############################## # Place where periods have to be read #xml_defs_periodfile="/etc/nufw/periods.xml" # ####################################### # marking modules ####################################### include "nuauth.d/nuauth_mark.conf" ########################################### # authtype module ########################################### include "nuauth.d/nuauth_authtype.conf" ########################################### # auth_mysql module ########################################### # for ip authentication # name of the table containing user sessions # mysql_ipauth_table_name="ipauth_sessions" # Is the mysql function check_net active in the MySQL database # mysql_ipauth_check_netmask=1 # # # for userid and groupid check # mysql_userinfo_table_name="userinfo" # mysql_groups_table_name="groups" # mysql_groupinfo_table_name="groupinfo" # # fallback to guest's username, userID and groupID # instead of dropping request. # mysql_auth_fallback_to_guest=1 # mysql_auth_guest_username="guest" # mysql_auth_guest_userid=0 # mysql_auth_guest_groupid=99 ############################################################## # ipauth_guest: ip authentication module ############################################################## # Set the name of user that will be returned if there is no one # connected at the source IP. # ipauth_guest_username = "guest" ############################################################## # ulogd2 ############################################################## # Logs (for packets) can be sent to ulogd2, using the UNIXSOCK # module. # absolute path to the unix socket created by ulogd2 # ulogd2_socket="/var/run/ulogd2.sock" nufw-2.4.3/conf/nuauth.d/0000777000175000017500000000000011431215443012155 500000000000000nufw-2.4.3/conf/nuauth.d/nuauth_tls.conf0000644000175000017500000001164011431206275015133 00000000000000############################################ # X509 TLS configuration ############################################ # WARNING: nuauth need to be restarted if value is changed # in this section # complete name of server private key # default to CONFIGDIR/nuauth.pem # Warning: nuauth need to be restarted if value is changed #nuauth_tls_key="/etc/nufw/nuauth-key.pem" # password for private key (if needed) # NOTE : currently unsupported # Warning: nuauth need to be restarted if value is changed # nuauth_tls_key_passwd="passwd" # absolute path to server certificate # Warning: nuauth need to be restarted if value is changed #nuauth_tls_cert="/etc/nufw/nuauth-cert.pem" # absolute path to certificate authority # Warning: nuauth need to be restarted if value is changed #nuauth_tls_cacert="/etc/nufw/NuFW-cacert.pem" # absolute path to directory of additional trusted certificate authorities # Warning: nuauth need to be restarted if value is changed #nuauth_tls_ca_path="/etc/nufw/ssl/certs" # absolute filename of server certificate # revocation list # default none # Warning: nuauth need to be restarted if value is changed #nuauth_tls_crl="/etc/nufw/crl.pem" # crl refresh interval (in seconds) # Reads the crl file every N seconds # to update the revocation list # default: 30 #nuauth_tls_crl_refresh=30 # Absolute path to PEM-encoded file containing DH parameters. # # Using ephemeral DH key exchange yields forward secrecy, as the connection can # only be decrypted, when the DH key is known. By generating a temporary DH key # inside the server application that is lost when the application is left, it # becomes impossible for an attacker to decrypt past sessions, even if he gets # hold of the normal (certified) key, as this key was only used for signing. # # If no file is specified, the DH parameters are generated when nuauth starts, # which can take some time. # # default: none #nuauth_tls_dh_params="/etc/nufw/dh512.pem" # This value sets the certificate management between # every NuFW component. # # do we require valid certificates from client # and nufw server ? (verified against certificate # authority) # default : 2 (certificates are required) # Warning: nuauth need to be restarted if value is changed # NUSSL_CERT_IGNORE 0 # NUSSL_CERT_REQUEST 1 # NUSSL_CERT_REQUIRE 2 nuauth_tls_request_cert=2 # This allows the cipher list sent by the server to be modified. # When the client sends a list of supported ciphers the first client # cipher also included in the server list is used. Because the client # specifies the preference order, the order of the server cipherlist # irrelevant. # See the 'openssl ciphers' command for more information (OpenSSL). # For GnuTLS, use 'gnutls-cli --list' and 'man gnutls_priority_init' # # default: all # example for OpenSSL: #nuauth_tls_ciphers="AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" # example for GnuTLS: #nuauth_tls_ciphers="NORMAL:!AES-128-CBC" # disable warning when client certificates are not requested # This option can be used to hide the warning telling that nuauth # is not secure when used with nuauth_tls_request_cert <= 1. # default: 0 (false) # nuauth_tls_disable_request_warning=0 # disable verification of nufw certificate CN: # nufw hostname FQDN must match the CN field of the certificate # default: 0 (false) # nuauth_tls_disable_nufw_fqdn_check=0 # nuauth_module_certificate_check : # performs additional checks on client certificates # Available modules: x509_std x509_ocsp # Default : nuauth_module_certificate_check="" # nuauth_certificate_check_module="x509_std x509_ocsp" ############################################ # X509 certificate authentication ############################################ # This value sets the certificate management between # clients<->nuauth. # # do we authorize authentication by certificate # default to 0 (no), 1 yes, 2 mandatory # Warning: nuauth need to be restarted if value is changed # NUSSL_CERT_IGNORE 0 # NUSSL_CERT_REQUEST 1 # NUSSL_CERT_REQUIRE 2 #nuauth_tls_auth_by_cert=0 # nuauth_module_certificate_to_uid : # get username from his certificate # Default : nuauth_module_certificate_to_uid="x509_std" # nuauth_certificate_to_uid_module="x509_std" ############################################ # X509 certificate OCSP check ############################################ # The x509_ocsp module can performs checks to an # OCSP (Online Certificate Status Protocol) # responder, to check the revocation status for each client # certificate. # Note: it is a fact that OCSP checks take time, and that it # increases the time to establish a connection. # # Please note that this module is available only for the OpenSSL # version # Use the Authority Information Access (AIA) extension from the # CA certificate (see RFC 2459) to extract the OCSP server URL. # nuauth_tls_ocsp_ca_use_aia = 1 # FQDN of the OCSP responder # nuauth_tls_ocsp_server="ocsp.domain.com" # Port used by the OCSP responder # nuauth_tls_ocsp_port=2560 # OCSP path for the requests: # nuauth_tls_ocsp_path="/" nufw-2.4.3/conf/nuauth.d/nuauth_ldap.conf0000644000175000017500000000177311431206275015257 00000000000000# Connection parameters ########################################### # address of the ldap server ldap_server_addr="127.0.0.1" # port of the ldap server ldap_server_port=389 # dn and password to bind ldap connection to ldap_bind_dn="cn=admin,dc=nufw,dc=org" ldap_bind_password="mypassword" # ldap request type # set to 1 : request on DstPort is done with equality # set to 0 : request on DstPort is done with range # equality is faster than range # range can be more simple to administrate ldap_filter_type=0 # set to 1 if your ldap backend store IPV6 address # # ldap_use_ipv4_schema=0 # Timeout of ldap request ldap_request_timeout=4 # Search parameters ########################################### # base dn for search request # default for ldap_acls_base_dn,ldap_users_base_dn # if they are not set ldap_basedn="dc=nufw,dc=org" # base dn for acl search request ldap_acls_base_dn="ou=acls,dc=nufw,dc=org" # base dn for acl Timeranges definitions ldap_acls_timerange_base_dn="ou=timeranges,dc=nufw,dc=org" nufw-2.4.3/conf/nuauth.d/nuauth_krb5.conf0000644000175000017500000000116211431206275015172 00000000000000# remember to set nuauth_uses_fake_sasl=0 # nuauth_krb5_service : # Alternate service name to use for tickets # Default : nuauth_krb5_service="nuauth" # nuauth_krb5_service="nuauth" # nuauth_krb5_hostname : # The fully qualified host name of the server machine. # The service principal's realm is the preferred realm of the server machine. # Default : None (use default realm from Kerberos) # nuauth_krb5_hostname="nuauth.domain.com" # nuauth_krb5_realm : # Kerberos 5 realm, as configured in Kerberos. # Default : the realm configured for your hostname, # in the Kerberos configuration. # nuauth_krb5_realm="DOMAIN.COM" nufw-2.4.3/conf/nuauth.d/nuauth_pgsql.conf0000644000175000017500000000124611431206275015460 00000000000000#PGSql server address pgsql_server_addr="127.0.0.1" #PGsql server port pgsql_server_port=5432 #PGsql User to login as pgsql_user="myuser" #PGsql password, associated with username pgsql_passwd="secret" #Whether to use SSL or not (THIS PARAMETER IS IGNORED FOR NOW) pgsql_ssl="prefer" #Name of PGsql database to connect to pgsql_db_name="nufw" #Name of table name to connect to. Must belong to the chosen database. Specified #user must have rights on this table pgsql_table_name="ulog" #Name of table name for user sessions. pgsql_users_table_name="users" #Time in seconds we consider connection to the database to be lost if we have no #answer pgsql_request_timeout=5 nufw-2.4.3/conf/nuauth.d/nuauth_mysql.conf0000644000175000017500000000472211431206275015501 00000000000000#MYSql server address mysql_server_addr="localhost" #Mysql server port mysql_server_port=3306 #Mysql User to login as mysql_user="myuser" #Mysql password, associated with username mysql_passwd="secret" #Name of MYsql database to connect to mysql_db_name="nufw" #Name of table to connect to for packets logging. Must belong to the chosen database. Specified #user must have rights on this table mysql_table_name="ulog" #Name of table to connect to for user session logging. Must belong to the chosen database. Specified #user must have rights on this table mysql_users_table_name="users" # Uncomment and set to 0 if your MySQL database # uses the IPV6 schema provided with NuFW 2.2 #mysql_use_ipv4_schema=0 # mysql_admin_bofh: # Close all user connection when user session # finish. Set to 1 to ativate. # Warning: you need to set login policy to one login per user # and you can only have one nufw server # mysql_admin_bofh=1 # mysql_bofh_victim_group: # Uses mysql_admin_bofh feature only if user belongs # to the given guid. # mysql_bofh_victim_group=512 #Time in seconds we consider connection to the database to be lost if we have no #answer mysql_request_timeout=5 #Mysql SSL options #Set mysql_use_ssl=1 to use SSL, else other ssl options will be ignored mysql_use_ssl=0 #Set mysql_ssl_keyfile to the full path of the file containing your PRIVATE key. #This must be set if you want to use ssl, as default value is NULL #mysql_ssl_keyfile="/etc/nufw/ssl/mysql.key" #Set mysql_ssl_certfile to the full path of the file containing your PUBLIC certificate #This must be set if you want to use ssl, as default value is NULL #mysql_ssl_certfile="/etc/nufw/ssl/mysql.cert" #Set mysql_ssl_ca to the full path of the file containing your CA (Certificate Authority) file #UNSET THIS FIELD IF YOU DON'T WANT TO USE a CA #mysql_ssl_ca="/etc/nufw/ssl/mysql.ca" #Set mysql_ssl_capath to the full path of a DIRECTORY containing your CA #Certificate Authority) files, in PEM format #UNSET THIS FIELD IF YOU DON'T WANT TO USE CAs #mysql_ssl_capath="/etc/nufw/ssl/mysql.cas/" #Set mysql_ssl_cipher to the list of ciphers you wish to use for Mysql #connections. A complete cipher list on your system should be available if you #issue "openssl ciphers" #The default value here is "ALL:!ADH:+RC4:@STRENGTH", which is OpenSSL default, #and means "Use any but give RC4 the lowest priority" #For more info see : http://www.mkssoftware.com/docs/man1/openssl_ciphers.1.asp #mysql_ssl_cipher="ALL:!ADH:+RC4:@STRENGTH" nufw-2.4.3/conf/nuauth.d/nuauth_authtype.conf0000644000175000017500000000110211431206275016164 00000000000000# If a user belongs to one of the listed groups it will not be able to connect # session_authtype_blacklist_groups="515" # If a user belongs to one of the listed groups it will be able to connect. # If no group is defined, no check is done. # session_authtype_whitelist_groups="512" # List of groups authorized to connect with login/password (SASL) # If no group is defined, no check is done. #session_authtype_sasl_groups="512" # List of groups authorized to authenticate with certificate # If no group is defined, no check is done. #session_authtype_ssl_groups="512,513" nufw-2.4.3/conf/nuauth.d/nuauth_mark.conf0000644000175000017500000000144511431206275015265 00000000000000####################### # Mark group module ####################### # File of group list with mark #mark_group_group_file = "/etc/nufw/mark_group.conf" # Position of the mark (in bits) in the packet mark mark_group_shift = 0 # Number of bits to store the mark mark_group_nbits = 32 # Default mark if no group does match mark_group_default_mark = 0 ############################ # Mark field module ################################# # File with mark pattern association # mark_field_file = "/etc/nufw/mark_field.conf" # Position of the mark (in bits) in the packet mark # mark_field_shift = 0 # Mark type # match on appname: 0 # match on osname: 1 # mark_field_type = 0 # Number of bits to store the mark # mark_field_nbits = 32 # Default mark if no group does match # mark_field_default_mark = 0 nufw-2.4.3/conf/nuauth.d/nuauth_tuning.conf0000644000175000017500000000207111431206275015633 00000000000000#This set the timeout for protocol announce from client. #If some of your client (post 2.0 version) receives a "bad protocol messsage", you may #want to increase this value. This is a workaround against very laggy network. # Default: 2 #nuauth_proto_wait_delay=4 # time in second to keep packet in the nuauth conntrack nuauth_packet_timeout=15 # acl datas persistance in cache (in second) nuauth_datas_persistance=30 # timeout for authentication negotiation (in second) # You can set it to low value if your system has no load problem and # if the used client ask password before connecting nuauth_auth_nego_timeout=30 # number of threads to work on user request nuauth_number_usercheckers=3 # number of threads to work on acl checking request nuauth_number_aclcheckers=2 # number of threads to work on packet logging nuauth_number_loggers=2 # number of threads to work on session logging nuauth_number_session_loggers=1 # number of threads to work on user authentication nuauth_number_authcheckers=5 # number of ip authentication workers nuauth_number_ipauthcheckers=2 nufw-2.4.3/conf/nulog.ipv4.mysql.dump0000644000175000017500000001473611431206275014421 00000000000000-- MySQL dump 10.10 -- -- Host: localhost Database: nulog -- ------------------------------------------------------ -- Server version 5.0.24a-Debian_9-log /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */; /*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; /*!40103 SET TIME_ZONE='+00:00' */; /*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; -- -- Table structure for table `cache_task` -- DROP TABLE IF EXISTS `cache_task`; CREATE TABLE `cache_task` ( `state` int(1) default NULL ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -- Table structure for table `last_update` -- DROP TABLE IF EXISTS `last_update`; CREATE TABLE `last_update` ( `timestamp` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -- Table structure for table `offenders` -- DROP TABLE IF EXISTS `offenders`; CREATE TABLE `offenders` ( `ip_addr` int(10) unsigned NOT NULL default '0', `first_time` int(10) unsigned default NULL, `last_time` int(10) unsigned default NULL, `count` int(10) default NULL, PRIMARY KEY (`ip_addr`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -- Table structure for table `tcp_ports` -- DROP TABLE IF EXISTS `tcp_ports`; CREATE TABLE `tcp_ports` ( `tcp_dport` smallint(5) unsigned NOT NULL default '0', `first_time` int(10) unsigned default NULL, `last_time` int(10) unsigned default NULL, `count` int(10) default NULL, PRIMARY KEY (`tcp_dport`), KEY `last_time` (`last_time`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -- Table structure for table `udp_ports` -- DROP TABLE IF EXISTS `udp_ports`; CREATE TABLE `udp_ports` ( `udp_dport` smallint(5) unsigned NOT NULL default '0', `first_time` int(10) unsigned default NULL, `last_time` int(10) unsigned default NULL, `count` int(10) default NULL, PRIMARY KEY (`udp_dport`), KEY `last_time` (`last_time`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -- Table structure for table `ulog` -- DROP TABLE IF EXISTS `ulog`; CREATE TABLE `ulog` ( `id` int(10) unsigned NOT NULL auto_increment, `raw_mac` varchar(80) default NULL, `oob_time_sec` int(10) unsigned default NULL, `oob_time_usec` int(10) unsigned default NULL, `oob_prefix` varchar(32) default NULL, `oob_mark` int(10) unsigned default NULL, `oob_in` varchar(32) default NULL, `oob_out` varchar(32) default NULL, `ip_saddr` int(10) unsigned default NULL, `ip_daddr` int(10) unsigned default NULL, `ip_protocol` tinyint(3) unsigned default NULL, `ip_tos` tinyint(3) unsigned default NULL, `ip_ttl` tinyint(3) unsigned default NULL, `ip_totlen` smallint(5) unsigned default NULL, `ip_ihl` tinyint(3) unsigned default NULL, `ip_csum` smallint(5) unsigned default NULL, `ip_id` smallint(5) unsigned default NULL, `ip_fragoff` smallint(5) unsigned default NULL, `tcp_sport` smallint(5) unsigned default NULL, `tcp_dport` smallint(5) unsigned default NULL, `tcp_seq` int(10) unsigned default NULL, `tcp_ackseq` int(10) unsigned default NULL, `tcp_window` smallint(5) unsigned default NULL, `tcp_urg` tinyint(4) default NULL, `tcp_urgp` smallint(5) unsigned default NULL, `tcp_ack` tinyint(4) default NULL, `tcp_psh` tinyint(4) default NULL, `tcp_rst` tinyint(4) default NULL, `tcp_syn` tinyint(4) default NULL, `tcp_fin` tinyint(4) default NULL, `udp_sport` smallint(5) unsigned default NULL, `udp_dport` smallint(5) unsigned default NULL, `udp_len` smallint(5) unsigned default NULL, `icmp_type` tinyint(3) unsigned default NULL, `icmp_code` tinyint(3) unsigned default NULL, `icmp_echoid` smallint(5) unsigned default NULL, `icmp_echoseq` smallint(5) unsigned default NULL, `icmp_gateway` int(10) unsigned default NULL, `icmp_fragmtu` smallint(5) unsigned default NULL, `pwsniff_user` varchar(30) default NULL, `pwsniff_pass` varchar(30) default NULL, `ahesp_spi` int(10) unsigned default NULL, `timestamp` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, `state` smallint(6) unsigned default NULL, `end_timestamp` datetime default NULL, `start_timestamp` datetime default NULL, `username` varchar(30) default NULL, `user_id` smallint(5) unsigned default NULL, `client_os` varchar(100) default NULL, `client_app` varchar(256) default NULL, `packets_in` int(10) default NULL, `packets_out` int(10) default NULL, `bytes_in` int(10) default NULL, `bytes_out` int(10) default NULL, UNIQUE KEY `id` (`id`), KEY `index_id` (`id`), KEY `timestamp` (`timestamp`), KEY `ip_saddr` (`ip_saddr`), KEY `udp_dport` (`udp_dport`), KEY `tcp_dport` (`tcp_dport`), KEY `oob_time_sec` (`oob_time_sec`) ) ENGINE=MyISAM AUTO_INCREMENT=739 DEFAULT CHARSET=latin1; -- -- Table structure for table `users` -- DROP TABLE IF EXISTS `users`; CREATE TABLE `users` ( `ip_saddr` int(10) unsigned NOT NULL, `socket` int(10) unsigned NOT NULL, `user_id` int(10) unsigned default NULL, `username` varchar(30) default NULL, `start_time` datetime default NULL, `end_time` datetime default NULL, `os_sysname` varchar(40) default NULL, `os_release` varchar(40) default NULL, `os_version` varchar(100) default NULL, KEY `socket` (socket), KEY `user_id` (`user_id`), KEY `username` (`username`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -- Table structure for table `usersstats` -- DROP TABLE IF EXISTS `usersstats`; CREATE TABLE `usersstats` ( `user_id` smallint(5) unsigned NOT NULL default '0', `username` varchar(30) default NULL, `bad_conns` int(10) unsigned NOT NULL default '0', `good_conns` int(10) unsigned NOT NULL default '0', `first_time` int(10) unsigned default NULL, `last_time` int(10) unsigned default NULL, PRIMARY KEY (`user_id`), KEY `username` (`username`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; nufw-2.4.3/conf/nutop.conf0000644000175000017500000000026611431206275012366 00000000000000#Set and uncomment parameters for your site. #databasetype = pgsql #databasename = nulog #tablename = ulog #user = nuuser #pass = nupassword #host = 127.0.0.1 #delay = 2 #line = 20 nufw-2.4.3/conf/nuaclgen.conf0000644000175000017500000000016511431206275013013 00000000000000$ldap_host="localhost"; $basedn="dc=nufw,dc=org"; $username="cn=admin,dc=nufw,dc=org"; $password="mysecretpassword"; nufw-2.4.3/conf/Makefile.am0000644000175000017500000000165311431206275012407 00000000000000CONFIG_FILES = acls.nufw mark_field.conf mark_group.conf nuaclgen.conf nuauth.conf nuclient.conf nutop.conf periods.xml users-plaintext.nufw \ nuauth.d/nuauth_ldap.conf nuauth.d/nuauth_mysql.conf nuauth.d/nuauth_pgsql.conf nuauth.d/nuauth_tls.conf nuauth.d/nuauth_tuning.conf \ nuauth.d/nuauth_mark.conf nuauth.d/nuauth_krb5.conf \ nuauth.d/nuauth_authtype.conf \ nufw.conf SQL_DUMP = nulog.ipv4.mysql.dump nulog.ipv6.mysql.dump nulog.pgsql.dump LDAP_FILES = acls.schema timeranges.schema AUTH_MYSQL_FILES = auth_mysql/auth_mysql.ipv4.mysql.dump auth_mysql/auth_mysql.ipv6.mysql.dump auth_mysql/check_net.mysql CERT_FILES = certs/admin@nufw.org-cert.pem certs/admin@nufw.org-key.pem certs/nuauth-cert.pem certs/nuauth-key.pem certs/NuFW-cacert.pem certs/nufw-cert.pem certs/nufw-key.pem certs/user@nufw.org-cert.pem certs/user@nufw.org-key.pem EXTRA_DIST = $(CONFIG_FILES) $(SQL_DUMP) $(LDAP_FILES) $(AUTH_MYSQL_FILES) $(CERT_FILES) nufw-2.4.3/conf/timeranges.schema0000644000175000017500000000274711431206275013700 00000000000000#Time/day/month parameters were introduced in NuFW 1.1 branch, on June 14th 2005 attributetype ( 18.3.6.1.1.18.3.1 NAME 'TimeRangeStart' DESC 'An integer defining the first second of a time range in a day' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) attributetype ( 18.3.6.1.1.18.3.2 NAME 'TimeRangeEnd' DESC 'An integer defining the last second of a time range in a day' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) attributetype ( 18.3.6.1.1.18.3.3 NAME 'DayRangeStart' DESC 'An integer defining the first day of a time range in a week' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) attributetype ( 18.3.6.1.1.18.3.4 NAME 'DayRangeEnd' DESC 'An integer defining the last day of a time range in a week' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) attributetype ( 18.3.6.1.1.18.3.5 NAME 'MonthRangeStart' DESC 'An integer defining the first month of a time range in a year' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) attributetype ( 18.3.6.1.1.18.3.6 NAME 'MonthRangeEnd' DESC 'An integer defining the last month of a time range in a year' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) nufw-2.4.3/conf/users-plaintext.nufw0000644000175000017500000000073211431206275014420 00000000000000# # ACLs file for the plaintext module # # Format # username:passwd:uid:gid[,gid...] # # Note: account is disabled if passwd is "*" or "!" # # Passwords can be hashed via SSHA, SMD5, SHA1, SHA or MD5 # To do so specify # user:{ALGO}CRYPTEDPASSWORD:uid:gid # Example: # user:{SHA}lgJ11mVejyWMPhz9hL5y85+FdfY=:1:102 user:{SHA}lgJ11mVejyWMPhz9hL5y85+FdfY=:1:102 # This entry is equivalent to the following one # user:imauser:1:102 admin:iadmin:2:100,102 suadmin:suroot:3:103 nufw-2.4.3/conf/nufw.conf0000644000175000017500000000156511431206275012203 00000000000000########################################## # nufw Configuration file ########################################## # Address or name of the authentication server (nuauth) # Paquets will be sent to nuauth server, waiting for # the decision. # Note that this should match the CN field of nuauth # certificate. # # default: 127.0.0.1 #nufw_destination = "127.0.0.1" ############################################ # X509 TLS configuration ############################################ # absolute name of server private key # default to CONFIGDIR/nufw-key.pem #nufw_tls_key="/etc/nufw/nufw-key.pem" # absolute path to server certificate #nufw_tls_cert="/etc/nufw/nufw-cert.pem" # absolute path to certificate authority # default: none #nufw_tls_cacert="/etc/nufw/NuFW-cacert.pem" # absolute filename to server certificate revocation list # default: none #nufw_tls_crl="/etc/nufw/crl.pem" nufw-2.4.3/conf/acls.schema0000644000175000017500000001305311431206275012454 00000000000000attributetype ( 1.3.6.1.4.1.23812.1.0 NAME 'SrcIPStart' DESC 'An integer defining the beginning of an IP src scope' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) attributetype ( 1.3.6.1.4.1.23812.1.1 NAME 'SrcIPEnd' DESC 'An integer defining the end of an IP src scope' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) attributetype ( 1.3.6.1.4.1.23812.1.2 NAME 'DstIPStart' DESC 'An integer defining the start of an IP dst scope' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) attributetype ( 1.3.6.1.4.1.23812.1.3 NAME 'DstIPEnd' DESC 'An integer defining the end of an IP dst scope' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) attributetype ( 1.3.6.1.4.1.23812.1.4 NAME 'SrcPortStart' DESC 'An integer defining the start of a Port src scope' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) attributetype ( 1.3.6.1.4.1.23812.1.5 NAME 'SrcPortEnd' DESC 'An integer defining the end of a Port dst scope' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) attributetype ( 1.3.6.1.4.1.23812.1.6 NAME 'DstPortStart' DESC 'An integer defining the start of a Port dst scope' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) attributetype ( 1.3.6.1.4.1.23812.1.7 NAME 'DstPortEnd' DESC 'An integer defining the end of a Port dst scope' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) attributetype ( 1.3.6.1.4.1.23812.1.8 NAME 'Proto' DESC 'An integer defining the IP protocol' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27) attributetype ( 1.3.6.1.4.1.23812.1.9 NAME 'Decision' DESC 'An integer defining the ACL Decision' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) attributetype ( 1.3.6.1.4.1.23812.1.10 NAME 'Group' DESC 'An integer defining a group id' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27) attributetype ( 1.3.6.1.4.1.23812.1.11 NAME 'DstPort' DESC 'An integer defining a Port dst' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27) attributetype ( 1.3.6.1.4.1.23812.1.12 NAME 'OsName' DESC 'Operating System Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}) attributetype ( 1.3.6.1.4.1.23812.1.13 NAME 'OsVersion' DESC 'Operating System Version' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}) attributetype ( 1.3.6.1.4.1.23812.1.14 NAME 'OsRelease' DESC 'Operating System Release' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}) attributetype ( 1.3.6.1.4.1.23812.1.15 NAME 'AppName' DESC 'Application Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}) attributetype ( 1.3.6.1.4.1.23812.1.16 NAME 'AppSig' DESC 'Application Signature' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}) attributetype ( 1.3.6.1.4.1.23812.1.17 NAME 'SrcPort' DESC 'An integer defining a Port src' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27) attributetype ( 1.3.6.1.4.1.23812.1.18 NAME 'TimeRange' DESC 'Name of Time Range to apply' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE) attributetype ( 1.3.6.1.4.1.23812.1.19 NAME 'AclFlags' DESC 'An integer defining acl flags' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27) attributetype ( 1.3.6.1.4.1.23812.1.20 NAME 'AclWeight' DESC 'An integer defining acl weight' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27) attributetype ( 1.3.6.1.4.1.23812.1.21 NAME 'User' DESC 'An integer defining a user id' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27) attributetype ( 1.3.6.1.4.1.23812.1.22 NAME 'AuthQuality' DESC 'An integer defining needed auth quality of packet' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27) attributetype ( 1.3.6.1.4.1.23812.1.23 NAME 'InDev' DESC 'Input Device' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE) attributetype ( 1.3.6.1.4.1.23812.1.24 NAME 'PhysInDev' DESC 'Physical Input Device' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE) attributetype ( 1.3.6.1.4.1.23812.1.25 NAME 'OutDev' DESC 'Output Device' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE) attributetype ( 1.3.6.1.4.1.23812.1.26 NAME 'PhysOutDev' DESC 'Physical Output Device' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE) objectclass ( 1.3.6.1.4.1.23812.2.1 NAME 'NuAccessControlList' DESC 'An IP Acl' MUST (cn $ SrcIPStart $ SrcIPEnd $ DstIPStart $ DstIPEnd $ Decision $ DstPortStart $ DstPortEnd ) MAY (Proto $ SrcPortStart $ SrcPortEnd $ DstPort $ SrcPort $ OsName $ OsVersion $ OsRelease $ AppName $ AppSig $ User $ Group $ description $ TimeRange $ AclFlags $ AclWeight $ AuthQuality $ InDev $ PhysInDev $ OutDev $ PhysOutDev) ) nufw-2.4.3/conf/nulog.ipv6.mysql.dump0000644000175000017500000001467211431206275014422 00000000000000-- MySQL dump 10.10 -- -- Host: localhost Database: nulog -- ------------------------------------------------------ -- Server version 5.0.24a-Debian_9-log /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */; /*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; /*!40103 SET TIME_ZONE='+00:00' */; /*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; -- -- Table structure for table `cache_task` -- DROP TABLE IF EXISTS `cache_task`; CREATE TABLE `cache_task` ( `state` int(1) default NULL ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -- Table structure for table `last_update` -- DROP TABLE IF EXISTS `last_update`; CREATE TABLE `last_update` ( `timestamp` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -- Table structure for table `offenders` -- DROP TABLE IF EXISTS `offenders`; CREATE TABLE `offenders` ( `ip_addr` binary(16) NOT NULL, `first_time` int(10) unsigned default NULL, `last_time` int(10) unsigned default NULL, `count` int(10) default NULL, PRIMARY KEY (`ip_addr`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -- Table structure for table `tcp_ports` -- DROP TABLE IF EXISTS `tcp_ports`; CREATE TABLE `tcp_ports` ( `tcp_dport` smallint(5) unsigned NOT NULL default '0', `first_time` int(10) unsigned default NULL, `last_time` int(10) unsigned default NULL, `count` int(10) default NULL, PRIMARY KEY (`tcp_dport`), KEY `last_time` (`last_time`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -- Table structure for table `udp_ports` -- DROP TABLE IF EXISTS `udp_ports`; CREATE TABLE `udp_ports` ( `udp_dport` smallint(5) unsigned NOT NULL default '0', `first_time` int(10) unsigned default NULL, `last_time` int(10) unsigned default NULL, `count` int(10) default NULL, PRIMARY KEY (`udp_dport`), KEY `last_time` (`last_time`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -- Table structure for table `ulog` -- DROP TABLE IF EXISTS `ulog`; CREATE TABLE `ulog` ( `id` int(10) unsigned NOT NULL auto_increment, `raw_mac` varchar(80) default NULL, `oob_time_sec` int(10) unsigned default NULL, `oob_time_usec` int(10) unsigned default NULL, `oob_prefix` varchar(32) default NULL, `oob_mark` int(10) unsigned default NULL, `oob_in` varchar(32) default NULL, `oob_out` varchar(32) default NULL, `ip_saddr` binary(16) default NULL, `ip_daddr` binary(16) default NULL, `ip_protocol` tinyint(3) unsigned default NULL, `ip_tos` tinyint(3) unsigned default NULL, `ip_ttl` tinyint(3) unsigned default NULL, `ip_totlen` smallint(5) unsigned default NULL, `ip_ihl` tinyint(3) unsigned default NULL, `ip_csum` smallint(5) unsigned default NULL, `ip_id` smallint(5) unsigned default NULL, `ip_fragoff` smallint(5) unsigned default NULL, `tcp_sport` smallint(5) unsigned default NULL, `tcp_dport` smallint(5) unsigned default NULL, `tcp_seq` int(10) unsigned default NULL, `tcp_ackseq` int(10) unsigned default NULL, `tcp_window` smallint(5) unsigned default NULL, `tcp_urg` tinyint(4) default NULL, `tcp_urgp` smallint(5) unsigned default NULL, `tcp_ack` tinyint(4) default NULL, `tcp_psh` tinyint(4) default NULL, `tcp_rst` tinyint(4) default NULL, `tcp_syn` tinyint(4) default NULL, `tcp_fin` tinyint(4) default NULL, `udp_sport` smallint(5) unsigned default NULL, `udp_dport` smallint(5) unsigned default NULL, `udp_len` smallint(5) unsigned default NULL, `icmp_type` tinyint(3) unsigned default NULL, `icmp_code` tinyint(3) unsigned default NULL, `icmp_echoid` smallint(5) unsigned default NULL, `icmp_echoseq` smallint(5) unsigned default NULL, `icmp_gateway` int(10) unsigned default NULL, `icmp_fragmtu` smallint(5) unsigned default NULL, `pwsniff_user` varchar(30) default NULL, `pwsniff_pass` varchar(30) default NULL, `ahesp_spi` int(10) unsigned default NULL, `timestamp` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, `state` smallint(6) unsigned default NULL, `end_timestamp` datetime default NULL, `start_timestamp` datetime default NULL, `username` varchar(30) default NULL, `user_id` smallint(5) unsigned default NULL, `client_os` varchar(100) default NULL, `client_app` varchar(256) default NULL, `packets_in` int(10) default NULL, `packets_out` int(10) default NULL, `bytes_in` int(10) default NULL, `bytes_out` int(10) default NULL, UNIQUE KEY `id` (`id`), KEY `index_id` (`id`), KEY `timestamp` (`timestamp`), KEY `ip_saddr` (`ip_saddr`), KEY `udp_dport` (`udp_dport`), KEY `tcp_dport` (`tcp_dport`), KEY `oob_time_sec` (`oob_time_sec`) ) ENGINE=MyISAM AUTO_INCREMENT=739 DEFAULT CHARSET=latin1; -- -- Table structure for table `users` -- DROP TABLE IF EXISTS `users`; CREATE TABLE `users` ( `ip_saddr` binary(16) NOT NULL, `socket` int(10) unsigned NOT NULL, `user_id` int(10) unsigned default NULL, `username` varchar(30) default NULL, `start_time` datetime default NULL, `end_time` datetime default NULL, `os_sysname` varchar(40) default NULL, `os_release` varchar(40) default NULL, `os_version` varchar(100) default NULL, KEY `socket` (socket), KEY `user_id` (`user_id`), KEY `username` (`username`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -- Table structure for table `usersstats` -- DROP TABLE IF EXISTS `usersstats`; CREATE TABLE `usersstats` ( `user_id` smallint(5) unsigned NOT NULL default '0', `username` varchar(30) default NULL, `bad_conns` int(10) unsigned NOT NULL default '0', `good_conns` int(10) unsigned NOT NULL default '0', `first_time` int(10) unsigned default NULL, `last_time` int(10) unsigned default NULL, PRIMARY KEY (`user_id`), KEY `username` (`username`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; nufw-2.4.3/conf/acls.nufw0000644000175000017500000000471111431206275012174 00000000000000# ACLs file for the plaintext module # # Example of ACL # ============== # # [Sample ACL] # gid=100,101 # which groups are concerned # gid=103 # several lines can be used # uid=100,101 # which user ids are concerned # uid=103 # several lines can be used # proto=6 # IP protocol: 1=ICMP, 6=TCP (default), 17=UDP # type=0 # Type, for ICMP protocol only # SrcIP=10.10.0.1 # Source IP, equivalent to 10.10.0.1/32 # SrcPort=1024-65535 # List of source ports (a single port is ok) # DstIP=10.10.0.5 # Destination IP address # DstIP=10.10.0.8, 10.10.1.0/24 # There can be several IP addresses/lines # DstPort=5150-5153 # List of destination ports # DstPort=22,25 # There can be several lines # decision=1 # 0=drop, 1=accept, 3=reject (2 is reserved: "no decide") # # Default values: # - decision: 1 (ACCEPT) # - protocol: 6 (TCP) # - SrcIP: any IP address # - DstIP: any IP address # - SrcPort: any port # - DstPort: any port # # Application filtering: # App=/usr/bin/perl # Several applications can be given: # App=/usr/bin/ssh # App=/usr/bin/nc # # OS checking: # OS = Linux # You can give the kernel release: # OS = Linux ; 2.6.8 # and the kernel version: # OS = Linux ; 2.6.8 ; #3 Fri Aug 27 20:37:38 CEST 2004 # (Several OS can be given) # # Interface checking: # [indev|outdev|physindev|physoutdev] = eth0 # You have to specify complete interface name and blob are # not allowed. # # Log prefix: # log_prefix = ssh # # You need to use period defined in your period handling module: # period = 24x7 # # ACL flags is an integer coding properties of the ACL: # flags = 1 # # Flags value are used by bit comparison. You can combien the following # value # * 1: do aysnchronous login on packet accepted by ACL, equivalent # to don't do Single Sign On on the ACL. # * 2: Don't log # * 4: Log synchronously (set it for SSO if not globally set) # * 8: Log strictly (set it for SSO) # Flag bits can be used to set a mark on packet. See mark_flag module. # Authentication quality can be used to limit authorization following the # type of authentication used # authquality = LEVEL # defined levels are: 0 auth by IP fallback method, 1 auth by SASL, 2 auth by certificate [ssh] gid=100 DstPort=22 App=/usr/bin/ssh OS=Linux [http] gid=100,102,103 DstPort=80 [https] gid=100 gid=102 DstPort=443 [full access for group 103] gid=103 nufw-2.4.3/conf/auth_mysql/0000777000175000017500000000000011431215443012615 500000000000000nufw-2.4.3/conf/auth_mysql/auth_mysql.ipv6.mysql.dump0000644000175000017500000000655211431206275017650 00000000000000-- MySQL dump 10.11 -- -- Host: localhost Database: nulog -- ------------------------------------------------------ -- Server version 5.0.32-Debian_7etch1-log /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */; /*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; /*!40103 SET TIME_ZONE='+00:00' */; /*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; -- -- Table structure for table `ipauth_sessions` -- DROP TABLE IF EXISTS `ipauth_sessions`; CREATE TABLE `ipauth_sessions` ( `ip_saddr` binary(16) NOT NULL, `netmask` tinyint(1) unsigned NOT NULL default '128', `user_id` int(10) unsigned default NULL, `username` varchar(30) default NULL, `start_time` datetime default NULL, `end_time` datetime default NULL, `cookie` varchar(255) default NULL, `no_logout` enum('n','y') NOT NULL default 'n', PRIMARY KEY (`ip_saddr`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `userinfo` -- DROP TABLE IF EXISTS `userinfo`; CREATE TABLE `userinfo` ( `uid` int(11) NOT NULL auto_increment, `username` varchar(255) NOT NULL, `password` char(41) default NULL, `end_time` datetime default NULL, `privacy` enum('n','y') default 'n', `admingrant` enum('n','y') default 'n', `name` varchar(255) default NULL, `surname` varchar(255) default NULL, `home_address` varchar(255) default NULL, `cap` char(6) default NULL, `fiscalcode` varchar(256) default NULL, `email` varchar(255) default NULL, `phone` varchar(20) default NULL, PRIMARY KEY (`uid`), UNIQUE KEY `username` (`username`), UNIQUE KEY `fiscalcode` (`fiscalcode`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `groupinfo` -- DROP TABLE IF EXISTS `groupinfo`; CREATE TABLE `groupinfo` ( `uid` int(11) NOT NULL, `gid` int(11) NOT NULL, PRIMARY KEY (`uid`,`gid`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `groups` -- DROP TABLE IF EXISTS `groups`; CREATE TABLE `groups` ( `gid` int(11) NOT NULL auto_increment, `groupname` varchar(255) NOT NULL, PRIMARY KEY (`gid`), UNIQUE KEY `groupname` (`groupname`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `usersettings` -- DROP TABLE IF EXISTS `usersettings`; CREATE TABLE `usersettings` ( `uid` int(11) NOT NULL default '0', `persistent` enum('n','y') NOT NULL default 'n', `default_ip` binary(16) NOT NULL default '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0', `netmask` tinyint(1) unsigned NOT NULL default '128', PRIMARY KEY (`uid`,`default_ip`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; -- Dump completed on 2007-09-20 8:29:55 nufw-2.4.3/conf/auth_mysql/auth_mysql.ipv4.mysql.dump0000644000175000017500000000652511431206275017646 00000000000000-- MySQL dump 10.11 -- -- Host: localhost Database: nulog -- ------------------------------------------------------ -- Server version 5.0.32-Debian_7etch1-log /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */; /*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; /*!40103 SET TIME_ZONE='+00:00' */; /*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; -- -- Table structure for table `ipauth_sessions` -- DROP TABLE IF EXISTS `ipauth_sessions`; CREATE TABLE `ipauth_sessions` ( `ip_saddr` int(10) unsigned NOT NULL, `netmask` tinyint(1) unsigned NOT NULL default '32', `user_id` int(10) unsigned default NULL, `username` varchar(30) default NULL, `start_time` datetime default NULL, `end_time` datetime default NULL, `cookie` varchar(255) default NULL, `no_logout` enum('n','y') NOT NULL default 'n', PRIMARY KEY (`ip_saddr`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `userinfo` -- DROP TABLE IF EXISTS `userinfo`; CREATE TABLE `userinfo` ( `uid` int(11) NOT NULL auto_increment, `username` varchar(255) NOT NULL, `password` char(41) default NULL, `end_time` datetime default NULL, `privacy` enum('n','y') default 'n', `admingrant` enum('n','y') default 'n', `name` varchar(255) default NULL, `surname` varchar(255) default NULL, `home_address` varchar(255) default NULL, `cap` char(6) default NULL, `fiscalcode` varchar(256) default NULL, `email` varchar(255) default NULL, `phone` varchar(20) default NULL, PRIMARY KEY (`uid`), UNIQUE KEY `username` (`username`), UNIQUE KEY `fiscalcode` (`fiscalcode`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `groupinfo` -- DROP TABLE IF EXISTS `groupinfo`; CREATE TABLE `groupinfo` ( `uid` int(11) NOT NULL, `gid` int(11) NOT NULL, PRIMARY KEY (`uid`,`gid`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `groups` -- DROP TABLE IF EXISTS `groups`; CREATE TABLE `groups` ( `gid` int(11) NOT NULL auto_increment, `groupname` varchar(255) NOT NULL, PRIMARY KEY (`gid`), UNIQUE KEY `groupname` (`groupname`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `usersettings` -- DROP TABLE IF EXISTS `usersettings`; CREATE TABLE `usersettings` ( `uid` int(11) NOT NULL default '0', `persistent` enum('n','y') NOT NULL default 'n', `default_ip` int(10) unsigned NOT NULL default '0', `netmask` tinyint(1) unsigned NOT NULL default '32', PRIMARY KEY (`uid`,`default_ip`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; -- Dump completed on 2007-09-20 8:29:55 nufw-2.4.3/conf/auth_mysql/check_net.mysql0000644000175000017500000000112211431206275015542 00000000000000DROP FUNCTION IF EXISTS check_net; delimiter // CREATE FUNCTION check_net (ip BINARY(16), net BINARY(16), mask TINYINT UNSIGNED) RETURNS BOOLEAN DETERMINISTIC BEGIN -- if mask is % 4 the function is much more optimized IF (mask % 4) AND NOT (LEFT(LPAD(CONV(SUBSTRING(HEX(ip) FROM (mask div 4)+1 FOR 1), 16, 2),4,0), mask % 4) = LEFT(LPAD(CONV(SUBSTRING(HEX(net) FROM (mask div 4)+1 FOR 1), 16, 2),4,0), mask % 4)) THEN RETURN FALSE; END IF; IF left(HEX(ip), mask div 4) = left(HEX(net), mask div 4) THEN RETURN TRUE; ELSE RETURN FALSE; END IF; END // delimiter ; nufw-2.4.3/conf/periods.xml0000644000175000017500000000152111431206275012534 00000000000000 nufw-2.4.3/conf/nulog.pgsql.dump0000644000175000017500000000611111431206275013505 00000000000000-- -- PostgreSQL database dump -- -- \connect - postgres SET search_path = public, pg_catalog; -- -- TOC entry 2 (OID 16986) -- Name: seq_ulog; Type: SEQUENCE; Schema: public; Owner: postgres -- CREATE SEQUENCE seq_ulog START 1 INCREMENT 1 MAXVALUE 9223372036854775807 MINVALUE 1 CACHE 1; -- -- TOC entry 4 (OID 16986) -- Name: seq_ulog; Type: ACL; Schema: public; Owner: postgres -- REVOKE ALL ON TABLE seq_ulog FROM PUBLIC; -- -- TOC entry 5 (OID 16988) -- Name: ulog; Type: TABLE; Schema: public; Owner: postgres -- CREATE TABLE ulog ( id bigint DEFAULT nextval('seq_ulog'::text) NOT NULL, user_id bigint, oob_prefix character varying(32), oob_time_sec bigint, oob_time_usec integer, oob_mark bigint, oob_in character varying(32), oob_out character varying(32), raw_mac character varying(80), raw_pktlen bigint, ip_ihl smallint, ip_tos smallint, ip_totlen integer, ip_id integer, ip_fragoff integer, ip_ttl smallint, ip_protocol smallint, ip_csum integer, ip_saddr inet, ip_daddr inet, tcp_sport integer, tcp_dport integer, tcp_seq bigint, tcp_ackseq bigint, tcp_urg boolean, tcp_ack boolean, tcp_psh boolean, tcp_rst boolean, tcp_syn boolean, tcp_fin boolean, tcp_window integer, tcp_urgp integer, udp_sport integer, udp_dport integer, udp_len integer, icmp_type smallint, icmp_code smallint, icmp_echoid integer, icmp_echoseq integer, icmp_gateway bigint, icmp_fragmtu integer, pwsniff_user character varying(30), pwsniff_pass character varying(30), ahesp_spi smallint, local_time bigint, local_hostname character varying(40), start_timestamp bigint, end_timestamp bigint, state smallint, username character varying(30), client_os character varying(128), client_app character varying(128), packets_in bigint, packets_out bigint, bytes_in bigint, bytes_out bigint ); CREATE INDEX ulog_id ON ulog USING btree (id); CREATE INDEX ulog_ip_saddr ON ulog USING btree (ip_saddr); CREATE INDEX ulog_ip_daddr ON ulog USING btree (ip_daddr); -- -- TOC entry 6 (OID 16988) -- Name: ulog; Type: ACL; Schema: public; Owner: postgres -- REVOKE ALL ON TABLE ulog FROM PUBLIC; -- -- Data for TOC entry 7 (OID 16988) -- Name: ulog; Type: TABLE DATA; Schema: public; Owner: postgres -- COPY ulog (id, user_id, oob_prefix, oob_time_sec, oob_time_usec, oob_mark, oob_in, oob_out, raw_mac, raw_pktlen, ip_ihl, ip_tos, ip_totlen, ip_id, ip_fragoff, ip_ttl, ip_protocol, ip_csum, ip_saddr, ip_daddr, tcp_sport, tcp_dport, tcp_seq, tcp_ackseq, tcp_urg, tcp_ack, tcp_psh, tcp_rst, tcp_syn, tcp_fin, tcp_window, tcp_urgp, udp_sport, udp_dport, udp_len, icmp_type, icmp_code, icmp_echoid, icmp_echoseq, icmp_gateway, icmp_fragmtu, pwsniff_user, pwsniff_pass, ahesp_spi, local_time, local_hostname, start_timestamp, end_timestamp, state) FROM stdin; \. -- -- TOC entry 3 (OID 16986) -- Name: seq_ulog; Type: SEQUENCE SET; Schema: public; Owner: postgres -- SELECT pg_catalog.setval ('seq_ulog', 36, true); nufw-2.4.3/missing0000755000175000017500000002557711431215376011042 00000000000000#! /bin/sh # Common stub for a few missing GNU programs while installing. scriptversion=2006-05-10.23 # Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006 # Free Software Foundation, Inc. # Originally by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. if test $# -eq 0; then echo 1>&2 "Try \`$0 --help' for more information" exit 1 fi run=: sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p' sed_minuso='s/.* -o \([^ ]*\).*/\1/p' # In the cases where this matters, `missing' is being run in the # srcdir already. if test -f configure.ac; then configure_ac=configure.ac else configure_ac=configure.in fi msg="missing on your system" case $1 in --run) # Try to run requested program, and just exit if it succeeds. run= shift "$@" && exit 0 # Exit code 63 means version mismatch. This often happens # when the user try to use an ancient version of a tool on # a file that requires a minimum version. In this case we # we should proceed has if the program had been absent, or # if --run hadn't been passed. if test $? = 63; then run=: msg="probably too old" fi ;; -h|--h|--he|--hel|--help) echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an error status if there is no known handling for PROGRAM. Options: -h, --help display this help and exit -v, --version output version information and exit --run try to run the given command, and emulate it if it fails Supported PROGRAM values: aclocal touch file \`aclocal.m4' autoconf touch file \`configure' autoheader touch file \`config.h.in' autom4te touch the output file, or create a stub one automake touch all \`Makefile.in' files bison create \`y.tab.[ch]', if possible, from existing .[ch] flex create \`lex.yy.c', if possible, from existing .c help2man touch the output file lex create \`lex.yy.c', if possible, from existing .c makeinfo touch the output file tar try tar, gnutar, gtar, then tar without non-portable flags yacc create \`y.tab.[ch]', if possible, from existing .[ch] Send bug reports to ." exit $? ;; -v|--v|--ve|--ver|--vers|--versi|--versio|--version) echo "missing $scriptversion (GNU Automake)" exit $? ;; -*) echo 1>&2 "$0: Unknown \`$1' option" echo 1>&2 "Try \`$0 --help' for more information" exit 1 ;; esac # Now exit if we have it, but it failed. Also exit now if we # don't have it and --version was passed (most likely to detect # the program). case $1 in lex|yacc) # Not GNU programs, they don't have --version. ;; tar) if test -n "$run"; then echo 1>&2 "ERROR: \`tar' requires --run" exit 1 elif test "x$2" = "x--version" || test "x$2" = "x--help"; then exit 1 fi ;; *) if test -z "$run" && ($1 --version) > /dev/null 2>&1; then # We have it, but it failed. exit 1 elif test "x$2" = "x--version" || test "x$2" = "x--help"; then # Could not run --version or --help. This is probably someone # running `$TOOL --version' or `$TOOL --help' to check whether # $TOOL exists and not knowing $TOOL uses missing. exit 1 fi ;; esac # If it does not exist, or fails to run (possibly an outdated version), # try to emulate it. case $1 in aclocal*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`acinclude.m4' or \`${configure_ac}'. You might want to install the \`Automake' and \`Perl' packages. Grab them from any GNU archive site." touch aclocal.m4 ;; autoconf) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`${configure_ac}'. You might want to install the \`Autoconf' and \`GNU m4' packages. Grab them from any GNU archive site." touch configure ;; autoheader) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`acconfig.h' or \`${configure_ac}'. You might want to install the \`Autoconf' and \`GNU m4' packages. Grab them from any GNU archive site." files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` test -z "$files" && files="config.h" touch_files= for f in $files; do case $f in *:*) touch_files="$touch_files "`echo "$f" | sed -e 's/^[^:]*://' -e 's/:.*//'`;; *) touch_files="$touch_files $f.in";; esac done touch $touch_files ;; automake*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. You might want to install the \`Automake' and \`Perl' packages. Grab them from any GNU archive site." find . -type f -name Makefile.am -print | sed 's/\.am$/.in/' | while read f; do touch "$f"; done ;; autom4te) echo 1>&2 "\ WARNING: \`$1' is needed, but is $msg. You might have modified some files without having the proper tools for further handling them. You can get \`$1' as part of \`Autoconf' from any GNU archive site." file=`echo "$*" | sed -n "$sed_output"` test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` if test -f "$file"; then touch $file else test -z "$file" || exec >$file echo "#! /bin/sh" echo "# Created by GNU Automake missing as a replacement of" echo "# $ $@" echo "exit 0" chmod +x $file exit 1 fi ;; bison|yacc) echo 1>&2 "\ WARNING: \`$1' $msg. You should only need it if you modified a \`.y' file. You may need the \`Bison' package in order for those modifications to take effect. You can get \`Bison' from any GNU archive site." rm -f y.tab.c y.tab.h if test $# -ne 1; then eval LASTARG="\${$#}" case $LASTARG in *.y) SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` if test -f "$SRCFILE"; then cp "$SRCFILE" y.tab.c fi SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` if test -f "$SRCFILE"; then cp "$SRCFILE" y.tab.h fi ;; esac fi if test ! -f y.tab.h; then echo >y.tab.h fi if test ! -f y.tab.c; then echo 'main() { return 0; }' >y.tab.c fi ;; lex|flex) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified a \`.l' file. You may need the \`Flex' package in order for those modifications to take effect. You can get \`Flex' from any GNU archive site." rm -f lex.yy.c if test $# -ne 1; then eval LASTARG="\${$#}" case $LASTARG in *.l) SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` if test -f "$SRCFILE"; then cp "$SRCFILE" lex.yy.c fi ;; esac fi if test ! -f lex.yy.c; then echo 'main() { return 0; }' >lex.yy.c fi ;; help2man) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified a dependency of a manual page. You may need the \`Help2man' package in order for those modifications to take effect. You can get \`Help2man' from any GNU archive site." file=`echo "$*" | sed -n "$sed_output"` test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` if test -f "$file"; then touch $file else test -z "$file" || exec >$file echo ".ab help2man is required to generate this page" exit 1 fi ;; makeinfo) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified a \`.texi' or \`.texinfo' file, or any other file indirectly affecting the aspect of the manual. The spurious call might also be the consequence of using a buggy \`make' (AIX, DU, IRIX). You might want to install the \`Texinfo' package or the \`GNU make' package. Grab either from any GNU archive site." # The file to touch is that specified with -o ... file=`echo "$*" | sed -n "$sed_output"` test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` if test -z "$file"; then # ... or it is the one specified with @setfilename ... infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` file=`sed -n ' /^@setfilename/{ s/.* \([^ ]*\) *$/\1/ p q }' $infile` # ... or it is derived from the source name (dir/f.texi becomes f.info) test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info fi # If the file does not exist, the user really needs makeinfo; # let's fail without touching anything. test -f $file || exit 1 touch $file ;; tar) shift # We have already tried tar in the generic part. # Look for gnutar/gtar before invocation to avoid ugly error # messages. if (gnutar --version > /dev/null 2>&1); then gnutar "$@" && exit 0 fi if (gtar --version > /dev/null 2>&1); then gtar "$@" && exit 0 fi firstarg="$1" if shift; then case $firstarg in *o*) firstarg=`echo "$firstarg" | sed s/o//` tar "$firstarg" "$@" && exit 0 ;; esac case $firstarg in *h*) firstarg=`echo "$firstarg" | sed s/h//` tar "$firstarg" "$@" && exit 0 ;; esac fi echo 1>&2 "\ WARNING: I can't seem to be able to run \`tar' with the given arguments. You may want to install GNU tar or Free paxutils, or check the command line arguments." exit 1 ;; *) echo 1>&2 "\ WARNING: \`$1' is needed, and is $msg. You might have modified some files without having the proper tools for further handling them. Check the \`README' file, it often tells you about the needed prerequisites for installing this package. You may also peek at any GNU archive site, in case some other package would contain this missing \`$1' program." exit 1 ;; esac exit 0 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-end: "$" # End: nufw-2.4.3/doc/0000777000175000017500000000000011431215442010246 500000000000000nufw-2.4.3/doc/nuaclgen.80000644000175000017500000000630211431206275012054 00000000000000.\" This manpage has been automatically generated by docbook2man .\" from a DocBook document. This tool can be found at: .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . .TH "NUACLGEN" "8" "12 mars 2007" "" "" .SH NAME nuaclgen \- NUFW acl generator .SH SYNOPSIS \fBnuaclgen\fR [ \fB--Schema \fIeq|ineq\fB\fR ] [ \fB--Aclname \fIACLDN\fB\fR ] [ \fB--saddr \fINETWORK1\fB\fR ] [ \fB--daddr \fINETWORK2\fB\fR ] [ \fB--proto \fIPROTONUMBER\fB\fR ] [ \fB--sport \fIP1[:P2]\fB\fR ] [ \fB--dport \fIP3[:P4]\fB\fR ] [ \fB--OsName \fIOSNAME\fB\fR ] [ \fB--OsVersion \fIOSVERSION\fB\fR ] [ \fB--OsRelease \fIOSRELEASE\fB\fR ] [ \fB--AppName \fIAPPLICATION NAME\fB\fR ] [ \fB--AppSig \fIAPPLICATION SIGNATURE\fB\fR ] [ \fB--Separator \fISEPARATOR\fB\fR ] [ \fB--jump \fI[ACCEPT|DROP]\fB\fR ] [ \fB--groups \fIGROUPLIST\fB\fR ] \fBnuaclgen\fR [ \fB--List\fR ] [ \fB--groups \fIId Group\fB\fR ] \fBnuaclgen\fR [ \fB--Delete \fIDN\fB\fR ] \fBnuaclgen\fR [ \fB--help\fR ] .SH "DESCRIPTION" .PP This manual page documents the \fBnuaclgen\fR command. .PP nuaclgen is an Access control list generator for the ldap backend of Nuauth, the authentication server of the NUFW package. .PP Original packaging and informations and help can be found from http://www.nufw.org/ .SH "OPTIONS" .TP \fB--Schema \fIeq|ineq\fB \fR Use equality schema or not (Equality schema requires dport be specified, and is the default. .TP \fB--AclName \fIAcl DN\fB \fR Add an acl in the ldap tree with dn \fIAcl DN\fR .TP \fB--saddr \fINetwork\fB \fR Specify source network for the acl, with network of the form : aaa.bbb.ccc.ddd[/ee]. Default value : 0.0.0.0/0 .TP \fB--daddr \fINetwork\fB \fR Specify destination network for the acl, with network of the form : aaa.bbb.ccc.ddd[/ee]. Default value : 0.0.0.0/0 .TP \fB--proto \fIProtocol number\fB \fR Specify protocol type for the acl .TP \fB--sport \fISource port\fB \fR Specify source port(s) for the Acl. NNNN:MMMM can be used to specify a port range. .TP \fB--dport \fIDestination port\fB \fR Specify destination port(s) for the Acl. NNNN:MMMM can be used to specify a port range. .TP \fB--jump \fIDecision\fB \fR Specify decision for the Acl. Has to be ACCEPT or DROP. .TP \fB--groups \fIGroups list\fB \fR Specify the user group(s) on which Acl apply. Must be of the form : Group1[,Group2[,...]] .TP \fB--List --group \fIGroup ID\fB \fR List Acls for the \fIGroup ID\fR group .TP \fB--Delete \fIDn\fB \fR Deletes the Acl stored in the provided Dn .TP \fB--help \fR Displays a brief resume of available options and quits .SH "SEE ALSO" .PP nufw(8) .PP nuauth(8) .SH "AUTHOR" .PP Nuauth was designed and coded by Eric Leblond, aka Regit () , and Vincent Deffontaines, aka gryzor (). Original idea in 2001, while working on NSM Ldap support. .PP This manual page was written by Eric Leblond and copyrighted by INL (2003-2005) .PP Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 2 as published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts. nufw-2.4.3/doc/Makefile.in0000644000175000017500000004073711431215376012250 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = doc DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = man1dir = $(mandir)/man1 am__installdirs = "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man3dir)" \ "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" man3dir = $(mandir)/man3 man5dir = $(mandir)/man5 man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ man_MANS = nuaclgen.8 nuauth.8 nufw.8 nutcpc.1 nutop.8 libnuclient.3 nuclient.conf.5 README_FILES = README.auth_mysql README.iface README.ldap README.log_mysql README.mark README.pam_nufw DOC_FILES = acls cache_system debug MAN_SOURCE_FILES = libnuclient.3.sgml nuaclgen.8.sgml \ nuauth.8.sgml nufw.8.sgml nutcpc.1.sgml nutop.8.sgml nuclient.conf.5.sgml EXTRA_DIST = $(man_MANS) $(README_FILES) $(MAN_SOURCE_FILES) $(DOC_FILES) STYLESHEET = /usr/share/xml/docbook/stylesheet/nwalsh/html/docbook.xsl STYLEPDF = /usr/share/xml/docbook/stylesheet/nwalsh/pdf/docbook.xsl PARAMS = --stringparam html.stylesheet ck-style.css --stringparam section.autolabel 1 all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man1: $(man1_MANS) $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)" @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ for i in $$l2; do \ case "$$i" in \ *.1*) list="$$list $$i" ;; \ esac; \ done; \ for i in $$list; do \ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ else file=$$i; fi; \ ext=`echo $$i | sed -e 's/^.*\\.//'`; \ case "$$ext" in \ 1*) ;; \ *) ext='1' ;; \ esac; \ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ inst=`echo $$inst | sed -e 's/^.*\///'`; \ inst=`echo $$inst | sed '$(transform)'`.$$ext; \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \ done uninstall-man1: @$(NORMAL_UNINSTALL) @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ for i in $$l2; do \ case "$$i" in \ *.1*) list="$$list $$i" ;; \ esac; \ done; \ for i in $$list; do \ ext=`echo $$i | sed -e 's/^.*\\.//'`; \ case "$$ext" in \ 1*) ;; \ *) ext='1' ;; \ esac; \ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ inst=`echo $$inst | sed -e 's/^.*\///'`; \ inst=`echo $$inst | sed '$(transform)'`.$$ext; \ echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \ rm -f "$(DESTDIR)$(man1dir)/$$inst"; \ done install-man3: $(man3_MANS) $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)" @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ for i in $$l2; do \ case "$$i" in \ *.3*) list="$$list $$i" ;; \ esac; \ done; \ for i in $$list; do \ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ else file=$$i; fi; \ ext=`echo $$i | sed -e 's/^.*\\.//'`; \ case "$$ext" in \ 3*) ;; \ *) ext='3' ;; \ esac; \ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ inst=`echo $$inst | sed -e 's/^.*\///'`; \ inst=`echo $$inst | sed '$(transform)'`.$$ext; \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \ done uninstall-man3: @$(NORMAL_UNINSTALL) @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ for i in $$l2; do \ case "$$i" in \ *.3*) list="$$list $$i" ;; \ esac; \ done; \ for i in $$list; do \ ext=`echo $$i | sed -e 's/^.*\\.//'`; \ case "$$ext" in \ 3*) ;; \ *) ext='3' ;; \ esac; \ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ inst=`echo $$inst | sed -e 's/^.*\///'`; \ inst=`echo $$inst | sed '$(transform)'`.$$ext; \ echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \ rm -f "$(DESTDIR)$(man3dir)/$$inst"; \ done install-man5: $(man5_MANS) $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ for i in $$l2; do \ case "$$i" in \ *.5*) list="$$list $$i" ;; \ esac; \ done; \ for i in $$list; do \ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ else file=$$i; fi; \ ext=`echo $$i | sed -e 's/^.*\\.//'`; \ case "$$ext" in \ 5*) ;; \ *) ext='5' ;; \ esac; \ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ inst=`echo $$inst | sed -e 's/^.*\///'`; \ inst=`echo $$inst | sed '$(transform)'`.$$ext; \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \ done uninstall-man5: @$(NORMAL_UNINSTALL) @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ for i in $$l2; do \ case "$$i" in \ *.5*) list="$$list $$i" ;; \ esac; \ done; \ for i in $$list; do \ ext=`echo $$i | sed -e 's/^.*\\.//'`; \ case "$$ext" in \ 5*) ;; \ *) ext='5' ;; \ esac; \ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ inst=`echo $$inst | sed -e 's/^.*\///'`; \ inst=`echo $$inst | sed '$(transform)'`.$$ext; \ echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \ rm -f "$(DESTDIR)$(man5dir)/$$inst"; \ done install-man8: $(man8_MANS) $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ for i in $$l2; do \ case "$$i" in \ *.8*) list="$$list $$i" ;; \ esac; \ done; \ for i in $$list; do \ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ else file=$$i; fi; \ ext=`echo $$i | sed -e 's/^.*\\.//'`; \ case "$$ext" in \ 8*) ;; \ *) ext='8' ;; \ esac; \ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ inst=`echo $$inst | sed -e 's/^.*\///'`; \ inst=`echo $$inst | sed '$(transform)'`.$$ext; \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ done uninstall-man8: @$(NORMAL_UNINSTALL) @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ for i in $$l2; do \ case "$$i" in \ *.8*) list="$$list $$i" ;; \ esac; \ done; \ for i in $$list; do \ ext=`echo $$i | sed -e 's/^.*\\.//'`; \ case "$$ext" in \ 8*) ;; \ *) ext='8' ;; \ esac; \ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ inst=`echo $$inst | sed -e 's/^.*\///'`; \ inst=`echo $$inst | sed '$(transform)'`.$$ext; \ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ done tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(MANS) installdirs: for dir in "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-man install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-man1 install-man3 install-man5 install-man8 install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \ uninstall-man8 .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ distclean distclean-generic distclean-libtool distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-man1 \ install-man3 install-man5 install-man8 install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am \ uninstall-man uninstall-man1 uninstall-man3 uninstall-man5 \ uninstall-man8 references.html: references.xml xsltproc ${PARAMS} --output references.html ${STYLESHEET} references.xml handbook: handbook.html handbook.html: handbook.xml xsltproc ${PARAMS} --output $@ ${STYLESHEET} $< pdf: handbook.pdf references.pdf %.pdf: %.xml ${DOCBOOK2PDF} $< %.8: %.8.sgml ${DOCBOOK2MAN} $< %.1: %.1.sgml ${DOCBOOK2MAN} $< %.3: %.3.sgml ${DOCBOOK2MAN} $< %.5: %.5.sgml ${DOCBOOK2MAN} $< # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/doc/debug0000644000175000017500000000207111431206275011177 00000000000000How to control Debugging on Nufw - Vincent Deffontaines 2003 This document is a draft, written before any implementation, to fix what is going to be done. Two variables are defined to control debugging : DEBUG_LEVEL and DEBUG_AREAS DEBUG_LEVEL can be set by the use of "-v" switches; its value is equal to the number of "v"s added to 2, and can grow up to 10. If more "v"s should be passed on command line, they would simply be ignored. DEBUG_LEVEL controls the verbosity of debug messages, the higher it is, the more details will be contained in debug messages. The minimum value for this parameter is 2, "1" is for [fatal] errors, "2" is for critical messages. Those will always be reported. DEBUG_AREAS defines which components of Nufw should be sent debug messages about. If you are debugging the authenticating part of nufw at DEBUG_LEVEL 8, you probably don't really care about debug messages from the ipq interface part. DEBUG_AREAS must be calculated as the sum of these : 1 2 4 8 16 32 64 These 2 variables, properly set, should help debugging in details. nufw-2.4.3/doc/nutop.80000644000175000017500000000613011431206275011424 00000000000000.\" This manpage has been automatically generated by docbook2man .\" from a DocBook document. This tool can be found at: .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . .TH "NUTOP" "8" "18 mars 2007" "" "" .SH NAME nutop \- display top NUFW Users .SH SYNOPSIS \fBnutop\fR [ \fB-help\fR ] [ \fB-c \fIconfig file\fB\fR ] [ \fB-delay \fIrefresh delay (seconds)\fB\fR ] [ \fB-line \fInumber of lines to display\fB\fR ] [ \fB-databasetype \fI mysql/pgsql\fB\fR ] [ \fB-host \fIdb host\fB\fR ] [ \fB-user \fIdb username\fB\fR ] [ \fB-pass \fIdb password\fB\fR ] [ \fB-databasename \fIdb database name\fB\fR ] [ \fB-tablename \fIdb table\fB\fR ] [ \fB-port \fIdb port\fB\fR ] .SH "DESCRIPTION" .PP This manual page documents the \fBnutop\fR command. .PP Nutop is to be used by administrators willing to view users activity on a NuFW server, in real time. The display is designed to look a lot like the well known top command, as far as general layout is concerned. .PP The default configuration file (containing SQL connections parameters) is located at /etc/nufw/nutop.conf. If decided to customize it to their needs, care should be taken about file permissions on that file, as it might let any user of the system access to the NuFW connection tracking database. .PP Original packaging and informations and help can be found from http://www.nufw.org/ .SH "OPTIONS" .TP \fB-help \fR Issues usage details and exits. .TP \fB-c \fIconfig file\fB \fR Specifies config file to read SQL parameters from. Default is /etc/nufw/nutop.conf .TP \fB-delay \fInumber\fB \fR Specifies a rate to refresh display. This parameter is interpeted as a number of seconds. Default is 2s. .TP \fB-line \fInumber\fB \fR Number of lines to display. Default : 20 .TP \fB-databasetype \fImysql/pgsql\fB \fR Type of database to connect to. Default is mysql. This setting also sets the default port setting. .TP \fB-host \fIhostname/IP\fB \fR IP address or FQDN of database we connect to. Default value : 127.0.0.1 .TP \fB-user \fIusername\fB \fR Database username to connect as. Default is "nutop" .TP \fB-pass \fIpassword\fB \fR Password to use to connect to database. .TP \fB-databasename \fIname of database\fB \fR Name of database we connect to. Default is "nulog" .TP \fB-tablename \fIname of table\fB \fR Name of SQL table to use for queries. Default is "ulog" .TP \fB-port \fITCP port\fB \fR TCP numeric port to use for database connection. Default is 3306 if databasetype is mysql, 5432 if pgsql. .SH "SEE ALSO" .PP nuauth(8), nufw(8) .SH "AUTHOR" .PP Nufw was designed and coded by Eric Leblond, aka Regit () , and Vincent Deffontaines, aka gryzor (). Original idea in 2001, while working on NSM Ldap support. .PP This manual page was written by Vincent Deffontaines .PP Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 2 as published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts. nufw-2.4.3/doc/cache_system0000644000175000017500000000576311431206275012573 00000000000000Cache is for protocol v2 only authentication is done once (at the beginning or after inactivity timeout ..) by SSL session cache access are done through a queue maintained by a dedicated thread cache thread answers to query via a private queue on which the query thread listen to. If return is NULL then query has to be done on db : unavailable data or data need a refresh If return is not NULL then this a pointer to our data If query thread receive NULL, it queries db and send a message to cache thread with the result of his query. when data are no more used, thread send a message to warn the cache thread when the cache thread find that a resource has 0 access it look if it needs to be freed. Periodically main thread sends a message to ask a cleaning of resources. Thus we have the following messages : get key send key data update all User : (in fact Alternative at bottom is implemented) public : groups list private : old data : chained list of pointer (keep trace of used data to to a clean refresh when they are of no use) create_timestamp refresh_timestamp nb_of_uses refreshing Acl : public : decisions list private : old data : chained list of pointer (keep trace of used data to to a clean refresh when they are of no use) create_timestamp refresh_timestamp nb_of_uses refreshing generic cache system : base element : "public" : pointer obscure : create_timestamp refresh_timestamp nb_of_uses refreshing global structure : using hash | |-key => chained list of element (only first is significant and used in return) | | ... cache thread algorithm : while (get_queue){ switch ( message ){ GET key : if (data is refreshing){ push request to local queue; } if (data need refresh){ set refreshing bit; return NULL to asking thread; } if (data is not here){ create NULL data with key and refreshing set; return NULL to asking thread; } if (data is here){ increase usage count; return data to asking thread; } PUT key data : if (data is refreshing){ ok proceed; remove refreshing tag; loop through local queues and answer to concern thread; } else { What's the fuck ! } FREE key pointer : if (pointer is pointer to current data, first element of data){ decrease usage count; } if (pointer is one pointer from old data){ decrease usage count; free data if (usage count is 0) } UPDATE ALL : loop trough key, delete data where usage count is NULL and refresh time exceeded (suppress entry from hash) } } current code modification : ask cache before doing request wait answer from cache (timeout, setting of an async queue per thread) send a PUT message when request is done send a FREE message when we free connection USER cache : each user is identified by his SSL fd. so we link SSL fd -> userid List of groups Modification of user are local : A user got a few modification only, if never of its group list A reconnect can be done easily if necessary nufw-2.4.3/doc/README.auth_mysql0000644000175000017500000001031711431206275013235 00000000000000========== Auth Mysql ========== Introduction ============ auth_mysql can be used as: * nuauth_user_check_module * nuauth_get_user_id_module * nuauth_get_user_groups_module * nuauth_ip_authentication_module (use with caution) Prerequisites ============= Two different mysql schemas are provided in conf/auth_mysql: - auth_mysql.ipv4.mysql.dump - auth_mysql.ipv6.mysql.dump import the one that matches with you setup. If you use IPv6 mysql schema you need to uncomment the following line in nuauth.conf: mysql_use_ipv4_schema=0 If you want to use netmask checking in ipauth module you must also import check_net.mysql, that contains 'check_net' function. WARNING to import this file you must have the SUPER privilege or this variable must be declared: -- SET GLOBAL log_bin_trust_function_creators = 1; Then set this line in nuauth.conf: mysql_ipauth_check_netmask=1 Module configuration ==================== mysql tables ~~~~~~~~~~~~ * userinfo table contains users informations: * main columns are uid and username * password column is used for user authentication * other columns can be added to add user description (address, mail, phone, ...) * groups table contains group names and group id, * groupinfo table contains user-group associations: * Each user can be part of several groups, each line indicate that the uid is part of the gid, * ipauth_sessions table is used for ip based authentication. * 'netmask' column is used for authenticate a single ip or an entire subnet. Default value is 128 for ipv6 mysql schema or 32 ipv4 schema (with int(10) ip_saddr) authenticating just one host, but you can change it to authenticate an entire subnet (i.e. 192.168.10.0/24 or ::ffff:192.168.10.0/120). WARNING with ipv6 schema you'll need to declare 'check_mysql' function (see above) * 'no_logout' column is useful to tag the lines that should never be removed in order to add a 'persistent' (never ending) connection. (values: 'y' or 'n') nuauth.conf file ~~~~~~~~~~~~~~~~ In nuauth configuration file this parameters are supported: * mysql_ipauth_table_name (default: ipauth_sessions) * mysql_userinfo_table_name (default: userinfo) * mysql_groups_table_name (default: groups) * mysql_groupinfo_table_name (default: groupinfo) * some other mysql setting used by log_mysql module are used here too with the same meaning. * mysql_ipauth_check_netmask: wether or not use netmask in ip authentication. (default: 1) IP authentication module configuration ====================================== iptables setup ~~~~~~~~~~~~~~ If you want to use ipauthentication module and want to redirect http/https traffic to a login page you must declare following rules in iptables's nat table: iptables -t nat -A PREROUTING -i eth0 -s 192.168.22.11 -m mark --mark 0 -p tcp --dport 80 -j REDIRECT iptables -t nat -A PREROUTING -i eth0 -s 192.168.22.11 -m mark --mark 0 -p tcp --dport 443 -j REDIRECT Notes: (1. we suppose eth0 being you lan interface) (2. if your login page is on a remote host you can use "DNAT --to-destination " as target) Moreover nufw's filtering rules must be declared in mangle table and not in forward or output: iptables -t mangle -D PREROUTING -p tcp -i eth0 -m state --state NEW --syn -j NFQUEUE This way every not authenticated connection is marked "guest" (by default uid=0,gid=99) and above rules in nat table redirect it to login page acl setup ~~~~~~~~~ In nuauth's acl you need to permit traffic from guest group (default 99 if not overridden in mysql tables) to 80 and 443 ports. For example: [web] decision=1 gid=99 proto=6 SrcIP=0.0.0.0/0 SrcPort=1024-65535 DstIP=0.0.0.0/0 DstPort=80 [web 2] decision=1 gid=99 proto=6 SrcIP=0.0.0.0/0 SrcPort=1024-65535 DstIP=0.0.0.0/0 DstPort=443 Using it ======== The PHP pages available in scripts/auth_mysql/mysqlauth/ provide an login and logout page. You may need to edit the start of index.php to adjust the database configuration to your system. logoff script in the directory scripts/auth_mysql/ can be used to end session after timeout. You can also use the PHP script auth_mysql.php provided in scripts/auth_mysql as starting point for a login banner. This script uses the userinfo table to verify user and password given at prompt. nufw-2.4.3/doc/nuauth.80000644000175000017500000001073711431206275011573 00000000000000.\" This manpage has been automatically generated by docbook2man .\" from a DocBook document. This tool can be found at: .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . .TH "NUAUTH" "8" "10 novembre 2008" "" "" .SH NAME nuauth \- NUFW authentication server .SH SYNOPSIS \fBnuauth\fR [ \fB-h\fR ] [ \fB-V\fR ] [ \fB-v[v...]\fR ] [ \fB-l \fI(local, for clients) port\fB\fR ] [ \fB-C \fI(local, for clients) address\fB\fR ] [ \fB-L \fI(local, for nufw) address\fB\fR ] [ \fB-p \fI(local, for nufw) port\fB\fR ] [ \fB-t \fItimeout\fB\fR ] [ \fB-D\fR ] .SH "DESCRIPTION" .PP This manual page documents the \fBnuauth\fR command. .PP Nuauth is the authentication server of the NUFW package. Whenever a client sends a packet(1) to start a connection through the gateway, the client program (nutcpc), installed on the client's station, sends an authentication packet(2) to nuauth. The gateway's firewall queues the packet(1) and sends informations about it directly to the nuauth server. Nuauth's job is to analyse both packets(1) and (2), and check user owns the right to initialize the connection (s)he has tried to. If Nuauth finds so, Nuauth sends authorization to Nufw to accept the packet(1) through, and the connection gets initialized. If not, the connection is Dropped. .PP Nuauth can use a backend LDAP server for user and groups definitions, as well as Access Lists associated with those groups. Interface to Users/Groups database can also be performed through PAM/NSS. An option is also to store the user database in DBM files. It should be noted that dynamic modifications of the users base can currently only be performed if an LDAP database is used. .PP Original packaging and informations and help can be found from http://www.nufw.org/ .SH "OPTIONS" .TP \fB-h \fR Issues usage details and exits. .TP \fB-V \fR Issues version and exits. .TP \fB-v \fR Increases verbosity level. Multiple switches are accepted and each of them increases the verbosity level by one. Default verbosity level is 2, max is 10. .TP \fB-l \fIport\fB \fR Specifies TCP port to listen on for clients. Default value : 4129 .TP \fB-L \fIaddress\fB \fR Address to listen on for NuFW packets. Default : 127.0.0.1 .TP \fB-C \fIaddress\fB \fR Address to listen on for clients packets. Default : 0.0.0.0 .TP \fB-d \fIaddress\fB \fR Network address of the nufw (gateway) servers. Only NuFW servers at those addresses will be allowed to talk to nuauth. .TP \fB-p \fIport\fB \fR This option is DEPRECATED and was in use only in v1 of the protocol, which was proof of concept, non-encrypted. Specifies UDP port to send data to when addressing the nufw (gateway) server. Nufw server must be setup to listen on that port. Default value : 4128 .TP \fB-t \fIseconds\fB \fR Specifies timeout to forget packets not identified, and identification packets matching nothing. Default value : 15 s. .TP \fB-D \fR Run as a daemon. If started as a daemon, nuauth logs message to syslog. If you don't specify this option, messages go to the console nuauth is running on, both on STDOUT and STDERR. Unless you are debugging something, you should run nuauth with this option. .SH "SIGNALS" .PP The \fBnuauth\fR daemon is designed to deal with several signals : HUP, USR1, USR2, and POLL. .TP \fBHUP \fR Reload configuration. The \fBnuauth\fR daemon reloads its configuration when receiving this signal. Since 2.2.19, it also refreshes the CRL file content. .TP \fBUSR1 \fR Increases verbosity. The daemon then acts as if it had been launched with one supplementary '-v'.A line is also added to the system log to mention the signal event. .TP \fBUSR2 \fR Decreases verbosity. The daemon then acts as if it had been launched with one less '-v'. A line is also added to the system log to mention the signal event. .TP \fBPOLL \fR Logs an "audit" line, mentioning how many network datagrams were received and sent since daemon startup. .SH "SEE ALSO" .PP nufw(8) .SH "AUTHOR" .PP Nuauth was designed and coded by Eric Leblond, aka Regit () , and Vincent Deffontaines, aka gryzor (). Original idea in 2001, while working on NSM Ldap support. .PP This manual page was written by Vincent Deffontaines .PP Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 2 as published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts. nufw-2.4.3/doc/README.ldap0000644000175000017500000000110311431206275011760 00000000000000======================================= Quick install guide for LDAP acl module ======================================= LDAP acl module uses a custom schema. To use it, copy conf/acls.schema in /etc/ldap/schemas/ and declare it in your slapd.conf:: include /etc/ldap/schema/acls.schema Add to your slapd.conf some indexes for performance:: # For nufw index OsName,OsRelease,OsVersion,AppSig,AppName pres,eq index SrcIPStart,SrcIPEnd,DstIPStart,DstIPEnd pres,eq index Proto,SrcPortStart,SrcPortEnd,DstPortStart,DstPortEnd pres,eq index SrcPort,DstPort pres,eq nufw-2.4.3/doc/nutop.8.sgml0000644000175000017500000001717711431206275012402 00000000000000 manpage.1'. You may view the manual page with: `docbook-to-man manpage.sgml | nroff -man | less'. A typical entry in a Makefile or Makefile.am is: manpage.1: manpage.sgml docbook-to-man $< > $@ The docbook-to-man binary is found in the docbook-to-man package. Please remember that if you create the nroff version in one of the debian/rules file targets (such as build), you will need to include docbook-to-man in your Build-Depends control field. --> Vincent"> Deffontaines"> march 18, 2007"> 8"> vincent@inl.fr"> eric@inl.fr"> nutop"> GNU"> GPL"> ]>
&dhemail;
&dhfirstname; &dhsurname; 2004 &dhusername; &dhdate; &dhucpackage; &dhsection; &dhpackage; display top NUFW Users &dhpackage; DESCRIPTION This manual page documents the &dhpackage; command. Nutop is to be used by administrators willing to view users activity on a NuFW server, in real time. The display is designed to look a lot like the well known top command, as far as general layout is concerned. The default configuration file (containing SQL connections parameters) is located at /etc/nufw/nutop.conf. If decided to customize it to their needs, care should be taken about file permissions on that file, as it might let any user of the system access to the NuFW connection tracking database. Original packaging and informations and help can be found from http://www.nufw.org/ OPTIONS Issues usage details and exits. Specifies config file to read SQL parameters from. Default is /etc/nufw/nutop.conf Specifies a rate to refresh display. This parameter is interpeted as a number of seconds. Default is 2s. Number of lines to display. Default : 20 Type of database to connect to. Default is mysql. This setting also sets the default port setting. IP address or FQDN of database we connect to. Default value : 127.0.0.1 Database username to connect as. Default is "nutop" Password to use to connect to database. Name of database we connect to. Default is "nulog" Name of SQL table to use for queries. Default is "ulog" TCP numeric port to use for database connection. Default is 3306 if databasetype is mysql, 5432 if pgsql. SEE ALSO nuauth(8), nufw(8) AUTHOR Nufw was designed and coded by Eric Leblond, aka Regit (&dhemail2;) , and Vincent Deffontaines, aka gryzor (&dhemail;). Original idea in 2001, while working on NSM Ldap support. This manual page was written by &dhusername; Permission is granted to copy, distribute and/or modify this document under the terms of the &gnu; Free Documentation License, Version 2 as published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts. nufw-2.4.3/doc/Makefile.am0000644000175000017500000000205411431206275012223 00000000000000man_MANS = nuaclgen.8 nuauth.8 nufw.8 nutcpc.1 nutop.8 libnuclient.3 nuclient.conf.5 README_FILES = README.auth_mysql README.iface README.ldap README.log_mysql README.mark README.pam_nufw DOC_FILES = acls cache_system debug MAN_SOURCE_FILES = libnuclient.3.sgml nuaclgen.8.sgml \ nuauth.8.sgml nufw.8.sgml nutcpc.1.sgml nutop.8.sgml nuclient.conf.5.sgml EXTRA_DIST = $(man_MANS) $(README_FILES) $(MAN_SOURCE_FILES) $(DOC_FILES) STYLESHEET=/usr/share/xml/docbook/stylesheet/nwalsh/html/docbook.xsl STYLEPDF=/usr/share/xml/docbook/stylesheet/nwalsh/pdf/docbook.xsl PARAMS=--stringparam html.stylesheet ck-style.css --stringparam section.autolabel 1 references.html: references.xml xsltproc ${PARAMS} --output references.html ${STYLESHEET} references.xml handbook: handbook.html handbook.html: handbook.xml xsltproc ${PARAMS} --output $@ ${STYLESHEET} $< pdf: handbook.pdf references.pdf %.pdf: %.xml ${DOCBOOK2PDF} $< %.8: %.8.sgml ${DOCBOOK2MAN} $< %.1: %.1.sgml ${DOCBOOK2MAN} $< %.3: %.3.sgml ${DOCBOOK2MAN} $< %.5: %.5.sgml ${DOCBOOK2MAN} $< nufw-2.4.3/doc/nutcpc.10000644000175000017500000001126011431206275011544 00000000000000.\" This manpage has been automatically generated by docbook2man .\" from a DocBook document. This tool can be found at: .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . .TH "NUTCPC" "1" "14 November 2008" "" "" .SH NAME nutcpc \- NuFW console-mode client for GNU/Linux and BSD systems .SH SYNOPSIS \fBnutcpc\fR [ \fB-d \fR ] [ \fB-l \fR ] [ \fB-k \fR ] [ \fB-c \fR ] [ \fB-V \fR ] [ \fB-h \fR ] [ \fB-q \fR ] [ \fB-Q \fR ] [ \fB-N \fR ] [ \fB-H \fINuauth IP\fB\fR ] [ \fB-p \fINuauth port \fB\fR ] [ \fB-U \fIUserID\fB\fR ] [ \fB-P \fIUserPassword\fB\fR ] [ \fB-I \fIInterval\fB\fR ] [ \fB-Z \fIService\fB\fR ] [ \fB-C \fICertFile\fB\fR ] [ \fB-A \fIAuthorityFile\fB\fR ] [ \fB-K \fIKeyFile\fB\fR ] [ \fB-W \fICertPass\fB\fR ] [ \fB-R \fICrlFile\fB\fR ] [ \fB-a \fINuauthDN\fB\fR ] .SH "DESCRIPTION" .PP This manual page documents the \fBnutcpc\fR command. .PP nutcpc is a console-mode client for the NuFW authenticating firewall. It sends authentication packets to the nuauth server. All parameters can be set on commandline but nutcpc can also be configured via the file nuclient.conf(5). .PP Original packaging and informations and help can be found from http://www.nufw.org/ .SH "OPTIONS" .TP \fB-d \fR Debug mode, don't go into background. .TP \fB-l \fR Do not verify whether lock file exists before starting. And do not create lock file. .TP \fB-k \fR Kill existing instances of the program running on our local userID. .TP \fB-c \fR Check if a client is already running. Return error if no client are running. .TP \fB-V \fR Issues program version and exits. .TP \fB-h \fR Issues usage details and exits. .TP \fB-q \fR Do not display running nutcpc options on "ps". Useful when using "-W" .TP \fB-H \fINuauth IP\fB \fR Send authentication packet to \fINuauth IP\fR\&. .TP \fB-p \fINuauth port\fB \fR Send authentication packet to \fINuauth port\fR\&. .TP \fB-U \fIUser ID\fB \fR Set nufw userid to \fIUser ID\fR\&. .TP \fB-P \fIUser Password\fB \fR Set nufw password to \fIUser Password\fR\&. .TP \fB-I \fIInterval\fB \fR Set connection list refresh interval to \fIInterval\fR\&. This option is only useful if nuauth server is in POLL mode. .TP \fB-Z \fIService\fB \fR Set kerberos service name to \fIService\fR\&. .TP \fB-C \fICertFile\fB \fR Use certificate file stored in the file \fICertFile\fR to negotiate the TLS connection to nuauth. .TP \fB-A \fIAuthorityFile\fB \fR Use authority file stored in \fIAuthorityFile\fR and check the validity of nuauth certificate against this authority. Nutcpc will leave if this is not the case. .TP \fB-K \fIKeyFile\fB \fR Use key file stored in the file \fIKeyFile\fR to negotiate the TLS connection to nuauth. .TP \fB-W \fICertPass\fB \fR Use the passphrase \fICertPass\fR to decrypt the certificate. Check the \fI-q\fR option if you use this. .TP \fB-R \fICrlFile\fB \fR Use certificate revocation list file stored in the file \fICrlFile\fR to negotiate the TLS connection to nuauth. nutcpc reloads this file if it gets disconnected from nuauth and needs to reconnect. Since version 2.2.19, nutcpc reloads the CRL file when receiving a HUP signal. .TP \fB-a \fINuauthDN\fB \fR Verify that the certificate given by nuauth has a DN equal to \fINuauthDN\fR\&. Nutcpc will leave if this is not the case. .TP \fB-Q \fR Suppress warning if no certificate authority is configured. .TP \fB-N \fR Suppress error if server FQDN does not match certificate CN. .SH "LOCK FILE" .PP By default, the lock file set by nutcpc is at ~/.nufw/nutcpc. .SH "CERTIFICATE AUTHENTICATION" .PP User authentication can be done using a certificate and a private key. Such a method will be used, if nutcpc can find a certificate at ~/.nufw/cert.pem and the corresponding private key at ~/.nufw/key.pem. The server identity will be checked if a CA certificate is provided in ~/.nufw/cacert.pem. Certificates and key can also be provided on command line or via nuclient.conf(5). .SH "SIGNALS" .TP \fBHUP \fR When receiving this signal, nutcpc attempts to immediately reconnect to the server, if disconnected. The signal is ignored in other cases. .SH "SEE ALSO" .PP nufw(8) .PP nuauth(8) .PP nuclient.conf(5) .SH "AUTHOR" .PP Nuauth was designed and coded by Eric Leblond, aka Regit () , and Vincent Deffontaines, aka gryzor (). Original idea in 2001, while working on NSM Ldap support. .PP This manual page was written by Eric Leblond. .PP Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 2 as published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts. nufw-2.4.3/doc/nuclient.conf.5.sgml0000644000175000017500000001347711431206275013776 00000000000000 manpage.1'. You may view the manual page with: `docbook-to-man manpage.sgml | nroff -man | less'. A typical entry in a Makefile or Makefile.am is: manpage.1: manpage.sgml docbook-to-man $< > $@ The docbook-to-man binary is found in the docbook-to-man package. Please remember that if you create the nroff version in one of the debian/rules file targets (such as build), you will need to include docbook-to-man in your Build-Depends control field. --> Pierre"> Chifflier"> october 24, 2008"> 5"> vincent@gryzor.com"> eric@regit.org"> nuclient.conf"> GNU"> GPL"> ]>
&dhemail;
&dhfirstname; &dhsurname; 2004-2008 &dhusername; &dhdate; &dhucpackage; &dhsection; &dhpackage; nuauth client configuration file /etc/&dhpackage; DESCRIPTION The configuration file &dhpackage; is used by all nuauth clients (for ex, nutcpc or nuapplet2). The file is designed to be human readable and contains a list of keywords with values that provide configuration values for libnuclient. Configuration file uses the key=value format. Note that strings must be enclosed into double-quotes signs ("). Global configuration file is stored in CONFDIR/nuclient.conf and per-user file can be stored in HOME/.nufw/nuclient.conf. Any variable set in the user file will overwrite the one set in the global file. Original packaging and informations and help can be found from http://www.nufw.org/ OPTIONS The different configuration options are: Name of the nuauth server (fully qualified domain name, or IP address). Port number to use on the nuauth server (default: 4129). Certificate authority used to check the validity of nuauth certificate. Certificate file used to negotiate the TLS connection to nuauth. Key of the certificate file from the nuauth_tls_cert option. Certificate revocation list file to use. If the client is disconnected from nuauth, it will reload this file at reconnect. If set to 1, suppress error if server FQDN does not match certificate CN (default: 0). SEE ALSO nufw(8) nuauth(8) nutcpc(1) AUTHOR Nuauth was designed and coded by Eric Leblond, aka Regit (&dhemail;) , and Vincent Deffontaines, aka gryzor (&dhemail2;). Original idea in 2001, while working on NSM Ldap support. This manual page was written by &dhusername;. Permission is granted to copy, distribute and/or modify this document under the terms of the &gnu; Free Documentation License, Version 2 as published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts. nufw-2.4.3/doc/libnuclient.30000644000175000017500000000424511431206275012567 00000000000000.\" This manpage has been automatically generated by docbook2man .\" from a DocBook document. This tool can be found at: .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . .TH "LIBNUCLIENT" "3" "12 mars 2007" "" "" .SH NAME libnuclient \- NUFW client authentication library .SH SYNOPSIS .sp \fB#include .sp NuAuth * nu_client_init (const char *\fInptr\fB, char *\fIusername\fB, unsigned long\fI userid\fB, char *\fI password\fB, char *\fI hostname\fB, unsigned int\fI port\fB, char\fI protocol\fB, char\fI ssl_on\fB); .sp int nu_client_check (NuAuth *\fI session\fB); .sp void nu_client_free (NuAuth *\fIsession\fB); \fR .SH "DESCRIPTION" .PP This manual page documents the \fBlibnuclient\fR library. .PP Use \fBnu_client_init\fR to initialize a authentication session. Then call \fBnu_client_check\fR at regular interval to send authentication packet to the gateway (if needed). When you're finished, call \fBnu_client_free\fR to free the session. .PP Original packaging and informations and help can be found from http://www.nufw.org/ .SH "RETURN VALUE" .PP \fBnu_client_init\fR returns an authentication session usable by \fBnu_client_check\fR or \fBnu_client_free\fR\&. .PP \fBnu_client_check\fR returns the number of packets authenticated to the nuauth server during the call. It returns -1 if an error occur when sending authentication packet. Applications MUST considered that the session is unusable when they receive this error. .SH "ERRORS" .PP \fBnu_client_init\fR return NULL it a problem occur during initiation .SH "SEE ALSO" .PP nuauth(8) .SH "AUTHOR" .PP Nufw was designed and coded by Eric Leblond, aka Regit () , and Vincent Deffontaines, aka gryzor (). Original idea in 2001, while working on NSM Ldap support. .PP This manual page was written by Eric Leblond .PP Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 2 as published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts. nufw-2.4.3/doc/nufw.80000644000175000017500000001521511431206275011242 00000000000000.\" This manpage has been automatically generated by docbook2man .\" from a DocBook document. This tool can be found at: .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . .TH "NUFW" "8" "25 November 2008" "" "" .SH NAME nufw \- NUFW User filtering gateway server .SH SYNOPSIS \fBnufw\fR [ \fB-h\fR ] [ \fB-V\fR ] [ \fB-D\fR ] [ \fB-m\fR ] [ \fB-v[v...]\fR ] [ \fB-s\fR ] [ \fB-S\fR ] [ \fB-N\fR ] [ \fB-A \fIdebug_area\fB\fR ] [ \fB-k \fIkeyfile\fB\fR ] [ \fB-c \fIcertfile\fB\fR ] [ \fB-a \fIcafile\fB\fR ] [ \fB-r \fIcrlfile\fB\fR ] [ \fB-n \fInuauth_cert_dn\fB\fR ] [ \fB-d \fIaddress\fB\fR ] [ \fB-p \fI(remote) port\fB\fR ] [ \fB-t \fItimeout\fB\fR ] [ \fB-T \fItrack_size\fB\fR ] [ \fB-q \fINfQueue_num\fB\fR ] [ \fB-L \fINfqueue_length\fB\fR ] [ \fB-C\fR ] [ \fB-M\fR ] .SH "DESCRIPTION" .PP This manual page documents the \fBnufw\fR command. .PP nufw is the minimalist server, designed to run on the gateway(s) of the network. nufw is designed to run in conjunction with nuauth, the authenticating server. nufw receives network packets from the local firewall (on Linux 2.4 and 2.6, this is set up with the help of '-j NFQUEUE' or '-j QUEUE' netfilter target), and synchronizes with a nuauth server to check packet is authorized to travel through the gateway. .PP The design of the NUFW package lets administrator filter network traffic per user, not only per IP. This means you can now deal with different permissions for user A and user B, even if they work at the same moment, on the same multiuser machine. In other words, this extends firewalling criteria to userID, at the network scale. .PP Original packaging and informations and help can be found from http://www.nufw.org/ .SH "OPTIONS" .TP \fB-h \fR Issues usage details and exits. .TP \fB-V \fR Issues version and exits. .TP \fB-D \fR Run as a daemon. If started as a daemon, nufw logs message to syslog. If you don't specify this option, messages go to the console nufw is running on, both on STDOUT and STDERR. Unless you are debugging something, you should run nufw with this option. .TP \fB-m \fR Mark packets with UserID. This requires the wvmark POM patch applied to netfilter, and is necessary for per user QoS or routing. .TP \fB-v \fR Increases debug level. Multiple switches are accepted and each of them increases the debug level by one. Default debug level is 2, max is 10. .TP \fB-A \fIdebug_areas\fB \fR Chooses debug_area. Default debug area is ALL. To select a subset add value from the following list: .RS .TP 0.2i \(bu DEBUG_AREA_MAIN (1) main domain .TP 0.2i \(bu DEBUG_AREA_PACKET (2) packet domain .TP 0.2i \(bu DEBUG_AREA_USER (4) user domain .TP 0.2i \(bu DEBUG_AREA_GW (8) Gateway domain, interaction with nufw servers. .TP 0.2i \(bu DEBUG_AREA_AUTH (16) Authentication domain .RE .TP \fB-k \fIkeyfile\fB \fR Use specified file as SSL (private) key file. .TP \fB-c \fIcertfile\fB \fR Use specified file as SSL (public) certificate file. .TP \fB-a \fIcafile\fB \fR Use specified file as SSL certificate authority file. .TP \fB-r \fIcrlfile\fB \fR Use specified file as SSL certificate revocation list file. You will need to restart nufw if you modify this file. Since 2.2.19, nufw reloads this file dynamically when receiving a HUP signal. .TP \fB-n \fInuauth_dn\fB \fR Use specified string as the needed DN of nuauth. nufw will refuse to connect if the provided string does not match the DN of the certificate provided by nuauth. If you do not use this option, the DN of the nuauth certificate will be checked against the fully qualified domain name of the nuauth server, obtained from a reverse DNS lookup on nuauth IP address. .TP \fB-s \fR Disable strict TLS checking of the certificate provided by nuauth. .TP \fB-S \fR Force strict TLS checking of the certificate provided by nuauth. This is the default behavior of the daemon since 2.2.18. .TP \fB-N \fR Suppress error if server FQDN does not match certificate CN. .TP \fB-d \fIaddress\fB \fR Network address of the nuauth server. .TP \fB-p \fIport\fB \fR Specifies TCP port to send data to when addressing the nuauth server. Nuauth server must be setup to listen on that port. Default value : 4128 .TP \fB-t \fIseconds\fB \fR Specifies timeout to forget packets not answered for by nuauth. Default value : 15 s. .TP \fB-T \fItrack_size\fB \fR Set maximum number of packets that can wait a decision in nufw. Default value : 1000. .TP \fB-q \fINfQueue number\fB \fR If Nufw was compiled with NfQueue support, Id of the NfQueue to use (default : 0). .TP \fB-L \fINfQueue length\fB \fR Specify the length of the nfnetlink queue used by nufw. This is the number of packets that the kernel will keep internally before dropping new coming packets. .TP \fB-C \fR Listen to conntrack events (needed for connection expiration). .TP \fB-M \fR Only report event on marked connections to nuauth (implies -C and -m) This is the way to do an efficient selection of events to be sent to nuauth but this REQUIRES a kernel with transmit_mark applied (should be ok for 2.6.18+) and the use of CONNMARK to propagate the initial mark across all the packets of the connection. .SH "SIGNALS" .PP The \fBnufw\fR daemon is designed to deal with several signals : USR1, USR2, SYS, WINCH and POLL. .TP \fBUSR1 \fR Increases verbosity. The daemon then acts as if it had been launched with one supplementary '-v'.A line is also added to the system log to mention the signal event. .TP \fBUSR2 \fR Decreases verbosity. The daemon then acts as if it had been launched with one less '-v'. A line is also added to the system log to mention the signal event. .TP \fBSYS \fR Removes the Conntrack events thread. This gets the daemon to work as if the "-C" switch had not been set. This is useful on HA configurations, when one firewall gets passive, for instance. .TP \fBWINCH \fR Starts the Conntrack events thread. This gets the daemon to work as if the "-C" switch had been set at startup. This is useful on HA configurations, when one firewall gets active, for instance. .TP \fBPOLL \fR Logs an "audit" line, mentionning how many network datagrams were received and sent since daemon startup. .SH "SEE ALSO" .PP nuauth(8) .SH "AUTHOR" .PP Nufw was designed and coded by Eric Leblond, aka Regit () , and Vincent Deffontaines, aka gryzor (). Original idea in 2001, while working on NSM Ldap support. .PP This manual page was written by Vincent Deffontaines .PP Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 2 as published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts. nufw-2.4.3/doc/nuclient.conf.50000644000175000017500000000471111431206275013024 00000000000000.\" This manpage has been automatically generated by docbook2man .\" from a DocBook document. This tool can be found at: .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . .TH "NUCLIENT.CONF" "5" "01 February 2009" "" "" .SH NAME nuclient.conf \- nuauth client configuration file .SH SYNOPSIS \fB/etc/nuclient.conf\fR .SH "DESCRIPTION" .PP The configuration file \fBnuclient.conf\fR is used by all nuauth clients (for ex, nutcpc or nuapplet2). .PP The file is designed to be human readable and contains a list of keywords with values that provide configuration values for libnuclient. Configuration file uses the key=value format. .PP Note that strings must be enclosed into double-quotes signs ("). .PP Global configuration file is stored in \fICONFDIR/nuclient.conf\fR and per-user file can be stored in \fIHOME/.nufw/nuclient.conf\fR\&. Any variable set in the user file will overwrite the one set in the global file. .PP Original packaging and informations and help can be found from http://www.nufw.org/ .SH "OPTIONS" .PP The different configuration options are: .TP \fBnuauth_ip \fR Name of the nuauth server (fully qualified domain name, or IP address). .TP \fBnuauth_port \fR Port number to use on the nuauth server (default: 4129). .TP \fBnuauth_tls_ca \fR Certificate authority used to check the validity of nuauth certificate. .TP \fBnuauth_tls_cert \fR Certificate file used to negotiate the TLS connection to nuauth. .TP \fBnuauth_tls_key \fR Key of the certificate file from the \fInuauth_tls_cert\fR option. .TP \fBnuauth_tls_crl \fR Certificate revocation list file to use. If the client is disconnected from nuauth, it will reload this file at reconnect. .TP \fBnuauth_suppress_fqdn_verif \fR If set to 1, suppress error if server FQDN does not match certificate CN (default: 0). .SH "SEE ALSO" .PP nufw(8) .PP nuauth(8) .PP nutcpc(1) .SH "AUTHOR" .PP Nuauth was designed and coded by Eric Leblond, aka Regit () , and Vincent Deffontaines, aka gryzor (). Original idea in 2001, while working on NSM Ldap support. .PP This manual page was written by Pierre Chifflier. .PP Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 2 as published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts. nufw-2.4.3/doc/nuauth.8.sgml0000644000175000017500000002315111431206275012526 00000000000000 manpage.1'. You may view the manual page with: `docbook-to-man manpage.sgml | nroff -man | less'. A typical entry in a Makefile or Makefile.am is: manpage.1: manpage.sgml docbook-to-man $< > $@ The docbook-to-man binary is found in the docbook-to-man package. Please remember that if you create the nroff version in one of the debian/rules file targets (such as build), you will need to include docbook-to-man in your Build-Depends control field. --> Vincent"> Deffontaines"> june 26, 2007"> 8"> vincent@gryzor.com"> eric@regit.org"> nuauth"> GNU"> GPL"> ]>
&dhemail;
&dhfirstname; &dhsurname; 2003-2005 &dhusername; &dhdate; &dhucpackage; &dhsection; &dhpackage; NUFW authentication server &dhpackage; DESCRIPTION This manual page documents the &dhpackage; command. Nuauth is the authentication server of the NUFW package. Whenever a client sends a packet(1) to start a connection through the gateway, the client program (nutcpc), installed on the client's station, sends an authentication packet(2) to nuauth. The gateway's firewall queues the packet(1) and sends informations about it directly to the nuauth server. Nuauth's job is to analyse both packets(1) and (2), and check user owns the right to initialize the connection (s)he has tried to. If Nuauth finds so, Nuauth sends authorization to Nufw to accept the packet(1) through, and the connection gets initialized. If not, the connection is Dropped. Nuauth can use a backend LDAP server for user and groups definitions, as well as Access Lists associated with those groups. Interface to Users/Groups database can also be performed through PAM/NSS. An option is also to store the user database in DBM files. It should be noted that dynamic modifications of the users base can currently only be performed if an LDAP database is used. Original packaging and informations and help can be found from http://www.nufw.org/ OPTIONS Issues usage details and exits. Issues version and exits. Increases verbosity level. Multiple switches are accepted and each of them increases the verbosity level by one. Default verbosity level is 2, max is 10. Specifies TCP port to listen on for clients. Default value : 4129 Address to listen on for NuFW packets. Default : 127.0.0.1 Address to listen on for clients packets. Default : 0.0.0.0 Network address of the nufw (gateway) servers. Only NuFW servers at those addresses will be allowed to talk to nuauth. This option is DEPRECATED and was in use only in v1 of the protocol, which was proof of concept, non-encrypted. Specifies UDP port to send data to when addressing the nufw (gateway) server. Nufw server must be setup to listen on that port. Default value : 4128 Specifies timeout to forget packets not identified, and identification packets matching nothing. Default value : 15 s. Run as a daemon. If started as a daemon, nuauth logs message to syslog. If you don't specify this option, messages go to the console nuauth is running on, both on STDOUT and STDERR. Unless you are debugging something, you should run nuauth with this option. SIGNALS The &dhpackage; daemon is designed to deal with several signals : HUP, USR1, USR2, and POLL. Reload configuration. The &dhpackage; daemon reloads its configuration when receiving this signal. Since 2.2.19, it also refreshes the CRL file content. Increases verbosity. The daemon then acts as if it had been launched with one supplementary '-v'.A line is also added to the system log to mention the signal event. Decreases verbosity. The daemon then acts as if it had been launched with one less '-v'. A line is also added to the system log to mention the signal event. Logs an "audit" line, mentioning how many network datagrams were received and sent since daemon startup. SEE ALSO nufw(8) AUTHOR Nuauth was designed and coded by Eric Leblond, aka Regit (&dhemail2;) , and Vincent Deffontaines, aka gryzor (&dhemail;). Original idea in 2001, while working on NSM Ldap support. This manual page was written by &dhusername; Permission is granted to copy, distribute and/or modify this document under the terms of the &gnu; Free Documentation License, Version 2 as published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts. nufw-2.4.3/doc/nuaclgen.8.sgml0000644000175000017500000002054311431206275013020 00000000000000 manpage.1'. You may view the manual page with: `docbook-to-man manpage.sgml | nroff -man | less'. A typical entry in a Makefile or Makefile.am is: manpage.1: manpage.sgml docbook-to-man $< > $@ The docbook-to-man binary is found in the docbook-to-man package. Please remember that if you create the nroff version in one of the debian/rules file targets (such as build), you will need to include docbook-to-man in your Build-Depends control field. --> Eric"> Leblond"> july 29, 2004"> 8"> vincent@gryzor.com"> eric@regit.org"> nuaclgen"> GNU"> GPL"> ]>
&dhemail;
&dhfirstname; &dhsurname; 2004 &dhusername; &dhdate; &dhucpackage; &dhsection; &dhpackage; NUFW acl generator &dhpackage; &dhpackage; &dhpackage; DN &dhpackage; DESCRIPTION This manual page documents the &dhpackage; command. &dhpackage; is an Access control list generator for the ldap backend of Nuauth, the authentication server of the NUFW package. Original packaging and informations and help can be found from http://www.nufw.org/ OPTIONS Use equality schema or not (Equality schema requires dport be specified, and is the default. Add an acl in the ldap tree with dn Acl DN Specify source network for the acl, with network of the form : aaa.bbb.ccc.ddd[/ee]. Default value : 0.0.0.0/0 Specify destination network for the acl, with network of the form : aaa.bbb.ccc.ddd[/ee]. Default value : 0.0.0.0/0 Specify protocol type for the acl Specify source port(s) for the Acl. NNNN:MMMM can be used to specify a port range. Specify destination port(s) for the Acl. NNNN:MMMM can be used to specify a port range. Specify decision for the Acl. Has to be ACCEPT or DROP. Specify the user group(s) on which Acl apply. Must be of the form : Group1[,Group2[,...]] List Acls for the Group ID group Deletes the Acl stored in the provided Dn Displays a brief resume of available options and quits SEE ALSO nufw(8) nuauth(8) AUTHOR Nuauth was designed and coded by Eric Leblond, aka Regit (&dhemail;) , and Vincent Deffontaines, aka gryzor (&dhemail2;). Original idea in 2001, while working on NSM Ldap support. This manual page was written by &dhusername; and copyrighted by INL (2003-2005) Permission is granted to copy, distribute and/or modify this document under the terms of the &gnu; Free Documentation License, Version 2 as published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts. nufw-2.4.3/doc/acls0000644000175000017500000000616311431206275011041 00000000000000ACLs design ----------- This document aims at describing the way ACLs can be designed, and how they can follow an "order relationship" (?) in Nuauth. This document aims at being an abstract, above any implementation such as LDAP or XML, and allowing full compatibility of Nufw ACLs scheme regardless of the chosen implementation. o ACL definition ---------------- Acls are [possibly] defined by - SrcIPStart - SrcIPEnd - DstIPStart - DstIPEnd - SrcPortStart - SrcPortEnd - DstPortStart - DstPortEnd - Time of day } - Day of week } These need to be more precisely documented, this is fuzzy. - Group ID(s) and decision(s) - internal event, such as "this user has logged in before today" - external event, such as "the sun is shining now" o ACL ordering -------------- Possible ways of ordering ACLs: - first seen matches (this is not applicable to LDAP, where no order is guaranteed in server's answers) - ACls are given a weight, heaviest ACL is applied. In case two or more apply, the most restrictive decision of these ACLs is applied. - ACL hierarchy. Acls can be set as children of another ACL, the youngest generation is the applied one. In case two or more ACLs apply, the most restrictive of these ACLs is applied. This implies a recursive parsing of ACLs every time a decision must be made. - Group hierarchy. This is the chosen way. Groups can be set relative priorities, and the decision is the one of the highest priority group if a conflict arizes. In case two groups with same priority present conflicting decisions, the connection will be refused. The way to set priorities to Groups is something like : The above example results in group 102 having a higher priority than group 101. In case a connection matches both groups, and their decisions are conflictual, the decision linked to group 102 will be used. o Nagios like Abstraction ------------------------- Generic and often used schemes must be extractable, as for instance for working hours. This example is formal, and isnt claimed to work verbatim ! #Define working hours as : monday to friday, 9am to 5pm. monday 32400 friday 61200 #61200 seconds after midnight is 5pm #Define day light : 08 18 Then, to allow group 101 browsing the web at working hours, and deny that to group 102: 101 102 TODO : Add an LDAP example too. nufw-2.4.3/doc/libnuclient.3.sgml0000644000175000017500000001216511431206275013530 00000000000000 manpage.1'. You may view the manual page with: `docbook-to-man manpage.sgml | nroff -man | less'. A typical entry in a Makefile or Makefile.am is: manpage.1: manpage.sgml docbook-to-man $< > $@ The docbook-to-man binary is found in the docbook-to-man package. Please remember that if you create the nroff version in one of the debian/rules file targets (such as build), you will need to include docbook-to-man in your Build-Depends control field. --> Eric"> Leblond"> july 18, 2004"> 3"> regit@inl.fr"> vincent@inl.fr"> libnuclient"> GNU"> GPL"> ]>
&dhemail;
&dhfirstname; &dhsurname; 2004 &dhusername; &dhdate; &dhucpackage; &dhsection; &dhpackage; NUFW client authentication library #include <nuclient.h> NuAuth * nu_client_init const char *nptr char *username unsigned long userid char * password char * hostname unsigned int port char protocol char ssl_on int nu_client_check NuAuth * session void nu_client_free NuAuth *session DESCRIPTION This manual page documents the &dhpackage; library. Use nu_client_init to initialize a authentication session. Then call nu_client_check at regular interval to send authentication packet to the gateway (if needed). When you're finished, call nu_client_free to free the session. Original packaging and informations and help can be found from http://www.nufw.org/ RETURN VALUE nu_client_init returns an authentication session usable by nu_client_check or nu_client_free. nu_client_check returns the number of packets authenticated to the nuauth server during the call. It returns -1 if an error occur when sending authentication packet. Applications MUST considered that the session is unusable when they receive this error. ERRORS nu_client_init return NULL it a problem occur during initiation SEE ALSO nuauth(8) AUTHOR Nufw was designed and coded by Eric Leblond, aka Regit (&dhemail;) , and Vincent Deffontaines, aka gryzor (&dhemail2;). Original idea in 2001, while working on NSM Ldap support. This manual page was written by &dhusername; Permission is granted to copy, distribute and/or modify this document under the terms of the &gnu; Free Documentation License, Version 2 as published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts. nufw-2.4.3/doc/nutcpc.1.sgml0000644000175000017500000002652611431206275012520 00000000000000 manpage.1'. You may view the manual page with: `docbook-to-man manpage.sgml | nroff -man | less'. A typical entry in a Makefile or Makefile.am is: manpage.1: manpage.sgml docbook-to-man $< > $@ The docbook-to-man binary is found in the docbook-to-man package. Please remember that if you create the nroff version in one of the debian/rules file targets (such as build), you will need to include docbook-to-man in your Build-Depends control field. --> Eric"> Leblond"> november 4, 2008"> 1"> vincent@gryzor.com"> eric@regit.org"> nutcpc"> GNU"> GPL"> ]>
&dhemail;
&dhfirstname; &dhsurname; 2004-2008 &dhusername; &dhdate; &dhucpackage; &dhsection; &dhpackage; NuFW console-mode client for GNU/Linux and BSD systems &dhpackage; -d -l -k -c -V -h -q -Q -N DESCRIPTION This manual page documents the &dhpackage; command. &dhpackage; is a console-mode client for the NuFW authenticating firewall. It sends authentication packets to the nuauth server. All parameters can be set on commandline but nutcpc can also be configured via the file nuclient.conf(5). Original packaging and informations and help can be found from http://www.nufw.org/ OPTIONS Debug mode, don't go into background. Do not verify whether lock file exists before starting. And do not create lock file. Kill existing instances of the program running on our local userID. Check if a client is already running. Return error if no client are running. Issues program version and exits. Issues usage details and exits. Do not display running nutcpc options on "ps". Useful when using "-W" Send authentication packet to Nuauth IP. Send authentication packet to Nuauth port. Set nufw userid to User ID. Set nufw password to User Password. Set connection list refresh interval to Interval. This option is only useful if nuauth server is in POLL mode. Set kerberos service name to Service. Use certificate file stored in the file CertFile to negotiate the TLS connection to nuauth. Use authority file stored in AuthorityFile and check the validity of nuauth certificate against this authority. Nutcpc will leave if this is not the case. Use key file stored in the file KeyFile to negotiate the TLS connection to nuauth. Use the passphrase CertPass to decrypt the certificate. Check the -q option if you use this. Use certificate revocation list file stored in the file CrlFile to negotiate the TLS connection to nuauth. nutcpc reloads this file if it gets disconnected from nuauth and needs to reconnect. Since version 2.2.19, nutcpc reloads the CRL file when receiving a HUP signal. Verify that the certificate given by nuauth has a DN equal to NuauthDN. Nutcpc will leave if this is not the case. Suppress warning if no certificate authority is configured. Suppress error if server FQDN does not match certificate CN. LOCK FILE By default, the lock file set by nutcpc is at ~/.nufw/nutcpc. CERTIFICATE AUTHENTICATION User authentication can be done using a certificate and a private key. Such a method will be used, if nutcpc can find a certificate at ~/.nufw/cert.pem and the corresponding private key at ~/.nufw/key.pem. The server identity will be checked if a CA certificate is provided in ~/.nufw/cacert.pem. Certificates and key can also be provided on command line or via nuclient.conf(5). SIGNALS When receiving this signal, nutcpc attempts to immediately reconnect to the server, if disconnected. The signal is ignored in other cases. SEE ALSO nufw(8) nuauth(8) nuclient.conf(5) AUTHOR Nuauth was designed and coded by Eric Leblond, aka Regit (&dhemail;) , and Vincent Deffontaines, aka gryzor (&dhemail2;). Original idea in 2001, while working on NSM Ldap support. This manual page was written by &dhusername;. Permission is granted to copy, distribute and/or modify this document under the terms of the &gnu; Free Documentation License, Version 2 as published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts. nufw-2.4.3/doc/README.log_mysql0000644000175000017500000000421511431206275013055 00000000000000======================================== Quick install guide for log_mysql module ======================================== Description =========== log_mysql module is able to log events related to packet or users in a MySQL database: * user session establishement * user session ending * IP connection opening, establishement, closing * Ip connection dropping Two database schema are available in the conf/directory: * nulog.ipv4.mysql.dump: to be used it you will only log IPv4 IPs * nulog.ipv6.mysql.dump: to be used on mixed IPv4/IPv6 system Installation ============ To install the database, you need to do :: mysqladmin create nufw cat nulog.ipv4.mysql.dump | mysql nufw if nufw will be used in an IPv4 only network or :: mysqladmin create nufw cat nulog.ipv6.mysql.dump | mysql nufw in a IPv4/IPv6 environnement. To use an Ipv6 schema you modify nuauth.conf to uncomment and set to 0 the mysql_use_ipv4_schema variable. If you plan to use NuFW Single Sign On, you should use an IPv4 schema for compatibility with some SSO modules. Furthermore, for performance issue related to SSO, you should create a conntrack_ulog table :: cat conntrack_ulog.ipv4.mysql.dump | mysql nufw You then need to set up nuauth.conf accordingly to your database preferences :: #MYSql server address mysql_server_addr="localhost" #Mysql server port mysql_server_port=3306 #Mysql User to login as mysql_user="myuser" #Mysql password, associated with username mysql_passwd="secret" #Name of MYsql database to connect to mysql_db_name="nufw" #Name of table to connect to for packets logging. Must belong to the chosen database. Specified #user must have rights on this table mysql_table_name="ulog" #Name of table to connect to for user session logging. Must belong to the chosen database. Specified #user must have rights on this table mysql_users_table_name="users" Tools ===== Nulog 2: -------- Nulog2, an advanced log analysis tool is able to use Netfilter and NuFW logs: http://software.inl.fr/trac/trac.cgi/wiki/EdenWall/NuLog2 nutop: ------ Nutop, an ncurses perl script, is included in NuFW sources and provides a top like interface to the SQL database. nufw-2.4.3/doc/nufw.8.sgml0000644000175000017500000003462111431206275012205 00000000000000 manpage.1'. You may view the manual page with: `docbook-to-man manpage.sgml | nroff -man | less'. A typical entry in a Makefile or Makefile.am is: manpage.1: manpage.sgml docbook-to-man $< > $@ The docbook-to-man binary is found in the docbook-to-man package. Please remember that if you create the nroff version in one of the debian/rules file targets (such as build), you will need to include docbook-to-man in your Build-Depends control field. --> Vincent"> Deffontaines"> november 4, 2008"> 8"> vincent@gryzor.com"> eric@regit.org"> nufw"> GNU"> GPL"> ]>
&dhemail;
&dhfirstname; &dhsurname; 2003-2006 &dhusername; &dhdate; &dhucpackage; &dhsection; &dhpackage; NUFW User filtering gateway server &dhpackage; DESCRIPTION This manual page documents the &dhpackage; command. nufw is the minimalist server, designed to run on the gateway(s) of the network. nufw is designed to run in conjunction with nuauth, the authenticating server. nufw receives network packets from the local firewall (on Linux 2.4 and 2.6, this is set up with the help of '-j NFQUEUE' or '-j QUEUE' netfilter target), and synchronizes with a nuauth server to check packet is authorized to travel through the gateway. The design of the NUFW package lets administrator filter network traffic per user, not only per IP. This means you can now deal with different permissions for user A and user B, even if they work at the same moment, on the same multiuser machine. In other words, this extends firewalling criteria to userID, at the network scale. Original packaging and informations and help can be found from http://www.nufw.org/ OPTIONS Issues usage details and exits. Issues version and exits. Run as a daemon. If started as a daemon, nufw logs message to syslog. If you don't specify this option, messages go to the console nufw is running on, both on STDOUT and STDERR. Unless you are debugging something, you should run nufw with this option. Mark packets with UserID. This requires the wvmark POM patch applied to netfilter, and is necessary for per user QoS or routing. Increases debug level. Multiple switches are accepted and each of them increases the debug level by one. Default debug level is 2, max is 10. Chooses debug_area. Default debug area is ALL. To select a subset add value from the following list: DEBUG_AREA_MAIN (1) main domain DEBUG_AREA_PACKET (2) packet domain DEBUG_AREA_USER (4) user domain DEBUG_AREA_GW (8) Gateway domain, interaction with nufw servers. DEBUG_AREA_AUTH (16) Authentication domain Use specified file as SSL (private) key file. Use specified file as SSL (public) certificate file. Use specified file as SSL certificate authority file. Use specified file as SSL certificate revocation list file. You will need to restart nufw if you modify this file. Since 2.2.19, nufw reloads this file dynamically when receiving a HUP signal. Use specified string as the needed DN of nuauth. nufw will refuse to connect if the provided string does not match the DN of the certificate provided by nuauth. If you do not use this option, the DN of the nuauth certificate will be checked against the fully qualified domain name of the nuauth server, obtained from a reverse DNS lookup on nuauth IP address. Disable strict TLS checking of the certificate provided by nuauth. Force strict TLS checking of the certificate provided by nuauth. This is the default behavior of the daemon since 2.2.18. Suppress error if server FQDN does not match certificate CN. Network address of the nuauth server. Specifies TCP port to send data to when addressing the nuauth server. Nuauth server must be setup to listen on that port. Default value : 4128 Specifies timeout to forget packets not answered for by nuauth. Default value : 15 s. Set maximum number of packets that can wait a decision in nufw. Default value : 1000. If Nufw was compiled with NfQueue support, Id of the NfQueue to use (default : 0). Specify the length of the nfnetlink queue used by nufw. This is the number of packets that the kernel will keep internally before dropping new coming packets. Listen to conntrack events (needed for connection expiration). Only report event on marked connections to nuauth (implies -C and -m) This is the way to do an efficient selection of events to be sent to nuauth but this REQUIRES a kernel with transmit_mark applied (should be ok for 2.6.18+) and the use of CONNMARK to propagate the initial mark across all the packets of the connection. SIGNALS The &dhpackage; daemon is designed to deal with several signals : USR1, USR2, SYS, WINCH and POLL. Increases verbosity. The daemon then acts as if it had been launched with one supplementary '-v'.A line is also added to the system log to mention the signal event. Decreases verbosity. The daemon then acts as if it had been launched with one less '-v'. A line is also added to the system log to mention the signal event. Removes the Conntrack events thread. This gets the daemon to work as if the "-C" switch had not been set. This is useful on HA configurations, when one firewall gets passive, for instance. Starts the Conntrack events thread. This gets the daemon to work as if the "-C" switch had been set at startup. This is useful on HA configurations, when one firewall gets active, for instance. Logs an "audit" line, mentionning how many network datagrams were received and sent since daemon startup. SEE ALSO nuauth(8) AUTHOR Nufw was designed and coded by Eric Leblond, aka Regit (&dhemail2;) , and Vincent Deffontaines, aka gryzor (&dhemail;). Original idea in 2001, while working on NSM Ldap support. This manual page was written by &dhusername; Permission is granted to copy, distribute and/or modify this document under the terms of the &gnu; Free Documentation License, Version 2 as published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts. nufw-2.4.3/doc/README.pam_nufw0000644000175000017500000000310611431206275012661 00000000000000PAM_NUFW Documentation ====================== Events ====== pam_nufw is a library to authenticate an user on nuauth when he uses PAM (examples: connect with ssh, authenticate using gdm, su, etc.). pam_nufw use two PAM events: * authentication: line like "auth optional ..." in configuration file ; * session end: line like "session optional ..." in configuration file. First event does connect to nuauth (open a session), and the second does disconnect (close the session). Options ======= pam_nufw accepts following options on the command line: * server=nuauth_ip: Nuauth server IP/hostname * port=nuauth_port: Nuauth port/service name * lock=.pam_nufw: Lock filename * noauth=user1,user2,(...): Don't authenticate these users Default values: * port is 4129 * lockfile is .pam_nufw, located in $HOME/.nufw/ Configuration file example ========================== PAM configuration files are located in /etc/pam.d/. Each program which use PAM may have its own file (eg. /etc/pam.d/ssh and /etc/pam.d/kdm):: #%PAM-1.0 auth requisite pam_nologin.so auth required pam_env.so @include common-auth auth optional pam_nufw.so server=192.168.1.2 port=4129 @include common-account session required pam_limits.so @include common-session session optional pam_nufw.so server=192.168.1.2 port=4129 @include common-password We use auth because we have to know user's password in order to authenticate on nuauth. The pam module closes the connection to nuauth when the application closes the pam session. Comment the session line to suppress disconnection at logout. nufw-2.4.3/doc/README.iface0000644000175000017500000000063011431206275012113 00000000000000====================== Interface name logging ====================== Support of transmission of interface name from kernel to NuFW is available. It can be used by fetching libnfnetlink and libnetfilter_queue from Netfilter with version superior to: * libnfnetlink-0.0.25 * libnetfilter_queue-0.0.13 NuFW's configure will autodetect the presence of a modified version and use the feature if available. nufw-2.4.3/doc/README.mark0000644000175000017500000001015011431206275011774 00000000000000Introduction ============ NuFW is able to set a mark on each packet of a network connection. NuFW sets the mark on the first packet and Netfilter will set the mark on next packets from the same TCP/UDP connection. There are three different modules to set mark: * user-mark: use user identifier * configure option: --with-user-mark * mark-group: use group mark * configure option: --with-mark-group * configuration file: /etc/nufw/mark_group.conf * mark-field: use user application or operating system name * configure option: --with-mark-field * configuration file: /etc/nufw/mark_field.conf All modules are enabled by default. You can use the mark for quality of service (QoS): * use different network depending on the mark, * limit bandwidth, * fix priorities, * etc. Requirements ============ You need a Linux kernel (Netfilter) with NFQUEUE support. IPQ is supported but it is outdated and too complex to use mark conntrack, so use NFQUEUE! Kernel options to have connmark: * CONFIG_NETFILTER_XT_TARGET_CONNMARK * CONFIG_NETFILTER_XT_MATCH_CONNMARK iptables rules ============== To keep mark on next packets of a connection, you have to use --save-mark and --restore-mark:: iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark iptables -t mangle -A POSTROUTING -m mark ! --mark 0x0 -j CONNMARK --save-mark mark-group ========== Syntax of configuration file /etc/nufw/mark_group.conf: --------------------------------------------------------- Each line is "groups;mark" with: * groups: comma separated list of group identifiers * mark: 32-bit unsigned integer Example:: 100:1 1000:2 1020,1050:3 Group 100 will have the mark 1, group 1000 the mark 2, groups 1020 and 1050 the mark 3, and other groups the mark 0 (default mark). You have more options in nuauth configuration file: * mark_group_group_file: mark-group configuration file * mark_group_shift and mark_group_nbits: define where the new mark is written, example: shift=0 and nbits=8 will use the 8 lower bits. Default is shift=0 and nbits=32 (use the whole mark). * mark_group_default_mark: default mark (default: 0) mark-field ========== Syntax of configuration file (/etc/nufw/mark_field.conf): --------------------------------------------------------- Each line is "mark:pattern" with: * mark: 32-bit unsigned integer * pattern: string with joker "*" (match any string Example with mark_field_type=0 (application):: 1:*firefox* 2:*telnet* Application firefox will get the mark 1, telnet the mark 2 and other application the mark 0 (default mark). You have more options in nuauth configuration file: * mark_field_type: 0 will use application name and 1 the operating system name * mark_field_file: mark-group configuration file * mark_field_shift and mark_field_nbits: define where the new mark is written, example: shift=0 and nbits=8 will use the 8 lower bits. Default is shift=0 and nbits=32 (use the whole mark). * mark_field_default_mark: default mark (default: 0) mark-flag ========= This module uses the fact that acl can set a flag in packet. It uses it to modify the mark. It has three options: * mark_flag_nbits: number of bits to overwrite in the mark * mark_flag_mark_shift: shift of overwritten bits * mark_flag_flag_shift: shift in flag to indicate which bits of the flag are used. Here's an ascii art of the system:: msb lsb mark : [####····] nbits=16 shift=16 \\\\ flags : [··####··] shift=8 msb lsb msb : most significant bits lsb : less significant bits Examples: --------- Initial values: ~~~~~~~~~~~~~~~ * mark = 0xAABBCCDD * flags = 0x12345678 Example 1:: mark_flag_nbits=8 mark_flag_mark_shift=0 mark_flag_flag_shift=0 => mark = 0xAABBCC78 ( AABBCC | ..78 ) Example 2:: mark_flag_nbits=16 mark_flag_mark_shift=0 mark_flag_flag_shift=0 => mark = 0xAABB5678 ( AABB | ..5678 ) Example 3:: mark_flag_nbits=16 mark_flag_mark_shift=8 mark_flag_flag_shift=0 => mark = 0xAA5678DD ( AA | ..5678 | DD ) Example 4:: mark_flag_nbits=16 mark_flag_mark_shift=0 mark_flag_flag_shift=8 => mark = 0xAABB3456 ( AABB | ..3456.. ) nufw-2.4.3/depcomp0000755000175000017500000004271311431215377011010 00000000000000#! /bin/sh # depcomp - compile a program generating dependencies as side-effects scriptversion=2007-03-29.01 # Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007 Free Software # Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Originally written by Alexandre Oliva . case $1 in '') echo "$0: No command. Try \`$0 --help' for more information." 1>&2 exit 1; ;; -h | --h*) cat <<\EOF Usage: depcomp [--help] [--version] PROGRAM [ARGS] Run PROGRAMS ARGS to compile a file, generating dependencies as side-effects. Environment variables: depmode Dependency tracking mode. source Source file read by `PROGRAMS ARGS'. object Object file output by `PROGRAMS ARGS'. DEPDIR directory where to store dependencies. depfile Dependency file to output. tmpdepfile Temporary file to use when outputing dependencies. libtool Whether libtool is used (yes/no). Report bugs to . EOF exit $? ;; -v | --v*) echo "depcomp $scriptversion" exit $? ;; esac if test -z "$depmode" || test -z "$source" || test -z "$object"; then echo "depcomp: Variables source, object and depmode must be set" 1>&2 exit 1 fi # Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po. depfile=${depfile-`echo "$object" | sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`} tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} rm -f "$tmpdepfile" # Some modes work just like other modes, but use different flags. We # parameterize here, but still list the modes in the big case below, # to make depend.m4 easier to write. Note that we *cannot* use a case # here, because this file can only contain one case statement. if test "$depmode" = hp; then # HP compiler uses -M and no extra arg. gccflag=-M depmode=gcc fi if test "$depmode" = dashXmstdout; then # This is just like dashmstdout with a different argument. dashmflag=-xM depmode=dashmstdout fi case "$depmode" in gcc3) ## gcc 3 implements dependency tracking that does exactly what ## we want. Yay! Note: for some reason libtool 1.4 doesn't like ## it if -MD -MP comes after the -MF stuff. Hmm. ## Unfortunately, FreeBSD c89 acceptance of flags depends upon ## the command line argument order; so add the flags where they ## appear in depend2.am. Note that the slowdown incurred here ## affects only configure: in makefiles, %FASTDEP% shortcuts this. for arg do case $arg in -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;; *) set fnord "$@" "$arg" ;; esac shift # fnord shift # $arg done "$@" stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi mv "$tmpdepfile" "$depfile" ;; gcc) ## There are various ways to get dependency output from gcc. Here's ## why we pick this rather obscure method: ## - Don't want to use -MD because we'd like the dependencies to end ## up in a subdir. Having to rename by hand is ugly. ## (We might end up doing this anyway to support other compilers.) ## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like ## -MM, not -M (despite what the docs say). ## - Using -M directly means running the compiler twice (even worse ## than renaming). if test -z "$gccflag"; then gccflag=-MD, fi "$@" -Wp,"$gccflag$tmpdepfile" stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" echo "$object : \\" > "$depfile" alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ## The second -e expression handles DOS-style file names with drive letters. sed -e 's/^[^:]*: / /' \ -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" ## This next piece of magic avoids the `deleted header file' problem. ## The problem is that when a header file which appears in a .P file ## is deleted, the dependency causes make to die (because there is ## typically no way to rebuild the header). We avoid this by adding ## dummy dependencies for each header file. Too bad gcc doesn't do ## this for us directly. tr ' ' ' ' < "$tmpdepfile" | ## Some versions of gcc put a space before the `:'. On the theory ## that the space means something, we add a space to the output as ## well. ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; hp) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, # since it is checked for above. exit 1 ;; sgi) if test "$libtool" = yes; then "$@" "-Wp,-MDupdate,$tmpdepfile" else "$@" -MDupdate "$tmpdepfile" fi stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files echo "$object : \\" > "$depfile" # Clip off the initial element (the dependent). Don't try to be # clever and replace this with sed code, as IRIX sed won't handle # lines with more than a fixed number of characters (4096 in # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; # the IRIX cc adds comments like `#:fec' to the end of the # dependency line. tr ' ' ' ' < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \ tr ' ' ' ' >> $depfile echo >> $depfile # The second pass generates a dummy entry for each header file. tr ' ' ' ' < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ >> $depfile else # The sourcefile does not contain any dependencies, so just # store a dummy comment line, to avoid errors with the Makefile # "include basename.Plo" scheme. echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" ;; aix) # The C for AIX Compiler uses -M and outputs the dependencies # in a .u file. In older versions, this file always lives in the # current directory. Also, the AIX compiler puts `$object:' at the # start of each line; $object doesn't have directory information. # Version 6 uses the directory in both cases. dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` test "x$dir" = "x$object" && dir= base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` if test "$libtool" = yes; then tmpdepfile1=$dir$base.u tmpdepfile2=$base.u tmpdepfile3=$dir.libs/$base.u "$@" -Wc,-M else tmpdepfile1=$dir$base.u tmpdepfile2=$dir$base.u tmpdepfile3=$dir$base.u "$@" -M fi stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" exit $stat fi for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" do test -f "$tmpdepfile" && break done if test -f "$tmpdepfile"; then # Each line is of the form `foo.o: dependent.h'. # Do two passes, one to just change these to # `$object: dependent.h' and one to simply `dependent.h:'. sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" # That's a tab and a space in the []. sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" else # The sourcefile does not contain any dependencies, so just # store a dummy comment line, to avoid errors with the Makefile # "include basename.Plo" scheme. echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" ;; icc) # Intel's C compiler understands `-MD -MF file'. However on # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c # ICC 7.0 will fill foo.d with something like # foo.o: sub/foo.c # foo.o: sub/foo.h # which is wrong. We want: # sub/foo.o: sub/foo.c # sub/foo.o: sub/foo.h # sub/foo.c: # sub/foo.h: # ICC 7.1 will output # foo.o: sub/foo.c sub/foo.h # and will wrap long lines using \ : # foo.o: sub/foo.c ... \ # sub/foo.h ... \ # ... "$@" -MD -MF "$tmpdepfile" stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" # Each line is of the form `foo.o: dependent.h', # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'. # Do two passes, one to just change these to # `$object: dependent.h' and one to simply `dependent.h:'. sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" # Some versions of the HPUX 10.20 sed can't process this invocation # correctly. Breaking it into two sed invocations is a workaround. sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; hp2) # The "hp" stanza above does not work with aCC (C++) and HP's ia64 # compilers, which have integrated preprocessors. The correct option # to use with these is +Maked; it writes dependencies to a file named # 'foo.d', which lands next to the object file, wherever that # happens to be. # Much of this is similar to the tru64 case; see comments there. dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` test "x$dir" = "x$object" && dir= base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` if test "$libtool" = yes; then tmpdepfile1=$dir$base.d tmpdepfile2=$dir.libs/$base.d "$@" -Wc,+Maked else tmpdepfile1=$dir$base.d tmpdepfile2=$dir$base.d "$@" +Maked fi stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile1" "$tmpdepfile2" exit $stat fi for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" do test -f "$tmpdepfile" && break done if test -f "$tmpdepfile"; then sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile" # Add `dependent.h:' lines. sed -ne '2,${; s/^ *//; s/ \\*$//; s/$/:/; p;}' "$tmpdepfile" >> "$depfile" else echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" "$tmpdepfile2" ;; tru64) # The Tru64 compiler uses -MD to generate dependencies as a side # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'. # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put # dependencies in `foo.d' instead, so we check for that too. # Subdirectories are respected. dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` test "x$dir" = "x$object" && dir= base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` if test "$libtool" = yes; then # With Tru64 cc, shared objects can also be used to make a # static library. This mechanism is used in libtool 1.4 series to # handle both shared and static libraries in a single compilation. # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d. # # With libtool 1.5 this exception was removed, and libtool now # generates 2 separate objects for the 2 libraries. These two # compilations output dependencies in $dir.libs/$base.o.d and # in $dir$base.o.d. We have to check for both files, because # one of the two compilations can be disabled. We should prefer # $dir$base.o.d over $dir.libs/$base.o.d because the latter is # automatically cleaned when .libs/ is deleted, while ignoring # the former would cause a distcleancheck panic. tmpdepfile1=$dir.libs/$base.lo.d # libtool 1.4 tmpdepfile2=$dir$base.o.d # libtool 1.5 tmpdepfile3=$dir.libs/$base.o.d # libtool 1.5 tmpdepfile4=$dir.libs/$base.d # Compaq CCC V6.2-504 "$@" -Wc,-MD else tmpdepfile1=$dir$base.o.d tmpdepfile2=$dir$base.d tmpdepfile3=$dir$base.d tmpdepfile4=$dir$base.d "$@" -MD fi stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" exit $stat fi for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" do test -f "$tmpdepfile" && break done if test -f "$tmpdepfile"; then sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" # That's a tab and a space in the []. sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" else echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" ;; #nosideeffect) # This comment above is used by automake to tell side-effect # dependency tracking mechanisms from slower ones. dashmstdout) # Important note: in order to support this mode, a compiler *must* # always write the preprocessed file to stdout, regardless of -o. "$@" || exit $? # Remove the call to Libtool. if test "$libtool" = yes; then while test $1 != '--mode=compile'; do shift done shift fi # Remove `-o $object'. IFS=" " for arg do case $arg in -o) shift ;; $object) shift ;; *) set fnord "$@" "$arg" shift # fnord shift # $arg ;; esac done test -z "$dashmflag" && dashmflag=-M # Require at least two characters before searching for `:' # in the target name. This is to cope with DOS-style filenames: # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise. "$@" $dashmflag | sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile" rm -f "$depfile" cat < "$tmpdepfile" > "$depfile" tr ' ' ' ' < "$tmpdepfile" | \ ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; dashXmstdout) # This case only exists to satisfy depend.m4. It is never actually # run, as this mode is specially recognized in the preamble. exit 1 ;; makedepend) "$@" || exit $? # Remove any Libtool call if test "$libtool" = yes; then while test $1 != '--mode=compile'; do shift done shift fi # X makedepend shift cleared=no for arg in "$@"; do case $cleared in no) set ""; shift cleared=yes ;; esac case "$arg" in -D*|-I*) set fnord "$@" "$arg"; shift ;; # Strip any option that makedepend may not understand. Remove # the object too, otherwise makedepend will parse it as a source file. -*|$object) ;; *) set fnord "$@" "$arg"; shift ;; esac done obj_suffix="`echo $object | sed 's/^.*\././'`" touch "$tmpdepfile" ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" rm -f "$depfile" cat < "$tmpdepfile" > "$depfile" sed '1,2d' "$tmpdepfile" | tr ' ' ' ' | \ ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" "$tmpdepfile".bak ;; cpp) # Important note: in order to support this mode, a compiler *must* # always write the preprocessed file to stdout. "$@" || exit $? # Remove the call to Libtool. if test "$libtool" = yes; then while test $1 != '--mode=compile'; do shift done shift fi # Remove `-o $object'. IFS=" " for arg do case $arg in -o) shift ;; $object) shift ;; *) set fnord "$@" "$arg" shift # fnord shift # $arg ;; esac done "$@" -E | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' | sed '$ s: \\$::' > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" cat < "$tmpdepfile" >> "$depfile" sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; msvisualcpp) # Important note: in order to support this mode, a compiler *must* # always write the preprocessed file to stdout, regardless of -o, # because we must use -o when running libtool. "$@" || exit $? IFS=" " for arg do case "$arg" in "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") set fnord "$@" shift shift ;; *) set fnord "$@" "$arg" shift shift ;; esac done "$@" -E | sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile" echo " " >> "$depfile" . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::\1\::p' >> "$depfile" rm -f "$tmpdepfile" ;; none) exec "$@" ;; *) echo "Unknown depmode $depmode" 1>&2 exit 1 ;; esac exit 0 # Local Variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-end: "$" # End: nufw-2.4.3/tests/0000777000175000017500000000000011431215442010643 500000000000000nufw-2.4.3/tests/nuauth.py0000644000175000017500000001046111431206275012443 00000000000000import atexit from inl_tests.process import Process from signal import SIGHUP from mysocket import connectTcp from config import config, NUAUTH_PROG, NUAUTH_START_TIMEOUT, USE_VALGRIND from time import time RELOAD_TIMEOUT = config.getfloat("nuauth", "reload_timeout") INIT_TIMEOUT = 0.100 # 100 ms class NuauthProcess(Process): __instance = None @classmethod def hasInstance(cls): return not(cls.__instance is None) @classmethod def getInstance(cls): if cls.__instance is None: cls.__instance = NuauthProcess() atexit.register(cls._reallyStop) return cls.__instance def __init__(self, debug_level=9): arg = ["-" + "v" * min(max(debug_level, 1), 9)] program = NUAUTH_PROG if USE_VALGRIND: #arg = ["--tool=callgrind", program] + arg #program = "valgrind" arg = ["--log-file-exactly=nuauth.valgrind.log", "--verbose", program] + arg program = "valgrind" Process.__init__(self, program, arg) self.hostname = "localhost" self.need_reload = False self.nufw_port = 4128 self.client_port = 4129 self.config_dirty = False self.need_restart = False if self.isReady(): raise RuntimeError("nuauth is already running!") def isReady(self): """ Check that nuauth is running """ return connectTcp(self.hostname, self.nufw_port, INIT_TIMEOUT) \ and connectTcp(self.hostname, self.client_port, INIT_TIMEOUT) def exited(self, status): if USE_VALGRIND: print "Callgrind logs written in callgrind.out.%s" % self.pid Process.exited(self, status) def reload(self, timeout=RELOAD_TIMEOUT): # Eat output before sending SIGHUP message for line in self.readlines(): pass # Send SIGHUP signal self.info("Reload") self.kill(SIGHUP) self.need_reload = False # Wait until nuauth is reloaded message = "NuAuth server reloaded" start = time() while time()-start <= timeout: for line in self.readlines(timeout=0.250): if message in line: return self.warning('nuauth doesn\'t write message "%s"' % message) @classmethod def _reallyStop(cls): cls.__instance.stop() class Nuauth: def __init__(self, conf=None): # Create attributes self.is_running = False self.conf = conf # Setup configuration self.installConf() # Do you need to restart running nuauth instance? need_restart = False if NuauthProcess.hasInstance(): if NuauthProcess.getInstance().need_restart: need_restart = True elif self.conf: need_restart = self.conf.need_restart # Use running nuauth instance or create a new one? self.nuauth = NuauthProcess.getInstance() if need_restart: self.nuauth.warning("RESTART NUAUTH: Stop running server") self.nuauth.stop() self.nuauth.warning("RESTART NUAUTH: Start new server") self.nuauth = NuauthProcess.getInstance() print "(restart nuauth) ", self.nuauth.need_restart = False # Start nuauth process was_running = self.nuauth.start(restart=False, timeout=NUAUTH_START_TIMEOUT) self.is_running = True # Send SIGHUP if needed if not was_running and (self.conf or self.nuauth.config_dirty): self.reload() # Eat log output for line in self.nuauth.readlines(): pass def reload(self, timeout=RELOAD_TIMEOUT): self.nuauth.reload(timeout) def installConf(self): if self.conf: self.conf.install() def __del__(self): self.stop() def stop(self): if not self.is_running: # avoid double call return if self.conf: self.conf.desinstall() self.nuauth.config_dirty = True self.nuauth.need_restart = self.conf.need_restart self.is_running = False def readline(self, timeout=0, stream="stdout"): return self.nuauth.readline(timeout, stream) def readlines(self, **kw): return self.nuauth.readlines(**kw) nufw-2.4.3/tests/test_syslog.py0000755000175000017500000000236011431206275013520 00000000000000#!/usr/bin/python from unittest import TestCase, main from common import getNuauthConf, createClientWithCerts, connectClient from nuauth import Nuauth from nuauth_conf import NuauthConf from logging import warning class TestLog(TestCase): def setUp(self): config = getNuauthConf() config["nuauth_tls_request_cert"] = "0" config["nuauth_user_logs_module"] = '"syslog"' config["nuauth_user_session_logs_module"] = '"syslog"' self.nuauth = Nuauth(config) def tearDown(self): self.nuauth.stop() def findLog(self, match): warning("Search string >%s< in log" % match) matched = False for line in self.nuauth.readlines(total_timeout=2.0): if match in line: return True return False def testLogin(self): # Client login client = createClientWithCerts() self.assert_(connectClient(client)) # Check log output self.assert_(self.findLog("[nuauth] User %s connect on " % client.username)) # Client logout client.stop() self.assert_(self.findLog("[nuauth] User %s disconnect on " % client.username)) if __name__ == "__main__": print "Test nuauth module 'log_syslog'" main() nufw-2.4.3/tests/test_tls_client.py0000755000175000017500000001114111431206275014335 00000000000000#!/usr/bin/python from unittest import TestCase, main from sys import stderr from common import createClient, createClientWithCerts, connectClient from nuauth import Nuauth from nuauth_conf import NuauthConf from config import config from os.path import join as path_join from os.path import abspath from logging import warning class TestTLSClient(TestCase): def startNuauth(self, dict_args=None): self.cacert = abspath(config.get("test_cert", "cacert")) self.nuconfig = NuauthConf() if dict_args is None: dict_args = dict() for key in dict_args.keys(): self.nuconfig[ key ] = dict_args[key] self.nuauth = Nuauth(self.nuconfig) def stopNuauth(self): self.nuauth.stop() def tearDown(self): #self.client.stop() pass def testClientFQDNCheck(self): self.startNuauth() client1 = createClient(more_args=["-H","nuauth.inl.fr","-A", self.cacert]) client2 = createClient(more_args=["-H","localhost","-A", self.cacert]) self.assert_(connectClient(client1)) self.assert_(not connectClient(client2)) client1.stop() client2.stop() self.stopNuauth() def testClientIgnoreFQDNCheck(self): self.startNuauth() client1 = createClient(more_args=["-H","nuauth.inl.fr","-A", self.cacert]) client2 = createClient(more_args=["-H","localhost","-A", self.cacert,"-N"]) self.assert_(connectClient(client1)) self.assert_(connectClient(client2)) client1.stop() client2.stop() self.stopNuauth() def testClientValidCA(self): self.startNuauth() client = createClient(more_args=["-A", self.cacert]) self.assert_(connectClient(client)) client.stop() self.stopNuauth() def testClientInvalidCA(self): self.startNuauth() cacert = config.get("test_cert", "invalid_cacert") client = createClient(more_args=["-A", cacert]) self.assert_(not connectClient(client)) client.stop() self.stopNuauth() def testClientValidCert(self): args = dict() args["nuauth_tls_request_cert"] = "2" self.startNuauth(args) tls_cert = abspath(config.get("test_cert", "user_cert")) tls_key = abspath(config.get("test_cert", "user_key")) client = createClient(more_args=["-A", self.cacert,"-C",tls_cert,"-K",tls_key]) self.assert_(connectClient(client)) client.stop() self.stopNuauth() def testClientInvalidCert(self): args = dict() args["nuauth_tls_request_cert"] = "2" self.startNuauth(args) cacert = config.get("test_cert", "invalid_cacert") tls_cert = abspath(config.get("test_cert", "user_invalid_cert")) tls_key = abspath(config.get("test_cert", "user_invalid_key")) client = createClient(more_args=["-A", self.cacert,"-C",tls_cert,"-K",tls_key]) self.assert_(not connectClient(client)) client.stop() self.stopNuauth() def testClientRevoked(self): args = dict() args["nuauth_tls_request_cert"] = "1" args["nuauth_tls_crl"] = '"%s"' % abspath(config.get("test_cert", "crl")) self.startNuauth(args) client1 = createClientWithCerts() self.assert_(connectClient(client1)) tls_cert = abspath(config.get("test_cert", "user_revoked_cert")) tls_key = abspath(config.get("test_cert", "user_revoked_key")) client2 = createClient(more_args=["-A", self.cacert,"-C",tls_cert,"-K",tls_key]) self.assert_(not connectClient(client2)) client1.stop() client2.stop() self.stopNuauth() def testClientExpired(self): self.startNuauth() client1 = createClientWithCerts() self.assert_(connectClient(client1)) tls_cert = abspath(config.get("test_cert", "user_expired_cert")) tls_key = abspath(config.get("test_cert", "user_expired_key")) client2 = createClient(more_args=["-A", self.cacert,"-C",tls_cert,"-K",tls_key]) self.assert_(not connectClient(client2)) client1.stop() client2.stop() self.stopNuauth() def testClientInvalidCRL(self): args = dict() args["nuauth_tls_request_cert"] = "2" self.startNuauth(args) invalid_crl = abspath(config.get("test_cert", "invalid_crl")) client = createClient(more_args=["-H","nuauth.inl.fr","-A",self.cacert,"-R",invalid_crl]) self.assert_(not connectClient(client)) client.stop() self.stopNuauth() if __name__ == "__main__": print "Test TLS client capabilities" main() nufw-2.4.3/tests/test_client_cert.py0000755000175000017500000000206111431206275014471 00000000000000#!/usr/bin/python from unittest import TestCase, main from sys import stderr from common import createClient, connectClient from nuauth import Nuauth from nuauth_conf import NuauthConf from config import config from os.path import join as path_join from os.path import abspath class TestClientCert(TestCase): def setUp(self): self.cacert = config.get("test_cert", "cacert") nuconfig = NuauthConf() nuconfig["nuauth_tls_auth_by_cert"] = "0" nuconfig["nuauth_tls_request_cert"] = "0" self.nuauth = Nuauth(nuconfig) def tearDown(self): self.client.stop() self.nuauth.stop() def testValidCert(self): self.client = createClient(more_args=["-A", self.cacert]) self.assert_(connectClient(self.client)) def testInvalidCert(self): cacert = config.get("test_cert", "invalid_cacert") self.client = createClient(more_args=["-A", cacert]) self.assert_(not connectClient(self.client)) if __name__ == "__main__": print "Test nuauth client authentication" main() nufw-2.4.3/tests/Makefile.in0000644000175000017500000003632211431215402012626 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = tests DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = inl_tests pki EXTRA_DIST = defaults.cfg client.py common.py compatibility.py config.py \ filter.py mysocket.py nuauth_conf.py nuauth.py nufw.py nufw_runner.py\ plaintext.py test_all.py test_cert_auth.py test_client_auth.py \ test_client_cert.py test_ipauth_guest.py test_mark_flag.py \ test_mysql.py test_nufw_cert.py test_periods.py \ test_plaintext_acl.py test_plaintext_auth.py test_reject.py \ test_script.py test_syslog.py test_system.py \ test_user_policy.py nufw_runner.py test_session_expire.py \ test_invalid_tcp.py test_acl.py \ test_ldap_acl.py ldapacl.py test_session_authtype.py \ test_tls_client.py test_tls_nuauth.py test_tls_nufw.py all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu tests/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ distdir=`$(am__cd) $(distdir) && pwd`; \ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ (cd $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$top_distdir" \ distdir="$$distdir/$$subdir" \ am__remove_distdir=: \ am__skip_length_check=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-exec-am: install-html: install-html-recursive install-info: install-info-recursive install-man: install-pdf: install-pdf-recursive install-ps: install-ps-recursive installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ install-strip .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic clean-libtool \ ctags ctags-recursive distclean distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/tests/client.py0000644000175000017500000000414611431206275012420 00000000000000from inl_tests.process import Process from config import NUTCPC_PROG, NUAUTH_HOST, NUTCPC_VERSION from IPy import IP from os import getenv import re STARTED_20_REGEX = re.compile("nutcpc .* started") class Client(Process): def __init__(self, username, password, ip, more_args=None): self._username = username self._password = password self._hostname = NUAUTH_HOST if not more_args: more_args = tuple() self._more_args = more_args self.ip = IP(ip) Process.__init__(self, NUTCPC_PROG) home = getenv('HOME') self.setenv('HOME', home) self.updateArgs() def _setUsername(self, username): self._username = username self.updateArgs() def _getUsername(self): return self._username username = property(_getUsername, _setUsername) def _setPassword(self, password): self._password = password self.updateArgs() def _getPassword(self): return self._password password = property(_getPassword, _setPassword) hostname = property(lambda self: self._hostname) def updateArgs(self): args = self._more_args self.program_args = [ ] if not (args and "-H" in args): self.program_args += ["-H", self._hostname] if not (args and "-U" in args): self.program_args += ["-U", self._username] if not (args and "-P" in args): self.program_args += ["-P", self._password] if not (args and "-d" in args): self.program_args += ["-d"] self.program_args.extend(self._more_args) def isReady(self): if NUTCPC_VERSION <= 20200: # nutcpc < 2.2+ for line in self.readlines(): if STARTED_20_REGEX.match(line): self.warning("Client is ready") return True else: # nutcpc >= 2.2+ for line in self.readlines(): if "Client is asked to send new connections" in line: self.warning("Client is ready") return True return False nufw-2.4.3/tests/test_plaintext_auth.py0000755000175000017500000000240411431206275015230 00000000000000#!/usr/bin/python from unittest import TestCase, main from common import createClientWithCerts, connectClient from nuauth import Nuauth from nuauth_conf import NuauthConf from plaintext import USERDB class TestPlaintextAuth(TestCase): def setUp(self): config = NuauthConf() self.users = USERDB self.users.install(config) self.nuauth = Nuauth(config) def tearDown(self): self.nuauth.stop() self.users.desinstall() def testUser1(self): user = USERDB[0] client = user.createClientWithCerts() self.assert_(connectClient(client)) client.stop() def testUser2(self): user = USERDB[1] client = user.createClientWithCerts() self.assert_(connectClient(client)) client.stop() def testInvalidLogin(self): user = USERDB[0] client = createClientWithCerts(user.login+"x", user.password) self.assert_(not connectClient(client)) client.stop() def testInvalidPass(self): user = USERDB[1] client = createClientWithCerts(user.login, user.password+"x") self.assert_(not connectClient(client)) client.stop() if __name__ == "__main__": print "Test nuauth module 'plaintext' for AUTH" main() nufw-2.4.3/tests/pki/0000777000175000017500000000000011431215442011426 500000000000000nufw-2.4.3/tests/pki/Makefile.in0000644000175000017500000002732011431215402013407 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = tests/pki DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ EXTRA_DIST = gen_certs.sh gen_config.sh gen_server_cnf.sh gen_user_cnf.sh gen_subca_cnf.sh KEY_SIZE = 1024 CA_PASS = mypassword CA_DAYS = 7000 CERT_DAYS = 3650 CERT_PASS = weak CRL_NAME = crl.pem CRL_DAYS = 30 CERT_TYPE = server CA_CLI = openssl ca -passin pass:$(CA_PASS) -batch -notext -config openssl.cnf -cert CA.crt -keyfile CA.key all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/pki/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu tests/pki/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic distclean-local dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ clean-local distclean distclean-generic distclean-libtool \ distclean-local distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ uninstall uninstall-am gen_certs: gen_certs.sh ./gen_certs.sh # CA creation CA: openssl.cnf testCA CA.crt testCA: mkdir testCA/{,certs,crl,newcerts,private} echo '01' > ./testCA/serial echo '01' > ./testCA/crlnumber touch ./testCA/index.txt echo 'unique_subject = no' > ./testCA/index.txt.attr CA.crt: CA.csr openssl req -x509 -config openssl.cnf -extensions v3_ca -passin pass:$(CA_PASS) -passout pass:$(CA_PASS) -key CA.key -in CA.csr -out CA.crt -days $(CA_DAYS) CA.csr: CA.key openssl.cnf openssl req -new -passin pass:$(CA_PASS) -passout pass:$(CA_PASS) -config openssl.cnf -batch -key CA.key -out CA.csr -days $(CA_DAYS) CA.key: openssl genrsa -des3 -passout pass:$(CA_PASS) -out CA.key $(KEY_SIZE) # subca subca: subca_req [ "x$(NAME)" != "x" ] || exit 1; \ $(CA_CLI) -extensions v3_ca -in $(NAME).csr -out $(NAME).crt -days $(CA_DAYS) subca_req: [ "x$(NAME)" != "x" ] || exit 1; \ ./gen_subca_cnf.sh "$(NAME)"; \ openssl req -new -config subca.cnf -batch -passout pass:$(CA_PASS) -newkey rsa:$(KEY_SIZE) -keyout $(NAME).key -out $(NAME).csr -days $(CA_DAYS); \ rm -f subca.cnf subcert: req [ "x$(NAME)" != "x" ] || exit 1; \ [ "x$(CA_NAME)" != "x" ] || exit 1; \ openssl ca -passin pass:$(CA_PASS) -batch -notext -config openssl.cnf -cert $(CA_NAME).crt -keyfile $(CA_NAME).key -extensions usr_cert -policy policy_anything -days $(CERT_DAYS) -out $(NAME).crt -infiles $(NAME).csr # certificates generation cert: req [ "x$(NAME)" != "x" ] || exit 1; \ $(CA_CLI) -extensions usr_cert -policy policy_anything -days $(CERT_DAYS) -out $(NAME).crt -infiles $(NAME).csr req: key gen_$(CERT_TYPE)_cnf.sh [ "x$(NAME)" != "x" ] || exit 1; \ ./gen_$(CERT_TYPE)_cnf.sh "$(NAME)"; \ openssl req -new -config $(CERT_TYPE).cnf -batch -key $(NAME).key -out $(NAME).csr -days $(CERT_DAYS) ; \ rm -f $(CERT_TYPE).cnf key: CA [ "x$(NAME)" != "x" ] || exit 1; \ openssl genrsa -out $(NAME).key # Certificates revocation revoke: CA [ "x$(NAME)" != "x" ] || exit 1; \ [ -e "$(NAME)".crt ] || exit 2; \ $(CA_CLI) -revoke $(NAME).crt gencrl: CA $(CA_CLI) -gencrl -crldays $(CRL_DAYS) -out $(CRL_NAME) # Misc stuff openssl.cnf: gen_config.sh ./gen_config.sh clean-local: rm -f *.csr user.cnf server.cnf distclean-local: clean-local rm -f *.{crt,key} crl.pem openssl.cnf rm -rf testCA .PHONY: CA CA_dirs gen_certs # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/tests/pki/gen_config.sh0000755000175000017500000002272111431206275014007 00000000000000#!/bin/sh cat > openssl.cnf << EOF # # OpenSSL example configuration file. # This is mostly being used for generation of certificate requests. # # This definition stops the following lines choking if HOME isn't # defined. HOME = . RANDFILE = $ENV::HOME/.rnd # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid oid_section = new_oids # To use this configuration file with the "-extfile" option of the # "openssl x509" utility, name here the section containing the # X.509v3 extensions to use: # extensions = # (Alternatively, use a configuration file that has only # X.509v3 extensions in its main [= default] section.) [ new_oids ] # We can add new OIDs in here for use by 'ca' and 'req'. # Add a simple OID like this: # testoid1=1.2.3.4 # Or use config file substitution like this: # testoid2=${testoid1}.5.6 #################################################################### [ ca ] default_ca = CA_default # The default ca section #################################################################### [ CA_default ] dir = ./testCA # Where everything is kept certs = ./testCA/certs # Where the issued certs are kept crl_dir = ./testCA/crl # Where the issued crl are kept database = ./testCA/index.txt # database index file. #unique_subject = no # Set to 'no' to allow creation of # several ctificates with same subject. new_certs_dir = ./testCA/newcerts # default place for new certs. certificate = ./testCA/cacert.pem # The CA certificate serial = ./testCA/serial # The current serial number crlnumber = ./testCA/crlnumber # the current crl number # must be commented out to leave a V1 CRL crl = ./testCA/crl.pem # The current CRL private_key = ./testCA/private/cakey.pem# The private key RANDFILE = ./testCA/private/.rand # private random number file x509_extensions = usr_cert # The extentions to add to the cert # Comment out the following two lines for the "traditional" # (and highly broken) format. name_opt = ca_default # Subject Name options cert_opt = ca_default # Certificate field options # Extension copying option: use with caution. # This is required for subjectAltName to work copy_extensions = copy # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. # crlnumber must also be commented out to leave a V1 CRL. # crl_extensions = crl_ext default_days = 3650 # how long to certify for default_crl_days= 300 # how long before next CRL default_md = sha1 # which md to use. preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look # For type CA, the listed attributes must be the same, and the optional # and supplied fields are just that :-) policy = policy_match # For the CA policy [ policy_match ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional # For the 'anything' policy # At this point in time, you must list all acceptable 'object' # types. [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional #################################################################### [ req ] default_bits = 1024 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert # Passwords for private keys if not present they will be prompted for # input_password = secret # output_password = secret # This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString. # utf8only: only UTF8Strings. # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). # MASK:XXXX a literal mask value. # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings # so use this option with caution! string_mask = nombstr # req_extensions = v3_req # The extensions to add to a certificate request [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = FR countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = France localityName = Locality Name (eg, city) localityName_default = Paris 0.organizationName = Organization Name (eg, company) 0.organizationName_default = INL # we can do this but it is not needed normally :-) #1.organizationName = Second Organization Name (eg, company) #1.organizationName_default = World Wide Web Pty Ltd organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = INL tests commonName = Common Name (eg, YOUR name) commonName_max = 64 emailAddress = Email Address emailAddress_max = 64 # SET-ex3 = SET extension number 3 [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 unstructuredName = An optional company name [ usr_cert ] # These extensions are added when 'ca' signs a request. # This goes against PKIX guidelines but some CAs do it and some software # requires this to avoid interpreting an end user certificate as a CA. basicConstraints=CA:FALSE # Here are some examples of the usage of nsCertType. If it is omitted # the certificate can be used for anything *except* object signing. # This is OK for an SSL server. # nsCertType = server # For an object signing certificate this would be used. # nsCertType = objsign # For normal client use this is typical # nsCertType = client, email # and for everything including object signing: # nsCertType = client, email, objsign # This is typical in keyUsage for a client certificate. # keyUsage = nonRepudiation, digitalSignature, keyEncipherment # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer # This stuff is for subjectAltName and issuerAltname. # Import the email address. # subjectAltName=email:copy # An alternative to produce certificates that aren't # deprecated according to PKIX. # subjectAltName=email:move # Copy subject details # issuerAltName=issuer:copy nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem #nsBaseUrl #nsRevocationUrl #nsRenewalUrl #nsCaPolicyUrl #nsSslServerName [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment [ v3_ca ] # Extensions for a typical CA # PKIX recommendation. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always authorityInfoAccess = OCSP;URI:http://ocsp.inl.fr/ # This is what PKIX recommends but some broken software chokes on critical # extensions. basicConstraints = critical,CA:true # So we do this instead. #basicConstraints = CA:true # Key usage: this is typical for a CA certificate. However since it will # prevent it being used as an test self-signed certificate it is best # left out by default. # keyUsage = cRLSign, keyCertSign keyUsage = cRLSign, keyCertSign # Some might want this also # nsCertType = sslCA, emailCA nsCertType = sslCA, emailCA # Include email address in subject alt name: another PKIX recommendation # subjectAltName=email:copy # Copy issuer details # issuerAltName=issuer:copy # DER hex encoding of an extension: beware experts only! # obj=DER:02:03 # Where 'obj' is a standard or added object # You can even override a supported extension: # basicConstraints= critical, DER:30:03:01:01:FF [ crl_ext ] # CRL extensions. # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. # issuerAltName=issuer:copy authorityKeyIdentifier=keyid:always,issuer:always [ proxy_cert_ext ] # These extensions should be added when creating a proxy certificate # This goes against PKIX guidelines but some CAs do it and some software # requires this to avoid interpreting an end user certificate as a CA. basicConstraints=CA:FALSE # Here are some examples of the usage of nsCertType. If it is omitted # the certificate can be used for anything *except* object signing. # This is OK for an SSL server. # nsCertType = server # For an object signing certificate this would be used. # nsCertType = objsign # For normal client use this is typical # nsCertType = client, email # and for everything including object signing: # nsCertType = client, email, objsign # This is typical in keyUsage for a client certificate. # keyUsage = nonRepudiation, digitalSignature, keyEncipherment # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always # This stuff is for subjectAltName and issuerAltname. # Import the email address. # subjectAltName=email:copy # An alternative to produce certificates that aren't # deprecated according to PKIX. # subjectAltName=email:move # Copy subject details # issuerAltName=issuer:copy #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem #nsBaseUrl #nsRevocationUrl #nsRenewalUrl #nsCaPolicyUrl #nsSslServerName # This really needs to be in place for it to be a proxy certificate. proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo EOF nufw-2.4.3/tests/pki/Makefile.am0000644000175000017500000000515511431206275013410 00000000000000 EXTRA_DIST = gen_certs.sh gen_config.sh gen_server_cnf.sh gen_user_cnf.sh gen_subca_cnf.sh KEY_SIZE = 1024 CA_PASS = mypassword CA_DAYS = 7000 CERT_DAYS = 3650 CERT_PASS = weak CRL_NAME = crl.pem CRL_DAYS = 30 CERT_TYPE = server CA_CLI = openssl ca -passin pass:$(CA_PASS) -batch -notext -config openssl.cnf -cert CA.crt -keyfile CA.key gen_certs: gen_certs.sh ./gen_certs.sh # CA creation CA: openssl.cnf testCA CA.crt testCA: mkdir testCA/{,certs,crl,newcerts,private} echo '01' > ./testCA/serial echo '01' > ./testCA/crlnumber touch ./testCA/index.txt echo 'unique_subject = no' > ./testCA/index.txt.attr CA.crt: CA.csr openssl req -x509 -config openssl.cnf -extensions v3_ca -passin pass:$(CA_PASS) -passout pass:$(CA_PASS) -key CA.key -in CA.csr -out CA.crt -days $(CA_DAYS) CA.csr: CA.key openssl.cnf openssl req -new -passin pass:$(CA_PASS) -passout pass:$(CA_PASS) -config openssl.cnf -batch -key CA.key -out CA.csr -days $(CA_DAYS) CA.key: openssl genrsa -des3 -passout pass:$(CA_PASS) -out CA.key $(KEY_SIZE) # subca subca: subca_req [ "x$(NAME)" != "x" ] || exit 1; \ $(CA_CLI) -extensions v3_ca -in $(NAME).csr -out $(NAME).crt -days $(CA_DAYS) subca_req: [ "x$(NAME)" != "x" ] || exit 1; \ ./gen_subca_cnf.sh "$(NAME)"; \ openssl req -new -config subca.cnf -batch -passout pass:$(CA_PASS) -newkey rsa:$(KEY_SIZE) -keyout $(NAME).key -out $(NAME).csr -days $(CA_DAYS); \ rm -f subca.cnf subcert: req [ "x$(NAME)" != "x" ] || exit 1; \ [ "x$(CA_NAME)" != "x" ] || exit 1; \ openssl ca -passin pass:$(CA_PASS) -batch -notext -config openssl.cnf -cert $(CA_NAME).crt -keyfile $(CA_NAME).key -extensions usr_cert -policy policy_anything -days $(CERT_DAYS) -out $(NAME).crt -infiles $(NAME).csr # certificates generation cert: req [ "x$(NAME)" != "x" ] || exit 1; \ $(CA_CLI) -extensions usr_cert -policy policy_anything -days $(CERT_DAYS) -out $(NAME).crt -infiles $(NAME).csr req: key gen_$(CERT_TYPE)_cnf.sh [ "x$(NAME)" != "x" ] || exit 1; \ ./gen_$(CERT_TYPE)_cnf.sh "$(NAME)"; \ openssl req -new -config $(CERT_TYPE).cnf -batch -key $(NAME).key -out $(NAME).csr -days $(CERT_DAYS) ; \ rm -f $(CERT_TYPE).cnf key: CA [ "x$(NAME)" != "x" ] || exit 1; \ openssl genrsa -out $(NAME).key # Certificates revocation revoke: CA [ "x$(NAME)" != "x" ] || exit 1; \ [ -e "$(NAME)".crt ] || exit 2; \ $(CA_CLI) -revoke $(NAME).crt gencrl: CA $(CA_CLI) -gencrl -crldays $(CRL_DAYS) -out $(CRL_NAME) # Misc stuff openssl.cnf: gen_config.sh ./gen_config.sh clean-local: rm -f *.csr user.cnf server.cnf distclean-local: clean-local rm -f *.{crt,key} crl.pem openssl.cnf rm -rf testCA .PHONY: CA CA_dirs gen_certs nufw-2.4.3/tests/pki/gen_certs.sh0000755000175000017500000000153311431206275013660 00000000000000#!/bin/sh # generates certificates for tests set -e make clean make CA make cert NAME="nuauth.inl.fr" CERT_TYPE=server make cert NAME="nufw.inl.fr" CERT_TYPE=user make cert NAME="client.inl.fr" CERT_TYPE=user make cert NAME="nuauth-expired.inl.fr" CERT_TYPE=server CERT_DAYS=-1 make cert NAME="nufw-expired.inl.fr" CERT_TYPE=user CERT_DAYS=-1 make cert NAME="client-expired.inl.fr" CERT_TYPE=user CERT_DAYS=-1 make cert NAME="nuauth-revoked.inl.fr" CERT_TYPE=server make revoke NAME="nuauth-revoked.inl.fr" make cert NAME="client-revoked.inl.fr" CERT_TYPE=user make revoke NAME="client-revoked.inl.fr" # subca stuff make subca NAME="sub1" make subcert NAME=subserver1 CA_NAME=sub1 CERT_TYPE=server make subcert NAME=subuser1 CA_NAME=sub1 CERT_TYPE=user chmod o-rwx *.key make gencrl make gencrl CRL_NAME="crl-expired.pem" CRL_DAYS=-1 make clean nufw-2.4.3/tests/pki/gen_user_cnf.sh0000755000175000017500000000107511431206275014345 00000000000000#!/bin/sh set -e CN=$1 cat > user.cnf << EOF [ req ] default_bits = 1024 distinguished_name = admin string_mask = nombstr req_extensions = extensions input_password = secret output_password = secret [ admin ] commonName = $CN commonName_value = user commonName_max = 64 emailAddress = Email Address emailAddress_value = admin@localhost.edu emailAddress_max = 40 [ extensions ] nsCertType = client,email basicConstraints = critical,CA:false EOF nufw-2.4.3/tests/pki/gen_subca_cnf.sh0000755000175000017500000000262511431206275014466 00000000000000#!/bin/sh set -e CN=$1 cat > subca.cnf << EOF [ req ] default_bits = 1024 distinguished_name = $CN string_mask = nombstr req_extensions = v3_ca input_password = secret output_password = secret [ $CN ] countryName = Country Code countryName_value = FR countryName_min = 2 countryName_max = 2 stateOrProvinceName = State Name stateOrProvinceName_value = France localityName = Locality Name localityName_value = Paris organizationName = Organization Name organizationName_value = INL organizationalUnitName = Organizational Unit Name organizationalUnitName_value = INL tests commonName = Common Name commonName_value = $CN commonName_max = 64 emailAddress = Email Address emailAddress_value = admin@localhost.edu emailAddress_max = 40 [ v3_ca ] basicConstraints = critical,CA:true # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier = hash #authorityKeyIdentifier = keyid:always authorityInfoAccess = OCSP;URI:http://ocsp.inl.fr/ keyUsage = cRLSign, keyCertSign nsCertType = sslCA, emailCA EOF nufw-2.4.3/tests/pki/gen_server_cnf.sh0000755000175000017500000000317511431206275014700 00000000000000#!/bin/sh set -e CN=$1 cat > server.cnf << EOF [ req ] default_bits = 1024 distinguished_name = $CN string_mask = nombstr req_extensions = v3_req input_password = secret output_password = secret [ $CN ] countryName = Country Code countryName_value = FR countryName_min = 2 countryName_max = 2 stateOrProvinceName = State Name stateOrProvinceName_value = France localityName = Locality Name localityName_value = Paris organizationName = Organization Name organizationName_value = INL organizationalUnitName = Organizational Unit Name organizationalUnitName_value = INL tests commonName = Common Name commonName_value = $CN commonName_max = 64 emailAddress = Email Address emailAddress_value = admin@localhost.edu emailAddress_max = 40 [ v3_req ] nsCertType = server basicConstraints = critical,CA:false # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier = hash # do *not* include email address in subject name (CN field) #subjectAltName = email:move subjectAltName = DNS:$1,DNS:blah1,DNS:blah2 #subjectAltName = @alt_names #[alt_names] #DNS.1 = lance.eng.networktest.com #DNS.2 = mail.freedonia.gov #DNS.3 = mail.potrzebie.org #DNS.4 = mail.furshlugginer.org EOF nufw-2.4.3/tests/mysocket.py0000644000175000017500000000262211431206275012775 00000000000000from socket import (socket, AF_INET, SOCK_STREAM, error as socket_error, timeout as socket_timeout) from logging import info from errno import ETIMEDOUT, ENETUNREACH, EISCONN def connectTcp(host, port, timeout): """ timeout can be 'None' (no timeout) """ try: conn = socket(AF_INET, SOCK_STREAM) conn.settimeout(timeout) conn.connect((host,port)) conn.close() info("connectTcp(%s, %s, timeout=%s): success" % (host, port, timeout)) return True except socket_timeout: info("connectTcp(%s, %s, timeout=%s): timeout" % (host, port, timeout)) return False except socket_error, err: info("connectTcp(%s, %s, timeout=%s): socket error: %s" % (host, port, timeout, err)) return False def connectTcpFail(host, port, timeout): """ timeout can be 'None' (no timeout) """ try: conn = socket(AF_INET, SOCK_STREAM) conn.settimeout(timeout) conn.connect((host,port)) conn.close() info("connectTcp(%s, %s, timeout=%s): success" % (host, port, timeout)) return EISCONN except socket_timeout: info("connectTcp(%s, %s, timeout=%s): timeout" % (host, port, timeout)) return ETIMEDOUT except socket_error, (code, msg): info("connectTcp(%s, %s, timeout=%s): socket error: %s, %s" % (host, port, timeout, code, msg)) return code nufw-2.4.3/tests/README0000644000175000017500000000154311431206275011446 00000000000000NuFW testing ============ This implements a testing system for NuFW. Results of tests on different architectures are available at: https://buildbot.inl.fr/ Requirements ------------ * NuFW 2.0 or 2.2 * Python IPy * Python MySQL DB * PyNetfilter-conntrack Write config.cfg ---------------- First, you need a valid installation of NuFW (version 2.0 or 2.2) with: * nufw * nuauth * nutcpc You need a valid account to be able to run nutcpc. You may configure tests and write your own config based on defaults.cfg:: cp defaults.cfg config.cfg defaults.cfg is loaded before config.cfg. So you can just change few options in you config.cfg. Run tests --------- Now you can run one test, example:: ./test_plaintext_auth.py Or to run all tests together:: ./test_all.py The call to "make check" will also triggered the run of test_all.py. nufw-2.4.3/tests/test_tls_nufw.py0000755000175000017500000001055011431206275014041 00000000000000#!/usr/bin/python from compatibility import any from unittest import TestCase, main from sys import stderr from common import createClient, connectClient, PASSWORD, startNufw from nuauth import Nuauth from config import config from inl_tests.iptables import Iptables from nuauth_conf import NuauthConf from mysocket import connectTcp from filter import testAllowPort, testPort, HOST, VALID_PORT # We perform the cert check wether a client can connect or not from plaintext import USERDB from plaintext import PlaintextAcl from os.path import abspath # TODO: check -n=CN:... TIMEOUT = 2.0 class TestTLSNufw(TestCase): def setUp(self): self.iptables = Iptables() self.port = VALID_PORT self.host = HOST self.cacert = abspath(config.get("test_cert", "cacert")) def startNuauth(self, dict_args=None): self.nuconfig = NuauthConf() self.nuconfig["nuauth_tls_request_cert"] = "2" self.nuconfig["nuauth_tls_crl"] = '"%s"' % abspath(config.get("test_cert", "crl")) if dict_args is None: dict_args = dict() for key in dict_args.keys(): self.nuconfig[ key ] = dict_args[key] self.nuauth = Nuauth(self.nuconfig) def tearDown(self): self.nuauth.stop() self.nuconfig.desinstall() self.iptables.flush() def connectNuauthNufw(self): # Open TCP connection just to connect nufw to nuauth self.iptables.filterTcp(self.port) connectTcp(HOST, self.port, 0.100) # nufw side # "TLS connection to nuauth can NOT be restored" def testNufwValidCert(self): self.startNuauth() self.nufw = startNufw() self.connectNuauthNufw() self.assert_(self.nufw_connection_is_established()) self.nufw.stop() self.nuauth.stop() def testNufwFQDNCheck(self): self.startNuauth() self.nufw = startNufw(["-d","127.0.0.1"]) self.connectNuauthNufw() self.assert_(not self.nufw_connection_is_established()) self.nufw.stop() self.nufw = startNufw(["-d","nuauth.inl.fr"]) self.connectNuauthNufw() self.assert_(self.nufw_connection_is_established()) self.nufw.stop() self.nuauth.stop() def testNufwIgnoreFQDNCheck(self): self.startNuauth() self.nufw = startNufw(["-d","127.0.0.1"]) self.connectNuauthNufw() self.assert_(not self.nufw_connection_is_established()) self.nufw.stop() self.nufw = startNufw(["-d","127.0.0.1","-N"]) self.connectNuauthNufw() self.assert_(self.nufw_connection_is_established()) self.nufw.stop() self.nuauth.stop() def get_tls_cert_invalid(self): for line in self.nufw.readlines(total_timeout=TIMEOUT): if line.lower().find('certificate verification failed') >= 0: return True return False def testNufwInvalidCA(self): self.startNuauth() invalid_cacert = config.get("test_cert", "invalid_cacert") self.nufw = startNufw(["-a", invalid_cacert]) self.connectNuauthNufw() self.assert_(self.get_tls_cert_invalid()) self.nufw.stop() self.nuauth.stop() # If NuFW does not run under the strict mode, the provided certificates in svn # will be accepted and the client will be able to authenticate and then be # accepted by the firewall. This is what we want to check here def testNotStrictMode(self): self.startNuauth() self.nufw = startNufw(["-s"]) self.connectNuauthNufw() self.assert_(self.nufw_connection_is_established()) self.nufw.stop() self.nuauth.stop() def testStrictMode(self): self.startNuauth() self.nufw = startNufw() self.connectNuauthNufw() self.assert_(self.nufw_connection_is_established()) self.nufw.stop() self.nuauth.stop() def nufw_connection_is_established(self): if self.nufw.is_connected_to_nuauth: return True for line in self.nufw.readlines(total_timeout=TIMEOUT): if line.lower().find("tls connection to nuauth established") >= 0: return True if line.lower().find("tls connection to nuauth restored") >= 0: return True return False if __name__ == "__main__": print "Test TLS nufw capabilities" main() nufw-2.4.3/tests/test_mysql.py0000755000175000017500000002250611431206275013351 00000000000000#!/usr/bin/python from unittest import TestCase, main from common import connectClient, startNufw, retry from logging import info from time import time, mktime from inl_tests.iptables import Iptables from socket import ntohl from filter import testAllowPort, testDisallowPort, VALID_PORT, INVALID_PORT from datetime import datetime from IPy import IP import platform from os.path import basename, realpath from sys import argv, executable from nuauth import Nuauth from nuauth_conf import NuauthConf from plaintext import USERDB, PlaintextAcl from config import config as test_config def datetime2unix(timestamp): tm = timestamp.timetuple() return int(mktime(tm)) POSTGRESQL = False config = NuauthConf() if POSTGRESQL: import pgdb DB_PACKET_TABLE = config["pgsql_table_name"] DB_USER_TABLE = config["pgsql_users_table_name"] DB_SERVER = config["pgsql_server_addr"] DB_USER = config["pgsql_user"] DB_PASSWORD = config["pgsql_passwd"] DB_DBNAME = config["pgsql_db_name"] QUERY_TIMEOUT = test_config.getfloat('test_pgsql', 'query_timeout') else: import MySQLdb DB_PACKET_TABLE = config["mysql_table_name"] DB_USER_TABLE = config["mysql_users_table_name"] DB_SERVER = config["mysql_server_addr"] DB_USER = config["mysql_user"] DB_PASSWORD = config["mysql_passwd"] DB_DBNAME = config["mysql_db_name"] QUERY_TIMEOUT = test_config.getfloat('test_mysql', 'query_timeout') OS_SYSNAME = platform.system() # 'Linux' OS_RELEASE = platform.release() # '2.6.19.2-haypo' OS_VERSION = platform.version() # '#2 Mon Feb 5 10:55:30 CET 2007' CLIENT_OS = "-".join( (OS_SYSNAME, OS_VERSION, OS_RELEASE) ) CLIENT_APP = realpath(executable) LOG_PREFIX = "42:ETH0-IF" OOB_PREFIX = "%s ACCEPT" % LOG_PREFIX def datetime_now(delta=0): # Use datetime.fromtimestamp() with int(time()) to have microsecond=0 return datetime.fromtimestamp(int(time()+delta)) def datetime_before(): return datetime_now(-1.1) def datetime_after(): return datetime_now(1.1) def formatTimestamp(ts): if POSTGRESQL: return "ABSTIME(%s)" % ts else: return "FROM_UNIXTIME(%s)" % ts class MysqlLog(TestCase): def setUp(self): startNufw(["-s"]) config = NuauthConf() config["nuauth_log_users"] = '9' config["mysql_prefix_version"] = '1' if POSTGRESQL: config.need_restart = True self.conn = pgdb.connect( host=DB_SERVER, user=DB_USER, password=DB_PASSWORD, database=DB_DBNAME) config["nuauth_user_logs_module"] = '"pgsql"' config["nuauth_user_session_logs_module"] = '"pgsql"' else: self.conn = MySQLdb.Connect( host=DB_SERVER, user=DB_USER, passwd=DB_PASSWORD, db=DB_DBNAME) config["nuauth_user_logs_module"] = '"mysql"' config["nuauth_user_session_logs_module"] = '"mysql"' self.users = USERDB self.user = self.users[0] self.acls = PlaintextAcl() self.acls.addAcl("web", VALID_PORT, self.user.gid, log_prefix=LOG_PREFIX) self.users.install(config) self.acls.install(config) self.nuauth = Nuauth(config) self.start_time = int(time()-1.1) def query(self, sql): if POSTGRESQL: prefix = "PostgreSQL" else: prefix = "MySQL" info("%s query: %s" % (prefix, sql)) cursor = self.conn.cursor() cursor.execute(sql) info("%s result: %s rows" % (prefix, cursor.rowcount)) return cursor def fetchone(self, cursor): row = cursor.fetchone() if POSTGRESQL: info("PostgreSQL fetchone(): %s" % repr(row)) else: info("MySQL fetchone(): %s" % repr(row)) return row def tearDown(self): # Stop nuauth self.nuauth.stop() self.conn.close() self.users.desinstall() self.acls.desinstall() def _login(self, sql): # Client login client = self.user.createClientWithCerts() self.assert_(connectClient(client)) # Check number of rows for when in retry(timeout=QUERY_TIMEOUT): cursor = self.query(sql) for line in self.nuauth.readlines(): pass if cursor.rowcount: break self.assertEqual(cursor.rowcount, 1) # Read row columns (ip_saddr, user_id, username, os_sysname, os_release, os_version, end_time) = self.fetchone(cursor) if not POSTGRESQL: ip_saddr = ntohl(ip_saddr) & 0xFFFFFFFF # Check values self.assertEqual(IP(ip_saddr), client.ip) self.assertEqual(user_id, self.user.uid) self.assertEqual(username, client.username) self.assertEqual(os_sysname, OS_SYSNAME) self.assertEqual(os_release, OS_RELEASE) self.assertEqual(os_version, OS_VERSION) return client def _logout(self, sql, client): # Client logout # Use datetime.fromtimestamp() with int(time()) to have microsecond=0 logout_before = datetime_before() client.stop() for when in retry(timeout=QUERY_TIMEOUT): # Get last MySQL row cursor = self.query(sql) # Check number of rows if not cursor.rowcount: continue self.assertEqual(cursor.rowcount, 1) # Read row columns (ip_saddr, user_id, username, os_sysname, os_release, os_version, end_time) = self.fetchone(cursor) if not end_time: continue break # Check values if not POSTGRESQL: # FIXME: Convert string to datetime for PostgreSQL logout_after = datetime_after() self.assert_(logout_before <= end_time <= logout_after) class MysqlLogUser(MysqlLog): def testUserLogin(self): """ User log in and logout: make sure that MySQL records login and then logout (and only once) with the right parameters. """ # Delete old entries in MySQL user session table self.query("DELETE FROM %s WHERE start_time >= %s;" \ % (DB_USER_TABLE, formatTimestamp(self.start_time))) sql = \ "SELECT ip_saddr, user_id, username, " \ "os_sysname, os_release, os_version, end_time " \ "FROM %s WHERE start_time >= %s " \ "ORDER BY start_time DESC;" % (DB_USER_TABLE, formatTimestamp(self.start_time)) client = self._login(sql) self._logout(sql, client) class MysqlLogPacket(MysqlLog): def setUp(self): self.iptables = Iptables() MysqlLog.setUp(self) def tearDown(self): MysqlLog.tearDown(self) self.iptables.flush() def testFilter(self): """ User logs in, opens an authenticated connection, and closes the connection. Make sure that MySQL records the connection, only once, with the right parameters. """ client = self.user.createClientWithCerts() time_before = int(time()) timestamp_before = datetime_before() # Open allowed port testAllowPort(self, self.iptables, client) # Query DB if not POSTGRESQL: timestamp_field = "timestamp, " else: timestamp_field = "" sql = \ "SELECT username, user_id, client_os, client_app, " \ "tcp_dport, ip_saddr, ip_daddr, oob_time_sec, ip_protocol, " \ "%sstart_timestamp, end_timestamp, oob_prefix " \ "FROM %s WHERE oob_time_sec >= %s AND state=1;" \ % (timestamp_field, DB_PACKET_TABLE, time_before) # Do the query for when in retry(timeout=QUERY_TIMEOUT): cursor = self.query(sql) if cursor.rowcount: break # Read result row = self.fetchone(cursor) timestamp_after = datetime_after() self.assertEqual(cursor.rowcount, 1) if POSTGRESQL: (username, user_id, client_os, client_app, tcp_dport, ip_saddr, ip_daddr, oob_time_sec, ip_protocol, start_timestamp, end_timestamp, oob_prefix) = row else: (username, user_id, client_os, client_app, tcp_dport, ip_saddr, ip_daddr, oob_time_sec, ip_protocol, timestamp, start_timestamp, end_timestamp, oob_prefix) = row # Check values self.assertEqual(username, client.username) self.assertEqual(user_id, self.user.uid) self.assertEqual(client_os, CLIENT_OS) self.assertEqual(client_app, CLIENT_APP) self.assertEqual(tcp_dport, VALID_PORT) self.assertEqual(IP(ip_saddr), client.ip) self.assert_(timestamp_before <= datetime.fromtimestamp(oob_time_sec) <= timestamp_after) if not POSTGRESQL: self.assert_(timestamp and timestamp_before <= timestamp <= timestamp_after) self.assertEqual(ip_protocol, 6) self.assertEqual(oob_prefix, OOB_PREFIX) # TODO: Check these timestamps # self.assertEqual(start_timestamp, ...) # self.assertEqual(end_timestamp, ...) # TODO: Open disallowed port # testDisallowPort(self, self.iptables, client) if __name__ == "__main__": print "Test nuauth module 'mysql' (log)" main() nufw-2.4.3/tests/test_session_expire.py0000755000175000017500000000336411431206275015244 00000000000000#!/usr/bin/python from compatibility import any from unittest import TestCase, main from common import createClientWithCerts, startNufw, connectClient from inl_tests.iptables import Iptables from config import USERNAME, PASSWORD from nuauth import Nuauth from nuauth_conf import NuauthConf from plaintext import PlaintextUserDB, PlaintextUser, PlaintextAcl from time import sleep from filter import testAllowPort, VALID_PORT, HOST from mysocket import connectTcp DELAY = 2 TIMEOUT = 2.0 DURATION = 3 class TestSessionExpire(TestCase): def setUp(self): self.expiration = DURATION self.host = HOST # Setup session_expire library nuconfig = NuauthConf() nuconfig['nuauth_user_session_modify_module']='"session_expire"' nuconfig['nuauth_session_duration'] = str(self.expiration) # Install temporary user database self.userdb = PlaintextUserDB() self.userdb.addUser( PlaintextUser(USERNAME, PASSWORD, 42, 42) ) self.userdb.install(nuconfig) self.acls = PlaintextAcl() # Start nuauth self.nuauth = Nuauth(nuconfig) # Create client self.client = createClientWithCerts() def tearDown(self): self.client.stop() self.acls.desinstall() self.nuauth.stop() def testExpire(self): self.assert_(connectClient(self.client)) sleep(self.expiration+DELAY) self.assert_(self.get_session_not_connected()) def get_session_not_connected(self): for line in self.client.readlines(total_timeout=TIMEOUT): if line.lower().find('session not connected') >= 0: return True return False if __name__ == "__main__": print "Test nuauth client authentication" main() nufw-2.4.3/tests/test_tls_nuauth.py0000755000175000017500000000623611431206275014374 00000000000000#!/usr/bin/python from unittest import TestCase, main from sys import stderr from common import createClient, createClientWithCerts, connectClient from nuauth import Nuauth from nuauth_conf import NuauthConf from config import config from os.path import join as path_join from os.path import abspath from logging import warning class TestTLSNuauth(TestCase): def startNuauth(self, dict_args=None): self.cacert = config.get("test_cert", "cacert") self.nuconfig = NuauthConf() self.nuconfig["nuauth_tls_request_cert"] = "2" self.nuconfig["nuauth_tls_crl"] = '"%s"' % abspath(config.get("test_cert", "crl")) if dict_args is None: dict_args = dict() for key in dict_args.keys(): self.nuconfig[ key ] = dict_args[key] self.nuauth = Nuauth(self.nuconfig) def stopNuauth(self): self.nuauth.stop() def tearDown(self): #self.client.stop() pass def testNuauthValidCA(self): self.startNuauth() self.client = createClientWithCerts() self.assert_(connectClient(self.client)) self.client.stop() self.stopNuauth() def testNuauthInvalidCA(self): cacert = abspath(config.get("test_cert", "invalid_cacert")) args = dict() args["nuauth_tls_cacert"] = "'%s'" % cacert # we must disable CRL for this one, else nuauth fails with an # error (CRL is not issued by CA) args["nuauth_tls_crl"] = None self.startNuauth(args) self.client = createClientWithCerts() self.assert_(not connectClient(self.client)) self.client.stop() self.stopNuauth() def testNuauthRevoked(self): args = dict() args["nuauth_tls_key"] = '"%s"' % abspath(config.get("test_cert", "user_revoked_key")) args["nuauth_tls_cert"] = '"%s"' % abspath(config.get("test_cert", "user_revoked_cert")) self.startNuauth(args) self.client = createClient(more_args=["-H","nuauth.inl.fr","-A",self.cacert,"-R",abspath("./pki/crl.pem")]) self.assert_(not connectClient(self.client)) self.client.stop() self.stopNuauth() def testNuauthExpired(self): args = dict() args["nuauth_tls_key"] = '"%s"' % abspath(config.get("test_cert", "user_expired_key")) args["nuauth_tls_cert"] = '"%s"' % abspath(config.get("test_cert", "user_expired_cert")) self.startNuauth(args) self.client = createClient(more_args=["-H","nuauth.inl.fr","-A",self.cacert]) self.assert_(not connectClient(self.client)) self.client.stop() self.client = createClient(more_args=["-H","nuauth.inl.fr","-Q"]) self.assert_(not connectClient(self.client)) self.client.stop() self.stopNuauth() def testNuauthInvalidCRL(self): args = dict() args["nuauth_tls_request_cert"] = "2" args["nuauth_tls_crl"] = '"%s"' % abspath(config.get("test_cert", "invalid_crl")) mytest = False try: self.startNuauth(args) except: mytest = True self.assert_(mytest) if not mytest: self.stopNuauth() if __name__ == "__main__": print "Test TLS nuauth capabilities" main() nufw-2.4.3/tests/common.py0000644000175000017500000000515111431206275012427 00000000000000import atexit from nufw import Nufw from nuauth import Nuauth from client import Client from nuauth_conf import NuauthConf from inl_tests.log import setupLog from config import (config, USERNAME, PASSWORD, NUAUTH_START_TIMEOUT, NUFW_START_TIMEOUT, CLIENT_IP) from time import time, sleep from logging import warning from os import nice from os.path import abspath _nuauth = None _nufw = None def startNufw(args=None): """ Start nufw server. If it's already running, do nothing. Return nufw process (Nufw class). """ global _nufw if _nufw: if args or _nufw.args or (not _nufw.isRunning()): # if command line arguments changed: restart nufw! _stopNufw() else: return _nufw _nufw = Nufw(args) atexit.register(_stopNufw) _nufw.start(timeout=NUFW_START_TIMEOUT) return _nufw def _stopNuauth(): global _nuauth if not _nuauth: return _nuauth.stop() _nuauth = None def _stopNufw(): global _nufw if not _nufw: return _nufw.stop() _nufw = None def createClient(username=USERNAME, password=PASSWORD, more_args=None): return Client(username, password, CLIENT_IP, more_args=more_args) def createClientWithCerts(username=USERNAME, password=PASSWORD, more_args=None): nuconfig = NuauthConf() args = [ ] cacert = abspath(config.get("test_cert", "cacert")) if not (more_args and "-A" in more_args): args = args + ["-A",cacert] cert = abspath(config.get("test_cert", "user_cert")) if not (more_args and "-C" in more_args): args = args + ["-C",cert] key = abspath(config.get("test_cert", "user_key")) if not (more_args and "-K" in more_args): args = args + ["-K",key] if more_args: args = args + more_args return Client(username, password, CLIENT_IP, more_args=args) def connectClient(client): client.info("connectClient()") try: client.start(timeout=connectClient.timeout) except RuntimeError, err: client.warning("connectClient(): error: %s" % err) return False client.warning("connectClient(): connected") return True connectClient.timeout = config.getfloat('nutcpc', 'connect_timeout') def getNuauthConf(): return NuauthConf() def retry(timeout=1.0, step=0.250): start = time() while True: when = time() - start yield when if timeout < when: raise RuntimeError("Timeout (%.1f sec)!" % timeout) return if step: warning("(retry) sleep(%.3f)" % step) sleep(step) setupLog() warning("Be nice: os.nice(15)") nice(15) nufw-2.4.3/tests/nufw.py0000644000175000017500000000276011431206275012121 00000000000000from inl_tests.process import Process from config import config, NUFW_PROG from os.path import abspath USE_VALGRIND = False DEBUG_LEVEL = 9 class Nufw(Process): def __init__(self, moreargs=None): self.args = moreargs self.is_connected_to_nuauth = False args = ["-"+"v"*DEBUG_LEVEL] if not moreargs or not "-d" in list(moreargs): args = args + ["-d", config.get("nuauth", "host")] if not moreargs or not "-k" in list(moreargs): args = args + ["-k", abspath(config.get("nufw", "tlskey"))] if not moreargs or not "-c" in list(moreargs): args = args + ["-c", abspath(config.get("nufw", "tlscert"))] if not moreargs or not "-a" in list(moreargs): args = args + ["-a", abspath(config.get("nufw", "cacert"))] if moreargs: args += list(moreargs) program = NUFW_PROG if USE_VALGRIND: args = ["--log-file-exactly=nufw.valgrind.log", "--verbose", program] + args program = "valgrind" Process.__init__(self, program, args) # FIXME: Load kernel modules? def isReady(self): for line in self.readlines(timeout=0.010): if "tls connection to nuauth established" in line.lower(): self.is_connected_to_nuauth = True if "Device or resource busy" in line: raise RuntimeError("ERROR: nufw is already running") if "Packet server started" in line: return True nufw-2.4.3/tests/test_invalid_tcp.py0000755000175000017500000000157011431206275014476 00000000000000#!/usr/bin/python from unittest import TestCase, main from common import startNufw, connectClient from nuauth import Nuauth from nuauth_conf import NuauthConf from inl_tests.iptables import Iptables from mysocket import connectTcp from filter import testAllowPort, HOST, VALID_PORT, TIMEOUT class TestSYNACKignore(TestCase): def setUp(self): self.iptables = Iptables() self.iptables.command('-A OUTPUT -p tcp --sport %u -d %s --tcp-flags SYN,ACK SYN,ACK -j NFQUEUE' % (VALID_PORT, HOST)) config = NuauthConf() self.nuauth = Nuauth(config) self.nufw = startNufw() def tearDown(self): self.nuauth.stop() self.iptables.flush() def testsynack(self): # Create socket self.assertEqual(connectTcp(HOST, VALID_PORT, TIMEOUT), True) if __name__ == "__main__": print "Test TCP SYN ACK packet" main() nufw-2.4.3/tests/test_all.py0000755000175000017500000000315211431206275012750 00000000000000#!/usr/bin/python from unittest import TestSuite, TestResult, TestLoader, TestCase from imp import load_source from os import getuid from sys import exit, stderr from random import randint, shuffle from nufw_runner import NuFWTestRunner FILES = ( "test_client_auth", "test_plaintext_acl", "test_plaintext_auth", "test_ldap_acl", "test_script", "test_syslog", "test_mysql", "test_system", "test_user_policy", "test_client_cert", "test_ipauth_guest", "test_nufw_cert", "test_cert_auth", "test_mark_flag", "test_reject", "test_periods", "test_session_expire", "test_invalid_tcp", "test_session_authtype", "test_tls_client", "test_tls_nuauth", "test_tls_nufw", ) def loadTestcases(module): for attrname in dir(module): attr = getattr(module, attrname) if isinstance(attr, type) \ and issubclass(attr, TestCase) and attr != TestCase: yield attr def loadTests(loader): for filepy in FILES: module = load_source(filepy, filepy+".py") for testcase in loadTestcases(module): yield loader(testcase) def main(): if getuid() != 0: print >>stderr, "Tests have to be run with root priviledges" exit(1) loader = TestLoader() suite = TestSuite() tests = list(loadTests(loader.loadTestsFromTestCase)) shuffle(tests) for test in tests: suite.addTests(test) runner = NuFWTestRunner(descriptions=2, verbosity=2) result = runner.run(suite) if result.failures or result.errors: exit(1) if __name__ == "__main__": main() nufw-2.4.3/tests/test_user_policy.py0000755000175000017500000000456111431206275014542 00000000000000#!/usr/bin/python from unittest import TestCase, main from config import CONF_DIR from common import createClientWithCerts, connectClient from nuauth import Nuauth from nuauth_conf import NuauthConf from os import path from inl_tests.replace_file import ReplaceFile from plaintext import USERDB class TestPlaintextAuth(TestCase): def setUp(self): # Setup our user DB self.config = NuauthConf() self.users = USERDB self.userA = self.users[0] self.userB = self.users[1] self.users.install(self.config) def tearDown(self): # Restore user DB and nuauth config self.users.desinstall() self.nuauth.stop() def testLoginNormal(self): # Change login policy to 0 self.config["nuauth_single_ip_client_limit"] = 0 self.config["nuauth_single_user_client_limit"] = 0 self.nuauth = Nuauth(self.config) # Test user1 client1 = self.userA.createClientWithCerts() self.assert_(connectClient(client1)) # Test user2 client2 = self.userB.createClientWithCerts() self.assert_(connectClient(client2)) client1.stop() client2.stop() def testLoginOne(self): # Change login policy to 1 login/user self.config["nuauth_single_ip_client_limit"] = 0 self.config["nuauth_single_user_client_limit"] = 1 self.nuauth = Nuauth(self.config) # User can't log twice # Test user1 client1 = self.userA.createClientWithCerts() self.assert_(connectClient(client1)) # Test user1 client2 = self.userA.createClientWithCerts() self.assert_(not connectClient(client2)) client1.stop() client2.stop() def testLoginIP(self): # Change login policy to 1 login/IP self.config["nuauth_single_ip_client_limit"] = 1 self.config["nuauth_single_user_client_limit"] = 0 self.nuauth = Nuauth(self.config) # Different users can't log from same IP # Test user1 client1 = self.userA.createClientWithCerts() self.assert_(connectClient(client1)) # Test user2 client2 = self.userB.createClientWithCerts() self.assert_(not connectClient(client2)) client1.stop() client2.stop() if __name__ == "__main__": print "Test nuauth user policy with 'plaintext' AUTH" main() nufw-2.4.3/tests/inl_tests/0000777000175000017500000000000011431215442012647 500000000000000nufw-2.4.3/tests/inl_tests/rpc_server.py0000644000175000017500000000340511431206275015315 00000000000000from SimpleXMLRPCServer import SimpleXMLRPCServer from config import RPC_PORT, RPC_VERSION from sys import exit from os import fork, close from log import setupLog from logging import warning from time import sleep LOG_FILENAME = "rpc_server.log" class RPC_Server(SimpleXMLRPCServer): allow_reuse_address = True def __init__(self): SimpleXMLRPCServer.__init__(self, ('', RPC_PORT)) self.is_running = True self.warning("Server started") def warning(self, message): warning("RCP server: %s" % message) def _dispatch(self, method, params): self.warning("Dispatch %s%r" % (method, params)) try: if method == "hello": return self.hello(params[0]) elif method == "stop": return self.stop() else: return ("unknown command %s" % method) except (ValueError, RuntimeError, TypeError), err: self.warning("ERROR: %s" % err) return "error: %s" % err def serve_forever(self): try: while self.is_running: self.handle_request() except KeyboardInterrupt: print "Interrupted (CTRL+C)." self.stop() self.socket.close() def stop(self): self.warning("Stop!") self.is_running = False return "Stop!" def daemonize(): pid = fork() if pid: exit(0) pid = fork() if pid: print "RPC server started, listening at port %s" % RPC_PORT print "Server pid: %s" % pid exit(0) setupLog(LOG_FILENAME) for fd in xrange(3): close(fd) def main(): if True: setupLog(False) else: daemonize() server = RPC_Server() server.serve_forever() main() nufw-2.4.3/tests/inl_tests/Makefile.in0000644000175000017500000003617611431215402014641 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = tests/inl_tests DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; am__installdirs = "$(DESTDIR)$(libdir)" libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) libnobuffer_la_LIBADD = am_libnobuffer_la_OBJECTS = nobuffer.lo libnobuffer_la_OBJECTS = $(am_libnobuffer_la_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/include depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libnobuffer_la_SOURCES) DIST_SOURCES = $(libnobuffer_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ EXTRA_DIST = \ config.py iptables.py mysocket.py remote_process.py rpc_client.py \ subprocess_python25.py __init__.py log.py process.py \ replace_file.py rpc_server.py tools.py nobuffer.c #all: libnobuffer.so # #libnobuffer.so: nobuffer.c # gcc -o $@ -shared nobuffer.c $(CFLAGS) -fPIC # #clean: # rm -f libnobuffer.so # lib_LTLIBRARIES = libnobuffer.la libnobuffer_la_SOURCES = nobuffer.c all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/inl_tests/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu tests/inl_tests/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ else :; fi; \ done uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ done clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done libnobuffer.la: $(libnobuffer_la_OBJECTS) $(libnobuffer_la_DEPENDENCIES) $(LINK) -rpath $(libdir) $(libnobuffer_la_OBJECTS) $(libnobuffer_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nobuffer.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(libdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-exec-am: install-libLTLIBRARIES install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-libLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libLTLIBRARIES clean-libtool ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am \ install-libLTLIBRARIES install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-libLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/tests/inl_tests/__init__.py0000644000175000017500000000000011431206275014666 00000000000000nufw-2.4.3/tests/inl_tests/mysocket.py0000644000175000017500000000134511431206275015002 00000000000000from socket import (socket, AF_INET, SOCK_STREAM, error as socket_error, timeout as socket_timeout) from logging import info def connectTcp(host, port, timeout): """ timeout can be 'None' (no timeout) """ try: conn = socket(AF_INET, SOCK_STREAM) conn.settimeout(timeout) conn.connect((host,port)) conn.close() info("connectTcp(%s, %s, timeout=%s): success" % (host, port, timeout)) return True except socket_timeout: info("connectTcp(%s, %s, timeout=%s): timeout" % (host, port, timeout)) return False except socket_error, err: info("connectTcp(%s, %s, timeout=%s): socket error: %s" % (host, port, timeout, err)) return False nufw-2.4.3/tests/inl_tests/tools.py0000644000175000017500000000243711431206275014307 00000000000000from errno import EEXIST from os import rename, makedirs, access, F_OK from logging import info from errno import ENOENT, EACCES from os.path import dirname def tryRename(before, after): """ Try to rename file 'before' to 'after'. Return True on sucess, False if original file doesn't exist. Raise RuntimeError() on permission error. """ try: if access(after, F_OK): raise RuntimeError('New filename already exists: %s' % after) rename(before, after) return True except OSError, err: code = err[0] if code == ENOENT: info("Unable to rename %r to %r: original file doesn't exist" % (before, after)) return False if code == EACCES: raise RuntimeError('Permission denied (retry program with root access)') raise def createPath(filename): """ Create directory for specified filename. Safe version of makedirs(dirname(filename)): ignore EEXIST error. Return True if one or more directory has been created, False otherwise. """ path = dirname(filename) if not path: return False try: makedirs(path) return True except OSError, err: if err.errno == EEXIST: return False else: raise nufw-2.4.3/tests/inl_tests/remote_process.py0000644000175000017500000000437411431206275016202 00000000000000from xmlrpclib import ServerProxy, Error from subprocess import call from inl_tests.config import RPC_PORT, SSH_COMMAND, RPC_VERSION from inl_tests.mysocket import connectTcp from logging import warning from log import setupLog # FIXME: Remove this line from process import Process def sshRemoteCommand(host, command): warning("SSH remote command on host %s: %s" % (host, command)) return call([SSH_COMMAND, host, command]) class RemoteServer: def __init__(self, host): self.host = host self.port = RPC_PORT if not connectTcp(self.host, self.port, 1.0): self.warning("Start") ok = sshRemoteCommand(self.host, "python /home/haypo/inl/tools/inl_tests/inl_tests/rpc_server.py") print "SSH DONE" if not ok: raise RuntimeError("Unable to start remote RPC server on host %s" % self.host) self.warning("Connect to RPC server") self.rpc = ServerProxy("http://%s:%u" % (self.host, self.port)) server_version = self.command("hello", RPC_VERSION) if server_version != RPC_VERSION: raise RuntimeError('Server version "%s" is different than client version "%s"' \ % (server_version, RPC_VERSION)) def warning(self, message): warning("Remote server %s:%u: %s" % (self.host, self.port, message)) def isRunning(self): self.warning("Is running: %s" % ok) return ok def command(self, method, args=None): if not args: args = tuple() self.warning("Command %s%r" % (method, args)) func = getattr(self.rpc, method) return func(*args) def test(self): print "test" print "result:", self.command("test") def stop(self): self.command("stop") class RemoteProcess: def __init__(self, server, program, args=None, need_nobuffer=True): self.program = program self.process_args = args self.need_nobuffer = need_nobuffer self.server = server self.server.command("createProcess", program, args, need_nobuffer) def main(): setupLog(False) server = RemoteServer("localhost") server.test() server.stop() ls = RemoteProcess(server, "ls", ["-la"], False(server, "ls", ["-la"], False)) main() nufw-2.4.3/tests/inl_tests/nobuffer.c0000644000175000017500000000046111431206275014542 00000000000000/* * Compile with : * gcc -shared -o nobuffer.so interceptor.c */ #include #if defined(__GNUC__) # define CONSTRUCTOR __attribute__((constructor)) #else # define CONSTRUCTOR #endif CONSTRUCTOR void init() { setvbuf(stdout, NULL, _IONBF, 0); setvbuf(stderr, NULL, _IONBF, 0); } nufw-2.4.3/tests/inl_tests/rpc_client.py0000644000175000017500000000416311431206275015267 00000000000000# simple test program (from the XML-RPC specification) from xmlrpclib import ServerProxy, Error from config import RPC_PORT from inl_tests.process import Process class RPC(object): _instance = None def __new__(cls, host): if not cls._instance: cls._instance = object.__new__(cls, host) return cls._instance def __init__(self, host): self.host = host host = "localhost" self.server = ServerProxy("http://%s:%u" % (host, RPC_PORT)) def _close(self): print "stop" self.server.stop() del self.server @classmethod def close(cls): print "close", cls._instance if not cls._instance: return cls._instance._close() cls._instance = None class RemoteProcess(Process): def start(self, restart=True, timeout=None): # If it's already running, stop it if self.isRunning(): if not restart: return False self.stop() # Run nuauth args = [self.program] + self.program_args self.warning("create process: %r" % args) try: self.process = Popen(args, **self.popen_args) except OSError, err: if err[0] == ENOENT: raise RuntimeError("No such program: %s" % self.program) else: raise # Wait until it's ready start = time() while not self.isReady(): err = None if not err and not self.isRunning(): err = "Unable to run %s (program exited)" if not err: try: sleep(0.250) except KeyboardInterrupt: err = "%s interrupted" if not err and timeout and timeout < time() - start: err = "Unable to run %s (timeout)" if err: self.stop() raise RuntimeError(err % str(self)) diff = time() - start self.warning("process started (%1.1f sec)" % diff) return True def main(): server = RPC("localhost") RPC.close() main() nufw-2.4.3/tests/inl_tests/process.py0000644000175000017500000002203011431206275014614 00000000000000from sys import hexversion from os import kill, waitpid, P_NOWAIT,\ WCOREDUMP, WIFSIGNALED, WTERMSIG, WIFEXITED, WEXITSTATUS if hexversion < 0x02050000: # Python <= 2.3 has not module subprocess # Python 2.4 subprocess has a bug: process are really deleted on exit() import imp, os.path n, f, d = imp.find_module("subprocess_python25", [os.path.dirname(__file__),]) subprocess = imp.load_module("subprocess", n, f, d) else: import subprocess from subprocess import Popen, PIPE, STDOUT from errno import ENOENT, ECHILD, ESRCH from time import sleep, time from signal import SIGABRT, SIGFPE, SIGHUP, SIGINT, SIGSEGV, SIGKILL from os.path import join as join_path, basename, dirname, normpath from os import access, R_OK, X_OK, popen from sys import exit from select import select from logging import info, warning, error NOBUFFER_SRC_PATH = normpath(join_path(dirname(__file__), '.libs', 'libnobuffer.so')) SIGNAME = { SIGABRT: "SIGABRT", SIGINT: "SIGINT", SIGHUP: "SIGHUP", SIGFPE: "SIGFPE", SIGKILL: "SIGKILL", SIGSEGV: "SIGSEGV", } def callProcess(*args): return subprocess.call(*args) class Process(object): def __init__(self, program, args=None, need_nobuffer=True): self.program = program self.process = None if args: self.program_args = args else: self.program_args = [] self.popen_args = { 'stdin': PIPE, 'stdout': PIPE, 'stderr': STDOUT, } NOBUFFER_LIBRARY = None if access(NOBUFFER_SRC_PATH, R_OK | X_OK): NOBUFFER_LIBRARY = NOBUFFER_SRC_PATH else: error("Unable to find nobuffer library (%s)!" % NOBUFFER_LIBRARY) if need_nobuffer: exit(1) if NOBUFFER_LIBRARY is not None: self.setenv("LD_PRELOAD", NOBUFFER_LIBRARY) self._pid = None def setenv(self, key, value): """ Set environment variable. This function has no effect after process creation (call start() method). """ if 'env' in self.popen_args: self.popen_args['env'][key] = value else: self.popen_args['env'] = {key: value} def _getPid(self): return self._pid pid = property(_getPid) def formatLog(self, message): if self._pid is None: return "[%s] %s" % (self, message) else: return "[%s:%s] %s" % (self, self._pid, message) def info(self, message): info(self.formatLog(message)) def warning(self, message): warning(self.formatLog(message)) def error(self, message): error(self.formatLog(message)) def __str__(self): return basename(self.program) def start(self, restart=True, timeout=None): """ Run process and waits until it is ready """ # If it's already running, stop it if self.isRunning(): if not restart: return False self.stop() # Run process args = [self.program] + self.program_args self.warning("create process: %r" % args) try: self.process = Popen(args, **self.popen_args) self._pid = self.process.pid except OSError, err: if err[0] == ENOENT: raise RuntimeError("No such program: %s" % self.program) else: raise # Wait until it's ready start = time() while not self.isReady(): err = None if not err and not self.isRunning(): err = "Unable to run %s (program exited)" if not err: try: sleep(0.250) except KeyboardInterrupt: err = "%s interrupted" if not err and timeout and timeout < time() - start: err = "Unable to run %s (timeout)" if err: self.stop() raise RuntimeError(err % str(self)) diff = time() - start self.warning("process started (%1.1f sec)" % diff) return True def readline(self, timeout=0, stream="stdout"): """ Read one line from specified stream ('stdout' by default). timeout argument: - 0 (default): non-blocking read - None: blocking read - (float value): read with specified timeout in second Return a string with new line or None if their is no data. Code based on this code: http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/440554 """ if not self.process: return None out = getattr(self.process, stream) if not out: raise RuntimeError("Stream %s of process %s is not a pipe" % (stream, self)) if timeout is not None: ready = select([out.fileno()], [], [], timeout)[0] if not ready: return None line = out.readline() if not line: return None line = line.rstrip() self.info("%s: %s" % (stream, line)) return line def kill(self, signum, raise_error=True): if not self.process: if raise_error: raise RuntimeError("Unable to kill %s: it's not running" % self) # Log action name = SIGNAME.get(signum, signum) if signum in (SIGINT, SIGHUP): log_func = self.warning else: log_func = self.error log_func("kill(%s)" % name) # Send signal try: kill(self._pid, signum) except OSError, err: if err[0] == ESRCH: self.exited(None) raise RuntimeError( "Unable to send signal %s to %s: process is dead" % (name, self)) else: raise def readlines(self, timeout=0, total_timeout=None, stream="stdout"): if total_timeout: stop = time() + total_timeout else: stop = None while True: if stop: timeout = stop - time() line = self.readline(timeout, stream) if stop: if line is not None: yield line if stop < time(): break else: if line is None: break yield line def waitline(self, to_find, timeout, stream="stdout"): start = time() while time() < start + timeout: line = self.readline(0, stream) if line and to_find in line: return True return False def exited(self, status): # Log last output for line in self.readlines(): pass # Display exit code if status is not None: log_func = self.warning info = [] if WCOREDUMP(status): info.append("core.%s dumped!" % self._pid) log_func = self.error if WIFSIGNALED(status): signal = WTERMSIG(status) signal = SIGNAME.get(signal, signal) info.append("signal %s" % signal) if WIFEXITED(status): info.append("exitcode=%s" % WEXITSTATUS(status)) if info: log_func("Exit (%s)" % ", ".join(info)) else: log_func("Exit") else: self.error("Process exited (ECHILD error)") # Delete process self.process = None self._pid = None def isRunning(self): if not self.process: return False try: finished, status = waitpid(self._pid, P_NOWAIT) except OSError, err: if err[0] == ECHILD: finished = True status = None else: raise if finished == 0: return True # Log exit code self.exited(status) return False def isReady(self): raise NotImplementedError() def stop(self): """ Send SIGINT signal and waiting until process stop """ if not self.isRunning(): return self.warning("stop()") # Log output for line in self.readlines(): pass # Send first SIGINT self.kill(SIGINT) # Wait until process ends step = 1 signal = False start_time = time() while self.isRunning(): if 2.0 < (time() - start_time): signal = True start_time = time() if signal: signal = False step += 1 if step <= 2: self.kill(SIGINT) else: self.kill(SIGKILL) try: sleep(0.250) except KeyboardInterrupt: self.info("Interrupted (CTRL+C)") signal = True def __del__(self): self.stop() def __repr__(self): return '' % self.program nufw-2.4.3/tests/inl_tests/Makefile.am0000644000175000017500000000062111431206275014622 00000000000000EXTRA_DIST = \ config.py iptables.py mysocket.py remote_process.py rpc_client.py \ subprocess_python25.py __init__.py log.py process.py \ replace_file.py rpc_server.py tools.py nobuffer.c #all: libnobuffer.so # #libnobuffer.so: nobuffer.c # gcc -o $@ -shared nobuffer.c $(CFLAGS) -fPIC # #clean: # rm -f libnobuffer.so # lib_LTLIBRARIES = libnobuffer.la libnobuffer_la_SOURCES = nobuffer.c nufw-2.4.3/tests/inl_tests/subprocess_python25.py0000644000175000017500000013134011431206275017103 00000000000000# subprocess - Subprocesses with accessible I/O streams # # For more information about this module, see PEP 324. # # This module should remain compatible with Python 2.2, see PEP 291. # # Copyright (c) 2003-2005 by Peter Astrand # # Licensed to PSF under a Contributor Agreement. # See http://www.python.org/2.4/license for licensing details. r"""subprocess - Subprocesses with accessible I/O streams This module allows you to spawn processes, connect to their input/output/error pipes, and obtain their return codes. This module intends to replace several other, older modules and functions, like: os.system os.spawn* os.popen* popen2.* commands.* Information about how the subprocess module can be used to replace these modules and functions can be found below. Using the subprocess module =========================== This module defines one class called Popen: class Popen(args, bufsize=0, executable=None, stdin=None, stdout=None, stderr=None, preexec_fn=None, close_fds=False, shell=False, cwd=None, env=None, universal_newlines=False, startupinfo=None, creationflags=0): Arguments are: args should be a string, or a sequence of program arguments. The program to execute is normally the first item in the args sequence or string, but can be explicitly set by using the executable argument. On UNIX, with shell=False (default): In this case, the Popen class uses os.execvp() to execute the child program. args should normally be a sequence. A string will be treated as a sequence with the string as the only item (the program to execute). On UNIX, with shell=True: If args is a string, it specifies the command string to execute through the shell. If args is a sequence, the first item specifies the command string, and any additional items will be treated as additional shell arguments. On Windows: the Popen class uses CreateProcess() to execute the child program, which operates on strings. If args is a sequence, it will be converted to a string using the list2cmdline method. Please note that not all MS Windows applications interpret the command line the same way: The list2cmdline is designed for applications using the same rules as the MS C runtime. bufsize, if given, has the same meaning as the corresponding argument to the built-in open() function: 0 means unbuffered, 1 means line buffered, any other positive value means use a buffer of (approximately) that size. A negative bufsize means to use the system default, which usually means fully buffered. The default value for bufsize is 0 (unbuffered). stdin, stdout and stderr specify the executed programs' standard input, standard output and standard error file handles, respectively. Valid values are PIPE, an existing file descriptor (a positive integer), an existing file object, and None. PIPE indicates that a new pipe to the child should be created. With None, no redirection will occur; the child's file handles will be inherited from the parent. Additionally, stderr can be STDOUT, which indicates that the stderr data from the applications should be captured into the same file handle as for stdout. If preexec_fn is set to a callable object, this object will be called in the child process just before the child is executed. If close_fds is true, all file descriptors except 0, 1 and 2 will be closed before the child process is executed. if shell is true, the specified command will be executed through the shell. If cwd is not None, the current directory will be changed to cwd before the child is executed. If env is not None, it defines the environment variables for the new process. If universal_newlines is true, the file objects stdout and stderr are opened as a text files, but lines may be terminated by any of '\n', the Unix end-of-line convention, '\r', the Macintosh convention or '\r\n', the Windows convention. All of these external representations are seen as '\n' by the Python program. Note: This feature is only available if Python is built with universal newline support (the default). Also, the newlines attribute of the file objects stdout, stdin and stderr are not updated by the communicate() method. The startupinfo and creationflags, if given, will be passed to the underlying CreateProcess() function. They can specify things such as appearance of the main window and priority for the new process. (Windows only) This module also defines two shortcut functions: call(*popenargs, **kwargs): Run command with arguments. Wait for command to complete, then return the returncode attribute. The arguments are the same as for the Popen constructor. Example: retcode = call(["ls", "-l"]) check_call(*popenargs, **kwargs): Run command with arguments. Wait for command to complete. If the exit code was zero then return, otherwise raise CalledProcessError. The CalledProcessError object will have the return code in the returncode attribute. The arguments are the same as for the Popen constructor. Example: check_call(["ls", "-l"]) Exceptions ---------- Exceptions raised in the child process, before the new program has started to execute, will be re-raised in the parent. Additionally, the exception object will have one extra attribute called 'child_traceback', which is a string containing traceback information from the childs point of view. The most common exception raised is OSError. This occurs, for example, when trying to execute a non-existent file. Applications should prepare for OSErrors. A ValueError will be raised if Popen is called with invalid arguments. check_call() will raise CalledProcessError, if the called process returns a non-zero return code. Security -------- Unlike some other popen functions, this implementation will never call /bin/sh implicitly. This means that all characters, including shell metacharacters, can safely be passed to child processes. Popen objects ============= Instances of the Popen class have the following methods: poll() Check if child process has terminated. Returns returncode attribute. wait() Wait for child process to terminate. Returns returncode attribute. communicate(input=None) Interact with process: Send data to stdin. Read data from stdout and stderr, until end-of-file is reached. Wait for process to terminate. The optional input argument should be a string to be sent to the child process, or None, if no data should be sent to the child. communicate() returns a tuple (stdout, stderr). Note: The data read is buffered in memory, so do not use this method if the data size is large or unlimited. The following attributes are also available: stdin If the stdin argument is PIPE, this attribute is a file object that provides input to the child process. Otherwise, it is None. stdout If the stdout argument is PIPE, this attribute is a file object that provides output from the child process. Otherwise, it is None. stderr If the stderr argument is PIPE, this attribute is file object that provides error output from the child process. Otherwise, it is None. pid The process ID of the child process. returncode The child return code. A None value indicates that the process hasn't terminated yet. A negative value -N indicates that the child was terminated by signal N (UNIX only). Replacing older functions with the subprocess module ==================================================== In this section, "a ==> b" means that b can be used as a replacement for a. Note: All functions in this section fail (more or less) silently if the executed program cannot be found; this module raises an OSError exception. In the following examples, we assume that the subprocess module is imported with "from subprocess import *". Replacing /bin/sh shell backquote --------------------------------- output=`mycmd myarg` ==> output = Popen(["mycmd", "myarg"], stdout=PIPE).communicate()[0] Replacing shell pipe line ------------------------- output=`dmesg | grep hda` ==> p1 = Popen(["dmesg"], stdout=PIPE) p2 = Popen(["grep", "hda"], stdin=p1.stdout, stdout=PIPE) output = p2.communicate()[0] Replacing os.system() --------------------- sts = os.system("mycmd" + " myarg") ==> p = Popen("mycmd" + " myarg", shell=True) pid, sts = os.waitpid(p.pid, 0) Note: * Calling the program through the shell is usually not required. * It's easier to look at the returncode attribute than the exitstatus. A more real-world example would look like this: try: retcode = call("mycmd" + " myarg", shell=True) if retcode < 0: print >>sys.stderr, "Child was terminated by signal", -retcode else: print >>sys.stderr, "Child returned", retcode except OSError, e: print >>sys.stderr, "Execution failed:", e Replacing os.spawn* ------------------- P_NOWAIT example: pid = os.spawnlp(os.P_NOWAIT, "/bin/mycmd", "mycmd", "myarg") ==> pid = Popen(["/bin/mycmd", "myarg"]).pid P_WAIT example: retcode = os.spawnlp(os.P_WAIT, "/bin/mycmd", "mycmd", "myarg") ==> retcode = call(["/bin/mycmd", "myarg"]) Vector example: os.spawnvp(os.P_NOWAIT, path, args) ==> Popen([path] + args[1:]) Environment example: os.spawnlpe(os.P_NOWAIT, "/bin/mycmd", "mycmd", "myarg", env) ==> Popen(["/bin/mycmd", "myarg"], env={"PATH": "/usr/bin"}) Replacing os.popen* ------------------- pipe = os.popen(cmd, mode='r', bufsize) ==> pipe = Popen(cmd, shell=True, bufsize=bufsize, stdout=PIPE).stdout pipe = os.popen(cmd, mode='w', bufsize) ==> pipe = Popen(cmd, shell=True, bufsize=bufsize, stdin=PIPE).stdin (child_stdin, child_stdout) = os.popen2(cmd, mode, bufsize) ==> p = Popen(cmd, shell=True, bufsize=bufsize, stdin=PIPE, stdout=PIPE, close_fds=True) (child_stdin, child_stdout) = (p.stdin, p.stdout) (child_stdin, child_stdout, child_stderr) = os.popen3(cmd, mode, bufsize) ==> p = Popen(cmd, shell=True, bufsize=bufsize, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True) (child_stdin, child_stdout, child_stderr) = (p.stdin, p.stdout, p.stderr) (child_stdin, child_stdout_and_stderr) = os.popen4(cmd, mode, bufsize) ==> p = Popen(cmd, shell=True, bufsize=bufsize, stdin=PIPE, stdout=PIPE, stderr=STDOUT, close_fds=True) (child_stdin, child_stdout_and_stderr) = (p.stdin, p.stdout) Replacing popen2.* ------------------ Note: If the cmd argument to popen2 functions is a string, the command is executed through /bin/sh. If it is a list, the command is directly executed. (child_stdout, child_stdin) = popen2.popen2("somestring", bufsize, mode) ==> p = Popen(["somestring"], shell=True, bufsize=bufsize stdin=PIPE, stdout=PIPE, close_fds=True) (child_stdout, child_stdin) = (p.stdout, p.stdin) (child_stdout, child_stdin) = popen2.popen2(["mycmd", "myarg"], bufsize, mode) ==> p = Popen(["mycmd", "myarg"], bufsize=bufsize, stdin=PIPE, stdout=PIPE, close_fds=True) (child_stdout, child_stdin) = (p.stdout, p.stdin) The popen2.Popen3 and popen3.Popen4 basically works as subprocess.Popen, except that: * subprocess.Popen raises an exception if the execution fails * the capturestderr argument is replaced with the stderr argument. * stdin=PIPE and stdout=PIPE must be specified. * popen2 closes all filedescriptors by default, but you have to specify close_fds=True with subprocess.Popen. """ import sys mswindows = (sys.platform == "win32") import os import types import traceback # Exception classes used by this module. class CalledProcessError(Exception): """This exception is raised when a process run by check_call() returns a non-zero exit status. The exit status will be stored in the returncode attribute.""" def __init__(self, returncode, cmd): self.returncode = returncode self.cmd = cmd def __str__(self): return "Command '%s' returned non-zero exit status %d" % (self.cmd, self.returncode) if mswindows: import threading import msvcrt if 0: # <-- change this to use pywin32 instead of the _subprocess driver import pywintypes from win32api import GetStdHandle, STD_INPUT_HANDLE, \ STD_OUTPUT_HANDLE, STD_ERROR_HANDLE from win32api import GetCurrentProcess, DuplicateHandle, \ GetModuleFileName, GetVersion from win32con import DUPLICATE_SAME_ACCESS, SW_HIDE from win32pipe import CreatePipe from win32process import CreateProcess, STARTUPINFO, \ GetExitCodeProcess, STARTF_USESTDHANDLES, \ STARTF_USESHOWWINDOW, CREATE_NEW_CONSOLE from win32event import WaitForSingleObject, INFINITE, WAIT_OBJECT_0 else: from _subprocess import * class STARTUPINFO: dwFlags = 0 hStdInput = None hStdOutput = None hStdError = None wShowWindow = 0 class pywintypes: error = IOError else: import select import errno import fcntl import pickle __all__ = ["Popen", "PIPE", "STDOUT", "call", "check_call", "CalledProcessError"] try: MAXFD = os.sysconf("SC_OPEN_MAX") except: MAXFD = 256 # True/False does not exist on 2.2.0 try: False except NameError: False = 0 True = 1 _active = [] def _cleanup(): for inst in _active[:]: if inst.poll(_deadstate=sys.maxint) >= 0: try: _active.remove(inst) except ValueError: # This can happen if two threads create a new Popen instance. # It's harmless that it was already removed, so ignore. pass PIPE = -1 STDOUT = -2 def call(*popenargs, **kwargs): """Run command with arguments. Wait for command to complete, then return the returncode attribute. The arguments are the same as for the Popen constructor. Example: retcode = call(["ls", "-l"]) """ return Popen(*popenargs, **kwargs).wait() def check_call(*popenargs, **kwargs): """Run command with arguments. Wait for command to complete. If the exit code was zero then return, otherwise raise CalledProcessError. The CalledProcessError object will have the return code in the returncode attribute. The arguments are the same as for the Popen constructor. Example: check_call(["ls", "-l"]) """ retcode = call(*popenargs, **kwargs) cmd = kwargs.get("args") if cmd is None: cmd = popenargs[0] if retcode: raise CalledProcessError(retcode, cmd) return retcode def list2cmdline(seq): """ Translate a sequence of arguments into a command line string, using the same rules as the MS C runtime: 1) Arguments are delimited by white space, which is either a space or a tab. 2) A string surrounded by double quotation marks is interpreted as a single argument, regardless of white space contained within. A quoted string can be embedded in an argument. 3) A double quotation mark preceded by a backslash is interpreted as a literal double quotation mark. 4) Backslashes are interpreted literally, unless they immediately precede a double quotation mark. 5) If backslashes immediately precede a double quotation mark, every pair of backslashes is interpreted as a literal backslash. If the number of backslashes is odd, the last backslash escapes the next double quotation mark as described in rule 3. """ # See # http://msdn.microsoft.com/library/en-us/vccelng/htm/progs_12.asp result = [] needquote = False for arg in seq: bs_buf = [] # Add a space to separate this argument from the others if result: result.append(' ') needquote = (" " in arg) or ("\t" in arg) or arg == "" if needquote: result.append('"') for c in arg: if c == '\\': # Don't know if we need to double yet. bs_buf.append(c) elif c == '"': # Double backspaces. result.append('\\' * len(bs_buf)*2) bs_buf = [] result.append('\\"') else: # Normal char if bs_buf: result.extend(bs_buf) bs_buf = [] result.append(c) # Add remaining backspaces, if any. if bs_buf: result.extend(bs_buf) if needquote: result.extend(bs_buf) result.append('"') return ''.join(result) class Popen(object): def __init__(self, args, bufsize=0, executable=None, stdin=None, stdout=None, stderr=None, preexec_fn=None, close_fds=False, shell=False, cwd=None, env=None, universal_newlines=False, startupinfo=None, creationflags=0): """Create new Popen instance.""" _cleanup() self._child_created = False if not isinstance(bufsize, (int, long)): raise TypeError("bufsize must be an integer") if mswindows: if preexec_fn is not None: raise ValueError("preexec_fn is not supported on Windows " "platforms") if close_fds: raise ValueError("close_fds is not supported on Windows " "platforms") else: # POSIX if startupinfo is not None: raise ValueError("startupinfo is only supported on Windows " "platforms") if creationflags != 0: raise ValueError("creationflags is only supported on Windows " "platforms") self.stdin = None self.stdout = None self.stderr = None self.pid = None self.returncode = None self.universal_newlines = universal_newlines # Input and output objects. The general principle is like # this: # # Parent Child # ------ ----- # p2cwrite ---stdin---> p2cread # c2pread <--stdout--- c2pwrite # errread <--stderr--- errwrite # # On POSIX, the child objects are file descriptors. On # Windows, these are Windows file handles. The parent objects # are file descriptors on both platforms. The parent objects # are None when not using PIPEs. The child objects are None # when not redirecting. (p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite) = self._get_handles(stdin, stdout, stderr) self._execute_child(args, executable, preexec_fn, close_fds, cwd, env, universal_newlines, startupinfo, creationflags, shell, p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite) # On Windows, you cannot just redirect one or two handles: You # either have to redirect all three or none. If the subprocess # user has only redirected one or two handles, we are # automatically creating PIPEs for the rest. We should close # these after the process is started. See bug #1124861. if mswindows: if stdin is None and p2cwrite is not None: os.close(p2cwrite) p2cwrite = None if stdout is None and c2pread is not None: os.close(c2pread) c2pread = None if stderr is None and errread is not None: os.close(errread) errread = None if p2cwrite: self.stdin = os.fdopen(p2cwrite, 'wb', bufsize) if c2pread: if universal_newlines: self.stdout = os.fdopen(c2pread, 'rU', bufsize) else: self.stdout = os.fdopen(c2pread, 'rb', bufsize) if errread: if universal_newlines: self.stderr = os.fdopen(errread, 'rU', bufsize) else: self.stderr = os.fdopen(errread, 'rb', bufsize) def _translate_newlines(self, data): data = data.replace("\r\n", "\n") data = data.replace("\r", "\n") return data def __del__(self): if not self._child_created: # We didn't get to successfully create a child process. return # In case the child hasn't been waited on, check if it's done. self.poll(_deadstate=sys.maxint) if self.returncode is None and _active is not None: # Child is still running, keep us alive until we can wait on it. _active.append(self) def communicate(self, input=None): """Interact with process: Send data to stdin. Read data from stdout and stderr, until end-of-file is reached. Wait for process to terminate. The optional input argument should be a string to be sent to the child process, or None, if no data should be sent to the child. communicate() returns a tuple (stdout, stderr).""" # Optimization: If we are only using one pipe, or no pipe at # all, using select() or threads is unnecessary. if [self.stdin, self.stdout, self.stderr].count(None) >= 2: stdout = None stderr = None if self.stdin: if input: self._fo_write_no_intr(self.stdin, input) self.stdin.close() elif self.stdout: stdout = self._fo_read_no_intr(self.stdout) elif self.stderr: stderr = self._fo_read_no_intr(self.stderr) self.wait() return (stdout, stderr) return self._communicate(input) if mswindows: # # Windows methods # def _get_handles(self, stdin, stdout, stderr): """Construct and return tupel with IO objects: p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite """ if stdin is None and stdout is None and stderr is None: return (None, None, None, None, None, None) p2cread, p2cwrite = None, None c2pread, c2pwrite = None, None errread, errwrite = None, None if stdin is None: p2cread = GetStdHandle(STD_INPUT_HANDLE) if p2cread is not None: pass elif stdin is None or stdin == PIPE: p2cread, p2cwrite = CreatePipe(None, 0) # Detach and turn into fd p2cwrite = p2cwrite.Detach() p2cwrite = msvcrt.open_osfhandle(p2cwrite, 0) elif isinstance(stdin, int): p2cread = msvcrt.get_osfhandle(stdin) else: # Assuming file-like object p2cread = msvcrt.get_osfhandle(stdin.fileno()) p2cread = self._make_inheritable(p2cread) if stdout is None: c2pwrite = GetStdHandle(STD_OUTPUT_HANDLE) if c2pwrite is not None: pass elif stdout is None or stdout == PIPE: c2pread, c2pwrite = CreatePipe(None, 0) # Detach and turn into fd c2pread = c2pread.Detach() c2pread = msvcrt.open_osfhandle(c2pread, 0) elif isinstance(stdout, int): c2pwrite = msvcrt.get_osfhandle(stdout) else: # Assuming file-like object c2pwrite = msvcrt.get_osfhandle(stdout.fileno()) c2pwrite = self._make_inheritable(c2pwrite) if stderr is None: errwrite = GetStdHandle(STD_ERROR_HANDLE) if errwrite is not None: pass elif stderr is None or stderr == PIPE: errread, errwrite = CreatePipe(None, 0) # Detach and turn into fd errread = errread.Detach() errread = msvcrt.open_osfhandle(errread, 0) elif stderr == STDOUT: errwrite = c2pwrite elif isinstance(stderr, int): errwrite = msvcrt.get_osfhandle(stderr) else: # Assuming file-like object errwrite = msvcrt.get_osfhandle(stderr.fileno()) errwrite = self._make_inheritable(errwrite) return (p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite) def _make_inheritable(self, handle): """Return a duplicate of handle, which is inheritable""" return DuplicateHandle(GetCurrentProcess(), handle, GetCurrentProcess(), 0, 1, DUPLICATE_SAME_ACCESS) def _find_w9xpopen(self): """Find and return absolut path to w9xpopen.exe""" w9xpopen = os.path.join(os.path.dirname(GetModuleFileName(0)), "w9xpopen.exe") if not os.path.exists(w9xpopen): # Eeek - file-not-found - possibly an embedding # situation - see if we can locate it in sys.exec_prefix w9xpopen = os.path.join(os.path.dirname(sys.exec_prefix), "w9xpopen.exe") if not os.path.exists(w9xpopen): raise RuntimeError("Cannot locate w9xpopen.exe, which is " "needed for Popen to work with your " "shell or platform.") return w9xpopen def _execute_child(self, args, executable, preexec_fn, close_fds, cwd, env, universal_newlines, startupinfo, creationflags, shell, p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite): """Execute program (MS Windows version)""" if not isinstance(args, types.StringTypes): args = list2cmdline(args) # Process startup details if startupinfo is None: startupinfo = STARTUPINFO() if None not in (p2cread, c2pwrite, errwrite): startupinfo.dwFlags |= STARTF_USESTDHANDLES startupinfo.hStdInput = p2cread startupinfo.hStdOutput = c2pwrite startupinfo.hStdError = errwrite if shell: startupinfo.dwFlags |= STARTF_USESHOWWINDOW startupinfo.wShowWindow = SW_HIDE comspec = os.environ.get("COMSPEC", "cmd.exe") args = comspec + " /c " + args if (GetVersion() >= 0x80000000L or os.path.basename(comspec).lower() == "command.com"): # Win9x, or using command.com on NT. We need to # use the w9xpopen intermediate program. For more # information, see KB Q150956 # (http://web.archive.org/web/20011105084002/http://support.microsoft.com/support/kb/articles/Q150/9/56.asp) w9xpopen = self._find_w9xpopen() args = '"%s" %s' % (w9xpopen, args) # Not passing CREATE_NEW_CONSOLE has been known to # cause random failures on win9x. Specifically a # dialog: "Your program accessed mem currently in # use at xxx" and a hopeful warning about the # stability of your system. Cost is Ctrl+C wont # kill children. creationflags |= CREATE_NEW_CONSOLE # Start the process try: hp, ht, pid, tid = CreateProcess(executable, args, # no special security None, None, # must inherit handles to pass std # handles 1, creationflags, env, cwd, startupinfo) except pywintypes.error, e: # Translate pywintypes.error to WindowsError, which is # a subclass of OSError. FIXME: We should really # translate errno using _sys_errlist (or simliar), but # how can this be done from Python? raise WindowsError(*e.args) # Retain the process handle, but close the thread handle self._child_created = True self._handle = hp self.pid = pid ht.Close() # Child is launched. Close the parent's copy of those pipe # handles that only the child should have open. You need # to make sure that no handles to the write end of the # output pipe are maintained in this process or else the # pipe will not close when the child process exits and the # ReadFile will hang. if p2cread is not None: p2cread.Close() if c2pwrite is not None: c2pwrite.Close() if errwrite is not None: errwrite.Close() def poll(self, _deadstate=None): """Check if child process has terminated. Returns returncode attribute.""" if self.returncode is None: if WaitForSingleObject(self._handle, 0) == WAIT_OBJECT_0: self.returncode = GetExitCodeProcess(self._handle) return self.returncode def wait(self): """Wait for child process to terminate. Returns returncode attribute.""" if self.returncode is None: obj = WaitForSingleObject(self._handle, INFINITE) self.returncode = GetExitCodeProcess(self._handle) return self.returncode def _readerthread(self, fh, buffer): buffer.append(fh.read()) def _communicate(self, input): stdout = None # Return stderr = None # Return if self.stdout: stdout = [] stdout_thread = threading.Thread(target=self._readerthread, args=(self.stdout, stdout)) stdout_thread.setDaemon(True) stdout_thread.start() if self.stderr: stderr = [] stderr_thread = threading.Thread(target=self._readerthread, args=(self.stderr, stderr)) stderr_thread.setDaemon(True) stderr_thread.start() if self.stdin: if input is not None: self.stdin.write(input) self.stdin.close() if self.stdout: stdout_thread.join() if self.stderr: stderr_thread.join() # All data exchanged. Translate lists into strings. if stdout is not None: stdout = stdout[0] if stderr is not None: stderr = stderr[0] # Translate newlines, if requested. We cannot let the file # object do the translation: It is based on stdio, which is # impossible to combine with select (unless forcing no # buffering). if self.universal_newlines and hasattr(file, 'newlines'): if stdout: stdout = self._translate_newlines(stdout) if stderr: stderr = self._translate_newlines(stderr) self.wait() return (stdout, stderr) else: # # POSIX methods # def _get_handles(self, stdin, stdout, stderr): """Construct and return tupel with IO objects: p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite """ p2cread, p2cwrite = None, None c2pread, c2pwrite = None, None errread, errwrite = None, None if stdin is None: pass elif stdin == PIPE: p2cread, p2cwrite = os.pipe() elif isinstance(stdin, int): p2cread = stdin else: # Assuming file-like object p2cread = stdin.fileno() if stdout is None: pass elif stdout == PIPE: c2pread, c2pwrite = os.pipe() elif isinstance(stdout, int): c2pwrite = stdout else: # Assuming file-like object c2pwrite = stdout.fileno() if stderr is None: pass elif stderr == PIPE: errread, errwrite = os.pipe() elif stderr == STDOUT: errwrite = c2pwrite elif isinstance(stderr, int): errwrite = stderr else: # Assuming file-like object errwrite = stderr.fileno() return (p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite) def _set_cloexec_flag(self, fd): try: cloexec_flag = fcntl.FD_CLOEXEC except AttributeError: cloexec_flag = 1 old = fcntl.fcntl(fd, fcntl.F_GETFD) fcntl.fcntl(fd, fcntl.F_SETFD, old | cloexec_flag) def _close_fds(self, but): for i in xrange(3, MAXFD): if i == but: continue try: os.close(i) except: pass def _read_no_intr(self, fd, buffersize): """Like os.read, but retries on EINTR""" while True: try: return os.read(fd, buffersize) except OSError, e: if e.errno == errno.EINTR: continue else: raise def _write_no_intr(self, fd, s): """Like os.write, but retries on EINTR""" while True: try: return os.write(fd, s) except OSError, e: if e.errno == errno.EINTR: continue else: raise def _waitpid_no_intr(self, pid, options): """Like os.waitpid, but retries on EINTR""" while True: try: return os.waitpid(pid, options) except OSError, e: if e.errno == errno.EINTR: continue else: raise def _fo_read_no_intr(self, obj): """Like obj.read(), but retries on EINTR""" while True: try: return obj.read() except IOError, e: if e.errno == errno.EINTR: continue else: raise def _fo_write_no_intr(self, obj, data): """Like obj.write(), but retries on EINTR""" while True: try: return obj.write(data) except IOError, e: if e.errno == errno.EINTR: continue else: raise def _execute_child(self, args, executable, preexec_fn, close_fds, cwd, env, universal_newlines, startupinfo, creationflags, shell, p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite): """Execute program (POSIX version)""" if isinstance(args, types.StringTypes): args = [args] else: args = list(args) if shell: args = ["/bin/sh", "-c"] + args if executable is None: executable = args[0] # For transferring possible exec failure from child to parent # The first char specifies the exception type: 0 means # OSError, 1 means some other error. errpipe_read, errpipe_write = os.pipe() self._set_cloexec_flag(errpipe_write) self.pid = os.fork() self._child_created = True if self.pid == 0: # Child try: # Close parent's pipe ends if p2cwrite: os.close(p2cwrite) if c2pread: os.close(c2pread) if errread: os.close(errread) os.close(errpipe_read) # Dup fds for child if p2cread: os.dup2(p2cread, 0) if c2pwrite: os.dup2(c2pwrite, 1) if errwrite: os.dup2(errwrite, 2) # Close pipe fds. Make sure we don't close the same # fd more than once, or standard fds. if p2cread and p2cread not in (0,): os.close(p2cread) if c2pwrite and c2pwrite not in (p2cread, 1): os.close(c2pwrite) if errwrite and errwrite not in (p2cread, c2pwrite, 2): os.close(errwrite) # Close all other fds, if asked for if close_fds: self._close_fds(but=errpipe_write) if cwd is not None: os.chdir(cwd) if preexec_fn: apply(preexec_fn) if env is None: os.execvp(executable, args) else: os.execvpe(executable, args, env) except: exc_type, exc_value, tb = sys.exc_info() # Save the traceback and attach it to the exception object exc_lines = traceback.format_exception(exc_type, exc_value, tb) exc_value.child_traceback = ''.join(exc_lines) self._write_no_intr(errpipe_write, pickle.dumps(exc_value)) # This exitcode won't be reported to applications, so it # really doesn't matter what we return. os._exit(255) # Parent os.close(errpipe_write) if p2cread and p2cwrite: os.close(p2cread) if c2pwrite and c2pread: os.close(c2pwrite) if errwrite and errread: os.close(errwrite) # Wait for exec to fail or succeed; possibly raising exception data = self._read_no_intr(errpipe_read, 1048576) # Exceptions limited to 1 MB os.close(errpipe_read) if data != "": self._waitpid_no_intr(self.pid, 0) child_exception = pickle.loads(data) raise child_exception def _handle_exitstatus(self, sts): if os.WIFSIGNALED(sts): self.returncode = -os.WTERMSIG(sts) elif os.WIFEXITED(sts): self.returncode = os.WEXITSTATUS(sts) else: # Should never happen raise RuntimeError("Unknown child exit status!") def poll(self, _deadstate=None): """Check if child process has terminated. Returns returncode attribute.""" if self.returncode is None: try: pid, sts = self._waitpid_no_intr(self.pid, os.WNOHANG) if pid == self.pid: self._handle_exitstatus(sts) except os.error: if _deadstate is not None: self.returncode = _deadstate return self.returncode def wait(self): """Wait for child process to terminate. Returns returncode attribute.""" if self.returncode is None: pid, sts = self._waitpid_no_intr(self.pid, 0) self._handle_exitstatus(sts) return self.returncode def _communicate(self, input): read_set = [] write_set = [] stdout = None # Return stderr = None # Return if self.stdin: # Flush stdio buffer. This might block, if the user has # been writing to .stdin in an uncontrolled fashion. self.stdin.flush() if input: write_set.append(self.stdin) else: self.stdin.close() if self.stdout: read_set.append(self.stdout) stdout = [] if self.stderr: read_set.append(self.stderr) stderr = [] input_offset = 0 while read_set or write_set: try: rlist, wlist, xlist = select.select(read_set, write_set, []) except select.error, e: if e[0] == errno.EINTR: continue else: raise if self.stdin in wlist: # When select has indicated that the file is writable, # we can write up to PIPE_BUF bytes without risk # blocking. POSIX defines PIPE_BUF >= 512 bytes_written = self._write_no_intr(self.stdin.fileno(), buffer(input, input_offset, 512)) input_offset += bytes_written if input_offset >= len(input): self.stdin.close() write_set.remove(self.stdin) if self.stdout in rlist: data = self._read_no_intr(self.stdout.fileno(), 1024) if data == "": self.stdout.close() read_set.remove(self.stdout) stdout.append(data) if self.stderr in rlist: data = self._read_no_intr(self.stderr.fileno(), 1024) if data == "": self.stderr.close() read_set.remove(self.stderr) stderr.append(data) # All data exchanged. Translate lists into strings. if stdout is not None: stdout = ''.join(stdout) if stderr is not None: stderr = ''.join(stderr) # Translate newlines, if requested. We cannot let the file # object do the translation: It is based on stdio, which is # impossible to combine with select (unless forcing no # buffering). if self.universal_newlines and hasattr(file, 'newlines'): if stdout: stdout = self._translate_newlines(stdout) if stderr: stderr = self._translate_newlines(stderr) self.wait() return (stdout, stderr) def _demo_posix(): # # Example 1: Simple redirection: Get process list # plist = Popen(["ps"], stdout=PIPE).communicate()[0] print "Process list:" print plist # # Example 2: Change uid before executing child # if os.getuid() == 0: p = Popen(["id"], preexec_fn=lambda: os.setuid(100)) p.wait() # # Example 3: Connecting several subprocesses # print "Looking for 'hda'..." p1 = Popen(["dmesg"], stdout=PIPE) p2 = Popen(["grep", "hda"], stdin=p1.stdout, stdout=PIPE) print repr(p2.communicate()[0]) # # Example 4: Catch execution error # print print "Trying a weird file..." try: print Popen(["/this/path/does/not/exist"]).communicate() except OSError, e: if e.errno == errno.ENOENT: print "The file didn't exist. I thought so..." print "Child traceback:" print e.child_traceback else: print "Error", e.errno else: print >>sys.stderr, "Gosh. No error." def _demo_windows(): # # Example 1: Connecting several subprocesses # print "Looking for 'PROMPT' in set output..." p1 = Popen("set", stdout=PIPE, shell=True) p2 = Popen('find "PROMPT"', stdin=p1.stdout, stdout=PIPE) print repr(p2.communicate()[0]) # # Example 2: Simple execution of program # print "Executing calc..." p = Popen("calc") p.wait() if __name__ == "__main__": if mswindows: _demo_windows() else: _demo_posix() nufw-2.4.3/tests/inl_tests/log.py0000644000175000017500000000205511431206275013724 00000000000000import atexit from sys import stdout from logging import FileHandler, Formatter, StreamHandler, \ DEBUG, ERROR, getLogger _setup_log = False class CustomLogHandler(StreamHandler): def __init__(self): StreamHandler.__init__(self) def emit(self, record): if record.levelno < ERROR: return print "%s: %s" % (record.levelname, record.msg) def setupLog(filename="tests.log", format='%(created).3f| %(message)s'): """ Setup log system """ global _setup_log if _setup_log: return _setup_log = True # Set debug level to 'DEBUG' logger = getLogger() logger.setLevel(DEBUG) # Write all logs in a file (LOG_FILENAME) if filename: handler = FileHandler(filename, 'w') handler.setFormatter(Formatter(format, None)) logger.addHandler(handler) # Display error to stdout with specific handler handler = CustomLogHandler() logger.addHandler(handler) atexit.register(lambda: stdout.write("Log written to %s\n" % filename)) nufw-2.4.3/tests/inl_tests/replace_file.py0000644000175000017500000000561111431206275015556 00000000000000from os import rename, chmod, unlink, access, F_OK from logging import info, warning, error from shutil import copyfile from inl_tests.tools import tryRename from errno import ENOENT class BaseReplaceFile: def __init__(self, filename, file_mode=None): self.filename = filename self.file_mode = file_mode self.replaced = False self.installed = False self.filename_old = self.filename + ".old" def install(self): if self.installed: return self.installed = True if not access(self.filename_old, F_OK): self.replaced = tryRename(self.filename, self.filename_old) if self.replaced: warning("Replace file %s (existing renamed to %s)" % (self.filename, self.filename_old)) else: warning("Install file %s" % self.filename) else: self.replaced = True warning("Install file %s (and keep old copy %s)" % (self.filename, self.filename_old)) self.install_newfile() def install_newfile(self): pass def desinstall(self): if not self.installed: return if not self.replaced: return self.replaced = False warning("Restore old file %s" % self.filename) try: rename(self.filename_old, self.filename) except OSError, err: if err[0] == ENOENT: error("Unable to rename '%s' to '%s'" % (self.filename_old, self.filename)) else: raise self.installed = False def __del__(self): self.desinstall() class ReplaceFile(BaseReplaceFile): def __init__(self, filename, new_content, mode=None): BaseReplaceFile.__init__(self, filename, mode) self.new_content = new_content def install_newfile(self): output = open(self.filename, 'w') if self.file_mode is not None: chmod(self.filename, self.file_mode) if isinstance(self.new_content, str): output.write(self.new_content) else: self.new_content(output) output.close() del self.new_content class TempCopyFile(BaseReplaceFile): def __init__(self, filename, new_filename, mode=None): BaseReplaceFile.__init__(self, filename, mode) self.new_filename = new_filename def install_newfile(self): copyfile(self.new_filename, self.filename) if self.file_mode is not None: chmod(self.filename, self.file_mode) def desinstall(self): if not self.installed: return if not self.replaced: self.installed = False try: unlink(self.filename) except OSError, err: if err.errno == ENOENT: pass else: raise else: BaseReplaceFile.desinstall(self) nufw-2.4.3/tests/inl_tests/config.py0000644000175000017500000000017111431206275014405 00000000000000IPTABLES_PROG = "/sbin/iptables" IPTABLES_QUEUE = "NFQUEUE" RPC_PORT = 2007 SSH_COMMAND = "ssh" RPC_VERSION = "RPC-0.0" nufw-2.4.3/tests/inl_tests/iptables.py0000644000175000017500000000232211431206275014743 00000000000000""" Send commands to Netfilter using iptables program """ from process import callProcess from logging import warning from inl_tests.config import IPTABLES_PROG, IPTABLES_QUEUE _iptables_dirty = True HAS_NAT = False class Iptables: def __init__(self): self.flush() def __del__(self): self.flush() def command(self, args): global _iptables_dirty _iptables_dirty = True command_list = [IPTABLES_PROG] + args.split() command = "%s %s" % (IPTABLES_PROG, args) warning(command) exitcode = callProcess(command_list) if exitcode: raise RuntimeError('Iptables error: unable to run: %s (error %s)' % (command, exitcode)) def filterTcp(self, port, table="OUTPUT"): global _iptables_dirty args = "-A %s -p tcp --dport %u -m state --state new -j %s" \ % (table, port, IPTABLES_QUEUE) self.command(args) def flush(self): global _iptables_dirty if not _iptables_dirty: return self.command("-X") self.command("-F") if HAS_NAT: self.command("-F -t nat") self.command("-F -t mangle") _iptables_dirty = False nufw-2.4.3/tests/Makefile.am0000644000175000017500000000123611431206275012621 00000000000000SUBDIRS = inl_tests pki EXTRA_DIST = defaults.cfg client.py common.py compatibility.py config.py \ filter.py mysocket.py nuauth_conf.py nuauth.py nufw.py nufw_runner.py\ plaintext.py test_all.py test_cert_auth.py test_client_auth.py \ test_client_cert.py test_ipauth_guest.py test_mark_flag.py \ test_mysql.py test_nufw_cert.py test_periods.py \ test_plaintext_acl.py test_plaintext_auth.py test_reject.py \ test_script.py test_syslog.py test_system.py \ test_user_policy.py nufw_runner.py test_session_expire.py \ test_invalid_tcp.py test_acl.py \ test_ldap_acl.py ldapacl.py test_session_authtype.py \ test_tls_client.py test_tls_nuauth.py test_tls_nufw.py nufw-2.4.3/tests/filter.py0000644000175000017500000000235411431206275012426 00000000000000from common import connectClient from mysocket import connectTcp, connectTcpFail from config import config from socket import gethostbyname TIMEOUT = config.getfloat("filter", "timeout") VALID_PORT = config.getint("filter", "valid_port") INVALID_PORT = config.getint("filter", "invalid_port") HOST = gethostbyname(config.get("filter", "host")) IFACE = config.get("filter", "iface") def testPortFailure(testcase, iptables, client, port, err): # Enable iptables filtering iptables.filterTcp(VALID_PORT) # Connect user if client: testcase.assert_(connectClient(client)) # Create socket testcase.assertEqual(connectTcpFail(HOST, port, TIMEOUT), err) def testPort(testcase, iptables, client, port, ok, host=HOST): # Enable iptables filtering iptables.filterTcp(VALID_PORT) # Connect user if client: testcase.assert_(connectClient(client)) # Create socket testcase.assertEqual(connectTcp(host, port, TIMEOUT), ok) def testAllowPort(testcase, iptables, client, host=HOST, allow=True): testPort(testcase, iptables, client, VALID_PORT, allow, host) def testDisallowPort(testcase, iptables, client, host=HOST, allow=False): testPort(testcase, iptables, client, INVALID_PORT, allow, host) nufw-2.4.3/tests/nufw_runner.py0000644000175000017500000000234111431206275013505 00000000000000from unittest import * from logging import info import sys, time class NuFWTestRunner (TextTestRunner): def run(self, test): "Run the given test case or test suite." result = self._makeResult() startTime = time.time() for unit_test in test: info("Starting test from: " + str(type(unit_test))) unit_test(result) if len(result.failures) != 0: break stopTime = time.time() timeTaken = stopTime - startTime result.printErrors() self.stream.writeln(result.separator2) run = result.testsRun self.stream.writeln("Ran %d test%s in %.3fs" % (run, run != 1 and "s" or "", timeTaken)) self.stream.writeln() if not result.wasSuccessful(): self.stream.write("FAILED (") failed, errored = map(len, (result.failures, result.errors)) if failed: self.stream.write("failures=%d" % failed) if errored: if failed: self.stream.write(", ") self.stream.write("errors=%d" % errored) self.stream.writeln(")") else: self.stream.writeln("OK") return result nufw-2.4.3/tests/test_client_auth.py0000755000175000017500000000154511431206275014503 00000000000000#!/usr/bin/python from unittest import TestCase, main from sys import stderr from common import createClientWithCerts, connectClient, PASSWORD from logging import info from nuauth import Nuauth from nuauth_conf import NuauthConf class TestClientAuth(TestCase): def setUp(self): # Load nuauth nuconfig = NuauthConf() self.nuauth = Nuauth(nuconfig) # Create client self.client = createClientWithCerts() def tearDown(self): self.client.stop() self.nuauth.stop() def testValidPass(self): self.client.password = PASSWORD self.assert_(connectClient(self.client)) def testInvalidPass(self): self.client.password = "xxx%sxxx" % PASSWORD self.assert_(not connectClient(self.client)) if __name__ == "__main__": print "Test nuauth client authentication" main() nufw-2.4.3/tests/ldapacl.py0000644000175000017500000000660311431206275012542 00000000000000from config import CONF_DIR from config import config as test_config from common import createClient from os.path import join as path_join from os.path import exists as path_exists from os import remove from os import rmdir from logging import info from IPy import IP import ldap import ldap.modlist from string import split class LDAPAcl: def __init__(self): self.acllist = [] self.ldapuri = test_config.get('test_ldap', 'ldapuri') self.basedn = test_config.get('test_ldap', 'basedn') self.binddn = test_config.get('test_ldap', 'binddn') self.bindpw = test_config.get('test_ldap', 'bindpw') self.conn = ldap.initialize(self.ldapuri) try: self.conn.simple_bind_s(self.binddn, self.bindpw) except ldap.INVALID_CREDENTIALS: print "Invalid auth: %s/%s" % (self.binddn, self.bindpw) def format_acl(self, name, host, port, decision, kw): ldapattr = {} ldapattr['objectclass'] = ['NuAccessControlList'] ldapattr['cn'] = [name] ldapattr['Proto'] = [str(6)] ldapattr['DstPortStart'] = [str(port)] ldapattr['DstPortEnd'] = [str(port)] ldapattr['Decision'] = [str(decision)] dip = str(IP(host).int()) ldapattr['DstIPStart'] = [dip] ldapattr['DstIPEnd'] = [dip] ldapattr['SrcIPStart'] = [str(0)] ldapattr['SrcIPEnd'] = [str(pow(2,32)-1)] ftraduc = { 'App': 'AppName', 'log_prefix': 'description', 'outdev': 'OutDev' } for key, value in kw: if (key == 'OS'): osfields = [ 'OsName', 'OsRelease', 'OsVersion'] for val in value.split(';'): ldapattr[osfields.pop(0)] = val else: ldapattr[ftraduc[key]] = [str(value)] return ldapattr def addAclFull(self, name, host, port, gid, decision=1, **kw): ldapattr = self.format_acl(name, host, port, decision, kw.iteritems()) ldapattr['Group'] = [ str(gid) ] dn = 'cn='+name+','+self.basedn modlist = ldap.modlist.addModlist(ldapattr) try: self.conn.add_s(dn, modlist) except ldap.ALREADY_EXISTS: self.conn.delete_s(dn) self.conn.add_s(dn, modlist) self.acllist.append(dn) def addAclPerUid(self, name, host, port, uid, decision=1, **kw): ldapattr = self.format_acl(name, host, port, decision, kw.iteritems()) ldapattr['User'] = [ str(uid) ] dn = 'cn='+name+','+self.basedn modlist = ldap.modlist.addModlist(ldapattr) try: self.conn.add_s(dn, modlist) except ldap.ALREADY_EXISTS: self.conn.delete_s(dn) self.conn.add_s(dn, modlist) self.acllist.append(dn) def addAcl(self, name, port, gid, decision=1, **kw): self.addAclFull(name, "0.0.0.0/0", port, gid, decision, **kw) def install(self, config): info("Setup LDAP ACL") config["nuauth_acl_check_module"] = '"ldap"' config["ldap_acls_base_dn"] = '"'+self.basedn+'"' config["ldap_bind_dn"] = '"'+self.binddn+'"' config["ldap_bind_password"] = '"'+self.bindpw+'"' config["nuauth_acl_cache"] = 0 def desinstall(self): # drop all inserted acls for dn in self.acllist: try: self.conn.delete_s(dn) except ldap.NO_SUCH_OBJECT: pass nufw-2.4.3/tests/test_mark_flag.py0000755000175000017500000000376611431206275014136 00000000000000#!/usr/bin/python from unittest import TestCase, main from sys import stderr from logging import info from nuauth import Nuauth from nuauth_conf import NuauthConf from common import startNufw, connectClient from filter import HOST, VALID_PORT, TIMEOUT from inl_tests.iptables import Iptables from mysocket import connectTcp from plaintext import PlaintextUserDB, PlaintextUser, PlaintextAcl class TestClientAuth(TestCase): def setUp(self): self.port = VALID_PORT self.mark = 1 self.shift = 8 config = NuauthConf() # Userdb self.user = PlaintextUser("guest", "nopassword", 42, 42) self.userdb = PlaintextUserDB() self.userdb.addUser(self.user) self.userdb.install(config) self.acls = PlaintextAcl() self.acls.addAcl("port", self.port, self.user.gid, flags=(self.mark << self.shift)) self.acls.install(config) # Load nuauth config["nuauth_finalize_packet_module"] = '"mark_flag"' config["mark_flag_mark_shift"] = 0 config["mark_flag_flag_shift"] = self.shift config["mark_flag_nbits"] = 16 self.nuauth = Nuauth(config) self.iptables = Iptables() self.nufw = startNufw(["-m"]) self.client = self.user.createClientWithCerts() def tearDown(self): self.acls.desinstall() self.userdb.desinstall() self.client.stop() self.nuauth.stop() self.iptables.flush() def testValid(self): # Connect client and filter port self.assert_(connectClient(self.client)) self.iptables.filterTcp(self.port) # Test connection without QoS (accept) self.assertEqual(connectTcp(HOST, self.port, TIMEOUT), True) # Test connection with QoS (drop) self.iptables.command("-A POSTROUTING -t mangle -m mark --mark %s -j DROP" % self.mark) self.assertEqual(connectTcp(HOST, self.port, TIMEOUT), False) if __name__ == "__main__": print "Test nuauth mark_flag module" main() nufw-2.4.3/tests/test_cert_auth.py0000755000175000017500000000424211431206275014157 00000000000000#!/usr/bin/python from unittest import TestCase, main from sys import stderr from common import connectClient from nuauth import Nuauth from nuauth_conf import NuauthConf from config import config from plaintext import PlaintextUserDB, PlaintextUser class TestClientCertAuth(TestCase): def setUp(self): self.nuconfig = NuauthConf() cacert = config.get("test_cert", "cacert") # Userdb self.user = PlaintextUser("user", "nopassword", 42, 42) self.userdb = PlaintextUserDB() self.userdb.addUser(self.user) self.userdb.install(self.nuconfig) # Server self.nuconfig["plaintext_userfile"] = '"%s"' % self.userdb.filename self.nuconfig["nuauth_tls_auth_by_cert"] = "2" self.nuconfig["nuauth_tls_request_cert"] = "2" self.nuconfig["nuauth_tls_cacert"] = '"%s"' % cacert self.nuconfig["nuauth_tls_key"] = '"%s"' % config.get("test_cert", "nuauth_key") self.nuconfig["nuauth_tls_cert"] = '"%s"' % config.get("test_cert", "nuauth_cert") self.nuauth = Nuauth(self.nuconfig) def tearDown(self): self.client.stop() self.nuauth.stop() self.userdb.desinstall() self.nuconfig.desinstall() def testValidCert(self): # Client cacert = config.get("test_cert", "cacert") cert = config.get("test_cert", "user_cert") key = config.get("test_cert", "user_key") args = ["-C", cert, "-K", key, "-A", cacert] self.client = self.user.createClient(more_args=args) self.client.password = "xx%sxx" % self.user.password self.assert_(connectClient(self.client)) def testInvalidCert(self): # Expired certificate cacert = config.get("test_cert", "cacert") cert = config.get("test_cert", "user_invalid_cert") key = config.get("test_cert", "user_invalid_key") args = ["-C", cert, "-K", key, "-A", cacert] self.client = self.user.createClient(more_args=args) self.client.password = "xx%sxx" % self.user.password self.assert_(not connectClient(self.client)) if __name__ == "__main__": print "Test nuauth client authentication" main() nufw-2.4.3/tests/test_nufw_cert.py0000755000175000017500000000577711431206275014213 00000000000000#!/usr/bin/python from compatibility import any from unittest import TestCase, main from sys import stderr from common import createClient, connectClient, PASSWORD, startNufw from nuauth import Nuauth from config import config from inl_tests.iptables import Iptables from nuauth_conf import NuauthConf from mysocket import connectTcp from filter import testAllowPort, testPort, HOST, VALID_PORT # We perform the cert check whether a client can connect or not from plaintext import USERDB from plaintext import PlaintextAcl # TODO: check -n=CN:... TIMEOUT = 2.0 class TestClientCert(TestCase): def setUp(self): self.iptables = Iptables() self.port = VALID_PORT self.host = HOST self.cacert = config.get("test_cert", "cacert") self.nuconfig = NuauthConf() self.nuconfig["nuauth_tls_auth_by_cert"] = "0" self.nuauth = Nuauth(self.nuconfig) def tearDown(self): self.nuauth.stop() self.nuconfig.desinstall() self.iptables.flush() def connectNuauthNufw(self): # Open TCP connection just to connect nufw to nuauth self.iptables.filterTcp(self.port) connectTcp(HOST, self.port, 0.100) # nufw side # "TLS connection to nuauth can NOT be restored" def testValidCert(self): self.nufw = startNufw() self.connectNuauthNufw() self.assert_(self.nufw_connection_is_established()) self.nufw.stop() def get_tls_cert_invalid(self): for line in self.nufw.readlines(total_timeout=TIMEOUT): if line.lower().find('certificate verification failed') >= 0: return True return False def testInvalidCert(self): invalid_cacert = config.get("test_cert", "invalid_cacert") self.nufw = startNufw(["-a", invalid_cacert]) self.connectNuauthNufw() self.assert_(self.get_tls_cert_invalid()) self.nufw.stop() # If NuFW does not run under the strict mode, the provided certificates in svn # will be accepted and the client will be able to authenticate and then be # accepted by the firewall. This is what we want to check here def testNotStrictMode(self): self.nufw = startNufw(["-s"]) self.connectNuauthNufw() self.assert_(self.nufw_connection_is_established()) self.nufw.stop() def testStrictMode(self): self.nufw = startNufw(["-d","127.0.0.1"]) self.connectNuauthNufw() self.assert_(not self.nufw_connection_is_established()) self.nufw.stop() def nufw_connection_is_established(self): if self.nufw.is_connected_to_nuauth: return True for line in self.nufw.readlines(total_timeout=TIMEOUT): if line.lower().find("tls connection to nuauth established") >= 0: return True if line.lower().find("tls connection to nuauth restored") >= 0: return True return False if __name__ == "__main__": print "Test nuauth client authentication" main() nufw-2.4.3/tests/test_ldap_acl.py0000755000175000017500000000043611431206275013741 00000000000000#!/usr/bin/python from unittest import TestCase, main from test_acl import TestAcl from ldapacl import LDAPAcl class TestLDAPAcl(TestAcl, TestCase): def func_acls(self): return LDAPAcl() if __name__ == "__main__": print "Test nuauth module 'ldap' for ACL" main() nufw-2.4.3/tests/defaults.cfg0000644000175000017500000000302211431206275013050 00000000000000[nutcpc] version = 20000 prog = ../src/clients/nutcpc/nutcpc username = user password = imauser userid = 1000 ip = 192.168.0.2 connect_timeout = 10.0 [nuauth] version = 20000 host = nuauth.inl.fr use_valgrind = False start_timeout = 10.0 prog = ../src/nuauth/nuauth confdir = /etc/nufw reload_timeout = 10.0 tlskey = ./pki/nuauth.inl.fr.key tlscert = ./pki/nuauth.inl.fr.crt cacert = ./pki/CA.crt [nufw] version = 20000 start_timeout = 10.0 prog = ../src/nufw/nufw tlskey = ./pki/nufw.inl.fr.key tlscert = ./pki/nufw.inl.fr.crt cacert = ./pki/CA.crt [iptables] queue = NFQUEUE [filter] timeout = 5.0 valid_port = 80 invalid_port = 90 host = www.inl.fr iface = eth0 # Change this to a non-privileged user [test_system] username = root password = toto [test_cert] cacert = ./pki/CA.crt invalid_cacert = ../conf/certs/admin@nufw.org-cert.pem nuauth_cert = ./pki/nuauth.inl.fr.crt nuauth_key = ./pki/nuauth.inl.fr.key user_cert = ./pki/client.inl.fr.crt user_key = ./pki/client.inl.fr.key user_expired_cert = ./pki/client-expired.inl.fr.crt user_expired_key = ./pki/client-expired.inl.fr.key user_revoked_cert = ./pki/client-revoked.inl.fr.crt user_revoked_key = ./pki/client-revoked.inl.fr.key user_invalid_cert = ../conf/certs/admin@nufw.org-cert.pem user_invalid_key = ../conf/certs/admin@nufw.org-key.pem crl = ./pki/crl.pem invalid_crl = ../conf/certs/crl.pem [test_mysql] query_timeout = 2.0 [test_pgsql] query_timeout = 2.0 [test_ldap] ldapuri = ldap://127.0.0.1 basedn = dc=nufw,dc=org binddn = cn=admin,dc=nufw,dc=org bindpw = nupik nufw-2.4.3/tests/nuauth_conf.py0000644000175000017500000000766411431206275013463 00000000000000import re from inl_tests.replace_file import ReplaceFile from logging import info from config import NUAUTH_CONF from os.path import abspath, dirname, join, exists from subprocess import call, Popen import sys class NuauthConf(ReplaceFile): def __init__(self): ReplaceFile.__init__(self, NUAUTH_CONF, self.writeContent) self.need_restart = False # Load current configuration self.content = {} for line in open(self.filename): line = re.sub("#.*", "", line) line = line.strip() if not line: continue if re.match("^include", line): self.parse_include(line) continue line = line.split("=", 1) if len(line) != 2: raise Exception("Line %s has no '='" % line) key, value = line self.content[key] = value # default values self["nuauth_tls_cacert"] = '"%s"' % abspath("./pki/CA.crt") self["nuauth_tls_key"] = '"%s"' % abspath("./pki/nuauth.inl.fr.key") self["nuauth_tls_cert"] = '"%s"' % abspath("./pki/nuauth.inl.fr.crt") self["nuauth_tls_request_cert"] = "1" self["nuauth_tls_auth_by_cert"] = "0" self["nuauth_tls_disable_nufw_fqdn_check"] = "1" self["nuauth_nufw_listen_addr"] = '"0.0.0.0"' self["nufw_gw_addr"] = None # disable cert checking module, this can prevent correct # authentication from working (for ex if OCSP is working) self["nuauth_certificate_check_module"] = None # do not use CRL by default self["nuauth_tls_crl"] = None self["nuauth_tls_dh_params"] = None self.gen_dh_params("/tmp/dh512.pem") def gen_dh_params(self, file): if not exists(file): try: retcode = call("openssl dhparam -out %s 512" % file, shell=True) if retcode < 0: print >>sys.stderr, "Child was terminated by signal", -retcode else: print >>sys.stderr, "Child returned", retcode except OSError, e: print >>sys.stderr, "Execution failed:", e self["nuauth_tls_dh_params"] = '"%s"' % file def parse_include(self, line): conf_dir = dirname(self.filename) (ignored,filename) = line.split(" ", 1) filename = filename.strip('"') included_file = join(conf_dir,filename) for line in open(included_file): line = re.sub("#.*", "", line) line = line.strip() if not line: continue if re.match("^include", line): raise Exception("Nested includes forbidden ! (line '%s' from file %s)" % (line,included_file)) line = line.split("=", 1) if len(line) != 2: raise Exception("Line %s has no '='" % line) key, value = line self.content[key] = value def writeContent(self, output): for key, value in self.content.iteritems(): output.write("%s=%s\n" % (key, value)) def __getitem__(self, key): try: value = self.content[key] except KeyError: raise AttributeError("nuauth.conf has no key '%s'" % key) if value.startswith('"') and value.endswith('"'): value = value[1:-1] return value def needRestart(self, key, newvalue): if self.need_restart: return True if key in self.content and self.content[key] == newvalue: return False if key.startswith("nuauth_tls"): return True; return False def __setitem__(self, key, value): if self.needRestart(key, value): self.need_restart = True info("nuauth.conf: set %s=%s" % (key, value)) if value is None: if self.content.has_key(key): del self.content[key] else: self.content[key] = value nufw-2.4.3/tests/test_script.py0000755000175000017500000000361411431206275013507 00000000000000#!/usr/bin/python from unittest import TestCase, main from config import CONF_DIR, NUAUTH_VERSION from common import createClientWithCerts, connectClient from os import path from inl_tests.replace_file import ReplaceFile from logging import warning from nuauth import Nuauth from nuauth_conf import NuauthConf ECHO_BIN = '/bin/echo' SCRIPT_UP = path.join(CONF_DIR, "user-up.sh") SCRIPT_DOWN = path.join(CONF_DIR, "user-down.sh") MODE = 0111 SCRIPT = "#!/bin/sh\necho \"SCRIPT %s COUNT=$# TEXT >>>$@<<<\"\n" class TestScript(TestCase): def setUp(self): # Prepare our new scripts self.script_up = ReplaceFile(SCRIPT_UP, SCRIPT % "UP", MODE) self.script_down = ReplaceFile(SCRIPT_DOWN, SCRIPT % "DOWN", MODE) self.script_up.install() self.script_down.install() # Create nuauth config = NuauthConf() config["nuauth_user_session_logs_module"] = '"script"' self.nuauth = Nuauth(config) def tearDown(self): # Restore scripts and nuauth config self.script_up.desinstall() self.script_down.desinstall() self.nuauth.stop() def checkScript(self, match): warning("checkScript(%r)" % match) for line in self.nuauth.readlines(total_timeout=2.0): if line == match: return True return False def testLogin(self): # Client login client = createClientWithCerts() self.assert_(connectClient(client)) # Check log output match = "SCRIPT UP COUNT=2 TEXT >>>%s %s<<<" \ % (client.username, client.ip) self.assert_(self.checkScript(match)) # Client logout client.stop() match = "SCRIPT DOWN COUNT=2 TEXT >>>%s %s<<<" \ % (client.username, client.ip) self.assert_(self.checkScript(match)) if __name__ == "__main__": print "Test nuauth module 'log_script'" main() nufw-2.4.3/tests/test_reject.py0000755000175000017500000000403611431206275013456 00000000000000#!/usr/bin/python from unittest import TestCase, main from common import startNufw, connectClient from nuauth import Nuauth from nuauth_conf import NuauthConf from inl_tests.iptables import Iptables from filter import testAllowPort, testPortFailure, VALID_PORT from test_plaintext_auth import USERDB from plaintext import PlaintextAcl from errno import ETIMEDOUT, ECONNREFUSED, EISCONN class TestICMPReject(TestCase): def setUp(self): self.iptables = Iptables() self.users = USERDB self.acls = PlaintextAcl() self.acls.addAcl("web", VALID_PORT, self.users[0].gid+1) self.config = NuauthConf() self.config["nuauth_packet_timeout"] = "1" self.users.install(self.config) self.acls.install(self.config) self.nufw = startNufw(["-s"]) def tearDown(self): # Restore user DB and nuauth config self.users.desinstall() self.acls.desinstall() self.nuauth.stop() self.iptables.flush() def testDrop(self): self.config["nuauth_reject_after_timeout"] = "0" self.config["nuauth_reject_authenticated_drop"] = "0" self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testPortFailure(self, self.iptables, client, VALID_PORT, ETIMEDOUT) client.stop() def testRejectTimedout(self): self.config["nuauth_reject_after_timeout"] = "1" self.config["nuauth_reject_authenticated_drop"] = "0" self.nuauth = Nuauth(self.config) testPortFailure(self, self.iptables, None, VALID_PORT, ECONNREFUSED) def testRejectAuthenticated(self): self.config["nuauth_reject_after_timeout"] = 0 self.config["nuauth_reject_authenticated_drop"] = 1 self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testPortFailure(self, self.iptables, client, VALID_PORT, ECONNREFUSED) client.stop() if __name__ == "__main__": print "Test ICMP reject message" main() nufw-2.4.3/tests/config.py0000644000175000017500000000231211431206275012400 00000000000000from ConfigParser import RawConfigParser as ParentConfigParser class ConfigParser(ParentConfigParser): def get(self, section, option): value = ParentConfigParser.get(self, section, option) return value.strip() config = ConfigParser() config.read(["defaults.cfg", "config.cfg"]) from os import getcwd, path CONF_DIR = config.get("nuauth", "confdir") NUAUTH_CONF = path.join(CONF_DIR, "nuauth.conf") # Nuauth options NUAUTH_VERSION = config.getint("nuauth", "version") NUAUTH_PROG = config.get("nuauth", "prog") NUAUTH_HOST = config.get("nuauth", "host") USE_VALGRIND = config.getboolean("nuauth", "use_valgrind") NUAUTH_START_TIMEOUT = config.getfloat("nuauth", "start_timeout") # Client options NUTCPC_VERSION = config.getint("nutcpc", "version") NUTCPC_PROG = config.get("nutcpc", "prog") USERNAME = config.get("nutcpc", "username") PASSWORD = config.get("nutcpc", "password") CLIENT_IP = config.get("nutcpc", "ip") CLIENT_USER_ID = config.getint("nutcpc", "userid") # Nufw options NUFW_VERSION = config.getint("nufw", "version") NUFW_PROG = config.get("nufw", "prog") NUFW_START_TIMEOUT = config.getfloat("nufw", "start_timeout") # Iptables options IPTABLE_QUEUE = config.get("iptables", "queue") nufw-2.4.3/tests/plaintext.py0000644000175000017500000000735611431206275013160 00000000000000from config import CONF_DIR from common import createClient, createClientWithCerts from inl_tests.replace_file import ReplaceFile from os.path import join as path_join from os.path import exists as path_exists from os import remove from os import rmdir from logging import info from tempfile import mkdtemp class PlaintextUser: def __init__(self, login, password, uid, gid): self.login = login self.password = password self.uid = uid self.gid = gid def createClient(self, more_args=None): return createClient(self.login, self.password, more_args=more_args) def createClientWithCerts(self, more_args=None): return createClientWithCerts(self.login, self.password, more_args=more_args) def __str__(self): return "%s:%s:%u:%u" % (self.login, self.password, self.uid, self.gid) class PlaintextUserDB: def __init__(self): self.users = [] def addUser(self, user): self.users.append(user) def install(self, config): info("Setup Plaintext user database") text = [] for user in self.users: user_text = str(user) info("Add user: %s" % user_text) text.append(user_text) text = "\n".join(text)+"\n" self.basedir = mkdtemp() self.filename = path_join(self.basedir, "users.nufw") output = open(self.filename, 'w') output.write(text) output.close() config["nuauth_user_check_module"] = '"plaintext"' config["plaintext_userfile"] = '"%s"' % self.filename def desinstall(self): if hasattr(self, 'filename'): if path_exists(self.filename): remove(self.filename) if hasattr(self, 'basedir'): if path_exists(self.basedir): rmdir(self.basedir) def __getitem__(self, key): return self.users[key] USERDB = PlaintextUserDB() USERDB.addUser( PlaintextUser("username", "password", 1, 100) ) USERDB.addUser( PlaintextUser("username2", "password2", 2, 200) ) class PlaintextAcl: def __init__(self): self.content = [] def addAclFull(self, name, host, port, gid, decision=1, **kw): text = [ "[%s]" % name, "decision=%s" % decision, "gid=%u" % gid, "DstIP=%s" % host, "DstPort=%u" % port] for key, value in kw.iteritems(): text.append("%s=%s" % (key, value)) for line in text: info("Create plaintext ACL: %s" % text) self.content.extend(text) def addAclPerUid(self, name, host, port, uid, decision=1, **kw): text = [ "[%s]" % name, "decision=%s" % decision, "uid=%u" % uid, "DstIP=%s" % host, "DstPort=%u" % port] for key, value in kw.iteritems(): text.append("%s=%s" % (key, value)) self.content.extend(text) def addAcl(self, name, port, gid, decision=1, **kw): self.addAclFull(name, "0.0.0.0/0", port, gid, decision, **kw) def install(self, config): info("Setup Plaintext ACL") for line in self.content: info("Plaintext ACL: %s" % line) text = "\n".join(self.content) self.basedir = mkdtemp() self.filename = path_join(self.basedir, "acls.nufw") output = open(self.filename, 'w') output.write(text) output.close() config["plaintext_aclfile"] = '"%s"' % self.filename config["nuauth_acl_check_module"] = '"plaintext"' def desinstall(self): if hasattr(self, 'filename'): if path_exists(self.filename): remove(self.filename) if hasattr(self, 'basedir'): if path_exists(self.basedir): rmdir(self.basedir) nufw-2.4.3/tests/compatibility.py0000644000175000017500000000155111431206275014010 00000000000000""" Compatibility functions for Python 1.5 to 2.5. any() function ============== any() returns True if at least one items is True, or False otherwise. >>> any([False, True]) True >>> any([True, True]) True >>> any([False, False]) False all() function ============== all() returns True if all items are True, or False otherwise. This function is just apply binary and operator (&) on all values. >>> all([True, True]) True >>> all([False, True]) False >>> all([False, False]) False """ import operator # --- any() from Python 2.5 --- try: from __builtin__ import any except ImportError: def any(items): for item in items: if item: return True return False # ---all() from Python 2.5 --- try: from __builtin__ import all except ImportError: def all(items): return reduce(operator.__and__, items) nufw-2.4.3/tests/test_session_authtype.py0000755000175000017500000000737311431206275015617 00000000000000#!/usr/bin/python from unittest import TestCase, main from sys import stderr from common import createClientWithCerts, connectClient from nuauth import Nuauth from nuauth_conf import NuauthConf from config import config from os.path import join as path_join from plaintext import PlaintextUser, PlaintextUserDB class TestClientCert(TestCase): def setUp(self): self.cacert = config.get("test_cert", "cacert") nuconfig = NuauthConf() nuconfig["nuauth_user_session_modify_module"]= "\"session_authtype\"" nuconfig["nuauth_tls_auth_by_cert"] = "0" nuconfig["nuauth_tls_request_cert"] = "0" nuconfig["nuauth_tls_cacert"] = '"%s"' % self.cacert nuconfig["nuauth_tls_key"] = '"%s"' % config.get("test_cert", "nuauth_key") nuconfig["nuauth_tls_cert"] = '"%s"' % config.get("test_cert", "nuauth_cert") self.config = nuconfig # Userdb self.user = PlaintextUser("user", "nopassword", 42, 42) self.userdb = PlaintextUserDB() self.userdb.addUser(self.user) self.userdb.install(self.config) def tearDown(self): self.nuauth.stop() self.client.stop() def testCertAuthGroupOK(self): self.config["nuauth_tls_auth_by_cert"] = "2" self.config["session_authtype_ssl_groups"] = "\"42\"" self.nuauth = Nuauth(self.config) # Client self.client = self.user.createClientWithCerts() self.client.password = "xx%sxx" % self.user.password self.assert_(connectClient(self.client)) def testCertAuthGroupNOK(self): self.config["nuauth_tls_auth_by_cert"] = "2" self.config["session_authtype_ssl_groups"] = "\"100\"" self.nuauth = Nuauth(self.config) # Client self.client = self.user.createClientWithCerts() self.client.password = "xx%sxx" % self.user.password self.assert_(not connectClient(self.client)) def testWhitelistAuthOK(self): self.config["nuauth_tls_auth_by_cert"] = 0 self.config["session_authtype_whitelist_groups"] = "\"42\"" self.nuauth = Nuauth(self.config) self.client = self.user.createClientWithCerts() self.assert_(connectClient(self.client)) def testWhitelistAuthNOK(self): self.config["nuauth_tls_auth_by_cert"] = 0 self.config["session_authtype_whitelist_groups"] = "\"123\"" self.nuauth = Nuauth(self.config) self.client = self.user.createClientWithCerts() self.assert_(not connectClient(self.client)) def testBlacklistAuthOK(self): self.config["nuauth_tls_auth_by_cert"] = 0 self.config["session_authtype_blacklist_groups"] = "\"123\"" self.nuauth = Nuauth(self.config) self.client = self.user.createClientWithCerts() self.assert_(connectClient(self.client)) def testBlacklistAuthNOK(self): self.config["nuauth_tls_auth_by_cert"] = 0 self.config["session_authtype_blacklist_groups"] = "\"42\"" self.nuauth = Nuauth(self.config) self.client = self.user.createClientWithCerts() self.assert_(not connectClient(self.client)) def testSASLAuthOK(self): self.config["nuauth_tls_auth_by_cert"] = 0 self.config["session_authtype_sasl_groups"] = "\"42\"" self.nuauth = Nuauth(self.config) self.client = self.user.createClientWithCerts() self.assert_(connectClient(self.client)) def testSASLAuthNOK(self): self.config["nuauth_tls_auth_by_cert"] = 0 self.config["session_authtype_sasl_groups"] = "\"123\"" self.nuauth = Nuauth(self.config) self.client = self.user.createClientWithCerts() self.assert_(not connectClient(self.client)) if __name__ == "__main__": print "Test nuauth authentication policy" main() nufw-2.4.3/tests/test_acl.py0000755000175000017500000001017711431206275012744 00000000000000#!/usr/bin/python from unittest import TestCase, main from common import startNufw, connectClient from nuauth import Nuauth from nuauth_conf import NuauthConf from inl_tests.iptables import Iptables from filter import testAllowPort, testDisallowPort, VALID_PORT, HOST, IFACE from test_plaintext_auth import USERDB from sys import executable from os import uname from os.path import realpath APPLICATION = realpath(executable) OS = uname() OS_NAME = OS[0] OS_FULL = "%s;%s;%s" % (OS[0], OS[2], OS[3]) class TestAcl(object): def setUp(self): self.iptables = Iptables() self.users = USERDB self.host = HOST self.config = NuauthConf() self.acls = self.func_acls() # Start nuauth with new config self.users.install(self.config) self.nufw = startNufw(["-s"]) def tearDown(self): # Restore user DB and nuauth config self.users.desinstall() self.nuauth.stop() self.iptables.flush() self.acls.desinstall() def testFilterByGroup(self): self.acls.addAclFull("Web group", self.host, VALID_PORT, self.users[0].gid) self.acls.install(self.config) self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testAllowPort(self, self.iptables, client, self.host) testDisallowPort(self, self.iptables, client, self.host) self.acls.desinstall() def testFilterByUser(self): self.acls.addAclPerUid("Web user", self.host, VALID_PORT, self.users[0].uid) self.acls.install(self.config) self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testAllowPort(self, self.iptables, client, self.host) testDisallowPort(self, self.iptables, client, self.host) self.acls.desinstall() def testValidApplication(self): self.acls.addAclFull("application", self.host, VALID_PORT, self.users[0].gid, App=APPLICATION) self.acls.install(self.config) self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testAllowPort(self, self.iptables, client, self.host) self.acls.desinstall() def testInvalidApplication(self): self.acls.addAclFull("application", self.host, VALID_PORT, self.users[0].gid, App=APPLICATION+"xxx") self.acls.install(self.config) self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testAllowPort(self, self.iptables, client, self.host, allow=False) self.acls.desinstall() def testValidOS(self): self.acls.addAclFull("application", self.host, VALID_PORT, self.users[0].gid, OS=OS_FULL) self.acls.install(self.config) self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testAllowPort(self, self.iptables, client, self.host) self.acls.desinstall() def testInvalidOS(self): self.acls.addAclFull("application", self.host, VALID_PORT, self.users[0].gid, OS=OS_NAME+"xxx") self.acls.install(self.config) self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testAllowPort(self, self.iptables, client, self.host, allow=False) self.acls.desinstall() def testOutdevOk(self): self.acls.addAclFull("outdev test", self.host, VALID_PORT, self.users[0].gid, outdev = IFACE) self.acls.install(self.config) self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testAllowPort(self, self.iptables, client, self.host) self.acls.desinstall() def testOutdevNOK(self): self.acls.addAclFull("outdev test", self.host, VALID_PORT, self.users[0].gid, outdev = "bad0") self.acls.install(self.config) self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testAllowPort(self, self.iptables, client, self.host, allow=False) self.acls.desinstall() nufw-2.4.3/tests/test_system.py0000755000175000017500000000207511431206275013527 00000000000000#!/usr/bin/python from unittest import TestCase, main from config import CONF_DIR, config from common import createClientWithCerts, connectClient from nuauth import Nuauth from nuauth_conf import NuauthConf from os import path from inl_tests.replace_file import ReplaceFile class TestSystem(TestCase): def setUp(self): # Start nuauth with our config nuconfig = NuauthConf() nuconfig["nuauth_user_check_module"] = '"system"' self.nuauth = Nuauth(nuconfig) def tearDown(self): # Restore user DB and nuauth config self.nuauth.stop() def testLogin(self): username = config.get("test_system", "username") password = config.get("test_system", "password") client = createClientWithCerts(username, password) self.assert_(connectClient(client)) client.stop() client = createClientWithCerts(username, "xxx%sxxx" % password) self.assert_(not connectClient(client)) client.stop() if __name__ == "__main__": print "Test nuauth module 'system' for AUTH" main() nufw-2.4.3/tests/test_plaintext_acl.py0000755000175000017500000000046411431206275015032 00000000000000#!/usr/bin/python from unittest import TestCase, main from test_acl import TestAcl from plaintext import PlaintextAcl class TestPlaintextAcl(TestAcl, TestCase): def func_acls(self): return PlaintextAcl() if __name__ == "__main__": print "Test nuauth module 'plaintext' for ACL" main() nufw-2.4.3/tests/test_ipauth_guest.py0000755000175000017500000000274111431206275014704 00000000000000#!/usr/bin/python from unittest import TestCase, main from sys import stderr from logging import info from nuauth import Nuauth from nuauth_conf import NuauthConf from common import startNufw from filter import HOST, VALID_PORT, TIMEOUT from inl_tests.iptables import Iptables from mysocket import connectTcp from plaintext import PlaintextUserDB, PlaintextUser, PlaintextAcl class TestClientAuth(TestCase): def setUp(self): self.port = VALID_PORT config = NuauthConf() # Userdb self.user = PlaintextUser("visiteur", "nopassword", 42, 42) self.userdb = PlaintextUserDB() self.userdb.addUser(self.user) self.userdb.install(config) self.acls = PlaintextAcl() self.acls.addAcl("web", self.port, self.user.gid) self.acls.install(config) # Load nuauth config["nuauth_do_ip_authentication"] = '1' config["nuauth_ip_authentication_module"] = '"ipauth_guest"' config["ipauth_guest_username"] = '"%s"' % self.user.login self.nuauth = Nuauth(config) self.iptables = Iptables() self.nufw = startNufw() def tearDown(self): self.acls.desinstall() self.userdb.desinstall() self.nuauth.stop() self.iptables.flush() def testValid(self): self.iptables.filterTcp(self.port) self.assertEqual(connectTcp(HOST, self.port, TIMEOUT), True) if __name__ == "__main__": print "Test nuauth client authentication" main() nufw-2.4.3/tests/test_periods.py0000755000175000017500000000411411431206275013644 00000000000000#!/usr/bin/python from unittest import TestCase, main from common import startNufw, connectClient from nuauth import Nuauth from nuauth_conf import NuauthConf from inl_tests.iptables import Iptables from filter import testPort, testAllowPort, VALID_PORT from test_plaintext_auth import USERDB from plaintext import PlaintextAcl import time import os class TestPlaintextAcl(TestCase): def setUp(self): self.iptables = Iptables() self.users = USERDB self.config = NuauthConf() self.config["xml_defs_periodfile"] = '"%s"' % os.path.abspath("../conf/periods.xml") self.acls = PlaintextAcl() # Start nuauth with new config self.users.install(self.config) self.nufw = startNufw(["-s"]) def tearDown(self): # Restore user DB and nuauth config self.users.desinstall() self.acls.desinstall() self.nuauth.stop() self.iptables.flush() def testPeriodDrop(self): self.acls.desinstall() self.acls = PlaintextAcl() if time.localtime().tm_hour >= 12: period = "0-12" else: period = "12-24" self.acls.addAcl("web", VALID_PORT, self.users[0].gid, 1, period=period ) self.acls.install(self.config) self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testPort(self, self.iptables, client, VALID_PORT, False) self.acls.desinstall() def testPeriodAccept(self): self.acls.desinstall() self.acls = PlaintextAcl() if time.localtime().tm_hour < 12: period = "0-12" else: period = "12-24" self.acls.addAcl("web", VALID_PORT, self.users[0].gid, 1, period=period) self.acls.install(self.config) self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testAllowPort(self, self.iptables, client) self.acls.desinstall() if __name__ == "__main__": print "Test nuauth module 'periods' for ACL" main() nufw-2.4.3/scripts/0000777000175000017500000000000011431215442011170 500000000000000nufw-2.4.3/scripts/Makefile.in0000644000175000017500000003534411431215376013170 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = scripts DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = nuauth_command auth_mysql EXTRA_DIST = clean_conntrack.pl nuaclgen nutop ulog_rotate_daily.sh ulog_rotate_weekly.sh client_test.sh encryptpw_sha1 encryptpw_md5 all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu scripts/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu scripts/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ distdir=`$(am__cd) $(distdir) && pwd`; \ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ (cd $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$top_distdir" \ distdir="$$distdir/$$subdir" \ am__remove_distdir=: \ am__skip_length_check=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-exec-am: install-html: install-html-recursive install-info: install-info-recursive install-man: install-pdf: install-pdf-recursive install-ps: install-ps-recursive installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ install-strip .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic clean-libtool \ ctags ctags-recursive distclean distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/scripts/README0000644000175000017500000000134211431206275011770 00000000000000This directory contains some usefull scripts: * clean_conntrack.pl * Move old entry from table conntrack_ulog to archive table ulog. It can be used with mysql logging module. * nuaclgen * This script can be used to store ACLs in an LDAP directory. * nuauth_command * It can be used to list and modify some properties of a running nuauth. * nutop * This top-like perl script displays the list of of authenticated connections. * ulog_rotate_daily.sh * This scripts move old datas from ulog table to an archive table (ulog_1). This ensure we only have 7 days of log in main table. Its place is in daily cron job. * ulog_rotate_weekly.sh * It is in charge of doing a weekly rotation of all datas. Its place is in weekly cron job. nufw-2.4.3/scripts/nuaclgen0000755000175000017500000002154311431206275012637 00000000000000#!/usr/bin/perl ################################################################################### # # nuaclgen.pl : insertion of ACls in the Nu Ldap tree. # # Copyright(C) 2003,2005 Eric Leblond # Vincent Deffontaines # INL http://www.inl.fr/ # # $Id$ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, version 2 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ################################################################################### use strict; use warnings; use Net::LDAP; use Getopt::Long; use Socket; $Getopt::Long::ignorecase=0; my %acl; # TODO unused variable ? my $exit_code; our ($basedn, $ldap_host, $username, $password); # include conf variables do "/etc/nufw/nuaclgen.conf" or die "Can not find config file"; sub convert_addr { my @list; my $partsum; my @parts; foreach my $address (@_) { @parts=split /\./, $address; $partsum=0; foreach my $part (@parts) { $partsum = $partsum*256 + $part; } push @list, ($partsum); } return @list if @list > 1; return $list[0] if @list == 1; } sub construct_addr_range { my ($range, $src , $dst); $range=shift; if ($range=~m#([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})/([0-9]{1,2})#) { return (convert_addr($1),convert_addr($1)+2**(32-$2)-1) } elsif ( $range=~m/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ ) { my $ip=convert_addr($range); return ($ip,$ip); } else { return "Invalid"; } } sub construct_port_range { my @range = split /:/ , shift; if (scalar @range == 2) { return @range; } elsif (scalar @range == 1) { return ($range[0], $range[0]); } else { return "OOPs"; } } sub todotquad { my $ip = shift; my $stringip = $ip % 256; foreach my $i (0..2) { $ip = ( $ip - $ip%256 ) / 256; $stringip = $ip % 256 . "." . $stringip; } return $stringip; } my $separator = ","; my ($help, $schema, $saddr, $daddr, $proto, $sport, $dport); my ($decision, $groups, $users, $aclname, $osname, $osversion, $authquality); my ($osrelease, $appname, $appsig, $list, $delete ); my $result = GetOptions("help" => \$help, "Schema" => \$schema, "saddr=s" => \$saddr, "daddr=s" => \$daddr, "proto=i" => \$proto, "sport=s" => \$sport, "dport=s" => \$dport, "jump=s" => \$decision, "groups=s" => \$groups, "users=s" => \$users, "Aclname=s" => \$aclname, "OsName=s" => \$osname, "OsVersion=s" => \$osversion, "OsRelease=s" => \$osrelease, "AppName=s" => \$appname, "AppSig=s" => \$appsig, "AuthQuality" => \$authquality, "Separator" => \$separator, "List" => \$list, "Delete=s" => \$delete, ); if ($result == 0) { die "Error parsing options\n"; } if ($help) { print "nuaclgen [-S (eq|ineq)] --Aclname [ACLDN] [--saddr NETWORK1] [--daddr NETWORK2] [--proto PROTONUMBER] [--sport P1[:P2]] [--dport P3[:P4]] --jump [ACCEPT|DROP] [--groups [GROUPLIST] || --users [USERSLIST]] [--OsName N1,N2... [--OsVersion V1,V2...] [--OsRelease R1,R2...]] [--AppName N1,N2... [--AppSig S1,S2...]] [--AuthQuality 1]: add an acl nuaclgen -L -g [Id Group] : list acl(s) for a group. nuaclgen -L -u [Id User] : list acl(s) for a user. nuaclgen --Delete dn : delete this dn ACL SYNTAX : \t- NETWORK : aaa.bbb.ccc.ddd[/ee] \t- GROUPSLIST : gid1[,gid2,gid3] \t- USERSLIST : uid1[,uid2,uid3] \t- PORTRANGE: NNNN[:MMMM] "; exit; } if ((defined $aclname)+(defined $list)+defined($delete) > 1) { die "Sorry, one mode allowed at a time only!"; } if (defined $delete) { my $mybase = $basedn; chomp $mybase; if ($delete!~/.*$mybase$/){ print "basedn : $mybase\n"; print "delete : $delete\n"; die "Sorry, not allowed to delete that cn. It's not in the ACL base!"; } }else{ if (not (defined($groups) or defined($users))) { die "No group(s) or user(s) given\n"; } if (defined($groups)) { if ($groups=~m/,/) { $acl{"Group"}= [split /,/ , $groups]; } else { $acl{"Group"}= $groups; } } if (defined($users)) { if ($users=~m/,/) { $acl{"User"}= [split /,/ , $users]; } else { $acl{"User"}= $users; } } } #do ldap connect my $ldap = Net::LDAP->new($ldap_host) or die $@;; # bind to a directory with dn and password $result = $ldap->bind ( $username, password => $password ) or die $@; $result->code && warn "failed to bind: ", $result->error; if ($aclname){ if (not defined($saddr)) { $saddr="0.0.0.0/0"; } ($acl{"SrcIpStart"},$acl{"SrcIpEnd"})=construct_addr_range($saddr); if (not defined($daddr)) { $daddr="0.0.0.0/0"; } ($acl{"DstIpStart"},$acl{"DstIpEnd"})=construct_addr_range($daddr); if (not defined($sport)) { $sport="0:65535"; } ($acl{"SrcPortStart"},$acl{"SrcPortEnd"})=construct_port_range($sport); if (not defined($proto)) { $acl{"Proto"}=[6,17]; } else { $acl{"Proto"}=$proto; } if (not defined($schema) or $schema eq 'eq') { if (not defined($dport)) { die "Equality schema specified, destination port needed"; } else { # split by comma my @dports = split(/,/,$dport); $acl{"DstPort"}=\@dports; } } else { if (not defined($dport)) { $dport="0:65535"; } ($acl{"DstPortStart"},$acl{"DstPortEnd"})=construct_port_range($dport); } $acl{"objectclass"} = [ "top", "NuAccessControlList" ]; if (defined $osname){ my @os = split(/$separator/,$osname); $acl{"OsName"}=\@os; if (defined $osversion){ my @ver= split(/$separator/,$osversion); $acl{"OsVersion"}=\@ver; } if (defined $osrelease){ my @rel= split(/$separator/,$osrelease); $acl{"OsVersion"}=\@rel; } } if (defined $appname){ my @app= split(/$separator/,$appname); $acl{"AppName"}=\@app; if (defined $appsig){ my @sig= split(/$separator/,$appsig); $acl{"AppSig"}=\@sig; } } if (defined $authquality){ my @sig= split(/$separator/,$authquality); $acl{"AuthQuality"}=\@sig; } # look for Add mode if (not defined($aclname)) { $exit_code = "No Acl Name given, Aborting\n"; } else { $aclname=~/^[a-zA-Z0-9,=_\s]+$/ or die "Sorry, bad characters in Acl name ( $aclname )"; $aclname=~m/^cn=(\w+),.*/ and $acl{"cn"}=$1; if (not defined($decision)) { die "No decision given\n"; } else { if ($decision eq "ACCEPT") { $acl{"Decision"}=1; } else { $acl{"Decision"}=0; } } print "Adding $aclname\n"; $result = $ldap->add( $aclname, attr => [%acl ]) ; $result->code && warn "failed to add entry: ", $result->error or print "done\n"; $ldap->unbind; # take down session exit; } } my $filter; if (defined ($list)) { if (defined($groups)) { $filter = "(&(objectClass=NuAccessControlList)(Group=".$acl{"Group"}."))"; } elsif (defined($users)) { $filter = "(&(objectClass=NuAccessControlList)(User=".$acl{"User"}."))"; } else { die("No group or user given"); } my $results = $ldap->search( # perform a search base => $basedn, filter => $filter, ); foreach my $entry ($results->all_entries) { my $dn = $entry->dn; # $entry->dump; # print source address my $sad = todotquad($entry->get_value("SrcIpStart")); $sad .="-". todotquad($entry->get_value("SrcIpEnd")); # print dest address my $dad = todotquad($entry->get_value("DstIpStart")); $dad .="-". todotquad($entry->get_value("DstIpEnd")); # print source port my $sport = $entry->get_value("SrcPortStart").":".$entry->get_value("SrcPortEnd"); # print dest port my $dport = $entry->get_value("DstPort"); if (! $dport){ $dport = $entry->get_value("DstPortStart").":".$entry->get_value("DstPortEnd"); } # print groups my ($dec)=$entry->get_value("Decision"); # OSname $osname=$entry->get_value("OsName"); $osversion=$entry->get_value("OsVersion"); $osrelease=$entry->get_value("OsRelease"); $appname=$entry->get_value("AppName"); $appsig=$entry->get_value("AppSig"); if ($dec) { $dec="ACCEPT"; } else { $dec="DROP"; } print "dn: $dn src : $sad $sport dst : $dad $dport OS: $osname $osversion $osrelease App: $appname $appsig $$dec\n"; } $ldap->unbind; # take down session exit; } if (defined ($delete)) { my $results = $ldap->delete($delete); $results->code && warn "failed to delete entry: ", $results->error ; $ldap->unbind; # take down session exit; }else { $exit_code = "No List mode"; } nufw-2.4.3/scripts/ulog_rotate_daily.sh0000755000175000017500000000105611431206275015157 00000000000000#!/bin/bash SQLCMD="mysql ulogd" TABNAME=ulog; USERTABNAME=users; #SQLCMD="echo" echo "insert into ${TABNAME}_1 select * from $TABNAME where timestamp < CURDATE() - INTERVAL 7 DAY; delete from $TABNAME where timestamp < CURDATE() - INTERVAL 7 DAY; optimize table $TABNAME;" | $SQLCMD echo "insert into ${USERTABNAME}_1 select * from $USERTABNAME where end_time is NOT NULL AND end_time < CURDATE() - INTERVAL 7 DAY; delete from $USERTABNAME where end_time IS NOT NULL AND end_time < CURDATE() - INTERVAL 7 DAY; optimize table $USERTABNAME;" | $SQLCMD nufw-2.4.3/scripts/encryptpw_sha10000644000175000017500000000174111431206275014005 00000000000000#!/usr/bin/perl -w # Author: Pierre Chifflier # license: GPLv2 # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, version 2 of the License. # NIST SHA-1 message digest algorithm use Digest::SHA1 qw(sha1_base64); use POSIX; sub echo_off { my($echo) = (&POSIX::ECHO|&POSIX::ECHOK); $no_echo = $term_orig; $no_echo &= ~$echo; $t->setlflag( $no_echo ); $t->setattr( 0, &TCSANOW); } sub echo_on { $t->setlflag( $term_orig ); $t->setattr( 0, &TCSANOW); } # # Set up terminal $t = POSIX::Termios->new(); $t->getattr(); $term_orig = $t->getlflag(); my $plaintext=shift; if (!$plaintext) { print "password : "; echo_off(); chop ($plaintext=); echo_on(); print "\n"; } # we append a = because the sha1_base64 function does not append it print sha1_base64($plaintext), "=\n"; nufw-2.4.3/scripts/Makefile.am0000644000175000017500000000025311431206275013144 00000000000000SUBDIRS = nuauth_command auth_mysql EXTRA_DIST = clean_conntrack.pl nuaclgen nutop ulog_rotate_daily.sh ulog_rotate_weekly.sh client_test.sh encryptpw_sha1 encryptpw_md5 nufw-2.4.3/scripts/clean_conntrack.pl0000755000175000017500000000551411431206275014601 00000000000000#!/usr/bin/perl -w # ## fwcon.pl: Forward "open" connection to actif table. # # Copyright(C) 2003-2005 INL # Written by Thomas Sabono # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, version 2 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # use strict; use DBI; my $mysql_user="root"; my $mysql_pass=""; my $mysql_host="localhost"; my $mysql_database="ulogd"; my $actif_table="conntrack_ulog"; my $archive_table="ulog"; my $new_timeout=120; my $mysql_rows="raw_mac, oob_time_sec, oob_time_usec, oob_prefix, oob_mark, oob_in, oob_out, ip_saddr, ip_daddr, ip_protocol, ip_tos, ip_ttl, ip_totlen, ip_ihl, ip_csum, ip_id, ip_fragoff, tcp_sport, tcp_dport, tcp_seq, tcp_ackseq, tcp_window, tcp_urg, tcp_urgp, tcp_ack, tcp_psh, tcp_rst, tcp_syn, tcp_fin, udp_sport, udp_dport, udp_len, icmp_type, icmp_code, icmp_echoid, icmp_echoseq, icmp_gateway, icmp_fragmtu, pwsniff_user, pwsniff_pass, ahesp_spi, timestamp, state, end_timestamp, start_timestamp, username, user_id, client_os, client_app, bytes_in, bytes_out, packets_in, packets_out"; # ## Database initialisation. # my $mysql_connection="DBI:mysql:database=$mysql_database;host=$mysql_host"; my $dbh = DBI->connect($mysql_connection, $mysql_user, $mysql_pass) or die "[!] Couldn't connect to database: " . DBI->errstr; my $drh = DBI->install_driver("mysql"); # ## Get greater id. # my $sth = $dbh->prepare("SELECT id FROM $actif_table WHERE state = 0 OR state = 3 ORDER BY id DESC LIMIT 1"); $sth->execute or die "[!] Couldn't execute statement: " . $sth->errstr; my @buffer = $sth->fetchrow_array; my $max_id = $buffer[0] ? $buffer[0] : 0; # ## Execute update query. # $sth = $dbh->prepare("INSERT INTO $archive_table($mysql_rows) SELECT $mysql_rows FROM $actif_table WHERE id <= $max_id AND (state = 0 OR state = 3)"); $sth->execute or die "[!] Couldn't execute statement: " . $sth->errstr; # ## Delete old value from actif table. # $sth = $dbh->prepare("DELETE FROM $actif_table WHERE id <= $max_id AND (state=0 OR state=3)"); $sth->execute or die "[!] Couldn't execute statement: " . $sth->errstr; # ## Update connection without reply # $sth = $dbh->prepare("UPDATE $actif_table SET state=3 WHERE state=1 AND timestampexecute or die "[!] Couldn't execute statement: " . $sth->errstr; nufw-2.4.3/scripts/encryptpw_md50000644000175000017500000000173011431206275013634 00000000000000#!/usr/bin/perl -w # Author: Pierre Chifflier # license: GPLv2 # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, version 2 of the License. # MD5 message digest algorithm use Digest::MD5 qw(md5_base64); use POSIX; sub echo_off { my($echo) = (&POSIX::ECHO|&POSIX::ECHOK); $no_echo = $term_orig; $no_echo &= ~$echo; $t->setlflag( $no_echo ); $t->setattr( 0, &TCSANOW); } sub echo_on { $t->setlflag( $term_orig ); $t->setattr( 0, &TCSANOW); } # # Set up terminal $t = POSIX::Termios->new(); $t->getattr(); $term_orig = $t->getlflag(); my $plaintext=shift; if (!$plaintext) { print "password : "; echo_off(); chop ($plaintext=); echo_on(); print "\n"; } # we append a = because the sha1_base64 function does not append it print md5_base64($plaintext), "==\n"; nufw-2.4.3/scripts/ulog_rotate_weekly.sh0000755000175000017500000001147311431206275015361 00000000000000#!/bin/bash DATABASENAME="ulogd"; MYSQL_VERSION="5"; SQLCMD="mysql $DATABASENAME"; declare -i TABNUMBER=52; TABNAME=ulog; TABLIST="$TABNAME offenders usersstats users tcp_ports udp_ports" #set -x #SQLCMD="true" # delete tables TABNUMBER for TABLE in $TABLIST; do echo "drop table IF EXISTS ${TABLE}_$TABNUMBER;" | $SQLCMD; done; # move table from 11 to 2 declare -i NEXT; for ((TABLE=$(($TABNUMBER-1));$TABLE>=1;TABLE--)); do NEXT=$(($TABLE+1)) for TABLEITEM in $TABLIST; do echo "rename table ${TABLEITEM}_$TABLE to ${TABLEITEM}_$NEXT" | $SQLCMD 2>/dev/null done done #compress 2 cd /var/lib/mysql/$DATABASENAME/ myisampack -s ${TABNAME}_2.MYI myisamchk -s -rq /var/lib/mysql/$DATABASENAME/${TABNAME}_2.MYI if [ $MYSQL_VERSION == "5" ]; then for TABLE in $TABLIST; do echo "CREATE TABLE ${TABLE}_1 LIKE ${TABLE};" | $SQLCMD; done else # create table 1 echo "CREATE TABLE ${TABNAME}_1 ( id int(10) unsigned NOT NULL auto_increment, raw_mac varchar(80) default NULL, oob_time_sec int(10) unsigned default NULL, oob_time_usec int(10) unsigned default NULL, oob_prefix varchar(32) default NULL, oob_mark int(10) unsigned default NULL, oob_in varchar(32) default NULL, oob_out varchar(32) default NULL, ip_saddr int(10) unsigned default NULL, ip_daddr int(10) unsigned default NULL, ip_protocol tinyint(3) unsigned default NULL, ip_tos tinyint(3) unsigned default NULL, ip_ttl tinyint(3) unsigned default NULL, ip_totlen smallint(5) unsigned default NULL, ip_ihl tinyint(3) unsigned default NULL, ip_csum smallint(5) unsigned default NULL, ip_id smallint(5) unsigned default NULL, ip_fragoff smallint(5) unsigned default NULL, tcp_sport smallint(5) unsigned default NULL, tcp_dport smallint(5) unsigned default NULL, tcp_seq int(10) unsigned default NULL, tcp_ackseq int(10) unsigned default NULL, tcp_window smallint(5) unsigned default NULL, tcp_urg tinyint(4) default NULL, tcp_urgp smallint(5) unsigned default NULL, tcp_ack tinyint(4) default NULL, tcp_psh tinyint(4) default NULL, tcp_rst tinyint(4) default NULL, tcp_syn tinyint(4) default NULL, tcp_fin tinyint(4) default NULL, udp_sport smallint(5) unsigned default NULL, udp_dport smallint(5) unsigned default NULL, udp_len smallint(5) unsigned default NULL, icmp_type tinyint(3) unsigned default NULL, icmp_code tinyint(3) unsigned default NULL, icmp_echoid smallint(5) unsigned default NULL, icmp_echoseq smallint(5) unsigned default NULL, icmp_gateway int(10) unsigned default NULL, icmp_fragmtu smallint(5) unsigned default NULL, pwsniff_user varchar(30) default NULL, pwsniff_pass varchar(30) default NULL, ahesp_spi int(10) unsigned default NULL, timestamp timestamp(14) NOT NULL, UNIQUE KEY id (id), KEY index_id (id), KEY user_id (user_id), KEY timestamp (timestamp), KEY ip_saddr (ip_saddr), KEY udp_dport (udp_dport), KEY tcp_dport (tcp_dport), KEY oob_time_sec (oob_time_sec), state smallint(6) unsigned default NULL, end_timestamp datetime default NULL, start_timestamp datetime default NULL, username varchar(30) default NULL, user_id smallint(5) unsigned default NULL, client_os varchar(128) default NULL, client_app varchar(128) default NULL ) TYPE=MyISAM; " | $SQLCMD echo "CREATE TABLE offenders_1 ( ip_addr int(10) unsigned NOT NULL default '0', first_time int(10) unsigned default NULL, last_time int(10) unsigned default NULL, count int(10) default NULL, PRIMARY KEY (ip_addr) ) TYPE=MyISAM; " | $SQLCMD echo "CREATE TABLE usersstats_1 ( user_id smallint(5) unsigned default NULL, username varchar(30) default NULL, bad_conns int(10) unsigned not NULL default '0', good_conns int(10) unsigned not NULL default '0', first_time int(10) unsigned default NULL, last_time int(10) unsigned default NULL, PRIMARY KEY (user_id), KEY username (username) ) TYPE=MyISAM; " | $SQLCMD echo "CREATE TABLE tcp_ports_1 ( tcp_dport smallint(5) unsigned NOT NULL default '0', first_time int(10) unsigned default NULL, last_time int(10) unsigned default NULL, count int(10) default NULL, PRIMARY KEY (tcp_dport), KEY last_time (last_time) ) TYPE=MyISAM; " | $SQLCMD echo "CREATE TABLE udp_ports_1 ( udp_dport smallint(5) unsigned NOT NULL default '0', first_time int(10) unsigned default NULL, last_time int(10) unsigned default NULL, count int(10) default NULL, PRIMARY KEY (udp_dport), KEY last_time (last_time) ) TYPE=MyISAM; " | $SQLCMD echo "CREATE TABLE users_1 ( ip_saddr int(10) unsigned NOT NULL, socket int(10) unsigned NOT NULL, user_id int(10) unsigned default NULL, username varchar(30) default NULL, start_time DATETIME default NULL, end_time DATETIME default NULL, os_sysname varchar(40) default NULL, os_release varchar(40) default NULL, os_version varchar(100) default NULL, KEY socket (socket), KEY ip_saddr (ip_saddr), KEY username (username) ) TYPE=MyISAM; " | $SQLCMD fi cd $DIR nufw-2.4.3/scripts/nuauth_command/0000777000175000017500000000000011431215442014172 500000000000000nufw-2.4.3/scripts/nuauth_command/Makefile.in0000644000175000017500000003706411431215376016173 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = scripts/nuauth_command DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ INSTALL ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive ETAGS = etags CTAGS = ctags DIST_SUBDIRS = scripts nuauth_command DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @BUILD_NUAUTH_COMMAND_TRUE@SUBDIRS = scripts nuauth_command @BUILD_NUAUTH_COMMAND_TRUE@EXTRA_DIST = setup.py all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu scripts/nuauth_command/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu scripts/nuauth_command/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ distdir=`$(am__cd) $(distdir) && pwd`; \ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ (cd $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$top_distdir" \ distdir="$$distdir/$$subdir" \ am__remove_distdir=: \ am__skip_length_check=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." @BUILD_NUAUTH_COMMAND_FALSE@uninstall-local: @BUILD_NUAUTH_COMMAND_FALSE@install-exec-local: @BUILD_NUAUTH_COMMAND_FALSE@clean-local: clean: clean-recursive clean-am: clean-generic clean-libtool clean-local mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-exec-am: install-exec-local install-html: install-html-recursive install-info: install-info-recursive install-man: install-pdf: install-pdf-recursive install-ps: install-ps-recursive installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: uninstall-local .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ install-strip .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic clean-libtool \ clean-local ctags ctags-recursive distclean distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-exec-local install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ installdirs-am maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ ps ps-am tags tags-recursive uninstall uninstall-am \ uninstall-local @BUILD_NUAUTH_COMMAND_TRUE@install-exec-local: @BUILD_NUAUTH_COMMAND_TRUE@ $(PYTHON) $(srcdir)/setup.py install --prefix $(DESTDIR)$(prefix) @BUILD_NUAUTH_COMMAND_TRUE@clean-local: @BUILD_NUAUTH_COMMAND_TRUE@ $(PYTHON) $(srcdir)/setup.py clean; \ @BUILD_NUAUTH_COMMAND_TRUE@ rm -rf $(top_builddir)/scripts/nuauth_command/build @BUILD_NUAUTH_COMMAND_TRUE@uninstall-local: @BUILD_NUAUTH_COMMAND_TRUE@ [ ! -f "$(DESTDIR)$(prefix)/bin/nuauth_command" ] || rm -f "$(DESTDIR)$(prefix)/bin/nuauth_command" @BUILD_NUAUTH_COMMAND_TRUE@ find "$(DESTDIR)$(prefix)/lib" -name "nuauth_command-*.egg-info" -delete ||true # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/scripts/nuauth_command/README0000644000175000017500000000140011431206275014765 00000000000000Introduction ============ nuauth_command is an interface to control some important features of nuauth daemon like get list of connected users or reload configuration. Commands ======== Main commands: * quit: disconnect * refresh cache: refresh all caches * reload: reload nuauth configuration Information: * help: display list of usable commands * version: display nuauth version * uptime: display nuauth starting time and uptime User management: * users: list connected users * disconnect all: disconnect all users * disconnect ID: disconnect an user with his session identifier Firewalls information: * firewalls: list connected firewalls Debug commands: * display debug_level * display debug_areas * debug_level LEVEL * debug_areas AREAS nufw-2.4.3/scripts/nuauth_command/scripts/0000777000175000017500000000000011431215442015661 500000000000000nufw-2.4.3/scripts/nuauth_command/scripts/Makefile.in0000644000175000017500000002252511431215376017656 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = scripts/nuauth_command/scripts DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ $(srcdir)/nuauth_command.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = nuauth_command SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ EXTRA_DIST = nuauth_command.in all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu scripts/nuauth_command/scripts/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu scripts/nuauth_command/scripts/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh nuauth_command: $(top_builddir)/config.status $(srcdir)/nuauth_command.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ distclean distclean-generic distclean-libtool distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am all: nuauth_command # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/scripts/nuauth_command/scripts/nuauth_command.in0000644000175000017500000000224711431206275021140 00000000000000#!/usr/bin/python # Copyright(C) 2007 INL # Written by Victor Stinner # # $Id: nuauth_command.py.in 3169 2007-04-16 13:31:05Z haypo $ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, version 2 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. from nuauth_command import NuauthError from nuauth_command.cmdline import CommandLineClient from sys import exit def main(): client = CommandLineClient("@e_localstatedir@/run/nuauth/nuauth-command.socket") try: client.connect() except NuauthError, err: print "[!] %s" % err exit(1) client.run() if __name__ == "__main__": main() nufw-2.4.3/scripts/nuauth_command/scripts/Makefile.am0000644000175000017500000000006511431206275017636 00000000000000all: nuauth_command EXTRA_DIST = nuauth_command.in nufw-2.4.3/scripts/nuauth_command/Makefile.am0000644000175000017500000000074211431206275016151 00000000000000if BUILD_NUAUTH_COMMAND SUBDIRS = scripts nuauth_command EXTRA_DIST = setup.py install-exec-local: $(PYTHON) $(srcdir)/setup.py install --prefix $(DESTDIR)$(prefix) clean-local: $(PYTHON) $(srcdir)/setup.py clean; \ rm -rf $(top_builddir)/scripts/nuauth_command/build uninstall-local: [ ! -f "$(DESTDIR)$(prefix)/bin/nuauth_command" ] || rm -f "$(DESTDIR)$(prefix)/bin/nuauth_command" find "$(DESTDIR)$(prefix)/lib" -name "nuauth_command-*.egg-info" -delete ||true endif nufw-2.4.3/scripts/nuauth_command/setup.py0000755000175000017500000000264511431206275015636 00000000000000#!/usr/bin/env python # $Id: setup.py 671 2004-08-22 21:02:29Z md $ import sys if "--setuptools" in sys.argv: sys.argv.remove("--setuptools") from setuptools import setup else: from distutils.core import setup # Open IPy.py to read version from imp import load_source from os.path import join as path_join, dirname filename = path_join(dirname(__file__), "nuauth_command", "version.py") command = load_source("", filename) LONG_DESCRIPTION = "Command line program to control nuauth daemon throw UNIX socket" CLASSIFIERS = [ 'Development Status :: 5 - Production/Stable', 'Intended Audience :: System Administrators', 'Environment :: Console', 'Topic :: System :: Networking', 'License :: OSI Approved :: GNU General Public License (GPL)', 'Operating System :: OS Independent', 'Natural Language :: English', 'Programming Language :: Python'] setup(name="nuauth_command", version=command.VERSION, description="Command line program to control NuFW firewall (nuauth)", long_description=LONG_DESCRIPTION, author="Victor Stinner", maintainer="Victor Stinner", maintainer_email="victor.stinner AT inl.fr", license=command.LICENSE, url=command.WEBSITE, download_url=command.WEBSITE, classifiers= CLASSIFIERS, scripts=["scripts/nuauth_command"], packages=["nuauth_command"], package_dir={"nuauth_command": "nuauth_command"}) nufw-2.4.3/scripts/nuauth_command/nuauth_command/0000777000175000017500000000000011431215442017174 500000000000000nufw-2.4.3/scripts/nuauth_command/nuauth_command/command_dec.py0000644000175000017500000001604511431206275021725 00000000000000import struct import datetime import IPy PROTO_VERSION = "NuFW 0.1" class Message: def __str__(self): raise NotImplementedError() def __repr__(self): return '<%s %s>' % (self.__class__.__name__, str(self)) class Answer(Message): def __init__(self, ok, content): self.ok = ok self.content = content def __str__(self): return "ok=%s content=%r" % (self.ok, self.content) class Uptime(Message): def __init__(self, start, diff): self.start = start self.diff = datetime.timedelta(seconds=diff) def __str__(self): return "Uptime: %s since %s" % (self.diff, self.start) class User(Message): def __init__(self, client_version, socket, name, addr, sport, uid, groups, connect_timestamp, uptime, expire, sysname, release, version, activated): self.client_version = client_version self.socket = socket self.name = name self.addr = addr self.sport = sport self.uid = uid self.groups = groups self.connect_timestamp = connect_timestamp self.uptime = datetime.timedelta(seconds=uptime) if expire < 0: self.expire = None else: self.expire = datetime.timedelta(seconds=expire) self.sysname = sysname self.release = release self.version = version self.activated = activated def __str__(self): addr = self.addr.strCompressed() groups = ", ".join([ str(group) for group in self.groups]) if self.expire: expire = ", %s" % self.expire else: expire = "" return "#%s: %r at %s (port %s) %s since %s\n id: %s, groups: %s%s\n %s %s (%s)" % ( self.socket, self.name, addr, self.sport, self.uptime, self.connect_timestamp, self.uid, groups, expire, self.sysname, self.release, self.version) class NuFW: def __init__(self, version, socket, peername, connect_timestamp, uptime, usage, alive): self.version = version self.socket = socket self.peername = peername self.connect_timestamp = connect_timestamp self.uptime = datetime.timedelta(seconds=uptime) self.usage = usage self.alive = alive def __str__(self): addr = self.peername.strCompressed() return "#%s: nufw at %s, %s since %s (usage=%s, alive=%s)" % ( self.socket, addr, self.uptime, self.connect_timestamp, self.usage, self.alive) class Decoder: def __init__(self, data): self.data = data self.index = 0 self.end = len(data) def decode(self, maxlen=None, check_end=False): oldend = self.end if maxlen is not None: self.end = maxlen bytecode = self.read("c") try: decoder = self.DECODER[bytecode] except KeyError, err: raise ValueError("decode() error: invalid bytecode (%r)" % bytecode) try: value = decoder(self) except (struct.error, KeyError), err: raise ValueError("decode() error: %s" % err) if check_end and self.index != self.end: raise IndexError("Data at the end: %r" % self.data[self.index:self.end]) self.end = oldend return value def readMany(self, format): size = struct.calcsize(format) if self.end < (self.index + size): raise IndexError("Buffer underflow") value = struct.unpack(format, self.data[self.index:self.index+size]) self.index += size return value def read(self, format): value = self.readMany(format) assert len(value) == 1 return value[0] def checkBytecode(self, expected): bytecode = self.read("c") if bytecode != expected: raise ValueError("invalid bytecode: %r instead of %r" % ( bytecode, expected)) # --- Low level ---- def decode_bool(self): return (self.read("!B") == 1) def decode_int32(self): return self.read("!i") def decode_string(self): size = self.read("!i") text = self.read("!%us" % size) try: text = unicode(text, "UTF-8", "strict") except UnicodeDecodeError: text = unicode(text, "ISO-8859-1", "strict") return text def decode_ipv6(self): raw = self.readMany("!16B") value = reduce(lambda x,y: x*256+y, raw) return IPy.IP(value) def decode_timestamp(self): sec = self.read("!I") return datetime.datetime.fromtimestamp(sec) def decode_tuple(self): count = self.read("!i") items = [] for index in xrange(count): items.append( self.decode(check_end=False) ) return items # --- High level ---- def readBool(self): self.checkBytecode('b') return self.decode_bool() def readInt32(self): self.checkBytecode('i') return self.decode_int32() def readTimestamp(self): self.checkBytecode('t') return self.decode_timestamp() def readString(self): self.checkBytecode('s') return self.decode_string() def readIPv6(self): self.checkBytecode('p') return self.decode_ipv6() def readTuple(self): self.checkBytecode('(') return self.decode_tuple() def decode_answer(self): size = self.readInt32() ok = self.readInt32() content = self.decode(self.index + size) return Answer(ok == 1, content) def decode_uptime(self): index = self.index start = self.readTimestamp() diff = self.readInt32() return Uptime(start, diff) def decode_user(self): index = self.index version = self.readInt32() socket = self.readInt32() name = self.readString() addr = self.readIPv6() sport = self.readInt32() uid = self.readInt32() groups = self.readTuple() timestamp = self.readTimestamp() uptime = self.readInt32() expire = self.readInt32() sysname = self.readString() release = self.readString() version = self.readString() activated = self.readBool() return User(version, socket, name, addr, sport, uid, groups, timestamp, uptime, expire, sysname, release, version, activated) def decode_nufw(self): index = self.index version = self.readInt32() socket = self.readInt32() peername = self.readIPv6() timestamp = self.readTimestamp() uptime = self.readInt32() usage = self.readInt32() alive = self.readBool() return NuFW(version, socket, peername, timestamp, uptime, usage, alive) DECODER = { 'b': decode_bool, 'i': decode_int32, 's': decode_string, '(': decode_tuple, 'p': decode_ipv6, 't': decode_timestamp, 'a': decode_answer, 'U': decode_uptime, 'u': decode_user, 'w': decode_nufw, } def decode(data): return Decoder(data).decode() nufw-2.4.3/scripts/nuauth_command/nuauth_command/version.py0000644000175000017500000000015411431206275021153 00000000000000VERSION = "0.1" WEBSITE = "http://software.inl.fr/trac/trac.cgi/wiki/EdenWall/NuFW" LICENSE = 'GNU GPL v2' nufw-2.4.3/scripts/nuauth_command/nuauth_command/Makefile.in0000644000175000017500000002231211431215376021163 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = scripts/nuauth_command/nuauth_command DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ EXTRA_DIST = client.py command_dec.py __init__.py version.py cmdline.py all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu scripts/nuauth_command/nuauth_command/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu scripts/nuauth_command/nuauth_command/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ distclean distclean-generic distclean-libtool distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/scripts/nuauth_command/nuauth_command/client.py0000644000175000017500000001153211431206275020746 00000000000000# Copyright(C) 2007 INL # Written by Victor Stinner # # $Id$ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, version 3 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. from socket import socket, AF_UNIX, error from command_dec import PROTO_VERSION, decode, Answer from time import mktime, gmtime, sleep import re DISCONNECT_REGEX = re.compile("^disconnect +(.*)$") TIMEOUT = 30 class NuauthError(Exception): pass class NuauthSocket: def __init__(self, filename): self.socket = socket(AF_UNIX) self.socket.connect(filename) self.socket.setblocking(0) def recv(self, timeout=TIMEOUT): SIZE = 4096 alldata = [] data = "" start_time = mktime(gmtime()) while len(data) == SIZE or len(alldata) == 0: try: data = self.socket.recv(SIZE) except error, err: code = err[0] if code == 11: data = '' elif code == 104: err = "lost connection" else: return (str(err), None) if not data and timeout and (mktime(gmtime()) - start_time) > timeout: break if data: alldata.append(data) else: sleep(0.1) data = "".join(alldata) if data == '': return ("no data", None) return (None, data) def send(self, data): err = "" try: self.socket.send(data) except error, err: code = err[0] if code == 32: return "lost connection with server" else: return str(err) return None class Client: def __init__(self, socket_filename): self.debug = True self.socket = None self.socket_filename = socket_filename def connect(self): try: self.socket = NuauthSocket(self.socket_filename) except error, err: code = err[0] if code == 111: err = "Server is not running (UNIX socket: %s)" % self.socket_filename raise NuauthError("Connection error: %s" % err) # Send client version err = self.socket.send(PROTO_VERSION) if err: raise NuauthError("Unable to send client version: %s" % err) # Read client version err, version = self.socket.recv() if err: raise NuauthError("Unable to read server version: %s" % err) # Check versions if version != PROTO_VERSION: raise NuauthError("Server version %r != client version %r: please upgrade." % ( version, PROTO_VERSION)) def disconnectPattern(self, pattern): # Command "disconnect haypo" users = self._send_command('users') total = 0 userregex = re.compile(pattern) for user in users.content: match = userregex.match(user.name) if match: self._send_command('disconnect %s' % user.socket) total += 1 value = Answer(True, total) return value def pythonCommand(self, command): match = DISCONNECT_REGEX.match(command) if not match: return None what = match.group(1) if what == 'all': return None try: # Exclude "disconnect 42" uid = int(what) return None except ValueError: pass return self.disconnectPattern(what) def execute(self, command): try: result = self.pythonCommand(command) if result is not None: return result return self._send_command(command) except NuauthError, err: self.reconnect() return self._send_command(command) def _send_command(self, command): # Send command err = self.socket.send(command) if err: raise NuauthError("send() error: %s" % err) if command == "quit": return None # Read answer err, data = self.socket.recv() if err: raise NuauthError("recv() error: %s" % err) value = decode(data) return value def reconnect(self): self.socket = None self.connect() nufw-2.4.3/scripts/nuauth_command/nuauth_command/__init__.py0000644000175000017500000000016211431206275021224 00000000000000from nuauth_command.client import NuauthError, Client from nuauth_command.version import VERSION as __revision__ nufw-2.4.3/scripts/nuauth_command/nuauth_command/Makefile.am0000644000175000017500000000011011431206275021140 00000000000000EXTRA_DIST = client.py command_dec.py __init__.py version.py cmdline.py nufw-2.4.3/scripts/nuauth_command/nuauth_command/cmdline.py0000644000175000017500000000602711431206275021106 00000000000000import readline from nuauth_command import Client, NuauthError import re from command_dec import Answer COMMANDS_COMPLETION = ("version", "confdump", "users", "refresh cache", "refresh crl", "disconnect", "uptime", "reload", "help", "quit", "display debug_level", "display debug_areas", "debug_level", "debug_areas", "firewalls", "packets count", "reload periods", "user count", "display threads") COMMANDS_REGEX = re.compile( "^(?:version|confdump|users|firewalls|refresh cache|refresh crl|nupik!|display debug_(?:level|areas)|" "debug_level [0-9]+|debug_areas [0-9]+|" "disconnect (?:.*)|uptime|reload(?: periods)?|help|quit|packets count|user count|display threads)$") class Completer: def __init__(self, words): self.words = words self.generator = None def complete(self, text): for word in self.words: if word.startswith(text): yield word def __call__(self, text, state): if state == 0: self.generator = self.complete(text) try: return self.generator.next() except StopIteration: return None return None def displayAnswer(value): if value.__class__ != Answer: print "[!] invalid answer format: %r" % value if not value.ok: err = value.content print "[!] Error: %s" % err return "", None value = value.content if isinstance(value, list): for item in value: print str(item) print "(list: %s items)" % len(value) else: print str(value) class CommandLineClient(Client): def mainLoop(self): # Display version and uptime version = self.execute("version") uptime = self.execute("uptime") displayAnswer(version) displayAnswer(uptime) print readline.set_completer(Completer(COMMANDS_COMPLETION)) readline.set_completer_delims(";") readline.parse_and_bind('tab: complete') while True: # Read command from user try: command = raw_input(">>> ").strip() except (EOFError, KeyboardInterrupt): # CTRL+C or CTRL+D print print "[!] Interrupted: quit" command = "quit" if command == '': continue # Send command if COMMANDS_REGEX.match(command): try: value = self.execute(command) except NuauthError, err: print "[!] %s" % err return if command == "quit": return displayAnswer(value) else: print "[!] Unknown command: %s\n\t(try 'help' to have a list of commands)" % command print def run(self): try: err = self.mainLoop() except KeyboardInterrupt: print "[!] Interrupted" err = None if err: print err print "[+] Quit command client" nufw-2.4.3/scripts/nuauth_command/INSTALL0000644000175000017500000000030311431206275015137 00000000000000To install nuauth_command you need Python 2.3 or greater. Just type: ./setup.py install To have command line completion, install readline Python module. On Linux, Python already includes it. nufw-2.4.3/scripts/auth_mysql/0000777000175000017500000000000011431215442013356 500000000000000nufw-2.4.3/scripts/auth_mysql/auth_mysql.php0000644000175000017500000000540611431206275016202 00000000000000 # $Id$ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, version 3 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . ?> NuFW IP auth page

NuFW IP auth page

0) { $button_label = "Disconnect"; $button_value = 1; } else { $button_label = "Connect"; $button_value = 0; } $action_ok = FALSE; $username = ""; if (array_key_exists("user",$_POST)) { /* do select to check password */ if (! array_key_exists("password",$_POST)) { die("No password provided"); } $username = mysql_real_escape_string($_POST['user']); $password = mysql_real_escape_string($_POST['password']); $query = "SELECT username FROM userinfo WHERE username='$username' AND password=PASSWORD('$password')"; $result = mysql_query($query) or die("Query missed"); if (mysql_num_rows($result) == 1) { $action_ok = TRUE; } else { die("Bad guy, get out"); } } if ($action_ok == TRUE and array_key_exists("sub", $_POST)) { echo "Operation in progress
"; if ($_POST["sub"] == 1) { echo "Deleting information from Database
"; $query = "DELETE FROM ipauth_sessions WHERE username='$username' AND ip_saddr='$ipaddr'"; $result = mysql_query($query) or die("Diconnect Query missed"); $button_label = "Connect"; $button_value = 0; } else { echo "Inserting information to Database
"; $query = "INSERT INTO ipauth_sessions (ip_saddr, username) VALUES ('".$ipaddr."', '".$username."')"; $result = mysql_query($query) or die("Connect Query missed"); $button_label = "Disconnect"; $button_value = 1; } } ?>

Username:

Password:

nufw-2.4.3/scripts/auth_mysql/Makefile.in0000644000175000017500000002242011431215376015345 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = scripts/auth_mysql DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ PHP_FILES = authmysql/index.php authmysql/pages/authentication_error.php authmysql/pages/authentication.php authmysql/pages/authentication_success.php EXTRA_DIST = $(PHP_FILES) auth_mysql.php logoff all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu scripts/auth_mysql/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu scripts/auth_mysql/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ distclean distclean-generic distclean-libtool distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/scripts/auth_mysql/authmysql/0000777000175000017500000000000011431215442015405 500000000000000nufw-2.4.3/scripts/auth_mysql/authmysql/pages/0000777000175000017500000000000011431215442016504 500000000000000nufw-2.4.3/scripts/auth_mysql/authmysql/pages/authentication.php0000644000175000017500000000757411431206275022171 00000000000000 Authentication
Authentication

WELCOME!
" method=post>

Username:
Password:

 

nufw-2.4.3/scripts/auth_mysql/authmysql/pages/authentication_error.php0000644000175000017500000000350011431206275023363 00000000000000 Authentication Error
Authentication

Authentication Error

You entered wrong username or password.

Come back and check your credentials
 

nufw-2.4.3/scripts/auth_mysql/authmysql/pages/authentication_success.php0000644000175000017500000000437411431206275023714 00000000000000 Log In Successfull
Authentication

Welcome

Click to continue :
 

nufw-2.4.3/scripts/auth_mysql/authmysql/index.php0000644000175000017500000000702511431206275017151 00000000000000ssl_set(NULL,NULL,$cacert,NULL,NULL)) return -1; if ( !$MySQL_fd->real_connect($address,$user,$password,$database) ) return -1; // is user connected? if ($netmask_check) { // with netmask check if ($ipv6_schema) $query="SELECT user_id,username,no_logout FROM ipauth_sessions WHERE check_net(ip_saddr, ".MySQL_ip2sql($_SERVER['REMOTE_ADDR']).", netmask) AND (end_time is NULL OR end_time > NOW()) LIMIT 1;"; else $query="SELECT user_id,username,no_logout FROM ipauth_sessions WHERE ip_saddr = (".MySQL_ip2sql($_SERVER['REMOTE_ADDR'])." & netmask) AND (end_time is NULL OR end_time > NOW()) LIMIT 1;"; } else // without netmask check $query="SELECT user_id,username,no_logout FROM ipauth_sessions WHERE ip_saddr=".MySQL_ip2sql($_SERVER['REMOTE_ADDR'])." LIMIT 1;"; $res=$MySQL_fd->query($query); $userinfo=$res->fetch_row(); if($userinfo!=NULL) { // Connected User if (isset($_GET['logout']) && $userinfo[2]=="n") { // User wants to log out // Disconnect user $res=$MySQL_fd->query("DELETE FROM ipauth_sessions WHERE user_id=".$userinfo[0]." and ip_saddr=".MySQL_ip2sql($_SERVER['REMOTE_ADDR']).";"); $res=$MySQL_fd->query("UPDATE users SET end_time=NOW() WHERE user_id=".$userinfo[0]." and ip_saddr=".MySQL_ip2sql($_SERVER['REMOTE_ADDR']).";"); Util_PrintAuthentication(); } else { // User in connected mode Util_PrintAuthenticationSuccess($userinfo[1],$userinfo[2]=="n" ? 1 : 0); } } else { // Anonymous User if (isset($_POST['login'])) { // User want to log in // Authenticate user $res=$MySQL_fd->query("SELECT uid FROM userinfo WHERE username='".$MySQL_fd->real_escape_string($_POST['username'])."' AND password=PASSWORD('".$MySQL_fd->real_escape_string($_POST['password'])."') LIMIT 1;"); $row=$res->fetch_row(); if($row!=NULL) { // User Login // Account user $res=$MySQL_fd->query("INSERT INTO ipauth_sessions(user_id,username,ip_saddr,start_time,end_time) VALUES(".$row[0].",'".$MySQL_fd->real_escape_string($_POST['username'])."',".MySQL_ip2sql($_SERVER['REMOTE_ADDR']).",NOW(),NULL);"); $res=$MySQL_fd->query("INSERT INTO users(user_id,username,ip_saddr,start_time,end_time) VALUES(".$row[0].",'".$MySQL_fd->real_escape_string($_POST['username'])."',".MySQL_ip2sql($_SERVER['REMOTE_ADDR']).",NOW(),NULL);"); Util_PrintAuthenticationSuccess($_POST['username'],0); } else { // Login Error Util_PrintAuthenticationError(); } } else { // Anonymous Util_PrintAuthentication(); } } $MySQL_fd->close(); ?> nufw-2.4.3/scripts/auth_mysql/Makefile.am0000644000175000017500000000030711431206275015332 00000000000000PHP_FILES = authmysql/index.php authmysql/pages/authentication_error.php authmysql/pages/authentication.php authmysql/pages/authentication_success.php EXTRA_DIST = $(PHP_FILES) auth_mysql.php logoff nufw-2.4.3/scripts/auth_mysql/logoff0000644000175000017500000000132211431206275014473 00000000000000#!/bin/bash # $Id$ user="nufw-user" passwd="nufw-passwd" db="nufw-db" LOGOUT_TIME="30 MINUTE" UNLOG=`mysql -u ${user} -p${passwd} ${db} -s -N -e "select HEX(ip_saddr) from ipauth_sessions where no_logout='n' and ip_saddr not in (select distinct ip_saddr from conntrack_ulog where state=1 or state=2) and ip_saddr not in (select distinct ip_saddr from ulog where timestamp > NOW() - INTERVAL ${LOGOUT_TIME})"` [ -z "${UNLOG}" ] && exit 0 UNLOG=x\'`echo ${UNLOG} | sed -e "s/ /\',x\'/g"`\' mysql -u ${user} -p${passwd} ${db} -s -N -e "delete from ipauth_sessions where ip_saddr in ($UNLOG)" mysql -u ${user} -p${passwd} ${db} -s -N -e "UPDATE users set end_time=NOW() where (end_time is null) and ip_saddr in ($UNLOG)" nufw-2.4.3/scripts/nutop0000755000175000017500000002617211431206275012213 00000000000000#!/usr/bin/perl -w ################################################################################### # # nutop : top like interface to Nufw User Connection tracking. # # Copyright(C) 2003-2004 Eric Leblond # Vincent Deffontaines # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, version 2 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ################################################################################### use strict; use Getopt::Long; use Time::localtime; #Parsing works this way : very first, we parse the "-c" parameter which may #specify a config file other than the default. #then we look in config file #Parameters are set from there #Then we parse parameters on command line, and they override any parameter set #in config file. use DBI; use DBI::DBD; #Just to test everything is okay use Curses; use Data::Dumper; sub Print_Usage() { print "$0 : display top network activity per user\n"; print "GENERAL OPTIONS\n"; print "\t-c\t\t\tconfig file name (default is /etc/nufw/nutop.conf)\n"; print "\t-delay\t\t\tDelay for refresh (in seconds) (default : 2)\n"; print "\t-line\t\t\tNumbers of user lines to output (default : 20)\n"; print "\t-help\t\t\tDisplay this help message and exit\n"; print "DATABASE RELATED OPTIONS\n"; print "\t-version\t\tNuFW protocol version. 'Normal' is 2, use 1 for old version\n"; print "\t-databasetype\t\tdatabase choice (pgsql or mysql) [default is mysql]\n"; print "\t-host\t\t\tdatabase adress (IP or name) default is 127.0.0.1)\n"; print "\t-user\t\t\tdatabase username (default is \'nutop\')\n"; print "\t-pass\t\t\tdatabase password (no default)\n"; print "\t-databasename\t\tdatabase to use (default is \'nulog\')\n"; print "\t-tablename\t\ttable to use (default is \'ulog\')\n"; print "\t-port\t\t\tTCP port to use (default is 3306/5432 for mysql/pgsql respectively)\n"; } my $modified_conf=0; my %config = ('databasetype' => 'mysql', 'host' => '127.0.0.1', 'user' => 'nutop', 'databasename' => 'nulog', 'tablename' => 'ulog', 'delay' => 2, 'line' => 20, 'version' => 2, ); #This hash contains all configuration variables sub die_politely($) { my $mess = shift @_; print STDERR $mess."\n"; print STDERR "Maybe you need to configure this program in ".$config{"configfile"}. "?\n"; print STDERR "or run me with \"--help\"\n"; exit(-1); } sub long2ip{ my (@octets,$i,$ip_number,$ip_number_display,$number_convert,$ip_address); $ip_number_display = $ip_number = shift; chomp($ip_number); for($i = 3; $i >= 0; $i--) { $octets[$i] = ($ip_number & 0xFF); $ip_number >>= 8; } return join('.', @octets); } my %tmpconfig; #yucks, getopt can only be called once GetOptions( "c=s" => \$config{'configfile'}, "databasetype=s" => \$tmpconfig{'databasetype'}, "host=s" => \$tmpconfig{'host'}, "user=s" => \$tmpconfig{'user'}, "pass=s" => \$tmpconfig{'pass'}, "databasename=s" => \$tmpconfig{'databasename'}, "tablename=s" => \$tmpconfig{'tablename'}, "delay=i" => \$tmpconfig{'delay'}, "line=i" => \$tmpconfig{'line'}, "version=i" => \$tmpconfig{'version'}, "help" => \$tmpconfig{'help'}, ); if (defined($tmpconfig{'help'})) { Print_Usage; exit 0; } defined $config{'configfile'} or $config{'configfile'} = '/etc/nufw/nutop.conf'; if (stat($config{'configfile'})) { open (FILE,$config{'configfile'}) or print STDERR "Could not open file : ".$config{'configfile'}."\n"; sub Parse_Config_File($) { my $config_hash = shift @_; my $linecnt = 0; while (my $line = ) { $linecnt++; $line =~ /^#/ and next; $line =~ /^$/ and next; unless ($line =~ /^(\S+)\s*=\s*(.*)$/) { print STDERR "Warning : config file line $linecnt : strange data got ignored\n"; next; } $$config_hash{$1} = $2; $modified_conf++; } return %$config_hash; } %config = Parse_Config_File(\%config); } foreach my $key(keys %tmpconfig) { if (defined $tmpconfig{$key}){ $config{$key} = $tmpconfig{$key}; $modified_conf++; } } if (!$modified_conf) { die_politely ("No given parameter, nothing in config file"); } #Lets check input now { my $error = 0; unless ($config{'databasetype'} =~ /^(?:mysql|pgsql)$/) { $error ++; print STDERR "E: databasetype seems to be set to something I don't understand.\n"; } if ($config{'databasetype'} =~ /mysql/) { require DBD::mysql; defined ($config{'port'}) or $config{'port'} = 3306; }elsif ($config{'databasetype'} =~ /pgsql/) { require DBD::Pg; defined ($config{'port'}) or $config{'port'} = 5432; } if (($config{'version'}!=1) and ($config{'version'}!=2)) { $error++; print STDERR "E: version must be either 1 or 2\n"; } #All for now, maybe I (or you?)'ll find some more to check if ($error > 0) { Print_Usage; exit 1; } } #Now we prepare connection to our database my $dbh; { my $datasource; $config{'databasetype'} =~ /mysql/ and $datasource = "dbi:mysql:database=".$config{'databasename'}.";host=".$config{'host'}.";port=".$config{'port'}; $config{'databasetype'} =~ /pgsql/ and $datasource = "dbi:Pg:dbname=".$config{'databasename'}.";host=".$config{'host'}.";port=".$config{'port'}; $dbh = DBI->connect($datasource, $config{'user'}, $config{'pass'}) or die_politely($DBI::errstr); } my @state=('DROP','OPEN','ESTAB','CLOSE'); my @delays=(1,5,15,60); my $delayswitch=-1; my @connection_query=(); push @connection_query,'username' if $config{'version'} == 2; $config{'databasetype'} =~ /mysql/ and push @connection_query,('user_id','ip_saddr','ip_daddr','tcp_sport','tcp_dport','DATE_FORMAT(start_timestamp,\'%D %M %Y %H:%i:%S\')','state'); $config{'databasetype'} =~ /pgsql/ and push @connection_query,('user_id','ip_saddr','ip_daddr','tcp_sport','tcp_dport','start_timestamp','state'); my %connection_query_info=(number=>["Number",12],username=>["Name",12],user_id=>["ID",6],ip_saddr=>["Source IP",17],ip_daddr=>["Destination IP",17],ip_protocol=>["Proto",7],oob_time_sec=>["Open Time",11], tcp_sport=>["Sport",8], tcp_dport=>["Dport",8],id=>["Id Packet",12],'DATE_FORMAT(start_timestamp,\'%D %M %Y %H:%i:%S\')'=>["Start Time", 30],start_timestamp=>["Start Time",13],state=>["State",6]); my @users_query=(); push @users_query,'username' if $config{'version'} == 2; push @users_query,('user_id','state'); my $gal_query="select ".join (',' ,@connection_query) ." from ".$config{'tablename'}; $config{'databasetype'} =~ /pgsql/ and $gal_query="select ".join (',' ,@connection_query) ." from ". $config{'tablename'}; my $time_cond_query = " order by oob_time_sec DESC,oob_time_usec DESC limit 0,".$config{'line'}; $config{'databasetype'} =~ /pgsql/ and $time_cond_query=" order by oob_time_sec DESC,oob_time_usec DESC LIMIT ".$config{'line'}; my $users_cond_query_start="SELECT ".join (',',@users_query).",COUNT(*) AS number from ".$config{'tablename'}; my $users_cond_query_end=" GROUP BY user_id,state ORDER BY number DESC LIMIT 0,".$config{'line'}; $config{'databasetype'} =~ /pgsql/ and $users_cond_query_end=" LIMIT ".$config{'line'}; my $tcp_cond_query=" ip_protocol=6"; my $udp_cond_query=" ip_protocol=17"; my $time_users_cond_start = " start_timestamp > date_add(now(),interval -"; my $time_users_cond_end = " minute)"; if ($config{'databasetype'} =~ /pgsql/) { $time_users_cond_start = " start_timestamp"; } initscr(); noecho(); #cbreak(); halfdelay(10*$config{'delay'}); #start_color; #init_pair(2,COLOR_YELLOW,COLOR_BLACK); #init_pair(3,COLOR_GREEN,COLOR_BLACK); #init_pair(4,COLOR_BLUE,COLOR_BLACK); #init_pair(1,COLOR_RED,COLOR_BLACK); my $mode = 'time'; my $proto = 'tcp'; while (1) { my $count = 1; my $hpos=0; addstr(0,0,'nulog'); my $time = localtime; my @times = ($time->hour,$time->min,$time->sec); foreach (@times){ length == 1 and s/^/0/; } clear(); addstr(0,7,$times[0].":".$times[1].":".$times[2]); addstr(0,19,"Sorted by ".$mode); $mode eq 'users' and addstr(0,37,"(last ".$delays[$delayswitch]." min)"); addstr(0,54,"protocol :".$proto); eval {attron(A_REVERSE) }; # eval {attron(A_BOLD) }; addstr($count,0," "x90); my $query = $gal_query; $mode eq 'users' and $query=$users_cond_query_start.' WHERE'.$time_users_cond_start.$delays[$delayswitch].$time_users_cond_end; if ($proto eq 'tcp') { if ($mode eq 'time') { $query=$query.' WHERE'.$tcp_cond_query; }else{ $query=$query.' AND'.$tcp_cond_query; } } if ($proto eq 'udp') { if ($mode eq 'time') { $query=$query.' WHERE'.$udp_cond_query; }else{ $query=$query.' AND'.$udp_cond_query; } } $mode eq 'time' and $query=$query.$time_cond_query; $mode eq 'users' and $query=$query.$users_cond_query_end; my $sth = $dbh->prepare($query); my @display = @connection_query; if ($mode eq 'users') { @display = @users_query; push @display,'number'; } if ( $sth->execute) { foreach my $field ( @display ){ addstr($count, $hpos, @{$connection_query_info{$field}}[0]); $hpos+=@{$connection_query_info{$field}}[1]; } eval {attrset(A_NORMAL) }; while ( my @row = $sth->fetchrow_array ) { my $col=0; $hpos=0; $count ++; # set_color_fg(COLOR_YELLOW); # color_set($row[6]+1,undef); foreach my $attr (@row){ if (($config{'databasetype'} =~ /mysql/) and ($display[$col] =~/^(?:ip_saddr|ip_daddr)$/)) { addstr($count, $hpos, long2ip($attr)); # print long2ip($attr)."\t"; } else { #if (not defined $attr){print "DEBUG : PROBLEME AVEC l'attribut $col\n";} if (($display[$col] eq 'state') and (defined $state[$attr])) { defined $attr and addstr($count, $hpos, $state[$attr]); }else{ defined $attr and addstr($count, $hpos, $attr); } # print $attr."\t"; } $hpos += @{$connection_query_info{$display[$col]}}[1]; # color_set(0); $col++; } # print "\n"; } } refresh; my $in = getch(); if ($in eq 'q') { endwin(); exit 0; } $in eq 't' and $mode='time'; if ($in eq 'u') { $delayswitch++; $mode='users'; $delayswitch > $#delays and $delayswitch = 0; } $in eq 'T' and $proto='tcp'; $in eq 'U' and $proto='udp'; $in eq 'A' and $proto='all'; if ($in eq 'f') { $in = ''; addstr(0,64,"FROZEN VIEW"); my $loop = 1; while ($loop) { $in = getch(); $in eq 'f' and $loop=0; if ($in eq 'q') { endwin(); exit 0; } } } } nufw-2.4.3/scripts/client_test.sh0000755000175000017500000000223511431206275013766 00000000000000#!/bin/bash NUTCPC_PATH=src/clients/nutcpc/ NUAUTH_HOST=192.168.33.229 USER=user PASS=imauser function check { echo -n "$2" OUT="$(eval $1 2>&1)" RET=$? if [ $RET == 0 ] then echo $'\t'$'\t'"[ Ok ]" return 0 else echo $'\t'$'\t'"[Failed]" echo "$OUT" kill -9 $NUTCPC_PID exit 1 fi } function nut_pgrep { ps xwww|grep "$1"|awk '{print $1}' } function nut_netstat { # escape '.' in $NUAUTH_HOST: GREP_HOST="$(echo $NUAUTH_HOST | sed -e 's/\./\\./g')" case "$(uname)" in "Darwin") eval netstat -np tcp|grep "$GREP_HOST\\.4129[ ]*ESTABLISHED" ;; "FreeBSD") eval netstat -np tcp|grep "$GREP_HOST\\.4129[ ]*ESTABLISHED" ;; "Linux") eval netstat -tanp|grep ESTABLISHED$NUTCPC_PID/ ;; *) echo "Non-spported OS" > /dev/stderr && exit 1 ;; esac } cd "$NUTCPC_PATH" ./nutcpc -l -H "$NUAUTH_HOST" -U "$USER" -P "$PASS" -d 2>&1 >/dev/null & NUTCPC_PID=$! # Give nutcpc some time to connect sleep 5 check "(nut_pgrep lt-nutcpc ; nut_pgrep nutcpc) | grep $NUTCPC_PID" "Nutcpc running" check "nut_netstat" "Nutcpc connected to Nuauth" check "curl -s --connect-timeout 5 http://$NUAUTH_HOST:80/ >/dev/null" "Packet authentication" kill -9 $NUTCPC_PID nufw-2.4.3/Makefile.am0000644000175000017500000000500311431206275011453 00000000000000SUBDIRS = src scripts doc tests conf python selinux PATCH_FILES = patches/dump-connection-mark.diff EXTRA_DIST = autogen.sh $(PATCH_FILES) func_tests: cd tests && ./test_all.py all: @echo "Compile done"; install-data-am: @echo "Run 'make install-conf' if you want to install initial configuration file"; install-conf: install -d $(sysconfdir) test -e $(sysconfdir)/nufw.conf || install -m 600 $(top_srcdir)/conf/nufw.conf $(sysconfdir) install -d $(sysconfdir)/nuauth.d test -e $(sysconfdir)/nuauth.conf || install -m 600 $(top_srcdir)/conf/nuauth.conf $(sysconfdir) test -e $(sysconfdir)/nuauth.d/nuauth_ldap.conf || install -m 600 $(top_srcdir)/conf/nuauth.d/nuauth_ldap.conf $(sysconfdir)/nuauth.d test -e $(sysconfdir)/nuauth.d/nuauth_tls.conf || install -m 600 $(top_srcdir)/conf/nuauth.d/nuauth_tls.conf $(sysconfdir)/nuauth.d test -e $(sysconfdir)/nuauth.d/nuauth_mysql.conf || install -m 600 $(top_srcdir)/conf/nuauth.d/nuauth_mysql.conf $(sysconfdir)/nuauth.d test -e $(sysconfdir)/nuauth.d/nuauth_pgsql.conf || install -m 600 $(top_srcdir)/conf/nuauth.d/nuauth_pgsql.conf $(sysconfdir)/nuauth.d test -e $(sysconfdir)/nuauth.d/nuauth_tuning.conf || install -m 600 $(top_srcdir)/conf/nuauth.d/nuauth_tuning.conf $(sysconfdir)/nuauth.d test -e $(sysconfdir)/nuauth.d/nuauth_mark.conf || install -m 600 $(top_srcdir)/conf/nuauth.d/nuauth_mark.conf $(sysconfdir)/nuauth.d test -e $(sysconfdir)/nuauth.d/nuauth_krb5.conf || install -m 600 $(top_srcdir)/conf/nuauth.d/nuauth_krb5.conf $(sysconfdir)/nuauth.d test -e $(sysconfdir)/nuauth.d/nuauth_authtype.conf || install -m 600 $(top_srcdir)/conf/nuauth.d/nuauth_authtype.conf $(sysconfdir)/nuauth.d test -e $(sysconfdir)/certs/NuFW-cacert.pem || install -m 600 $(top_srcdir)/conf/certs/NuFW-cacert.pem $(sysconfdir) test -e $(sysconfdir)/certs/nufw-key.pem || install -m 600 $(top_srcdir)/conf/certs/nufw-key.pem $(sysconfdir) test -e $(sysconfdir)/certs/nufw-cert.pem || install -m 600 $(top_srcdir)/conf/certs/nufw-cert.pem $(sysconfdir) test -e $(sysconfdir)/certs/nuauth-key.pem || install -m 600 $(top_srcdir)/conf/certs/nuauth-key.pem $(sysconfdir) test -e $(sysconfdir)/certs/nuauth-cert.pem || install -m 600 $(top_srcdir)/conf/certs/nuauth-cert.pem $(sysconfdir) test -e $(sysconfdir)/acls.nufw || install -m 600 $(top_srcdir)/conf/acls.nufw $(sysconfdir) test -e $(sysconfdir)/users.nufw || install -m 600 $(top_srcdir)/conf/users-plaintext.nufw $(sysconfdir)/users.nufw test -e $(sysconfdir)/periods.xml || install -m 600 $(top_srcdir)/conf/periods.xml $(sysconfdir)/ nufw-2.4.3/autogen.sh0000755000175000017500000000506711431206275011432 00000000000000#!/bin/sh LIBTOOLIZE="$(which libtoolize)" ## On OSX glibtoolize replaces libtoolize if [ "$LIBTOOLIZE" = "" ] then LIBTOOLIZE="$(which glibtoolize)" fi ## Work-around for MacPorts if [ -f /opt/local/bin/glibtoolize ] then LIBTOOLIZE=/opt/local/bin/glibtoolize fi if [ "$LIBTOOLIZE" = "" ] then echo "Unable to find libtoolize or glibtoolize." > /dev/stderr exit 1 fi echo "[+] Run $LIBTOOLIZE" "$LIBTOOLIZE" --force --automake || exit $? #----------------------------------------------------------------------------- find_tool_version() { TOOL=$1 MINVER=$2 OKVER=$3 NOKREG=$4 for i in ${OKVER}; do if ${TOOL}${i} --version > /dev/null 2>&1; then echo "${TOOL}${i}" exit fi done if ${TOOL} --version > /dev/null 2>&1; then case "$(${TOOL} --version | sed -e '1s/[^0-9]*//' -e q)" in ${NOKREG}) echo "You need ${TOOL} version (at least) ${MINVER} !" 1>&2 exit 1;; esac else echo "You need ${TOOL} !" 1>&2 exit 1 fi echo "${TOOL}" } #----------------------------------------------------------------------------- AUTOMAKE_MIN_VERSION="1.8" AUTOMAKE_OK_VERSIONS="-1.10 110 -1.9 19 -1.8 18" AUTOMAKE_NOK_REGEXP='0|0.*|1|1.[0-7]*' AUTOCONF_MIN_VERSION="2.58" AUTOCONF_OK_VERSIONS="258 259" AUTOCONF_NOK_REGEXP='0|0.*|1|1.*|2|2.[0-4]*|2.5[0-7]*' AUTOMAKE=$(find_tool_version automake "${AUTOMAKE_MIN_VERSION}" \ "${AUTOMAKE_OK_VERSIONS}" \ "${AUTOMAKE_NOK_REGEXP}") || exit 1 ACLOCAL=$(find_tool_version aclocal "${AUTOMAKE_MIN_VERSION}" \ "${AUTOMAKE_OK_VERSIONS}" \ "${AUTOMAKE_NOK_REGEXP}") || exit 1 AUTOCONF=$(find_tool_version autoconf "${AUTOCONF_MIN_VERSION}" \ "${AUTOCONF_OK_VERSIONS}" \ "${AUTOCONF_NOK_REGEXP}") || exit 1 AUTOHEADER=$(find_tool_version autoheader "${AUTOCONF_MIN_VERSION}" \ "${AUTOCONF_OK_VERSIONS}" \ "${AUTOCONF_NOK_REGEXP}") || exit 1 #----------------------------------------------------------------------------- echo "[+] Run $ACLOCAL" $ACLOCAL || exit $? echo "[+] Run $AUTOHEADER" $AUTOHEADER || exit $? echo "[+] Run $AUTOCONF" $AUTOCONF || exit $? echo "[+] Run $AUTOMAKE" $AUTOMAKE --add-missing --copy -Wno-portability || exit $? echo echo "Now type: ./configure" echo "Help with: ./configure --help" nufw-2.4.3/python/0000777000175000017500000000000011431215443011023 500000000000000nufw-2.4.3/python/Makefile.in0000644000175000017500000002224111431215376013012 00000000000000# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = python DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/include/config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCBOOK2MAN = @DOCBOOK2MAN@ DOCBOOK2PDF = @DOCBOOK2PDF@ DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ FLEX = @FLEX@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@ GLIB_LIBS = @GLIB_LIBS@ GLIB_MKENUMS = @GLIB_MKENUMS@ GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ GNUTLS_LIBS = @GNUTLS_LIBS@ GOBJECT_QUERY = @GOBJECT_QUERY@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PYTHON = @PYTHON@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ e_localstatedir = @e_localstatedir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ EXTRA_DIST = test_nuclient.py setup.py nuclient/classes.py nuclient/func.py nuclient/__init__.py nuclient/version.py all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu python/Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu python/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-exec-am: install-html: install-html-am install-info: install-info-am install-man: install-pdf: install-pdf-am install-ps: install-ps-am installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ distclean distclean-generic distclean-libtool distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: nufw-2.4.3/python/README0000644000175000017500000000015711431206275011625 00000000000000Python binding of libnuclient library, object oriented. See test_nuclient.py for an example of nuclient use. nufw-2.4.3/python/Makefile.am0000644000175000017500000000016511431206275013000 00000000000000EXTRA_DIST = test_nuclient.py setup.py nuclient/classes.py nuclient/func.py nuclient/__init__.py nuclient/version.py nufw-2.4.3/python/setup.py0000755000175000017500000000221311431206275012455 00000000000000#!/usr/bin/python from imp import load_source from os import path import sys if "--setuptools" in sys.argv: sys.argv.remove("--setuptools") from setuptools import setup else: from distutils.core import setup CLASSIFIERS = [ 'Intended Audience :: Developers', 'Development Status :: 5 - Production/Stable', 'License :: OSI Approved :: GNU General Public License (GPL)', 'Operating System :: OS Independent', 'Natural Language :: English', 'Programming Language :: Python', ] def main(): nuclient = load_source("version", path.join("nuclient", "version.py")) install_options = { "name": "nuclient", "version": nuclient.VERSION, "url": nuclient.WEBSITE, "download_url": nuclient.WEBSITE, "author": "Victor Stinner", "description": "Python binding of libnuclient library, object oriented", "long_description": open('README').read(), "classifiers": CLASSIFIERS, "license": nuclient.LICENSE, "packages": ["nuclient"], "package_dir": {"nuclient": "nuclient"}, } setup(**install_options) if __name__ == "__main__": main() nufw-2.4.3/python/nuclient/0000777000175000017500000000000011431215443012644 500000000000000nufw-2.4.3/python/nuclient/version.py0000644000175000017500000000014211431206275014617 00000000000000VERSION = "0.0" LICENSE = "GNU GPLv2" WEBSITE = "http://software.inl.fr/trac/wiki/EdenWall/NuFW" nufw-2.4.3/python/nuclient/__init__.py0000644000175000017500000000007311431206275014674 00000000000000from nuclient.func import * from nuclient.classes import * nufw-2.4.3/python/nuclient/func.py0000644000175000017500000001134511431206275014074 00000000000000# Copyright(C) 2007 INL # Written by Victor Stinner # # $Id$ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, version 3 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. """ Python binding of nuclient library functions """ from ctypes import (cdll, c_char_p, c_int, c_ubyte, POINTER, Structure) library = cdll.LoadLibrary('libnuclient.so') #-------------------------------------------------------------------------- # Define nuauth_session_p and nuclient_error_p: pointer to fake structures class nuauth_session_t(Structure): # Opaque structure, want don't need to know it pass nuauth_session_p = POINTER(nuauth_session_t) class nuclient_error_t(Structure): # Opaque structure, want don't need to know it pass nuclient_error_p = POINTER(nuclient_error_t) #-------------------------------------------------------------------------- # int nu_client_error_init(nuclient_error_t **err); nu_client_error_init = library.nu_client_error_init nu_client_error_init.argstype = (POINTER(nuclient_error_p),) nu_client_error_init.restype = c_int # void nu_client_error_destroy(nuclient_error_t *err); nu_client_error_destroy = library.nu_client_error_destroy nu_client_error_destroy.argstype = (POINTER(nuclient_error_p),) nu_client_error_destroy.restype = None # nuauth_session_t *nu_client_new(const char *username, # const char *password, # unsigned char diffie_hellman, # nuclient_error_t *err); nu_client_new = library.nu_client_new nu_client_new.argstype = (c_char_p, c_char_p, c_ubyte, nuclient_error_p) nu_client_new.restype = nuauth_session_p # int nu_client_global_init(nuclient_error_t *err); nu_client_global_init = library.nu_client_global_init nu_client_global_init.argstype = (nuclient_error_p,) nu_client_global_init.restype = c_int # void nu_client_global_deinit(); nu_client_global_deinit = library.nu_client_global_deinit nu_client_global_deinit.argstype = None nu_client_global_deinit.restype = None # int nu_client_connect(nuauth_session_t * session, # const char *hostname, # const char *service, # nuclient_error_t *err); nu_client_connect = library.nu_client_connect nu_client_connect.argstype = (nuauth_session_p, c_char_p, c_char_p, nuclient_error_p) nu_client_connect.restype = c_int # void nu_client_reset(nuauth_session_t * session); nu_client_reset = library.nu_client_reset nu_client_reset.argstype = (nuauth_session_p,) nu_client_reset.restype = None # void nu_client_delete(nuauth_session_t * session); nu_client_delete = library.nu_client_delete nu_client_delete.argstype = (nuauth_session_p,) nu_client_delete.restype = None # const char *nu_get_version(); nu_get_version = library.nu_get_version nu_get_version.argstype = None nu_get_version.restype = c_char_p # int nu_check_version(const char *version); nu_check_version = library.nu_check_version nu_check_version.argstype = (c_char_p,) nu_check_version.restype = c_int # char *nu_get_home_dir(); nu_get_home_dir = library.nu_get_home_dir nu_get_home_dir.argstype = None nu_get_home_dir.restype = c_char_p # const char *nu_client_strerror(nuclient_error_t *err); nu_client_strerror = library.nu_client_strerror nu_client_strerror.argstype = (nuclient_error_p,) nu_client_strerror.restype = c_char_p # int nu_client_check(nuauth_session_t *session, nuclient_error_t *err); nu_client_check = library.nu_client_check nu_client_check.argstype = (nuauth_session_p, nuclient_error_p) nu_client_check.restype = c_int # void nu_client_set_verbose(nuauth_session_t * session, # unsigned char enabled); nu_client_set_verbose = library.nu_client_set_verbose nu_client_set_verbose.argstype = (nuauth_session_p, c_ubyte) nu_client_set_verbose.restype = None DEFAULT_PORT = 4129 __all__ = ( "nuauth_session_p", "nuclient_error_p", "nu_get_version", "nu_check_version", "nu_get_home_dir", "nu_client_error_init", "nu_client_error_destroy", "nu_client_global_init", "nu_client_global_deinit", "nu_client_new", "nu_client_delete", "nu_client_connect", "nu_client_check", "nu_client_set_verbose", "nu_client_strerror", "DEFAULT_PORT", ) nufw-2.4.3/python/nuclient/classes.py0000644000175000017500000000670411431206275014601 00000000000000# Copyright(C) 2007 INL # Written by Victor Stinner # # $Id$ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, version 3 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. """ NuclientError and Nuclient classes: Python object API for libnuclient """ from nuclient import ( nuclient_error_p, nu_client_error_init, nu_client_error_destroy, nu_client_global_init, nu_client_global_deinit, nu_client_new, nu_client_delete, nu_client_check, nu_client_set_verbose, nu_client_connect, nu_client_strerror, DEFAULT_PORT) from ctypes import byref class NuclientError(RuntimeError): def __init__(self, when, error): message = "%s! Problem: %s" % (when, nu_client_strerror(error)) RuntimeError.__init__(self, message) class Nuclient: def __init__(self, username, password, diffie_hellman=True): self._init_error = False self._global_init = False self.session = None assert isinstance(username, unicode) assert isinstance(password, unicode) self.username = username self.password = password self.error = nuclient_error_p() self.init() self.session = nu_client_new( self.username.encode("utf8"), self.password.encode("utf8"), diffie_hellman, self.error) if not self.session: raise NuclientError("nu_client_new", self.error) def init(self): # Allocate error structure if not self._init_error: if nu_client_error_init(byref(self.error)) != 0: raise MemoryError("Cannot init error structure!") self._init_error = True # global libnuclient init if not self._global_init: if not nu_client_global_init(self.error): raise NuclientError("Unable to initiate nuclient library!", self.error) self._global_init = True def deinit(self): if self._global_init: nu_client_global_deinit() self._global_init = False if self._init_error: nu_client_error_destroy(self.error) self._init_error = False if self.session: nu_client_delete(self.session) self.session = None def __del__(self): self.deinit() def connect(self, hostname, port=None): if not port: port = str(DEFAULT_PORT) assert isinstance(hostname, str) assert isinstance(port, str) ok = nu_client_connect(self.session, hostname, port, self.error) if not ok: raise NuclientError("Unable to connect to %s:%s" % (hostname, service), self.error) def verbose(self, enabled): assert isinstance(enabled, bool) nu_client_set_verbose(self.session, enabled) def check(self): connected = nu_client_check(self.session, self.error) return (connected == 1) __all__ = ("NuclientError", "Nuclient") nufw-2.4.3/python/test_nuclient.py0000755000175000017500000000541011431206275014177 00000000000000#!/usr/bin/python # Copyright(C) 2007 INL # Written by Victor Stinner # # $Id$ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, version 3 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. """ Example of libnuclient use """ from nuclient import ( nu_get_version, nu_check_version, nu_get_home_dir, NuclientError, Nuclient, DEFAULT_PORT) from optparse import OptionParser from sys import exit, stderr from time import sleep def parseOptions(): parser = OptionParser(usage="%prog -u USERNAME -p PASSWORD HOSTNAME [options]]") parser.add_option("--username", "-u", help="NuFW username", action="store", type="str", default=None) parser.add_option("--password", "-p", help="NuFW password", action="store", type="str", default=None) parser.add_option("--port", help="NuFW port number (default: %s)" % DEFAULT_PORT, type="int", default=None) options, arguments = parser.parse_args() if len(arguments) != 1 \ or not options.username \ or not options.password: parser.print_help() exit(1) return options, arguments[0] def makeUnicode(text): # FIXME: Detect command line charset return unicode(text, 'utf8') def main(): options, hostname = parseOptions() # version = nu_get_version() # print "Version: %r" % version # print "Check version: %r" % bool(nu_check_version(version)) # print "Home: %r" % nu_get_home_dir() # print try: username = makeUnicode(options.username) password = makeUnicode(options.password) try: nuclient = Nuclient(username, password) nuclient.verbose(False) if options.port: port = str(options.port) else: port = None nuclient.connect(hostname, port) except KeyboardInterrupt: print >>stderr, "Interrupted!" exit(1) try: print "Connected to %s" % hostname while nuclient.check(): sleep(1) print "Lost connection!" except KeyboardInterrupt: print >>stderr, "Quit." except NuclientError, error: print >>stderr, str(error) exit(1) if __name__ == "__main__": main() nufw-2.4.3/ChangeLog0000644000175000017500000006516511431206275011210 000000000000002.4.3 (2010/08/13) - libnuclient: switch to next best mechanism if first one fails (Eric Leblond) - libnuclient: if auth fails with GSSAPI, retry with PLAIN (Pierre Chifflier) - libnuclient: avoid strlen usage at each iteration. (Eric Leblond) - libnuclient: tcp table reading optimisation (Eric Leblond) - libnuclient: fix segfault when computing hash of a deleted file (Pierre Chifflier) - nuauth: fix period handling (Eric Leblond) - nuauth: fix nufw counter leak (Eric Leblond) - nuauth: factorize nufw counter increase. (Eric Leblond) - nuauth: use atomic operation for nufw counter (Eric Leblond) - nuclient: add option to give SASL mech list (Pierre Chifflier) - nuauth: add option -q (quiet) to disable logging to stdout (Pierre Chifflier) 2.4.2 (2010/05/27) - log_mysql: don't over stress nuauth after DOS mode (Eric Leblond) - libnuclient: fix memory leak. (Eric Leblond) - nuauth: avoid double logging of some packets (Eric Leblond) - nussl: add support for several CA certificates in one PEM file (Pierre Chifflier) - Revert "NuSSL: fix sub CA" (Pierre Chifflier) 2.4.1 (2010/05/12) - libnussl: fix sub CA support - libnuclient: fix proc hash handling - nuauth_command: add thread pool information - nuauth_command: add "resfresh crl" command 2.4.0 (2010/03/02) - libnuclient: treat a read error - nussl: fix DN building in openssl mode - nuauth: set timestamp for connection message - log_ulogd2: update plugin 2.4.0-rc1 (2010/02/11) - pgsql: authentication failure logging - libnuclient: fix file descriptor leak - libnuclient: CPU usage optimization - nufw: switch libnetfilter_conntrack code to new API - log_ulogd2: update plugin - nuauth: don't reject packet when appname is invalid - client proto: negotiate protocol version 2.4.0-beta1 (2009/08/21) - Support for plugin in libnuclient - Protocol extension via plugin - configuration file for nufw and client - nussl: TLS abstraction library - nuconfparser: Configuration library - nubase: Common use library - Client compute hash of application for advanced filtering - Auth quality support - Improved client-authentication server protocol - log_ulogd2 module: log packet via ulogd2 - postauth_localuser module: sample postauthentication protocol - NuFW: introduce protocol client version 5 to add authentication failure message on client side - Nuauth: add a flag to be able to disable log on a per-rule basis 2.2.10 (2007/12/04) - log_mysql: fix log prefix (avoid double ":" when used with nuface) - nuauth: fix crash when nufw is misconfigured and sends improper packet - improved BSD compatibility 2.2.9 (2007/11/26) - nuauth: leave when a module fails to load - nuauth: correctly fills headers of messages to nufw - plaintext module: parse needed files at start - nufw: ignore return of nfq_unbind_pf() due to change in linux 2.6.23. - nuauth: introduce nuauth_proto_wait_delay to get around a nasty connection problem on laggy network. 2.2.8 (2007/11/07) - libnuclient, nuauth: fix protocol 2.2 on big endian. - log_mysql: add documentation file and add a IPv4 and an IPv6 dump - build system: improve autoconf compliance - nufw: fix infinite loop when nufw has no support for conntrack but when nuauth try to kill connection 2.2.7 (2007/10/29) - nuaclgen: add support for userid based ACLs. - nuauth: fix SASL rare crash on client authentication failure (sasl_dispose) - nuauth: fix command line parser: -p and -l were limited to 3 characters - nuauth: fix a buffer overflow (3 bytes) in base64 encoding function - nuauth: improve certificate file error handling - nuauth: leaver if socket command file is unavailable - pam_nufw: fix memset usage 2.2.6 (2007/10/09) - nuauth: fix rare bug causing infinite loop - Add auth_mysql module : authentication and ip authentication against a MySQL database - nuauth: introduces nuauth_single_user_client_limit and nuauth_single_ip_client_limit - nuauth: add capability to bind on multiple addresses - nuauth: can now have user-id based acls 2.2.5 (2007/09/10) - fix clients' Makefile for compatibility with automake 1.10 - bugfix: disallow change of ipauth option on reload to avoid a crash - fix race condition (multi-threading) in system module (PAM) 2.2.4 (2007/08/20) - plaintext: fix parsing of IPv4 address - log_syslog: log with IPv4 address and not IPv4 in IPv6 - nuauth: don't log packet appended to a connection - nuauth: improve some debug areas settings - nuauth: fix period handling - log_mysql, log_pgsql: fix a rare crash related to improper format string for 64 bits counters 2.2.3 (2007/08/01) - libnuclient: fix compilation when used in external client. - nufw: ask kernel to drop packet when nuauth can't be reached. - nuauth: add some check when dealing with certificate expiration. - NuFW: recover ICMP reject functionnality. - log_mysql: handle reconnect as mysql default as changed with 5.0. - Test system: add test of ICMP reject functionnality. - nuauth: fix closing of user session in database logging modules. 2.2.2 (2006/06/26) - log_mysql: fix logging of connection closing - NuFW: fix incompatibility between i386 and x86_64 due to alignement problem. This break compatibility with previous NuFW 2.2. - nufw: for TCP connection, only send message when session switch to ESTABLISHED and get destroyed. - nuauth: change criticity of some debug message to ease detection of protocol mistakes. - NuFW: separate version number of client and nufw protocols - NuFW: switch protocol number to v22_2 to be able to warn about incompatibility probem. - nuauth: log IP in IPv4 format when they are IPv4 - log_syslog: log authentication failures - nuauth: fix crash when nufw sends non SYN packet 2.2.1 (2007/06/17) - port change: IANA has assigned 4128 and 4129 to nufw and nuauth - x509_std: code cleaning and fix potential crash - NuFW: fix compilation on some distribution (for AMD64 architecture) - client manager: close the client socket even if shutdown fails - pam_nufw: fix free(home) in _get_runpid() - nutcpc: fix creation of .nufw directory - nuauth: fix memory leak in debug messages 2.2.0 (2007/05/29) - log_mysql: fix prefix setting in a sub case. - nuauth: improve doxygen documentation. 2.2.0-rc3 (2007/05/23) - By default, do not compile pam_nufw anymore. - nutcpc does now check presence of certificate authority. - Complete rewrite of debian packaging. - log_nuprelude: Add user info to idmef message when there is authentication failure. - nuauth: implement acl ordering (prio_to_nok=2) - mark_flag: new module used to modify packet mark using acl indication 2.2.0-rc2 (2007/04/27) - nuauth: add declaration of thread_pool_push - ldap: optimize filter - NuFW is now compatible with automake1.10 - nufw: fix problem for host with libnetfilter_queue but without the latest iface related modifications. - nutcpc: add option -a to specify nuauth DN in certificate. - log_mysql: set protocol information in compatibility mode - libnuclient: restore some interesting features of 2.0 API - NuFW: fix certificate authentication - tests: new system for doing unitary tests on NuFW - log_mysql: add mysql_admin_bofh option to destroy user connections when session finished - mark_field: set mark on packet with glob matching on packet fields - nuauth: fix possible problem on nufw disconnect on busy systems - nuauth: can now have mandatory per-certificate authentication - ldap module: add new option ldap_use_ipv4_schema to have compatibility with IPv4 tools - nuauth: fix crash when nufw send concatenated requests - nuauth: improve debugging messages - nuauth: fix bug when user packet comes first (nufw disconnection). 2.2.0-rc1 (2007/03/08) - log_mysql: add option to log by default in SQL database with IPV4 schema - libnuclient: add nu_get_home_dir function which is not dependant of HOME environment variable - nufw: fix compilation in ipq mode (workaround ipq.h problem) - nufw: modify interface name fetching code - NuFW: Port of 2.0 modifications (from r2715 to r2728) - implement globbing matching in application filtering - add support for flags on acl - implement async logging following flag setting - cache is now resetted during reload - nuauth: command mode through a unix socket and a python script is given as exemple - nuauth: modify thread pools system (better handling of signals) - nufw: add -A to set debug areas and adjust areas in code 2.1.1 (2007/01/03) - suppress ldap authentication code - add support for log prefix - add support for guest group - mark_group: new module dedicated to packet marking - NuFW: doxygen documentation improvement - NuFW: support for interface name transmission from kernel to nuauth 2.1.0 (2006/09/01) - fix period handling (user OR and and AND between period item of a period) - fix memory leak in ldap module - IPv6 support: - clients, nufw and nuauth are able to communicate using IPv4 or IPv6 - nuauth store all addresses in IPv6 structure, IPv4 use format "::ffff:[ipv4]" - MySQL store IP address in BINARY(16) instead of INTEGER field - Prelude, MySQL, PostgreSQL, etc. modules support IPv6 addresses - Plaintext module is able to parse IPv4 and IPv6 addresses - Rejectting a packet can send ICMP(v4) or ICMPv6 (depending on source IP address type) - support ICMPv6 protocol - new client API, main changes: - don't use callback to get username, password and tls password anymore: directly send the strings - don't delete the session when loosing connection: just delete old TLS session (and socket) using a "reset" function - keep same Diffie Hellman parameters for the session (don't regenerate them on each reconnection): that's good because it looks to use lot of CPU (and maybe /dev/random) - the client send username and password in UTF-8 - don't make core dump on fatal errors (in nuauth, nutcpc and pam_nufw) - libnuclient: use gcrypt_malloc_secure() to disallow username and password to be moved to the swap - protocol v3 compatibility (for client and nufw server) - Introduce two new modules type: - user_session_modify : called when auth is successfull this module can modify all params (usefull to set expire or something else) - finalise_packet: modify packet content just before decision (useful to set mark and/or expire according to advanced policy) - Accounting capabilities: conntrack is now dumping accounting information 2.0 (2005/05/22) - nuauth : fix period handling - libnuclient : fix crash when specified hostname is unvalid - nutcpc : do not try to reconnect if password has changed, this will avoid to block user account after multiple retries - pam_nufw : initial release 2.0-rc2 (2006/05/15) - nuauth : add sanity check on type of field contained in a packet - libnuclient : fix MacOSX port - nuauth SQL user session logging : close opened user session when leaving or when starting - nuauth modules : systematic use of static declared function to avoid conflict 2.0-rc1 (2006/05/04) - nufw : fix possible problem with connection fixed timeout and NAT - nufw : add -M option to use mark to select conntrack event to be sent to nuauth - NuFW : fix hello mode authentication - doxygen documentation improvement - nuauth : add antispoofing test to hello mode authentication 2.0-beta2 (2006/06/27) - nuauth : fix period reloading - nuauth : fix logging as UNAUTHENTICATED DROP of established packet - nuauth: fix bug in policy test 2.0-beta1 (2006/04/24) - nuauth : bugfix on the PostGreSQL log module thanks to Julian Reich - nuauth :fix bug in max client number test - nuauth|nufw : really close socket in all cases now - nuauth : certificate checking improvement - nuauth : separate sasl and tls code - nufw: cleaning of tls end of session - linuclient : introduce nu_client_global_init to avoid multiple global initialisation of gnutls and sasl - define protocol version 3 : protocol version 2 with a fix on endianess - nuauth : fix crash when multiple logging modules are used (if one of them is mysql) - libnuclient : free connection table - libnuclient : fix multithreaded code - nuauth: store user identifiers in 32 bits (and not 16), but still send user id. in 16 bits to nufw (with a warning) - new configure option: --with-perf-display, display benchmark of user authentification - nuauth: fixes about buffer underflow, check that received packet are big enough before casting them to structure - nufw and nuauth: fix buffer overflow caused: replace strncpy with the new macro SECURE_STRNCPY which always write '\0' on last position, and replace call like sscanf(..., "%10s", ...) with SECURE_STRNCPY - nufw: whole code is documented using doxygen syntax - nufw and nuauth: use shorter syntax to display debug messages - nufw and nuauth: fixes to make them compile in strict ANSI mode with gcc (using -ansi option) - nufw and nuauth: fix memory leaks, some of them detected with the great tool Valgrind - nuauth: reorganize source code, split big function in small sub-functions and move some functions in new files - nufw and nuauth: remove dead code and unused variable/macro - nufw and nuauth: use more explicit names for variables and structures, rename for example 'c' to 'socket' - nuauth, module script: fix a security bug, quote script arguments - small changes to make flawfinder and rats tools happy - replace obsolete usleep() with nanosleep() - Introduce lock in tls code because gnuTLS is NOT really threadsafe (does NOT support thread sending on the same TLS session) - stronger security in mysql and postgresql modules: use secure_sprintf() instead of classic sprintf() and quote all user strings - stronger security in script module: quote all arguments - fix some minor bugs detected by Valgrind - check inet_ntop() and inet_addr() errors - small changes to make nufw and nuauth source code ANSI C compliant - fix gcc compilation flags: use -O0 in bug mode instead of -02, and detect all warnings with -Wextra (or -W for gcc < 4.0) - use pointer and not object during logging - bugfix:nuauth: don't crash anymore if configuration file doesn't exist - nuauth: fix gnutls problem (multithread writing and reading) - nuauth: multiple modules with separate conf - nuauth: stop threads (and thread pools) before exiting NuAuth. Use a mutex to ask a thread to stop. Each thread use timeout of one second, and don't use any blocking function anymore (use function with timeout instead: eg. use g_async_queue_timed_pop() instead of g_async_queue_pop()) - nuauth: port of system_convert_username_to_lowercase option (from 1.0) - NuFW : ICMP reject via decision 3. - xml_defs : new module for periods definition - nuauth : add nuauth_module_certificate_check and nuauth_module_certificate_to_uid configuration variables (work sponsorised by EOLE) - x509_std : new module with standard check and function for nuauth_module_certificate_check and nuauth_module_certificate_to_uid - nuauth : modify config file parsing to avoid memory leak - nuauth : add option nuauth_debug_area to be able to specify logging area - nuauth: add Prelude IDS module which can log packet events and user session. - nuauth : nuauth_reject_authenticated_drop option is now here to choose if we drop or reject ACL that match IPV4 header but when user is not in the group. - nuauth : period checking is now done in main code (not in module anymore) to avoid problem with cache. - move conffile.h from src/nuauth/include to src/nuauth and suppress src/nuauth/include 1.1.3 (2006/01/25) - nutrackd : PostGreSQL support - Fixes in the PostGreSQL log module (removed the useless server_port variable, fixed a very stupid strlen bug on port) - nufw|nuauth : expiration of connection is now possible - nufw : new switch -C to handle conntrack destroy event by sending a message to nuauth. This is mandatory for connection expiration system. - nuauth : handle nufw destroy message - nufw : restore compilation of nufw in libipq mode - nuauth : introduce a ppol of thread for user session logging - nuauth : fix a stupid but critical bug on module reloading - nuauth : introduce nuauth_number_session_loggers to specify the number of threads in the user session logging pool - nuauth : change type of limited_connection_handler to suppress compilation warning - nuauth : new hook for time period definition - plaintext : add period check - plaintext : add example for time period creation (define '5x8' period) - nutcpc : working on freebsd :-) (but mono user for the moment) - nutcpc : working on Mac OS X :-) (but mono user for the moment) - nuauth : user connect policy (see config file for detail) - libnuclient : fix typo that could cause a hang - nuauth : a user session duration can now be set 1.1.2 (2005/12/22) - nufw : new threads architecture - libnuclient : fix potential problem with new thread architecture - nuauth : modules reloading - nuauth : config reloading (partial) - nutrackd : config file option added and an example conf is now provided 1.1.1 (2005/12/14) - new session logging module system (hook at user connection and disconnection) - libscript : new session logging module - log_mysql module : now able to log connection event to a dedicated table - libnuclient : new threads organisation, it should now be thread-safe 1.1.0 (2005/12/06) - full "a posteriori" IP authentication for mono user system via hello message system - nufw : port to libnetfilter_queue - NuFW : many small fixes in the debian/ subdir : start in correct runlevels, have smoother init scripts. - nutcpc : add -l option to disable use of lock - NuFW : all exchanges between clients and nuauth are now done in UTF-8 by default. Use --with-utf8 at configure time to select this behaviour on client side. - plaintext module : cleaning and icmp support - increase internal message usage instead of sending directly structure to queue. - nufw : get rid of old UDP protocol - nuauth : fix double free problem linked with string_escape function - libnuclient : new algo in push mode - libnuclient : UDP support, need recent kernel - nuauth : multi modules support - nutrackd : brand new connection tracking system based on libconntrack 1.0.11 (2005/07/26) - NuFW : port to big endian architecture. It has been tested on a powerpc. - nuauth : fix a bug that causes nuauth to crash when launched with an empty nuauth.conf - nufw : better handling of non-IP packet - nufw : added option -n to permit a strict match of the nuauth certificat - nuauth : client certificat check is stricter - nuauth : better handling on incorrect user OS announce 1.0.10, "Michel Rocard" release (2005/07/13) - libnuclient : ignore SIGPIPE to avoid crash when HELLO packet can not be sent 1.0.9 (2005/07/04) - NuFW : added a USER_HELLO message to be able to detect broken connnection really fast. - NuFW : Documentation update - nuauth : user packet decoding code cleanup 1.0.8 (2005/06/10) - nutcpc : suppress useless opening of /dev/random in nu_client_init2 1.0.7 (2005/06/07) - nuauth : remove a double free in postgresql module 1.0.6 (2005/06/02) - libnuclient : add copyright in nuclient.h - libnuclient : add code for integration of libnuclient in C++ project - nutcpc : add -V flag to print version - nuauth : build fixes for gcc 3.4 (was checking for the return of some void functions) - nuauth : solve problem whith pgsql log module in nuauth_log_users_strict mode - libnuclient : add TCP_KEEPALIVE option on socket - nutcpc : add -k option to kill current nutcpc 1.0.5 (2005/05/16) - added nuauth_log_users_without_realm : remove realm from username before logging - libnuclient : now authenticate packet which are SYN retransmit 1.0.4 (2005/05/09) - tls_sasl_worker number of threads is set from a variable now. - timeout on authentication negotiation can now be set with nuauth_auth_nego_timeout option - nufw : tls session ending and restart is now treaded correctly - libnuclient : handle an error case as it should be 1.0.3 (2005/04/29) - cleanly get out of sasl negotiation - suppress useless debug messages - client lib now does not require certificates when nu_client_init is called (nuapplet case) - add a check of mysql ssl function existence in configure - clean tls and sasl related code - add mutex in pam module because pam_winbind is not thread safe - correct MySQL and Pgsql log modules to log unauthenticated drop - solve restart problem by setting option SO_REUSEADDR on socket - add KEEPALIVE on connection socket to detect dead connections - add system_convert_username_to_uppercase option to have username convert automatically to uppercase if needed - should fix an endianess problem on PPC (for client lib) 1.0.2 (2005/03/29) - add nuauth_number_loggers in config file - nufw can now verify nuauth server certificates (specify ca file with -a to do so) - structure.h is now in the nufw directory as it is only used by it - nuauth certificat check is now more strict - libnuclient does not require a certificate and a key, this is now optional - fix crash of nufw in debug mode 7 and over (when running as daemon) - plaintext module fix : now correctly answer when an acl with no group is found 1.0.1 (2005/03/16) - log strict was not implemented strictly, this is now really strict - small patch applied to cleanly compile on mipsel (thanks to Florian Fainelli) 1.0.0 (2005/03/08) - add tags DEBUG_ENABLE to speed up things - add configure option --with-debug - suppress some compilation warnings - remove useless AC_DEFUN in configure.ac - nuaclgen display modified for equality filter 1.0.0-rc2 (2005/03/01) - works on autoconf to solve excessive linking - nufw answer correctly to -V and -h - nufw compilation is not done if libipq is not present - authentication by certs now fallback to password based authentication to support generic certs - nuauth tls server for nufw now correctly handles violent disconnect - nuauth tls server for client handles better network problem 1.0.0-rc1 (2005/02/16) - get around bug link with g_message - initial 64bit port - code cleaning - nutcpc : support renegociation - logging : restore user numeric support - pam compilation is now optional - plaintext : 64 bit port - logging : finish app and os logging - nuauth : add support for multiusers client - libnuclient : correct packet generation code - rework cache code and make it optionnal 0.9.6 (2004/12/14) - mysql and postgresql log module updates : added username where missing, now supporting the client_os and client_app SQL fields. See doc/MIGRATING-TO-0.9.6 for upgrade instructions. - ident module fix - ldap module : schema change and appname and osname - nuaclgen : switch to use equality schema by default - SQL logging : application name and osname support - TLS : certificat verification support - TLS : complete option management - certificate authentication (SASL EXTERNAL mechanism) - system authentication module (pam+system) - nu_client_init2 : use callbacks with sasl and tls 0.9.5 (2004/10/20) - infrastructure for ip authentication - ident module for ip authentication (experimental, does not work when nuauth is in daemon mode) - ipq.h problem with redhat solved - fix bugs related to acl check when ready - configure.ac modification for module support - user check module now receive user@domain - plaintext module : use lists of ports (or ports ranges) in the plaintext ACLs - plaintext module : Add multiple IP addresses (or subnet) in a same rule. 0.9.4 (2004/10/04) - new push system : after having received packet, nuauth warns clients on a concerned computer that they need to check if they have emit a packet. - use private datas in queue system for cache answer 0.9.3 (2004/09/23) - libnuclient : reconnect is automatic - libnuclient : better error handling via errno - nufw : signal handling for verbosity - nuauth : application filtering support (modules : plaintext) - nuauth : OS filtering support (modules : plaintext) 0.9.2 (2004/09/08) - change unused field id_gw to a packet_length field in nufw->nuauth packet. - libnuclient works correctly now (nuapplet and nutcpc are ok) - nufw_gw_addr is now a list : first entry is udp server AND all entries are authorized nufw servers - more strict on cache usage accounting (atomic operation) - intercept sigpipe on nufw 0.9.1 (2004/09/02) - nuauth : now outputs some information (through g_message) when receiving signal POLL - nuauth : signal USR1 increases log level, USR2 decreases it. - client datas are now stored in a hash (this solve a bug on connect) - include necessary Makefile.am in the doc directory - TLS exchange between nufw and nuauth - multiple nufws per nuauth 0.9.0 (2004/08/26) - protocol 2 - use TLS+SASL - cache system for acl - per connection datas for user 0.8.2 (2004/07/30) - user logging level is finally taken into account - connectio hash code optimisation - some man pages and docs 0.8.1b (2004/07/20) - correct nuclient.h header 0.8.1 (2004/07/14) - client library - little code and packaging cleaning 0.8 (2004/07/02) - username logging in SQL database when log sync is enable - security fix on nufw 0.7.1 (2004/06/14) - add option for SSO feature : log before granted packet - major code cleaning 0.7 (2004/03/31) - SSL encryption between client and server - correct handle of a limit case on reemission - optimisation of ldap module 0.6.5 (2004/03/11) - correct problem with bad packets - optimisation of hash related code - warning suppression - LDAP and mysql with SSL support - nutcpc improved 0.6.4 (2004/01/09) - correct locking problems - don't exit on socket read problem 0.6.3 (2004/01/07) - change syslog log module output for established packet - give a nutop.conf example 0.6.2 (2004/01/05) - correct bug on user packet parsing - "clean" rewrite of search_and_fill function - packet timeout is checked now 0.6.1 (2003/12/09) : - Correct bug on acl DROP - Clean lock system - NuFW send Control message when needed 0.6.0 (2003/12/02): - Mysql and PostgreSQL users activity logging fully functionnal and tested - Updated Config file so it suits all possible features - Debugged some problems on ACL checking 0.5.4 (2003/11/19) - nuauth conntrack modification - config file stuffs 0.5.3 (2003/10/29) - nuauth conntrack modification 0.5.2 (2003/10/20) - added capability to mark packet with userid 0.5.1 (2003/10/02) - new GDBM user check modules - external modules structure fixed - mutex and memory leak problem solved 0.5 (2003/09/29) - configuration file for nuauth - external auth modules for nuauth - using syslog 0.4 (2003/09/17) - code cleaning - improvement in protocol security 0.3 (2003/09/01) - first complete release 0.1a (2003/07/04) - use of autoconf - a miniserver is provided nufw-2.4.3/install-sh0000755000175000017500000003246411431215376011440 00000000000000#!/bin/sh # install - install a program, script, or datafile scriptversion=2006-12-25.00 # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the # following copyright and license. # # Copyright (C) 1994 X Consortium # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to # deal in the Software without restriction, including without limitation the # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or # sell copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN # AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- # TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # # Except as contained in this notice, the name of the X Consortium shall not # be used in advertising or otherwise to promote the sale, use or other deal- # ings in this Software without prior written authorization from the X Consor- # tium. # # # FSF changes to this file are in the public domain. # # Calling this script install-sh is preferred over install.sh, to prevent # `make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. nl=' ' IFS=" "" $nl" # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. doit=${DOITPROG-} if test -z "$doit"; then doit_exec=exec else doit_exec=$doit fi # Put in absolute file names if you don't have them in your path; # or use environment vars. chgrpprog=${CHGRPPROG-chgrp} chmodprog=${CHMODPROG-chmod} chownprog=${CHOWNPROG-chown} cmpprog=${CMPPROG-cmp} cpprog=${CPPROG-cp} mkdirprog=${MKDIRPROG-mkdir} mvprog=${MVPROG-mv} rmprog=${RMPROG-rm} stripprog=${STRIPPROG-strip} posix_glob='?' initialize_posix_glob=' test "$posix_glob" != "?" || { if (set -f) 2>/dev/null; then posix_glob= else posix_glob=: fi } ' posix_mkdir= # Desired mode of installed file. mode=0755 chgrpcmd= chmodcmd=$chmodprog chowncmd= mvcmd=$mvprog rmcmd="$rmprog -f" stripcmd= src= dst= dir_arg= dst_arg= copy_on_change=false no_target_directory= usage="\ Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE or: $0 [OPTION]... SRCFILES... DIRECTORY or: $0 [OPTION]... -t DIRECTORY SRCFILES... or: $0 [OPTION]... -d DIRECTORIES... In the 1st form, copy SRCFILE to DSTFILE. In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. In the 4th, create DIRECTORIES. Options: --help display this help and exit. --version display version info and exit. -c (ignored) -C install only if different (preserve the last data modification time) -d create directories instead of installing files. -g GROUP $chgrpprog installed files to GROUP. -m MODE $chmodprog installed files to MODE. -o USER $chownprog installed files to USER. -s $stripprog installed files. -t DIRECTORY install into DIRECTORY. -T report an error if DSTFILE is a directory. Environment variables override the default commands: CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG " while test $# -ne 0; do case $1 in -c) ;; -C) copy_on_change=true;; -d) dir_arg=true;; -g) chgrpcmd="$chgrpprog $2" shift;; --help) echo "$usage"; exit $?;; -m) mode=$2 case $mode in *' '* | *' '* | *' '* | *'*'* | *'?'* | *'['*) echo "$0: invalid mode: $mode" >&2 exit 1;; esac shift;; -o) chowncmd="$chownprog $2" shift;; -s) stripcmd=$stripprog;; -t) dst_arg=$2 shift;; -T) no_target_directory=true;; --version) echo "$0 $scriptversion"; exit $?;; --) shift break;; -*) echo "$0: invalid option: $1" >&2 exit 1;; *) break;; esac shift done if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. # Otherwise, the last argument is the destination. Remove it from $@. for arg do if test -n "$dst_arg"; then # $@ is not empty: it contains at least $arg. set fnord "$@" "$dst_arg" shift # fnord fi shift # arg dst_arg=$arg done fi if test $# -eq 0; then if test -z "$dir_arg"; then echo "$0: no input file specified." >&2 exit 1 fi # It's OK to call `install-sh -d' without argument. # This can happen when creating conditional directories. exit 0 fi if test -z "$dir_arg"; then trap '(exit $?); exit' 1 2 13 15 # Set umask so as not to create temps with too-generous modes. # However, 'strip' requires both read and write access to temps. case $mode in # Optimize common cases. *644) cp_umask=133;; *755) cp_umask=22;; *[0-7]) if test -z "$stripcmd"; then u_plus_rw= else u_plus_rw='% 200' fi cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; *) if test -z "$stripcmd"; then u_plus_rw= else u_plus_rw=,u+rw fi cp_umask=$mode$u_plus_rw;; esac fi for src do # Protect names starting with `-'. case $src in -*) src=./$src;; esac if test -n "$dir_arg"; then dst=$src dstdir=$dst test -d "$dstdir" dstdir_status=$? else # Waiting for this to be detected by the "$cpprog $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if test ! -f "$src" && test ! -d "$src"; then echo "$0: $src does not exist." >&2 exit 1 fi if test -z "$dst_arg"; then echo "$0: no destination specified." >&2 exit 1 fi dst=$dst_arg # Protect names starting with `-'. case $dst in -*) dst=./$dst;; esac # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. if test -d "$dst"; then if test -n "$no_target_directory"; then echo "$0: $dst_arg: Is a directory" >&2 exit 1 fi dstdir=$dst dst=$dstdir/`basename "$src"` dstdir_status=0 else # Prefer dirname, but fall back on a substitute if dirname fails. dstdir=` (dirname "$dst") 2>/dev/null || expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$dst" : 'X\(//\)[^/]' \| \ X"$dst" : 'X\(//\)$' \| \ X"$dst" : 'X\(/\)' \| . 2>/dev/null || echo X"$dst" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q' ` test -d "$dstdir" dstdir_status=$? fi fi obsolete_mkdir_used=false if test $dstdir_status != 0; then case $posix_mkdir in '') # Create intermediate dirs using mode 755 as modified by the umask. # This is like FreeBSD 'install' as of 1997-10-28. umask=`umask` case $stripcmd.$umask in # Optimize common cases. *[2367][2367]) mkdir_umask=$umask;; .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; *[0-7]) mkdir_umask=`expr $umask + 22 \ - $umask % 100 % 40 + $umask % 20 \ - $umask % 10 % 4 + $umask % 2 `;; *) mkdir_umask=$umask,go-w;; esac # With -d, create the new directory with the user-specified mode. # Otherwise, rely on $mkdir_umask. if test -n "$dir_arg"; then mkdir_mode=-m$mode else mkdir_mode= fi posix_mkdir=false case $umask in *[123567][0-7][0-7]) # POSIX mkdir -p sets u+wx bits regardless of umask, which # is incompatible with FreeBSD 'install' when (umask & 300) != 0. ;; *) tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 if (umask $mkdir_umask && exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 then if test -z "$dir_arg" || { # Check for POSIX incompatibilities with -m. # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or # other-writeable bit of parent directory when it shouldn't. # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. ls_ld_tmpdir=`ls -ld "$tmpdir"` case $ls_ld_tmpdir in d????-?r-*) different_mode=700;; d????-?--*) different_mode=755;; *) false;; esac && $mkdirprog -m$different_mode -p -- "$tmpdir" && { ls_ld_tmpdir_1=`ls -ld "$tmpdir"` test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" } } then posix_mkdir=: fi rmdir "$tmpdir/d" "$tmpdir" else # Remove any dirs left behind by ancient mkdir implementations. rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null fi trap '' 0;; esac;; esac if $posix_mkdir && ( umask $mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" ) then : else # The umask is ridiculous, or mkdir does not conform to POSIX, # or it failed possibly due to a race condition. Create the # directory the slow way, step by step, checking for races as we go. case $dstdir in /*) prefix='/';; -*) prefix='./';; *) prefix='';; esac eval "$initialize_posix_glob" oIFS=$IFS IFS=/ $posix_glob set -f set fnord $dstdir shift $posix_glob set +f IFS=$oIFS prefixes= for d do test -z "$d" && continue prefix=$prefix$d if test -d "$prefix"; then prefixes= else if $posix_mkdir; then (umask=$mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break # Don't fail if two instances are running concurrently. test -d "$prefix" || exit 1 else case $prefix in *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; *) qprefix=$prefix;; esac prefixes="$prefixes '$qprefix'" fi fi prefix=$prefix/ done if test -n "$prefixes"; then # Don't fail if two instances are running concurrently. (umask $mkdir_umask && eval "\$doit_exec \$mkdirprog $prefixes") || test -d "$dstdir" || exit 1 obsolete_mkdir_used=true fi fi fi if test -n "$dir_arg"; then { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 else # Make a couple of temp file names in the proper directory. dsttmp=$dstdir/_inst.$$_ rmtmp=$dstdir/_rm.$$_ # Trap to clean up those temp files at exit. trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 # Copy the file name to the temp name. (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && # and set any options; do chmod last to preserve setuid bits. # # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $cpprog $src $dsttmp" command. # { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && # If -C, don't bother to copy if it wouldn't change the file. if $copy_on_change && old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && eval "$initialize_posix_glob" && $posix_glob set -f && set X $old && old=:$2:$4:$5:$6 && set X $new && new=:$2:$4:$5:$6 && $posix_glob set +f && test "$old" = "$new" && $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 then rm -f "$dsttmp" else # Rename the file to the real destination. $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || # The rename failed, perhaps because mv can't rename something else # to itself, or perhaps because mv is so ancient that it does not # support -f. { # Now remove or move aside any old file at destination location. # We try this two ways since rm can't unlink itself on some # systems and the destination file might be busy for other # reasons. In this case, the final cleanup might fail but the new # file should still install successfully. { test ! -f "$dst" || $doit $rmcmd -f "$dst" 2>/dev/null || { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } } || { echo "$0: cannot unlink or rename $dst" >&2 (exit 1); exit 1 } } && # Now rename the file to the real destination. $doit $mvcmd "$dsttmp" "$dst" } fi || exit 1 trap '' 0 fi done # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-end: "$" # End: nufw-2.4.3/NEWS0000644000175000017500000000166211431206275010125 000000000000002010/02/11 : First release candidate of NuFW 2.4.0 2008/05/07 : New config parser for nuauth 2008/05/01 : Libnussl, abstraction library for TLS 2007/09/10 : Add auth_mysql module from http://www.winext.eu 2007/03/18 : work done for 2.2 2006/04/24 : work done for 2.0 2006/01/05 : preliminary freebsd support 2005/10/31 : major reorganisation of the code 2005/02/16 : nufw 1.0-rc1 released. ... ... 2004/01/13 : Implemented Mysql SSL support (untested) 2003/12/09 : Correct bug on acl DROP Clean lock system NuFW send Control message when needed 2003/12/02 : Mysql and PostgreSQL users activity logging fully functionxnal and tested Updated Config file so it suits all possible features Debugged some problems on ACL checking 2003/11/28 : PostGresql Logging functional (tested) Now bind addresses of both daemons are configurable. 2003/09/01 : First alpha release approaching nufw-2.4.3/configure0000755000175000017500000326770211431215375011352 00000000000000#! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.61 for NuFW 2.4.3. # # Report bugs to . # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, # 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## --------------------- ## ## M4sh Initialization. ## ## --------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi # PATH needs CR # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then echo "#! /bin/sh" >conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi # Support unset when possible. if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then as_unset=unset else as_unset=false fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) as_nl=' ' IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. case $0 in *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 { (exit 1); exit 1; } fi # Work around bugs in pre-3.0 UWIN ksh. for as_var in ENV MAIL MAILPATH do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. for as_var in \ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ LC_TELEPHONE LC_TIME do if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then eval $as_var=C; export $as_var else ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var fi done # Required to use basename. if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi # Name of the executable. as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # CDPATH. $as_unset CDPATH if test "x$CONFIG_SHELL" = x; then if (eval ":") 2>/dev/null; then as_have_required=yes else as_have_required=no fi if test $as_have_required = yes && (eval ": (as_func_return () { (exit \$1) } as_func_success () { as_func_return 0 } as_func_failure () { as_func_return 1 } as_func_ret_success () { return 0 } as_func_ret_failure () { return 1 } exitcode=0 if as_func_success; then : else exitcode=1 echo as_func_success failed. fi if as_func_failure; then exitcode=1 echo as_func_failure succeeded. fi if as_func_ret_success; then : else exitcode=1 echo as_func_ret_success failed. fi if as_func_ret_failure; then exitcode=1 echo as_func_ret_failure succeeded. fi if ( set x; as_func_ret_success y && test x = \"\$1\" ); then : else exitcode=1 echo positional parameters were not saved. fi test \$exitcode = 0) || { (exit 1); exit 1; } ( as_lineno_1=\$LINENO as_lineno_2=\$LINENO test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" && test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; } ") 2> /dev/null; then : else as_candidate_shells= as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. case $as_dir in /*) for as_base in sh bash ksh sh5; do as_candidate_shells="$as_candidate_shells $as_dir/$as_base" done;; esac done IFS=$as_save_IFS for as_shell in $as_candidate_shells $SHELL; do # Try only shells that exist, to save several forks. if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { ("$as_shell") 2> /dev/null <<\_ASEOF if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi : _ASEOF }; then CONFIG_SHELL=$as_shell as_have_required=yes if { "$as_shell" 2> /dev/null <<\_ASEOF if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi : (as_func_return () { (exit $1) } as_func_success () { as_func_return 0 } as_func_failure () { as_func_return 1 } as_func_ret_success () { return 0 } as_func_ret_failure () { return 1 } exitcode=0 if as_func_success; then : else exitcode=1 echo as_func_success failed. fi if as_func_failure; then exitcode=1 echo as_func_failure succeeded. fi if as_func_ret_success; then : else exitcode=1 echo as_func_ret_success failed. fi if as_func_ret_failure; then exitcode=1 echo as_func_ret_failure succeeded. fi if ( set x; as_func_ret_success y && test x = "$1" ); then : else exitcode=1 echo positional parameters were not saved. fi test $exitcode = 0) || { (exit 1); exit 1; } ( as_lineno_1=$LINENO as_lineno_2=$LINENO test "x$as_lineno_1" != "x$as_lineno_2" && test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; } _ASEOF }; then break fi fi done if test "x$CONFIG_SHELL" != x; then for as_var in BASH_ENV ENV do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var done export CONFIG_SHELL exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"} fi if test $as_have_required = no; then echo This script requires a shell more modern than all the echo shells that I found on your system. Please install a echo modern shell, or manually run the script under such a echo shell if you do have one. { (exit 1); exit 1; } fi fi fi (eval "as_func_return () { (exit \$1) } as_func_success () { as_func_return 0 } as_func_failure () { as_func_return 1 } as_func_ret_success () { return 0 } as_func_ret_failure () { return 1 } exitcode=0 if as_func_success; then : else exitcode=1 echo as_func_success failed. fi if as_func_failure; then exitcode=1 echo as_func_failure succeeded. fi if as_func_ret_success; then : else exitcode=1 echo as_func_ret_success failed. fi if as_func_ret_failure; then exitcode=1 echo as_func_ret_failure succeeded. fi if ( set x; as_func_ret_success y && test x = \"\$1\" ); then : else exitcode=1 echo positional parameters were not saved. fi test \$exitcode = 0") || { echo No shell found that supports shell functions. echo Please tell autoconf@gnu.org about your system, echo including any error possibly output before this echo message } as_lineno_1=$LINENO as_lineno_2=$LINENO test "x$as_lineno_1" != "x$as_lineno_2" && test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { # Create $as_me.lineno as a copy of $as_myself, but with $LINENO # uniformly replaced by the line number. The first 'sed' inserts a # line-number line after each line using $LINENO; the second 'sed' # does the real work. The second script uses 'N' to pair each # line-number line with the line containing $LINENO, and appends # trailing '-' during substitution so that $LINENO is not a special # case at line end. # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the # scripts with optimization help from Paolo Bonzini. Blame Lee # E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 { (exit 1); exit 1; }; } # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in -n*) case `echo 'x\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. *) ECHO_C='\c';; esac;; *) ECHO_N='-n';; esac if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir fi echo >conf$$.file if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -p'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -p' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p=: else test -d ./-p && rmdir ./-p as_mkdir_p=false fi if test -x / >/dev/null 2>&1; then as_test_x='test -x' else if ls -dL / >/dev/null 2>&1; then as_ls_L_option=L else as_ls_L_option= fi as_test_x=' eval sh -c '\'' if test -d "$1"; then test -d "$1/."; else case $1 in -*)set "./$1";; esac; case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in ???[sx]*):;;*)false;;esac;fi '\'' sh ' fi as_executable_p=$as_test_x # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" # Check that we are running under the correct shell. SHELL=${CONFIG_SHELL-/bin/sh} case X$ECHO in X*--fallback-echo) # Remove one level of quotation (which was required for Make). ECHO=`echo "$ECHO" | sed 's,\\\\\$\\$0,'$0','` ;; esac echo=${ECHO-echo} if test "X$1" = X--no-reexec; then # Discard the --no-reexec flag, and continue. shift elif test "X$1" = X--fallback-echo; then # Avoid inline document here, it may be left over : elif test "X`($echo '\t') 2>/dev/null`" = 'X\t' ; then # Yippee, $echo works! : else # Restart under the correct shell. exec $SHELL "$0" --no-reexec ${1+"$@"} fi if test "X$1" = X--fallback-echo; then # used as fallback echo shift cat </dev/null 2>&1 && unset CDPATH if test -z "$ECHO"; then if test "X${echo_test_string+set}" != Xset; then # find a string as large as possible, as long as the shell can cope with it for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ... if (echo_test_string=`eval $cmd`) 2>/dev/null && echo_test_string=`eval $cmd` && (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null then break fi done fi if test "X`($echo '\t') 2>/dev/null`" = 'X\t' && echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then : else # The Solaris, AIX, and Digital Unix default echo programs unquote # backslashes. This makes it impossible to quote backslashes using # echo "$something" | sed 's/\\/\\\\/g' # # So, first we look for a working echo in the user's PATH. lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for dir in $PATH /usr/ucb; do IFS="$lt_save_ifs" if (test -f $dir/echo || test -f $dir/echo$ac_exeext) && test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' && echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then echo="$dir/echo" break fi done IFS="$lt_save_ifs" if test "X$echo" = Xecho; then # We didn't find a better echo, so look for alternatives. if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' && echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then # This shell has a builtin print -r that does the trick. echo='print -r' elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) && test "X$CONFIG_SHELL" != X/bin/ksh; then # If we have ksh, try running configure again with it. ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh} export ORIGINAL_CONFIG_SHELL CONFIG_SHELL=/bin/ksh export CONFIG_SHELL exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"} else # Try using printf. echo='printf %s\n' if test "X`($echo '\t') 2>/dev/null`" = 'X\t' && echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then # Cool, printf works : elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` && test "X$echo_testing_string" = 'X\t' && echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL export CONFIG_SHELL SHELL="$CONFIG_SHELL" export SHELL echo="$CONFIG_SHELL $0 --fallback-echo" elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` && test "X$echo_testing_string" = 'X\t' && echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then echo="$CONFIG_SHELL $0 --fallback-echo" else # maybe with a smaller string... prev=: for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null then break fi prev="$cmd" done if test "$prev" != 'sed 50q "$0"'; then echo_test_string=`eval $prev` export echo_test_string exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"} else # Oops. We lost completely, so just stick with echo. echo=echo fi fi fi fi fi fi # Copy echo and quote the copy suitably for passing to libtool from # the Makefile, instead of quoting the original, which is used later. ECHO=$echo if test "X$ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo" fi tagnames=${tagnames+${tagnames},}CXX tagnames=${tagnames+${tagnames},}F77 exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` # # Initializations. # ac_default_prefix=/usr/local ac_clean_files= ac_config_libobj_dir=. LIBOBJS= cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='NuFW' PACKAGE_TARNAME='nufw' PACKAGE_VERSION='2.4.3' PACKAGE_STRING='NuFW 2.4.3' PACKAGE_BUGREPORT='nufw-devel@nongnu.org' ac_unique_file="src/nufw/main.c" # Factoring default headers for most tests. ac_includes_default="\ #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_STAT_H # include #endif #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif #ifdef HAVE_STRING_H # if !defined STDC_HEADERS && defined HAVE_MEMORY_H # include # endif # include #endif #ifdef HAVE_STRINGS_H # include #endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif #ifdef HAVE_UNISTD_H # include #endif" ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datarootdir datadir sysconfdir sharedstatedir localstatedir includedir oldincludedir docdir infodir htmldir dvidir pdfdir psdir libdir localedir mandir DEFS ECHO_C ECHO_N ECHO_T LIBS build_alias host_alias target_alias CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT LEX LEX_OUTPUT_ROOT LEXLIB FLEX YACC YFLAGS build build_cpu build_vendor build_os host host_cpu host_vendor host_os SED GREP EGREP LN_S ECHO AR RANLIB STRIP DSYMUTIL NMEDIT CPP CXX CXXFLAGS ac_ct_CXX CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA DOCBOOK2MAN DOCBOOK2PDF LIBOBJS PKG_CONFIG OPENSSL_CFLAGS OPENSSL_LIBS LIBGCRYPT_CONFIG LIBGCRYPT_CFLAGS LIBGCRYPT_LIBS GNUTLS_CFLAGS GNUTLS_LIBS PYTHON e_localstatedir GLIB_CFLAGS GLIB_LIBS GLIB_GENMARSHAL GOBJECT_QUERY GLIB_MKENUMS USE_SYSTEM_AUTH_TRUE USE_SYSTEM_AUTH_FALSE USE_LDAP_TRUE USE_LDAP_FALSE USE_PRELUDE_LOG_TRUE USE_PRELUDE_LOG_FALSE USE_MYSQL_LOG_TRUE USE_MYSQL_LOG_FALSE USE_MYSQL_AUTH_TRUE USE_MYSQL_AUTH_FALSE HAVE_MYSQL_CONFIG_TRUE HAVE_MYSQL_CONFIG_FALSE USE_PGSQL_LOG_TRUE USE_PGSQL_LOG_FALSE USE_PLAINTEXT_AUTH_TRUE USE_PLAINTEXT_AUTH_FALSE USE_MARK_GROUP_TRUE USE_MARK_GROUP_FALSE USE_MARK_FIELD_TRUE USE_MARK_FIELD_FALSE USE_MARK_FLAG_TRUE USE_MARK_FLAG_FALSE USE_SYSLOG_LOG_TRUE USE_SYSLOG_LOG_FALSE USE_ULOGD2_LOG_TRUE USE_ULOGD2_LOG_FALSE BUILD_NUFW_TRUE BUILD_NUFW_FALSE BUILD_NUAUTH_TRUE BUILD_NUAUTH_FALSE BUILD_NUTCPC_TRUE BUILD_NUTCPC_FALSE BUILD_LIBNUCLIENT_TRUE BUILD_LIBNUCLIENT_FALSE BUILD_PAM_NUFW_TRUE BUILD_PAM_NUFW_FALSE BUILD_NUAUTH_COMMAND_TRUE BUILD_NUAUTH_COMMAND_FALSE HAVE_IPQ_TRUE HAVE_IPQ_FALSE USE_USER_MARK_TRUE USE_USER_MARK_FALSE HAVE_NFQUEUE_ONLY_TRUE HAVE_NFQUEUE_ONLY_FALSE HAVE_NFQUEUE_CONNTRACK_TRUE HAVE_NFQUEUE_CONNTRACK_FALSE HAVE_CONNTRACK_ONLY_TRUE HAVE_CONNTRACK_ONLY_FALSE USE_OPENSSL_TRUE USE_OPENSSL_FALSE USE_GNUTLS_TRUE USE_GNUTLS_FALSE am__isrc CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE LTLIBOBJS' ac_subst_files='' ac_precious_vars='build_alias host_alias target_alias CC CFLAGS LDFLAGS LIBS CPPFLAGS YACC YFLAGS CPP CXX CXXFLAGS CCC CXXCPP F77 FFLAGS PKG_CONFIG OPENSSL_CFLAGS OPENSSL_LIBS GNUTLS_CFLAGS GNUTLS_LIBS' # Initialize some variables set by options. ac_init_help= ac_init_version=false # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. # (The list follows the same order as the GNU Coding Standards.) bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datarootdir='${prefix}/share' datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' pdfdir='${docdir}' psdir='${docdir}' libdir='${exec_prefix}/lib' localedir='${datarootdir}/locale' mandir='${datarootdir}/man' ac_prev= ac_dashdash= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval $ac_prev=\$ac_option ac_prev= continue fi case $ac_option in *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=*) datadir=$ac_optarg ;; -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | --dataroo | --dataro | --datar) ac_prev=datarootdir ;; -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) datarootdir=$ac_optarg ;; -disable-* | --disable-*) ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid feature name: $ac_feature" >&2 { (exit 1); exit 1; }; } ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'` eval enable_$ac_feature=no ;; -docdir | --docdir | --docdi | --doc | --do) ac_prev=docdir ;; -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) docdir=$ac_optarg ;; -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) ac_prev=dvidir ;; -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) dvidir=$ac_optarg ;; -enable-* | --enable-*) ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid feature name: $ac_feature" >&2 { (exit 1); exit 1; }; } ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'` eval enable_$ac_feature=\$ac_optarg ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) ac_prev=htmldir ;; -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | --ht=*) htmldir=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localedir | --localedir | --localedi | --localed | --locale) ac_prev=localedir ;; -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) localedir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst | --locals) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) ac_prev=pdfdir ;; -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) pdfdir=$ac_optarg ;; -psdir | --psdir | --psdi | --psd | --ps) ac_prev=psdir ;; -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) psdir=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid package name: $ac_package" >&2 { (exit 1); exit 1; }; } ac_package=`echo $ac_package | sed 's/[-.]/_/g'` eval with_$ac_package=\$ac_optarg ;; -without-* | --without-*) ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid package name: $ac_package" >&2 { (exit 1); exit 1; }; } ac_package=`echo $ac_package | sed 's/[-.]/_/g'` eval with_$ac_package=no ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) { echo "$as_me: error: unrecognized option: $ac_option Try \`$0 --help' for more information." >&2 { (exit 1); exit 1; }; } ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid variable name: $ac_envvar" >&2 { (exit 1); exit 1; }; } eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` { echo "$as_me: error: missing argument to $ac_option" >&2 { (exit 1); exit 1; }; } fi # Be sure to have absolute directory names. for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ libdir localedir mandir do eval ac_val=\$$ac_var case $ac_val in [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 { (exit 1); exit 1; }; } done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. If a cross compiler is detected then cross compile mode will be used." >&2 elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || { echo "$as_me: error: Working directory cannot be determined" >&2 { (exit 1); exit 1; }; } test "X$ac_ls_di" = "X$ac_pwd_ls_di" || { echo "$as_me: error: pwd does not report name of working directory" >&2 { (exit 1); exit 1; }; } # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. ac_confdir=`$as_dirname -- "$0" || $as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$0" : 'X\(//\)[^/]' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || echo X"$0" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` srcdir=$ac_confdir if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 { (exit 1); exit 1; }; } fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || { echo "$as_me: error: $ac_msg" >&2 { (exit 1); exit 1; }; } pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then srcdir=. fi # Remove unnecessary trailing slashes from srcdir. # Double slashes in file names in object file debugging info # mess up M-x gdb in Emacs. case $srcdir in */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; esac for ac_var in $ac_precious_vars; do eval ac_env_${ac_var}_set=\${${ac_var}+set} eval ac_env_${ac_var}_value=\$${ac_var} eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} eval ac_cv_env_${ac_var}_value=\$${ac_var} done # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures NuFW 2.4.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/nufw] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF Program names: --program-prefix=PREFIX prepend PREFIX to installed program names --program-suffix=SUFFIX append SUFFIX to installed program names --program-transform-name=PROGRAM run sed PROGRAM on installed program names System types: --build=BUILD configure for building on BUILD [guessed] --host=HOST cross-compile to build programs to run on HOST [BUILD] _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in short | recursive ) echo "Configuration of NuFW 2.4.3:";; esac cat <<\_ACEOF Optional Features: --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-shared[=PKGS] build shared libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes] --enable-fast-install[=PKGS] optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) --disable-nufw Don't build nufw (default is to build) --disable-nuauth Don't build nuauth (default is to build) --disable-libnuclient Don't build libnuclient (default is to build) --disable-nutcpc Don't build nutcpc (default is to build) --enable-pam-nufw Build pam_nufw (default is not to build) --disable-nuauth-command Don't build nuauth_command (default is to build) --enable-debug Add development debug messages (default no) --disable-glibtest do not try to compile and run a test GLIB program --disable-dependency-tracking speeds up one-time build --enable-dependency-tracking do not reject slow dependency extractors Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-gnu-ld assume the C compiler uses GNU ld [default=no] --with-pic try to use only PIC/non-PIC objects [default=use both] --with-tags[=TAGS] include additional configurations [automatic] --with-openssl Build with openssl support *EXPERIMENTAL*. --with-libgcrypt-prefix=PFX prefix where LIBGCRYPT is installed (optional) --with-prelude-log Support user activity logging in Prelude --with-mysql-log Support user activity logging in Mysql database --with-mysql-auth Support user authentication in Mysql database --with-pgsql-log Support user activity logging in PostgreSQL database --without-syslog-log Disable user activity logging in syslog --without-ulogd2-log Disable user activity logging in ulogd2 --without-plaintext-auth Disable authentication with plaintext file --without-mark-group Disable mark packet by group --without-mark-field Disable mark packet by packet field --without-mark-flag Disable mark packet following acl indication --without-system-auth Disable PAM+NSS authentication --with-ldap Support LDAP directory for acl lookup --without-nfqueue Compile for QUEUE instead of NFQUEUE --without-nfconntrack Disable netfilter_conntrack support --with-utf8 Use UTF8 exchange between client and server --with-fixedtimeout Assume libconntrack has fixed timeout extension --without-perf-display Disable performance display --with-user-mark Support user mark on NuFW firewall (useless if using nfqueue) Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory LIBS libraries to pass to the linker, e.g. -l CPPFLAGS C/C++/Objective C preprocessor flags, e.g. -I if you have headers in a nonstandard directory YACC The `Yet Another C Compiler' implementation to use. Defaults to the first program found out of: `bison -y', `byacc', `yacc'. YFLAGS The list of arguments that will be passed by default to $YACC. This script will default YFLAGS to the empty string to avoid a default value of `-d' given by some make applications. CPP C preprocessor CXX C++ compiler command CXXFLAGS C++ compiler flags CXXCPP C++ preprocessor F77 Fortran 77 compiler command FFLAGS Fortran 77 compiler flags PKG_CONFIG path to pkg-config utility OPENSSL_CFLAGS C compiler flags for OPENSSL, overriding pkg-config OPENSSL_LIBS linker flags for OPENSSL, overriding pkg-config GNUTLS_CFLAGS C compiler flags for GNUTLS, overriding pkg-config GNUTLS_LIBS linker flags for GNUTLS, overriding pkg-config Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to . _ACEOF ac_status=$? fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d "$ac_dir" || continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } # Check for guested configure. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive elif test -f "$ac_srcdir/configure"; then echo && $SHELL "$ac_srcdir/configure" --help=recursive else echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF NuFW configure 2.4.3 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by NuFW $as_me 2.4.3, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ _ACEOF exec 5>>config.log { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. echo "PATH: $as_dir" done IFS=$as_save_IFS } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; 2) ac_configure_args1="$ac_configure_args1 '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi ac_configure_args="$ac_configure_args '$ac_arg'" ;; esac done done $as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } $as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo cat <<\_ASBOX ## ---------------- ## ## Cache variables. ## ## ---------------- ## _ASBOX echo # The following way of writing the cache mishandles newlines in values, ( for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5 echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( *) $as_unset $ac_var ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( *${as_nl}ac_space=\ *) sed -n \ "s/'\''/'\''\\\\'\'''\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" ;; #( *) sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) echo cat <<\_ASBOX ## ----------------- ## ## Output variables. ## ## ----------------- ## _ASBOX echo for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac echo "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then cat <<\_ASBOX ## ------------------- ## ## File substitutions. ## ## ------------------- ## _ASBOX echo for ac_var in $ac_subst_files do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac echo "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then cat <<\_ASBOX ## ----------- ## ## confdefs.h. ## ## ----------- ## _ASBOX echo cat confdefs.h echo fi test "$ac_signal" != 0 && echo "$as_me: caught signal $ac_signal" echo "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer explicitly selected file to automatically selected ones. if test -n "$CONFIG_SITE"; then set x "$CONFIG_SITE" elif test "x$prefix" != xNONE; then set x "$prefix/share/config.site" "$prefix/etc/config.site" else set x "$ac_default_prefix/share/config.site" \ "$ac_default_prefix/etc/config.site" fi shift for ac_site_file do if test -r "$ac_site_file"; then { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special # files actually), so we avoid doing that. if test -f "$cache_file"; then { echo "$as_me:$LINENO: loading cache $cache_file" >&5 echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { echo "$as_me:$LINENO: creating cache $cache_file" >&5 echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in $ac_precious_vars; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} { echo "$as_me:$LINENO: former value: $ac_old_val" >&5 echo "$as_me: former value: $ac_old_val" >&2;} { echo "$as_me:$LINENO: current value: $ac_new_val" >&5 echo "$as_me: current value: $ac_new_val" >&2;} ac_cache_corrupted=: fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *\'*) ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 echo "$as_me: error: changes in the environment can compromise the build" >&2;} { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} { (exit 1); exit 1; }; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_config_headers="$ac_config_headers src/include/config.h" # Checks for programs. ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}gcc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="gcc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&5 echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}cc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl.exe do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl.exe do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi test -n "$ac_ct_CC" && break done if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&5 echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi fi fi test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH See \`config.log' for more details." >&5 echo "$as_me: error: no acceptable C compiler found in \$PATH See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } # Provide some information about the compiler. echo "$as_me:$LINENO: checking for C compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (ac_try="$ac_compiler --version >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compiler --version >&5") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (ac_try="$ac_compiler -v >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compiler -v >&5") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (ac_try="$ac_compiler -V >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compiler -V >&5") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files a.out a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. { echo "$as_me:$LINENO: checking for C compiler default output file name" >&5 echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6; } ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # # List of possible output files, starting from the most likely. # The algorithm is not robust to junk in `.', hence go to wildcards (a.*) # only as a last resort. b.out is created by i960 compilers. ac_files='a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out' # # The IRIX 6 linker writes into existing files which may not be # executable, retaining their permissions. Remove them first so a # subsequent execution test works. ac_rmfiles= for ac_file in $ac_files do case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;; * ) ac_rmfiles="$ac_rmfiles $ac_file";; esac done rm -f $ac_rmfiles if { (ac_try="$ac_link_default" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link_default") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. for ac_file in $ac_files '' do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not # safe: cross compilers may not add the suffix if given an `-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. break;; * ) break;; esac done test "$ac_cv_exeext" = no && ac_cv_exeext= else ac_file='' fi { echo "$as_me:$LINENO: result: $ac_file" >&5 echo "${ECHO_T}$ac_file" >&6; } if test -z "$ac_file"; then echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { echo "$as_me:$LINENO: error: C compiler cannot create executables See \`config.log' for more details." >&5 echo "$as_me: error: C compiler cannot create executables See \`config.log' for more details." >&2;} { (exit 77); exit 77; }; } fi ac_exeext=$ac_cv_exeext # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { echo "$as_me:$LINENO: checking whether the C compiler works" >&5 echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6; } # FIXME: These cross compiler hacks should be removed for Autoconf 3.0 # If not cross compiling, check that we can run a simple program. if test "$cross_compiling" != yes; then if { ac_try='./$ac_file' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_try") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else { { echo "$as_me:$LINENO: error: cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details." >&5 echo "$as_me: error: cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } fi fi fi { echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6; } rm -f a.out a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6; } { echo "$as_me:$LINENO: result: $cross_compiling" >&5 echo "${ECHO_T}$cross_compiling" >&6; } { echo "$as_me:$LINENO: checking for suffix of executables" >&5 echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6; } if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with # `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done else { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link See \`config.log' for more details." >&5 echo "$as_me: error: cannot compute suffix of executables: cannot compile and link See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } fi rm -f conftest$ac_cv_exeext { echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 echo "${ECHO_T}$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT { echo "$as_me:$LINENO: checking for suffix of object files" >&5 echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6; } if test "${ac_cv_objext+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.o conftest.obj if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile See \`config.log' for more details." >&5 echo "$as_me: error: cannot compute suffix of object files: cannot compile See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi { echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 echo "${ECHO_T}$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT { echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6; } if test "${ac_cv_c_compiler_gnu+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_compiler_gnu=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi { echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6; } GCC=`test $ac_compiler_gnu = yes && echo yes` ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS { echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6; } if test "${ac_cv_prog_cc_g+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_prog_cc_g=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 CFLAGS="" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_prog_cc_g=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 echo "${ECHO_T}$ac_cv_prog_cc_g" >&6; } if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi { echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5 echo $ECHO_N "checking for $CC option to accept ISO C89... $ECHO_C" >&6; } if test "${ac_cv_prog_cc_c89+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters inside strings and character constants. */ #define FOO(x) 'x' int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_prog_cc_c89=$ac_arg else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) { echo "$as_me:$LINENO: result: none needed" >&5 echo "${ECHO_T}none needed" >&6; } ;; xno) { echo "$as_me:$LINENO: result: unsupported" >&5 echo "${ECHO_T}unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5 echo "${ECHO_T}$ac_cv_prog_cc_c89" >&6; } ;; esac ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu # check for a ISO C99 compiler case $ac_cv_prog_cc_stdc in no) ac_cv_prog_cc_c99=no; ac_cv_prog_cc_c89=no ;; *) { echo "$as_me:$LINENO: checking for $CC option to accept ISO C99" >&5 echo $ECHO_N "checking for $CC option to accept ISO C99... $ECHO_C" >&6; } if test "${ac_cv_prog_cc_c99+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_cv_prog_cc_c99=no ac_save_CC=$CC cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include #include // Check varargs macros. These examples are taken from C99 6.10.3.5. #define debug(...) fprintf (stderr, __VA_ARGS__) #define showlist(...) puts (#__VA_ARGS__) #define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__)) static void test_varargs_macros (void) { int x = 1234; int y = 5678; debug ("Flag"); debug ("X = %d\n", x); showlist (The first, second, and third items.); report (x>y, "x is %d but y is %d", x, y); } // Check long long types. #define BIG64 18446744073709551615ull #define BIG32 4294967295ul #define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0) #if !BIG_OK your preprocessor is broken; #endif #if BIG_OK #else your preprocessor is broken; #endif static long long int bignum = -9223372036854775807LL; static unsigned long long int ubignum = BIG64; struct incomplete_array { int datasize; double data[]; }; struct named_init { int number; const wchar_t *name; double average; }; typedef const char *ccp; static inline int test_restrict (ccp restrict text) { // See if C++-style comments work. // Iterate through items via the restricted pointer. // Also check for declarations in for loops. for (unsigned int i = 0; *(text+i) != '\0'; ++i) continue; return 0; } // Check varargs and va_copy. static void test_varargs (const char *format, ...) { va_list args; va_start (args, format); va_list args_copy; va_copy (args_copy, args); const char *str; int number; float fnumber; while (*format) { switch (*format++) { case 's': // string str = va_arg (args_copy, const char *); break; case 'd': // int number = va_arg (args_copy, int); break; case 'f': // float fnumber = va_arg (args_copy, double); break; default: break; } } va_end (args_copy); va_end (args); } int main () { // Check bool. _Bool success = false; // Check restrict. if (test_restrict ("String literal") == 0) success = true; char *restrict newvar = "Another string"; // Check varargs. test_varargs ("s, d' f .", "string", 65, 34.234); test_varargs_macros (); // Check flexible array members. struct incomplete_array *ia = malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10)); ia->datasize = 10; for (int i = 0; i < ia->datasize; ++i) ia->data[i] = i * 1.234; // Check named initializers. struct named_init ni = { .number = 34, .name = L"Test wide string", .average = 543.34343, }; ni.number = 58; int dynamic_array[ni.number]; dynamic_array[ni.number - 1] = 543; // work around unused variable warnings return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x' || dynamic_array[ni.number - 1] != 543); ; return 0; } _ACEOF for ac_arg in '' -std=gnu99 -c99 -qlanglvl=extc99 do CC="$ac_save_CC $ac_arg" rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_prog_cc_c99=$ac_arg else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c99" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c99" in x) { echo "$as_me:$LINENO: result: none needed" >&5 echo "${ECHO_T}none needed" >&6; } ;; xno) { echo "$as_me:$LINENO: result: unsupported" >&5 echo "${ECHO_T}unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c99" { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c99" >&5 echo "${ECHO_T}$ac_cv_prog_cc_c99" >&6; } ;; esac if test "x$ac_cv_prog_cc_c99" != xno; then ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 else { echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5 echo $ECHO_N "checking for $CC option to accept ISO C89... $ECHO_C" >&6; } if test "${ac_cv_prog_cc_c89+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters inside strings and character constants. */ #define FOO(x) 'x' int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_prog_cc_c89=$ac_arg else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) { echo "$as_me:$LINENO: result: none needed" >&5 echo "${ECHO_T}none needed" >&6; } ;; xno) { echo "$as_me:$LINENO: result: unsupported" >&5 echo "${ECHO_T}unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5 echo "${ECHO_T}$ac_cv_prog_cc_c89" >&6; } ;; esac if test "x$ac_cv_prog_cc_c89" != xno; then ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 else ac_cv_prog_cc_stdc=no fi fi ;; esac { echo "$as_me:$LINENO: checking for $CC option to accept ISO Standard C" >&5 echo $ECHO_N "checking for $CC option to accept ISO Standard C... $ECHO_C" >&6; } if test "${ac_cv_prog_cc_stdc+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 fi case $ac_cv_prog_cc_stdc in no) { echo "$as_me:$LINENO: result: unsupported" >&5 echo "${ECHO_T}unsupported" >&6; } ;; '') { echo "$as_me:$LINENO: result: none needed" >&5 echo "${ECHO_T}none needed" >&6; } ;; *) { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5 echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6; } ;; esac { echo "$as_me:$LINENO: checking for an ANSI C99-conforming __func__" >&5 echo $ECHO_N "checking for an ANSI C99-conforming __func__... $ECHO_C" >&6; } if test "${ac_cv_cpp_func+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { char *foo = __func__; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_cpp_func=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { char *foo = __FUNCTION__; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_cpp_func=__FUNCTION__ else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_cpp_func=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { echo "$as_me:$LINENO: result: $ac_cv_cpp_func" >&5 echo "${ECHO_T}$ac_cv_cpp_func" >&6; } if test $ac_cv_cpp_func = yes; then cat >>confdefs.h <<\_ACEOF #define __PRELUDE_FUNC__ __func__ _ACEOF elif test $ac_cv_cpp_func = __FUNCTION__; then cat >>confdefs.h <<\_ACEOF #define __PRELUDE_FUNC__ __FUNCTION__ _ACEOF elif test $ac_cv_cpp_func = no; then cat >>confdefs.h <<\_ACEOF #define __PRELUDE_FUNC__ "" _ACEOF fi # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing" # Use eval to expand $SHELL if eval "$MISSING --run true"; then am_missing_run="$MISSING --run " else am_missing_run= { echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5 echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} fi for ac_prog in flex lex do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_LEX+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$LEX"; then ac_cv_prog_LEX="$LEX" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_LEX="$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi LEX=$ac_cv_prog_LEX if test -n "$LEX"; then { echo "$as_me:$LINENO: result: $LEX" >&5 echo "${ECHO_T}$LEX" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi test -n "$LEX" && break done test -n "$LEX" || LEX=":" if test "x$LEX" != "x:"; then cat >conftest.l <<_ACEOF %% a { ECHO; } b { REJECT; } c { yymore (); } d { yyless (1); } e { yyless (input () != 0); } f { unput (yytext[0]); } . { BEGIN INITIAL; } %% #ifdef YYTEXT_POINTER extern char *yytext; #endif int main (void) { return ! yylex () + ! yywrap (); } _ACEOF { (ac_try="$LEX conftest.l" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$LEX conftest.l") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { echo "$as_me:$LINENO: checking lex output file root" >&5 echo $ECHO_N "checking lex output file root... $ECHO_C" >&6; } if test "${ac_cv_prog_lex_root+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -f lex.yy.c; then ac_cv_prog_lex_root=lex.yy elif test -f lexyy.c; then ac_cv_prog_lex_root=lexyy else { { echo "$as_me:$LINENO: error: cannot find output from $LEX; giving up" >&5 echo "$as_me: error: cannot find output from $LEX; giving up" >&2;} { (exit 1); exit 1; }; } fi fi { echo "$as_me:$LINENO: result: $ac_cv_prog_lex_root" >&5 echo "${ECHO_T}$ac_cv_prog_lex_root" >&6; } LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root if test -z "${LEXLIB+set}"; then { echo "$as_me:$LINENO: checking lex library" >&5 echo $ECHO_N "checking lex library... $ECHO_C" >&6; } if test "${ac_cv_lib_lex+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_save_LIBS=$LIBS ac_cv_lib_lex='none needed' for ac_lib in '' -lfl -ll; do LIBS="$ac_lib $ac_save_LIBS" cat >conftest.$ac_ext <<_ACEOF `cat $LEX_OUTPUT_ROOT.c` _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_lex=$ac_lib else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext test "$ac_cv_lib_lex" != 'none needed' && break done LIBS=$ac_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_lex" >&5 echo "${ECHO_T}$ac_cv_lib_lex" >&6; } test "$ac_cv_lib_lex" != 'none needed' && LEXLIB=$ac_cv_lib_lex fi { echo "$as_me:$LINENO: checking whether yytext is a pointer" >&5 echo $ECHO_N "checking whether yytext is a pointer... $ECHO_C" >&6; } if test "${ac_cv_prog_lex_yytext_pointer+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else # POSIX says lex can declare yytext either as a pointer or an array; the # default is implementation-dependent. Figure out which it is, since # not all implementations provide the %pointer and %array declarations. ac_cv_prog_lex_yytext_pointer=no ac_save_LIBS=$LIBS LIBS="$LEXLIB $ac_save_LIBS" cat >conftest.$ac_ext <<_ACEOF #define YYTEXT_POINTER 1 `cat $LEX_OUTPUT_ROOT.c` _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_prog_lex_yytext_pointer=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_prog_lex_yytext_pointer" >&5 echo "${ECHO_T}$ac_cv_prog_lex_yytext_pointer" >&6; } if test $ac_cv_prog_lex_yytext_pointer = yes; then cat >>confdefs.h <<\_ACEOF #define YYTEXT_POINTER 1 _ACEOF fi rm -f conftest.l $LEX_OUTPUT_ROOT.c fi if test "$LEX" = :; then LEX=${am_missing_run}flex fi # macro AM_PROG_LEX is really stupid, so we insist on flex # Extract the first word of "flex", so it can be a program name with args. set dummy flex; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_FLEX+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$FLEX"; then ac_cv_prog_FLEX="$FLEX" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_FLEX=""$LEX"" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_prog_FLEX" && ac_cv_prog_FLEX="false" fi fi FLEX=$ac_cv_prog_FLEX if test -n "$FLEX"; then { echo "$as_me:$LINENO: result: $FLEX" >&5 echo "${ECHO_T}$FLEX" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if test "$FLEX" = "false"; then { { echo "$as_me:$LINENO: error: This package requires flex to build" >&5 echo "$as_me: error: This package requires flex to build" >&2;} { (exit 1); exit 1; }; } fi for ac_prog in 'bison -y' byacc do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_YACC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$YACC"; then ac_cv_prog_YACC="$YACC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_YACC="$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi YACC=$ac_cv_prog_YACC if test -n "$YACC"; then { echo "$as_me:$LINENO: result: $YACC" >&5 echo "${ECHO_T}$YACC" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi test -n "$YACC" && break done test -n "$YACC" || YACC="yacc" # the macro is stupid and set $YACC to "yacc" if nothing was found .. # Extract the first word of "yacc", so it can be a program name with args. set dummy yacc; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_YACC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$YACC"; then ac_cv_prog_YACC="$YACC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_YACC=""$YACC"" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_prog_YACC" && ac_cv_prog_YACC="false" fi fi YACC=$ac_cv_prog_YACC if test -n "$YACC"; then { echo "$as_me:$LINENO: result: $YACC" >&5 echo "${ECHO_T}$YACC" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if test "$YACC" = "yacc"; then { { echo "$as_me:$LINENO: error: This package requires bison to build" >&5 echo "$as_me: error: This package requires bison to build" >&2;} { (exit 1); exit 1; }; } fi # Check whether --enable-shared was given. if test "${enable_shared+set}" = set; then enableval=$enable_shared; p=${PACKAGE-default} case $enableval in yes) enable_shared=yes ;; no) enable_shared=no ;; *) enable_shared=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_shared=yes fi done IFS="$lt_save_ifs" ;; esac else enable_shared=yes fi # Check whether --enable-static was given. if test "${enable_static+set}" = set; then enableval=$enable_static; p=${PACKAGE-default} case $enableval in yes) enable_static=yes ;; no) enable_static=no ;; *) enable_static=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_static=yes fi done IFS="$lt_save_ifs" ;; esac else enable_static=yes fi # Check whether --enable-fast-install was given. if test "${enable_fast_install+set}" = set; then enableval=$enable_fast_install; p=${PACKAGE-default} case $enableval in yes) enable_fast_install=yes ;; no) enable_fast_install=no ;; *) enable_fast_install=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_fast_install=yes fi done IFS="$lt_save_ifs" ;; esac else enable_fast_install=yes fi ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do if test -f "$ac_dir/install-sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f "$ac_dir/install.sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break elif test -f "$ac_dir/shtool"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/shtool install -c" break fi done if test -z "$ac_aux_dir"; then { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5 echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;} { (exit 1); exit 1; }; } fi # These three variables are undocumented and unsupported, # and are intended to be withdrawn in a future Autoconf release. # They can cause serious problems if a builder's source tree is in a directory # whose full name contains unusual characters. ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || { { echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5 echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;} { (exit 1); exit 1; }; } { echo "$as_me:$LINENO: checking build system type" >&5 echo $ECHO_N "checking build system type... $ECHO_C" >&6; } if test "${ac_cv_build+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_build_alias=$build_alias test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` test "x$ac_build_alias" = x && { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5 echo "$as_me: error: cannot guess build type; you must specify one" >&2;} { (exit 1); exit 1; }; } ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5 echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;} { (exit 1); exit 1; }; } fi { echo "$as_me:$LINENO: result: $ac_cv_build" >&5 echo "${ECHO_T}$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; *) { { echo "$as_me:$LINENO: error: invalid value of canonical build" >&5 echo "$as_me: error: invalid value of canonical build" >&2;} { (exit 1); exit 1; }; };; esac build=$ac_cv_build ac_save_IFS=$IFS; IFS='-' set x $ac_cv_build shift build_cpu=$1 build_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: build_os=$* IFS=$ac_save_IFS case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac { echo "$as_me:$LINENO: checking host system type" >&5 echo $ECHO_N "checking host system type... $ECHO_C" >&6; } if test "${ac_cv_host+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test "x$host_alias" = x; then ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5 echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;} { (exit 1); exit 1; }; } fi fi { echo "$as_me:$LINENO: result: $ac_cv_host" >&5 echo "${ECHO_T}$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; *) { { echo "$as_me:$LINENO: error: invalid value of canonical host" >&5 echo "$as_me: error: invalid value of canonical host" >&2;} { (exit 1); exit 1; }; };; esac host=$ac_cv_host ac_save_IFS=$IFS; IFS='-' set x $ac_cv_host shift host_cpu=$1 host_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: host_os=$* IFS=$ac_save_IFS case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac { echo "$as_me:$LINENO: checking for a sed that does not truncate output" >&5 echo $ECHO_N "checking for a sed that does not truncate output... $ECHO_C" >&6; } if test "${lt_cv_path_SED+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else # Loop through the user's path and test for sed and gsed. # Then use that list of sed's as ones to test for truncation. as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for lt_ac_prog in sed gsed; do for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$lt_ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$lt_ac_prog$ac_exec_ext"; }; then lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" fi done done done IFS=$as_save_IFS lt_ac_max=0 lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris # along with /bin/sed that truncates output. for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do test ! -f $lt_ac_sed && continue cat /dev/null > conftest.in lt_ac_count=0 echo $ECHO_N "0123456789$ECHO_C" >conftest.in # Check for GNU sed and select it if it is found. if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then lt_cv_path_SED=$lt_ac_sed break fi while true; do cat conftest.in conftest.in >conftest.tmp mv conftest.tmp conftest.in cp conftest.in conftest.nl echo >>conftest.nl $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break cmp -s conftest.out conftest.nl || break # 10000 chars as input seems more than enough test $lt_ac_count -gt 10 && break lt_ac_count=`expr $lt_ac_count + 1` if test $lt_ac_count -gt $lt_ac_max; then lt_ac_max=$lt_ac_count lt_cv_path_SED=$lt_ac_sed fi done done fi SED=$lt_cv_path_SED { echo "$as_me:$LINENO: result: $SED" >&5 echo "${ECHO_T}$SED" >&6; } { echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5 echo $ECHO_N "checking for grep that handles long lines and -e... $ECHO_C" >&6; } if test "${ac_cv_path_GREP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else # Extract the first word of "grep ggrep" to use in msg output if test -z "$GREP"; then set dummy grep ggrep; ac_prog_name=$2 if test "${ac_cv_path_GREP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 echo $ECHO_N "0123456789$ECHO_C" >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break ac_count=`expr $ac_count + 1` if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_GREP_found && break 3 done done done IFS=$as_save_IFS fi GREP="$ac_cv_path_GREP" if test -z "$GREP"; then { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} { (exit 1); exit 1; }; } fi else ac_cv_path_GREP=$GREP fi fi { echo "$as_me:$LINENO: result: $ac_cv_path_GREP" >&5 echo "${ECHO_T}$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" { echo "$as_me:$LINENO: checking for egrep" >&5 echo $ECHO_N "checking for egrep... $ECHO_C" >&6; } if test "${ac_cv_path_EGREP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else # Extract the first word of "egrep" to use in msg output if test -z "$EGREP"; then set dummy egrep; ac_prog_name=$2 if test "${ac_cv_path_EGREP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_path_EGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP case `"$ac_path_EGREP" --version 2>&1` in *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; *) ac_count=0 echo $ECHO_N "0123456789$ECHO_C" >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" echo 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break ac_count=`expr $ac_count + 1` if test $ac_count -gt ${ac_path_EGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_EGREP_found && break 3 done done done IFS=$as_save_IFS fi EGREP="$ac_cv_path_EGREP" if test -z "$EGREP"; then { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} { (exit 1); exit 1; }; } fi else ac_cv_path_EGREP=$EGREP fi fi fi { echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5 echo "${ECHO_T}$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" # Check whether --with-gnu-ld was given. if test "${with_gnu_ld+set}" = set; then withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes else with_gnu_ld=no fi ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. { echo "$as_me:$LINENO: checking for ld used by $CC" >&5 echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6; } case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [\\/]* | ?:[\\/]*) re_direlt='/[^/][^/]*/\.\./' # Canonicalize the pathname of ld ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'` while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test "$with_gnu_ld" = yes; then { echo "$as_me:$LINENO: checking for GNU ld" >&5 echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6; } else { echo "$as_me:$LINENO: checking for non-GNU ld" >&5 echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6; } fi if test "${lt_cv_path_LD+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -z "$LD"; then lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then lt_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 &5 echo "${ECHO_T}$LD" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi test -z "$LD" && { { echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5 echo "$as_me: error: no acceptable ld found in \$PATH" >&2;} { (exit 1); exit 1; }; } { echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5 echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6; } if test "${lt_cv_prog_gnu_ld+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else # I'd rather use --version here, but apparently some GNU lds only accept -v. case `$LD -v 2>&1 &5 echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6; } with_gnu_ld=$lt_cv_prog_gnu_ld { echo "$as_me:$LINENO: checking for $LD option to reload object files" >&5 echo $ECHO_N "checking for $LD option to reload object files... $ECHO_C" >&6; } if test "${lt_cv_ld_reload_flag+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_ld_reload_flag='-r' fi { echo "$as_me:$LINENO: result: $lt_cv_ld_reload_flag" >&5 echo "${ECHO_T}$lt_cv_ld_reload_flag" >&6; } reload_flag=$lt_cv_ld_reload_flag case $reload_flag in "" | " "*) ;; *) reload_flag=" $reload_flag" ;; esac reload_cmds='$LD$reload_flag -o $output$reload_objs' case $host_os in darwin*) if test "$GCC" = yes; then reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs' else reload_cmds='$LD$reload_flag -o $output$reload_objs' fi ;; esac { echo "$as_me:$LINENO: checking for BSD-compatible nm" >&5 echo $ECHO_N "checking for BSD-compatible nm... $ECHO_C" >&6; } if test "${lt_cv_path_NM+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$NM"; then # Let the user override the test. lt_cv_path_NM="$NM" else lt_nm_to_check="${ac_tool_prefix}nm" if test -n "$ac_tool_prefix" && test "$build" = "$host"; then lt_nm_to_check="$lt_nm_to_check nm" fi for lt_tmp_nm in $lt_nm_to_check; do lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. tmp_nm="$ac_dir/$lt_tmp_nm" if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then # Check to see if the nm accepts a BSD-compat flag. # Adding the `sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored # Tru64's nm complains that /dev/null is an invalid object file case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in */dev/null* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" break ;; *) case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" break ;; *) lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but continue # so that we can try to find one that supports BSD flags ;; esac ;; esac fi done IFS="$lt_save_ifs" done test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm fi fi { echo "$as_me:$LINENO: result: $lt_cv_path_NM" >&5 echo "${ECHO_T}$lt_cv_path_NM" >&6; } NM="$lt_cv_path_NM" { echo "$as_me:$LINENO: checking whether ln -s works" >&5 echo $ECHO_N "checking whether ln -s works... $ECHO_C" >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then { echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6; } else { echo "$as_me:$LINENO: result: no, using $LN_S" >&5 echo "${ECHO_T}no, using $LN_S" >&6; } fi { echo "$as_me:$LINENO: checking how to recognize dependent libraries" >&5 echo $ECHO_N "checking how to recognize dependent libraries... $ECHO_C" >&6; } if test "${lt_cv_deplibs_check_method+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_file_magic_cmd='$MAGIC_CMD' lt_cv_file_magic_test_file= lt_cv_deplibs_check_method='unknown' # Need to set the preceding variable on all platforms that support # interlibrary dependencies. # 'none' -- dependencies not supported. # `unknown' -- same as none, but documents that we really don't know. # 'pass_all' -- all dependencies passed with no checks. # 'test_compile' -- check by making test program. # 'file_magic [[regex]]' -- check by looking for files in library path # which responds to the $file_magic_cmd with a given extended regex. # If you have `file' or equivalent on your system and you're not sure # whether `pass_all' will *always* work, you probably want this one. case $host_os in aix[4-9]*) lt_cv_deplibs_check_method=pass_all ;; beos*) lt_cv_deplibs_check_method=pass_all ;; bsdi[45]*) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)' lt_cv_file_magic_cmd='/usr/bin/file -L' lt_cv_file_magic_test_file=/shlib/libc.so ;; cygwin*) # func_win32_libid is a shell function defined in ltmain.sh lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' ;; mingw* | pw32*) # Base MSYS/MinGW do not provide the 'file' command needed by # func_win32_libid shell function, so use a weaker test based on 'objdump', # unless we find 'file', for example because we are cross-compiling. if ( file / ) >/dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?' lt_cv_file_magic_cmd='$OBJDUMP -f' fi ;; darwin* | rhapsody*) lt_cv_deplibs_check_method=pass_all ;; freebsd* | dragonfly*) if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then case $host_cpu in i*86 ) # Not sure whether the presence of OpenBSD here was a mistake. # Let's accept both of them until this is cleared up. lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` ;; esac else lt_cv_deplibs_check_method=pass_all fi ;; gnu*) lt_cv_deplibs_check_method=pass_all ;; hpux10.20* | hpux11*) lt_cv_file_magic_cmd=/usr/bin/file case $host_cpu in ia64*) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64' lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so ;; hppa*64*) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]' lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl ;; *) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library' lt_cv_file_magic_test_file=/usr/lib/libc.sl ;; esac ;; interix[3-9]*) # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$' ;; irix5* | irix6* | nonstopux*) case $LD in *-32|*"-32 ") libmagic=32-bit;; *-n32|*"-n32 ") libmagic=N32;; *-64|*"-64 ") libmagic=64-bit;; *) libmagic=never-match;; esac lt_cv_deplibs_check_method=pass_all ;; # This must be Linux ELF. linux* | k*bsd*-gnu) lt_cv_deplibs_check_method=pass_all ;; netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$' fi ;; newos6*) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=/usr/lib/libnls.so ;; nto-qnx*) lt_cv_deplibs_check_method=unknown ;; openbsd*) if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' fi ;; osf3* | osf4* | osf5*) lt_cv_deplibs_check_method=pass_all ;; rdos*) lt_cv_deplibs_check_method=pass_all ;; solaris*) lt_cv_deplibs_check_method=pass_all ;; sysv4 | sysv4.3*) case $host_vendor in motorola) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]' lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` ;; ncr) lt_cv_deplibs_check_method=pass_all ;; sequent) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' ;; sni) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib" lt_cv_file_magic_test_file=/lib/libc.so ;; siemens) lt_cv_deplibs_check_method=pass_all ;; pc) lt_cv_deplibs_check_method=pass_all ;; esac ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) lt_cv_deplibs_check_method=pass_all ;; esac fi { echo "$as_me:$LINENO: result: $lt_cv_deplibs_check_method" >&5 echo "${ECHO_T}$lt_cv_deplibs_check_method" >&6; } file_magic_cmd=$lt_cv_file_magic_cmd deplibs_check_method=$lt_cv_deplibs_check_method test -z "$deplibs_check_method" && deplibs_check_method=unknown # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC # Check whether --enable-libtool-lock was given. if test "${enable_libtool_lock+set}" = set; then enableval=$enable_libtool_lock; fi test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes # Some flags need to be propagated to the compiler or linker for good # libtool support. case $host in ia64-*-hpux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) HPUX_IA64_MODE="32" ;; *ELF-64*) HPUX_IA64_MODE="64" ;; esac fi rm -rf conftest* ;; *-*-irix6*) # Find out which ABI we are using. echo '#line 4634 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then if test "$lt_cv_prog_gnu_ld" = yes; then case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" ;; *N32*) LD="${LD-ld} -melf32bmipn32" ;; *64-bit*) LD="${LD-ld} -melf64bmip" ;; esac else case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -32" ;; *N32*) LD="${LD-ld} -n32" ;; *64-bit*) LD="${LD-ld} -64" ;; esac fi fi rm -rf conftest* ;; x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ s390*-*linux*|sparc*-*linux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then case `/usr/bin/file conftest.o` in *32-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_i386_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_i386" ;; ppc64-*linux*|powerpc64-*linux*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) LD="${LD-ld} -m elf_s390" ;; sparc64-*linux*) LD="${LD-ld} -m elf32_sparc" ;; esac ;; *64-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_x86_64_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; ppc*-*linux*|powerpc*-*linux*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*) LD="${LD-ld} -m elf64_s390" ;; sparc*-*linux*) LD="${LD-ld} -m elf64_sparc" ;; esac ;; esac fi rm -rf conftest* ;; *-*-sco3.2v5*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. SAVE_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -belf" { echo "$as_me:$LINENO: checking whether the C compiler needs -belf" >&5 echo $ECHO_N "checking whether the C compiler needs -belf... $ECHO_C" >&6; } if test "${lt_cv_cc_needs_belf+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then lt_cv_cc_needs_belf=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 lt_cv_cc_needs_belf=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu fi { echo "$as_me:$LINENO: result: $lt_cv_cc_needs_belf" >&5 echo "${ECHO_T}$lt_cv_cc_needs_belf" >&6; } if test x"$lt_cv_cc_needs_belf" != x"yes"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf CFLAGS="$SAVE_CFLAGS" fi ;; sparc*-*solaris*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then case `/usr/bin/file conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in yes*) LD="${LD-ld} -m elf64_sparc" ;; *) if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then LD="${LD-ld} -64" fi ;; esac ;; esac fi rm -rf conftest* ;; esac need_locks="$enable_libtool_lock" ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if test "${ac_cv_prog_CPP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else # Double quotes because CPP needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Broken: fails on valid input. continue fi rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then # Broken: success on invalid input. continue else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then break fi done ac_cv_prog_CPP=$CPP fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi { echo "$as_me:$LINENO: result: $CPP" >&5 echo "${ECHO_T}$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Broken: fails on valid input. continue fi rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then # Broken: success on invalid input. continue else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details." >&5 echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { echo "$as_me:$LINENO: checking for ANSI C header files" >&5 echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6; } if test "${ac_cv_header_stdc+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_header_stdc=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF rm -f conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_try") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then : else echo "$as_me: program exited with status $ac_status" >&5 echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ( exit $ac_status ) ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi fi fi { echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 echo "${ECHO_T}$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then cat >>confdefs.h <<\_ACEOF #define STDC_HEADERS 1 _ACEOF fi # On IRIX 5.3, sys/types and inttypes.h are conflicting. for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ inttypes.h stdint.h unistd.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` { echo "$as_me:$LINENO: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then eval "$as_ac_Header=yes" else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_Header=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi ac_res=`eval echo '${'$as_ac_Header'}'` { echo "$as_me:$LINENO: result: $ac_res" >&5 echo "${ECHO_T}$ac_res" >&6; } if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <<_ACEOF #define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in dlfcn.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then { echo "$as_me:$LINENO: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 fi ac_res=`eval echo '${'$as_ac_Header'}'` { echo "$as_me:$LINENO: result: $ac_res" >&5 echo "${ECHO_T}$ac_res" >&6; } else # Is the header compilable? { echo "$as_me:$LINENO: checking $ac_header usability" >&5 echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 echo "${ECHO_T}$ac_header_compiler" >&6; } # Is the header present? { echo "$as_me:$LINENO: checking $ac_header presence" >&5 echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include <$ac_header> _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 echo "${ECHO_T}$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} ( cat <<\_ASBOX ## ------------------------------------ ## ## Report this to nufw-devel@nongnu.org ## ## ------------------------------------ ## _ASBOX ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { echo "$as_me:$LINENO: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 else eval "$as_ac_Header=\$ac_header_preproc" fi ac_res=`eval echo '${'$as_ac_Header'}'` { echo "$as_me:$LINENO: result: $ac_res" >&5 echo "${ECHO_T}$ac_res" >&6; } fi if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <<_ACEOF #define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done ac_ext=cpp ac_cpp='$CXXCPP $CPPFLAGS' ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_cxx_compiler_gnu if test -z "$CXX"; then if test -n "$CCC"; then CXX=$CCC else if test -n "$ac_tool_prefix"; then for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_CXX+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CXX"; then ac_cv_prog_CXX="$CXX" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CXX="$ac_tool_prefix$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CXX=$ac_cv_prog_CXX if test -n "$CXX"; then { echo "$as_me:$LINENO: result: $CXX" >&5 echo "${ECHO_T}$CXX" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi test -n "$CXX" && break done fi if test -z "$CXX"; then ac_ct_CXX=$CXX for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_ac_ct_CXX+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_CXX"; then ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CXX="$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CXX=$ac_cv_prog_ac_ct_CXX if test -n "$ac_ct_CXX"; then { echo "$as_me:$LINENO: result: $ac_ct_CXX" >&5 echo "${ECHO_T}$ac_ct_CXX" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi test -n "$ac_ct_CXX" && break done if test "x$ac_ct_CXX" = x; then CXX="g++" else case $cross_compiling:$ac_tool_warned in yes:) { echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&5 echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&2;} ac_tool_warned=yes ;; esac CXX=$ac_ct_CXX fi fi fi fi # Provide some information about the compiler. echo "$as_me:$LINENO: checking for C++ compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (ac_try="$ac_compiler --version >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compiler --version >&5") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (ac_try="$ac_compiler -v >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compiler -v >&5") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (ac_try="$ac_compiler -V >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compiler -V >&5") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { echo "$as_me:$LINENO: checking whether we are using the GNU C++ compiler" >&5 echo $ECHO_N "checking whether we are using the GNU C++ compiler... $ECHO_C" >&6; } if test "${ac_cv_cxx_compiler_gnu+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_cxx_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_compiler_gnu=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_cxx_compiler_gnu=$ac_compiler_gnu fi { echo "$as_me:$LINENO: result: $ac_cv_cxx_compiler_gnu" >&5 echo "${ECHO_T}$ac_cv_cxx_compiler_gnu" >&6; } GXX=`test $ac_compiler_gnu = yes && echo yes` ac_test_CXXFLAGS=${CXXFLAGS+set} ac_save_CXXFLAGS=$CXXFLAGS { echo "$as_me:$LINENO: checking whether $CXX accepts -g" >&5 echo $ECHO_N "checking whether $CXX accepts -g... $ECHO_C" >&6; } if test "${ac_cv_prog_cxx_g+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_save_cxx_werror_flag=$ac_cxx_werror_flag ac_cxx_werror_flag=yes ac_cv_prog_cxx_g=no CXXFLAGS="-g" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_cxx_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_prog_cxx_g=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 CXXFLAGS="" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_cxx_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cxx_werror_flag=$ac_save_cxx_werror_flag CXXFLAGS="-g" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_cxx_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_prog_cxx_g=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cxx_werror_flag=$ac_save_cxx_werror_flag fi { echo "$as_me:$LINENO: result: $ac_cv_prog_cxx_g" >&5 echo "${ECHO_T}$ac_cv_prog_cxx_g" >&6; } if test "$ac_test_CXXFLAGS" = set; then CXXFLAGS=$ac_save_CXXFLAGS elif test $ac_cv_prog_cxx_g = yes; then if test "$GXX" = yes; then CXXFLAGS="-g -O2" else CXXFLAGS="-g" fi else if test "$GXX" = yes; then CXXFLAGS="-O2" else CXXFLAGS= fi fi ac_ext=cpp ac_cpp='$CXXCPP $CPPFLAGS' ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_cxx_compiler_gnu if test -n "$CXX" && ( test "X$CXX" != "Xno" && ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || (test "X$CXX" != "Xg++"))) ; then ac_ext=cpp ac_cpp='$CXXCPP $CPPFLAGS' ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_cxx_compiler_gnu { echo "$as_me:$LINENO: checking how to run the C++ preprocessor" >&5 echo $ECHO_N "checking how to run the C++ preprocessor... $ECHO_C" >&6; } if test -z "$CXXCPP"; then if test "${ac_cv_prog_CXXCPP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else # Double quotes because CXXCPP needs to be expanded for CXXCPP in "$CXX -E" "/lib/cpp" do ac_preproc_ok=false for ac_cxx_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" || test ! -s conftest.err }; then : else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Broken: fails on valid input. continue fi rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" || test ! -s conftest.err }; then # Broken: success on invalid input. continue else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then break fi done ac_cv_prog_CXXCPP=$CXXCPP fi CXXCPP=$ac_cv_prog_CXXCPP else ac_cv_prog_CXXCPP=$CXXCPP fi { echo "$as_me:$LINENO: result: $CXXCPP" >&5 echo "${ECHO_T}$CXXCPP" >&6; } ac_preproc_ok=false for ac_cxx_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" || test ! -s conftest.err }; then : else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Broken: fails on valid input. continue fi rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" || test ! -s conftest.err }; then # Broken: success on invalid input. continue else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { echo "$as_me:$LINENO: error: C++ preprocessor \"$CXXCPP\" fails sanity check See \`config.log' for more details." >&5 echo "$as_me: error: C++ preprocessor \"$CXXCPP\" fails sanity check See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } fi ac_ext=cpp ac_cpp='$CXXCPP $CPPFLAGS' ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_cxx_compiler_gnu fi ac_ext=f ac_compile='$F77 -c $FFLAGS conftest.$ac_ext >&5' ac_link='$F77 -o conftest$ac_exeext $FFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_f77_compiler_gnu if test -n "$ac_tool_prefix"; then for ac_prog in g77 xlf f77 frt pgf77 cf77 fort77 fl32 af77 xlf90 f90 pgf90 pghpf epcf90 gfortran g95 xlf95 f95 fort ifort ifc efc pgf95 lf95 ftn do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_F77+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$F77"; then ac_cv_prog_F77="$F77" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_F77="$ac_tool_prefix$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi F77=$ac_cv_prog_F77 if test -n "$F77"; then { echo "$as_me:$LINENO: result: $F77" >&5 echo "${ECHO_T}$F77" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi test -n "$F77" && break done fi if test -z "$F77"; then ac_ct_F77=$F77 for ac_prog in g77 xlf f77 frt pgf77 cf77 fort77 fl32 af77 xlf90 f90 pgf90 pghpf epcf90 gfortran g95 xlf95 f95 fort ifort ifc efc pgf95 lf95 ftn do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_ac_ct_F77+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_F77"; then ac_cv_prog_ac_ct_F77="$ac_ct_F77" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_F77="$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_F77=$ac_cv_prog_ac_ct_F77 if test -n "$ac_ct_F77"; then { echo "$as_me:$LINENO: result: $ac_ct_F77" >&5 echo "${ECHO_T}$ac_ct_F77" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi test -n "$ac_ct_F77" && break done if test "x$ac_ct_F77" = x; then F77="" else case $cross_compiling:$ac_tool_warned in yes:) { echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&5 echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&2;} ac_tool_warned=yes ;; esac F77=$ac_ct_F77 fi fi # Provide some information about the compiler. echo "$as_me:$LINENO: checking for Fortran 77 compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (ac_try="$ac_compiler --version >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compiler --version >&5") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (ac_try="$ac_compiler -v >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compiler -v >&5") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (ac_try="$ac_compiler -V >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compiler -V >&5") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } rm -f a.out # If we don't use `.F' as extension, the preprocessor is not run on the # input file. (Note that this only needs to work for GNU compilers.) ac_save_ext=$ac_ext ac_ext=F { echo "$as_me:$LINENO: checking whether we are using the GNU Fortran 77 compiler" >&5 echo $ECHO_N "checking whether we are using the GNU Fortran 77 compiler... $ECHO_C" >&6; } if test "${ac_cv_f77_compiler_gnu+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF program main #ifndef __GNUC__ choke me #endif end _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_f77_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_compiler_gnu=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_f77_compiler_gnu=$ac_compiler_gnu fi { echo "$as_me:$LINENO: result: $ac_cv_f77_compiler_gnu" >&5 echo "${ECHO_T}$ac_cv_f77_compiler_gnu" >&6; } ac_ext=$ac_save_ext ac_test_FFLAGS=${FFLAGS+set} ac_save_FFLAGS=$FFLAGS FFLAGS= { echo "$as_me:$LINENO: checking whether $F77 accepts -g" >&5 echo $ECHO_N "checking whether $F77 accepts -g... $ECHO_C" >&6; } if test "${ac_cv_prog_f77_g+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else FFLAGS=-g cat >conftest.$ac_ext <<_ACEOF program main end _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_f77_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_prog_f77_g=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_prog_f77_g=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { echo "$as_me:$LINENO: result: $ac_cv_prog_f77_g" >&5 echo "${ECHO_T}$ac_cv_prog_f77_g" >&6; } if test "$ac_test_FFLAGS" = set; then FFLAGS=$ac_save_FFLAGS elif test $ac_cv_prog_f77_g = yes; then if test "x$ac_cv_f77_compiler_gnu" = xyes; then FFLAGS="-g -O2" else FFLAGS="-g" fi else if test "x$ac_cv_f77_compiler_gnu" = xyes; then FFLAGS="-O2" else FFLAGS= fi fi G77=`test $ac_compiler_gnu = yes && echo yes` ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu # Autoconf 2.13's AC_OBJEXT and AC_EXEEXT macros only works for C compilers! # find the maximum length of command line arguments { echo "$as_me:$LINENO: checking the maximum length of command line arguments" >&5 echo $ECHO_N "checking the maximum length of command line arguments... $ECHO_C" >&6; } if test "${lt_cv_sys_max_cmd_len+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else i=0 teststring="ABCD" case $build_os in msdosdjgpp*) # On DJGPP, this test can blow up pretty badly due to problems in libc # (any single argument exceeding 2000 bytes causes a buffer overrun # during glob expansion). Even if it were fixed, the result of this # check would be larger than it should be. lt_cv_sys_max_cmd_len=12288; # 12K is about right ;; gnu*) # Under GNU Hurd, this test is not required because there is # no limit to the length of command line arguments. # Libtool will interpret -1 as no limit whatsoever lt_cv_sys_max_cmd_len=-1; ;; cygwin* | mingw*) # On Win9x/ME, this test blows up -- it succeeds, but takes # about 5 minutes as the teststring grows exponentially. # Worse, since 9x/ME are not pre-emptively multitasking, # you end up with a "frozen" computer, even though with patience # the test eventually succeeds (with a max line length of 256k). # Instead, let's just punt: use the minimum linelength reported by # all of the supported platforms: 8192 (on NT/2K/XP). lt_cv_sys_max_cmd_len=8192; ;; amigaos*) # On AmigaOS with pdksh, this test takes hours, literally. # So we just punt and use a minimum line length of 8192. lt_cv_sys_max_cmd_len=8192; ;; netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` elif test -x /usr/sbin/sysctl; then lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` else lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs fi # And add a safety zone lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` ;; interix*) # We know the value 262144 and hardcode it with a safety zone (like BSD) lt_cv_sys_max_cmd_len=196608 ;; osf*) # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not # nice to cause kernel panics so lets avoid the loop below. # First set a reasonable default. lt_cv_sys_max_cmd_len=16384 # if test -x /sbin/sysconfig; then case `/sbin/sysconfig -q proc exec_disable_arg_limit` in *1*) lt_cv_sys_max_cmd_len=-1 ;; esac fi ;; sco3.2v5*) lt_cv_sys_max_cmd_len=102400 ;; sysv5* | sco5v6* | sysv4.2uw2*) kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` if test -n "$kargmax"; then lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'` else lt_cv_sys_max_cmd_len=32768 fi ;; *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` if test -n "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} while (test "X"`$SHELL $0 --fallback-echo "X$teststring" 2>/dev/null` \ = "XX$teststring") >/dev/null 2>&1 && new_result=`expr "X$teststring" : ".*" 2>&1` && lt_cv_sys_max_cmd_len=$new_result && test $i != 17 # 1/2 MB should be enough do i=`expr $i + 1` teststring=$teststring$teststring done teststring= # Add a significant safety factor because C++ compilers can tack on massive # amounts of additional arguments before passing them to the linker. # It appears as though 1/2 is a usable value. lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` fi ;; esac fi if test -n $lt_cv_sys_max_cmd_len ; then { echo "$as_me:$LINENO: result: $lt_cv_sys_max_cmd_len" >&5 echo "${ECHO_T}$lt_cv_sys_max_cmd_len" >&6; } else { echo "$as_me:$LINENO: result: none" >&5 echo "${ECHO_T}none" >&6; } fi # Check for command to grab the raw symbol name followed by C symbol from nm. { echo "$as_me:$LINENO: checking command to parse $NM output from $compiler object" >&5 echo $ECHO_N "checking command to parse $NM output from $compiler object... $ECHO_C" >&6; } if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else # These are sane defaults that work on at least a few old systems. # [They come from Ultrix. What could be older than Ultrix?!! ;)] # Character class describing NM global symbol codes. symcode='[BCDEGRST]' # Regexp to match symbols that can be accessed directly from C. sympat='\([_A-Za-z][_A-Za-z0-9]*\)' # Transform an extracted symbol line into a proper C declaration lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern int \1;/p'" # Transform an extracted symbol line into symbol name and symbol address lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" # Define system-specific variables. case $host_os in aix*) symcode='[BCDT]' ;; cygwin* | mingw* | pw32*) symcode='[ABCDGISTW]' ;; hpux*) # Its linker distinguishes data from code symbols if test "$host_cpu" = ia64; then symcode='[ABCDEGRST]' fi lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" ;; linux* | k*bsd*-gnu) if test "$host_cpu" = ia64; then symcode='[ABCDGIRSTW]' lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" fi ;; irix* | nonstopux*) symcode='[BCDEGRST]' ;; osf*) symcode='[BCDEGQRST]' ;; solaris*) symcode='[BDRT]' ;; sco3.2v5*) symcode='[DT]' ;; sysv4.2uw2*) symcode='[DT]' ;; sysv5* | sco5v6* | unixware* | OpenUNIX*) symcode='[ABDT]' ;; sysv4) symcode='[DFNSTU]' ;; esac # Handle CRLF in mingw tool chain opt_cr= case $build_os in mingw*) opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp ;; esac # If we're using GNU nm, then use its standard symbol codes. case `$NM -V 2>&1` in *GNU* | *'with BFD'*) symcode='[ABCDGIRSTW]' ;; esac # Try without a prefix undercore, then with it. for ac_symprfx in "" "_"; do # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. symxfrm="\\1 $ac_symprfx\\2 \\2" # Write the raw and C identifiers. lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" # Check to see that the pipe works correctly. pipe_works=no rm -f conftest* cat > conftest.$ac_ext <&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then # Now try to grab the symbols. nlist=conftest.nm if { (eval echo "$as_me:$LINENO: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\"") >&5 (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" else rm -f "$nlist"T fi # Make sure that we snagged all the symbols we need. if grep ' nm_test_var$' "$nlist" >/dev/null; then if grep ' nm_test_func$' "$nlist" >/dev/null; then cat < conftest.$ac_ext #ifdef __cplusplus extern "C" { #endif EOF # Now generate the symbol file. eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | grep -v main >> conftest.$ac_ext' cat <> conftest.$ac_ext #if defined (__STDC__) && __STDC__ # define lt_ptr_t void * #else # define lt_ptr_t char * # define const #endif /* The mapping between symbol names and symbols. */ const struct { const char *name; lt_ptr_t address; } lt_preloaded_symbols[] = { EOF $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" | grep -v main >> conftest.$ac_ext cat <<\EOF >> conftest.$ac_ext {0, (lt_ptr_t) 0} }; #ifdef __cplusplus } #endif EOF # Now try linking the two files. mv conftest.$ac_objext conftstm.$ac_objext lt_save_LIBS="$LIBS" lt_save_CFLAGS="$CFLAGS" LIBS="conftstm.$ac_objext" CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag" if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && test -s conftest${ac_exeext}; then pipe_works=yes fi LIBS="$lt_save_LIBS" CFLAGS="$lt_save_CFLAGS" else echo "cannot find nm_test_func in $nlist" >&5 fi else echo "cannot find nm_test_var in $nlist" >&5 fi else echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5 fi else echo "$progname: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -rf conftest* conftst* # Do not use the global_symbol_pipe unless it works. if test "$pipe_works" = yes; then break else lt_cv_sys_global_symbol_pipe= fi done fi if test -z "$lt_cv_sys_global_symbol_pipe"; then lt_cv_sys_global_symbol_to_cdecl= fi if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then { echo "$as_me:$LINENO: result: failed" >&5 echo "${ECHO_T}failed" >&6; } else { echo "$as_me:$LINENO: result: ok" >&5 echo "${ECHO_T}ok" >&6; } fi { echo "$as_me:$LINENO: checking for objdir" >&5 echo $ECHO_N "checking for objdir... $ECHO_C" >&6; } if test "${lt_cv_objdir+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else rm -f .libs 2>/dev/null mkdir .libs 2>/dev/null if test -d .libs; then lt_cv_objdir=.libs else # MS-DOS does not allow filenames that begin with a dot. lt_cv_objdir=_libs fi rmdir .libs 2>/dev/null fi { echo "$as_me:$LINENO: result: $lt_cv_objdir" >&5 echo "${ECHO_T}$lt_cv_objdir" >&6; } objdir=$lt_cv_objdir case $host_os in aix3*) # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi ;; esac # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. Xsed='sed -e 1s/^X//' sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g' # Same as above, but do not quote variable references. double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g' # Sed substitution to delay expansion of an escaped shell variable in a # double_quote_subst'ed string. delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' # Sed substitution to avoid accidental globbing in evaled expressions no_glob_subst='s/\*/\\\*/g' # Constants: rm="rm -f" # Global variables: default_ofile=libtool can_build_shared=yes # All known linkers require a `.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a ltmain="$ac_aux_dir/ltmain.sh" ofile="$default_ofile" with_gnu_ld="$lt_cv_prog_gnu_ld" if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args. set dummy ${ac_tool_prefix}ar; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_AR+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$AR"; then ac_cv_prog_AR="$AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_AR="${ac_tool_prefix}ar" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AR=$ac_cv_prog_AR if test -n "$AR"; then { echo "$as_me:$LINENO: result: $AR" >&5 echo "${ECHO_T}$AR" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi fi if test -z "$ac_cv_prog_AR"; then ac_ct_AR=$AR # Extract the first word of "ar", so it can be a program name with args. set dummy ar; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_ac_ct_AR+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_AR"; then ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_AR="ar" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_AR=$ac_cv_prog_ac_ct_AR if test -n "$ac_ct_AR"; then { echo "$as_me:$LINENO: result: $ac_ct_AR" >&5 echo "${ECHO_T}$ac_ct_AR" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if test "x$ac_ct_AR" = x; then AR="false" else case $cross_compiling:$ac_tool_warned in yes:) { echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&5 echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&2;} ac_tool_warned=yes ;; esac AR=$ac_ct_AR fi else AR="$ac_cv_prog_AR" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_RANLIB+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then { echo "$as_me:$LINENO: result: $RANLIB" >&5 echo "${ECHO_T}$RANLIB" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi fi if test -z "$ac_cv_prog_RANLIB"; then ac_ct_RANLIB=$RANLIB # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_RANLIB="ranlib" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then { echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5 echo "${ECHO_T}$ac_ct_RANLIB" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if test "x$ac_ct_RANLIB" = x; then RANLIB=":" else case $cross_compiling:$ac_tool_warned in yes:) { echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&5 echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&2;} ac_tool_warned=yes ;; esac RANLIB=$ac_ct_RANLIB fi else RANLIB="$ac_cv_prog_RANLIB" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_STRIP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then { echo "$as_me:$LINENO: result: $STRIP" >&5 echo "${ECHO_T}$STRIP" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi fi if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_STRIP="strip" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then { echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5 echo "${ECHO_T}$ac_ct_STRIP" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if test "x$ac_ct_STRIP" = x; then STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) { echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&5 echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP fi else STRIP="$ac_cv_prog_STRIP" fi old_CC="$CC" old_CFLAGS="$CFLAGS" # Set sane defaults for various variables test -z "$AR" && AR=ar test -z "$AR_FLAGS" && AR_FLAGS=cru test -z "$AS" && AS=as test -z "$CC" && CC=cc test -z "$LTCC" && LTCC=$CC test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS test -z "$DLLTOOL" && DLLTOOL=dlltool test -z "$LD" && LD=ld test -z "$LN_S" && LN_S="ln -s" test -z "$MAGIC_CMD" && MAGIC_CMD=file test -z "$NM" && NM=nm test -z "$SED" && SED=sed test -z "$OBJDUMP" && OBJDUMP=objdump test -z "$RANLIB" && RANLIB=: test -z "$STRIP" && STRIP=: test -z "$ac_objext" && ac_objext=o # Determine commands to create old-style static archives. old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' old_postinstall_cmds='chmod 644 $oldlib' old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in openbsd*) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib" ;; *) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib" ;; esac old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" fi for cc_temp in $compiler""; do case $cc_temp in compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` # Only perform the check for file, if the check method requires it case $deplibs_check_method in file_magic*) if test "$file_magic_cmd" = '$MAGIC_CMD'; then { echo "$as_me:$LINENO: checking for ${ac_tool_prefix}file" >&5 echo $ECHO_N "checking for ${ac_tool_prefix}file... $ECHO_C" >&6; } if test "${lt_cv_path_MAGIC_CMD+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. ;; *) lt_save_MAGIC_CMD="$MAGIC_CMD" lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" for ac_dir in $ac_dummy; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/${ac_tool_prefix}file; then lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : else cat <&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org EOF fi ;; esac fi break fi done IFS="$lt_save_ifs" MAGIC_CMD="$lt_save_MAGIC_CMD" ;; esac fi MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then { echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5 echo "${ECHO_T}$MAGIC_CMD" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if test -z "$lt_cv_path_MAGIC_CMD"; then if test -n "$ac_tool_prefix"; then { echo "$as_me:$LINENO: checking for file" >&5 echo $ECHO_N "checking for file... $ECHO_C" >&6; } if test "${lt_cv_path_MAGIC_CMD+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. ;; *) lt_save_MAGIC_CMD="$MAGIC_CMD" lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" for ac_dir in $ac_dummy; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/file; then lt_cv_path_MAGIC_CMD="$ac_dir/file" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : else cat <&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org EOF fi ;; esac fi break fi done IFS="$lt_save_ifs" MAGIC_CMD="$lt_save_MAGIC_CMD" ;; esac fi MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then { echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5 echo "${ECHO_T}$MAGIC_CMD" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi else MAGIC_CMD=: fi fi fi ;; esac case $host_os in rhapsody* | darwin*) if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args. set dummy ${ac_tool_prefix}dsymutil; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_DSYMUTIL+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$DSYMUTIL"; then ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi DSYMUTIL=$ac_cv_prog_DSYMUTIL if test -n "$DSYMUTIL"; then { echo "$as_me:$LINENO: result: $DSYMUTIL" >&5 echo "${ECHO_T}$DSYMUTIL" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi fi if test -z "$ac_cv_prog_DSYMUTIL"; then ac_ct_DSYMUTIL=$DSYMUTIL # Extract the first word of "dsymutil", so it can be a program name with args. set dummy dsymutil; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_ac_ct_DSYMUTIL+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_DSYMUTIL"; then ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL if test -n "$ac_ct_DSYMUTIL"; then { echo "$as_me:$LINENO: result: $ac_ct_DSYMUTIL" >&5 echo "${ECHO_T}$ac_ct_DSYMUTIL" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if test "x$ac_ct_DSYMUTIL" = x; then DSYMUTIL=":" else case $cross_compiling:$ac_tool_warned in yes:) { echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&5 echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&2;} ac_tool_warned=yes ;; esac DSYMUTIL=$ac_ct_DSYMUTIL fi else DSYMUTIL="$ac_cv_prog_DSYMUTIL" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args. set dummy ${ac_tool_prefix}nmedit; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_NMEDIT+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$NMEDIT"; then ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi NMEDIT=$ac_cv_prog_NMEDIT if test -n "$NMEDIT"; then { echo "$as_me:$LINENO: result: $NMEDIT" >&5 echo "${ECHO_T}$NMEDIT" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi fi if test -z "$ac_cv_prog_NMEDIT"; then ac_ct_NMEDIT=$NMEDIT # Extract the first word of "nmedit", so it can be a program name with args. set dummy nmedit; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_ac_ct_NMEDIT+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_NMEDIT"; then ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_NMEDIT="nmedit" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT if test -n "$ac_ct_NMEDIT"; then { echo "$as_me:$LINENO: result: $ac_ct_NMEDIT" >&5 echo "${ECHO_T}$ac_ct_NMEDIT" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if test "x$ac_ct_NMEDIT" = x; then NMEDIT=":" else case $cross_compiling:$ac_tool_warned in yes:) { echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&5 echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&2;} ac_tool_warned=yes ;; esac NMEDIT=$ac_ct_NMEDIT fi else NMEDIT="$ac_cv_prog_NMEDIT" fi { echo "$as_me:$LINENO: checking for -single_module linker flag" >&5 echo $ECHO_N "checking for -single_module linker flag... $ECHO_C" >&6; } if test "${lt_cv_apple_cc_single_mod+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_apple_cc_single_mod=no if test -z "${LT_MULTI_MODULE}"; then # By default we will add the -single_module flag. You can override # by either setting the environment variable LT_MULTI_MODULE # non-empty at configure time, or by adding -multi_module to the # link flags. echo "int foo(void){return 1;}" > conftest.c $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib ${wl}-single_module conftest.c if test -f libconftest.dylib; then lt_cv_apple_cc_single_mod=yes rm -rf libconftest.dylib* fi rm conftest.c fi fi { echo "$as_me:$LINENO: result: $lt_cv_apple_cc_single_mod" >&5 echo "${ECHO_T}$lt_cv_apple_cc_single_mod" >&6; } { echo "$as_me:$LINENO: checking for -exported_symbols_list linker flag" >&5 echo $ECHO_N "checking for -exported_symbols_list linker flag... $ECHO_C" >&6; } if test "${lt_cv_ld_exported_symbols_list+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_ld_exported_symbols_list=no save_LDFLAGS=$LDFLAGS echo "_main" > conftest.sym LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then lt_cv_ld_exported_symbols_list=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 lt_cv_ld_exported_symbols_list=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LDFLAGS="$save_LDFLAGS" fi { echo "$as_me:$LINENO: result: $lt_cv_ld_exported_symbols_list" >&5 echo "${ECHO_T}$lt_cv_ld_exported_symbols_list" >&6; } case $host_os in rhapsody* | darwin1.[0123]) _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; darwin1.*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; darwin*) # if running on 10.5 or later, the deployment target defaults # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in 10.0,*86*-darwin8*|10.0,*-darwin[91]*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; 10.[012]*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; 10.*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; esac ;; esac if test "$lt_cv_apple_cc_single_mod" = "yes"; then _lt_dar_single_mod='$single_module' fi if test "$lt_cv_ld_exported_symbols_list" = "yes"; then _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' else _lt_dar_export_syms="~$NMEDIT -s \$output_objdir/\${libname}-symbols.expsym \${lib}" fi if test "$DSYMUTIL" != ":"; then _lt_dsymutil="~$DSYMUTIL \$lib || :" else _lt_dsymutil= fi ;; esac enable_dlopen=no enable_win32_dll=no # Check whether --enable-libtool-lock was given. if test "${enable_libtool_lock+set}" = set; then enableval=$enable_libtool_lock; fi test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes # Check whether --with-pic was given. if test "${with_pic+set}" = set; then withval=$with_pic; pic_mode="$withval" else pic_mode=default fi test -z "$pic_mode" && pic_mode=default # Use C for the default configuration in the libtool script tagname= lt_save_CC="$CC" ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu # Source file extension for C test sources. ac_ext=c # Object file extension for compiled C test sources. objext=o objext=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(){return(0);}' # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC # save warnings/boilerplate of simple test code ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" >conftest.$ac_ext eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_compiler_boilerplate=`cat conftest.err` $rm conftest* ac_outfile=conftest.$ac_objext echo "$lt_simple_link_test_code" >conftest.$ac_ext eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_linker_boilerplate=`cat conftest.err` $rm -r conftest* lt_prog_compiler_no_builtin_flag= if test "$GCC" = yes; then lt_prog_compiler_no_builtin_flag=' -fno-builtin' { echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6; } if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_prog_compiler_rtti_exceptions=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-fno-rtti -fno-exceptions" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:7583: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 echo "$as_me:7587: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_rtti_exceptions=yes fi fi $rm conftest* fi { echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 echo "${ECHO_T}$lt_cv_prog_compiler_rtti_exceptions" >&6; } if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" else : fi fi lt_prog_compiler_wl= lt_prog_compiler_pic= lt_prog_compiler_static= { echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5 echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } if test "$GCC" = yes; then lt_prog_compiler_wl='-Wl,' lt_prog_compiler_static='-static' case $host_os in aix*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor lt_prog_compiler_static='-Bstatic' fi ;; amigaos*) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries lt_prog_compiler_pic='-DDLL_EXPORT' ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files lt_prog_compiler_pic='-fno-common' ;; interix[3-9]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; msdosdjgpp*) # Just because we use GCC doesn't mean we suddenly get shared libraries # on systems that don't support them. lt_prog_compiler_can_build_shared=no enable_shared=no ;; sysv4*MP*) if test -d /usr/nec; then lt_prog_compiler_pic=-Kconform_pic fi ;; hpux*) # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) lt_prog_compiler_pic='-fPIC' ;; esac ;; *) lt_prog_compiler_pic='-fPIC' ;; esac else # PORTME Check for flag to pass linker flags through the system compiler. case $host_os in aix*) lt_prog_compiler_wl='-Wl,' if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor lt_prog_compiler_static='-Bstatic' else lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp' fi ;; darwin*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files case $cc_basename in xlc*) lt_prog_compiler_pic='-qnocommon' lt_prog_compiler_wl='-Wl,' ;; esac ;; mingw* | cygwin* | pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic='-DDLL_EXPORT' ;; hpux9* | hpux10* | hpux11*) lt_prog_compiler_wl='-Wl,' # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) lt_prog_compiler_pic='+Z' ;; esac # Is there a better lt_prog_compiler_static that works with the bundled CC? lt_prog_compiler_static='${wl}-a ${wl}archive' ;; irix5* | irix6* | nonstopux*) lt_prog_compiler_wl='-Wl,' # PIC (with -KPIC) is the default. lt_prog_compiler_static='-non_shared' ;; newsos6) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' ;; linux* | k*bsd*-gnu) case $cc_basename in icc* | ecc*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-static' ;; pgcc* | pgf77* | pgf90* | pgf95*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fpic' lt_prog_compiler_static='-Bstatic' ;; ccc*) lt_prog_compiler_wl='-Wl,' # All Alpha code is PIC. lt_prog_compiler_static='-non_shared' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' lt_prog_compiler_wl='-Wl,' ;; *Sun\ F*) # Sun Fortran 8.3 passes all unrecognized flags to the linker lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' lt_prog_compiler_wl='' ;; esac ;; esac ;; osf3* | osf4* | osf5*) lt_prog_compiler_wl='-Wl,' # All OSF/1 code is PIC. lt_prog_compiler_static='-non_shared' ;; rdos*) lt_prog_compiler_static='-non_shared' ;; solaris*) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' case $cc_basename in f77* | f90* | f95*) lt_prog_compiler_wl='-Qoption ld ';; *) lt_prog_compiler_wl='-Wl,';; esac ;; sunos4*) lt_prog_compiler_wl='-Qoption ld ' lt_prog_compiler_pic='-PIC' lt_prog_compiler_static='-Bstatic' ;; sysv4 | sysv4.2uw2* | sysv4.3*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' ;; sysv4*MP*) if test -d /usr/nec ;then lt_prog_compiler_pic='-Kconform_pic' lt_prog_compiler_static='-Bstatic' fi ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' ;; unicos*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_can_build_shared=no ;; uts4*) lt_prog_compiler_pic='-pic' lt_prog_compiler_static='-Bstatic' ;; *) lt_prog_compiler_can_build_shared=no ;; esac fi { echo "$as_me:$LINENO: result: $lt_prog_compiler_pic" >&5 echo "${ECHO_T}$lt_prog_compiler_pic" >&6; } # # Check to make sure the PIC flag actually works. # if test -n "$lt_prog_compiler_pic"; then { echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic works... $ECHO_C" >&6; } if test "${lt_cv_prog_compiler_pic_works+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_prog_compiler_pic_works=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="$lt_prog_compiler_pic -DPIC" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:7873: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 echo "$as_me:7877: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_pic_works=yes fi fi $rm conftest* fi { echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_pic_works" >&5 echo "${ECHO_T}$lt_cv_prog_compiler_pic_works" >&6; } if test x"$lt_cv_prog_compiler_pic_works" = xyes; then case $lt_prog_compiler_pic in "" | " "*) ;; *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; esac else lt_prog_compiler_pic= lt_prog_compiler_can_build_shared=no fi fi case $host_os in # For platforms which do not support PIC, -DPIC is meaningless: *djgpp*) lt_prog_compiler_pic= ;; *) lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC" ;; esac # # Check to make sure the static flag actually works. # wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" { echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5 echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; } if test "${lt_cv_prog_compiler_static_works+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_prog_compiler_static_works=no save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS $lt_tmp_static_flag" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&5 $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_static_works=yes fi else lt_cv_prog_compiler_static_works=yes fi fi $rm -r conftest* LDFLAGS="$save_LDFLAGS" fi { echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_static_works" >&5 echo "${ECHO_T}$lt_cv_prog_compiler_static_works" >&6; } if test x"$lt_cv_prog_compiler_static_works" = xyes; then : else lt_prog_compiler_static= fi { echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5 echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; } if test "${lt_cv_prog_compiler_c_o+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_prog_compiler_c_o=no $rm -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:7977: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 echo "$as_me:7981: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then lt_cv_prog_compiler_c_o=yes fi fi chmod u+w . 2>&5 $rm conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files $rm out/* && rmdir out cd .. rmdir conftest $rm conftest* fi { echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o" >&5 echo "${ECHO_T}$lt_cv_prog_compiler_c_o" >&6; } hard_links="nottested" if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then # do not overwrite the value of need_locks provided by the user { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5 echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; } hard_links=yes $rm conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no { echo "$as_me:$LINENO: result: $hard_links" >&5 echo "${ECHO_T}$hard_links" >&6; } if test "$hard_links" = no; then { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} need_locks=warn fi else need_locks=no fi { echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5 echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; } runpath_var= allow_undefined_flag= enable_shared_with_static_runtimes=no archive_cmds= archive_expsym_cmds= old_archive_From_new_cmds= old_archive_from_expsyms_cmds= export_dynamic_flag_spec= whole_archive_flag_spec= thread_safe_flag_spec= hardcode_libdir_flag_spec= hardcode_libdir_flag_spec_ld= hardcode_libdir_separator= hardcode_direct=no hardcode_minus_L=no hardcode_shlibpath_var=unsupported link_all_deplibs=unknown hardcode_automatic=no module_cmds= module_expsym_cmds= always_export_symbols=no export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' # include_expsyms should be a list of space-separated symbols to be *always* # included in the symbol list include_expsyms= # exclude_expsyms can be an extended regexp of symbols to exclude # it will be wrapped by ` (' and `)$', so one must not match beginning or # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', # as well as any symbol that contains `d'. exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if # the symbol is explicitly referenced. Since portable code cannot # rely on this symbol name, it's probably fine to never include it in # preloaded symbol tables. # Exclude shared library initialization/finalization symbols. extract_expsyms_cmds= # Just being paranoid about ensuring that cc_basename is set. for cc_temp in $compiler""; do case $cc_temp in compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` case $host_os in cygwin* | mingw* | pw32*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. if test "$GCC" != yes; then with_gnu_ld=no fi ;; interix*) # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; openbsd*) with_gnu_ld=no ;; esac ld_shlibs=yes if test "$with_gnu_ld" = yes; then # If archive_cmds runs LD, not CC, wlarc should be empty wlarc='${wl}' # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH hardcode_libdir_flag_spec='${wl}--rpath ${wl}$libdir' export_dynamic_flag_spec='${wl}--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else whole_archive_flag_spec= fi supports_anon_versioning=no case `$LD -v 2>/dev/null` in *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... *\ 2.11.*) ;; # other 2.11 versions *) supports_anon_versioning=yes ;; esac # See if GNU ld supports shared libraries. case $host_os in aix[3-9]*) # On AIX/PPC, the GNU linker is very broken if test "$host_cpu" != ia64; then ld_shlibs=no cat <&2 *** Warning: the GNU linker, at least up to release 2.9.1, is reported *** to be unable to reliably create shared libraries on AIX. *** Therefore, libtool is disabling shared libraries support. If you *** really care for shared libraries, you may want to modify your PATH *** so that a non-GNU linker is found, and then restart. EOF fi ;; amigaos*) archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes # Samuel A. Falvo II reports # that the semantics of dynamic libraries on AmigaOS, at least up # to version 4, is to share data among multiple programs linked # with the same dynamic library. Since this doesn't match the # behavior of shared libraries on other platforms, we can't use # them. ld_shlibs=no ;; beos*) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then allow_undefined_flag=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' else ld_shlibs=no fi ;; cygwin* | mingw* | pw32*) # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, # as there is no search path for DLLs. hardcode_libdir_flag_spec='-L$libdir' allow_undefined_flag=unsupported always_export_symbols=no enable_shared_with_static_runtimes=yes export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/'\'' -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else ld_shlibs=no fi ;; interix[3-9]*) hardcode_direct=no hardcode_shlibpath_var=no hardcode_libdir_flag_spec='${wl}-rpath,$libdir' export_dynamic_flag_spec='${wl}-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | k*bsd*-gnu) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then tmp_addflag= case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag' ;; pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 tmp_addflag=' -i_dynamic -nofor_main' ;; ifc* | ifort*) # Intel Fortran compiler tmp_addflag=' -nofor_main' ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; *) tmp_sharedflag='-shared' ;; esac archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' if test $supports_anon_versioning = yes; then archive_expsym_cmds='$echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ $echo "local: *; };" >> $output_objdir/$libname.ver~ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' fi link_all_deplibs=no else ld_shlibs=no fi ;; netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' fi ;; solaris*) if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then ld_shlibs=no cat <&2 *** Warning: The releases 2.8.* of the GNU linker cannot reliably *** create shared libraries on Solaris systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.9.1 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. EOF elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) case `$LD -v 2>&1` in *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) ld_shlibs=no cat <<_LT_EOF 1>&2 *** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not *** reliably create shared libraries on SCO systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.16.91.0.3 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF ;; *) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`' archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib' else ld_shlibs=no fi ;; esac ;; sunos4*) archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' wlarc= hardcode_direct=yes hardcode_shlibpath_var=no ;; *) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; esac if test "$ld_shlibs" = no; then runpath_var= hardcode_libdir_flag_spec= export_dynamic_flag_spec= whole_archive_flag_spec= fi else # PORTME fill in a description of your system's linker (not GNU ld) case $host_os in aix3*) allow_undefined_flag=unsupported always_export_symbols=yes archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. hardcode_minus_L=yes if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. hardcode_direct=unsupported fi ;; aix[4-9]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag="" else # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm if $NM -V 2>&1 | grep 'GNU' > /dev/null; then export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' else export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) for ld_flag in $LDFLAGS; do if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then aix_use_runtimelinking=yes break fi done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. archive_cmds='' hardcode_direct=yes hardcode_libdir_separator=':' link_all_deplibs=yes if test "$GCC" = yes; then case $host_os in aix4.[012]|aix4.[012].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && \ strings "$collect2name" | grep resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 hardcode_direct=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking hardcode_minus_L=yes hardcode_libdir_flag_spec='-L$libdir' hardcode_libdir_separator= fi ;; esac shared_flag='-shared' if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi else # not using gcc if test "$host_cpu" = ia64; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' fi fi fi # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. always_export_symbols=yes if test "$aix_use_runtimelinking" = yes; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. allow_undefined_flag='-berok' # Determine the default libpath from the value encoded in an empty executable. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/ p } }' aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" archive_expsym_cmds="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib' allow_undefined_flag="-z nodefs" archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an empty executable. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/ p } }' aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. no_undefined_flag=' ${wl}-bernotok' allow_undefined_flag=' ${wl}-berok' # Exported symbols can be pulled into shared objects from archives whole_archive_flag_spec='$convenience' archive_cmds_need_lc=yes # This is similar to how AIX traditionally builds its shared libraries. archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; amigaos*) archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes # see comment about different semantics on the GNU ld section ld_shlibs=no ;; bsdi[45]*) export_dynamic_flag_spec=-rdynamic ;; cygwin* | mingw* | pw32*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. hardcode_libdir_flag_spec=' ' allow_undefined_flag=unsupported # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. archive_cmds='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. old_archive_From_new_cmds='true' # FIXME: Should let the user specify the lib program. old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs' fix_srcfile_path='`cygpath -w "$srcfile"`' enable_shared_with_static_runtimes=yes ;; darwin* | rhapsody*) case $host_os in rhapsody* | darwin1.[012]) allow_undefined_flag='${wl}-undefined ${wl}suppress' ;; *) # Darwin 1.3 on if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then allow_undefined_flag='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' else case ${MACOSX_DEPLOYMENT_TARGET} in 10.[012]) allow_undefined_flag='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; 10.*) allow_undefined_flag='${wl}-undefined ${wl}dynamic_lookup' ;; esac fi ;; esac archive_cmds_need_lc=no hardcode_direct=no hardcode_automatic=yes hardcode_shlibpath_var=unsupported whole_archive_flag_spec='' link_all_deplibs=yes if test "$GCC" = yes ; then output_verbose_link_cmd='echo' archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" else case $cc_basename in xlc*) output_verbose_link_cmd='echo' archive_cmds='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $xlcverstring' module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $xlcverstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' module_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' ;; *) ld_shlibs=no ;; esac fi ;; dgux*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec='-L$libdir' hardcode_shlibpath_var=no ;; freebsd1*) ld_shlibs=no ;; # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little # extra space). freebsd2.2*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; # Unfortunately, older versions of FreeBSD 2 do not have this feature. freebsd2*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes hardcode_minus_L=yes hardcode_shlibpath_var=no ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. freebsd* | dragonfly*) archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; hpux9*) if test "$GCC" = yes; then archive_cmds='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else archive_cmds='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' fi hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: hardcode_direct=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes export_dynamic_flag_spec='${wl}-E' ;; hpux10*) if test "$GCC" = yes -a "$with_gnu_ld" = no; then archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi if test "$with_gnu_ld" = no; then hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: hardcode_direct=yes export_dynamic_flag_spec='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes fi ;; hpux11*) if test "$GCC" = yes -a "$with_gnu_ld" = no; then case $host_cpu in hppa*64*) archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) archive_cmds='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else case $host_cpu in hppa*64*) archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac fi if test "$with_gnu_ld" = no; then hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: case $host_cpu in hppa*64*|ia64*) hardcode_libdir_flag_spec_ld='+b $libdir' hardcode_direct=no hardcode_shlibpath_var=no ;; *) hardcode_direct=yes export_dynamic_flag_spec='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes ;; esac fi ;; irix5* | irix6* | nonstopux*) if test "$GCC" = yes; then archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' hardcode_libdir_flag_spec_ld='-rpath $libdir' fi hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: link_all_deplibs=yes ;; netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF fi hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; newsos6) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: hardcode_shlibpath_var=no ;; openbsd*) if test -f /usr/libexec/ld.so; then hardcode_direct=yes hardcode_shlibpath_var=no if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' hardcode_libdir_flag_spec='${wl}-rpath,$libdir' export_dynamic_flag_spec='${wl}-E' else case $host_os in openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec='-R$libdir' ;; *) archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec='${wl}-rpath,$libdir' ;; esac fi else ld_shlibs=no fi ;; os2*) hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes allow_undefined_flag=unsupported archive_cmds='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' old_archive_From_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' ;; osf3*) if test "$GCC" = yes; then allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else allow_undefined_flag=' -expect_unresolved \*' archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' fi hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: ;; osf4* | osf5*) # as osf3* with the addition of -msym flag if test "$GCC" = yes; then allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' else allow_undefined_flag=' -expect_unresolved \*' archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~ $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp' # Both c and cxx compiler support -rpath directly hardcode_libdir_flag_spec='-rpath $libdir' fi hardcode_libdir_separator=: ;; solaris*) no_undefined_flag=' -z text' if test "$GCC" = yes; then wlarc='${wl}' archive_cmds='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp' else wlarc='' archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp' fi hardcode_libdir_flag_spec='-R$libdir' hardcode_shlibpath_var=no case $host_os in solaris2.[0-5] | solaris2.[0-5].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands `-z linker_flag'. GCC discards it without `$wl', # but is careful enough not to reorder. # Supported since Solaris 2.6 (maybe 2.5.1?) if test "$GCC" = yes; then whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' else whole_archive_flag_spec='-z allextract$convenience -z defaultextract' fi ;; esac link_all_deplibs=yes ;; sunos4*) if test "x$host_vendor" = xsequent; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi hardcode_libdir_flag_spec='-L$libdir' hardcode_direct=yes hardcode_minus_L=yes hardcode_shlibpath_var=no ;; sysv4) case $host_vendor in sni) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes # is this really true??? ;; siemens) ## LD is ld it makes a PLAMLIB ## CC just makes a GrossModule. archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags' reload_cmds='$CC -r -o $output$reload_objs' hardcode_direct=no ;; motorola) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=no #Motorola manual says yes, but my tests say they lie ;; esac runpath_var='LD_RUN_PATH' hardcode_shlibpath_var=no ;; sysv4.3*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_shlibpath_var=no export_dynamic_flag_spec='-Bexport' ;; sysv4*MP*) if test -d /usr/nec; then archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_shlibpath_var=no runpath_var=LD_RUN_PATH hardcode_runpath_var=yes ld_shlibs=yes fi ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) no_undefined_flag='${wl}-z,text' archive_cmds_need_lc=no hardcode_shlibpath_var=no runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We can NOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. no_undefined_flag='${wl}-z,text' allow_undefined_flag='${wl}-z,nodefs' archive_cmds_need_lc=no hardcode_shlibpath_var=no hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' hardcode_libdir_separator=':' link_all_deplibs=yes export_dynamic_flag_spec='${wl}-Bexport' runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then archive_cmds='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; uts4*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec='-L$libdir' hardcode_shlibpath_var=no ;; *) ld_shlibs=no ;; esac fi { echo "$as_me:$LINENO: result: $ld_shlibs" >&5 echo "${ECHO_T}$ld_shlibs" >&6; } test "$ld_shlibs" = no && can_build_shared=no # # Do we need to explicitly link libc? # case "x$archive_cmds_need_lc" in x|xyes) # Assume -lc should be added archive_cmds_need_lc=yes if test "$enable_shared" = yes && test "$GCC" = yes; then case $archive_cmds in *'~'*) # FIXME: we may have to deal with multi-command sequences. ;; '$CC '*) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5 echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; } $rm conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } 2>conftest.err; then soname=conftest lib=conftest libobjs=conftest.$ac_objext deplibs= wl=$lt_prog_compiler_wl pic_flag=$lt_prog_compiler_pic compiler_flags=-v linker_flags=-v verstring= output_objdir=. libname=conftest lt_save_allow_undefined_flag=$allow_undefined_flag allow_undefined_flag= if { (eval echo "$as_me:$LINENO: \"$archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5 (eval $archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } then archive_cmds_need_lc=no else archive_cmds_need_lc=yes fi allow_undefined_flag=$lt_save_allow_undefined_flag else cat conftest.err 1>&5 fi $rm conftest* { echo "$as_me:$LINENO: result: $archive_cmds_need_lc" >&5 echo "${ECHO_T}$archive_cmds_need_lc" >&6; } ;; esac fi ;; esac { echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5 echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; } library_names_spec= libname_spec='lib$name' soname_spec= shrext_cmds=".so" postinstall_cmds= postuninstall_cmds= finish_cmds= finish_eval= shlibpath_var= shlibpath_overrides_runpath=unknown version_type=none dynamic_linker="$host_os ld.so" sys_lib_dlsearch_path_spec="/lib /usr/lib" if test "$GCC" = yes; then case $host_os in darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; *) lt_awk_arg="/^libraries:/" ;; esac lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"` if echo "$lt_search_path_spec" | grep ';' >/dev/null ; then # if the path contains ";" then we assume it to be the separator # otherwise default to the standard path separator (i.e. ":") - it is # assumed that no part of a normal pathname contains ";" but that should # okay in the real world where ";" in dirpaths is itself problematic. lt_search_path_spec=`echo "$lt_search_path_spec" | $SED -e 's/;/ /g'` else lt_search_path_spec=`echo "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi # Ok, now we have the path, separated by spaces, we can step through it # and add multilib dir if necessary. lt_tmp_lt_search_path_spec= lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` for lt_sys_path in $lt_search_path_spec; do if test -d "$lt_sys_path/$lt_multi_os_dir"; then lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" else test -d "$lt_sys_path" && \ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" fi done lt_search_path_spec=`echo $lt_tmp_lt_search_path_spec | awk ' BEGIN {RS=" "; FS="/|\n";} { lt_foo=""; lt_count=0; for (lt_i = NF; lt_i > 0; lt_i--) { if ($lt_i != "" && $lt_i != ".") { if ($lt_i == "..") { lt_count++; } else { if (lt_count == 0) { lt_foo="/" $lt_i lt_foo; } else { lt_count--; } } } } if (lt_foo != "") { lt_freq[lt_foo]++; } if (lt_freq[lt_foo] == 1) { print lt_foo; } }'` sys_lib_search_path_spec=`echo $lt_search_path_spec` else sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" fi need_lib_prefix=unknown hardcode_into_libs=no # when you set need_version to no, make sure it does not cause -set_version # flags to be left without arguments need_version=unknown case $host_os in aix3*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. soname_spec='${libname}${release}${shared_ext}$major' ;; aix[4-9]*) version_type=linux need_lib_prefix=no need_version=no hardcode_into_libs=yes if test "$host_cpu" = ia64; then # AIX 5 supports IA64 library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with # the line `#! .'. This would cause the generated library to # depend on `.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[01] | aix4.[01].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then : else can_build_shared=no fi ;; esac # AIX (on Power*) has no versioning support, so currently we can not hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. if test "$aix_use_runtimelinking" = yes; then # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' else # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. library_names_spec='${libname}${release}.a $libname.a' soname_spec='${libname}${release}${shared_ext}$major' fi shlibpath_var=LIBPATH fi ;; amigaos*) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; beos*) library_names_spec='${libname}${shared_ext}' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; bsdi[45]*) version_type=linux need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" # the default ld.so.conf also contains /usr/contrib/lib and # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow # libtool to hard-code these into programs ;; cygwin* | mingw* | pw32*) version_type=windows shrext_cmds=".dll" need_version=no need_lib_prefix=no case $GCC,$host_os in yes,cygwin* | yes,mingw* | yes,pw32*) library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ chmod a+x \$dldir/$dlname' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $rm \$dlpath' shlibpath_overrides_runpath=yes case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" ;; mingw*) # MinGW DLLs use traditional 'lib' prefix soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then # It is most probably a Windows format PATH printed by # mingw gcc, but we are running on Cygwin. Gcc prints its search # path with ; separators, and with drive letters. We can handle the # drive letters (cygwin fileutils understands them), so leave them, # especially as we might pass files found there to a mingw objdump, # which wouldn't understand a cygwinified path. Ahh. sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` else sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' ;; esac ;; *) library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' ;; esac dynamic_linker='Win32 ld.exe' # FIXME: first we should search . and the directory the executable is in shlibpath_var=PATH ;; darwin* | rhapsody*) dynamic_linker="$host_os dyld" version_type=darwin need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext' soname_spec='${libname}${release}${major}$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib" sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' ;; dgux*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; freebsd1*) dynamic_linker=no ;; freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. if test -x /usr/bin/objformat; then objformat=`/usr/bin/objformat` else case $host_os in freebsd[123]*) objformat=aout ;; *) objformat=elf ;; esac fi version_type=freebsd-$objformat case $version_type in freebsd-elf*) library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' need_version=no need_lib_prefix=no ;; freebsd-*) library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' need_version=yes ;; esac shlibpath_var=LD_LIBRARY_PATH case $host_os in freebsd2*) shlibpath_overrides_runpath=yes ;; freebsd3.[01]* | freebsdelf3.[01]*) shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; *) # from 4.6 on, and DragonFly shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; esac ;; gnu*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH hardcode_into_libs=yes ;; hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. version_type=sunos need_lib_prefix=no need_version=no case $host_cpu in ia64*) shrext_cmds='.so' hardcode_into_libs=yes dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' if test "X$HPUX_IA64_MODE" = X32; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" fi sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' hardcode_into_libs=yes dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; *) shrext_cmds='.sl' dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555. postinstall_cmds='chmod 555 $lib' ;; interix[3-9]*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) if test "$lt_cv_prog_gnu_ld" = yes; then version_type=linux else version_type=irix fi ;; esac need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= ;; *) case $LD in # libtool.m4 will add one of these switches to LD *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= libmagic=32-bit;; *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 libmagic=N32;; *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 libmagic=64-bit;; *) libsuff= shlibsuff= libmagic=never-match;; esac ;; esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" hardcode_into_libs=yes ;; # No shared lib support for Linux oldld, aout, or coff. linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; # This must be Linux ELF. linux* | k*bsd*-gnu) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. hardcode_into_libs=yes # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on # powerpc, because MkLinux only supported shared libraries with the # GNU dynamic linker. Since this was broken with cross compilers, # most powerpc-linux boxes support dynamic linking these days and # people can always --disable-shared, the test was removed, and we # assume the GNU/Linux dynamic linker is in use. dynamic_linker='GNU/Linux ld.so' ;; netbsdelf*-gnu) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='NetBSD ld.elf_so' ;; netbsd*) version_type=sunos need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; newsos6) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; nto-qnx*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; openbsd*) version_type=sunos sys_lib_dlsearch_path_spec="/usr/lib" need_lib_prefix=no # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. case $host_os in openbsd3.3 | openbsd3.3.*) need_version=yes ;; *) need_version=no ;; esac library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' shlibpath_var=LD_LIBRARY_PATH if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then case $host_os in openbsd2.[89] | openbsd2.[89].*) shlibpath_overrides_runpath=no ;; *) shlibpath_overrides_runpath=yes ;; esac else shlibpath_overrides_runpath=yes fi ;; os2*) libname_spec='$name' shrext_cmds=".dll" need_lib_prefix=no library_names_spec='$libname${shared_ext} $libname.a' dynamic_linker='OS/2 ld.exe' shlibpath_var=LIBPATH ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" ;; rdos*) dynamic_linker=no ;; solaris*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes # ldd complains unless libraries are executable postinstall_cmds='chmod +x $lib' ;; sunos4*) version_type=sunos library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes if test "$with_gnu_ld" = yes; then need_lib_prefix=no fi need_version=yes ;; sysv4 | sysv4.3*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) shlibpath_overrides_runpath=no need_lib_prefix=no export_dynamic_flag_spec='${wl}-Blargedynsym' runpath_var=LD_RUN_PATH ;; siemens) need_lib_prefix=no ;; motorola) need_lib_prefix=no need_version=no shlibpath_overrides_runpath=no sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' ;; esac ;; sysv4*MP*) if test -d /usr/nec ;then version_type=linux library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' soname_spec='$libname${shared_ext}.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) version_type=freebsd-elf need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH hardcode_into_libs=yes if test "$with_gnu_ld" = yes; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' shlibpath_overrides_runpath=no else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' shlibpath_overrides_runpath=yes case $host_os in sco3.2v5*) sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" ;; esac fi sys_lib_dlsearch_path_spec='/usr/lib' ;; uts4*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; *) dynamic_linker=no ;; esac { echo "$as_me:$LINENO: result: $dynamic_linker" >&5 echo "${ECHO_T}$dynamic_linker" >&6; } test "$dynamic_linker" = no && can_build_shared=no if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_sys_lib_search_path_spec="$sys_lib_search_path_spec" fi sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec" fi sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" variables_saved_for_relink="PATH $shlibpath_var $runpath_var" if test "$GCC" = yes; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi { echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5 echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; } hardcode_action= if test -n "$hardcode_libdir_flag_spec" || \ test -n "$runpath_var" || \ test "X$hardcode_automatic" = "Xyes" ; then # We can hardcode non-existant directories. if test "$hardcode_direct" != no && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, )" != no && test "$hardcode_minus_L" != no; then # Linking always hardcodes the temporary library directory. hardcode_action=relink else # We can link without hardcoding, and we can hardcode nonexisting dirs. hardcode_action=immediate fi else # We cannot hardcode anything, or else we can only hardcode existing # directories. hardcode_action=unsupported fi { echo "$as_me:$LINENO: result: $hardcode_action" >&5 echo "${ECHO_T}$hardcode_action" >&6; } if test "$hardcode_action" = relink; then # Fast installation is not supported enable_fast_install=no elif test "$shlibpath_overrides_runpath" = yes || test "$enable_shared" = no; then # Fast installation is not necessary enable_fast_install=needless fi striplib= old_striplib= { echo "$as_me:$LINENO: checking whether stripping libraries is possible" >&5 echo $ECHO_N "checking whether stripping libraries is possible... $ECHO_C" >&6; } if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" test -z "$striplib" && striplib="$STRIP --strip-unneeded" { echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6; } else # FIXME - insert some real tests, host_os isn't really good enough case $host_os in darwin*) if test -n "$STRIP" ; then striplib="$STRIP -x" old_striplib="$STRIP -S" { echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi ;; *) { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } ;; esac fi if test "x$enable_dlopen" != xyes; then enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown else lt_cv_dlopen=no lt_cv_dlopen_libs= case $host_os in beos*) lt_cv_dlopen="load_add_on" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ;; mingw* | pw32*) lt_cv_dlopen="LoadLibrary" lt_cv_dlopen_libs= ;; cygwin*) lt_cv_dlopen="dlopen" lt_cv_dlopen_libs= ;; darwin*) # if libdl is installed we need to link against it { echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5 echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6; } if test "${ac_cv_lib_dl_dlopen+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_dl_dlopen=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_dl_dlopen=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5 echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6; } if test $ac_cv_lib_dl_dlopen = yes; then lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" else lt_cv_dlopen="dyld" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes fi ;; *) { echo "$as_me:$LINENO: checking for shl_load" >&5 echo $ECHO_N "checking for shl_load... $ECHO_C" >&6; } if test "${ac_cv_func_shl_load+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define shl_load to an innocuous variant, in case declares shl_load. For example, HP-UX 11i declares gettimeofday. */ #define shl_load innocuous_shl_load /* System header to define __stub macros and hopefully few prototypes, which can conflict with char shl_load (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef shl_load /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char shl_load (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_shl_load || defined __stub___shl_load choke me #endif int main () { return shl_load (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_func_shl_load=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_func_shl_load=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi { echo "$as_me:$LINENO: result: $ac_cv_func_shl_load" >&5 echo "${ECHO_T}$ac_cv_func_shl_load" >&6; } if test $ac_cv_func_shl_load = yes; then lt_cv_dlopen="shl_load" else { echo "$as_me:$LINENO: checking for shl_load in -ldld" >&5 echo $ECHO_N "checking for shl_load in -ldld... $ECHO_C" >&6; } if test "${ac_cv_lib_dld_shl_load+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char shl_load (); int main () { return shl_load (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_dld_shl_load=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_dld_shl_load=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_dld_shl_load" >&5 echo "${ECHO_T}$ac_cv_lib_dld_shl_load" >&6; } if test $ac_cv_lib_dld_shl_load = yes; then lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld" else { echo "$as_me:$LINENO: checking for dlopen" >&5 echo $ECHO_N "checking for dlopen... $ECHO_C" >&6; } if test "${ac_cv_func_dlopen+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define dlopen to an innocuous variant, in case declares dlopen. For example, HP-UX 11i declares gettimeofday. */ #define dlopen innocuous_dlopen /* System header to define __stub macros and hopefully few prototypes, which can conflict with char dlopen (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef dlopen /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_dlopen || defined __stub___dlopen choke me #endif int main () { return dlopen (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_func_dlopen=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_func_dlopen=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi { echo "$as_me:$LINENO: result: $ac_cv_func_dlopen" >&5 echo "${ECHO_T}$ac_cv_func_dlopen" >&6; } if test $ac_cv_func_dlopen = yes; then lt_cv_dlopen="dlopen" else { echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5 echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6; } if test "${ac_cv_lib_dl_dlopen+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_dl_dlopen=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_dl_dlopen=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5 echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6; } if test $ac_cv_lib_dl_dlopen = yes; then lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" else { echo "$as_me:$LINENO: checking for dlopen in -lsvld" >&5 echo $ECHO_N "checking for dlopen in -lsvld... $ECHO_C" >&6; } if test "${ac_cv_lib_svld_dlopen+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsvld $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_svld_dlopen=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_svld_dlopen=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_svld_dlopen" >&5 echo "${ECHO_T}$ac_cv_lib_svld_dlopen" >&6; } if test $ac_cv_lib_svld_dlopen = yes; then lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld" else { echo "$as_me:$LINENO: checking for dld_link in -ldld" >&5 echo $ECHO_N "checking for dld_link in -ldld... $ECHO_C" >&6; } if test "${ac_cv_lib_dld_dld_link+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dld_link (); int main () { return dld_link (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_dld_dld_link=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_dld_dld_link=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_dld_dld_link" >&5 echo "${ECHO_T}$ac_cv_lib_dld_dld_link" >&6; } if test $ac_cv_lib_dld_dld_link = yes; then lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld" fi fi fi fi fi fi ;; esac if test "x$lt_cv_dlopen" != xno; then enable_dlopen=yes else enable_dlopen=no fi case $lt_cv_dlopen in dlopen) save_CPPFLAGS="$CPPFLAGS" test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" save_LDFLAGS="$LDFLAGS" wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" save_LIBS="$LIBS" LIBS="$lt_cv_dlopen_libs $LIBS" { echo "$as_me:$LINENO: checking whether a program can dlopen itself" >&5 echo $ECHO_N "checking whether a program can dlopen itself... $ECHO_C" >&6; } if test "${lt_cv_dlopen_self+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test "$cross_compiling" = yes; then : lt_cv_dlopen_self=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < #endif #include #ifdef RTLD_GLOBAL # define LT_DLGLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LT_DLGLOBAL DL_GLOBAL # else # define LT_DLGLOBAL 0 # endif #endif /* We may have to define LT_DLLAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LT_DLLAZY_OR_NOW # ifdef RTLD_LAZY # define LT_DLLAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LT_DLLAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LT_DLLAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LT_DLLAZY_OR_NOW DL_NOW # else # define LT_DLLAZY_OR_NOW 0 # endif # endif # endif # endif #endif #ifdef __cplusplus extern "C" void exit (int); #endif void fnord() { int i=42;} int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; /* dlclose (self); */ } else puts (dlerror ()); exit (status); } EOF if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;; x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;; x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;; esac else : # compilation failed lt_cv_dlopen_self=no fi fi rm -fr conftest* fi { echo "$as_me:$LINENO: result: $lt_cv_dlopen_self" >&5 echo "${ECHO_T}$lt_cv_dlopen_self" >&6; } if test "x$lt_cv_dlopen_self" = xyes; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" { echo "$as_me:$LINENO: checking whether a statically linked program can dlopen itself" >&5 echo $ECHO_N "checking whether a statically linked program can dlopen itself... $ECHO_C" >&6; } if test "${lt_cv_dlopen_self_static+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test "$cross_compiling" = yes; then : lt_cv_dlopen_self_static=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < #endif #include #ifdef RTLD_GLOBAL # define LT_DLGLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LT_DLGLOBAL DL_GLOBAL # else # define LT_DLGLOBAL 0 # endif #endif /* We may have to define LT_DLLAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LT_DLLAZY_OR_NOW # ifdef RTLD_LAZY # define LT_DLLAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LT_DLLAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LT_DLLAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LT_DLLAZY_OR_NOW DL_NOW # else # define LT_DLLAZY_OR_NOW 0 # endif # endif # endif # endif #endif #ifdef __cplusplus extern "C" void exit (int); #endif void fnord() { int i=42;} int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; /* dlclose (self); */ } else puts (dlerror ()); exit (status); } EOF if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;; x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;; x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;; esac else : # compilation failed lt_cv_dlopen_self_static=no fi fi rm -fr conftest* fi { echo "$as_me:$LINENO: result: $lt_cv_dlopen_self_static" >&5 echo "${ECHO_T}$lt_cv_dlopen_self_static" >&6; } fi CPPFLAGS="$save_CPPFLAGS" LDFLAGS="$save_LDFLAGS" LIBS="$save_LIBS" ;; esac case $lt_cv_dlopen_self in yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; *) enable_dlopen_self=unknown ;; esac case $lt_cv_dlopen_self_static in yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; *) enable_dlopen_self_static=unknown ;; esac fi # Report which library types will actually be built { echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5 echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6; } { echo "$as_me:$LINENO: result: $can_build_shared" >&5 echo "${ECHO_T}$can_build_shared" >&6; } { echo "$as_me:$LINENO: checking whether to build shared libraries" >&5 echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6; } test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[4-9]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac { echo "$as_me:$LINENO: result: $enable_shared" >&5 echo "${ECHO_T}$enable_shared" >&6; } { echo "$as_me:$LINENO: checking whether to build static libraries" >&5 echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6; } # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes { echo "$as_me:$LINENO: result: $enable_static" >&5 echo "${ECHO_T}$enable_static" >&6; } # The else clause should only fire when bootstrapping the # libtool distribution, otherwise you forgot to ship ltmain.sh # with your package, and you will get complaints that there are # no rules to generate ltmain.sh. if test -f "$ltmain"; then # See if we are running on zsh, and set the options which allow our commands through # without removal of \ escapes. if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi # Now quote all the things that may contain metacharacters while being # careful not to overquote the AC_SUBSTed values. We take copies of the # variables and quote the copies for generation of the libtool script. for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \ SED SHELL STRIP \ libname_spec library_names_spec soname_spec extract_expsyms_cmds \ old_striplib striplib file_magic_cmd finish_cmds finish_eval \ deplibs_check_method reload_flag reload_cmds need_locks \ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \ lt_cv_sys_global_symbol_to_c_name_address \ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \ old_postinstall_cmds old_postuninstall_cmds \ compiler \ CC \ LD \ lt_prog_compiler_wl \ lt_prog_compiler_pic \ lt_prog_compiler_static \ lt_prog_compiler_no_builtin_flag \ export_dynamic_flag_spec \ thread_safe_flag_spec \ whole_archive_flag_spec \ enable_shared_with_static_runtimes \ old_archive_cmds \ old_archive_from_new_cmds \ predep_objects \ postdep_objects \ predeps \ postdeps \ compiler_lib_search_path \ compiler_lib_search_dirs \ archive_cmds \ archive_expsym_cmds \ postinstall_cmds \ postuninstall_cmds \ old_archive_from_expsyms_cmds \ allow_undefined_flag \ no_undefined_flag \ export_symbols_cmds \ hardcode_libdir_flag_spec \ hardcode_libdir_flag_spec_ld \ hardcode_libdir_separator \ hardcode_automatic \ module_cmds \ module_expsym_cmds \ lt_cv_prog_compiler_c_o \ fix_srcfile_path \ exclude_expsyms \ include_expsyms; do case $var in old_archive_cmds | \ old_archive_from_new_cmds | \ archive_cmds | \ archive_expsym_cmds | \ module_cmds | \ module_expsym_cmds | \ old_archive_from_expsyms_cmds | \ export_symbols_cmds | \ extract_expsyms_cmds | reload_cmds | finish_cmds | \ postinstall_cmds | postuninstall_cmds | \ old_postinstall_cmds | old_postuninstall_cmds | \ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec) # Double-quote double-evaled strings. eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" ;; *) eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" ;; esac done case $lt_echo in *'\$0 --fallback-echo"') lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'` ;; esac cfgfile="${ofile}T" trap "$rm \"$cfgfile\"; exit 1" 1 2 15 $rm -f "$cfgfile" { echo "$as_me:$LINENO: creating $ofile" >&5 echo "$as_me: creating $ofile" >&6;} cat <<__EOF__ >> "$cfgfile" #! $SHELL # `$echo "$cfgfile" | sed 's%^.*/%%'` - Provide generalized library-building support services. # Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP) # NOTE: Changes made to this file will be lost: look at ltmain.sh. # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 # Free Software Foundation, Inc. # # This file is part of GNU Libtool: # Originally by Gordon Matzigkeit , 1996 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # A sed program that does not truncate output. SED=$lt_SED # Sed that helps us avoid accidentally triggering echo(1) options like -n. Xsed="$SED -e 1s/^X//" # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # The names of the tagged configurations supported by this script. available_tags= # ### BEGIN LIBTOOL CONFIG # Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # Shell to use when invoking shell scripts. SHELL=$lt_SHELL # Whether or not to build shared libraries. build_libtool_libs=$enable_shared # Whether or not to build static libraries. build_old_libs=$enable_static # Whether or not to add -lc for building shared libraries. build_libtool_need_lc=$archive_cmds_need_lc # Whether or not to disallow shared libs when runtime libs are static allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes # Whether or not to optimize for fast installation. fast_install=$enable_fast_install # The host system. host_alias=$host_alias host=$host host_os=$host_os # The build system. build_alias=$build_alias build=$build build_os=$build_os # An echo program that does not interpret backslashes. echo=$lt_echo # The archiver. AR=$lt_AR AR_FLAGS=$lt_AR_FLAGS # A C compiler. LTCC=$lt_LTCC # LTCC compiler flags. LTCFLAGS=$lt_LTCFLAGS # A language-specific compiler. CC=$lt_compiler # Is the compiler the GNU C compiler? with_gcc=$GCC # An ERE matcher. EGREP=$lt_EGREP # The linker used to build libraries. LD=$lt_LD # Whether we need hard or soft links. LN_S=$lt_LN_S # A BSD-compatible nm program. NM=$lt_NM # A symbol stripping program STRIP=$lt_STRIP # Used to examine libraries when file_magic_cmd begins "file" MAGIC_CMD=$MAGIC_CMD # Used on cygwin: DLL creation program. DLLTOOL="$DLLTOOL" # Used on cygwin: object dumper. OBJDUMP="$OBJDUMP" # Used on cygwin: assembler. AS="$AS" # The name of the directory that contains temporary libtool files. objdir=$objdir # How to create reloadable object files. reload_flag=$lt_reload_flag reload_cmds=$lt_reload_cmds # How to pass a linker flag through the compiler. wl=$lt_lt_prog_compiler_wl # Object file suffix (normally "o"). objext="$ac_objext" # Old archive suffix (normally "a"). libext="$libext" # Shared library suffix (normally ".so"). shrext_cmds='$shrext_cmds' # Executable file suffix (normally ""). exeext="$exeext" # Additional compiler flags for building library objects. pic_flag=$lt_lt_prog_compiler_pic pic_mode=$pic_mode # What is the maximum length of a command? max_cmd_len=$lt_cv_sys_max_cmd_len # Does compiler simultaneously support -c and -o options? compiler_c_o=$lt_lt_cv_prog_compiler_c_o # Must we lock files when doing compilation? need_locks=$lt_need_locks # Do we need the lib prefix for modules? need_lib_prefix=$need_lib_prefix # Do we need a version for libraries? need_version=$need_version # Whether dlopen is supported. dlopen_support=$enable_dlopen # Whether dlopen of programs is supported. dlopen_self=$enable_dlopen_self # Whether dlopen of statically linked programs is supported. dlopen_self_static=$enable_dlopen_self_static # Compiler flag to prevent dynamic linking. link_static_flag=$lt_lt_prog_compiler_static # Compiler flag to turn off builtin functions. no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag # Compiler flag to allow reflexive dlopens. export_dynamic_flag_spec=$lt_export_dynamic_flag_spec # Compiler flag to generate shared objects directly from archives. whole_archive_flag_spec=$lt_whole_archive_flag_spec # Compiler flag to generate thread-safe objects. thread_safe_flag_spec=$lt_thread_safe_flag_spec # Library versioning type. version_type=$version_type # Format of library name prefix. libname_spec=$lt_libname_spec # List of archive names. First name is the real one, the rest are links. # The last name is the one that the linker finds with -lNAME. library_names_spec=$lt_library_names_spec # The coded name of the library, if different from the real name. soname_spec=$lt_soname_spec # Commands used to build and install an old-style archive. RANLIB=$lt_RANLIB old_archive_cmds=$lt_old_archive_cmds old_postinstall_cmds=$lt_old_postinstall_cmds old_postuninstall_cmds=$lt_old_postuninstall_cmds # Create an old-style archive from a shared archive. old_archive_from_new_cmds=$lt_old_archive_from_new_cmds # Create a temporary old-style archive to link instead of a shared archive. old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds # Commands used to build and install a shared archive. archive_cmds=$lt_archive_cmds archive_expsym_cmds=$lt_archive_expsym_cmds postinstall_cmds=$lt_postinstall_cmds postuninstall_cmds=$lt_postuninstall_cmds # Commands used to build a loadable module (assumed same as above if empty) module_cmds=$lt_module_cmds module_expsym_cmds=$lt_module_expsym_cmds # Commands to strip libraries. old_striplib=$lt_old_striplib striplib=$lt_striplib # Dependencies to place before the objects being linked to create a # shared library. predep_objects=$lt_predep_objects # Dependencies to place after the objects being linked to create a # shared library. postdep_objects=$lt_postdep_objects # Dependencies to place before the objects being linked to create a # shared library. predeps=$lt_predeps # Dependencies to place after the objects being linked to create a # shared library. postdeps=$lt_postdeps # The directories searched by this compiler when creating a shared # library compiler_lib_search_dirs=$lt_compiler_lib_search_dirs # The library search path used internally by the compiler when linking # a shared library. compiler_lib_search_path=$lt_compiler_lib_search_path # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method # Command to use when deplibs_check_method == file_magic. file_magic_cmd=$lt_file_magic_cmd # Flag that allows shared libraries with undefined symbols to be built. allow_undefined_flag=$lt_allow_undefined_flag # Flag that forces no undefined symbols. no_undefined_flag=$lt_no_undefined_flag # Commands used to finish a libtool library installation in a directory. finish_cmds=$lt_finish_cmds # Same as above, but a single script fragment to be evaled but not shown. finish_eval=$lt_finish_eval # Take the output of nm and produce a listing of raw symbols and C names. global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe # Transform the output of nm in a proper C declaration global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl # Transform the output of nm in a C name address pair global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address # This is the shared library runtime path variable. runpath_var=$runpath_var # This is the shared library path variable. shlibpath_var=$shlibpath_var # Is shlibpath searched before the hard-coded library search path? shlibpath_overrides_runpath=$shlibpath_overrides_runpath # How to hardcode a shared library path into an executable. hardcode_action=$hardcode_action # Whether we should hardcode library paths into libraries. hardcode_into_libs=$hardcode_into_libs # Flag to hardcode \$libdir into a binary during linking. # This must work even if \$libdir does not exist. hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec # If ld is used when linking, flag to hardcode \$libdir into # a binary during linking. This must work even if \$libdir does # not exist. hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld # Whether we need a single -rpath flag with a separated argument. hardcode_libdir_separator=$lt_hardcode_libdir_separator # Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the # resulting binary. hardcode_direct=$hardcode_direct # Set to yes if using the -LDIR flag during linking hardcodes DIR into the # resulting binary. hardcode_minus_L=$hardcode_minus_L # Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into # the resulting binary. hardcode_shlibpath_var=$hardcode_shlibpath_var # Set to yes if building a shared library automatically hardcodes DIR into the library # and all subsequent libraries and executables linked against it. hardcode_automatic=$hardcode_automatic # Variables whose values should be saved in libtool wrapper scripts and # restored at relink time. variables_saved_for_relink="$variables_saved_for_relink" # Whether libtool must link a program against all its dependency libraries. link_all_deplibs=$link_all_deplibs # Compile-time system search path for libraries sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec # Fix the shell variable \$srcfile for the compiler. fix_srcfile_path=$lt_fix_srcfile_path # Set to yes if exported symbols are required. always_export_symbols=$always_export_symbols # The commands to list exported symbols. export_symbols_cmds=$lt_export_symbols_cmds # The commands to extract the exported symbol list from a shared archive. extract_expsyms_cmds=$lt_extract_expsyms_cmds # Symbols that should not be listed in the preloaded symbols. exclude_expsyms=$lt_exclude_expsyms # Symbols that must always be exported. include_expsyms=$lt_include_expsyms # ### END LIBTOOL CONFIG __EOF__ case $host_os in aix3*) cat <<\EOF >> "$cfgfile" # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi EOF ;; esac # We use sed instead of cat because bash on DJGPP gets confused if # if finds mixed CR/LF and LF-only lines. Since sed operates in # text mode, it properly converts lines to CR/LF. This bash problem # is reportedly fixed, but why not run on old versions too? sed '$q' "$ltmain" >> "$cfgfile" || (rm -f "$cfgfile"; exit 1) mv -f "$cfgfile" "$ofile" || \ (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") chmod +x "$ofile" else # If there is no Makefile yet, we rely on a make rule to execute # `config.status --recheck' to rerun these tests and create the # libtool script then. ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'` if test -f "$ltmain_in"; then test -f Makefile && make "$ltmain" fi fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu CC="$lt_save_CC" # Check whether --with-tags was given. if test "${with_tags+set}" = set; then withval=$with_tags; tagnames="$withval" fi if test -f "$ltmain" && test -n "$tagnames"; then if test ! -f "${ofile}"; then { echo "$as_me:$LINENO: WARNING: output file \`$ofile' does not exist" >&5 echo "$as_me: WARNING: output file \`$ofile' does not exist" >&2;} fi if test -z "$LTCC"; then eval "`$SHELL ${ofile} --config | grep '^LTCC='`" if test -z "$LTCC"; then { echo "$as_me:$LINENO: WARNING: output file \`$ofile' does not look like a libtool script" >&5 echo "$as_me: WARNING: output file \`$ofile' does not look like a libtool script" >&2;} else { echo "$as_me:$LINENO: WARNING: using \`LTCC=$LTCC', extracted from \`$ofile'" >&5 echo "$as_me: WARNING: using \`LTCC=$LTCC', extracted from \`$ofile'" >&2;} fi fi if test -z "$LTCFLAGS"; then eval "`$SHELL ${ofile} --config | grep '^LTCFLAGS='`" fi # Extract list of available tagged configurations in $ofile. # Note that this assumes the entire list is on one line. available_tags=`grep "^available_tags=" "${ofile}" | $SED -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'` lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for tagname in $tagnames; do IFS="$lt_save_ifs" # Check whether tagname contains only valid characters case `$echo "X$tagname" | $Xsed -e 's:[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]::g'` in "") ;; *) { { echo "$as_me:$LINENO: error: invalid tag name: $tagname" >&5 echo "$as_me: error: invalid tag name: $tagname" >&2;} { (exit 1); exit 1; }; } ;; esac if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "${ofile}" > /dev/null then { { echo "$as_me:$LINENO: error: tag name \"$tagname\" already exists" >&5 echo "$as_me: error: tag name \"$tagname\" already exists" >&2;} { (exit 1); exit 1; }; } fi # Update the list of available tags. if test -n "$tagname"; then echo appending configuration tag \"$tagname\" to $ofile case $tagname in CXX) if test -n "$CXX" && ( test "X$CXX" != "Xno" && ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || (test "X$CXX" != "Xg++"))) ; then ac_ext=cpp ac_cpp='$CXXCPP $CPPFLAGS' ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_cxx_compiler_gnu archive_cmds_need_lc_CXX=no allow_undefined_flag_CXX= always_export_symbols_CXX=no archive_expsym_cmds_CXX= export_dynamic_flag_spec_CXX= hardcode_direct_CXX=no hardcode_libdir_flag_spec_CXX= hardcode_libdir_flag_spec_ld_CXX= hardcode_libdir_separator_CXX= hardcode_minus_L_CXX=no hardcode_shlibpath_var_CXX=unsupported hardcode_automatic_CXX=no module_cmds_CXX= module_expsym_cmds_CXX= link_all_deplibs_CXX=unknown old_archive_cmds_CXX=$old_archive_cmds no_undefined_flag_CXX= whole_archive_flag_spec_CXX= enable_shared_with_static_runtimes_CXX=no # Dependencies to place before and after the object being linked: predep_objects_CXX= postdep_objects_CXX= predeps_CXX= postdeps_CXX= compiler_lib_search_path_CXX= compiler_lib_search_dirs_CXX= # Source file extension for C++ test sources. ac_ext=cpp # Object file extension for compiled C++ test sources. objext=o objext_CXX=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(int, char *[]) { return(0); }' # ltmain only uses $CC for tagged configurations so make sure $CC is set. # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC # save warnings/boilerplate of simple test code ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" >conftest.$ac_ext eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_compiler_boilerplate=`cat conftest.err` $rm conftest* ac_outfile=conftest.$ac_objext echo "$lt_simple_link_test_code" >conftest.$ac_ext eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_linker_boilerplate=`cat conftest.err` $rm -r conftest* # Allow CC to be a program name with arguments. lt_save_CC=$CC lt_save_LD=$LD lt_save_GCC=$GCC GCC=$GXX lt_save_with_gnu_ld=$with_gnu_ld lt_save_path_LD=$lt_cv_path_LD if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx else $as_unset lt_cv_prog_gnu_ld fi if test -n "${lt_cv_path_LDCXX+set}"; then lt_cv_path_LD=$lt_cv_path_LDCXX else $as_unset lt_cv_path_LD fi test -z "${LDCXX+set}" || LD=$LDCXX CC=${CXX-"c++"} compiler=$CC compiler_CXX=$CC for cc_temp in $compiler""; do case $cc_temp in compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` # We don't want -fno-exception wen compiling C++ code, so set the # no_builtin_flag separately if test "$GXX" = yes; then lt_prog_compiler_no_builtin_flag_CXX=' -fno-builtin' else lt_prog_compiler_no_builtin_flag_CXX= fi if test "$GXX" = yes; then # Set up default GNU C++ configuration # Check whether --with-gnu-ld was given. if test "${with_gnu_ld+set}" = set; then withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes else with_gnu_ld=no fi ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. { echo "$as_me:$LINENO: checking for ld used by $CC" >&5 echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6; } case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [\\/]* | ?:[\\/]*) re_direlt='/[^/][^/]*/\.\./' # Canonicalize the pathname of ld ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'` while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test "$with_gnu_ld" = yes; then { echo "$as_me:$LINENO: checking for GNU ld" >&5 echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6; } else { echo "$as_me:$LINENO: checking for non-GNU ld" >&5 echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6; } fi if test "${lt_cv_path_LD+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -z "$LD"; then lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then lt_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 &5 echo "${ECHO_T}$LD" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi test -z "$LD" && { { echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5 echo "$as_me: error: no acceptable ld found in \$PATH" >&2;} { (exit 1); exit 1; }; } { echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5 echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6; } if test "${lt_cv_prog_gnu_ld+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else # I'd rather use --version here, but apparently some GNU lds only accept -v. case `$LD -v 2>&1 &5 echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6; } with_gnu_ld=$lt_cv_prog_gnu_ld # Check if GNU C++ uses GNU ld as the underlying linker, since the # archiving commands below assume that GNU ld is being used. if test "$with_gnu_ld" = yes; then archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' hardcode_libdir_flag_spec_CXX='${wl}--rpath ${wl}$libdir' export_dynamic_flag_spec_CXX='${wl}--export-dynamic' # If archive_cmds runs LD, not CC, wlarc should be empty # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to # investigate it a little bit more. (MM) wlarc='${wl}' # ancient GNU ld didn't support --whole-archive et. al. if eval "`$CC -print-prog-name=ld` --help 2>&1" | \ grep 'no-whole-archive' > /dev/null; then whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else whole_archive_flag_spec_CXX= fi else with_gnu_ld=no wlarc= # A generic and very simple default shared library creation # command for GNU C++ for the case where it uses the native # linker, instead of GNU ld. If possible, this setting should # overridden to take advantage of the native linker features on # the platform it is being used on. archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' fi # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"' else GXX=no with_gnu_ld=no wlarc= fi # PORTME: fill in a description of your system's C++ link characteristics { echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5 echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; } ld_shlibs_CXX=yes case $host_os in aix3*) # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; aix[4-9]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag="" else aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) for ld_flag in $LDFLAGS; do case $ld_flag in *-brtl*) aix_use_runtimelinking=yes break ;; esac done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. archive_cmds_CXX='' hardcode_direct_CXX=yes hardcode_libdir_separator_CXX=':' link_all_deplibs_CXX=yes if test "$GXX" = yes; then case $host_os in aix4.[012]|aix4.[012].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && \ strings "$collect2name" | grep resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 hardcode_direct_CXX=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking hardcode_minus_L_CXX=yes hardcode_libdir_flag_spec_CXX='-L$libdir' hardcode_libdir_separator_CXX= fi ;; esac shared_flag='-shared' if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi else # not using gcc if test "$host_cpu" = ia64; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' fi fi fi # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. always_export_symbols_CXX=yes if test "$aix_use_runtimelinking" = yes; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. allow_undefined_flag_CXX='-berok' # Determine the default libpath from the value encoded in an empty executable. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_cxx_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/ p } }' aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath" archive_expsym_cmds_CXX="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then hardcode_libdir_flag_spec_CXX='${wl}-R $libdir:/usr/lib:/lib' allow_undefined_flag_CXX="-z nodefs" archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an empty executable. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_cxx_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/ p } }' aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. no_undefined_flag_CXX=' ${wl}-bernotok' allow_undefined_flag_CXX=' ${wl}-berok' # Exported symbols can be pulled into shared objects from archives whole_archive_flag_spec_CXX='$convenience' archive_cmds_need_lc_CXX=yes # This is similar to how AIX traditionally builds its shared libraries. archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; beos*) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then allow_undefined_flag_CXX=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME archive_cmds_CXX='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' else ld_shlibs_CXX=no fi ;; chorus*) case $cc_basename in *) # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; esac ;; cygwin* | mingw* | pw32*) # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, CXX) is actually meaningless, # as there is no search path for DLLs. hardcode_libdir_flag_spec_CXX='-L$libdir' allow_undefined_flag_CXX=unsupported always_export_symbols_CXX=no enable_shared_with_static_runtimes_CXX=yes if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else ld_shlibs_CXX=no fi ;; darwin* | rhapsody*) archive_cmds_need_lc_CXX=no hardcode_direct_CXX=no hardcode_automatic_CXX=yes hardcode_shlibpath_var_CXX=unsupported whole_archive_flag_spec_CXX='' link_all_deplibs_CXX=yes allow_undefined_flag_CXX="$_lt_dar_allow_undefined" if test "$GXX" = yes ; then output_verbose_link_cmd='echo' archive_cmds_CXX="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" module_cmds_CXX="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" archive_expsym_cmds_CXX="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" module_expsym_cmds_CXX="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" if test "$lt_cv_apple_cc_single_mod" != "yes"; then archive_cmds_CXX="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}" archive_expsym_cmds_CXX="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}" fi else case $cc_basename in xlc*) output_verbose_link_cmd='echo' archive_cmds_CXX='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $xlcverstring' module_cmds_CXX='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $xlcverstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' module_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' ;; *) ld_shlibs_CXX=no ;; esac fi ;; dgux*) case $cc_basename in ec++*) # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; ghcx*) # Green Hills C++ Compiler # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; *) # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; esac ;; freebsd[12]*) # C++ shared libraries reported to be fairly broken before switch to ELF ld_shlibs_CXX=no ;; freebsd-elf*) archive_cmds_need_lc_CXX=no ;; freebsd* | dragonfly*) # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF # conventions ld_shlibs_CXX=yes ;; gnu*) ;; hpux9*) hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir' hardcode_libdir_separator_CXX=: export_dynamic_flag_spec_CXX='${wl}-E' hardcode_direct_CXX=yes hardcode_minus_L_CXX=yes # Not in the search PATH, # but as the default # location of the library. case $cc_basename in CC*) # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; aCC*) archive_cmds_CXX='$rm $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "[-]L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' ;; *) if test "$GXX" = yes; then archive_cmds_CXX='$rm $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else # FIXME: insert proper C++ library support ld_shlibs_CXX=no fi ;; esac ;; hpux10*|hpux11*) if test $with_gnu_ld = no; then hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir' hardcode_libdir_separator_CXX=: case $host_cpu in hppa*64*|ia64*) ;; *) export_dynamic_flag_spec_CXX='${wl}-E' ;; esac fi case $host_cpu in hppa*64*|ia64*) hardcode_direct_CXX=no hardcode_shlibpath_var_CXX=no ;; *) hardcode_direct_CXX=yes hardcode_minus_L_CXX=yes # Not in the search PATH, # but as the default # location of the library. ;; esac case $cc_basename in CC*) # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; aCC*) case $host_cpu in hppa*64*) archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; ia64*) archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; *) archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; esac # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' ;; *) if test "$GXX" = yes; then if test $with_gnu_ld = no; then case $host_cpu in hppa*64*) archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; ia64*) archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; *) archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; esac fi else # FIXME: insert proper C++ library support ld_shlibs_CXX=no fi ;; esac ;; interix[3-9]*) hardcode_direct_CXX=no hardcode_shlibpath_var_CXX=no hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir' export_dynamic_flag_spec_CXX='${wl}-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. archive_cmds_CXX='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' archive_expsym_cmds_CXX='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; irix5* | irix6*) case $cc_basename in CC*) # SGI C++ archive_cmds_CXX='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' # Archives containing C++ object files must be created using # "CC -ar", where "CC" is the IRIX C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. old_archive_cmds_CXX='$CC -ar -WR,-u -o $oldlib $oldobjs' ;; *) if test "$GXX" = yes; then if test "$with_gnu_ld" = no; then archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` -o $lib' fi fi link_all_deplibs_CXX=yes ;; esac hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator_CXX=: ;; linux* | k*bsd*-gnu) case $cc_basename in KCC*) # Kuck and Associates, Inc. (KAI) C++ Compiler # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' archive_expsym_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | grep "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' hardcode_libdir_flag_spec_CXX='${wl}--rpath,$libdir' export_dynamic_flag_spec_CXX='${wl}--export-dynamic' # Archives containing C++ object files must be created using # "CC -Bstatic", where "CC" is the KAI C++ compiler. old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs' ;; icpc*) # Intel C++ with_gnu_ld=yes # version 8.0 and above of icpc choke on multiply defined symbols # if we add $predep_objects and $postdep_objects, however 7.1 and # earlier do not add the objects themselves. case `$CC -V 2>&1` in *"Version 7."*) archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' ;; *) # Version 8.0 or newer tmp_idyn= case $host_cpu in ia64*) tmp_idyn=' -i_dynamic';; esac archive_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' ;; esac archive_cmds_need_lc_CXX=no hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir' export_dynamic_flag_spec_CXX='${wl}--export-dynamic' whole_archive_flag_spec_CXX='${wl}--whole-archive$convenience ${wl}--no-whole-archive' ;; pgCC* | pgcpp*) # Portland Group C++ compiler archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' hardcode_libdir_flag_spec_CXX='${wl}--rpath ${wl}$libdir' export_dynamic_flag_spec_CXX='${wl}--export-dynamic' whole_archive_flag_spec_CXX='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' ;; cxx*) # Compaq C++ archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols' runpath_var=LD_RUN_PATH hardcode_libdir_flag_spec_CXX='-rpath $libdir' hardcode_libdir_separator_CXX=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 no_undefined_flag_CXX=' -zdefs' archive_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' archive_expsym_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols' hardcode_libdir_flag_spec_CXX='-R$libdir' whole_archive_flag_spec_CXX='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' # Not sure whether something based on # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 # would be better. output_verbose_link_cmd='echo' # Archives containing C++ object files must be created using # "CC -xar", where "CC" is the Sun C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs' ;; esac ;; esac ;; lynxos*) # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; m88k*) # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; mvs*) case $cc_basename in cxx*) # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; *) # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; esac ;; netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then archive_cmds_CXX='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' wlarc= hardcode_libdir_flag_spec_CXX='-R$libdir' hardcode_direct_CXX=yes hardcode_shlibpath_var_CXX=no fi # Workaround some broken pre-1.5 toolchains output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' ;; openbsd2*) # C++ shared libraries are fairly broken ld_shlibs_CXX=no ;; openbsd*) if test -f /usr/libexec/ld.so; then hardcode_direct_CXX=yes hardcode_shlibpath_var_CXX=no archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir' if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' export_dynamic_flag_spec_CXX='${wl}-E' whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' fi output_verbose_link_cmd='echo' else ld_shlibs_CXX=no fi ;; osf3*) case $cc_basename in KCC*) # Kuck and Associates, Inc. (KAI) C++ Compiler # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir' hardcode_libdir_separator_CXX=: # Archives containing C++ object files must be created using # "CC -Bstatic", where "CC" is the KAI C++ compiler. old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs' ;; RCC*) # Rational C++ 2.4.1 # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; cxx*) allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*' archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && echo ${wl}-set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator_CXX=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' ;; *) if test "$GXX" = yes && test "$with_gnu_ld" = no; then allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*' archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator_CXX=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"' else # FIXME: insert proper C++ library support ld_shlibs_CXX=no fi ;; esac ;; osf4* | osf5*) case $cc_basename in KCC*) # Kuck and Associates, Inc. (KAI) C++ Compiler # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir' hardcode_libdir_separator_CXX=: # Archives containing C++ object files must be created using # the KAI C++ compiler. old_archive_cmds_CXX='$CC -o $oldlib $oldobjs' ;; RCC*) # Rational C++ 2.4.1 # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; cxx*) allow_undefined_flag_CXX=' -expect_unresolved \*' archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' archive_expsym_cmds_CXX='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ echo "-hidden">> $lib.exp~ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname -Wl,-input -Wl,$lib.exp `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~ $rm $lib.exp' hardcode_libdir_flag_spec_CXX='-rpath $libdir' hardcode_libdir_separator_CXX=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' ;; *) if test "$GXX" = yes && test "$with_gnu_ld" = no; then allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*' archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator_CXX=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"' else # FIXME: insert proper C++ library support ld_shlibs_CXX=no fi ;; esac ;; psos*) # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; sunos4*) case $cc_basename in CC*) # Sun C++ 4.x # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; lcc*) # Lucid # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; *) # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; esac ;; solaris*) case $cc_basename in CC*) # Sun C++ 4.2, 5.x and Centerline C++ archive_cmds_need_lc_CXX=yes no_undefined_flag_CXX=' -zdefs' archive_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp' hardcode_libdir_flag_spec_CXX='-R$libdir' hardcode_shlibpath_var_CXX=no case $host_os in solaris2.[0-5] | solaris2.[0-5].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands `-z linker_flag'. # Supported since Solaris 2.6 (maybe 2.5.1?) whole_archive_flag_spec_CXX='-z allextract$convenience -z defaultextract' ;; esac link_all_deplibs_CXX=yes output_verbose_link_cmd='echo' # Archives containing C++ object files must be created using # "CC -xar", where "CC" is the Sun C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs' ;; gcx*) # Green Hills C++ Compiler archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' # The C++ compiler must be used to create the archive. old_archive_cmds_CXX='$CC $LDFLAGS -archive -o $oldlib $oldobjs' ;; *) # GNU C++ compiler with Solaris linker if test "$GXX" = yes && test "$with_gnu_ld" = no; then no_undefined_flag_CXX=' ${wl}-z ${wl}defs' if $CC --version | grep -v '^2\.7' > /dev/null; then archive_cmds_CXX='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd="$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\"" else # g++ 2.7 appears to require `-G' NOT `-shared' on this # platform. archive_cmds_CXX='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd="$CC -G $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\"" fi hardcode_libdir_flag_spec_CXX='${wl}-R $wl$libdir' case $host_os in solaris2.[0-5] | solaris2.[0-5].*) ;; *) whole_archive_flag_spec_CXX='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' ;; esac fi ;; esac ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) no_undefined_flag_CXX='${wl}-z,text' archive_cmds_need_lc_CXX=no hardcode_shlibpath_var_CXX=no runpath_var='LD_RUN_PATH' case $cc_basename in CC*) archive_cmds_CXX='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; *) archive_cmds_CXX='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; esac ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We can NOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. # For security reasons, it is highly recommended that you always # use absolute paths for naming shared libraries, and exclude the # DT_RUNPATH tag from executables and libraries. But doing so # requires that you compile everything twice, which is a pain. # So that behaviour is only enabled if SCOABSPATH is set to a # non-empty value in the environment. Most likely only useful for # creating official distributions of packages. # This is a hack until libtool officially supports absolute path # names for shared libraries. no_undefined_flag_CXX='${wl}-z,text' allow_undefined_flag_CXX='${wl}-z,nodefs' archive_cmds_need_lc_CXX=no hardcode_shlibpath_var_CXX=no hardcode_libdir_flag_spec_CXX='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' hardcode_libdir_separator_CXX=':' link_all_deplibs_CXX=yes export_dynamic_flag_spec_CXX='${wl}-Bexport' runpath_var='LD_RUN_PATH' case $cc_basename in CC*) archive_cmds_CXX='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; *) archive_cmds_CXX='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; esac ;; tandem*) case $cc_basename in NCC*) # NonStop-UX NCC 3.20 # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; *) # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; esac ;; vxworks*) # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; *) # FIXME: insert proper C++ library support ld_shlibs_CXX=no ;; esac { echo "$as_me:$LINENO: result: $ld_shlibs_CXX" >&5 echo "${ECHO_T}$ld_shlibs_CXX" >&6; } test "$ld_shlibs_CXX" = no && can_build_shared=no GCC_CXX="$GXX" LD_CXX="$LD" cat > conftest.$ac_ext <&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then # Parse the compiler output and extract the necessary # objects, libraries and library flags. # Sentinel used to keep track of whether or not we are before # the conftest object file. pre_test_object_deps_done=no # The `*' in the case matches for architectures that use `case' in # $output_verbose_cmd can trigger glob expansion during the loop # eval without this substitution. output_verbose_link_cmd=`$echo "X$output_verbose_link_cmd" | $Xsed -e "$no_glob_subst"` for p in `eval $output_verbose_link_cmd`; do case $p in -L* | -R* | -l*) # Some compilers place space between "-{L,R}" and the path. # Remove the space. if test $p = "-L" \ || test $p = "-R"; then prev=$p continue else prev= fi if test "$pre_test_object_deps_done" = no; then case $p in -L* | -R*) # Internal compiler library paths should come after those # provided the user. The postdeps already come after the # user supplied libs so there is no need to process them. if test -z "$compiler_lib_search_path_CXX"; then compiler_lib_search_path_CXX="${prev}${p}" else compiler_lib_search_path_CXX="${compiler_lib_search_path_CXX} ${prev}${p}" fi ;; # The "-l" case would never come before the object being # linked, so don't bother handling this case. esac else if test -z "$postdeps_CXX"; then postdeps_CXX="${prev}${p}" else postdeps_CXX="${postdeps_CXX} ${prev}${p}" fi fi ;; *.$objext) # This assumes that the test object file only shows up # once in the compiler output. if test "$p" = "conftest.$objext"; then pre_test_object_deps_done=yes continue fi if test "$pre_test_object_deps_done" = no; then if test -z "$predep_objects_CXX"; then predep_objects_CXX="$p" else predep_objects_CXX="$predep_objects_CXX $p" fi else if test -z "$postdep_objects_CXX"; then postdep_objects_CXX="$p" else postdep_objects_CXX="$postdep_objects_CXX $p" fi fi ;; *) ;; # Ignore the rest. esac done # Clean up. rm -f a.out a.exe else echo "libtool.m4: error: problem compiling CXX test program" fi $rm -f confest.$objext compiler_lib_search_dirs_CXX= if test -n "$compiler_lib_search_path_CXX"; then compiler_lib_search_dirs_CXX=`echo " ${compiler_lib_search_path_CXX}" | ${SED} -e 's! -L! !g' -e 's!^ !!'` fi # PORTME: override above test on systems where it is broken case $host_os in interix[3-9]*) # Interix 3.5 installs completely hosed .la files for C++, so rather than # hack all around it, let's just trust "g++" to DTRT. predep_objects_CXX= postdep_objects_CXX= postdeps_CXX= ;; linux*) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 # # The more standards-conforming stlport4 library is # incompatible with the Cstd library. Avoid specifying # it if it's in CXXFLAGS. Ignore libCrun as # -library=stlport4 depends on it. case " $CXX $CXXFLAGS " in *" -library=stlport4 "*) solaris_use_stlport4=yes ;; esac if test "$solaris_use_stlport4" != yes; then postdeps_CXX='-library=Cstd -library=Crun' fi ;; esac ;; solaris*) case $cc_basename in CC*) # The more standards-conforming stlport4 library is # incompatible with the Cstd library. Avoid specifying # it if it's in CXXFLAGS. Ignore libCrun as # -library=stlport4 depends on it. case " $CXX $CXXFLAGS " in *" -library=stlport4 "*) solaris_use_stlport4=yes ;; esac # Adding this requires a known-good setup of shared libraries for # Sun compiler versions before 5.6, else PIC objects from an old # archive will be linked into the output, leading to subtle bugs. if test "$solaris_use_stlport4" != yes; then postdeps_CXX='-library=Cstd -library=Crun' fi ;; esac ;; esac case " $postdeps_CXX " in *" -lc "*) archive_cmds_need_lc_CXX=no ;; esac lt_prog_compiler_wl_CXX= lt_prog_compiler_pic_CXX= lt_prog_compiler_static_CXX= { echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5 echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } # C++ specific cases for pic, static, wl, etc. if test "$GXX" = yes; then lt_prog_compiler_wl_CXX='-Wl,' lt_prog_compiler_static_CXX='-static' case $host_os in aix*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor lt_prog_compiler_static_CXX='-Bstatic' fi ;; amigaos*) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4' ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | os2* | pw32*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries lt_prog_compiler_pic_CXX='-DDLL_EXPORT' ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files lt_prog_compiler_pic_CXX='-fno-common' ;; *djgpp*) # DJGPP does not support shared libraries at all lt_prog_compiler_pic_CXX= ;; interix[3-9]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; sysv4*MP*) if test -d /usr/nec; then lt_prog_compiler_pic_CXX=-Kconform_pic fi ;; hpux*) # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) ;; *) lt_prog_compiler_pic_CXX='-fPIC' ;; esac ;; *) lt_prog_compiler_pic_CXX='-fPIC' ;; esac else case $host_os in aix[4-9]*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor lt_prog_compiler_static_CXX='-Bstatic' else lt_prog_compiler_static_CXX='-bnso -bI:/lib/syscalls.exp' fi ;; chorus*) case $cc_basename in cxch68*) # Green Hills C++ Compiler # _LT_AC_TAGVAR(lt_prog_compiler_static, CXX)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" ;; esac ;; darwin*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files case $cc_basename in xlc*) lt_prog_compiler_pic_CXX='-qnocommon' lt_prog_compiler_wl_CXX='-Wl,' ;; esac ;; dgux*) case $cc_basename in ec++*) lt_prog_compiler_pic_CXX='-KPIC' ;; ghcx*) # Green Hills C++ Compiler lt_prog_compiler_pic_CXX='-pic' ;; *) ;; esac ;; freebsd* | dragonfly*) # FreeBSD uses GNU C++ ;; hpux9* | hpux10* | hpux11*) case $cc_basename in CC*) lt_prog_compiler_wl_CXX='-Wl,' lt_prog_compiler_static_CXX='${wl}-a ${wl}archive' if test "$host_cpu" != ia64; then lt_prog_compiler_pic_CXX='+Z' fi ;; aCC*) lt_prog_compiler_wl_CXX='-Wl,' lt_prog_compiler_static_CXX='${wl}-a ${wl}archive' case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) lt_prog_compiler_pic_CXX='+Z' ;; esac ;; *) ;; esac ;; interix*) # This is c89, which is MS Visual C++ (no shared libs) # Anyone wants to do a port? ;; irix5* | irix6* | nonstopux*) case $cc_basename in CC*) lt_prog_compiler_wl_CXX='-Wl,' lt_prog_compiler_static_CXX='-non_shared' # CC pic flag -KPIC is the default. ;; *) ;; esac ;; linux* | k*bsd*-gnu) case $cc_basename in KCC*) # KAI C++ Compiler lt_prog_compiler_wl_CXX='--backend -Wl,' lt_prog_compiler_pic_CXX='-fPIC' ;; icpc* | ecpc*) # Intel C++ lt_prog_compiler_wl_CXX='-Wl,' lt_prog_compiler_pic_CXX='-KPIC' lt_prog_compiler_static_CXX='-static' ;; pgCC* | pgcpp*) # Portland Group C++ compiler. lt_prog_compiler_wl_CXX='-Wl,' lt_prog_compiler_pic_CXX='-fpic' lt_prog_compiler_static_CXX='-Bstatic' ;; cxx*) # Compaq C++ # Make sure the PIC flag is empty. It appears that all Alpha # Linux and Compaq Tru64 Unix objects are PIC. lt_prog_compiler_pic_CXX= lt_prog_compiler_static_CXX='-non_shared' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 lt_prog_compiler_pic_CXX='-KPIC' lt_prog_compiler_static_CXX='-Bstatic' lt_prog_compiler_wl_CXX='-Qoption ld ' ;; esac ;; esac ;; lynxos*) ;; m88k*) ;; mvs*) case $cc_basename in cxx*) lt_prog_compiler_pic_CXX='-W c,exportall' ;; *) ;; esac ;; netbsd* | netbsdelf*-gnu) ;; osf3* | osf4* | osf5*) case $cc_basename in KCC*) lt_prog_compiler_wl_CXX='--backend -Wl,' ;; RCC*) # Rational C++ 2.4.1 lt_prog_compiler_pic_CXX='-pic' ;; cxx*) # Digital/Compaq C++ lt_prog_compiler_wl_CXX='-Wl,' # Make sure the PIC flag is empty. It appears that all Alpha # Linux and Compaq Tru64 Unix objects are PIC. lt_prog_compiler_pic_CXX= lt_prog_compiler_static_CXX='-non_shared' ;; *) ;; esac ;; psos*) ;; solaris*) case $cc_basename in CC*) # Sun C++ 4.2, 5.x and Centerline C++ lt_prog_compiler_pic_CXX='-KPIC' lt_prog_compiler_static_CXX='-Bstatic' lt_prog_compiler_wl_CXX='-Qoption ld ' ;; gcx*) # Green Hills C++ Compiler lt_prog_compiler_pic_CXX='-PIC' ;; *) ;; esac ;; sunos4*) case $cc_basename in CC*) # Sun C++ 4.x lt_prog_compiler_pic_CXX='-pic' lt_prog_compiler_static_CXX='-Bstatic' ;; lcc*) # Lucid lt_prog_compiler_pic_CXX='-pic' ;; *) ;; esac ;; tandem*) case $cc_basename in NCC*) # NonStop-UX NCC 3.20 lt_prog_compiler_pic_CXX='-KPIC' ;; *) ;; esac ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) case $cc_basename in CC*) lt_prog_compiler_wl_CXX='-Wl,' lt_prog_compiler_pic_CXX='-KPIC' lt_prog_compiler_static_CXX='-Bstatic' ;; esac ;; vxworks*) ;; *) lt_prog_compiler_can_build_shared_CXX=no ;; esac fi { echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_CXX" >&5 echo "${ECHO_T}$lt_prog_compiler_pic_CXX" >&6; } # # Check to make sure the PIC flag actually works. # if test -n "$lt_prog_compiler_pic_CXX"; then { echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works" >&5 echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works... $ECHO_C" >&6; } if test "${lt_cv_prog_compiler_pic_works_CXX+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_prog_compiler_pic_works_CXX=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="$lt_prog_compiler_pic_CXX -DPIC" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:12855: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 echo "$as_me:12859: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_pic_works_CXX=yes fi fi $rm conftest* fi { echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_pic_works_CXX" >&5 echo "${ECHO_T}$lt_cv_prog_compiler_pic_works_CXX" >&6; } if test x"$lt_cv_prog_compiler_pic_works_CXX" = xyes; then case $lt_prog_compiler_pic_CXX in "" | " "*) ;; *) lt_prog_compiler_pic_CXX=" $lt_prog_compiler_pic_CXX" ;; esac else lt_prog_compiler_pic_CXX= lt_prog_compiler_can_build_shared_CXX=no fi fi case $host_os in # For platforms which do not support PIC, -DPIC is meaningless: *djgpp*) lt_prog_compiler_pic_CXX= ;; *) lt_prog_compiler_pic_CXX="$lt_prog_compiler_pic_CXX -DPIC" ;; esac # # Check to make sure the static flag actually works. # wl=$lt_prog_compiler_wl_CXX eval lt_tmp_static_flag=\"$lt_prog_compiler_static_CXX\" { echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5 echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; } if test "${lt_cv_prog_compiler_static_works_CXX+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_prog_compiler_static_works_CXX=no save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS $lt_tmp_static_flag" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&5 $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_static_works_CXX=yes fi else lt_cv_prog_compiler_static_works_CXX=yes fi fi $rm -r conftest* LDFLAGS="$save_LDFLAGS" fi { echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_static_works_CXX" >&5 echo "${ECHO_T}$lt_cv_prog_compiler_static_works_CXX" >&6; } if test x"$lt_cv_prog_compiler_static_works_CXX" = xyes; then : else lt_prog_compiler_static_CXX= fi { echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5 echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; } if test "${lt_cv_prog_compiler_c_o_CXX+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_prog_compiler_c_o_CXX=no $rm -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:12959: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 echo "$as_me:12963: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then lt_cv_prog_compiler_c_o_CXX=yes fi fi chmod u+w . 2>&5 $rm conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files $rm out/* && rmdir out cd .. rmdir conftest $rm conftest* fi { echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_CXX" >&5 echo "${ECHO_T}$lt_cv_prog_compiler_c_o_CXX" >&6; } hard_links="nottested" if test "$lt_cv_prog_compiler_c_o_CXX" = no && test "$need_locks" != no; then # do not overwrite the value of need_locks provided by the user { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5 echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; } hard_links=yes $rm conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no { echo "$as_me:$LINENO: result: $hard_links" >&5 echo "${ECHO_T}$hard_links" >&6; } if test "$hard_links" = no; then { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} need_locks=warn fi else need_locks=no fi { echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5 echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; } export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' case $host_os in aix[4-9]*) # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm if $NM -V 2>&1 | grep 'GNU' > /dev/null; then export_symbols_cmds_CXX='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' else export_symbols_cmds_CXX='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' fi ;; pw32*) export_symbols_cmds_CXX="$ltdll_cmds" ;; cygwin* | mingw*) export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;/^.*[ ]__nm__/s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' ;; linux* | k*bsd*-gnu) link_all_deplibs_CXX=no ;; *) export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' ;; esac exclude_expsyms_CXX='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' { echo "$as_me:$LINENO: result: $ld_shlibs_CXX" >&5 echo "${ECHO_T}$ld_shlibs_CXX" >&6; } test "$ld_shlibs_CXX" = no && can_build_shared=no # # Do we need to explicitly link libc? # case "x$archive_cmds_need_lc_CXX" in x|xyes) # Assume -lc should be added archive_cmds_need_lc_CXX=yes if test "$enable_shared" = yes && test "$GCC" = yes; then case $archive_cmds_CXX in *'~'*) # FIXME: we may have to deal with multi-command sequences. ;; '$CC '*) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5 echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; } $rm conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } 2>conftest.err; then soname=conftest lib=conftest libobjs=conftest.$ac_objext deplibs= wl=$lt_prog_compiler_wl_CXX pic_flag=$lt_prog_compiler_pic_CXX compiler_flags=-v linker_flags=-v verstring= output_objdir=. libname=conftest lt_save_allow_undefined_flag=$allow_undefined_flag_CXX allow_undefined_flag_CXX= if { (eval echo "$as_me:$LINENO: \"$archive_cmds_CXX 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5 (eval $archive_cmds_CXX 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } then archive_cmds_need_lc_CXX=no else archive_cmds_need_lc_CXX=yes fi allow_undefined_flag_CXX=$lt_save_allow_undefined_flag else cat conftest.err 1>&5 fi $rm conftest* { echo "$as_me:$LINENO: result: $archive_cmds_need_lc_CXX" >&5 echo "${ECHO_T}$archive_cmds_need_lc_CXX" >&6; } ;; esac fi ;; esac { echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5 echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; } library_names_spec= libname_spec='lib$name' soname_spec= shrext_cmds=".so" postinstall_cmds= postuninstall_cmds= finish_cmds= finish_eval= shlibpath_var= shlibpath_overrides_runpath=unknown version_type=none dynamic_linker="$host_os ld.so" sys_lib_dlsearch_path_spec="/lib /usr/lib" need_lib_prefix=unknown hardcode_into_libs=no # when you set need_version to no, make sure it does not cause -set_version # flags to be left without arguments need_version=unknown case $host_os in aix3*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. soname_spec='${libname}${release}${shared_ext}$major' ;; aix[4-9]*) version_type=linux need_lib_prefix=no need_version=no hardcode_into_libs=yes if test "$host_cpu" = ia64; then # AIX 5 supports IA64 library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with # the line `#! .'. This would cause the generated library to # depend on `.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[01] | aix4.[01].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then : else can_build_shared=no fi ;; esac # AIX (on Power*) has no versioning support, so currently we can not hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. if test "$aix_use_runtimelinking" = yes; then # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' else # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. library_names_spec='${libname}${release}.a $libname.a' soname_spec='${libname}${release}${shared_ext}$major' fi shlibpath_var=LIBPATH fi ;; amigaos*) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; beos*) library_names_spec='${libname}${shared_ext}' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; bsdi[45]*) version_type=linux need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" # the default ld.so.conf also contains /usr/contrib/lib and # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow # libtool to hard-code these into programs ;; cygwin* | mingw* | pw32*) version_type=windows shrext_cmds=".dll" need_version=no need_lib_prefix=no case $GCC,$host_os in yes,cygwin* | yes,mingw* | yes,pw32*) library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ chmod a+x \$dldir/$dlname' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $rm \$dlpath' shlibpath_overrides_runpath=yes case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" ;; mingw*) # MinGW DLLs use traditional 'lib' prefix soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then # It is most probably a Windows format PATH printed by # mingw gcc, but we are running on Cygwin. Gcc prints its search # path with ; separators, and with drive letters. We can handle the # drive letters (cygwin fileutils understands them), so leave them, # especially as we might pass files found there to a mingw objdump, # which wouldn't understand a cygwinified path. Ahh. sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` else sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' ;; esac ;; *) library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' ;; esac dynamic_linker='Win32 ld.exe' # FIXME: first we should search . and the directory the executable is in shlibpath_var=PATH ;; darwin* | rhapsody*) dynamic_linker="$host_os dyld" version_type=darwin need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext' soname_spec='${libname}${release}${major}$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' ;; dgux*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; freebsd1*) dynamic_linker=no ;; freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. if test -x /usr/bin/objformat; then objformat=`/usr/bin/objformat` else case $host_os in freebsd[123]*) objformat=aout ;; *) objformat=elf ;; esac fi version_type=freebsd-$objformat case $version_type in freebsd-elf*) library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' need_version=no need_lib_prefix=no ;; freebsd-*) library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' need_version=yes ;; esac shlibpath_var=LD_LIBRARY_PATH case $host_os in freebsd2*) shlibpath_overrides_runpath=yes ;; freebsd3.[01]* | freebsdelf3.[01]*) shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; *) # from 4.6 on, and DragonFly shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; esac ;; gnu*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH hardcode_into_libs=yes ;; hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. version_type=sunos need_lib_prefix=no need_version=no case $host_cpu in ia64*) shrext_cmds='.so' hardcode_into_libs=yes dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' if test "X$HPUX_IA64_MODE" = X32; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" fi sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' hardcode_into_libs=yes dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; *) shrext_cmds='.sl' dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555. postinstall_cmds='chmod 555 $lib' ;; interix[3-9]*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) if test "$lt_cv_prog_gnu_ld" = yes; then version_type=linux else version_type=irix fi ;; esac need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= ;; *) case $LD in # libtool.m4 will add one of these switches to LD *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= libmagic=32-bit;; *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 libmagic=N32;; *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 libmagic=64-bit;; *) libsuff= shlibsuff= libmagic=never-match;; esac ;; esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" hardcode_into_libs=yes ;; # No shared lib support for Linux oldld, aout, or coff. linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; # This must be Linux ELF. linux* | k*bsd*-gnu) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. hardcode_into_libs=yes # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on # powerpc, because MkLinux only supported shared libraries with the # GNU dynamic linker. Since this was broken with cross compilers, # most powerpc-linux boxes support dynamic linking these days and # people can always --disable-shared, the test was removed, and we # assume the GNU/Linux dynamic linker is in use. dynamic_linker='GNU/Linux ld.so' ;; netbsdelf*-gnu) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='NetBSD ld.elf_so' ;; netbsd*) version_type=sunos need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; newsos6) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; nto-qnx*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; openbsd*) version_type=sunos sys_lib_dlsearch_path_spec="/usr/lib" need_lib_prefix=no # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. case $host_os in openbsd3.3 | openbsd3.3.*) need_version=yes ;; *) need_version=no ;; esac library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' shlibpath_var=LD_LIBRARY_PATH if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then case $host_os in openbsd2.[89] | openbsd2.[89].*) shlibpath_overrides_runpath=no ;; *) shlibpath_overrides_runpath=yes ;; esac else shlibpath_overrides_runpath=yes fi ;; os2*) libname_spec='$name' shrext_cmds=".dll" need_lib_prefix=no library_names_spec='$libname${shared_ext} $libname.a' dynamic_linker='OS/2 ld.exe' shlibpath_var=LIBPATH ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" ;; rdos*) dynamic_linker=no ;; solaris*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes # ldd complains unless libraries are executable postinstall_cmds='chmod +x $lib' ;; sunos4*) version_type=sunos library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes if test "$with_gnu_ld" = yes; then need_lib_prefix=no fi need_version=yes ;; sysv4 | sysv4.3*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) shlibpath_overrides_runpath=no need_lib_prefix=no export_dynamic_flag_spec='${wl}-Blargedynsym' runpath_var=LD_RUN_PATH ;; siemens) need_lib_prefix=no ;; motorola) need_lib_prefix=no need_version=no shlibpath_overrides_runpath=no sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' ;; esac ;; sysv4*MP*) if test -d /usr/nec ;then version_type=linux library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' soname_spec='$libname${shared_ext}.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) version_type=freebsd-elf need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH hardcode_into_libs=yes if test "$with_gnu_ld" = yes; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' shlibpath_overrides_runpath=no else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' shlibpath_overrides_runpath=yes case $host_os in sco3.2v5*) sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" ;; esac fi sys_lib_dlsearch_path_spec='/usr/lib' ;; uts4*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; *) dynamic_linker=no ;; esac { echo "$as_me:$LINENO: result: $dynamic_linker" >&5 echo "${ECHO_T}$dynamic_linker" >&6; } test "$dynamic_linker" = no && can_build_shared=no if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_sys_lib_search_path_spec="$sys_lib_search_path_spec" fi sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec" fi sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" variables_saved_for_relink="PATH $shlibpath_var $runpath_var" if test "$GCC" = yes; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi { echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5 echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; } hardcode_action_CXX= if test -n "$hardcode_libdir_flag_spec_CXX" || \ test -n "$runpath_var_CXX" || \ test "X$hardcode_automatic_CXX" = "Xyes" ; then # We can hardcode non-existant directories. if test "$hardcode_direct_CXX" != no && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, CXX)" != no && test "$hardcode_minus_L_CXX" != no; then # Linking always hardcodes the temporary library directory. hardcode_action_CXX=relink else # We can link without hardcoding, and we can hardcode nonexisting dirs. hardcode_action_CXX=immediate fi else # We cannot hardcode anything, or else we can only hardcode existing # directories. hardcode_action_CXX=unsupported fi { echo "$as_me:$LINENO: result: $hardcode_action_CXX" >&5 echo "${ECHO_T}$hardcode_action_CXX" >&6; } if test "$hardcode_action_CXX" = relink; then # Fast installation is not supported enable_fast_install=no elif test "$shlibpath_overrides_runpath" = yes || test "$enable_shared" = no; then # Fast installation is not necessary enable_fast_install=needless fi # The else clause should only fire when bootstrapping the # libtool distribution, otherwise you forgot to ship ltmain.sh # with your package, and you will get complaints that there are # no rules to generate ltmain.sh. if test -f "$ltmain"; then # See if we are running on zsh, and set the options which allow our commands through # without removal of \ escapes. if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi # Now quote all the things that may contain metacharacters while being # careful not to overquote the AC_SUBSTed values. We take copies of the # variables and quote the copies for generation of the libtool script. for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \ SED SHELL STRIP \ libname_spec library_names_spec soname_spec extract_expsyms_cmds \ old_striplib striplib file_magic_cmd finish_cmds finish_eval \ deplibs_check_method reload_flag reload_cmds need_locks \ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \ lt_cv_sys_global_symbol_to_c_name_address \ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \ old_postinstall_cmds old_postuninstall_cmds \ compiler_CXX \ CC_CXX \ LD_CXX \ lt_prog_compiler_wl_CXX \ lt_prog_compiler_pic_CXX \ lt_prog_compiler_static_CXX \ lt_prog_compiler_no_builtin_flag_CXX \ export_dynamic_flag_spec_CXX \ thread_safe_flag_spec_CXX \ whole_archive_flag_spec_CXX \ enable_shared_with_static_runtimes_CXX \ old_archive_cmds_CXX \ old_archive_from_new_cmds_CXX \ predep_objects_CXX \ postdep_objects_CXX \ predeps_CXX \ postdeps_CXX \ compiler_lib_search_path_CXX \ compiler_lib_search_dirs_CXX \ archive_cmds_CXX \ archive_expsym_cmds_CXX \ postinstall_cmds_CXX \ postuninstall_cmds_CXX \ old_archive_from_expsyms_cmds_CXX \ allow_undefined_flag_CXX \ no_undefined_flag_CXX \ export_symbols_cmds_CXX \ hardcode_libdir_flag_spec_CXX \ hardcode_libdir_flag_spec_ld_CXX \ hardcode_libdir_separator_CXX \ hardcode_automatic_CXX \ module_cmds_CXX \ module_expsym_cmds_CXX \ lt_cv_prog_compiler_c_o_CXX \ fix_srcfile_path_CXX \ exclude_expsyms_CXX \ include_expsyms_CXX; do case $var in old_archive_cmds_CXX | \ old_archive_from_new_cmds_CXX | \ archive_cmds_CXX | \ archive_expsym_cmds_CXX | \ module_cmds_CXX | \ module_expsym_cmds_CXX | \ old_archive_from_expsyms_cmds_CXX | \ export_symbols_cmds_CXX | \ extract_expsyms_cmds | reload_cmds | finish_cmds | \ postinstall_cmds | postuninstall_cmds | \ old_postinstall_cmds | old_postuninstall_cmds | \ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec) # Double-quote double-evaled strings. eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" ;; *) eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" ;; esac done case $lt_echo in *'\$0 --fallback-echo"') lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'` ;; esac cfgfile="$ofile" cat <<__EOF__ >> "$cfgfile" # ### BEGIN LIBTOOL TAG CONFIG: $tagname # Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # Shell to use when invoking shell scripts. SHELL=$lt_SHELL # Whether or not to build shared libraries. build_libtool_libs=$enable_shared # Whether or not to build static libraries. build_old_libs=$enable_static # Whether or not to add -lc for building shared libraries. build_libtool_need_lc=$archive_cmds_need_lc_CXX # Whether or not to disallow shared libs when runtime libs are static allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_CXX # Whether or not to optimize for fast installation. fast_install=$enable_fast_install # The host system. host_alias=$host_alias host=$host host_os=$host_os # The build system. build_alias=$build_alias build=$build build_os=$build_os # An echo program that does not interpret backslashes. echo=$lt_echo # The archiver. AR=$lt_AR AR_FLAGS=$lt_AR_FLAGS # A C compiler. LTCC=$lt_LTCC # LTCC compiler flags. LTCFLAGS=$lt_LTCFLAGS # A language-specific compiler. CC=$lt_compiler_CXX # Is the compiler the GNU C compiler? with_gcc=$GCC_CXX # An ERE matcher. EGREP=$lt_EGREP # The linker used to build libraries. LD=$lt_LD_CXX # Whether we need hard or soft links. LN_S=$lt_LN_S # A BSD-compatible nm program. NM=$lt_NM # A symbol stripping program STRIP=$lt_STRIP # Used to examine libraries when file_magic_cmd begins "file" MAGIC_CMD=$MAGIC_CMD # Used on cygwin: DLL creation program. DLLTOOL="$DLLTOOL" # Used on cygwin: object dumper. OBJDUMP="$OBJDUMP" # Used on cygwin: assembler. AS="$AS" # The name of the directory that contains temporary libtool files. objdir=$objdir # How to create reloadable object files. reload_flag=$lt_reload_flag reload_cmds=$lt_reload_cmds # How to pass a linker flag through the compiler. wl=$lt_lt_prog_compiler_wl_CXX # Object file suffix (normally "o"). objext="$ac_objext" # Old archive suffix (normally "a"). libext="$libext" # Shared library suffix (normally ".so"). shrext_cmds='$shrext_cmds' # Executable file suffix (normally ""). exeext="$exeext" # Additional compiler flags for building library objects. pic_flag=$lt_lt_prog_compiler_pic_CXX pic_mode=$pic_mode # What is the maximum length of a command? max_cmd_len=$lt_cv_sys_max_cmd_len # Does compiler simultaneously support -c and -o options? compiler_c_o=$lt_lt_cv_prog_compiler_c_o_CXX # Must we lock files when doing compilation? need_locks=$lt_need_locks # Do we need the lib prefix for modules? need_lib_prefix=$need_lib_prefix # Do we need a version for libraries? need_version=$need_version # Whether dlopen is supported. dlopen_support=$enable_dlopen # Whether dlopen of programs is supported. dlopen_self=$enable_dlopen_self # Whether dlopen of statically linked programs is supported. dlopen_self_static=$enable_dlopen_self_static # Compiler flag to prevent dynamic linking. link_static_flag=$lt_lt_prog_compiler_static_CXX # Compiler flag to turn off builtin functions. no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_CXX # Compiler flag to allow reflexive dlopens. export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_CXX # Compiler flag to generate shared objects directly from archives. whole_archive_flag_spec=$lt_whole_archive_flag_spec_CXX # Compiler flag to generate thread-safe objects. thread_safe_flag_spec=$lt_thread_safe_flag_spec_CXX # Library versioning type. version_type=$version_type # Format of library name prefix. libname_spec=$lt_libname_spec # List of archive names. First name is the real one, the rest are links. # The last name is the one that the linker finds with -lNAME. library_names_spec=$lt_library_names_spec # The coded name of the library, if different from the real name. soname_spec=$lt_soname_spec # Commands used to build and install an old-style archive. RANLIB=$lt_RANLIB old_archive_cmds=$lt_old_archive_cmds_CXX old_postinstall_cmds=$lt_old_postinstall_cmds old_postuninstall_cmds=$lt_old_postuninstall_cmds # Create an old-style archive from a shared archive. old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_CXX # Create a temporary old-style archive to link instead of a shared archive. old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_CXX # Commands used to build and install a shared archive. archive_cmds=$lt_archive_cmds_CXX archive_expsym_cmds=$lt_archive_expsym_cmds_CXX postinstall_cmds=$lt_postinstall_cmds postuninstall_cmds=$lt_postuninstall_cmds # Commands used to build a loadable module (assumed same as above if empty) module_cmds=$lt_module_cmds_CXX module_expsym_cmds=$lt_module_expsym_cmds_CXX # Commands to strip libraries. old_striplib=$lt_old_striplib striplib=$lt_striplib # Dependencies to place before the objects being linked to create a # shared library. predep_objects=$lt_predep_objects_CXX # Dependencies to place after the objects being linked to create a # shared library. postdep_objects=$lt_postdep_objects_CXX # Dependencies to place before the objects being linked to create a # shared library. predeps=$lt_predeps_CXX # Dependencies to place after the objects being linked to create a # shared library. postdeps=$lt_postdeps_CXX # The directories searched by this compiler when creating a shared # library compiler_lib_search_dirs=$lt_compiler_lib_search_dirs_CXX # The library search path used internally by the compiler when linking # a shared library. compiler_lib_search_path=$lt_compiler_lib_search_path_CXX # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method # Command to use when deplibs_check_method == file_magic. file_magic_cmd=$lt_file_magic_cmd # Flag that allows shared libraries with undefined symbols to be built. allow_undefined_flag=$lt_allow_undefined_flag_CXX # Flag that forces no undefined symbols. no_undefined_flag=$lt_no_undefined_flag_CXX # Commands used to finish a libtool library installation in a directory. finish_cmds=$lt_finish_cmds # Same as above, but a single script fragment to be evaled but not shown. finish_eval=$lt_finish_eval # Take the output of nm and produce a listing of raw symbols and C names. global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe # Transform the output of nm in a proper C declaration global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl # Transform the output of nm in a C name address pair global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address # This is the shared library runtime path variable. runpath_var=$runpath_var # This is the shared library path variable. shlibpath_var=$shlibpath_var # Is shlibpath searched before the hard-coded library search path? shlibpath_overrides_runpath=$shlibpath_overrides_runpath # How to hardcode a shared library path into an executable. hardcode_action=$hardcode_action_CXX # Whether we should hardcode library paths into libraries. hardcode_into_libs=$hardcode_into_libs # Flag to hardcode \$libdir into a binary during linking. # This must work even if \$libdir does not exist. hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_CXX # If ld is used when linking, flag to hardcode \$libdir into # a binary during linking. This must work even if \$libdir does # not exist. hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_CXX # Whether we need a single -rpath flag with a separated argument. hardcode_libdir_separator=$lt_hardcode_libdir_separator_CXX # Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the # resulting binary. hardcode_direct=$hardcode_direct_CXX # Set to yes if using the -LDIR flag during linking hardcodes DIR into the # resulting binary. hardcode_minus_L=$hardcode_minus_L_CXX # Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into # the resulting binary. hardcode_shlibpath_var=$hardcode_shlibpath_var_CXX # Set to yes if building a shared library automatically hardcodes DIR into the library # and all subsequent libraries and executables linked against it. hardcode_automatic=$hardcode_automatic_CXX # Variables whose values should be saved in libtool wrapper scripts and # restored at relink time. variables_saved_for_relink="$variables_saved_for_relink" # Whether libtool must link a program against all its dependency libraries. link_all_deplibs=$link_all_deplibs_CXX # Compile-time system search path for libraries sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec # Fix the shell variable \$srcfile for the compiler. fix_srcfile_path=$lt_fix_srcfile_path # Set to yes if exported symbols are required. always_export_symbols=$always_export_symbols_CXX # The commands to list exported symbols. export_symbols_cmds=$lt_export_symbols_cmds_CXX # The commands to extract the exported symbol list from a shared archive. extract_expsyms_cmds=$lt_extract_expsyms_cmds # Symbols that should not be listed in the preloaded symbols. exclude_expsyms=$lt_exclude_expsyms_CXX # Symbols that must always be exported. include_expsyms=$lt_include_expsyms_CXX # ### END LIBTOOL TAG CONFIG: $tagname __EOF__ else # If there is no Makefile yet, we rely on a make rule to execute # `config.status --recheck' to rerun these tests and create the # libtool script then. ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'` if test -f "$ltmain_in"; then test -f Makefile && make "$ltmain" fi fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu CC=$lt_save_CC LDCXX=$LD LD=$lt_save_LD GCC=$lt_save_GCC with_gnu_ldcxx=$with_gnu_ld with_gnu_ld=$lt_save_with_gnu_ld lt_cv_path_LDCXX=$lt_cv_path_LD lt_cv_path_LD=$lt_save_path_LD lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld else tagname="" fi ;; F77) if test -n "$F77" && test "X$F77" != "Xno"; then ac_ext=f ac_compile='$F77 -c $FFLAGS conftest.$ac_ext >&5' ac_link='$F77 -o conftest$ac_exeext $FFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_f77_compiler_gnu archive_cmds_need_lc_F77=no allow_undefined_flag_F77= always_export_symbols_F77=no archive_expsym_cmds_F77= export_dynamic_flag_spec_F77= hardcode_direct_F77=no hardcode_libdir_flag_spec_F77= hardcode_libdir_flag_spec_ld_F77= hardcode_libdir_separator_F77= hardcode_minus_L_F77=no hardcode_automatic_F77=no module_cmds_F77= module_expsym_cmds_F77= link_all_deplibs_F77=unknown old_archive_cmds_F77=$old_archive_cmds no_undefined_flag_F77= whole_archive_flag_spec_F77= enable_shared_with_static_runtimes_F77=no # Source file extension for f77 test sources. ac_ext=f # Object file extension for compiled f77 test sources. objext=o objext_F77=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="\ subroutine t return end " # Code to be used in simple link tests lt_simple_link_test_code="\ program t end " # ltmain only uses $CC for tagged configurations so make sure $CC is set. # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC # save warnings/boilerplate of simple test code ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" >conftest.$ac_ext eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_compiler_boilerplate=`cat conftest.err` $rm conftest* ac_outfile=conftest.$ac_objext echo "$lt_simple_link_test_code" >conftest.$ac_ext eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_linker_boilerplate=`cat conftest.err` $rm -r conftest* # Allow CC to be a program name with arguments. lt_save_CC="$CC" CC=${F77-"f77"} compiler=$CC compiler_F77=$CC for cc_temp in $compiler""; do case $cc_temp in compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` { echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5 echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6; } { echo "$as_me:$LINENO: result: $can_build_shared" >&5 echo "${ECHO_T}$can_build_shared" >&6; } { echo "$as_me:$LINENO: checking whether to build shared libraries" >&5 echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6; } test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[4-9]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac { echo "$as_me:$LINENO: result: $enable_shared" >&5 echo "${ECHO_T}$enable_shared" >&6; } { echo "$as_me:$LINENO: checking whether to build static libraries" >&5 echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6; } # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes { echo "$as_me:$LINENO: result: $enable_static" >&5 echo "${ECHO_T}$enable_static" >&6; } GCC_F77="$G77" LD_F77="$LD" lt_prog_compiler_wl_F77= lt_prog_compiler_pic_F77= lt_prog_compiler_static_F77= { echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5 echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } if test "$GCC" = yes; then lt_prog_compiler_wl_F77='-Wl,' lt_prog_compiler_static_F77='-static' case $host_os in aix*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor lt_prog_compiler_static_F77='-Bstatic' fi ;; amigaos*) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. lt_prog_compiler_pic_F77='-m68020 -resident32 -malways-restore-a4' ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries lt_prog_compiler_pic_F77='-DDLL_EXPORT' ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files lt_prog_compiler_pic_F77='-fno-common' ;; interix[3-9]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; msdosdjgpp*) # Just because we use GCC doesn't mean we suddenly get shared libraries # on systems that don't support them. lt_prog_compiler_can_build_shared_F77=no enable_shared=no ;; sysv4*MP*) if test -d /usr/nec; then lt_prog_compiler_pic_F77=-Kconform_pic fi ;; hpux*) # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) lt_prog_compiler_pic_F77='-fPIC' ;; esac ;; *) lt_prog_compiler_pic_F77='-fPIC' ;; esac else # PORTME Check for flag to pass linker flags through the system compiler. case $host_os in aix*) lt_prog_compiler_wl_F77='-Wl,' if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor lt_prog_compiler_static_F77='-Bstatic' else lt_prog_compiler_static_F77='-bnso -bI:/lib/syscalls.exp' fi ;; darwin*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files case $cc_basename in xlc*) lt_prog_compiler_pic_F77='-qnocommon' lt_prog_compiler_wl_F77='-Wl,' ;; esac ;; mingw* | cygwin* | pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic_F77='-DDLL_EXPORT' ;; hpux9* | hpux10* | hpux11*) lt_prog_compiler_wl_F77='-Wl,' # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) lt_prog_compiler_pic_F77='+Z' ;; esac # Is there a better lt_prog_compiler_static that works with the bundled CC? lt_prog_compiler_static_F77='${wl}-a ${wl}archive' ;; irix5* | irix6* | nonstopux*) lt_prog_compiler_wl_F77='-Wl,' # PIC (with -KPIC) is the default. lt_prog_compiler_static_F77='-non_shared' ;; newsos6) lt_prog_compiler_pic_F77='-KPIC' lt_prog_compiler_static_F77='-Bstatic' ;; linux* | k*bsd*-gnu) case $cc_basename in icc* | ecc*) lt_prog_compiler_wl_F77='-Wl,' lt_prog_compiler_pic_F77='-KPIC' lt_prog_compiler_static_F77='-static' ;; pgcc* | pgf77* | pgf90* | pgf95*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) lt_prog_compiler_wl_F77='-Wl,' lt_prog_compiler_pic_F77='-fpic' lt_prog_compiler_static_F77='-Bstatic' ;; ccc*) lt_prog_compiler_wl_F77='-Wl,' # All Alpha code is PIC. lt_prog_compiler_static_F77='-non_shared' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 lt_prog_compiler_pic_F77='-KPIC' lt_prog_compiler_static_F77='-Bstatic' lt_prog_compiler_wl_F77='-Wl,' ;; *Sun\ F*) # Sun Fortran 8.3 passes all unrecognized flags to the linker lt_prog_compiler_pic_F77='-KPIC' lt_prog_compiler_static_F77='-Bstatic' lt_prog_compiler_wl_F77='' ;; esac ;; esac ;; osf3* | osf4* | osf5*) lt_prog_compiler_wl_F77='-Wl,' # All OSF/1 code is PIC. lt_prog_compiler_static_F77='-non_shared' ;; rdos*) lt_prog_compiler_static_F77='-non_shared' ;; solaris*) lt_prog_compiler_pic_F77='-KPIC' lt_prog_compiler_static_F77='-Bstatic' case $cc_basename in f77* | f90* | f95*) lt_prog_compiler_wl_F77='-Qoption ld ';; *) lt_prog_compiler_wl_F77='-Wl,';; esac ;; sunos4*) lt_prog_compiler_wl_F77='-Qoption ld ' lt_prog_compiler_pic_F77='-PIC' lt_prog_compiler_static_F77='-Bstatic' ;; sysv4 | sysv4.2uw2* | sysv4.3*) lt_prog_compiler_wl_F77='-Wl,' lt_prog_compiler_pic_F77='-KPIC' lt_prog_compiler_static_F77='-Bstatic' ;; sysv4*MP*) if test -d /usr/nec ;then lt_prog_compiler_pic_F77='-Kconform_pic' lt_prog_compiler_static_F77='-Bstatic' fi ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) lt_prog_compiler_wl_F77='-Wl,' lt_prog_compiler_pic_F77='-KPIC' lt_prog_compiler_static_F77='-Bstatic' ;; unicos*) lt_prog_compiler_wl_F77='-Wl,' lt_prog_compiler_can_build_shared_F77=no ;; uts4*) lt_prog_compiler_pic_F77='-pic' lt_prog_compiler_static_F77='-Bstatic' ;; *) lt_prog_compiler_can_build_shared_F77=no ;; esac fi { echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_F77" >&5 echo "${ECHO_T}$lt_prog_compiler_pic_F77" >&6; } # # Check to make sure the PIC flag actually works. # if test -n "$lt_prog_compiler_pic_F77"; then { echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_F77 works" >&5 echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_F77 works... $ECHO_C" >&6; } if test "${lt_cv_prog_compiler_pic_works_F77+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_prog_compiler_pic_works_F77=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="$lt_prog_compiler_pic_F77" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:14557: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 echo "$as_me:14561: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_pic_works_F77=yes fi fi $rm conftest* fi { echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_pic_works_F77" >&5 echo "${ECHO_T}$lt_cv_prog_compiler_pic_works_F77" >&6; } if test x"$lt_cv_prog_compiler_pic_works_F77" = xyes; then case $lt_prog_compiler_pic_F77 in "" | " "*) ;; *) lt_prog_compiler_pic_F77=" $lt_prog_compiler_pic_F77" ;; esac else lt_prog_compiler_pic_F77= lt_prog_compiler_can_build_shared_F77=no fi fi case $host_os in # For platforms which do not support PIC, -DPIC is meaningless: *djgpp*) lt_prog_compiler_pic_F77= ;; *) lt_prog_compiler_pic_F77="$lt_prog_compiler_pic_F77" ;; esac # # Check to make sure the static flag actually works. # wl=$lt_prog_compiler_wl_F77 eval lt_tmp_static_flag=\"$lt_prog_compiler_static_F77\" { echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5 echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; } if test "${lt_cv_prog_compiler_static_works_F77+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_prog_compiler_static_works_F77=no save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS $lt_tmp_static_flag" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&5 $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_static_works_F77=yes fi else lt_cv_prog_compiler_static_works_F77=yes fi fi $rm -r conftest* LDFLAGS="$save_LDFLAGS" fi { echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_static_works_F77" >&5 echo "${ECHO_T}$lt_cv_prog_compiler_static_works_F77" >&6; } if test x"$lt_cv_prog_compiler_static_works_F77" = xyes; then : else lt_prog_compiler_static_F77= fi { echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5 echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; } if test "${lt_cv_prog_compiler_c_o_F77+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_prog_compiler_c_o_F77=no $rm -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:14661: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 echo "$as_me:14665: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then lt_cv_prog_compiler_c_o_F77=yes fi fi chmod u+w . 2>&5 $rm conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files $rm out/* && rmdir out cd .. rmdir conftest $rm conftest* fi { echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_F77" >&5 echo "${ECHO_T}$lt_cv_prog_compiler_c_o_F77" >&6; } hard_links="nottested" if test "$lt_cv_prog_compiler_c_o_F77" = no && test "$need_locks" != no; then # do not overwrite the value of need_locks provided by the user { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5 echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; } hard_links=yes $rm conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no { echo "$as_me:$LINENO: result: $hard_links" >&5 echo "${ECHO_T}$hard_links" >&6; } if test "$hard_links" = no; then { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} need_locks=warn fi else need_locks=no fi { echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5 echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; } runpath_var= allow_undefined_flag_F77= enable_shared_with_static_runtimes_F77=no archive_cmds_F77= archive_expsym_cmds_F77= old_archive_From_new_cmds_F77= old_archive_from_expsyms_cmds_F77= export_dynamic_flag_spec_F77= whole_archive_flag_spec_F77= thread_safe_flag_spec_F77= hardcode_libdir_flag_spec_F77= hardcode_libdir_flag_spec_ld_F77= hardcode_libdir_separator_F77= hardcode_direct_F77=no hardcode_minus_L_F77=no hardcode_shlibpath_var_F77=unsupported link_all_deplibs_F77=unknown hardcode_automatic_F77=no module_cmds_F77= module_expsym_cmds_F77= always_export_symbols_F77=no export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' # include_expsyms should be a list of space-separated symbols to be *always* # included in the symbol list include_expsyms_F77= # exclude_expsyms can be an extended regexp of symbols to exclude # it will be wrapped by ` (' and `)$', so one must not match beginning or # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', # as well as any symbol that contains `d'. exclude_expsyms_F77='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if # the symbol is explicitly referenced. Since portable code cannot # rely on this symbol name, it's probably fine to never include it in # preloaded symbol tables. # Exclude shared library initialization/finalization symbols. extract_expsyms_cmds= # Just being paranoid about ensuring that cc_basename is set. for cc_temp in $compiler""; do case $cc_temp in compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` case $host_os in cygwin* | mingw* | pw32*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. if test "$GCC" != yes; then with_gnu_ld=no fi ;; interix*) # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; openbsd*) with_gnu_ld=no ;; esac ld_shlibs_F77=yes if test "$with_gnu_ld" = yes; then # If archive_cmds runs LD, not CC, wlarc should be empty wlarc='${wl}' # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH hardcode_libdir_flag_spec_F77='${wl}--rpath ${wl}$libdir' export_dynamic_flag_spec_F77='${wl}--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then whole_archive_flag_spec_F77="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else whole_archive_flag_spec_F77= fi supports_anon_versioning=no case `$LD -v 2>/dev/null` in *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... *\ 2.11.*) ;; # other 2.11 versions *) supports_anon_versioning=yes ;; esac # See if GNU ld supports shared libraries. case $host_os in aix[3-9]*) # On AIX/PPC, the GNU linker is very broken if test "$host_cpu" != ia64; then ld_shlibs_F77=no cat <&2 *** Warning: the GNU linker, at least up to release 2.9.1, is reported *** to be unable to reliably create shared libraries on AIX. *** Therefore, libtool is disabling shared libraries support. If you *** really care for shared libraries, you may want to modify your PATH *** so that a non-GNU linker is found, and then restart. EOF fi ;; amigaos*) archive_cmds_F77='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' hardcode_libdir_flag_spec_F77='-L$libdir' hardcode_minus_L_F77=yes # Samuel A. Falvo II reports # that the semantics of dynamic libraries on AmigaOS, at least up # to version 4, is to share data among multiple programs linked # with the same dynamic library. Since this doesn't match the # behavior of shared libraries on other platforms, we can't use # them. ld_shlibs_F77=no ;; beos*) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then allow_undefined_flag_F77=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME archive_cmds_F77='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' else ld_shlibs_F77=no fi ;; cygwin* | mingw* | pw32*) # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, F77) is actually meaningless, # as there is no search path for DLLs. hardcode_libdir_flag_spec_F77='-L$libdir' allow_undefined_flag_F77=unsupported always_export_symbols_F77=no enable_shared_with_static_runtimes_F77=yes export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/'\'' -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds_F77='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else ld_shlibs_F77=no fi ;; interix[3-9]*) hardcode_direct_F77=no hardcode_shlibpath_var_F77=no hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir' export_dynamic_flag_spec_F77='${wl}-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. archive_cmds_F77='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' archive_expsym_cmds_F77='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | k*bsd*-gnu) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then tmp_addflag= case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler whole_archive_flag_spec_F77='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag' ;; pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers whole_archive_flag_spec_F77='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 tmp_addflag=' -i_dynamic -nofor_main' ;; ifc* | ifort*) # Intel Fortran compiler tmp_addflag=' -nofor_main' ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 whole_archive_flag_spec_F77='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; *) tmp_sharedflag='-shared' ;; esac archive_cmds_F77='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' if test $supports_anon_versioning = yes; then archive_expsym_cmds_F77='$echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ $echo "local: *; };" >> $output_objdir/$libname.ver~ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' fi link_all_deplibs_F77=no else ld_shlibs_F77=no fi ;; netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then archive_cmds_F77='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' fi ;; solaris*) if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then ld_shlibs_F77=no cat <&2 *** Warning: The releases 2.8.* of the GNU linker cannot reliably *** create shared libraries on Solaris systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.9.1 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. EOF elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs_F77=no fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) case `$LD -v 2>&1` in *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) ld_shlibs_F77=no cat <<_LT_EOF 1>&2 *** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not *** reliably create shared libraries on SCO systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.16.91.0.3 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF ;; *) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then hardcode_libdir_flag_spec_F77='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`' archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib' archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib' else ld_shlibs_F77=no fi ;; esac ;; sunos4*) archive_cmds_F77='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' wlarc= hardcode_direct_F77=yes hardcode_shlibpath_var_F77=no ;; *) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs_F77=no fi ;; esac if test "$ld_shlibs_F77" = no; then runpath_var= hardcode_libdir_flag_spec_F77= export_dynamic_flag_spec_F77= whole_archive_flag_spec_F77= fi else # PORTME fill in a description of your system's linker (not GNU ld) case $host_os in aix3*) allow_undefined_flag_F77=unsupported always_export_symbols_F77=yes archive_expsym_cmds_F77='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. hardcode_minus_L_F77=yes if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. hardcode_direct_F77=unsupported fi ;; aix[4-9]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag="" else # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm if $NM -V 2>&1 | grep 'GNU' > /dev/null; then export_symbols_cmds_F77='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' else export_symbols_cmds_F77='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) for ld_flag in $LDFLAGS; do if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then aix_use_runtimelinking=yes break fi done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. archive_cmds_F77='' hardcode_direct_F77=yes hardcode_libdir_separator_F77=':' link_all_deplibs_F77=yes if test "$GCC" = yes; then case $host_os in aix4.[012]|aix4.[012].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && \ strings "$collect2name" | grep resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 hardcode_direct_F77=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking hardcode_minus_L_F77=yes hardcode_libdir_flag_spec_F77='-L$libdir' hardcode_libdir_separator_F77= fi ;; esac shared_flag='-shared' if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi else # not using gcc if test "$host_cpu" = ia64; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' fi fi fi # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. always_export_symbols_F77=yes if test "$aix_use_runtimelinking" = yes; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. allow_undefined_flag_F77='-berok' # Determine the default libpath from the value encoded in an empty executable. cat >conftest.$ac_ext <<_ACEOF program main end _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_f77_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/ p } }' aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi hardcode_libdir_flag_spec_F77='${wl}-blibpath:$libdir:'"$aix_libpath" archive_expsym_cmds_F77="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then hardcode_libdir_flag_spec_F77='${wl}-R $libdir:/usr/lib:/lib' allow_undefined_flag_F77="-z nodefs" archive_expsym_cmds_F77="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an empty executable. cat >conftest.$ac_ext <<_ACEOF program main end _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_f77_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/ p } }' aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi hardcode_libdir_flag_spec_F77='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. no_undefined_flag_F77=' ${wl}-bernotok' allow_undefined_flag_F77=' ${wl}-berok' # Exported symbols can be pulled into shared objects from archives whole_archive_flag_spec_F77='$convenience' archive_cmds_need_lc_F77=yes # This is similar to how AIX traditionally builds its shared libraries. archive_expsym_cmds_F77="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; amigaos*) archive_cmds_F77='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' hardcode_libdir_flag_spec_F77='-L$libdir' hardcode_minus_L_F77=yes # see comment about different semantics on the GNU ld section ld_shlibs_F77=no ;; bsdi[45]*) export_dynamic_flag_spec_F77=-rdynamic ;; cygwin* | mingw* | pw32*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. hardcode_libdir_flag_spec_F77=' ' allow_undefined_flag_F77=unsupported # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. archive_cmds_F77='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. old_archive_From_new_cmds_F77='true' # FIXME: Should let the user specify the lib program. old_archive_cmds_F77='lib -OUT:$oldlib$oldobjs$old_deplibs' fix_srcfile_path_F77='`cygpath -w "$srcfile"`' enable_shared_with_static_runtimes_F77=yes ;; darwin* | rhapsody*) case $host_os in rhapsody* | darwin1.[012]) allow_undefined_flag_F77='${wl}-undefined ${wl}suppress' ;; *) # Darwin 1.3 on if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then allow_undefined_flag_F77='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' else case ${MACOSX_DEPLOYMENT_TARGET} in 10.[012]) allow_undefined_flag_F77='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; 10.*) allow_undefined_flag_F77='${wl}-undefined ${wl}dynamic_lookup' ;; esac fi ;; esac archive_cmds_need_lc_F77=no hardcode_direct_F77=no hardcode_automatic_F77=yes hardcode_shlibpath_var_F77=unsupported whole_archive_flag_spec_F77='' link_all_deplibs_F77=yes if test "$GCC" = yes ; then output_verbose_link_cmd='echo' archive_cmds_F77="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" module_cmds_F77="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" archive_expsym_cmds_F77="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" module_expsym_cmds_F77="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" else case $cc_basename in xlc*) output_verbose_link_cmd='echo' archive_cmds_F77='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $xlcverstring' module_cmds_F77='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds archive_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $xlcverstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' module_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' ;; *) ld_shlibs_F77=no ;; esac fi ;; dgux*) archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec_F77='-L$libdir' hardcode_shlibpath_var_F77=no ;; freebsd1*) ld_shlibs_F77=no ;; # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little # extra space). freebsd2.2*) archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' hardcode_libdir_flag_spec_F77='-R$libdir' hardcode_direct_F77=yes hardcode_shlibpath_var_F77=no ;; # Unfortunately, older versions of FreeBSD 2 do not have this feature. freebsd2*) archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' hardcode_direct_F77=yes hardcode_minus_L_F77=yes hardcode_shlibpath_var_F77=no ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. freebsd* | dragonfly*) archive_cmds_F77='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec_F77='-R$libdir' hardcode_direct_F77=yes hardcode_shlibpath_var_F77=no ;; hpux9*) if test "$GCC" = yes; then archive_cmds_F77='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else archive_cmds_F77='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' fi hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir' hardcode_libdir_separator_F77=: hardcode_direct_F77=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L_F77=yes export_dynamic_flag_spec_F77='${wl}-E' ;; hpux10*) if test "$GCC" = yes -a "$with_gnu_ld" = no; then archive_cmds_F77='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds_F77='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi if test "$with_gnu_ld" = no; then hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir' hardcode_libdir_separator_F77=: hardcode_direct_F77=yes export_dynamic_flag_spec_F77='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L_F77=yes fi ;; hpux11*) if test "$GCC" = yes -a "$with_gnu_ld" = no; then case $host_cpu in hppa*64*) archive_cmds_F77='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) archive_cmds_F77='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) archive_cmds_F77='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else case $host_cpu in hppa*64*) archive_cmds_F77='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) archive_cmds_F77='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) archive_cmds_F77='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac fi if test "$with_gnu_ld" = no; then hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir' hardcode_libdir_separator_F77=: case $host_cpu in hppa*64*|ia64*) hardcode_libdir_flag_spec_ld_F77='+b $libdir' hardcode_direct_F77=no hardcode_shlibpath_var_F77=no ;; *) hardcode_direct_F77=yes export_dynamic_flag_spec_F77='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L_F77=yes ;; esac fi ;; irix5* | irix6* | nonstopux*) if test "$GCC" = yes; then archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else archive_cmds_F77='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' hardcode_libdir_flag_spec_ld_F77='-rpath $libdir' fi hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator_F77=: link_all_deplibs_F77=yes ;; netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else archive_cmds_F77='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF fi hardcode_libdir_flag_spec_F77='-R$libdir' hardcode_direct_F77=yes hardcode_shlibpath_var_F77=no ;; newsos6) archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct_F77=yes hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator_F77=: hardcode_shlibpath_var_F77=no ;; openbsd*) if test -f /usr/libexec/ld.so; then hardcode_direct_F77=yes hardcode_shlibpath_var_F77=no if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then archive_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir' export_dynamic_flag_spec_F77='${wl}-E' else case $host_os in openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec_F77='-R$libdir' ;; *) archive_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir' ;; esac fi else ld_shlibs_F77=no fi ;; os2*) hardcode_libdir_flag_spec_F77='-L$libdir' hardcode_minus_L_F77=yes allow_undefined_flag_F77=unsupported archive_cmds_F77='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' old_archive_From_new_cmds_F77='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' ;; osf3*) if test "$GCC" = yes; then allow_undefined_flag_F77=' ${wl}-expect_unresolved ${wl}\*' archive_cmds_F77='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else allow_undefined_flag_F77=' -expect_unresolved \*' archive_cmds_F77='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' fi hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator_F77=: ;; osf4* | osf5*) # as osf3* with the addition of -msym flag if test "$GCC" = yes; then allow_undefined_flag_F77=' ${wl}-expect_unresolved ${wl}\*' archive_cmds_F77='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir' else allow_undefined_flag_F77=' -expect_unresolved \*' archive_cmds_F77='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' archive_expsym_cmds_F77='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~ $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp' # Both c and cxx compiler support -rpath directly hardcode_libdir_flag_spec_F77='-rpath $libdir' fi hardcode_libdir_separator_F77=: ;; solaris*) no_undefined_flag_F77=' -z text' if test "$GCC" = yes; then wlarc='${wl}' archive_cmds_F77='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds_F77='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp' else wlarc='' archive_cmds_F77='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' archive_expsym_cmds_F77='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp' fi hardcode_libdir_flag_spec_F77='-R$libdir' hardcode_shlibpath_var_F77=no case $host_os in solaris2.[0-5] | solaris2.[0-5].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands `-z linker_flag'. GCC discards it without `$wl', # but is careful enough not to reorder. # Supported since Solaris 2.6 (maybe 2.5.1?) if test "$GCC" = yes; then whole_archive_flag_spec_F77='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' else whole_archive_flag_spec_F77='-z allextract$convenience -z defaultextract' fi ;; esac link_all_deplibs_F77=yes ;; sunos4*) if test "x$host_vendor" = xsequent; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. archive_cmds_F77='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds_F77='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi hardcode_libdir_flag_spec_F77='-L$libdir' hardcode_direct_F77=yes hardcode_minus_L_F77=yes hardcode_shlibpath_var_F77=no ;; sysv4) case $host_vendor in sni) archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct_F77=yes # is this really true??? ;; siemens) ## LD is ld it makes a PLAMLIB ## CC just makes a GrossModule. archive_cmds_F77='$LD -G -o $lib $libobjs $deplibs $linker_flags' reload_cmds_F77='$CC -r -o $output$reload_objs' hardcode_direct_F77=no ;; motorola) archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct_F77=no #Motorola manual says yes, but my tests say they lie ;; esac runpath_var='LD_RUN_PATH' hardcode_shlibpath_var_F77=no ;; sysv4.3*) archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_shlibpath_var_F77=no export_dynamic_flag_spec_F77='-Bexport' ;; sysv4*MP*) if test -d /usr/nec; then archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_shlibpath_var_F77=no runpath_var=LD_RUN_PATH hardcode_runpath_var=yes ld_shlibs_F77=yes fi ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) no_undefined_flag_F77='${wl}-z,text' archive_cmds_need_lc_F77=no hardcode_shlibpath_var_F77=no runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then archive_cmds_F77='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds_F77='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds_F77='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds_F77='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We can NOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. no_undefined_flag_F77='${wl}-z,text' allow_undefined_flag_F77='${wl}-z,nodefs' archive_cmds_need_lc_F77=no hardcode_shlibpath_var_F77=no hardcode_libdir_flag_spec_F77='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' hardcode_libdir_separator_F77=':' link_all_deplibs_F77=yes export_dynamic_flag_spec_F77='${wl}-Bexport' runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then archive_cmds_F77='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds_F77='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds_F77='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds_F77='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; uts4*) archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec_F77='-L$libdir' hardcode_shlibpath_var_F77=no ;; *) ld_shlibs_F77=no ;; esac fi { echo "$as_me:$LINENO: result: $ld_shlibs_F77" >&5 echo "${ECHO_T}$ld_shlibs_F77" >&6; } test "$ld_shlibs_F77" = no && can_build_shared=no # # Do we need to explicitly link libc? # case "x$archive_cmds_need_lc_F77" in x|xyes) # Assume -lc should be added archive_cmds_need_lc_F77=yes if test "$enable_shared" = yes && test "$GCC" = yes; then case $archive_cmds_F77 in *'~'*) # FIXME: we may have to deal with multi-command sequences. ;; '$CC '*) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5 echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; } $rm conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } 2>conftest.err; then soname=conftest lib=conftest libobjs=conftest.$ac_objext deplibs= wl=$lt_prog_compiler_wl_F77 pic_flag=$lt_prog_compiler_pic_F77 compiler_flags=-v linker_flags=-v verstring= output_objdir=. libname=conftest lt_save_allow_undefined_flag=$allow_undefined_flag_F77 allow_undefined_flag_F77= if { (eval echo "$as_me:$LINENO: \"$archive_cmds_F77 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5 (eval $archive_cmds_F77 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } then archive_cmds_need_lc_F77=no else archive_cmds_need_lc_F77=yes fi allow_undefined_flag_F77=$lt_save_allow_undefined_flag else cat conftest.err 1>&5 fi $rm conftest* { echo "$as_me:$LINENO: result: $archive_cmds_need_lc_F77" >&5 echo "${ECHO_T}$archive_cmds_need_lc_F77" >&6; } ;; esac fi ;; esac { echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5 echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; } library_names_spec= libname_spec='lib$name' soname_spec= shrext_cmds=".so" postinstall_cmds= postuninstall_cmds= finish_cmds= finish_eval= shlibpath_var= shlibpath_overrides_runpath=unknown version_type=none dynamic_linker="$host_os ld.so" sys_lib_dlsearch_path_spec="/lib /usr/lib" need_lib_prefix=unknown hardcode_into_libs=no # when you set need_version to no, make sure it does not cause -set_version # flags to be left without arguments need_version=unknown case $host_os in aix3*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. soname_spec='${libname}${release}${shared_ext}$major' ;; aix[4-9]*) version_type=linux need_lib_prefix=no need_version=no hardcode_into_libs=yes if test "$host_cpu" = ia64; then # AIX 5 supports IA64 library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with # the line `#! .'. This would cause the generated library to # depend on `.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[01] | aix4.[01].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then : else can_build_shared=no fi ;; esac # AIX (on Power*) has no versioning support, so currently we can not hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. if test "$aix_use_runtimelinking" = yes; then # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' else # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. library_names_spec='${libname}${release}.a $libname.a' soname_spec='${libname}${release}${shared_ext}$major' fi shlibpath_var=LIBPATH fi ;; amigaos*) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; beos*) library_names_spec='${libname}${shared_ext}' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; bsdi[45]*) version_type=linux need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" # the default ld.so.conf also contains /usr/contrib/lib and # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow # libtool to hard-code these into programs ;; cygwin* | mingw* | pw32*) version_type=windows shrext_cmds=".dll" need_version=no need_lib_prefix=no case $GCC,$host_os in yes,cygwin* | yes,mingw* | yes,pw32*) library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ chmod a+x \$dldir/$dlname' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $rm \$dlpath' shlibpath_overrides_runpath=yes case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" ;; mingw*) # MinGW DLLs use traditional 'lib' prefix soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then # It is most probably a Windows format PATH printed by # mingw gcc, but we are running on Cygwin. Gcc prints its search # path with ; separators, and with drive letters. We can handle the # drive letters (cygwin fileutils understands them), so leave them, # especially as we might pass files found there to a mingw objdump, # which wouldn't understand a cygwinified path. Ahh. sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` else sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' ;; esac ;; *) library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' ;; esac dynamic_linker='Win32 ld.exe' # FIXME: first we should search . and the directory the executable is in shlibpath_var=PATH ;; darwin* | rhapsody*) dynamic_linker="$host_os dyld" version_type=darwin need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext' soname_spec='${libname}${release}${major}$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' ;; dgux*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; freebsd1*) dynamic_linker=no ;; freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. if test -x /usr/bin/objformat; then objformat=`/usr/bin/objformat` else case $host_os in freebsd[123]*) objformat=aout ;; *) objformat=elf ;; esac fi version_type=freebsd-$objformat case $version_type in freebsd-elf*) library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' need_version=no need_lib_prefix=no ;; freebsd-*) library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' need_version=yes ;; esac shlibpath_var=LD_LIBRARY_PATH case $host_os in freebsd2*) shlibpath_overrides_runpath=yes ;; freebsd3.[01]* | freebsdelf3.[01]*) shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; *) # from 4.6 on, and DragonFly shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; esac ;; gnu*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH hardcode_into_libs=yes ;; hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. version_type=sunos need_lib_prefix=no need_version=no case $host_cpu in ia64*) shrext_cmds='.so' hardcode_into_libs=yes dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' if test "X$HPUX_IA64_MODE" = X32; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" fi sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' hardcode_into_libs=yes dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; *) shrext_cmds='.sl' dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555. postinstall_cmds='chmod 555 $lib' ;; interix[3-9]*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) if test "$lt_cv_prog_gnu_ld" = yes; then version_type=linux else version_type=irix fi ;; esac need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= ;; *) case $LD in # libtool.m4 will add one of these switches to LD *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= libmagic=32-bit;; *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 libmagic=N32;; *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 libmagic=64-bit;; *) libsuff= shlibsuff= libmagic=never-match;; esac ;; esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" hardcode_into_libs=yes ;; # No shared lib support for Linux oldld, aout, or coff. linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; # This must be Linux ELF. linux* | k*bsd*-gnu) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. hardcode_into_libs=yes # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on # powerpc, because MkLinux only supported shared libraries with the # GNU dynamic linker. Since this was broken with cross compilers, # most powerpc-linux boxes support dynamic linking these days and # people can always --disable-shared, the test was removed, and we # assume the GNU/Linux dynamic linker is in use. dynamic_linker='GNU/Linux ld.so' ;; netbsdelf*-gnu) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='NetBSD ld.elf_so' ;; netbsd*) version_type=sunos need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; newsos6) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; nto-qnx*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; openbsd*) version_type=sunos sys_lib_dlsearch_path_spec="/usr/lib" need_lib_prefix=no # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. case $host_os in openbsd3.3 | openbsd3.3.*) need_version=yes ;; *) need_version=no ;; esac library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' shlibpath_var=LD_LIBRARY_PATH if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then case $host_os in openbsd2.[89] | openbsd2.[89].*) shlibpath_overrides_runpath=no ;; *) shlibpath_overrides_runpath=yes ;; esac else shlibpath_overrides_runpath=yes fi ;; os2*) libname_spec='$name' shrext_cmds=".dll" need_lib_prefix=no library_names_spec='$libname${shared_ext} $libname.a' dynamic_linker='OS/2 ld.exe' shlibpath_var=LIBPATH ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" ;; rdos*) dynamic_linker=no ;; solaris*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes # ldd complains unless libraries are executable postinstall_cmds='chmod +x $lib' ;; sunos4*) version_type=sunos library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes if test "$with_gnu_ld" = yes; then need_lib_prefix=no fi need_version=yes ;; sysv4 | sysv4.3*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) shlibpath_overrides_runpath=no need_lib_prefix=no export_dynamic_flag_spec='${wl}-Blargedynsym' runpath_var=LD_RUN_PATH ;; siemens) need_lib_prefix=no ;; motorola) need_lib_prefix=no need_version=no shlibpath_overrides_runpath=no sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' ;; esac ;; sysv4*MP*) if test -d /usr/nec ;then version_type=linux library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' soname_spec='$libname${shared_ext}.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) version_type=freebsd-elf need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH hardcode_into_libs=yes if test "$with_gnu_ld" = yes; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' shlibpath_overrides_runpath=no else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' shlibpath_overrides_runpath=yes case $host_os in sco3.2v5*) sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" ;; esac fi sys_lib_dlsearch_path_spec='/usr/lib' ;; uts4*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; *) dynamic_linker=no ;; esac { echo "$as_me:$LINENO: result: $dynamic_linker" >&5 echo "${ECHO_T}$dynamic_linker" >&6; } test "$dynamic_linker" = no && can_build_shared=no if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_sys_lib_search_path_spec="$sys_lib_search_path_spec" fi sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec" fi sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" variables_saved_for_relink="PATH $shlibpath_var $runpath_var" if test "$GCC" = yes; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi { echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5 echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; } hardcode_action_F77= if test -n "$hardcode_libdir_flag_spec_F77" || \ test -n "$runpath_var_F77" || \ test "X$hardcode_automatic_F77" = "Xyes" ; then # We can hardcode non-existant directories. if test "$hardcode_direct_F77" != no && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, F77)" != no && test "$hardcode_minus_L_F77" != no; then # Linking always hardcodes the temporary library directory. hardcode_action_F77=relink else # We can link without hardcoding, and we can hardcode nonexisting dirs. hardcode_action_F77=immediate fi else # We cannot hardcode anything, or else we can only hardcode existing # directories. hardcode_action_F77=unsupported fi { echo "$as_me:$LINENO: result: $hardcode_action_F77" >&5 echo "${ECHO_T}$hardcode_action_F77" >&6; } if test "$hardcode_action_F77" = relink; then # Fast installation is not supported enable_fast_install=no elif test "$shlibpath_overrides_runpath" = yes || test "$enable_shared" = no; then # Fast installation is not necessary enable_fast_install=needless fi # The else clause should only fire when bootstrapping the # libtool distribution, otherwise you forgot to ship ltmain.sh # with your package, and you will get complaints that there are # no rules to generate ltmain.sh. if test -f "$ltmain"; then # See if we are running on zsh, and set the options which allow our commands through # without removal of \ escapes. if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi # Now quote all the things that may contain metacharacters while being # careful not to overquote the AC_SUBSTed values. We take copies of the # variables and quote the copies for generation of the libtool script. for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \ SED SHELL STRIP \ libname_spec library_names_spec soname_spec extract_expsyms_cmds \ old_striplib striplib file_magic_cmd finish_cmds finish_eval \ deplibs_check_method reload_flag reload_cmds need_locks \ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \ lt_cv_sys_global_symbol_to_c_name_address \ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \ old_postinstall_cmds old_postuninstall_cmds \ compiler_F77 \ CC_F77 \ LD_F77 \ lt_prog_compiler_wl_F77 \ lt_prog_compiler_pic_F77 \ lt_prog_compiler_static_F77 \ lt_prog_compiler_no_builtin_flag_F77 \ export_dynamic_flag_spec_F77 \ thread_safe_flag_spec_F77 \ whole_archive_flag_spec_F77 \ enable_shared_with_static_runtimes_F77 \ old_archive_cmds_F77 \ old_archive_from_new_cmds_F77 \ predep_objects_F77 \ postdep_objects_F77 \ predeps_F77 \ postdeps_F77 \ compiler_lib_search_path_F77 \ compiler_lib_search_dirs_F77 \ archive_cmds_F77 \ archive_expsym_cmds_F77 \ postinstall_cmds_F77 \ postuninstall_cmds_F77 \ old_archive_from_expsyms_cmds_F77 \ allow_undefined_flag_F77 \ no_undefined_flag_F77 \ export_symbols_cmds_F77 \ hardcode_libdir_flag_spec_F77 \ hardcode_libdir_flag_spec_ld_F77 \ hardcode_libdir_separator_F77 \ hardcode_automatic_F77 \ module_cmds_F77 \ module_expsym_cmds_F77 \ lt_cv_prog_compiler_c_o_F77 \ fix_srcfile_path_F77 \ exclude_expsyms_F77 \ include_expsyms_F77; do case $var in old_archive_cmds_F77 | \ old_archive_from_new_cmds_F77 | \ archive_cmds_F77 | \ archive_expsym_cmds_F77 | \ module_cmds_F77 | \ module_expsym_cmds_F77 | \ old_archive_from_expsyms_cmds_F77 | \ export_symbols_cmds_F77 | \ extract_expsyms_cmds | reload_cmds | finish_cmds | \ postinstall_cmds | postuninstall_cmds | \ old_postinstall_cmds | old_postuninstall_cmds | \ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec) # Double-quote double-evaled strings. eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" ;; *) eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" ;; esac done case $lt_echo in *'\$0 --fallback-echo"') lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'` ;; esac cfgfile="$ofile" cat <<__EOF__ >> "$cfgfile" # ### BEGIN LIBTOOL TAG CONFIG: $tagname # Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # Shell to use when invoking shell scripts. SHELL=$lt_SHELL # Whether or not to build shared libraries. build_libtool_libs=$enable_shared # Whether or not to build static libraries. build_old_libs=$enable_static # Whether or not to add -lc for building shared libraries. build_libtool_need_lc=$archive_cmds_need_lc_F77 # Whether or not to disallow shared libs when runtime libs are static allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_F77 # Whether or not to optimize for fast installation. fast_install=$enable_fast_install # The host system. host_alias=$host_alias host=$host host_os=$host_os # The build system. build_alias=$build_alias build=$build build_os=$build_os # An echo program that does not interpret backslashes. echo=$lt_echo # The archiver. AR=$lt_AR AR_FLAGS=$lt_AR_FLAGS # A C compiler. LTCC=$lt_LTCC # LTCC compiler flags. LTCFLAGS=$lt_LTCFLAGS # A language-specific compiler. CC=$lt_compiler_F77 # Is the compiler the GNU C compiler? with_gcc=$GCC_F77 # An ERE matcher. EGREP=$lt_EGREP # The linker used to build libraries. LD=$lt_LD_F77 # Whether we need hard or soft links. LN_S=$lt_LN_S # A BSD-compatible nm program. NM=$lt_NM # A symbol stripping program STRIP=$lt_STRIP # Used to examine libraries when file_magic_cmd begins "file" MAGIC_CMD=$MAGIC_CMD # Used on cygwin: DLL creation program. DLLTOOL="$DLLTOOL" # Used on cygwin: object dumper. OBJDUMP="$OBJDUMP" # Used on cygwin: assembler. AS="$AS" # The name of the directory that contains temporary libtool files. objdir=$objdir # How to create reloadable object files. reload_flag=$lt_reload_flag reload_cmds=$lt_reload_cmds # How to pass a linker flag through the compiler. wl=$lt_lt_prog_compiler_wl_F77 # Object file suffix (normally "o"). objext="$ac_objext" # Old archive suffix (normally "a"). libext="$libext" # Shared library suffix (normally ".so"). shrext_cmds='$shrext_cmds' # Executable file suffix (normally ""). exeext="$exeext" # Additional compiler flags for building library objects. pic_flag=$lt_lt_prog_compiler_pic_F77 pic_mode=$pic_mode # What is the maximum length of a command? max_cmd_len=$lt_cv_sys_max_cmd_len # Does compiler simultaneously support -c and -o options? compiler_c_o=$lt_lt_cv_prog_compiler_c_o_F77 # Must we lock files when doing compilation? need_locks=$lt_need_locks # Do we need the lib prefix for modules? need_lib_prefix=$need_lib_prefix # Do we need a version for libraries? need_version=$need_version # Whether dlopen is supported. dlopen_support=$enable_dlopen # Whether dlopen of programs is supported. dlopen_self=$enable_dlopen_self # Whether dlopen of statically linked programs is supported. dlopen_self_static=$enable_dlopen_self_static # Compiler flag to prevent dynamic linking. link_static_flag=$lt_lt_prog_compiler_static_F77 # Compiler flag to turn off builtin functions. no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_F77 # Compiler flag to allow reflexive dlopens. export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_F77 # Compiler flag to generate shared objects directly from archives. whole_archive_flag_spec=$lt_whole_archive_flag_spec_F77 # Compiler flag to generate thread-safe objects. thread_safe_flag_spec=$lt_thread_safe_flag_spec_F77 # Library versioning type. version_type=$version_type # Format of library name prefix. libname_spec=$lt_libname_spec # List of archive names. First name is the real one, the rest are links. # The last name is the one that the linker finds with -lNAME. library_names_spec=$lt_library_names_spec # The coded name of the library, if different from the real name. soname_spec=$lt_soname_spec # Commands used to build and install an old-style archive. RANLIB=$lt_RANLIB old_archive_cmds=$lt_old_archive_cmds_F77 old_postinstall_cmds=$lt_old_postinstall_cmds old_postuninstall_cmds=$lt_old_postuninstall_cmds # Create an old-style archive from a shared archive. old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_F77 # Create a temporary old-style archive to link instead of a shared archive. old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_F77 # Commands used to build and install a shared archive. archive_cmds=$lt_archive_cmds_F77 archive_expsym_cmds=$lt_archive_expsym_cmds_F77 postinstall_cmds=$lt_postinstall_cmds postuninstall_cmds=$lt_postuninstall_cmds # Commands used to build a loadable module (assumed same as above if empty) module_cmds=$lt_module_cmds_F77 module_expsym_cmds=$lt_module_expsym_cmds_F77 # Commands to strip libraries. old_striplib=$lt_old_striplib striplib=$lt_striplib # Dependencies to place before the objects being linked to create a # shared library. predep_objects=$lt_predep_objects_F77 # Dependencies to place after the objects being linked to create a # shared library. postdep_objects=$lt_postdep_objects_F77 # Dependencies to place before the objects being linked to create a # shared library. predeps=$lt_predeps_F77 # Dependencies to place after the objects being linked to create a # shared library. postdeps=$lt_postdeps_F77 # The directories searched by this compiler when creating a shared # library compiler_lib_search_dirs=$lt_compiler_lib_search_dirs_F77 # The library search path used internally by the compiler when linking # a shared library. compiler_lib_search_path=$lt_compiler_lib_search_path_F77 # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method # Command to use when deplibs_check_method == file_magic. file_magic_cmd=$lt_file_magic_cmd # Flag that allows shared libraries with undefined symbols to be built. allow_undefined_flag=$lt_allow_undefined_flag_F77 # Flag that forces no undefined symbols. no_undefined_flag=$lt_no_undefined_flag_F77 # Commands used to finish a libtool library installation in a directory. finish_cmds=$lt_finish_cmds # Same as above, but a single script fragment to be evaled but not shown. finish_eval=$lt_finish_eval # Take the output of nm and produce a listing of raw symbols and C names. global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe # Transform the output of nm in a proper C declaration global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl # Transform the output of nm in a C name address pair global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address # This is the shared library runtime path variable. runpath_var=$runpath_var # This is the shared library path variable. shlibpath_var=$shlibpath_var # Is shlibpath searched before the hard-coded library search path? shlibpath_overrides_runpath=$shlibpath_overrides_runpath # How to hardcode a shared library path into an executable. hardcode_action=$hardcode_action_F77 # Whether we should hardcode library paths into libraries. hardcode_into_libs=$hardcode_into_libs # Flag to hardcode \$libdir into a binary during linking. # This must work even if \$libdir does not exist. hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_F77 # If ld is used when linking, flag to hardcode \$libdir into # a binary during linking. This must work even if \$libdir does # not exist. hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_F77 # Whether we need a single -rpath flag with a separated argument. hardcode_libdir_separator=$lt_hardcode_libdir_separator_F77 # Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the # resulting binary. hardcode_direct=$hardcode_direct_F77 # Set to yes if using the -LDIR flag during linking hardcodes DIR into the # resulting binary. hardcode_minus_L=$hardcode_minus_L_F77 # Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into # the resulting binary. hardcode_shlibpath_var=$hardcode_shlibpath_var_F77 # Set to yes if building a shared library automatically hardcodes DIR into the library # and all subsequent libraries and executables linked against it. hardcode_automatic=$hardcode_automatic_F77 # Variables whose values should be saved in libtool wrapper scripts and # restored at relink time. variables_saved_for_relink="$variables_saved_for_relink" # Whether libtool must link a program against all its dependency libraries. link_all_deplibs=$link_all_deplibs_F77 # Compile-time system search path for libraries sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec # Fix the shell variable \$srcfile for the compiler. fix_srcfile_path=$lt_fix_srcfile_path # Set to yes if exported symbols are required. always_export_symbols=$always_export_symbols_F77 # The commands to list exported symbols. export_symbols_cmds=$lt_export_symbols_cmds_F77 # The commands to extract the exported symbol list from a shared archive. extract_expsyms_cmds=$lt_extract_expsyms_cmds # Symbols that should not be listed in the preloaded symbols. exclude_expsyms=$lt_exclude_expsyms_F77 # Symbols that must always be exported. include_expsyms=$lt_include_expsyms_F77 # ### END LIBTOOL TAG CONFIG: $tagname __EOF__ else # If there is no Makefile yet, we rely on a make rule to execute # `config.status --recheck' to rerun these tests and create the # libtool script then. ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'` if test -f "$ltmain_in"; then test -f Makefile && make "$ltmain" fi fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu CC="$lt_save_CC" else tagname="" fi ;; GCJ) if test -n "$GCJ" && test "X$GCJ" != "Xno"; then # Source file extension for Java test sources. ac_ext=java # Object file extension for compiled Java test sources. objext=o objext_GCJ=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="class foo {}" # Code to be used in simple link tests lt_simple_link_test_code='public class conftest { public static void main(String[] argv) {}; }' # ltmain only uses $CC for tagged configurations so make sure $CC is set. # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC # save warnings/boilerplate of simple test code ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" >conftest.$ac_ext eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_compiler_boilerplate=`cat conftest.err` $rm conftest* ac_outfile=conftest.$ac_objext echo "$lt_simple_link_test_code" >conftest.$ac_ext eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_linker_boilerplate=`cat conftest.err` $rm -r conftest* # Allow CC to be a program name with arguments. lt_save_CC="$CC" CC=${GCJ-"gcj"} compiler=$CC compiler_GCJ=$CC for cc_temp in $compiler""; do case $cc_temp in compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` # GCJ did not exist at the time GCC didn't implicitly link libc in. archive_cmds_need_lc_GCJ=no old_archive_cmds_GCJ=$old_archive_cmds lt_prog_compiler_no_builtin_flag_GCJ= if test "$GCC" = yes; then lt_prog_compiler_no_builtin_flag_GCJ=' -fno-builtin' { echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6; } if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_prog_compiler_rtti_exceptions=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-fno-rtti -fno-exceptions" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:16881: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 echo "$as_me:16885: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_rtti_exceptions=yes fi fi $rm conftest* fi { echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 echo "${ECHO_T}$lt_cv_prog_compiler_rtti_exceptions" >&6; } if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then lt_prog_compiler_no_builtin_flag_GCJ="$lt_prog_compiler_no_builtin_flag_GCJ -fno-rtti -fno-exceptions" else : fi fi lt_prog_compiler_wl_GCJ= lt_prog_compiler_pic_GCJ= lt_prog_compiler_static_GCJ= { echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5 echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } if test "$GCC" = yes; then lt_prog_compiler_wl_GCJ='-Wl,' lt_prog_compiler_static_GCJ='-static' case $host_os in aix*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor lt_prog_compiler_static_GCJ='-Bstatic' fi ;; amigaos*) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. lt_prog_compiler_pic_GCJ='-m68020 -resident32 -malways-restore-a4' ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files lt_prog_compiler_pic_GCJ='-fno-common' ;; interix[3-9]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; msdosdjgpp*) # Just because we use GCC doesn't mean we suddenly get shared libraries # on systems that don't support them. lt_prog_compiler_can_build_shared_GCJ=no enable_shared=no ;; sysv4*MP*) if test -d /usr/nec; then lt_prog_compiler_pic_GCJ=-Kconform_pic fi ;; hpux*) # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) lt_prog_compiler_pic_GCJ='-fPIC' ;; esac ;; *) lt_prog_compiler_pic_GCJ='-fPIC' ;; esac else # PORTME Check for flag to pass linker flags through the system compiler. case $host_os in aix*) lt_prog_compiler_wl_GCJ='-Wl,' if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor lt_prog_compiler_static_GCJ='-Bstatic' else lt_prog_compiler_static_GCJ='-bnso -bI:/lib/syscalls.exp' fi ;; darwin*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files case $cc_basename in xlc*) lt_prog_compiler_pic_GCJ='-qnocommon' lt_prog_compiler_wl_GCJ='-Wl,' ;; esac ;; mingw* | cygwin* | pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). ;; hpux9* | hpux10* | hpux11*) lt_prog_compiler_wl_GCJ='-Wl,' # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) lt_prog_compiler_pic_GCJ='+Z' ;; esac # Is there a better lt_prog_compiler_static that works with the bundled CC? lt_prog_compiler_static_GCJ='${wl}-a ${wl}archive' ;; irix5* | irix6* | nonstopux*) lt_prog_compiler_wl_GCJ='-Wl,' # PIC (with -KPIC) is the default. lt_prog_compiler_static_GCJ='-non_shared' ;; newsos6) lt_prog_compiler_pic_GCJ='-KPIC' lt_prog_compiler_static_GCJ='-Bstatic' ;; linux* | k*bsd*-gnu) case $cc_basename in icc* | ecc*) lt_prog_compiler_wl_GCJ='-Wl,' lt_prog_compiler_pic_GCJ='-KPIC' lt_prog_compiler_static_GCJ='-static' ;; pgcc* | pgf77* | pgf90* | pgf95*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) lt_prog_compiler_wl_GCJ='-Wl,' lt_prog_compiler_pic_GCJ='-fpic' lt_prog_compiler_static_GCJ='-Bstatic' ;; ccc*) lt_prog_compiler_wl_GCJ='-Wl,' # All Alpha code is PIC. lt_prog_compiler_static_GCJ='-non_shared' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 lt_prog_compiler_pic_GCJ='-KPIC' lt_prog_compiler_static_GCJ='-Bstatic' lt_prog_compiler_wl_GCJ='-Wl,' ;; *Sun\ F*) # Sun Fortran 8.3 passes all unrecognized flags to the linker lt_prog_compiler_pic_GCJ='-KPIC' lt_prog_compiler_static_GCJ='-Bstatic' lt_prog_compiler_wl_GCJ='' ;; esac ;; esac ;; osf3* | osf4* | osf5*) lt_prog_compiler_wl_GCJ='-Wl,' # All OSF/1 code is PIC. lt_prog_compiler_static_GCJ='-non_shared' ;; rdos*) lt_prog_compiler_static_GCJ='-non_shared' ;; solaris*) lt_prog_compiler_pic_GCJ='-KPIC' lt_prog_compiler_static_GCJ='-Bstatic' case $cc_basename in f77* | f90* | f95*) lt_prog_compiler_wl_GCJ='-Qoption ld ';; *) lt_prog_compiler_wl_GCJ='-Wl,';; esac ;; sunos4*) lt_prog_compiler_wl_GCJ='-Qoption ld ' lt_prog_compiler_pic_GCJ='-PIC' lt_prog_compiler_static_GCJ='-Bstatic' ;; sysv4 | sysv4.2uw2* | sysv4.3*) lt_prog_compiler_wl_GCJ='-Wl,' lt_prog_compiler_pic_GCJ='-KPIC' lt_prog_compiler_static_GCJ='-Bstatic' ;; sysv4*MP*) if test -d /usr/nec ;then lt_prog_compiler_pic_GCJ='-Kconform_pic' lt_prog_compiler_static_GCJ='-Bstatic' fi ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) lt_prog_compiler_wl_GCJ='-Wl,' lt_prog_compiler_pic_GCJ='-KPIC' lt_prog_compiler_static_GCJ='-Bstatic' ;; unicos*) lt_prog_compiler_wl_GCJ='-Wl,' lt_prog_compiler_can_build_shared_GCJ=no ;; uts4*) lt_prog_compiler_pic_GCJ='-pic' lt_prog_compiler_static_GCJ='-Bstatic' ;; *) lt_prog_compiler_can_build_shared_GCJ=no ;; esac fi { echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_GCJ" >&5 echo "${ECHO_T}$lt_prog_compiler_pic_GCJ" >&6; } # # Check to make sure the PIC flag actually works. # if test -n "$lt_prog_compiler_pic_GCJ"; then { echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_GCJ works" >&5 echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_GCJ works... $ECHO_C" >&6; } if test "${lt_cv_prog_compiler_pic_works_GCJ+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_prog_compiler_pic_works_GCJ=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="$lt_prog_compiler_pic_GCJ" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:17171: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 echo "$as_me:17175: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_pic_works_GCJ=yes fi fi $rm conftest* fi { echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_pic_works_GCJ" >&5 echo "${ECHO_T}$lt_cv_prog_compiler_pic_works_GCJ" >&6; } if test x"$lt_cv_prog_compiler_pic_works_GCJ" = xyes; then case $lt_prog_compiler_pic_GCJ in "" | " "*) ;; *) lt_prog_compiler_pic_GCJ=" $lt_prog_compiler_pic_GCJ" ;; esac else lt_prog_compiler_pic_GCJ= lt_prog_compiler_can_build_shared_GCJ=no fi fi case $host_os in # For platforms which do not support PIC, -DPIC is meaningless: *djgpp*) lt_prog_compiler_pic_GCJ= ;; *) lt_prog_compiler_pic_GCJ="$lt_prog_compiler_pic_GCJ" ;; esac # # Check to make sure the static flag actually works. # wl=$lt_prog_compiler_wl_GCJ eval lt_tmp_static_flag=\"$lt_prog_compiler_static_GCJ\" { echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5 echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; } if test "${lt_cv_prog_compiler_static_works_GCJ+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_prog_compiler_static_works_GCJ=no save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS $lt_tmp_static_flag" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&5 $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_static_works_GCJ=yes fi else lt_cv_prog_compiler_static_works_GCJ=yes fi fi $rm -r conftest* LDFLAGS="$save_LDFLAGS" fi { echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_static_works_GCJ" >&5 echo "${ECHO_T}$lt_cv_prog_compiler_static_works_GCJ" >&6; } if test x"$lt_cv_prog_compiler_static_works_GCJ" = xyes; then : else lt_prog_compiler_static_GCJ= fi { echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5 echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; } if test "${lt_cv_prog_compiler_c_o_GCJ+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_prog_compiler_c_o_GCJ=no $rm -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:17275: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 echo "$as_me:17279: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then lt_cv_prog_compiler_c_o_GCJ=yes fi fi chmod u+w . 2>&5 $rm conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files $rm out/* && rmdir out cd .. rmdir conftest $rm conftest* fi { echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_GCJ" >&5 echo "${ECHO_T}$lt_cv_prog_compiler_c_o_GCJ" >&6; } hard_links="nottested" if test "$lt_cv_prog_compiler_c_o_GCJ" = no && test "$need_locks" != no; then # do not overwrite the value of need_locks provided by the user { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5 echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; } hard_links=yes $rm conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no { echo "$as_me:$LINENO: result: $hard_links" >&5 echo "${ECHO_T}$hard_links" >&6; } if test "$hard_links" = no; then { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} need_locks=warn fi else need_locks=no fi { echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5 echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; } runpath_var= allow_undefined_flag_GCJ= enable_shared_with_static_runtimes_GCJ=no archive_cmds_GCJ= archive_expsym_cmds_GCJ= old_archive_From_new_cmds_GCJ= old_archive_from_expsyms_cmds_GCJ= export_dynamic_flag_spec_GCJ= whole_archive_flag_spec_GCJ= thread_safe_flag_spec_GCJ= hardcode_libdir_flag_spec_GCJ= hardcode_libdir_flag_spec_ld_GCJ= hardcode_libdir_separator_GCJ= hardcode_direct_GCJ=no hardcode_minus_L_GCJ=no hardcode_shlibpath_var_GCJ=unsupported link_all_deplibs_GCJ=unknown hardcode_automatic_GCJ=no module_cmds_GCJ= module_expsym_cmds_GCJ= always_export_symbols_GCJ=no export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' # include_expsyms should be a list of space-separated symbols to be *always* # included in the symbol list include_expsyms_GCJ= # exclude_expsyms can be an extended regexp of symbols to exclude # it will be wrapped by ` (' and `)$', so one must not match beginning or # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', # as well as any symbol that contains `d'. exclude_expsyms_GCJ='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if # the symbol is explicitly referenced. Since portable code cannot # rely on this symbol name, it's probably fine to never include it in # preloaded symbol tables. # Exclude shared library initialization/finalization symbols. extract_expsyms_cmds= # Just being paranoid about ensuring that cc_basename is set. for cc_temp in $compiler""; do case $cc_temp in compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` case $host_os in cygwin* | mingw* | pw32*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. if test "$GCC" != yes; then with_gnu_ld=no fi ;; interix*) # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; openbsd*) with_gnu_ld=no ;; esac ld_shlibs_GCJ=yes if test "$with_gnu_ld" = yes; then # If archive_cmds runs LD, not CC, wlarc should be empty wlarc='${wl}' # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH hardcode_libdir_flag_spec_GCJ='${wl}--rpath ${wl}$libdir' export_dynamic_flag_spec_GCJ='${wl}--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then whole_archive_flag_spec_GCJ="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else whole_archive_flag_spec_GCJ= fi supports_anon_versioning=no case `$LD -v 2>/dev/null` in *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... *\ 2.11.*) ;; # other 2.11 versions *) supports_anon_versioning=yes ;; esac # See if GNU ld supports shared libraries. case $host_os in aix[3-9]*) # On AIX/PPC, the GNU linker is very broken if test "$host_cpu" != ia64; then ld_shlibs_GCJ=no cat <&2 *** Warning: the GNU linker, at least up to release 2.9.1, is reported *** to be unable to reliably create shared libraries on AIX. *** Therefore, libtool is disabling shared libraries support. If you *** really care for shared libraries, you may want to modify your PATH *** so that a non-GNU linker is found, and then restart. EOF fi ;; amigaos*) archive_cmds_GCJ='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' hardcode_libdir_flag_spec_GCJ='-L$libdir' hardcode_minus_L_GCJ=yes # Samuel A. Falvo II reports # that the semantics of dynamic libraries on AmigaOS, at least up # to version 4, is to share data among multiple programs linked # with the same dynamic library. Since this doesn't match the # behavior of shared libraries on other platforms, we can't use # them. ld_shlibs_GCJ=no ;; beos*) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then allow_undefined_flag_GCJ=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME archive_cmds_GCJ='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' else ld_shlibs_GCJ=no fi ;; cygwin* | mingw* | pw32*) # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, GCJ) is actually meaningless, # as there is no search path for DLLs. hardcode_libdir_flag_spec_GCJ='-L$libdir' allow_undefined_flag_GCJ=unsupported always_export_symbols_GCJ=no enable_shared_with_static_runtimes_GCJ=yes export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/'\'' -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds_GCJ='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else ld_shlibs_GCJ=no fi ;; interix[3-9]*) hardcode_direct_GCJ=no hardcode_shlibpath_var_GCJ=no hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir' export_dynamic_flag_spec_GCJ='${wl}-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. archive_cmds_GCJ='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' archive_expsym_cmds_GCJ='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | k*bsd*-gnu) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then tmp_addflag= case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler whole_archive_flag_spec_GCJ='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag' ;; pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers whole_archive_flag_spec_GCJ='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 tmp_addflag=' -i_dynamic -nofor_main' ;; ifc* | ifort*) # Intel Fortran compiler tmp_addflag=' -nofor_main' ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 whole_archive_flag_spec_GCJ='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; *) tmp_sharedflag='-shared' ;; esac archive_cmds_GCJ='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' if test $supports_anon_versioning = yes; then archive_expsym_cmds_GCJ='$echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ $echo "local: *; };" >> $output_objdir/$libname.ver~ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' fi link_all_deplibs_GCJ=no else ld_shlibs_GCJ=no fi ;; netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then archive_cmds_GCJ='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' fi ;; solaris*) if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then ld_shlibs_GCJ=no cat <&2 *** Warning: The releases 2.8.* of the GNU linker cannot reliably *** create shared libraries on Solaris systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.9.1 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. EOF elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs_GCJ=no fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) case `$LD -v 2>&1` in *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) ld_shlibs_GCJ=no cat <<_LT_EOF 1>&2 *** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not *** reliably create shared libraries on SCO systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.16.91.0.3 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF ;; *) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then hardcode_libdir_flag_spec_GCJ='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`' archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib' archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib' else ld_shlibs_GCJ=no fi ;; esac ;; sunos4*) archive_cmds_GCJ='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' wlarc= hardcode_direct_GCJ=yes hardcode_shlibpath_var_GCJ=no ;; *) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs_GCJ=no fi ;; esac if test "$ld_shlibs_GCJ" = no; then runpath_var= hardcode_libdir_flag_spec_GCJ= export_dynamic_flag_spec_GCJ= whole_archive_flag_spec_GCJ= fi else # PORTME fill in a description of your system's linker (not GNU ld) case $host_os in aix3*) allow_undefined_flag_GCJ=unsupported always_export_symbols_GCJ=yes archive_expsym_cmds_GCJ='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. hardcode_minus_L_GCJ=yes if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. hardcode_direct_GCJ=unsupported fi ;; aix[4-9]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag="" else # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm if $NM -V 2>&1 | grep 'GNU' > /dev/null; then export_symbols_cmds_GCJ='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' else export_symbols_cmds_GCJ='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) for ld_flag in $LDFLAGS; do if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then aix_use_runtimelinking=yes break fi done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. archive_cmds_GCJ='' hardcode_direct_GCJ=yes hardcode_libdir_separator_GCJ=':' link_all_deplibs_GCJ=yes if test "$GCC" = yes; then case $host_os in aix4.[012]|aix4.[012].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && \ strings "$collect2name" | grep resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 hardcode_direct_GCJ=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking hardcode_minus_L_GCJ=yes hardcode_libdir_flag_spec_GCJ='-L$libdir' hardcode_libdir_separator_GCJ= fi ;; esac shared_flag='-shared' if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi else # not using gcc if test "$host_cpu" = ia64; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' fi fi fi # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. always_export_symbols_GCJ=yes if test "$aix_use_runtimelinking" = yes; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. allow_undefined_flag_GCJ='-berok' # Determine the default libpath from the value encoded in an empty executable. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/ p } }' aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi hardcode_libdir_flag_spec_GCJ='${wl}-blibpath:$libdir:'"$aix_libpath" archive_expsym_cmds_GCJ="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then hardcode_libdir_flag_spec_GCJ='${wl}-R $libdir:/usr/lib:/lib' allow_undefined_flag_GCJ="-z nodefs" archive_expsym_cmds_GCJ="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an empty executable. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/ p } }' aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi hardcode_libdir_flag_spec_GCJ='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. no_undefined_flag_GCJ=' ${wl}-bernotok' allow_undefined_flag_GCJ=' ${wl}-berok' # Exported symbols can be pulled into shared objects from archives whole_archive_flag_spec_GCJ='$convenience' archive_cmds_need_lc_GCJ=yes # This is similar to how AIX traditionally builds its shared libraries. archive_expsym_cmds_GCJ="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; amigaos*) archive_cmds_GCJ='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' hardcode_libdir_flag_spec_GCJ='-L$libdir' hardcode_minus_L_GCJ=yes # see comment about different semantics on the GNU ld section ld_shlibs_GCJ=no ;; bsdi[45]*) export_dynamic_flag_spec_GCJ=-rdynamic ;; cygwin* | mingw* | pw32*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. hardcode_libdir_flag_spec_GCJ=' ' allow_undefined_flag_GCJ=unsupported # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. archive_cmds_GCJ='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. old_archive_From_new_cmds_GCJ='true' # FIXME: Should let the user specify the lib program. old_archive_cmds_GCJ='lib -OUT:$oldlib$oldobjs$old_deplibs' fix_srcfile_path_GCJ='`cygpath -w "$srcfile"`' enable_shared_with_static_runtimes_GCJ=yes ;; darwin* | rhapsody*) case $host_os in rhapsody* | darwin1.[012]) allow_undefined_flag_GCJ='${wl}-undefined ${wl}suppress' ;; *) # Darwin 1.3 on if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then allow_undefined_flag_GCJ='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' else case ${MACOSX_DEPLOYMENT_TARGET} in 10.[012]) allow_undefined_flag_GCJ='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; 10.*) allow_undefined_flag_GCJ='${wl}-undefined ${wl}dynamic_lookup' ;; esac fi ;; esac archive_cmds_need_lc_GCJ=no hardcode_direct_GCJ=no hardcode_automatic_GCJ=yes hardcode_shlibpath_var_GCJ=unsupported whole_archive_flag_spec_GCJ='' link_all_deplibs_GCJ=yes if test "$GCC" = yes ; then output_verbose_link_cmd='echo' archive_cmds_GCJ="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" module_cmds_GCJ="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" archive_expsym_cmds_GCJ="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" module_expsym_cmds_GCJ="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" else case $cc_basename in xlc*) output_verbose_link_cmd='echo' archive_cmds_GCJ='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $xlcverstring' module_cmds_GCJ='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds archive_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $xlcverstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' module_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' ;; *) ld_shlibs_GCJ=no ;; esac fi ;; dgux*) archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec_GCJ='-L$libdir' hardcode_shlibpath_var_GCJ=no ;; freebsd1*) ld_shlibs_GCJ=no ;; # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little # extra space). freebsd2.2*) archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' hardcode_libdir_flag_spec_GCJ='-R$libdir' hardcode_direct_GCJ=yes hardcode_shlibpath_var_GCJ=no ;; # Unfortunately, older versions of FreeBSD 2 do not have this feature. freebsd2*) archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' hardcode_direct_GCJ=yes hardcode_minus_L_GCJ=yes hardcode_shlibpath_var_GCJ=no ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. freebsd* | dragonfly*) archive_cmds_GCJ='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec_GCJ='-R$libdir' hardcode_direct_GCJ=yes hardcode_shlibpath_var_GCJ=no ;; hpux9*) if test "$GCC" = yes; then archive_cmds_GCJ='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else archive_cmds_GCJ='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' fi hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir' hardcode_libdir_separator_GCJ=: hardcode_direct_GCJ=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L_GCJ=yes export_dynamic_flag_spec_GCJ='${wl}-E' ;; hpux10*) if test "$GCC" = yes -a "$with_gnu_ld" = no; then archive_cmds_GCJ='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds_GCJ='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi if test "$with_gnu_ld" = no; then hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir' hardcode_libdir_separator_GCJ=: hardcode_direct_GCJ=yes export_dynamic_flag_spec_GCJ='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L_GCJ=yes fi ;; hpux11*) if test "$GCC" = yes -a "$with_gnu_ld" = no; then case $host_cpu in hppa*64*) archive_cmds_GCJ='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) archive_cmds_GCJ='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) archive_cmds_GCJ='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else case $host_cpu in hppa*64*) archive_cmds_GCJ='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) archive_cmds_GCJ='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) archive_cmds_GCJ='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac fi if test "$with_gnu_ld" = no; then hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir' hardcode_libdir_separator_GCJ=: case $host_cpu in hppa*64*|ia64*) hardcode_libdir_flag_spec_ld_GCJ='+b $libdir' hardcode_direct_GCJ=no hardcode_shlibpath_var_GCJ=no ;; *) hardcode_direct_GCJ=yes export_dynamic_flag_spec_GCJ='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L_GCJ=yes ;; esac fi ;; irix5* | irix6* | nonstopux*) if test "$GCC" = yes; then archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else archive_cmds_GCJ='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' hardcode_libdir_flag_spec_ld_GCJ='-rpath $libdir' fi hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator_GCJ=: link_all_deplibs_GCJ=yes ;; netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else archive_cmds_GCJ='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF fi hardcode_libdir_flag_spec_GCJ='-R$libdir' hardcode_direct_GCJ=yes hardcode_shlibpath_var_GCJ=no ;; newsos6) archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct_GCJ=yes hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator_GCJ=: hardcode_shlibpath_var_GCJ=no ;; openbsd*) if test -f /usr/libexec/ld.so; then hardcode_direct_GCJ=yes hardcode_shlibpath_var_GCJ=no if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then archive_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir' export_dynamic_flag_spec_GCJ='${wl}-E' else case $host_os in openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec_GCJ='-R$libdir' ;; *) archive_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir' ;; esac fi else ld_shlibs_GCJ=no fi ;; os2*) hardcode_libdir_flag_spec_GCJ='-L$libdir' hardcode_minus_L_GCJ=yes allow_undefined_flag_GCJ=unsupported archive_cmds_GCJ='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' old_archive_From_new_cmds_GCJ='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' ;; osf3*) if test "$GCC" = yes; then allow_undefined_flag_GCJ=' ${wl}-expect_unresolved ${wl}\*' archive_cmds_GCJ='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else allow_undefined_flag_GCJ=' -expect_unresolved \*' archive_cmds_GCJ='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' fi hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator_GCJ=: ;; osf4* | osf5*) # as osf3* with the addition of -msym flag if test "$GCC" = yes; then allow_undefined_flag_GCJ=' ${wl}-expect_unresolved ${wl}\*' archive_cmds_GCJ='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir' else allow_undefined_flag_GCJ=' -expect_unresolved \*' archive_cmds_GCJ='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' archive_expsym_cmds_GCJ='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~ $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp' # Both c and cxx compiler support -rpath directly hardcode_libdir_flag_spec_GCJ='-rpath $libdir' fi hardcode_libdir_separator_GCJ=: ;; solaris*) no_undefined_flag_GCJ=' -z text' if test "$GCC" = yes; then wlarc='${wl}' archive_cmds_GCJ='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds_GCJ='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp' else wlarc='' archive_cmds_GCJ='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' archive_expsym_cmds_GCJ='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp' fi hardcode_libdir_flag_spec_GCJ='-R$libdir' hardcode_shlibpath_var_GCJ=no case $host_os in solaris2.[0-5] | solaris2.[0-5].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands `-z linker_flag'. GCC discards it without `$wl', # but is careful enough not to reorder. # Supported since Solaris 2.6 (maybe 2.5.1?) if test "$GCC" = yes; then whole_archive_flag_spec_GCJ='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' else whole_archive_flag_spec_GCJ='-z allextract$convenience -z defaultextract' fi ;; esac link_all_deplibs_GCJ=yes ;; sunos4*) if test "x$host_vendor" = xsequent; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. archive_cmds_GCJ='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds_GCJ='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi hardcode_libdir_flag_spec_GCJ='-L$libdir' hardcode_direct_GCJ=yes hardcode_minus_L_GCJ=yes hardcode_shlibpath_var_GCJ=no ;; sysv4) case $host_vendor in sni) archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct_GCJ=yes # is this really true??? ;; siemens) ## LD is ld it makes a PLAMLIB ## CC just makes a GrossModule. archive_cmds_GCJ='$LD -G -o $lib $libobjs $deplibs $linker_flags' reload_cmds_GCJ='$CC -r -o $output$reload_objs' hardcode_direct_GCJ=no ;; motorola) archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct_GCJ=no #Motorola manual says yes, but my tests say they lie ;; esac runpath_var='LD_RUN_PATH' hardcode_shlibpath_var_GCJ=no ;; sysv4.3*) archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_shlibpath_var_GCJ=no export_dynamic_flag_spec_GCJ='-Bexport' ;; sysv4*MP*) if test -d /usr/nec; then archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_shlibpath_var_GCJ=no runpath_var=LD_RUN_PATH hardcode_runpath_var=yes ld_shlibs_GCJ=yes fi ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) no_undefined_flag_GCJ='${wl}-z,text' archive_cmds_need_lc_GCJ=no hardcode_shlibpath_var_GCJ=no runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then archive_cmds_GCJ='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds_GCJ='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds_GCJ='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds_GCJ='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We can NOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. no_undefined_flag_GCJ='${wl}-z,text' allow_undefined_flag_GCJ='${wl}-z,nodefs' archive_cmds_need_lc_GCJ=no hardcode_shlibpath_var_GCJ=no hardcode_libdir_flag_spec_GCJ='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' hardcode_libdir_separator_GCJ=':' link_all_deplibs_GCJ=yes export_dynamic_flag_spec_GCJ='${wl}-Bexport' runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then archive_cmds_GCJ='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds_GCJ='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds_GCJ='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds_GCJ='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; uts4*) archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec_GCJ='-L$libdir' hardcode_shlibpath_var_GCJ=no ;; *) ld_shlibs_GCJ=no ;; esac fi { echo "$as_me:$LINENO: result: $ld_shlibs_GCJ" >&5 echo "${ECHO_T}$ld_shlibs_GCJ" >&6; } test "$ld_shlibs_GCJ" = no && can_build_shared=no # # Do we need to explicitly link libc? # case "x$archive_cmds_need_lc_GCJ" in x|xyes) # Assume -lc should be added archive_cmds_need_lc_GCJ=yes if test "$enable_shared" = yes && test "$GCC" = yes; then case $archive_cmds_GCJ in *'~'*) # FIXME: we may have to deal with multi-command sequences. ;; '$CC '*) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5 echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; } $rm conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } 2>conftest.err; then soname=conftest lib=conftest libobjs=conftest.$ac_objext deplibs= wl=$lt_prog_compiler_wl_GCJ pic_flag=$lt_prog_compiler_pic_GCJ compiler_flags=-v linker_flags=-v verstring= output_objdir=. libname=conftest lt_save_allow_undefined_flag=$allow_undefined_flag_GCJ allow_undefined_flag_GCJ= if { (eval echo "$as_me:$LINENO: \"$archive_cmds_GCJ 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5 (eval $archive_cmds_GCJ 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } then archive_cmds_need_lc_GCJ=no else archive_cmds_need_lc_GCJ=yes fi allow_undefined_flag_GCJ=$lt_save_allow_undefined_flag else cat conftest.err 1>&5 fi $rm conftest* { echo "$as_me:$LINENO: result: $archive_cmds_need_lc_GCJ" >&5 echo "${ECHO_T}$archive_cmds_need_lc_GCJ" >&6; } ;; esac fi ;; esac { echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5 echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; } library_names_spec= libname_spec='lib$name' soname_spec= shrext_cmds=".so" postinstall_cmds= postuninstall_cmds= finish_cmds= finish_eval= shlibpath_var= shlibpath_overrides_runpath=unknown version_type=none dynamic_linker="$host_os ld.so" sys_lib_dlsearch_path_spec="/lib /usr/lib" need_lib_prefix=unknown hardcode_into_libs=no # when you set need_version to no, make sure it does not cause -set_version # flags to be left without arguments need_version=unknown case $host_os in aix3*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. soname_spec='${libname}${release}${shared_ext}$major' ;; aix[4-9]*) version_type=linux need_lib_prefix=no need_version=no hardcode_into_libs=yes if test "$host_cpu" = ia64; then # AIX 5 supports IA64 library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with # the line `#! .'. This would cause the generated library to # depend on `.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[01] | aix4.[01].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then : else can_build_shared=no fi ;; esac # AIX (on Power*) has no versioning support, so currently we can not hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. if test "$aix_use_runtimelinking" = yes; then # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' else # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. library_names_spec='${libname}${release}.a $libname.a' soname_spec='${libname}${release}${shared_ext}$major' fi shlibpath_var=LIBPATH fi ;; amigaos*) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; beos*) library_names_spec='${libname}${shared_ext}' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; bsdi[45]*) version_type=linux need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" # the default ld.so.conf also contains /usr/contrib/lib and # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow # libtool to hard-code these into programs ;; cygwin* | mingw* | pw32*) version_type=windows shrext_cmds=".dll" need_version=no need_lib_prefix=no case $GCC,$host_os in yes,cygwin* | yes,mingw* | yes,pw32*) library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ chmod a+x \$dldir/$dlname' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $rm \$dlpath' shlibpath_overrides_runpath=yes case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" ;; mingw*) # MinGW DLLs use traditional 'lib' prefix soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then # It is most probably a Windows format PATH printed by # mingw gcc, but we are running on Cygwin. Gcc prints its search # path with ; separators, and with drive letters. We can handle the # drive letters (cygwin fileutils understands them), so leave them, # especially as we might pass files found there to a mingw objdump, # which wouldn't understand a cygwinified path. Ahh. sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` else sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' ;; esac ;; *) library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' ;; esac dynamic_linker='Win32 ld.exe' # FIXME: first we should search . and the directory the executable is in shlibpath_var=PATH ;; darwin* | rhapsody*) dynamic_linker="$host_os dyld" version_type=darwin need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext' soname_spec='${libname}${release}${major}$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' ;; dgux*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; freebsd1*) dynamic_linker=no ;; freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. if test -x /usr/bin/objformat; then objformat=`/usr/bin/objformat` else case $host_os in freebsd[123]*) objformat=aout ;; *) objformat=elf ;; esac fi version_type=freebsd-$objformat case $version_type in freebsd-elf*) library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' need_version=no need_lib_prefix=no ;; freebsd-*) library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' need_version=yes ;; esac shlibpath_var=LD_LIBRARY_PATH case $host_os in freebsd2*) shlibpath_overrides_runpath=yes ;; freebsd3.[01]* | freebsdelf3.[01]*) shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; *) # from 4.6 on, and DragonFly shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; esac ;; gnu*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH hardcode_into_libs=yes ;; hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. version_type=sunos need_lib_prefix=no need_version=no case $host_cpu in ia64*) shrext_cmds='.so' hardcode_into_libs=yes dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' if test "X$HPUX_IA64_MODE" = X32; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" fi sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' hardcode_into_libs=yes dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; *) shrext_cmds='.sl' dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555. postinstall_cmds='chmod 555 $lib' ;; interix[3-9]*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) if test "$lt_cv_prog_gnu_ld" = yes; then version_type=linux else version_type=irix fi ;; esac need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= ;; *) case $LD in # libtool.m4 will add one of these switches to LD *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= libmagic=32-bit;; *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 libmagic=N32;; *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 libmagic=64-bit;; *) libsuff= shlibsuff= libmagic=never-match;; esac ;; esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" hardcode_into_libs=yes ;; # No shared lib support for Linux oldld, aout, or coff. linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; # This must be Linux ELF. linux* | k*bsd*-gnu) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. hardcode_into_libs=yes # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on # powerpc, because MkLinux only supported shared libraries with the # GNU dynamic linker. Since this was broken with cross compilers, # most powerpc-linux boxes support dynamic linking these days and # people can always --disable-shared, the test was removed, and we # assume the GNU/Linux dynamic linker is in use. dynamic_linker='GNU/Linux ld.so' ;; netbsdelf*-gnu) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='NetBSD ld.elf_so' ;; netbsd*) version_type=sunos need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; newsos6) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; nto-qnx*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; openbsd*) version_type=sunos sys_lib_dlsearch_path_spec="/usr/lib" need_lib_prefix=no # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. case $host_os in openbsd3.3 | openbsd3.3.*) need_version=yes ;; *) need_version=no ;; esac library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' shlibpath_var=LD_LIBRARY_PATH if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then case $host_os in openbsd2.[89] | openbsd2.[89].*) shlibpath_overrides_runpath=no ;; *) shlibpath_overrides_runpath=yes ;; esac else shlibpath_overrides_runpath=yes fi ;; os2*) libname_spec='$name' shrext_cmds=".dll" need_lib_prefix=no library_names_spec='$libname${shared_ext} $libname.a' dynamic_linker='OS/2 ld.exe' shlibpath_var=LIBPATH ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" ;; rdos*) dynamic_linker=no ;; solaris*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes # ldd complains unless libraries are executable postinstall_cmds='chmod +x $lib' ;; sunos4*) version_type=sunos library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes if test "$with_gnu_ld" = yes; then need_lib_prefix=no fi need_version=yes ;; sysv4 | sysv4.3*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) shlibpath_overrides_runpath=no need_lib_prefix=no export_dynamic_flag_spec='${wl}-Blargedynsym' runpath_var=LD_RUN_PATH ;; siemens) need_lib_prefix=no ;; motorola) need_lib_prefix=no need_version=no shlibpath_overrides_runpath=no sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' ;; esac ;; sysv4*MP*) if test -d /usr/nec ;then version_type=linux library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' soname_spec='$libname${shared_ext}.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) version_type=freebsd-elf need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH hardcode_into_libs=yes if test "$with_gnu_ld" = yes; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' shlibpath_overrides_runpath=no else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' shlibpath_overrides_runpath=yes case $host_os in sco3.2v5*) sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" ;; esac fi sys_lib_dlsearch_path_spec='/usr/lib' ;; uts4*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; *) dynamic_linker=no ;; esac { echo "$as_me:$LINENO: result: $dynamic_linker" >&5 echo "${ECHO_T}$dynamic_linker" >&6; } test "$dynamic_linker" = no && can_build_shared=no if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_sys_lib_search_path_spec="$sys_lib_search_path_spec" fi sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else lt_cv_sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec" fi sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" variables_saved_for_relink="PATH $shlibpath_var $runpath_var" if test "$GCC" = yes; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi { echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5 echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; } hardcode_action_GCJ= if test -n "$hardcode_libdir_flag_spec_GCJ" || \ test -n "$runpath_var_GCJ" || \ test "X$hardcode_automatic_GCJ" = "Xyes" ; then # We can hardcode non-existant directories. if test "$hardcode_direct_GCJ" != no && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, GCJ)" != no && test "$hardcode_minus_L_GCJ" != no; then # Linking always hardcodes the temporary library directory. hardcode_action_GCJ=relink else # We can link without hardcoding, and we can hardcode nonexisting dirs. hardcode_action_GCJ=immediate fi else # We cannot hardcode anything, or else we can only hardcode existing # directories. hardcode_action_GCJ=unsupported fi { echo "$as_me:$LINENO: result: $hardcode_action_GCJ" >&5 echo "${ECHO_T}$hardcode_action_GCJ" >&6; } if test "$hardcode_action_GCJ" = relink; then # Fast installation is not supported enable_fast_install=no elif test "$shlibpath_overrides_runpath" = yes || test "$enable_shared" = no; then # Fast installation is not necessary enable_fast_install=needless fi # The else clause should only fire when bootstrapping the # libtool distribution, otherwise you forgot to ship ltmain.sh # with your package, and you will get complaints that there are # no rules to generate ltmain.sh. if test -f "$ltmain"; then # See if we are running on zsh, and set the options which allow our commands through # without removal of \ escapes. if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi # Now quote all the things that may contain metacharacters while being # careful not to overquote the AC_SUBSTed values. We take copies of the # variables and quote the copies for generation of the libtool script. for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \ SED SHELL STRIP \ libname_spec library_names_spec soname_spec extract_expsyms_cmds \ old_striplib striplib file_magic_cmd finish_cmds finish_eval \ deplibs_check_method reload_flag reload_cmds need_locks \ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \ lt_cv_sys_global_symbol_to_c_name_address \ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \ old_postinstall_cmds old_postuninstall_cmds \ compiler_GCJ \ CC_GCJ \ LD_GCJ \ lt_prog_compiler_wl_GCJ \ lt_prog_compiler_pic_GCJ \ lt_prog_compiler_static_GCJ \ lt_prog_compiler_no_builtin_flag_GCJ \ export_dynamic_flag_spec_GCJ \ thread_safe_flag_spec_GCJ \ whole_archive_flag_spec_GCJ \ enable_shared_with_static_runtimes_GCJ \ old_archive_cmds_GCJ \ old_archive_from_new_cmds_GCJ \ predep_objects_GCJ \ postdep_objects_GCJ \ predeps_GCJ \ postdeps_GCJ \ compiler_lib_search_path_GCJ \ compiler_lib_search_dirs_GCJ \ archive_cmds_GCJ \ archive_expsym_cmds_GCJ \ postinstall_cmds_GCJ \ postuninstall_cmds_GCJ \ old_archive_from_expsyms_cmds_GCJ \ allow_undefined_flag_GCJ \ no_undefined_flag_GCJ \ export_symbols_cmds_GCJ \ hardcode_libdir_flag_spec_GCJ \ hardcode_libdir_flag_spec_ld_GCJ \ hardcode_libdir_separator_GCJ \ hardcode_automatic_GCJ \ module_cmds_GCJ \ module_expsym_cmds_GCJ \ lt_cv_prog_compiler_c_o_GCJ \ fix_srcfile_path_GCJ \ exclude_expsyms_GCJ \ include_expsyms_GCJ; do case $var in old_archive_cmds_GCJ | \ old_archive_from_new_cmds_GCJ | \ archive_cmds_GCJ | \ archive_expsym_cmds_GCJ | \ module_cmds_GCJ | \ module_expsym_cmds_GCJ | \ old_archive_from_expsyms_cmds_GCJ | \ export_symbols_cmds_GCJ | \ extract_expsyms_cmds | reload_cmds | finish_cmds | \ postinstall_cmds | postuninstall_cmds | \ old_postinstall_cmds | old_postuninstall_cmds | \ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec) # Double-quote double-evaled strings. eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" ;; *) eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" ;; esac done case $lt_echo in *'\$0 --fallback-echo"') lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'` ;; esac cfgfile="$ofile" cat <<__EOF__ >> "$cfgfile" # ### BEGIN LIBTOOL TAG CONFIG: $tagname # Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # Shell to use when invoking shell scripts. SHELL=$lt_SHELL # Whether or not to build shared libraries. build_libtool_libs=$enable_shared # Whether or not to build static libraries. build_old_libs=$enable_static # Whether or not to add -lc for building shared libraries. build_libtool_need_lc=$archive_cmds_need_lc_GCJ # Whether or not to disallow shared libs when runtime libs are static allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_GCJ # Whether or not to optimize for fast installation. fast_install=$enable_fast_install # The host system. host_alias=$host_alias host=$host host_os=$host_os # The build system. build_alias=$build_alias build=$build build_os=$build_os # An echo program that does not interpret backslashes. echo=$lt_echo # The archiver. AR=$lt_AR AR_FLAGS=$lt_AR_FLAGS # A C compiler. LTCC=$lt_LTCC # LTCC compiler flags. LTCFLAGS=$lt_LTCFLAGS # A language-specific compiler. CC=$lt_compiler_GCJ # Is the compiler the GNU C compiler? with_gcc=$GCC_GCJ # An ERE matcher. EGREP=$lt_EGREP # The linker used to build libraries. LD=$lt_LD_GCJ # Whether we need hard or soft links. LN_S=$lt_LN_S # A BSD-compatible nm program. NM=$lt_NM # A symbol stripping program STRIP=$lt_STRIP # Used to examine libraries when file_magic_cmd begins "file" MAGIC_CMD=$MAGIC_CMD # Used on cygwin: DLL creation program. DLLTOOL="$DLLTOOL" # Used on cygwin: object dumper. OBJDUMP="$OBJDUMP" # Used on cygwin: assembler. AS="$AS" # The name of the directory that contains temporary libtool files. objdir=$objdir # How to create reloadable object files. reload_flag=$lt_reload_flag reload_cmds=$lt_reload_cmds # How to pass a linker flag through the compiler. wl=$lt_lt_prog_compiler_wl_GCJ # Object file suffix (normally "o"). objext="$ac_objext" # Old archive suffix (normally "a"). libext="$libext" # Shared library suffix (normally ".so"). shrext_cmds='$shrext_cmds' # Executable file suffix (normally ""). exeext="$exeext" # Additional compiler flags for building library objects. pic_flag=$lt_lt_prog_compiler_pic_GCJ pic_mode=$pic_mode # What is the maximum length of a command? max_cmd_len=$lt_cv_sys_max_cmd_len # Does compiler simultaneously support -c and -o options? compiler_c_o=$lt_lt_cv_prog_compiler_c_o_GCJ # Must we lock files when doing compilation? need_locks=$lt_need_locks # Do we need the lib prefix for modules? need_lib_prefix=$need_lib_prefix # Do we need a version for libraries? need_version=$need_version # Whether dlopen is supported. dlopen_support=$enable_dlopen # Whether dlopen of programs is supported. dlopen_self=$enable_dlopen_self # Whether dlopen of statically linked programs is supported. dlopen_self_static=$enable_dlopen_self_static # Compiler flag to prevent dynamic linking. link_static_flag=$lt_lt_prog_compiler_static_GCJ # Compiler flag to turn off builtin functions. no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_GCJ # Compiler flag to allow reflexive dlopens. export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_GCJ # Compiler flag to generate shared objects directly from archives. whole_archive_flag_spec=$lt_whole_archive_flag_spec_GCJ # Compiler flag to generate thread-safe objects. thread_safe_flag_spec=$lt_thread_safe_flag_spec_GCJ # Library versioning type. version_type=$version_type # Format of library name prefix. libname_spec=$lt_libname_spec # List of archive names. First name is the real one, the rest are links. # The last name is the one that the linker finds with -lNAME. library_names_spec=$lt_library_names_spec # The coded name of the library, if different from the real name. soname_spec=$lt_soname_spec # Commands used to build and install an old-style archive. RANLIB=$lt_RANLIB old_archive_cmds=$lt_old_archive_cmds_GCJ old_postinstall_cmds=$lt_old_postinstall_cmds old_postuninstall_cmds=$lt_old_postuninstall_cmds # Create an old-style archive from a shared archive. old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_GCJ # Create a temporary old-style archive to link instead of a shared archive. old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_GCJ # Commands used to build and install a shared archive. archive_cmds=$lt_archive_cmds_GCJ archive_expsym_cmds=$lt_archive_expsym_cmds_GCJ postinstall_cmds=$lt_postinstall_cmds postuninstall_cmds=$lt_postuninstall_cmds # Commands used to build a loadable module (assumed same as above if empty) module_cmds=$lt_module_cmds_GCJ module_expsym_cmds=$lt_module_expsym_cmds_GCJ # Commands to strip libraries. old_striplib=$lt_old_striplib striplib=$lt_striplib # Dependencies to place before the objects being linked to create a # shared library. predep_objects=$lt_predep_objects_GCJ # Dependencies to place after the objects being linked to create a # shared library. postdep_objects=$lt_postdep_objects_GCJ # Dependencies to place before the objects being linked to create a # shared library. predeps=$lt_predeps_GCJ # Dependencies to place after the objects being linked to create a # shared library. postdeps=$lt_postdeps_GCJ # The directories searched by this compiler when creating a shared # library compiler_lib_search_dirs=$lt_compiler_lib_search_dirs_GCJ # The library search path used internally by the compiler when linking # a shared library. compiler_lib_search_path=$lt_compiler_lib_search_path_GCJ # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method # Command to use when deplibs_check_method == file_magic. file_magic_cmd=$lt_file_magic_cmd # Flag that allows shared libraries with undefined symbols to be built. allow_undefined_flag=$lt_allow_undefined_flag_GCJ # Flag that forces no undefined symbols. no_undefined_flag=$lt_no_undefined_flag_GCJ # Commands used to finish a libtool library installation in a directory. finish_cmds=$lt_finish_cmds # Same as above, but a single script fragment to be evaled but not shown. finish_eval=$lt_finish_eval # Take the output of nm and produce a listing of raw symbols and C names. global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe # Transform the output of nm in a proper C declaration global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl # Transform the output of nm in a C name address pair global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address # This is the shared library runtime path variable. runpath_var=$runpath_var # This is the shared library path variable. shlibpath_var=$shlibpath_var # Is shlibpath searched before the hard-coded library search path? shlibpath_overrides_runpath=$shlibpath_overrides_runpath # How to hardcode a shared library path into an executable. hardcode_action=$hardcode_action_GCJ # Whether we should hardcode library paths into libraries. hardcode_into_libs=$hardcode_into_libs # Flag to hardcode \$libdir into a binary during linking. # This must work even if \$libdir does not exist. hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_GCJ # If ld is used when linking, flag to hardcode \$libdir into # a binary during linking. This must work even if \$libdir does # not exist. hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_GCJ # Whether we need a single -rpath flag with a separated argument. hardcode_libdir_separator=$lt_hardcode_libdir_separator_GCJ # Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the # resulting binary. hardcode_direct=$hardcode_direct_GCJ # Set to yes if using the -LDIR flag during linking hardcodes DIR into the # resulting binary. hardcode_minus_L=$hardcode_minus_L_GCJ # Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into # the resulting binary. hardcode_shlibpath_var=$hardcode_shlibpath_var_GCJ # Set to yes if building a shared library automatically hardcodes DIR into the library # and all subsequent libraries and executables linked against it. hardcode_automatic=$hardcode_automatic_GCJ # Variables whose values should be saved in libtool wrapper scripts and # restored at relink time. variables_saved_for_relink="$variables_saved_for_relink" # Whether libtool must link a program against all its dependency libraries. link_all_deplibs=$link_all_deplibs_GCJ # Compile-time system search path for libraries sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec # Fix the shell variable \$srcfile for the compiler. fix_srcfile_path=$lt_fix_srcfile_path # Set to yes if exported symbols are required. always_export_symbols=$always_export_symbols_GCJ # The commands to list exported symbols. export_symbols_cmds=$lt_export_symbols_cmds_GCJ # The commands to extract the exported symbol list from a shared archive. extract_expsyms_cmds=$lt_extract_expsyms_cmds # Symbols that should not be listed in the preloaded symbols. exclude_expsyms=$lt_exclude_expsyms_GCJ # Symbols that must always be exported. include_expsyms=$lt_include_expsyms_GCJ # ### END LIBTOOL TAG CONFIG: $tagname __EOF__ else # If there is no Makefile yet, we rely on a make rule to execute # `config.status --recheck' to rerun these tests and create the # libtool script then. ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'` if test -f "$ltmain_in"; then test -f Makefile && make "$ltmain" fi fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu CC="$lt_save_CC" else tagname="" fi ;; RC) # Source file extension for RC test sources. ac_ext=rc # Object file extension for compiled RC test sources. objext=o objext_RC=$objext # Code to be used in simple compile tests lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' # Code to be used in simple link tests lt_simple_link_test_code="$lt_simple_compile_test_code" # ltmain only uses $CC for tagged configurations so make sure $CC is set. # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC # save warnings/boilerplate of simple test code ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" >conftest.$ac_ext eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_compiler_boilerplate=`cat conftest.err` $rm conftest* ac_outfile=conftest.$ac_objext echo "$lt_simple_link_test_code" >conftest.$ac_ext eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_linker_boilerplate=`cat conftest.err` $rm -r conftest* # Allow CC to be a program name with arguments. lt_save_CC="$CC" CC=${RC-"windres"} compiler=$CC compiler_RC=$CC for cc_temp in $compiler""; do case $cc_temp in compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` lt_cv_prog_compiler_c_o_RC=yes # The else clause should only fire when bootstrapping the # libtool distribution, otherwise you forgot to ship ltmain.sh # with your package, and you will get complaints that there are # no rules to generate ltmain.sh. if test -f "$ltmain"; then # See if we are running on zsh, and set the options which allow our commands through # without removal of \ escapes. if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi # Now quote all the things that may contain metacharacters while being # careful not to overquote the AC_SUBSTed values. We take copies of the # variables and quote the copies for generation of the libtool script. for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \ SED SHELL STRIP \ libname_spec library_names_spec soname_spec extract_expsyms_cmds \ old_striplib striplib file_magic_cmd finish_cmds finish_eval \ deplibs_check_method reload_flag reload_cmds need_locks \ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \ lt_cv_sys_global_symbol_to_c_name_address \ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \ old_postinstall_cmds old_postuninstall_cmds \ compiler_RC \ CC_RC \ LD_RC \ lt_prog_compiler_wl_RC \ lt_prog_compiler_pic_RC \ lt_prog_compiler_static_RC \ lt_prog_compiler_no_builtin_flag_RC \ export_dynamic_flag_spec_RC \ thread_safe_flag_spec_RC \ whole_archive_flag_spec_RC \ enable_shared_with_static_runtimes_RC \ old_archive_cmds_RC \ old_archive_from_new_cmds_RC \ predep_objects_RC \ postdep_objects_RC \ predeps_RC \ postdeps_RC \ compiler_lib_search_path_RC \ compiler_lib_search_dirs_RC \ archive_cmds_RC \ archive_expsym_cmds_RC \ postinstall_cmds_RC \ postuninstall_cmds_RC \ old_archive_from_expsyms_cmds_RC \ allow_undefined_flag_RC \ no_undefined_flag_RC \ export_symbols_cmds_RC \ hardcode_libdir_flag_spec_RC \ hardcode_libdir_flag_spec_ld_RC \ hardcode_libdir_separator_RC \ hardcode_automatic_RC \ module_cmds_RC \ module_expsym_cmds_RC \ lt_cv_prog_compiler_c_o_RC \ fix_srcfile_path_RC \ exclude_expsyms_RC \ include_expsyms_RC; do case $var in old_archive_cmds_RC | \ old_archive_from_new_cmds_RC | \ archive_cmds_RC | \ archive_expsym_cmds_RC | \ module_cmds_RC | \ module_expsym_cmds_RC | \ old_archive_from_expsyms_cmds_RC | \ export_symbols_cmds_RC | \ extract_expsyms_cmds | reload_cmds | finish_cmds | \ postinstall_cmds | postuninstall_cmds | \ old_postinstall_cmds | old_postuninstall_cmds | \ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec) # Double-quote double-evaled strings. eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" ;; *) eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" ;; esac done case $lt_echo in *'\$0 --fallback-echo"') lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'` ;; esac cfgfile="$ofile" cat <<__EOF__ >> "$cfgfile" # ### BEGIN LIBTOOL TAG CONFIG: $tagname # Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # Shell to use when invoking shell scripts. SHELL=$lt_SHELL # Whether or not to build shared libraries. build_libtool_libs=$enable_shared # Whether or not to build static libraries. build_old_libs=$enable_static # Whether or not to add -lc for building shared libraries. build_libtool_need_lc=$archive_cmds_need_lc_RC # Whether or not to disallow shared libs when runtime libs are static allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_RC # Whether or not to optimize for fast installation. fast_install=$enable_fast_install # The host system. host_alias=$host_alias host=$host host_os=$host_os # The build system. build_alias=$build_alias build=$build build_os=$build_os # An echo program that does not interpret backslashes. echo=$lt_echo # The archiver. AR=$lt_AR AR_FLAGS=$lt_AR_FLAGS # A C compiler. LTCC=$lt_LTCC # LTCC compiler flags. LTCFLAGS=$lt_LTCFLAGS # A language-specific compiler. CC=$lt_compiler_RC # Is the compiler the GNU C compiler? with_gcc=$GCC_RC # An ERE matcher. EGREP=$lt_EGREP # The linker used to build libraries. LD=$lt_LD_RC # Whether we need hard or soft links. LN_S=$lt_LN_S # A BSD-compatible nm program. NM=$lt_NM # A symbol stripping program STRIP=$lt_STRIP # Used to examine libraries when file_magic_cmd begins "file" MAGIC_CMD=$MAGIC_CMD # Used on cygwin: DLL creation program. DLLTOOL="$DLLTOOL" # Used on cygwin: object dumper. OBJDUMP="$OBJDUMP" # Used on cygwin: assembler. AS="$AS" # The name of the directory that contains temporary libtool files. objdir=$objdir # How to create reloadable object files. reload_flag=$lt_reload_flag reload_cmds=$lt_reload_cmds # How to pass a linker flag through the compiler. wl=$lt_lt_prog_compiler_wl_RC # Object file suffix (normally "o"). objext="$ac_objext" # Old archive suffix (normally "a"). libext="$libext" # Shared library suffix (normally ".so"). shrext_cmds='$shrext_cmds' # Executable file suffix (normally ""). exeext="$exeext" # Additional compiler flags for building library objects. pic_flag=$lt_lt_prog_compiler_pic_RC pic_mode=$pic_mode # What is the maximum length of a command? max_cmd_len=$lt_cv_sys_max_cmd_len # Does compiler simultaneously support -c and -o options? compiler_c_o=$lt_lt_cv_prog_compiler_c_o_RC # Must we lock files when doing compilation? need_locks=$lt_need_locks # Do we need the lib prefix for modules? need_lib_prefix=$need_lib_prefix # Do we need a version for libraries? need_version=$need_version # Whether dlopen is supported. dlopen_support=$enable_dlopen # Whether dlopen of programs is supported. dlopen_self=$enable_dlopen_self # Whether dlopen of statically linked programs is supported. dlopen_self_static=$enable_dlopen_self_static # Compiler flag to prevent dynamic linking. link_static_flag=$lt_lt_prog_compiler_static_RC # Compiler flag to turn off builtin functions. no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_RC # Compiler flag to allow reflexive dlopens. export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_RC # Compiler flag to generate shared objects directly from archives. whole_archive_flag_spec=$lt_whole_archive_flag_spec_RC # Compiler flag to generate thread-safe objects. thread_safe_flag_spec=$lt_thread_safe_flag_spec_RC # Library versioning type. version_type=$version_type # Format of library name prefix. libname_spec=$lt_libname_spec # List of archive names. First name is the real one, the rest are links. # The last name is the one that the linker finds with -lNAME. library_names_spec=$lt_library_names_spec # The coded name of the library, if different from the real name. soname_spec=$lt_soname_spec # Commands used to build and install an old-style archive. RANLIB=$lt_RANLIB old_archive_cmds=$lt_old_archive_cmds_RC old_postinstall_cmds=$lt_old_postinstall_cmds old_postuninstall_cmds=$lt_old_postuninstall_cmds # Create an old-style archive from a shared archive. old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_RC # Create a temporary old-style archive to link instead of a shared archive. old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_RC # Commands used to build and install a shared archive. archive_cmds=$lt_archive_cmds_RC archive_expsym_cmds=$lt_archive_expsym_cmds_RC postinstall_cmds=$lt_postinstall_cmds postuninstall_cmds=$lt_postuninstall_cmds # Commands used to build a loadable module (assumed same as above if empty) module_cmds=$lt_module_cmds_RC module_expsym_cmds=$lt_module_expsym_cmds_RC # Commands to strip libraries. old_striplib=$lt_old_striplib striplib=$lt_striplib # Dependencies to place before the objects being linked to create a # shared library. predep_objects=$lt_predep_objects_RC # Dependencies to place after the objects being linked to create a # shared library. postdep_objects=$lt_postdep_objects_RC # Dependencies to place before the objects being linked to create a # shared library. predeps=$lt_predeps_RC # Dependencies to place after the objects being linked to create a # shared library. postdeps=$lt_postdeps_RC # The directories searched by this compiler when creating a shared # library compiler_lib_search_dirs=$lt_compiler_lib_search_dirs_RC # The library search path used internally by the compiler when linking # a shared library. compiler_lib_search_path=$lt_compiler_lib_search_path_RC # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method # Command to use when deplibs_check_method == file_magic. file_magic_cmd=$lt_file_magic_cmd # Flag that allows shared libraries with undefined symbols to be built. allow_undefined_flag=$lt_allow_undefined_flag_RC # Flag that forces no undefined symbols. no_undefined_flag=$lt_no_undefined_flag_RC # Commands used to finish a libtool library installation in a directory. finish_cmds=$lt_finish_cmds # Same as above, but a single script fragment to be evaled but not shown. finish_eval=$lt_finish_eval # Take the output of nm and produce a listing of raw symbols and C names. global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe # Transform the output of nm in a proper C declaration global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl # Transform the output of nm in a C name address pair global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address # This is the shared library runtime path variable. runpath_var=$runpath_var # This is the shared library path variable. shlibpath_var=$shlibpath_var # Is shlibpath searched before the hard-coded library search path? shlibpath_overrides_runpath=$shlibpath_overrides_runpath # How to hardcode a shared library path into an executable. hardcode_action=$hardcode_action_RC # Whether we should hardcode library paths into libraries. hardcode_into_libs=$hardcode_into_libs # Flag to hardcode \$libdir into a binary during linking. # This must work even if \$libdir does not exist. hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_RC # If ld is used when linking, flag to hardcode \$libdir into # a binary during linking. This must work even if \$libdir does # not exist. hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_RC # Whether we need a single -rpath flag with a separated argument. hardcode_libdir_separator=$lt_hardcode_libdir_separator_RC # Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the # resulting binary. hardcode_direct=$hardcode_direct_RC # Set to yes if using the -LDIR flag during linking hardcodes DIR into the # resulting binary. hardcode_minus_L=$hardcode_minus_L_RC # Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into # the resulting binary. hardcode_shlibpath_var=$hardcode_shlibpath_var_RC # Set to yes if building a shared library automatically hardcodes DIR into the library # and all subsequent libraries and executables linked against it. hardcode_automatic=$hardcode_automatic_RC # Variables whose values should be saved in libtool wrapper scripts and # restored at relink time. variables_saved_for_relink="$variables_saved_for_relink" # Whether libtool must link a program against all its dependency libraries. link_all_deplibs=$link_all_deplibs_RC # Compile-time system search path for libraries sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec # Fix the shell variable \$srcfile for the compiler. fix_srcfile_path=$lt_fix_srcfile_path # Set to yes if exported symbols are required. always_export_symbols=$always_export_symbols_RC # The commands to list exported symbols. export_symbols_cmds=$lt_export_symbols_cmds_RC # The commands to extract the exported symbol list from a shared archive. extract_expsyms_cmds=$lt_extract_expsyms_cmds # Symbols that should not be listed in the preloaded symbols. exclude_expsyms=$lt_exclude_expsyms_RC # Symbols that must always be exported. include_expsyms=$lt_include_expsyms_RC # ### END LIBTOOL TAG CONFIG: $tagname __EOF__ else # If there is no Makefile yet, we rely on a make rule to execute # `config.status --recheck' to rerun these tests and create the # libtool script then. ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'` if test -f "$ltmain_in"; then test -f Makefile && make "$ltmain" fi fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu CC="$lt_save_CC" ;; *) { { echo "$as_me:$LINENO: error: Unsupported tag name: $tagname" >&5 echo "$as_me: error: Unsupported tag name: $tagname" >&2;} { (exit 1); exit 1; }; } ;; esac # Append the new tag name to the list of available tags. if test -n "$tagname" ; then available_tags="$available_tags $tagname" fi fi done IFS="$lt_save_ifs" # Now substitute the updated list of available tags. if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' \"$ofile\" > \"${ofile}T\""; then mv "${ofile}T" "$ofile" chmod +x "$ofile" else rm -f "${ofile}T" { { echo "$as_me:$LINENO: error: unable to update list of available tagged configurations." >&5 echo "$as_me: error: unable to update list of available tagged configurations." >&2;} { (exit 1); exit 1; }; } fi fi # This can be used to rebuild libtool when needed LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh" # Always use our own libtool. LIBTOOL='$(SHELL) $(top_builddir)/libtool' # Prevent multiple expansion # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AmigaOS /C/install, which installs bootblocks on floppy discs # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. { echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6; } if test -z "$INSTALL"; then if test "${ac_cv_path_install+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. # Account for people who put trailing slashes in PATH elements. case $as_dir/ in ./ | .// | /cC/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" break 3 fi fi done done ;; esac done IFS=$as_save_IFS fi if test "${ac_cv_path_install+set}" = set; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. Don't cache a # value for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. INSTALL=$ac_install_sh fi fi { echo "$as_me:$LINENO: result: $INSTALL" >&5 echo "${ECHO_T}$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' # Checks for endianess { echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5 echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6; } if test "${ac_cv_c_bigendian+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else # See if sys/param.h defines the BYTE_ORDER macro. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include int main () { #if ! (defined BYTE_ORDER && defined BIG_ENDIAN && defined LITTLE_ENDIAN \ && BYTE_ORDER && BIG_ENDIAN && LITTLE_ENDIAN) bogus endian macros #endif ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then # It does; now see whether it defined to BIG_ENDIAN or not. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include int main () { #if BYTE_ORDER != BIG_ENDIAN not big endian #endif ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_c_bigendian=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_c_bigendian=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # It does not; compile a test program. if test "$cross_compiling" = yes; then # try to guess the endianness by grepping values into an object file ac_cv_c_bigendian=unknown cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ short int ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; short int ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; void _ascii () { char *s = (char *) ascii_mm; s = (char *) ascii_ii; } short int ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; short int ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; void _ebcdic () { char *s = (char *) ebcdic_mm; s = (char *) ebcdic_ii; } int main () { _ascii (); _ebcdic (); ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then if grep BIGenDianSyS conftest.$ac_objext >/dev/null ; then ac_cv_c_bigendian=yes fi if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then if test "$ac_cv_c_bigendian" = unknown; then ac_cv_c_bigendian=no else # finding both strings is unlikely to happen, but who knows? ac_cv_c_bigendian=unknown fi fi else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default int main () { /* Are we little or big endian? From Harbison&Steele. */ union { long int l; char c[sizeof (long int)]; } u; u.l = 1; return u.c[sizeof (long int) - 1] == 1; ; return 0; } _ACEOF rm -f conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_try") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_c_bigendian=no else echo "$as_me: program exited with status $ac_status" >&5 echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ( exit $ac_status ) ac_cv_c_bigendian=yes fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { echo "$as_me:$LINENO: result: $ac_cv_c_bigendian" >&5 echo "${ECHO_T}$ac_cv_c_bigendian" >&6; } case $ac_cv_c_bigendian in yes) cat >>confdefs.h <<\_ACEOF #define WORDS_BIGENDIAN 1 _ACEOF ;; no) ;; *) { { echo "$as_me:$LINENO: error: unknown endianness presetting ac_cv_c_bigendian=no (or yes) will help" >&5 echo "$as_me: error: unknown endianness presetting ac_cv_c_bigendian=no (or yes) will help" >&2;} { (exit 1); exit 1; }; } ;; esac case $host in *-*-linux*) cat >>confdefs.h <<\_ACEOF #define LINUX 1 _ACEOF CFLAGS="$CFLAGS -D_POSIX_C_SOURCE=199506L" ;; *-*-darwin*) cat >>confdefs.h <<\_ACEOF #define FREEBSD 1 _ACEOF ;; *-*-freebsd*) cat >>confdefs.h <<\_ACEOF #define FREEBSD 1 _ACEOF ;; *) { { echo "$as_me:$LINENO: error: Linux, FreeBSD, Darwin only, dude!" >&5 echo "$as_me: error: Linux, FreeBSD, Darwin only, dude!" >&2;} { (exit 1); exit 1; }; };; esac # Global definitions # _ISOC99_SOURCE Use ISO C99 standard, needed by snprintf for example # _GNU_SOURCE Use GNU extensions like getline() in stdio.h # _SVID_SOURCE Needed to get 'strdup' from # _BSD_SOURCE Use 4.3BSD CFLAGS="$CFLAGS -D_ISOC99_SOURCE -D_GNU_SOURCE -D_BSD_SOURCE -D_SVID_SOURCE" # check to see if struct dirent has the d_type member { echo "$as_me:$LINENO: checking for struct dirent.d_type" >&5 echo $ECHO_N "checking for struct dirent.d_type... $ECHO_C" >&6; } if test "${ac_cv_member_struct_dirent_d_type+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include int main () { static struct dirent ac_aggr; if (ac_aggr.d_type) return 0; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_member_struct_dirent_d_type=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include int main () { static struct dirent ac_aggr; if (sizeof ac_aggr.d_type) return 0; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_member_struct_dirent_d_type=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_member_struct_dirent_d_type=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { echo "$as_me:$LINENO: result: $ac_cv_member_struct_dirent_d_type" >&5 echo "${ECHO_T}$ac_cv_member_struct_dirent_d_type" >&6; } if test $ac_cv_member_struct_dirent_d_type = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_STRUCT_DIRENT_D_TYPE 1 _ACEOF fi # Checks for libraries. { echo "$as_me:$LINENO: checking for pthread_mutex_init in -lpthread" >&5 echo $ECHO_N "checking for pthread_mutex_init in -lpthread... $ECHO_C" >&6; } if test "${ac_cv_lib_pthread_pthread_mutex_init+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lpthread $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pthread_mutex_init (); int main () { return pthread_mutex_init (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_pthread_pthread_mutex_init=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_pthread_pthread_mutex_init=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_pthread_pthread_mutex_init" >&5 echo "${ECHO_T}$ac_cv_lib_pthread_pthread_mutex_init" >&6; } if test $ac_cv_lib_pthread_pthread_mutex_init = yes; then check_pthread="yes" else check_pthread="no" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}docbook2man", so it can be a program name with args. set dummy ${ac_tool_prefix}docbook2man; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_DOCBOOK2MAN+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$DOCBOOK2MAN"; then ac_cv_prog_DOCBOOK2MAN="$DOCBOOK2MAN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_DOCBOOK2MAN="${ac_tool_prefix}docbook2man" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi DOCBOOK2MAN=$ac_cv_prog_DOCBOOK2MAN if test -n "$DOCBOOK2MAN"; then { echo "$as_me:$LINENO: result: $DOCBOOK2MAN" >&5 echo "${ECHO_T}$DOCBOOK2MAN" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi fi if test -z "$ac_cv_prog_DOCBOOK2MAN"; then ac_ct_DOCBOOK2MAN=$DOCBOOK2MAN # Extract the first word of "docbook2man", so it can be a program name with args. set dummy docbook2man; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_ac_ct_DOCBOOK2MAN+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_DOCBOOK2MAN"; then ac_cv_prog_ac_ct_DOCBOOK2MAN="$ac_ct_DOCBOOK2MAN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_DOCBOOK2MAN="docbook2man" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_DOCBOOK2MAN=$ac_cv_prog_ac_ct_DOCBOOK2MAN if test -n "$ac_ct_DOCBOOK2MAN"; then { echo "$as_me:$LINENO: result: $ac_ct_DOCBOOK2MAN" >&5 echo "${ECHO_T}$ac_ct_DOCBOOK2MAN" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if test "x$ac_ct_DOCBOOK2MAN" = x; then DOCBOOK2MAN="true" else case $cross_compiling:$ac_tool_warned in yes:) { echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&5 echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&2;} ac_tool_warned=yes ;; esac DOCBOOK2MAN=$ac_ct_DOCBOOK2MAN fi else DOCBOOK2MAN="$ac_cv_prog_DOCBOOK2MAN" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}docbook2pdf", so it can be a program name with args. set dummy ${ac_tool_prefix}docbook2pdf; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_DOCBOOK2PDF+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$DOCBOOK2PDF"; then ac_cv_prog_DOCBOOK2PDF="$DOCBOOK2PDF" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_DOCBOOK2PDF="${ac_tool_prefix}docbook2pdf" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi DOCBOOK2PDF=$ac_cv_prog_DOCBOOK2PDF if test -n "$DOCBOOK2PDF"; then { echo "$as_me:$LINENO: result: $DOCBOOK2PDF" >&5 echo "${ECHO_T}$DOCBOOK2PDF" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi fi if test -z "$ac_cv_prog_DOCBOOK2PDF"; then ac_ct_DOCBOOK2PDF=$DOCBOOK2PDF # Extract the first word of "docbook2pdf", so it can be a program name with args. set dummy docbook2pdf; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_ac_ct_DOCBOOK2PDF+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_DOCBOOK2PDF"; then ac_cv_prog_ac_ct_DOCBOOK2PDF="$ac_ct_DOCBOOK2PDF" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_DOCBOOK2PDF="docbook2pdf" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_DOCBOOK2PDF=$ac_cv_prog_ac_ct_DOCBOOK2PDF if test -n "$ac_ct_DOCBOOK2PDF"; then { echo "$as_me:$LINENO: result: $ac_ct_DOCBOOK2PDF" >&5 echo "${ECHO_T}$ac_ct_DOCBOOK2PDF" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if test "x$ac_ct_DOCBOOK2PDF" = x; then DOCBOOK2PDF="true" else case $cross_compiling:$ac_tool_warned in yes:) { echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&5 echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&2;} ac_tool_warned=yes ;; esac DOCBOOK2PDF=$ac_ct_DOCBOOK2PDF fi else DOCBOOK2PDF="$ac_cv_prog_DOCBOOK2PDF" fi # Checks for header files. { echo "$as_me:$LINENO: checking for ANSI C header files" >&5 echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6; } if test "${ac_cv_header_stdc+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_header_stdc=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF rm -f conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_try") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then : else echo "$as_me: program exited with status $ac_status" >&5 echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ( exit $ac_status ) ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi fi fi { echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 echo "${ECHO_T}$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then cat >>confdefs.h <<\_ACEOF #define STDC_HEADERS 1 _ACEOF fi for ac_header in arpa/inet.h errno.h fcntl.h getopt.h limits.h netdb.h netinet/in.h netinet/tcp.h pthread.h stdarg.h stdlib.h string.h sys/select.h sys/socket.h unistd.h inexistent.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then { echo "$as_me:$LINENO: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 fi ac_res=`eval echo '${'$as_ac_Header'}'` { echo "$as_me:$LINENO: result: $ac_res" >&5 echo "${ECHO_T}$ac_res" >&6; } else # Is the header compilable? { echo "$as_me:$LINENO: checking $ac_header usability" >&5 echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 echo "${ECHO_T}$ac_header_compiler" >&6; } # Is the header present? { echo "$as_me:$LINENO: checking $ac_header presence" >&5 echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include <$ac_header> _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 echo "${ECHO_T}$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} ( cat <<\_ASBOX ## ------------------------------------ ## ## Report this to nufw-devel@nongnu.org ## ## ------------------------------------ ## _ASBOX ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { echo "$as_me:$LINENO: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 else eval "$as_ac_Header=\$ac_header_preproc" fi ac_res=`eval echo '${'$as_ac_Header'}'` { echo "$as_me:$LINENO: result: $ac_res" >&5 echo "${ECHO_T}$ac_res" >&6; } fi if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <<_ACEOF #define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done # Checks for typedefs, structures, and compiler characteristics. { echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5 echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6; } if test "${ac_cv_c_const+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { /* FIXME: Include the comments suggested by Paul. */ #ifndef __cplusplus /* Ultrix mips cc rejects this. */ typedef int charset[2]; const charset cs; /* SunOS 4.1.1 cc rejects this. */ char const *const *pcpcc; char **ppc; /* NEC SVR4.0.2 mips cc rejects this. */ struct point {int x, y;}; static struct point const zero = {0,0}; /* AIX XL C 1.02.0.0 rejects this. It does not let you subtract one const X* pointer from another in an arm of an if-expression whose if-part is not a constant expression */ const char *g = "string"; pcpcc = &g + (g ? g-g : 0); /* HPUX 7.0 cc rejects these. */ ++pcpcc; ppc = (char**) pcpcc; pcpcc = (char const *const *) ppc; { /* SCO 3.2v4 cc rejects this. */ char *t; char const *s = 0 ? (char *) 0 : (char const *) 0; *t++ = 0; if (s) return 0; } { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ int x[] = {25, 17}; const int *foo = &x[0]; ++foo; } { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ typedef const int *iptr; iptr p = 0; ++p; } { /* AIX XL C 1.02.0.0 rejects this saying "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ struct s { int j; const int *ap[3]; }; struct s *b; b->j = 5; } { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ const int foo = 10; if (!foo) return 0; } return !cs[0] && !zero.x; #endif ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_c_const=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_c_const=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5 echo "${ECHO_T}$ac_cv_c_const" >&6; } if test $ac_cv_c_const = no; then cat >>confdefs.h <<\_ACEOF #define const _ACEOF fi # Checks for library functions. for ac_header in stdlib.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then { echo "$as_me:$LINENO: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 fi ac_res=`eval echo '${'$as_ac_Header'}'` { echo "$as_me:$LINENO: result: $ac_res" >&5 echo "${ECHO_T}$ac_res" >&6; } else # Is the header compilable? { echo "$as_me:$LINENO: checking $ac_header usability" >&5 echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 echo "${ECHO_T}$ac_header_compiler" >&6; } # Is the header present? { echo "$as_me:$LINENO: checking $ac_header presence" >&5 echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include <$ac_header> _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 echo "${ECHO_T}$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} ( cat <<\_ASBOX ## ------------------------------------ ## ## Report this to nufw-devel@nongnu.org ## ## ------------------------------------ ## _ASBOX ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { echo "$as_me:$LINENO: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 else eval "$as_ac_Header=\$ac_header_preproc" fi ac_res=`eval echo '${'$as_ac_Header'}'` { echo "$as_me:$LINENO: result: $ac_res" >&5 echo "${ECHO_T}$ac_res" >&6; } fi if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <<_ACEOF #define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done { echo "$as_me:$LINENO: checking for GNU libc compatible malloc" >&5 echo $ECHO_N "checking for GNU libc compatible malloc... $ECHO_C" >&6; } if test "${ac_cv_func_malloc_0_nonnull+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test "$cross_compiling" = yes; then ac_cv_func_malloc_0_nonnull=no else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #if defined STDC_HEADERS || defined HAVE_STDLIB_H # include #else char *malloc (); #endif int main () { return ! malloc (0); ; return 0; } _ACEOF rm -f conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_try") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_func_malloc_0_nonnull=yes else echo "$as_me: program exited with status $ac_status" >&5 echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ( exit $ac_status ) ac_cv_func_malloc_0_nonnull=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi fi { echo "$as_me:$LINENO: result: $ac_cv_func_malloc_0_nonnull" >&5 echo "${ECHO_T}$ac_cv_func_malloc_0_nonnull" >&6; } if test $ac_cv_func_malloc_0_nonnull = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_MALLOC 1 _ACEOF else cat >>confdefs.h <<\_ACEOF #define HAVE_MALLOC 0 _ACEOF case " $LIBOBJS " in *" malloc.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS malloc.$ac_objext" ;; esac cat >>confdefs.h <<\_ACEOF #define malloc rpl_malloc _ACEOF fi { echo "$as_me:$LINENO: checking whether lstat dereferences a symlink specified with a trailing slash" >&5 echo $ECHO_N "checking whether lstat dereferences a symlink specified with a trailing slash... $ECHO_C" >&6; } if test "${ac_cv_func_lstat_dereferences_slashed_symlink+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else rm -f conftest.sym conftest.file echo >conftest.file if test "$as_ln_s" = "ln -s" && ln -s conftest.file conftest.sym; then if test "$cross_compiling" = yes; then ac_cv_func_lstat_dereferences_slashed_symlink=no else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default int main () { struct stat sbuf; /* Linux will dereference the symlink and fail. That is better in the sense that it means we will not have to compile and use the lstat wrapper. */ return lstat ("conftest.sym/", &sbuf) == 0; ; return 0; } _ACEOF rm -f conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_try") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_func_lstat_dereferences_slashed_symlink=yes else echo "$as_me: program exited with status $ac_status" >&5 echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ( exit $ac_status ) ac_cv_func_lstat_dereferences_slashed_symlink=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi else # If the `ln -s' command failed, then we probably don't even # have an lstat function. ac_cv_func_lstat_dereferences_slashed_symlink=no fi rm -f conftest.sym conftest.file fi { echo "$as_me:$LINENO: result: $ac_cv_func_lstat_dereferences_slashed_symlink" >&5 echo "${ECHO_T}$ac_cv_func_lstat_dereferences_slashed_symlink" >&6; } test $ac_cv_func_lstat_dereferences_slashed_symlink = yes && cat >>confdefs.h <<_ACEOF #define LSTAT_FOLLOWS_SLASHED_SYMLINK 1 _ACEOF if test $ac_cv_func_lstat_dereferences_slashed_symlink = no; then case " $LIBOBJS " in *" lstat.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS lstat.$ac_objext" ;; esac fi { echo "$as_me:$LINENO: checking whether stat accepts an empty string" >&5 echo $ECHO_N "checking whether stat accepts an empty string... $ECHO_C" >&6; } if test "${ac_cv_func_stat_empty_string_bug+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test "$cross_compiling" = yes; then ac_cv_func_stat_empty_string_bug=yes else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default int main () { struct stat sbuf; return stat ("", &sbuf) == 0; ; return 0; } _ACEOF rm -f conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_try") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_func_stat_empty_string_bug=no else echo "$as_me: program exited with status $ac_status" >&5 echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ( exit $ac_status ) ac_cv_func_stat_empty_string_bug=yes fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi fi { echo "$as_me:$LINENO: result: $ac_cv_func_stat_empty_string_bug" >&5 echo "${ECHO_T}$ac_cv_func_stat_empty_string_bug" >&6; } if test $ac_cv_func_stat_empty_string_bug = yes; then case " $LIBOBJS " in *" stat.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS stat.$ac_objext" ;; esac cat >>confdefs.h <<_ACEOF #define HAVE_STAT_EMPTY_STRING_BUG 1 _ACEOF fi for ac_func in getopt_long gethostbyname memset setsockopt socket strcasecmp strspn do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` { echo "$as_me:$LINENO: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define $ac_func to an innocuous variant, in case declares $ac_func. For example, HP-UX 11i declares gettimeofday. */ #define $ac_func innocuous_$ac_func /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $ac_func /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $ac_func (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$ac_func || defined __stub___$ac_func choke me #endif int main () { return $ac_func (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then eval "$as_ac_var=yes" else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_var=no" fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi ac_res=`eval echo '${'$as_ac_var'}'` { echo "$as_me:$LINENO: result: $ac_res" >&5 echo "${ECHO_T}$ac_res" >&6; } if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <<_ACEOF #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done #AC_CHECK_LIB([gcrypt], [gcry_md_open],AC_DEFINE([HAVE_LIBRARY_GCRYPT],[1],[Gcrypt lib flag]), check_gcrypt=no,[-L/usr/local/lib]) #AC_CHECK_LIB([gnutls], [gnutls_init],AC_DEFINE([HAVE_LIBRARY_GNUTLS],[1],[Gnutls lib flag]), check_gnutls=no) #AM_CHECK_PATH([libgcrypt], [gcry_md_open],AC_DEFINE([HAVE_LIBRARY_GCRYPT],[1],[Gcrypt lib flag]), check_gcrypt=no,[-L/usr/local/lib]) #AM_CHECK_PATH(libgnutls], [gnutls_init],AC_DEFINE([HAVE_LIBRARY_GNUTLS],[1],[Gnutls lib flag]), check_gnutls=no) if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_PKG_CONFIG+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi PKG_CONFIG=$ac_cv_path_PKG_CONFIG if test -n "$PKG_CONFIG"; then { echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5 echo "${ECHO_T}$PKG_CONFIG" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi fi if test -z "$ac_cv_path_PKG_CONFIG"; then ac_pt_PKG_CONFIG=$PKG_CONFIG # Extract the first word of "pkg-config", so it can be a program name with args. set dummy pkg-config; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_ac_pt_PKG_CONFIG+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $ac_pt_PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG if test -n "$ac_pt_PKG_CONFIG"; then { echo "$as_me:$LINENO: result: $ac_pt_PKG_CONFIG" >&5 echo "${ECHO_T}$ac_pt_PKG_CONFIG" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if test "x$ac_pt_PKG_CONFIG" = x; then PKG_CONFIG="" else case $cross_compiling:$ac_tool_warned in yes:) { echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&5 echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&2;} ac_tool_warned=yes ;; esac PKG_CONFIG=$ac_pt_PKG_CONFIG fi else PKG_CONFIG="$ac_cv_path_PKG_CONFIG" fi fi if test -n "$PKG_CONFIG"; then _pkg_min_version=0.9.0 { echo "$as_me:$LINENO: checking pkg-config is at least version $_pkg_min_version" >&5 echo $ECHO_N "checking pkg-config is at least version $_pkg_min_version... $ECHO_C" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then { echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } PKG_CONFIG="" fi fi # Check whether --with-openssl was given. if test "${with_openssl+set}" = set; then withval=$with_openssl; build_openssl=$enableval else build_openssl="no" fi if test "${build_openssl}" != "no"; then pkg_failed=no { echo "$as_me:$LINENO: checking for OPENSSL" >&5 echo $ECHO_N "checking for OPENSSL... $ECHO_C" >&6; } if test -n "$PKG_CONFIG"; then if test -n "$OPENSSL_CFLAGS"; then pkg_cv_OPENSSL_CFLAGS="$OPENSSL_CFLAGS" else if test -n "$PKG_CONFIG" && \ { (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"openssl\"") >&5 ($PKG_CONFIG --exists --print-errors "openssl") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then pkg_cv_OPENSSL_CFLAGS=`$PKG_CONFIG --cflags "openssl" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$OPENSSL_LIBS"; then pkg_cv_OPENSSL_LIBS="$OPENSSL_LIBS" else if test -n "$PKG_CONFIG" && \ { (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"openssl\"") >&5 ($PKG_CONFIG --exists --print-errors "openssl") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then pkg_cv_OPENSSL_LIBS=`$PKG_CONFIG --libs "openssl" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then OPENSSL_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "openssl"` else OPENSSL_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "openssl"` fi # Put the nasty error message in config.log where it belongs echo "$OPENSSL_PKG_ERRORS" >&5 { { echo "$as_me:$LINENO: error: Package requirements (openssl) were not met: $OPENSSL_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables OPENSSL_CFLAGS and OPENSSL_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. " >&5 echo "$as_me: error: Package requirements (openssl) were not met: $OPENSSL_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables OPENSSL_CFLAGS and OPENSSL_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. " >&2;} { (exit 1); exit 1; }; } elif test $pkg_failed = untried; then { { echo "$as_me:$LINENO: error: The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. Alternatively, you may set the environment variables OPENSSL_CFLAGS and OPENSSL_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . See \`config.log' for more details." >&5 echo "$as_me: error: The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. Alternatively, you may set the environment variables OPENSSL_CFLAGS and OPENSSL_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } else OPENSSL_CFLAGS=$pkg_cv_OPENSSL_CFLAGS OPENSSL_LIBS=$pkg_cv_OPENSSL_LIBS { echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6; } : fi cat >>confdefs.h <<_ACEOF #define HAVE_OPENSSL 1 _ACEOF fi if test "x${build_openssl}" = "xno"; then NEED_LIBGCRYPT_VERSION=1.2.0 # Check whether --with-libgcrypt-prefix was given. if test "${with_libgcrypt_prefix+set}" = set; then withval=$with_libgcrypt_prefix; libgcrypt_config_prefix="$withval" else libgcrypt_config_prefix="" fi if test x$libgcrypt_config_prefix != x ; then if test x${LIBGCRYPT_CONFIG+set} != xset ; then LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config fi fi # Extract the first word of "libgcrypt-config", so it can be a program name with args. set dummy libgcrypt-config; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_LIBGCRYPT_CONFIG+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $LIBGCRYPT_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_LIBGCRYPT_CONFIG="$LIBGCRYPT_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_LIBGCRYPT_CONFIG="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_LIBGCRYPT_CONFIG" && ac_cv_path_LIBGCRYPT_CONFIG="no" ;; esac fi LIBGCRYPT_CONFIG=$ac_cv_path_LIBGCRYPT_CONFIG if test -n "$LIBGCRYPT_CONFIG"; then { echo "$as_me:$LINENO: result: $LIBGCRYPT_CONFIG" >&5 echo "${ECHO_T}$LIBGCRYPT_CONFIG" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi tmp="$NEED_LIBGCRYPT_VERSION" if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'` else req_libgcrypt_api=0 min_libgcrypt_version="$tmp" fi { echo "$as_me:$LINENO: checking for LIBGCRYPT - version >= $min_libgcrypt_version" >&5 echo $ECHO_N "checking for LIBGCRYPT - version >= $min_libgcrypt_version... $ECHO_C" >&6; } ok=no if test "$LIBGCRYPT_CONFIG" != "no" ; then req_major=`echo $min_libgcrypt_version | \ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\1/'` req_minor=`echo $min_libgcrypt_version | \ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\2/'` req_micro=`echo $min_libgcrypt_version | \ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\3/'` libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` major=`echo $libgcrypt_config_version | \ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\1/'` minor=`echo $libgcrypt_config_version | \ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\2/'` micro=`echo $libgcrypt_config_version | \ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\3/'` if test "$major" -gt "$req_major"; then ok=yes else if test "$major" -eq "$req_major"; then if test "$minor" -gt "$req_minor"; then ok=yes else if test "$minor" -eq "$req_minor"; then if test "$micro" -ge "$req_micro"; then ok=yes fi fi fi fi fi fi if test $ok = yes; then { echo "$as_me:$LINENO: result: yes ($libgcrypt_config_version)" >&5 echo "${ECHO_T}yes ($libgcrypt_config_version)" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if test $ok = yes; then # If we have a recent libgcrypt, we should also check that the # API is compatible if test "$req_libgcrypt_api" -gt 0 ; then tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` if test "$tmp" -gt 0 ; then { echo "$as_me:$LINENO: checking LIBGCRYPT API version" >&5 echo $ECHO_N "checking LIBGCRYPT API version... $ECHO_C" >&6; } if test "$req_libgcrypt_api" -eq "$tmp" ; then { echo "$as_me:$LINENO: result: okay" >&5 echo "${ECHO_T}okay" >&6; } else ok=no { echo "$as_me:$LINENO: result: does not match. want=$req_libgcrypt_api got=$tmp" >&5 echo "${ECHO_T}does not match. want=$req_libgcrypt_api got=$tmp" >&6; } fi fi fi fi if test $ok = yes; then LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` : else LIBGCRYPT_CFLAGS="" LIBGCRYPT_LIBS="" : fi if test "x$LIBGCRYPT_LIBS" = "x"; then { { echo "$as_me:$LINENO: error: libgcrypt is needed. See ftp://ftp.gnupg.org/gcrypt/ ." >&5 echo "$as_me: error: libgcrypt is needed. See ftp://ftp.gnupg.org/gcrypt/ ." >&2;} { (exit 1); exit 1; }; } else CFLAGS="$CFLAGS $LIBGCRYPT_CFLAGS" LDFLAGS="$LDFLAGS $LIBGCRYPT_LIBS" fi NEED_LIBGNUTLS_VERSION=1.0.16 pkg_failed=no { echo "$as_me:$LINENO: checking for GNUTLS" >&5 echo $ECHO_N "checking for GNUTLS... $ECHO_C" >&6; } if test -n "$PKG_CONFIG"; then if test -n "$GNUTLS_CFLAGS"; then pkg_cv_GNUTLS_CFLAGS="$GNUTLS_CFLAGS" else if test -n "$PKG_CONFIG" && \ { (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"gnutls >= \$NEED_LIBGNUTLS_VERSION\"") >&5 ($PKG_CONFIG --exists --print-errors "gnutls >= $NEED_LIBGNUTLS_VERSION") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then pkg_cv_GNUTLS_CFLAGS=`$PKG_CONFIG --cflags "gnutls >= $NEED_LIBGNUTLS_VERSION" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$GNUTLS_LIBS"; then pkg_cv_GNUTLS_LIBS="$GNUTLS_LIBS" else if test -n "$PKG_CONFIG" && \ { (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"gnutls >= \$NEED_LIBGNUTLS_VERSION\"") >&5 ($PKG_CONFIG --exists --print-errors "gnutls >= $NEED_LIBGNUTLS_VERSION") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then pkg_cv_GNUTLS_LIBS=`$PKG_CONFIG --libs "gnutls >= $NEED_LIBGNUTLS_VERSION" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then GNUTLS_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "gnutls >= $NEED_LIBGNUTLS_VERSION"` else GNUTLS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "gnutls >= $NEED_LIBGNUTLS_VERSION"` fi # Put the nasty error message in config.log where it belongs echo "$GNUTLS_PKG_ERRORS" >&5 { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } exit elif test $pkg_failed = untried; then exit else GNUTLS_CFLAGS=$pkg_cv_GNUTLS_CFLAGS GNUTLS_LIBS=$pkg_cv_GNUTLS_LIBS { echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6; } : fi cat >>confdefs.h <<_ACEOF #define HAVE_GNUTLS 1 _ACEOF { echo "$as_me:$LINENO: checking for gnutls_priority_set in -lgnutls" >&5 echo $ECHO_N "checking for gnutls_priority_set in -lgnutls... $ECHO_C" >&6; } if test "${ac_cv_lib_gnutls_gnutls_priority_set+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lgnutls $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gnutls_priority_set (); int main () { return gnutls_priority_set (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_gnutls_gnutls_priority_set=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_gnutls_gnutls_priority_set=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_gnutls_gnutls_priority_set" >&5 echo "${ECHO_T}$ac_cv_lib_gnutls_gnutls_priority_set" >&6; } if test $ac_cv_lib_gnutls_gnutls_priority_set = yes; then cat >>confdefs.h <<_ACEOF #define HAVE_GNUTLS_STRING_PRIORITY _ACEOF fi fi #Configure database support, depending on user input # Check whether --with-prelude-log was given. if test "${with_prelude_log+set}" = set; then withval=$with_prelude_log; enable_prelude_log=$withval else enable_prelude_log="" fi # Check whether --with-mysql-log was given. if test "${with_mysql_log+set}" = set; then withval=$with_mysql_log; enable_mysql_log=$withval else enable_mysql_log="" fi # Check whether --with-mysql-auth was given. if test "${with_mysql_auth+set}" = set; then withval=$with_mysql_auth; enable_mysql_auth=$withval else enable_mysql_auth="" fi # Check whether --with-pgsql-log was given. if test "${with_pgsql_log+set}" = set; then withval=$with_pgsql_log; enable_pgsql_log=$withval else enable_pgsql_log="" fi # Check whether --with-syslog-log was given. if test "${with_syslog_log+set}" = set; then withval=$with_syslog_log; enable_syslog_log=$withval else enable_syslog_log="yes" fi # Check whether --with-ulogd2-log was given. if test "${with_ulogd2_log+set}" = set; then withval=$with_ulogd2_log; enable_ulogd2_log=$withval else enable_ulogd2_log="yes" fi # Check whether --with-plaintext-auth was given. if test "${with_plaintext_auth+set}" = set; then withval=$with_plaintext_auth; enable_plaintext_auth=$withval else enable_plaintext_auth="yes" fi # Check whether --with-mark-group was given. if test "${with_mark_group+set}" = set; then withval=$with_mark_group; enable_mark_group=$withval else enable_mark_group="yes" fi # Check whether --with-mark-field was given. if test "${with_mark_field+set}" = set; then withval=$with_mark_field; enable_mark_field=$withval else enable_mark_field="yes" fi # Check whether --with-mark-flag was given. if test "${with_mark_flag+set}" = set; then withval=$with_mark_flag; enable_mark_flag=$withval else enable_mark_flag="yes" fi # Check whether --with-system-auth was given. if test "${with_system_auth+set}" = set; then withval=$with_system_auth; enable_system_auth=$withval else enable_system_auth="yes" fi # Check whether --with-ldap was given. if test "${with_ldap+set}" = set; then withval=$with_ldap; ldap=$withval else ldap="" fi # Check whether --with-nfqueue was given. if test "${with_nfqueue+set}" = set; then withval=$with_nfqueue; use_nfqueue=$withval else use_nfqueue="yes" fi # Check whether --with-nfconntrack was given. if test "${with_nfconntrack+set}" = set; then withval=$with_nfconntrack; use_nfconntrack=$withval else use_nfconntrack="yes" fi # Check whether --with-utf8 was given. if test "${with_utf8+set}" = set; then withval=$with_utf8; cat >>confdefs.h <<_ACEOF #define USE_UTF8 1 _ACEOF fi # Check whether --with-fixedtimeout was given. if test "${with_fixedtimeout+set}" = set; then withval=$with_fixedtimeout; have_conntrack_fixedtimeout=$withval fi # Check whether --enable-nufw was given. if test "${enable_nufw+set}" = set; then enableval=$enable_nufw; build_nufw=$enableval else build_nufw="yes" fi # Check whether --enable-nuauth was given. if test "${enable_nuauth+set}" = set; then enableval=$enable_nuauth; build_nuauth=$enableval else build_nuauth="yes" fi # Check whether --enable-libnuclient was given. if test "${enable_libnuclient+set}" = set; then enableval=$enable_libnuclient; build_libnuclient=$enableval else build_libnuclient="yes" fi # Check whether --enable-nutcpc was given. if test "${enable_nutcpc+set}" = set; then enableval=$enable_nutcpc; build_nutcpc=$enableval else build_nutcpc="yes" fi # Check whether --enable-pam-nufw was given. if test "${enable_pam_nufw+set}" = set; then enableval=$enable_pam_nufw; build_pam_nufw=$enableval else build_pam_nufw="no" fi # Check whether --enable-nuauth-command was given. if test "${enable_nuauth_command+set}" = set; then enableval=$enable_nuauth_command; build_nuauth_command=$enableval else build_nuauth_command="yes" fi if test "${build_nuauth_command}" = "yes"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}python", so it can be a program name with args. set dummy ${ac_tool_prefix}python; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_PYTHON+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$PYTHON"; then ac_cv_prog_PYTHON="$PYTHON" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_PYTHON="${ac_tool_prefix}python" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi PYTHON=$ac_cv_prog_PYTHON if test -n "$PYTHON"; then { echo "$as_me:$LINENO: result: $PYTHON" >&5 echo "${ECHO_T}$PYTHON" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi fi if test -z "$ac_cv_prog_PYTHON"; then ac_ct_PYTHON=$PYTHON # Extract the first word of "python", so it can be a program name with args. set dummy python; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_ac_ct_PYTHON+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_PYTHON"; then ac_cv_prog_ac_ct_PYTHON="$ac_ct_PYTHON" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_PYTHON="python" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_PYTHON=$ac_cv_prog_ac_ct_PYTHON if test -n "$ac_ct_PYTHON"; then { echo "$as_me:$LINENO: result: $ac_ct_PYTHON" >&5 echo "${ECHO_T}$ac_ct_PYTHON" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if test "x$ac_ct_PYTHON" = x; then PYTHON="" else case $cross_compiling:$ac_tool_warned in yes:) { echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&5 echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&2;} ac_tool_warned=yes ;; esac PYTHON=$ac_ct_PYTHON fi else PYTHON="$ac_cv_prog_PYTHON" fi cat >>confdefs.h <<_ACEOF #define BUILD_NUAUTH_COMMAND 1 _ACEOF e_localstatedir=$localstatedir while true; do case "$e_localstatedir" in *\$* ) eval "e_localstatedir=$e_localstatedir" ;; *) break ;; esac done fi # Check whether --enable-debug was given. if test "${enable_debug+set}" = set; then enableval=$enable_debug; debug=$enableval else debug="" fi # Check whether --with-perf-display was given. if test "${with_perf_display+set}" = set; then withval=$with_perf_display; use_perf_display=$withval else use_perf_display="yes" fi if test "${use_perf_display}" = "yes"; then cat >>confdefs.h <<_ACEOF #define PERF_DISPLAY_ENABLE 1 _ACEOF fi if test \ "${build_nuauth}" = "yes" \ -o "${build_libnuclient}" = "yes" \ -o "${build_nutcpc}" = "yes" \ -o "${build_pam_nufw}" = "yes" \ ; then { echo "$as_me:$LINENO: checking for sasl_server_init in -lsasl2" >&5 echo $ECHO_N "checking for sasl_server_init in -lsasl2... $ECHO_C" >&6; } if test "${ac_cv_lib_sasl2_sasl_server_init+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsasl2 $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char sasl_server_init (); int main () { return sasl_server_init (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_sasl2_sasl_server_init=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_sasl2_sasl_server_init=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_sasl2_sasl_server_init" >&5 echo "${ECHO_T}$ac_cv_lib_sasl2_sasl_server_init" >&6; } if test $ac_cv_lib_sasl2_sasl_server_init = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_LIBRARY_SASL2 1 _ACEOF else check_sasl=no fi fi if test "${build_nuauth}" = "yes"; then { echo "$as_me:$LINENO: checking for sasl_server_init in -lsasl2" >&5 echo $ECHO_N "checking for sasl_server_init in -lsasl2... $ECHO_C" >&6; } if test "${ac_cv_lib_sasl2_sasl_server_init+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsasl2 $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char sasl_server_init (); int main () { return sasl_server_init (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_sasl2_sasl_server_init=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_sasl2_sasl_server_init=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_sasl2_sasl_server_init" >&5 echo "${ECHO_T}$ac_cv_lib_sasl2_sasl_server_init" >&6; } if test $ac_cv_lib_sasl2_sasl_server_init = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_LIBRARY_SASL2 1 _ACEOF else check_sasl=no fi # glib stuff # Check whether --enable-glibtest was given. if test "${enable_glibtest+set}" = set; then enableval=$enable_glibtest; else enable_glibtest=yes fi pkg_config_args=glib-2.0 for module in . gthread gmodule do case "$module" in gmodule) pkg_config_args="$pkg_config_args gmodule-2.0" ;; gmodule-no-export) pkg_config_args="$pkg_config_args gmodule-no-export-2.0" ;; gobject) pkg_config_args="$pkg_config_args gobject-2.0" ;; gthread) pkg_config_args="$pkg_config_args gthread-2.0" ;; gio*) pkg_config_args="$pkg_config_args $module-2.0" ;; esac done if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_PKG_CONFIG+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi PKG_CONFIG=$ac_cv_path_PKG_CONFIG if test -n "$PKG_CONFIG"; then { echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5 echo "${ECHO_T}$PKG_CONFIG" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi fi if test -z "$ac_cv_path_PKG_CONFIG"; then ac_pt_PKG_CONFIG=$PKG_CONFIG # Extract the first word of "pkg-config", so it can be a program name with args. set dummy pkg-config; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_ac_pt_PKG_CONFIG+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $ac_pt_PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG if test -n "$ac_pt_PKG_CONFIG"; then { echo "$as_me:$LINENO: result: $ac_pt_PKG_CONFIG" >&5 echo "${ECHO_T}$ac_pt_PKG_CONFIG" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if test "x$ac_pt_PKG_CONFIG" = x; then PKG_CONFIG="" else case $cross_compiling:$ac_tool_warned in yes:) { echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&5 echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&2;} ac_tool_warned=yes ;; esac PKG_CONFIG=$ac_pt_PKG_CONFIG fi else PKG_CONFIG="$ac_cv_path_PKG_CONFIG" fi fi if test -n "$PKG_CONFIG"; then _pkg_min_version=0.16 { echo "$as_me:$LINENO: checking pkg-config is at least version $_pkg_min_version" >&5 echo $ECHO_N "checking pkg-config is at least version $_pkg_min_version... $ECHO_C" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then { echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } PKG_CONFIG="" fi fi no_glib="" if test "x$PKG_CONFIG" = x ; then no_glib=yes PKG_CONFIG=no fi min_glib_version=2.4.0 { echo "$as_me:$LINENO: checking for GLIB - version >= $min_glib_version" >&5 echo $ECHO_N "checking for GLIB - version >= $min_glib_version... $ECHO_C" >&6; } if test x$PKG_CONFIG != xno ; then ## don't try to run the test against uninstalled libtool libs if $PKG_CONFIG --uninstalled $pkg_config_args; then echo "Will use uninstalled version of GLib found in PKG_CONFIG_PATH" enable_glibtest=no fi if $PKG_CONFIG --atleast-version $min_glib_version $pkg_config_args; then : else no_glib=yes fi fi if test x"$no_glib" = x ; then GLIB_GENMARSHAL=`$PKG_CONFIG --variable=glib_genmarshal glib-2.0` GOBJECT_QUERY=`$PKG_CONFIG --variable=gobject_query glib-2.0` GLIB_MKENUMS=`$PKG_CONFIG --variable=glib_mkenums glib-2.0` GLIB_CFLAGS=`$PKG_CONFIG --cflags $pkg_config_args` GLIB_LIBS=`$PKG_CONFIG --libs $pkg_config_args` glib_config_major_version=`$PKG_CONFIG --modversion glib-2.0 | \ sed 's/\([0-9]*\).\([0-9]*\).\([0-9]*\)/\1/'` glib_config_minor_version=`$PKG_CONFIG --modversion glib-2.0 | \ sed 's/\([0-9]*\).\([0-9]*\).\([0-9]*\)/\2/'` glib_config_micro_version=`$PKG_CONFIG --modversion glib-2.0 | \ sed 's/\([0-9]*\).\([0-9]*\).\([0-9]*\)/\3/'` if test "x$enable_glibtest" = "xyes" ; then ac_save_CFLAGS="$CFLAGS" ac_save_LIBS="$LIBS" CFLAGS="$CFLAGS $GLIB_CFLAGS" LIBS="$GLIB_LIBS $LIBS" rm -f conf.glibtest if test "$cross_compiling" = yes; then echo $ac_n "cross compiling; assumed OK... $ac_c" else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include int main () { int major, minor, micro; char *tmp_version; system ("touch conf.glibtest"); /* HP/UX 9 (%@#!) writes to sscanf strings */ tmp_version = g_strdup("$min_glib_version"); if (sscanf(tmp_version, "%d.%d.%d", &major, &minor, µ) != 3) { printf("%s, bad version string\n", "$min_glib_version"); exit(1); } if ((glib_major_version != $glib_config_major_version) || (glib_minor_version != $glib_config_minor_version) || (glib_micro_version != $glib_config_micro_version)) { printf("\n*** 'pkg-config --modversion glib-2.0' returned %d.%d.%d, but GLIB (%d.%d.%d)\n", $glib_config_major_version, $glib_config_minor_version, $glib_config_micro_version, glib_major_version, glib_minor_version, glib_micro_version); printf ("*** was found! If pkg-config was correct, then it is best\n"); printf ("*** to remove the old version of GLib. You may also be able to fix the error\n"); printf("*** by modifying your LD_LIBRARY_PATH enviroment variable, or by editing\n"); printf("*** /etc/ld.so.conf. Make sure you have run ldconfig if that is\n"); printf("*** required on your system.\n"); printf("*** If pkg-config was wrong, set the environment variable PKG_CONFIG_PATH\n"); printf("*** to point to the correct configuration files\n"); } else if ((glib_major_version != GLIB_MAJOR_VERSION) || (glib_minor_version != GLIB_MINOR_VERSION) || (glib_micro_version != GLIB_MICRO_VERSION)) { printf("*** GLIB header files (version %d.%d.%d) do not match\n", GLIB_MAJOR_VERSION, GLIB_MINOR_VERSION, GLIB_MICRO_VERSION); printf("*** library (version %d.%d.%d)\n", glib_major_version, glib_minor_version, glib_micro_version); } else { if ((glib_major_version > major) || ((glib_major_version == major) && (glib_minor_version > minor)) || ((glib_major_version == major) && (glib_minor_version == minor) && (glib_micro_version >= micro))) { return 0; } else { printf("\n*** An old version of GLIB (%d.%d.%d) was found.\n", glib_major_version, glib_minor_version, glib_micro_version); printf("*** You need a version of GLIB newer than %d.%d.%d. The latest version of\n", major, minor, micro); printf("*** GLIB is always available from ftp://ftp.gtk.org.\n"); printf("***\n"); printf("*** If you have already installed a sufficiently new version, this error\n"); printf("*** probably means that the wrong copy of the pkg-config shell script is\n"); printf("*** being found. The easiest way to fix this is to remove the old version\n"); printf("*** of GLIB, but you can also set the PKG_CONFIG environment to point to the\n"); printf("*** correct copy of pkg-config. (In this case, you will have to\n"); printf("*** modify your LD_LIBRARY_PATH enviroment variable, or edit /etc/ld.so.conf\n"); printf("*** so that the correct libraries are found at run-time))\n"); } } return 1; } _ACEOF rm -f conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_try") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then : else echo "$as_me: program exited with status $ac_status" >&5 echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ( exit $ac_status ) no_glib=yes fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi CFLAGS="$ac_save_CFLAGS" LIBS="$ac_save_LIBS" fi fi if test "x$no_glib" = x ; then { echo "$as_me:$LINENO: result: yes (version $glib_config_major_version.$glib_config_minor_version.$glib_config_micro_version)" >&5 echo "${ECHO_T}yes (version $glib_config_major_version.$glib_config_minor_version.$glib_config_micro_version)" >&6; } : else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } if test "$PKG_CONFIG" = "no" ; then echo "*** A new enough version of pkg-config was not found." echo "*** See http://www.freedesktop.org/software/pkgconfig/" else if test -f conf.glibtest ; then : else echo "*** Could not run GLIB test program, checking why..." ac_save_CFLAGS="$CFLAGS" ac_save_LIBS="$LIBS" CFLAGS="$CFLAGS $GLIB_CFLAGS" LIBS="$LIBS $GLIB_LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include int main () { return ((glib_major_version) || (glib_minor_version) || (glib_micro_version)); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then echo "*** The test program compiled, but did not run. This usually means" echo "*** that the run-time linker is not finding GLIB or finding the wrong" echo "*** version of GLIB. If it is not finding GLIB, you'll need to set your" echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point" echo "*** to the installed location Also, make sure you have run ldconfig if that" echo "*** is required on your system" echo "***" echo "*** If you have an old version installed, it is best to remove it, although" echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 echo "*** The test program failed to compile or link. See the file config.log for the" echo "*** exact error that occured. This usually means GLIB is incorrectly installed." fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext CFLAGS="$ac_save_CFLAGS" LIBS="$ac_save_LIBS" fi fi GLIB_CFLAGS="" GLIB_LIBS="" GLIB_GENMARSHAL="" GOBJECT_QUERY="" GLIB_MKENUMS="" check_glib=no fi rm -f conf.glibtest if test "$enable_system_auth" = "yes"; then { echo "$as_me:$LINENO: checking for pam_start in -lpam" >&5 echo $ECHO_N "checking for pam_start in -lpam... $ECHO_C" >&6; } if test "${ac_cv_lib_pam_pam_start+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lpam $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pam_start (); int main () { return pam_start (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_pam_pam_start=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_pam_pam_start=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_pam_pam_start" >&5 echo "${ECHO_T}$ac_cv_lib_pam_pam_start" >&6; } if test $ac_cv_lib_pam_pam_start = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_LIBRARY_PAM 1 _ACEOF else check_pam=no fi fi if test "${ldap}" = "yes"; then { echo "$as_me:$LINENO: checking for ldap_simple_bind_s in -lldap" >&5 echo $ECHO_N "checking for ldap_simple_bind_s in -lldap... $ECHO_C" >&6; } if test "${ac_cv_lib_ldap_ldap_simple_bind_s+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lldap $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ldap_simple_bind_s (); int main () { return ldap_simple_bind_s (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_ldap_ldap_simple_bind_s=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_ldap_ldap_simple_bind_s=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_ldap_ldap_simple_bind_s" >&5 echo "${ECHO_T}$ac_cv_lib_ldap_ldap_simple_bind_s" >&6; } if test $ac_cv_lib_ldap_ldap_simple_bind_s = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_LIBRARY_LDAP 1 _ACEOF else check_ldap=no fi fi if test "$enable_mysql_log" = "yes" \ -o "$enable_mysql_auth" = "yes" ; then if which mysql_config 1>/dev/null; then { echo "$as_me:$LINENO: checking for mysql_real_connect in -lmysqlclient" >&5 echo $ECHO_N "checking for mysql_real_connect in -lmysqlclient... $ECHO_C" >&6; } if test "${ac_cv_lib_mysqlclient_mysql_real_connect+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lmysqlclient $(mysql_config --libs) $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char mysql_real_connect (); int main () { return mysql_real_connect (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_mysqlclient_mysql_real_connect=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_mysqlclient_mysql_real_connect=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_mysqlclient_mysql_real_connect" >&5 echo "${ECHO_T}$ac_cv_lib_mysqlclient_mysql_real_connect" >&6; } if test $ac_cv_lib_mysqlclient_mysql_real_connect = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_LIBRARY_MYSQLCLIENT 1 _ACEOF else check_mysql=no fi { echo "$as_me:$LINENO: checking for mysql_ssl_set in -lmysqlclient" >&5 echo $ECHO_N "checking for mysql_ssl_set in -lmysqlclient... $ECHO_C" >&6; } if test "${ac_cv_lib_mysqlclient_mysql_ssl_set+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lmysqlclient $(mysql_config --libs) $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char mysql_ssl_set (); int main () { return mysql_ssl_set (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_mysqlclient_mysql_ssl_set=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_mysqlclient_mysql_ssl_set=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_mysqlclient_mysql_ssl_set" >&5 echo "${ECHO_T}$ac_cv_lib_mysqlclient_mysql_ssl_set" >&6; } if test $ac_cv_lib_mysqlclient_mysql_ssl_set = yes; then cat >>confdefs.h <<_ACEOF #define HAVE_MYSQL_SSL 1 _ACEOF else { echo "$as_me:$LINENO: mysqlclient has no ssl support" >&5 echo "$as_me: mysqlclient has no ssl support" >&6;} fi have_mysql_config="yes" else { echo "$as_me:$LINENO: checking for mysql_real_connect in -lmysqlclient" >&5 echo $ECHO_N "checking for mysql_real_connect in -lmysqlclient... $ECHO_C" >&6; } if test "${ac_cv_lib_mysqlclient_mysql_real_connect+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lmysqlclient $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char mysql_real_connect (); int main () { return mysql_real_connect (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_mysqlclient_mysql_real_connect=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_mysqlclient_mysql_real_connect=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_mysqlclient_mysql_real_connect" >&5 echo "${ECHO_T}$ac_cv_lib_mysqlclient_mysql_real_connect" >&6; } if test $ac_cv_lib_mysqlclient_mysql_real_connect = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_LIBRARY_MYSQLCLIENT 1 _ACEOF else check_mysql=no fi { echo "$as_me:$LINENO: checking for mysql_ssl_set in -lmysqlclient" >&5 echo $ECHO_N "checking for mysql_ssl_set in -lmysqlclient... $ECHO_C" >&6; } if test "${ac_cv_lib_mysqlclient_mysql_ssl_set+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lmysqlclient $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char mysql_ssl_set (); int main () { return mysql_ssl_set (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_mysqlclient_mysql_ssl_set=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_mysqlclient_mysql_ssl_set=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_mysqlclient_mysql_ssl_set" >&5 echo "${ECHO_T}$ac_cv_lib_mysqlclient_mysql_ssl_set" >&6; } if test $ac_cv_lib_mysqlclient_mysql_ssl_set = yes; then cat >>confdefs.h <<_ACEOF #define HAVE_MYSQL_SSL 1 _ACEOF else { echo "$as_me:$LINENO: mysqlclient has no ssl support" >&5 echo "$as_me: mysqlclient has no ssl support" >&6;} fi fi fi if test "$enable_prelude_log" = "yes"; then # Evil hack to check if /usr/include/libprelude/prelude.h does exist. # TODO: Be able to change this directory and send this directory # to Prelude module of NuAuth OLDCFLAGS="$CFLAGS" OLDCPPFLAGS="$CPPFLAGS" CFLAGS="$CFLAGS -I/usr/include/libprelude/" CPPFLAGS="$CFLAGS -I/usr/include/libprelude/" if test "${ac_cv_header_prelude_h+set}" = set; then { echo "$as_me:$LINENO: checking for prelude.h" >&5 echo $ECHO_N "checking for prelude.h... $ECHO_C" >&6; } if test "${ac_cv_header_prelude_h+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 fi { echo "$as_me:$LINENO: result: $ac_cv_header_prelude_h" >&5 echo "${ECHO_T}$ac_cv_header_prelude_h" >&6; } else # Is the header compilable? { echo "$as_me:$LINENO: checking prelude.h usability" >&5 echo $ECHO_N "checking prelude.h usability... $ECHO_C" >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 echo "${ECHO_T}$ac_header_compiler" >&6; } # Is the header present? { echo "$as_me:$LINENO: checking prelude.h presence" >&5 echo $ECHO_N "checking prelude.h presence... $ECHO_C" >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 echo "${ECHO_T}$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { echo "$as_me:$LINENO: WARNING: prelude.h: accepted by the compiler, rejected by the preprocessor!" >&5 echo "$as_me: WARNING: prelude.h: accepted by the compiler, rejected by the preprocessor!" >&2;} { echo "$as_me:$LINENO: WARNING: prelude.h: proceeding with the compiler's result" >&5 echo "$as_me: WARNING: prelude.h: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { echo "$as_me:$LINENO: WARNING: prelude.h: present but cannot be compiled" >&5 echo "$as_me: WARNING: prelude.h: present but cannot be compiled" >&2;} { echo "$as_me:$LINENO: WARNING: prelude.h: check for missing prerequisite headers?" >&5 echo "$as_me: WARNING: prelude.h: check for missing prerequisite headers?" >&2;} { echo "$as_me:$LINENO: WARNING: prelude.h: see the Autoconf documentation" >&5 echo "$as_me: WARNING: prelude.h: see the Autoconf documentation" >&2;} { echo "$as_me:$LINENO: WARNING: prelude.h: section \"Present But Cannot Be Compiled\"" >&5 echo "$as_me: WARNING: prelude.h: section \"Present But Cannot Be Compiled\"" >&2;} { echo "$as_me:$LINENO: WARNING: prelude.h: proceeding with the preprocessor's result" >&5 echo "$as_me: WARNING: prelude.h: proceeding with the preprocessor's result" >&2;} { echo "$as_me:$LINENO: WARNING: prelude.h: in the future, the compiler will take precedence" >&5 echo "$as_me: WARNING: prelude.h: in the future, the compiler will take precedence" >&2;} ( cat <<\_ASBOX ## ------------------------------------ ## ## Report this to nufw-devel@nongnu.org ## ## ------------------------------------ ## _ASBOX ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { echo "$as_me:$LINENO: checking for prelude.h" >&5 echo $ECHO_N "checking for prelude.h... $ECHO_C" >&6; } if test "${ac_cv_header_prelude_h+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_cv_header_prelude_h=$ac_header_preproc fi { echo "$as_me:$LINENO: result: $ac_cv_header_prelude_h" >&5 echo "${ECHO_T}$ac_cv_header_prelude_h" >&6; } fi if test $ac_cv_header_prelude_h = yes; then : else check_prelude=no fi # Check for prelude_init() function libprelude.so { echo "$as_me:$LINENO: checking for prelude_init in -lprelude" >&5 echo $ECHO_N "checking for prelude_init in -lprelude... $ECHO_C" >&6; } if test "${ac_cv_lib_prelude_prelude_init+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lprelude $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char prelude_init (); int main () { return prelude_init (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_prelude_prelude_init=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_prelude_prelude_init=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_prelude_prelude_init" >&5 echo "${ECHO_T}$ac_cv_lib_prelude_prelude_init" >&6; } if test $ac_cv_lib_prelude_prelude_init = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_LIBRARY_PRELUDE 1 _ACEOF else check_prelude=no fi CFLAGS="$OLDCFLAGS" CPPFLAGS="$OLDCPPFLAGS" fi if test "$enable_pgsql_log" = "yes"; then { echo "$as_me:$LINENO: checking for PQconnectdb in -lpq" >&5 echo $ECHO_N "checking for PQconnectdb in -lpq... $ECHO_C" >&6; } if test "${ac_cv_lib_pq_PQconnectdb+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lpq $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char PQconnectdb (); int main () { return PQconnectdb (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_pq_PQconnectdb=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_pq_PQconnectdb=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_pq_PQconnectdb" >&5 echo "${ECHO_T}$ac_cv_lib_pq_PQconnectdb" >&6; } if test $ac_cv_lib_pq_PQconnectdb = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_LIBRARY_PQ 1 _ACEOF else check_pgsql=no fi fi fi if test x$enable_system_auth = xyes; then USE_SYSTEM_AUTH_TRUE= USE_SYSTEM_AUTH_FALSE='#' else USE_SYSTEM_AUTH_TRUE='#' USE_SYSTEM_AUTH_FALSE= fi if test x$ldap = xyes; then USE_LDAP_TRUE= USE_LDAP_FALSE='#' else USE_LDAP_TRUE='#' USE_LDAP_FALSE= fi if test x$enable_prelude_log = xyes; then USE_PRELUDE_LOG_TRUE= USE_PRELUDE_LOG_FALSE='#' else USE_PRELUDE_LOG_TRUE='#' USE_PRELUDE_LOG_FALSE= fi if test x$enable_mysql_log = xyes; then USE_MYSQL_LOG_TRUE= USE_MYSQL_LOG_FALSE='#' else USE_MYSQL_LOG_TRUE='#' USE_MYSQL_LOG_FALSE= fi if test x$enable_mysql_auth = xyes; then USE_MYSQL_AUTH_TRUE= USE_MYSQL_AUTH_FALSE='#' else USE_MYSQL_AUTH_TRUE='#' USE_MYSQL_AUTH_FALSE= fi if test x$have_mysql_config = xyes; then HAVE_MYSQL_CONFIG_TRUE= HAVE_MYSQL_CONFIG_FALSE='#' else HAVE_MYSQL_CONFIG_TRUE='#' HAVE_MYSQL_CONFIG_FALSE= fi if test x$enable_pgsql_log = xyes; then USE_PGSQL_LOG_TRUE= USE_PGSQL_LOG_FALSE='#' else USE_PGSQL_LOG_TRUE='#' USE_PGSQL_LOG_FALSE= fi if test x$enable_plaintext_auth = xyes; then USE_PLAINTEXT_AUTH_TRUE= USE_PLAINTEXT_AUTH_FALSE='#' else USE_PLAINTEXT_AUTH_TRUE='#' USE_PLAINTEXT_AUTH_FALSE= fi if test x$enable_mark_group = xyes; then USE_MARK_GROUP_TRUE= USE_MARK_GROUP_FALSE='#' else USE_MARK_GROUP_TRUE='#' USE_MARK_GROUP_FALSE= fi if test x$enable_mark_field = xyes; then USE_MARK_FIELD_TRUE= USE_MARK_FIELD_FALSE='#' else USE_MARK_FIELD_TRUE='#' USE_MARK_FIELD_FALSE= fi if test x$enable_mark_flag = xyes; then USE_MARK_FLAG_TRUE= USE_MARK_FLAG_FALSE='#' else USE_MARK_FLAG_TRUE='#' USE_MARK_FLAG_FALSE= fi if test x$enable_syslog_log = xyes; then USE_SYSLOG_LOG_TRUE= USE_SYSLOG_LOG_FALSE='#' else USE_SYSLOG_LOG_TRUE='#' USE_SYSLOG_LOG_FALSE= fi if test x$enable_ulogd2_log = xyes; then USE_ULOGD2_LOG_TRUE= USE_ULOGD2_LOG_FALSE='#' else USE_ULOGD2_LOG_TRUE='#' USE_ULOGD2_LOG_FALSE= fi if test "${build_libnuclient}" = "yes"; then { echo "$as_me:$LINENO: checking for sasl_server_init in -lsasl2" >&5 echo $ECHO_N "checking for sasl_server_init in -lsasl2... $ECHO_C" >&6; } if test "${ac_cv_lib_sasl2_sasl_server_init+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsasl2 $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char sasl_server_init (); int main () { return sasl_server_init (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_sasl2_sasl_server_init=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_sasl2_sasl_server_init=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_sasl2_sasl_server_init" >&5 echo "${ECHO_T}$ac_cv_lib_sasl2_sasl_server_init" >&6; } if test $ac_cv_lib_sasl2_sasl_server_init = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_LIBRARY_SASL2 1 _ACEOF else check_sasl=no fi fi if test "${build_nufw}" = "yes"; then if test "${check_pthread}" = "no"; then { { echo "$as_me:$LINENO: error: No pthread library, nufw daemon WON'T be able to compile" >&5 echo "$as_me: error: No pthread library, nufw daemon WON'T be able to compile" >&2;} { (exit 1); exit 1; }; }; fi if test "${use_nfqueue}" = "yes"; then # if we don't have we can't build nufw { echo "$as_me:$LINENO: checking for nfnl_open in -lnfnetlink" >&5 echo $ECHO_N "checking for nfnl_open in -lnfnetlink... $ECHO_C" >&6; } if test "${ac_cv_lib_nfnetlink_nfnl_open+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnfnetlink $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nfnl_open (); int main () { return nfnl_open (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_nfnetlink_nfnl_open=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_nfnetlink_nfnl_open=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_nfnetlink_nfnl_open" >&5 echo "${ECHO_T}$ac_cv_lib_nfnetlink_nfnl_open" >&6; } if test $ac_cv_lib_nfnetlink_nfnl_open = yes; then have_nfqueue="yes" else build_nufw="" fi { echo "$as_me:$LINENO: checking for nfq_open in -lnetfilter_queue" >&5 echo $ECHO_N "checking for nfq_open in -lnetfilter_queue... $ECHO_C" >&6; } if test "${ac_cv_lib_netfilter_queue_nfq_open+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnetfilter_queue -lnfnetlink $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nfq_open (); int main () { return nfq_open (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_netfilter_queue_nfq_open=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_netfilter_queue_nfq_open=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_netfilter_queue_nfq_open" >&5 echo "${ECHO_T}$ac_cv_lib_netfilter_queue_nfq_open" >&6; } if test $ac_cv_lib_netfilter_queue_nfq_open = yes; then have_nfqueue="yes" else { { echo "$as_me:$LINENO: error: libnetfilter_queue not present" >&5 echo "$as_me: error: libnetfilter_queue not present" >&2;} { (exit 1); exit 1; }; } fi { echo "$as_me:$LINENO: checking for nfq_set_queue_maxlen in -lnetfilter_queue" >&5 echo $ECHO_N "checking for nfq_set_queue_maxlen in -lnetfilter_queue... $ECHO_C" >&6; } if test "${ac_cv_lib_netfilter_queue_nfq_set_queue_maxlen+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnetfilter_queue -lnfnetlink $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nfq_set_queue_maxlen (); int main () { return nfq_set_queue_maxlen (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_netfilter_queue_nfq_set_queue_maxlen=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_netfilter_queue_nfq_set_queue_maxlen=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_netfilter_queue_nfq_set_queue_maxlen" >&5 echo "${ECHO_T}$ac_cv_lib_netfilter_queue_nfq_set_queue_maxlen" >&6; } if test $ac_cv_lib_netfilter_queue_nfq_set_queue_maxlen = yes; then cat >>confdefs.h <<_ACEOF #define HAVE_NFQ_SET_QUEUE_MAXLEN 1 _ACEOF fi { echo "$as_me:$LINENO: checking for nlif_catch in -lnfnetlink" >&5 echo $ECHO_N "checking for nlif_catch in -lnfnetlink... $ECHO_C" >&6; } if test "${ac_cv_lib_nfnetlink_nlif_catch+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnfnetlink $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nlif_catch (); int main () { return nlif_catch (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_nfnetlink_nlif_catch=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_nfnetlink_nlif_catch=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_nfnetlink_nlif_catch" >&5 echo "${ECHO_T}$ac_cv_lib_nfnetlink_nlif_catch" >&6; } if test $ac_cv_lib_nfnetlink_nlif_catch = yes; then { echo "$as_me:$LINENO: checking for nfq_get_indev_name in -lnetfilter_queue" >&5 echo $ECHO_N "checking for nfq_get_indev_name in -lnetfilter_queue... $ECHO_C" >&6; } if test "${ac_cv_lib_netfilter_queue_nfq_get_indev_name+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnetfilter_queue -lnfnetlink $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nfq_get_indev_name (); int main () { return nfq_get_indev_name (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_netfilter_queue_nfq_get_indev_name=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_netfilter_queue_nfq_get_indev_name=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_netfilter_queue_nfq_get_indev_name" >&5 echo "${ECHO_T}$ac_cv_lib_netfilter_queue_nfq_get_indev_name" >&6; } if test $ac_cv_lib_netfilter_queue_nfq_get_indev_name = yes; then cat >>confdefs.h <<_ACEOF #define HAVE_NFQ_INDEV_NAME 1 _ACEOF else { echo "$as_me:$LINENO: WARNING: \"Support of interface resolution in nfnetlink but not in netfilter_queue\"" >&5 echo "$as_me: WARNING: \"Support of interface resolution in nfnetlink but not in netfilter_queue\"" >&2;} fi fi cat >>confdefs.h <<_ACEOF #define USE_NFQUEUE 1 _ACEOF else for ac_header in libipq/libipq.h libipq.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then { echo "$as_me:$LINENO: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 fi ac_res=`eval echo '${'$as_ac_Header'}'` { echo "$as_me:$LINENO: result: $ac_res" >&5 echo "${ECHO_T}$ac_res" >&6; } else # Is the header compilable? { echo "$as_me:$LINENO: checking $ac_header usability" >&5 echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 echo "${ECHO_T}$ac_header_compiler" >&6; } # Is the header present? { echo "$as_me:$LINENO: checking $ac_header presence" >&5 echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include <$ac_header> _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 echo "${ECHO_T}$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} ( cat <<\_ASBOX ## ------------------------------------ ## ## Report this to nufw-devel@nongnu.org ## ## ------------------------------------ ## _ASBOX ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { echo "$as_me:$LINENO: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 else eval "$as_ac_Header=\$ac_header_preproc" fi ac_res=`eval echo '${'$as_ac_Header'}'` { echo "$as_me:$LINENO: result: $ac_res" >&5 echo "${ECHO_T}$ac_res" >&6; } fi if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <<_ACEOF #define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done # if we don't have we can't build nufw { echo "$as_me:$LINENO: checking for ipq_message_type in -lipq" >&5 echo $ECHO_N "checking for ipq_message_type in -lipq... $ECHO_C" >&6; } if test "${ac_cv_lib_ipq_ipq_message_type+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lipq $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ipq_message_type (); int main () { return ipq_message_type (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_ipq_ipq_message_type=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_ipq_ipq_message_type=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_ipq_ipq_message_type" >&5 echo "${ECHO_T}$ac_cv_lib_ipq_ipq_message_type" >&6; } if test $ac_cv_lib_ipq_ipq_message_type = yes; then have_ipq="yes" else build_nufw="" fi if test "$have_ipq" = "yes"; then # check if we have a version of libipq supporting mark # Check whether --with-user-mark was given. if test "${with_user_mark+set}" = set; then withval=$with_user_mark; enable_user_mark="yes" else enable_user_mark="" fi if test "$enable_user_mark" = "yes"; then { echo "$as_me:$LINENO: checking for ipq_set_vwmark in -lipq" >&5 echo $ECHO_N "checking for ipq_set_vwmark in -lipq... $ECHO_C" >&6; } if test "${ac_cv_lib_ipq_ipq_set_vwmark+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lipq $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ipq_set_vwmark (); int main () { return ipq_set_vwmark (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_ipq_ipq_set_vwmark=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_ipq_ipq_set_vwmark=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_ipq_ipq_set_vwmark" >&5 echo "${ECHO_T}$ac_cv_lib_ipq_ipq_set_vwmark" >&6; } if test $ac_cv_lib_ipq_ipq_set_vwmark = yes; then cat >>confdefs.h <<_ACEOF #define HAVE_LIBIPQ_MARK 1 _ACEOF else { echo "$as_me:$LINENO: result: libipq has no support for mark" >&5 echo "${ECHO_T}libipq has no support for mark" >&6; } fi fi fi fi fi if test "${use_nfconntrack}" = "yes"; then { echo "$as_me:$LINENO: checking for nfct_dump_conntrack_table in -lnetfilter_conntrack" >&5 echo $ECHO_N "checking for nfct_dump_conntrack_table in -lnetfilter_conntrack... $ECHO_C" >&6; } if test "${ac_cv_lib_netfilter_conntrack_nfct_dump_conntrack_table+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnetfilter_conntrack -ldl -lnfnetlink $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nfct_dump_conntrack_table (); int main () { return nfct_dump_conntrack_table (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_netfilter_conntrack_nfct_dump_conntrack_table=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_netfilter_conntrack_nfct_dump_conntrack_table=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_netfilter_conntrack_nfct_dump_conntrack_table" >&5 echo "${ECHO_T}$ac_cv_lib_netfilter_conntrack_nfct_dump_conntrack_table" >&6; } if test $ac_cv_lib_netfilter_conntrack_nfct_dump_conntrack_table = yes; then have_conntrack="yes" else have_conntrack="" fi else have_conntrack="" fi if test "${have_conntrack}" = "yes"; then cat >>confdefs.h <<_ACEOF #define HAVE_LIBCONNTRACK 1 _ACEOF { echo "$as_me:$LINENO: checking for nfct_callback_register in -lnetfilter_conntrack" >&5 echo $ECHO_N "checking for nfct_callback_register in -lnetfilter_conntrack... $ECHO_C" >&6; } if test "${ac_cv_lib_netfilter_conntrack_nfct_callback_register+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnetfilter_conntrack -ldl -lnfnetlink $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nfct_callback_register (); int main () { return nfct_callback_register (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_netfilter_conntrack_nfct_callback_register=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_netfilter_conntrack_nfct_callback_register=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_netfilter_conntrack_nfct_callback_register" >&5 echo "${ECHO_T}$ac_cv_lib_netfilter_conntrack_nfct_callback_register" >&6; } if test $ac_cv_lib_netfilter_conntrack_nfct_callback_register = yes; then have_new_conntrack_api="yes" else have_new_conntrack_api="" fi if test "${have_new_conntrack_api}" = "yes"; then cat >>confdefs.h <<_ACEOF #define HAVE_NEW_NFCT_API 1 _ACEOF fi fi if test "${build_pam_nufw}" = "yes"; then #AC_CHECK_LIB([pam], [pam_sm_authenticate],AC_DEFINE([HAVE_LIBRARY_PAM],[1],[Pam lib flag]), check_pam=no) { echo "$as_me:$LINENO: checking for pam_start in -lpam" >&5 echo $ECHO_N "checking for pam_start in -lpam... $ECHO_C" >&6; } if test "${ac_cv_lib_pam_pam_start+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lpam $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pam_start (); int main () { return pam_start (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then ac_cv_lib_pam_pam_start=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_pam_pam_start=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { echo "$as_me:$LINENO: result: $ac_cv_lib_pam_pam_start" >&5 echo "${ECHO_T}$ac_cv_lib_pam_pam_start" >&6; } if test $ac_cv_lib_pam_pam_start = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_LIBRARY_PAM 1 _ACEOF else check_pam=no fi fi if test x${build_nufw} = xyes; then BUILD_NUFW_TRUE= BUILD_NUFW_FALSE='#' else BUILD_NUFW_TRUE='#' BUILD_NUFW_FALSE= fi if test x${build_nuauth} = xyes; then BUILD_NUAUTH_TRUE= BUILD_NUAUTH_FALSE='#' else BUILD_NUAUTH_TRUE='#' BUILD_NUAUTH_FALSE= fi if test x${build_nutcpc} = xyes; then BUILD_NUTCPC_TRUE= BUILD_NUTCPC_FALSE='#' else BUILD_NUTCPC_TRUE='#' BUILD_NUTCPC_FALSE= fi if test x${build_libnuclient} = xyes; then BUILD_LIBNUCLIENT_TRUE= BUILD_LIBNUCLIENT_FALSE='#' else BUILD_LIBNUCLIENT_TRUE='#' BUILD_LIBNUCLIENT_FALSE= fi if test x${build_pam_nufw} = xyes; then BUILD_PAM_NUFW_TRUE= BUILD_PAM_NUFW_FALSE='#' else BUILD_PAM_NUFW_TRUE='#' BUILD_PAM_NUFW_FALSE= fi if test x${build_nuauth_command} = xyes; then BUILD_NUAUTH_COMMAND_TRUE= BUILD_NUAUTH_COMMAND_FALSE='#' else BUILD_NUAUTH_COMMAND_TRUE='#' BUILD_NUAUTH_COMMAND_FALSE= fi if test x$have_ipq = xyes && test x$have_conntrack = x ; then HAVE_IPQ_TRUE= HAVE_IPQ_FALSE='#' else HAVE_IPQ_TRUE='#' HAVE_IPQ_FALSE= fi if test x$enable_user_mark = xyes; then USE_USER_MARK_TRUE= USE_USER_MARK_FALSE='#' else USE_USER_MARK_TRUE='#' USE_USER_MARK_FALSE= fi if test x$have_nfqueue = xyes && test x$have_conntrack = x ; then HAVE_NFQUEUE_ONLY_TRUE= HAVE_NFQUEUE_ONLY_FALSE='#' else HAVE_NFQUEUE_ONLY_TRUE='#' HAVE_NFQUEUE_ONLY_FALSE= fi if test x$have_conntrack = xyes && test x$have_nfqueue = xyes ; then HAVE_NFQUEUE_CONNTRACK_TRUE= HAVE_NFQUEUE_CONNTRACK_FALSE='#' else HAVE_NFQUEUE_CONNTRACK_TRUE='#' HAVE_NFQUEUE_CONNTRACK_FALSE= fi if test x$have_nfqueue = x && test x$have_conntrack = xyes ; then HAVE_CONNTRACK_ONLY_TRUE= HAVE_CONNTRACK_ONLY_FALSE='#' else HAVE_CONNTRACK_ONLY_TRUE='#' HAVE_CONNTRACK_ONLY_FALSE= fi if test x$build_openssl != xno; then USE_OPENSSL_TRUE= USE_OPENSSL_FALSE='#' else USE_OPENSSL_TRUE='#' USE_OPENSSL_FALSE= fi if test x$build_openssl = xno; then USE_GNUTLS_TRUE= USE_GNUTLS_FALSE='#' else USE_GNUTLS_TRUE='#' USE_GNUTLS_FALSE= fi if test "x$GCC" = "xyes"; then { echo "$as_me:$LINENO: checking gcc version" >&5 echo $ECHO_N "checking gcc version... $ECHO_C" >&6; } gccver=$($CC -dumpversion) gccvermajor=$(echo $gccver | cut -d . -f1) gccverminor=$(echo $gccver | cut -d . -f2) gccvernum=$(expr $gccvermajor "*" 100 + $gccverminor) { echo "$as_me:$LINENO: result: $gccver" >&5 echo "${ECHO_T}$gccver" >&6; } if test "$gccvernum" -ge "400"; then CFLAGS="$CFLAGS -Wextra" else CFLAGS="$CFLAGS -W" fi fi CFLAGS="$CFLAGS -Wall" CFLAGS="$CFLAGS -Wno-unused-parameter" if test "${debug}" = "yes"; then cat >>confdefs.h <<_ACEOF #define DEBUG_ENABLE 1 _ACEOF CFLAGS="$CFLAGS -O0 -g" else CFLAGS="$CFLAGS -O2" fi ac_config_files="$ac_config_files Makefile doc/Makefile conf/Makefile python/Makefile selinux/Makefile src/Makefile src/include/Makefile src/libs/Makefile src/libs/nubase/Makefile src/libs/nuconfparser/Makefile src/libs/nussl/Makefile src/libs/nussl/libnussl.pc src/nuauth/Makefile src/nuauth/modules/Makefile src/nuauth/modules/ldap/Makefile src/nuauth/modules/plaintext/Makefile src/nuauth/modules/mark_group/Makefile src/nuauth/modules/mark_field/Makefile src/nuauth/modules/mark_flag/Makefile src/nuauth/modules/system/Makefile src/nuauth/modules/log_pgsql/Makefile src/nuauth/modules/log_mysql/Makefile src/nuauth/modules/log_nuprelude/Makefile src/nuauth/modules/log_syslog/Makefile src/nuauth/modules/log_script/Makefile src/nuauth/modules/log_ulogd2/Makefile src/nuauth/modules/xml_defs/Makefile src/nuauth/modules/x509_std/Makefile src/nuauth/modules/mark_uid/Makefile src/nuauth/modules/session_expire/Makefile src/nuauth/modules/session_authtype/Makefile src/nuauth/modules/ipauth_guest/Makefile src/nuauth/modules/auth_mysql/Makefile src/nuauth/modules/postauth_localuser/Makefile src/clients/Makefile src/clients/lib/Makefile src/clients/lib/libnuclient.pc src/clients/lib/tests/Makefile src/clients/lib/plugins/Makefile src/clients/lib/plugins/luser/Makefile src/clients/nutcpc/Makefile src/clients/pam_nufw/Makefile src/nufw/Makefile scripts/Makefile scripts/nuauth_command/Makefile scripts/nuauth_command/scripts/Makefile scripts/nuauth_command/scripts/nuauth_command scripts/nuauth_command/nuauth_command/Makefile scripts/auth_mysql/Makefile tests/Makefile tests/inl_tests/Makefile tests/pki/Makefile" # Display errors if any library is missing if test \ x${check_glib} = xno \ -o x${check_mysql} = xno \ -o x${check_pgsql} = xno \ -o x${check_prelude} = xno \ -o x${check_ldap} = xno \ -o x${check_gcrypt} = xno \ -o x${check_gnutls} = xno \ -o x${check_pam} = xno \ ; then { echo "$as_me:$LINENO: result: " >&5 echo "${ECHO_T}" >&6; } if test x${check_gcrypt} = xno; then { echo "$as_me:$LINENO: result: ERROR: gcrypt library needed for encryption" >&5 echo "${ECHO_T}ERROR: gcrypt library needed for encryption" >&6; } fi if test x${check_pam} = xno; then { echo "$as_me:$LINENO: result: ERROR: PAM library needed for system authentication" >&5 echo "${ECHO_T}ERROR: PAM library needed for system authentication" >&6; } fi if test x${check_gnutls} = xno; then { echo "$as_me:$LINENO: result: ERROR: gnutls library needed for encryption" >&5 echo "${ECHO_T}ERROR: gnutls library needed for encryption" >&6; } fi if test x${check_ldap} = xno; then { echo "$as_me:$LINENO: result: ERROR: ldap library needed for authentication" >&5 echo "${ECHO_T}ERROR: ldap library needed for authentication" >&6; } fi if test x${check_glib} = xno; then { echo "$as_me:$LINENO: result: ERROR: glib is required in order to compile nuauth" >&5 echo "${ECHO_T}ERROR: glib is required in order to compile nuauth" >&6; } fi if test x${check_mysql} = xno; then { echo "$as_me:$LINENO: result: ERROR: mysqlclient library needed if selected" >&5 echo "${ECHO_T}ERROR: mysqlclient library needed if selected" >&6; } fi if test x${check_prelude} = xno; then { echo "$as_me:$LINENO: result: ERROR: libprelude library needed if Prelude logging selected" >&5 echo "${ECHO_T}ERROR: libprelude library needed if Prelude logging selected" >&6; } fi if test x${check_pgsql} = xno; then { { echo "$as_me:$LINENO: error: libpq library needed if PostgreSQL support selected" >&5 echo "$as_me: error: libpq library needed if PostgreSQL support selected" >&2;} { (exit 1); exit 1; }; } fi exit 1 fi if test \ "${build_nuauth}" = "yes" \ -o "${build_libnuclient}" = "yes" \ -o "${build_nutcpc}" = "yes" \ -o "${build_pam_nufw}" = "yes" \ ; then if test x${check_sasl} = xno; then { echo "$as_me:$LINENO: result: ERROR: sasl library needed for authentication" >&5 echo "${ECHO_T}ERROR: sasl library needed for authentication" >&6; } exit 1 fi fi am__api_version='1.10' { echo "$as_me:$LINENO: checking whether build environment is sane" >&5 echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6; } # Just in case sleep 1 echo timestamp > conftest.file # Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null` if test "$*" = "X"; then # -L didn't work. set X `ls -t $srcdir/configure conftest.file` fi rm -f conftest.file if test "$*" != "X $srcdir/configure conftest.file" \ && test "$*" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". { { echo "$as_me:$LINENO: error: ls -t appears to fail. Make sure there is not a broken alias in your environment" >&5 echo "$as_me: error: ls -t appears to fail. Make sure there is not a broken alias in your environment" >&2;} { (exit 1); exit 1; }; } fi test "$2" = conftest.file ) then # Ok. : else { { echo "$as_me:$LINENO: error: newly created file is older than distributed files! Check your system clock" >&5 echo "$as_me: error: newly created file is older than distributed files! Check your system clock" >&2;} { (exit 1); exit 1; }; } fi { echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6; } test "$program_prefix" != NONE && program_transform_name="s&^&$program_prefix&;$program_transform_name" # Use a double $ so make ignores it. test "$program_suffix" != NONE && program_transform_name="s&\$&$program_suffix&;$program_transform_name" # Double any \ or $. echo might interpret backslashes. # By default was `s,x,x', remove it if useless. cat <<\_ACEOF >conftest.sed s/[\\$]/&&/g;s/;s,x,x,$// _ACEOF program_transform_name=`echo $program_transform_name | sed -f conftest.sed` rm -f conftest.sed { echo "$as_me:$LINENO: checking for a thread-safe mkdir -p" >&5 echo $ECHO_N "checking for a thread-safe mkdir -p... $ECHO_C" >&6; } if test -z "$MKDIR_P"; then if test "${ac_cv_path_mkdir+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in mkdir gmkdir; do for ac_exec_ext in '' $ac_executable_extensions; do { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( 'mkdir (GNU coreutils) '* | \ 'mkdir (coreutils) '* | \ 'mkdir (fileutils) '4.1*) ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext break 3;; esac done done done IFS=$as_save_IFS fi if test "${ac_cv_path_mkdir+set}" = set; then MKDIR_P="$ac_cv_path_mkdir -p" else # As a last resort, use the slow shell script. Don't cache a # value for MKDIR_P within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. test -d ./--version && rmdir ./--version MKDIR_P="$ac_install_sh -d" fi fi { echo "$as_me:$LINENO: result: $MKDIR_P" >&5 echo "${ECHO_T}$MKDIR_P" >&6; } mkdir_p="$MKDIR_P" case $mkdir_p in [\\/$]* | ?:[\\/]*) ;; */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; esac for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_AWK+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_AWK="$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then { echo "$as_me:$LINENO: result: $AWK" >&5 echo "${ECHO_T}$AWK" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi test -n "$AWK" && break done { echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5 echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6; } set x ${MAKE-make}; ac_make=`echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6; } SET_MAKE= else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null DEPDIR="${am__leading_dot}deps" ac_config_commands="$ac_config_commands depfiles" am_make=${MAKE-make} cat > confinc << 'END' am__doit: @echo done .PHONY: am__doit END # If we don't find an include directive, just comment out the code. { echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5 echo $ECHO_N "checking for style of include used by $am_make... $ECHO_C" >&6; } am__include="#" am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf # We grep out `Entering directory' and `Leaving directory' # messages which can occur if `w' ends up in MAKEFLAGS. # In particular we don't look at `^make:' because GNU make might # be invoked under some other name (usually "gmake"), in which # case it prints its new name instead of `make'. if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then am__include=include am__quote= _am_result=GNU fi # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then am__include=.include am__quote="\"" _am_result=BSD fi fi { echo "$as_me:$LINENO: result: $_am_result" >&5 echo "${ECHO_T}$_am_result" >&6; } rm -f confinc confmf # Check whether --enable-dependency-tracking was given. if test "${enable_dependency_tracking+set}" = set; then enableval=$enable_dependency_tracking; fi if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' fi if test "x$enable_dependency_tracking" != xno; then AMDEP_TRUE= AMDEP_FALSE='#' else AMDEP_TRUE='#' AMDEP_FALSE= fi if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." am__isrc=' -I$(srcdir)' # test to see if srcdir already configured if test -f $srcdir/config.status; then { { echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5 echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;} { (exit 1); exit 1; }; } fi fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi # Define the identity of the package. PACKAGE='nufw' VERSION='2.4.3' cat >>confdefs.h <<_ACEOF #define PACKAGE "$PACKAGE" _ACEOF cat >>confdefs.h <<_ACEOF #define VERSION "$VERSION" _ACEOF # Some tools Automake needs. ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} install_sh=${install_sh-"\$(SHELL) $am_aux_dir/install-sh"} # Installed binaries are usually stripped using `strip' when the user # run `make install-strip'. However `strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the `STRIP' environment variable to overrule this program. if test "$cross_compiling" != no; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_STRIP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then { echo "$as_me:$LINENO: result: $STRIP" >&5 echo "${ECHO_T}$STRIP" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi fi if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_STRIP="strip" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then { echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5 echo "${ECHO_T}$ac_ct_STRIP" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if test "x$ac_ct_STRIP" = x; then STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) { echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&5 echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP fi else STRIP="$ac_cv_prog_STRIP" fi fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" # We need awk for the "check" target. The system "awk" is bad on # some platforms. # Always define AMTAR for backward compatibility. AMTAR=${AMTAR-"${am_missing_run}tar"} am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -' depcc="$CC" am_compiler_list= { echo "$as_me:$LINENO: checking dependency style of $depcc" >&5 echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6; } if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named `D' -- because `-MD' means `put the output # in D'. mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. cp "$am_depcomp" conftest.dir cd conftest.dir # We will build objects and dependencies in a subdirectory because # it helps to detect inapplicable dependency modes. For instance # both Tru64's cc and ICC support -MD to output dependencies as a # side effect of compilation, but ICC will put the dependencies in # the current directory while Tru64 will put them in the object # directory. mkdir sub am_cv_CC_dependencies_compiler_type=none if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` fi for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and # we should not choose a depcomp mode which is confused by this. # # We need to recreate these files for each test, as the compiler may # overwrite some of them when testing with obscure command lines. # This happens at least with the AIX C compiler. : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with # Solaris 8's {/usr,}/bin/sh. touch sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf case $depmode in nosideeffect) # after this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; none) break ;; esac # We check with `-c' and `-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly # handle `-M -o', and we need to detect this. if depmode=$depmode \ source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. # When given -MP, icc 7.0 and 7.1 complain thusly: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported if (grep 'ignoring option' conftest.err || grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else am_cv_CC_dependencies_compiler_type=$depmode break fi fi done cd .. rm -rf conftest.dir else am_cv_CC_dependencies_compiler_type=none fi fi { echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5 echo "${ECHO_T}$am_cv_CC_dependencies_compiler_type" >&6; } CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type if test "x$enable_dependency_tracking" != xno \ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then am__fastdepCC_TRUE= am__fastdepCC_FALSE='#' else am__fastdepCC_TRUE='#' am__fastdepCC_FALSE= fi depcc="$CXX" am_compiler_list= { echo "$as_me:$LINENO: checking dependency style of $depcc" >&5 echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6; } if test "${am_cv_CXX_dependencies_compiler_type+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named `D' -- because `-MD' means `put the output # in D'. mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. cp "$am_depcomp" conftest.dir cd conftest.dir # We will build objects and dependencies in a subdirectory because # it helps to detect inapplicable dependency modes. For instance # both Tru64's cc and ICC support -MD to output dependencies as a # side effect of compilation, but ICC will put the dependencies in # the current directory while Tru64 will put them in the object # directory. mkdir sub am_cv_CXX_dependencies_compiler_type=none if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` fi for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and # we should not choose a depcomp mode which is confused by this. # # We need to recreate these files for each test, as the compiler may # overwrite some of them when testing with obscure command lines. # This happens at least with the AIX C compiler. : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with # Solaris 8's {/usr,}/bin/sh. touch sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf case $depmode in nosideeffect) # after this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; none) break ;; esac # We check with `-c' and `-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly # handle `-M -o', and we need to detect this. if depmode=$depmode \ source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. # When given -MP, icc 7.0 and 7.1 complain thusly: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported if (grep 'ignoring option' conftest.err || grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else am_cv_CXX_dependencies_compiler_type=$depmode break fi fi done cd .. rm -rf conftest.dir else am_cv_CXX_dependencies_compiler_type=none fi fi { echo "$as_me:$LINENO: result: $am_cv_CXX_dependencies_compiler_type" >&5 echo "${ECHO_T}$am_cv_CXX_dependencies_compiler_type" >&6; } CXXDEPMODE=depmode=$am_cv_CXX_dependencies_compiler_type if test "x$enable_dependency_tracking" != xno \ && test "$am_cv_CXX_dependencies_compiler_type" = gcc3; then am__fastdepCXX_TRUE= am__fastdepCXX_FALSE='#' else am__fastdepCXX_TRUE='#' am__fastdepCXX_FALSE= fi cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5 echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( *) $as_unset $ac_var ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes (double-quote # substitution turns \\\\ into \\, and sed turns \\ into \). sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then test "x$cache_file" != "x/dev/null" && { echo "$as_me:$LINENO: updating cache $cache_file" >&5 echo "$as_me: updating cache $cache_file" >&6;} cat confcache >$cache_file else { echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5 echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' ac_i=`echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext" ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs if test -z "${USE_SYSTEM_AUTH_TRUE}" && test -z "${USE_SYSTEM_AUTH_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"USE_SYSTEM_AUTH\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"USE_SYSTEM_AUTH\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${USE_LDAP_TRUE}" && test -z "${USE_LDAP_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"USE_LDAP\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"USE_LDAP\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${USE_PRELUDE_LOG_TRUE}" && test -z "${USE_PRELUDE_LOG_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"USE_PRELUDE_LOG\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"USE_PRELUDE_LOG\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${USE_MYSQL_LOG_TRUE}" && test -z "${USE_MYSQL_LOG_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"USE_MYSQL_LOG\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"USE_MYSQL_LOG\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${USE_MYSQL_AUTH_TRUE}" && test -z "${USE_MYSQL_AUTH_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"USE_MYSQL_AUTH\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"USE_MYSQL_AUTH\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${HAVE_MYSQL_CONFIG_TRUE}" && test -z "${HAVE_MYSQL_CONFIG_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"HAVE_MYSQL_CONFIG\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"HAVE_MYSQL_CONFIG\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${USE_PGSQL_LOG_TRUE}" && test -z "${USE_PGSQL_LOG_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"USE_PGSQL_LOG\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"USE_PGSQL_LOG\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${USE_PLAINTEXT_AUTH_TRUE}" && test -z "${USE_PLAINTEXT_AUTH_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"USE_PLAINTEXT_AUTH\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"USE_PLAINTEXT_AUTH\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${USE_MARK_GROUP_TRUE}" && test -z "${USE_MARK_GROUP_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"USE_MARK_GROUP\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"USE_MARK_GROUP\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${USE_MARK_FIELD_TRUE}" && test -z "${USE_MARK_FIELD_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"USE_MARK_FIELD\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"USE_MARK_FIELD\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${USE_MARK_FLAG_TRUE}" && test -z "${USE_MARK_FLAG_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"USE_MARK_FLAG\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"USE_MARK_FLAG\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${USE_SYSLOG_LOG_TRUE}" && test -z "${USE_SYSLOG_LOG_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"USE_SYSLOG_LOG\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"USE_SYSLOG_LOG\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${USE_ULOGD2_LOG_TRUE}" && test -z "${USE_ULOGD2_LOG_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"USE_ULOGD2_LOG\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"USE_ULOGD2_LOG\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${BUILD_NUFW_TRUE}" && test -z "${BUILD_NUFW_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"BUILD_NUFW\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"BUILD_NUFW\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${BUILD_NUAUTH_TRUE}" && test -z "${BUILD_NUAUTH_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"BUILD_NUAUTH\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"BUILD_NUAUTH\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${BUILD_NUTCPC_TRUE}" && test -z "${BUILD_NUTCPC_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"BUILD_NUTCPC\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"BUILD_NUTCPC\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${BUILD_LIBNUCLIENT_TRUE}" && test -z "${BUILD_LIBNUCLIENT_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"BUILD_LIBNUCLIENT\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"BUILD_LIBNUCLIENT\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${BUILD_PAM_NUFW_TRUE}" && test -z "${BUILD_PAM_NUFW_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"BUILD_PAM_NUFW\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"BUILD_PAM_NUFW\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${BUILD_NUAUTH_COMMAND_TRUE}" && test -z "${BUILD_NUAUTH_COMMAND_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"BUILD_NUAUTH_COMMAND\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"BUILD_NUAUTH_COMMAND\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${HAVE_IPQ_TRUE}" && test -z "${HAVE_IPQ_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"HAVE_IPQ\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"HAVE_IPQ\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${USE_USER_MARK_TRUE}" && test -z "${USE_USER_MARK_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"USE_USER_MARK\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"USE_USER_MARK\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${HAVE_NFQUEUE_ONLY_TRUE}" && test -z "${HAVE_NFQUEUE_ONLY_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"HAVE_NFQUEUE_ONLY\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"HAVE_NFQUEUE_ONLY\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${HAVE_NFQUEUE_CONNTRACK_TRUE}" && test -z "${HAVE_NFQUEUE_CONNTRACK_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"HAVE_NFQUEUE_CONNTRACK\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"HAVE_NFQUEUE_CONNTRACK\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${HAVE_CONNTRACK_ONLY_TRUE}" && test -z "${HAVE_CONNTRACK_ONLY_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"HAVE_CONNTRACK_ONLY\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"HAVE_CONNTRACK_ONLY\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${USE_OPENSSL_TRUE}" && test -z "${USE_OPENSSL_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"USE_OPENSSL\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"USE_OPENSSL\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${USE_GNUTLS_TRUE}" && test -z "${USE_GNUTLS_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"USE_GNUTLS\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"USE_GNUTLS\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"am__fastdepCC\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCXX\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"am__fastdepCXX\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi : ${CONFIG_STATUS=./config.status} ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 echo "$as_me: creating $CONFIG_STATUS" >&6;} cat >$CONFIG_STATUS <<_ACEOF #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF ## --------------------- ## ## M4sh Initialization. ## ## --------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi # PATH needs CR # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then echo "#! /bin/sh" >conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi # Support unset when possible. if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then as_unset=unset else as_unset=false fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) as_nl=' ' IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. case $0 in *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 { (exit 1); exit 1; } fi # Work around bugs in pre-3.0 UWIN ksh. for as_var in ENV MAIL MAILPATH do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. for as_var in \ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ LC_TELEPHONE LC_TIME do if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then eval $as_var=C; export $as_var else ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var fi done # Required to use basename. if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi # Name of the executable. as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # CDPATH. $as_unset CDPATH as_lineno_1=$LINENO as_lineno_2=$LINENO test "x$as_lineno_1" != "x$as_lineno_2" && test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { # Create $as_me.lineno as a copy of $as_myself, but with $LINENO # uniformly replaced by the line number. The first 'sed' inserts a # line-number line after each line using $LINENO; the second 'sed' # does the real work. The second script uses 'N' to pair each # line-number line with the line containing $LINENO, and appends # trailing '-' during substitution so that $LINENO is not a special # case at line end. # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the # scripts with optimization help from Paolo Bonzini. Blame Lee # E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 { (exit 1); exit 1; }; } # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in -n*) case `echo 'x\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. *) ECHO_C='\c';; esac;; *) ECHO_N='-n';; esac if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir fi echo >conf$$.file if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -p'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -p' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p=: else test -d ./-p && rmdir ./-p as_mkdir_p=false fi if test -x / >/dev/null 2>&1; then as_test_x='test -x' else if ls -dL / >/dev/null 2>&1; then as_ls_L_option=L else as_ls_L_option= fi as_test_x=' eval sh -c '\'' if test -d "$1"; then test -d "$1/."; else case $1 in -*)set "./$1";; esac; case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in ???[sx]*):;;*)false;;esac;fi '\'' sh ' fi as_executable_p=$as_test_x # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 # Save the log message, to keep $[0] and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by NuFW $as_me 2.4.3, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ on `(hostname || uname -n) 2>/dev/null | sed 1q` " _ACEOF cat >>$CONFIG_STATUS <<_ACEOF # Files that config.status was made for. config_files="$ac_config_files" config_headers="$ac_config_headers" config_commands="$ac_config_commands" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF ac_cs_usage="\ \`$as_me' instantiates files from templates according to the current configuration. Usage: $0 [OPTIONS] [FILE]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit -q, --quiet do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE --header=FILE[:TEMPLATE] instantiate the configuration header FILE Configuration files: $config_files Configuration headers: $config_headers Configuration commands: $config_commands Report bugs to ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ NuFW config.status 2.4.3 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" Copyright (C) 2006 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' INSTALL='$INSTALL' MKDIR_P='$MKDIR_P' _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF # If no file are specified by the user, then we need to provide default # value. By we need to know if files were specified by the user. ac_need_defaults=: while test $# != 0 do case $1 in --*=*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; *) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; esac case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) echo "$ac_cs_version"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift CONFIG_FILES="$CONFIG_FILES $ac_optarg" ac_need_defaults=false;; --header | --heade | --head | --hea ) $ac_shift CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg" ac_need_defaults=false;; --he | --h) # Conflict between --help and --header { echo "$as_me: error: ambiguous option: $1 Try \`$0 --help' for more information." >&2 { (exit 1); exit 1; }; };; --help | --hel | -h ) echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) { echo "$as_me: error: unrecognized option: $1 Try \`$0 --help' for more information." >&2 { (exit 1); exit 1; }; } ;; *) ac_config_targets="$ac_config_targets $1" ac_need_defaults=false ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF if \$ac_cs_recheck; then echo "running CONFIG_SHELL=$SHELL $SHELL $0 "$ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 CONFIG_SHELL=$SHELL export CONFIG_SHELL exec $SHELL "$0"$ac_configure_args \$ac_configure_extra_args --no-create --no-recursion fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX echo "$ac_log" } >&5 _ACEOF cat >>$CONFIG_STATUS <<_ACEOF # # INIT-COMMANDS # AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "src/include/config.h") CONFIG_HEADERS="$CONFIG_HEADERS src/include/config.h" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; "conf/Makefile") CONFIG_FILES="$CONFIG_FILES conf/Makefile" ;; "python/Makefile") CONFIG_FILES="$CONFIG_FILES python/Makefile" ;; "selinux/Makefile") CONFIG_FILES="$CONFIG_FILES selinux/Makefile" ;; "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "src/include/Makefile") CONFIG_FILES="$CONFIG_FILES src/include/Makefile" ;; "src/libs/Makefile") CONFIG_FILES="$CONFIG_FILES src/libs/Makefile" ;; "src/libs/nubase/Makefile") CONFIG_FILES="$CONFIG_FILES src/libs/nubase/Makefile" ;; "src/libs/nuconfparser/Makefile") CONFIG_FILES="$CONFIG_FILES src/libs/nuconfparser/Makefile" ;; "src/libs/nussl/Makefile") CONFIG_FILES="$CONFIG_FILES src/libs/nussl/Makefile" ;; "src/libs/nussl/libnussl.pc") CONFIG_FILES="$CONFIG_FILES src/libs/nussl/libnussl.pc" ;; "src/nuauth/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/Makefile" ;; "src/nuauth/modules/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/Makefile" ;; "src/nuauth/modules/ldap/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/ldap/Makefile" ;; "src/nuauth/modules/plaintext/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/plaintext/Makefile" ;; "src/nuauth/modules/mark_group/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/mark_group/Makefile" ;; "src/nuauth/modules/mark_field/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/mark_field/Makefile" ;; "src/nuauth/modules/mark_flag/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/mark_flag/Makefile" ;; "src/nuauth/modules/system/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/system/Makefile" ;; "src/nuauth/modules/log_pgsql/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/log_pgsql/Makefile" ;; "src/nuauth/modules/log_mysql/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/log_mysql/Makefile" ;; "src/nuauth/modules/log_nuprelude/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/log_nuprelude/Makefile" ;; "src/nuauth/modules/log_syslog/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/log_syslog/Makefile" ;; "src/nuauth/modules/log_script/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/log_script/Makefile" ;; "src/nuauth/modules/log_ulogd2/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/log_ulogd2/Makefile" ;; "src/nuauth/modules/xml_defs/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/xml_defs/Makefile" ;; "src/nuauth/modules/x509_std/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/x509_std/Makefile" ;; "src/nuauth/modules/mark_uid/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/mark_uid/Makefile" ;; "src/nuauth/modules/session_expire/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/session_expire/Makefile" ;; "src/nuauth/modules/session_authtype/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/session_authtype/Makefile" ;; "src/nuauth/modules/ipauth_guest/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/ipauth_guest/Makefile" ;; "src/nuauth/modules/auth_mysql/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/auth_mysql/Makefile" ;; "src/nuauth/modules/postauth_localuser/Makefile") CONFIG_FILES="$CONFIG_FILES src/nuauth/modules/postauth_localuser/Makefile" ;; "src/clients/Makefile") CONFIG_FILES="$CONFIG_FILES src/clients/Makefile" ;; "src/clients/lib/Makefile") CONFIG_FILES="$CONFIG_FILES src/clients/lib/Makefile" ;; "src/clients/lib/libnuclient.pc") CONFIG_FILES="$CONFIG_FILES src/clients/lib/libnuclient.pc" ;; "src/clients/lib/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/clients/lib/tests/Makefile" ;; "src/clients/lib/plugins/Makefile") CONFIG_FILES="$CONFIG_FILES src/clients/lib/plugins/Makefile" ;; "src/clients/lib/plugins/luser/Makefile") CONFIG_FILES="$CONFIG_FILES src/clients/lib/plugins/luser/Makefile" ;; "src/clients/nutcpc/Makefile") CONFIG_FILES="$CONFIG_FILES src/clients/nutcpc/Makefile" ;; "src/clients/pam_nufw/Makefile") CONFIG_FILES="$CONFIG_FILES src/clients/pam_nufw/Makefile" ;; "src/nufw/Makefile") CONFIG_FILES="$CONFIG_FILES src/nufw/Makefile" ;; "scripts/Makefile") CONFIG_FILES="$CONFIG_FILES scripts/Makefile" ;; "scripts/nuauth_command/Makefile") CONFIG_FILES="$CONFIG_FILES scripts/nuauth_command/Makefile" ;; "scripts/nuauth_command/scripts/Makefile") CONFIG_FILES="$CONFIG_FILES scripts/nuauth_command/scripts/Makefile" ;; "scripts/nuauth_command/scripts/nuauth_command") CONFIG_FILES="$CONFIG_FILES scripts/nuauth_command/scripts/nuauth_command" ;; "scripts/nuauth_command/nuauth_command/Makefile") CONFIG_FILES="$CONFIG_FILES scripts/nuauth_command/nuauth_command/Makefile" ;; "scripts/auth_mysql/Makefile") CONFIG_FILES="$CONFIG_FILES scripts/auth_mysql/Makefile" ;; "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile" ;; "tests/inl_tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/inl_tests/Makefile" ;; "tests/pki/Makefile") CONFIG_FILES="$CONFIG_FILES tests/pki/Makefile" ;; "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 echo "$as_me: error: invalid argument: $ac_config_target" >&2;} { (exit 1); exit 1; }; };; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: # after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= trap 'exit_status=$? { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status ' 0 trap '{ (exit 1); exit 1; }' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") } || { echo "$me: cannot create a temporary directory in ." >&2 { (exit 1); exit 1; } } # # Set up the sed scripts for CONFIG_FILES section. # # No need to generate the scripts if there are no CONFIG_FILES. # This happens for instance when ./config.status config.h if test -n "$CONFIG_FILES"; then _ACEOF ac_delim='%!_!# ' for ac_last_try in false false false false false :; do cat >conf$$subs.sed <<_ACEOF SHELL!$SHELL$ac_delim PATH_SEPARATOR!$PATH_SEPARATOR$ac_delim PACKAGE_NAME!$PACKAGE_NAME$ac_delim PACKAGE_TARNAME!$PACKAGE_TARNAME$ac_delim PACKAGE_VERSION!$PACKAGE_VERSION$ac_delim PACKAGE_STRING!$PACKAGE_STRING$ac_delim PACKAGE_BUGREPORT!$PACKAGE_BUGREPORT$ac_delim exec_prefix!$exec_prefix$ac_delim prefix!$prefix$ac_delim program_transform_name!$program_transform_name$ac_delim bindir!$bindir$ac_delim sbindir!$sbindir$ac_delim libexecdir!$libexecdir$ac_delim datarootdir!$datarootdir$ac_delim datadir!$datadir$ac_delim sysconfdir!$sysconfdir$ac_delim sharedstatedir!$sharedstatedir$ac_delim localstatedir!$localstatedir$ac_delim includedir!$includedir$ac_delim oldincludedir!$oldincludedir$ac_delim docdir!$docdir$ac_delim infodir!$infodir$ac_delim htmldir!$htmldir$ac_delim dvidir!$dvidir$ac_delim pdfdir!$pdfdir$ac_delim psdir!$psdir$ac_delim libdir!$libdir$ac_delim localedir!$localedir$ac_delim mandir!$mandir$ac_delim DEFS!$DEFS$ac_delim ECHO_C!$ECHO_C$ac_delim ECHO_N!$ECHO_N$ac_delim ECHO_T!$ECHO_T$ac_delim LIBS!$LIBS$ac_delim build_alias!$build_alias$ac_delim host_alias!$host_alias$ac_delim target_alias!$target_alias$ac_delim CC!$CC$ac_delim CFLAGS!$CFLAGS$ac_delim LDFLAGS!$LDFLAGS$ac_delim CPPFLAGS!$CPPFLAGS$ac_delim ac_ct_CC!$ac_ct_CC$ac_delim EXEEXT!$EXEEXT$ac_delim OBJEXT!$OBJEXT$ac_delim LEX!$LEX$ac_delim LEX_OUTPUT_ROOT!$LEX_OUTPUT_ROOT$ac_delim LEXLIB!$LEXLIB$ac_delim FLEX!$FLEX$ac_delim YACC!$YACC$ac_delim YFLAGS!$YFLAGS$ac_delim build!$build$ac_delim build_cpu!$build_cpu$ac_delim build_vendor!$build_vendor$ac_delim build_os!$build_os$ac_delim host!$host$ac_delim host_cpu!$host_cpu$ac_delim host_vendor!$host_vendor$ac_delim host_os!$host_os$ac_delim SED!$SED$ac_delim GREP!$GREP$ac_delim EGREP!$EGREP$ac_delim LN_S!$LN_S$ac_delim ECHO!$ECHO$ac_delim AR!$AR$ac_delim RANLIB!$RANLIB$ac_delim STRIP!$STRIP$ac_delim DSYMUTIL!$DSYMUTIL$ac_delim NMEDIT!$NMEDIT$ac_delim CPP!$CPP$ac_delim CXX!$CXX$ac_delim CXXFLAGS!$CXXFLAGS$ac_delim ac_ct_CXX!$ac_ct_CXX$ac_delim CXXCPP!$CXXCPP$ac_delim F77!$F77$ac_delim FFLAGS!$FFLAGS$ac_delim ac_ct_F77!$ac_ct_F77$ac_delim LIBTOOL!$LIBTOOL$ac_delim INSTALL_PROGRAM!$INSTALL_PROGRAM$ac_delim INSTALL_SCRIPT!$INSTALL_SCRIPT$ac_delim INSTALL_DATA!$INSTALL_DATA$ac_delim DOCBOOK2MAN!$DOCBOOK2MAN$ac_delim DOCBOOK2PDF!$DOCBOOK2PDF$ac_delim LIBOBJS!$LIBOBJS$ac_delim PKG_CONFIG!$PKG_CONFIG$ac_delim OPENSSL_CFLAGS!$OPENSSL_CFLAGS$ac_delim OPENSSL_LIBS!$OPENSSL_LIBS$ac_delim LIBGCRYPT_CONFIG!$LIBGCRYPT_CONFIG$ac_delim LIBGCRYPT_CFLAGS!$LIBGCRYPT_CFLAGS$ac_delim LIBGCRYPT_LIBS!$LIBGCRYPT_LIBS$ac_delim GNUTLS_CFLAGS!$GNUTLS_CFLAGS$ac_delim GNUTLS_LIBS!$GNUTLS_LIBS$ac_delim PYTHON!$PYTHON$ac_delim e_localstatedir!$e_localstatedir$ac_delim GLIB_CFLAGS!$GLIB_CFLAGS$ac_delim GLIB_LIBS!$GLIB_LIBS$ac_delim GLIB_GENMARSHAL!$GLIB_GENMARSHAL$ac_delim GOBJECT_QUERY!$GOBJECT_QUERY$ac_delim _ACEOF if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} { (exit 1); exit 1; }; } else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed` if test -n "$ac_eof"; then ac_eof=`echo "$ac_eof" | sort -nru | sed 1q` ac_eof=`expr $ac_eof + 1` fi cat >>$CONFIG_STATUS <<_ACEOF cat >"\$tmp/subs-1.sed" <<\CEOF$ac_eof /@[a-zA-Z_][a-zA-Z_0-9]*@/!b _ACEOF sed ' s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g s/^/s,@/; s/!/@,|#_!!_#|/ :n t n s/'"$ac_delim"'$/,g/; t s/$/\\/; p N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n ' >>$CONFIG_STATUS >$CONFIG_STATUS <<_ACEOF CEOF$ac_eof _ACEOF ac_delim='%!_!# ' for ac_last_try in false false false false false :; do cat >conf$$subs.sed <<_ACEOF GLIB_MKENUMS!$GLIB_MKENUMS$ac_delim USE_SYSTEM_AUTH_TRUE!$USE_SYSTEM_AUTH_TRUE$ac_delim USE_SYSTEM_AUTH_FALSE!$USE_SYSTEM_AUTH_FALSE$ac_delim USE_LDAP_TRUE!$USE_LDAP_TRUE$ac_delim USE_LDAP_FALSE!$USE_LDAP_FALSE$ac_delim USE_PRELUDE_LOG_TRUE!$USE_PRELUDE_LOG_TRUE$ac_delim USE_PRELUDE_LOG_FALSE!$USE_PRELUDE_LOG_FALSE$ac_delim USE_MYSQL_LOG_TRUE!$USE_MYSQL_LOG_TRUE$ac_delim USE_MYSQL_LOG_FALSE!$USE_MYSQL_LOG_FALSE$ac_delim USE_MYSQL_AUTH_TRUE!$USE_MYSQL_AUTH_TRUE$ac_delim USE_MYSQL_AUTH_FALSE!$USE_MYSQL_AUTH_FALSE$ac_delim HAVE_MYSQL_CONFIG_TRUE!$HAVE_MYSQL_CONFIG_TRUE$ac_delim HAVE_MYSQL_CONFIG_FALSE!$HAVE_MYSQL_CONFIG_FALSE$ac_delim USE_PGSQL_LOG_TRUE!$USE_PGSQL_LOG_TRUE$ac_delim USE_PGSQL_LOG_FALSE!$USE_PGSQL_LOG_FALSE$ac_delim USE_PLAINTEXT_AUTH_TRUE!$USE_PLAINTEXT_AUTH_TRUE$ac_delim USE_PLAINTEXT_AUTH_FALSE!$USE_PLAINTEXT_AUTH_FALSE$ac_delim USE_MARK_GROUP_TRUE!$USE_MARK_GROUP_TRUE$ac_delim USE_MARK_GROUP_FALSE!$USE_MARK_GROUP_FALSE$ac_delim USE_MARK_FIELD_TRUE!$USE_MARK_FIELD_TRUE$ac_delim USE_MARK_FIELD_FALSE!$USE_MARK_FIELD_FALSE$ac_delim USE_MARK_FLAG_TRUE!$USE_MARK_FLAG_TRUE$ac_delim USE_MARK_FLAG_FALSE!$USE_MARK_FLAG_FALSE$ac_delim USE_SYSLOG_LOG_TRUE!$USE_SYSLOG_LOG_TRUE$ac_delim USE_SYSLOG_LOG_FALSE!$USE_SYSLOG_LOG_FALSE$ac_delim USE_ULOGD2_LOG_TRUE!$USE_ULOGD2_LOG_TRUE$ac_delim USE_ULOGD2_LOG_FALSE!$USE_ULOGD2_LOG_FALSE$ac_delim BUILD_NUFW_TRUE!$BUILD_NUFW_TRUE$ac_delim BUILD_NUFW_FALSE!$BUILD_NUFW_FALSE$ac_delim BUILD_NUAUTH_TRUE!$BUILD_NUAUTH_TRUE$ac_delim BUILD_NUAUTH_FALSE!$BUILD_NUAUTH_FALSE$ac_delim BUILD_NUTCPC_TRUE!$BUILD_NUTCPC_TRUE$ac_delim BUILD_NUTCPC_FALSE!$BUILD_NUTCPC_FALSE$ac_delim BUILD_LIBNUCLIENT_TRUE!$BUILD_LIBNUCLIENT_TRUE$ac_delim BUILD_LIBNUCLIENT_FALSE!$BUILD_LIBNUCLIENT_FALSE$ac_delim BUILD_PAM_NUFW_TRUE!$BUILD_PAM_NUFW_TRUE$ac_delim BUILD_PAM_NUFW_FALSE!$BUILD_PAM_NUFW_FALSE$ac_delim BUILD_NUAUTH_COMMAND_TRUE!$BUILD_NUAUTH_COMMAND_TRUE$ac_delim BUILD_NUAUTH_COMMAND_FALSE!$BUILD_NUAUTH_COMMAND_FALSE$ac_delim HAVE_IPQ_TRUE!$HAVE_IPQ_TRUE$ac_delim HAVE_IPQ_FALSE!$HAVE_IPQ_FALSE$ac_delim USE_USER_MARK_TRUE!$USE_USER_MARK_TRUE$ac_delim USE_USER_MARK_FALSE!$USE_USER_MARK_FALSE$ac_delim HAVE_NFQUEUE_ONLY_TRUE!$HAVE_NFQUEUE_ONLY_TRUE$ac_delim HAVE_NFQUEUE_ONLY_FALSE!$HAVE_NFQUEUE_ONLY_FALSE$ac_delim HAVE_NFQUEUE_CONNTRACK_TRUE!$HAVE_NFQUEUE_CONNTRACK_TRUE$ac_delim HAVE_NFQUEUE_CONNTRACK_FALSE!$HAVE_NFQUEUE_CONNTRACK_FALSE$ac_delim HAVE_CONNTRACK_ONLY_TRUE!$HAVE_CONNTRACK_ONLY_TRUE$ac_delim HAVE_CONNTRACK_ONLY_FALSE!$HAVE_CONNTRACK_ONLY_FALSE$ac_delim USE_OPENSSL_TRUE!$USE_OPENSSL_TRUE$ac_delim USE_OPENSSL_FALSE!$USE_OPENSSL_FALSE$ac_delim USE_GNUTLS_TRUE!$USE_GNUTLS_TRUE$ac_delim USE_GNUTLS_FALSE!$USE_GNUTLS_FALSE$ac_delim am__isrc!$am__isrc$ac_delim CYGPATH_W!$CYGPATH_W$ac_delim PACKAGE!$PACKAGE$ac_delim VERSION!$VERSION$ac_delim ACLOCAL!$ACLOCAL$ac_delim AUTOCONF!$AUTOCONF$ac_delim AUTOMAKE!$AUTOMAKE$ac_delim AUTOHEADER!$AUTOHEADER$ac_delim MAKEINFO!$MAKEINFO$ac_delim install_sh!$install_sh$ac_delim INSTALL_STRIP_PROGRAM!$INSTALL_STRIP_PROGRAM$ac_delim mkdir_p!$mkdir_p$ac_delim AWK!$AWK$ac_delim SET_MAKE!$SET_MAKE$ac_delim am__leading_dot!$am__leading_dot$ac_delim AMTAR!$AMTAR$ac_delim am__tar!$am__tar$ac_delim am__untar!$am__untar$ac_delim DEPDIR!$DEPDIR$ac_delim am__include!$am__include$ac_delim am__quote!$am__quote$ac_delim AMDEP_TRUE!$AMDEP_TRUE$ac_delim AMDEP_FALSE!$AMDEP_FALSE$ac_delim AMDEPBACKSLASH!$AMDEPBACKSLASH$ac_delim CCDEPMODE!$CCDEPMODE$ac_delim am__fastdepCC_TRUE!$am__fastdepCC_TRUE$ac_delim am__fastdepCC_FALSE!$am__fastdepCC_FALSE$ac_delim CXXDEPMODE!$CXXDEPMODE$ac_delim am__fastdepCXX_TRUE!$am__fastdepCXX_TRUE$ac_delim am__fastdepCXX_FALSE!$am__fastdepCXX_FALSE$ac_delim LTLIBOBJS!$LTLIBOBJS$ac_delim _ACEOF if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 84; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} { (exit 1); exit 1; }; } else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed` if test -n "$ac_eof"; then ac_eof=`echo "$ac_eof" | sort -nru | sed 1q` ac_eof=`expr $ac_eof + 1` fi cat >>$CONFIG_STATUS <<_ACEOF cat >"\$tmp/subs-2.sed" <<\CEOF$ac_eof /@[a-zA-Z_][a-zA-Z_0-9]*@/!b end _ACEOF sed ' s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g s/^/s,@/; s/!/@,|#_!!_#|/ :n t n s/'"$ac_delim"'$/,g/; t s/$/\\/; p N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n ' >>$CONFIG_STATUS >$CONFIG_STATUS <<_ACEOF :end s/|#_!!_#|//g CEOF$ac_eof _ACEOF # VPATH may cause trouble with some makes, so we remove $(srcdir), # ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=/{ s/:*\$(srcdir):*/:/ s/:*\${srcdir}:*/:/ s/:*@srcdir@:*/:/ s/^\([^=]*=[ ]*\):*/\1/ s/:*$// s/^[^=]*=[ ]*$// }' fi cat >>$CONFIG_STATUS <<\_ACEOF fi # test -n "$CONFIG_FILES" for ac_tag in :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; :L* | :C*:*) { { echo "$as_me:$LINENO: error: Invalid tag $ac_tag." >&5 echo "$as_me: error: Invalid tag $ac_tag." >&2;} { (exit 1); exit 1; }; };; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: set x $ac_tag IFS=$ac_save_IFS shift ac_file=$1 shift case $ac_mode in :L) ac_source=$1;; :[FH]) ac_file_inputs= for ac_f do case $ac_f in -) ac_f="$tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || { { echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5 echo "$as_me: error: cannot find input file: $ac_f" >&2;} { (exit 1); exit 1; }; };; esac ac_file_inputs="$ac_file_inputs $ac_f" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input="Generated from "`IFS=: echo $* | sed 's|^[^:]*/||;s|:[^:]*/|, |g'`" by configure." if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" { echo "$as_me:$LINENO: creating $ac_file" >&5 echo "$as_me: creating $ac_file" >&6;} fi case $ac_tag in *:-:* | *:-) cat >"$tmp/stdin";; esac ;; esac ac_dir=`$as_dirname -- "$ac_file" || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` { as_dir="$ac_dir" case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || { { echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5 echo "$as_me: error: cannot create directory $as_dir" >&2;} { (exit 1); exit 1; }; }; } ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix case $ac_mode in :F) # # CONFIG_FILE # case $INSTALL in [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; esac ac_MKDIR_P=$MKDIR_P case $MKDIR_P in [\\/$]* | ?:[\\/]* ) ;; */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; esac _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= case `sed -n '/datarootdir/ { p q } /@datadir@/p /@docdir@/p /@infodir@/p /@localedir@/p /@mandir@/p ' $ac_file_inputs` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) { echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF sed "$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s&@configure_input@&$configure_input&;t t s&@top_builddir@&$ac_top_builddir_sub&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t s&@INSTALL@&$ac_INSTALL&;t t s&@MKDIR_P@&$ac_MKDIR_P&;t t $ac_datarootdir_hack " $ac_file_inputs | sed -f "$tmp/subs-1.sed" | sed -f "$tmp/subs-2.sed" >$tmp/out test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } && { echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined." >&5 echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined." >&2;} rm -f "$tmp/stdin" case $ac_file in -) cat "$tmp/out"; rm -f "$tmp/out";; *) rm -f "$ac_file"; mv "$tmp/out" $ac_file;; esac ;; :H) # # CONFIG_HEADER # _ACEOF # Transform confdefs.h into a sed script `conftest.defines', that # substitutes the proper values into config.h.in to produce config.h. rm -f conftest.defines conftest.tail # First, append a space to every undef/define line, to ease matching. echo 's/$/ /' >conftest.defines # Then, protect against being on the right side of a sed subst, or in # an unquoted here document, in config.status. If some macros were # called several times there might be several #defines for the same # symbol, which is useless. But do not sort them, since the last # AC_DEFINE must be honored. ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* # These sed commands are passed to sed as "A NAME B PARAMS C VALUE D", where # NAME is the cpp macro being defined, VALUE is the value it is being given. # PARAMS is the parameter list in the macro definition--in most cases, it's # just an empty string. ac_dA='s,^\\([ #]*\\)[^ ]*\\([ ]*' ac_dB='\\)[ (].*,\\1define\\2' ac_dC=' ' ac_dD=' ,' uniq confdefs.h | sed -n ' t rset :rset s/^[ ]*#[ ]*define[ ][ ]*// t ok d :ok s/[\\&,]/\\&/g s/^\('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/ '"$ac_dA"'\1'"$ac_dB"'\2'"${ac_dC}"'\3'"$ac_dD"'/p s/^\('"$ac_word_re"'\)[ ]*\(.*\)/'"$ac_dA"'\1'"$ac_dB$ac_dC"'\2'"$ac_dD"'/p ' >>conftest.defines # Remove the space that was appended to ease matching. # Then replace #undef with comments. This is necessary, for # example, in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. # (The regexp can be short, since the line contains either #define or #undef.) echo 's/ $// s,^[ #]*u.*,/* & */,' >>conftest.defines # Break up conftest.defines: ac_max_sed_lines=50 # First sed command is: sed -f defines.sed $ac_file_inputs >"$tmp/out1" # Second one is: sed -f defines.sed "$tmp/out1" >"$tmp/out2" # Third one will be: sed -f defines.sed "$tmp/out2" >"$tmp/out1" # et cetera. ac_in='$ac_file_inputs' ac_out='"$tmp/out1"' ac_nxt='"$tmp/out2"' while : do # Write a here document: cat >>$CONFIG_STATUS <<_ACEOF # First, check the format of the line: cat >"\$tmp/defines.sed" <<\\CEOF /^[ ]*#[ ]*undef[ ][ ]*$ac_word_re[ ]*\$/b def /^[ ]*#[ ]*define[ ][ ]*$ac_word_re[( ]/b def b :def _ACEOF sed ${ac_max_sed_lines}q conftest.defines >>$CONFIG_STATUS echo 'CEOF sed -f "$tmp/defines.sed"' "$ac_in >$ac_out" >>$CONFIG_STATUS ac_in=$ac_out; ac_out=$ac_nxt; ac_nxt=$ac_in sed 1,${ac_max_sed_lines}d conftest.defines >conftest.tail grep . conftest.tail >/dev/null || break rm -f conftest.defines mv conftest.tail conftest.defines done rm -f conftest.defines conftest.tail echo "ac_result=$ac_in" >>$CONFIG_STATUS cat >>$CONFIG_STATUS <<\_ACEOF if test x"$ac_file" != x-; then echo "/* $configure_input */" >"$tmp/config.h" cat "$ac_result" >>"$tmp/config.h" if diff $ac_file "$tmp/config.h" >/dev/null 2>&1; then { echo "$as_me:$LINENO: $ac_file is unchanged" >&5 echo "$as_me: $ac_file is unchanged" >&6;} else rm -f $ac_file mv "$tmp/config.h" $ac_file fi else echo "/* $configure_input */" cat "$ac_result" fi rm -f "$tmp/out12" # Compute $ac_file's index in $config_headers. _am_arg=$ac_file _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in $_am_arg | $_am_arg:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || $as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$_am_arg" : 'X\(//\)[^/]' \| \ X"$_am_arg" : 'X\(//\)$' \| \ X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || echo X"$_am_arg" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'`/stamp-h$_am_stamp_count ;; :C) { echo "$as_me:$LINENO: executing $ac_file commands" >&5 echo "$as_me: executing $ac_file commands" >&6;} ;; esac case $ac_file$ac_mode in "depfiles":C) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. # We used to match only the files named `Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. # Grep'ing the whole file is not good either: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then dirpart=`$as_dirname -- "$mf" || $as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$mf" : 'X\(//\)[^/]' \| \ X"$mf" : 'X\(//\)$' \| \ X"$mf" : 'X\(/\)' \| . 2>/dev/null || echo X"$mf" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` else continue fi # Extract the definition of DEPDIR, am__include, and am__quote # from the Makefile without running `make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` test -z "am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` # When using ansi2knr, U may be empty or an underscore; expand it U=`sed -n 's/^U = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`$as_dirname -- "$file" || $as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$file" : 'X\(//\)[^/]' \| \ X"$file" : 'X\(//\)$' \| \ X"$file" : 'X\(/\)' \| . 2>/dev/null || echo X"$file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` { as_dir=$dirpart/$fdir case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || { { echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5 echo "$as_me: error: cannot create directory $as_dir" >&2;} { (exit 1); exit 1; }; }; } # echo "creating $dirpart/$file" echo '# dummy' > "$dirpart/$file" done done ;; esac done # for ac_tag { (exit 0); exit 0; } _ACEOF chmod +x $CONFIG_STATUS ac_clean_files=$ac_clean_files_save # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || { (exit 1); exit 1; } fi { echo "$as_me:$LINENO: result: Configuration complete " >&5 echo "${ECHO_T} Configuration complete " >&6; } if test "$debug"; then { echo "$as_me:$LINENO: result: * Compiling with developement DEBUG support" >&5 echo "${ECHO_T}* Compiling with developement DEBUG support" >&6; } fi if test "${build_openssl}" != "no"; then { echo "$as_me:$LINENO: result: * Compiling with OpenSSL" >&5 echo "${ECHO_T}* Compiling with OpenSSL" >&6; } else { echo "$as_me:$LINENO: result: * Compiling with GnuTLS" >&5 echo "${ECHO_T}* Compiling with GnuTLS" >&6; } fi if test "${build_nuauth}" = "yes"; then { echo "$as_me:$LINENO: result: * Compiling NuAuth" >&5 echo "${ECHO_T}* Compiling NuAuth" >&6; } if test "$enable_system_auth" = "yes"; then { echo "$as_me:$LINENO: result: - NuAuth: compile auth module system" >&5 echo "${ECHO_T} - NuAuth: compile auth module system" >&6; } fi if test "${ldap}" = "yes"; then { echo "$as_me:$LINENO: result: - NuAuth: compile module ldap" >&5 echo "${ECHO_T} - NuAuth: compile module ldap" >&6; } fi if test "${enable_prelude_log}" = "yes"; then { echo "$as_me:$LINENO: result: - NuAuth: compile log module prelude" >&5 echo "${ECHO_T} - NuAuth: compile log module prelude" >&6; } fi if test "${enable_mysql_log}" = "yes"; then { echo "$as_me:$LINENO: result: - NuAuth: compile log module mysql" >&5 echo "${ECHO_T} - NuAuth: compile log module mysql" >&6; } fi if test "${enable_mysql_auth}" = "yes"; then { echo "$as_me:$LINENO: result: - NuAuth: compile authentication module mysql" >&5 echo "${ECHO_T} - NuAuth: compile authentication module mysql" >&6; } fi if test "${enable_pgsql_log}" = "yes"; then { echo "$as_me:$LINENO: result: - NuAuth: compile log module pgsql" >&5 echo "${ECHO_T} - NuAuth: compile log module pgsql" >&6; } fi if test "${enable_syslog_log}" = "yes"; then { echo "$as_me:$LINENO: result: - NuAuth: compile syslog log module" >&5 echo "${ECHO_T} - NuAuth: compile syslog log module" >&6; } fi if test "${enable_ulogd2_log}" = "yes"; then { echo "$as_me:$LINENO: result: - NuAuth: compile ulogd2 log module" >&5 echo "${ECHO_T} - NuAuth: compile ulogd2 log module" >&6; } fi if test "${enable_plaintext_auth}" = "yes"; then { echo "$as_me:$LINENO: result: - NuAuth: compile plaintext auth module" >&5 echo "${ECHO_T} - NuAuth: compile plaintext auth module" >&6; } fi if test "${enable_mark_group}" = "yes"; then { echo "$as_me:$LINENO: result: - NuAuth: compile mark group module" >&5 echo "${ECHO_T} - NuAuth: compile mark group module" >&6; } fi if test "${enable_mark_field}" = "yes"; then { echo "$as_me:$LINENO: result: - NuAuth: compile mark field module" >&5 echo "${ECHO_T} - NuAuth: compile mark field module" >&6; } fi if test "${enable_mark_flag}" = "yes"; then { echo "$as_me:$LINENO: result: - NuAuth: compile mark flag module" >&5 echo "${ECHO_T} - NuAuth: compile mark flag module" >&6; } fi fi if test "${build_nufw}" = "yes"; then { echo "$as_me:$LINENO: result: * Compiling NuFW" >&5 echo "${ECHO_T}* Compiling NuFW" >&6; } if test "${have_conntrack}" = "yes"; then { echo "$as_me:$LINENO: result: - NuFW: libnetfilter_conntrack support" >&5 echo "${ECHO_T} - NuFW: libnetfilter_conntrack support" >&6; } fi if test "${have_nfqueue}" = "yes"; then { echo "$as_me:$LINENO: result: - NuFW: libnetfilter_queue support" >&5 echo "${ECHO_T} - NuFW: libnetfilter_queue support" >&6; } else if test "${have_ipq}" = "yes"; then { echo "$as_me:$LINENO: result: - NuFW: libipq support" >&5 echo "${ECHO_T} - NuFW: libipq support" >&6; } if test "$enable_user_mark" = "yes"; then { echo "$as_me:$LINENO: result: - NuFW: User mark support" >&5 echo "${ECHO_T} - NuFW: User mark support" >&6; } fi fi fi else if test "${use_nfconntrack}" = "yes"; then { echo "$as_me:$LINENO: result: !!! WARNING !!! NuFW daemon WON'T be compiled: libnetfilter_queue not present" >&5 echo "${ECHO_T}!!! WARNING !!! NuFW daemon WON'T be compiled: libnetfilter_queue not present" >&6; } else { echo "$as_me:$LINENO: result: !!! WARNING !!! NuFW daemon WON'T be compiled: libipq not present" >&5 echo "${ECHO_T}!!! WARNING !!! NuFW daemon WON'T be compiled: libipq not present" >&6; } fi fi if test "${build_libnuclient}" = "yes"; then { echo "$as_me:$LINENO: result: * Compiling libnuclient" >&5 echo "${ECHO_T}* Compiling libnuclient" >&6; } fi if test "${build_nutcpc}" = "yes"; then { echo "$as_me:$LINENO: result: * Compiling nutcpc" >&5 echo "${ECHO_T}* Compiling nutcpc" >&6; } fi if test "${build_pam_nufw}" = "yes"; then { echo "$as_me:$LINENO: result: * Compiling pam_nufw" >&5 echo "${ECHO_T}* Compiling pam_nufw" >&6; } fi { echo "$as_me:$LINENO: result: Now type 'make' and then 'sudo make install'" >&5 echo "${ECHO_T} Now type 'make' and then 'sudo make install'" >&6; } nufw-2.4.3/COPYING0000644000175000017500000010622011431206275010455 00000000000000 GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Use with the GNU Affero General Public License. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: Copyright (C) This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the Cyrus SASL library under certain conditions as described in each individual source file, and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than Cyrus SASL. If you modify file(s) with this exception, you may extend this exception to your version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. If you delete this exception statement from all source files in the program, then also delete it here. This product includes software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/computing/). nufw-2.4.3/ltmain.sh0000644000175000017500000060646711312075134011260 00000000000000# ltmain.sh - Provide generalized library-building support services. # NOTE: Changing this file will not affect anything until you rerun configure. # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, # 2007, 2008 Free Software Foundation, Inc. # Originally by Gordon Matzigkeit , 1996 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. basename="s,^.*/,,g" # Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh # is ksh but when the shell is invoked as "sh" and the current value of # the _XPG environment variable is not equal to 1 (one), the special # positional parameter $0, within a function call, is the name of the # function. progpath="$0" # The name of this program: progname=`echo "$progpath" | $SED $basename` modename="$progname" # Global variables: EXIT_SUCCESS=0 EXIT_FAILURE=1 PROGRAM=ltmain.sh PACKAGE=libtool VERSION="1.5.26 Debian 1.5.26-4+lenny1" TIMESTAMP=" (1.1220.2.493 2008/02/01 16:58:18)" # Be Bourne compatible (taken from Autoconf:_AS_BOURNE_COMPATIBLE). if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac fi BIN_SH=xpg4; export BIN_SH # for Tru64 DUALCASE=1; export DUALCASE # for MKS sh # Check that we have a working $echo. if test "X$1" = X--no-reexec; then # Discard the --no-reexec flag, and continue. shift elif test "X$1" = X--fallback-echo; then # Avoid inline document here, it may be left over : elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then # Yippee, $echo works! : else # Restart under the correct shell, and then maybe $echo will work. exec $SHELL "$progpath" --no-reexec ${1+"$@"} fi if test "X$1" = X--fallback-echo; then # used as fallback echo shift cat <&2 $echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2 exit $EXIT_FAILURE fi # Global variables. mode=$default_mode nonopt= prev= prevopt= run= show="$echo" show_help= execute_dlfiles= duplicate_deps=no preserve_args= lo2o="s/\\.lo\$/.${objext}/" o2lo="s/\\.${objext}\$/.lo/" extracted_archives= extracted_serial=0 ##################################### # Shell function definitions: # This seems to be the best place for them # func_mktempdir [string] # Make a temporary directory that won't clash with other running # libtool processes, and avoids race conditions if possible. If # given, STRING is the basename for that directory. func_mktempdir () { my_template="${TMPDIR-/tmp}/${1-$progname}" if test "$run" = ":"; then # Return a directory name, but don't create it in dry-run mode my_tmpdir="${my_template}-$$" else # If mktemp works, use that first and foremost my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null` if test ! -d "$my_tmpdir"; then # Failing that, at least try and use $RANDOM to avoid a race my_tmpdir="${my_template}-${RANDOM-0}$$" save_mktempdir_umask=`umask` umask 0077 $mkdir "$my_tmpdir" umask $save_mktempdir_umask fi # If we're not in dry-run mode, bomb out on failure test -d "$my_tmpdir" || { $echo "cannot create temporary directory \`$my_tmpdir'" 1>&2 exit $EXIT_FAILURE } fi $echo "X$my_tmpdir" | $Xsed } # func_win32_libid arg # return the library type of file 'arg' # # Need a lot of goo to handle *both* DLLs and import libs # Has to be a shell function in order to 'eat' the argument # that is supplied when $file_magic_command is called. func_win32_libid () { win32_libid_type="unknown" win32_fileres=`file -L $1 2>/dev/null` case $win32_fileres in *ar\ archive\ import\ library*) # definitely import win32_libid_type="x86 archive import" ;; *ar\ archive*) # could be an import, or static if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | \ $EGREP -e 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then win32_nmres=`eval $NM -f posix -A $1 | \ $SED -n -e '1,100{ / I /{ s,.*,import, p q } }'` case $win32_nmres in import*) win32_libid_type="x86 archive import";; *) win32_libid_type="x86 archive static";; esac fi ;; *DLL*) win32_libid_type="x86 DLL" ;; *executable*) # but shell scripts are "executable" too... case $win32_fileres in *MS\ Windows\ PE\ Intel*) win32_libid_type="x86 DLL" ;; esac ;; esac $echo $win32_libid_type } # func_infer_tag arg # Infer tagged configuration to use if any are available and # if one wasn't chosen via the "--tag" command line option. # Only attempt this if the compiler in the base compile # command doesn't match the default compiler. # arg is usually of the form 'gcc ...' func_infer_tag () { if test -n "$available_tags" && test -z "$tagname"; then CC_quoted= for arg in $CC; do case $arg in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") arg="\"$arg\"" ;; esac CC_quoted="$CC_quoted $arg" done case $@ in # Blanks in the command may have been stripped by the calling shell, # but not from the CC environment variable when configure was run. " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*) ;; # Blanks at the start of $base_compile will cause this to fail # if we don't check for them as well. *) for z in $available_tags; do if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then # Evaluate the configuration. eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" CC_quoted= for arg in $CC; do # Double-quote args containing other shell metacharacters. case $arg in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") arg="\"$arg\"" ;; esac CC_quoted="$CC_quoted $arg" done case "$@ " in " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*) # The compiler in the base compile command matches # the one in the tagged configuration. # Assume this is the tagged configuration we want. tagname=$z break ;; esac fi done # If $tagname still isn't set, then no tagged configuration # was found and let the user know that the "--tag" command # line option must be used. if test -z "$tagname"; then $echo "$modename: unable to infer tagged configuration" $echo "$modename: specify a tag with \`--tag'" 1>&2 exit $EXIT_FAILURE # else # $echo "$modename: using $tagname tagged configuration" fi ;; esac fi } # func_extract_an_archive dir oldlib func_extract_an_archive () { f_ex_an_ar_dir="$1"; shift f_ex_an_ar_oldlib="$1" $show "(cd $f_ex_an_ar_dir && $AR x $f_ex_an_ar_oldlib)" $run eval "(cd \$f_ex_an_ar_dir && $AR x \$f_ex_an_ar_oldlib)" || exit $? if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then : else $echo "$modename: ERROR: object name conflicts: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" 1>&2 exit $EXIT_FAILURE fi } # func_extract_archives gentop oldlib ... func_extract_archives () { my_gentop="$1"; shift my_oldlibs=${1+"$@"} my_oldobjs="" my_xlib="" my_xabs="" my_xdir="" my_status="" $show "${rm}r $my_gentop" $run ${rm}r "$my_gentop" $show "$mkdir $my_gentop" $run $mkdir "$my_gentop" my_status=$? if test "$my_status" -ne 0 && test ! -d "$my_gentop"; then exit $my_status fi for my_xlib in $my_oldlibs; do # Extract the objects. case $my_xlib in [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;; *) my_xabs=`pwd`"/$my_xlib" ;; esac my_xlib=`$echo "X$my_xlib" | $Xsed -e 's%^.*/%%'` my_xlib_u=$my_xlib while :; do case " $extracted_archives " in *" $my_xlib_u "*) extracted_serial=`expr $extracted_serial + 1` my_xlib_u=lt$extracted_serial-$my_xlib ;; *) break ;; esac done extracted_archives="$extracted_archives $my_xlib_u" my_xdir="$my_gentop/$my_xlib_u" $show "${rm}r $my_xdir" $run ${rm}r "$my_xdir" $show "$mkdir $my_xdir" $run $mkdir "$my_xdir" exit_status=$? if test "$exit_status" -ne 0 && test ! -d "$my_xdir"; then exit $exit_status fi case $host in *-darwin*) $show "Extracting $my_xabs" # Do not bother doing anything if just a dry run if test -z "$run"; then darwin_orig_dir=`pwd` cd $my_xdir || exit $? darwin_archive=$my_xabs darwin_curdir=`pwd` darwin_base_archive=`$echo "X$darwin_archive" | $Xsed -e 's%^.*/%%'` darwin_arches=`lipo -info "$darwin_archive" 2>/dev/null | $EGREP Architectures 2>/dev/null` if test -n "$darwin_arches"; then darwin_arches=`echo "$darwin_arches" | $SED -e 's/.*are://'` darwin_arch= $show "$darwin_base_archive has multiple architectures $darwin_arches" for darwin_arch in $darwin_arches ; do mkdir -p "unfat-$$/${darwin_base_archive}-${darwin_arch}" lipo -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}" cd "unfat-$$/${darwin_base_archive}-${darwin_arch}" func_extract_an_archive "`pwd`" "${darwin_base_archive}" cd "$darwin_curdir" $rm "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" done # $darwin_arches ## Okay now we have a bunch of thin objects, gotta fatten them up :) darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print| xargs basename | sort -u | $NL2SP` darwin_file= darwin_files= for darwin_file in $darwin_filelist; do darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP` lipo -create -output "$darwin_file" $darwin_files done # $darwin_filelist ${rm}r unfat-$$ cd "$darwin_orig_dir" else cd "$darwin_orig_dir" func_extract_an_archive "$my_xdir" "$my_xabs" fi # $darwin_arches fi # $run ;; *) func_extract_an_archive "$my_xdir" "$my_xabs" ;; esac my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP` done func_extract_archives_result="$my_oldobjs" } # End of Shell function definitions ##################################### # Darwin sucks eval std_shrext=\"$shrext_cmds\" disable_libs=no # Parse our command line options once, thoroughly. while test "$#" -gt 0 do arg="$1" shift case $arg in -*=*) optarg=`$echo "X$arg" | $Xsed -e 's/[-_a-zA-Z0-9]*=//'` ;; *) optarg= ;; esac # If the previous option needs an argument, assign it. if test -n "$prev"; then case $prev in execute_dlfiles) execute_dlfiles="$execute_dlfiles $arg" ;; tag) tagname="$arg" preserve_args="${preserve_args}=$arg" # Check whether tagname contains only valid characters case $tagname in *[!-_A-Za-z0-9,/]*) $echo "$progname: invalid tag name: $tagname" 1>&2 exit $EXIT_FAILURE ;; esac case $tagname in CC) # Don't test for the "default" C tag, as we know, it's there, but # not specially marked. ;; *) if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "$progpath" > /dev/null; then taglist="$taglist $tagname" # Evaluate the configuration. eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$tagname'$/,/^# ### END LIBTOOL TAG CONFIG: '$tagname'$/p' < $progpath`" else $echo "$progname: ignoring unknown tag $tagname" 1>&2 fi ;; esac ;; *) eval "$prev=\$arg" ;; esac prev= prevopt= continue fi # Have we seen a non-optional argument yet? case $arg in --help) show_help=yes ;; --version) echo "\ $PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP Copyright (C) 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." exit $? ;; --config) ${SED} -e '1,/^# ### BEGIN LIBTOOL CONFIG/d' -e '/^# ### END LIBTOOL CONFIG/,$d' $progpath # Now print the configurations for the tags. for tagname in $taglist; do ${SED} -n -e "/^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$/,/^# ### END LIBTOOL TAG CONFIG: $tagname$/p" < "$progpath" done exit $? ;; --debug) $echo "$progname: enabling shell trace mode" set -x preserve_args="$preserve_args $arg" ;; --dry-run | -n) run=: ;; --features) $echo "host: $host" if test "$build_libtool_libs" = yes; then $echo "enable shared libraries" else $echo "disable shared libraries" fi if test "$build_old_libs" = yes; then $echo "enable static libraries" else $echo "disable static libraries" fi exit $? ;; --finish) mode="finish" ;; --mode) prevopt="--mode" prev=mode ;; --mode=*) mode="$optarg" ;; --preserve-dup-deps) duplicate_deps="yes" ;; --quiet | --silent) show=: preserve_args="$preserve_args $arg" ;; --tag) prevopt="--tag" prev=tag preserve_args="$preserve_args --tag" ;; --tag=*) set tag "$optarg" ${1+"$@"} shift prev=tag preserve_args="$preserve_args --tag" ;; -dlopen) prevopt="-dlopen" prev=execute_dlfiles ;; -*) $echo "$modename: unrecognized option \`$arg'" 1>&2 $echo "$help" 1>&2 exit $EXIT_FAILURE ;; *) nonopt="$arg" break ;; esac done if test -n "$prevopt"; then $echo "$modename: option \`$prevopt' requires an argument" 1>&2 $echo "$help" 1>&2 exit $EXIT_FAILURE fi case $disable_libs in no) ;; shared) build_libtool_libs=no build_old_libs=yes ;; static) build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` ;; esac # If this variable is set in any of the actions, the command in it # will be execed at the end. This prevents here-documents from being # left over by shells. exec_cmd= if test -z "$show_help"; then # Infer the operation mode. if test -z "$mode"; then $echo "*** Warning: inferring the mode of operation is deprecated." 1>&2 $echo "*** Future versions of Libtool will require --mode=MODE be specified." 1>&2 case $nonopt in *cc | cc* | *++ | gcc* | *-gcc* | g++* | xlc*) mode=link for arg do case $arg in -c) mode=compile break ;; esac done ;; *db | *dbx | *strace | *truss) mode=execute ;; *install*|cp|mv) mode=install ;; *rm) mode=uninstall ;; *) # If we have no mode, but dlfiles were specified, then do execute mode. test -n "$execute_dlfiles" && mode=execute # Just use the default operation mode. if test -z "$mode"; then if test -n "$nonopt"; then $echo "$modename: warning: cannot infer operation mode from \`$nonopt'" 1>&2 else $echo "$modename: warning: cannot infer operation mode without MODE-ARGS" 1>&2 fi fi ;; esac fi # Only execute mode is allowed to have -dlopen flags. if test -n "$execute_dlfiles" && test "$mode" != execute; then $echo "$modename: unrecognized option \`-dlopen'" 1>&2 $echo "$help" 1>&2 exit $EXIT_FAILURE fi # Change the help message to a mode-specific one. generic_help="$help" help="Try \`$modename --help --mode=$mode' for more information." # These modes are in order of execution frequency so that they run quickly. case $mode in # libtool compile mode compile) modename="$modename: compile" # Get the compilation command and the source file. base_compile= srcfile="$nonopt" # always keep a non-empty value in "srcfile" suppress_opt=yes suppress_output= arg_mode=normal libobj= later= for arg do case $arg_mode in arg ) # do not "continue". Instead, add this to base_compile lastarg="$arg" arg_mode=normal ;; target ) libobj="$arg" arg_mode=normal continue ;; normal ) # Accept any command-line options. case $arg in -o) if test -n "$libobj" ; then $echo "$modename: you cannot specify \`-o' more than once" 1>&2 exit $EXIT_FAILURE fi arg_mode=target continue ;; -static | -prefer-pic | -prefer-non-pic) later="$later $arg" continue ;; -no-suppress) suppress_opt=no continue ;; -Xcompiler) arg_mode=arg # the next one goes into the "base_compile" arg list continue # The current "srcfile" will either be retained or ;; # replaced later. I would guess that would be a bug. -Wc,*) args=`$echo "X$arg" | $Xsed -e "s/^-Wc,//"` lastarg= save_ifs="$IFS"; IFS=',' for arg in $args; do IFS="$save_ifs" # Double-quote args containing other shell metacharacters. # Many Bourne shells cannot handle close brackets correctly # in scan sets, so we specify it separately. case $arg in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") arg="\"$arg\"" ;; esac lastarg="$lastarg $arg" done IFS="$save_ifs" lastarg=`$echo "X$lastarg" | $Xsed -e "s/^ //"` # Add the arguments to base_compile. base_compile="$base_compile $lastarg" continue ;; * ) # Accept the current argument as the source file. # The previous "srcfile" becomes the current argument. # lastarg="$srcfile" srcfile="$arg" ;; esac # case $arg ;; esac # case $arg_mode # Aesthetically quote the previous argument. lastarg=`$echo "X$lastarg" | $Xsed -e "$sed_quote_subst"` case $lastarg in # Double-quote args containing other shell metacharacters. # Many Bourne shells cannot handle close brackets correctly # in scan sets, and some SunOS ksh mistreat backslash-escaping # in scan sets (worked around with variable expansion), # and furthermore cannot handle '|' '&' '(' ')' in scan sets # at all, so we specify them separately. *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") lastarg="\"$lastarg\"" ;; esac base_compile="$base_compile $lastarg" done # for arg case $arg_mode in arg) $echo "$modename: you must specify an argument for -Xcompile" exit $EXIT_FAILURE ;; target) $echo "$modename: you must specify a target with \`-o'" 1>&2 exit $EXIT_FAILURE ;; *) # Get the name of the library object. [ -z "$libobj" ] && libobj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%'` ;; esac # Recognize several different file suffixes. # If the user specifies -o file.o, it is replaced with file.lo xform='[cCFSifmso]' case $libobj in *.ada) xform=ada ;; *.adb) xform=adb ;; *.ads) xform=ads ;; *.asm) xform=asm ;; *.c++) xform=c++ ;; *.cc) xform=cc ;; *.ii) xform=ii ;; *.class) xform=class ;; *.cpp) xform=cpp ;; *.cxx) xform=cxx ;; *.[fF][09]?) xform=[fF][09]. ;; *.for) xform=for ;; *.java) xform=java ;; *.obj) xform=obj ;; *.sx) xform=sx ;; esac libobj=`$echo "X$libobj" | $Xsed -e "s/\.$xform$/.lo/"` case $libobj in *.lo) obj=`$echo "X$libobj" | $Xsed -e "$lo2o"` ;; *) $echo "$modename: cannot determine name of library object from \`$libobj'" 1>&2 exit $EXIT_FAILURE ;; esac func_infer_tag $base_compile for arg in $later; do case $arg in -static) build_old_libs=yes continue ;; -prefer-pic) pic_mode=yes continue ;; -prefer-non-pic) pic_mode=no continue ;; esac done qlibobj=`$echo "X$libobj" | $Xsed -e "$sed_quote_subst"` case $qlibobj in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") qlibobj="\"$qlibobj\"" ;; esac test "X$libobj" != "X$qlibobj" \ && $echo "X$libobj" | grep '[]~#^*{};<>?"'"'"' &()|`$[]' \ && $echo "$modename: libobj name \`$libobj' may not contain shell special characters." objname=`$echo "X$obj" | $Xsed -e 's%^.*/%%'` xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'` if test "X$xdir" = "X$obj"; then xdir= else xdir=$xdir/ fi lobj=${xdir}$objdir/$objname if test -z "$base_compile"; then $echo "$modename: you must specify a compilation command" 1>&2 $echo "$help" 1>&2 exit $EXIT_FAILURE fi # Delete any leftover library objects. if test "$build_old_libs" = yes; then removelist="$obj $lobj $libobj ${libobj}T" else removelist="$lobj $libobj ${libobj}T" fi $run $rm $removelist trap "$run $rm $removelist; exit $EXIT_FAILURE" 1 2 15 # On Cygwin there's no "real" PIC flag so we must build both object types case $host_os in cygwin* | mingw* | pw32* | os2*) pic_mode=default ;; esac if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then # non-PIC code in shared libraries is not supported pic_mode=default fi # Calculate the filename of the output object if compiler does # not support -o with -c if test "$compiler_c_o" = no; then output_obj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext} lockfile="$output_obj.lock" removelist="$removelist $output_obj $lockfile" trap "$run $rm $removelist; exit $EXIT_FAILURE" 1 2 15 else output_obj= need_locks=no lockfile= fi # Lock this critical section if it is needed # We use this script file to make the link, it avoids creating a new file if test "$need_locks" = yes; then until $run ln "$progpath" "$lockfile" 2>/dev/null; do $show "Waiting for $lockfile to be removed" sleep 2 done elif test "$need_locks" = warn; then if test -f "$lockfile"; then $echo "\ *** ERROR, $lockfile exists and contains: `cat $lockfile 2>/dev/null` This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support \`-c' and \`-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $run $rm $removelist exit $EXIT_FAILURE fi $echo "$srcfile" > "$lockfile" fi if test -n "$fix_srcfile_path"; then eval srcfile=\"$fix_srcfile_path\" fi qsrcfile=`$echo "X$srcfile" | $Xsed -e "$sed_quote_subst"` case $qsrcfile in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") qsrcfile="\"$qsrcfile\"" ;; esac $run $rm "$libobj" "${libobj}T" # Create a libtool object file (analogous to a ".la" file), # but don't create it if we're doing a dry run. test -z "$run" && cat > ${libobj}T </dev/null`" != "X$srcfile"; then $echo "\ *** ERROR, $lockfile contains: `cat $lockfile 2>/dev/null` but it should contain: $srcfile This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support \`-c' and \`-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $run $rm $removelist exit $EXIT_FAILURE fi # Just move the object if needed, then go on to compile the next one if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then $show "$mv $output_obj $lobj" if $run $mv $output_obj $lobj; then : else error=$? $run $rm $removelist exit $error fi fi # Append the name of the PIC object to the libtool object file. test -z "$run" && cat >> ${libobj}T <> ${libobj}T </dev/null`" != "X$srcfile"; then $echo "\ *** ERROR, $lockfile contains: `cat $lockfile 2>/dev/null` but it should contain: $srcfile This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support \`-c' and \`-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $run $rm $removelist exit $EXIT_FAILURE fi # Just move the object if needed if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then $show "$mv $output_obj $obj" if $run $mv $output_obj $obj; then : else error=$? $run $rm $removelist exit $error fi fi # Append the name of the non-PIC object the libtool object file. # Only append if the libtool object file exists. test -z "$run" && cat >> ${libobj}T <> ${libobj}T <&2 fi if test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=yes ;; -static) if test -z "$pic_flag" && test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=built ;; -static-libtool-libs) if test -z "$pic_flag" && test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=yes ;; esac build_libtool_libs=no build_old_libs=yes break ;; esac done # See if our shared archives depend on static archives. test -n "$old_archive_from_new_cmds" && build_old_libs=yes # Go through the arguments, transforming them on the way. while test "$#" -gt 0; do arg="$1" shift case $arg in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") qarg=\"`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`\" ### testsuite: skip nested quoting test ;; *) qarg=$arg ;; esac libtool_args="$libtool_args $qarg" # If the previous option needs an argument, assign it. if test -n "$prev"; then case $prev in output) compile_command="$compile_command @OUTPUT@" finalize_command="$finalize_command @OUTPUT@" ;; esac case $prev in dlfiles|dlprefiles) if test "$preload" = no; then # Add the symbol object into the linking commands. compile_command="$compile_command @SYMFILE@" finalize_command="$finalize_command @SYMFILE@" preload=yes fi case $arg in *.la | *.lo) ;; # We handle these cases below. force) if test "$dlself" = no; then dlself=needless export_dynamic=yes fi prev= continue ;; self) if test "$prev" = dlprefiles; then dlself=yes elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then dlself=yes else dlself=needless export_dynamic=yes fi prev= continue ;; *) if test "$prev" = dlfiles; then dlfiles="$dlfiles $arg" else dlprefiles="$dlprefiles $arg" fi prev= continue ;; esac ;; expsyms) export_symbols="$arg" if test ! -f "$arg"; then $echo "$modename: symbol file \`$arg' does not exist" exit $EXIT_FAILURE fi prev= continue ;; expsyms_regex) export_symbols_regex="$arg" prev= continue ;; inst_prefix) inst_prefix_dir="$arg" prev= continue ;; precious_regex) precious_files_regex="$arg" prev= continue ;; release) release="-$arg" prev= continue ;; objectlist) if test -f "$arg"; then save_arg=$arg moreargs= for fil in `cat $save_arg` do # moreargs="$moreargs $fil" arg=$fil # A libtool-controlled object. # Check to see that this really is a libtool object. if (${SED} -e '2q' $arg | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then pic_object= non_pic_object= # Read the .lo file # If there is no directory component, then add one. case $arg in */* | *\\*) . $arg ;; *) . ./$arg ;; esac if test -z "$pic_object" || \ test -z "$non_pic_object" || test "$pic_object" = none && \ test "$non_pic_object" = none; then $echo "$modename: cannot find name of object for \`$arg'" 1>&2 exit $EXIT_FAILURE fi # Extract subdirectory from the argument. xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'` if test "X$xdir" = "X$arg"; then xdir= else xdir="$xdir/" fi if test "$pic_object" != none; then # Prepend the subdirectory the object is found in. pic_object="$xdir$pic_object" if test "$prev" = dlfiles; then if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then dlfiles="$dlfiles $pic_object" prev= continue else # If libtool objects are unsupported, then we need to preload. prev=dlprefiles fi fi # CHECK ME: I think I busted this. -Ossama if test "$prev" = dlprefiles; then # Preload the old-style object. dlprefiles="$dlprefiles $pic_object" prev= fi # A PIC object. libobjs="$libobjs $pic_object" arg="$pic_object" fi # Non-PIC object. if test "$non_pic_object" != none; then # Prepend the subdirectory the object is found in. non_pic_object="$xdir$non_pic_object" # A standard non-PIC object non_pic_objects="$non_pic_objects $non_pic_object" if test -z "$pic_object" || test "$pic_object" = none ; then arg="$non_pic_object" fi else # If the PIC object exists, use it instead. # $xdir was prepended to $pic_object above. non_pic_object="$pic_object" non_pic_objects="$non_pic_objects $non_pic_object" fi else # Only an error if not doing a dry-run. if test -z "$run"; then $echo "$modename: \`$arg' is not a valid libtool object" 1>&2 exit $EXIT_FAILURE else # Dry-run case. # Extract subdirectory from the argument. xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'` if test "X$xdir" = "X$arg"; then xdir= else xdir="$xdir/" fi pic_object=`$echo "X${xdir}${objdir}/${arg}" | $Xsed -e "$lo2o"` non_pic_object=`$echo "X${xdir}${arg}" | $Xsed -e "$lo2o"` libobjs="$libobjs $pic_object" non_pic_objects="$non_pic_objects $non_pic_object" fi fi done else $echo "$modename: link input file \`$save_arg' does not exist" exit $EXIT_FAILURE fi arg=$save_arg prev= continue ;; rpath | xrpath) # We need an absolute path. case $arg in [\\/]* | [A-Za-z]:[\\/]*) ;; *) $echo "$modename: only absolute run-paths are allowed" 1>&2 exit $EXIT_FAILURE ;; esac if test "$prev" = rpath; then case "$rpath " in *" $arg "*) ;; *) rpath="$rpath $arg" ;; esac else case "$xrpath " in *" $arg "*) ;; *) xrpath="$xrpath $arg" ;; esac fi prev= continue ;; xcompiler) compiler_flags="$compiler_flags $qarg" prev= compile_command="$compile_command $qarg" finalize_command="$finalize_command $qarg" continue ;; xlinker) linker_flags="$linker_flags $qarg" compiler_flags="$compiler_flags $wl$qarg" prev= compile_command="$compile_command $wl$qarg" finalize_command="$finalize_command $wl$qarg" continue ;; xcclinker) linker_flags="$linker_flags $qarg" compiler_flags="$compiler_flags $qarg" prev= compile_command="$compile_command $qarg" finalize_command="$finalize_command $qarg" continue ;; shrext) shrext_cmds="$arg" prev= continue ;; darwin_framework|darwin_framework_skip) test "$prev" = "darwin_framework" && compiler_flags="$compiler_flags $arg" compile_command="$compile_command $arg" finalize_command="$finalize_command $arg" prev= continue ;; *) eval "$prev=\"\$arg\"" prev= continue ;; esac fi # test -n "$prev" prevarg="$arg" case $arg in -all-static) if test -n "$link_static_flag"; then compile_command="$compile_command $link_static_flag" finalize_command="$finalize_command $link_static_flag" fi continue ;; -allow-undefined) # FIXME: remove this flag sometime in the future. $echo "$modename: \`-allow-undefined' is deprecated because it is the default" 1>&2 continue ;; -avoid-version) avoid_version=yes continue ;; -dlopen) prev=dlfiles continue ;; -dlpreopen) prev=dlprefiles continue ;; -export-dynamic) export_dynamic=yes continue ;; -export-symbols | -export-symbols-regex) if test -n "$export_symbols" || test -n "$export_symbols_regex"; then $echo "$modename: more than one -exported-symbols argument is not allowed" exit $EXIT_FAILURE fi if test "X$arg" = "X-export-symbols"; then prev=expsyms else prev=expsyms_regex fi continue ;; -framework|-arch|-isysroot) case " $CC " in *" ${arg} ${1} "* | *" ${arg} ${1} "*) prev=darwin_framework_skip ;; *) compiler_flags="$compiler_flags $arg" prev=darwin_framework ;; esac compile_command="$compile_command $arg" finalize_command="$finalize_command $arg" continue ;; -inst-prefix-dir) prev=inst_prefix continue ;; # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:* # so, if we see these flags be careful not to treat them like -L -L[A-Z][A-Z]*:*) case $with_gcc/$host in no/*-*-irix* | /*-*-irix*) compile_command="$compile_command $arg" finalize_command="$finalize_command $arg" ;; esac continue ;; -L*) dir=`$echo "X$arg" | $Xsed -e 's/^-L//'` # We need an absolute path. case $dir in [\\/]* | [A-Za-z]:[\\/]*) ;; *) absdir=`cd "$dir" && pwd` if test -z "$absdir"; then $echo "$modename: cannot determine absolute directory name of \`$dir'" 1>&2 absdir="$dir" notinst_path="$notinst_path $dir" fi dir="$absdir" ;; esac case "$deplibs " in *" -L$dir "*) ;; *) deplibs="$deplibs -L$dir" lib_search_path="$lib_search_path $dir" ;; esac case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*) testbindir=`$echo "X$dir" | $Xsed -e 's*/lib$*/bin*'` case :$dllsearchpath: in *":$dir:"*) ;; *) dllsearchpath="$dllsearchpath:$dir";; esac case :$dllsearchpath: in *":$testbindir:"*) ;; *) dllsearchpath="$dllsearchpath:$testbindir";; esac ;; esac continue ;; -l*) if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos*) # These systems don't actually have a C or math library (as such) continue ;; *-*-os2*) # These systems don't actually have a C library (as such) test "X$arg" = "X-lc" && continue ;; *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) # Do not include libc due to us having libc/libc_r. test "X$arg" = "X-lc" && continue ;; *-*-rhapsody* | *-*-darwin1.[012]) # Rhapsody C and math libraries are in the System framework deplibs="$deplibs -framework System" continue ;; *-*-sco3.2v5* | *-*-sco5v6*) # Causes problems with __ctype test "X$arg" = "X-lc" && continue ;; *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) # Compiler inserts libc in the correct place for threads to work test "X$arg" = "X-lc" && continue ;; esac elif test "X$arg" = "X-lc_r"; then case $host in *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) # Do not include libc_r directly, use -pthread flag. continue ;; esac fi deplibs="$deplibs $arg" continue ;; # Tru64 UNIX uses -model [arg] to determine the layout of C++ # classes, name mangling, and exception handling. -model) compile_command="$compile_command $arg" compiler_flags="$compiler_flags $arg" finalize_command="$finalize_command $arg" prev=xcompiler continue ;; -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) compiler_flags="$compiler_flags $arg" compile_command="$compile_command $arg" finalize_command="$finalize_command $arg" continue ;; -multi_module) single_module="${wl}-multi_module" continue ;; -module) module=yes continue ;; # -64, -mips[0-9] enable 64-bit mode on the SGI compiler # -r[0-9][0-9]* specifies the processor on the SGI compiler # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler # +DA*, +DD* enable 64-bit mode on the HP compiler # -q* pass through compiler args for the IBM compiler # -m* pass through architecture-specific compiler args for GCC # -m*, -t[45]*, -txscale* pass through architecture-specific # compiler args for GCC # -p, -pg, --coverage, -fprofile-* pass through profiling flag for GCC # -F/path gives path to uninstalled frameworks, gcc on darwin # @file GCC response files -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*) # Unknown arguments in both finalize_command and compile_command need # to be aesthetically quoted because they are evaled later. arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` case $arg in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") arg="\"$arg\"" ;; esac compile_command="$compile_command $arg" finalize_command="$finalize_command $arg" compiler_flags="$compiler_flags $arg" continue ;; -shrext) prev=shrext continue ;; -no-fast-install) fast_install=no continue ;; -no-install) case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin*) # The PATH hackery in wrapper scripts is required on Windows # and Darwin in order for the loader to find any dlls it needs. $echo "$modename: warning: \`-no-install' is ignored for $host" 1>&2 $echo "$modename: warning: assuming \`-no-fast-install' instead" 1>&2 fast_install=no ;; *) no_install=yes ;; esac continue ;; -no-undefined) allow_undefined=no continue ;; -objectlist) prev=objectlist continue ;; -o) prev=output ;; -precious-files-regex) prev=precious_regex continue ;; -release) prev=release continue ;; -rpath) prev=rpath continue ;; -R) prev=xrpath continue ;; -R*) dir=`$echo "X$arg" | $Xsed -e 's/^-R//'` # We need an absolute path. case $dir in [\\/]* | [A-Za-z]:[\\/]*) ;; *) $echo "$modename: only absolute run-paths are allowed" 1>&2 exit $EXIT_FAILURE ;; esac case "$xrpath " in *" $dir "*) ;; *) xrpath="$xrpath $dir" ;; esac continue ;; -static | -static-libtool-libs) # The effects of -static are defined in a previous loop. # We used to do the same as -all-static on platforms that # didn't have a PIC flag, but the assumption that the effects # would be equivalent was wrong. It would break on at least # Digital Unix and AIX. continue ;; -thread-safe) thread_safe=yes continue ;; -version-info) prev=vinfo continue ;; -version-number) prev=vinfo vinfo_number=yes continue ;; -Wc,*) args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wc,//'` arg= save_ifs="$IFS"; IFS=',' for flag in $args; do IFS="$save_ifs" case $flag in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") flag="\"$flag\"" ;; esac arg="$arg $wl$flag" compiler_flags="$compiler_flags $flag" done IFS="$save_ifs" arg=`$echo "X$arg" | $Xsed -e "s/^ //"` ;; -Wl,*) args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wl,//'` arg= save_ifs="$IFS"; IFS=',' for flag in $args; do IFS="$save_ifs" case $flag in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") flag="\"$flag\"" ;; esac arg="$arg $wl$flag" compiler_flags="$compiler_flags $wl$flag" linker_flags="$linker_flags $flag" done IFS="$save_ifs" arg=`$echo "X$arg" | $Xsed -e "s/^ //"` ;; -Xcompiler) prev=xcompiler continue ;; -Xlinker) prev=xlinker continue ;; -XCClinker) prev=xcclinker continue ;; # Some other compiler flag. -* | +*) # Unknown arguments in both finalize_command and compile_command need # to be aesthetically quoted because they are evaled later. arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` case $arg in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") arg="\"$arg\"" ;; esac ;; *.$objext) # A standard object. objs="$objs $arg" ;; *.lo) # A libtool-controlled object. # Check to see that this really is a libtool object. if (${SED} -e '2q' $arg | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then pic_object= non_pic_object= # Read the .lo file # If there is no directory component, then add one. case $arg in */* | *\\*) . $arg ;; *) . ./$arg ;; esac if test -z "$pic_object" || \ test -z "$non_pic_object" || test "$pic_object" = none && \ test "$non_pic_object" = none; then $echo "$modename: cannot find name of object for \`$arg'" 1>&2 exit $EXIT_FAILURE fi # Extract subdirectory from the argument. xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'` if test "X$xdir" = "X$arg"; then xdir= else xdir="$xdir/" fi if test "$pic_object" != none; then # Prepend the subdirectory the object is found in. pic_object="$xdir$pic_object" if test "$prev" = dlfiles; then if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then dlfiles="$dlfiles $pic_object" prev= continue else # If libtool objects are unsupported, then we need to preload. prev=dlprefiles fi fi # CHECK ME: I think I busted this. -Ossama if test "$prev" = dlprefiles; then # Preload the old-style object. dlprefiles="$dlprefiles $pic_object" prev= fi # A PIC object. libobjs="$libobjs $pic_object" arg="$pic_object" fi # Non-PIC object. if test "$non_pic_object" != none; then # Prepend the subdirectory the object is found in. non_pic_object="$xdir$non_pic_object" # A standard non-PIC object non_pic_objects="$non_pic_objects $non_pic_object" if test -z "$pic_object" || test "$pic_object" = none ; then arg="$non_pic_object" fi else # If the PIC object exists, use it instead. # $xdir was prepended to $pic_object above. non_pic_object="$pic_object" non_pic_objects="$non_pic_objects $non_pic_object" fi else # Only an error if not doing a dry-run. if test -z "$run"; then $echo "$modename: \`$arg' is not a valid libtool object" 1>&2 exit $EXIT_FAILURE else # Dry-run case. # Extract subdirectory from the argument. xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'` if test "X$xdir" = "X$arg"; then xdir= else xdir="$xdir/" fi pic_object=`$echo "X${xdir}${objdir}/${arg}" | $Xsed -e "$lo2o"` non_pic_object=`$echo "X${xdir}${arg}" | $Xsed -e "$lo2o"` libobjs="$libobjs $pic_object" non_pic_objects="$non_pic_objects $non_pic_object" fi fi ;; *.$libext) # An archive. deplibs="$deplibs $arg" old_deplibs="$old_deplibs $arg" continue ;; *.la) # A libtool-controlled library. if test "$prev" = dlfiles; then # This library was specified with -dlopen. dlfiles="$dlfiles $arg" prev= elif test "$prev" = dlprefiles; then # The library was specified with -dlpreopen. dlprefiles="$dlprefiles $arg" prev= else deplibs="$deplibs $arg" fi continue ;; # Some other compiler argument. *) # Unknown arguments in both finalize_command and compile_command need # to be aesthetically quoted because they are evaled later. arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` case $arg in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") arg="\"$arg\"" ;; esac ;; esac # arg # Now actually substitute the argument into the commands. if test -n "$arg"; then compile_command="$compile_command $arg" finalize_command="$finalize_command $arg" fi done # argument parsing loop if test -n "$prev"; then $echo "$modename: the \`$prevarg' option requires an argument" 1>&2 $echo "$help" 1>&2 exit $EXIT_FAILURE fi if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then eval arg=\"$export_dynamic_flag_spec\" compile_command="$compile_command $arg" finalize_command="$finalize_command $arg" fi oldlibs= # calculate the name of the file, without its directory outputname=`$echo "X$output" | $Xsed -e 's%^.*/%%'` libobjs_save="$libobjs" if test -n "$shlibpath_var"; then # get the directories listed in $shlibpath_var eval shlib_search_path=\`\$echo \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\` else shlib_search_path= fi eval sys_lib_search_path=\"$sys_lib_search_path_spec\" eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" output_objdir=`$echo "X$output" | $Xsed -e 's%/[^/]*$%%'` if test "X$output_objdir" = "X$output"; then output_objdir="$objdir" else output_objdir="$output_objdir/$objdir" fi # Create the object directory. if test ! -d "$output_objdir"; then $show "$mkdir $output_objdir" $run $mkdir $output_objdir exit_status=$? if test "$exit_status" -ne 0 && test ! -d "$output_objdir"; then exit $exit_status fi fi # Determine the type of output case $output in "") $echo "$modename: you must specify an output file" 1>&2 $echo "$help" 1>&2 exit $EXIT_FAILURE ;; *.$libext) linkmode=oldlib ;; *.lo | *.$objext) linkmode=obj ;; *.la) linkmode=lib ;; *) linkmode=prog ;; # Anything else should be a program. esac case $host in *cygwin* | *mingw* | *pw32*) # don't eliminate duplications in $postdeps and $predeps duplicate_compiler_generated_deps=yes ;; *) duplicate_compiler_generated_deps=$duplicate_deps ;; esac specialdeplibs= libs= # Find all interdependent deplibs by searching for libraries # that are linked more than once (e.g. -la -lb -la) for deplib in $deplibs; do if test "X$duplicate_deps" = "Xyes" ; then case "$libs " in *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; esac fi libs="$libs $deplib" done if test "$linkmode" = lib; then libs="$predeps $libs $compiler_lib_search_path $postdeps" # Compute libraries that are listed more than once in $predeps # $postdeps and mark them as special (i.e., whose duplicates are # not to be eliminated). pre_post_deps= if test "X$duplicate_compiler_generated_deps" = "Xyes" ; then for pre_post_dep in $predeps $postdeps; do case "$pre_post_deps " in *" $pre_post_dep "*) specialdeplibs="$specialdeplibs $pre_post_deps" ;; esac pre_post_deps="$pre_post_deps $pre_post_dep" done fi pre_post_deps= fi deplibs= newdependency_libs= newlib_search_path= need_relink=no # whether we're linking any uninstalled libtool libraries notinst_deplibs= # not-installed libtool libraries case $linkmode in lib) passes="conv link" for file in $dlfiles $dlprefiles; do case $file in *.la) ;; *) $echo "$modename: libraries can \`-dlopen' only libtool libraries: $file" 1>&2 exit $EXIT_FAILURE ;; esac done ;; prog) compile_deplibs= finalize_deplibs= alldeplibs=no newdlfiles= newdlprefiles= passes="conv scan dlopen dlpreopen link" ;; *) passes="conv" ;; esac for pass in $passes; do if test "$linkmode,$pass" = "lib,link" || test "$linkmode,$pass" = "prog,scan"; then libs="$deplibs" deplibs= fi if test "$linkmode" = prog; then case $pass in dlopen) libs="$dlfiles" ;; dlpreopen) libs="$dlprefiles" ;; link) libs="$deplibs %DEPLIBS%" test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs" ;; esac fi if test "$pass" = dlopen; then # Collect dlpreopened libraries save_deplibs="$deplibs" deplibs= fi for deplib in $libs; do lib= found=no case $deplib in -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else compiler_flags="$compiler_flags $deplib" fi continue ;; -l*) if test "$linkmode" != lib && test "$linkmode" != prog; then $echo "$modename: warning: \`-l' is ignored for archives/objects" 1>&2 continue fi name=`$echo "X$deplib" | $Xsed -e 's/^-l//'` if test "$linkmode" = lib; then searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" else searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" fi for searchdir in $searchdirs; do for search_ext in .la $std_shrext .so .a; do # Search the libtool library lib="$searchdir/lib${name}${search_ext}" if test -f "$lib"; then if test "$search_ext" = ".la"; then found=yes else found=no fi break 2 fi done done if test "$found" != yes; then # deplib doesn't seem to be a libtool library if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" fi continue else # deplib is a libtool library # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, # We need to do some special things here, and not later. if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then case " $predeps $postdeps " in *" $deplib "*) if (${SED} -e '2q' $lib | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then library_names= old_library= case $lib in */* | *\\*) . $lib ;; *) . ./$lib ;; esac for l in $old_library $library_names; do ll="$l" done if test "X$ll" = "X$old_library" ; then # only static version available found=no ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'` test "X$ladir" = "X$lib" && ladir="." lib=$ladir/$old_library if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" fi continue fi fi ;; *) ;; esac fi fi ;; # -l -L*) case $linkmode in lib) deplibs="$deplib $deplibs" test "$pass" = conv && continue newdependency_libs="$deplib $newdependency_libs" newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'` ;; prog) if test "$pass" = conv; then deplibs="$deplib $deplibs" continue fi if test "$pass" = scan; then deplibs="$deplib $deplibs" else compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" fi newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'` ;; *) $echo "$modename: warning: \`-L' is ignored for archives/objects" 1>&2 ;; esac # linkmode continue ;; # -L -R*) if test "$pass" = link; then dir=`$echo "X$deplib" | $Xsed -e 's/^-R//'` # Make sure the xrpath contains only unique directories. case "$xrpath " in *" $dir "*) ;; *) xrpath="$xrpath $dir" ;; esac fi deplibs="$deplib $deplibs" continue ;; *.la) lib="$deplib" ;; *.$libext) if test "$pass" = conv; then deplibs="$deplib $deplibs" continue fi case $linkmode in lib) valid_a_lib=no case $deplibs_check_method in match_pattern*) set dummy $deplibs_check_method match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"` if eval $echo \"$deplib\" 2>/dev/null \ | $SED 10q \ | $EGREP "$match_pattern_regex" > /dev/null; then valid_a_lib=yes fi ;; pass_all) valid_a_lib=yes ;; esac if test "$valid_a_lib" != yes; then $echo $echo "*** Warning: Trying to link with static lib archive $deplib." $echo "*** I have the capability to make that library automatically link in when" $echo "*** you link to this library. But I can only do this if you have a" $echo "*** shared version of the library, which you do not appear to have" $echo "*** because the file extensions .$libext of this argument makes me believe" $echo "*** that it is just a static archive that I should not used here." else $echo $echo "*** Warning: Linking the shared library $output against the" $echo "*** static library $deplib is not portable!" deplibs="$deplib $deplibs" fi continue ;; prog) if test "$pass" != link; then deplibs="$deplib $deplibs" else compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" fi continue ;; esac # linkmode ;; # *.$libext *.lo | *.$objext) if test "$pass" = conv; then deplibs="$deplib $deplibs" elif test "$linkmode" = prog; then if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then # If there is no dlopen support or we're linking statically, # we need to preload. newdlprefiles="$newdlprefiles $deplib" compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else newdlfiles="$newdlfiles $deplib" fi fi continue ;; %DEPLIBS%) alldeplibs=yes continue ;; esac # case $deplib if test "$found" = yes || test -f "$lib"; then : else $echo "$modename: cannot find the library \`$lib' or unhandled argument \`$deplib'" 1>&2 exit $EXIT_FAILURE fi # Check to see that this really is a libtool archive. if (${SED} -e '2q' $lib | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then : else $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2 exit $EXIT_FAILURE fi ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'` test "X$ladir" = "X$lib" && ladir="." dlname= dlopen= dlpreopen= libdir= library_names= old_library= # If the library was installed with an old release of libtool, # it will not redefine variables installed, or shouldnotlink installed=yes shouldnotlink=no avoidtemprpath= # Read the .la file case $lib in */* | *\\*) . $lib ;; *) . ./$lib ;; esac if test "$linkmode,$pass" = "lib,link" || test "$linkmode,$pass" = "prog,scan" || { test "$linkmode" != prog && test "$linkmode" != lib; }; then test -n "$dlopen" && dlfiles="$dlfiles $dlopen" test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen" fi if test "$pass" = conv; then # Only check for convenience libraries deplibs="$lib $deplibs" if test -z "$libdir"; then if test -z "$old_library"; then $echo "$modename: cannot find name of link library for \`$lib'" 1>&2 exit $EXIT_FAILURE fi # It is a libtool convenience library, so add in its objects. convenience="$convenience $ladir/$objdir/$old_library" old_convenience="$old_convenience $ladir/$objdir/$old_library" tmp_libs= for deplib in $dependency_libs; do deplibs="$deplib $deplibs" if test "X$duplicate_deps" = "Xyes" ; then case "$tmp_libs " in *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; esac fi tmp_libs="$tmp_libs $deplib" done elif test "$linkmode" != prog && test "$linkmode" != lib; then $echo "$modename: \`$lib' is not a convenience library" 1>&2 exit $EXIT_FAILURE fi continue fi # $pass = conv # Get the name of the library we link against. linklib= for l in $old_library $library_names; do linklib="$l" done if test -z "$linklib"; then $echo "$modename: cannot find name of link library for \`$lib'" 1>&2 exit $EXIT_FAILURE fi # This library was specified with -dlopen. if test "$pass" = dlopen; then if test -z "$libdir"; then $echo "$modename: cannot -dlopen a convenience library: \`$lib'" 1>&2 exit $EXIT_FAILURE fi if test -z "$dlname" || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then # If there is no dlname, no dlopen support or we're linking # statically, we need to preload. We also need to preload any # dependent libraries so libltdl's deplib preloader doesn't # bomb out in the load deplibs phase. dlprefiles="$dlprefiles $lib $dependency_libs" else newdlfiles="$newdlfiles $lib" fi continue fi # $pass = dlopen # We need an absolute path. case $ladir in [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;; *) abs_ladir=`cd "$ladir" && pwd` if test -z "$abs_ladir"; then $echo "$modename: warning: cannot determine absolute directory name of \`$ladir'" 1>&2 $echo "$modename: passing it literally to the linker, although it might fail" 1>&2 abs_ladir="$ladir" fi ;; esac laname=`$echo "X$lib" | $Xsed -e 's%^.*/%%'` # Find the relevant object directory and library name. if test "X$installed" = Xyes; then if test ! -f "$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then $echo "$modename: warning: library \`$lib' was moved." 1>&2 dir="$ladir" absdir="$abs_ladir" libdir="$abs_ladir" else dir="$libdir" absdir="$libdir" fi test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes else if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then dir="$ladir" absdir="$abs_ladir" # Remove this search path later notinst_path="$notinst_path $abs_ladir" else dir="$ladir/$objdir" absdir="$abs_ladir/$objdir" # Remove this search path later notinst_path="$notinst_path $abs_ladir" fi fi # $installed = yes name=`$echo "X$laname" | $Xsed -e 's/\.la$//' -e 's/^lib//'` # This library was specified with -dlpreopen. if test "$pass" = dlpreopen; then if test -z "$libdir"; then $echo "$modename: cannot -dlpreopen a convenience library: \`$lib'" 1>&2 exit $EXIT_FAILURE fi # Prefer using a static library (so that no silly _DYNAMIC symbols # are required to link). if test -n "$old_library"; then newdlprefiles="$newdlprefiles $dir/$old_library" # Otherwise, use the dlname, so that lt_dlopen finds it. elif test -n "$dlname"; then newdlprefiles="$newdlprefiles $dir/$dlname" else newdlprefiles="$newdlprefiles $dir/$linklib" fi fi # $pass = dlpreopen if test -z "$libdir"; then # Link the convenience library if test "$linkmode" = lib; then deplibs="$dir/$old_library $deplibs" elif test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$dir/$old_library $compile_deplibs" finalize_deplibs="$dir/$old_library $finalize_deplibs" else deplibs="$lib $deplibs" # used for prog,scan pass fi continue fi if test "$linkmode" = prog && test "$pass" != link; then newlib_search_path="$newlib_search_path $ladir" deplibs="$lib $deplibs" linkalldeplibs=no if test "$link_all_deplibs" != no || test -z "$library_names" || test "$build_libtool_libs" = no; then linkalldeplibs=yes fi tmp_libs= for deplib in $dependency_libs; do case $deplib in -L*) newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`;; ### testsuite: skip nested quoting test esac # Need to link against all dependency_libs? if test "$linkalldeplibs" = yes; then deplibs="$deplib $deplibs" else # Need to hardcode shared library paths # or/and link against static libraries newdependency_libs="$deplib $newdependency_libs" fi if test "X$duplicate_deps" = "Xyes" ; then case "$tmp_libs " in *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; esac fi tmp_libs="$tmp_libs $deplib" done # for deplib continue fi # $linkmode = prog... if test "$linkmode,$pass" = "prog,link"; then if test -n "$library_names" && { { test "$prefer_static_libs" = no || test "$prefer_static_libs,$installed" = "built,yes"; } || test -z "$old_library"; }; then # We need to hardcode the library path if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then # Make sure the rpath contains only unique directories. case "$temp_rpath " in *" $dir "*) ;; *" $absdir "*) ;; *) temp_rpath="$temp_rpath $absdir" ;; esac fi # Hardcode the library path. # Skip directories that are in the system default run-time # search path. case " $sys_lib_dlsearch_path " in *" $absdir "*) ;; *) case "$compile_rpath " in *" $absdir "*) ;; *) compile_rpath="$compile_rpath $absdir" esac ;; esac case " $sys_lib_dlsearch_path " in *" $libdir "*) ;; *) case "$finalize_rpath " in *" $libdir "*) ;; *) finalize_rpath="$finalize_rpath $libdir" esac ;; esac fi # $linkmode,$pass = prog,link... if test "$alldeplibs" = yes && { test "$deplibs_check_method" = pass_all || { test "$build_libtool_libs" = yes && test -n "$library_names"; }; }; then # We only need to search for static libraries continue fi fi link_static=no # Whether the deplib will be linked statically use_static_libs=$prefer_static_libs if test "$use_static_libs" = built && test "$installed" = yes ; then use_static_libs=no fi if test -n "$library_names" && { test "$use_static_libs" = no || test -z "$old_library"; }; then if test "$installed" = no; then notinst_deplibs="$notinst_deplibs $lib" need_relink=yes fi # This is a shared library # Warn about portability, can't link against -module's on # some systems (darwin) if test "$shouldnotlink" = yes && test "$pass" = link ; then $echo if test "$linkmode" = prog; then $echo "*** Warning: Linking the executable $output against the loadable module" else $echo "*** Warning: Linking the shared library $output against the loadable module" fi $echo "*** $linklib is not portable!" fi if test "$linkmode" = lib && test "$hardcode_into_libs" = yes; then # Hardcode the library path. # Skip directories that are in the system default run-time # search path. case " $sys_lib_dlsearch_path " in *" $absdir "*) ;; *) case "$compile_rpath " in *" $absdir "*) ;; *) compile_rpath="$compile_rpath $absdir" esac ;; esac case " $sys_lib_dlsearch_path " in *" $libdir "*) ;; *) case "$finalize_rpath " in *" $libdir "*) ;; *) finalize_rpath="$finalize_rpath $libdir" esac ;; esac fi if test -n "$old_archive_from_expsyms_cmds"; then # figure out the soname set dummy $library_names realname="$2" shift; shift libname=`eval \\$echo \"$libname_spec\"` # use dlname if we got it. it's perfectly good, no? if test -n "$dlname"; then soname="$dlname" elif test -n "$soname_spec"; then # bleh windows case $host in *cygwin* | mingw*) major=`expr $current - $age` versuffix="-$major" ;; esac eval soname=\"$soname_spec\" else soname="$realname" fi # Make a new name for the extract_expsyms_cmds to use soroot="$soname" soname=`$echo $soroot | ${SED} -e 's/^.*\///'` newlib="libimp-`$echo $soname | ${SED} 's/^lib//;s/\.dll$//'`.a" # If the library has no export list, then create one now if test -f "$output_objdir/$soname-def"; then : else $show "extracting exported symbol list from \`$soname'" save_ifs="$IFS"; IFS='~' cmds=$extract_expsyms_cmds for cmd in $cmds; do IFS="$save_ifs" eval cmd=\"$cmd\" $show "$cmd" $run eval "$cmd" || exit $? done IFS="$save_ifs" fi # Create $newlib if test -f "$output_objdir/$newlib"; then :; else $show "generating import library for \`$soname'" save_ifs="$IFS"; IFS='~' cmds=$old_archive_from_expsyms_cmds for cmd in $cmds; do IFS="$save_ifs" eval cmd=\"$cmd\" $show "$cmd" $run eval "$cmd" || exit $? done IFS="$save_ifs" fi # make sure the library variables are pointing to the new library dir=$output_objdir linklib=$newlib fi # test -n "$old_archive_from_expsyms_cmds" if test "$linkmode" = prog || test "$mode" != relink; then add_shlibpath= add_dir= add= lib_linked=yes case $hardcode_action in immediate | unsupported) if test "$hardcode_direct" = no; then add="$dir/$linklib" case $host in *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;; *-*-sysv4*uw2*) add_dir="-L$dir" ;; *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ *-*-unixware7*) add_dir="-L$dir" ;; *-*-darwin* ) # if the lib is a module then we can not link against # it, someone is ignoring the new warnings I added if /usr/bin/file -L $add 2> /dev/null | $EGREP ": [^:]* bundle" >/dev/null ; then $echo "** Warning, lib $linklib is a module, not a shared library" if test -z "$old_library" ; then $echo $echo "** And there doesn't seem to be a static archive available" $echo "** The link will probably fail, sorry" else add="$dir/$old_library" fi fi esac elif test "$hardcode_minus_L" = no; then case $host in *-*-sunos*) add_shlibpath="$dir" ;; esac add_dir="-L$dir" add="-l$name" elif test "$hardcode_shlibpath_var" = no; then add_shlibpath="$dir" add="-l$name" else lib_linked=no fi ;; relink) if test "$hardcode_direct" = yes; then add="$dir/$linklib" elif test "$hardcode_minus_L" = yes; then add_dir="-L$dir" # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in [\\/]*) add_dir="$add_dir -L$inst_prefix_dir$libdir" ;; esac fi add="-l$name" elif test "$hardcode_shlibpath_var" = yes; then add_shlibpath="$dir" add="-l$name" else lib_linked=no fi ;; *) lib_linked=no ;; esac if test "$lib_linked" != yes; then $echo "$modename: configuration error: unsupported hardcode properties" exit $EXIT_FAILURE fi if test -n "$add_shlibpath"; then case :$compile_shlibpath: in *":$add_shlibpath:"*) ;; *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;; esac fi if test "$linkmode" = prog; then test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" test -n "$add" && compile_deplibs="$add $compile_deplibs" else test -n "$add_dir" && deplibs="$add_dir $deplibs" test -n "$add" && deplibs="$add $deplibs" if test "$hardcode_direct" != yes && \ test "$hardcode_minus_L" != yes && \ test "$hardcode_shlibpath_var" = yes; then case :$finalize_shlibpath: in *":$libdir:"*) ;; *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;; esac fi fi fi if test "$linkmode" = prog || test "$mode" = relink; then add_shlibpath= add_dir= add= # Finalize command for both is simple: just hardcode it. if test "$hardcode_direct" = yes; then add="$libdir/$linklib" elif test "$hardcode_minus_L" = yes; then add_dir="-L$libdir" add="-l$name" elif test "$hardcode_shlibpath_var" = yes; then case :$finalize_shlibpath: in *":$libdir:"*) ;; *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;; esac add="-l$name" elif test "$hardcode_automatic" = yes; then if test -n "$inst_prefix_dir" && test -f "$inst_prefix_dir$libdir/$linklib" ; then add="$inst_prefix_dir$libdir/$linklib" else add="$libdir/$linklib" fi else # We cannot seem to hardcode it, guess we'll fake it. add_dir="-L$libdir" # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in [\\/]*) add_dir="$add_dir -L$inst_prefix_dir$libdir" ;; esac fi add="-l$name" fi if test "$linkmode" = prog; then test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" test -n "$add" && finalize_deplibs="$add $finalize_deplibs" else test -n "$add_dir" && deplibs="$add_dir $deplibs" test -n "$add" && deplibs="$add $deplibs" fi fi elif test "$linkmode" = prog; then # Here we assume that one of hardcode_direct or hardcode_minus_L # is not unsupported. This is valid on all known static and # shared platforms. if test "$hardcode_direct" != unsupported; then test -n "$old_library" && linklib="$old_library" compile_deplibs="$dir/$linklib $compile_deplibs" finalize_deplibs="$dir/$linklib $finalize_deplibs" else compile_deplibs="-l$name -L$dir $compile_deplibs" finalize_deplibs="-l$name -L$dir $finalize_deplibs" fi elif test "$build_libtool_libs" = yes; then # Not a shared library if test "$deplibs_check_method" != pass_all; then # We're trying link a shared library against a static one # but the system doesn't support it. # Just print a warning and add the library to dependency_libs so # that the program can be linked against the static library. $echo $echo "*** Warning: This system can not link to static lib archive $lib." $echo "*** I have the capability to make that library automatically link in when" $echo "*** you link to this library. But I can only do this if you have a" $echo "*** shared version of the library, which you do not appear to have." if test "$module" = yes; then $echo "*** But as you try to build a module library, libtool will still create " $echo "*** a static module, that should work as long as the dlopening application" $echo "*** is linked with the -dlopen flag to resolve symbols at runtime." if test -z "$global_symbol_pipe"; then $echo $echo "*** However, this would only work if libtool was able to extract symbol" $echo "*** lists from a program, using \`nm' or equivalent, but libtool could" $echo "*** not find such a program. So, this module is probably useless." $echo "*** \`nm' from GNU binutils and a full rebuild may help." fi if test "$build_old_libs" = no; then build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi fi else deplibs="$dir/$old_library $deplibs" link_static=yes fi fi # link shared/static library? if test "$linkmode" = lib; then if test -n "$dependency_libs" && { test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes || test "$link_static" = yes; }; then # Extract -R from dependency_libs temp_deplibs= for libdir in $dependency_libs; do case $libdir in -R*) temp_xrpath=`$echo "X$libdir" | $Xsed -e 's/^-R//'` case " $xrpath " in *" $temp_xrpath "*) ;; *) xrpath="$xrpath $temp_xrpath";; esac;; *) temp_deplibs="$temp_deplibs $libdir";; esac done dependency_libs="$temp_deplibs" fi newlib_search_path="$newlib_search_path $absdir" # Link against this library test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs" # ... and its dependency_libs tmp_libs= for deplib in $dependency_libs; do newdependency_libs="$deplib $newdependency_libs" if test "X$duplicate_deps" = "Xyes" ; then case "$tmp_libs " in *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; esac fi tmp_libs="$tmp_libs $deplib" done if test "$link_all_deplibs" != no; then # Add the search paths of all dependency libraries for deplib in $dependency_libs; do case $deplib in -L*) path="$deplib" ;; *.la) dir=`$echo "X$deplib" | $Xsed -e 's%/[^/]*$%%'` test "X$dir" = "X$deplib" && dir="." # We need an absolute path. case $dir in [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;; *) absdir=`cd "$dir" && pwd` if test -z "$absdir"; then $echo "$modename: warning: cannot determine absolute directory name of \`$dir'" 1>&2 absdir="$dir" fi ;; esac if grep "^installed=no" $deplib > /dev/null; then path="$absdir/$objdir" else eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` if test -z "$libdir"; then $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2 exit $EXIT_FAILURE fi if test "$absdir" != "$libdir"; then $echo "$modename: warning: \`$deplib' seems to be moved" 1>&2 fi path="$absdir" fi depdepl= case $host in *-*-darwin*) # we do not want to link against static libs, # but need to link against shared eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` eval deplibdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` if test -n "$deplibrary_names" ; then for tmp in $deplibrary_names ; do depdepl=$tmp done if test -f "$deplibdir/$depdepl" ; then depdepl="$deplibdir/$depdepl" elif test -f "$path/$depdepl" ; then depdepl="$path/$depdepl" else # Can't find it, oh well... depdepl= fi # do not add paths which are already there case " $newlib_search_path " in *" $path "*) ;; *) newlib_search_path="$newlib_search_path $path";; esac fi path="" ;; *) path="-L$path" ;; esac ;; -l*) case $host in *-*-darwin*) # Again, we only want to link against shared libraries eval tmp_libs=`$echo "X$deplib" | $Xsed -e "s,^\-l,,"` for tmp in $newlib_search_path ; do if test -f "$tmp/lib$tmp_libs.dylib" ; then eval depdepl="$tmp/lib$tmp_libs.dylib" break fi done path="" ;; *) continue ;; esac ;; *) continue ;; esac case " $deplibs " in *" $path "*) ;; *) deplibs="$path $deplibs" ;; esac case " $deplibs " in *" $depdepl "*) ;; *) deplibs="$depdepl $deplibs" ;; esac done fi # link_all_deplibs != no fi # linkmode = lib done # for deplib in $libs dependency_libs="$newdependency_libs" if test "$pass" = dlpreopen; then # Link the dlpreopened libraries before other libraries for deplib in $save_deplibs; do deplibs="$deplib $deplibs" done fi if test "$pass" != dlopen; then if test "$pass" != conv; then # Make sure lib_search_path contains only unique directories. lib_search_path= for dir in $newlib_search_path; do case "$lib_search_path " in *" $dir "*) ;; *) lib_search_path="$lib_search_path $dir" ;; esac done newlib_search_path= fi if test "$linkmode,$pass" != "prog,link"; then vars="deplibs" else vars="compile_deplibs finalize_deplibs" fi for var in $vars dependency_libs; do # Add libraries to $var in reverse order eval tmp_libs=\"\$$var\" new_libs= for deplib in $tmp_libs; do # FIXME: Pedantically, this is the right thing to do, so # that some nasty dependency loop isn't accidentally # broken: #new_libs="$deplib $new_libs" # Pragmatically, this seems to cause very few problems in # practice: case $deplib in -L*) new_libs="$deplib $new_libs" ;; -R*) ;; *) # And here is the reason: when a library appears more # than once as an explicit dependence of a library, or # is implicitly linked in more than once by the # compiler, it is considered special, and multiple # occurrences thereof are not removed. Compare this # with having the same library being listed as a # dependency of multiple other libraries: in this case, # we know (pedantically, we assume) the library does not # need to be listed more than once, so we keep only the # last copy. This is not always right, but it is rare # enough that we require users that really mean to play # such unportable linking tricks to link the library # using -Wl,-lname, so that libtool does not consider it # for duplicate removal. case " $specialdeplibs " in *" $deplib "*) new_libs="$deplib $new_libs" ;; *) case " $new_libs " in *" $deplib "*) ;; *) new_libs="$deplib $new_libs" ;; esac ;; esac ;; esac done tmp_libs= for deplib in $new_libs; do case $deplib in -L*) case " $tmp_libs " in *" $deplib "*) ;; *) tmp_libs="$tmp_libs $deplib" ;; esac ;; *) tmp_libs="$tmp_libs $deplib" ;; esac done eval $var=\"$tmp_libs\" done # for var fi # Last step: remove runtime libs from dependency_libs # (they stay in deplibs) tmp_libs= for i in $dependency_libs ; do case " $predeps $postdeps $compiler_lib_search_path " in *" $i "*) i="" ;; esac if test -n "$i" ; then tmp_libs="$tmp_libs $i" fi done dependency_libs=$tmp_libs done # for pass if test "$linkmode" = prog; then dlfiles="$newdlfiles" dlprefiles="$newdlprefiles" fi case $linkmode in oldlib) case " $deplibs" in *\ -l* | *\ -L*) $echo "$modename: warning: \`-l' and \`-L' are ignored for archives" 1>&2 ;; esac if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then $echo "$modename: warning: \`-dlopen' is ignored for archives" 1>&2 fi if test -n "$rpath"; then $echo "$modename: warning: \`-rpath' is ignored for archives" 1>&2 fi if test -n "$xrpath"; then $echo "$modename: warning: \`-R' is ignored for archives" 1>&2 fi if test -n "$vinfo"; then $echo "$modename: warning: \`-version-info/-version-number' is ignored for archives" 1>&2 fi if test -n "$release"; then $echo "$modename: warning: \`-release' is ignored for archives" 1>&2 fi if test -n "$export_symbols" || test -n "$export_symbols_regex"; then $echo "$modename: warning: \`-export-symbols' is ignored for archives" 1>&2 fi # Now set the variables for building old libraries. build_libtool_libs=no oldlibs="$output" objs="$objs$old_deplibs" ;; lib) # Make sure we only generate libraries of the form `libNAME.la'. case $outputname in lib*) name=`$echo "X$outputname" | $Xsed -e 's/\.la$//' -e 's/^lib//'` eval shared_ext=\"$shrext_cmds\" eval libname=\"$libname_spec\" ;; *) if test "$module" = no; then $echo "$modename: libtool library \`$output' must begin with \`lib'" 1>&2 $echo "$help" 1>&2 exit $EXIT_FAILURE fi if test "$need_lib_prefix" != no; then # Add the "lib" prefix for modules if required name=`$echo "X$outputname" | $Xsed -e 's/\.la$//'` eval shared_ext=\"$shrext_cmds\" eval libname=\"$libname_spec\" else libname=`$echo "X$outputname" | $Xsed -e 's/\.la$//'` fi ;; esac if test -n "$objs"; then if test "$deplibs_check_method" != pass_all; then $echo "$modename: cannot build libtool library \`$output' from non-libtool objects on this host:$objs" 2>&1 exit $EXIT_FAILURE else $echo $echo "*** Warning: Linking the shared library $output against the non-libtool" $echo "*** objects $objs is not portable!" libobjs="$libobjs $objs" fi fi if test "$dlself" != no; then $echo "$modename: warning: \`-dlopen self' is ignored for libtool libraries" 1>&2 fi set dummy $rpath if test "$#" -gt 2; then $echo "$modename: warning: ignoring multiple \`-rpath's for a libtool library" 1>&2 fi install_libdir="$2" oldlibs= if test -z "$rpath"; then if test "$build_libtool_libs" = yes; then # Building a libtool convenience library. # Some compilers have problems with a `.al' extension so # convenience libraries should have the same extension an # archive normally would. oldlibs="$output_objdir/$libname.$libext $oldlibs" build_libtool_libs=convenience build_old_libs=yes fi if test -n "$vinfo"; then $echo "$modename: warning: \`-version-info/-version-number' is ignored for convenience libraries" 1>&2 fi if test -n "$release"; then $echo "$modename: warning: \`-release' is ignored for convenience libraries" 1>&2 fi else # Parse the version information argument. save_ifs="$IFS"; IFS=':' set dummy $vinfo 0 0 0 IFS="$save_ifs" if test -n "$8"; then $echo "$modename: too many parameters to \`-version-info'" 1>&2 $echo "$help" 1>&2 exit $EXIT_FAILURE fi # convert absolute version numbers to libtool ages # this retains compatibility with .la files and attempts # to make the code below a bit more comprehensible case $vinfo_number in yes) number_major="$2" number_minor="$3" number_revision="$4" # # There are really only two kinds -- those that # use the current revision as the major version # and those that subtract age and use age as # a minor version. But, then there is irix # which has an extra 1 added just for fun # case $version_type in darwin|linux|osf|windows|none) current=`expr $number_major + $number_minor` age="$number_minor" revision="$number_revision" ;; freebsd-aout|freebsd-elf|sunos) current="$number_major" revision="$number_minor" age="0" ;; irix|nonstopux) current=`expr $number_major + $number_minor` age="$number_minor" revision="$number_minor" lt_irix_increment=no ;; *) $echo "$modename: unknown library version type \`$version_type'" 1>&2 $echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2 exit $EXIT_FAILURE ;; esac ;; no) current="$2" revision="$3" age="$4" ;; esac # Check that each of the things are valid numbers. case $current in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) $echo "$modename: CURRENT \`$current' must be a nonnegative integer" 1>&2 $echo "$modename: \`$vinfo' is not valid version information" 1>&2 exit $EXIT_FAILURE ;; esac case $revision in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) $echo "$modename: REVISION \`$revision' must be a nonnegative integer" 1>&2 $echo "$modename: \`$vinfo' is not valid version information" 1>&2 exit $EXIT_FAILURE ;; esac case $age in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) $echo "$modename: AGE \`$age' must be a nonnegative integer" 1>&2 $echo "$modename: \`$vinfo' is not valid version information" 1>&2 exit $EXIT_FAILURE ;; esac if test "$age" -gt "$current"; then $echo "$modename: AGE \`$age' is greater than the current interface number \`$current'" 1>&2 $echo "$modename: \`$vinfo' is not valid version information" 1>&2 exit $EXIT_FAILURE fi # Calculate the version variables. major= versuffix= verstring= case $version_type in none) ;; darwin) # Like Linux, but with the current version available in # verstring for coding it into the library header major=.`expr $current - $age` versuffix="$major.$age.$revision" # Darwin ld doesn't like 0 for these options... minor_current=`expr $current + 1` xlcverstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision" verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" ;; freebsd-aout) major=".$current" versuffix=".$current.$revision"; ;; freebsd-elf) major=".$current" versuffix=".$current"; ;; irix | nonstopux) if test "X$lt_irix_increment" = "Xno"; then major=`expr $current - $age` else major=`expr $current - $age + 1` fi case $version_type in nonstopux) verstring_prefix=nonstopux ;; *) verstring_prefix=sgi ;; esac verstring="$verstring_prefix$major.$revision" # Add in all the interfaces that we are compatible with. loop=$revision while test "$loop" -ne 0; do iface=`expr $revision - $loop` loop=`expr $loop - 1` verstring="$verstring_prefix$major.$iface:$verstring" done # Before this point, $major must not contain `.'. major=.$major versuffix="$major.$revision" ;; linux) major=.`expr $current - $age` versuffix="$major.$age.$revision" ;; osf) major=.`expr $current - $age` versuffix=".$current.$age.$revision" verstring="$current.$age.$revision" # Add in all the interfaces that we are compatible with. loop=$age while test "$loop" -ne 0; do iface=`expr $current - $loop` loop=`expr $loop - 1` verstring="$verstring:${iface}.0" done # Make executables depend on our current version. verstring="$verstring:${current}.0" ;; sunos) major=".$current" versuffix=".$current.$revision" ;; windows) # Use '-' rather than '.', since we only want one # extension on DOS 8.3 filesystems. major=`expr $current - $age` versuffix="-$major" ;; *) $echo "$modename: unknown library version type \`$version_type'" 1>&2 $echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2 exit $EXIT_FAILURE ;; esac # Clear the version info if we defaulted, and they specified a release. if test -z "$vinfo" && test -n "$release"; then major= case $version_type in darwin) # we can't check for "0.0" in archive_cmds due to quoting # problems, so we reset it completely verstring= ;; *) verstring="0.0" ;; esac if test "$need_version" = no; then versuffix= else versuffix=".0.0" fi fi # Remove version info from name if versioning should be avoided if test "$avoid_version" = yes && test "$need_version" = no; then major= versuffix= verstring="" fi # Check to see if the archive will have undefined symbols. if test "$allow_undefined" = yes; then if test "$allow_undefined_flag" = unsupported; then $echo "$modename: warning: undefined symbols not allowed in $host shared libraries" 1>&2 build_libtool_libs=no build_old_libs=yes fi else # Don't allow undefined symbols. allow_undefined_flag="$no_undefined_flag" fi fi if test "$mode" != relink; then # Remove our outputs, but don't remove object files since they # may have been created when compiling PIC objects. removelist= tempremovelist=`$echo "$output_objdir/*"` for p in $tempremovelist; do case $p in *.$objext) ;; $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*) if test "X$precious_files_regex" != "X"; then if echo $p | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 then continue fi fi removelist="$removelist $p" ;; *) ;; esac done if test -n "$removelist"; then $show "${rm}r $removelist" $run ${rm}r $removelist fi fi # Now set the variables for building old libraries. if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then oldlibs="$oldlibs $output_objdir/$libname.$libext" # Transform .lo files to .o files. oldobjs="$objs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP` fi # Eliminate all temporary directories. #for path in $notinst_path; do # lib_search_path=`$echo "$lib_search_path " | ${SED} -e "s% $path % %g"` # deplibs=`$echo "$deplibs " | ${SED} -e "s% -L$path % %g"` # dependency_libs=`$echo "$dependency_libs " | ${SED} -e "s% -L$path % %g"` #done if test -n "$xrpath"; then # If the user specified any rpath flags, then add them. temp_xrpath= for libdir in $xrpath; do temp_xrpath="$temp_xrpath -R$libdir" case "$finalize_rpath " in *" $libdir "*) ;; *) finalize_rpath="$finalize_rpath $libdir" ;; esac done if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then dependency_libs="$temp_xrpath $dependency_libs" fi fi # Make sure dlfiles contains only unique files that won't be dlpreopened old_dlfiles="$dlfiles" dlfiles= for lib in $old_dlfiles; do case " $dlprefiles $dlfiles " in *" $lib "*) ;; *) dlfiles="$dlfiles $lib" ;; esac done # Make sure dlprefiles contains only unique files old_dlprefiles="$dlprefiles" dlprefiles= for lib in $old_dlprefiles; do case "$dlprefiles " in *" $lib "*) ;; *) dlprefiles="$dlprefiles $lib" ;; esac done if test "$build_libtool_libs" = yes; then if test -n "$rpath"; then case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos*) # these systems don't actually have a c library (as such)! ;; *-*-rhapsody* | *-*-darwin1.[012]) # Rhapsody C library is in the System framework deplibs="$deplibs -framework System" ;; *-*-netbsd*) # Don't link with libc until the a.out ld.so is fixed. ;; *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) # Do not include libc due to us having libc/libc_r. ;; *-*-sco3.2v5* | *-*-sco5v6*) # Causes problems with __ctype ;; *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) # Compiler inserts libc in the correct place for threads to work ;; *) # Add libc to deplibs on all other systems if necessary. if test "$build_libtool_need_lc" = "yes"; then deplibs="$deplibs -lc" fi ;; esac fi # Transform deplibs into only deplibs that can be linked in shared. name_save=$name libname_save=$libname release_save=$release versuffix_save=$versuffix major_save=$major # I'm not sure if I'm treating the release correctly. I think # release should show up in the -l (ie -lgmp5) so we don't want to # add it in twice. Is that correct? release="" versuffix="" major="" newdeplibs= droppeddeps=no case $deplibs_check_method in pass_all) # Don't check for shared/static. Everything works. # This might be a little naive. We might want to check # whether the library exists or not. But this is on # osf3 & osf4 and I'm not really sure... Just # implementing what was already the behavior. newdeplibs=$deplibs ;; test_compile) # This code stresses the "libraries are programs" paradigm to its # limits. Maybe even breaks it. We compile a program, linking it # against the deplibs as a proxy for the library. Then we can check # whether they linked in statically or dynamically with ldd. $rm conftest.c cat > conftest.c </dev/null` for potent_lib in $potential_libs; do # Follow soft links. if ls -lLd "$potent_lib" 2>/dev/null \ | grep " -> " >/dev/null; then continue fi # The statement above tries to avoid entering an # endless loop below, in case of cyclic links. # We might still enter an endless loop, since a link # loop can be closed while we follow links, # but so what? potlib="$potent_lib" while test -h "$potlib" 2>/dev/null; do potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'` case $potliblink in [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";; *) potlib=`$echo "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";; esac done if eval $file_magic_cmd \"\$potlib\" 2>/dev/null \ | ${SED} 10q \ | $EGREP "$file_magic_regex" > /dev/null; then newdeplibs="$newdeplibs $a_deplib" a_deplib="" break 2 fi done done fi if test -n "$a_deplib" ; then droppeddeps=yes $echo $echo "*** Warning: linker path does not have real file for library $a_deplib." $echo "*** I have the capability to make that library automatically link in when" $echo "*** you link to this library. But I can only do this if you have a" $echo "*** shared version of the library, which you do not appear to have" $echo "*** because I did check the linker path looking for a file starting" if test -z "$potlib" ; then $echo "*** with $libname but no candidates were found. (...for file magic test)" else $echo "*** with $libname and none of the candidates passed a file format test" $echo "*** using a file magic. Last file checked: $potlib" fi fi else # Add a -L argument. newdeplibs="$newdeplibs $a_deplib" fi done # Gone through all deplibs. ;; match_pattern*) set dummy $deplibs_check_method match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"` for a_deplib in $deplibs; do name=`expr $a_deplib : '-l\(.*\)'` # If $name is empty we are operating on a -L argument. if test -n "$name" && test "$name" != "0"; then if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then case " $predeps $postdeps " in *" $a_deplib "*) newdeplibs="$newdeplibs $a_deplib" a_deplib="" ;; esac fi if test -n "$a_deplib" ; then libname=`eval \\$echo \"$libname_spec\"` for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do potential_libs=`ls $i/$libname[.-]* 2>/dev/null` for potent_lib in $potential_libs; do potlib="$potent_lib" # see symlink-check above in file_magic test if eval $echo \"$potent_lib\" 2>/dev/null \ | ${SED} 10q \ | $EGREP "$match_pattern_regex" > /dev/null; then newdeplibs="$newdeplibs $a_deplib" a_deplib="" break 2 fi done done fi if test -n "$a_deplib" ; then droppeddeps=yes $echo $echo "*** Warning: linker path does not have real file for library $a_deplib." $echo "*** I have the capability to make that library automatically link in when" $echo "*** you link to this library. But I can only do this if you have a" $echo "*** shared version of the library, which you do not appear to have" $echo "*** because I did check the linker path looking for a file starting" if test -z "$potlib" ; then $echo "*** with $libname but no candidates were found. (...for regex pattern test)" else $echo "*** with $libname and none of the candidates passed a file format test" $echo "*** using a regex pattern. Last file checked: $potlib" fi fi else # Add a -L argument. newdeplibs="$newdeplibs $a_deplib" fi done # Gone through all deplibs. ;; none | unknown | *) newdeplibs="" tmp_deplibs=`$echo "X $deplibs" | $Xsed -e 's/ -lc$//' \ -e 's/ -[LR][^ ]*//g'` if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then for i in $predeps $postdeps ; do # can't use Xsed below, because $i might contain '/' tmp_deplibs=`$echo "X $tmp_deplibs" | ${SED} -e "1s,^X,," -e "s,$i,,"` done fi if $echo "X $tmp_deplibs" | $Xsed -e 's/[ ]//g' \ | grep . >/dev/null; then $echo if test "X$deplibs_check_method" = "Xnone"; then $echo "*** Warning: inter-library dependencies are not supported in this platform." else $echo "*** Warning: inter-library dependencies are not known to be supported." fi $echo "*** All declared inter-library dependencies are being dropped." droppeddeps=yes fi ;; esac versuffix=$versuffix_save major=$major_save release=$release_save libname=$libname_save name=$name_save case $host in *-*-rhapsody* | *-*-darwin1.[012]) # On Rhapsody replace the C library is the System framework newdeplibs=`$echo "X $newdeplibs" | $Xsed -e 's/ -lc / -framework System /'` ;; esac if test "$droppeddeps" = yes; then if test "$module" = yes; then $echo $echo "*** Warning: libtool could not satisfy all declared inter-library" $echo "*** dependencies of module $libname. Therefore, libtool will create" $echo "*** a static module, that should work as long as the dlopening" $echo "*** application is linked with the -dlopen flag." if test -z "$global_symbol_pipe"; then $echo $echo "*** However, this would only work if libtool was able to extract symbol" $echo "*** lists from a program, using \`nm' or equivalent, but libtool could" $echo "*** not find such a program. So, this module is probably useless." $echo "*** \`nm' from GNU binutils and a full rebuild may help." fi if test "$build_old_libs" = no; then oldlibs="$output_objdir/$libname.$libext" build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi else $echo "*** The inter-library dependencies that have been dropped here will be" $echo "*** automatically added whenever a program is linked with this library" $echo "*** or is declared to -dlopen it." if test "$allow_undefined" = no; then $echo $echo "*** Since this library must not contain undefined symbols," $echo "*** because either the platform does not support them or" $echo "*** it was explicitly requested with -no-undefined," $echo "*** libtool will only create a static version of it." if test "$build_old_libs" = no; then oldlibs="$output_objdir/$libname.$libext" build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi fi fi fi # Done checking deplibs! deplibs=$newdeplibs fi # move library search paths that coincide with paths to not yet # installed libraries to the beginning of the library search list new_libs= for path in $notinst_path; do case " $new_libs " in *" -L$path/$objdir "*) ;; *) case " $deplibs " in *" -L$path/$objdir "*) new_libs="$new_libs -L$path/$objdir" ;; esac ;; esac done for deplib in $deplibs; do case $deplib in -L*) case " $new_libs " in *" $deplib "*) ;; *) new_libs="$new_libs $deplib" ;; esac ;; *) new_libs="$new_libs $deplib" ;; esac done deplibs="$new_libs" # All the library-specific variables (install_libdir is set above). library_names= old_library= dlname= # Test again, we may have decided not to build it any more if test "$build_libtool_libs" = yes; then if test "$hardcode_into_libs" = yes; then # Hardcode the library paths hardcode_libdirs= dep_rpath= rpath="$finalize_rpath" test "$mode" != relink && rpath="$compile_rpath$rpath" for libdir in $rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then hardcode_libdirs="$libdir" else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" dep_rpath="$dep_rpath $flag" fi elif test -n "$runpath_var"; then case "$perm_rpath " in *" $libdir "*) ;; *) perm_rpath="$perm_rpath $libdir" ;; esac fi done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir="$hardcode_libdirs" if test -n "$hardcode_libdir_flag_spec_ld"; then case $archive_cmds in *\$LD*) eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\" ;; *) eval dep_rpath=\"$hardcode_libdir_flag_spec\" ;; esac else eval dep_rpath=\"$hardcode_libdir_flag_spec\" fi fi if test -n "$runpath_var" && test -n "$perm_rpath"; then # We should set the runpath_var. rpath= for dir in $perm_rpath; do rpath="$rpath$dir:" done eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var" fi test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" fi shlibpath="$finalize_shlibpath" test "$mode" != relink && shlibpath="$compile_shlibpath$shlibpath" if test -n "$shlibpath"; then eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" fi # Get the real and link names of the library. eval shared_ext=\"$shrext_cmds\" eval library_names=\"$library_names_spec\" set dummy $library_names realname="$2" shift; shift if test -n "$soname_spec"; then eval soname=\"$soname_spec\" else soname="$realname" fi if test -z "$dlname"; then dlname=$soname fi lib="$output_objdir/$realname" linknames= for link do linknames="$linknames $link" done # Use standard objects if they are pic test -z "$pic_flag" && libobjs=`$echo "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` # Prepare the list of exported symbols if test -z "$export_symbols"; then if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then $show "generating symbol list for \`$libname.la'" export_symbols="$output_objdir/$libname.exp" $run $rm $export_symbols cmds=$export_symbols_cmds save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" eval cmd=\"$cmd\" if len=`expr "X$cmd" : ".*"` && test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then $show "$cmd" $run eval "$cmd" || exit $? skipped_export=false else # The command line is too long to execute in one step. $show "using reloadable object file for export list..." skipped_export=: # Break out early, otherwise skipped_export may be # set to false by a later but shorter cmd. break fi done IFS="$save_ifs" if test -n "$export_symbols_regex"; then $show "$EGREP -e \"$export_symbols_regex\" \"$export_symbols\" > \"${export_symbols}T\"" $run eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' $show "$mv \"${export_symbols}T\" \"$export_symbols\"" $run eval '$mv "${export_symbols}T" "$export_symbols"' fi fi fi if test -n "$export_symbols" && test -n "$include_expsyms"; then $run eval '$echo "X$include_expsyms" | $SP2NL >> "$export_symbols"' fi tmp_deplibs= for test_deplib in $deplibs; do case " $convenience " in *" $test_deplib "*) ;; *) tmp_deplibs="$tmp_deplibs $test_deplib" ;; esac done deplibs="$tmp_deplibs" if test -n "$convenience"; then if test -n "$whole_archive_flag_spec"; then save_libobjs=$libobjs eval libobjs=\"\$libobjs $whole_archive_flag_spec\" else gentop="$output_objdir/${outputname}x" generated="$generated $gentop" func_extract_archives $gentop $convenience libobjs="$libobjs $func_extract_archives_result" fi fi if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then eval flag=\"$thread_safe_flag_spec\" linker_flags="$linker_flags $flag" fi # Make a backup of the uninstalled library when relinking if test "$mode" = relink; then $run eval '(cd $output_objdir && $rm ${realname}U && $mv $realname ${realname}U)' || exit $? fi # Do each of the archive commands. if test "$module" = yes && test -n "$module_cmds" ; then if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then eval test_cmds=\"$module_expsym_cmds\" cmds=$module_expsym_cmds else eval test_cmds=\"$module_cmds\" cmds=$module_cmds fi else if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then eval test_cmds=\"$archive_expsym_cmds\" cmds=$archive_expsym_cmds else eval test_cmds=\"$archive_cmds\" cmds=$archive_cmds fi fi if test "X$skipped_export" != "X:" && len=`expr "X$test_cmds" : ".*" 2>/dev/null` && test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then : else # The command line is too long to link in one step, link piecewise. $echo "creating reloadable object files..." # Save the value of $output and $libobjs because we want to # use them later. If we have whole_archive_flag_spec, we # want to use save_libobjs as it was before # whole_archive_flag_spec was expanded, because we can't # assume the linker understands whole_archive_flag_spec. # This may have to be revisited, in case too many # convenience libraries get linked in and end up exceeding # the spec. if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then save_libobjs=$libobjs fi save_output=$output output_la=`$echo "X$output" | $Xsed -e "$basename"` # Clear the reloadable object creation command queue and # initialize k to one. test_cmds= concat_cmds= objlist= delfiles= last_robj= k=1 output=$output_objdir/$output_la-${k}.$objext # Loop over the list of objects to be linked. for obj in $save_libobjs do eval test_cmds=\"$reload_cmds $objlist $last_robj\" if test "X$objlist" = X || { len=`expr "X$test_cmds" : ".*" 2>/dev/null` && test "$len" -le "$max_cmd_len"; }; then objlist="$objlist $obj" else # The command $test_cmds is almost too long, add a # command to the queue. if test "$k" -eq 1 ; then # The first file doesn't have a previous command to add. eval concat_cmds=\"$reload_cmds $objlist $last_robj\" else # All subsequent reloadable object files will link in # the last one created. eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj\" fi last_robj=$output_objdir/$output_la-${k}.$objext k=`expr $k + 1` output=$output_objdir/$output_la-${k}.$objext objlist=$obj len=1 fi done # Handle the remaining objects by creating one last # reloadable object file. All subsequent reloadable object # files will link in the last one created. test -z "$concat_cmds" || concat_cmds=$concat_cmds~ eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\" if ${skipped_export-false}; then $show "generating symbol list for \`$libname.la'" export_symbols="$output_objdir/$libname.exp" $run $rm $export_symbols libobjs=$output # Append the command to create the export file. eval concat_cmds=\"\$concat_cmds~$export_symbols_cmds\" fi # Set up a command to remove the reloadable object files # after they are used. i=0 while test "$i" -lt "$k" do i=`expr $i + 1` delfiles="$delfiles $output_objdir/$output_la-${i}.$objext" done $echo "creating a temporary reloadable object file: $output" # Loop through the commands generated above and execute them. save_ifs="$IFS"; IFS='~' for cmd in $concat_cmds; do IFS="$save_ifs" $show "$cmd" $run eval "$cmd" || exit $? done IFS="$save_ifs" libobjs=$output # Restore the value of output. output=$save_output if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then eval libobjs=\"\$libobjs $whole_archive_flag_spec\" fi # Expand the library linking commands again to reset the # value of $libobjs for piecewise linking. # Do each of the archive commands. if test "$module" = yes && test -n "$module_cmds" ; then if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then cmds=$module_expsym_cmds else cmds=$module_cmds fi else if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then cmds=$archive_expsym_cmds else cmds=$archive_cmds fi fi # Append the command to remove the reloadable object files # to the just-reset $cmds. eval cmds=\"\$cmds~\$rm $delfiles\" fi save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" eval cmd=\"$cmd\" $show "$cmd" $run eval "$cmd" || { lt_exit=$? # Restore the uninstalled library and exit if test "$mode" = relink; then $run eval '(cd $output_objdir && $rm ${realname}T && $mv ${realname}U $realname)' fi exit $lt_exit } done IFS="$save_ifs" # Restore the uninstalled library and exit if test "$mode" = relink; then $run eval '(cd $output_objdir && $rm ${realname}T && $mv $realname ${realname}T && $mv "$realname"U $realname)' || exit $? if test -n "$convenience"; then if test -z "$whole_archive_flag_spec"; then $show "${rm}r $gentop" $run ${rm}r "$gentop" fi fi exit $EXIT_SUCCESS fi # Create links to the real library. for linkname in $linknames; do if test "$realname" != "$linkname"; then $show "(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)" $run eval '(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)' || exit $? fi done # If -module or -export-dynamic was specified, set the dlname. if test "$module" = yes || test "$export_dynamic" = yes; then # On all known operating systems, these are identical. dlname="$soname" fi fi ;; obj) case " $deplibs" in *\ -l* | *\ -L*) $echo "$modename: warning: \`-l' and \`-L' are ignored for objects" 1>&2 ;; esac if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then $echo "$modename: warning: \`-dlopen' is ignored for objects" 1>&2 fi if test -n "$rpath"; then $echo "$modename: warning: \`-rpath' is ignored for objects" 1>&2 fi if test -n "$xrpath"; then $echo "$modename: warning: \`-R' is ignored for objects" 1>&2 fi if test -n "$vinfo"; then $echo "$modename: warning: \`-version-info' is ignored for objects" 1>&2 fi if test -n "$release"; then $echo "$modename: warning: \`-release' is ignored for objects" 1>&2 fi case $output in *.lo) if test -n "$objs$old_deplibs"; then $echo "$modename: cannot build library object \`$output' from non-libtool objects" 1>&2 exit $EXIT_FAILURE fi libobj="$output" obj=`$echo "X$output" | $Xsed -e "$lo2o"` ;; *) libobj= obj="$output" ;; esac # Delete the old objects. $run $rm $obj $libobj # Objects from convenience libraries. This assumes # single-version convenience libraries. Whenever we create # different ones for PIC/non-PIC, this we'll have to duplicate # the extraction. reload_conv_objs= gentop= # reload_cmds runs $LD directly, so let us get rid of # -Wl from whole_archive_flag_spec and hope we can get by with # turning comma into space.. wl= if test -n "$convenience"; then if test -n "$whole_archive_flag_spec"; then eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" reload_conv_objs=$reload_objs\ `$echo "X$tmp_whole_archive_flags" | $Xsed -e 's|,| |g'` else gentop="$output_objdir/${obj}x" generated="$generated $gentop" func_extract_archives $gentop $convenience reload_conv_objs="$reload_objs $func_extract_archives_result" fi fi # Create the old-style object. reload_objs="$objs$old_deplibs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test output="$obj" cmds=$reload_cmds save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" eval cmd=\"$cmd\" $show "$cmd" $run eval "$cmd" || exit $? done IFS="$save_ifs" # Exit if we aren't doing a library object file. if test -z "$libobj"; then if test -n "$gentop"; then $show "${rm}r $gentop" $run ${rm}r $gentop fi exit $EXIT_SUCCESS fi if test "$build_libtool_libs" != yes; then if test -n "$gentop"; then $show "${rm}r $gentop" $run ${rm}r $gentop fi # Create an invalid libtool object if no PIC, so that we don't # accidentally link it into a program. # $show "echo timestamp > $libobj" # $run eval "echo timestamp > $libobj" || exit $? exit $EXIT_SUCCESS fi if test -n "$pic_flag" || test "$pic_mode" != default; then # Only do commands if we really have different PIC objects. reload_objs="$libobjs $reload_conv_objs" output="$libobj" cmds=$reload_cmds save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" eval cmd=\"$cmd\" $show "$cmd" $run eval "$cmd" || exit $? done IFS="$save_ifs" fi if test -n "$gentop"; then $show "${rm}r $gentop" $run ${rm}r $gentop fi exit $EXIT_SUCCESS ;; prog) case $host in *cygwin*) output=`$echo $output | ${SED} -e 's,.exe$,,;s,$,.exe,'` ;; esac if test -n "$vinfo"; then $echo "$modename: warning: \`-version-info' is ignored for programs" 1>&2 fi if test -n "$release"; then $echo "$modename: warning: \`-release' is ignored for programs" 1>&2 fi if test "$preload" = yes; then if test "$dlopen_support" = unknown && test "$dlopen_self" = unknown && test "$dlopen_self_static" = unknown; then $echo "$modename: warning: \`AC_LIBTOOL_DLOPEN' not used. Assuming no dlopen support." fi fi case $host in *-*-rhapsody* | *-*-darwin1.[012]) # On Rhapsody replace the C library is the System framework compile_deplibs=`$echo "X $compile_deplibs" | $Xsed -e 's/ -lc / -framework System /'` finalize_deplibs=`$echo "X $finalize_deplibs" | $Xsed -e 's/ -lc / -framework System /'` ;; esac case $host in *darwin*) # Don't allow lazy linking, it breaks C++ global constructors if test "$tagname" = CXX ; then compile_command="$compile_command ${wl}-bind_at_load" finalize_command="$finalize_command ${wl}-bind_at_load" fi ;; esac # move library search paths that coincide with paths to not yet # installed libraries to the beginning of the library search list new_libs= for path in $notinst_path; do case " $new_libs " in *" -L$path/$objdir "*) ;; *) case " $compile_deplibs " in *" -L$path/$objdir "*) new_libs="$new_libs -L$path/$objdir" ;; esac ;; esac done for deplib in $compile_deplibs; do case $deplib in -L*) case " $new_libs " in *" $deplib "*) ;; *) new_libs="$new_libs $deplib" ;; esac ;; *) new_libs="$new_libs $deplib" ;; esac done compile_deplibs="$new_libs" compile_command="$compile_command $compile_deplibs" finalize_command="$finalize_command $finalize_deplibs" if test -n "$rpath$xrpath"; then # If the user specified any rpath flags, then add them. for libdir in $rpath $xrpath; do # This is the magic to use -rpath. case "$finalize_rpath " in *" $libdir "*) ;; *) finalize_rpath="$finalize_rpath $libdir" ;; esac done fi # Now hardcode the library paths rpath= hardcode_libdirs= for libdir in $compile_rpath $finalize_rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then hardcode_libdirs="$libdir" else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" rpath="$rpath $flag" fi elif test -n "$runpath_var"; then case "$perm_rpath " in *" $libdir "*) ;; *) perm_rpath="$perm_rpath $libdir" ;; esac fi case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*) testbindir=`$echo "X$libdir" | $Xsed -e 's*/lib$*/bin*'` case :$dllsearchpath: in *":$libdir:"*) ;; *) dllsearchpath="$dllsearchpath:$libdir";; esac case :$dllsearchpath: in *":$testbindir:"*) ;; *) dllsearchpath="$dllsearchpath:$testbindir";; esac ;; esac done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir="$hardcode_libdirs" eval rpath=\" $hardcode_libdir_flag_spec\" fi compile_rpath="$rpath" rpath= hardcode_libdirs= for libdir in $finalize_rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then hardcode_libdirs="$libdir" else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" rpath="$rpath $flag" fi elif test -n "$runpath_var"; then case "$finalize_perm_rpath " in *" $libdir "*) ;; *) finalize_perm_rpath="$finalize_perm_rpath $libdir" ;; esac fi done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir="$hardcode_libdirs" eval rpath=\" $hardcode_libdir_flag_spec\" fi finalize_rpath="$rpath" if test -n "$libobjs" && test "$build_old_libs" = yes; then # Transform all the library objects into standard objects. compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` fi dlsyms= if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then if test -n "$NM" && test -n "$global_symbol_pipe"; then dlsyms="${outputname}S.c" else $echo "$modename: not configured to extract global symbols from dlpreopened files" 1>&2 fi fi if test -n "$dlsyms"; then case $dlsyms in "") ;; *.c) # Discover the nlist of each of the dlfiles. nlist="$output_objdir/${outputname}.nm" $show "$rm $nlist ${nlist}S ${nlist}T" $run $rm "$nlist" "${nlist}S" "${nlist}T" # Parse the name list into a source file. $show "creating $output_objdir/$dlsyms" test -z "$run" && $echo > "$output_objdir/$dlsyms" "\ /* $dlsyms - symbol resolution table for \`$outputname' dlsym emulation. */ /* Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP */ #ifdef __cplusplus extern \"C\" { #endif /* Prevent the only kind of declaration conflicts we can make. */ #define lt_preloaded_symbols some_other_symbol /* External symbol declarations for the compiler. */\ " if test "$dlself" = yes; then $show "generating symbol list for \`$output'" test -z "$run" && $echo ': @PROGRAM@ ' > "$nlist" # Add our own program objects to the symbol list. progfiles=`$echo "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` for arg in $progfiles; do $show "extracting global C symbols from \`$arg'" $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'" done if test -n "$exclude_expsyms"; then $run eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' $run eval '$mv "$nlist"T "$nlist"' fi if test -n "$export_symbols_regex"; then $run eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T' $run eval '$mv "$nlist"T "$nlist"' fi # Prepare the list of exported symbols if test -z "$export_symbols"; then export_symbols="$output_objdir/$outputname.exp" $run $rm $export_symbols $run eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' case $host in *cygwin* | *mingw* ) $run eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' $run eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' ;; esac else $run eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' $run eval 'grep -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' $run eval 'mv "$nlist"T "$nlist"' case $host in *cygwin* | *mingw* ) $run eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' $run eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' ;; esac fi fi for arg in $dlprefiles; do $show "extracting global C symbols from \`$arg'" name=`$echo "$arg" | ${SED} -e 's%^.*/%%'` $run eval '$echo ": $name " >> "$nlist"' $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'" done if test -z "$run"; then # Make sure we have at least an empty file. test -f "$nlist" || : > "$nlist" if test -n "$exclude_expsyms"; then $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T $mv "$nlist"T "$nlist" fi # Try sorting and uniquifying the output. if grep -v "^: " < "$nlist" | if sort -k 3 /dev/null 2>&1; then sort -k 3 else sort +2 fi | uniq > "$nlist"S; then : else grep -v "^: " < "$nlist" > "$nlist"S fi if test -f "$nlist"S; then eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$dlsyms"' else $echo '/* NONE */' >> "$output_objdir/$dlsyms" fi $echo >> "$output_objdir/$dlsyms" "\ #undef lt_preloaded_symbols #if defined (__STDC__) && __STDC__ # define lt_ptr void * #else # define lt_ptr char * # define const #endif /* The mapping between symbol names and symbols. */ " case $host in *cygwin* | *mingw* ) $echo >> "$output_objdir/$dlsyms" "\ /* DATA imports from DLLs on WIN32 can't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs */ struct { " ;; * ) $echo >> "$output_objdir/$dlsyms" "\ const struct { " ;; esac $echo >> "$output_objdir/$dlsyms" "\ const char *name; lt_ptr address; } lt_preloaded_symbols[] = {\ " eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$dlsyms" $echo >> "$output_objdir/$dlsyms" "\ {0, (lt_ptr) 0} }; /* This works around a problem in FreeBSD linker */ #ifdef FREEBSD_WORKAROUND static const void *lt_preloaded_setup() { return lt_preloaded_symbols; } #endif #ifdef __cplusplus } #endif\ " fi pic_flag_for_symtable= case $host in # compiling the symbol table file with pic_flag works around # a FreeBSD bug that causes programs to crash when -lm is # linked before any other PIC object. But we must not use # pic_flag when linking with -static. The problem exists in # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) case "$compile_command " in *" -static "*) ;; *) pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND";; esac;; *-*-hpux*) case "$compile_command " in *" -static "*) ;; *) pic_flag_for_symtable=" $pic_flag";; esac esac # Now compile the dynamic symbol file. $show "(cd $output_objdir && $LTCC $LTCFLAGS -c$no_builtin_flag$pic_flag_for_symtable \"$dlsyms\")" $run eval '(cd $output_objdir && $LTCC $LTCFLAGS -c$no_builtin_flag$pic_flag_for_symtable "$dlsyms")' || exit $? # Clean up the generated files. $show "$rm $output_objdir/$dlsyms $nlist ${nlist}S ${nlist}T" $run $rm "$output_objdir/$dlsyms" "$nlist" "${nlist}S" "${nlist}T" # Transform the symbol file into the correct name. case $host in *cygwin* | *mingw* ) if test -f "$output_objdir/${outputname}.def" ; then compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%" | $NL2SP` finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%" | $NL2SP` else compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` fi ;; * ) compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` ;; esac ;; *) $echo "$modename: unknown suffix for \`$dlsyms'" 1>&2 exit $EXIT_FAILURE ;; esac else # We keep going just in case the user didn't refer to # lt_preloaded_symbols. The linker will fail if global_symbol_pipe # really was required. # Nullify the symbol file. compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s% @SYMFILE@%%" | $NL2SP` finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s% @SYMFILE@%%" | $NL2SP` fi if test "$need_relink" = no || test "$build_libtool_libs" != yes; then # Replace the output file specification. compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e 's%@OUTPUT@%'"$output"'%g' | $NL2SP` link_command="$compile_command$compile_rpath" # We have no uninstalled library dependencies, so finalize right now. $show "$link_command" $run eval "$link_command" exit_status=$? # Delete the generated files. if test -n "$dlsyms"; then $show "$rm $output_objdir/${outputname}S.${objext}" $run $rm "$output_objdir/${outputname}S.${objext}" fi exit $exit_status fi if test -n "$shlibpath_var"; then # We should set the shlibpath_var rpath= for dir in $temp_rpath; do case $dir in [\\/]* | [A-Za-z]:[\\/]*) # Absolute path. rpath="$rpath$dir:" ;; *) # Relative path: add a thisdir entry. rpath="$rpath\$thisdir/$dir:" ;; esac done temp_rpath="$rpath" fi if test -n "$compile_shlibpath$finalize_shlibpath"; then compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" fi if test -n "$finalize_shlibpath"; then finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" fi compile_var= finalize_var= if test -n "$runpath_var"; then if test -n "$perm_rpath"; then # We should set the runpath_var. rpath= for dir in $perm_rpath; do rpath="$rpath$dir:" done compile_var="$runpath_var=\"$rpath\$$runpath_var\" " fi if test -n "$finalize_perm_rpath"; then # We should set the runpath_var. rpath= for dir in $finalize_perm_rpath; do rpath="$rpath$dir:" done finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " fi fi if test "$no_install" = yes; then # We don't need to create a wrapper script. link_command="$compile_var$compile_command$compile_rpath" # Replace the output file specification. link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'` # Delete the old output file. $run $rm $output # Link the executable and exit $show "$link_command" $run eval "$link_command" || exit $? exit $EXIT_SUCCESS fi if test "$hardcode_action" = relink; then # Fast installation is not supported link_command="$compile_var$compile_command$compile_rpath" relink_command="$finalize_var$finalize_command$finalize_rpath" $echo "$modename: warning: this platform does not like uninstalled shared libraries" 1>&2 $echo "$modename: \`$output' will be relinked during installation" 1>&2 else if test "$fast_install" != no; then link_command="$finalize_var$compile_command$finalize_rpath" if test "$fast_install" = yes; then relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $SP2NL | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g' | $NL2SP` else # fast_install is set to needless relink_command= fi else link_command="$compile_var$compile_command$compile_rpath" relink_command="$finalize_var$finalize_command$finalize_rpath" fi fi # Replace the output file specification. link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` # Delete the old output files. $run $rm $output $output_objdir/$outputname $output_objdir/lt-$outputname $show "$link_command" $run eval "$link_command" || exit $? # Now create the wrapper script. $show "creating $output" # Quote the relink command for shipping. if test -n "$relink_command"; then # Preserve any variables that may affect compiler behavior for var in $variables_saved_for_relink; do if eval test -z \"\${$var+set}\"; then relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command" elif eval var_value=\$$var; test -z "$var_value"; then relink_command="$var=; export $var; $relink_command" else var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"` relink_command="$var=\"$var_value\"; export $var; $relink_command" fi done relink_command="(cd `pwd`; $relink_command)" relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e "$sed_quote_subst" | $NL2SP` fi # Quote $echo for shipping. if test "X$echo" = "X$SHELL $progpath --fallback-echo"; then case $progpath in [\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";; *) qecho="$SHELL `pwd`/$progpath --fallback-echo";; esac qecho=`$echo "X$qecho" | $Xsed -e "$sed_quote_subst"` else qecho=`$echo "X$echo" | $Xsed -e "$sed_quote_subst"` fi # Only actually do things if our run command is non-null. if test -z "$run"; then # win32 will think the script is a binary if it has # a .exe suffix, so we strip it off here. case $output in *.exe) output=`$echo $output|${SED} 's,.exe$,,'` ;; esac # test for cygwin because mv fails w/o .exe extensions case $host in *cygwin*) exeext=.exe outputname=`$echo $outputname|${SED} 's,.exe$,,'` ;; *) exeext= ;; esac case $host in *cygwin* | *mingw* ) output_name=`basename $output` output_path=`dirname $output` cwrappersource="$output_path/$objdir/lt-$output_name.c" cwrapper="$output_path/$output_name.exe" $rm $cwrappersource $cwrapper trap "$rm $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 cat > $cwrappersource <> $cwrappersource<<"EOF" #include #include #include #include #include #include #include #include #include #if defined(PATH_MAX) # define LT_PATHMAX PATH_MAX #elif defined(MAXPATHLEN) # define LT_PATHMAX MAXPATHLEN #else # define LT_PATHMAX 1024 #endif #ifndef DIR_SEPARATOR # define DIR_SEPARATOR '/' # define PATH_SEPARATOR ':' #endif #if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \ defined (__OS2__) # define HAVE_DOS_BASED_FILE_SYSTEM # ifndef DIR_SEPARATOR_2 # define DIR_SEPARATOR_2 '\\' # endif # ifndef PATH_SEPARATOR_2 # define PATH_SEPARATOR_2 ';' # endif #endif #ifndef DIR_SEPARATOR_2 # define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR) #else /* DIR_SEPARATOR_2 */ # define IS_DIR_SEPARATOR(ch) \ (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2)) #endif /* DIR_SEPARATOR_2 */ #ifndef PATH_SEPARATOR_2 # define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR) #else /* PATH_SEPARATOR_2 */ # define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) #endif /* PATH_SEPARATOR_2 */ #define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) #define XFREE(stale) do { \ if (stale) { free ((void *) stale); stale = 0; } \ } while (0) /* -DDEBUG is fairly common in CFLAGS. */ #undef DEBUG #if defined DEBUGWRAPPER # define DEBUG(format, ...) fprintf(stderr, format, __VA_ARGS__) #else # define DEBUG(format, ...) #endif const char *program_name = NULL; void * xmalloc (size_t num); char * xstrdup (const char *string); const char * base_name (const char *name); char * find_executable(const char *wrapper); int check_executable(const char *path); char * strendzap(char *str, const char *pat); void lt_fatal (const char *message, ...); int main (int argc, char *argv[]) { char **newargz; int i; program_name = (char *) xstrdup (base_name (argv[0])); DEBUG("(main) argv[0] : %s\n",argv[0]); DEBUG("(main) program_name : %s\n",program_name); newargz = XMALLOC(char *, argc+2); EOF cat >> $cwrappersource <> $cwrappersource <<"EOF" newargz[1] = find_executable(argv[0]); if (newargz[1] == NULL) lt_fatal("Couldn't find %s", argv[0]); DEBUG("(main) found exe at : %s\n",newargz[1]); /* we know the script has the same name, without the .exe */ /* so make sure newargz[1] doesn't end in .exe */ strendzap(newargz[1],".exe"); for (i = 1; i < argc; i++) newargz[i+1] = xstrdup(argv[i]); newargz[argc+1] = NULL; for (i=0; i> $cwrappersource <> $cwrappersource <> $cwrappersource <<"EOF" return 127; } void * xmalloc (size_t num) { void * p = (void *) malloc (num); if (!p) lt_fatal ("Memory exhausted"); return p; } char * xstrdup (const char *string) { return string ? strcpy ((char *) xmalloc (strlen (string) + 1), string) : NULL ; } const char * base_name (const char *name) { const char *base; #if defined (HAVE_DOS_BASED_FILE_SYSTEM) /* Skip over the disk name in MSDOS pathnames. */ if (isalpha ((unsigned char)name[0]) && name[1] == ':') name += 2; #endif for (base = name; *name; name++) if (IS_DIR_SEPARATOR (*name)) base = name + 1; return base; } int check_executable(const char * path) { struct stat st; DEBUG("(check_executable) : %s\n", path ? (*path ? path : "EMPTY!") : "NULL!"); if ((!path) || (!*path)) return 0; if ((stat (path, &st) >= 0) && ( /* MinGW & native WIN32 do not support S_IXOTH or S_IXGRP */ #if defined (S_IXOTH) ((st.st_mode & S_IXOTH) == S_IXOTH) || #endif #if defined (S_IXGRP) ((st.st_mode & S_IXGRP) == S_IXGRP) || #endif ((st.st_mode & S_IXUSR) == S_IXUSR)) ) return 1; else return 0; } /* Searches for the full path of the wrapper. Returns newly allocated full path name if found, NULL otherwise */ char * find_executable (const char* wrapper) { int has_slash = 0; const char* p; const char* p_next; /* static buffer for getcwd */ char tmp[LT_PATHMAX + 1]; int tmp_len; char* concat_name; DEBUG("(find_executable) : %s\n", wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!"); if ((wrapper == NULL) || (*wrapper == '\0')) return NULL; /* Absolute path? */ #if defined (HAVE_DOS_BASED_FILE_SYSTEM) if (isalpha ((unsigned char)wrapper[0]) && wrapper[1] == ':') { concat_name = xstrdup (wrapper); if (check_executable(concat_name)) return concat_name; XFREE(concat_name); } else { #endif if (IS_DIR_SEPARATOR (wrapper[0])) { concat_name = xstrdup (wrapper); if (check_executable(concat_name)) return concat_name; XFREE(concat_name); } #if defined (HAVE_DOS_BASED_FILE_SYSTEM) } #endif for (p = wrapper; *p; p++) if (*p == '/') { has_slash = 1; break; } if (!has_slash) { /* no slashes; search PATH */ const char* path = getenv ("PATH"); if (path != NULL) { for (p = path; *p; p = p_next) { const char* q; size_t p_len; for (q = p; *q; q++) if (IS_PATH_SEPARATOR(*q)) break; p_len = q - p; p_next = (*q == '\0' ? q : q + 1); if (p_len == 0) { /* empty path: current directory */ if (getcwd (tmp, LT_PATHMAX) == NULL) lt_fatal ("getcwd failed"); tmp_len = strlen(tmp); concat_name = XMALLOC(char, tmp_len + 1 + strlen(wrapper) + 1); memcpy (concat_name, tmp, tmp_len); concat_name[tmp_len] = '/'; strcpy (concat_name + tmp_len + 1, wrapper); } else { concat_name = XMALLOC(char, p_len + 1 + strlen(wrapper) + 1); memcpy (concat_name, p, p_len); concat_name[p_len] = '/'; strcpy (concat_name + p_len + 1, wrapper); } if (check_executable(concat_name)) return concat_name; XFREE(concat_name); } } /* not found in PATH; assume curdir */ } /* Relative path | not found in path: prepend cwd */ if (getcwd (tmp, LT_PATHMAX) == NULL) lt_fatal ("getcwd failed"); tmp_len = strlen(tmp); concat_name = XMALLOC(char, tmp_len + 1 + strlen(wrapper) + 1); memcpy (concat_name, tmp, tmp_len); concat_name[tmp_len] = '/'; strcpy (concat_name + tmp_len + 1, wrapper); if (check_executable(concat_name)) return concat_name; XFREE(concat_name); return NULL; } char * strendzap(char *str, const char *pat) { size_t len, patlen; assert(str != NULL); assert(pat != NULL); len = strlen(str); patlen = strlen(pat); if (patlen <= len) { str += len - patlen; if (strcmp(str, pat) == 0) *str = '\0'; } return str; } static void lt_error_core (int exit_status, const char * mode, const char * message, va_list ap) { fprintf (stderr, "%s: %s: ", program_name, mode); vfprintf (stderr, message, ap); fprintf (stderr, ".\n"); if (exit_status >= 0) exit (exit_status); } void lt_fatal (const char *message, ...) { va_list ap; va_start (ap, message); lt_error_core (EXIT_FAILURE, "FATAL", message, ap); va_end (ap); } EOF # we should really use a build-platform specific compiler # here, but OTOH, the wrappers (shell script and this C one) # are only useful if you want to execute the "real" binary. # Since the "real" binary is built for $host, then this # wrapper might as well be built for $host, too. $run $LTCC $LTCFLAGS -s -o $cwrapper $cwrappersource ;; esac $rm $output trap "$rm $output; exit $EXIT_FAILURE" 1 2 15 $echo > $output "\ #! $SHELL # $output - temporary wrapper script for $objdir/$outputname # Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP # # The $output program cannot be directly executed until all the libtool # libraries that it depends on are installed. # # This wrapper script should never be moved out of the build directory. # If it is, it will not operate correctly. # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. Xsed='${SED} -e 1s/^X//' sed_quote_subst='$sed_quote_subst' # Be Bourne compatible (taken from Autoconf:_AS_BOURNE_COMPATIBLE). if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac fi BIN_SH=xpg4; export BIN_SH # for Tru64 DUALCASE=1; export DUALCASE # for MKS sh # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH relink_command=\"$relink_command\" # This environment variable determines our operation mode. if test \"\$libtool_install_magic\" = \"$magic\"; then # install mode needs the following variable: notinst_deplibs='$notinst_deplibs' else # When we are sourced in execute mode, \$file and \$echo are already set. if test \"\$libtool_execute_magic\" != \"$magic\"; then echo=\"$qecho\" file=\"\$0\" # Make sure echo works. if test \"X\$1\" = X--no-reexec; then # Discard the --no-reexec flag, and continue. shift elif test \"X\`(\$echo '\t') 2>/dev/null\`\" = 'X\t'; then # Yippee, \$echo works! : else # Restart under the correct shell, and then maybe \$echo will work. exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"} fi fi\ " $echo >> $output "\ # Find the directory that this script lives in. thisdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\` test \"x\$thisdir\" = \"x\$file\" && thisdir=. # Follow symbolic links until we get to the real thisdir. file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\` while test -n \"\$file\"; do destdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\` # If there was a directory component, then change thisdir. if test \"x\$destdir\" != \"x\$file\"; then case \"\$destdir\" in [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;; *) thisdir=\"\$thisdir/\$destdir\" ;; esac fi file=\`\$echo \"X\$file\" | \$Xsed -e 's%^.*/%%'\` file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\` done # Try to get the absolute directory name. absdir=\`cd \"\$thisdir\" && pwd\` test -n \"\$absdir\" && thisdir=\"\$absdir\" " if test "$fast_install" = yes; then $echo >> $output "\ program=lt-'$outputname'$exeext progdir=\"\$thisdir/$objdir\" if test ! -f \"\$progdir/\$program\" || \\ { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\ test \"X\$file\" != \"X\$progdir/\$program\"; }; then file=\"\$\$-\$program\" if test ! -d \"\$progdir\"; then $mkdir \"\$progdir\" else $rm \"\$progdir/\$file\" fi" $echo >> $output "\ # relink executable if necessary if test -n \"\$relink_command\"; then if relink_command_output=\`eval \$relink_command 2>&1\`; then : else $echo \"\$relink_command_output\" >&2 $rm \"\$progdir/\$file\" exit $EXIT_FAILURE fi fi $mv \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || { $rm \"\$progdir/\$program\"; $mv \"\$progdir/\$file\" \"\$progdir/\$program\"; } $rm \"\$progdir/\$file\" fi" else $echo >> $output "\ program='$outputname' progdir=\"\$thisdir/$objdir\" " fi $echo >> $output "\ if test -f \"\$progdir/\$program\"; then" # Export our shlibpath_var if we have one. if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then $echo >> $output "\ # Add our own library path to $shlibpath_var $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" # Some systems cannot cope with colon-terminated $shlibpath_var # The second colon is a workaround for a bug in BeOS R4 sed $shlibpath_var=\`\$echo \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\` export $shlibpath_var " fi # fixup the dll searchpath if we need to. if test -n "$dllsearchpath"; then $echo >> $output "\ # Add the dll search path components to the executable PATH PATH=$dllsearchpath:\$PATH " fi $echo >> $output "\ if test \"\$libtool_execute_magic\" != \"$magic\"; then # Run the actual program with our arguments. " case $host in # Backslashes separate directories on plain windows *-*-mingw | *-*-os2*) $echo >> $output "\ exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} " ;; *) $echo >> $output "\ exec \"\$progdir/\$program\" \${1+\"\$@\"} " ;; esac $echo >> $output "\ \$echo \"\$0: cannot exec \$program \$*\" exit $EXIT_FAILURE fi else # The program doesn't exist. \$echo \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2 \$echo \"This script is just a wrapper for \$program.\" 1>&2 $echo \"See the $PACKAGE documentation for more information.\" 1>&2 exit $EXIT_FAILURE fi fi\ " chmod +x $output fi exit $EXIT_SUCCESS ;; esac # See if we need to build an old-fashioned archive. for oldlib in $oldlibs; do if test "$build_libtool_libs" = convenience; then oldobjs="$libobjs_save" addlibs="$convenience" build_libtool_libs=no else if test "$build_libtool_libs" = module; then oldobjs="$libobjs_save" build_libtool_libs=no else oldobjs="$old_deplibs $non_pic_objects" fi addlibs="$old_convenience" fi if test -n "$addlibs"; then gentop="$output_objdir/${outputname}x" generated="$generated $gentop" func_extract_archives $gentop $addlibs oldobjs="$oldobjs $func_extract_archives_result" fi # Do each command in the archive commands. if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then cmds=$old_archive_from_new_cmds else # POSIX demands no paths to be encoded in archives. We have # to avoid creating archives with duplicate basenames if we # might have to extract them afterwards, e.g., when creating a # static archive out of a convenience library, or when linking # the entirety of a libtool archive into another (currently # not supported by libtool). if (for obj in $oldobjs do $echo "X$obj" | $Xsed -e 's%^.*/%%' done | sort | sort -uc >/dev/null 2>&1); then : else $echo "copying selected object files to avoid basename conflicts..." if test -z "$gentop"; then gentop="$output_objdir/${outputname}x" generated="$generated $gentop" $show "${rm}r $gentop" $run ${rm}r "$gentop" $show "$mkdir $gentop" $run $mkdir "$gentop" exit_status=$? if test "$exit_status" -ne 0 && test ! -d "$gentop"; then exit $exit_status fi fi save_oldobjs=$oldobjs oldobjs= counter=1 for obj in $save_oldobjs do objbase=`$echo "X$obj" | $Xsed -e 's%^.*/%%'` case " $oldobjs " in " ") oldobjs=$obj ;; *[\ /]"$objbase "*) while :; do # Make sure we don't pick an alternate name that also # overlaps. newobj=lt$counter-$objbase counter=`expr $counter + 1` case " $oldobjs " in *[\ /]"$newobj "*) ;; *) if test ! -f "$gentop/$newobj"; then break; fi ;; esac done $show "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj" $run ln "$obj" "$gentop/$newobj" || $run cp "$obj" "$gentop/$newobj" oldobjs="$oldobjs $gentop/$newobj" ;; *) oldobjs="$oldobjs $obj" ;; esac done fi eval cmds=\"$old_archive_cmds\" if len=`expr "X$cmds" : ".*"` && test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then cmds=$old_archive_cmds else # the command line is too long to link in one step, link in parts $echo "using piecewise archive linking..." save_RANLIB=$RANLIB RANLIB=: objlist= concat_cmds= save_oldobjs=$oldobjs # Is there a better way of finding the last object in the list? for obj in $save_oldobjs do last_oldobj=$obj done for obj in $save_oldobjs do oldobjs="$objlist $obj" objlist="$objlist $obj" eval test_cmds=\"$old_archive_cmds\" if len=`expr "X$test_cmds" : ".*" 2>/dev/null` && test "$len" -le "$max_cmd_len"; then : else # the above command should be used before it gets too long oldobjs=$objlist if test "$obj" = "$last_oldobj" ; then RANLIB=$save_RANLIB fi test -z "$concat_cmds" || concat_cmds=$concat_cmds~ eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\" objlist= fi done RANLIB=$save_RANLIB oldobjs=$objlist if test "X$oldobjs" = "X" ; then eval cmds=\"\$concat_cmds\" else eval cmds=\"\$concat_cmds~\$old_archive_cmds\" fi fi fi save_ifs="$IFS"; IFS='~' for cmd in $cmds; do eval cmd=\"$cmd\" IFS="$save_ifs" $show "$cmd" $run eval "$cmd" || exit $? done IFS="$save_ifs" done if test -n "$generated"; then $show "${rm}r$generated" $run ${rm}r$generated fi # Now create the libtool archive. case $output in *.la) old_library= test "$build_old_libs" = yes && old_library="$libname.$libext" $show "creating $output" # Preserve any variables that may affect compiler behavior for var in $variables_saved_for_relink; do if eval test -z \"\${$var+set}\"; then relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command" elif eval var_value=\$$var; test -z "$var_value"; then relink_command="$var=; export $var; $relink_command" else var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"` relink_command="$var=\"$var_value\"; export $var; $relink_command" fi done # Quote the link command for shipping. relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e "$sed_quote_subst" | $NL2SP` if test "$hardcode_automatic" = yes ; then relink_command= fi # Only create the output if not a dry run. if test -z "$run"; then for installed in no yes; do if test "$installed" = yes; then if test -z "$install_libdir"; then break fi output="$output_objdir/$outputname"i # Replace all uninstalled libtool libraries with the installed ones newdependency_libs= for deplib in $dependency_libs; do case $deplib in *.la) name=`$echo "X$deplib" | $Xsed -e 's%^.*/%%'` eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` if test -z "$libdir"; then $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2 exit $EXIT_FAILURE fi newdependency_libs="$newdependency_libs $libdir/$name" ;; *) newdependency_libs="$newdependency_libs $deplib" ;; esac done dependency_libs="$newdependency_libs" newdlfiles= for lib in $dlfiles; do name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'` eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` if test -z "$libdir"; then $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2 exit $EXIT_FAILURE fi newdlfiles="$newdlfiles $libdir/$name" done dlfiles="$newdlfiles" newdlprefiles= for lib in $dlprefiles; do name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'` eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` if test -z "$libdir"; then $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2 exit $EXIT_FAILURE fi newdlprefiles="$newdlprefiles $libdir/$name" done dlprefiles="$newdlprefiles" else newdlfiles= for lib in $dlfiles; do case $lib in [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; *) abs=`pwd`"/$lib" ;; esac newdlfiles="$newdlfiles $abs" done dlfiles="$newdlfiles" newdlprefiles= for lib in $dlprefiles; do case $lib in [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; *) abs=`pwd`"/$lib" ;; esac newdlprefiles="$newdlprefiles $abs" done dlprefiles="$newdlprefiles" fi $rm $output # place dlname in correct position for cygwin tdlname=$dlname case $host,$output,$installed,$module,$dlname in *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;; esac $echo > $output "\ # $outputname - a libtool library file # Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP # # Please DO NOT delete this file! # It is necessary for linking the library. # The name that we can dlopen(3). dlname='$tdlname' # Names of this library. library_names='$library_names' # The name of the static archive. old_library='$old_library' # Libraries that this one depends upon. dependency_libs='$dependency_libs' # Version information for $libname. current=$current age=$age revision=$revision # Is this an already installed library? installed=$installed # Should we warn about portability when linking against -modules? shouldnotlink=$module # Files to dlopen/dlpreopen dlopen='$dlfiles' dlpreopen='$dlprefiles' # Directory that this library needs to be installed in: libdir='$install_libdir'" if test "$installed" = no && test "$need_relink" = yes; then $echo >> $output "\ relink_command=\"$relink_command\"" fi done fi # Do a symbolic link so that the libtool archive can be found in # LD_LIBRARY_PATH before the program is installed. $show "(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)" $run eval '(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)' || exit $? ;; esac exit $EXIT_SUCCESS ;; # libtool install mode install) modename="$modename: install" # There may be an optional sh(1) argument at the beginning of # install_prog (especially on Windows NT). if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh || # Allow the use of GNU shtool's install command. $echo "X$nonopt" | grep shtool > /dev/null; then # Aesthetically quote it. arg=`$echo "X$nonopt" | $Xsed -e "$sed_quote_subst"` case $arg in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") arg="\"$arg\"" ;; esac install_prog="$arg " arg="$1" shift else install_prog= arg=$nonopt fi # The real first argument should be the name of the installation program. # Aesthetically quote it. arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` case $arg in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") arg="\"$arg\"" ;; esac install_prog="$install_prog$arg" # We need to accept at least all the BSD install flags. dest= files= opts= prev= install_type= isdir=no stripme= for arg do if test -n "$dest"; then files="$files $dest" dest=$arg continue fi case $arg in -d) isdir=yes ;; -f) case " $install_prog " in *[\\\ /]cp\ *) ;; *) prev=$arg ;; esac ;; -g | -m | -o) prev=$arg ;; -s) stripme=" -s" continue ;; -*) ;; *) # If the previous option needed an argument, then skip it. if test -n "$prev"; then prev= else dest=$arg continue fi ;; esac # Aesthetically quote the argument. arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` case $arg in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") arg="\"$arg\"" ;; esac install_prog="$install_prog $arg" done if test -z "$install_prog"; then $echo "$modename: you must specify an install program" 1>&2 $echo "$help" 1>&2 exit $EXIT_FAILURE fi if test -n "$prev"; then $echo "$modename: the \`$prev' option requires an argument" 1>&2 $echo "$help" 1>&2 exit $EXIT_FAILURE fi if test -z "$files"; then if test -z "$dest"; then $echo "$modename: no file or destination specified" 1>&2 else $echo "$modename: you must specify a destination" 1>&2 fi $echo "$help" 1>&2 exit $EXIT_FAILURE fi # Strip any trailing slash from the destination. dest=`$echo "X$dest" | $Xsed -e 's%/$%%'` # Check to see that the destination is a directory. test -d "$dest" && isdir=yes if test "$isdir" = yes; then destdir="$dest" destname= else destdir=`$echo "X$dest" | $Xsed -e 's%/[^/]*$%%'` test "X$destdir" = "X$dest" && destdir=. destname=`$echo "X$dest" | $Xsed -e 's%^.*/%%'` # Not a directory, so check to see that there is only one file specified. set dummy $files if test "$#" -gt 2; then $echo "$modename: \`$dest' is not a directory" 1>&2 $echo "$help" 1>&2 exit $EXIT_FAILURE fi fi case $destdir in [\\/]* | [A-Za-z]:[\\/]*) ;; *) for file in $files; do case $file in *.lo) ;; *) $echo "$modename: \`$destdir' must be an absolute directory name" 1>&2 $echo "$help" 1>&2 exit $EXIT_FAILURE ;; esac done ;; esac # This variable tells wrapper scripts just to set variables rather # than running their programs. libtool_install_magic="$magic" staticlibs= future_libdirs= current_libdirs= for file in $files; do # Do each installation. case $file in *.$libext) # Do the static libraries later. staticlibs="$staticlibs $file" ;; *.la) # Check to see that this really is a libtool archive. if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then : else $echo "$modename: \`$file' is not a valid libtool archive" 1>&2 $echo "$help" 1>&2 exit $EXIT_FAILURE fi library_names= old_library= relink_command= # If there is no directory component, then add one. case $file in */* | *\\*) . $file ;; *) . ./$file ;; esac # Add the libdir to current_libdirs if it is the destination. if test "X$destdir" = "X$libdir"; then case "$current_libdirs " in *" $libdir "*) ;; *) current_libdirs="$current_libdirs $libdir" ;; esac else # Note the libdir as a future libdir. case "$future_libdirs " in *" $libdir "*) ;; *) future_libdirs="$future_libdirs $libdir" ;; esac fi dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`/ test "X$dir" = "X$file/" && dir= dir="$dir$objdir" if test -n "$relink_command"; then # Determine the prefix the user has applied to our future dir. inst_prefix_dir=`$echo "$destdir" | $SED "s%$libdir\$%%"` # Don't allow the user to place us outside of our expected # location b/c this prevents finding dependent libraries that # are installed to the same prefix. # At present, this check doesn't affect windows .dll's that # are installed into $libdir/../bin (currently, that works fine) # but it's something to keep an eye on. if test "$inst_prefix_dir" = "$destdir"; then $echo "$modename: error: cannot install \`$file' to a directory not ending in $libdir" 1>&2 exit $EXIT_FAILURE fi if test -n "$inst_prefix_dir"; then # Stick the inst_prefix_dir data into the link command. relink_command=`$echo "$relink_command" | $SP2NL | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%" | $NL2SP` else relink_command=`$echo "$relink_command" | $SP2NL | $SED "s%@inst_prefix_dir@%%" | $NL2SP` fi $echo "$modename: warning: relinking \`$file'" 1>&2 $show "$relink_command" if $run eval "$relink_command"; then : else $echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2 exit $EXIT_FAILURE fi fi # See the names of the shared library. set dummy $library_names if test -n "$2"; then realname="$2" shift shift srcname="$realname" test -n "$relink_command" && srcname="$realname"T # Install the shared library and build the symlinks. $show "$install_prog $dir/$srcname $destdir/$realname" $run eval "$install_prog $dir/$srcname $destdir/$realname" || exit $? if test -n "$stripme" && test -n "$striplib"; then $show "$striplib $destdir/$realname" $run eval "$striplib $destdir/$realname" || exit $? fi if test "$#" -gt 0; then # Delete the old symlinks, and create new ones. # Try `ln -sf' first, because the `ln' binary might depend on # the symlink we replace! Solaris /bin/ln does not understand -f, # so we also need to try rm && ln -s. for linkname do if test "$linkname" != "$realname"; then $show "(cd $destdir && { $LN_S -f $realname $linkname || { $rm $linkname && $LN_S $realname $linkname; }; })" $run eval "(cd $destdir && { $LN_S -f $realname $linkname || { $rm $linkname && $LN_S $realname $linkname; }; })" fi done fi # Do each command in the postinstall commands. lib="$destdir/$realname" cmds=$postinstall_cmds save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" eval cmd=\"$cmd\" $show "$cmd" $run eval "$cmd" || { lt_exit=$? # Restore the uninstalled library and exit if test "$mode" = relink; then $run eval '(cd $output_objdir && $rm ${realname}T && $mv ${realname}U $realname)' fi exit $lt_exit } done IFS="$save_ifs" fi # Install the pseudo-library for information purposes. name=`$echo "X$file" | $Xsed -e 's%^.*/%%'` instname="$dir/$name"i $show "$install_prog $instname $destdir/$name" $run eval "$install_prog $instname $destdir/$name" || exit $? # Maybe install the static library, too. test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library" ;; *.lo) # Install (i.e. copy) a libtool object. # Figure out destination file name, if it wasn't already specified. if test -n "$destname"; then destfile="$destdir/$destname" else destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'` destfile="$destdir/$destfile" fi # Deduce the name of the destination old-style object file. case $destfile in *.lo) staticdest=`$echo "X$destfile" | $Xsed -e "$lo2o"` ;; *.$objext) staticdest="$destfile" destfile= ;; *) $echo "$modename: cannot copy a libtool object to \`$destfile'" 1>&2 $echo "$help" 1>&2 exit $EXIT_FAILURE ;; esac # Install the libtool object if requested. if test -n "$destfile"; then $show "$install_prog $file $destfile" $run eval "$install_prog $file $destfile" || exit $? fi # Install the old object if enabled. if test "$build_old_libs" = yes; then # Deduce the name of the old-style object file. staticobj=`$echo "X$file" | $Xsed -e "$lo2o"` $show "$install_prog $staticobj $staticdest" $run eval "$install_prog \$staticobj \$staticdest" || exit $? fi exit $EXIT_SUCCESS ;; *) # Figure out destination file name, if it wasn't already specified. if test -n "$destname"; then destfile="$destdir/$destname" else destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'` destfile="$destdir/$destfile" fi # If the file is missing, and there is a .exe on the end, strip it # because it is most likely a libtool script we actually want to # install stripped_ext="" case $file in *.exe) if test ! -f "$file"; then file=`$echo $file|${SED} 's,.exe$,,'` stripped_ext=".exe" fi ;; esac # Do a test to see if this is really a libtool program. case $host in *cygwin*|*mingw*) wrapper=`$echo $file | ${SED} -e 's,.exe$,,'` ;; *) wrapper=$file ;; esac if (${SED} -e '4q' $wrapper | grep "^# Generated by .*$PACKAGE")>/dev/null 2>&1; then notinst_deplibs= relink_command= # Note that it is not necessary on cygwin/mingw to append a dot to # foo even if both foo and FILE.exe exist: automatic-append-.exe # behavior happens only for exec(3), not for open(2)! Also, sourcing # `FILE.' does not work on cygwin managed mounts. # # If there is no directory component, then add one. case $wrapper in */* | *\\*) . ${wrapper} ;; *) . ./${wrapper} ;; esac # Check the variables that should have been set. if test -z "$notinst_deplibs"; then $echo "$modename: invalid libtool wrapper script \`$wrapper'" 1>&2 exit $EXIT_FAILURE fi finalize=yes for lib in $notinst_deplibs; do # Check to see that each library is installed. libdir= if test -f "$lib"; then # If there is no directory component, then add one. case $lib in */* | *\\*) . $lib ;; *) . ./$lib ;; esac fi libfile="$libdir/"`$echo "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test if test -n "$libdir" && test ! -f "$libfile"; then $echo "$modename: warning: \`$lib' has not been installed in \`$libdir'" 1>&2 finalize=no fi done relink_command= # Note that it is not necessary on cygwin/mingw to append a dot to # foo even if both foo and FILE.exe exist: automatic-append-.exe # behavior happens only for exec(3), not for open(2)! Also, sourcing # `FILE.' does not work on cygwin managed mounts. # # If there is no directory component, then add one. case $wrapper in */* | *\\*) . ${wrapper} ;; *) . ./${wrapper} ;; esac outputname= if test "$fast_install" = no && test -n "$relink_command"; then if test "$finalize" = yes && test -z "$run"; then tmpdir=`func_mktempdir` file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'` outputname="$tmpdir/$file" # Replace the output file specification. relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g' | $NL2SP` $show "$relink_command" if $run eval "$relink_command"; then : else $echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2 ${rm}r "$tmpdir" continue fi file="$outputname" else $echo "$modename: warning: cannot relink \`$file'" 1>&2 fi else # Install the binary that we compiled earlier. file=`$echo "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"` fi fi # remove .exe since cygwin /usr/bin/install will append another # one anyway case $install_prog,$host in */usr/bin/install*,*cygwin*) case $file:$destfile in *.exe:*.exe) # this is ok ;; *.exe:*) destfile=$destfile.exe ;; *:*.exe) destfile=`$echo $destfile | ${SED} -e 's,.exe$,,'` ;; esac ;; esac $show "$install_prog$stripme $file $destfile" $run eval "$install_prog\$stripme \$file \$destfile" || exit $? test -n "$outputname" && ${rm}r "$tmpdir" ;; esac done for file in $staticlibs; do name=`$echo "X$file" | $Xsed -e 's%^.*/%%'` # Set up the ranlib parameters. oldlib="$destdir/$name" $show "$install_prog $file $oldlib" $run eval "$install_prog \$file \$oldlib" || exit $? if test -n "$stripme" && test -n "$old_striplib"; then $show "$old_striplib $oldlib" $run eval "$old_striplib $oldlib" || exit $? fi # Do each command in the postinstall commands. cmds=$old_postinstall_cmds save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" eval cmd=\"$cmd\" $show "$cmd" $run eval "$cmd" || exit $? done IFS="$save_ifs" done if test -n "$future_libdirs"; then $echo "$modename: warning: remember to run \`$progname --finish$future_libdirs'" 1>&2 fi if test -n "$current_libdirs"; then # Maybe just do a dry run. test -n "$run" && current_libdirs=" -n$current_libdirs" exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs' else exit $EXIT_SUCCESS fi ;; # libtool finish mode finish) modename="$modename: finish" libdirs="$nonopt" admincmds= if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then for dir do libdirs="$libdirs $dir" done for libdir in $libdirs; do if test -n "$finish_cmds"; then # Do each command in the finish commands. cmds=$finish_cmds save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" eval cmd=\"$cmd\" $show "$cmd" $run eval "$cmd" || admincmds="$admincmds $cmd" done IFS="$save_ifs" fi if test -n "$finish_eval"; then # Do the single finish_eval. eval cmds=\"$finish_eval\" $run eval "$cmds" || admincmds="$admincmds $cmds" fi done fi # Exit here if they wanted silent mode. test "$show" = : && exit $EXIT_SUCCESS $echo "X----------------------------------------------------------------------" | $Xsed $echo "Libraries have been installed in:" for libdir in $libdirs; do $echo " $libdir" done $echo $echo "If you ever happen to want to link against installed libraries" $echo "in a given directory, LIBDIR, you must either use libtool, and" $echo "specify the full pathname of the library, or use the \`-LLIBDIR'" $echo "flag during linking and do at least one of the following:" if test -n "$shlibpath_var"; then $echo " - add LIBDIR to the \`$shlibpath_var' environment variable" $echo " during execution" fi if test -n "$runpath_var"; then $echo " - add LIBDIR to the \`$runpath_var' environment variable" $echo " during linking" fi if test -n "$hardcode_libdir_flag_spec"; then libdir=LIBDIR eval flag=\"$hardcode_libdir_flag_spec\" $echo " - use the \`$flag' linker flag" fi if test -n "$admincmds"; then $echo " - have your system administrator run these commands:$admincmds" fi if test -f /etc/ld.so.conf; then $echo " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'" fi $echo $echo "See any operating system documentation about shared libraries for" $echo "more information, such as the ld(1) and ld.so(8) manual pages." $echo "X----------------------------------------------------------------------" | $Xsed exit $EXIT_SUCCESS ;; # libtool execute mode execute) modename="$modename: execute" # The first argument is the command name. cmd="$nonopt" if test -z "$cmd"; then $echo "$modename: you must specify a COMMAND" 1>&2 $echo "$help" exit $EXIT_FAILURE fi # Handle -dlopen flags immediately. for file in $execute_dlfiles; do if test ! -f "$file"; then $echo "$modename: \`$file' is not a file" 1>&2 $echo "$help" 1>&2 exit $EXIT_FAILURE fi dir= case $file in *.la) # Check to see that this really is a libtool archive. if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then : else $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2 $echo "$help" 1>&2 exit $EXIT_FAILURE fi # Read the libtool library. dlname= library_names= # If there is no directory component, then add one. case $file in */* | *\\*) . $file ;; *) . ./$file ;; esac # Skip this library if it cannot be dlopened. if test -z "$dlname"; then # Warn if it was a shared library. test -n "$library_names" && $echo "$modename: warning: \`$file' was not linked with \`-export-dynamic'" continue fi dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'` test "X$dir" = "X$file" && dir=. if test -f "$dir/$objdir/$dlname"; then dir="$dir/$objdir" else if test ! -f "$dir/$dlname"; then $echo "$modename: cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" 1>&2 exit $EXIT_FAILURE fi fi ;; *.lo) # Just add the directory containing the .lo file. dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'` test "X$dir" = "X$file" && dir=. ;; *) $echo "$modename: warning \`-dlopen' is ignored for non-libtool libraries and objects" 1>&2 continue ;; esac # Get the absolute pathname. absdir=`cd "$dir" && pwd` test -n "$absdir" && dir="$absdir" # Now add the directory to shlibpath_var. if eval "test -z \"\$$shlibpath_var\""; then eval "$shlibpath_var=\"\$dir\"" else eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" fi done # This variable tells wrapper scripts just to set shlibpath_var # rather than running their programs. libtool_execute_magic="$magic" # Check if any of the arguments is a wrapper script. args= for file do case $file in -*) ;; *) # Do a test to see if this is really a libtool program. if (${SED} -e '4q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then # If there is no directory component, then add one. case $file in */* | *\\*) . $file ;; *) . ./$file ;; esac # Transform arg to wrapped name. file="$progdir/$program" fi ;; esac # Quote arguments (to preserve shell metacharacters). file=`$echo "X$file" | $Xsed -e "$sed_quote_subst"` args="$args \"$file\"" done if test -z "$run"; then if test -n "$shlibpath_var"; then # Export the shlibpath_var. eval "export $shlibpath_var" fi # Restore saved environment variables for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES do eval "if test \"\${save_$lt_var+set}\" = set; then $lt_var=\$save_$lt_var; export $lt_var fi" done # Now prepare to actually exec the command. exec_cmd="\$cmd$args" else # Display what would be done. if test -n "$shlibpath_var"; then eval "\$echo \"\$shlibpath_var=\$$shlibpath_var\"" $echo "export $shlibpath_var" fi $echo "$cmd$args" exit $EXIT_SUCCESS fi ;; # libtool clean and uninstall mode clean | uninstall) modename="$modename: $mode" rm="$nonopt" files= rmforce= exit_status=0 # This variable tells wrapper scripts just to set variables rather # than running their programs. libtool_install_magic="$magic" for arg do case $arg in -f) rm="$rm $arg"; rmforce=yes ;; -*) rm="$rm $arg" ;; *) files="$files $arg" ;; esac done if test -z "$rm"; then $echo "$modename: you must specify an RM program" 1>&2 $echo "$help" 1>&2 exit $EXIT_FAILURE fi rmdirs= origobjdir="$objdir" for file in $files; do dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'` if test "X$dir" = "X$file"; then dir=. objdir="$origobjdir" else objdir="$dir/$origobjdir" fi name=`$echo "X$file" | $Xsed -e 's%^.*/%%'` test "$mode" = uninstall && objdir="$dir" # Remember objdir for removal later, being careful to avoid duplicates if test "$mode" = clean; then case " $rmdirs " in *" $objdir "*) ;; *) rmdirs="$rmdirs $objdir" ;; esac fi # Don't error if the file doesn't exist and rm -f was used. if (test -L "$file") >/dev/null 2>&1 \ || (test -h "$file") >/dev/null 2>&1 \ || test -f "$file"; then : elif test -d "$file"; then exit_status=1 continue elif test "$rmforce" = yes; then continue fi rmfiles="$file" case $name in *.la) # Possibly a libtool archive, so verify it. if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then . $dir/$name # Delete the libtool libraries and symlinks. for n in $library_names; do rmfiles="$rmfiles $objdir/$n" done test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library" case "$mode" in clean) case " $library_names " in # " " in the beginning catches empty $dlname *" $dlname "*) ;; *) rmfiles="$rmfiles $objdir/$dlname" ;; esac test -n "$libdir" && rmfiles="$rmfiles $objdir/$name $objdir/${name}i" ;; uninstall) if test -n "$library_names"; then # Do each command in the postuninstall commands. cmds=$postuninstall_cmds save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" eval cmd=\"$cmd\" $show "$cmd" $run eval "$cmd" if test "$?" -ne 0 && test "$rmforce" != yes; then exit_status=1 fi done IFS="$save_ifs" fi if test -n "$old_library"; then # Do each command in the old_postuninstall commands. cmds=$old_postuninstall_cmds save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" eval cmd=\"$cmd\" $show "$cmd" $run eval "$cmd" if test "$?" -ne 0 && test "$rmforce" != yes; then exit_status=1 fi done IFS="$save_ifs" fi # FIXME: should reinstall the best remaining shared library. ;; esac fi ;; *.lo) # Possibly a libtool object, so verify it. if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then # Read the .lo file . $dir/$name # Add PIC object to the list of files to remove. if test -n "$pic_object" \ && test "$pic_object" != none; then rmfiles="$rmfiles $dir/$pic_object" fi # Add non-PIC object to the list of files to remove. if test -n "$non_pic_object" \ && test "$non_pic_object" != none; then rmfiles="$rmfiles $dir/$non_pic_object" fi fi ;; *) if test "$mode" = clean ; then noexename=$name case $file in *.exe) file=`$echo $file|${SED} 's,.exe$,,'` noexename=`$echo $name|${SED} 's,.exe$,,'` # $file with .exe has already been added to rmfiles, # add $file without .exe rmfiles="$rmfiles $file" ;; esac # Do a test to see if this is a libtool program. if (${SED} -e '4q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then relink_command= . $dir/$noexename # note $name still contains .exe if it was in $file originally # as does the version of $file that was added into $rmfiles rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}" if test "$fast_install" = yes && test -n "$relink_command"; then rmfiles="$rmfiles $objdir/lt-$name" fi if test "X$noexename" != "X$name" ; then rmfiles="$rmfiles $objdir/lt-${noexename}.c" fi fi fi ;; esac $show "$rm $rmfiles" $run $rm $rmfiles || exit_status=1 done objdir="$origobjdir" # Try to remove the ${objdir}s in the directories where we deleted files for dir in $rmdirs; do if test -d "$dir"; then $show "rmdir $dir" $run rmdir $dir >/dev/null 2>&1 fi done exit $exit_status ;; "") $echo "$modename: you must specify a MODE" 1>&2 $echo "$generic_help" 1>&2 exit $EXIT_FAILURE ;; esac if test -z "$exec_cmd"; then $echo "$modename: invalid operation mode \`$mode'" 1>&2 $echo "$generic_help" 1>&2 exit $EXIT_FAILURE fi fi # test -z "$show_help" if test -n "$exec_cmd"; then eval exec $exec_cmd exit $EXIT_FAILURE fi # We need to display help for each of the modes. case $mode in "") $echo \ "Usage: $modename [OPTION]... [MODE-ARG]... Provide generalized library-building support services. --config show all configuration variables --debug enable verbose shell tracing -n, --dry-run display commands without modifying any files --features display basic configuration information and exit --finish same as \`--mode=finish' --help display this help message and exit --mode=MODE use operation mode MODE [default=inferred from MODE-ARGS] --quiet same as \`--silent' --silent don't print informational messages --tag=TAG use configuration variables from tag TAG --version print version information MODE must be one of the following: clean remove files from the build directory compile compile a source file into a libtool object execute automatically set library path, then run a program finish complete the installation of libtool libraries install install libraries or executables link create a library or an executable uninstall remove libraries from an installed directory MODE-ARGS vary depending on the MODE. Try \`$modename --help --mode=MODE' for a more detailed description of MODE. Report bugs to ." exit $EXIT_SUCCESS ;; clean) $echo \ "Usage: $modename [OPTION]... --mode=clean RM [RM-OPTION]... FILE... Remove files from the build directory. RM is the name of the program to use to delete files associated with each FILE (typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed to RM. If FILE is a libtool library, object or program, all the files associated with it are deleted. Otherwise, only FILE itself is deleted using RM." ;; compile) $echo \ "Usage: $modename [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE Compile a source file into a libtool library object. This mode accepts the following additional options: -o OUTPUT-FILE set the output file name to OUTPUT-FILE -prefer-pic try to building PIC objects only -prefer-non-pic try to building non-PIC objects only -static always build a \`.o' file suitable for static linking COMPILE-COMMAND is a command to be used in creating a \`standard' object file from the given SOURCEFILE. The output file name is determined by removing the directory component from SOURCEFILE, then substituting the C source code suffix \`.c' with the library object suffix, \`.lo'." ;; execute) $echo \ "Usage: $modename [OPTION]... --mode=execute COMMAND [ARGS]... Automatically set library path, then run a program. This mode accepts the following additional options: -dlopen FILE add the directory containing FILE to the library path This mode sets the library path environment variable according to \`-dlopen' flags. If any of the ARGS are libtool executable wrappers, then they are translated into their corresponding uninstalled binary, and any of their required library directories are added to the library path. Then, COMMAND is executed, with ARGS as arguments." ;; finish) $echo \ "Usage: $modename [OPTION]... --mode=finish [LIBDIR]... Complete the installation of libtool libraries. Each LIBDIR is a directory that contains libtool libraries. The commands that this mode executes may require superuser privileges. Use the \`--dry-run' option if you just want to see what would be executed." ;; install) $echo \ "Usage: $modename [OPTION]... --mode=install INSTALL-COMMAND... Install executables or libraries. INSTALL-COMMAND is the installation command. The first component should be either the \`install' or \`cp' program. The rest of the components are interpreted as arguments to that command (only BSD-compatible install options are recognized)." ;; link) $echo \ "Usage: $modename [OPTION]... --mode=link LINK-COMMAND... Link object files or libraries together to form another library, or to create an executable program. LINK-COMMAND is a command using the C compiler that you would use to create a program from several object files. The following components of LINK-COMMAND are treated specially: -all-static do not do any dynamic linking at all -avoid-version do not add a version suffix if possible -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) -export-symbols SYMFILE try to export only the symbols listed in SYMFILE -export-symbols-regex REGEX try to export only the symbols matching REGEX -LLIBDIR search LIBDIR for required installed libraries -lNAME OUTPUT-FILE requires the installed library libNAME -module build a library that can dlopened -no-fast-install disable the fast-install mode -no-install link a not-installable executable -no-undefined declare that a library does not refer to external symbols -o OUTPUT-FILE create OUTPUT-FILE from the specified objects -objectlist FILE Use a list of object files found in FILE to specify objects -precious-files-regex REGEX don't remove output files matching REGEX -release RELEASE specify package release information -rpath LIBDIR the created library will eventually be installed in LIBDIR -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries -static do not do any dynamic linking of uninstalled libtool libraries -static-libtool-libs do not do any dynamic linking of libtool libraries -version-info CURRENT[:REVISION[:AGE]] specify library version info [each variable defaults to 0] All other options (arguments beginning with \`-') are ignored. Every other argument is treated as a filename. Files ending in \`.la' are treated as uninstalled libtool libraries, other files are standard or library object files. If the OUTPUT-FILE ends in \`.la', then a libtool library is created, only library objects (\`.lo' files) may be specified, and \`-rpath' is required, except when creating a convenience library. If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created using \`ar' and \`ranlib', or on Windows using \`lib'. If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file is created, otherwise an executable program is created." ;; uninstall) $echo \ "Usage: $modename [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... Remove libraries from an installation directory. RM is the name of the program to use to delete files associated with each FILE (typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed to RM. If FILE is a libtool library, all the files associated with it are deleted. Otherwise, only FILE itself is deleted using RM." ;; *) $echo "$modename: invalid operation mode \`$mode'" 1>&2 $echo "$help" 1>&2 exit $EXIT_FAILURE ;; esac $echo $echo "Try \`$modename --help' for more information about other modes." exit $? # The TAGs below are defined such that we never get into a situation # in which we disable both kinds of libraries. Given conflicting # choices, we go for a static library, that is the most portable, # since we can't tell whether shared libraries were disabled because # the user asked for that or because the platform doesn't support # them. This is particularly important on AIX, because we don't # support having both static and shared libraries enabled at the same # time on that platform, so we default to a shared-only configuration. # If a disable-shared tag is given, we'll fallback to a static-only # configuration. But we'll never go from static-only to shared-only. # ### BEGIN LIBTOOL TAG CONFIG: disable-shared disable_libs=shared # ### END LIBTOOL TAG CONFIG: disable-shared # ### BEGIN LIBTOOL TAG CONFIG: disable-static disable_libs=static # ### END LIBTOOL TAG CONFIG: disable-static # Local Variables: # mode:shell-script # sh-indentation:2 # End: nufw-2.4.3/INSTALL0000644000175000017500000000476511431206275010466 00000000000000========================= Installation instructions ========================= Prerequisites ============= Prerequisites of autogen.sh script: * automake1.7 to execute cleanly autogen.sh: http://www.gnu.org/software/automake/ Prerequisites of NuFW compilation: * GNU libtool: http://www.gnu.org/software/libtool/ * GNU make: http://www.gnu.org/software/make/ * libpam-dev for system authentication module Prerequisites of NuFW compilation and runtime: * glib 2.4+: http://www.gtk.org/ * libipq (in iptables-dev on debian) or libnetfilter_queue (optionally libnetfilter_conntrack): http://www.netfilter.org/ * libldap for the provided auth server * libsasl2 (Cyrus) * libgnutls: http://www.gnu.org/software/gnutls/ * libgcrypt (and libgpg-error): http://ftp.gnupg.org/gcrypt/libgcrypt/ and http://ftp.gnupg.org/gcrypt/libgpg-error/ Prerequisites of NuFW runtime: * Linux kernel 2.6, a kernel superior to 2.6.18 is a good choice: http://www.kernel.org/ Prerequisites of nuauth_command program: * Python 2.4+: http://www.python.org/. On Mandriva, install libpython2.4-devel to get /usr/lib/python2.4/config/Makefile * IPy python library: http://software.inl.fr/trac/trac.cgi/wiki/IPy Name of FreeBSD packages (incomplete list): * autotools * libtool * glib20 * libgcrypt * gnutls * cyrus-sasl2 Kernel ====== It is recommanded to use a recent kernel to benefit of all latest feature. A kernel superior to 2.6.18 is a good choice. The patch dump-connection-mark.diff (in patches/) can be applied to the kernel to increase performances when doing session logging. Compilation =========== To compile, use the standard :: ./autogen.sh ./configure make make install If it is a first installation, think to copy the configuration file as it :: make install-conf or run :: cp ./conf/nuauth.conf /usr/local/etc/nuauth.conf Else look for changes between your current conf file and the new one. Next, you will have to run (as root) nufw. nufw -h will give you a usage message. You will also have to launch nuauth, the authorisation server. nuauth -h will give you a usage message. To use nufw you will have to run a client for each user. nutcpc and pam_nufw are provided in NuFW archive. You will find more informations on: http://www.nufw.org SQL Logging =========== If you use SQL Logging and SSO features, you may wish to increase performance of SQL queries by putting closed connections in a different SQL table by using or a script (cron task ?) or a trigger. nufw-2.4.3/patches/0000777000175000017500000000000011431215437011134 500000000000000nufw-2.4.3/patches/dump-connection-mark.diff0000644000175000017500000000255211431206275015740 00000000000000From 2d9fb2d58fd423b59f6003a205f2469ee3d2a098 Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Fri, 23 Feb 2007 14:38:28 +0100 Subject: [PATCH] Dump connection mark if not null or in case of MARK event. --- net/ipv4/netfilter/ip_conntrack_netlink.c | 2 +- net/netfilter/nf_conntrack_netlink.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c index 424f2fc..78a48ac 100644 --- a/net/ipv4/netfilter/ip_conntrack_netlink.c +++ b/net/ipv4/netfilter/ip_conntrack_netlink.c @@ -375,7 +375,7 @@ static int ctnetlink_conntrack_event(str ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0) goto nfattr_failure; - if (events & IPCT_MARK + if (((events & IPCT_MARK) || ct->mark) && ctnetlink_dump_mark(skb, ct) < 0) goto nfattr_failure; diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 4c2e69a..1541a26 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -385,7 +385,7 @@ static int ctnetlink_conntrack_event(str ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0) goto nfattr_failure; - if (events & IPCT_MARK + if (((events & IPCT_MARK) || ct->mark) && ctnetlink_dump_mark(skb, ct) < 0) goto nfattr_failure; -- 1.4.1 nufw-2.4.3/configure.ac0000644000175000017500000005664011431206275011722 00000000000000# -*- Autoconf -*- # Process this file with autoconf to produce a configure script. AC_PREREQ(2.57) AC_INIT(NuFW, 2.4.3, nufw-devel@nongnu.org) AM_CONFIG_HEADER(src/include/config.h) AC_CONFIG_SRCDIR([src/nufw/main.c]) # Checks for programs. AC_PROG_CC # check for a ISO C99 compiler AC_DEFUN([AC_CPP_FUNC], [AC_REQUIRE([AC_PROG_CC_STDC])dnl AC_CACHE_CHECK([for an ANSI C99-conforming __func__], ac_cv_cpp_func, [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[char *foo = __func__;]])], [ac_cv_cpp_func=yes], [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[char *foo = __FUNCTION__;]])], [ac_cv_cpp_func=__FUNCTION__], [ac_cv_cpp_func=no])])]) if test $ac_cv_cpp_func = yes; then AC_DEFINE(__PRELUDE_FUNC__, __func__, [Define to __FUNCTION__ or "" if '__func__' does not conform to ANSI C.]) elif test $ac_cv_cpp_func = __FUNCTION__; then AC_DEFINE(__PRELUDE_FUNC__, __FUNCTION__, [Define to __FUNCTION__ or "" if '__func__' does not conform to ANSI C.]) elif test $ac_cv_cpp_func = no; then AC_DEFINE(__PRELUDE_FUNC__, "", [Define to __FUNCTION__ or "" if '__func__' does not conform to ANSI C.]) fi ]) AC_CPP_FUNC AM_PROG_LEX # macro AM_PROG_LEX is really stupid, so we insist on flex AC_CHECK_PROG(FLEX, flex, "$LEX", false) if test "$FLEX" = "false"; then AC_MSG_ERROR([This package requires flex to build]) fi AC_PROG_YACC # the macro is stupid and set $YACC to "yacc" if nothing was found .. AC_CHECK_PROG(YACC, yacc, "$YACC", false) if test "$YACC" = "yacc"; then AC_MSG_ERROR([This package requires bison to build]) fi AM_PROG_LIBTOOL AC_PROG_INSTALL # Checks for endianess AC_C_BIGENDIAN() case $host in *-*-linux*) AC_DEFINE([LINUX],[1],[Target is Linux]) CFLAGS="$CFLAGS -D_POSIX_C_SOURCE=199506L" ;; *-*-darwin*) AC_DEFINE([FREEBSD],[1],[Target is darwin (freebsd like)]) ;; *-*-freebsd*) AC_DEFINE([FREEBSD],[1],[Target is freebsd]) ;; *) AC_MSG_ERROR([Linux, FreeBSD, Darwin only, dude!]);; esac # Global definitions # _ISOC99_SOURCE Use ISO C99 standard, needed by snprintf for example # _GNU_SOURCE Use GNU extensions like getline() in stdio.h # _SVID_SOURCE Needed to get 'strdup' from # _BSD_SOURCE Use 4.3BSD CFLAGS="$CFLAGS -D_ISOC99_SOURCE -D_GNU_SOURCE -D_BSD_SOURCE -D_SVID_SOURCE" # check to see if struct dirent has the d_type member AC_CHECK_MEMBER([struct dirent.d_type], [AC_DEFINE([HAVE_STRUCT_DIRENT_D_TYPE], [1], [Define if struct dirent has member d_type])], , [#include ]) # Checks for libraries. AC_CHECK_LIB([pthread], [pthread_mutex_init], check_pthread="yes", check_pthread="no") AC_CHECK_TOOL(DOCBOOK2MAN, docbook2man, true) AC_CHECK_TOOL(DOCBOOK2PDF, docbook2pdf, true) # Checks for header files. AC_HEADER_STDC AC_CHECK_HEADERS([arpa/inet.h errno.h fcntl.h getopt.h limits.h netdb.h netinet/in.h netinet/tcp.h pthread.h stdarg.h stdlib.h string.h sys/select.h sys/socket.h unistd.h inexistent.h]) # Checks for typedefs, structures, and compiler characteristics. AC_C_CONST # Checks for library functions. AC_FUNC_MALLOC AC_FUNC_STAT AC_CHECK_FUNCS([getopt_long gethostbyname memset setsockopt socket strcasecmp strspn]) #AC_CHECK_LIB([gcrypt], [gcry_md_open],AC_DEFINE([HAVE_LIBRARY_GCRYPT],[1],[Gcrypt lib flag]), check_gcrypt=no,[-L/usr/local/lib]) #AC_CHECK_LIB([gnutls], [gnutls_init],AC_DEFINE([HAVE_LIBRARY_GNUTLS],[1],[Gnutls lib flag]), check_gnutls=no) #AM_CHECK_PATH([libgcrypt], [gcry_md_open],AC_DEFINE([HAVE_LIBRARY_GCRYPT],[1],[Gcrypt lib flag]), check_gcrypt=no,[-L/usr/local/lib]) #AM_CHECK_PATH(libgnutls], [gnutls_init],AC_DEFINE([HAVE_LIBRARY_GNUTLS],[1],[Gnutls lib flag]), check_gnutls=no) PKG_PROG_PKG_CONFIG dnl dnl dnl dnl We can force the use of OpenSSL AC_ARG_WITH(openssl, [AC_HELP_STRING(--with-openssl, Build with openssl support *EXPERIMENTAL*.)],build_openssl=$enableval, build_openssl="no" ) if test "${build_openssl}" != "no"; then PKG_CHECK_MODULES(OPENSSL, openssl) AC_DEFINE_UNQUOTED([HAVE_OPENSSL],[1],[Will use openssl support instead of gnutls]) fi if test "x${build_openssl}" = "xno"; then NEED_LIBGCRYPT_VERSION=1.2.0 AM_PATH_LIBGCRYPT("$NEED_LIBGCRYPT_VERSION") if test "x$LIBGCRYPT_LIBS" = "x"; then AC_MSG_ERROR([libgcrypt is needed. See ftp://ftp.gnupg.org/gcrypt/ .]) else CFLAGS="$CFLAGS $LIBGCRYPT_CFLAGS" LDFLAGS="$LDFLAGS $LIBGCRYPT_LIBS" fi NEED_LIBGNUTLS_VERSION=1.0.16 PKG_CHECK_MODULES(GNUTLS, gnutls >= $NEED_LIBGNUTLS_VERSION,,exit) AC_DEFINE_UNQUOTED([HAVE_GNUTLS],[1],[Will use gnutls support instead of openssl]) AC_CHECK_LIB(gnutls, gnutls_priority_set, AC_DEFINE_UNQUOTED(HAVE_GNUTLS_STRING_PRIORITY, , Define whether GnuTLS provide priority parsing),) fi dnl dnl dnl #Configure database support, depending on user input AC_ARG_WITH(prelude-log, [AC_HELP_STRING(--with-prelude-log, Support user activity logging in Prelude)], enable_prelude_log=$withval, enable_prelude_log="") AC_ARG_WITH(mysql-log, [AC_HELP_STRING(--with-mysql-log, Support user activity logging in Mysql database)], enable_mysql_log=$withval, enable_mysql_log="") AC_ARG_WITH(mysql-auth, [AC_HELP_STRING(--with-mysql-auth, Support user authentication in Mysql database)], enable_mysql_auth=$withval, enable_mysql_auth="") AC_ARG_WITH(pgsql-log, [AC_HELP_STRING(--with-pgsql-log, Support user activity logging in PostgreSQL database)], enable_pgsql_log=$withval, enable_pgsql_log="") AC_ARG_WITH(syslog-log, [AC_HELP_STRING(--without-syslog-log, Disable user activity logging in syslog)], enable_syslog_log=$withval, enable_syslog_log="yes") AC_ARG_WITH(ulogd2-log, [AC_HELP_STRING(--without-ulogd2-log, Disable user activity logging in ulogd2)], enable_ulogd2_log=$withval, enable_ulogd2_log="yes") AC_ARG_WITH(plaintext-auth, [AC_HELP_STRING(--without-plaintext-auth, Disable authentication with plaintext file)], enable_plaintext_auth=$withval, enable_plaintext_auth="yes") AC_ARG_WITH(mark-group, [AC_HELP_STRING(--without-mark-group, Disable mark packet by group)], enable_mark_group=$withval, enable_mark_group="yes") AC_ARG_WITH(mark-field, [AC_HELP_STRING(--without-mark-field, Disable mark packet by packet field)], enable_mark_field=$withval, enable_mark_field="yes") AC_ARG_WITH(mark-flag, [AC_HELP_STRING(--without-mark-flag, Disable mark packet following acl indication)], enable_mark_flag=$withval, enable_mark_flag="yes") AC_ARG_WITH(system-auth, [AC_HELP_STRING(--without-system-auth, Disable PAM+NSS authentication)], enable_system_auth=$withval, enable_system_auth="yes") AC_ARG_WITH(ldap, [AC_HELP_STRING(--with-ldap, Support LDAP directory for acl lookup)],ldap=$withval, ldap="") AC_ARG_WITH(nfqueue, [AC_HELP_STRING(--without-nfqueue, Compile for QUEUE instead of NFQUEUE)],use_nfqueue=$withval, use_nfqueue="yes") AC_ARG_WITH(nfconntrack, [AC_HELP_STRING(--without-nfconntrack, Disable netfilter_conntrack support)],use_nfconntrack=$withval, use_nfconntrack="yes") AC_ARG_WITH(utf8, [AC_HELP_STRING(--with-utf8, Use UTF8 exchange between client and server)], AC_DEFINE_UNQUOTED([USE_UTF8],[1],[Will use UTF8 exchange])) AC_ARG_WITH(fixedtimeout, [AC_HELP_STRING(--with-fixedtimeout, Assume libconntrack has fixed timeout extension )],have_conntrack_fixedtimeout=$withval ) AC_ARG_ENABLE(nufw, [AC_HELP_STRING(--disable-nufw, Don't build nufw (default is to build))],build_nufw=$enableval, build_nufw="yes") AC_ARG_ENABLE(nuauth, [AC_HELP_STRING(--disable-nuauth, Don't build nuauth (default is to build))],build_nuauth=$enableval, build_nuauth="yes") AC_ARG_ENABLE(libnuclient, [AC_HELP_STRING(--disable-libnuclient, Don't build libnuclient (default is to build))],build_libnuclient=$enableval, build_libnuclient="yes") AC_ARG_ENABLE(nutcpc, [AC_HELP_STRING(--disable-nutcpc, Don't build nutcpc (default is to build))],build_nutcpc=$enableval, build_nutcpc="yes" ) AC_ARG_ENABLE(pam-nufw, [AC_HELP_STRING(--enable-pam-nufw, Build pam_nufw (default is not to build))],build_pam_nufw=$enableval, build_pam_nufw="no" ) AC_ARG_ENABLE(nuauth-command, [AC_HELP_STRING(--disable-nuauth-command, Don't build nuauth_command (default is to build))],build_nuauth_command=$enableval, build_nuauth_command="yes" ) define([EXPAND_VARIABLE], [$2=[$]$1 while true; do case "[$]$2" in *\[$]* ) eval "$2=[$]$2" ;; *) break ;; esac done])dnl EXPAND_VARIABLE if test "${build_nuauth_command}" = "yes"; then AC_CHECK_TOOL(PYTHON, python) AC_DEFINE_UNQUOTED([BUILD_NUAUTH_COMMAND],[1],[Build nuauth_command]) EXPAND_VARIABLE(localstatedir,e_localstatedir) AC_SUBST(e_localstatedir) fi AC_ARG_ENABLE(debug, [AC_HELP_STRING(--enable-debug, Add development debug messages (default no))],debug=$enableval, debug="") AC_ARG_WITH(perf-display, [AC_HELP_STRING(--without-perf-display, Disable performance display)], use_perf_display=$withval, use_perf_display="yes") if test "${use_perf_display}" = "yes"; then AC_DEFINE_UNQUOTED([PERF_DISPLAY_ENABLE],[1],[Performance display]) fi if test \ "${build_nuauth}" = "yes" \ -o "${build_libnuclient}" = "yes" \ -o "${build_nutcpc}" = "yes" \ -o "${build_pam_nufw}" = "yes" \ ; then AC_CHECK_LIB([sasl2],[sasl_server_init],AC_DEFINE([HAVE_LIBRARY_SASL2],[1],[SASL lib flag]), check_sasl=no) fi if test "${build_nuauth}" = "yes"; then AC_CHECK_LIB([sasl2],[sasl_server_init],AC_DEFINE([HAVE_LIBRARY_SASL2],[1],[SASL lib flag]), check_sasl=no) # glib stuff AM_PATH_GLIB_2_0(2.4.0, , check_glib=no,[gthread gmodule]) if test "$enable_system_auth" = "yes"; then AC_CHECK_LIB([pam],[pam_start],AC_DEFINE([HAVE_LIBRARY_PAM],[1],[pam lib flag]), check_pam=no) fi if test "${ldap}" = "yes"; then AC_CHECK_LIB([ldap],[ldap_simple_bind_s],AC_DEFINE([HAVE_LIBRARY_LDAP],[1],[ldap lib flag]), check_ldap=no) fi if test "$enable_mysql_log" = "yes" \ -o "$enable_mysql_auth" = "yes" ; then if which mysql_config 1>/dev/null; then AC_CHECK_LIB([mysqlclient],[mysql_real_connect],AC_DEFINE([HAVE_LIBRARY_MYSQLCLIENT],[1],[mysql lib flag] ) , check_mysql=no,[$(mysql_config --libs)]) AC_CHECK_LIB([mysqlclient],[mysql_ssl_set],AC_DEFINE_UNQUOTED([HAVE_MYSQL_SSL],[1],[Will compile mysql log module with ssl support]),AC_MSG_NOTICE([mysqlclient has no ssl support]),[$(mysql_config --libs)]) have_mysql_config="yes" else AC_CHECK_LIB([mysqlclient],[mysql_real_connect],AC_DEFINE([HAVE_LIBRARY_MYSQLCLIENT],[1],[mysql lib flag] ), check_mysql=no) AC_CHECK_LIB([mysqlclient],[mysql_ssl_set],AC_DEFINE_UNQUOTED([HAVE_MYSQL_SSL],[1],[Will compile mysql log module with ssl support]),AC_MSG_NOTICE([mysqlclient has no ssl support])) fi fi if test "$enable_prelude_log" = "yes"; then # Evil hack to check if /usr/include/libprelude/prelude.h does exist. # TODO: Be able to change this directory and send this directory # to Prelude module of NuAuth OLDCFLAGS="$CFLAGS" OLDCPPFLAGS="$CPPFLAGS" CFLAGS="$CFLAGS -I/usr/include/libprelude/" CPPFLAGS="$CFLAGS -I/usr/include/libprelude/" AC_CHECK_HEADER(prelude.h,, check_prelude=no) # Check for prelude_init() function libprelude.so AC_CHECK_LIB([prelude],[prelude_init], AC_DEFINE([HAVE_LIBRARY_PRELUDE],[1],[prelude library flag]), check_prelude=no) CFLAGS="$OLDCFLAGS" CPPFLAGS="$OLDCPPFLAGS" fi if test "$enable_pgsql_log" = "yes"; then AC_CHECK_LIB([pq],[PQconnectdb],AC_DEFINE([HAVE_LIBRARY_PQ],[1],[pgsql lib flag]), check_pgsql=no) fi fi AM_CONDITIONAL(USE_SYSTEM_AUTH, test x$enable_system_auth = xyes) AM_CONDITIONAL(USE_LDAP, test x$ldap = xyes) AM_CONDITIONAL(USE_PRELUDE_LOG, test x$enable_prelude_log = xyes) AM_CONDITIONAL(USE_MYSQL_LOG, test x$enable_mysql_log = xyes) AM_CONDITIONAL(USE_MYSQL_AUTH, test x$enable_mysql_auth = xyes) AM_CONDITIONAL(HAVE_MYSQL_CONFIG, test x$have_mysql_config = xyes) AM_CONDITIONAL(USE_PGSQL_LOG, test x$enable_pgsql_log = xyes) AM_CONDITIONAL(USE_PLAINTEXT_AUTH, test x$enable_plaintext_auth = xyes) AM_CONDITIONAL(USE_MARK_GROUP, test x$enable_mark_group = xyes) AM_CONDITIONAL(USE_MARK_FIELD, test x$enable_mark_field = xyes) AM_CONDITIONAL(USE_MARK_FLAG, test x$enable_mark_flag = xyes) AM_CONDITIONAL(USE_SYSLOG_LOG, test x$enable_syslog_log = xyes) AM_CONDITIONAL(USE_ULOGD2_LOG, test x$enable_ulogd2_log = xyes) if test "${build_libnuclient}" = "yes"; then AC_CHECK_LIB([sasl2],[sasl_server_init],AC_DEFINE([HAVE_LIBRARY_SASL2],[1],[SASL lib flag]), check_sasl=no) fi if test "${build_nufw}" = "yes"; then if test "${check_pthread}" = "no"; then AC_MSG_ERROR([No pthread library, nufw daemon WON'T be able to compile]); fi if test "${use_nfqueue}" = "yes"; then # if we don't have we can't build nufw AC_CHECK_LIB([nfnetlink], [nfnl_open], have_nfqueue="yes", build_nufw="") AC_CHECK_LIB([netfilter_queue], [nfq_open], have_nfqueue="yes",[AC_MSG_ERROR([libnetfilter_queue not present])],[-lnfnetlink]) AC_CHECK_LIB([netfilter_queue], [nfq_set_queue_maxlen],AC_DEFINE_UNQUOTED([HAVE_NFQ_SET_QUEUE_MAXLEN],[1],[Found queue max length support in netfilter_queue]) ,,[-lnfnetlink]) AC_CHECK_LIB([nfnetlink], [nlif_catch], AC_CHECK_LIB([netfilter_queue], [nfq_get_indev_name], AC_DEFINE_UNQUOTED([HAVE_NFQ_INDEV_NAME], [1], [Found iface resolution in nfnetlink and libnetfilter_queue]), AC_MSG_WARN("Support of interface resolution in nfnetlink but not in netfilter_queue"), [-lnfnetlink]) ) AC_DEFINE_UNQUOTED([USE_NFQUEUE],[1],[Will use netlink queue support instead of libipq]) else AC_CHECK_HEADERS([libipq/libipq.h libipq.h]) # if we don't have we can't build nufw AC_CHECK_LIB([ipq], [ipq_message_type], have_ipq="yes", build_nufw="") if test "$have_ipq" = "yes"; then # check if we have a version of libipq supporting mark AC_ARG_WITH(user-mark, [AC_HELP_STRING(--with-user-mark, Support user mark on NuFW firewall (useless if using nfqueue))], enable_user_mark="yes", enable_user_mark="") if test "$enable_user_mark" = "yes"; then AC_CHECK_LIB([ipq], [ipq_set_vwmark],AC_DEFINE_UNQUOTED([HAVE_LIBIPQ_MARK],[1],[libipq has support for mark]),AC_MSG_RESULT([libipq has no support for mark])) fi fi fi fi if test "${use_nfconntrack}" = "yes"; then AC_CHECK_LIB([netfilter_conntrack], [nfct_dump_conntrack_table], have_conntrack="yes", have_conntrack="",[-ldl -lnfnetlink]) else have_conntrack="" fi if test "${have_conntrack}" = "yes"; then AC_DEFINE_UNQUOTED([HAVE_LIBCONNTRACK],[1],[libconntrack has been found]) AC_CHECK_LIB([netfilter_conntrack], [nfct_callback_register], have_new_conntrack_api="yes", have_new_conntrack_api="", [-ldl -lnfnetlink]) if test "${have_new_conntrack_api}" = "yes"; then AC_DEFINE_UNQUOTED([HAVE_NEW_NFCT_API],[1],[libconntrack new API has been found]) fi fi if test "${build_pam_nufw}" = "yes"; then #AC_CHECK_LIB([pam], [pam_sm_authenticate],AC_DEFINE([HAVE_LIBRARY_PAM],[1],[Pam lib flag]), check_pam=no) AC_CHECK_LIB([pam],[pam_start],AC_DEFINE([HAVE_LIBRARY_PAM],[1],[pam lib flag]), check_pam=no) fi AM_CONDITIONAL(BUILD_NUFW, test x${build_nufw} = xyes) AM_CONDITIONAL(BUILD_NUAUTH, test x${build_nuauth} = xyes) AM_CONDITIONAL(BUILD_NUTCPC, test x${build_nutcpc} = xyes) AM_CONDITIONAL(BUILD_LIBNUCLIENT, test x${build_libnuclient} = xyes) AM_CONDITIONAL(BUILD_PAM_NUFW, test x${build_pam_nufw} = xyes) AM_CONDITIONAL(BUILD_NUAUTH_COMMAND, test x${build_nuauth_command} = xyes) AM_CONDITIONAL(HAVE_IPQ,test x$have_ipq = xyes && test x$have_conntrack = x ) AM_CONDITIONAL(USE_USER_MARK, test x$enable_user_mark = xyes) AM_CONDITIONAL(HAVE_NFQUEUE_ONLY, test x$have_nfqueue = xyes && test x$have_conntrack = x ) AM_CONDITIONAL(HAVE_NFQUEUE_CONNTRACK,test x$have_conntrack = xyes && test x$have_nfqueue = xyes ) AM_CONDITIONAL(HAVE_CONNTRACK_ONLY, test x$have_nfqueue = x && test x$have_conntrack = xyes ) AM_CONDITIONAL(USE_OPENSSL, test x$build_openssl != xno) AM_CONDITIONAL(USE_GNUTLS, test x$build_openssl = xno) if test "x$GCC" = "xyes"; then dnl get gcc version AC_MSG_CHECKING([gcc version]) gccver=$($CC -dumpversion) gccvermajor=$(echo $gccver | cut -d . -f1) gccverminor=$(echo $gccver | cut -d . -f2) gccvernum=$(expr $gccvermajor "*" 100 + $gccverminor) AC_MSG_RESULT($gccver) if test "$gccvernum" -ge "400"; then dnl gcc 4.0 or later CFLAGS="$CFLAGS -Wextra" else CFLAGS="$CFLAGS -W" fi fi CFLAGS="$CFLAGS -Wall" CFLAGS="$CFLAGS -Wno-unused-parameter" if test "${debug}" = "yes"; then AC_DEFINE_UNQUOTED([DEBUG_ENABLE],[1],[Will compile development debug message]) CFLAGS="$CFLAGS -O0 -g" else CFLAGS="$CFLAGS -O2" fi AC_CONFIG_FILES([Makefile doc/Makefile conf/Makefile python/Makefile selinux/Makefile src/Makefile src/include/Makefile src/libs/Makefile src/libs/nubase/Makefile src/libs/nuconfparser/Makefile src/libs/nussl/Makefile src/libs/nussl/libnussl.pc src/nuauth/Makefile src/nuauth/modules/Makefile src/nuauth/modules/ldap/Makefile src/nuauth/modules/plaintext/Makefile src/nuauth/modules/mark_group/Makefile src/nuauth/modules/mark_field/Makefile src/nuauth/modules/mark_flag/Makefile src/nuauth/modules/system/Makefile src/nuauth/modules/log_pgsql/Makefile src/nuauth/modules/log_mysql/Makefile src/nuauth/modules/log_nuprelude/Makefile src/nuauth/modules/log_syslog/Makefile src/nuauth/modules/log_script/Makefile src/nuauth/modules/log_ulogd2/Makefile src/nuauth/modules/xml_defs/Makefile src/nuauth/modules/x509_std/Makefile src/nuauth/modules/mark_uid/Makefile src/nuauth/modules/session_expire/Makefile src/nuauth/modules/session_authtype/Makefile src/nuauth/modules/ipauth_guest/Makefile src/nuauth/modules/auth_mysql/Makefile src/nuauth/modules/postauth_localuser/Makefile src/clients/Makefile src/clients/lib/Makefile src/clients/lib/libnuclient.pc src/clients/lib/tests/Makefile src/clients/lib/plugins/Makefile src/clients/lib/plugins/luser/Makefile src/clients/nutcpc/Makefile src/clients/pam_nufw/Makefile src/nufw/Makefile scripts/Makefile scripts/nuauth_command/Makefile scripts/nuauth_command/scripts/Makefile scripts/nuauth_command/scripts/nuauth_command scripts/nuauth_command/nuauth_command/Makefile scripts/auth_mysql/Makefile tests/Makefile tests/inl_tests/Makefile tests/pki/Makefile ]) # Display errors if any library is missing if test \ x${check_glib} = xno \ -o x${check_mysql} = xno \ -o x${check_pgsql} = xno \ -o x${check_prelude} = xno \ -o x${check_ldap} = xno \ -o x${check_gcrypt} = xno \ -o x${check_gnutls} = xno \ -o x${check_pam} = xno \ ; then AC_MSG_RESULT([]) if test x${check_gcrypt} = xno; then AC_MSG_RESULT([ERROR: gcrypt library needed for encryption]) fi if test x${check_pam} = xno; then AC_MSG_RESULT([ERROR: PAM library needed for system authentication]) fi if test x${check_gnutls} = xno; then AC_MSG_RESULT([ERROR: gnutls library needed for encryption]) fi if test x${check_ldap} = xno; then AC_MSG_RESULT([ERROR: ldap library needed for authentication]) fi if test x${check_glib} = xno; then AC_MSG_RESULT([ERROR: glib is required in order to compile nuauth]) fi if test x${check_mysql} = xno; then AC_MSG_RESULT([ERROR: mysqlclient library needed if selected]) fi if test x${check_prelude} = xno; then AC_MSG_RESULT([ERROR: libprelude library needed if Prelude logging selected]) fi if test x${check_pgsql} = xno; then AC_MSG_ERROR([libpq library needed if PostgreSQL support selected]) fi exit 1 fi if test \ "${build_nuauth}" = "yes" \ -o "${build_libnuclient}" = "yes" \ -o "${build_nutcpc}" = "yes" \ -o "${build_pam_nufw}" = "yes" \ ; then if test x${check_sasl} = xno; then AC_MSG_RESULT([ERROR: sasl library needed for authentication]) exit 1 fi fi AM_INIT_AUTOMAKE(1.8) AC_OUTPUT AC_MSG_RESULT([ Configuration complete ]) if test "$debug"; then AC_MSG_RESULT([* Compiling with developement DEBUG support]) fi if test "${build_openssl}" != "no"; then AC_MSG_RESULT([* Compiling with OpenSSL]) else AC_MSG_RESULT([* Compiling with GnuTLS]) fi if test "${build_nuauth}" = "yes"; then AC_MSG_RESULT([* Compiling NuAuth]) if test "$enable_system_auth" = "yes"; then AC_MSG_RESULT([ - NuAuth: compile auth module system]) fi if test "${ldap}" = "yes"; then AC_MSG_RESULT([ - NuAuth: compile module ldap]) fi if test "${enable_prelude_log}" = "yes"; then AC_MSG_RESULT([ - NuAuth: compile log module prelude]) fi if test "${enable_mysql_log}" = "yes"; then AC_MSG_RESULT([ - NuAuth: compile log module mysql]) fi if test "${enable_mysql_auth}" = "yes"; then AC_MSG_RESULT([ - NuAuth: compile authentication module mysql]) fi if test "${enable_pgsql_log}" = "yes"; then AC_MSG_RESULT([ - NuAuth: compile log module pgsql]) fi if test "${enable_syslog_log}" = "yes"; then AC_MSG_RESULT([ - NuAuth: compile syslog log module]) fi if test "${enable_ulogd2_log}" = "yes"; then AC_MSG_RESULT([ - NuAuth: compile ulogd2 log module]) fi if test "${enable_plaintext_auth}" = "yes"; then AC_MSG_RESULT([ - NuAuth: compile plaintext auth module]) fi if test "${enable_mark_group}" = "yes"; then AC_MSG_RESULT([ - NuAuth: compile mark group module]) fi if test "${enable_mark_field}" = "yes"; then AC_MSG_RESULT([ - NuAuth: compile mark field module]) fi if test "${enable_mark_flag}" = "yes"; then AC_MSG_RESULT([ - NuAuth: compile mark flag module]) fi fi if test "${build_nufw}" = "yes"; then AC_MSG_RESULT([* Compiling NuFW]) if test "${have_conntrack}" = "yes"; then AC_MSG_RESULT([ - NuFW: libnetfilter_conntrack support]) fi if test "${have_nfqueue}" = "yes"; then AC_MSG_RESULT([ - NuFW: libnetfilter_queue support]) else if test "${have_ipq}" = "yes"; then AC_MSG_RESULT([ - NuFW: libipq support]) if test "$enable_user_mark" = "yes"; then AC_MSG_RESULT([ - NuFW: User mark support]) fi fi fi else if test "${use_nfconntrack}" = "yes"; then AC_MSG_RESULT([!!! WARNING !!! NuFW daemon WON'T be compiled: libnetfilter_queue not present]) else AC_MSG_RESULT([!!! WARNING !!! NuFW daemon WON'T be compiled: libipq not present]) fi fi if test "${build_libnuclient}" = "yes"; then AC_MSG_RESULT([* Compiling libnuclient]) fi if test "${build_nutcpc}" = "yes"; then AC_MSG_RESULT([* Compiling nutcpc]) fi if test "${build_pam_nufw}" = "yes"; then AC_MSG_RESULT([* Compiling pam_nufw]) fi AC_MSG_RESULT([ Now type 'make' and then 'sudo make install'])