pam_pkcs11-0.6.8/0000755000175000017500000000000011740072423010465 500000000000000pam_pkcs11-0.6.8/src/0000755000175000017500000000000011740072425011256 500000000000000pam_pkcs11-0.6.8/src/scconf/0000755000175000017500000000000011740072425012531 500000000000000pam_pkcs11-0.6.8/src/scconf/write.c0000644000175000017500000001063511460625464013762 00000000000000/* * $Id: write.c 233 2007-04-04 09:52:54Z ludovic.rousseau $ * * Copyright (C) 2002 * Antti Tapaninen * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include #include "scconf.h" #define INDENT_CHAR '\t' #define INDENT_LEVEL 1 typedef struct { FILE *f; int indent_char; int indent_pos; int indent_level; int error; } scconf_writer; static void write_line(scconf_writer * writer, const char *data) { int i; if (writer->error) { return; } if (!((data) == NULL || (data)[0] == '\0')) { for (i = 0; i < writer->indent_pos; i++) { fputc(writer->indent_char, writer->f); } fputs(data, writer->f); } if (fputc('\n', writer->f) == EOF) { writer->error = errno; } } static int string_need_quotes(const char *str) { /* quote only if there's any non-normal characters */ while (*str != '\0') { if (!isalnum((int) ((unsigned char) *str)) && *str != '!' && *str != '.' && *str != '/') { return 1; } str++; } return 0; } static char *scconf_list_get_string(scconf_list * list) { char *buffer = NULL, *tmp; int datalen, len, alloc_len, quote; if (!list) { return strdup(""); } len = 0; alloc_len = 1024; buffer = (char *) realloc(buffer, alloc_len); if (!buffer) { return strdup(""); } memset(buffer, 0, alloc_len); while (list) { datalen = strlen(list->data); if (len + datalen + 4 > alloc_len) { alloc_len += datalen + 2; tmp = (char *) realloc(buffer, alloc_len); if (!tmp) { free(buffer); return strdup(""); } buffer = tmp; } if (len != 0) { memcpy(buffer + len, ", ", 2); len += 2; } quote = string_need_quotes(list->data); if (quote) { buffer[len++] = '"'; } memcpy(buffer + len, list->data, datalen); len += datalen; if (quote) { buffer[len++] = '"'; } list = list->next; } buffer[len] = '\0'; return buffer; } static void scconf_write_items(scconf_writer * writer, const scconf_block * block) { scconf_block *subblock; scconf_item *item; char *data = NULL, *name = NULL; size_t datalen; for (item = block->items; item; item = item->next) { switch (item->type) { case SCCONF_ITEM_TYPE_COMMENT: write_line(writer, item->value.comment); break; case SCCONF_ITEM_TYPE_BLOCK: subblock = item->value.block; if (!subblock) { fprintf(stderr, "scconf_write_items: Skipping invalid block!\n"); continue; } /* header */ name = scconf_list_get_string(subblock->name); datalen = strlen(item->key) + strlen(name) + 6; data = (char *) malloc(datalen); if (!data) { free(name); continue; } snprintf(data, datalen, "%s %s {", item->key, name); write_line(writer, data); free(data); free(name); /* items */ writer->indent_pos += writer->indent_level; scconf_write_items(writer, subblock); writer->indent_pos -= writer->indent_level; /* footer */ write_line(writer, "}"); break; case SCCONF_ITEM_TYPE_VALUE: name = scconf_list_get_string(item->value.list); datalen = strlen(item->key) + strlen(name) + 6; data = (char *) malloc(datalen); if (!data) { free(name); continue; } snprintf(data, datalen, "%s = %s;", item->key, name); write_line(writer, data); free(data); free(name); break; } } } int scconf_write(scconf_context * config, const char *filename) { scconf_writer writer; if (!filename) { filename = config->filename; } writer.f = fopen(filename, "w"); if (!writer.f) { return errno; } writer.indent_char = INDENT_CHAR; writer.indent_pos = 0; writer.indent_level = INDENT_LEVEL; writer.error = 0; scconf_write_items(&writer, config->root); fclose(writer.f); return writer.error; } pam_pkcs11-0.6.8/src/scconf/scconf.c0000644000175000017500000003767011606043640014103 00000000000000/* * $Id: scconf.c 483 2011-01-22 17:46:10Z ludovic.rousseau $ * * Copyright (C) 2002 * Antti Tapaninen * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #ifdef HAVE_STRINGS_H #include #endif #include #include "scconf.h" scconf_context *scconf_new(const char *filename) { scconf_context *config; config = (scconf_context *) malloc(sizeof(scconf_context)); if (!config) { return NULL; } memset(config, 0, sizeof(scconf_context)); config->filename = filename ? strdup(filename) : NULL; config->root = (scconf_block *) malloc(sizeof(scconf_block)); if (!config->root) { if (config->filename) { free(config->filename); } free(config); return NULL; } memset(config->root, 0, sizeof(scconf_block)); return config; } void scconf_free(scconf_context * config) { if (config) { scconf_block_destroy(config->root); if (config->filename) { free(config->filename); } free(config); } } const scconf_block *scconf_find_block(const scconf_context * config, const scconf_block * block, const char *item_name) { scconf_item *item; if (!block) { block = config->root; } if (!item_name) { return NULL; } for (item = block->items; item; item = item->next) { if (item->type == SCCONF_ITEM_TYPE_BLOCK && strcasecmp(item_name, item->key) == 0) { return item->value.block; } } return NULL; } scconf_block **scconf_find_blocks(const scconf_context * config, const scconf_block * block, const char *item_name, const char *key) { scconf_block **blocks = NULL, **tmp; int alloc_size, size; scconf_item *item; if (!block) { block = config->root; } if (!item_name) { return NULL; } size = 0; alloc_size = 10; blocks = (scconf_block **) realloc(blocks, sizeof(scconf_block *) * alloc_size); for (item = block->items; item; item = item->next) { if (item->type == SCCONF_ITEM_TYPE_BLOCK && strcasecmp(item_name, item->key) == 0) { if (key && strcasecmp(key, item->value.block->name->data)) { continue; } if (size + 1 >= alloc_size) { alloc_size *= 2; tmp = (scconf_block **) realloc(blocks, sizeof(scconf_block *) * alloc_size); if (!tmp) { free(blocks); return NULL; } blocks = tmp; } blocks[size++] = item->value.block; } } blocks[size] = NULL; return blocks; } const scconf_list *scconf_find_list(const scconf_block * block, const char *option) { scconf_item *item; if (!block) { return NULL; } for (item = block->items; item; item = item->next) { if (item->type == SCCONF_ITEM_TYPE_VALUE && strcasecmp(option, item->key) == 0) { return item->value.list; } } return NULL; } const char *scconf_get_str(const scconf_block * block, const char *option, const char *def) { const scconf_list *list; list = scconf_find_list(block, option); return !list ? def : list->data; } int scconf_get_int(const scconf_block * block, const char *option, int def) { const scconf_list *list; list = scconf_find_list(block, option); return !list ? def : strtol(list->data, NULL, 0); } int scconf_get_bool(const scconf_block * block, const char *option, int def) { const scconf_list *list; list = scconf_find_list(block, option); if (!list) { return def; } return toupper((int) *list->data) == 'T' || toupper((int) *list->data) == 'Y'; } const char *scconf_put_str(scconf_block * block, const char *option, const char *value) { scconf_list *list = NULL; scconf_list_add(&list, value); scconf_item_add(NULL, block, NULL, SCCONF_ITEM_TYPE_VALUE, option, list); scconf_list_destroy(list); return value; } int scconf_put_int(scconf_block * block, const char *option, int value) { char *str; str = (char *) malloc(64); if (!str) { return value; } snprintf(str, 64, "%i", value); scconf_put_str(block, option, str); free(str); return value; } int scconf_put_bool(scconf_block * block, const char *option, int value) { scconf_put_str(block, option, !value ? "false" : "true"); return value; } scconf_item *scconf_item_copy(const scconf_item * src, scconf_item ** dst) { scconf_item *ptr, *_dst = NULL, *next = NULL; next = (scconf_item *) malloc(sizeof(scconf_item)); if (!next) { return NULL; } memset(next, 0, sizeof(scconf_item)); ptr = next; _dst = next; while (src) { if (!next) { next = (scconf_item *) malloc(sizeof(scconf_item)); if (!next) { scconf_item_destroy(ptr); return NULL; } memset(next, 0, sizeof(scconf_item)); _dst->next = next; } next->type = src->type; switch (src->type) { case SCCONF_ITEM_TYPE_COMMENT: next->value.comment = src->value.comment ? strdup(src->value.comment) : NULL; break; case SCCONF_ITEM_TYPE_BLOCK: scconf_block_copy(src->value.block, &next->value.block); break; case SCCONF_ITEM_TYPE_VALUE: scconf_list_copy(src->value.list, &next->value.list); break; } next->key = src->key ? strdup(src->key) : NULL; _dst = next; next = NULL; src = src->next; } *dst = ptr; return ptr; } void scconf_item_destroy(scconf_item * item) { scconf_item *next; while (item) { next = item->next; switch (item->type) { case SCCONF_ITEM_TYPE_COMMENT: if (item->value.comment) { free(item->value.comment); } item->value.comment = NULL; break; case SCCONF_ITEM_TYPE_BLOCK: scconf_block_destroy(item->value.block); break; case SCCONF_ITEM_TYPE_VALUE: scconf_list_destroy(item->value.list); break; } if (item->key) { free(item->key); } item->key = NULL; free(item); item = next; } } scconf_block *scconf_block_copy(const scconf_block * src, scconf_block ** dst) { if (src) { scconf_block *_dst = NULL; _dst = (scconf_block *) malloc(sizeof(scconf_block)); if (!_dst) { return NULL; } memset(_dst, 0, sizeof(scconf_block)); if (src->name) { scconf_list_copy(src->name, &_dst->name); } if (src->items) { scconf_item_copy(src->items, &_dst->items); } *dst = _dst; return _dst; } return NULL; } void scconf_block_destroy(scconf_block * block) { if (block) { scconf_list_destroy(block->name); scconf_item_destroy(block->items); free(block); } } scconf_list *scconf_list_add(scconf_list ** list, const char *value) { scconf_list *rec, **tmp; rec = (scconf_list *) malloc(sizeof(scconf_list)); if (!rec) { return NULL; } memset(rec, 0, sizeof(scconf_list)); rec->data = value ? strdup(value) : NULL; if (!*list) { *list = rec; } else { for (tmp = list; *tmp; tmp = &(*tmp)->next); *tmp = rec; } return rec; } scconf_list *scconf_list_copy(const scconf_list * src, scconf_list ** dst) { scconf_list *next; while (src) { next = src->next; scconf_list_add(dst, src->data); src = next; } return *dst; } void scconf_list_destroy(scconf_list * list) { scconf_list *next; while (list) { next = list->next; if (list->data) { free(list->data); } free(list); list = next; } } int scconf_list_array_length(const scconf_list * list) { int len = 0; while (list) { len++; list = list->next; } return len; } int scconf_list_strings_length(const scconf_list * list) { int len = 0; while (list && list->data) { len += strlen(list->data) + 1; list = list->next; } return len; } const char **scconf_list_toarray(const scconf_list * list) { const scconf_list * lp = list; const char **tp; int len = 0; while (lp) { len++; lp = lp->next; } tp = (const char **)malloc(sizeof(char *) * (len + 1)); if (!tp) return tp; lp = list; len = 0; while (lp) { tp[len] = lp->data; len++; lp = lp->next; } tp[len] = NULL; return tp; } char *scconf_list_strdup(const scconf_list * list, const char *filler) { char *buf = NULL; int len = 0; if (!list) { return NULL; } len = scconf_list_strings_length(list); if (filler) { len += scconf_list_array_length(list) * (strlen(filler) + 1); } buf = (char *) malloc(len); if (!buf) { return NULL; } memset(buf, 0, len); while (list && list->data) { strcat(buf, list->data); if (filler) { strcat(buf, filler); } list = list->next; } if (filler) buf[strlen(buf) - strlen(filler)] = '\0'; return buf; } static scconf_block **getblocks(const scconf_context * config, const scconf_block * block, scconf_entry * entry) { scconf_block **blocks = NULL, **tmp; blocks = scconf_find_blocks(config, block, entry->name, NULL); if (blocks) { if (blocks[0] != NULL) { if (config->debug) { fprintf(stderr, "block found (%s)\n", entry->name); } return blocks; } free(blocks); blocks = NULL; } if (scconf_find_list(block, entry->name) != NULL) { if (config->debug) { fprintf(stderr, "list found (%s)\n", entry->name); } tmp = (scconf_block **) realloc(blocks, sizeof(scconf_block *) * 2); if (!tmp) { free(blocks); return NULL; } blocks = tmp; blocks[0] = (scconf_block *) block; blocks[1] = NULL; } return blocks; } static int parse_entries(const scconf_context * config, const scconf_block * block, scconf_entry * entry, int depth); static int parse_type(const scconf_context * config, const scconf_block * block, scconf_entry * entry, int depth) { void *parm = entry->parm; size_t *len = (size_t *) entry->arg; int (*callback_func) (const scconf_context * config, const scconf_block * block, scconf_entry * entry, int depth) = (int (*)(const scconf_context *, const scconf_block *, scconf_entry *, int)) parm; int r = 0; if (config->debug) { fprintf(stderr, "decoding '%s'\n", entry->name); } switch (entry->type) { case SCCONF_CALLBACK: if (parm) { r = callback_func(config, block, entry, depth); } break; case SCCONF_BLOCK: if (parm) { r = parse_entries(config, block, (scconf_entry *) parm, depth + 1); } break; case SCCONF_LIST: { const scconf_list *val = scconf_find_list(block, entry->name); if (!val) { r = 1; break; } if (parm) { if (entry->flags & SCCONF_ALLOC) { scconf_list *dest = NULL; for (; val != NULL; val = val->next) { if (!scconf_list_add(&dest, val->data)) { r = 1; break; } } *((scconf_list **) parm) = dest; } else { *((const scconf_list **) parm) = val; } } if (entry->flags & SCCONF_VERBOSE) { char *buf = scconf_list_strdup(val, ", "); printf("%s = %s\n", entry->name, buf); free(buf); } } break; case SCCONF_BOOLEAN: { int val = scconf_get_bool(block, entry->name, 0); if (parm) { *((int *) parm) = val; } if (entry->flags & SCCONF_VERBOSE) { printf("%s = %s\n", entry->name, val == 0 ? "false" : "true"); } } break; case SCCONF_INTEGER: { int val = scconf_get_int(block, entry->name, 0); if (parm) { *((int *) parm) = val; } if (entry->flags & SCCONF_VERBOSE) { printf("%s = %i\n", entry->name, val); } } break; case SCCONF_STRING: { const char *val = scconf_get_str(block, entry->name, NULL); int vallen = val ? strlen(val) : 0; if (!vallen) { r = 1; break; } if (parm) { if (entry->flags & SCCONF_ALLOC) { char **buf = (char **) parm; *buf = (char *) malloc(vallen + 1); if (*buf == NULL) { r = 1; break; } memset(*buf, 0, vallen + 1); if (len) { *len = vallen; } parm = *buf; } memcpy((char *) parm, val, vallen); } if (entry->flags & SCCONF_VERBOSE) { printf("%s = %s\n", entry->name, val); } } break; default: fprintf(stderr, "invalid configuration type: %d\n", entry->type); } if (r) { fprintf(stderr, "decoding of configuration entry '%s' failed.\n", entry->name); return r; } entry->flags |= SCCONF_PRESENT; return 0; } static int parse_entries(const scconf_context * config, const scconf_block * block, scconf_entry * entry, int depth) { int r, i, idx; scconf_entry *e; scconf_block **blocks = NULL; if (config->debug) { fprintf(stderr, "parse_entries called, depth %d\n", depth); } for (idx = 0; entry[idx].name; idx++) { e = &entry[idx]; blocks = getblocks(config, block, e); if (!blocks) { if (!(e->flags & SCCONF_MANDATORY)) { if (config->debug) fprintf(stderr, "optional configuration entry '%s' not present\n", e->name); continue; } fprintf(stderr, "mandatory configuration entry '%s' not found\n", e->name); return 1; } for (i = 0; blocks[i]; i++) { r = parse_type(config, blocks[i], e, depth); if (r) { free(blocks); return r; } if (!(e->flags & SCCONF_ALL_BLOCKS)) break; } free(blocks); } return 0; } int scconf_parse_entries(const scconf_context * config, const scconf_block * block, scconf_entry * entry) { if (!entry) return 1; if (!block) block = config->root; return parse_entries(config, block, entry, 0); } static int write_entries(scconf_context * config, scconf_block * block, scconf_entry * entry, int depth); static int write_type(scconf_context * config, scconf_block * block, scconf_entry * entry, int depth) { void *parm = entry->parm; void *arg = entry->arg; int (*callback_func) (scconf_context * config, scconf_block * block, scconf_entry * entry, int depth) = (int (*)(scconf_context *, scconf_block *, scconf_entry *, int)) parm; int r = 0; if (config->debug) { fprintf(stderr, "encoding '%s'\n", entry->name); } switch (entry->type) { case SCCONF_CALLBACK: if (parm) { r = callback_func(config, block, entry, depth); } break; case SCCONF_BLOCK: if (parm) { scconf_block *subblock; const scconf_list *name = (const scconf_list *) arg; subblock = scconf_block_add(config, block, entry->name, name); r = write_entries(config, subblock, (scconf_entry *) parm, depth + 1); } break; case SCCONF_LIST: if (parm) { const scconf_list *val = (const scconf_list *) parm; scconf_item_add(config, block, NULL, SCCONF_ITEM_TYPE_VALUE, entry->name, val); if (entry->flags & SCCONF_VERBOSE) { char *buf = scconf_list_strdup(val, ", "); printf("%s = %s\n", entry->name, buf); free(buf); } } break; case SCCONF_BOOLEAN: if (parm) { const int val = * (int* ) parm; scconf_put_bool(block, entry->name, val); if (entry->flags & SCCONF_VERBOSE) { printf("%s = %s\n", entry->name, val == 0 ? "false" : "true"); } } break; case SCCONF_INTEGER: if (parm) { const int val = * (int*) parm; scconf_put_int(block, entry->name, val); if (entry->flags & SCCONF_VERBOSE) { printf("%s = %i\n", entry->name, val); } } break; case SCCONF_STRING: if (parm) { const char *val = (const char *) parm; scconf_put_str(block, entry->name, val); if (entry->flags & SCCONF_VERBOSE) { printf("%s = %s\n", entry->name, val); } } break; default: fprintf(stderr, "invalid configuration type: %d\n", entry->type); } if (r) { fprintf(stderr, "encoding of configuration entry '%s' failed.\n", entry->name); return r; } entry->flags |= SCCONF_PRESENT; return 0; } static int write_entries(scconf_context * config, scconf_block * block, scconf_entry * entry, int depth) { int r, idx; scconf_entry *e; if (config->debug) { fprintf(stderr, "write_entries called, depth %d\n", depth); } for (idx = 0; entry[idx].name; idx++) { e = &entry[idx]; r = write_type(config, block, e, depth); if (r) { return r; } } return 0; } int scconf_write_entries(scconf_context * config, scconf_block * block, scconf_entry * entry) { if (!entry) return 1; if (!block) block = config->root; return write_entries(config, block, entry, 0); } pam_pkcs11-0.6.8/src/scconf/sclex.c0000644000175000017500000001003411460625464013737 00000000000000/* * $Id: sclex.c 245 2007-04-12 10:07:57Z ludovic.rousseau $ * * Copyright (C) 2003 * Jamie Honan * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #ifdef HAVE_STRINGS_H #include #endif #include "scconf.h" #include "internal.h" typedef struct { char *buf; size_t bufmax; size_t bufcur; int saved_char; const char *saved_string; FILE *fp; } BUFHAN; static void buf_init(BUFHAN * bp, FILE * fp, const char *saved_string) { bp->fp = fp; bp->saved_char = 0; bp->buf = (char *) malloc(256); bp->bufmax = 256; bp->bufcur = 0; bp->buf[0] = '\0'; bp->saved_string = saved_string; } static void buf_addch(BUFHAN * bp, char ch) { if (bp->bufcur >= bp->bufmax) { bp->bufmax += 256; bp->buf = (char *) realloc(bp->buf, bp->bufmax); } #if 0 printf("pushback %c\n", ch); #endif bp->buf[bp->bufcur++] = ch; bp->buf[bp->bufcur] = '\0'; } static int buf_nextch(BUFHAN * bp) { int saved; if (bp->saved_char) { saved = bp->saved_char; bp->saved_char = 0; return saved; } if (bp->saved_string) { if (*(bp->saved_string) == '\0') return EOF; saved = (unsigned char) (*(bp->saved_string++)); return saved; } else { saved = fgetc(bp->fp); return saved; } } static void buf_finished(BUFHAN * bp) { if (bp->buf) { free(bp->buf); bp->buf = NULL; } } static void buf_eat_till(BUFHAN * bp, char start, const char *end) { int i; if (start) { buf_addch(bp, start); } while (1) { i = buf_nextch(bp); if (i == EOF) return; if (strchr(end, i)) { bp->saved_char = i; return; } buf_addch(bp, (char) i); } } static void buf_zero(BUFHAN * bp) { bp->bufcur = 0; bp->buf[0] = '\0'; } static int scconf_lex_engine(scconf_parser * parser, BUFHAN * bp) { int this_char; while (1) { switch (this_char = buf_nextch(bp)) { case '#': /* comment till end of line */ buf_eat_till(bp, '#', "\r\n"); scconf_parse_token(parser, TOKEN_TYPE_COMMENT, bp->buf); buf_zero(bp); continue; case '\n': scconf_parse_token(parser, TOKEN_TYPE_NEWLINE, NULL); continue; case ' ': case '\t': case '\r': /* eat up whitespace */ continue; case ',': case '{': case '}': case '=': case ';': buf_addch(bp, (char) this_char); scconf_parse_token(parser, TOKEN_TYPE_PUNCT, bp->buf); buf_zero(bp); continue; case '"': buf_eat_till(bp, (char) this_char, "\"\r\n"); buf_addch(bp, (char) buf_nextch(bp)); scconf_parse_token(parser, TOKEN_TYPE_STRING, bp->buf); buf_zero(bp); continue; case EOF: break; default: buf_eat_till(bp, (char) this_char, ";, \t\r\n"); scconf_parse_token(parser, TOKEN_TYPE_STRING, bp->buf); buf_zero(bp); continue; } break; } buf_finished(bp); return 1; } int scconf_lex_parse(scconf_parser * parser, const char *filename) { FILE *fp; BUFHAN bhan; int ret; fp = fopen(filename, "r"); if (!fp) { parser->error = 1; snprintf(parser->emesg, sizeof(parser->emesg), "File %s can't be opened\n", filename); return 0; } buf_init(&bhan, fp, (char *) NULL); ret = scconf_lex_engine(parser, &bhan); fclose(fp); return ret; } int scconf_lex_parse_string(scconf_parser * parser, const char *string) { BUFHAN bhan; int ret; buf_init(&bhan, (FILE *) NULL, string); ret = scconf_lex_engine(parser, &bhan); return ret; } pam_pkcs11-0.6.8/src/scconf/README.scconf0000644000175000017500000002264311460625464014620 00000000000000A short introduction to scconf as an API and a file format ========================================================== written by Jamie Honan The scconf system is a small system library for handling scconf files. Why should anyone care about scconf format? It is a handy format for short pieces of structured data. Handy because: - it is readable, which makes support easy - it is easy to parse and write - it is extensible, you can add fields without breaking things It isn't - XML, so it doesn't need xml parsing - suitable for large amounts of data, like a database or text files It doesn't have - anything else but data. No locking, no threads etc. It has heirarchical data blocks, it has lists. Similar, but different: - .ini files. scconf is block structured, has lists and arrays - xml. xml is more complete, but requires a lot of overhead - sexp. sexp resembles lisp with it's use of parenthesis. sexp has modes for binary. scconf really doesn't have binary - yaml. yaml is larger What does it look like? ======================= Like this: transport_stream { id = 0x0009; original_network_id = 0x1000; sat_tuning_info { frequency = 12278000; symbol_rate = 30000000; polarization = 0; } service { id = 0x0064; pmt_pid = 0x0101; type = 144; name = "aGuide"; provider_name = "A"; } service { id = 0x238D; pmt_pid = 0x0623; type = 144; name = "aCar"; provider_name = "A"; } } Why doesn't it have X, why don't you use XML? ============================================= Maybe it should. Maybe XML is the answer. Maybe a database is more appropriate. It's all a trade-off. You choose. API === There are four useful structures. scconf_block, scconf_list, scconf_item, and a scconf_context. A context is similar to a file, except in memory. Within a context there is a root block. Within each block there are one or more items. Items can be sub-blocks, lists, or comments. Every item can have a name, or key. A list can have one or more values; boolean, integer or string. A context contains a root block, which contains one or more blocks. A block is : key [[,] name [[,] name ... ] ] { block_contents } block_contents is one or more block_items block_items is one of # comment string \n or key [[,] name [[,] name ... ] ] = value [[,] value ... ]]; or block Initialising and file handling ============================== Allocate scconf_context The filename can be NULL. The file is not read at this point, but in the function scconf_parse. scconf_context *scconf_new(const char *filename); Free scconf_context void scconf_free(scconf_context * config); Parse configuration Returns 1 = ok, 0 = error, -1 = error opening config file int scconf_parse(scconf_context * config); Write config to a file If the filename is NULL, use the config->filename Returns 0 = ok, else = errno int scconf_write(scconf_context * config, const char *filename); Finding items and blocks ======================== Find a block by key If the block is NULL, the root block is used const scconf_block *scconf_find_block(const scconf_context * config, const scconf_block * block, const char *item_name); This finds a block in the given context. This function doesn't descend the heirarchy, it only finds blocks in the top level of either the context (the root block) or of the block given in the block paramter (if not NULL). The block pointer returned points to data held by the context, hence the const qualifier. Find blocks by key and possibly name If the block is NULL, the root block is used The key can be used to specify what the blocks first name should be scconf_block **scconf_find_blocks(const scconf_context * config, const scconf_block * block, const char *item_name, const char *key); This function is similar to scconf_find_block above, except that an array of pointers to matched blocks is returned. Each pointer points to data held by the context. The last entry in the returned table is the null pointer. The table should be freed after use, but the individual pointers to blocks point to data held by the context. The key values for blocks is matched. If name is not NULL, the block name must also match. Get a list of values for option const scconf_list *scconf_find_list(const scconf_block * block, const char *option); Find an item that has a value (i.e. is not a block nor a comment), and return the values for that item as a list. The list is held in memory owned by the context. Return the first string of the option If no option found, return def const char *scconf_get_str(const scconf_block * block, const char *option, const char *def); This is similar to scconf_find_list, but instead of returning the whole list, just return the first value, as a string. If this is not possible, return the default value. Again the value returned is either a pointer the default value or to memory held by the context. Return the first value of the option as integer If no option found, return def int scconf_get_int(const scconf_block * block, const char *option, int def); This is similar to scconf_get_str, but an integer value is returned. Return the first value of the option as boolean If no option found, return def int scconf_get_bool(const scconf_block * block, const char *option, int def); This completes the types that can be returned by a find. For parsing blocks and items ============================ A table of scconf_entry values is used, terminated by a NULL name value. This table is passed to the routine scconf_parse_entries. This function walks the current context or block, and adds the data to the scconf_entry table entries. Sub-blocks can be walked, using SCCONF_BLOCK, and callbacks can be issued using SCCONF_CALLBACK. This is a handy method for accessing scconf data from within a program. typedef struct _scconf_entry { const char *name; * Look for blocks with this key, or check if this * block has an item with this key. Run the block * or blocks found against the rest of this entry * Stop after the first one, unless * SCCONF_ALL_BLOCKS is set in flags unsigned int type; * SCCONF_CALLBACK * parm contains a function ptr of type * int (*callback)(scconf_context* context, * scconf_block* block, * scconf_entry* entry, * int depth); * run the callback with the block found * * SCCONF_BLOCK * param contains a pointer to another entry table * use the found block against every entry * in the pointed entry table * * SCCONF_LIST * SCCONF_BOOLEAN * SCCONF_INTEGER * SCCONF_STRING * find the entry with the key given in name in * the found block. Return the value found * to parm as follows: * SCCONF_INTEGER: * if parm not NULL, then * points to integer location to put * the value * SCCONF_BOOLEAN: * if parm not NULL, then * points to integer location to put * the value * SCCONF_STRING: * if parm not NULL, then * if flag bit SCCONF_ALLOC not set * then parm points to a buffer * else * parm points to a pointer where * the pointer to an allocated * buffer should be stored. * if arg is not NULL, points * to a location where the buffer * length (size_t) is to be stored * SCCONF_LIST: * if parm not NULL, then * if flag bit SCCONF_ALLOC not set * then parm points to a location * where a pointer to the list * can be stored * else * then parm points to a location * where a pointer to a copy of list * can be stored * * unsigned int flags; * SCCONF_PRESENT * This bit is or'ed in when found * SCCONF_MANDATORY * If not found, this is a fault * SCCONF_ALLOC * C.f. type above * SCCONF_ALL_BLOCKS * C.f. name above * SCCONF_VERBOSE * For debugging void *parm; void *arg; } scconf_entry; For adding blocks and items =========================== A table of scconf_entry values is used, terminated by a NULL name value. This table is passed to the routine scconf_write_entries. This function adds the scconf_entry table entries to the current block. Sub-blocks can be added, and callbacks can be issued. This is a handy method for adding scconf data from within a program. typedef struct _scconf_entry { const char *name; * key value for blocks and items * unsigned int type; * SCCONF_CALLBACK * parm contains a function ptr of type * int (*callback)(scconf_context* context, * scconf_block* block, * scconf_entry* entry, * int depth); * * SCCONF_BLOCK * param contains a pointer to another entry table * the entry table is added as a block to the * current block, with name as the key, and * arg is a list of names * * SCCONF_LIST * SCCONF_BOOLEAN * SCCONF_INTEGER * SCCONF_STRING * these add key=value pairs to the current * block. The value is in parm. * unsigned int flags; * SCCONF_PRESENT * This bit is or'ed in when item added void *parm; void *arg; } scconf_entry; pam_pkcs11-0.6.8/src/scconf/internal.h0000644000175000017500000000317511460625464014452 00000000000000/* * $Id: internal.h 233 2007-04-04 09:52:54Z ludovic.rousseau $ * * Copyright (C) 2002 * Antti Tapaninen * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #ifndef _SCCONF_INTERNAL_H #define _SCCONF_INTERNAL_H #ifdef __cplusplus extern "C" { #endif #define TOKEN_TYPE_COMMENT 0 #define TOKEN_TYPE_NEWLINE 1 #define TOKEN_TYPE_STRING 2 #define TOKEN_TYPE_PUNCT 3 typedef struct _scconf_parser { scconf_context *config; scconf_block *block; scconf_item *last_item, *current_item; char *key; scconf_list *name; int state; int last_token_type; int line; unsigned int error:1; unsigned int warnings:1; char emesg[256]; } scconf_parser; extern int scconf_lex_parse(scconf_parser * parser, const char *filename); extern int scconf_lex_parse_string(scconf_parser * parser, const char *config_string); extern void scconf_parse_token(scconf_parser * parser, int token_type, const char *token); #ifdef __cplusplus } #endif #endif pam_pkcs11-0.6.8/src/scconf/Makefile.am0000644000175000017500000000062511460625464014516 00000000000000# Process this file with automake to create Makefile.in MAINTAINERCLEANFILES = Makefile.in DISTCLEANFILES = lex-parse.c EXTRA_DIST = README.scconf lex-parse.l noinst_HEADERS = internal.h scconf.h #noinst_PROGRAMS = test-conf noinst_LTLIBRARIES = libscconf.la libscconf_la_SOURCES = scconf.h internal.h scconf.c parse.c write.c sclex.c #test_conf_SOURCES = test-conf.c #test_conf_LDADD = libscconf.la pam_pkcs11-0.6.8/src/scconf/Makefile.in0000644000175000017500000004222411740072345014523 00000000000000# Makefile.in generated by automake 1.11.3 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Process this file with automake to create Makefile.in VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ subdir = src/scconf DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/aclocal/acx_pthread.m4 \ $(top_srcdir)/aclocal/gettext.m4 \ $(top_srcdir)/aclocal/iconv.m4 $(top_srcdir)/aclocal/lib-ld.m4 \ $(top_srcdir)/aclocal/lib-link.m4 \ $(top_srcdir)/aclocal/lib-prefix.m4 \ $(top_srcdir)/aclocal/libtool.m4 \ $(top_srcdir)/aclocal/ltoptions.m4 \ $(top_srcdir)/aclocal/ltsugar.m4 \ $(top_srcdir)/aclocal/ltversion.m4 \ $(top_srcdir)/aclocal/lt~obsolete.m4 \ $(top_srcdir)/aclocal/nls.m4 $(top_srcdir)/aclocal/po.m4 \ $(top_srcdir)/aclocal/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = LTLIBRARIES = $(noinst_LTLIBRARIES) libscconf_la_LIBADD = am_libscconf_la_OBJECTS = scconf.lo parse.lo write.lo sclex.lo libscconf_la_OBJECTS = $(am_libscconf_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) am__v_CC_0 = @echo " CC " $@; AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; SOURCES = $(libscconf_la_SOURCES) DIST_SOURCES = $(libscconf_la_SOURCES) HEADERS = $(noinst_HEADERS) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ CRYPTO_LIBS = @CRYPTO_LIBS@ CURL_CFLAGS = @CURL_CFLAGS@ CURL_LIBS = @CURL_LIBS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDAP_CFLAGS = @LDAP_CFLAGS@ LDAP_LIBS = @LDAP_LIBS@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NM = @NM@ NMEDIT = @NMEDIT@ NSS_CFLAGS = @NSS_CFLAGS@ NSS_LIBS = @NSS_LIBS@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ POSUB = @POSUB@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ MAINTAINERCLEANFILES = Makefile.in DISTCLEANFILES = lex-parse.c EXTRA_DIST = README.scconf lex-parse.l noinst_HEADERS = internal.h scconf.h #noinst_PROGRAMS = test-conf noinst_LTLIBRARIES = libscconf.la libscconf_la_SOURCES = scconf.h internal.h scconf.c parse.c write.c sclex.c all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/scconf/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/scconf/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-noinstLTLIBRARIES: -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done libscconf.la: $(libscconf_la_OBJECTS) $(libscconf_la_DEPENDENCIES) $(EXTRA_libscconf_la_DEPENDENCIES) $(AM_V_CCLD)$(LINK) $(libscconf_la_OBJECTS) $(libscconf_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parse.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scconf.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sclex.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/write.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) $(HEADERS) installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-noinstLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags uninstall uninstall-am #test_conf_SOURCES = test-conf.c #test_conf_LDADD = libscconf.la # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam_pkcs11-0.6.8/src/scconf/scconf.h0000644000175000017500000001475711460625464014121 00000000000000/* * $Id: scconf.h 233 2007-04-04 09:52:54Z ludovic.rousseau $ * * Copyright (C) 2002 * Antti Tapaninen * * Originally based on source by Timo Sirainen * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #ifndef _SC_CONF_H #define _SC_CONF_H #ifdef __cplusplus extern "C" { #endif typedef struct _scconf_entry { const char *name; unsigned int type; unsigned int flags; void *parm; void *arg; } scconf_entry; /* Entry flags */ #define SCCONF_PRESENT 0x00000001 #define SCCONF_MANDATORY 0x00000002 #define SCCONF_ALLOC 0x00000004 #define SCCONF_ALL_BLOCKS 0x00000008 #define SCCONF_VERBOSE 0x00000010 /* For debugging purposes only */ /* Entry types */ #define SCCONF_CALLBACK 1 #define SCCONF_BLOCK 2 #define SCCONF_LIST 3 #define SCCONF_BOOLEAN 11 #define SCCONF_INTEGER 12 #define SCCONF_STRING 13 typedef struct _scconf_block scconf_block; typedef struct _scconf_list { struct _scconf_list *next; char *data; } scconf_list; #define SCCONF_ITEM_TYPE_COMMENT 0 /* key = NULL, comment */ #define SCCONF_ITEM_TYPE_BLOCK 1 /* key = key, block */ #define SCCONF_ITEM_TYPE_VALUE 2 /* key = key, list */ typedef struct _scconf_item { struct _scconf_item *next; int type; char *key; union { char *comment; scconf_block *block; scconf_list *list; } value; } scconf_item; struct _scconf_block { scconf_block *parent; scconf_list *name; scconf_item *items; }; typedef struct { char *filename; int debug; scconf_block *root; char *errmsg; } scconf_context; /* Allocate scconf_context * The filename can be NULL */ extern scconf_context *scconf_new(const char *filename); /* Free scconf_context */ extern void scconf_free(scconf_context * config); /* Parse configuration * Returns 1 = ok, 0 = error, -1 = error opening config file */ extern int scconf_parse(scconf_context * config); /* Parse a static configuration string * Returns 1 = ok, 0 = error */ extern int scconf_parse_string(scconf_context * config, const char *string); /* Parse entries */ extern int scconf_parse_entries(const scconf_context * config, const scconf_block * block, scconf_entry * entry); /* Write config to a file * If the filename is NULL, use the config->filename * Returns 0 = ok, else = errno */ extern int scconf_write(scconf_context * config, const char *filename); /* Write configuration entries to block */ extern int scconf_write_entries(scconf_context * config, scconf_block * block, scconf_entry * entry); /* Find a block by the item_name * If the block is NULL, the root block is used */ extern const scconf_block *scconf_find_block(const scconf_context * config, const scconf_block * block, const char *item_name); /* Find blocks by the item_name * If the block is NULL, the root block is used * The key can be used to specify what the blocks first name should be */ extern scconf_block **scconf_find_blocks(const scconf_context * config, const scconf_block * block, const char *item_name, const char *key); /* Get a list of values for option */ extern const scconf_list *scconf_find_list(const scconf_block * block, const char *option); /* Return the first string of the option * If no option found, return def */ extern const char *scconf_get_str(const scconf_block * block, const char *option, const char *def); /* Return the first value of the option as integer * If no option found, return def */ extern int scconf_get_int(const scconf_block * block, const char *option, int def); /* Return the first value of the option as boolean * If no option found, return def */ extern int scconf_get_bool(const scconf_block * block, const char *option, int def); /* Write value to a block as a string */ extern const char *scconf_put_str(scconf_block * block, const char *option, const char *value); /* Write value to a block as an integer */ extern int scconf_put_int(scconf_block * block, const char *option, int value); /* Write value to a block as a boolean */ extern int scconf_put_bool(scconf_block * block, const char *option, int value); /* Add block structure * If the block is NULL, the root block is used */ extern scconf_block *scconf_block_add(scconf_context * config, scconf_block * block, const char *key, const scconf_list *name); /* Copy block structure (recursive) */ extern scconf_block *scconf_block_copy(const scconf_block * src, scconf_block ** dst); /* Free block structure (recursive) */ extern void scconf_block_destroy(scconf_block * block); /* Add item to block structure * If the block is NULL, the root block is used */ extern scconf_item *scconf_item_add(scconf_context * config, scconf_block * block, scconf_item * item, int type, const char *key, const void *data); /* Copy item structure (recursive) */ extern scconf_item *scconf_item_copy(const scconf_item * src, scconf_item ** dst); /* Free item structure (recursive) */ extern void scconf_item_destroy(scconf_item * item); /* Add a new value to the list */ extern scconf_list *scconf_list_add(scconf_list ** list, const char *value); /* Copy list structure */ extern scconf_list *scconf_list_copy(const scconf_list * src, scconf_list ** dst); /* Free list structure */ extern void scconf_list_destroy(scconf_list * list); /* Return the length of an list array */ extern int scconf_list_array_length(const scconf_list * list); /* Return the combined length of the strings on all arrays */ extern int scconf_list_strings_length(const scconf_list * list); /* Return an allocated string that contains all * the strings in a list separated by the filler * The filler can be NULL */ extern char *scconf_list_strdup(const scconf_list * list, const char *filler); /* Returns an allocated array of const char *pointers to * list elements. * Last pointer is NULL * Array must be freed, but pointers to strings belong to scconf_list */ extern const char **scconf_list_toarray(const scconf_list * list); #ifdef __cplusplus } #endif #endif pam_pkcs11-0.6.8/src/scconf/parse.c0000644000175000017500000002377511460625464013753 00000000000000/* * $Id: parse.c 372 2009-09-21 12:08:21Z ludovic.rousseau $ * * Copyright (C) 2002 * Antti Tapaninen * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #ifdef HAVE_STRINGS_H #include #endif #include #include "scconf.h" #include "internal.h" #define STATE_NAME 0x01 #define STATE_VALUE 0x02 #define STATE_SET 0x10 static scconf_item *scconf_get_last_item(scconf_block *root) { scconf_block *block = root; scconf_item *item; for (item = root->items; item; item = item->next) { if (!item->next) { return item; } } return block->items; } static void scconf_parse_error(scconf_parser * parser, const char *error) { /* FIXME: save the error somewhere */ parser->error = 1; snprintf(parser->emesg, sizeof(parser->emesg), "Line %d: %s\n", parser->line, error); } static void scconf_parse_error_not_expect(scconf_parser * parser, const char *token) { /* FIXME: save the error somewhere */ parser->error = 1; snprintf(parser->emesg, sizeof(parser->emesg), "Line %d: not expecting '%s'\n", parser->line, token); } static void scconf_parse_warning_expect(scconf_parser * parser, const char *token) { /* FIXME: save the warnings somewhere */ parser->warnings = 1; snprintf(parser->emesg, sizeof(parser->emesg), "Line %d: missing '%s', ignoring\n", parser->line, token); } static scconf_item *scconf_item_find(scconf_parser * parser, const char *key) { scconf_item *item; for (item = parser->block->items; item; item = item->next) { if (item->type == SCCONF_ITEM_TYPE_VALUE && strcasecmp(item->key, parser->key) == 0) { return item; } } return item; } static scconf_item *scconf_item_add_internal(scconf_parser * parser, int type) { scconf_item *item; if (type == SCCONF_ITEM_TYPE_VALUE) { /* if item with same key already exists, use it */ item = scconf_item_find(parser, parser->key); if (item) { if (parser->key) { free(parser->key); } parser->key = NULL; parser->current_item = item; return item; } } item = (scconf_item *) malloc(sizeof(scconf_item)); if (!item) { return NULL; } memset(item, 0, sizeof(scconf_item)); item->type = type; item->key = parser->key; parser->key = NULL; if (parser->last_item) { parser->last_item->next = item; } else { parser->block->items = item; } parser->current_item = parser->last_item = item; return item; } scconf_item *scconf_item_add(scconf_context * config, scconf_block * block, scconf_item * item, int type, const char *key, const void *data) { scconf_parser parser; scconf_block *dst = NULL; if (!config && !block) return NULL; if (!data) return NULL; memset(&parser, 0, sizeof(scconf_parser)); parser.config = config ? config : NULL; parser.key = key ? strdup(key) : NULL; parser.block = block ? block : config->root; parser.name = NULL; parser.last_item = scconf_get_last_item(parser.block); parser.current_item = item; if (type == SCCONF_ITEM_TYPE_BLOCK) { scconf_block_copy((const scconf_block *) data, &dst); scconf_list_copy(dst->name, &parser.name); } scconf_item_add_internal(&parser, type); switch (parser.current_item->type) { case SCCONF_ITEM_TYPE_COMMENT: parser.current_item->value.comment = strdup((const char *) data); break; case SCCONF_ITEM_TYPE_BLOCK: if (!dst) return NULL; dst->parent = parser.block; parser.current_item->value.block = dst; scconf_list_destroy(parser.name); break; case SCCONF_ITEM_TYPE_VALUE: scconf_list_copy((const scconf_list *) data, &parser.current_item->value.list); break; } return parser.current_item; } static void scconf_block_add_internal(scconf_parser * parser) { scconf_block *block; scconf_item *item; item = scconf_item_add_internal(parser, SCCONF_ITEM_TYPE_BLOCK); block = (scconf_block *) malloc(sizeof(scconf_block)); if (!block) { return; } memset(block, 0, sizeof(scconf_block)); block->parent = parser->block; item->value.block = block; if (!parser->name) { scconf_list_add(&parser->name, ""); } block->name = parser->name; parser->name = NULL; parser->block = block; parser->last_item = NULL; } scconf_block *scconf_block_add(scconf_context * config, scconf_block * block, const char *key, const scconf_list *name) { scconf_parser parser; if (!config) return NULL; memset(&parser, 0, sizeof(scconf_parser)); parser.config = config; parser.key = key ? strdup(key) : NULL; parser.block = block ? block : config->root; scconf_list_copy(name, &parser.name); parser.last_item = scconf_get_last_item(parser.block); parser.current_item = parser.block->items; scconf_block_add_internal(&parser); return parser.block; } static void scconf_parse_parent(scconf_parser * parser) { parser->block = parser->block->parent; parser->last_item = parser->block->items; if (parser->last_item) { while (parser->last_item->next) { parser->last_item = parser->last_item->next; } } } static void scconf_parse_reset_state(scconf_parser * parser) { if (parser) { if (parser->key) { free(parser->key); } scconf_list_destroy(parser->name); parser->key = NULL; parser->name = NULL; parser->state = 0; } } void scconf_parse_token(scconf_parser * parser, int token_type, const char *token) { scconf_item *item; int len; if (parser->error) { /* fatal error */ return; } switch (token_type) { case TOKEN_TYPE_NEWLINE: parser->line++; if (parser->last_token_type != TOKEN_TYPE_NEWLINE) { break; } /* fall through - treat empty lines as comments */ case TOKEN_TYPE_COMMENT: item = scconf_item_add_internal(parser, SCCONF_ITEM_TYPE_COMMENT); item->value.comment = token ? strdup(token) : NULL; break; case TOKEN_TYPE_STRING: { char *stoken = NULL; if ((parser->state & (STATE_VALUE | STATE_SET)) == (STATE_VALUE | STATE_SET)) { scconf_parse_warning_expect(parser, ";"); scconf_parse_reset_state(parser); } if (*token == '"') { /* quoted string, remove them */ token++; len = strlen(token); if (len < 1 || token[len - 1] != '"') { scconf_parse_warning_expect(parser, "\""); } else { /* stoken */ stoken = token ? strdup(token) : NULL; if (stoken) { stoken[len - 1] = '\0'; } } } if (!stoken) { stoken = token ? strdup(token) : NULL; } if (parser->state == 0) { /* key */ parser->key = stoken ? strdup(stoken) : NULL; parser->state = STATE_NAME; } else if (parser->state == STATE_NAME) { /* name */ parser->state |= STATE_SET; scconf_list_add(&parser->name, stoken); } else if (parser->state == STATE_VALUE) { /* value */ parser->state |= STATE_SET; scconf_list_add(&parser->current_item->value.list, stoken); } else { /* error */ scconf_parse_error_not_expect(parser, stoken); } if (stoken) { free(stoken); } stoken = NULL; } break; case TOKEN_TYPE_PUNCT: switch (*token) { case '{': if ((parser->state & STATE_NAME) == 0) { scconf_parse_error_not_expect(parser, "{"); break; } scconf_block_add_internal(parser); scconf_parse_reset_state(parser); break; case '}': if (parser->state != 0) { if ((parser->state & STATE_VALUE) == 0 || (parser->state & STATE_SET) == 0) { scconf_parse_error_not_expect(parser, "}"); break; } /* foo = bar } */ scconf_parse_warning_expect(parser, ";"); scconf_parse_reset_state(parser); } if (!parser->block->parent) { /* too many '}' */ scconf_parse_error(parser, "missing matching '{'"); break; } scconf_parse_parent(parser); break; case ',': if ((parser->state & (STATE_NAME | STATE_VALUE)) == 0) { scconf_parse_error_not_expect(parser, ","); } parser->state &= ~STATE_SET; break; case '=': if ((parser->state & STATE_NAME) == 0) { scconf_parse_error_not_expect(parser, "="); break; } scconf_item_add_internal(parser, SCCONF_ITEM_TYPE_VALUE); parser->state = STATE_VALUE; break; case ';': #if 0 if ((parser->state & STATE_VALUE) == 0 || (parser->state & STATE_SET) == 0) { scconf_parse_error_not_expect(parser, ";"); break; } #endif scconf_parse_reset_state(parser); break; default: snprintf(parser->emesg, sizeof(parser->emesg), "Line %d: bad token ignoring\n", parser->line); } break; } parser->last_token_type = token_type; } int scconf_parse(scconf_context * config) { static char buffer[256]; scconf_parser p; int r = 1; memset(&p, 0, sizeof(p)); p.config = config; p.block = config->root; p.line = 1; if (!scconf_lex_parse(&p, config->filename)) { snprintf(buffer, sizeof(buffer), "Unable to open \"%s\": %s", config->filename, strerror(errno)); r = -1; } else if (p.error) { strncpy(buffer, p.emesg, sizeof(buffer)-1); r = 0; } else { r = 1; } if (r <= 0) config->errmsg = buffer; return r; } int scconf_parse_string(scconf_context * config, const char *string) { static char buffer[256]; scconf_parser p; int r; memset(&p, 0, sizeof(p)); p.config = config; p.block = config->root; p.line = 1; if (!scconf_lex_parse_string(&p, string)) { snprintf(buffer, sizeof(buffer), "Failed to parse configuration string"); r = -1; } else if (p.error) { strncpy(buffer, p.emesg, sizeof(buffer)-1); r = 0; } else { r = 1; } if (r <= 0) config->errmsg = buffer; return r; } pam_pkcs11-0.6.8/src/scconf/lex-parse.l0000644000175000017500000000405711460625464014542 00000000000000%{ /* * $Id: lex-parse.l 233 2007-04-04 09:52:54Z ludovic.rousseau $ * * Copyright (C) 2002 * Antti Tapaninen * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #ifdef HAVE_CONFIG_H #include #endif #include #include "scconf.h" #include "internal.h" static scconf_parser *parser; %} %option noyywrap %option nounput %% "#"[^\r\n]* scconf_parse_token(parser, TOKEN_TYPE_COMMENT, yytext); \n scconf_parse_token(parser, TOKEN_TYPE_NEWLINE, NULL); [ \t\r]+ /* eat up whitespace */ [,{}=;] scconf_parse_token(parser, TOKEN_TYPE_PUNCT, yytext); \"[^\"\n\r]*\r*[\"\n] scconf_parse_token(parser, TOKEN_TYPE_STRING, yytext); [^;, \t\r\n]+ scconf_parse_token(parser, TOKEN_TYPE_STRING, yytext); %% #ifndef YY_CURRENT_BUFFER_LVALUE # define YY_CURRENT_BUFFER_LVALUE yy_current_buffer #endif static void do_lex(scconf_parser *p) { parser = p; yylex(); #if 1 /* For non-reentrant C scanner only. */ if (YY_CURRENT_BUFFER) { yy_delete_buffer(YY_CURRENT_BUFFER); YY_CURRENT_BUFFER_LVALUE = NULL; yy_init = 1; yy_start = 0; } #endif } int scconf_lex_parse(scconf_parser *p, const char *filename) { yyin = fopen(filename, "r"); if (yyin == NULL) return 0; do_lex(p); fclose(yyin); yyin = NULL; return 1; } int scconf_lex_parse_string(scconf_parser *p, const char *conf_string) { yy_scan_string(conf_string); do_lex(p); return 1; } pam_pkcs11-0.6.8/src/mappers/0000755000175000017500000000000011740072425012725 500000000000000pam_pkcs11-0.6.8/src/mappers/mail_mapper.h0000644000175000017500000000264711460625464015323 00000000000000/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: mail_mapper.h 358 2008-11-06 14:28:46Z ludovic.rousseau $ */ #ifndef __MAIL_MAPPER_H_ #define __MAIL_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef MAIL_MAPPER_STATIC #ifndef __MAIL_MAPPER_C_ #define MAIL_EXTERN extern #else #define MAIL_EXTERN #endif MAIL_EXTERN mapper_module * mail_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef MAIL_EXTERN /* end of static (if any) declarations */ #endif /* End of mail_mapper.h */ #endif pam_pkcs11-0.6.8/src/mappers/mail_mapper.c0000644000175000017500000001406211460625464015310 00000000000000/* * PAM-PKCS11 mail mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: mail_mapper.c 445 2010-08-14 16:19:36Z ludovic.rousseau $ */ #define __MAIL_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include #include #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "mail_mapper.h" /* * This mapper uses (if available) the optional email entry on the certificate * to find user name. */ /* where to retrieve aliases file ( email -> login pairs ) */ static const char *mapfile = "none"; /* ignore upper/lowercase in email comparisions */ static int ignorecase = 1; /* also check the domain part on email field */ static int ignoredomain = 1; static char *hostname = NULL; static int debug=0; /* * Extract list of email entries on certificate */ static char ** mail_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_EMAIL,ALGORITHM_NULL); if (!entries) { DBG("get_email() failed"); return NULL; } return entries; } /** * check mail domain name against hostname * returns match ignoredomain * false false -> 0 * false true -> 1 * true false -> 1 * true true -> 1 */ static int check_domain(char *domain) { if (ignoredomain) return 1; /* no domain check */ if (strlen(hostname)==0) return 1; /* empty domain */ if (!domain) return 0; if ( strstr(hostname,domain) ) return 1; return 0; } /** * compare previously mapped email against user name */ static int compare_email(char *email, const char *user) { char *c_email,*c_user; char *at; c_email= (ignorecase)?tolower_str(email):clone_str(email); c_user= (ignorecase)?tolower_str(user):clone_str(user); /* test if full login@mail.domain emailname is provided */ at = strchr(c_email, '@'); if (at != NULL) {/* domain provided: check ignoredomain flag*/ int flag= check_domain(1+at); if (!flag) { DBG2("Mail domain name %s does not match with %s",1+at,hostname); return 0; } return (at - c_email) == strlen(c_user) && !strncmp(c_email, c_user, strlen(c_user)); } else { /* no domain provide: just a strcmp */ return !strcmp(c_email, c_user); } } /* parses the certificate and return the email entry found, or NULL */ static char * mail_mapper_find_user(X509 *x509, void *context, int *match) { char **entries= cert_info(x509,CERT_EMAIL,ALGORITHM_NULL); if (!entries) { DBG("get_email() failed"); return NULL; } /* TODO: What's on ignoredomain flag ?*/ return mapfile_find(mapfile,entries[0],ignorecase,match); } /* * parses the certificate and try to macht any Email in the certificate * with provided user */ static int mail_mapper_match_user(X509 *x509, const char *login, void *context) { int match = 0; char *item; char *str; char **entries= cert_info(x509,CERT_EMAIL,ALGORITHM_NULL); if (!entries) { DBG("get_email() failed"); return 0; } DBG1("Trying to find match for user '%s'",login); for (item=*entries;item;item=*++entries) { DBG1("Trying to match email entry '%s'",item); str= mapfile_find(mapfile,item,ignorecase,&match); if (!str) { DBG("Mapping process failed"); return -1; /* TODO: perhaps should try to continue... */ } if(compare_email(str,login)) { DBG2("Found match from '%s' to '%s'",item,login); return 1; } } /* arriving here means no match */ DBG1("Cannot match any found email to '%s'",login); return 0; } _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = mail_mapper_find_entries; pt->finder = mail_mapper_find_user; pt->matcher = mail_mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * init routine * parse configuration block entry */ #ifndef MAIL_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * mail_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; if (blk) { debug = scconf_get_bool(blk,"debug",0); ignorecase = scconf_get_bool(blk,"ignorecase",ignorecase); ignoredomain = scconf_get_bool(blk,"ignoredomain",ignoredomain); mapfile = scconf_get_str(blk,"mapfile",mapfile); } else { DBG1("No block declaration for mapper '%s'",mapper_name); } set_debug_level(debug); /* obtain and store hostname */ /* Note: in some systems without nis/yp, getdomainname() call returns NULL. So instead we use gethostname() an match mail domain by mean strstr() funtion */ if (!ignoredomain) { hostname= calloc(256,sizeof(char)); if (!hostname) { DBG("Calloc for hostname failed"); } else { gethostname(hostname,255); *(hostname+255)='\0'; DBG1("Retrieved hostname: %s",hostname); } } pt = init_mapper_st(blk,mapper_name); if(pt) DBG3("Mail Mapper: ignorecase %d, ignoredomain %d, mapfile %s",ignorecase,ignoredomain, mapfile); else DBG("Mail mapper initialization error"); return pt; } pam_pkcs11-0.6.8/src/mappers/pwent_mapper.c0000644000175000017500000001311411606043640015510 00000000000000/* * PAM-PKCS11 CN to passwd mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: pwent_mapper.c 496 2011-06-10 11:52:48Z ludovic.rousseau $ */ #define __PWENT_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include #include #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "pwent_mapper.h" /* * This mapper search the common name (CN) of the certificate in * getpwent() passwd entries by trying to match login or gecos fields * * note: nss implementations use /etc/nsswitch.conf as indicator to * where to retrieve pw entries ( see man 5 nsswitch.conf ) */ static int ignorecase = 0; static int debug = 0; /* * Returns the common name of certificate as an array list */ static char ** pwent_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_CN,ALGORITHM_NULL); if (!entries) { DBG("get_common_name() failed"); return NULL; } return entries; } /* parses the certificate and return the _first_ CN entry found, or NULL */ static char * pwent_mapper_find_user(X509 *x509,void *context, int *match) { char *str; struct passwd *pw; char *found_user = NULL; char **entries = cert_info(x509,CERT_CN,ALGORITHM_NULL); if (!entries) { DBG("get_common_name() failed"); return NULL; } DBG1("trying to find pw_entry for cn '%s'", *entries); /* First: direct try to avoid long searchtime or massive network traffic * for large amount of users in pw database. * (Think of 10000 or more users, mobile connection to ldap, etc.) */ for (str=*entries; str ; str=*++entries) { pw = getpwnam(str); if (pw == NULL) { DBG1("Entry for %s not found (direct).", str); } else { DBG1("Found CN in pw database for user %s (direct).", str); *match = 1; return pw->pw_name; } } /* Second: search all entries (old behaviour) */ /* parse list of uids until match */ for (str=*entries; str ; str=*++entries) { found_user= search_pw_entry((const char *)str,ignorecase); if (!found_user) { DBG1("CN entry '%s' not found in pw database. Trying next",str); continue; } else { DBG1("Found CN in pw database for user '%s'",found_user); *match = 1; /* WJG: Usually allocated mem is returned - memleak/problem? */ return found_user; } } DBG("No pw entry maps to any provided Common Name"); return NULL; } /* * parses the certificate and try to macht any CN in the certificate * with provided user * NOTE: * Instead of parse any pwent entry, this routine perform a direct * approach: obtain pw_entry for provided login, and compare against * provided CN's. i'ts easier and faster */ static int pwent_mapper_match_user(X509 *x509, const char *login, void *context) { char *str; struct passwd *pw = getpwnam(login); char **entries = cert_info(x509,CERT_CN,ALGORITHM_NULL); if (!entries) { DBG("get_common_name() failed"); return -1; } if (!pw) { DBG1("There are no pwentry for login '%s'",login); return -1; } /* parse list of uids until match */ for (str=*entries; str ; str=*++entries) { DBG1("Trying to match pw_entry for cn '%s'",str); if (compare_pw_entry(str,pw,ignorecase)) { DBG2("CN '%s' Match login '%s'",str,login); return 1; } else { DBG2("CN '%s' doesn't match login '%s'",str,login); continue; /* try another entry. or perhaps return(0) ? */ } } DBG("Provided user doesn't match to any found Common Name"); return 0; } _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = pwent_mapper_find_entries; pt->finder = pwent_mapper_find_user; pt->matcher = pwent_mapper_match_user; pt->deinit = mapper_module_end; return pt; } #ifndef PWENT_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * pwent_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; if (blk) { debug= scconf_get_bool(blk,"debug",0); ignorecase= scconf_get_bool(blk,"ignorecase",ignorecase); } else { DBG1("No block declarartion for mapper '%'",mapper_name); } set_debug_level(debug); pt = init_mapper_st(blk,mapper_name); if (pt) DBG("pwent mapper started"); else DBG("pwent mapper initialization failed"); return pt; } pam_pkcs11-0.6.8/src/mappers/mapperlist.c0000644000175000017500000000471111460625464015202 00000000000000/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: mapperlist.c 233 2007-04-04 09:52:54Z ludovic.rousseau $ */ #define __MAPPERLIST_C_ #ifdef HAVE_CONFIG_H #include #endif #include "mapperlist.h" #include "subject_mapper.h" #ifdef HAVE_LDAP #include "ldap_mapper.h" #endif #include "opensc_mapper.h" #include "mail_mapper.h" #include "ms_mapper.h" #include "krb_mapper.h" #include "digest_mapper.h" #include "cn_mapper.h" #include "uid_mapper.h" #include "pwent_mapper.h" #include "null_mapper.h" #include "generic_mapper.h" #include "openssh_mapper.h" mapper_list static_mapper_list[] = { #ifdef SUBJECT_MAPPER_STATIC { "subject",subject_mapper_module_init }, #endif #ifdef HAVE_LDAP #ifdef LDAP_MAPPER_STATIC { "ldap",ldap_mapper_module_init }, #endif #endif #ifdef OPENSC_MAPPER_STATIC { "opensc",opensc_mapper_module_init }, #endif #ifdef MAIL_MAPPER_STATIC { "mail",mail_mapper_module_init }, #endif #ifdef MS_MAPPER_STATIC { "ms",ms_mapper_module_init }, #endif #ifdef KRB_MAPPER_STATIC { "krb",krb_mapper_module_init }, #endif #ifdef DIGEST_MAPPER_STATIC { "digest",digest_mapper_module_init }, #endif #ifdef CN_MAPPER_STATIC { "cn",cn_mapper_module_init }, #endif #ifdef UID_MAPPER_STATIC { "uid",uid_mapper_module_init }, #endif #ifdef PWENT_MAPPER_STATIC { "pwent",pwent_mapper_module_init }, #endif #ifdef GENERIC_MAPPER_STATIC { "generic",generic_mapper_module_init }, #endif #ifdef OPENSSH_MAPPER_STATIC { "openssh",openssh_mapper_module_init }, #endif #ifdef NULL_MAPPER_STATIC { "null", null_mapper_module_init }, #endif { NULL, NULL } }; /* End of mapperlist.c */ #undef __MAPPERLIST_C_ pam_pkcs11-0.6.8/src/mappers/uid_mapper.h0000644000175000017500000000263411460625464015156 00000000000000/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: uid_mapper.h 358 2008-11-06 14:28:46Z ludovic.rousseau $ */ #ifndef __UID_MAPPER_H_ #define __UID_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef UID_MAPPER_STATIC #ifndef __UID_MAPPER_C_ #define UID_EXTERN extern #else #define UID_EXTERN #endif UID_EXTERN mapper_module * uid_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef UID_EXTERN /* end of static (if any) declarations */ #endif /* End of uid_mapper.h */ #endif pam_pkcs11-0.6.8/src/mappers/generic_mapper.c0000644000175000017500000001352611460625464016006 00000000000000/* * PAM-PKCS11 generic mapper skeleton * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: generic_mapper.c 445 2010-08-14 16:19:36Z ludovic.rousseau $ */ #define __GENERIC_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif /*#include */ #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "generic_mapper.h" /* * Skeleton for mapper modules */ static const char *mapfile = "none"; static int usepwent = 0; static int ignorecase = 0; static int id_type = CERT_CN; static int debug = 0; static char **generic_mapper_find_entries(X509 *x509, void *context) { if (!x509) { DBG("NULL certificate provided"); return NULL; } return cert_info(x509, id_type, ALGORITHM_NULL); } static char **get_mapped_entries(char **entries) { int match = 0; char *entry; int n=0; char *res=NULL; /* if mapfile is provided, map entries according it */ if ( !strcmp(mapfile,"none") ) { DBG("Use map file is disabled"); } else { DBG1("Using map file '%s'",mapfile); for(n=0, entry=entries[n]; entry; entry=entries[++n]) { res = mapfile_find(mapfile,entry,ignorecase,&match); if (res) entries[n]=res; } } /* if NSS is set, re-map entries against it */ if ( usepwent==0 ) { DBG("Use Naming Services is disabled"); } else { res=NULL; DBG("Using Naming Services"); for(n=0,entry=entries[n];entry;entry=entries[++n]) { res = search_pw_entry(entry,ignorecase); if (res) entries[n]=res; } } return entries; } static char *generic_mapper_find_user(X509 *x509, void *context, int *match) { char **entries; int n; if (!x509) { DBG("NULL certificate provided"); return NULL; } /* get entries from certificate */ entries= generic_mapper_find_entries(x509,context); if (!entries) { DBG("Cannot find any entries in certificate"); return 0; } /* do file and pwent mapping */ entries= get_mapped_entries(entries); /* and now return first nonzero item */ for (n=0;nname = name; pt->block = blk; pt->context = NULL; pt->entries = generic_mapper_find_entries; pt->finder = generic_mapper_find_user; pt->matcher = generic_mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * Initialize module * returns 1 on success, 0 on error */ #ifndef GENERIC_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *name) { #else mapper_module * generic_mapper_module_init(scconf_block *blk,const char *name) { #endif mapper_module *pt; const char *item="cn"; if (blk) { debug = scconf_get_bool( blk,"debug",0); ignorecase = scconf_get_bool( blk,"ignorecase",0); usepwent = scconf_get_bool( blk,"use_getpwent",0); mapfile= scconf_get_str(blk,"mapfile",mapfile); item= scconf_get_str(blk,"cert_item","cn"); } else { /* should not occurs, but... */ DBG1("No block declaration for mapper '%s'",name); } set_debug_level(debug); if (!strcasecmp(item,"cn")) id_type=CERT_CN; else if (!strcasecmp(item,"subject")) id_type=CERT_SUBJECT; else if (!strcasecmp(item,"kpn") ) id_type=CERT_KPN; else if (!strcasecmp(item,"email") ) id_type=CERT_EMAIL; else if (!strcasecmp(item,"upn") ) id_type=CERT_UPN; else if (!strcasecmp(item,"uid") ) id_type=CERT_UID; else { DBG1("Invalid certificate item to search '%s'; using 'cn'",item); } pt = init_mapper_st(blk,name); if (pt) DBG5("Generic mapper started. debug: %d, mapfile: '%s', ignorecase: %d usepwent: %d idType: '%s'",debug,mapfile,ignorecase,usepwent,id_type); else DBG("Generic mapper initialization failed"); return pt; } pam_pkcs11-0.6.8/src/mappers/mapperlist.h0000644000175000017500000000257711460625464015217 00000000000000/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: mapperlist.h 358 2008-11-06 14:28:46Z ludovic.rousseau $ */ #ifndef __MAPPERLIST_H_ #define __MAPPERLIST_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../mappers/mapper.h" /* * list of mappers that are statically linked */ typedef struct mapper_list_st { const char *name; mapper_module * (*init)(scconf_block *blk, const char *mapper_name); } mapper_list; #ifndef __MAPPERLIST_C_ extern mapper_list static_mapper_list[]; #endif /* End of mapperlist.h */ #endif pam_pkcs11-0.6.8/src/mappers/pwent_mapper.h0000644000175000017500000000266211460625464015533 00000000000000/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: pwent_mapper.h 358 2008-11-06 14:28:46Z ludovic.rousseau $ */ #ifndef __PWENT_MAPPER_H_ #define __PWENT_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef PWENT_MAPPER_STATIC #ifndef __PWENT_MAPPER_C_ #define PWENT_EXTERN extern #else #define PWENT_EXTERN #endif PWENT_EXTERN mapper_module * pwent_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef PWENT_EXTERN /* end of static (if any) declarations */ #endif /* End of pwent_mapper.h */ #endif pam_pkcs11-0.6.8/src/mappers/generic_mapper.h0000644000175000017500000000271011460625464016004 00000000000000/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: generic_mapper.h 358 2008-11-06 14:28:46Z ludovic.rousseau $ */ #ifndef __GENERIC_MAPPER_H_ #define __GENERIC_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef GENERIC_MAPPER_STATIC #ifndef __GENERIC_MAPPER_C_ #define GENERIC_EXTERN extern #else #define GENERIC_EXTERN #endif GENERIC_EXTERN mapper_module * generic_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef GENERIC_EXTERN /* end of static (if any) declarations */ #endif /* End of generic_mapper.h */ #endif pam_pkcs11-0.6.8/src/mappers/opensc_mapper.c0000644000175000017500000001360511460625464015657 00000000000000/* * PAM-PKCS11 OPENSSH mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam_pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * Based in pam_opensc from Andreas Jellinghaus * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: opensc_mapper.c 445 2010-08-14 16:19:36Z ludovic.rousseau $ */ #define __OPENSC_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include #include #include #include #include #include #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "opensc_mapper.h" /** * This mapper try to locate user by comparing authorized certificates * from each $HOME/.eid/authorized_certificates user entry, * as stored by OpenSC package */ /* * Return the list of certificates as an array list */ static char ** opensc_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_PEM,ALGORITHM_NULL); if (!entries) { DBG("get_certificate() failed"); return NULL; } return entries; } /* * parses the certificate, extract it in PEM format, and try to match * with contents of ${login}/.ssh/authorized_certificates file * returns -1, 0 or 1 ( error, no match, or match) */ static int opensc_mapper_match_certs(X509 *x509, const char *home) { #ifdef HAVE_NSS /* still need to genericize the BIO functions here */ return -1; #else #ifndef PATH_MAX /* PATH_MAX is not defined (unlimited) on Hurd */ /* the correct solution would be to use a dynamic allocation */ #define PATH_MAX 1024 #endif char filename[PATH_MAX]; X509 **certs; int ncerts, i, rc; #include BIO *in; if (!x509) return -1; if (!home) return -1; snprintf(filename, sizeof(filename), "%s/.eid/authorized_certificates", home); in = BIO_new(BIO_s_file()); if (!in) { DBG("BIO_new() failed\n"); return -1; } rc = BIO_read_filename(in, filename); if (rc != 1) { DBG1("BIO_read_filename from %s failed\n",filename); return 0; /* fail means no file, or read error */ } /* create and compose certificate chain */ ncerts=0; certs=NULL; for (;;) { X509 *cert = PEM_read_bio_X509(in, NULL, 0, NULL); if (cert) add_cert(cert, &certs, &ncerts); else break; } BIO_free(in); for (i = 0; i < ncerts; i++) { if (X509_cmp(certs[i],x509) == 0) return 1; /* Match found */ } return 0; /* Don't match */ #endif } static int opensc_mapper_match_user(X509 *x509, const char *user, void *context) { struct passwd *pw; if (!x509) return -1; if (!user) return -1; pw = getpwnam(user); if (!pw || !pw->pw_dir) { DBG1("User '%s' has no home directory",user); return -1; } return opensc_mapper_match_certs(x509,pw->pw_dir); } /* parses the certificate and return the _first_ user that has it in their ${HOME}/.eid/authorized_certificates */ static char * opensc_mapper_find_user(X509 *x509, void *context, int *match) { int n = 0; struct passwd *pw = NULL; char *res = NULL; /* parse list of users until match */ setpwent(); while((pw=getpwent()) != NULL) { DBG1("Trying to match certificate with user: '%s'",pw->pw_name); n = opensc_mapper_match_certs (x509, pw->pw_dir); if (n<0) { DBG1("Error in matching process with user '%s'",pw->pw_name); endpwent(); return NULL; } if (n==0) { DBG1("Certificate doesn't match user '%s'",pw->pw_name); continue; } /* arriving here means user found */ DBG1("Certificate match found for user '%s'",pw->pw_name); res = clone_str(pw->pw_name); endpwent(); *match = 1; return res; } /* next login */ /* no user found that contains cert in their directory */ endpwent(); DBG("No entry at ${login}/.eid/authorized_certificates maps to any provided certificate"); return NULL; } _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = opensc_mapper_find_entries; pt->finder = opensc_mapper_find_user; pt->matcher = opensc_mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * Initialization routine */ #ifndef OPENSC_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * opensc_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; int debug = 0; if (blk) debug = scconf_get_bool(blk,"debug",0); set_debug_level(debug); pt = init_mapper_st(blk,mapper_name); if(pt) DBG1("OpenSC mapper started. debug: %d",debug); else DBG("OpenSC mapper initialization failed"); return pt; } pam_pkcs11-0.6.8/src/mappers/null_mapper.c0000644000175000017500000000550311460625464015340 00000000000000/* * PAM-PKCS11 NULL mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: null_mapper.c 445 2010-08-14 16:19:36Z ludovic.rousseau $ */ #define __NULL_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "mapper.h" #include "null_mapper.h" /* * A blind mapper: just read from config default value * and return it withouth further checking */ static const char *default_user = "nobody"; static int match=0; static int debug=0; static char * mapper_find_user(X509 *x509,void *context,int *mp) { if ( !x509 ) return NULL; if (match) { *mp = 1; return clone_str((char *)default_user); } return NULL; } /* not used */ #if 0 _DEFAULT_MAPPER_FIND_ENTRIES #endif _DEFAULT_MAPPER_MATCH_USER _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; /* pt->entries = mapper_find_entries; */ /* nothing to list */ pt->entries = NULL; pt->finder = mapper_find_user; pt->matcher = mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * Initialize module * returns 1 on success, 0 on error */ #ifndef NULL_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *ctx,const char *mapper_name) { #else mapper_module * null_mapper_module_init(scconf_block *ctx,const char *mapper_name) { #endif mapper_module *pt= NULL; if (ctx) { default_user = scconf_get_str( ctx,"default_user",default_user); match = scconf_get_bool( ctx,"default_match",0); debug = scconf_get_bool( ctx,"debug",0); } else { DBG1("No block declaration for mapper '%'", mapper_name); } set_debug_level(debug); pt = init_mapper_st(ctx,mapper_name); if (pt) DBG1("Null mapper match set to '%s'",match?"allways":"never"); else DBG("Null mapper initialization failed"); return pt; } pam_pkcs11-0.6.8/src/mappers/subject_mapper.h0000644000175000017500000000271011460625464016027 00000000000000/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: subject_mapper.h 358 2008-11-06 14:28:46Z ludovic.rousseau $ */ #ifndef __SUBJECT_MAPPER_H_ #define __SUBJECT_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef SUBJECT_MAPPER_STATIC #ifndef __SUBJECT_MAPPER_C_ #define SUBJECT_EXTERN extern #else #define SUBJECT_EXTERN #endif SUBJECT_EXTERN mapper_module * subject_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef SUBJECT_EXTERN /* end of static (if any) declarations */ #endif /* End of subject_mapper.h */ #endif pam_pkcs11-0.6.8/src/mappers/krb_mapper.h0000644000175000017500000000263411460625464015153 00000000000000/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: krb_mapper.h 358 2008-11-06 14:28:46Z ludovic.rousseau $ */ #ifndef __KRB_MAPPER_H_ #define __KRB_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef KRB_MAPPER_STATIC #ifndef __KRB_MAPPER_C_ #define KRB_EXTERN extern #else #define KRB_EXTERN #endif KRB_EXTERN mapper_module * krb_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef KRB_EXTERN /* end of static (if any) declarations */ #endif /* End of krb_mapper.h */ #endif pam_pkcs11-0.6.8/src/mappers/cn_mapper.h0000644000175000017500000000262111460625464014771 00000000000000/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: cn_mapper.h 358 2008-11-06 14:28:46Z ludovic.rousseau $ */ #ifndef __CN_MAPPER_H_ #define __CN_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef CN_MAPPER_STATIC #ifndef __CN_MAPPER_C_ #define CN_EXTERN extern #else #define CN_EXTERN #endif CN_EXTERN mapper_module * cn_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef CN_EXTERN /* end of static (if any) declarations */ #endif /* End of cn_mapper.h */ #endif pam_pkcs11-0.6.8/src/mappers/openssh_mapper.c0000644000175000017500000002534211460625464016050 00000000000000/* * PAM-PKCS11 OPENSSH mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: openssh_mapper.c 445 2010-08-14 16:19:36Z ludovic.rousseau $ */ #define __OPENSSH_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include #include #include #include #include #include #include "../common/cert_st.h" #ifndef HAVE_NSS #include #include #endif #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/base64.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "openssh_mapper.h" /* TODO Not sure on usage of authorized keys map file... So the first version, will use getpwent() to navigate across all users and parsing ${userhome}/.ssh/authorized_keys */ static const char *keyfile=CONFDIR "/authorized_keys"; static int debug=0; /** * This mapper try to locate user by comparing authorized public keys * from each $HOME/.ssh user entry, as done in openssh package */ #define OPENSSH_LINE_MAX 8192 /* from openssh SSH_MAX_PUBKEY_BYTES */ #ifndef HAVE_NSS static EVP_PKEY *ssh1_line_to_key(char *line) { EVP_PKEY *key; RSA *rsa; char *b, *e, *m, *c; key = EVP_PKEY_new(); if (!key) return NULL; rsa = RSA_new(); if (!rsa) goto err; /* first digitstring: the bits */ b = line; /* second digitstring: the exponent */ /* skip all digits */ for (e = b; *e >= '0' && *e <= '0'; e++) ; /* must be a whitespace */ if (*e != ' ' && *e != '\t') return NULL; /* cut the string in two part */ *e = 0; e++; /* skip more whitespace */ while (*e == ' ' || *e == '\t') e++; /* third digitstring: the modulus */ /* skip all digits */ for (m = e; *m >= '0' && *m <= '0'; m++) ; /* must be a whitespace */ if (*m != ' ' && *m != '\t') return NULL; /* cut the string in two part */ *m = 0; m++; /* skip more whitespace */ while (*m == ' ' || *m == '\t') m++; /* look for a comment after the modulus */ for (c = m; *c >= '0' && *c <= '0'; c++) ; /* could be a whitespace or end of line */ if (*c != ' ' && *c != '\t' && *c != '\n' && *c != '\r' && *c != 0) return NULL; if (*c == ' ' || *c == '\t') { *c = 0; c++; /* skip more whitespace */ while (*c == ' ' || *c == '\t') c++; if (*c && *c != '\r' && *c != '\n') { /* we have a comment */ } else { c = NULL; } } else { *c = 0; c = NULL; } /* ok, now we have b e m pointing to pure digit * null terminated strings and maybe c pointing to a comment */ BN_dec2bn(&rsa->e, e); BN_dec2bn(&rsa->n, m); EVP_PKEY_assign_RSA(key, rsa); return key; err: free(key); return NULL; } static EVP_PKEY *ssh2_line_to_key(char *line) { EVP_PKEY *key; RSA *rsa; unsigned char decoded[OPENSSH_LINE_MAX]; int len; char *b, *c; int i; /* find the mime-blob */ b = line; if (!b) return NULL; /* find the first whitespace */ while (*b && *b != ' ') b++; /* skip that whitespace */ b++; /* find the end of the blob / comment */ for (c = b; *c && *c != ' ' && 'c' != '\t' && *c != '\r' && *c != '\n'; c++) ; *c = 0; /* decode binary data */ if (base64_decode(b, decoded, OPENSSH_LINE_MAX) < 0) return NULL; i = 0; /* get integer from blob */ len = (decoded[i] << 24) + (decoded[i + 1] << 16) + (decoded[i + 2] << 8) + (decoded[i + 3]); i += 4; /* now: key_from_blob */ if (strncmp((char *)&decoded[i], "ssh-rsa", 7) != 0) return NULL; i += len; key = EVP_PKEY_new(); rsa = RSA_new(); /* get integer from blob */ len = (decoded[i] << 24) + (decoded[i + 1] << 16) + (decoded[i + 2] << 8) + (decoded[i + 3]); i += 4; /* get bignum */ rsa->e = BN_bin2bn(decoded + i, len, NULL); i += len; /* get integer from blob */ len = (decoded[i] << 24) + (decoded[i + 1] << 16) + (decoded[i + 2] << 8) + (decoded[i + 3]); i += 4; /* get bignum */ rsa->n = BN_bin2bn(decoded + i, len, NULL); EVP_PKEY_assign_RSA(key, rsa); return key; } static void add_key(EVP_PKEY * key, EVP_PKEY *** keys, int *nkeys) { EVP_PKEY **keys2; /* sanity checks */ if (!key) return; if (!keys) return; if (!nkeys) return; /* no keys so far */ if (!*keys) { *keys = malloc(sizeof(void *)); if (!*keys) return; *keys[0] = key; *nkeys = 1; return; } /* enlarge */ keys2 = malloc(sizeof(void *) * ((*nkeys) + 1)); if (!keys2) return; memcpy(keys2, *keys, sizeof(void *) * (*nkeys)); keys2[*nkeys] = key; free(*keys); *keys = keys2; (*nkeys)++; } #endif /* * Returns the public key of certificate as an array list */ static char ** openssh_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_SSHPUK,ALGORITHM_NULL); if (!entries) { DBG("get_public_key() failed"); return NULL; } return entries; } static int openssh_mapper_match_keys(X509 *x509, const char *filename) { #ifdef HAVE_NSS return -1; #else FILE *fd; char line[OPENSSH_LINE_MAX]; int i; int nkeys =0; EVP_PKEY **keys = NULL; EVP_PKEY *authkey = X509_get_pubkey(x509); if (!authkey) { DBG("Cannot locate Cert Public key"); return 0; } /* parse list of authorized keys until match */ fd=fopen(filename,"rt"); if (!fd) { DBG2("fopen('%s') : '%s'",filename,strerror(errno)); return 0; /* no authorized_keys file -> no match :-) */ } /* read pkey files and compose chain */ for (;;) { char *cp; if (!fgets(line, OPENSSH_LINE_MAX, fd)) break; /* Skip leading whitespace, empty and comment lines. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) if (!*cp || *cp == '\n' || *cp == '#') continue; if (*cp >= '0' && *cp <= '9') { /* ssh v1 key format */ EVP_PKEY *key = ssh1_line_to_key(cp); if (key) add_key(key, &keys, &nkeys); } if (strncmp("ssh-rsa", cp, 7) == 0) { /* ssh v2 rsa key format */ EVP_PKEY *key = ssh2_line_to_key(cp); if (key) add_key(key, &keys, &nkeys); } } fclose(fd); for (i = 0; i < nkeys; i++) { RSA *authrsa, *rsa; authrsa = EVP_PKEY_get1_RSA(authkey); if (!authrsa) continue; /* not RSA */ rsa = EVP_PKEY_get1_RSA(keys[i]); if (!rsa) continue; /* not RSA */ if (BN_cmp(rsa->e, authrsa->e) != 0) continue; if (BN_cmp(rsa->n, authrsa->n) != 0) continue; return 1; /* FOUND */ } DBG("User authorized_keys file doesn't match cert public key(s)"); return 0; #endif } _DEFAULT_MAPPER_END /* * parses the certificate, extract public key and try to match * with contents of ${login}/.ssh/authorized_keys file * returns -1, 0 or 1 ( error, no match, or match) */ static int openssh_mapper_match_user(X509 *x509, const char *user, void *context) { struct passwd *pw; char filename[512]; if (!x509) return -1; if (!user) return -1; pw = getpwnam(user); if (!pw || is_empty_str(pw->pw_dir) ) { DBG1("User '%s' has no home directory",user); return -1; } sprintf(filename,"%s/.ssh/authorized_keys",pw->pw_dir); return openssh_mapper_match_keys(x509,filename); } /* parses the certificate and return the _first_ user that matches public key */ static char * openssh_mapper_find_user(X509 *x509, void *context, int *match) { int n = 0; struct passwd *pw = NULL; char *res = NULL; /* parse list of users until match */ setpwent(); while((pw=getpwent()) != NULL) { char filename[512]; DBG1("Trying to match certificate with user: '%s'",pw->pw_name); if ( is_empty_str(pw->pw_dir) ) { DBG1("User '%s' has no home directory",pw->pw_name); continue; } sprintf(filename,"%s/.ssh/authorized_keys",pw->pw_dir); n = openssh_mapper_match_keys (x509,filename); if (n<0) { DBG1("Error in matching process with user '%s'",pw->pw_name); endpwent(); return NULL; } if (n==0) { DBG1("Certificate doesn't match user '%s'",pw->pw_name); continue; } /* arriving here means user found */ DBG1("Certificate match found for user '%s'",pw->pw_name); res = clone_str(pw->pw_name); endpwent(); *match = 1; return res; } /* next login */ /* no user found that contains cert in their directory */ endpwent(); DBG("No entry at ${login}/.ssh/authorized_keys maps to any provided certificate"); return NULL; } static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = openssh_mapper_find_entries; pt->finder = openssh_mapper_find_user; pt->matcher = openssh_mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * Initialization routine */ #ifndef OPENSSH_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * openssh_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; if (blk) { debug = scconf_get_bool(blk,"debug",0); keyfile = scconf_get_str(blk,"keyfile",keyfile); } else { DBG1("No block declaration for mapper '%'",mapper_name); } set_debug_level(debug); pt = init_mapper_st(blk,mapper_name); if(pt) DBG2("OpenSSH mapper started. debug: %d, mapfile: %s",debug,keyfile); else DBG("OpenSSH mapper initialization failed"); return pt; } pam_pkcs11-0.6.8/src/mappers/uid_mapper.c0000644000175000017500000001027511460625464015151 00000000000000/* * PAM-PKCS11 UID mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: uid_mapper.c 445 2010-08-14 16:19:36Z ludovic.rousseau $ */ #define __UID_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "uid_mapper.h" /* * This mapper uses the Unique ID (UID) entry on the certificate to * find user name. */ static const char *mapfile = "none"; static int ignorecase = 0; static int debug = 0; /** * Return the list of UID's on this certificate */ static char ** uid_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_UID,ALGORITHM_NULL); if (!entries) { DBG("get_unique_id() failed"); return NULL; } return entries; } /* parses the certificate and return the map of the first UID entry found If no UID found or map error, return NULL */ static char * uid_mapper_find_user(X509 *x509, void *context, int *match) { char *res; char **entries= cert_info(x509,CERT_UID,ALGORITHM_NULL); if (!entries) { DBG("get_unique_id() failed"); return NULL; } DBG1("trying to map uid entry '%s'",entries[0]); res = mapfile_find(mapfile,entries[0],ignorecase,match); if (!res) { DBG("Error in map process"); return NULL; } return clone_str(res); } /* * parses the certificate and try to macht any UID in the certificate * with provided user */ static int uid_mapper_match_user(X509 *x509, const char *login, void *context) { char *str; int match_found = 0; char **entries = cert_info(x509,CERT_UID,ALGORITHM_NULL); if (!entries) { DBG("get_unique_id() failed"); return -1; } /* parse list of uids until match */ for (str=*entries; str && (match_found==0); str=*++entries) { int res=0; DBG1("trying to map & match uid entry '%s'",str); res = mapfile_match(mapfile,str,login,ignorecase); if (!res) { DBG("Error in map&match process"); return -1; /* or perhaps should be "continue" ??*/ } if (res>0) match_found=1; } return match_found; } _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = uid_mapper_find_entries; pt->finder = uid_mapper_find_user; pt->matcher = uid_mapper_match_user; pt->deinit = mapper_module_end; return pt; } #ifndef UID_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * uid_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; if (blk) { debug= scconf_get_bool(blk,"debug",0); mapfile = scconf_get_str(blk,"mapfile",mapfile); ignorecase = scconf_get_bool(blk,"ignorecase",ignorecase); } else { DBG1("No block declaration for mapper '%'", mapper_name); } set_debug_level(debug); pt= init_mapper_st(blk,mapper_name); if(pt) DBG3("UniqueID mapper started. debug: %d, mapfile: %s, icase: %d",debug,mapfile,ignorecase); else DBG("UniqueID mapper initialization failed"); return pt; } pam_pkcs11-0.6.8/src/mappers/ms_mapper.c0000644000175000017500000001425211460625464015006 00000000000000/* * PAM-PKCS11 Microsoft Universal Principal Name mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: ms_mapper.c 445 2010-08-14 16:19:36Z ludovic.rousseau $ */ #define __MS_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "ms_mapper.h" /* * This mapper uses (if available) the optional MS's Universal Principal Name * entry on the certificate to find user name. * According with MS documentation, UPN has following structure: * OID: 1.3.6.1.4.1.311.20.2.3 * UPN OtherName: user@domain.com * UPN encoding:ASN1 UTF8 * * As UPN has in-built login and domain, No mapping file is used: login * is implicit. * A "checkdomain" flag is tested to compare domain if set. * TODO: talk to Active Domain Service certificate an login validation */ static int ignorecase = 0; static int ignoredomain =0; static const char *domainname=""; static const char *domainnickname=""; static int debug =0; /* check syntax and domain match on provided string */ static char *check_upn(char *str) { char *domain; if (!str) return NULL; if (!strchr(str,'@')) { DBG1("'%s' is not a valid MS UPN",str); return NULL; } domain=strchr(str,'@'); *domain++='\0'; if (!domain) { DBG1("'%s' has not a valid MS UPN domain",str); return NULL; } if (ignoredomain) return str; if (strcmp(domainname,domain)) { DBG2("Domain '%s' doesn't match UPN domain '%s'",domainname,domain); return NULL; } if (domainnickname && domainnickname[0]) { char *tmp; size_t tmp_len; DBG1("Adding domain nick name '%s'",domainnickname); tmp_len = strlen(str) + strlen(domainnickname) + 2; tmp = malloc(tmp_len); snprintf(tmp, tmp_len, "%s\\%s", domainnickname, str); free(str); str = tmp; } return str; } static int compare_name(char *name, const char *user) { char *c_name= (ignorecase)?tolower_str(name):clone_str(name); char *c_user= (ignorecase)?tolower_str(user):clone_str(user); return !strcmp(c_name, c_user); } /* * Extract the MS Universal Principal Name array list */ static char ** ms_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_UPN,ALGORITHM_NULL); if (!entries) { DBG("get_ms_upn() failed"); return NULL; } return entries; } /* parses the certificate and return the first valid UPN entry found, or NULL */ static char * ms_mapper_find_user(X509 *x509, void *context, int *match) { char *str; char **entries = cert_info(x509,CERT_UPN,ALGORITHM_NULL); if (!entries) { DBG("get_ms_upn() failed"); return NULL; } /* parse list until a valid string is found */ for (str=*entries; str; str=*++entries) { char *item,*res; item = (ignorecase)?tolower_str(entries[0]):clone_str(entries[0]); res= check_upn(item); if (res) { DBG2("Found valid UPN: '%s' maps to '%s' ",str,res); *match = 1; return clone_str(res); } else { DBG1("Invalid UPN found '%s'",str); } } DBG("No valid upn found"); return NULL; } /* * parses the certificate and try to macht any UPN in the certificate * with provided user */ static int ms_mapper_match_user(X509 *x509, const char *user, void *context) { char *str; int match_found = 0; char **entries = cert_info(x509,CERT_UPN,ALGORITHM_NULL); if (!entries) { DBG("get_ms_upn() failed"); return -1; } /* parse list of uids until match */ for (str=*entries; str && (match_found==0); str=*++entries) { char *login; if (ignorecase) login= check_upn(tolower_str(str)); else login= check_upn(clone_str(str)); if ( compare_name(login,user) ) { DBG2("Match found for entry '%s' & login '%s'",str,login); match_found=1; } else { DBG1("Match failed for entry '%s'",str); } free(login); } return match_found; } _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = ms_mapper_find_entries; pt->finder = ms_mapper_find_user; pt->matcher = ms_mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * init routine * parse configuration block entry */ #ifndef MS_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * ms_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; if (blk) { debug = scconf_get_bool(blk,"debug",0); ignorecase = scconf_get_bool(blk,"ignorecase",ignorecase); ignoredomain = scconf_get_bool(blk,"ignoredomain",ignoredomain); domainname = scconf_get_str(blk,"domainname",domainname); domainnickname = scconf_get_str(blk,"domainnickname",domainnickname); } else { DBG1("No block declaration for mapper '%s'",mapper_name); } set_debug_level(debug); pt = init_mapper_st(blk,mapper_name); if (pt) DBG4("MS PrincipalName mapper started. debug: %d, idomain: %d, icase: %d, domainname: '%s'",debug,ignoredomain,ignorecase,domainname); else DBG("MS PrincipalName mapper initialization failed"); return pt; } pam_pkcs11-0.6.8/src/mappers/Makefile.am0000644000175000017500000000712611460625464014715 00000000000000# Process this file with automake to create Makefile.in MAINTAINERCLEANFILES = Makefile.in libdir = @libdir@/pam_pkcs11 # Add openssl specific flags AM_CFLAGS = $(CRYPTO_CFLAGS) AM_CPPFLAGS = $(CRYPTO_CFLAGS) # Statically linked mappers list # Uncomment to get the referred mapper statically linked # DON'T FORGET to update libmappers_la_SOURCES and lib_LTLIBRARIES entries below # nor the corresponding "module = ..." in etc/pam_pkcs11.conf.example # AM_CFLAGS += -DSUBJECT_MAPPER_STATIC #AM_CFLAGS += -DLDAP_MAPPER_STATIC #AM_CFLAGS += -DOPENSC_MAPPER_STATIC AM_CFLAGS += -DMAIL_MAPPER_STATIC AM_CFLAGS += -DMS_MAPPER_STATIC AM_CFLAGS += -DKRB_MAPPER_STATIC AM_CFLAGS += -DDIGEST_MAPPER_STATIC AM_CFLAGS += -DCN_MAPPER_STATIC AM_CFLAGS += -DUID_MAPPER_STATIC AM_CFLAGS += -DPWENT_MAPPER_STATIC AM_CFLAGS += -DGENERIC_MAPPER_STATIC #AM_CFLAGS += -DOPENSSH_MAPPER_STATIC AM_CFLAGS += -DNULL_MAPPER_STATIC # list of statically linked mappers noinst_LTLIBRARIES = libmappers.la libmappers_la_SOURCES = mapper.c mapper.h \ subject_mapper.c subject_mapper.h \ mail_mapper.c mail_mapper.h \ ms_mapper.c ms_mapper.h \ krb_mapper.c krb_mapper.h \ digest_mapper.c digest_mapper.h \ cn_mapper.c cn_mapper.h \ uid_mapper.c uid_mapper.h \ pwent_mapper.c pwent_mapper.h \ generic_mapper.c generic_mapper.h \ null_mapper.c null_mapper.h \ mapperlist.c mapperlist.h libmappers_la_LDFLAGS = ../scconf/libscconf.la ../common/libcommon.la -shared # list of dynamic linked mappers if HAVE_LDAP lib_LTLIBRARIES = ldap_mapper.la opensc_mapper.la openssh_mapper.la else lib_LTLIBRARIES = opensc_mapper.la openssh_mapper.la endif openssh_mapper_la_SOURCES = openssh_mapper.c openssh_mapper.h openssh_mapper_la_LDFLAGS = -module -avoid-version -shared openssh_mapper_la_LIBADD = libmappers.la # generic_mapper_la_SOURCES = generic_mapper.c generic_mapper.h # generic_mapper_la_LDFLAGS = -module -avoid-version -shared # generic_mapper_la_LIBADD = libmappers.la # subject_mapper_la_SOURCES = subject_mapper.c subject_mapper.h # subject_mapper_la_LDFLAGS = -module -avoid-version -shared # subject_mapper_la_LIBADD = libmappers.la if HAVE_LDAP ldap_mapper_la_SOURCES = ldap_mapper.c ldap_mapper.h ldap_mapper_la_LDFLAGS = -module -avoid-version -shared ldap_mapper_la_LIBADD = libmappers.la endif opensc_mapper_la_SOURCES = opensc_mapper.c opensc_mapper.h opensc_mapper_la_LDFLAGS = -module -avoid-version -shared opensc_mapper_la_LIBADD = libmappers.la # mail_mapper_la_SOURCES = mail_mapper.c mail_mapper.h # mail_mapper_la_LDFLAGS = -module -avoid-version -shared # mail_mapper_la_LIBADD = libmappers.la # ms_mapper_la_SOURCES = ms_mapper.c ms_mapper.h # ms_mapper_la_LDFLAGS = -module -avoid-version -shared # ms_mapper_la_LIBADD = libmappers.la # krb_mapper_la_SOURCES = krb_mapper.c krb_mapper.h # krb_mapper_la_LDFLAGS = -module -avoid-version -shared # krb_mapper_la_LIBADD = libmappers.la # cn_mapper_la_SOURCES = cn_mapper.c cn_mapper.h # cn_mapper_la_LDFLAGS = -module -avoid-version -shared # cn_mapper_la_LIBADD = libmappers.la # uid_mapper_la_SOURCES = uid_mapper.c uid_mapper.h # uid_mapper_la_LDFLAGS = -module -avoid-version -shared # uid_mapper_la_LIBADD = libmappers.la # pwent_mapper_la_SOURCES = pwent_mapper.c pwent_mapper.h # pwent_mapper_la_LDFLAGS = -module -avoid-version -shared # pwent_mapper_la_LIBADD = libmappers.la # digest_mapper_la_SOURCES = digest_mapper.c digest_mapper.h # digest_mapper_la_LDFLAGS = -module -avoid-version -shared # digest_mapper_la_LIBADD = libmappers.la # null_mapper_la_SOURCES = null_mapper.c null_mapper.h # null_mapper_la_LDFLAGS = -module -avoid-version -shared # null_mapper_la_LIBADD = libmappers.la pam_pkcs11-0.6.8/src/mappers/subject_mapper.c0000644000175000017500000000706311460625464016030 00000000000000/* * PAM-PKCS11 Cert Subject to login file based mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: subject_mapper.c 445 2010-08-14 16:19:36Z ludovic.rousseau $ */ #define __SUBJECT_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif /*#include */ /*#include */ #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "subject_mapper.h" static const char *filename = "none"; static int ignorecase = 0; static int debug = 0; /* * returns the Certificate subject */ static char ** subject_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_SUBJECT,ALGORITHM_NULL); if (!entries) { DBG("X509_get_subject_name failed"); return NULL; } return entries; } /* parses the certificate and return the first Subject entry found, or NULL */ static char * subject_mapper_find_user(X509 *x509, void *context, int *match) { char **entries = cert_info(x509,CERT_SUBJECT,ALGORITHM_NULL); if (!entries) { DBG("X509_get_subject_name failed"); return NULL; } return mapfile_find(filename,entries[0],ignorecase,match); } /* * parses the certificate and try to macth Subject in the certificate * with provided user */ static int subject_mapper_match_user(X509 *x509, const char *login, void *context) { char **entries = cert_info(x509,CERT_SUBJECT,ALGORITHM_NULL); if (!entries) { DBG("X509_get_subject_name failed"); return -1; } return mapfile_match(filename,entries[0],login,ignorecase); } _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = subject_mapper_find_entries; pt->finder = subject_mapper_find_user; pt->matcher = subject_mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * Initialization routine */ #ifndef SUBJECT_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * subject_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; if (blk) { debug = scconf_get_bool(blk,"debug",0); filename = scconf_get_str(blk,"mapfile",filename); ignorecase = scconf_get_bool(blk,"ignorecase",ignorecase); } else { DBG1("No block declaration for mapper '%'",mapper_name); } set_debug_level(debug); pt= init_mapper_st(blk,mapper_name); if(pt) DBG3("Subject mapper started. debug: %d, mapfile: %s, icase: %d",debug,filename,ignorecase); else DBG("Subject mapper initialization failed"); return pt; } pam_pkcs11-0.6.8/src/mappers/Makefile.in0000644000175000017500000006442311740072345014724 00000000000000# Makefile.in generated by automake 1.11.3 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Process this file with automake to create Makefile.in VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ subdir = src/mappers DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/aclocal/acx_pthread.m4 \ $(top_srcdir)/aclocal/gettext.m4 \ $(top_srcdir)/aclocal/iconv.m4 $(top_srcdir)/aclocal/lib-ld.m4 \ $(top_srcdir)/aclocal/lib-link.m4 \ $(top_srcdir)/aclocal/lib-prefix.m4 \ $(top_srcdir)/aclocal/libtool.m4 \ $(top_srcdir)/aclocal/ltoptions.m4 \ $(top_srcdir)/aclocal/ltsugar.m4 \ $(top_srcdir)/aclocal/ltversion.m4 \ $(top_srcdir)/aclocal/lt~obsolete.m4 \ $(top_srcdir)/aclocal/nls.m4 $(top_srcdir)/aclocal/po.m4 \ $(top_srcdir)/aclocal/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(libdir)" LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES) @HAVE_LDAP_TRUE@ldap_mapper_la_DEPENDENCIES = libmappers.la am__ldap_mapper_la_SOURCES_DIST = ldap_mapper.c ldap_mapper.h @HAVE_LDAP_TRUE@am_ldap_mapper_la_OBJECTS = ldap_mapper.lo ldap_mapper_la_OBJECTS = $(am_ldap_mapper_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent ldap_mapper_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(ldap_mapper_la_LDFLAGS) $(LDFLAGS) -o \ $@ @HAVE_LDAP_TRUE@am_ldap_mapper_la_rpath = -rpath $(libdir) libmappers_la_LIBADD = am_libmappers_la_OBJECTS = mapper.lo subject_mapper.lo mail_mapper.lo \ ms_mapper.lo krb_mapper.lo digest_mapper.lo cn_mapper.lo \ uid_mapper.lo pwent_mapper.lo generic_mapper.lo null_mapper.lo \ mapperlist.lo libmappers_la_OBJECTS = $(am_libmappers_la_OBJECTS) libmappers_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libmappers_la_LDFLAGS) $(LDFLAGS) -o $@ opensc_mapper_la_DEPENDENCIES = libmappers.la am_opensc_mapper_la_OBJECTS = opensc_mapper.lo opensc_mapper_la_OBJECTS = $(am_opensc_mapper_la_OBJECTS) opensc_mapper_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(opensc_mapper_la_LDFLAGS) $(LDFLAGS) \ -o $@ @HAVE_LDAP_FALSE@am_opensc_mapper_la_rpath = -rpath $(libdir) @HAVE_LDAP_TRUE@am_opensc_mapper_la_rpath = -rpath $(libdir) openssh_mapper_la_DEPENDENCIES = libmappers.la am_openssh_mapper_la_OBJECTS = openssh_mapper.lo openssh_mapper_la_OBJECTS = $(am_openssh_mapper_la_OBJECTS) openssh_mapper_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(openssh_mapper_la_LDFLAGS) $(LDFLAGS) \ -o $@ @HAVE_LDAP_FALSE@am_openssh_mapper_la_rpath = -rpath $(libdir) @HAVE_LDAP_TRUE@am_openssh_mapper_la_rpath = -rpath $(libdir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) am__v_CC_0 = @echo " CC " $@; AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; SOURCES = $(ldap_mapper_la_SOURCES) $(libmappers_la_SOURCES) \ $(opensc_mapper_la_SOURCES) $(openssh_mapper_la_SOURCES) DIST_SOURCES = $(am__ldap_mapper_la_SOURCES_DIST) \ $(libmappers_la_SOURCES) $(opensc_mapper_la_SOURCES) \ $(openssh_mapper_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ CRYPTO_LIBS = @CRYPTO_LIBS@ CURL_CFLAGS = @CURL_CFLAGS@ CURL_LIBS = @CURL_LIBS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDAP_CFLAGS = @LDAP_CFLAGS@ LDAP_LIBS = @LDAP_LIBS@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NM = @NM@ NMEDIT = @NMEDIT@ NSS_CFLAGS = @NSS_CFLAGS@ NSS_LIBS = @NSS_LIBS@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ POSUB = @POSUB@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@/pam_pkcs11 libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ MAINTAINERCLEANFILES = Makefile.in # Add openssl specific flags # Statically linked mappers list # Uncomment to get the referred mapper statically linked # DON'T FORGET to update libmappers_la_SOURCES and lib_LTLIBRARIES entries below # nor the corresponding "module = ..." in etc/pam_pkcs11.conf.example # #AM_CFLAGS += -DLDAP_MAPPER_STATIC #AM_CFLAGS += -DOPENSC_MAPPER_STATIC #AM_CFLAGS += -DOPENSSH_MAPPER_STATIC AM_CFLAGS = $(CRYPTO_CFLAGS) -DSUBJECT_MAPPER_STATIC \ -DMAIL_MAPPER_STATIC -DMS_MAPPER_STATIC -DKRB_MAPPER_STATIC \ -DDIGEST_MAPPER_STATIC -DCN_MAPPER_STATIC -DUID_MAPPER_STATIC \ -DPWENT_MAPPER_STATIC -DGENERIC_MAPPER_STATIC \ -DNULL_MAPPER_STATIC AM_CPPFLAGS = $(CRYPTO_CFLAGS) # list of statically linked mappers noinst_LTLIBRARIES = libmappers.la libmappers_la_SOURCES = mapper.c mapper.h \ subject_mapper.c subject_mapper.h \ mail_mapper.c mail_mapper.h \ ms_mapper.c ms_mapper.h \ krb_mapper.c krb_mapper.h \ digest_mapper.c digest_mapper.h \ cn_mapper.c cn_mapper.h \ uid_mapper.c uid_mapper.h \ pwent_mapper.c pwent_mapper.h \ generic_mapper.c generic_mapper.h \ null_mapper.c null_mapper.h \ mapperlist.c mapperlist.h libmappers_la_LDFLAGS = ../scconf/libscconf.la ../common/libcommon.la -shared @HAVE_LDAP_FALSE@lib_LTLIBRARIES = opensc_mapper.la openssh_mapper.la # list of dynamic linked mappers @HAVE_LDAP_TRUE@lib_LTLIBRARIES = ldap_mapper.la opensc_mapper.la openssh_mapper.la openssh_mapper_la_SOURCES = openssh_mapper.c openssh_mapper.h openssh_mapper_la_LDFLAGS = -module -avoid-version -shared openssh_mapper_la_LIBADD = libmappers.la # generic_mapper_la_SOURCES = generic_mapper.c generic_mapper.h # generic_mapper_la_LDFLAGS = -module -avoid-version -shared # generic_mapper_la_LIBADD = libmappers.la # subject_mapper_la_SOURCES = subject_mapper.c subject_mapper.h # subject_mapper_la_LDFLAGS = -module -avoid-version -shared # subject_mapper_la_LIBADD = libmappers.la @HAVE_LDAP_TRUE@ldap_mapper_la_SOURCES = ldap_mapper.c ldap_mapper.h @HAVE_LDAP_TRUE@ldap_mapper_la_LDFLAGS = -module -avoid-version -shared @HAVE_LDAP_TRUE@ldap_mapper_la_LIBADD = libmappers.la opensc_mapper_la_SOURCES = opensc_mapper.c opensc_mapper.h opensc_mapper_la_LDFLAGS = -module -avoid-version -shared opensc_mapper_la_LIBADD = libmappers.la all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/mappers/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/mappers/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done clean-noinstLTLIBRARIES: -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done ldap_mapper.la: $(ldap_mapper_la_OBJECTS) $(ldap_mapper_la_DEPENDENCIES) $(EXTRA_ldap_mapper_la_DEPENDENCIES) $(AM_V_CCLD)$(ldap_mapper_la_LINK) $(am_ldap_mapper_la_rpath) $(ldap_mapper_la_OBJECTS) $(ldap_mapper_la_LIBADD) $(LIBS) libmappers.la: $(libmappers_la_OBJECTS) $(libmappers_la_DEPENDENCIES) $(EXTRA_libmappers_la_DEPENDENCIES) $(AM_V_CCLD)$(libmappers_la_LINK) $(libmappers_la_OBJECTS) $(libmappers_la_LIBADD) $(LIBS) opensc_mapper.la: $(opensc_mapper_la_OBJECTS) $(opensc_mapper_la_DEPENDENCIES) $(EXTRA_opensc_mapper_la_DEPENDENCIES) $(AM_V_CCLD)$(opensc_mapper_la_LINK) $(am_opensc_mapper_la_rpath) $(opensc_mapper_la_OBJECTS) $(opensc_mapper_la_LIBADD) $(LIBS) openssh_mapper.la: $(openssh_mapper_la_OBJECTS) $(openssh_mapper_la_DEPENDENCIES) $(EXTRA_openssh_mapper_la_DEPENDENCIES) $(AM_V_CCLD)$(openssh_mapper_la_LINK) $(am_openssh_mapper_la_rpath) $(openssh_mapper_la_OBJECTS) $(openssh_mapper_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cn_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digest_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/generic_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/krb_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ldap_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mail_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mapperlist.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ms_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/null_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/opensc_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssh_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwent_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/subject_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/uid_mapper.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(libdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ clean-noinstLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-libLTLIBRARIES install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-libLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libLTLIBRARIES clean-libtool clean-noinstLTLIBRARIES \ ctags distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-libLTLIBRARIES install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-libLTLIBRARIES # mail_mapper_la_SOURCES = mail_mapper.c mail_mapper.h # mail_mapper_la_LDFLAGS = -module -avoid-version -shared # mail_mapper_la_LIBADD = libmappers.la # ms_mapper_la_SOURCES = ms_mapper.c ms_mapper.h # ms_mapper_la_LDFLAGS = -module -avoid-version -shared # ms_mapper_la_LIBADD = libmappers.la # krb_mapper_la_SOURCES = krb_mapper.c krb_mapper.h # krb_mapper_la_LDFLAGS = -module -avoid-version -shared # krb_mapper_la_LIBADD = libmappers.la # cn_mapper_la_SOURCES = cn_mapper.c cn_mapper.h # cn_mapper_la_LDFLAGS = -module -avoid-version -shared # cn_mapper_la_LIBADD = libmappers.la # uid_mapper_la_SOURCES = uid_mapper.c uid_mapper.h # uid_mapper_la_LDFLAGS = -module -avoid-version -shared # uid_mapper_la_LIBADD = libmappers.la # pwent_mapper_la_SOURCES = pwent_mapper.c pwent_mapper.h # pwent_mapper_la_LDFLAGS = -module -avoid-version -shared # pwent_mapper_la_LIBADD = libmappers.la # digest_mapper_la_SOURCES = digest_mapper.c digest_mapper.h # digest_mapper_la_LDFLAGS = -module -avoid-version -shared # digest_mapper_la_LIBADD = libmappers.la # null_mapper_la_SOURCES = null_mapper.c null_mapper.h # null_mapper_la_LDFLAGS = -module -avoid-version -shared # null_mapper_la_LIBADD = libmappers.la # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam_pkcs11-0.6.8/src/mappers/opensc_mapper.h0000644000175000017500000000267511460625464015671 00000000000000/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: opensc_mapper.h 358 2008-11-06 14:28:46Z ludovic.rousseau $ */ #ifndef __OPENSC_MAPPER_H_ #define __OPENSC_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef OPENSC_MAPPER_STATIC #ifndef __OPENSC_MAPPER_C_ #define OPENSC_EXTERN extern #else #define OPENSC_EXTERN #endif OPENSC_EXTERN mapper_module * opensc_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef OPENSC_EXTERN /* end of static (if any) declarations */ #endif /* End of opensc_mapper.h */ #endif pam_pkcs11-0.6.8/src/mappers/null_mapper.h0000644000175000017500000000264711460625464015353 00000000000000/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: null_mapper.h 358 2008-11-06 14:28:46Z ludovic.rousseau $ */ #ifndef __NULL_MAPPER_H_ #define __NULL_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef NULL_MAPPER_STATIC #ifndef __NULL_MAPPER_C_ #define NULL_EXTERN extern #else #define NULL_EXTERN #endif NULL_EXTERN mapper_module * null_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef NULL_EXTERN /* end of static (if any) declarations */ #endif /* End of null_mapper.h */ #endif pam_pkcs11-0.6.8/src/mappers/mapper.c0000644000175000017500000001532611460625464014312 00000000000000/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: mapper.c 445 2010-08-14 16:19:36Z ludovic.rousseau $ */ #ifndef __MAPPER_C_ #define __MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include #include "../common/debug.h" #include "../common/error.h" #include "../common/uri.h" #include "../common/strings.h" #include "mapper.h" /* * Common functions to all mapping modules */ /** * Initialize a map file * Creates a mapfile entry * load url and store into mapfile * returns struct or NULL on error */ struct mapfile *set_mapent(const char *url) { int res; struct mapfile *mfile = malloc(sizeof(struct mapfile)); if (!mfile) return NULL; mfile->uri=url; mfile->pt = (char *) NULL; mfile->key = (char *) NULL; mfile->value = (char *) NULL; res = get_from_uri(mfile->uri,(unsigned char **)&mfile->buffer,&mfile->length); if (res<0) { DBG1("get_from_uri() error: %s",get_error()); free(mfile); return NULL; } mfile->pt = mfile->buffer; return mfile; } /** * Gets a key/value pair on provided mapfile * returns true (1) on success, false (0) on error */ int get_mapent(struct mapfile *mfile) { char *res; char *sep; size_t len; char *from,*to; /* set up environment */ free (mfile->key); mfile->key=NULL; mfile->value=NULL; try_again: /* get a line from buffer */ from = mfile->pt; /* set up pointer */ while( *from && isspace(*from) ) from++; to = strchr(from,'\n'); /* if no newline, assume string ends at end of buffer */ if (!to) to=mfile->buffer+mfile->length; if (to<=from) { DBG("EOF reached"); return 0; /* empty data */ } /* store and parse line */ len= to-from; res=malloc (len+1); if (!res) { DBG("malloc error"); return 0; /* not enough space to malloc string */ } strncpy(res,from,len); *(res+len)='\0'; if ('#' == res[0]) { DBG1("Line '%s' is a comment: skip",res); free(res); mfile->pt=to; goto try_again; /* repeat loop */ } sep = strstr(res," -> "); if (!sep) { DBG1("Line '%s' has no key -> value format: skip",res); free(res); mfile->pt=to; goto try_again; /* repeat loop */ } *sep='\0'; mfile->key=res; mfile->value=sep+4; mfile->pt=to; DBG2("Found key: '%s' value '%s'",mfile->key,mfile->value); return 1; } /** * closes and free a mapfile entry */ void end_mapent(struct mapfile *mfile) { if (!mfile) return; /* don't free uri: is a scconf provided "const char *" */; /* free (mfile->uri); */ /* don't free key/value: they are pointers to somewhere in buffer */ /* free (mfile->value); */ /* free (mfile->key); */ free (mfile->buffer); free(mfile); return; } /** * find a map from mapfile * @param file FileName * @param key Key to search in mapfile * @param icase ignore case * @param match Set to 1 for mapped string return, unmodified for key return * @return mapped string on match, key on no match, NULL on error */ char *mapfile_find(const char *file, char *key, int icase, int *match) { struct mapfile *mfile; if ( (!key) || is_empty_str(key) ) { DBG("key to map is null or empty"); return NULL; } if ( (!file)||(is_empty_str((char *)file))||(!strcmp(file,"none")) ) { char *res = clone_str(key); DBG("No mapping file specified"); return res; } DBG2("Using mapping file: '%s' to search '%s'",file,key); mfile = set_mapent(file); if (!mfile) { DBG1("Error processing mapfile %s",file); return NULL; } while (get_mapent(mfile)) { int done = 0; if (mfile->key[0]=='^' && mfile->key[strlen(mfile->key)-1]=='$') { regex_t re; DBG2("Trying RE '%s' match on '%s'",mfile->key,key); if (regcomp(&re,mfile->key,(icase ? REG_ICASE : 0)|REG_NEWLINE)) { DBG2("RE '%s' in mapfile '%s' is invalid",mfile->key,file); } else { done = !regexec(&re,key,0,NULL,0); regfree(&re); } } else if (icase) done = !strcasecmp(key, mfile->key); else done = !strcmp(key, mfile->key); if (done) { char *res=clone_str(mfile->value); DBG2("Found mapfile match '%s' -> '%s'",key,mfile->value); end_mapent(mfile); *match = 1; return res; } } /* arriving here means map not found, so return key as result */ DBG("Mapfile match not found"); end_mapent(mfile); return clone_str(key); } /** * find a match from mapfile * @param file FileName * @param key Key to search in mapfile * @param value string to match in mapfile * @param icase ignore upper/lower case * @return 1 on match, 0 on no match, -1 on error */ int mapfile_match(const char *file, char *key, const char *value, int icase) { int res; int match = 0; char *str=mapfile_find(file,key,icase,&match); if (!str) return -1; if (icase) res= (!strcasecmp(str,value))? 1:0; else res= (!strcmp(str,value))? 1:0; return res; } /* pwent related functions */ /** * Compare item to gecos or login pw_entry * returns 1 on match, else 0 */ int compare_pw_entry(const char *str,struct passwd *pw, int ignorecase) { if (ignorecase) { if ( !strcasecmp(pw->pw_name,str) || !strcasecmp(pw->pw_gecos,str) ) { return 1; } } else { if ( !strcmp(pw->pw_name,str) || !strcmp(pw->pw_gecos,str) ) { return 1; } } return 0; } /** * look in pw entries for an item that matches gecos or login to provided string * on success return login * on fail return null */ char *search_pw_entry(const char *str,int ignorecase) { char *res; struct passwd *pw; setpwent(); /* reset pwent parser */ while ( (pw=getpwent()) != NULL) { if( compare_pw_entry(str,pw,ignorecase) ) { DBG1("getpwent() match found: '%s'",pw->pw_name); res= clone_str(pw->pw_name); endpwent(); return res; } } endpwent(); DBG1("No pwent found matching string '%s'",str); return NULL; } #endif pam_pkcs11-0.6.8/src/mappers/ldap_mapper.c0000644000175000017500000006006111606043640015276 00000000000000/* * PAM-PKCS11 ldap mapper module * Copyright (C) 2005 Dominik Fischer * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: ldap_mapper.c 482 2011-01-22 17:43:27Z ludovic.rousseau $ */ /* * Sandro Wefel (SaW) added * TLS/SSL support (see autofs-ldap and libnss-ldap) * multiple LDAP-Server support * multi-value certificate entries */ #define __LDAP_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif /* FIXME do not use deprecated ldap_* functions */ #define LDAP_DEPRECATED 1 #include #include #include #include "../common/cert_st.h" #include "../common/debug.h" #include "../common/error.h" #include "../scconf/scconf.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "ldap_mapper.h" /* * This mapper uses the "login" parameter from mapper_match_user and * uses it to get a certificate from a LDAP server. The digest of * this certificate is then compared to the digest of the certificate * from smartcard. * Configuration is done in pam_pkcs11.conf. */ static const int LDAP_CONFIG_URI_MAX = 10; /* * TODO: * - Support for SASL-AUTH not included yet, I can't test it * * - ldap_unbind (*ld) crash if you connect to a SSL port but have set TLS intead SSL * - no idea why!? * - you got no error-massage from your application * - believe skip ldap_unbind (*ld) for a bind handle isn't a good solution * * - implement searchtimeout * - implement ignorecase */ enum ldap_ssl_options { SSL_OFF, SSL_LDAPS, SSL_START_TLS }; typedef enum ldap_ssl_options ldap_ssl_options_t; #ifndef LDAPS_PORT #define LDAPS_PORT 636 #endif /*** Internal vars *****************************************************/ /* Host and Port */ static const char *ldaphost=""; static int ldapport=0; /* or URI (allow multiple hosts) */ static const char *ldapURI=""; static int scope=1; /* 0: LDAP_SCOPE_BASE, 1: LDAP_SCOPE_ONE, 2: LDAP_SCOPE_SUB */ static const char *binddn=""; static const char *passwd=""; static const char *base="ou=People,o=example,c=com"; static const char *attribute="userCertificate"; static const char *filter="(&(objectClass=posixAccount)(uid=%s)"; static int searchtimeout=20; static int ignorecase=0; static const X509 **ldap_x509; static int certcnt=0; static ldap_ssl_options_t ssl_on = SSL_OFF; #if defined HAVE_LDAP_START_TLS_S || (defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)) /* TLS/SSL specific options */ static const char *tls_randfile=""; static const char *tls_cacertfile=""; static const char *tls_cacertdir=""; static int tls_checkpeer=-1; static const char *tls_ciphers=""; static const char *tls_cert=""; static const char *tls_key=""; #endif static int ldapVersion = 3; #ifdef HAVE_LDAP_SET_OPTION static int timeout = 8; /* 8 seconds */ #endif static int bind_timelimit = 2; /* Timelimit for BIND */ static const int sscope[] = { LDAP_SCOPE_BASE, LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE}; /*** Internal funcs ****************************************************/ static int do_init (LDAP ** ld, const char *uri, int ldapdefport) { int rc; int ldaps; char uribuf[512]; char *p; DBG("do_init():"); ldaps = (strncasecmp (uri, "ldaps://", sizeof ("ldaps://") - 1) == 0); p = strchr (uri, ':'); /* we should be looking for the second instance to find the port number */ if (p != NULL) { p = strchr (p, ':'); } #ifdef HAVE_LDAP_INITIALIZE if (p == NULL && ((ldaps && ldapdefport != LDAPS_PORT) || (!ldaps && ldapdefport != LDAP_PORT))) { /* No port specified in URI and non-default port specified */ snprintf (uribuf, sizeof (uribuf), "%s:%d", uri, ldapdefport); uri = uribuf; } rc = ldap_initialize (ld, uri); #else /* TODO: !HAVE_LDAP_INITIALIZE => no ldaps:// possible? */ if (strncasecmp (uri, "ldap://", sizeof ("ldap://") - 1) != 0) { return LDAP_UNAVAILABLE; } uri += sizeof ("ldap://") - 1; p = strchr (uri, ':'); if (p != NULL) { size_t urilen = (p - uri); if (urilen >= sizeof (uribuf)) { return LDAP_UNAVAILABLE; } memcpy (uribuf, uri, urilen); uribuf[urilen] = '\0'; ldapdefport = atoi (p + 1); uri = uribuf; } # ifdef HAVE_LDAP_INIT *ld = ldap_init (uri, ldapdefport); # else *ld = ldap_open (uri, ldapdefport); # endif rc = (*ld == NULL) ? LDAP_SERVER_DOWN : LDAP_SUCCESS; #endif /* HAVE_LDAP_INITIALIZE */ if (rc == LDAP_SUCCESS && *ld == NULL) { rc = LDAP_UNAVAILABLE; } return rc; } #if defined HAVE_LDAP_START_TLS_S || (defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)) /* * Set the ssl option */ static int do_ssl_options (LDAP *ldap_connection) { int rc; DBG("do_ssl_options"); #ifdef LDAP_OPT_X_TLS_RANDOM_FILE if (strncmp(tls_randfile,"",1)) { /* rand file */ rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_RANDOM_FILE, tls_randfile); if (rc != LDAP_SUCCESS) { DBG("do_ssl_options: Setting of LDAP_OPT_X_TLS_RANDOM_FILE failed"); return LDAP_OPERATIONS_ERROR; } } #endif /* LDAP_OPT_X_TLS_RANDOM_FILE */ if (strncmp(tls_cacertfile,"",1)) { /* ca cert file */ rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE, tls_cacertfile); if (rc != LDAP_SUCCESS) { DBG("do_ssl_options: Setting of LDAP_OPT_X_TLS_CACERTFILE failed"); return LDAP_OPERATIONS_ERROR; } } if (strncmp(tls_cacertdir,"",1)) { /* ca cert directory */ rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR, tls_cacertdir); if (rc != LDAP_SUCCESS) { DBG("do_ssl_options: Setting of LDAP_OPT_X_TLS_CACERTDIR failed"); return LDAP_OPERATIONS_ERROR; } } /* the cert have to be checked ? */ if (tls_checkpeer > -1) { rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &tls_checkpeer); if (rc != LDAP_SUCCESS) { DBG("do_ssl_options: Setting of LDAP_OPT_X_TLS_REQUIRE_CERT failed"); return LDAP_OPERATIONS_ERROR; } } if (strncmp(tls_ciphers,"",1)) { /* set cipher suite, certificate and private key: */ rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, tls_ciphers); if (rc != LDAP_SUCCESS) { DBG("do_ssl_options: Setting of LDAP_OPT_X_TLS_CIPHER_SUITE failed"); return LDAP_OPERATIONS_ERROR; } } /* where is the requiered cert */ if (strncmp(tls_cert,"",1)) { rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE, tls_cert); if (rc != LDAP_SUCCESS) { DBG("do_ssl_options: Setting of LDAP_OPT_X_TLS_CERTFILE failed"); return LDAP_OPERATIONS_ERROR; } } /* where is the key */ if (strncmp(tls_key,"",1)) { rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE, tls_key); if (rc != LDAP_SUCCESS) { DBG("do_ssl_options: Setting of LDAP_OPT_X_TLS_KEYFILE failed"); return LDAP_OPERATIONS_ERROR; } } return LDAP_SUCCESS; } #endif static int do_bind (LDAP * ldap_connection, int timelimit) { int rc; int rv; struct timeval tv; LDAPMessage *result; /* * set timelimit in ld for select() call in ldap_pvt_connect() * function implemented in libldap2's os-ip.c */ tv.tv_sec = timelimit; tv.tv_usec = 0; DBG2("do_bind(): bind DN=\"%s\" pass=\"%s\"",binddn,passwd); /* LDAPv3 doesn't need bind at all, * nevertheless, if no binddn is given than bind anonymous */ if ( ! strncmp(binddn,"",1) ) { rv = ldap_simple_bind(ldap_connection, NULL, NULL); } else { rv = ldap_simple_bind(ldap_connection, binddn, passwd); } if (rv < 0) { DBG("do_bind: rv < 0"); #if defined(HAVE_LDAP_GET_OPTION) && defined(LDAP_OPT_ERROR_NUMBER) if (ldap_get_option (ldap_connection, LDAP_OPT_ERROR_NUMBER, &rc) != LDAP_SUCCESS) { rc = LDAP_UNAVAILABLE; } #else rc = ldap_connection->ld_errno; #endif /* LDAP_OPT_ERROR_NUMBER */ /* Notify if we failed. */ DBG3("could not connect to LDAP server as %s - %d - %s", binddn, rc, ldap_err2string (rc)); return rc; } rc = ldap_result (ldap_connection, rv, 0, &tv, &result); if (rc > 0) { DBG1("do_bind rc=%d", rc); /* debug ("<== do_bind"); */ return ldap_result2error (ldap_connection, result, 1); } /* took too long */ if (rc == 0) { DBG("do_bind rc=0"); ldap_abandon (ldap_connection, rv); } DBG("do_bind return -1"); return -1; } /* * Opes connection to an LDAP server * uri must be one URI */ static int do_open (LDAP **ld, const char* uri, int defport, ldap_ssl_options_t ssl_on_local) { #if defined(LDAP_OPT_NETWORK_TIMEOUT) || defined(HAVE_LDAP_START_TLS) struct timeval tv; #endif #ifdef HAVE_LDAP_START_TLS struct timeval *tvp; LDAPMessage *res = NULL; int msgid; #endif int rc; rc = do_init (ld, uri, defport); if (rc != LDAP_SUCCESS) { DBG("do_open(): do_init failed"); return rc; } if( ! *ld) { DBG("do_open(): internal error - assert (*ld != NULL)"); return(-2); } #if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_PROTOCOL_VERSION) ldap_set_option (*ld, LDAP_OPT_PROTOCOL_VERSION, &ldapVersion); #endif /* LDAP_OPT_PROTOCOL_VERSION */ #if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_NETWORK_TIMEOUT) /* ldap_set_option (*ld, LDAP_OPT_NETWORK_TIMEOUT, &timeout); */ rc = ldap_set_option(*ld, LDAP_OPT_NETWORK_TIMEOUT, &timeout); if ( rc != LDAP_SUCCESS ) { DBG2("Warning: failed to set connection timeout to %d: %s", timeout, ldap_err2string(rc)); } else DBG1("Set connection timeout to %d", timeout); #endif /* LDAP_OPT_NETWORK_TIMEOUT */ #if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_NETWORK_TIMEOUT) tv.tv_sec = bind_timelimit; tv.tv_usec = 0; ldap_set_option (*ld, LDAP_OPT_NETWORK_TIMEOUT, &tv); #endif /* LDAP_OPT_NETWORK_TIMEOUT */ #if defined(HAVE_LDAP_START_TLS_S) || defined(HAVE_LDAP_START_TLS) if (ssl_on_local == SSL_START_TLS) { int version; /* we need V3 at least */ if (ldap_get_option(*ld, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) { if (ldapVersion < LDAP_VERSION3) { ldapVersion = LDAP_VERSION3; ldap_set_option (*ld, LDAP_OPT_PROTOCOL_VERSION, &ldapVersion); } } /* set up SSL context */ if (do_ssl_options (*ld) != LDAP_SUCCESS) { ldap_unbind (*ld); DBG("do_open(): SSL setup failed"); return LDAP_UNAVAILABLE; } #ifdef HAVE_LDAP_START_TLS DBG("do_open(): do_start_tls"); rc = ldap_start_tls (*ld, NULL, NULL, &msgid); if (rc != LDAP_SUCCESS) { DBG1("do_open(): ldap_start_tls failed: %s", ldap_err2string (rc)); return rc; } if (bind_timelimit == LDAP_NO_LIMIT) { tvp = NULL; } else { tv.tv_sec = bind_timelimit; tv.tv_usec = 0; tvp = &tv; } rc = ldap_result (*ld, msgid, 1, tvp, &res); if (rc == -1) { #if defined(HAVE_LDAP_GET_OPTION) && defined(LDAP_OPT_ERROR_NUMBER) if (ldap_get_option (*ld, LDAP_OPT_ERROR_NUMBER, &rc) != LDAP_SUCCESS) { rc = LDAP_UNAVAILABLE; } #else rc = ld->ld_errno; #endif /* LDAP_OPT_ERROR_NUMBER */ DBG1("do_open(): ldap_start_tls failed: %s", ldap_err2string (rc)); return rc; } rc = ldap_result2error (*ld, res, 1); if (rc != LDAP_SUCCESS) { DBG1("do_open(): ldap_result2error failed: %s)", ldap_err2string (rc)); return rc; } rc = ldap_install_tls (*ld); #else rc = ldap_start_tls_s (*ld, NULL, NULL); #endif /* HAVE_LDAP_START_TLS */ if (rc == LDAP_SUCCESS) { DBG("do_open(): TLS startup succeeded"); } else { ldap_unbind (*ld); DBG2("do_open(): TLS startup failed for LDAP server %s: %s", uri, ldap_err2string (rc)); return rc; } } else #endif /* HAVE_LDAP_START_TLS_S || HAVE_LDAP_START_TLS */ /* * If SSL is desired, then enable it. */ if (ssl_on_local == SSL_LDAPS) { #if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS) int tls = LDAP_OPT_X_TLS_HARD; if (ldap_set_option (*ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) { ldap_unbind (*ld); DBG("do_open(): TLS setup failed"); return LDAP_UNAVAILABLE; } /* set up SSL context */ if (do_ssl_options (*ld) != LDAP_SUCCESS) { ldap_unbind (*ld); DBG("do_open(): SSL setup failed"); return LDAP_UNAVAILABLE; } #endif } rc = do_bind (*ld, bind_timelimit); if (rc != LDAP_SUCCESS) { DBG2("do_open(): failed to bind to LDAP server %s: %s", uri, ldap_err2string (rc)); ldap_unbind (*ld); } return rc; } /* * add singe URI to array of uris */ static int ldap_add_uri (char **uris, const char *a_uri, char **buffer, size_t *buflen) { int i; size_t uri_len; for (i = 0; uris[i] != NULL; i++) ; if (i == LDAP_CONFIG_URI_MAX) { DBG("maximum number of URIs exceeded"); return -1; } uri_len = strlen (a_uri); if (*buflen < uri_len + 1) { DBG("buffer to small for URI"); return -1; } memcpy (*buffer, a_uri, uri_len + 1); uris[i] = *buffer; uris[i + 1] = NULL; *buffer += uri_len + 1; *buflen -= uri_len + 1; DBG1("added URI %s", a_uri); return 0; } /** * Get certificate from LDAP-Server. */ static int ldap_get_certificate(const char *login) { LDAP *ldap_connection; int entries; LDAPMessage *res; LDAPMessage *entry; struct berval **bvals = NULL; BerElement *ber = NULL; char *name = NULL; char filter_str[100]; char *attrs[2]; int rv = LDAP_SUCCESS; void *bv_val; char uri[4096]; char uribuf[4096]; char *uris[LDAP_CONFIG_URI_MAX + 1]; const char *p; int current_uri = 0, start_uri = 0; char *buffer; size_t buflen; uris[0] = NULL; attrs[0] = (char *)attribute; attrs[1] = NULL; DBG1("ldap_get_certificate(): begin login = %s", login); /* Put the login to the %s in Filterstring */ snprintf(filter_str, sizeof(filter_str), filter, login); DBG1("ldap_get_certificate(): filter_str = %s", filter_str); /* parse and split URI config entry */ buffer = uribuf; buflen = sizeof (uribuf); strncpy(uri, ldapURI, sizeof (uri)-1); /* Add a space separated list of URIs */ /* TODO: no spaces in one URI allowed => URL-encoding? */ if(strncmp(ldapURI,"",1)) for (p = uri; p != NULL; ) { char *q = strchr (p, ' '); if (q != NULL) *q = '\0'; if( strlen(p) > 1 ) /* SAW: don't add spaces */ rv = ldap_add_uri (uris, p, &buffer, &buflen); p = (q != NULL) ? ++q : NULL; if (rv) break; } /* set the default port if no port is given */ if (ldapport == 0) { if (ssl_on == SSL_LDAPS) { ldapport = LDAPS_PORT; } else { ldapport = LDAP_PORT; } } /* add ldaphost to uris if set, nevermind "uri" is set in config */ if( strlen(ldaphost) > 1 ) { /* No port specified in URI and non-default port specified */ snprintf (uri, sizeof (uri), "%s%s:%d", ssl_on == SSL_LDAPS ? "ldaps://" : "ldap://", ldaphost, ldapport); ldap_add_uri (uris, uri, &buffer, &buflen); } if (uris[0] == NULL) { DBG("ldap_get_certificate(): Nor URI or usable Host entry found"); return(-1); } /* Attempt to connect to specified URI in order until do_open succeed */ start_uri = current_uri; do { if(uris[current_uri] != NULL) DBG1("ldap_get_certificate(): try do_open for %s", uris[current_uri]); rv = do_open(&ldap_connection, uris[current_uri], ldapport, ssl_on); /* hot-fix, because in some circumstances an LDAP_SERVER_DOWN is returned */ if (rv != LDAP_UNAVAILABLE && rv != LDAP_SERVER_DOWN) break; current_uri++; if (uris[current_uri] == NULL) current_uri = 0; } while (current_uri != start_uri); if( rv != LDAP_SUCCESS ) { DBG("ldap_get_certificate(): do_open failed"); return(-2); } /* TODO: (1) The problem: if an working uri is found it is used and if there is an (SSL-)error, no other one is tried (2) There is no session, so we don't know which LDAP_Server is the last with a successful connection. So we try the same server again. Perhaps create a state file/smem/etc. ? */ rv = ldap_search_s( ldap_connection, base, sscope[scope], filter_str, attrs, 0, &res); if ( rv != LDAP_SUCCESS ) { DBG1("ldap_search_s() failed: %s", ldap_err2string(rv)); ldap_unbind_s(ldap_connection); return(-3); } else { entries = ldap_count_entries(ldap_connection, res); DBG1("ldap_get_certificate(): entries = %d", entries); if( entries > 1 ) { DBG("! Warning, more than one entry found. Please choose \"filter\" and"); DBG("! \"attribute\" in ldap mapper config section of your config,"); DBG("! that only one entry with one attribute is matched"); DBG("! Maybe there is another problem in ldap with not unique user"); DBG("! entries in your LDAP server."); } /* Only first entry is used. "filter" and "attribute" * should be choosen, so that only one entry with * one attribute is returned */ if ( NULL == (entry = ldap_first_entry(ldap_connection, res))){ DBG("ldap_first_entry() failed: %s"); ldap_unbind_s(ldap_connection); return(-4); } /* Only first attribute is used. See comment above... */ if ( NULL == (name = ldap_first_attribute(ldap_connection, res, &ber))){ DBG("ldap_first_attribute() failed (rc=%d)"); ldap_unbind_s(ldap_connection); return(-5); } DBG1("attribute name = %s", name); bvals = ldap_get_values_len(ldap_connection, entry, name); certcnt = ldap_count_values_len(bvals); DBG1("number of user certificates = %d", certcnt); ldap_x509 = malloc(sizeof(X509*) * certcnt ); if (NULL == ldap_x509) { DBG("not enough memory"); return(-7); } rv = 0; while(rv < certcnt ) { /* SaW: not nifty, but otherwise gcc doesn't optimize */ bv_val = &bvals[rv]->bv_val; #ifdef HAVE_NSS { SECItem derdata; derdata.data = bv_val; derdata.len = bvals[rv]->bv_len; ldap_x509[rv] = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &derdata, NULL, 0, 1); } #else ldap_x509[rv] = d2i_X509(NULL, ((const unsigned char **) bv_val), bvals[rv]->bv_len); #endif if (NULL == ldap_x509[rv]) { DBG1("d2i_X509() failed for certificate %d", rv); free(ldap_x509); #ifdef HAVE_NSS { for (rv=0; rvpw_name); res= ldap_mapper_match_user(x509,pw->pw_name,context); if (res) { DBG1("Certificate maps to user '%s'",pw->pw_name); found= clone_str(pw->pw_name); *match = 1; break; } else { DBG1("Certificate map to user '%s' failed",pw->pw_name); } } endpwent(); #ifdef false int res; res= ldap_mapper_match_user(x509,"wefel",context); if (res) { DBG("Certificate maps to user wefel"); found= clone_str("wefel"); } else { DBG("Certificate map to user wefel failed"); } #endif return found; } static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = ldap_mapper_find_entries; pt->finder = ldap_mapper_find_user; pt->matcher = ldap_mapper_match_user; pt->deinit = mapper_module_end; return pt; } #ifndef LDAP_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * ldap_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; pt = init_mapper_st(blk,mapper_name); if (blk) { read_config(blk); } else { set_debug_level(1); DBG1("No configuration entry for mapper '%s'. Assume defaults", mapper_name); } return pt; } pam_pkcs11-0.6.8/src/mappers/mapper.h0000644000175000017500000001676311460625464014325 00000000000000/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: mapper.h 445 2010-08-14 16:19:36Z ludovic.rousseau $ */ #ifndef __MAPPER_H_ #define __MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include <../common/cert_st.h> #include "../scconf/scconf.h" /** * Structure to be filled on mapper module initialization */ typedef struct mapper_module_st { /** mapper name */ const char *name; /** mapper configuration block */ scconf_block *block; /** debug level to set before call entry points */ int dbg_level; /** pointer to mapper local data */ void *context; /** cert. entries enumerator */ char **(*entries)(X509 *x509, void *context); /** cert. login finder */ char *(*finder)(X509 *x509, void *context, int *match); /** cert-to-login matcher*/ int (*matcher)(X509 *x509, const char *login, void *context); /** module de-initialization */ void (*deinit)( void *context); } mapper_module; /** * This struct is used in processing map files * a map file is a list of "key" " -> " "value" text lines */ struct mapfile { /** URL of mapfile */ const char *uri; /** buffer to content of mapfile */ char *buffer; /** lenght of buffer */ size_t length; /** pointer to last readed entry in buffer */ char *pt; /** key entry in current buffer */ char *key; /** value assigned to key */ char *value; }; /* ------------------------------------------------------- */ /** * Initialize module and mapper_module_st structure * * EVERY mapper module MUST provide and export this function if dinamycally linked *@param ctx Pointer to related configuration file context *@param mapper_name Name of this mapper. Used for multi-mapper modules *@return Pointer to a mapper_module structure, or NULL if failed */ mapper_module * mapper_module_init(scconf_block *ctx,const char *mapper_name); /* ------------------------------------------------------- */ /* * mapper.c prototype functions */ #ifndef __MAPPER_C_ #define MAPPER_EXTERN extern #else #define MAPPER_EXTERN #endif /* mapfile related functions */ /** * Initialize a mapper entry table *@param uri Universal Resource Locator of the file to be mapped *@return A mapfile structure pointer or NULL */ MAPPER_EXTERN struct mapfile *set_mapent(const char *uri); /** * Retrieve next entry of given map file *@param mfile Map file entry pointer *@return 1 on sucess, 0 on no more entries, -1 on error */ MAPPER_EXTERN int get_mapent(struct mapfile *mfile); /** * Release a mapentry structure *@param mfile Map file structure to be released */ MAPPER_EXTERN void end_mapent(struct mapfile *mfile); /** * Try to map "key" to provided mapfile *@param file URL of map file *@param key String to be mapped *@param ignorecase Flag to indicate upper/lowercase ignore in string compare *@param match Set to 1 for mapped string return, unmodified for key return *@return key on no match, else a clone_str()'d of found mapping */ MAPPER_EXTERN char *mapfile_find(const char *file,char *key,int ignorecase,int *match); /** * Try to match provided key to provided name by mean of a mapfile *@param file URL of map file *@param key String to be mapped *@param value String to be matched against mapped result *@param ignorecase Flag to indicate upper/lowercase ignore in string compare *@return 1 on match, 0 on no match, -1 on process error */ MAPPER_EXTERN int mapfile_match(const char *file,char *key,const char *value,int ignorecase); /* pwent related functions */ /** * find the user login that matches pw_name or pw_gecos with provided item *@param item Data to be searched from password database *@param ignorecase Flag to check upper/lowercase in string comparisions *@return userlogin if match found, else NULL */ MAPPER_EXTERN char *search_pw_entry(const char *item, int ignorecase); /** * Test if provided item matches pw_name or pw_gecos of provided password structure *@param item String to be compared *@param pw password entry to search into *@param ignorecase Flag to check upper/lowercase in string comparisions *@return 1 on match, 0 on no match, -1 on error */ MAPPER_EXTERN int compare_pw_entry(const char *item, struct passwd *pw,int ignorecase); #undef MAPPER_EXTERN /* ------------------------------------------------------- */ /** * Default macro for locate certificate entry * * Provided as sample for debugging, not for real user *@param x509 X509 Certificate *@param context Mapper context *@return String array with up to 15 results or NULL if fail */ #define _DEFAULT_MAPPER_FIND_ENTRIES \ static char ** mapper_find_entries(X509 *x509, void *context) { \ return NULL; \ } /** * Default macro for locating user * * Should not be used except for debugging, as allways returns "nobody" *@param x509 X509 Certificate *@param context Mapper context *@return Found user, or NULL */ #define _DEFAULT_MAPPER_FIND_USER \ static char * mapper_find_user(X509 *x509,void *context,int *match) { \ if ( !x509 ) return NULL; \ *match = 1; \ return "nobody"; \ } /** * Macro for match mapper function * *@param x509 X509 Certificate *@param login user to match, or null to find user that matches certificate *@param context Mapper context *@return 1 on success; login points to matched user * 0 on no match * -1 on error */ #define _DEFAULT_MAPPER_MATCH_USER \ static int mapper_match_user(X509 *x509, const char *login, void *context) { \ int match = 0; \ char *username= mapper_find_user(x509,context,&match); \ if (!x509) return -1; \ if (!login) return -1; \ if (!username) return 0; /*user not found*/ \ if ( ! strcmp(login,username) ) return 1; /* match user */ \ return 0; /* no match */ \ } /** * Macro for de-initialization routine *@param context Mapper context */ #define _DEFAULT_MAPPER_END \ static void mapper_module_end(void *context) { \ free(context); \ return; \ } \ /** * Macro for default init function *@param blk Mapper Configuration file block *@param name Name of this mapper *@return pointer to mapper_module data, else NULL * NOTE: mapper module data MUST BE defined in module */ #define _DEFAULT_MAPPER_INIT \ mapper_module* mapper_module_init(scconf_block *blk,const char *name) { \ mapper_module *pt= malloc(sizeof (mapper_module)); \ if (!pt) return NULL; \ pt->name = name; \ pt->context = NULL; \ pt->block = blk; \ pt->dbg_level = get_debug_level(); \ pt->entries = mapper_find_entries; \ pt->finder = mapper_find_user; \ pt->matcher = mapper_match_user; \ pt->deinit = mapper_module_end; \ return pt; \ } \ /* end of mapper.h file */ #endif pam_pkcs11-0.6.8/src/mappers/openssh_mapper.h0000644000175000017500000000271011460625464016047 00000000000000/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: openssh_mapper.h 358 2008-11-06 14:28:46Z ludovic.rousseau $ */ #ifndef __OPENSSH_MAPPER_H_ #define __OPENSSH_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef OPENSSH_MAPPER_STATIC #ifndef __OPENSSH_MAPPER_C_ #define OPENSSH_EXTERN extern #else #define OPENSSH_EXTERN #endif OPENSSH_EXTERN mapper_module * openssh_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef OPENSSH_EXTERN /* end of static (if any) declarations */ #endif /* End of openssh_mapper.h */ #endif pam_pkcs11-0.6.8/src/mappers/cn_mapper.c0000644000175000017500000001046611460625464014772 00000000000000/* * PAM-PKCS11 CN mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: cn_mapper.c 445 2010-08-14 16:19:36Z ludovic.rousseau $ */ #define __CN_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "cn_mapper.h" static const char *mapfile="none"; static int ignorecase=0; static int debug=0; /* * This mapper uses the common name (CN) entry on the certificate to * find user name. * When a mapfile is specified, try to map CN entry to a user login */ /** * Return array of found CN's */ static char ** cn_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_CN,ALGORITHM_NULL); if (!entries) { DBG("get_common_name() failed"); return NULL; } return entries; } /* parses the certificate and return the first CN entry found, or NULL */ static char * cn_mapper_find_user(X509 *x509, void *context, int *match) { char *res; char **entries= cert_info(x509,CERT_CN,ALGORITHM_NULL); if (!entries) { DBG("get_common_name() failed"); return NULL; } DBG1("trying to map CN entry '%s'",entries[0]); res = mapfile_find(mapfile,entries[0],ignorecase,match); if (!res) { DBG("Error in map process"); return NULL; } return clone_str(res); } /* * parses the certificate and try to macht any CN in the certificate * with provided user */ static int cn_mapper_match_user(X509 *x509,const char *login, void *context) { char *str; int match_found = 0; char **entries = cert_info(x509,CERT_CN,ALGORITHM_NULL); if (!entries) { DBG("get_common_name() failed"); return -1; } /* parse list of uids until match */ for (str=*entries; str && (match_found==0); str=*++entries) { int res=0; DBG1("trying to map & match CN entry '%s'",str); res = mapfile_match(mapfile,str,login,ignorecase); if (!res) { DBG("Error in map&match process"); return -1; /* or perhaps should be "continue" ??*/ } if (res>0) match_found=1; } return match_found; } _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = cn_mapper_find_entries; pt->finder = cn_mapper_find_user; pt->matcher = cn_mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * Initialization routine */ #ifndef CN_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * cn_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; if (blk) { debug= scconf_get_bool(blk,"debug",0); mapfile= scconf_get_str(blk,"mapfile",mapfile); ignorecase= scconf_get_bool(blk,"ignorecase",ignorecase); } else { DBG1("No block declaration for mapper '%s'",mapper_name); } set_debug_level(debug); pt = init_mapper_st(blk,mapper_name); if (pt) DBG3("CN mapper started. debug: %d, mapfile: %s, icase: %d",debug,mapfile,ignorecase); else DBG("CN mapper initialization error"); return pt; } pam_pkcs11-0.6.8/src/mappers/ldap_mapper.h0000644000175000017500000000264711460625464015321 00000000000000/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: ldap_mapper.h 358 2008-11-06 14:28:46Z ludovic.rousseau $ */ #ifndef __LDAP_MAPPER_H_ #define __LDAP_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef LDAP_MAPPER_STATIC #ifndef __LDAP_MAPPER_C_ #define LDAP_EXTERN extern #else #define LDAP_EXTERN #endif LDAP_EXTERN mapper_module * ldap_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef LDAP_EXTERN /* end of static (if any) declarations */ #endif /* End of ldap_mapper.h */ #endif pam_pkcs11-0.6.8/src/mappers/ms_mapper.h0000644000175000017500000000262111460625464015010 00000000000000/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: ms_mapper.h 358 2008-11-06 14:28:46Z ludovic.rousseau $ */ #ifndef __MS_MAPPER_H_ #define __MS_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef MS_MAPPER_STATIC #ifndef __MS_MAPPER_C_ #define MS_EXTERN extern #else #define MS_EXTERN #endif MS_EXTERN mapper_module * ms_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef MS_EXTERN /* end of static (if any) declarations */ #endif /* End of ms_mapper.h */ #endif pam_pkcs11-0.6.8/src/mappers/krb_mapper.c0000644000175000017500000001020711460625464015141 00000000000000/* * PAM-PKCS11 Kerberos Principal Name mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: krb_mapper.c 445 2010-08-14 16:19:36Z ludovic.rousseau $ */ #define __KRB_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "krb_mapper.h" /* * This mapper uses (if available) the optional Kerberos Principal Name * entry on the certificate to find user name. */ static int debug = 0; /* TODO: Implement kerberos authentication via PKINIT protocol */ /* * get Kerberos principal name of certificate */ /** * Return array of found CN's */ static char ** krb_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_KPN,ALGORITHM_NULL); if (!entries) { DBG("get_krb_principalname() failed"); return NULL; } return entries; } /* parses the certificate and return the email entry found, or NULL */ static char * krb_mapper_find_user(X509 *x509, void *context, int *match) { char *res; char **entries= cert_info(x509,CERT_KPN,ALGORITHM_NULL); if (!entries) { DBG("get_krb_principalname() failed"); return NULL; } DBG1("trying to map kpn entry '%s'",entries[0]); res = mapfile_find("none",entries[0],0,match); if (!res) { DBG("Error in map process"); return NULL; } return clone_str(res); } /* * parses the certificate and try to macht any CN in the certificate * with provided user */ static int krb_mapper_match_user(X509 *x509, const char *login, void *context) { char *str; int match_found = 0; char **entries = cert_info(x509,CERT_KPN,ALGORITHM_NULL); if (!entries) { DBG("get_krb_principalname() failed"); return -1; } /* parse list of entries until match */ for (str=*entries; str && (match_found==0); str=*++entries) { int res=0; DBG1("trying to map & match KPN entry '%s'",str); res = mapfile_match("none",str,login,0); if (!res) { DBG("Error in map&match process"); return -1; /* or perhaps should be "continue" ??*/ } if (res>0) match_found=1; } return match_found; } _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = krb_mapper_find_entries; pt->finder = krb_mapper_find_user; pt->matcher = krb_mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * init routine * parse configuration block entry */ #ifndef KRB_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * krb_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; if( blk) debug = scconf_get_bool(blk,"debug",0); set_debug_level(debug); pt=init_mapper_st(blk,mapper_name); if(pt) DBG("KPN mappper started"); else DBG("KPN mapper initialization failed"); return pt; } pam_pkcs11-0.6.8/src/mappers/digest_mapper.c0000644000175000017500000000775611460625464015661 00000000000000/* * PAM-PKCS11 Certificate digest mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: digest_mapper.c 445 2010-08-14 16:19:36Z ludovic.rousseau $ */ #define __DIGEST_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include "../common/cert_st.h" #include "../common/alg_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "digest_mapper.h" /* * Create Certificate digest and use it to perform mapping process */ static const char *mapfile = "none"; static ALGORITHM_TYPE algorithm= ALGORITHM_SHA1; static int debug= 0; /* * return fingerprint of certificate */ static char ** digest_mapper_find_entries(X509 *x509, void *context) { char **entries; if ( !x509 ) { DBG("NULL certificate provided"); return NULL; } entries= cert_info(x509,CERT_DIGEST,algorithm); DBG1("entries() Found digest '%s'",entries[0]); return entries; } static char * digest_mapper_find_user(X509 *x509, void *context, int *match) { char **entries; if ( !x509 ) { DBG("NULL certificate provided"); return NULL; } entries = cert_info(x509,CERT_DIGEST,algorithm); DBG1("find() Found digest '%s'",entries[0]); return mapfile_find(mapfile,entries[0],1,match); } /* * parses the certificate and try to macth certificate digest * with provided user */ static int digest_mapper_match_user(X509 *x509,const char *login, void *context) { char **entries; if (!x509) { DBG("NULL certificate provided"); return 0; } entries = cert_info(x509,CERT_DIGEST,algorithm); DBG1("match() Found digest '%s'",entries[0]); return mapfile_match(mapfile,entries[0],login,1); } _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = digest_mapper_find_entries; pt->finder = digest_mapper_find_user; pt->matcher = digest_mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * Initialize module * returns 1 on success, 0 on error */ #ifndef DIGEST_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * digest_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; const char *hash_alg_string = NULL; if (blk) { debug = scconf_get_bool( blk,"debug",0); hash_alg_string = scconf_get_str( blk,"algorithm","sha1"); mapfile= scconf_get_str(blk,"mapfile",mapfile); } else { /* should not occurs, but... */ DBG1("No block declaration for mapper '%s'",mapper_name); } set_debug_level(debug); algorithm = Alg_get_alg_from_string(hash_alg_string); if(algorithm == ALGORITHM_NULL) { DBG1("Invalid digest algorithm %s, using 'sha1'", hash_alg_string); algorithm = ALGORITHM_SHA1; } pt = init_mapper_st(blk,mapper_name); if (pt) DBG3("Digest mapper started. debug: %d, mapfile: %s, algorithm: %s",debug,mapfile,hash_alg_string); else DBG("Digest mapper initialization failed"); return pt; } pam_pkcs11-0.6.8/src/mappers/digest_mapper.h0000644000175000017500000000267511460625464015661 00000000000000/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id: digest_mapper.h 358 2008-11-06 14:28:46Z ludovic.rousseau $ */ #ifndef __DIGEST_MAPPER_H_ #define __DIGEST_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef DIGEST_MAPPER_STATIC #ifndef __DIGEST_MAPPER_C_ #define DIGEST_EXTERN extern #else #define DIGEST_EXTERN #endif DIGEST_EXTERN mapper_module * digest_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef DIGEST_EXTERN /* end of static (if any) declarations */ #endif /* End of digest_mapper.h */ #endif pam_pkcs11-0.6.8/src/Makefile.am0000644000175000017500000000024411460625464013240 00000000000000# Process this file with automake to create Makefile.in MAINTAINERCLEANFILES = Makefile.in # Order IS important SUBDIRS = scconf common mappers pam_pkcs11 tools pam_pkcs11-0.6.8/src/Makefile.in0000644000175000017500000004527011740072345013254 00000000000000# Makefile.in generated by automake 1.11.3 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Process this file with automake to create Makefile.in VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ subdir = src DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/aclocal/acx_pthread.m4 \ $(top_srcdir)/aclocal/gettext.m4 \ $(top_srcdir)/aclocal/iconv.m4 $(top_srcdir)/aclocal/lib-ld.m4 \ $(top_srcdir)/aclocal/lib-link.m4 \ $(top_srcdir)/aclocal/lib-prefix.m4 \ $(top_srcdir)/aclocal/libtool.m4 \ $(top_srcdir)/aclocal/ltoptions.m4 \ $(top_srcdir)/aclocal/ltsugar.m4 \ $(top_srcdir)/aclocal/ltversion.m4 \ $(top_srcdir)/aclocal/lt~obsolete.m4 \ $(top_srcdir)/aclocal/nls.m4 $(top_srcdir)/aclocal/po.m4 \ $(top_srcdir)/aclocal/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ distdir ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ CRYPTO_LIBS = @CRYPTO_LIBS@ CURL_CFLAGS = @CURL_CFLAGS@ CURL_LIBS = @CURL_LIBS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDAP_CFLAGS = @LDAP_CFLAGS@ LDAP_LIBS = @LDAP_LIBS@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NM = @NM@ NMEDIT = @NMEDIT@ NSS_CFLAGS = @NSS_CFLAGS@ NSS_LIBS = @NSS_LIBS@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ POSUB = @POSUB@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ MAINTAINERCLEANFILES = Makefile.in # Order IS important SUBDIRS = scconf common mappers pam_pkcs11 tools all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ install-am install-strip tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic clean-libtool \ ctags ctags-recursive distclean distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam_pkcs11-0.6.8/src/pam_pkcs11/0000755000175000017500000000000011740072425013215 500000000000000pam_pkcs11-0.6.8/src/pam_pkcs11/mapper_mgr.h0000644000175000017500000000474711460625464015461 00000000000000/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * Mapper module copyright (c) 2005 Juan Antonio Martinez * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id: mapper_mgr.h 358 2008-11-06 14:28:46Z ludovic.rousseau $ */ /* * this module manages dynamic load of mapping modules * also is used as entry point for cert matching routines */ #ifndef _MAPPER_MGR_H_ #define _MAPPER_MGR_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../mappers/mapper.h" /* * mapper module descriptor */ struct mapper_instance { void *module_handler; const char *module_name; const char *module_path; mapper_module *module_data; }; /* * mapper module list */ struct mapper_listitem { struct mapper_instance *module; struct mapper_listitem *next; }; /* * load and initialize a module * returns descriptor on success, null on fail */ struct mapper_instance *load_module(scconf_context *ctx, const char * name); /** * Unload a module */ void unload_module( struct mapper_instance *module ); /** * compose mapper module chain */ struct mapper_listitem *load_mappers( scconf_context *ctx ); /** * unload mapper module chain */ void unload_mappers(void); /* * this function search mapper module list until * find a module that returns a login name for * provided certificate */ char * find_user(X509 *x509); /** * This function search mapper module list until * find a module that match provided login name * if login is null, call find_user and returns 1,or 0 depending on user found * @return 1 if match * 0 on no match * -1 on error */ int match_user(X509 *x509, const char *login); /* * This funcions goest throught the mapper list * and trying to get the certificate strings to be used on each * module to perform find/match functions. * No map / match are done: just print found strings on stdout. * This function is mostly used in pkcert_view toool */ void inspect_certificate(X509 *x509); #endif pam_pkcs11-0.6.8/src/pam_pkcs11/pam_config.c0000644000175000017500000003024111606043640015401 00000000000000/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * config mgmt copyright (c) 2005 Juan Antonio Martinez * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id: pam_config.c 491 2011-03-22 08:30:44Z ludovic.rousseau $ */ #define _PAM_CONFIG_C_ #include #include #include "config.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/cert_vfy.h" #include "pam_config.h" #include "mapper_mgr.h" #undef DEBUG_CONFIG #define N_(string) (string) /* * configuration related functions */ struct configuration_st configuration = { CONFDIR "/pam_pkcs11.conf", /* char * config_file; */ NULL, /* scconf_context *ctx; */ 0, /* int debug; */ 0, /* int nullok; */ 0, /* int try_first_pass; */ 0, /* int use_first_pass; */ 0, /* int use_authok; */ 0, /* int card_only; */ 0, /* int wait_for_card; */ "default", /* const char *pkcs11_module; */ CONFDIR "/pkcs11_module.so",/* const char *pkcs11_module_path; */ NULL, /* screen savers */ NULL, /* slot_description */ -1, /* int slot_num; */ 0, /* support threads */ /* cert policy; */ { 0, CRLP_NONE, 0, CONFDIR "/cacerts", CONFDIR "/crls", CONFDIR "/nssdb", OCSP_NONE }, N_("Smart card"), /* token_type */ NULL, /* char *username */ 0, /* int quiet */ 0 /* err_display_time */ }; #ifdef DEBUG_CONFIG static void display_config (void) { DBG1("debug %d",configuration.debug); DBG1("nullok %d",configuration.nullok); DBG1("try_first_pass %d",configuration.try_first_pass); DBG1("use_first_pass %d", configuration.use_first_pass); DBG1("use_authok %d", configuration.use_authok); DBG1("card_only %d", configuration.card_only); DBG1("wait_for_card %d", configuration.wait_for_card); DBG1("pkcs11_module %s",configuration.pkcs11_module); DBG1("pkcs11_modulepath %s",configuration.pkcs11_modulepath); DBG1("slot_description %s",configuration.slot_description); DBG1("slot_num %d",configuration.slot_num); DBG1("ca_dir %s",configuration.policy.ca_dir); DBG1("crl_dir %s",configuration.policy.crl_dir); DBG1("nss_dir %s",configuration.policy.nss_dir); DBG1("support_threads %d",configuration.support_threads); DBG1("ca_policy %d",configuration.policy.ca_policy); DBG1("crl_policy %d",configuration.policy.crl_policy); DBG1("signature_policy %d",configuration.policy.signature_policy); DBG1("ocsp_policy %d",configuration.policy.ocsp_policy); DBG1("err_display_time %d", configuration.err_display_time); } #endif /* parse configuration file */ static void parse_config_file(void) { scconf_block **pkcs11_mblocks,*pkcs11_mblk; const scconf_list *mapper_list; const scconf_list *policy_list; const scconf_list *screen_saver_list; const scconf_list *tmp; scconf_context *ctx; const scconf_block *root; configuration.ctx = scconf_new(configuration.config_file); if (!configuration.ctx) { DBG("Error creating conf context"); return; } ctx = configuration.ctx; if ( scconf_parse(ctx) <=0 ) { DBG1("Error parsing file %s",configuration.config_file); return; } /* now parse options */ root = scconf_find_block(ctx, NULL, "pam_pkcs11"); if (!root) { DBG1("pam_pkcs11 block not found in config: %s",configuration.config_file); return; } configuration.err_display_time = scconf_get_int(root,"err_display_time",configuration.err_display_time); configuration.nullok = scconf_get_bool(root,"nullok",configuration.nullok); configuration.quiet = scconf_get_bool(root,"quiet",configuration.quiet); if (configuration.quiet) set_debug_level(-2); configuration.debug = scconf_get_bool(root,"debug",configuration.debug); if (configuration.debug) set_debug_level(1); configuration.use_first_pass = scconf_get_bool(root,"use_first_pass",configuration.use_first_pass); configuration.try_first_pass = scconf_get_bool(root,"try_first_pass",configuration.try_first_pass); configuration.use_authok = scconf_get_bool(root,"use_authok",configuration.use_authok); configuration.card_only = scconf_get_bool(root,"card_only",configuration.card_only); configuration.wait_for_card = scconf_get_bool(root,"wait_for_card",configuration.wait_for_card); configuration.pkcs11_module = ( char * ) scconf_get_str(root,"use_pkcs11_module",configuration.pkcs11_module); /* search pkcs11 module options */ pkcs11_mblocks = scconf_find_blocks(ctx,root,"pkcs11_module",configuration.pkcs11_module); if (!pkcs11_mblocks) { DBG1("Pkcs11 module name not found: %s",configuration.pkcs11_module); } else { pkcs11_mblk=pkcs11_mblocks[0]; /* should only be one */ free(pkcs11_mblocks); if (!pkcs11_mblk) { DBG1("No module entry: %s",configuration.pkcs11_module); } configuration.pkcs11_modulepath = (char *) scconf_get_str(pkcs11_mblk,"module",configuration.pkcs11_modulepath); configuration.policy.ca_dir = (char *) scconf_get_str(pkcs11_mblk,"ca_dir",configuration.policy.ca_dir); configuration.policy.crl_dir = (char *) scconf_get_str(pkcs11_mblk,"crl_dir",configuration.policy.crl_dir); configuration.policy.nss_dir = (char *) scconf_get_str(pkcs11_mblk,"nss_dir",configuration.policy.nss_dir); configuration.slot_description = (char *) scconf_get_str(pkcs11_mblk,"slot_description",configuration.slot_description); configuration.slot_num = scconf_get_int(pkcs11_mblk,"slot_num",configuration.slot_num); if (configuration.slot_description != NULL && configuration.slot_num != -1) { DBG1("Can not specify both slot_description and slot_num in file %s",configuration.config_file); return; } if (configuration.slot_description == NULL && configuration.slot_num == -1) { DBG1("Neither slot_description nor slot_num found in file %s",configuration.config_file); return; } configuration.support_threads = scconf_get_bool(pkcs11_mblk,"support_threads",configuration.support_threads); policy_list= scconf_find_list(pkcs11_mblk,"cert_policy"); while(policy_list) { if ( !strcmp(policy_list->data,"none") ) { configuration.policy.crl_policy=CRLP_NONE; configuration.policy.ocsp_policy=OCSP_NONE; configuration.policy.ca_policy=0; configuration.policy.signature_policy=0; break; } else if ( !strcmp(policy_list->data,"crl_auto") ) { configuration.policy.crl_policy=CRLP_AUTO; } else if ( !strcmp(policy_list->data,"crl_online") ) { configuration.policy.crl_policy=CRLP_ONLINE; } else if ( !strcmp(policy_list->data,"crl_offline") ) { configuration.policy.crl_policy=CRLP_OFFLINE; } else if ( !strcmp(policy_list->data,"ocsp_on") ) { configuration.policy.ocsp_policy=OCSP_ON; } else if ( !strcmp(policy_list->data,"ca") ) { configuration.policy.ca_policy=1; } else if ( !strcmp(policy_list->data,"signature") ) { configuration.policy.signature_policy=1; } else { DBG1("Invalid CRL policy: %s",policy_list->data); } policy_list= policy_list->next; } configuration.token_type = (char *) scconf_get_str(pkcs11_mblk,"token_type",configuration.token_type); } screen_saver_list = scconf_find_list(root,"screen_savers"); if (screen_saver_list) { int count,i; for (count=0, tmp=screen_saver_list; tmp ; tmp=tmp->next, count++); configuration.screen_savers = malloc((count+1)*sizeof(char *)); for (i=0, tmp=screen_saver_list; tmp; tmp=tmp->next, i++) { configuration.screen_savers[i] = (char *)tmp->data; } configuration.screen_savers[count] = 0; } /* now obtain and initialize mapper list */ mapper_list = scconf_find_list(root,"use_mappers"); if (!mapper_list) { DBG1("No mappers specified in config: %s",configuration.config_file); return; } /* load_mappers(ctx); */ /* that's all folks: return */ return; } /* * values are taken in this order (low to high precedence): * 1- default values * 2- configuration file * 3- commandline arguments options */ struct configuration_st *pk_configure( int argc, const char **argv ) { int i; /* try to find a configuration file entry */ for (i = 0; i < argc; i++) { if (strstr(argv[i],"config_file=") ) { configuration.config_file=1+strchr(argv[i],'='); break; } } DBG1("Using config file %s",configuration.config_file); /* parse configuration file */ parse_config_file(); #ifdef DEBUG_CONFIG display_config(); #endif /* finally parse provided arguments */ /* dont skip argv[0] */ for (i = 0; i < argc; i++) { if (strcmp("nullok", argv[i]) == 0) { configuration.nullok = 1; continue; } if (strcmp("try_first_pass", argv[i]) == 0) { configuration.try_first_pass = 1; continue; } if (strcmp("use_first_pass", argv[i]) == 0) { configuration.use_first_pass = 1; continue; } if (strcmp("wait_for_card", argv[i]) == 0) { configuration.wait_for_card = 1; continue; } if (strcmp("dont_wait_for_card", argv[i]) == 0) { configuration.wait_for_card = 0; continue; } if (strcmp("debug", argv[i]) == 0) { configuration.debug = 1; set_debug_level(1); continue; } if (strcmp("nodebug", argv[i]) == 0) { configuration.debug = 0; if (configuration.quiet) set_debug_level(-2); else set_debug_level(0); continue; } if (strcmp("quiet", argv[i]) == 0) { configuration.quiet = 1; set_debug_level(-2); continue; } if (strstr(argv[i],"pkcs11_module=") ) { configuration.pkcs11_module = argv[i] + sizeof("pkcs11_module=")-1; continue; } if (strstr(argv[i],"slot_description=") ) { configuration.slot_description = argv[i] + sizeof("slot_description=")-1; continue; } if (strstr(argv[i],"slot_num=") ) { sscanf(argv[i],"slot_num=%d",&configuration.slot_num); continue; } if (strstr(argv[i],"ca_dir=") ) { configuration.policy.ca_dir = argv[i] + sizeof("ca_dir=")-1; continue; } if (strstr(argv[i],"crl_dir=") ) { configuration.policy.crl_dir = argv[i] + sizeof("crl_dir=")-1; continue; } if (strstr(argv[i],"nss_dir=") ) { configuration.policy.nss_dir = argv[i] + sizeof("nss_dir=")-1; continue; } if (strstr(argv[i],"cert_policy=") ) { if (strstr(argv[i],"none")) { configuration.policy.crl_policy=CRLP_NONE; configuration.policy.ca_policy=0; configuration.policy.signature_policy=0; configuration.policy.ocsp_policy=OCSP_NONE; } if (strstr(argv[i],"crl_online")) { configuration.policy.crl_policy=CRLP_ONLINE; } if (strstr(argv[i],"crl_offline")) { configuration.policy.crl_policy=CRLP_OFFLINE; } if (strstr(argv[i],"crl_auto")) { configuration.policy.crl_policy=CRLP_AUTO; } if ( strstr(argv[i],"ocsp_on") ) { configuration.policy.ocsp_policy=OCSP_ON; } if (strstr(argv[i],"ca")) { configuration.policy.ca_policy=1; } if (strstr(argv[i],"signature")) { configuration.policy.signature_policy=1; } continue; } if (strstr(argv[i],"token_type=") ) { configuration.token_type = argv[i] + sizeof("token_type=")-1; continue; } if (strstr(argv[i],"config_file=") ) { /* already parsed, skip */ continue; } /* if argument is not recognised, log error message */ syslog(LOG_ERR, "argument %s is not supported by this module", argv[i]); DBG1("argument %s is not supported by this module", argv[i]); } #ifdef DEBUG_CONFIG display_config(); #endif return &configuration; } pam_pkcs11-0.6.8/src/pam_pkcs11/mapper_mgr.c0000644000175000017500000002240711606043640015435 00000000000000/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * Mapper module copyright (c) 2005 Juan Antonio Martinez * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id: mapper_mgr.c 486 2011-01-22 17:58:16Z ludovic.rousseau $ */ /* * this module manages dynamic load of mapping modules * also is used as entry point for cert matching routines */ #define _MAPPER_MGR_C_ #ifdef HAVE_CONFIG_H #include #endif #include #include #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../mappers/mapper.h" #include "../mappers/mapperlist.h" #include "mapper_mgr.h" struct mapper_listitem *root_mapper_list; /* * load and initialize a module * returns descriptor on success, null on fail */ struct mapper_instance *load_module(scconf_context *ctx, const char * name) { const scconf_block *root; scconf_block **blocks, *blk; struct mapper_instance *mymodule; mapper_module * (*mapper_init)(scconf_block *blk, const char *mapper_name); void *handler = NULL; int old_level=get_debug_level(); const char *libname = NULL; mapper_module * res = NULL; /* get module info */ root = scconf_find_block(ctx,NULL,"pam_pkcs11"); if(!root) return NULL; /* no pam_pkcs11 { ... } root block */ blocks = scconf_find_blocks(ctx,root,"mapper",name); if (!blocks) return NULL; /* named mapper not found */ blk=blocks[0]; /* should only be one */ free(blocks); if (!blk) { DBG1("Mapper entry '%s' not found. Assume static module with default values",name); } else { /* compose module path */ libname = scconf_get_str(blk, "module", NULL); } if ( (!blk) || (!libname) || (!strcmp(libname,"internal")) ) { int n; DBG1("Loading static module for mapper '%s'",name); libname = NULL; handler = NULL; mapper_init = NULL; for(n=0;static_mapper_list[n].name;n++) { if (strcmp(static_mapper_list[n].name,name)) continue; /* match found: get data */ mapper_init = static_mapper_list[n].init; res= mapper_init(blk,name); if (!res ) { /* init failed */ DBG1("Static mapper %s init failed",name); return NULL; } /* save dbg level of mapper and restore previous one */ res->dbg_level=get_debug_level(); set_debug_level(old_level); } if ( !mapper_init ) { DBG1("Static mapper '%s' not found",name); return NULL; } } else if (blk) { /* assume dynamic module */ DBG1("Loading dynamic module for mapper '%s'",name); handler= dlopen(libname,RTLD_NOW); if (!handler) { DBG3("dlopen failed for module: %s path: %s Error: %s",name,libname,dlerror()); return NULL; } mapper_init = ( mapper_module * (*)(scconf_block *blk, const char *mapper_name) ) dlsym(handler,"mapper_module_init"); if ( !mapper_init) { dlclose(handler); DBG1("Module %s is not a mapper",name); return NULL; } res= mapper_init(blk,name); if (!res ) { /* init failed */ DBG1("Module %s init failed",name); dlclose(handler); return NULL; } /* save dbg level of mapper and restore previous one */ res->dbg_level=get_debug_level(); set_debug_level(old_level); } /* allocate data */ mymodule = malloc (sizeof(struct mapper_instance)); if (!mymodule) { DBG1("No space to alloc module entry: '%s'",name); return NULL; } mymodule->module_handler=handler; mymodule->module_name=name; mymodule->module_path=libname; mymodule->module_data=res; /* that's all folks */ return mymodule; } void unload_module( struct mapper_instance *module ) { if (!module) { DBG("Trying to unmap empty module"); return; } DBG1("calling mapper_module_end() %s",module->module_name); if ( module->module_data->deinit ) { int old_level= get_debug_level(); set_debug_level(module->module_data->dbg_level); (*module->module_data->deinit)(module->module_data->context); set_debug_level(old_level); } if (module->module_handler) { DBG1("unloading module %s",module->module_name); dlclose(module->module_handler); } else {/* static mapper module */ DBG1("Module %s is static: don't remove",module->module_name); } module->module_data=NULL; /* don't free name and libname: they are elements of scconf tree */ free(module); return; } /** * compose mapper module chain */ struct mapper_listitem *load_mappers( scconf_context *ctx ) { struct mapper_listitem *last =NULL; const scconf_list *module_list = NULL; const scconf_block *root= NULL; root_mapper_list = NULL; /* extract mapper list */ root = scconf_find_block(ctx,NULL,"pam_pkcs11"); if (!root) { DBG("No pam_pkcs11 block in config file"); return NULL; } DBG("Retrieveing mapper module list"); root = scconf_find_block(ctx, NULL, "pam_pkcs11"); if (!root) { /* should not occurs, but Murphy says.. */ DBG("pam_pkcs11 block not found in config file"); return NULL; } module_list = scconf_find_list(root,"use_mappers"); if (!module_list) { DBG("No use_mappers entry found in config"); return NULL; } while (module_list) { char *name = module_list->data; struct mapper_instance *module = load_module(ctx,name); if (module) { struct mapper_listitem *item = malloc(sizeof(struct mapper_listitem)); if (!item) { DBG1("Error allocating modulelist entry: %s",name); unload_module(module); return NULL; } item->module = module; item->next = NULL; DBG1("Inserting mapper [%s] into list",name); if (!last) { /* empty list */ last = item; root_mapper_list = item; } else { /* insert at end of list */ last->next= item; last = item; } } module_list = module_list->next; } return root_mapper_list; } void unload_mappers(void) { struct mapper_listitem *next; struct mapper_listitem *item = root_mapper_list; DBG("unloading mapper module list"); while (item) { next=item->next; /* free the module */ unload_module(item->module); /* free the list item */ free(item); item=next; } root_mapper_list=NULL; return; } void inspect_certificate(X509 *x509) { int old_level=get_debug_level(); struct mapper_listitem *item = root_mapper_list; if (!x509) return; while (item) { char *str=NULL; char **data=NULL; if (! item->module->module_data->entries) { DBG1("Mapper '%s' has no inspect() function",item->module->module_name); item=item->next; continue; } set_debug_level(item->module->module_data->dbg_level); data = (*item->module->module_data->entries)(x509,item->module->module_data->context); set_debug_level(old_level); if (!data) { DBG1("Cannot find cert data for mapper %s",item->module->module_name); item=item->next; continue; } printf("Printing data for mapper %s:\n",item->module->module_name); for (str=*data; str; str=*++data) fprintf(stdout,"%s\n",str); item=item->next; } } /* * this function search mapper module list until * find a module that returns a login name for * provided certificate */ char * find_user(X509 *x509) { int old_level= get_debug_level(); struct mapper_listitem *item = root_mapper_list; if (!x509) return NULL; while (item) { char *login = NULL; if(! item->module->module_data->finder) { DBG1("Mapper '%s' has no find() function",item->module->module_name); } else { int match = 0; set_debug_level(item->module->module_data->dbg_level); login = (*item->module->module_data->finder)(x509,item->module->module_data->context, &match); set_debug_level(old_level); DBG3("Mapper '%s' found %s, matched %d", item->module->module_name,login, match); if (login) { if (match) return login; free(login); } } item=item->next; } return NULL; } /** * This function search mapper module list until * find a module that match provided login name * if login is null, call find_user and returns 1,or 0 depending on user found * @return 1 if match * 0 on no match * -1 on error */ int match_user(X509 *x509, const char *login) { int old_level= get_debug_level(); struct mapper_listitem *item = root_mapper_list; if (!x509) return -1; /* if no login provided, call */ if (!login) return 0; while (item) { int res=0; /* default: no match */ if (!item->module->module_data->matcher) { DBG1("Mapper '%s' has no match() function",item->module->module_name); } else { set_debug_level(item->module->module_data->dbg_level); res = (*item->module->module_data->matcher)(x509,login,item->module->module_data->context); set_debug_level(old_level); DBG2("Mapper module %s match() returns %d",item->module->module_name,res); } if (res>0) return res; if (res<0) { /* show error and continue */ DBG1("Error in module %s",item->module->module_name); } item=item->next; } return 0; } pam_pkcs11-0.6.8/src/pam_pkcs11/Makefile.am0000644000175000017500000000113311460625464015175 00000000000000# $Id: Makefile.am 378 2009-10-06 11:51:09Z ludovic.rousseau $ MAINTAINERCLEANFILES = Makefile.in AM_CFLAGS = -Wall -fno-strict-aliasing $(CRYPTO_CFLAGS) AM_CPPFLAGS = -Wall -fno-strict-aliasing $(CRYPTO_CFLAGS) pamdir=$(libdir)/security pam_LTLIBRARIES = pam_pkcs11.la noinst_LTLIBRARIES = libfinder.la libfinder_la_SOURCES = mapper_mgr.c pam_config.c pam_pkcs11_la_SOURCES = pam_pkcs11.c \ mapper_mgr.c mapper_mgr.h \ pam_config.c pam_config.h pam_pkcs11_la_LDFLAGS = -module -avoid-version -shared pam_pkcs11_la_LIBADD = ../mappers/libmappers.la $(CRYPTO_LIBS) format: indent *.c *.h pam_pkcs11-0.6.8/src/pam_pkcs11/Makefile.in0000644000175000017500000005100411740072345015203 00000000000000# Makefile.in generated by automake 1.11.3 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # $Id: Makefile.am 378 2009-10-06 11:51:09Z ludovic.rousseau $ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ subdir = src/pam_pkcs11 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/aclocal/acx_pthread.m4 \ $(top_srcdir)/aclocal/gettext.m4 \ $(top_srcdir)/aclocal/iconv.m4 $(top_srcdir)/aclocal/lib-ld.m4 \ $(top_srcdir)/aclocal/lib-link.m4 \ $(top_srcdir)/aclocal/lib-prefix.m4 \ $(top_srcdir)/aclocal/libtool.m4 \ $(top_srcdir)/aclocal/ltoptions.m4 \ $(top_srcdir)/aclocal/ltsugar.m4 \ $(top_srcdir)/aclocal/ltversion.m4 \ $(top_srcdir)/aclocal/lt~obsolete.m4 \ $(top_srcdir)/aclocal/nls.m4 $(top_srcdir)/aclocal/po.m4 \ $(top_srcdir)/aclocal/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(pamdir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(pam_LTLIBRARIES) libfinder_la_LIBADD = am_libfinder_la_OBJECTS = mapper_mgr.lo pam_config.lo libfinder_la_OBJECTS = $(am_libfinder_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__DEPENDENCIES_1 = pam_pkcs11_la_DEPENDENCIES = ../mappers/libmappers.la \ $(am__DEPENDENCIES_1) am_pam_pkcs11_la_OBJECTS = pam_pkcs11.lo mapper_mgr.lo pam_config.lo pam_pkcs11_la_OBJECTS = $(am_pam_pkcs11_la_OBJECTS) pam_pkcs11_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(pam_pkcs11_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) am__v_CC_0 = @echo " CC " $@; AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; SOURCES = $(libfinder_la_SOURCES) $(pam_pkcs11_la_SOURCES) DIST_SOURCES = $(libfinder_la_SOURCES) $(pam_pkcs11_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ CRYPTO_LIBS = @CRYPTO_LIBS@ CURL_CFLAGS = @CURL_CFLAGS@ CURL_LIBS = @CURL_LIBS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDAP_CFLAGS = @LDAP_CFLAGS@ LDAP_LIBS = @LDAP_LIBS@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NM = @NM@ NMEDIT = @NMEDIT@ NSS_CFLAGS = @NSS_CFLAGS@ NSS_LIBS = @NSS_LIBS@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ POSUB = @POSUB@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ MAINTAINERCLEANFILES = Makefile.in AM_CFLAGS = -Wall -fno-strict-aliasing $(CRYPTO_CFLAGS) AM_CPPFLAGS = -Wall -fno-strict-aliasing $(CRYPTO_CFLAGS) pamdir = $(libdir)/security pam_LTLIBRARIES = pam_pkcs11.la noinst_LTLIBRARIES = libfinder.la libfinder_la_SOURCES = mapper_mgr.c pam_config.c pam_pkcs11_la_SOURCES = pam_pkcs11.c \ mapper_mgr.c mapper_mgr.h \ pam_config.c pam_config.h pam_pkcs11_la_LDFLAGS = -module -avoid-version -shared pam_pkcs11_la_LIBADD = ../mappers/libmappers.la $(CRYPTO_LIBS) all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/pam_pkcs11/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/pam_pkcs11/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-noinstLTLIBRARIES: -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done install-pamLTLIBRARIES: $(pam_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(pamdir)" || $(MKDIR_P) "$(DESTDIR)$(pamdir)" @list='$(pam_LTLIBRARIES)'; test -n "$(pamdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pamdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(pamdir)"; \ } uninstall-pamLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(pam_LTLIBRARIES)'; test -n "$(pamdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(pamdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(pamdir)/$$f"; \ done clean-pamLTLIBRARIES: -test -z "$(pam_LTLIBRARIES)" || rm -f $(pam_LTLIBRARIES) @list='$(pam_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done libfinder.la: $(libfinder_la_OBJECTS) $(libfinder_la_DEPENDENCIES) $(EXTRA_libfinder_la_DEPENDENCIES) $(AM_V_CCLD)$(LINK) $(libfinder_la_OBJECTS) $(libfinder_la_LIBADD) $(LIBS) pam_pkcs11.la: $(pam_pkcs11_la_OBJECTS) $(pam_pkcs11_la_DEPENDENCIES) $(EXTRA_pam_pkcs11_la_DEPENDENCIES) $(AM_V_CCLD)$(pam_pkcs11_la_LINK) -rpath $(pamdir) $(pam_pkcs11_la_OBJECTS) $(pam_pkcs11_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mapper_mgr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_config.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_pkcs11.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(pamdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ clean-pamLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-pamLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pamLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-noinstLTLIBRARIES clean-pamLTLIBRARIES \ ctags distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pamLTLIBRARIES install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pamLTLIBRARIES format: indent *.c *.h # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam_pkcs11-0.6.8/src/pam_pkcs11/pam_config.h0000644000175000017500000000267411606043640015417 00000000000000/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * config mgmt copyright (c) 2005 Juan Antonio Martinez * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id: pam_config.h 491 2011-03-22 08:30:44Z ludovic.rousseau $ */ /* * configuration related functions */ #ifndef _PAM_CONFIG_H_ #define _PAM_CONFIG_H_ #include "../scconf/scconf.h" #include "../common/cert_vfy.h" struct configuration_st { const char *config_file; scconf_context *ctx; int debug; int nullok; int try_first_pass; int use_first_pass; int use_authok; int card_only; int wait_for_card; const char *pkcs11_module; const char *pkcs11_modulepath; const char **screen_savers; const char *slot_description; int slot_num; int support_threads; cert_policy policy; const char *token_type; const char *username; /* provided user name */ int quiet; int err_display_time; }; struct configuration_st *pk_configure( int argc, const char **argv ); #endif pam_pkcs11-0.6.8/src/pam_pkcs11/pam_pkcs11.c0000644000175000017500000006743611740070567015265 00000000000000/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id: pam_pkcs11.c 512 2012-04-07 16:55:20Z ludovic.rousseau $ */ /* We have to make this definitions before we include the pam header files! */ #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #define PAM_SM_SESSION #define PAM_SM_PASSWORD #ifdef HAVE_CONFIG_H #include #endif #include #include #ifdef HAVE_SECURITY_PAM_EXT_H #include #endif #include #include #include #include #include #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/pkcs11_lib.h" #include "../common/cert_vfy.h" #include "../common/cert_info.h" #include "../common/cert_st.h" #include "pam_config.h" #include "mapper_mgr.h" #ifdef ENABLE_NLS #include #include #define _(string) gettext(string) #else #define _(string) string #endif #ifndef PAM_EXTERN #define PAM_EXTERN extern #endif #define LOGNAME "PAM-PKCS11" /* name for log-file entries */ /* * comodity function that returns 1 on null, empty o spaced string */ static int is_spaced_str(const char *str) { char *pt=(char *)str; if(!str) return 1; if (!strcmp(str,"")) return 1; for (;*pt;pt++) if (!isspace(*pt)) return 0; return 1; } #ifndef HAVE_SECURITY_PAM_EXT_H /* * implement pam utilities for older versions of pam. */ static int pam_prompt(pam_handle_t *pamh, int style, char **response, char *fmt, ...) { int rv; struct pam_conv *conv; struct pam_message msg; struct pam_response *resp; /* struct pam_message *(msgp[1]) = { &msg}; */ struct pam_message *(msgp[1]); msgp[0] = &msg; va_list va; char text[128]; va_start(va, fmt); vsnprintf(text, sizeof text, fmt, va); va_end(va); msg.msg_style = style; msg.msg = text; rv = pam_get_item(pamh, PAM_CONV, &conv); if (rv != PAM_SUCCESS) return rv; if ((conv == NULL) || (conv->conv == NULL)) return PAM_CRED_INSUFFICIENT; rv = conv->conv(1, msgp, &resp, conv->appdata_ptr); if (rv != PAM_SUCCESS) return rv; if ((resp == NULL) || (resp[0].resp == NULL)) return !response ? PAM_SUCCESS : PAM_CRED_INSUFFICIENT; if (response) { *response = strdup(resp[0].resp); } /* overwrite memory and release it */ memset(resp[0].resp, 0, strlen(resp[0].resp)); free(&resp[0]); return PAM_SUCCESS; } static void pam_syslog(pam_handle_t *pamh, int priority, const char *fmt, ...) { va_list ap; va_start(ap, fmt); vsyslog(priority, fmt, ap); va_end(ap); } #endif /* * Gets the users password. Depending whether it was already asked, either * a prompt is shown or the old value is returned. */ static int pam_get_pwd(pam_handle_t *pamh, char **pwd, char *text, int oitem, int nitem) { int rv; const char *old_pwd; struct pam_conv *conv; struct pam_message msg; struct pam_response *resp; /* struct pam_message *(msgp[1]) = { &msg}; */ const struct pam_message *(msgp[1]); msgp[0] = &msg; /* use stored password if variable oitem is set */ if ((oitem == PAM_AUTHTOK) || (oitem == PAM_OLDAUTHTOK)) { /* try to get stored item */ rv = pam_get_item(pamh, oitem, &old_pwd); if (rv != PAM_SUCCESS) return rv; if (old_pwd != NULL) { *pwd = strdup(old_pwd); return PAM_SUCCESS; } } /* ask the user for the password if variable text is set */ if (text != NULL) { msg.msg_style = PAM_PROMPT_ECHO_OFF; msg.msg = text; rv = pam_get_item(pamh, PAM_CONV, &conv); if (rv != PAM_SUCCESS) return rv; if ((conv == NULL) || (conv->conv == NULL)) return PAM_CRED_INSUFFICIENT; rv = conv->conv(1, msgp, &resp, conv->appdata_ptr); if (rv != PAM_SUCCESS) return rv; if ((resp == NULL) || (resp[0].resp == NULL)) return PAM_CRED_INSUFFICIENT; *pwd = strdup(resp[0].resp); /* overwrite memory and release it */ memset(resp[0].resp, 0, strlen(resp[0].resp)); free(&resp[0]); /* save password if variable nitem is set */ if ((nitem == PAM_AUTHTOK) || (nitem == PAM_OLDAUTHTOK)) { rv = pam_set_item(pamh, nitem, *pwd); if (rv != PAM_SUCCESS) return rv; } return PAM_SUCCESS; } return PAM_CRED_INSUFFICIENT; } PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { int i, rv; const char *user = NULL; char *password; unsigned int slot_num = 0; int is_a_screen_saver = 0; struct configuration_st *configuration; int pkcs11_pam_fail = PAM_AUTHINFO_UNAVAIL; pkcs11_handle_t *ph; cert_object_t *chosen_cert = NULL; cert_object_t **cert_list; int ncert; unsigned char random_value[128]; unsigned char *signature; unsigned long signature_length; /* enough space to hold an issuer DN */ char env_temp[256] = ""; char **issuer, **serial; const char *login_token_name = NULL; pam_prompt(pamh, PAM_TEXT_INFO , NULL, _("Smartcard authentification starts")); /* first of all check whether debugging should be enabled */ for (i = 0; i < argc; i++) if (strcmp("debug", argv[i]) == 0) { set_debug_level(1); } /* call configure routines */ configuration = pk_configure(argc,argv); if (!configuration ) { ERR("Error setting configuration parameters"); return PAM_AUTHINFO_UNAVAIL; } /* Either slot_description or slot_num, but not both, needs to be used */ if ((configuration->slot_description != NULL && configuration->slot_num != -1) || (configuration->slot_description == NULL && configuration->slot_num == -1)) { ERR("Error setting configuration parameters"); return PAM_AUTHINFO_UNAVAIL; } /* fail if we are using a remote server * local login: DISPLAY=:0 * XDMCP login: DISPLAY=host:0 */ { char *display = getenv("DISPLAY"); if (display) { if (strncmp(display, "localhost:", 10) != 0 && (display[0] != ':') && (display[0] != '\0')) { ERR1("Remote login (from %s) is not (yet) supported", display); pam_syslog(pamh, LOG_ERR, "Remote login (from %s) is not (yet) supported", display); return PAM_AUTHINFO_UNAVAIL; } } } #ifdef ENABLE_NLS setlocale(LC_ALL, ""); bindtextdomain(PACKAGE, "/usr/share/locale"); textdomain(PACKAGE); #endif /* init openssl */ rv = crypto_init(&configuration->policy); if (rv != 0) { ERR("Failed to initialize crypto"); if (!configuration->quiet) pam_syslog(pamh,LOG_ERR, "Failed to initialize crypto"); return PAM_AUTHINFO_UNAVAIL; } /* * card_only means: * 1) always get the userid from the certificate. * 2) don't prompt for the user name if the card is present. * 3) if the token is present, then we must use the cardAuth mechanism. * * wait_for_card means: * 1) nothing if card_only isn't set * 2) if logged in, block in pam conversation until the token used for login * is inserted * 3) if not logged in, block until a token that could be used for logging in * is inserted * right now, logged in means PKC11_LOGIN_TOKEN_NAME is set, * but we could something else later (like set some per-user state in * a pam session module keyed off uid) */ if (configuration->card_only) { char *service; if (configuration->screen_savers) { DBG("Is it a screen saver?"); pam_get_item(pamh, PAM_SERVICE, &service); for (i=0; configuration->screen_savers[i]; i++) { if (strcmp(configuration->screen_savers[i], service) == 0) { is_a_screen_saver = 1; break; } } } pkcs11_pam_fail = PAM_CRED_INSUFFICIENT; /* look to see if username is already set */ pam_get_item(pamh, PAM_USER, &user); if (user) { DBG1("explicit username = [%s]", user); } } else { rv = pam_get_item(pamh, PAM_USER, &user); if (rv != PAM_SUCCESS || user == NULL || user[0] == '\0') { pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Please insert your %s or enter your username."), _(configuration->token_type)); /* get user name */ rv = pam_get_user(pamh, &user, NULL); if (rv != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "pam_get_user() failed %s", pam_strerror(pamh, rv)); return PAM_USER_UNKNOWN; } } DBG1("username = [%s]", user); } login_token_name = getenv("PKCS11_LOGIN_TOKEN_NAME"); /* if we are using a screen saver, and we didn't log in using the smart card * drop to the next pam module. */ if (is_a_screen_saver && !login_token_name) { return PAM_IGNORE; } /* load pkcs #11 module */ DBG("loading pkcs #11 module..."); rv = load_pkcs11_module(configuration->pkcs11_modulepath, &ph); if (rv != 0) { ERR2("load_pkcs11_module() failed loading %s: %s", configuration->pkcs11_modulepath, get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "load_pkcs11_module() failed loading %s: %s", configuration->pkcs11_modulepath, get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2302: PKCS#11 module failed loading")); sleep(configuration->err_display_time); } return PAM_AUTHINFO_UNAVAIL; } /* initialise pkcs #11 module */ DBG("initialising pkcs #11 module..."); rv = init_pkcs11_module(ph,configuration->support_threads); if (rv != 0) { release_pkcs11_module(ph); ERR1("init_pkcs11_module() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "init_pkcs11_module() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2304: PKCS#11 module could not be initialized")); sleep(configuration->err_display_time); } return PAM_AUTHINFO_UNAVAIL; } /* open pkcs #11 session */ if (configuration->slot_description != NULL) { rv = find_slot_by_slotlabel_and_tokenlabel(ph, configuration->slot_description, login_token_name, &slot_num); } else if (configuration->slot_num != -1) { rv = find_slot_by_number_and_label(ph, configuration->slot_num, login_token_name, &slot_num); } if (rv != 0) { ERR("no suitable token available"); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "no suitable token available"); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2306: No suitable token available")); sleep(configuration->err_display_time); } if (!configuration->card_only) { release_pkcs11_module(ph); return PAM_AUTHINFO_UNAVAIL; } /* we must have a smart card, either because we've configured it as such, * or because we used one to log in */ if (login_token_name || configuration->wait_for_card) { if (login_token_name) { pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Please insert your smart card called \"%.32s\"."), login_token_name); } else { pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Please insert your smart card.")); } if (configuration->slot_description != NULL) { rv = wait_for_token_by_slotlabel(ph, configuration->slot_description, login_token_name, &slot_num); } else if (configuration->slot_num != -1) { rv = wait_for_token(ph, configuration->slot_num, login_token_name, &slot_num); } if (rv != 0) { release_pkcs11_module(ph); return pkcs11_pam_fail; } } else if (user) { if (!configuration->quiet) { pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2308: No smartcard found")); sleep(configuration->err_display_time); } /* we have a user and no smart card, go to the next pam module */ release_pkcs11_module(ph); return PAM_AUTHINFO_UNAVAIL; } else { /* we haven't prompted for the user yet, get the user and see if * the smart card has been inserted in the mean time */ pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Please insert your %s or enter your username."), _(configuration->token_type)); rv = pam_get_user(pamh, &user, NULL); /* check one last time for the smart card before bouncing to the next * module */ if (configuration->slot_description != NULL) { rv = find_slot_by_slotlabel(ph, configuration->slot_description, &slot_num); } else if (configuration->slot_num != -1) { rv = find_slot_by_number(ph, configuration->slot_num, &slot_num); } if (rv != 0) { /* user gave us a user id and no smart card go to next module */ if (!configuration->quiet) { pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2310: No smartcard found")); sleep(configuration->err_display_time); } release_pkcs11_module(ph); return PAM_AUTHINFO_UNAVAIL; } } } else { pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("%s found."), _(configuration->token_type)); } rv = open_pkcs11_session(ph, slot_num); if (rv != 0) { ERR1("open_pkcs11_session() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "open_pkcs11_session() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2312: open PKCS#11 session failed")); sleep(configuration->err_display_time); } release_pkcs11_module(ph); return pkcs11_pam_fail; } rv = get_slot_login_required(ph); if (rv == -1) { ERR1("get_slot_login_required() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "get_slot_login_required() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2314: Slot login failed")); sleep(configuration->err_display_time); } release_pkcs11_module(ph); return pkcs11_pam_fail; } else if (rv) { /* get password */ pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Welcome %.32s!"), get_slot_tokenlabel(ph)); /* no CKF_PROTECTED_AUTHENTICATION_PATH */ rv = get_slot_protected_authentication_path(ph); if ((-1 == rv) || (0 == rv)) { char password_prompt[128]; snprintf(password_prompt, sizeof(password_prompt), _("%s PIN: "), _(configuration->token_type)); if (configuration->use_first_pass) { rv = pam_get_pwd(pamh, &password, NULL, PAM_AUTHTOK, 0); } else if (configuration->try_first_pass) { rv = pam_get_pwd(pamh, &password, password_prompt, PAM_AUTHTOK, PAM_AUTHTOK); } else { rv = pam_get_pwd(pamh, &password, password_prompt, 0, PAM_AUTHTOK); } if (rv != PAM_SUCCESS) { if (!configuration->quiet) { pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2316: password could not be read")); sleep(configuration->err_display_time); } release_pkcs11_module(ph); pam_syslog(pamh, LOG_ERR, "pam_get_pwd() failed: %s", pam_strerror(pamh, rv)); return pkcs11_pam_fail; } #ifdef DEBUG_SHOW_PASSWORD DBG1("password = [%s]", password); #endif /* check password length */ if (!configuration->nullok && strlen(password) == 0) { release_pkcs11_module(ph); memset(password, 0, strlen(password)); free(password); pam_syslog(pamh, LOG_ERR, "password length is zero but the 'nullok' argument was not defined."); if (!configuration->quiet) { pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2318: Empty smartcard PIN not allowed.")); sleep(configuration->err_display_time); } return PAM_AUTH_ERR; } } else { pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Enter your %s PIN on the pinpad"), _(configuration->token_type)); /* use pin pad */ password = NULL; } /* call pkcs#11 login to ensure that the user is the real owner of the card * we need to do thise before get_certificate_list because some tokens * can not read their certificates until the token is authenticated */ rv = pkcs11_login(ph, password); /* erase and free in-memory password data asap */ if (password) { memset(password, 0, strlen(password)); free(password); } if (rv != 0) { ERR1("open_pkcs11_login() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "open_pkcs11_login() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2320: Wrong smartcard PIN")); sleep(configuration->err_display_time); } goto auth_failed_nopw; } } cert_list = get_certificate_list(ph, &ncert); if (rv<0) { ERR1("get_certificate_list() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "get_certificate_list() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2322: No certificate found")); sleep(configuration->err_display_time); } goto auth_failed_nopw; } /* load mapper modules */ load_mappers(configuration->ctx); /* find a valid and matching certificates */ for (i = 0; i < ncert; i++) { X509 *x509 = (X509 *)get_X509_certificate(cert_list[i]); if (!x509 ) continue; /* sanity check */ DBG1("verifying the certificate #%d", i + 1); if (!configuration->quiet) { pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("verifying certificate")); } /* verify certificate (date, signature, CRL, ...) */ rv = verify_certificate(x509,&configuration->policy); if (rv < 0) { ERR1("verify_certificate() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "verify_certificate() failed: %s", get_error()); switch (rv) { case -2: // X509_V_ERR_CERT_HAS_EXPIRED: pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2324: Certificate has expired")); break; case -3: // X509_V_ERR_CERT_NOT_YET_VALID: pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2326: Certificate not yet valid")); break; case -4: // X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2328: Certificate signature invalid")); break; default: pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2330: Certificate invalid")); break; } sleep(configuration->err_display_time); } goto auth_failed_nopw; } else if (rv != 1) { ERR1("verify_certificate() failed: %s", get_error()); continue; /* try next certificate */ } /* CA and CRL verified, now check/find user */ if ( is_spaced_str(user) ) { /* if provided user is null or empty extract and set user name from certificate */ DBG("Empty login: try to deduce from certificate"); user=find_user(x509); if (!user) { ERR2("find_user() failed: %s on cert #%d", get_error(),i+1); if (!configuration->quiet) pam_syslog(pamh, LOG_ERR, "find_user() failed: %s on cert #%d",get_error(),i+1); continue; /* try on next certificate */ } else { DBG1("certificate is valid and matches user %s",user); /* try to set up PAM user entry with evaluated value */ rv = pam_set_item(pamh, PAM_USER,(const void *)user); if (rv != PAM_SUCCESS) { ERR1("pam_set_item() failed %s", pam_strerror(pamh, rv)); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "pam_set_item() failed %s", pam_strerror(pamh, rv)); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2332: setting PAM userentry failed")); sleep(configuration->err_display_time); } goto auth_failed_nopw; } chosen_cert = cert_list[i]; break; /* end loop, as find user success */ } } else { /* User provided: check whether the certificate matches the user */ rv = match_user(x509, user); if (rv < 0) { /* match error; abort and return */ ERR1("match_user() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "match_user() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2334: No matching user")); sleep(configuration->err_display_time); } goto auth_failed_nopw; } else if (rv == 0) { /* match didn't success */ DBG("certificate is valid but does not match the user"); continue; /* try next certificate */ } else { /* match success */ DBG("certificate is valid and matches the user"); chosen_cert = cert_list[i]; break; } } /* if is_spaced string */ } /* for (i=0; iquiet) { pam_syslog(pamh, LOG_ERR, "no valid certificate which meets all requirements found"); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2336: No matching certificate found")); sleep(configuration->err_display_time); } goto auth_failed_nopw; } /* if signature check is enforced, generate random data, sign and verify */ if (configuration->policy.signature_policy) { pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Checking signature")); #ifdef notdef rv = get_private_key(ph); if (rv != 0) { ERR1("get_private_key() failed: %s", get_error()); if (!configuration->quiet) pam_syslog(pamh, LOG_ERR, "get_private_key() failed: %s", get_error()); goto auth_failed_nopw; } #endif /* read random value */ rv = get_random_value(random_value, sizeof(random_value)); if (rv != 0) { ERR1("get_random_value() failed: %s", get_error()); if (!configuration->quiet){ pam_syslog(pamh, LOG_ERR, "get_random_value() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2338: Getting random value failed")); sleep(configuration->err_display_time); } goto auth_failed_nopw; } /* sign random value */ signature = NULL; rv = sign_value(ph, chosen_cert, random_value, sizeof(random_value), &signature, &signature_length); if (rv != 0) { ERR1("sign_value() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "sign_value() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2340: Signing failed")); sleep(configuration->err_display_time); } goto auth_failed_nopw; } /* verify the signature */ DBG("verifying signature..."); rv = verify_signature((X509 *)get_X509_certificate(chosen_cert), random_value, sizeof(random_value), signature, signature_length); if (signature != NULL) { free(signature); } if (rv != 0) { close_pkcs11_session(ph); release_pkcs11_module(ph); ERR1("verify_signature() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "verify_signature() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2342: Verifying signature failed")); sleep(configuration->err_display_time); } return PAM_AUTH_ERR; } } else { DBG("Skipping signature check"); } /* * fill in the environment variables. */ snprintf(env_temp, sizeof(env_temp) - 1, "PKCS11_LOGIN_TOKEN_NAME=%.*s", (int)((sizeof(env_temp) - 1) - strlen("PKCS11_LOGIN_TOKEN_NAME=")), get_slot_tokenlabel(ph)); rv = pam_putenv(pamh, env_temp); if (rv != PAM_SUCCESS) { ERR1("could not put token name in environment: %s", pam_strerror(pamh, rv)); if (!configuration->quiet) pam_syslog(pamh, LOG_ERR, "could not put token name in environment: %s", pam_strerror(pamh, rv)); } issuer = cert_info((X509 *)get_X509_certificate(chosen_cert), CERT_ISSUER, ALGORITHM_NULL); if (issuer) { snprintf(env_temp, sizeof(env_temp) - 1, "PKCS11_LOGIN_CERT_ISSUER=%.*s", (int)((sizeof(env_temp) - 1) - strlen("PKCS11_LOGIN_CERT_ISSUER=")), issuer[0]); rv = pam_putenv(pamh, env_temp); } else { ERR("couldn't get certificate issuer."); if (!configuration->quiet) pam_syslog(pamh, LOG_ERR, "couldn't get certificate issuer."); } if (rv != PAM_SUCCESS) { ERR1("could not put cert issuer in environment: %s", pam_strerror(pamh, rv)); if (!configuration->quiet) pam_syslog(pamh, LOG_ERR, "could not put cert issuer in environment: %s", pam_strerror(pamh, rv)); } serial = cert_info((X509 *)get_X509_certificate(chosen_cert), CERT_SERIAL, ALGORITHM_NULL); if (serial) { snprintf(env_temp, sizeof(env_temp) - 1, "PKCS11_LOGIN_CERT_SERIAL=%.*s", (int)((sizeof(env_temp) - 1) - strlen("PKCS11_LOGIN_CERT_SERIAL=")), serial[0]); rv = pam_putenv(pamh, env_temp); } else { ERR("couldn't get certificate serial number."); if (!configuration->quiet) pam_syslog(pamh, LOG_ERR, "couldn't get certificate serial number."); } if (rv != PAM_SUCCESS) { ERR1("could not put cert serial in environment: %s", pam_strerror(pamh, rv)); if (!configuration->quiet) pam_syslog(pamh, LOG_ERR, "could not put cert serial in environment: %s", pam_strerror(pamh, rv)); } /* unload mapper modules */ unload_mappers(); /* close pkcs #11 session */ rv = close_pkcs11_session(ph); if (rv != 0) { release_pkcs11_module(ph); ERR1("close_pkcs11_session() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "close_pkcs11_module() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, ("Error 2344: Closing PKCS#11 session failed")); sleep(configuration->err_display_time); } return pkcs11_pam_fail; } /* release pkcs #11 module */ DBG("releasing pkcs #11 module..."); release_pkcs11_module(ph); DBG("authentication succeeded"); return PAM_SUCCESS; /* quick and dirty fail exit point */ memset(password, 0, strlen(password)); free(password); /* erase and free in-memory password data */ auth_failed_nopw: unload_mappers(); close_pkcs11_session(ph); release_pkcs11_module(ph); return pkcs11_pam_fail; } PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { DBG("pam_sm_setcred() called"); /* Actually, we should return the same value as pam_sm_authenticate(). */ return PAM_SUCCESS; } PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { ERR("Warning: Function pm_sm_acct_mgmt() is not implemented in this module"); pam_syslog(pamh, LOG_WARNING, "Function pm_sm_acct_mgmt() is not implemented in this module"); return PAM_SERVICE_ERR; } PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { ERR("Warning: Function pam_sm_open_session() is not implemented in this module"); pam_syslog(pamh, LOG_WARNING, "Function pm_sm_open_session() is not implemented in this module"); return PAM_SERVICE_ERR; } PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { ERR("Warning: Function pam_sm_close_session() is not implemented in this module"); pam_syslog(pamh, LOG_WARNING, "Function pm_sm_close_session() is not implemented in this module"); return PAM_SERVICE_ERR; } PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { char *login_token_name; ERR("Warning: Function pam_sm_chauthtok() is not implemented in this module"); pam_syslog(pamh, LOG_WARNING, "Function pam_sm_chauthtok() is not implemented in this module"); login_token_name = getenv("PKCS11_LOGIN_TOKEN_NAME"); if (login_token_name && (flags & PAM_PRELIM_CHECK)) { pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Cannot change the password on your smart card.")); } return PAM_SERVICE_ERR; } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_group_modstruct = { "pam_pkcs11", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok }; #endif pam_pkcs11-0.6.8/src/tools/0000755000175000017500000000000011740072425012416 500000000000000pam_pkcs11-0.6.8/src/tools/pkcs11_setup.c0000644000175000017500000003115711460625464015041 00000000000000/* * PKCS#11 Card viewer tool * Copyright (C) 2006 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * */ #define _GNU_SOURCE #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include #include #include #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strndup.h" #define PAM_PKCS11_CONF CONFDIR "/pam_pkcs11.conf" #define EVENTMGR_CONF CONFDIR "/pkcs11_eventmgr.conf" static const char Ins_action[] = "ins_action="; static const char Rm_action[] = "rm_action="; static const char Use_module[] = "use_module="; static const char List_modules[] = "list_modules"; enum params { INS_ACTION, RM_ACTION, USE_MODULE, LIST_MODULES }; static const char *param_names[] = { Ins_action, Rm_action, Use_module, List_modules }; static int pn_sizes[] = { sizeof(Ins_action), sizeof(Rm_action), sizeof(Use_module), sizeof(List_modules) }; #define NUM_PARAMS (sizeof(param_names)/sizeof(param_names[0])) static const char *scconf_replace_str(scconf_block * block, const char *option, const char *value) { scconf_list *list = NULL; scconf_item *item; scconf_list_add(&list, value); item = scconf_item_add(NULL, block, NULL, SCCONF_ITEM_TYPE_VALUE, option, list); /* now clear out the item list */ scconf_list_destroy(item->value.list); item->value.list = list; /* adopt */ return value; } static int scconf_replace_str_list(scconf_block * block, const char *option, const char *value) { scconf_list *list = NULL; scconf_item *item; char *lstitem = NULL; char *next; while (value != NULL) { if ((next=strchr(value, ',')) != NULL) { lstitem = strndup(value, next-value); next++; } else { lstitem = strdup(value); } if (lstitem == NULL) return 1; scconf_list_add(&list, lstitem); value = next; free(lstitem); } item = scconf_item_add(NULL, block, NULL, SCCONF_ITEM_TYPE_VALUE, option, list); /* now clear out the item list */ scconf_list_destroy(item->value.list); item->value.list = list; /* adopt */ return 0; } static int list_modules(void) { const scconf_block *pam_pkcs11; scconf_block **pkcs11_blocks; scconf_context *ctx = NULL; int i; int result = 1; /* * loop through looking for smart card entries */ ctx = scconf_new(PAM_PKCS11_CONF); if (ctx == NULL) { goto bail; } if (scconf_parse(ctx) <= 0 ) { goto bail; } pam_pkcs11 = scconf_find_block(ctx, NULL, "pam_pkcs11"); if (!pam_pkcs11) { goto bail; } pkcs11_blocks = scconf_find_blocks(ctx, pam_pkcs11, "pkcs11_module", NULL); if (!pkcs11_blocks) { goto bail; } /* list only those smart cards which are actually installed */ for (i=0; pkcs11_blocks[i]; i++) { void *libhandle; const char *path = scconf_get_str(pkcs11_blocks[i], "module", NULL); /* check to see if the module exists on the system */ if (!path || *path == 0) { continue; } /* verify the module exists */ if ((libhandle=dlopen(path, RTLD_LAZY)) != NULL) { dlclose(libhandle); if (pkcs11_blocks[i] && pkcs11_blocks[i]->name && pkcs11_blocks[i]->name->data) { printf("%s\n", pkcs11_blocks[i]->name->data); } } } result = 0; bail: if (ctx) { scconf_free(ctx); } return result; } static int print_default_module(void) { const scconf_block *pam_pkcs11; scconf_context *ctx = NULL; int result = 1; /* * read the base pam_pkcs11.conf */ ctx = scconf_new(PAM_PKCS11_CONF); if (ctx == NULL) { goto bail; } if (scconf_parse(ctx) <= 0) { goto bail; } pam_pkcs11 = scconf_find_block(ctx, NULL, "pam_pkcs11"); if (!pam_pkcs11) { goto bail; } printf("%s\n", scconf_get_str(pam_pkcs11, "use_pkcs11_module", "")); result = 0; bail: if (ctx) { scconf_free(ctx); } ctx = NULL; return result; } static int set_default_module(const char *mod) { scconf_block *pam_pkcs11, *pkcs11_eventmgr; scconf_block **modules = NULL; scconf_context *ctx = NULL; scconf_context *ectx = NULL; const char *lib = NULL; int result = 1; /* * write out pam_pkcs11.conf */ ctx = scconf_new(PAM_PKCS11_CONF); if (ctx == NULL) { goto bail; } if (scconf_parse(ctx) <= 0) { goto bail; } pam_pkcs11 = (scconf_block *)scconf_find_block(ctx, NULL, "pam_pkcs11"); if (!pam_pkcs11) { goto bail; } scconf_replace_str(pam_pkcs11, "use_pkcs11_module", mod); modules = scconf_find_blocks(ctx, pam_pkcs11, "pkcs11_module", mod); if (!modules || !modules[0]) { goto bail; } lib = scconf_get_str(modules[0], "module", NULL); if (!lib) { goto bail; } result = scconf_write(ctx, NULL); if (result != 0) { goto bail; } ectx = scconf_new(EVENTMGR_CONF); if (ectx == NULL) { goto bail; } if (scconf_parse(ectx) <= 0) { goto bail; } pkcs11_eventmgr = (scconf_block *) scconf_find_block(ectx, NULL, "pkcs11_eventmgr"); if (!pkcs11_eventmgr) { goto bail; } scconf_replace_str(pkcs11_eventmgr, "pkcs11_module", lib); result = scconf_write(ectx, NULL); bail: if (modules) { free(modules); } if (ctx) { scconf_free(ctx); } if (ectx) { scconf_free(ectx); } return result; } static int print_card_insert_action(void) { const scconf_block *pkcs11_eventmgr; scconf_block **event_blocks = NULL; scconf_context *ctx = NULL; const scconf_list *actionList = NULL; int result = 1; /* * read the pkcs11_eventmgr.conf to get our action */ ctx = scconf_new(EVENTMGR_CONF); if (ctx == NULL) { goto bail; } if (scconf_parse(ctx) <= 0) { goto bail; } pkcs11_eventmgr = scconf_find_block(ctx, NULL, "pkcs11_eventmgr"); if (!pkcs11_eventmgr) { goto bail; } event_blocks = scconf_find_blocks(ctx, pkcs11_eventmgr, "event", "card_insert"); if (!event_blocks || !event_blocks[0]) { goto bail; } actionList = scconf_find_list(event_blocks[0],"action"); if (actionList) { char *lst = scconf_list_strdup(actionList, "\n"); if (lst != NULL) { printf("%s\n", lst); free(lst); } } result = 0; bail: if (event_blocks) { free(event_blocks); } if (ctx) { scconf_free(ctx); } return result; } static int set_card_insert_action(const char *act) { scconf_block *pkcs11_eventmgr; scconf_block **insert_blocks = NULL; scconf_context *ctx = NULL; int result = 1; /* * write out pkcs11_eventmgr.conf */ ctx = scconf_new(EVENTMGR_CONF); if (ctx == NULL) { goto bail; } if (scconf_parse(ctx) <= 0) { goto bail; } pkcs11_eventmgr = (scconf_block *) scconf_find_block(ctx, NULL, "pkcs11_eventmgr"); if (!pkcs11_eventmgr) { goto bail; } insert_blocks = scconf_find_blocks(ctx, pkcs11_eventmgr, "event", "card_insert"); if (!insert_blocks || !insert_blocks[0]) { goto bail; } scconf_replace_str_list(insert_blocks[0], "action", act); result = scconf_write(ctx, NULL); bail: if (insert_blocks) { free(insert_blocks); } if (ctx) { scconf_free(ctx); } return result; } static int print_card_remove_action(void) { const scconf_block *pkcs11_eventmgr; scconf_block **event_blocks = NULL; scconf_context *ctx = NULL; const scconf_list *actionList = NULL; int result = 1; /* * read the pkcs11_eventmgr.conf to get our action */ ctx = scconf_new(EVENTMGR_CONF); if (ctx == NULL) { goto bail; } if (scconf_parse(ctx) <= 0) { goto bail; } pkcs11_eventmgr = scconf_find_block(ctx, NULL, "pkcs11_eventmgr"); if (!pkcs11_eventmgr) { goto bail; } event_blocks = scconf_find_blocks(ctx, pkcs11_eventmgr, "event", "card_remove"); if (!event_blocks || !event_blocks[0]) { goto bail; } actionList = scconf_find_list(event_blocks[0],"action"); if (actionList) { char *lst = scconf_list_strdup(actionList, "\n"); if (lst != NULL) { printf("%s\n", lst); free(lst); } } result = 0; bail: if (event_blocks) { free(event_blocks); } if (ctx) { scconf_free(ctx); } return result; } static int set_card_remove_action(const char *act) { scconf_block *pkcs11_eventmgr; scconf_block **insert_blocks = NULL; scconf_context *ctx = NULL; int result = 1; /* * write out pkcs11_eventmgr.conf */ ctx = scconf_new(EVENTMGR_CONF); if (ctx == NULL) { goto bail; } if (scconf_parse(ctx) <= 0) { goto bail; } pkcs11_eventmgr = (scconf_block *) scconf_find_block(ctx, NULL, "pkcs11_eventmgr"); if (!pkcs11_eventmgr) { goto bail; } insert_blocks = scconf_find_blocks(ctx, pkcs11_eventmgr, "event", "card_remove"); if (!insert_blocks || !insert_blocks[0]) { goto bail; } scconf_replace_str_list(insert_blocks[0], "action", act); result = scconf_write(ctx, NULL); bail: if (insert_blocks) { free(insert_blocks); } if (ctx) { scconf_free(ctx); } return result; } int main(int argc, const char **argv) { int i; unsigned int pname; const char *params[NUM_PARAMS]; memset(params, '\0', sizeof(params)); /* first of all check whether debugging should be enabled */ for (i = 0; i < argc; i++) if (strcmp("debug", argv[i]) == 0) { set_debug_level(1); } for (i = 1; i < argc; i++) { for (pname = 0; pname < NUM_PARAMS; pname++) { if (param_names[pname][pn_sizes[pname]-2] == '=') { if (strncmp(argv[i], param_names[pname], pn_sizes[pname]-1) == 0) { params[pname] = argv[i] + pn_sizes[pname] - 1; } else if (strncmp(argv[i], param_names[pname], pn_sizes[pname]-2) == 0 && argv[i][pn_sizes[pname]-2] == '\0') { params[pname] = (void *)1; } } else { if (strcmp(argv[i], param_names[pname]) == 0) { params[pname] = (void *)1; } } } } for (pname = 0; pname < NUM_PARAMS; pname++) { if (params[pname] != NULL) break; } if (pname == NUM_PARAMS) { DBG("No correct parameter specified"); printf("usage: pkcs11_setup [list_modules] [use_module[=]]\n" " [ins_action[=]]\n" " [rm_action[=]]\n"); } if (params[LIST_MODULES] != NULL) { DBG("List modules:"); return list_modules(); } else { if (params[USE_MODULE] == (void *)1) { DBG("Print default module:"); if ((i=print_default_module()) != 0) { ERR1("Print default module failed with: %d", i); return i; } return 0; } else if (params[USE_MODULE] != NULL) { DBG1("Set default module: %s", params[USE_MODULE]); if ((i=set_default_module(params[USE_MODULE])) != 0) { ERR1("Set default module failed with: %d", i); return i; } } if (params[INS_ACTION] == (void *)1) { DBG("Print card insert action:"); if ((i=print_card_insert_action()) != 0) { ERR1("Print card insert action failed with: %d", i); return i; } return 0; } else if (params[INS_ACTION] != NULL) { DBG1("Set card insert action: %s", params[INS_ACTION]); if ((i=set_card_insert_action(params[INS_ACTION])) != 0) { ERR1("Set card insert action failed with: %d", i); return i; } } if (params[RM_ACTION] == (void *)1) { DBG("Print card remove action:"); if ((i=print_card_remove_action()) != 0) { ERR1("Set card remove action failed with: %d", i); return i; } return 0; } else if (params[RM_ACTION] != NULL) { DBG1("Set card remove action: %s", params[RM_ACTION]); if ((i=set_card_remove_action(params[RM_ACTION])) != 0) { ERR1("Set card remove action failed with: %d", i); return i; } } } DBG("Process completed"); return 0; } pam_pkcs11-0.6.8/src/tools/pkcs11_listcerts.c0000644000175000017500000001136111617240513015700 00000000000000/* * PKCS#11 Card viewer tool * Copyright (C) 2005 Juan Antonio Martinez * Based on a previous work of Mario Strasser , * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id: pkcs11_listcerts.c 441 2010-08-12 21:45:03Z ludovic.rousseau $ */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/pkcs11_lib.h" #include "../common/cert_info.h" #include "../pam_pkcs11/pam_config.h" #include "../pam_pkcs11/mapper_mgr.h" int main(int argc, const char **argv) { int i, rv; int ncerts; unsigned int slot_num = 0; struct configuration_st *configuration; pkcs11_handle_t *ph; cert_object_t **certs; /* first of all check whether debugging should be enabled */ for (i = 0; i < argc; i++) if (strcmp("debug", argv[i]) == 0) { set_debug_level(1); } /* call configure routines */ configuration = pk_configure(argc - 1, argv + 1); if (!configuration ) { DBG("Error setting configuration parameters"); return 1; } if ((configuration->slot_description != NULL && configuration->slot_num != -1) || (configuration->slot_description == NULL && configuration->slot_num == -1)) { ERR("Error setting configuration parameters"); return 1; } /* init openssl */ rv = crypto_init(&configuration->policy); if (rv != 0) { DBG("Couldn't initialize crypto module "); return 1; } /* load pkcs #11 module */ DBG("loading pkcs #11 module..."); rv = load_pkcs11_module(configuration->pkcs11_modulepath, &ph); if (rv != 0) { DBG1("load_pkcs11_module() failed: %s", get_error()); return 1; } /* initialise pkcs #11 module */ DBG("initialising pkcs #11 module..."); rv = init_pkcs11_module(ph,configuration->support_threads); if (rv != 0) { release_pkcs11_module(ph); DBG1("init_pkcs11_module() failed: %s", get_error()); return 1; } /* open pkcs #11 session */ if (configuration->slot_description != NULL) { rv = find_slot_by_slotlabel(ph,configuration->slot_description, &slot_num); } else { rv = find_slot_by_number(ph,configuration->slot_num, &slot_num); } if (rv != 0) { release_pkcs11_module(ph); DBG("no token available"); return 1; } rv = open_pkcs11_session(ph, slot_num); if (rv != 0) { release_pkcs11_module(ph); DBG1("open_pkcs11_session() failed: %s", get_error()); return 1; } /* do login */ rv = pkcs11_pass_login(ph,configuration->nullok); if (rv<0){ DBG1("Login failed: %s",get_error()); return 4; } /* get certificate list */ certs = get_certificate_list(ph, &ncerts); if (certs == NULL) { close_pkcs11_session(ph); release_pkcs11_module(ph); DBG1("get_certificates() failed: %s", get_error()); return 3; } /* print some info on found certificates */ printf("Found '%d' certificate(s)\n", ncerts); for(i =0; i< ncerts;i++) { char **name; X509 *cert=get_X509_certificate(certs[i]); printf("Certificate #%d:\n", i+1); name = cert_info(cert, CERT_SUBJECT, ALGORITHM_NULL); printf("- Subject: %s\n", name[0]); free(name[0]); name = cert_info(cert, CERT_ISSUER, ALGORITHM_NULL); printf("- Issuer: %s\n", name[0]); free(name[0]); name = cert_info(cert, CERT_KEY_ALG, ALGORITHM_NULL); printf("- Algorithm: %s\n", name[0]); free(name[0]); rv = verify_certificate(cert,&configuration->policy); if (rv < 0) { printf("verify_certificate() process error: %s\n", get_error()); goto auth_failed; } else if (rv != 1) { printf("verify_certificate() failed: %s\n", get_error()); continue; /* try next certificate */ } rv = get_private_key(ph, certs[i]); if (rv<0) { printf("Certificate '%d'does not have associated private key\n",i+1); } } /* for */ /* close pkcs #11 session */ rv = close_pkcs11_session(ph); if (rv != 0) { release_pkcs11_module(ph); DBG1("close_pkcs11_session() failed: %s", get_error()); return 4; } /* release pkcs #11 module */ DBG("releasing pkcs #11 module..."); release_pkcs11_module(ph); DBG("Process completed"); return 0; auth_failed: close_pkcs11_session(ph); release_pkcs11_module(ph); return 5; } pam_pkcs11-0.6.8/src/tools/Makefile.am0000644000175000017500000000216611472002723014373 00000000000000# Process this file with automake to create Makefile.in MAINTAINERCLEANFILES = Makefile.in INCLUDES = $(PCSC_CFLAGS) $(CRYPTO_CFLAGS) AM_LDFLAGS = $(PCSC_LIBS) if HAVE_PCSC bin_PROGRAMS = card_eventmgr pkcs11_eventmgr pklogin_finder pkcs11_inspect pkcs11_listcerts pkcs11_setup card_eventmgr_SOURCES = card_eventmgr.c daemon.c card_eventmgr_LDADD = ../scconf/libscconf.la ../common/libcommon.la else bin_PROGRAMS = pkcs11_eventmgr pklogin_finder pkcs11_inspect pkcs11_listcerts pkcs11_setup endif pklogin_finder_SOURCES = pklogin_finder.c pklogin_finder_LDADD = ../pam_pkcs11/libfinder.la ../mappers/libmappers.la pkcs11_listcerts_SOURCES = pkcs11_listcerts.c pkcs11_listcerts_LDADD = ../pam_pkcs11/libfinder.la ../scconf/libscconf.la ../common/libcommon.la $(OPENSSL_LIBS) pkcs11_eventmgr_SOURCES = pkcs11_eventmgr.c daemon.c pkcs11_eventmgr_LDADD = ../scconf/libscconf.la ../common/libcommon.la $(CRYPTO_LIBS) pkcs11_inspect_SOURCES = pkcs11_inspect.c pkcs11_inspect_LDADD = ../pam_pkcs11/libfinder.la ../mappers/libmappers.la pkcs11_setup_SOURCES = pkcs11_setup.c pkcs11_setup_LDADD = ../scconf/libscconf.la ../common/libcommon.la pam_pkcs11-0.6.8/src/tools/Makefile.in0000644000175000017500000005526611740072345014422 00000000000000# Makefile.in generated by automake 1.11.3 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Process this file with automake to create Makefile.in VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ @HAVE_PCSC_FALSE@bin_PROGRAMS = pkcs11_eventmgr$(EXEEXT) \ @HAVE_PCSC_FALSE@ pklogin_finder$(EXEEXT) \ @HAVE_PCSC_FALSE@ pkcs11_inspect$(EXEEXT) \ @HAVE_PCSC_FALSE@ pkcs11_listcerts$(EXEEXT) \ @HAVE_PCSC_FALSE@ pkcs11_setup$(EXEEXT) @HAVE_PCSC_TRUE@bin_PROGRAMS = card_eventmgr$(EXEEXT) \ @HAVE_PCSC_TRUE@ pkcs11_eventmgr$(EXEEXT) \ @HAVE_PCSC_TRUE@ pklogin_finder$(EXEEXT) \ @HAVE_PCSC_TRUE@ pkcs11_inspect$(EXEEXT) \ @HAVE_PCSC_TRUE@ pkcs11_listcerts$(EXEEXT) \ @HAVE_PCSC_TRUE@ pkcs11_setup$(EXEEXT) subdir = src/tools DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/aclocal/acx_pthread.m4 \ $(top_srcdir)/aclocal/gettext.m4 \ $(top_srcdir)/aclocal/iconv.m4 $(top_srcdir)/aclocal/lib-ld.m4 \ $(top_srcdir)/aclocal/lib-link.m4 \ $(top_srcdir)/aclocal/lib-prefix.m4 \ $(top_srcdir)/aclocal/libtool.m4 \ $(top_srcdir)/aclocal/ltoptions.m4 \ $(top_srcdir)/aclocal/ltsugar.m4 \ $(top_srcdir)/aclocal/ltversion.m4 \ $(top_srcdir)/aclocal/lt~obsolete.m4 \ $(top_srcdir)/aclocal/nls.m4 $(top_srcdir)/aclocal/po.m4 \ $(top_srcdir)/aclocal/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" PROGRAMS = $(bin_PROGRAMS) am__card_eventmgr_SOURCES_DIST = card_eventmgr.c daemon.c @HAVE_PCSC_TRUE@am_card_eventmgr_OBJECTS = card_eventmgr.$(OBJEXT) \ @HAVE_PCSC_TRUE@ daemon.$(OBJEXT) card_eventmgr_OBJECTS = $(am_card_eventmgr_OBJECTS) @HAVE_PCSC_TRUE@card_eventmgr_DEPENDENCIES = ../scconf/libscconf.la \ @HAVE_PCSC_TRUE@ ../common/libcommon.la AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am_pkcs11_eventmgr_OBJECTS = pkcs11_eventmgr.$(OBJEXT) \ daemon.$(OBJEXT) pkcs11_eventmgr_OBJECTS = $(am_pkcs11_eventmgr_OBJECTS) am__DEPENDENCIES_1 = pkcs11_eventmgr_DEPENDENCIES = ../scconf/libscconf.la \ ../common/libcommon.la $(am__DEPENDENCIES_1) am_pkcs11_inspect_OBJECTS = pkcs11_inspect.$(OBJEXT) pkcs11_inspect_OBJECTS = $(am_pkcs11_inspect_OBJECTS) pkcs11_inspect_DEPENDENCIES = ../pam_pkcs11/libfinder.la \ ../mappers/libmappers.la am_pkcs11_listcerts_OBJECTS = pkcs11_listcerts.$(OBJEXT) pkcs11_listcerts_OBJECTS = $(am_pkcs11_listcerts_OBJECTS) pkcs11_listcerts_DEPENDENCIES = ../pam_pkcs11/libfinder.la \ ../scconf/libscconf.la ../common/libcommon.la \ $(am__DEPENDENCIES_1) am_pkcs11_setup_OBJECTS = pkcs11_setup.$(OBJEXT) pkcs11_setup_OBJECTS = $(am_pkcs11_setup_OBJECTS) pkcs11_setup_DEPENDENCIES = ../scconf/libscconf.la \ ../common/libcommon.la am_pklogin_finder_OBJECTS = pklogin_finder.$(OBJEXT) pklogin_finder_OBJECTS = $(am_pklogin_finder_OBJECTS) pklogin_finder_DEPENDENCIES = ../pam_pkcs11/libfinder.la \ ../mappers/libmappers.la DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) am__v_CC_0 = @echo " CC " $@; AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; SOURCES = $(card_eventmgr_SOURCES) $(pkcs11_eventmgr_SOURCES) \ $(pkcs11_inspect_SOURCES) $(pkcs11_listcerts_SOURCES) \ $(pkcs11_setup_SOURCES) $(pklogin_finder_SOURCES) DIST_SOURCES = $(am__card_eventmgr_SOURCES_DIST) \ $(pkcs11_eventmgr_SOURCES) $(pkcs11_inspect_SOURCES) \ $(pkcs11_listcerts_SOURCES) $(pkcs11_setup_SOURCES) \ $(pklogin_finder_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ CRYPTO_LIBS = @CRYPTO_LIBS@ CURL_CFLAGS = @CURL_CFLAGS@ CURL_LIBS = @CURL_LIBS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDAP_CFLAGS = @LDAP_CFLAGS@ LDAP_LIBS = @LDAP_LIBS@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NM = @NM@ NMEDIT = @NMEDIT@ NSS_CFLAGS = @NSS_CFLAGS@ NSS_LIBS = @NSS_LIBS@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ POSUB = @POSUB@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ MAINTAINERCLEANFILES = Makefile.in INCLUDES = $(PCSC_CFLAGS) $(CRYPTO_CFLAGS) AM_LDFLAGS = $(PCSC_LIBS) @HAVE_PCSC_TRUE@card_eventmgr_SOURCES = card_eventmgr.c daemon.c @HAVE_PCSC_TRUE@card_eventmgr_LDADD = ../scconf/libscconf.la ../common/libcommon.la pklogin_finder_SOURCES = pklogin_finder.c pklogin_finder_LDADD = ../pam_pkcs11/libfinder.la ../mappers/libmappers.la pkcs11_listcerts_SOURCES = pkcs11_listcerts.c pkcs11_listcerts_LDADD = ../pam_pkcs11/libfinder.la ../scconf/libscconf.la ../common/libcommon.la $(OPENSSL_LIBS) pkcs11_eventmgr_SOURCES = pkcs11_eventmgr.c daemon.c pkcs11_eventmgr_LDADD = ../scconf/libscconf.la ../common/libcommon.la $(CRYPTO_LIBS) pkcs11_inspect_SOURCES = pkcs11_inspect.c pkcs11_inspect_LDADD = ../pam_pkcs11/libfinder.la ../mappers/libmappers.la pkcs11_setup_SOURCES = pkcs11_setup.c pkcs11_setup_LDADD = ../scconf/libscconf.la ../common/libcommon.la all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/tools/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/tools/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p || test -f $$p1; \ then echo "$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) files[d] = files[d] " " $$1; \ else { print "f", $$3 "/" $$4, $$1; } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ } \ ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -e 's/$$/$(EXEEXT)/' `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list card_eventmgr$(EXEEXT): $(card_eventmgr_OBJECTS) $(card_eventmgr_DEPENDENCIES) $(EXTRA_card_eventmgr_DEPENDENCIES) @rm -f card_eventmgr$(EXEEXT) $(AM_V_CCLD)$(LINK) $(card_eventmgr_OBJECTS) $(card_eventmgr_LDADD) $(LIBS) pkcs11_eventmgr$(EXEEXT): $(pkcs11_eventmgr_OBJECTS) $(pkcs11_eventmgr_DEPENDENCIES) $(EXTRA_pkcs11_eventmgr_DEPENDENCIES) @rm -f pkcs11_eventmgr$(EXEEXT) $(AM_V_CCLD)$(LINK) $(pkcs11_eventmgr_OBJECTS) $(pkcs11_eventmgr_LDADD) $(LIBS) pkcs11_inspect$(EXEEXT): $(pkcs11_inspect_OBJECTS) $(pkcs11_inspect_DEPENDENCIES) $(EXTRA_pkcs11_inspect_DEPENDENCIES) @rm -f pkcs11_inspect$(EXEEXT) $(AM_V_CCLD)$(LINK) $(pkcs11_inspect_OBJECTS) $(pkcs11_inspect_LDADD) $(LIBS) pkcs11_listcerts$(EXEEXT): $(pkcs11_listcerts_OBJECTS) $(pkcs11_listcerts_DEPENDENCIES) $(EXTRA_pkcs11_listcerts_DEPENDENCIES) @rm -f pkcs11_listcerts$(EXEEXT) $(AM_V_CCLD)$(LINK) $(pkcs11_listcerts_OBJECTS) $(pkcs11_listcerts_LDADD) $(LIBS) pkcs11_setup$(EXEEXT): $(pkcs11_setup_OBJECTS) $(pkcs11_setup_DEPENDENCIES) $(EXTRA_pkcs11_setup_DEPENDENCIES) @rm -f pkcs11_setup$(EXEEXT) $(AM_V_CCLD)$(LINK) $(pkcs11_setup_OBJECTS) $(pkcs11_setup_LDADD) $(LIBS) pklogin_finder$(EXEEXT): $(pklogin_finder_OBJECTS) $(pklogin_finder_DEPENDENCIES) $(EXTRA_pklogin_finder_DEPENDENCIES) @rm -f pklogin_finder$(EXEEXT) $(AM_V_CCLD)$(LINK) $(pklogin_finder_OBJECTS) $(pklogin_finder_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card_eventmgr.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/daemon.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_eventmgr.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_inspect.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_listcerts.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_setup.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pklogin_finder.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(PROGRAMS) installdirs: for dir in "$(DESTDIR)$(bindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-binPROGRAMS install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-binPROGRAMS .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \ clean-generic clean-libtool ctags distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am html html-am info info-am install install-am \ install-binPROGRAMS install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags uninstall uninstall-am \ uninstall-binPROGRAMS # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam_pkcs11-0.6.8/src/tools/pklogin_finder.c0000644000175000017500000001157511737646471015523 00000000000000/* * PKCS#11 Login Finder tool * Copyright (C) 2005 Juan Antonio Martinez * Based on a previous work of Mario Strasser , * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id: pklogin_finder.c 503 2011-10-18 11:50:10Z ludovic.rousseau $ */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/pkcs11_lib.h" #include "../common/cert_vfy.h" #include "../pam_pkcs11/pam_config.h" #include "../pam_pkcs11/mapper_mgr.h" int main(int argc, const char **argv) { int i, rv; char *user = NULL; pkcs11_handle_t *ph; struct configuration_st *configuration; cert_object_t **certs; int cert_count; unsigned int slot_num = 0; /* first of all check whether debugging should be enabled */ for (i = 0; i < argc; i++) if (strcmp("debug", argv[i]) == 0) { set_debug_level(1); } /* call configure routines */ configuration = pk_configure(argc - 1, argv + 1); if (!configuration ) { DBG("Error setting configuration parameters"); return 1; } if ((configuration->slot_description != NULL && configuration->slot_num != -1) || (configuration->slot_description == NULL && configuration->slot_num == -1)) { ERR("Error setting configuration parameters"); return 1; } /* init openssl */ rv = crypto_init(&configuration->policy); if (rv != 0) { DBG("Couldn't initialize crypto module "); return 1; } /* load pkcs #11 module */ DBG("loading pkcs #11 module..."); rv = load_pkcs11_module(configuration->pkcs11_modulepath, &ph); if (rv != 0) { DBG1("load_pkcs11_module() failed: %s", get_error()); return 1; } /* initialise pkcs #11 module */ DBG("initialising pkcs #11 module..."); rv = init_pkcs11_module(ph,configuration->support_threads); if (rv != 0) { release_pkcs11_module(ph); DBG1("init_pkcs11_module() failed: %s", get_error()); return 1; } /* open pkcs #11 session */ if (configuration->slot_description != NULL) { rv = find_slot_by_slotlabel(ph,configuration->slot_description, &slot_num); } else { rv = find_slot_by_number(ph,configuration->slot_num, &slot_num); } if (rv != 0) { release_pkcs11_module(ph); DBG("no token available"); return 1; } rv = open_pkcs11_session(ph, slot_num); if (rv != 0) { release_pkcs11_module(ph); DBG1("open_pkcs11_session() failed: %s", get_error()); return 1; } #ifdef HAVE_NSS /* not really needed, but... */ rv = pkcs11_pass_login(ph,configuration->nullok); if (rv != 0) { DBG1("pkcs11_pass_login() failed: %s", get_error()); return 2; } #endif /* get certificate list */ certs = get_certificate_list(ph, &cert_count); if (certs == NULL) { close_pkcs11_session(ph); release_pkcs11_module(ph); DBG1("get_certificate_list() failed: %s", get_error()); return 3; } /* load mapper modules */ load_mappers(configuration->ctx); /* find a valid and matching certificates */ DBG1("Found '%d' certificate(s)", cert_count); for (i = 0; i < cert_count; i++) { X509 *x509 = get_X509_certificate(certs[i]); if (x509 != NULL) { DBG1("verifying the certificate #%d", i + 1); /* verify certificate (date, signature, CRL, ...) */ rv = verify_certificate(x509,&configuration->policy); if (rv < 0) { close_pkcs11_session(ph); release_pkcs11_module(ph); unload_mappers(); DBG1("verify_certificate() failed: %s", get_error()); return 1; } else if (rv != 1) { DBG1("verify_certificate() failed: %s", get_error()); continue; } DBG("Trying to deduce login from certificate"); user=find_user(x509); if (!user) { DBG2("find_user() failed for certificate #%d: %s", i + 1, get_error()); continue; /* with next certificate */ } else { DBG1("Certificate is valid and maps to user %s",user); printf("%s\n",user); break; } } } unload_mappers(); /* no longer needed */ /* close pkcs #11 session */ rv = close_pkcs11_session(ph); if (rv != 0) { release_pkcs11_module(ph); DBG1("close_pkcs11_session() failed: %s", get_error()); return 1; } /* release pkcs #11 module */ DBG("releasing pkcs #11 module..."); release_pkcs11_module(ph); DBG("Process completed"); return (!user)? 1:0; } pam_pkcs11-0.6.8/src/tools/daemon.c0000644000175000017500000000461211472002723013744 00000000000000/* $OpenBSD: daemon.c,v 1.6 2005/08/08 08:05:33 espie Exp $ */ /*- * Copyright (c) 1990, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* OPENBSD ORIGINAL: lib/libc/gen/daemon.c */ #include "config.h" #ifndef HAVE_DAEMON #include #ifdef HAVE_SYS_STAT_H # include #endif #ifdef HAVE_FCNTL_H # include #endif #ifdef HAVE_UNISTD_H # include #endif #ifndef _PATH_DEVNULL # define _PATH_DEVNULL "/dev/null" #endif int daemon(int nochdir, int noclose) { int fd; switch (fork()) { case -1: return (-1); case 0: break; default: _exit(0); } if (setsid() == -1) return (-1); if (!nochdir) (void)chdir("/"); if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { (void)dup2(fd, STDIN_FILENO); (void)dup2(fd, STDOUT_FILENO); (void)dup2(fd, STDERR_FILENO); if (fd > 2) (void)close (fd); } return (0); } #endif /* !HAVE_DAEMON */ pam_pkcs11-0.6.8/src/tools/pkcs11_inspect.c0000644000175000017500000001117611737646471015355 00000000000000/* * PKCS#11 Card viewer tool * Copyright (C) 2005 Juan Antonio Martinez * Based on a previous work of Mario Strasser , * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id: pkcs11_inspect.c 503 2011-10-18 11:50:10Z ludovic.rousseau $ */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/pkcs11_lib.h" #include "../common/cert_vfy.h" #include "../pam_pkcs11/pam_config.h" #include "../pam_pkcs11/mapper_mgr.h" int main(int argc, const char **argv) { int i, rv; pkcs11_handle_t *ph; struct configuration_st *configuration; unsigned int slot_num = 0; cert_object_t **certs; int cert_count; /* first of all check whether debugging should be enabled */ for (i = 0; i < argc; i++) if (strcmp("debug", argv[i]) == 0) { set_debug_level(1); } /* call configure routines */ configuration = pk_configure(argc - 1, argv + 1); if (!configuration ) { ERR("Error setting configuration parameters"); return 1; } if ((configuration->slot_description != NULL && configuration->slot_num != -1) || (configuration->slot_description == NULL && configuration->slot_num == -1)) { ERR("Error setting configuration parameters"); return 1; } /* init openssl */ rv = crypto_init(&configuration->policy); if (rv != 0) { DBG1("crypto_init() failed: %s", get_error()); return 1; } /* load pkcs #11 module */ DBG("loading pkcs #11 module..."); rv = load_pkcs11_module(configuration->pkcs11_modulepath, &ph); if (rv != 0) { ERR2("load_pkcs11_module(%s) failed: %s", configuration->pkcs11_modulepath, get_error()); return 1; } /* initialise pkcs #11 module */ DBG("initialising pkcs #11 module..."); rv = init_pkcs11_module(ph,configuration->support_threads); if (rv != 0) { release_pkcs11_module(ph); DBG1("init_pkcs11_module() failed: %s", get_error()); return 1; } /* open pkcs #11 session */ if (configuration->slot_description != NULL) { rv = find_slot_by_slotlabel(ph, configuration->slot_description, &slot_num); } else { rv = find_slot_by_number(ph, configuration->slot_num, &slot_num); } if (rv != 0) { release_pkcs11_module(ph); DBG("no token available"); return 1; } rv = open_pkcs11_session(ph, slot_num); if (rv != 0) { release_pkcs11_module(ph); ERR1("open_pkcs11_session() failed: %s", get_error()); return 1; } /* not really needed, but.... */ rv = pkcs11_pass_login(ph,configuration->nullok); if (rv != 0) { ERR1("pkcs11_pass_login() failed: %s", get_error()); return 2; } /* get certificate list (cert space is owned by ph) */ certs = get_certificate_list(ph, &cert_count); if (certs == NULL) { close_pkcs11_session(ph); release_pkcs11_module(ph); ERR1("get_certificates() failed: %s", get_error()); return 3; } /* load mapper modules */ load_mappers(configuration->ctx); /* find valid certificates and look for contents */ DBG1("Found '%d' certificate(s)", cert_count); for (i = 0; i < cert_count; i++) { X509 *x509 = get_X509_certificate(certs[i]); if (x509 != NULL) { DBG1("verifying the certificate #%d", i + 1); /* verify certificate (date, signature, CRL, ...) */ rv = verify_certificate(x509, &configuration->policy); if (rv < 0) { close_pkcs11_session(ph); release_pkcs11_module(ph); unload_mappers(); ERR1("verify_certificate() failed: %s", get_error()); return 1; } else if (rv != 1) { ERR1("verify_certificate() failed: %s", get_error()); continue; } DBG1("Inspecting certificate #%d",i+1); inspect_certificate(x509); } } /* unload mappers */ unload_mappers(); /* close pkcs #11 session */ rv = close_pkcs11_session(ph); if (rv != 0) { release_pkcs11_module(ph); ERR1("close_pkcs11_session() failed: %s", get_error()); return 1; } /* release pkcs #11 module */ DBG("releasing pkcs #11 module..."); release_pkcs11_module(ph); DBG("Process completed"); return 0; } pam_pkcs11-0.6.8/src/tools/pkcs11_eventmgr.c0000644000175000017500000004063611606043640015522 00000000000000/* Generate events on card status change Copyrigt (C) 2005 Juan Antonio Martinez This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include #include #include "config.h" #include "../scconf/scconf.h" #include "../common/pkcs11_lib.h" #include "../common/debug.h" #include "../common/error.h" #ifdef HAVE_NSS #include #include #include #endif #ifndef HAVE_DAEMON int daemon(int nochdir, int noclose); #endif #define DEF_POLLING 1 /* 1 second timeout */ #define DEF_EXPIRE 0 /* no expire */ #define DEF_PKCS11_MODULE "/usr/lib/opensc-pkcs11.so" #define DEF_CONFIG_FILE CONFDIR "/pkcs11_eventmgr.conf" #define ONERROR_IGNORE 0 #define ONERROR_RETURN 1 #define ONERROR_QUIT 2 #define CARD_PRESENT 1 #define CARD_NOT_PRESENT 0 #define CARD_ERROR -1 int polling_time; int expire_time; int daemonize; int debug; const char *cfgfile; char *pkcs11_module = NULL; #ifdef HAVE_NSS char *nss_dir = NULL; #endif scconf_context *ctx; const scconf_block *root; #ifdef HAVE_NSS SECMODModule *module; #else #include "../common/rsaref/pkcs11.h" pkcs11_handle_t *ph; typedef struct slot_st slot_t; /* The direct calls should be abstracted, for now "expose" the pkcs11_handle_t */ struct pkcs11_handle_str { void *module_handle; CK_FUNCTION_LIST_PTR fl; int should_finalize; slot_t *slots; CK_ULONG slot_count; CK_SESSION_HANDLE session; cert_object_t *keys; int key_count; int current_slot; }; #endif static void thats_all_folks(void) { int rv; DBG("Exitting"); #ifdef HAVE_NSS if (module) { SECMOD_DestroyModule(module); } rv = NSS_Shutdown(); if (rv != SECSuccess) { DBG("NSS Shutdown failed"); return; } #else /* close pkcs #11 session */ rv = close_pkcs11_session(ph); if (rv != 0) { release_pkcs11_module(ph); DBG1("close_pkcs11_session() failed: %s", get_error()); return; } /* release pkcs #11 module */ DBG("releasing pkcs #11 module..."); release_pkcs11_module(ph); #endif return; } extern char **environ; static int my_system(char *command) { int pid, status; if (!command) return 1; pid = fork(); if (pid == -1) return -1; if (pid == 0) { char *argv[4]; argv[0] = "/bin/sh"; argv[1] = "-c"; argv[2] = command; argv[3] = 0; execve("/bin/sh", argv, environ); exit(127); } do { if (waitpid(pid, &status, 0) == -1) { if (errno != EINTR) return -1; } else return status; } while(1); } static int execute_event (const char *action) { int onerr; const char *onerrorstr; const scconf_list *actionlist; scconf_block **blocklist, *myblock; blocklist = scconf_find_blocks(ctx,root,"event",action); if (!blocklist) { DBG("Event block list not found"); return -1; } myblock=blocklist[0]; free(blocklist); if (!myblock) { DBG1("Event item not found: '%s'",action); return -1; } onerrorstr = scconf_get_str(myblock,"on_error","ignore"); if(!strcmp(onerrorstr,"ignore")) onerr = ONERROR_IGNORE; else if(!strcmp(onerrorstr,"return")) onerr = ONERROR_RETURN; else if(!strcmp(onerrorstr,"quit")) onerr = ONERROR_QUIT; else { onerr = ONERROR_IGNORE; DBG1("Invalid onerror value: '%s'. Assumed 'ignore'",onerrorstr); } /* search actions */ actionlist = scconf_find_list(myblock,"action"); if (!actionlist) { DBG1("No action list for event '%s'",action); return 0; } DBG1("Onerror is set to: '%s'",onerrorstr); while (actionlist) { int res; char *action_cmd= actionlist->data; DBG1("Executiong action: '%s'",action_cmd); /* there are some security issues on using system() in setuid/setgid programs. so we will use an alternate function */ /* res=system(action_cmd); */ res = my_system(action_cmd); actionlist=actionlist->next; /* evaluate return and take care on "onerror" value */ DBG2("Action '%s' returns %d",action_cmd, res); if (!res) continue; switch(onerr) { case ONERROR_IGNORE: continue; case ONERROR_RETURN: return 0; case ONERROR_QUIT: thats_all_folks(); exit(0); default: DBG("Invalid onerror value"); return -1; } } return 0; } static int parse_config_file(void) { ctx = scconf_new(cfgfile); if (!ctx) { DBG("Error creating conf context"); return -1; } if ( scconf_parse(ctx) <=0 ) { DBG1("Error parsing file '%s'",cfgfile); return -1; } /* now parse options */ root = scconf_find_block(ctx, NULL, "pkcs11_eventmgr"); if (!root) { DBG1("pkcs11_eventmgr block not found in config: '%s'",cfgfile); return -1; } debug = scconf_get_bool(root,"debug",debug); daemonize = scconf_get_bool(root,"daemon",daemonize); polling_time = scconf_get_int(root,"polling_time",polling_time); expire_time = scconf_get_int(root,"expire_time",expire_time); pkcs11_module = (char *) scconf_get_str(root,"pkcs11_module",pkcs11_module); #ifdef HAVE_NSS nss_dir = (char *) scconf_get_str(root,"nss_dir",nss_dir); #endif if (debug) set_debug_level(1); return 0; } static int parse_args(int argc, char *argv[]) { int i; polling_time = DEF_POLLING; expire_time = DEF_EXPIRE; debug = 0; daemonize = 0; cfgfile = DEF_CONFIG_FILE; /* first of all check whether debugging should be enabled */ for (i = 0; i < argc; i++) { if (! strcmp("debug", argv[i])) set_debug_level(1); } /* try to find a configuration file entry */ for (i = 0; i < argc; i++) { if (strstr(argv[i],"config_file=") ) { cfgfile=1+strchr(argv[i],'='); break; } } /* parse configuration file */ if ( parse_config_file()<0) { fprintf(stderr,"Error parsing configuration file %s\n",cfgfile); exit(-1); } /* and now re-parse command line to take precedence over cfgfile */ for (i = 1; i < argc; i++) { if (strcmp("daemon", argv[i]) == 0) { daemonize=1; continue; } if (strcmp("nodaemon", argv[i]) == 0) { daemonize=0; continue; } if (strstr(argv[i],"polling_time=") ) { sscanf(argv[i],"polling_time=%d",&polling_time); continue; } if (strstr(argv[i],"expire_time=") ) { sscanf(argv[i],"expire_time=%d",&expire_time); continue; } if (strstr(argv[i],"pkcs11_module=") ) { pkcs11_module=1+strchr(argv[i],'='); continue; } #ifdef HAVE_NSS if (strstr(argv[i],"nss_dir=") ) { nss_dir=1+strchr(argv[i],'='); continue; } #endif if (strstr(argv[i],"debug") ) { continue; /* already parsed: skip */ } if (strstr(argv[i],"nodebug") ) { set_debug_level(0); continue; /* already parsed: skip */ } if (strstr(argv[i],"config_file=") ) { continue; /* already parsed: skip */ } fprintf(stderr,"unknown option %s\n",argv[i]); /* arriving here means syntax error */ fprintf(stderr,"PKCS#11 Event Manager\n\n"); fprintf(stderr,"Usage %s [[no]debug] [[no]daemon] [polling_time=