pam_pkcs11-0.6.9/0000755000175000017500000000000012772727123013775 5ustar rousseaurousseaupam_pkcs11-0.6.9/ChangeLog0000644000175000017500000001366112074274512015550 0ustar rousseaurousseau08- Sep 2005 - Fixes to pam_pkcs11.spec 07- Sep 2005 - Conditional compilation of pcsc-lite, curl and ldap dependent modules - Added LDAP mapper. Thanks to Dominik Fisher - TODO roadmap updated 06- Sep 2005 - Add new OpenSSH mapper. Thanks again Andreas for pam_openssh module 03- Sep 2005 - Add base64 encoding functions 02- Sep 2005 - Make source doxygen friendly 01- Sep 2005 - Finished OpenSC mapper. Thanks to Andreas for their pam_opensc module - New .spec file - Cleanning tasks to prepare next release 31- Aug 2005 - Include HOWTO in Pam-pkcs11 manual - Several fixes in src/mappers/Makefile.am to properly manage libraries 30- Aug 2005 - Allow static mapper to be instantiated with defaults if no configuration block defined - Documentation updates - Make pam_pkcs11.so to be installed at /lib/security - Debugging improvements 29- Aug 2005 - Mappers can be now statically linked - Added Mapper API documentation - Moved most of mappers to be static 28- Aug 2005 - Documentation Updates - Created libmapper - pam_sm_authenticate fail on xdmcp remote users 05- Jul 2005 - Many improvements to code by Ludovic Rousseau - Configure.in library checks improvements - Do not compile card-eventmgr if pcsc is not installed 09- Jun 2005 - Preliminary works on OpenSC mapper 06- Jun 2005 - Added openssh mapper - Now pam_pkcs11 generates PEM data for cert and pubk - Many bugfixes 14- Apr 2005 - finish coding of generic_maper - Move common code of pwent_mapper to mapper.c and mapper.h - Fix MAINTAINERCLEAN entries in some Makefile.am files 11- Apr 2005 - Change package name to pam-pkcs11 - Change directory names according with package name - Rewrite pwent mapper to use cert_info library 08- Apr 2005 - Some typos in some messages - Make sources more "gcc -pedantic" friendly. - Changes in DBG(X) macros, to be C99 compliant 07- Apr 2005 - pkcs11_login-0.5.1 is out - Fix configure.in AM_MAINTAINER_MODE - Makefile fixes - Fix some typos and sample files 04- Apr 2005 - Tarball moved to OpenSC Project web pages 02- Apr 2005 - pkcs11_login-0.5 is out - Mail mapper rewritten to use cert_info lib - First works on mapper api: . create structs and macros in mapper.h . rewrite mappers to initialize mapper_module_st entries - Published roadmap to 1.0 version. See TODO file - Fix: Dont free key/value map entries, as they come from buffer entry 31- Mar 2005 - Added CA & CRL mgmnt doc to manual - Chaged ocurrences of "if (!x) free(x)" to "free(x)" as glibc already does propper null check - Finished krb_mapper ( no pkinit, just kpn -> login map ). NOTE: I assume that KPN is stored as ASN1_STRING, but cannot deduce it from RFC's - MS mapper rewriten to use cert_info lib 29- Mar 2005 - Manual rewritten in xml format - Check for manual in html format. Re-generate if not present - pkcs11_eventmgr: reset time_counter on expire() event fixed - Update .spec file to release 0.5-0 28- Mar 2005 - pkcs11_login-0.5beta1 is out - Manual and web page updated 22- Mar 2005 - recoded cn and krb mappers to use cert_info library - buxfix in conf file 20- Mar 2005 - New tool: pkcs11_inspect, to see contents of certificate - Man pages: several typos and bugfixes - Recoded uid mapper to use cert_info library 18- Mar 2005 - No more warns in compile: fix "-no-strict-alias" cflag when linking with /usr/lib/libpam.so - Several bugfixes and configuration files typos. - Updated .spec file - New files cert_info.[ch] to get and show cert contents. This will allow coding of some tools to inspect certificates without loading mapper modules - Re-coded digest and subject mapper to use cert_info library. The idea is: 1- Get all mappers use cert_info library 2- join all mappers in one big dynload module to store all pre-defined mappers 17- Mar 2005 - Add mapper module function: mapper_find_entries(), in module API to get textual (ie: without mapping) entries on certificate - Reorganize sources: add src/common directory for shared code and move most of common functions there to create a library - Fixed tons of warnings related to "const char *" typecast - Rename cert.[ch] to cert_vfy.[ch] 15- Mar 2005 - Add Certificate Digest mapper ( updated doc and sample files ) 4- Mar 2005 - Added mapfiles to UID mapper - ms_mapper now works properly ( sorry, no ADS conection yet :-( ) - Updated doc and sample files 3- Mar 2005 - Implemented routines API for file mapping: {set,get,end}_mapfile() mapfile_{find,match}() - Implemented mapfiles in mail_mapper - Added mapfiles to cn_mapper - file_mapper changed to subject_mapper 1- Mar 2005 - Pkcs#11-Login 0.4.4 is out. - New web pages 28- Feb 2005 - New pkcs11_eventmgr tool. card_eventmgr is now deprecated, but still supported - Updated manual 24- Feb 2005 - Proper detect [no]debug commandline option - Updated manual - Fixed pcsc-lite version control in card_eventmgr.c - Several configure.in compatibility issues 16- Feb 2005 - Move scconf to be statically linked - New tool: pklogin_finder - Some manual pages - Redhat .spec file - Bugfixes 11- Feb 2005 - Works on Card Event manager finished - Update documentation 10- Feb 2005 - Preliminary version of card_eventmgr tool to detect insert/extract card events and launch proper actions 9- Feb 2005 - Allow empty strings as user name, and deduce login from certificate - Bugfix: call close_pkcs11_session() on all error conditions - Updated manuals and README's 8- Feb 2005 - New pw_mapper CN-to-getpwent() mapper - Ignoredomain support for mail_mapper - Minor bugs in cn and uid mappers 7- Feb 2005 pkcs11_login-0.4 released: - Now pam_pkcs11 can take arguments from command line or via configuration file - Certificate to User mappin has been modularized - Preliminary works on entering session without userlogin prompt: just insert certificate and enter PIN 2- Feb 2005 Thanks Mario Strasser for allow me re-work in their pam_pkcs11 module and re-release it under LGPL pam_pkcs11-0.6.9/Makefile.in0000644000175000017500000006574512772703033016055 0ustar rousseaurousseau# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # $Id$ VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/aclocal/ax_pthread.m4 \ $(top_srcdir)/aclocal/gettext.m4 \ $(top_srcdir)/aclocal/iconv.m4 \ $(top_srcdir)/aclocal/intlmacosx.m4 \ $(top_srcdir)/aclocal/lib-ld.m4 \ $(top_srcdir)/aclocal/lib-link.m4 \ $(top_srcdir)/aclocal/lib-prefix.m4 \ $(top_srcdir)/aclocal/libtool.m4 \ $(top_srcdir)/aclocal/ltoptions.m4 \ $(top_srcdir)/aclocal/ltsugar.m4 \ $(top_srcdir)/aclocal/ltversion.m4 \ $(top_srcdir)/aclocal/lt~obsolete.m4 \ $(top_srcdir)/aclocal/nls.m4 $(top_srcdir)/aclocal/po.m4 \ $(top_srcdir)/aclocal/progtest.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ $(am__configure_deps) $(am__DIST_COMMON) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d CONFIG_HEADER = config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ install-exec-recursive install-html-recursive \ install-info-recursive install-pdf-recursive \ install-ps-recursive install-recursive installcheck-recursive \ installdirs-recursive pdf-recursive ps-recursive \ tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ $(RECURSIVE_TARGETS) \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ cscope distdir dist dist-all distcheck am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \ $(LISP)config.h.in # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags CSCOPE = cscope am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \ ABOUT-NLS AUTHORS COPYING ChangeLog INSTALL NEWS README TODO \ ar-lib compile config.guess config.rpath config.sub install-sh \ ltmain.sh missing DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) am__remove_distdir = \ if test -d "$(distdir)"; then \ find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ && rm -rf "$(distdir)" \ || { sleep 5 && rm -rf "$(distdir)"; }; \ else :; fi am__post_remove_distdir = $(am__remove_distdir) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" DIST_ARCHIVES = $(distdir).tar.gz GZIP_ENV = --best DIST_TARGETS = dist-gzip distuninstallcheck_listfiles = find . -type f -print am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' distcleancheck_listfiles = find . -type f -print ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ CRYPTO_LIBS = @CRYPTO_LIBS@ CURL_CFLAGS = @CURL_CFLAGS@ CURL_LIBS = @CURL_LIBS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDAP_CFLAGS = @LDAP_CFLAGS@ LDAP_LIBS = @LDAP_LIBS@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NM = @NM@ NMEDIT = @NMEDIT@ NSS_CFLAGS = @NSS_CFLAGS@ NSS_LIBS = @NSS_LIBS@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ POSUB = @POSUB@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = . po doc etc src tools DIST_SUBDIRS = . po doc etc src tools EXTRA_DIST = config.rpath ChangeLog COPYING INSTALL \ NEWS README TODO bootstrap pam_pkcs11.spec ChangeLog.git MAINTAINERCLEANFILES = \ Makefile.in config.h.in configure \ install-sh ltmain.sh missing mkinstalldirs \ compile depcomp config.log config.status \ config.guess config.sub acinclude.m4 aclocal.m4 DEPCLEANFILES = config.log configure AUTOMAKE_OPTIONS = foreign ACLOCAL_AMFLAGS = -I aclocal all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive .SUFFIXES: am--refresh: Makefile @: $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \ $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ echo ' $(SHELL) ./config.status'; \ $(SHELL) ./config.status;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) $(am__cd) $(srcdir) && $(AUTOCONF) $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) $(am__aclocal_m4_deps): config.h: stamp-h1 @test -f $@ || rm -f stamp-h1 @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h1 stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status @rm -f stamp-h1 cd $(top_builddir) && $(SHELL) ./config.status config.h $(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) rm -f stamp-h1 touch $@ distclean-hdr: -rm -f config.h stamp-h1 mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs distclean-libtool: -rm -f libtool config.lt # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. # To change the values of 'make' variables: instead of editing Makefiles, # (1) if the variable is set in 'config.status', edit 'config.status' # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): @fail=; \ if $(am__make_keepgoing); then \ failcom='fail=yes'; \ else \ failcom='exit 1'; \ fi; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-recursive TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-recursive CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscope: cscope.files test ! -s cscope.files \ || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS) clean-cscope: -rm -f cscope.files cscope.files: clean-cscope cscopelist cscopelist: cscopelist-recursive cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -rm -f cscope.out cscope.in.out cscope.po.out cscope.files distdir: $(DISTFILES) $(am__remove_distdir) test -d "$(distdir)" || mkdir "$(distdir)" @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ $(am__make_dryrun) \ || test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done -test -n "$(am__skip_mode_fix)" \ || find "$(distdir)" -type d ! -perm -755 \ -exec chmod u+rwx,go+rx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r "$(distdir)" dist-gzip: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz $(am__post_remove_distdir) dist-bzip2: distdir tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 $(am__post_remove_distdir) dist-lzip: distdir tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz $(am__post_remove_distdir) dist-xz: distdir tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz $(am__post_remove_distdir) dist-tarZ: distdir @echo WARNING: "Support for distribution archives compressed with" \ "legacy program 'compress' is deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__post_remove_distdir) dist-shar: distdir @echo WARNING: "Support for shar distribution archives is" \ "deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz $(am__post_remove_distdir) dist-zip: distdir -rm -f $(distdir).zip zip -rq $(distdir).zip $(distdir) $(am__post_remove_distdir) dist dist-all: $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:' $(am__post_remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another # tarfile. distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lz*) \ lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ *.tar.xz*) \ xz -dc $(distdir).tar.xz | $(am__untar) ;;\ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac chmod -R a-w $(distdir) chmod u+w $(distdir) mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && am__cwd=`pwd` \ && $(am__cd) $(distdir)/_build/sub \ && ../../configure \ $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ --srcdir=../.. --prefix="$$dc_install_base" \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ && $(MAKE) $(AM_MAKEFLAGS) install \ && $(MAKE) $(AM_MAKEFLAGS) installcheck \ && $(MAKE) $(AM_MAKEFLAGS) uninstall \ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ distuninstallcheck \ && chmod -R a-w "$$dc_install_base" \ && ({ \ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ } || { rm -rf "$$dc_destdir"; exit 1; }) \ && rm -rf "$$dc_destdir" \ && $(MAKE) $(AM_MAKEFLAGS) dist \ && rm -rf $(DIST_ARCHIVES) \ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ && cd "$$am__cwd" \ || exit 1 $(am__post_remove_distdir) @(echo "$(distdir) archives ready for distribution: "; \ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' distuninstallcheck: @test -n '$(distuninstallcheck_dir)' || { \ echo 'ERROR: trying to run $@ with an empty' \ '$$(distuninstallcheck_dir)' >&2; \ exit 1; \ }; \ $(am__cd) '$(distuninstallcheck_dir)' || { \ echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ exit 1; \ }; \ test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left after uninstall:" ; \ if test -n "$(DESTDIR)"; then \ echo " (check DESTDIR support)"; \ fi ; \ $(distuninstallcheck_listfiles) ; \ exit 1; } >&2 distcleancheck: distclean @if test '$(srcdir)' = . ; then \ echo "ERROR: distcleancheck can only run from a VPATH build" ; \ exit 1 ; \ fi @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left in build directory after distclean:" ; \ $(distcleancheck_listfiles) ; \ exit 1; } >&2 check-am: all-am check: check-recursive all-am: Makefile config.h installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -f Makefile distclean-am: clean-am distclean-generic distclean-hdr \ distclean-libtool distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -rf $(top_srcdir)/autom4te.cache -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(am__recursive_targets) all install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ am--refresh check check-am clean clean-cscope clean-generic \ clean-libtool cscope cscopelist-am ctags ctags-am dist \ dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \ dist-xz dist-zip distcheck distclean distclean-generic \ distclean-hdr distclean-libtool distclean-tags distcleancheck \ distdir distuninstallcheck dvi dvi-am html html-am info \ info-am install install-am install-data install-data-am \ install-dvi install-dvi-am install-exec install-exec-am \ install-html install-html-am install-info install-info-am \ install-man install-pdf install-pdf-am install-ps \ install-ps-am install-strip installcheck installcheck-am \ installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am .PRECIOUS: Makefile ChangeLog.git: git log --stat --decorate=short > $@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam_pkcs11-0.6.9/TODO0000644000175000017500000000437012772700002014454 0ustar rousseaurousseau0.6 will be a finish-code release. Fix source tree estructure, define devel api and code all to-be-written mappers are task to do Expected things to be done in 0.6 release: - Create and Define a pam-pkcs11 mapper API & library. This is mostly done at 0.5.3, but some cleaning is needed. * Create a mapper "devel" package * Use OpenSC libp11 pkcs11 library - Add remote CA's and CRL's lookups Actually, CA's and local CRL's are stored as hash dir. Need to recode to use URL's as data sources - Finish mapper coding * opensc: - Generic mapping files 0.5.3 searches in ${HOME}/.eid/authorized_certificates. Needs an additional tool to manage a "global" certificate file with user mappings * openssh: - Same as opensc. Hint: use "comment" field on ssh public keys to store login name * ldap mapper: - Allow use of any certificate content to make queries - find() function is too expensive when navigate across databases of thousand of users. Need to optimize search filters. * database mapper: - Define and create a UnixODBC based database mapper * Compile as static all mappers that does not depend on extra libraries 0.7 is a try to real-life implementation: MS Active directory configuration, NSS aware configurations, LDAP settings, many samples and docs, general cleanups, etc. Things to be done in 0.7 release: - Review all mappers that depends on remote connections. * conditional queries instead of getpwent() query loop - Allow pam-pkcs11 login against MS Active Directory * Changes to MS_mapper to real use of UPN Domain * Documentation and samples - Manuals on LDAP, NSS and so installations - ncurses (gtk?) tool to create/edit mapfiles 0.8 will be a major cleanup: bugfixes, optimizations, pam-session handling. Most important: pkinit aware pam module is to be scheduled here Things to be done in 0.8 release - Call for pin only when needed - Use certificate only if available for authentication - Implement of Kerberos PKINIT specification. Rewrite of kpn mapper - Check content-type of cert fields instead assume utf-8 - proper handle of free() calls when needed 0.9 will be a preview version. No more items are expected to add, just bugfixes and feedbacks from users. Perhaps it's time for i18n issues 1.0 That's all folks! pam_pkcs11-0.6.9/INSTALL0000644000175000017500000002203012074274512015015 0ustar rousseaurousseauCopyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. This file is free documentation; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. Basic Installation ================== These are generic installation instructions. The `configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses those values to create a `Makefile' in each directory of the package. It may also create one or more `.h' files containing system-dependent definitions. Finally, it creates a shell script `config.status' that you can run in the future to recreate the current configuration, and a file `config.log' containing compiler output (useful mainly for debugging `configure'). It can also use an optional file (typically called `config.cache' and enabled with `--cache-file=config.cache' or simply `-C') that saves the results of its tests to speed up reconfiguring. (Caching is disabled by default to prevent problems with accidental use of stale cache files.) If you need to do unusual things to compile the package, please try to figure out how `configure' could check whether to do them, and mail diffs or instructions to the address given in the `README' so they can be considered for the next release. If you are using the cache, and at some point `config.cache' contains results you don't want to keep, you may remove or edit it. The file `configure.ac' (or `configure.in') is used to create `configure' by a program called `autoconf'. You only need `configure.ac' if you want to change it or regenerate `configure' using a newer version of `autoconf'. The simplest way to compile this package is: 1. `cd' to the directory containing the package's source code and type `./configure' to configure the package for your system. If you're using `csh' on an old version of System V, you might need to type `sh ./configure' instead to prevent `csh' from trying to execute `configure' itself. Running `configure' takes awhile. While running, it prints some messages telling which features it is checking for. 2. Type `make' to compile the package. 3. Optionally, type `make check' to run any self-tests that come with the package. 4. Type `make install' to install the programs and any data files and documentation. 5. You can remove the program binaries and object files from the source code directory by typing `make clean'. To also remove the files that `configure' created (so you can compile the package for a different kind of computer), type `make distclean'. There is also a `make maintainer-clean' target, but that is intended mainly for the package's developers. If you use it, you may have to get all sorts of other programs in order to regenerate files that came with the distribution. Compilers and Options ===================== Some systems require unusual options for compilation or linking that the `configure' script does not know about. Run `./configure --help' for details on some of the pertinent environment variables. You can give `configure' initial values for configuration parameters by setting variables in the command line or in the environment. Here is an example: ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix *Note Defining Variables::, for more details. Compiling For Multiple Architectures ==================================== You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their own directory. To do this, you must use a version of `make' that supports the `VPATH' variable, such as GNU `make'. `cd' to the directory where you want the object files and executables to go and run the `configure' script. `configure' automatically checks for the source code in the directory that `configure' is in and in `..'. If you have to use a `make' that does not support the `VPATH' variable, you have to compile the package for one architecture at a time in the source code directory. After you have installed the package for one architecture, use `make distclean' before reconfiguring for another architecture. Installation Names ================== By default, `make install' will install the package's files in `/usr/local/bin', `/usr/local/man', etc. You can specify an installation prefix other than `/usr/local' by giving `configure' the option `--prefix=PATH'. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you give `configure' the option `--exec-prefix=PATH', the package will use PATH as the prefix for installing programs and libraries. Documentation and other data files will still use the regular prefix. In addition, if you use an unusual directory layout you can give options like `--bindir=PATH' to specify different values for particular kinds of files. Run `configure --help' for a list of the directories you can set and what kinds of files go in them. If the package supports it, you can cause programs to be installed with an extra prefix or suffix on their names by giving `configure' the option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. Optional Features ================= Some packages pay attention to `--enable-FEATURE' options to `configure', where FEATURE indicates an optional part of the package. They may also pay attention to `--with-PACKAGE' options, where PACKAGE is something like `gnu-as' or `x' (for the X Window System). The `README' should mention any `--enable-' and `--with-' options that the package recognizes. For packages that use the X Window System, `configure' can usually find the X include and library files automatically, but if it doesn't, you can use the `configure' options `--x-includes=DIR' and `--x-libraries=DIR' to specify their locations. Specifying the System Type ========================== There may be some features `configure' cannot figure out automatically, but needs to determine by the type of machine the package will run on. Usually, assuming the package is built to be run on the _same_ architectures, `configure' can figure that out, but if it prints a message saying it cannot guess the machine type, give it the `--build=TYPE' option. TYPE can either be a short name for the system type, such as `sun4', or a canonical name which has the form: CPU-COMPANY-SYSTEM where SYSTEM can have one of these forms: OS KERNEL-OS See the file `config.sub' for the possible values of each field. If `config.sub' isn't included in this package, then this package doesn't need to know the machine type. If you are _building_ compiler tools for cross-compiling, you should use the `--target=TYPE' option to select the type of system they will produce code for. If you want to _use_ a cross compiler, that generates code for a platform different from the build platform, you should specify the "host" platform (i.e., that on which the generated programs will eventually be run) with `--host=TYPE'. Sharing Defaults ================ If you want to set default values for `configure' scripts to share, you can create a site shell script called `config.site' that gives default values for variables like `CC', `cache_file', and `prefix'. `configure' looks for `PREFIX/share/config.site' if it exists, then `PREFIX/etc/config.site' if it exists. Or, you can set the `CONFIG_SITE' environment variable to the location of the site script. A warning: not all `configure' scripts look for a site script. Defining Variables ================== Variables not defined in a site shell script can be set in the environment passed to `configure'. However, some packages may run configure again during the build, and the customized values of these variables may be lost. In order to avoid this problem, you should set them in the `configure' command line, using `VAR=value'. For example: ./configure CC=/usr/local2/bin/gcc will cause the specified gcc to be used as the C compiler (unless it is overridden in the site shell script). `configure' Invocation ====================== `configure' recognizes the following options to control how it operates. `--help' `-h' Print a summary of the options to `configure', and exit. `--version' `-V' Print the version of Autoconf used to generate the `configure' script, and exit. `--cache-file=FILE' Enable the cache: use and save the results of the tests in FILE, traditionally `config.cache'. FILE defaults to `/dev/null' to disable caching. `--config-cache' `-C' Alias for `--cache-file=config.cache'. `--quiet' `--silent' `-q' Do not print messages saying which checks are being made. To suppress all normal output, redirect it to `/dev/null' (any error messages will still be shown). `--srcdir=DIR' Look for the package's source code in directory DIR. Usually `configure' can determine that directory automatically. `configure' also accepts some other, not widely useful, options. Run `configure --help' for more details. pam_pkcs11-0.6.9/ltmain.sh0000644000175000017500000117147412772703031015624 0ustar rousseaurousseau#! /bin/sh ## DO NOT EDIT - This file generated from ./build-aux/ltmain.in ## by inline-source v2014-01-03.01 # libtool (GNU libtool) 2.4.6 # Provide generalized library-building support services. # Written by Gordon Matzigkeit , 1996 # Copyright (C) 1996-2015 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # GNU Libtool is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # As a special exception to the GNU General Public License, # if you distribute this file as part of a program or library that # is built using GNU Libtool, you may include this file under the # same distribution terms that you use for the rest of that program. # # GNU Libtool is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . PROGRAM=libtool PACKAGE=libtool VERSION="2.4.6 Debian-2.4.6-2" package_revision=2.4.6 ## ------ ## ## Usage. ## ## ------ ## # Run './libtool --help' for help with using this script from the # command line. ## ------------------------------- ## ## User overridable command paths. ## ## ------------------------------- ## # After configure completes, it has a better idea of some of the # shell tools we need than the defaults used by the functions shared # with bootstrap, so set those here where they can still be over- # ridden by the user, but otherwise take precedence. : ${AUTOCONF="autoconf"} : ${AUTOMAKE="automake"} ## -------------------------- ## ## Source external libraries. ## ## -------------------------- ## # Much of our low-level functionality needs to be sourced from external # libraries, which are installed to $pkgauxdir. # Set a version string for this script. scriptversion=2015-01-20.17; # UTC # General shell script boiler plate, and helper functions. # Written by Gary V. Vaughan, 2004 # Copyright (C) 2004-2015 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # As a special exception to the GNU General Public License, if you distribute # this file as part of a program or library that is built using GNU Libtool, # you may include this file under the same distribution terms that you use # for the rest of that program. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Please report bugs or propose patches to gary@gnu.org. ## ------ ## ## Usage. ## ## ------ ## # Evaluate this file near the top of your script to gain access to # the functions and variables defined here: # # . `echo "$0" | ${SED-sed} 's|[^/]*$||'`/build-aux/funclib.sh # # If you need to override any of the default environment variable # settings, do that before evaluating this file. ## -------------------- ## ## Shell normalisation. ## ## -------------------- ## # Some shells need a little help to be as Bourne compatible as possible. # Before doing anything else, make sure all that help has been provided! DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi # NLS nuisances: We save the old values in case they are required later. _G_user_locale= _G_safe_locale= for _G_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES do eval "if test set = \"\${$_G_var+set}\"; then save_$_G_var=\$$_G_var $_G_var=C export $_G_var _G_user_locale=\"$_G_var=\\\$save_\$_G_var; \$_G_user_locale\" _G_safe_locale=\"$_G_var=C; \$_G_safe_locale\" fi" done # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # Make sure IFS has a sensible default sp=' ' nl=' ' IFS="$sp $nl" # There are apparently some retarded systems that use ';' as a PATH separator! if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi ## ------------------------- ## ## Locate command utilities. ## ## ------------------------- ## # func_executable_p FILE # ---------------------- # Check that FILE is an executable regular file. func_executable_p () { test -f "$1" && test -x "$1" } # func_path_progs PROGS_LIST CHECK_FUNC [PATH] # -------------------------------------------- # Search for either a program that responds to --version with output # containing "GNU", or else returned by CHECK_FUNC otherwise, by # trying all the directories in PATH with each of the elements of # PROGS_LIST. # # CHECK_FUNC should accept the path to a candidate program, and # set $func_check_prog_result if it truncates its output less than # $_G_path_prog_max characters. func_path_progs () { _G_progs_list=$1 _G_check_func=$2 _G_PATH=${3-"$PATH"} _G_path_prog_max=0 _G_path_prog_found=false _G_save_IFS=$IFS; IFS=${PATH_SEPARATOR-:} for _G_dir in $_G_PATH; do IFS=$_G_save_IFS test -z "$_G_dir" && _G_dir=. for _G_prog_name in $_G_progs_list; do for _exeext in '' .EXE; do _G_path_prog=$_G_dir/$_G_prog_name$_exeext func_executable_p "$_G_path_prog" || continue case `"$_G_path_prog" --version 2>&1` in *GNU*) func_path_progs_result=$_G_path_prog _G_path_prog_found=: ;; *) $_G_check_func $_G_path_prog func_path_progs_result=$func_check_prog_result ;; esac $_G_path_prog_found && break 3 done done done IFS=$_G_save_IFS test -z "$func_path_progs_result" && { echo "no acceptable sed could be found in \$PATH" >&2 exit 1 } } # We want to be able to use the functions in this file before configure # has figured out where the best binaries are kept, which means we have # to search for them ourselves - except when the results are already set # where we skip the searches. # Unless the user overrides by setting SED, search the path for either GNU # sed, or the sed that truncates its output the least. test -z "$SED" && { _G_sed_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ for _G_i in 1 2 3 4 5 6 7; do _G_sed_script=$_G_sed_script$nl$_G_sed_script done echo "$_G_sed_script" 2>/dev/null | sed 99q >conftest.sed _G_sed_script= func_check_prog_sed () { _G_path_prog=$1 _G_count=0 printf 0123456789 >conftest.in while : do cat conftest.in conftest.in >conftest.tmp mv conftest.tmp conftest.in cp conftest.in conftest.nl echo '' >> conftest.nl "$_G_path_prog" -f conftest.sed conftest.out 2>/dev/null || break diff conftest.out conftest.nl >/dev/null 2>&1 || break _G_count=`expr $_G_count + 1` if test "$_G_count" -gt "$_G_path_prog_max"; then # Best one so far, save it but keep looking for a better one func_check_prog_result=$_G_path_prog _G_path_prog_max=$_G_count fi # 10*(2^10) chars as input seems more than enough test 10 -lt "$_G_count" && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out } func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin rm -f conftest.sed SED=$func_path_progs_result } # Unless the user overrides by setting GREP, search the path for either GNU # grep, or the grep that truncates its output the least. test -z "$GREP" && { func_check_prog_grep () { _G_path_prog=$1 _G_count=0 _G_path_prog_max=0 printf 0123456789 >conftest.in while : do cat conftest.in conftest.in >conftest.tmp mv conftest.tmp conftest.in cp conftest.in conftest.nl echo 'GREP' >> conftest.nl "$_G_path_prog" -e 'GREP$' -e '-(cannot match)-' conftest.out 2>/dev/null || break diff conftest.out conftest.nl >/dev/null 2>&1 || break _G_count=`expr $_G_count + 1` if test "$_G_count" -gt "$_G_path_prog_max"; then # Best one so far, save it but keep looking for a better one func_check_prog_result=$_G_path_prog _G_path_prog_max=$_G_count fi # 10*(2^10) chars as input seems more than enough test 10 -lt "$_G_count" && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out } func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin GREP=$func_path_progs_result } ## ------------------------------- ## ## User overridable command paths. ## ## ------------------------------- ## # All uppercase variable names are used for environment variables. These # variables can be overridden by the user before calling a script that # uses them if a suitable command of that name is not already available # in the command search PATH. : ${CP="cp -f"} : ${ECHO="printf %s\n"} : ${EGREP="$GREP -E"} : ${FGREP="$GREP -F"} : ${LN_S="ln -s"} : ${MAKE="make"} : ${MKDIR="mkdir"} : ${MV="mv -f"} : ${RM="rm -f"} : ${SHELL="${CONFIG_SHELL-/bin/sh}"} ## -------------------- ## ## Useful sed snippets. ## ## -------------------- ## sed_dirname='s|/[^/]*$||' sed_basename='s|^.*/||' # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. sed_quote_subst='s|\([`"$\\]\)|\\\1|g' # Same as above, but do not quote variable references. sed_double_quote_subst='s/\(["`\\]\)/\\\1/g' # Sed substitution that turns a string into a regex matching for the # string literally. sed_make_literal_regex='s|[].[^$\\*\/]|\\&|g' # Sed substitution that converts a w32 file name or path # that contains forward slashes, into one that contains # (escaped) backslashes. A very naive implementation. sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' # Re-'\' parameter expansions in output of sed_double_quote_subst that # were '\'-ed in input to the same. If an odd number of '\' preceded a # '$' in input to sed_double_quote_subst, that '$' was protected from # expansion. Since each input '\' is now two '\'s, look for any number # of runs of four '\'s followed by two '\'s and then a '$'. '\' that '$'. _G_bs='\\' _G_bs2='\\\\' _G_bs4='\\\\\\\\' _G_dollar='\$' sed_double_backslash="\ s/$_G_bs4/&\\ /g s/^$_G_bs2$_G_dollar/$_G_bs&/ s/\\([^$_G_bs]\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g s/\n//g" ## ----------------- ## ## Global variables. ## ## ----------------- ## # Except for the global variables explicitly listed below, the following # functions in the '^func_' namespace, and the '^require_' namespace # variables initialised in the 'Resource management' section, sourcing # this file will not pollute your global namespace with anything # else. There's no portable way to scope variables in Bourne shell # though, so actually running these functions will sometimes place # results into a variable named after the function, and often use # temporary variables in the '^_G_' namespace. If you are careful to # avoid using those namespaces casually in your sourcing script, things # should continue to work as you expect. And, of course, you can freely # overwrite any of the functions or variables defined here before # calling anything to customize them. EXIT_SUCCESS=0 EXIT_FAILURE=1 EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. # Allow overriding, eg assuming that you follow the convention of # putting '$debug_cmd' at the start of all your functions, you can get # bash to show function call trace with: # # debug_cmd='eval echo "${FUNCNAME[0]} $*" >&2' bash your-script-name debug_cmd=${debug_cmd-":"} exit_cmd=: # By convention, finish your script with: # # exit $exit_status # # so that you can set exit_status to non-zero if you want to indicate # something went wrong during execution without actually bailing out at # the point of failure. exit_status=$EXIT_SUCCESS # Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh # is ksh but when the shell is invoked as "sh" and the current value of # the _XPG environment variable is not equal to 1 (one), the special # positional parameter $0, within a function call, is the name of the # function. progpath=$0 # The name of this program. progname=`$ECHO "$progpath" |$SED "$sed_basename"` # Make sure we have an absolute progpath for reexecution: case $progpath in [\\/]*|[A-Za-z]:\\*) ;; *[\\/]*) progdir=`$ECHO "$progpath" |$SED "$sed_dirname"` progdir=`cd "$progdir" && pwd` progpath=$progdir/$progname ;; *) _G_IFS=$IFS IFS=${PATH_SEPARATOR-:} for progdir in $PATH; do IFS=$_G_IFS test -x "$progdir/$progname" && break done IFS=$_G_IFS test -n "$progdir" || progdir=`pwd` progpath=$progdir/$progname ;; esac ## ----------------- ## ## Standard options. ## ## ----------------- ## # The following options affect the operation of the functions defined # below, and should be set appropriately depending on run-time para- # meters passed on the command line. opt_dry_run=false opt_quiet=false opt_verbose=false # Categories 'all' and 'none' are always available. Append any others # you will pass as the first argument to func_warning from your own # code. warning_categories= # By default, display warnings according to 'opt_warning_types'. Set # 'warning_func' to ':' to elide all warnings, or func_fatal_error to # treat the next displayed warning as a fatal error. warning_func=func_warn_and_continue # Set to 'all' to display all warnings, 'none' to suppress all # warnings, or a space delimited list of some subset of # 'warning_categories' to display only the listed warnings. opt_warning_types=all ## -------------------- ## ## Resource management. ## ## -------------------- ## # This section contains definitions for functions that each ensure a # particular resource (a file, or a non-empty configuration variable for # example) is available, and if appropriate to extract default values # from pertinent package files. Call them using their associated # 'require_*' variable to ensure that they are executed, at most, once. # # It's entirely deliberate that calling these functions can set # variables that don't obey the namespace limitations obeyed by the rest # of this file, in order that that they be as useful as possible to # callers. # require_term_colors # ------------------- # Allow display of bold text on terminals that support it. require_term_colors=func_require_term_colors func_require_term_colors () { $debug_cmd test -t 1 && { # COLORTERM and USE_ANSI_COLORS environment variables take # precedence, because most terminfo databases neglect to describe # whether color sequences are supported. test -n "${COLORTERM+set}" && : ${USE_ANSI_COLORS="1"} if test 1 = "$USE_ANSI_COLORS"; then # Standard ANSI escape sequences tc_reset='' tc_bold=''; tc_standout='' tc_red=''; tc_green='' tc_blue=''; tc_cyan='' else # Otherwise trust the terminfo database after all. test -n "`tput sgr0 2>/dev/null`" && { tc_reset=`tput sgr0` test -n "`tput bold 2>/dev/null`" && tc_bold=`tput bold` tc_standout=$tc_bold test -n "`tput smso 2>/dev/null`" && tc_standout=`tput smso` test -n "`tput setaf 1 2>/dev/null`" && tc_red=`tput setaf 1` test -n "`tput setaf 2 2>/dev/null`" && tc_green=`tput setaf 2` test -n "`tput setaf 4 2>/dev/null`" && tc_blue=`tput setaf 4` test -n "`tput setaf 5 2>/dev/null`" && tc_cyan=`tput setaf 5` } fi } require_term_colors=: } ## ----------------- ## ## Function library. ## ## ----------------- ## # This section contains a variety of useful functions to call in your # scripts. Take note of the portable wrappers for features provided by # some modern shells, which will fall back to slower equivalents on # less featureful shells. # func_append VAR VALUE # --------------------- # Append VALUE onto the existing contents of VAR. # We should try to minimise forks, especially on Windows where they are # unreasonably slow, so skip the feature probes when bash or zsh are # being used: if test set = "${BASH_VERSION+set}${ZSH_VERSION+set}"; then : ${_G_HAVE_ARITH_OP="yes"} : ${_G_HAVE_XSI_OPS="yes"} # The += operator was introduced in bash 3.1 case $BASH_VERSION in [12].* | 3.0 | 3.0*) ;; *) : ${_G_HAVE_PLUSEQ_OP="yes"} ;; esac fi # _G_HAVE_PLUSEQ_OP # Can be empty, in which case the shell is probed, "yes" if += is # useable or anything else if it does not work. test -z "$_G_HAVE_PLUSEQ_OP" \ && (eval 'x=a; x+=" b"; test "a b" = "$x"') 2>/dev/null \ && _G_HAVE_PLUSEQ_OP=yes if test yes = "$_G_HAVE_PLUSEQ_OP" then # This is an XSI compatible shell, allowing a faster implementation... eval 'func_append () { $debug_cmd eval "$1+=\$2" }' else # ...otherwise fall back to using expr, which is often a shell builtin. func_append () { $debug_cmd eval "$1=\$$1\$2" } fi # func_append_quoted VAR VALUE # ---------------------------- # Quote VALUE and append to the end of shell variable VAR, separated # by a space. if test yes = "$_G_HAVE_PLUSEQ_OP"; then eval 'func_append_quoted () { $debug_cmd func_quote_for_eval "$2" eval "$1+=\\ \$func_quote_for_eval_result" }' else func_append_quoted () { $debug_cmd func_quote_for_eval "$2" eval "$1=\$$1\\ \$func_quote_for_eval_result" } fi # func_append_uniq VAR VALUE # -------------------------- # Append unique VALUE onto the existing contents of VAR, assuming # entries are delimited by the first character of VALUE. For example: # # func_append_uniq options " --another-option option-argument" # # will only append to $options if " --another-option option-argument " # is not already present somewhere in $options already (note spaces at # each end implied by leading space in second argument). func_append_uniq () { $debug_cmd eval _G_current_value='`$ECHO $'$1'`' _G_delim=`expr "$2" : '\(.\)'` case $_G_delim$_G_current_value$_G_delim in *"$2$_G_delim"*) ;; *) func_append "$@" ;; esac } # func_arith TERM... # ------------------ # Set func_arith_result to the result of evaluating TERMs. test -z "$_G_HAVE_ARITH_OP" \ && (eval 'test 2 = $(( 1 + 1 ))') 2>/dev/null \ && _G_HAVE_ARITH_OP=yes if test yes = "$_G_HAVE_ARITH_OP"; then eval 'func_arith () { $debug_cmd func_arith_result=$(( $* )) }' else func_arith () { $debug_cmd func_arith_result=`expr "$@"` } fi # func_basename FILE # ------------------ # Set func_basename_result to FILE with everything up to and including # the last / stripped. if test yes = "$_G_HAVE_XSI_OPS"; then # If this shell supports suffix pattern removal, then use it to avoid # forking. Hide the definitions single quotes in case the shell chokes # on unsupported syntax... _b='func_basename_result=${1##*/}' _d='case $1 in */*) func_dirname_result=${1%/*}$2 ;; * ) func_dirname_result=$3 ;; esac' else # ...otherwise fall back to using sed. _b='func_basename_result=`$ECHO "$1" |$SED "$sed_basename"`' _d='func_dirname_result=`$ECHO "$1" |$SED "$sed_dirname"` if test "X$func_dirname_result" = "X$1"; then func_dirname_result=$3 else func_append func_dirname_result "$2" fi' fi eval 'func_basename () { $debug_cmd '"$_b"' }' # func_dirname FILE APPEND NONDIR_REPLACEMENT # ------------------------------------------- # Compute the dirname of FILE. If nonempty, add APPEND to the result, # otherwise set result to NONDIR_REPLACEMENT. eval 'func_dirname () { $debug_cmd '"$_d"' }' # func_dirname_and_basename FILE APPEND NONDIR_REPLACEMENT # -------------------------------------------------------- # Perform func_basename and func_dirname in a single function # call: # dirname: Compute the dirname of FILE. If nonempty, # add APPEND to the result, otherwise set result # to NONDIR_REPLACEMENT. # value returned in "$func_dirname_result" # basename: Compute filename of FILE. # value retuned in "$func_basename_result" # For efficiency, we do not delegate to the functions above but instead # duplicate the functionality here. eval 'func_dirname_and_basename () { $debug_cmd '"$_b"' '"$_d"' }' # func_echo ARG... # ---------------- # Echo program name prefixed message. func_echo () { $debug_cmd _G_message=$* func_echo_IFS=$IFS IFS=$nl for _G_line in $_G_message; do IFS=$func_echo_IFS $ECHO "$progname: $_G_line" done IFS=$func_echo_IFS } # func_echo_all ARG... # -------------------- # Invoke $ECHO with all args, space-separated. func_echo_all () { $ECHO "$*" } # func_echo_infix_1 INFIX ARG... # ------------------------------ # Echo program name, followed by INFIX on the first line, with any # additional lines not showing INFIX. func_echo_infix_1 () { $debug_cmd $require_term_colors _G_infix=$1; shift _G_indent=$_G_infix _G_prefix="$progname: $_G_infix: " _G_message=$* # Strip color escape sequences before counting printable length for _G_tc in "$tc_reset" "$tc_bold" "$tc_standout" "$tc_red" "$tc_green" "$tc_blue" "$tc_cyan" do test -n "$_G_tc" && { _G_esc_tc=`$ECHO "$_G_tc" | $SED "$sed_make_literal_regex"` _G_indent=`$ECHO "$_G_indent" | $SED "s|$_G_esc_tc||g"` } done _G_indent="$progname: "`echo "$_G_indent" | $SED 's|.| |g'`" " ## exclude from sc_prohibit_nested_quotes func_echo_infix_1_IFS=$IFS IFS=$nl for _G_line in $_G_message; do IFS=$func_echo_infix_1_IFS $ECHO "$_G_prefix$tc_bold$_G_line$tc_reset" >&2 _G_prefix=$_G_indent done IFS=$func_echo_infix_1_IFS } # func_error ARG... # ----------------- # Echo program name prefixed message to standard error. func_error () { $debug_cmd $require_term_colors func_echo_infix_1 " $tc_standout${tc_red}error$tc_reset" "$*" >&2 } # func_fatal_error ARG... # ----------------------- # Echo program name prefixed message to standard error, and exit. func_fatal_error () { $debug_cmd func_error "$*" exit $EXIT_FAILURE } # func_grep EXPRESSION FILENAME # ----------------------------- # Check whether EXPRESSION matches any line of FILENAME, without output. func_grep () { $debug_cmd $GREP "$1" "$2" >/dev/null 2>&1 } # func_len STRING # --------------- # Set func_len_result to the length of STRING. STRING may not # start with a hyphen. test -z "$_G_HAVE_XSI_OPS" \ && (eval 'x=a/b/c; test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ && _G_HAVE_XSI_OPS=yes if test yes = "$_G_HAVE_XSI_OPS"; then eval 'func_len () { $debug_cmd func_len_result=${#1} }' else func_len () { $debug_cmd func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len` } fi # func_mkdir_p DIRECTORY-PATH # --------------------------- # Make sure the entire path to DIRECTORY-PATH is available. func_mkdir_p () { $debug_cmd _G_directory_path=$1 _G_dir_list= if test -n "$_G_directory_path" && test : != "$opt_dry_run"; then # Protect directory names starting with '-' case $_G_directory_path in -*) _G_directory_path=./$_G_directory_path ;; esac # While some portion of DIR does not yet exist... while test ! -d "$_G_directory_path"; do # ...make a list in topmost first order. Use a colon delimited # list incase some portion of path contains whitespace. _G_dir_list=$_G_directory_path:$_G_dir_list # If the last portion added has no slash in it, the list is done case $_G_directory_path in */*) ;; *) break ;; esac # ...otherwise throw away the child directory and loop _G_directory_path=`$ECHO "$_G_directory_path" | $SED -e "$sed_dirname"` done _G_dir_list=`$ECHO "$_G_dir_list" | $SED 's|:*$||'` func_mkdir_p_IFS=$IFS; IFS=: for _G_dir in $_G_dir_list; do IFS=$func_mkdir_p_IFS # mkdir can fail with a 'File exist' error if two processes # try to create one of the directories concurrently. Don't # stop in that case! $MKDIR "$_G_dir" 2>/dev/null || : done IFS=$func_mkdir_p_IFS # Bail out if we (or some other process) failed to create a directory. test -d "$_G_directory_path" || \ func_fatal_error "Failed to create '$1'" fi } # func_mktempdir [BASENAME] # ------------------------- # Make a temporary directory that won't clash with other running # libtool processes, and avoids race conditions if possible. If # given, BASENAME is the basename for that directory. func_mktempdir () { $debug_cmd _G_template=${TMPDIR-/tmp}/${1-$progname} if test : = "$opt_dry_run"; then # Return a directory name, but don't create it in dry-run mode _G_tmpdir=$_G_template-$$ else # If mktemp works, use that first and foremost _G_tmpdir=`mktemp -d "$_G_template-XXXXXXXX" 2>/dev/null` if test ! -d "$_G_tmpdir"; then # Failing that, at least try and use $RANDOM to avoid a race _G_tmpdir=$_G_template-${RANDOM-0}$$ func_mktempdir_umask=`umask` umask 0077 $MKDIR "$_G_tmpdir" umask $func_mktempdir_umask fi # If we're not in dry-run mode, bomb out on failure test -d "$_G_tmpdir" || \ func_fatal_error "cannot create temporary directory '$_G_tmpdir'" fi $ECHO "$_G_tmpdir" } # func_normal_abspath PATH # ------------------------ # Remove doubled-up and trailing slashes, "." path components, # and cancel out any ".." path components in PATH after making # it an absolute path. func_normal_abspath () { $debug_cmd # These SED scripts presuppose an absolute path with a trailing slash. _G_pathcar='s|^/\([^/]*\).*$|\1|' _G_pathcdr='s|^/[^/]*||' _G_removedotparts=':dotsl s|/\./|/|g t dotsl s|/\.$|/|' _G_collapseslashes='s|/\{1,\}|/|g' _G_finalslash='s|/*$|/|' # Start from root dir and reassemble the path. func_normal_abspath_result= func_normal_abspath_tpath=$1 func_normal_abspath_altnamespace= case $func_normal_abspath_tpath in "") # Empty path, that just means $cwd. func_stripname '' '/' "`pwd`" func_normal_abspath_result=$func_stripname_result return ;; # The next three entries are used to spot a run of precisely # two leading slashes without using negated character classes; # we take advantage of case's first-match behaviour. ///*) # Unusual form of absolute path, do nothing. ;; //*) # Not necessarily an ordinary path; POSIX reserves leading '//' # and for example Cygwin uses it to access remote file shares # over CIFS/SMB, so we conserve a leading double slash if found. func_normal_abspath_altnamespace=/ ;; /*) # Absolute path, do nothing. ;; *) # Relative path, prepend $cwd. func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath ;; esac # Cancel out all the simple stuff to save iterations. We also want # the path to end with a slash for ease of parsing, so make sure # there is one (and only one) here. func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ -e "$_G_removedotparts" -e "$_G_collapseslashes" -e "$_G_finalslash"` while :; do # Processed it all yet? if test / = "$func_normal_abspath_tpath"; then # If we ascended to the root using ".." the result may be empty now. if test -z "$func_normal_abspath_result"; then func_normal_abspath_result=/ fi break fi func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ -e "$_G_pathcar"` func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ -e "$_G_pathcdr"` # Figure out what to do with it case $func_normal_abspath_tcomponent in "") # Trailing empty path component, ignore it. ;; ..) # Parent dir; strip last assembled component from result. func_dirname "$func_normal_abspath_result" func_normal_abspath_result=$func_dirname_result ;; *) # Actual path component, append it. func_append func_normal_abspath_result "/$func_normal_abspath_tcomponent" ;; esac done # Restore leading double-slash if one was found on entry. func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result } # func_notquiet ARG... # -------------------- # Echo program name prefixed message only when not in quiet mode. func_notquiet () { $debug_cmd $opt_quiet || func_echo ${1+"$@"} # A bug in bash halts the script if the last line of a function # fails when set -e is in force, so we need another command to # work around that: : } # func_relative_path SRCDIR DSTDIR # -------------------------------- # Set func_relative_path_result to the relative path from SRCDIR to DSTDIR. func_relative_path () { $debug_cmd func_relative_path_result= func_normal_abspath "$1" func_relative_path_tlibdir=$func_normal_abspath_result func_normal_abspath "$2" func_relative_path_tbindir=$func_normal_abspath_result # Ascend the tree starting from libdir while :; do # check if we have found a prefix of bindir case $func_relative_path_tbindir in $func_relative_path_tlibdir) # found an exact match func_relative_path_tcancelled= break ;; $func_relative_path_tlibdir*) # found a matching prefix func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" func_relative_path_tcancelled=$func_stripname_result if test -z "$func_relative_path_result"; then func_relative_path_result=. fi break ;; *) func_dirname $func_relative_path_tlibdir func_relative_path_tlibdir=$func_dirname_result if test -z "$func_relative_path_tlibdir"; then # Have to descend all the way to the root! func_relative_path_result=../$func_relative_path_result func_relative_path_tcancelled=$func_relative_path_tbindir break fi func_relative_path_result=../$func_relative_path_result ;; esac done # Now calculate path; take care to avoid doubling-up slashes. func_stripname '' '/' "$func_relative_path_result" func_relative_path_result=$func_stripname_result func_stripname '/' '/' "$func_relative_path_tcancelled" if test -n "$func_stripname_result"; then func_append func_relative_path_result "/$func_stripname_result" fi # Normalisation. If bindir is libdir, return '.' else relative path. if test -n "$func_relative_path_result"; then func_stripname './' '' "$func_relative_path_result" func_relative_path_result=$func_stripname_result fi test -n "$func_relative_path_result" || func_relative_path_result=. : } # func_quote_for_eval ARG... # -------------------------- # Aesthetically quote ARGs to be evaled later. # This function returns two values: # i) func_quote_for_eval_result # double-quoted, suitable for a subsequent eval # ii) func_quote_for_eval_unquoted_result # has all characters that are still active within double # quotes backslashified. func_quote_for_eval () { $debug_cmd func_quote_for_eval_unquoted_result= func_quote_for_eval_result= while test 0 -lt $#; do case $1 in *[\\\`\"\$]*) _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;; *) _G_unquoted_arg=$1 ;; esac if test -n "$func_quote_for_eval_unquoted_result"; then func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg" else func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg" fi case $_G_unquoted_arg in # Double-quote args containing shell metacharacters to delay # word splitting, command substitution and variable expansion # for a subsequent eval. # Many Bourne shells cannot handle close brackets correctly # in scan sets, so we specify it separately. *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") _G_quoted_arg=\"$_G_unquoted_arg\" ;; *) _G_quoted_arg=$_G_unquoted_arg ;; esac if test -n "$func_quote_for_eval_result"; then func_append func_quote_for_eval_result " $_G_quoted_arg" else func_append func_quote_for_eval_result "$_G_quoted_arg" fi shift done } # func_quote_for_expand ARG # ------------------------- # Aesthetically quote ARG to be evaled later; same as above, # but do not quote variable references. func_quote_for_expand () { $debug_cmd case $1 in *[\\\`\"]*) _G_arg=`$ECHO "$1" | $SED \ -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;; *) _G_arg=$1 ;; esac case $_G_arg in # Double-quote args containing shell metacharacters to delay # word splitting and command substitution for a subsequent eval. # Many Bourne shells cannot handle close brackets correctly # in scan sets, so we specify it separately. *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") _G_arg=\"$_G_arg\" ;; esac func_quote_for_expand_result=$_G_arg } # func_stripname PREFIX SUFFIX NAME # --------------------------------- # strip PREFIX and SUFFIX from NAME, and store in func_stripname_result. # PREFIX and SUFFIX must not contain globbing or regex special # characters, hashes, percent signs, but SUFFIX may contain a leading # dot (in which case that matches only a dot). if test yes = "$_G_HAVE_XSI_OPS"; then eval 'func_stripname () { $debug_cmd # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are # positional parameters, so assign one to ordinary variable first. func_stripname_result=$3 func_stripname_result=${func_stripname_result#"$1"} func_stripname_result=${func_stripname_result%"$2"} }' else func_stripname () { $debug_cmd case $2 in .*) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%\\\\$2\$%%"`;; *) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%$2\$%%"`;; esac } fi # func_show_eval CMD [FAIL_EXP] # ----------------------------- # Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is # not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP # is given, then evaluate it. func_show_eval () { $debug_cmd _G_cmd=$1 _G_fail_exp=${2-':'} func_quote_for_expand "$_G_cmd" eval "func_notquiet $func_quote_for_expand_result" $opt_dry_run || { eval "$_G_cmd" _G_status=$? if test 0 -ne "$_G_status"; then eval "(exit $_G_status); $_G_fail_exp" fi } } # func_show_eval_locale CMD [FAIL_EXP] # ------------------------------------ # Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is # not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP # is given, then evaluate it. Use the saved locale for evaluation. func_show_eval_locale () { $debug_cmd _G_cmd=$1 _G_fail_exp=${2-':'} $opt_quiet || { func_quote_for_expand "$_G_cmd" eval "func_echo $func_quote_for_expand_result" } $opt_dry_run || { eval "$_G_user_locale $_G_cmd" _G_status=$? eval "$_G_safe_locale" if test 0 -ne "$_G_status"; then eval "(exit $_G_status); $_G_fail_exp" fi } } # func_tr_sh # ---------- # Turn $1 into a string suitable for a shell variable name. # Result is stored in $func_tr_sh_result. All characters # not in the set a-zA-Z0-9_ are replaced with '_'. Further, # if $1 begins with a digit, a '_' is prepended as well. func_tr_sh () { $debug_cmd case $1 in [0-9]* | *[!a-zA-Z0-9_]*) func_tr_sh_result=`$ECHO "$1" | $SED -e 's/^\([0-9]\)/_\1/' -e 's/[^a-zA-Z0-9_]/_/g'` ;; * ) func_tr_sh_result=$1 ;; esac } # func_verbose ARG... # ------------------- # Echo program name prefixed message in verbose mode only. func_verbose () { $debug_cmd $opt_verbose && func_echo "$*" : } # func_warn_and_continue ARG... # ----------------------------- # Echo program name prefixed warning message to standard error. func_warn_and_continue () { $debug_cmd $require_term_colors func_echo_infix_1 "${tc_red}warning$tc_reset" "$*" >&2 } # func_warning CATEGORY ARG... # ---------------------------- # Echo program name prefixed warning message to standard error. Warning # messages can be filtered according to CATEGORY, where this function # elides messages where CATEGORY is not listed in the global variable # 'opt_warning_types'. func_warning () { $debug_cmd # CATEGORY must be in the warning_categories list! case " $warning_categories " in *" $1 "*) ;; *) func_internal_error "invalid warning category '$1'" ;; esac _G_category=$1 shift case " $opt_warning_types " in *" $_G_category "*) $warning_func ${1+"$@"} ;; esac } # func_sort_ver VER1 VER2 # ----------------------- # 'sort -V' is not generally available. # Note this deviates from the version comparison in automake # in that it treats 1.5 < 1.5.0, and treats 1.4.4a < 1.4-p3a # but this should suffice as we won't be specifying old # version formats or redundant trailing .0 in bootstrap.conf. # If we did want full compatibility then we should probably # use m4_version_compare from autoconf. func_sort_ver () { $debug_cmd printf '%s\n%s\n' "$1" "$2" \ | sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n -k 5,5n -k 6,6n -k 7,7n -k 8,8n -k 9,9n } # func_lt_ver PREV CURR # --------------------- # Return true if PREV and CURR are in the correct order according to # func_sort_ver, otherwise false. Use it like this: # # func_lt_ver "$prev_ver" "$proposed_ver" || func_fatal_error "..." func_lt_ver () { $debug_cmd test "x$1" = x`func_sort_ver "$1" "$2" | $SED 1q` } # Local variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" # time-stamp-time-zone: "UTC" # End: #! /bin/sh # Set a version string for this script. scriptversion=2014-01-07.03; # UTC # A portable, pluggable option parser for Bourne shell. # Written by Gary V. Vaughan, 2010 # Copyright (C) 2010-2015 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Please report bugs or propose patches to gary@gnu.org. ## ------ ## ## Usage. ## ## ------ ## # This file is a library for parsing options in your shell scripts along # with assorted other useful supporting features that you can make use # of too. # # For the simplest scripts you might need only: # # #!/bin/sh # . relative/path/to/funclib.sh # . relative/path/to/options-parser # scriptversion=1.0 # func_options ${1+"$@"} # eval set dummy "$func_options_result"; shift # ...rest of your script... # # In order for the '--version' option to work, you will need to have a # suitably formatted comment like the one at the top of this file # starting with '# Written by ' and ending with '# warranty; '. # # For '-h' and '--help' to work, you will also need a one line # description of your script's purpose in a comment directly above the # '# Written by ' line, like the one at the top of this file. # # The default options also support '--debug', which will turn on shell # execution tracing (see the comment above debug_cmd below for another # use), and '--verbose' and the func_verbose function to allow your script # to display verbose messages only when your user has specified # '--verbose'. # # After sourcing this file, you can plug processing for additional # options by amending the variables from the 'Configuration' section # below, and following the instructions in the 'Option parsing' # section further down. ## -------------- ## ## Configuration. ## ## -------------- ## # You should override these variables in your script after sourcing this # file so that they reflect the customisations you have added to the # option parser. # The usage line for option parsing errors and the start of '-h' and # '--help' output messages. You can embed shell variables for delayed # expansion at the time the message is displayed, but you will need to # quote other shell meta-characters carefully to prevent them being # expanded when the contents are evaled. usage='$progpath [OPTION]...' # Short help message in response to '-h' and '--help'. Add to this or # override it after sourcing this library to reflect the full set of # options your script accepts. usage_message="\ --debug enable verbose shell tracing -W, --warnings=CATEGORY report the warnings falling in CATEGORY [all] -v, --verbose verbosely report processing --version print version information and exit -h, --help print short or long help message and exit " # Additional text appended to 'usage_message' in response to '--help'. long_help_message=" Warning categories include: 'all' show all warnings 'none' turn off all the warnings 'error' warnings are treated as fatal errors" # Help message printed before fatal option parsing errors. fatal_help="Try '\$progname --help' for more information." ## ------------------------- ## ## Hook function management. ## ## ------------------------- ## # This section contains functions for adding, removing, and running hooks # to the main code. A hook is just a named list of of function, that can # be run in order later on. # func_hookable FUNC_NAME # ----------------------- # Declare that FUNC_NAME will run hooks added with # 'func_add_hook FUNC_NAME ...'. func_hookable () { $debug_cmd func_append hookable_fns " $1" } # func_add_hook FUNC_NAME HOOK_FUNC # --------------------------------- # Request that FUNC_NAME call HOOK_FUNC before it returns. FUNC_NAME must # first have been declared "hookable" by a call to 'func_hookable'. func_add_hook () { $debug_cmd case " $hookable_fns " in *" $1 "*) ;; *) func_fatal_error "'$1' does not accept hook functions." ;; esac eval func_append ${1}_hooks '" $2"' } # func_remove_hook FUNC_NAME HOOK_FUNC # ------------------------------------ # Remove HOOK_FUNC from the list of functions called by FUNC_NAME. func_remove_hook () { $debug_cmd eval ${1}_hooks='`$ECHO "\$'$1'_hooks" |$SED "s| '$2'||"`' } # func_run_hooks FUNC_NAME [ARG]... # --------------------------------- # Run all hook functions registered to FUNC_NAME. # It is assumed that the list of hook functions contains nothing more # than a whitespace-delimited list of legal shell function names, and # no effort is wasted trying to catch shell meta-characters or preserve # whitespace. func_run_hooks () { $debug_cmd case " $hookable_fns " in *" $1 "*) ;; *) func_fatal_error "'$1' does not support hook funcions.n" ;; esac eval _G_hook_fns=\$$1_hooks; shift for _G_hook in $_G_hook_fns; do eval $_G_hook '"$@"' # store returned options list back into positional # parameters for next 'cmd' execution. eval _G_hook_result=\$${_G_hook}_result eval set dummy "$_G_hook_result"; shift done func_quote_for_eval ${1+"$@"} func_run_hooks_result=$func_quote_for_eval_result } ## --------------- ## ## Option parsing. ## ## --------------- ## # In order to add your own option parsing hooks, you must accept the # full positional parameter list in your hook function, remove any # options that you action, and then pass back the remaining unprocessed # options in '_result', escaped suitably for # 'eval'. Like this: # # my_options_prep () # { # $debug_cmd # # # Extend the existing usage message. # usage_message=$usage_message' # -s, --silent don'\''t print informational messages # ' # # func_quote_for_eval ${1+"$@"} # my_options_prep_result=$func_quote_for_eval_result # } # func_add_hook func_options_prep my_options_prep # # # my_silent_option () # { # $debug_cmd # # # Note that for efficiency, we parse as many options as we can # # recognise in a loop before passing the remainder back to the # # caller on the first unrecognised argument we encounter. # while test $# -gt 0; do # opt=$1; shift # case $opt in # --silent|-s) opt_silent=: ;; # # Separate non-argument short options: # -s*) func_split_short_opt "$_G_opt" # set dummy "$func_split_short_opt_name" \ # "-$func_split_short_opt_arg" ${1+"$@"} # shift # ;; # *) set dummy "$_G_opt" "$*"; shift; break ;; # esac # done # # func_quote_for_eval ${1+"$@"} # my_silent_option_result=$func_quote_for_eval_result # } # func_add_hook func_parse_options my_silent_option # # # my_option_validation () # { # $debug_cmd # # $opt_silent && $opt_verbose && func_fatal_help "\ # '--silent' and '--verbose' options are mutually exclusive." # # func_quote_for_eval ${1+"$@"} # my_option_validation_result=$func_quote_for_eval_result # } # func_add_hook func_validate_options my_option_validation # # You'll alse need to manually amend $usage_message to reflect the extra # options you parse. It's preferable to append if you can, so that # multiple option parsing hooks can be added safely. # func_options [ARG]... # --------------------- # All the functions called inside func_options are hookable. See the # individual implementations for details. func_hookable func_options func_options () { $debug_cmd func_options_prep ${1+"$@"} eval func_parse_options \ ${func_options_prep_result+"$func_options_prep_result"} eval func_validate_options \ ${func_parse_options_result+"$func_parse_options_result"} eval func_run_hooks func_options \ ${func_validate_options_result+"$func_validate_options_result"} # save modified positional parameters for caller func_options_result=$func_run_hooks_result } # func_options_prep [ARG]... # -------------------------- # All initialisations required before starting the option parse loop. # Note that when calling hook functions, we pass through the list of # positional parameters. If a hook function modifies that list, and # needs to propogate that back to rest of this script, then the complete # modified list must be put in 'func_run_hooks_result' before # returning. func_hookable func_options_prep func_options_prep () { $debug_cmd # Option defaults: opt_verbose=false opt_warning_types= func_run_hooks func_options_prep ${1+"$@"} # save modified positional parameters for caller func_options_prep_result=$func_run_hooks_result } # func_parse_options [ARG]... # --------------------------- # The main option parsing loop. func_hookable func_parse_options func_parse_options () { $debug_cmd func_parse_options_result= # this just eases exit handling while test $# -gt 0; do # Defer to hook functions for initial option parsing, so they # get priority in the event of reusing an option name. func_run_hooks func_parse_options ${1+"$@"} # Adjust func_parse_options positional parameters to match eval set dummy "$func_run_hooks_result"; shift # Break out of the loop if we already parsed every option. test $# -gt 0 || break _G_opt=$1 shift case $_G_opt in --debug|-x) debug_cmd='set -x' func_echo "enabling shell trace mode" $debug_cmd ;; --no-warnings|--no-warning|--no-warn) set dummy --warnings none ${1+"$@"} shift ;; --warnings|--warning|-W) test $# = 0 && func_missing_arg $_G_opt && break case " $warning_categories $1" in *" $1 "*) # trailing space prevents matching last $1 above func_append_uniq opt_warning_types " $1" ;; *all) opt_warning_types=$warning_categories ;; *none) opt_warning_types=none warning_func=: ;; *error) opt_warning_types=$warning_categories warning_func=func_fatal_error ;; *) func_fatal_error \ "unsupported warning category: '$1'" ;; esac shift ;; --verbose|-v) opt_verbose=: ;; --version) func_version ;; -\?|-h) func_usage ;; --help) func_help ;; # Separate optargs to long options (plugins may need this): --*=*) func_split_equals "$_G_opt" set dummy "$func_split_equals_lhs" \ "$func_split_equals_rhs" ${1+"$@"} shift ;; # Separate optargs to short options: -W*) func_split_short_opt "$_G_opt" set dummy "$func_split_short_opt_name" \ "$func_split_short_opt_arg" ${1+"$@"} shift ;; # Separate non-argument short options: -\?*|-h*|-v*|-x*) func_split_short_opt "$_G_opt" set dummy "$func_split_short_opt_name" \ "-$func_split_short_opt_arg" ${1+"$@"} shift ;; --) break ;; -*) func_fatal_help "unrecognised option: '$_G_opt'" ;; *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; esac done # save modified positional parameters for caller func_quote_for_eval ${1+"$@"} func_parse_options_result=$func_quote_for_eval_result } # func_validate_options [ARG]... # ------------------------------ # Perform any sanity checks on option settings and/or unconsumed # arguments. func_hookable func_validate_options func_validate_options () { $debug_cmd # Display all warnings if -W was not given. test -n "$opt_warning_types" || opt_warning_types=" $warning_categories" func_run_hooks func_validate_options ${1+"$@"} # Bail if the options were screwed! $exit_cmd $EXIT_FAILURE # save modified positional parameters for caller func_validate_options_result=$func_run_hooks_result } ## ----------------- ## ## Helper functions. ## ## ----------------- ## # This section contains the helper functions used by the rest of the # hookable option parser framework in ascii-betical order. # func_fatal_help ARG... # ---------------------- # Echo program name prefixed message to standard error, followed by # a help hint, and exit. func_fatal_help () { $debug_cmd eval \$ECHO \""Usage: $usage"\" eval \$ECHO \""$fatal_help"\" func_error ${1+"$@"} exit $EXIT_FAILURE } # func_help # --------- # Echo long help message to standard output and exit. func_help () { $debug_cmd func_usage_message $ECHO "$long_help_message" exit 0 } # func_missing_arg ARGNAME # ------------------------ # Echo program name prefixed message to standard error and set global # exit_cmd. func_missing_arg () { $debug_cmd func_error "Missing argument for '$1'." exit_cmd=exit } # func_split_equals STRING # ------------------------ # Set func_split_equals_lhs and func_split_equals_rhs shell variables after # splitting STRING at the '=' sign. test -z "$_G_HAVE_XSI_OPS" \ && (eval 'x=a/b/c; test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ && _G_HAVE_XSI_OPS=yes if test yes = "$_G_HAVE_XSI_OPS" then # This is an XSI compatible shell, allowing a faster implementation... eval 'func_split_equals () { $debug_cmd func_split_equals_lhs=${1%%=*} func_split_equals_rhs=${1#*=} test "x$func_split_equals_lhs" = "x$1" \ && func_split_equals_rhs= }' else # ...otherwise fall back to using expr, which is often a shell builtin. func_split_equals () { $debug_cmd func_split_equals_lhs=`expr "x$1" : 'x\([^=]*\)'` func_split_equals_rhs= test "x$func_split_equals_lhs" = "x$1" \ || func_split_equals_rhs=`expr "x$1" : 'x[^=]*=\(.*\)$'` } fi #func_split_equals # func_split_short_opt SHORTOPT # ----------------------------- # Set func_split_short_opt_name and func_split_short_opt_arg shell # variables after splitting SHORTOPT after the 2nd character. if test yes = "$_G_HAVE_XSI_OPS" then # This is an XSI compatible shell, allowing a faster implementation... eval 'func_split_short_opt () { $debug_cmd func_split_short_opt_arg=${1#??} func_split_short_opt_name=${1%"$func_split_short_opt_arg"} }' else # ...otherwise fall back to using expr, which is often a shell builtin. func_split_short_opt () { $debug_cmd func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'` func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'` } fi #func_split_short_opt # func_usage # ---------- # Echo short help message to standard output and exit. func_usage () { $debug_cmd func_usage_message $ECHO "Run '$progname --help |${PAGER-more}' for full usage" exit 0 } # func_usage_message # ------------------ # Echo short help message to standard output. func_usage_message () { $debug_cmd eval \$ECHO \""Usage: $usage"\" echo $SED -n 's|^# || /^Written by/{ x;p;x } h /^Written by/q' < "$progpath" echo eval \$ECHO \""$usage_message"\" } # func_version # ------------ # Echo version message to standard output and exit. func_version () { $debug_cmd printf '%s\n' "$progname $scriptversion" $SED -n ' /(C)/!b go :more /\./!{ N s|\n# | | b more } :go /^# Written by /,/# warranty; / { s|^# || s|^# *$|| s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2| p } /^# Written by / { s|^# || p } /^warranty; /q' < "$progpath" exit $? } # Local variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" # time-stamp-time-zone: "UTC" # End: # Set a version string. scriptversion='(GNU libtool) 2.4.6' # func_echo ARG... # ---------------- # Libtool also displays the current mode in messages, so override # funclib.sh func_echo with this custom definition. func_echo () { $debug_cmd _G_message=$* func_echo_IFS=$IFS IFS=$nl for _G_line in $_G_message; do IFS=$func_echo_IFS $ECHO "$progname${opt_mode+: $opt_mode}: $_G_line" done IFS=$func_echo_IFS } # func_warning ARG... # ------------------- # Libtool warnings are not categorized, so override funclib.sh # func_warning with this simpler definition. func_warning () { $debug_cmd $warning_func ${1+"$@"} } ## ---------------- ## ## Options parsing. ## ## ---------------- ## # Hook in the functions to make sure our own options are parsed during # the option parsing loop. usage='$progpath [OPTION]... [MODE-ARG]...' # Short help message in response to '-h'. usage_message="Options: --config show all configuration variables --debug enable verbose shell tracing -n, --dry-run display commands without modifying any files --features display basic configuration information and exit --mode=MODE use operation mode MODE --no-warnings equivalent to '-Wnone' --preserve-dup-deps don't remove duplicate dependency libraries --quiet, --silent don't print informational messages --tag=TAG use configuration variables from tag TAG -v, --verbose print more informational messages than default --version print version information -W, --warnings=CATEGORY report the warnings falling in CATEGORY [all] -h, --help, --help-all print short, long, or detailed help message " # Additional text appended to 'usage_message' in response to '--help'. func_help () { $debug_cmd func_usage_message $ECHO "$long_help_message MODE must be one of the following: clean remove files from the build directory compile compile a source file into a libtool object execute automatically set library path, then run a program finish complete the installation of libtool libraries install install libraries or executables link create a library or an executable uninstall remove libraries from an installed directory MODE-ARGS vary depending on the MODE. When passed as first option, '--mode=MODE' may be abbreviated as 'MODE' or a unique abbreviation of that. Try '$progname --help --mode=MODE' for a more detailed description of MODE. When reporting a bug, please describe a test case to reproduce it and include the following information: host-triplet: $host shell: $SHELL compiler: $LTCC compiler flags: $LTCFLAGS linker: $LD (gnu? $with_gnu_ld) version: $progname $scriptversion Debian-2.4.6-2 automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` Report bugs to . GNU libtool home page: . General help using GNU software: ." exit 0 } # func_lo2o OBJECT-NAME # --------------------- # Transform OBJECT-NAME from a '.lo' suffix to the platform specific # object suffix. lo2o=s/\\.lo\$/.$objext/ o2lo=s/\\.$objext\$/.lo/ if test yes = "$_G_HAVE_XSI_OPS"; then eval 'func_lo2o () { case $1 in *.lo) func_lo2o_result=${1%.lo}.$objext ;; * ) func_lo2o_result=$1 ;; esac }' # func_xform LIBOBJ-OR-SOURCE # --------------------------- # Transform LIBOBJ-OR-SOURCE from a '.o' or '.c' (or otherwise) # suffix to a '.lo' libtool-object suffix. eval 'func_xform () { func_xform_result=${1%.*}.lo }' else # ...otherwise fall back to using sed. func_lo2o () { func_lo2o_result=`$ECHO "$1" | $SED "$lo2o"` } func_xform () { func_xform_result=`$ECHO "$1" | $SED 's|\.[^.]*$|.lo|'` } fi # func_fatal_configuration ARG... # ------------------------------- # Echo program name prefixed message to standard error, followed by # a configuration failure hint, and exit. func_fatal_configuration () { func__fatal_error ${1+"$@"} \ "See the $PACKAGE documentation for more information." \ "Fatal configuration error." } # func_config # ----------- # Display the configuration for all the tags in this script. func_config () { re_begincf='^# ### BEGIN LIBTOOL' re_endcf='^# ### END LIBTOOL' # Default configuration. $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath" # Now print the configurations for the tags. for tagname in $taglist; do $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath" done exit $? } # func_features # ------------- # Display the features supported by this script. func_features () { echo "host: $host" if test yes = "$build_libtool_libs"; then echo "enable shared libraries" else echo "disable shared libraries" fi if test yes = "$build_old_libs"; then echo "enable static libraries" else echo "disable static libraries" fi exit $? } # func_enable_tag TAGNAME # ----------------------- # Verify that TAGNAME is valid, and either flag an error and exit, or # enable the TAGNAME tag. We also add TAGNAME to the global $taglist # variable here. func_enable_tag () { # Global variable: tagname=$1 re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" sed_extractcf=/$re_begincf/,/$re_endcf/p # Validate tagname. case $tagname in *[!-_A-Za-z0-9,/]*) func_fatal_error "invalid tag name: $tagname" ;; esac # Don't test for the "default" C tag, as we know it's # there but not specially marked. case $tagname in CC) ;; *) if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then taglist="$taglist $tagname" # Evaluate the configuration. Be careful to quote the path # and the sed script, to avoid splitting on whitespace, but # also don't use non-portable quotes within backquotes within # quotes we have to do it in 2 steps: extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` eval "$extractedcf" else func_error "ignoring unknown tag $tagname" fi ;; esac } # func_check_version_match # ------------------------ # Ensure that we are using m4 macros, and libtool script from the same # release of libtool. func_check_version_match () { if test "$package_revision" != "$macro_revision"; then if test "$VERSION" != "$macro_version"; then if test -z "$macro_version"; then cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, but the $progname: definition of this LT_INIT comes from an older release. $progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION $progname: and run autoconf again. _LT_EOF else cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, but the $progname: definition of this LT_INIT comes from $PACKAGE $macro_version. $progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION $progname: and run autoconf again. _LT_EOF fi else cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, $progname: but the definition of this LT_INIT comes from revision $macro_revision. $progname: You should recreate aclocal.m4 with macros from revision $package_revision $progname: of $PACKAGE $VERSION and run autoconf again. _LT_EOF fi exit $EXIT_MISMATCH fi } # libtool_options_prep [ARG]... # ----------------------------- # Preparation for options parsed by libtool. libtool_options_prep () { $debug_mode # Option defaults: opt_config=false opt_dlopen= opt_dry_run=false opt_help=false opt_mode= opt_preserve_dup_deps=false opt_quiet=false nonopt= preserve_args= # Shorthand for --mode=foo, only valid as the first argument case $1 in clean|clea|cle|cl) shift; set dummy --mode clean ${1+"$@"}; shift ;; compile|compil|compi|comp|com|co|c) shift; set dummy --mode compile ${1+"$@"}; shift ;; execute|execut|execu|exec|exe|ex|e) shift; set dummy --mode execute ${1+"$@"}; shift ;; finish|finis|fini|fin|fi|f) shift; set dummy --mode finish ${1+"$@"}; shift ;; install|instal|insta|inst|ins|in|i) shift; set dummy --mode install ${1+"$@"}; shift ;; link|lin|li|l) shift; set dummy --mode link ${1+"$@"}; shift ;; uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) shift; set dummy --mode uninstall ${1+"$@"}; shift ;; esac # Pass back the list of options. func_quote_for_eval ${1+"$@"} libtool_options_prep_result=$func_quote_for_eval_result } func_add_hook func_options_prep libtool_options_prep # libtool_parse_options [ARG]... # --------------------------------- # Provide handling for libtool specific options. libtool_parse_options () { $debug_cmd # Perform our own loop to consume as many options as possible in # each iteration. while test $# -gt 0; do _G_opt=$1 shift case $_G_opt in --dry-run|--dryrun|-n) opt_dry_run=: ;; --config) func_config ;; --dlopen|-dlopen) opt_dlopen="${opt_dlopen+$opt_dlopen }$1" shift ;; --preserve-dup-deps) opt_preserve_dup_deps=: ;; --features) func_features ;; --finish) set dummy --mode finish ${1+"$@"}; shift ;; --help) opt_help=: ;; --help-all) opt_help=': help-all' ;; --mode) test $# = 0 && func_missing_arg $_G_opt && break opt_mode=$1 case $1 in # Valid mode arguments: clean|compile|execute|finish|install|link|relink|uninstall) ;; # Catch anything else as an error *) func_error "invalid argument for $_G_opt" exit_cmd=exit break ;; esac shift ;; --no-silent|--no-quiet) opt_quiet=false func_append preserve_args " $_G_opt" ;; --no-warnings|--no-warning|--no-warn) opt_warning=false func_append preserve_args " $_G_opt" ;; --no-verbose) opt_verbose=false func_append preserve_args " $_G_opt" ;; --silent|--quiet) opt_quiet=: opt_verbose=false func_append preserve_args " $_G_opt" ;; --tag) test $# = 0 && func_missing_arg $_G_opt && break opt_tag=$1 func_append preserve_args " $_G_opt $1" func_enable_tag "$1" shift ;; --verbose|-v) opt_quiet=false opt_verbose=: func_append preserve_args " $_G_opt" ;; # An option not handled by this hook function: *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; esac done # save modified positional parameters for caller func_quote_for_eval ${1+"$@"} libtool_parse_options_result=$func_quote_for_eval_result } func_add_hook func_parse_options libtool_parse_options # libtool_validate_options [ARG]... # --------------------------------- # Perform any sanity checks on option settings and/or unconsumed # arguments. libtool_validate_options () { # save first non-option argument if test 0 -lt $#; then nonopt=$1 shift fi # preserve --debug test : = "$debug_cmd" || func_append preserve_args " --debug" case $host in # Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452 # see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788 *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*) # don't eliminate duplications in $postdeps and $predeps opt_duplicate_compiler_generated_deps=: ;; *) opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps ;; esac $opt_help || { # Sanity checks first: func_check_version_match test yes != "$build_libtool_libs" \ && test yes != "$build_old_libs" \ && func_fatal_configuration "not configured to build any kind of library" # Darwin sucks eval std_shrext=\"$shrext_cmds\" # Only execute mode is allowed to have -dlopen flags. if test -n "$opt_dlopen" && test execute != "$opt_mode"; then func_error "unrecognized option '-dlopen'" $ECHO "$help" 1>&2 exit $EXIT_FAILURE fi # Change the help message to a mode-specific one. generic_help=$help help="Try '$progname --help --mode=$opt_mode' for more information." } # Pass back the unparsed argument list func_quote_for_eval ${1+"$@"} libtool_validate_options_result=$func_quote_for_eval_result } func_add_hook func_validate_options libtool_validate_options # Process options as early as possible so that --help and --version # can return quickly. func_options ${1+"$@"} eval set dummy "$func_options_result"; shift ## ----------- ## ## Main. ## ## ----------- ## magic='%%%MAGIC variable%%%' magic_exe='%%%MAGIC EXE variable%%%' # Global variables. extracted_archives= extracted_serial=0 # If this variable is set in any of the actions, the command in it # will be execed at the end. This prevents here-documents from being # left over by shells. exec_cmd= # A function that is used when there is no print builtin or printf. func_fallback_echo () { eval 'cat <<_LTECHO_EOF $1 _LTECHO_EOF' } # func_generated_by_libtool # True iff stdin has been generated by Libtool. This function is only # a basic sanity check; it will hardly flush out determined imposters. func_generated_by_libtool_p () { $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 } # func_lalib_p file # True iff FILE is a libtool '.la' library or '.lo' object file. # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_lalib_p () { test -f "$1" && $SED -e 4q "$1" 2>/dev/null | func_generated_by_libtool_p } # func_lalib_unsafe_p file # True iff FILE is a libtool '.la' library or '.lo' object file. # This function implements the same check as func_lalib_p without # resorting to external programs. To this end, it redirects stdin and # closes it afterwards, without saving the original file descriptor. # As a safety measure, use it only where a negative result would be # fatal anyway. Works if 'file' does not exist. func_lalib_unsafe_p () { lalib_p=no if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then for lalib_p_l in 1 2 3 4 do read lalib_p_line case $lalib_p_line in \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; esac done exec 0<&5 5<&- fi test yes = "$lalib_p" } # func_ltwrapper_script_p file # True iff FILE is a libtool wrapper script # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_ltwrapper_script_p () { test -f "$1" && $lt_truncate_bin < "$1" 2>/dev/null | func_generated_by_libtool_p } # func_ltwrapper_executable_p file # True iff FILE is a libtool wrapper executable # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_ltwrapper_executable_p () { func_ltwrapper_exec_suffix= case $1 in *.exe) ;; *) func_ltwrapper_exec_suffix=.exe ;; esac $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1 } # func_ltwrapper_scriptname file # Assumes file is an ltwrapper_executable # uses $file to determine the appropriate filename for a # temporary ltwrapper_script. func_ltwrapper_scriptname () { func_dirname_and_basename "$1" "" "." func_stripname '' '.exe' "$func_basename_result" func_ltwrapper_scriptname_result=$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper } # func_ltwrapper_p file # True iff FILE is a libtool wrapper script or wrapper executable # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_ltwrapper_p () { func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1" } # func_execute_cmds commands fail_cmd # Execute tilde-delimited COMMANDS. # If FAIL_CMD is given, eval that upon failure. # FAIL_CMD may read-access the current command in variable CMD! func_execute_cmds () { $debug_cmd save_ifs=$IFS; IFS='~' for cmd in $1; do IFS=$sp$nl eval cmd=\"$cmd\" IFS=$save_ifs func_show_eval "$cmd" "${2-:}" done IFS=$save_ifs } # func_source file # Source FILE, adding directory component if necessary. # Note that it is not necessary on cygwin/mingw to append a dot to # FILE even if both FILE and FILE.exe exist: automatic-append-.exe # behavior happens only for exec(3), not for open(2)! Also, sourcing # 'FILE.' does not work on cygwin managed mounts. func_source () { $debug_cmd case $1 in */* | *\\*) . "$1" ;; *) . "./$1" ;; esac } # func_resolve_sysroot PATH # Replace a leading = in PATH with a sysroot. Store the result into # func_resolve_sysroot_result func_resolve_sysroot () { func_resolve_sysroot_result=$1 case $func_resolve_sysroot_result in =*) func_stripname '=' '' "$func_resolve_sysroot_result" func_resolve_sysroot_result=$lt_sysroot$func_stripname_result ;; esac } # func_replace_sysroot PATH # If PATH begins with the sysroot, replace it with = and # store the result into func_replace_sysroot_result. func_replace_sysroot () { case $lt_sysroot:$1 in ?*:"$lt_sysroot"*) func_stripname "$lt_sysroot" '' "$1" func_replace_sysroot_result='='$func_stripname_result ;; *) # Including no sysroot. func_replace_sysroot_result=$1 ;; esac } # func_infer_tag arg # Infer tagged configuration to use if any are available and # if one wasn't chosen via the "--tag" command line option. # Only attempt this if the compiler in the base compile # command doesn't match the default compiler. # arg is usually of the form 'gcc ...' func_infer_tag () { $debug_cmd if test -n "$available_tags" && test -z "$tagname"; then CC_quoted= for arg in $CC; do func_append_quoted CC_quoted "$arg" done CC_expanded=`func_echo_all $CC` CC_quoted_expanded=`func_echo_all $CC_quoted` case $@ in # Blanks in the command may have been stripped by the calling shell, # but not from the CC environment variable when configure was run. " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) ;; # Blanks at the start of $base_compile will cause this to fail # if we don't check for them as well. *) for z in $available_tags; do if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then # Evaluate the configuration. eval "`$SED -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" CC_quoted= for arg in $CC; do # Double-quote args containing other shell metacharacters. func_append_quoted CC_quoted "$arg" done CC_expanded=`func_echo_all $CC` CC_quoted_expanded=`func_echo_all $CC_quoted` case "$@ " in " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) # The compiler in the base compile command matches # the one in the tagged configuration. # Assume this is the tagged configuration we want. tagname=$z break ;; esac fi done # If $tagname still isn't set, then no tagged configuration # was found and let the user know that the "--tag" command # line option must be used. if test -z "$tagname"; then func_echo "unable to infer tagged configuration" func_fatal_error "specify a tag with '--tag'" # else # func_verbose "using $tagname tagged configuration" fi ;; esac fi } # func_write_libtool_object output_name pic_name nonpic_name # Create a libtool object file (analogous to a ".la" file), # but don't create it if we're doing a dry run. func_write_libtool_object () { write_libobj=$1 if test yes = "$build_libtool_libs"; then write_lobj=\'$2\' else write_lobj=none fi if test yes = "$build_old_libs"; then write_oldobj=\'$3\' else write_oldobj=none fi $opt_dry_run || { cat >${write_libobj}T </dev/null` if test "$?" -eq 0 && test -n "$func_convert_core_file_wine_to_w32_tmp"; then func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" | $SED -e "$sed_naive_backslashify"` else func_convert_core_file_wine_to_w32_result= fi fi } # end: func_convert_core_file_wine_to_w32 # func_convert_core_path_wine_to_w32 ARG # Helper function used by path conversion functions when $build is *nix, and # $host is mingw, cygwin, or some other w32 environment. Relies on a correctly # configured wine environment available, with the winepath program in $build's # $PATH. Assumes ARG has no leading or trailing path separator characters. # # ARG is path to be converted from $build format to win32. # Result is available in $func_convert_core_path_wine_to_w32_result. # Unconvertible file (directory) names in ARG are skipped; if no directory names # are convertible, then the result may be empty. func_convert_core_path_wine_to_w32 () { $debug_cmd # unfortunately, winepath doesn't convert paths, only file names func_convert_core_path_wine_to_w32_result= if test -n "$1"; then oldIFS=$IFS IFS=: for func_convert_core_path_wine_to_w32_f in $1; do IFS=$oldIFS func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f" if test -n "$func_convert_core_file_wine_to_w32_result"; then if test -z "$func_convert_core_path_wine_to_w32_result"; then func_convert_core_path_wine_to_w32_result=$func_convert_core_file_wine_to_w32_result else func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result" fi fi done IFS=$oldIFS fi } # end: func_convert_core_path_wine_to_w32 # func_cygpath ARGS... # Wrapper around calling the cygpath program via LT_CYGPATH. This is used when # when (1) $build is *nix and Cygwin is hosted via a wine environment; or (2) # $build is MSYS and $host is Cygwin, or (3) $build is Cygwin. In case (1) or # (2), returns the Cygwin file name or path in func_cygpath_result (input # file name or path is assumed to be in w32 format, as previously converted # from $build's *nix or MSYS format). In case (3), returns the w32 file name # or path in func_cygpath_result (input file name or path is assumed to be in # Cygwin format). Returns an empty string on error. # # ARGS are passed to cygpath, with the last one being the file name or path to # be converted. # # Specify the absolute *nix (or w32) name to cygpath in the LT_CYGPATH # environment variable; do not put it in $PATH. func_cygpath () { $debug_cmd if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null` if test "$?" -ne 0; then # on failure, ensure result is empty func_cygpath_result= fi else func_cygpath_result= func_error "LT_CYGPATH is empty or specifies non-existent file: '$LT_CYGPATH'" fi } #end: func_cygpath # func_convert_core_msys_to_w32 ARG # Convert file name or path ARG from MSYS format to w32 format. Return # result in func_convert_core_msys_to_w32_result. func_convert_core_msys_to_w32 () { $debug_cmd # awkward: cmd appends spaces to result func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null | $SED -e 's/[ ]*$//' -e "$sed_naive_backslashify"` } #end: func_convert_core_msys_to_w32 # func_convert_file_check ARG1 ARG2 # Verify that ARG1 (a file name in $build format) was converted to $host # format in ARG2. Otherwise, emit an error message, but continue (resetting # func_to_host_file_result to ARG1). func_convert_file_check () { $debug_cmd if test -z "$2" && test -n "$1"; then func_error "Could not determine host file name corresponding to" func_error " '$1'" func_error "Continuing, but uninstalled executables may not work." # Fallback: func_to_host_file_result=$1 fi } # end func_convert_file_check # func_convert_path_check FROM_PATHSEP TO_PATHSEP FROM_PATH TO_PATH # Verify that FROM_PATH (a path in $build format) was converted to $host # format in TO_PATH. Otherwise, emit an error message, but continue, resetting # func_to_host_file_result to a simplistic fallback value (see below). func_convert_path_check () { $debug_cmd if test -z "$4" && test -n "$3"; then func_error "Could not determine the host path corresponding to" func_error " '$3'" func_error "Continuing, but uninstalled executables may not work." # Fallback. This is a deliberately simplistic "conversion" and # should not be "improved". See libtool.info. if test "x$1" != "x$2"; then lt_replace_pathsep_chars="s|$1|$2|g" func_to_host_path_result=`echo "$3" | $SED -e "$lt_replace_pathsep_chars"` else func_to_host_path_result=$3 fi fi } # end func_convert_path_check # func_convert_path_front_back_pathsep FRONTPAT BACKPAT REPL ORIG # Modifies func_to_host_path_result by prepending REPL if ORIG matches FRONTPAT # and appending REPL if ORIG matches BACKPAT. func_convert_path_front_back_pathsep () { $debug_cmd case $4 in $1 ) func_to_host_path_result=$3$func_to_host_path_result ;; esac case $4 in $2 ) func_append func_to_host_path_result "$3" ;; esac } # end func_convert_path_front_back_pathsep ################################################## # $build to $host FILE NAME CONVERSION FUNCTIONS # ################################################## # invoked via '$to_host_file_cmd ARG' # # In each case, ARG is the path to be converted from $build to $host format. # Result will be available in $func_to_host_file_result. # func_to_host_file ARG # Converts the file name ARG from $build format to $host format. Return result # in func_to_host_file_result. func_to_host_file () { $debug_cmd $to_host_file_cmd "$1" } # end func_to_host_file # func_to_tool_file ARG LAZY # converts the file name ARG from $build format to toolchain format. Return # result in func_to_tool_file_result. If the conversion in use is listed # in (the comma separated) LAZY, no conversion takes place. func_to_tool_file () { $debug_cmd case ,$2, in *,"$to_tool_file_cmd",*) func_to_tool_file_result=$1 ;; *) $to_tool_file_cmd "$1" func_to_tool_file_result=$func_to_host_file_result ;; esac } # end func_to_tool_file # func_convert_file_noop ARG # Copy ARG to func_to_host_file_result. func_convert_file_noop () { func_to_host_file_result=$1 } # end func_convert_file_noop # func_convert_file_msys_to_w32 ARG # Convert file name ARG from (mingw) MSYS to (mingw) w32 format; automatic # conversion to w32 is not available inside the cwrapper. Returns result in # func_to_host_file_result. func_convert_file_msys_to_w32 () { $debug_cmd func_to_host_file_result=$1 if test -n "$1"; then func_convert_core_msys_to_w32 "$1" func_to_host_file_result=$func_convert_core_msys_to_w32_result fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_msys_to_w32 # func_convert_file_cygwin_to_w32 ARG # Convert file name ARG from Cygwin to w32 format. Returns result in # func_to_host_file_result. func_convert_file_cygwin_to_w32 () { $debug_cmd func_to_host_file_result=$1 if test -n "$1"; then # because $build is cygwin, we call "the" cygpath in $PATH; no need to use # LT_CYGPATH in this case. func_to_host_file_result=`cygpath -m "$1"` fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_cygwin_to_w32 # func_convert_file_nix_to_w32 ARG # Convert file name ARG from *nix to w32 format. Requires a wine environment # and a working winepath. Returns result in func_to_host_file_result. func_convert_file_nix_to_w32 () { $debug_cmd func_to_host_file_result=$1 if test -n "$1"; then func_convert_core_file_wine_to_w32 "$1" func_to_host_file_result=$func_convert_core_file_wine_to_w32_result fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_nix_to_w32 # func_convert_file_msys_to_cygwin ARG # Convert file name ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. # Returns result in func_to_host_file_result. func_convert_file_msys_to_cygwin () { $debug_cmd func_to_host_file_result=$1 if test -n "$1"; then func_convert_core_msys_to_w32 "$1" func_cygpath -u "$func_convert_core_msys_to_w32_result" func_to_host_file_result=$func_cygpath_result fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_msys_to_cygwin # func_convert_file_nix_to_cygwin ARG # Convert file name ARG from *nix to Cygwin format. Requires Cygwin installed # in a wine environment, working winepath, and LT_CYGPATH set. Returns result # in func_to_host_file_result. func_convert_file_nix_to_cygwin () { $debug_cmd func_to_host_file_result=$1 if test -n "$1"; then # convert from *nix to w32, then use cygpath to convert from w32 to cygwin. func_convert_core_file_wine_to_w32 "$1" func_cygpath -u "$func_convert_core_file_wine_to_w32_result" func_to_host_file_result=$func_cygpath_result fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_nix_to_cygwin ############################################# # $build to $host PATH CONVERSION FUNCTIONS # ############################################# # invoked via '$to_host_path_cmd ARG' # # In each case, ARG is the path to be converted from $build to $host format. # The result will be available in $func_to_host_path_result. # # Path separators are also converted from $build format to $host format. If # ARG begins or ends with a path separator character, it is preserved (but # converted to $host format) on output. # # All path conversion functions are named using the following convention: # file name conversion function : func_convert_file_X_to_Y () # path conversion function : func_convert_path_X_to_Y () # where, for any given $build/$host combination the 'X_to_Y' value is the # same. If conversion functions are added for new $build/$host combinations, # the two new functions must follow this pattern, or func_init_to_host_path_cmd # will break. # func_init_to_host_path_cmd # Ensures that function "pointer" variable $to_host_path_cmd is set to the # appropriate value, based on the value of $to_host_file_cmd. to_host_path_cmd= func_init_to_host_path_cmd () { $debug_cmd if test -z "$to_host_path_cmd"; then func_stripname 'func_convert_file_' '' "$to_host_file_cmd" to_host_path_cmd=func_convert_path_$func_stripname_result fi } # func_to_host_path ARG # Converts the path ARG from $build format to $host format. Return result # in func_to_host_path_result. func_to_host_path () { $debug_cmd func_init_to_host_path_cmd $to_host_path_cmd "$1" } # end func_to_host_path # func_convert_path_noop ARG # Copy ARG to func_to_host_path_result. func_convert_path_noop () { func_to_host_path_result=$1 } # end func_convert_path_noop # func_convert_path_msys_to_w32 ARG # Convert path ARG from (mingw) MSYS to (mingw) w32 format; automatic # conversion to w32 is not available inside the cwrapper. Returns result in # func_to_host_path_result. func_convert_path_msys_to_w32 () { $debug_cmd func_to_host_path_result=$1 if test -n "$1"; then # Remove leading and trailing path separator characters from ARG. MSYS # behavior is inconsistent here; cygpath turns them into '.;' and ';.'; # and winepath ignores them completely. func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" func_to_host_path_result=$func_convert_core_msys_to_w32_result func_convert_path_check : ";" \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" fi } # end func_convert_path_msys_to_w32 # func_convert_path_cygwin_to_w32 ARG # Convert path ARG from Cygwin to w32 format. Returns result in # func_to_host_file_result. func_convert_path_cygwin_to_w32 () { $debug_cmd func_to_host_path_result=$1 if test -n "$1"; then # See func_convert_path_msys_to_w32: func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_to_host_path_result=`cygpath -m -p "$func_to_host_path_tmp1"` func_convert_path_check : ";" \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" fi } # end func_convert_path_cygwin_to_w32 # func_convert_path_nix_to_w32 ARG # Convert path ARG from *nix to w32 format. Requires a wine environment and # a working winepath. Returns result in func_to_host_file_result. func_convert_path_nix_to_w32 () { $debug_cmd func_to_host_path_result=$1 if test -n "$1"; then # See func_convert_path_msys_to_w32: func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" func_to_host_path_result=$func_convert_core_path_wine_to_w32_result func_convert_path_check : ";" \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" fi } # end func_convert_path_nix_to_w32 # func_convert_path_msys_to_cygwin ARG # Convert path ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. # Returns result in func_to_host_file_result. func_convert_path_msys_to_cygwin () { $debug_cmd func_to_host_path_result=$1 if test -n "$1"; then # See func_convert_path_msys_to_w32: func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" func_cygpath -u -p "$func_convert_core_msys_to_w32_result" func_to_host_path_result=$func_cygpath_result func_convert_path_check : : \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" : "$1" fi } # end func_convert_path_msys_to_cygwin # func_convert_path_nix_to_cygwin ARG # Convert path ARG from *nix to Cygwin format. Requires Cygwin installed in a # a wine environment, working winepath, and LT_CYGPATH set. Returns result in # func_to_host_file_result. func_convert_path_nix_to_cygwin () { $debug_cmd func_to_host_path_result=$1 if test -n "$1"; then # Remove leading and trailing path separator characters from # ARG. msys behavior is inconsistent here, cygpath turns them # into '.;' and ';.', and winepath ignores them completely. func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result" func_to_host_path_result=$func_cygpath_result func_convert_path_check : : \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" : "$1" fi } # end func_convert_path_nix_to_cygwin # func_dll_def_p FILE # True iff FILE is a Windows DLL '.def' file. # Keep in sync with _LT_DLL_DEF_P in libtool.m4 func_dll_def_p () { $debug_cmd func_dll_def_p_tmp=`$SED -n \ -e 's/^[ ]*//' \ -e '/^\(;.*\)*$/d' \ -e 's/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p' \ -e q \ "$1"` test DEF = "$func_dll_def_p_tmp" } # func_mode_compile arg... func_mode_compile () { $debug_cmd # Get the compilation command and the source file. base_compile= srcfile=$nonopt # always keep a non-empty value in "srcfile" suppress_opt=yes suppress_output= arg_mode=normal libobj= later= pie_flag= for arg do case $arg_mode in arg ) # do not "continue". Instead, add this to base_compile lastarg=$arg arg_mode=normal ;; target ) libobj=$arg arg_mode=normal continue ;; normal ) # Accept any command-line options. case $arg in -o) test -n "$libobj" && \ func_fatal_error "you cannot specify '-o' more than once" arg_mode=target continue ;; -pie | -fpie | -fPIE) func_append pie_flag " $arg" continue ;; -shared | -static | -prefer-pic | -prefer-non-pic) func_append later " $arg" continue ;; -no-suppress) suppress_opt=no continue ;; -Xcompiler) arg_mode=arg # the next one goes into the "base_compile" arg list continue # The current "srcfile" will either be retained or ;; # replaced later. I would guess that would be a bug. -Wc,*) func_stripname '-Wc,' '' "$arg" args=$func_stripname_result lastarg= save_ifs=$IFS; IFS=, for arg in $args; do IFS=$save_ifs func_append_quoted lastarg "$arg" done IFS=$save_ifs func_stripname ' ' '' "$lastarg" lastarg=$func_stripname_result # Add the arguments to base_compile. func_append base_compile " $lastarg" continue ;; *) # Accept the current argument as the source file. # The previous "srcfile" becomes the current argument. # lastarg=$srcfile srcfile=$arg ;; esac # case $arg ;; esac # case $arg_mode # Aesthetically quote the previous argument. func_append_quoted base_compile "$lastarg" done # for arg case $arg_mode in arg) func_fatal_error "you must specify an argument for -Xcompile" ;; target) func_fatal_error "you must specify a target with '-o'" ;; *) # Get the name of the library object. test -z "$libobj" && { func_basename "$srcfile" libobj=$func_basename_result } ;; esac # Recognize several different file suffixes. # If the user specifies -o file.o, it is replaced with file.lo case $libobj in *.[cCFSifmso] | \ *.ada | *.adb | *.ads | *.asm | \ *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup) func_xform "$libobj" libobj=$func_xform_result ;; esac case $libobj in *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;; *) func_fatal_error "cannot determine name of library object from '$libobj'" ;; esac func_infer_tag $base_compile for arg in $later; do case $arg in -shared) test yes = "$build_libtool_libs" \ || func_fatal_configuration "cannot build a shared library" build_old_libs=no continue ;; -static) build_libtool_libs=no build_old_libs=yes continue ;; -prefer-pic) pic_mode=yes continue ;; -prefer-non-pic) pic_mode=no continue ;; esac done func_quote_for_eval "$libobj" test "X$libobj" != "X$func_quote_for_eval_result" \ && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \ && func_warning "libobj name '$libobj' may not contain shell special characters." func_dirname_and_basename "$obj" "/" "" objname=$func_basename_result xdir=$func_dirname_result lobj=$xdir$objdir/$objname test -z "$base_compile" && \ func_fatal_help "you must specify a compilation command" # Delete any leftover library objects. if test yes = "$build_old_libs"; then removelist="$obj $lobj $libobj ${libobj}T" else removelist="$lobj $libobj ${libobj}T" fi # On Cygwin there's no "real" PIC flag so we must build both object types case $host_os in cygwin* | mingw* | pw32* | os2* | cegcc*) pic_mode=default ;; esac if test no = "$pic_mode" && test pass_all != "$deplibs_check_method"; then # non-PIC code in shared libraries is not supported pic_mode=default fi # Calculate the filename of the output object if compiler does # not support -o with -c if test no = "$compiler_c_o"; then output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.$objext lockfile=$output_obj.lock else output_obj= need_locks=no lockfile= fi # Lock this critical section if it is needed # We use this script file to make the link, it avoids creating a new file if test yes = "$need_locks"; then until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do func_echo "Waiting for $lockfile to be removed" sleep 2 done elif test warn = "$need_locks"; then if test -f "$lockfile"; then $ECHO "\ *** ERROR, $lockfile exists and contains: `cat $lockfile 2>/dev/null` This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support '-c' and '-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $opt_dry_run || $RM $removelist exit $EXIT_FAILURE fi func_append removelist " $output_obj" $ECHO "$srcfile" > "$lockfile" fi $opt_dry_run || $RM $removelist func_append removelist " $lockfile" trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15 func_to_tool_file "$srcfile" func_convert_file_msys_to_w32 srcfile=$func_to_tool_file_result func_quote_for_eval "$srcfile" qsrcfile=$func_quote_for_eval_result # Only build a PIC object if we are building libtool libraries. if test yes = "$build_libtool_libs"; then # Without this assignment, base_compile gets emptied. fbsd_hideous_sh_bug=$base_compile if test no != "$pic_mode"; then command="$base_compile $qsrcfile $pic_flag" else # Don't build PIC code command="$base_compile $qsrcfile" fi func_mkdir_p "$xdir$objdir" if test -z "$output_obj"; then # Place PIC objects in $objdir func_append command " -o $lobj" fi func_show_eval_locale "$command" \ 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE' if test warn = "$need_locks" && test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then $ECHO "\ *** ERROR, $lockfile contains: `cat $lockfile 2>/dev/null` but it should contain: $srcfile This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support '-c' and '-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $opt_dry_run || $RM $removelist exit $EXIT_FAILURE fi # Just move the object if needed, then go on to compile the next one if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then func_show_eval '$MV "$output_obj" "$lobj"' \ 'error=$?; $opt_dry_run || $RM $removelist; exit $error' fi # Allow error messages only from the first compilation. if test yes = "$suppress_opt"; then suppress_output=' >/dev/null 2>&1' fi fi # Only build a position-dependent object if we build old libraries. if test yes = "$build_old_libs"; then if test yes != "$pic_mode"; then # Don't build PIC code command="$base_compile $qsrcfile$pie_flag" else command="$base_compile $qsrcfile $pic_flag" fi if test yes = "$compiler_c_o"; then func_append command " -o $obj" fi # Suppress compiler output if we already did a PIC compilation. func_append command "$suppress_output" func_show_eval_locale "$command" \ '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' if test warn = "$need_locks" && test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then $ECHO "\ *** ERROR, $lockfile contains: `cat $lockfile 2>/dev/null` but it should contain: $srcfile This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support '-c' and '-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $opt_dry_run || $RM $removelist exit $EXIT_FAILURE fi # Just move the object if needed if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then func_show_eval '$MV "$output_obj" "$obj"' \ 'error=$?; $opt_dry_run || $RM $removelist; exit $error' fi fi $opt_dry_run || { func_write_libtool_object "$libobj" "$objdir/$objname" "$objname" # Unlock the critical section if it was locked if test no != "$need_locks"; then removelist=$lockfile $RM "$lockfile" fi } exit $EXIT_SUCCESS } $opt_help || { test compile = "$opt_mode" && func_mode_compile ${1+"$@"} } func_mode_help () { # We need to display help for each of the modes. case $opt_mode in "") # Generic help is extracted from the usage comments # at the start of this file. func_help ;; clean) $ECHO \ "Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE... Remove files from the build directory. RM is the name of the program to use to delete files associated with each FILE (typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed to RM. If FILE is a libtool library, object or program, all the files associated with it are deleted. Otherwise, only FILE itself is deleted using RM." ;; compile) $ECHO \ "Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE Compile a source file into a libtool library object. This mode accepts the following additional options: -o OUTPUT-FILE set the output file name to OUTPUT-FILE -no-suppress do not suppress compiler output for multiple passes -prefer-pic try to build PIC objects only -prefer-non-pic try to build non-PIC objects only -shared do not build a '.o' file suitable for static linking -static only build a '.o' file suitable for static linking -Wc,FLAG pass FLAG directly to the compiler COMPILE-COMMAND is a command to be used in creating a 'standard' object file from the given SOURCEFILE. The output file name is determined by removing the directory component from SOURCEFILE, then substituting the C source code suffix '.c' with the library object suffix, '.lo'." ;; execute) $ECHO \ "Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]... Automatically set library path, then run a program. This mode accepts the following additional options: -dlopen FILE add the directory containing FILE to the library path This mode sets the library path environment variable according to '-dlopen' flags. If any of the ARGS are libtool executable wrappers, then they are translated into their corresponding uninstalled binary, and any of their required library directories are added to the library path. Then, COMMAND is executed, with ARGS as arguments." ;; finish) $ECHO \ "Usage: $progname [OPTION]... --mode=finish [LIBDIR]... Complete the installation of libtool libraries. Each LIBDIR is a directory that contains libtool libraries. The commands that this mode executes may require superuser privileges. Use the '--dry-run' option if you just want to see what would be executed." ;; install) $ECHO \ "Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND... Install executables or libraries. INSTALL-COMMAND is the installation command. The first component should be either the 'install' or 'cp' program. The following components of INSTALL-COMMAND are treated specially: -inst-prefix-dir PREFIX-DIR Use PREFIX-DIR as a staging area for installation The rest of the components are interpreted as arguments to that command (only BSD-compatible install options are recognized)." ;; link) $ECHO \ "Usage: $progname [OPTION]... --mode=link LINK-COMMAND... Link object files or libraries together to form another library, or to create an executable program. LINK-COMMAND is a command using the C compiler that you would use to create a program from several object files. The following components of LINK-COMMAND are treated specially: -all-static do not do any dynamic linking at all -avoid-version do not add a version suffix if possible -bindir BINDIR specify path to binaries directory (for systems where libraries must be found in the PATH setting at runtime) -dlopen FILE '-dlpreopen' FILE if it cannot be dlopened at runtime -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) -export-symbols SYMFILE try to export only the symbols listed in SYMFILE -export-symbols-regex REGEX try to export only the symbols matching REGEX -LLIBDIR search LIBDIR for required installed libraries -lNAME OUTPUT-FILE requires the installed library libNAME -module build a library that can dlopened -no-fast-install disable the fast-install mode -no-install link a not-installable executable -no-undefined declare that a library does not refer to external symbols -o OUTPUT-FILE create OUTPUT-FILE from the specified objects -objectlist FILE use a list of object files found in FILE to specify objects -os2dllname NAME force a short DLL name on OS/2 (no effect on other OSes) -precious-files-regex REGEX don't remove output files matching REGEX -release RELEASE specify package release information -rpath LIBDIR the created library will eventually be installed in LIBDIR -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries -shared only do dynamic linking of libtool libraries -shrext SUFFIX override the standard shared library file extension -static do not do any dynamic linking of uninstalled libtool libraries -static-libtool-libs do not do any dynamic linking of libtool libraries -version-info CURRENT[:REVISION[:AGE]] specify library version info [each variable defaults to 0] -weak LIBNAME declare that the target provides the LIBNAME interface -Wc,FLAG -Xcompiler FLAG pass linker-specific FLAG directly to the compiler -Wl,FLAG -Xlinker FLAG pass linker-specific FLAG directly to the linker -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC) All other options (arguments beginning with '-') are ignored. Every other argument is treated as a filename. Files ending in '.la' are treated as uninstalled libtool libraries, other files are standard or library object files. If the OUTPUT-FILE ends in '.la', then a libtool library is created, only library objects ('.lo' files) may be specified, and '-rpath' is required, except when creating a convenience library. If OUTPUT-FILE ends in '.a' or '.lib', then a standard library is created using 'ar' and 'ranlib', or on Windows using 'lib'. If OUTPUT-FILE ends in '.lo' or '.$objext', then a reloadable object file is created, otherwise an executable program is created." ;; uninstall) $ECHO \ "Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... Remove libraries from an installation directory. RM is the name of the program to use to delete files associated with each FILE (typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed to RM. If FILE is a libtool library, all the files associated with it are deleted. Otherwise, only FILE itself is deleted using RM." ;; *) func_fatal_help "invalid operation mode '$opt_mode'" ;; esac echo $ECHO "Try '$progname --help' for more information about other modes." } # Now that we've collected a possible --mode arg, show help if necessary if $opt_help; then if test : = "$opt_help"; then func_mode_help else { func_help noexit for opt_mode in compile link execute install finish uninstall clean; do func_mode_help done } | $SED -n '1p; 2,$s/^Usage:/ or: /p' { func_help noexit for opt_mode in compile link execute install finish uninstall clean; do echo func_mode_help done } | $SED '1d /^When reporting/,/^Report/{ H d } $x /information about other modes/d /more detailed .*MODE/d s/^Usage:.*--mode=\([^ ]*\) .*/Description of \1 mode:/' fi exit $? fi # func_mode_execute arg... func_mode_execute () { $debug_cmd # The first argument is the command name. cmd=$nonopt test -z "$cmd" && \ func_fatal_help "you must specify a COMMAND" # Handle -dlopen flags immediately. for file in $opt_dlopen; do test -f "$file" \ || func_fatal_help "'$file' is not a file" dir= case $file in *.la) func_resolve_sysroot "$file" file=$func_resolve_sysroot_result # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$file" \ || func_fatal_help "'$lib' is not a valid libtool archive" # Read the libtool library. dlname= library_names= func_source "$file" # Skip this library if it cannot be dlopened. if test -z "$dlname"; then # Warn if it was a shared library. test -n "$library_names" && \ func_warning "'$file' was not linked with '-export-dynamic'" continue fi func_dirname "$file" "" "." dir=$func_dirname_result if test -f "$dir/$objdir/$dlname"; then func_append dir "/$objdir" else if test ! -f "$dir/$dlname"; then func_fatal_error "cannot find '$dlname' in '$dir' or '$dir/$objdir'" fi fi ;; *.lo) # Just add the directory containing the .lo file. func_dirname "$file" "" "." dir=$func_dirname_result ;; *) func_warning "'-dlopen' is ignored for non-libtool libraries and objects" continue ;; esac # Get the absolute pathname. absdir=`cd "$dir" && pwd` test -n "$absdir" && dir=$absdir # Now add the directory to shlibpath_var. if eval "test -z \"\$$shlibpath_var\""; then eval "$shlibpath_var=\"\$dir\"" else eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" fi done # This variable tells wrapper scripts just to set shlibpath_var # rather than running their programs. libtool_execute_magic=$magic # Check if any of the arguments is a wrapper script. args= for file do case $file in -* | *.la | *.lo ) ;; *) # Do a test to see if this is really a libtool program. if func_ltwrapper_script_p "$file"; then func_source "$file" # Transform arg to wrapped name. file=$progdir/$program elif func_ltwrapper_executable_p "$file"; then func_ltwrapper_scriptname "$file" func_source "$func_ltwrapper_scriptname_result" # Transform arg to wrapped name. file=$progdir/$program fi ;; esac # Quote arguments (to preserve shell metacharacters). func_append_quoted args "$file" done if $opt_dry_run; then # Display what would be done. if test -n "$shlibpath_var"; then eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" echo "export $shlibpath_var" fi $ECHO "$cmd$args" exit $EXIT_SUCCESS else if test -n "$shlibpath_var"; then # Export the shlibpath_var. eval "export $shlibpath_var" fi # Restore saved environment variables for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES do eval "if test \"\${save_$lt_var+set}\" = set; then $lt_var=\$save_$lt_var; export $lt_var else $lt_unset $lt_var fi" done # Now prepare to actually exec the command. exec_cmd=\$cmd$args fi } test execute = "$opt_mode" && func_mode_execute ${1+"$@"} # func_mode_finish arg... func_mode_finish () { $debug_cmd libs= libdirs= admincmds= for opt in "$nonopt" ${1+"$@"} do if test -d "$opt"; then func_append libdirs " $opt" elif test -f "$opt"; then if func_lalib_unsafe_p "$opt"; then func_append libs " $opt" else func_warning "'$opt' is not a valid libtool archive" fi else func_fatal_error "invalid argument '$opt'" fi done if test -n "$libs"; then if test -n "$lt_sysroot"; then sysroot_regex=`$ECHO "$lt_sysroot" | $SED "$sed_make_literal_regex"` sysroot_cmd="s/\([ ']\)$sysroot_regex/\1/g;" else sysroot_cmd= fi # Remove sysroot references if $opt_dry_run; then for lib in $libs; do echo "removing references to $lt_sysroot and '=' prefixes from $lib" done else tmpdir=`func_mktempdir` for lib in $libs; do $SED -e "$sysroot_cmd s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \ > $tmpdir/tmp-la mv -f $tmpdir/tmp-la $lib done ${RM}r "$tmpdir" fi fi if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then for libdir in $libdirs; do if test -n "$finish_cmds"; then # Do each command in the finish commands. func_execute_cmds "$finish_cmds" 'admincmds="$admincmds '"$cmd"'"' fi if test -n "$finish_eval"; then # Do the single finish_eval. eval cmds=\"$finish_eval\" $opt_dry_run || eval "$cmds" || func_append admincmds " $cmds" fi done fi # Exit here if they wanted silent mode. $opt_quiet && exit $EXIT_SUCCESS if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then echo "----------------------------------------------------------------------" echo "Libraries have been installed in:" for libdir in $libdirs; do $ECHO " $libdir" done echo echo "If you ever happen to want to link against installed libraries" echo "in a given directory, LIBDIR, you must either use libtool, and" echo "specify the full pathname of the library, or use the '-LLIBDIR'" echo "flag during linking and do at least one of the following:" if test -n "$shlibpath_var"; then echo " - add LIBDIR to the '$shlibpath_var' environment variable" echo " during execution" fi if test -n "$runpath_var"; then echo " - add LIBDIR to the '$runpath_var' environment variable" echo " during linking" fi if test -n "$hardcode_libdir_flag_spec"; then libdir=LIBDIR eval flag=\"$hardcode_libdir_flag_spec\" $ECHO " - use the '$flag' linker flag" fi if test -n "$admincmds"; then $ECHO " - have your system administrator run these commands:$admincmds" fi if test -f /etc/ld.so.conf; then echo " - have your system administrator add LIBDIR to '/etc/ld.so.conf'" fi echo echo "See any operating system documentation about shared libraries for" case $host in solaris2.[6789]|solaris2.1[0-9]) echo "more information, such as the ld(1), crle(1) and ld.so(8) manual" echo "pages." ;; *) echo "more information, such as the ld(1) and ld.so(8) manual pages." ;; esac echo "----------------------------------------------------------------------" fi exit $EXIT_SUCCESS } test finish = "$opt_mode" && func_mode_finish ${1+"$@"} # func_mode_install arg... func_mode_install () { $debug_cmd # There may be an optional sh(1) argument at the beginning of # install_prog (especially on Windows NT). if test "$SHELL" = "$nonopt" || test /bin/sh = "$nonopt" || # Allow the use of GNU shtool's install command. case $nonopt in *shtool*) :;; *) false;; esac then # Aesthetically quote it. func_quote_for_eval "$nonopt" install_prog="$func_quote_for_eval_result " arg=$1 shift else install_prog= arg=$nonopt fi # The real first argument should be the name of the installation program. # Aesthetically quote it. func_quote_for_eval "$arg" func_append install_prog "$func_quote_for_eval_result" install_shared_prog=$install_prog case " $install_prog " in *[\\\ /]cp\ *) install_cp=: ;; *) install_cp=false ;; esac # We need to accept at least all the BSD install flags. dest= files= opts= prev= install_type= isdir=false stripme= no_mode=: for arg do arg2= if test -n "$dest"; then func_append files " $dest" dest=$arg continue fi case $arg in -d) isdir=: ;; -f) if $install_cp; then :; else prev=$arg fi ;; -g | -m | -o) prev=$arg ;; -s) stripme=" -s" continue ;; -*) ;; *) # If the previous option needed an argument, then skip it. if test -n "$prev"; then if test X-m = "X$prev" && test -n "$install_override_mode"; then arg2=$install_override_mode no_mode=false fi prev= else dest=$arg continue fi ;; esac # Aesthetically quote the argument. func_quote_for_eval "$arg" func_append install_prog " $func_quote_for_eval_result" if test -n "$arg2"; then func_quote_for_eval "$arg2" fi func_append install_shared_prog " $func_quote_for_eval_result" done test -z "$install_prog" && \ func_fatal_help "you must specify an install program" test -n "$prev" && \ func_fatal_help "the '$prev' option requires an argument" if test -n "$install_override_mode" && $no_mode; then if $install_cp; then :; else func_quote_for_eval "$install_override_mode" func_append install_shared_prog " -m $func_quote_for_eval_result" fi fi if test -z "$files"; then if test -z "$dest"; then func_fatal_help "no file or destination specified" else func_fatal_help "you must specify a destination" fi fi # Strip any trailing slash from the destination. func_stripname '' '/' "$dest" dest=$func_stripname_result # Check to see that the destination is a directory. test -d "$dest" && isdir=: if $isdir; then destdir=$dest destname= else func_dirname_and_basename "$dest" "" "." destdir=$func_dirname_result destname=$func_basename_result # Not a directory, so check to see that there is only one file specified. set dummy $files; shift test "$#" -gt 1 && \ func_fatal_help "'$dest' is not a directory" fi case $destdir in [\\/]* | [A-Za-z]:[\\/]*) ;; *) for file in $files; do case $file in *.lo) ;; *) func_fatal_help "'$destdir' must be an absolute directory name" ;; esac done ;; esac # This variable tells wrapper scripts just to set variables rather # than running their programs. libtool_install_magic=$magic staticlibs= future_libdirs= current_libdirs= for file in $files; do # Do each installation. case $file in *.$libext) # Do the static libraries later. func_append staticlibs " $file" ;; *.la) func_resolve_sysroot "$file" file=$func_resolve_sysroot_result # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$file" \ || func_fatal_help "'$file' is not a valid libtool archive" library_names= old_library= relink_command= func_source "$file" # Add the libdir to current_libdirs if it is the destination. if test "X$destdir" = "X$libdir"; then case "$current_libdirs " in *" $libdir "*) ;; *) func_append current_libdirs " $libdir" ;; esac else # Note the libdir as a future libdir. case "$future_libdirs " in *" $libdir "*) ;; *) func_append future_libdirs " $libdir" ;; esac fi func_dirname "$file" "/" "" dir=$func_dirname_result func_append dir "$objdir" if test -n "$relink_command"; then # Determine the prefix the user has applied to our future dir. inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"` # Don't allow the user to place us outside of our expected # location b/c this prevents finding dependent libraries that # are installed to the same prefix. # At present, this check doesn't affect windows .dll's that # are installed into $libdir/../bin (currently, that works fine) # but it's something to keep an eye on. test "$inst_prefix_dir" = "$destdir" && \ func_fatal_error "error: cannot install '$file' to a directory not ending in $libdir" if test -n "$inst_prefix_dir"; then # Stick the inst_prefix_dir data into the link command. relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` else relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"` fi func_warning "relinking '$file'" func_show_eval "$relink_command" \ 'func_fatal_error "error: relink '\''$file'\'' with the above command before installing it"' fi # See the names of the shared library. set dummy $library_names; shift if test -n "$1"; then realname=$1 shift srcname=$realname test -n "$relink_command" && srcname=${realname}T # Install the shared library and build the symlinks. func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \ 'exit $?' tstripme=$stripme case $host_os in cygwin* | mingw* | pw32* | cegcc*) case $realname in *.dll.a) tstripme= ;; esac ;; os2*) case $realname in *_dll.a) tstripme= ;; esac ;; esac if test -n "$tstripme" && test -n "$striplib"; then func_show_eval "$striplib $destdir/$realname" 'exit $?' fi if test "$#" -gt 0; then # Delete the old symlinks, and create new ones. # Try 'ln -sf' first, because the 'ln' binary might depend on # the symlink we replace! Solaris /bin/ln does not understand -f, # so we also need to try rm && ln -s. for linkname do test "$linkname" != "$realname" \ && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })" done fi # Do each command in the postinstall commands. lib=$destdir/$realname func_execute_cmds "$postinstall_cmds" 'exit $?' fi # Install the pseudo-library for information purposes. func_basename "$file" name=$func_basename_result instname=$dir/${name}i func_show_eval "$install_prog $instname $destdir/$name" 'exit $?' # Maybe install the static library, too. test -n "$old_library" && func_append staticlibs " $dir/$old_library" ;; *.lo) # Install (i.e. copy) a libtool object. # Figure out destination file name, if it wasn't already specified. if test -n "$destname"; then destfile=$destdir/$destname else func_basename "$file" destfile=$func_basename_result destfile=$destdir/$destfile fi # Deduce the name of the destination old-style object file. case $destfile in *.lo) func_lo2o "$destfile" staticdest=$func_lo2o_result ;; *.$objext) staticdest=$destfile destfile= ;; *) func_fatal_help "cannot copy a libtool object to '$destfile'" ;; esac # Install the libtool object if requested. test -n "$destfile" && \ func_show_eval "$install_prog $file $destfile" 'exit $?' # Install the old object if enabled. if test yes = "$build_old_libs"; then # Deduce the name of the old-style object file. func_lo2o "$file" staticobj=$func_lo2o_result func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?' fi exit $EXIT_SUCCESS ;; *) # Figure out destination file name, if it wasn't already specified. if test -n "$destname"; then destfile=$destdir/$destname else func_basename "$file" destfile=$func_basename_result destfile=$destdir/$destfile fi # If the file is missing, and there is a .exe on the end, strip it # because it is most likely a libtool script we actually want to # install stripped_ext= case $file in *.exe) if test ! -f "$file"; then func_stripname '' '.exe' "$file" file=$func_stripname_result stripped_ext=.exe fi ;; esac # Do a test to see if this is really a libtool program. case $host in *cygwin* | *mingw*) if func_ltwrapper_executable_p "$file"; then func_ltwrapper_scriptname "$file" wrapper=$func_ltwrapper_scriptname_result else func_stripname '' '.exe' "$file" wrapper=$func_stripname_result fi ;; *) wrapper=$file ;; esac if func_ltwrapper_script_p "$wrapper"; then notinst_deplibs= relink_command= func_source "$wrapper" # Check the variables that should have been set. test -z "$generated_by_libtool_version" && \ func_fatal_error "invalid libtool wrapper script '$wrapper'" finalize=: for lib in $notinst_deplibs; do # Check to see that each library is installed. libdir= if test -f "$lib"; then func_source "$lib" fi libfile=$libdir/`$ECHO "$lib" | $SED 's%^.*/%%g'` if test -n "$libdir" && test ! -f "$libfile"; then func_warning "'$lib' has not been installed in '$libdir'" finalize=false fi done relink_command= func_source "$wrapper" outputname= if test no = "$fast_install" && test -n "$relink_command"; then $opt_dry_run || { if $finalize; then tmpdir=`func_mktempdir` func_basename "$file$stripped_ext" file=$func_basename_result outputname=$tmpdir/$file # Replace the output file specification. relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` $opt_quiet || { func_quote_for_expand "$relink_command" eval "func_echo $func_quote_for_expand_result" } if eval "$relink_command"; then : else func_error "error: relink '$file' with the above command before installing it" $opt_dry_run || ${RM}r "$tmpdir" continue fi file=$outputname else func_warning "cannot relink '$file'" fi } else # Install the binary that we compiled earlier. file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"` fi fi # remove .exe since cygwin /usr/bin/install will append another # one anyway case $install_prog,$host in */usr/bin/install*,*cygwin*) case $file:$destfile in *.exe:*.exe) # this is ok ;; *.exe:*) destfile=$destfile.exe ;; *:*.exe) func_stripname '' '.exe' "$destfile" destfile=$func_stripname_result ;; esac ;; esac func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?' $opt_dry_run || if test -n "$outputname"; then ${RM}r "$tmpdir" fi ;; esac done for file in $staticlibs; do func_basename "$file" name=$func_basename_result # Set up the ranlib parameters. oldlib=$destdir/$name func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 tool_oldlib=$func_to_tool_file_result func_show_eval "$install_prog \$file \$oldlib" 'exit $?' if test -n "$stripme" && test -n "$old_striplib"; then func_show_eval "$old_striplib $tool_oldlib" 'exit $?' fi # Do each command in the postinstall commands. func_execute_cmds "$old_postinstall_cmds" 'exit $?' done test -n "$future_libdirs" && \ func_warning "remember to run '$progname --finish$future_libdirs'" if test -n "$current_libdirs"; then # Maybe just do a dry run. $opt_dry_run && current_libdirs=" -n$current_libdirs" exec_cmd='$SHELL "$progpath" $preserve_args --finish$current_libdirs' else exit $EXIT_SUCCESS fi } test install = "$opt_mode" && func_mode_install ${1+"$@"} # func_generate_dlsyms outputname originator pic_p # Extract symbols from dlprefiles and create ${outputname}S.o with # a dlpreopen symbol table. func_generate_dlsyms () { $debug_cmd my_outputname=$1 my_originator=$2 my_pic_p=${3-false} my_prefix=`$ECHO "$my_originator" | $SED 's%[^a-zA-Z0-9]%_%g'` my_dlsyms= if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then if test -n "$NM" && test -n "$global_symbol_pipe"; then my_dlsyms=${my_outputname}S.c else func_error "not configured to extract global symbols from dlpreopened files" fi fi if test -n "$my_dlsyms"; then case $my_dlsyms in "") ;; *.c) # Discover the nlist of each of the dlfiles. nlist=$output_objdir/$my_outputname.nm func_show_eval "$RM $nlist ${nlist}S ${nlist}T" # Parse the name list into a source file. func_verbose "creating $output_objdir/$my_dlsyms" $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\ /* $my_dlsyms - symbol resolution table for '$my_outputname' dlsym emulation. */ /* Generated by $PROGRAM (GNU $PACKAGE) $VERSION */ #ifdef __cplusplus extern \"C\" { #endif #if defined __GNUC__ && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) #pragma GCC diagnostic ignored \"-Wstrict-prototypes\" #endif /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ #if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE /* DATA imports from DLLs on WIN32 can't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT_DLSYM_CONST #elif defined __osf__ /* This system does not cope well with relocations in const data. */ # define LT_DLSYM_CONST #else # define LT_DLSYM_CONST const #endif #define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) /* External symbol declarations for the compiler. */\ " if test yes = "$dlself"; then func_verbose "generating symbol list for '$output'" $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" # Add our own program objects to the symbol list. progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP` for progfile in $progfiles; do func_to_tool_file "$progfile" func_convert_file_msys_to_w32 func_verbose "extracting global C symbols from '$func_to_tool_file_result'" $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'" done if test -n "$exclude_expsyms"; then $opt_dry_run || { eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' } fi if test -n "$export_symbols_regex"; then $opt_dry_run || { eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' } fi # Prepare the list of exported symbols if test -z "$export_symbols"; then export_symbols=$output_objdir/$outputname.exp $opt_dry_run || { $RM $export_symbols eval "$SED -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' case $host in *cygwin* | *mingw* | *cegcc* ) eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' ;; esac } else $opt_dry_run || { eval "$SED -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' case $host in *cygwin* | *mingw* | *cegcc* ) eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' ;; esac } fi fi for dlprefile in $dlprefiles; do func_verbose "extracting global C symbols from '$dlprefile'" func_basename "$dlprefile" name=$func_basename_result case $host in *cygwin* | *mingw* | *cegcc* ) # if an import library, we need to obtain dlname if func_win32_import_lib_p "$dlprefile"; then func_tr_sh "$dlprefile" eval "curr_lafile=\$libfile_$func_tr_sh_result" dlprefile_dlbasename= if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then # Use subshell, to avoid clobbering current variable values dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"` if test -n "$dlprefile_dlname"; then func_basename "$dlprefile_dlname" dlprefile_dlbasename=$func_basename_result else # no lafile. user explicitly requested -dlpreopen . $sharedlib_from_linklib_cmd "$dlprefile" dlprefile_dlbasename=$sharedlib_from_linklib_result fi fi $opt_dry_run || { if test -n "$dlprefile_dlbasename"; then eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"' else func_warning "Could not compute DLL name from $name" eval '$ECHO ": $name " >> "$nlist"' fi func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe | $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'" } else # not an import lib $opt_dry_run || { eval '$ECHO ": $name " >> "$nlist"' func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" } fi ;; *) $opt_dry_run || { eval '$ECHO ": $name " >> "$nlist"' func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" } ;; esac done $opt_dry_run || { # Make sure we have at least an empty file. test -f "$nlist" || : > "$nlist" if test -n "$exclude_expsyms"; then $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T $MV "$nlist"T "$nlist" fi # Try sorting and uniquifying the output. if $GREP -v "^: " < "$nlist" | if sort -k 3 /dev/null 2>&1; then sort -k 3 else sort +2 fi | uniq > "$nlist"S; then : else $GREP -v "^: " < "$nlist" > "$nlist"S fi if test -f "$nlist"S; then eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"' else echo '/* NONE */' >> "$output_objdir/$my_dlsyms" fi func_show_eval '$RM "${nlist}I"' if test -n "$global_symbol_to_import"; then eval "$global_symbol_to_import"' < "$nlist"S > "$nlist"I' fi echo >> "$output_objdir/$my_dlsyms" "\ /* The mapping between symbol names and symbols. */ typedef struct { const char *name; void *address; } lt_dlsymlist; extern LT_DLSYM_CONST lt_dlsymlist lt_${my_prefix}_LTX_preloaded_symbols[];\ " if test -s "$nlist"I; then echo >> "$output_objdir/$my_dlsyms" "\ static void lt_syminit(void) { LT_DLSYM_CONST lt_dlsymlist *symbol = lt_${my_prefix}_LTX_preloaded_symbols; for (; symbol->name; ++symbol) {" $SED 's/.*/ if (STREQ (symbol->name, \"&\")) symbol->address = (void *) \&&;/' < "$nlist"I >> "$output_objdir/$my_dlsyms" echo >> "$output_objdir/$my_dlsyms" "\ } }" fi echo >> "$output_objdir/$my_dlsyms" "\ LT_DLSYM_CONST lt_dlsymlist lt_${my_prefix}_LTX_preloaded_symbols[] = { {\"$my_originator\", (void *) 0}," if test -s "$nlist"I; then echo >> "$output_objdir/$my_dlsyms" "\ {\"@INIT@\", (void *) <_syminit}," fi case $need_lib_prefix in no) eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms" ;; *) eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms" ;; esac echo >> "$output_objdir/$my_dlsyms" "\ {0, (void *) 0} }; /* This works around a problem in FreeBSD linker */ #ifdef FREEBSD_WORKAROUND static const void *lt_preloaded_setup() { return lt_${my_prefix}_LTX_preloaded_symbols; } #endif #ifdef __cplusplus } #endif\ " } # !$opt_dry_run pic_flag_for_symtable= case "$compile_command " in *" -static "*) ;; *) case $host in # compiling the symbol table file with pic_flag works around # a FreeBSD bug that causes programs to crash when -lm is # linked before any other PIC object. But we must not use # pic_flag when linking with -static. The problem exists in # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; *-*-hpux*) pic_flag_for_symtable=" $pic_flag" ;; *) $my_pic_p && pic_flag_for_symtable=" $pic_flag" ;; esac ;; esac symtab_cflags= for arg in $LTCFLAGS; do case $arg in -pie | -fpie | -fPIE) ;; *) func_append symtab_cflags " $arg" ;; esac done # Now compile the dynamic symbol file. func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?' # Clean up the generated files. func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T" "${nlist}I"' # Transform the symbol file into the correct name. symfileobj=$output_objdir/${my_outputname}S.$objext case $host in *cygwin* | *mingw* | *cegcc* ) if test -f "$output_objdir/$my_outputname.def"; then compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` else compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` fi ;; *) compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` ;; esac ;; *) func_fatal_error "unknown suffix for '$my_dlsyms'" ;; esac else # We keep going just in case the user didn't refer to # lt_preloaded_symbols. The linker will fail if global_symbol_pipe # really was required. # Nullify the symbol file. compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"` finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"` fi } # func_cygming_gnu_implib_p ARG # This predicate returns with zero status (TRUE) if # ARG is a GNU/binutils-style import library. Returns # with nonzero status (FALSE) otherwise. func_cygming_gnu_implib_p () { $debug_cmd func_to_tool_file "$1" func_convert_file_msys_to_w32 func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'` test -n "$func_cygming_gnu_implib_tmp" } # func_cygming_ms_implib_p ARG # This predicate returns with zero status (TRUE) if # ARG is an MS-style import library. Returns # with nonzero status (FALSE) otherwise. func_cygming_ms_implib_p () { $debug_cmd func_to_tool_file "$1" func_convert_file_msys_to_w32 func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'` test -n "$func_cygming_ms_implib_tmp" } # func_win32_libid arg # return the library type of file 'arg' # # Need a lot of goo to handle *both* DLLs and import libs # Has to be a shell function in order to 'eat' the argument # that is supplied when $file_magic_command is called. # Despite the name, also deal with 64 bit binaries. func_win32_libid () { $debug_cmd win32_libid_type=unknown win32_fileres=`file -L $1 2>/dev/null` case $win32_fileres in *ar\ archive\ import\ library*) # definitely import win32_libid_type="x86 archive import" ;; *ar\ archive*) # could be an import, or static # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD. if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then case $nm_interface in "MS dumpbin") if func_cygming_ms_implib_p "$1" || func_cygming_gnu_implib_p "$1" then win32_nmres=import else win32_nmres= fi ;; *) func_to_tool_file "$1" func_convert_file_msys_to_w32 win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" | $SED -n -e ' 1,100{ / I /{ s|.*|import| p q } }'` ;; esac case $win32_nmres in import*) win32_libid_type="x86 archive import";; *) win32_libid_type="x86 archive static";; esac fi ;; *DLL*) win32_libid_type="x86 DLL" ;; *executable*) # but shell scripts are "executable" too... case $win32_fileres in *MS\ Windows\ PE\ Intel*) win32_libid_type="x86 DLL" ;; esac ;; esac $ECHO "$win32_libid_type" } # func_cygming_dll_for_implib ARG # # Platform-specific function to extract the # name of the DLL associated with the specified # import library ARG. # Invoked by eval'ing the libtool variable # $sharedlib_from_linklib_cmd # Result is available in the variable # $sharedlib_from_linklib_result func_cygming_dll_for_implib () { $debug_cmd sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"` } # func_cygming_dll_for_implib_fallback_core SECTION_NAME LIBNAMEs # # The is the core of a fallback implementation of a # platform-specific function to extract the name of the # DLL associated with the specified import library LIBNAME. # # SECTION_NAME is either .idata$6 or .idata$7, depending # on the platform and compiler that created the implib. # # Echos the name of the DLL associated with the # specified import library. func_cygming_dll_for_implib_fallback_core () { $debug_cmd match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"` $OBJDUMP -s --section "$1" "$2" 2>/dev/null | $SED '/^Contents of section '"$match_literal"':/{ # Place marker at beginning of archive member dllname section s/.*/====MARK====/ p d } # These lines can sometimes be longer than 43 characters, but # are always uninteresting /:[ ]*file format pe[i]\{,1\}-/d /^In archive [^:]*:/d # Ensure marker is printed /^====MARK====/p # Remove all lines with less than 43 characters /^.\{43\}/!d # From remaining lines, remove first 43 characters s/^.\{43\}//' | $SED -n ' # Join marker and all lines until next marker into a single line /^====MARK====/ b para H $ b para b :para x s/\n//g # Remove the marker s/^====MARK====// # Remove trailing dots and whitespace s/[\. \t]*$// # Print /./p' | # we now have a list, one entry per line, of the stringified # contents of the appropriate section of all members of the # archive that possess that section. Heuristic: eliminate # all those that have a first or second character that is # a '.' (that is, objdump's representation of an unprintable # character.) This should work for all archives with less than # 0x302f exports -- but will fail for DLLs whose name actually # begins with a literal '.' or a single character followed by # a '.'. # # Of those that remain, print the first one. $SED -e '/^\./d;/^.\./d;q' } # func_cygming_dll_for_implib_fallback ARG # Platform-specific function to extract the # name of the DLL associated with the specified # import library ARG. # # This fallback implementation is for use when $DLLTOOL # does not support the --identify-strict option. # Invoked by eval'ing the libtool variable # $sharedlib_from_linklib_cmd # Result is available in the variable # $sharedlib_from_linklib_result func_cygming_dll_for_implib_fallback () { $debug_cmd if func_cygming_gnu_implib_p "$1"; then # binutils import library sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"` elif func_cygming_ms_implib_p "$1"; then # ms-generated import library sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"` else # unknown sharedlib_from_linklib_result= fi } # func_extract_an_archive dir oldlib func_extract_an_archive () { $debug_cmd f_ex_an_ar_dir=$1; shift f_ex_an_ar_oldlib=$1 if test yes = "$lock_old_archive_extraction"; then lockfile=$f_ex_an_ar_oldlib.lock until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do func_echo "Waiting for $lockfile to be removed" sleep 2 done fi func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \ 'stat=$?; rm -f "$lockfile"; exit $stat' if test yes = "$lock_old_archive_extraction"; then $opt_dry_run || rm -f "$lockfile" fi if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then : else func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" fi } # func_extract_archives gentop oldlib ... func_extract_archives () { $debug_cmd my_gentop=$1; shift my_oldlibs=${1+"$@"} my_oldobjs= my_xlib= my_xabs= my_xdir= for my_xlib in $my_oldlibs; do # Extract the objects. case $my_xlib in [\\/]* | [A-Za-z]:[\\/]*) my_xabs=$my_xlib ;; *) my_xabs=`pwd`"/$my_xlib" ;; esac func_basename "$my_xlib" my_xlib=$func_basename_result my_xlib_u=$my_xlib while :; do case " $extracted_archives " in *" $my_xlib_u "*) func_arith $extracted_serial + 1 extracted_serial=$func_arith_result my_xlib_u=lt$extracted_serial-$my_xlib ;; *) break ;; esac done extracted_archives="$extracted_archives $my_xlib_u" my_xdir=$my_gentop/$my_xlib_u func_mkdir_p "$my_xdir" case $host in *-darwin*) func_verbose "Extracting $my_xabs" # Do not bother doing anything if just a dry run $opt_dry_run || { darwin_orig_dir=`pwd` cd $my_xdir || exit $? darwin_archive=$my_xabs darwin_curdir=`pwd` func_basename "$darwin_archive" darwin_base_archive=$func_basename_result darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true` if test -n "$darwin_arches"; then darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'` darwin_arch= func_verbose "$darwin_base_archive has multiple architectures $darwin_arches" for darwin_arch in $darwin_arches; do func_mkdir_p "unfat-$$/$darwin_base_archive-$darwin_arch" $LIPO -thin $darwin_arch -output "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" "$darwin_archive" cd "unfat-$$/$darwin_base_archive-$darwin_arch" func_extract_an_archive "`pwd`" "$darwin_base_archive" cd "$darwin_curdir" $RM "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" done # $darwin_arches ## Okay now we've a bunch of thin objects, gotta fatten them up :) darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$sed_basename" | sort -u` darwin_file= darwin_files= for darwin_file in $darwin_filelist; do darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP` $LIPO -create -output "$darwin_file" $darwin_files done # $darwin_filelist $RM -rf unfat-$$ cd "$darwin_orig_dir" else cd $darwin_orig_dir func_extract_an_archive "$my_xdir" "$my_xabs" fi # $darwin_arches } # !$opt_dry_run ;; *) func_extract_an_archive "$my_xdir" "$my_xabs" ;; esac my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` done func_extract_archives_result=$my_oldobjs } # func_emit_wrapper [arg=no] # # Emit a libtool wrapper script on stdout. # Don't directly open a file because we may want to # incorporate the script contents within a cygwin/mingw # wrapper executable. Must ONLY be called from within # func_mode_link because it depends on a number of variables # set therein. # # ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR # variable will take. If 'yes', then the emitted script # will assume that the directory where it is stored is # the $objdir directory. This is a cygwin/mingw-specific # behavior. func_emit_wrapper () { func_emit_wrapper_arg1=${1-no} $ECHO "\ #! $SHELL # $output - temporary wrapper script for $objdir/$outputname # Generated by $PROGRAM (GNU $PACKAGE) $VERSION # # The $output program cannot be directly executed until all the libtool # libraries that it depends on are installed. # # This wrapper script should never be moved out of the build directory. # If it is, it will not operate correctly. # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. sed_quote_subst='$sed_quote_subst' # Be Bourne compatible if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac fi BIN_SH=xpg4; export BIN_SH # for Tru64 DUALCASE=1; export DUALCASE # for MKS sh # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH relink_command=\"$relink_command\" # This environment variable determines our operation mode. if test \"\$libtool_install_magic\" = \"$magic\"; then # install mode needs the following variables: generated_by_libtool_version='$macro_version' notinst_deplibs='$notinst_deplibs' else # When we are sourced in execute mode, \$file and \$ECHO are already set. if test \"\$libtool_execute_magic\" != \"$magic\"; then file=\"\$0\"" qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"` $ECHO "\ # A function that is used when there is no print builtin or printf. func_fallback_echo () { eval 'cat <<_LTECHO_EOF \$1 _LTECHO_EOF' } ECHO=\"$qECHO\" fi # Very basic option parsing. These options are (a) specific to # the libtool wrapper, (b) are identical between the wrapper # /script/ and the wrapper /executable/ that is used only on # windows platforms, and (c) all begin with the string "--lt-" # (application programs are unlikely to have options that match # this pattern). # # There are only two supported options: --lt-debug and # --lt-dump-script. There is, deliberately, no --lt-help. # # The first argument to this parsing function should be the # script's $0 value, followed by "$@". lt_option_debug= func_parse_lt_options () { lt_script_arg0=\$0 shift for lt_opt do case \"\$lt_opt\" in --lt-debug) lt_option_debug=1 ;; --lt-dump-script) lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\` test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=. lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\` cat \"\$lt_dump_D/\$lt_dump_F\" exit 0 ;; --lt-*) \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2 exit 1 ;; esac done # Print the debug banner immediately: if test -n \"\$lt_option_debug\"; then echo \"$outputname:$output:\$LINENO: libtool wrapper (GNU $PACKAGE) $VERSION\" 1>&2 fi } # Used when --lt-debug. Prints its arguments to stdout # (redirection is the responsibility of the caller) func_lt_dump_args () { lt_dump_args_N=1; for lt_arg do \$ECHO \"$outputname:$output:\$LINENO: newargv[\$lt_dump_args_N]: \$lt_arg\" lt_dump_args_N=\`expr \$lt_dump_args_N + 1\` done } # Core function for launching the target application func_exec_program_core () { " case $host in # Backslashes separate directories on plain windows *-*-mingw | *-*-os2* | *-cegcc*) $ECHO "\ if test -n \"\$lt_option_debug\"; then \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir\\\\\$program\" 1>&2 func_lt_dump_args \${1+\"\$@\"} 1>&2 fi exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} " ;; *) $ECHO "\ if test -n \"\$lt_option_debug\"; then \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir/\$program\" 1>&2 func_lt_dump_args \${1+\"\$@\"} 1>&2 fi exec \"\$progdir/\$program\" \${1+\"\$@\"} " ;; esac $ECHO "\ \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 exit 1 } # A function to encapsulate launching the target application # Strips options in the --lt-* namespace from \$@ and # launches target application with the remaining arguments. func_exec_program () { case \" \$* \" in *\\ --lt-*) for lt_wr_arg do case \$lt_wr_arg in --lt-*) ;; *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; esac shift done ;; esac func_exec_program_core \${1+\"\$@\"} } # Parse options func_parse_lt_options \"\$0\" \${1+\"\$@\"} # Find the directory that this script lives in. thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\` test \"x\$thisdir\" = \"x\$file\" && thisdir=. # Follow symbolic links until we get to the real thisdir. file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\` while test -n \"\$file\"; do destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\` # If there was a directory component, then change thisdir. if test \"x\$destdir\" != \"x\$file\"; then case \"\$destdir\" in [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;; *) thisdir=\"\$thisdir/\$destdir\" ;; esac fi file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\` file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\` done # Usually 'no', except on cygwin/mingw when embedded into # the cwrapper. WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1 if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then # special case for '.' if test \"\$thisdir\" = \".\"; then thisdir=\`pwd\` fi # remove .libs from thisdir case \"\$thisdir\" in *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;; $objdir ) thisdir=. ;; esac fi # Try to get the absolute directory name. absdir=\`cd \"\$thisdir\" && pwd\` test -n \"\$absdir\" && thisdir=\"\$absdir\" " if test yes = "$fast_install"; then $ECHO "\ program=lt-'$outputname'$exeext progdir=\"\$thisdir/$objdir\" if test ! -f \"\$progdir/\$program\" || { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | $SED 1q\`; \\ test \"X\$file\" != \"X\$progdir/\$program\"; }; then file=\"\$\$-\$program\" if test ! -d \"\$progdir\"; then $MKDIR \"\$progdir\" else $RM \"\$progdir/\$file\" fi" $ECHO "\ # relink executable if necessary if test -n \"\$relink_command\"; then if relink_command_output=\`eval \$relink_command 2>&1\`; then : else \$ECHO \"\$relink_command_output\" >&2 $RM \"\$progdir/\$file\" exit 1 fi fi $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || { $RM \"\$progdir/\$program\"; $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; } $RM \"\$progdir/\$file\" fi" else $ECHO "\ program='$outputname' progdir=\"\$thisdir/$objdir\" " fi $ECHO "\ if test -f \"\$progdir/\$program\"; then" # fixup the dll searchpath if we need to. # # Fix the DLL searchpath if we need to. Do this before prepending # to shlibpath, because on Windows, both are PATH and uninstalled # libraries must come first. if test -n "$dllsearchpath"; then $ECHO "\ # Add the dll search path components to the executable PATH PATH=$dllsearchpath:\$PATH " fi # Export our shlibpath_var if we have one. if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then $ECHO "\ # Add our own library path to $shlibpath_var $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" # Some systems cannot cope with colon-terminated $shlibpath_var # The second colon is a workaround for a bug in BeOS R4 sed $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\` export $shlibpath_var " fi $ECHO "\ if test \"\$libtool_execute_magic\" != \"$magic\"; then # Run the actual program with our arguments. func_exec_program \${1+\"\$@\"} fi else # The program doesn't exist. \$ECHO \"\$0: error: '\$progdir/\$program' does not exist\" 1>&2 \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 exit 1 fi fi\ " } # func_emit_cwrapperexe_src # emit the source code for a wrapper executable on stdout # Must ONLY be called from within func_mode_link because # it depends on a number of variable set therein. func_emit_cwrapperexe_src () { cat < #include #ifdef _MSC_VER # include # include # include #else # include # include # ifdef __CYGWIN__ # include # endif #endif #include #include #include #include #include #include #include #include #define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) /* declarations of non-ANSI functions */ #if defined __MINGW32__ # ifdef __STRICT_ANSI__ int _putenv (const char *); # endif #elif defined __CYGWIN__ # ifdef __STRICT_ANSI__ char *realpath (const char *, char *); int putenv (char *); int setenv (const char *, const char *, int); # endif /* #elif defined other_platform || defined ... */ #endif /* portability defines, excluding path handling macros */ #if defined _MSC_VER # define setmode _setmode # define stat _stat # define chmod _chmod # define getcwd _getcwd # define putenv _putenv # define S_IXUSR _S_IEXEC #elif defined __MINGW32__ # define setmode _setmode # define stat _stat # define chmod _chmod # define getcwd _getcwd # define putenv _putenv #elif defined __CYGWIN__ # define HAVE_SETENV # define FOPEN_WB "wb" /* #elif defined other platforms ... */ #endif #if defined PATH_MAX # define LT_PATHMAX PATH_MAX #elif defined MAXPATHLEN # define LT_PATHMAX MAXPATHLEN #else # define LT_PATHMAX 1024 #endif #ifndef S_IXOTH # define S_IXOTH 0 #endif #ifndef S_IXGRP # define S_IXGRP 0 #endif /* path handling portability macros */ #ifndef DIR_SEPARATOR # define DIR_SEPARATOR '/' # define PATH_SEPARATOR ':' #endif #if defined _WIN32 || defined __MSDOS__ || defined __DJGPP__ || \ defined __OS2__ # define HAVE_DOS_BASED_FILE_SYSTEM # define FOPEN_WB "wb" # ifndef DIR_SEPARATOR_2 # define DIR_SEPARATOR_2 '\\' # endif # ifndef PATH_SEPARATOR_2 # define PATH_SEPARATOR_2 ';' # endif #endif #ifndef DIR_SEPARATOR_2 # define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR) #else /* DIR_SEPARATOR_2 */ # define IS_DIR_SEPARATOR(ch) \ (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2)) #endif /* DIR_SEPARATOR_2 */ #ifndef PATH_SEPARATOR_2 # define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR) #else /* PATH_SEPARATOR_2 */ # define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) #endif /* PATH_SEPARATOR_2 */ #ifndef FOPEN_WB # define FOPEN_WB "w" #endif #ifndef _O_BINARY # define _O_BINARY 0 #endif #define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) #define XFREE(stale) do { \ if (stale) { free (stale); stale = 0; } \ } while (0) #if defined LT_DEBUGWRAPPER static int lt_debug = 1; #else static int lt_debug = 0; #endif const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */ void *xmalloc (size_t num); char *xstrdup (const char *string); const char *base_name (const char *name); char *find_executable (const char *wrapper); char *chase_symlinks (const char *pathspec); int make_executable (const char *path); int check_executable (const char *path); char *strendzap (char *str, const char *pat); void lt_debugprintf (const char *file, int line, const char *fmt, ...); void lt_fatal (const char *file, int line, const char *message, ...); static const char *nonnull (const char *s); static const char *nonempty (const char *s); void lt_setenv (const char *name, const char *value); char *lt_extend_str (const char *orig_value, const char *add, int to_end); void lt_update_exe_path (const char *name, const char *value); void lt_update_lib_path (const char *name, const char *value); char **prepare_spawn (char **argv); void lt_dump_script (FILE *f); EOF cat <= 0) && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) return 1; else return 0; } int make_executable (const char *path) { int rval = 0; struct stat st; lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n", nonempty (path)); if ((!path) || (!*path)) return 0; if (stat (path, &st) >= 0) { rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR); } return rval; } /* Searches for the full path of the wrapper. Returns newly allocated full path name if found, NULL otherwise Does not chase symlinks, even on platforms that support them. */ char * find_executable (const char *wrapper) { int has_slash = 0; const char *p; const char *p_next; /* static buffer for getcwd */ char tmp[LT_PATHMAX + 1]; size_t tmp_len; char *concat_name; lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n", nonempty (wrapper)); if ((wrapper == NULL) || (*wrapper == '\0')) return NULL; /* Absolute path? */ #if defined HAVE_DOS_BASED_FILE_SYSTEM if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':') { concat_name = xstrdup (wrapper); if (check_executable (concat_name)) return concat_name; XFREE (concat_name); } else { #endif if (IS_DIR_SEPARATOR (wrapper[0])) { concat_name = xstrdup (wrapper); if (check_executable (concat_name)) return concat_name; XFREE (concat_name); } #if defined HAVE_DOS_BASED_FILE_SYSTEM } #endif for (p = wrapper; *p; p++) if (*p == '/') { has_slash = 1; break; } if (!has_slash) { /* no slashes; search PATH */ const char *path = getenv ("PATH"); if (path != NULL) { for (p = path; *p; p = p_next) { const char *q; size_t p_len; for (q = p; *q; q++) if (IS_PATH_SEPARATOR (*q)) break; p_len = (size_t) (q - p); p_next = (*q == '\0' ? q : q + 1); if (p_len == 0) { /* empty path: current directory */ if (getcwd (tmp, LT_PATHMAX) == NULL) lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", nonnull (strerror (errno))); tmp_len = strlen (tmp); concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); memcpy (concat_name, tmp, tmp_len); concat_name[tmp_len] = '/'; strcpy (concat_name + tmp_len + 1, wrapper); } else { concat_name = XMALLOC (char, p_len + 1 + strlen (wrapper) + 1); memcpy (concat_name, p, p_len); concat_name[p_len] = '/'; strcpy (concat_name + p_len + 1, wrapper); } if (check_executable (concat_name)) return concat_name; XFREE (concat_name); } } /* not found in PATH; assume curdir */ } /* Relative path | not found in path: prepend cwd */ if (getcwd (tmp, LT_PATHMAX) == NULL) lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", nonnull (strerror (errno))); tmp_len = strlen (tmp); concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); memcpy (concat_name, tmp, tmp_len); concat_name[tmp_len] = '/'; strcpy (concat_name + tmp_len + 1, wrapper); if (check_executable (concat_name)) return concat_name; XFREE (concat_name); return NULL; } char * chase_symlinks (const char *pathspec) { #ifndef S_ISLNK return xstrdup (pathspec); #else char buf[LT_PATHMAX]; struct stat s; char *tmp_pathspec = xstrdup (pathspec); char *p; int has_symlinks = 0; while (strlen (tmp_pathspec) && !has_symlinks) { lt_debugprintf (__FILE__, __LINE__, "checking path component for symlinks: %s\n", tmp_pathspec); if (lstat (tmp_pathspec, &s) == 0) { if (S_ISLNK (s.st_mode) != 0) { has_symlinks = 1; break; } /* search backwards for last DIR_SEPARATOR */ p = tmp_pathspec + strlen (tmp_pathspec) - 1; while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) p--; if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) { /* no more DIR_SEPARATORS left */ break; } *p = '\0'; } else { lt_fatal (__FILE__, __LINE__, "error accessing file \"%s\": %s", tmp_pathspec, nonnull (strerror (errno))); } } XFREE (tmp_pathspec); if (!has_symlinks) { return xstrdup (pathspec); } tmp_pathspec = realpath (pathspec, buf); if (tmp_pathspec == 0) { lt_fatal (__FILE__, __LINE__, "could not follow symlinks for %s", pathspec); } return xstrdup (tmp_pathspec); #endif } char * strendzap (char *str, const char *pat) { size_t len, patlen; assert (str != NULL); assert (pat != NULL); len = strlen (str); patlen = strlen (pat); if (patlen <= len) { str += len - patlen; if (STREQ (str, pat)) *str = '\0'; } return str; } void lt_debugprintf (const char *file, int line, const char *fmt, ...) { va_list args; if (lt_debug) { (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line); va_start (args, fmt); (void) vfprintf (stderr, fmt, args); va_end (args); } } static void lt_error_core (int exit_status, const char *file, int line, const char *mode, const char *message, va_list ap) { fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode); vfprintf (stderr, message, ap); fprintf (stderr, ".\n"); if (exit_status >= 0) exit (exit_status); } void lt_fatal (const char *file, int line, const char *message, ...) { va_list ap; va_start (ap, message); lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap); va_end (ap); } static const char * nonnull (const char *s) { return s ? s : "(null)"; } static const char * nonempty (const char *s) { return (s && !*s) ? "(empty)" : nonnull (s); } void lt_setenv (const char *name, const char *value) { lt_debugprintf (__FILE__, __LINE__, "(lt_setenv) setting '%s' to '%s'\n", nonnull (name), nonnull (value)); { #ifdef HAVE_SETENV /* always make a copy, for consistency with !HAVE_SETENV */ char *str = xstrdup (value); setenv (name, str, 1); #else size_t len = strlen (name) + 1 + strlen (value) + 1; char *str = XMALLOC (char, len); sprintf (str, "%s=%s", name, value); if (putenv (str) != EXIT_SUCCESS) { XFREE (str); } #endif } } char * lt_extend_str (const char *orig_value, const char *add, int to_end) { char *new_value; if (orig_value && *orig_value) { size_t orig_value_len = strlen (orig_value); size_t add_len = strlen (add); new_value = XMALLOC (char, add_len + orig_value_len + 1); if (to_end) { strcpy (new_value, orig_value); strcpy (new_value + orig_value_len, add); } else { strcpy (new_value, add); strcpy (new_value + add_len, orig_value); } } else { new_value = xstrdup (add); } return new_value; } void lt_update_exe_path (const char *name, const char *value) { lt_debugprintf (__FILE__, __LINE__, "(lt_update_exe_path) modifying '%s' by prepending '%s'\n", nonnull (name), nonnull (value)); if (name && *name && value && *value) { char *new_value = lt_extend_str (getenv (name), value, 0); /* some systems can't cope with a ':'-terminated path #' */ size_t len = strlen (new_value); while ((len > 0) && IS_PATH_SEPARATOR (new_value[len-1])) { new_value[--len] = '\0'; } lt_setenv (name, new_value); XFREE (new_value); } } void lt_update_lib_path (const char *name, const char *value) { lt_debugprintf (__FILE__, __LINE__, "(lt_update_lib_path) modifying '%s' by prepending '%s'\n", nonnull (name), nonnull (value)); if (name && *name && value && *value) { char *new_value = lt_extend_str (getenv (name), value, 0); lt_setenv (name, new_value); XFREE (new_value); } } EOF case $host_os in mingw*) cat <<"EOF" /* Prepares an argument vector before calling spawn(). Note that spawn() does not by itself call the command interpreter (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") : ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); GetVersionEx(&v); v.dwPlatformId == VER_PLATFORM_WIN32_NT; }) ? "cmd.exe" : "command.com"). Instead it simply concatenates the arguments, separated by ' ', and calls CreateProcess(). We must quote the arguments since Win32 CreateProcess() interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a special way: - Space and tab are interpreted as delimiters. They are not treated as delimiters if they are surrounded by double quotes: "...". - Unescaped double quotes are removed from the input. Their only effect is that within double quotes, space and tab are treated like normal characters. - Backslashes not followed by double quotes are not special. - But 2*n+1 backslashes followed by a double quote become n backslashes followed by a double quote (n >= 0): \" -> " \\\" -> \" \\\\\" -> \\" */ #define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" #define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" char ** prepare_spawn (char **argv) { size_t argc; char **new_argv; size_t i; /* Count number of arguments. */ for (argc = 0; argv[argc] != NULL; argc++) ; /* Allocate new argument vector. */ new_argv = XMALLOC (char *, argc + 1); /* Put quoted arguments into the new argument vector. */ for (i = 0; i < argc; i++) { const char *string = argv[i]; if (string[0] == '\0') new_argv[i] = xstrdup ("\"\""); else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL) { int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL); size_t length; unsigned int backslashes; const char *s; char *quoted_string; char *p; length = 0; backslashes = 0; if (quote_around) length++; for (s = string; *s != '\0'; s++) { char c = *s; if (c == '"') length += backslashes + 1; length++; if (c == '\\') backslashes++; else backslashes = 0; } if (quote_around) length += backslashes + 1; quoted_string = XMALLOC (char, length + 1); p = quoted_string; backslashes = 0; if (quote_around) *p++ = '"'; for (s = string; *s != '\0'; s++) { char c = *s; if (c == '"') { unsigned int j; for (j = backslashes + 1; j > 0; j--) *p++ = '\\'; } *p++ = c; if (c == '\\') backslashes++; else backslashes = 0; } if (quote_around) { unsigned int j; for (j = backslashes; j > 0; j--) *p++ = '\\'; *p++ = '"'; } *p = '\0'; new_argv[i] = quoted_string; } else new_argv[i] = (char *) string; } new_argv[argc] = NULL; return new_argv; } EOF ;; esac cat <<"EOF" void lt_dump_script (FILE* f) { EOF func_emit_wrapper yes | $SED -n -e ' s/^\(.\{79\}\)\(..*\)/\1\ \2/ h s/\([\\"]\)/\\\1/g s/$/\\n/ s/\([^\n]*\).*/ fputs ("\1", f);/p g D' cat <<"EOF" } EOF } # end: func_emit_cwrapperexe_src # func_win32_import_lib_p ARG # True if ARG is an import lib, as indicated by $file_magic_cmd func_win32_import_lib_p () { $debug_cmd case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in *import*) : ;; *) false ;; esac } # func_suncc_cstd_abi # !!ONLY CALL THIS FOR SUN CC AFTER $compile_command IS FULLY EXPANDED!! # Several compiler flags select an ABI that is incompatible with the # Cstd library. Avoid specifying it if any are in CXXFLAGS. func_suncc_cstd_abi () { $debug_cmd case " $compile_command " in *" -compat=g "*|*\ -std=c++[0-9][0-9]\ *|*" -library=stdcxx4 "*|*" -library=stlport4 "*) suncc_use_cstd_abi=no ;; *) suncc_use_cstd_abi=yes ;; esac } # func_mode_link arg... func_mode_link () { $debug_cmd case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) # It is impossible to link a dll without this setting, and # we shouldn't force the makefile maintainer to figure out # what system we are compiling for in order to pass an extra # flag for every libtool invocation. # allow_undefined=no # FIXME: Unfortunately, there are problems with the above when trying # to make a dll that has undefined symbols, in which case not # even a static library is built. For now, we need to specify # -no-undefined on the libtool link line when we can be certain # that all symbols are satisfied, otherwise we get a static library. allow_undefined=yes ;; *) allow_undefined=yes ;; esac libtool_args=$nonopt base_compile="$nonopt $@" compile_command=$nonopt finalize_command=$nonopt compile_rpath= finalize_rpath= compile_shlibpath= finalize_shlibpath= convenience= old_convenience= deplibs= old_deplibs= compiler_flags= linker_flags= dllsearchpath= lib_search_path=`pwd` inst_prefix_dir= new_inherited_linker_flags= avoid_version=no bindir= dlfiles= dlprefiles= dlself=no export_dynamic=no export_symbols= export_symbols_regex= generated= libobjs= ltlibs= module=no no_install=no objs= os2dllname= non_pic_objects= precious_files_regex= prefer_static_libs=no preload=false prev= prevarg= release= rpath= xrpath= perm_rpath= temp_rpath= thread_safe=no vinfo= vinfo_number=no weak_libs= single_module=$wl-single_module func_infer_tag $base_compile # We need to know -static, to get the right output filenames. for arg do case $arg in -shared) test yes != "$build_libtool_libs" \ && func_fatal_configuration "cannot build a shared library" build_old_libs=no break ;; -all-static | -static | -static-libtool-libs) case $arg in -all-static) if test yes = "$build_libtool_libs" && test -z "$link_static_flag"; then func_warning "complete static linking is impossible in this configuration" fi if test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=yes ;; -static) if test -z "$pic_flag" && test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=built ;; -static-libtool-libs) if test -z "$pic_flag" && test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=yes ;; esac build_libtool_libs=no build_old_libs=yes break ;; esac done # See if our shared archives depend on static archives. test -n "$old_archive_from_new_cmds" && build_old_libs=yes # Go through the arguments, transforming them on the way. while test "$#" -gt 0; do arg=$1 shift func_quote_for_eval "$arg" qarg=$func_quote_for_eval_unquoted_result func_append libtool_args " $func_quote_for_eval_result" # If the previous option needs an argument, assign it. if test -n "$prev"; then case $prev in output) func_append compile_command " @OUTPUT@" func_append finalize_command " @OUTPUT@" ;; esac case $prev in bindir) bindir=$arg prev= continue ;; dlfiles|dlprefiles) $preload || { # Add the symbol object into the linking commands. func_append compile_command " @SYMFILE@" func_append finalize_command " @SYMFILE@" preload=: } case $arg in *.la | *.lo) ;; # We handle these cases below. force) if test no = "$dlself"; then dlself=needless export_dynamic=yes fi prev= continue ;; self) if test dlprefiles = "$prev"; then dlself=yes elif test dlfiles = "$prev" && test yes != "$dlopen_self"; then dlself=yes else dlself=needless export_dynamic=yes fi prev= continue ;; *) if test dlfiles = "$prev"; then func_append dlfiles " $arg" else func_append dlprefiles " $arg" fi prev= continue ;; esac ;; expsyms) export_symbols=$arg test -f "$arg" \ || func_fatal_error "symbol file '$arg' does not exist" prev= continue ;; expsyms_regex) export_symbols_regex=$arg prev= continue ;; framework) case $host in *-*-darwin*) case "$deplibs " in *" $qarg.ltframework "*) ;; *) func_append deplibs " $qarg.ltframework" # this is fixed later ;; esac ;; esac prev= continue ;; inst_prefix) inst_prefix_dir=$arg prev= continue ;; mllvm) # Clang does not use LLVM to link, so we can simply discard any # '-mllvm $arg' options when doing the link step. prev= continue ;; objectlist) if test -f "$arg"; then save_arg=$arg moreargs= for fil in `cat "$save_arg"` do # func_append moreargs " $fil" arg=$fil # A libtool-controlled object. # Check to see that this really is a libtool object. if func_lalib_unsafe_p "$arg"; then pic_object= non_pic_object= # Read the .lo file func_source "$arg" if test -z "$pic_object" || test -z "$non_pic_object" || test none = "$pic_object" && test none = "$non_pic_object"; then func_fatal_error "cannot find name of object for '$arg'" fi # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir=$func_dirname_result if test none != "$pic_object"; then # Prepend the subdirectory the object is found in. pic_object=$xdir$pic_object if test dlfiles = "$prev"; then if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then func_append dlfiles " $pic_object" prev= continue else # If libtool objects are unsupported, then we need to preload. prev=dlprefiles fi fi # CHECK ME: I think I busted this. -Ossama if test dlprefiles = "$prev"; then # Preload the old-style object. func_append dlprefiles " $pic_object" prev= fi # A PIC object. func_append libobjs " $pic_object" arg=$pic_object fi # Non-PIC object. if test none != "$non_pic_object"; then # Prepend the subdirectory the object is found in. non_pic_object=$xdir$non_pic_object # A standard non-PIC object func_append non_pic_objects " $non_pic_object" if test -z "$pic_object" || test none = "$pic_object"; then arg=$non_pic_object fi else # If the PIC object exists, use it instead. # $xdir was prepended to $pic_object above. non_pic_object=$pic_object func_append non_pic_objects " $non_pic_object" fi else # Only an error if not doing a dry-run. if $opt_dry_run; then # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir=$func_dirname_result func_lo2o "$arg" pic_object=$xdir$objdir/$func_lo2o_result non_pic_object=$xdir$func_lo2o_result func_append libobjs " $pic_object" func_append non_pic_objects " $non_pic_object" else func_fatal_error "'$arg' is not a valid libtool object" fi fi done else func_fatal_error "link input file '$arg' does not exist" fi arg=$save_arg prev= continue ;; os2dllname) os2dllname=$arg prev= continue ;; precious_regex) precious_files_regex=$arg prev= continue ;; release) release=-$arg prev= continue ;; rpath | xrpath) # We need an absolute path. case $arg in [\\/]* | [A-Za-z]:[\\/]*) ;; *) func_fatal_error "only absolute run-paths are allowed" ;; esac if test rpath = "$prev"; then case "$rpath " in *" $arg "*) ;; *) func_append rpath " $arg" ;; esac else case "$xrpath " in *" $arg "*) ;; *) func_append xrpath " $arg" ;; esac fi prev= continue ;; shrext) shrext_cmds=$arg prev= continue ;; weak) func_append weak_libs " $arg" prev= continue ;; xcclinker) func_append linker_flags " $qarg" func_append compiler_flags " $qarg" prev= func_append compile_command " $qarg" func_append finalize_command " $qarg" continue ;; xcompiler) func_append compiler_flags " $qarg" prev= func_append compile_command " $qarg" func_append finalize_command " $qarg" continue ;; xlinker) func_append linker_flags " $qarg" func_append compiler_flags " $wl$qarg" prev= func_append compile_command " $wl$qarg" func_append finalize_command " $wl$qarg" continue ;; *) eval "$prev=\"\$arg\"" prev= continue ;; esac fi # test -n "$prev" prevarg=$arg case $arg in -all-static) if test -n "$link_static_flag"; then # See comment for -static flag below, for more details. func_append compile_command " $link_static_flag" func_append finalize_command " $link_static_flag" fi continue ;; -allow-undefined) # FIXME: remove this flag sometime in the future. func_fatal_error "'-allow-undefined' must not be used because it is the default" ;; -avoid-version) avoid_version=yes continue ;; -bindir) prev=bindir continue ;; -dlopen) prev=dlfiles continue ;; -dlpreopen) prev=dlprefiles continue ;; -export-dynamic) export_dynamic=yes continue ;; -export-symbols | -export-symbols-regex) if test -n "$export_symbols" || test -n "$export_symbols_regex"; then func_fatal_error "more than one -exported-symbols argument is not allowed" fi if test X-export-symbols = "X$arg"; then prev=expsyms else prev=expsyms_regex fi continue ;; -framework) prev=framework continue ;; -inst-prefix-dir) prev=inst_prefix continue ;; # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:* # so, if we see these flags be careful not to treat them like -L -L[A-Z][A-Z]*:*) case $with_gcc/$host in no/*-*-irix* | /*-*-irix*) func_append compile_command " $arg" func_append finalize_command " $arg" ;; esac continue ;; -L*) func_stripname "-L" '' "$arg" if test -z "$func_stripname_result"; then if test "$#" -gt 0; then func_fatal_error "require no space between '-L' and '$1'" else func_fatal_error "need path for '-L' option" fi fi func_resolve_sysroot "$func_stripname_result" dir=$func_resolve_sysroot_result # We need an absolute path. case $dir in [\\/]* | [A-Za-z]:[\\/]*) ;; *) absdir=`cd "$dir" && pwd` test -z "$absdir" && \ func_fatal_error "cannot determine absolute directory name of '$dir'" dir=$absdir ;; esac case "$deplibs " in *" -L$dir "* | *" $arg "*) # Will only happen for absolute or sysroot arguments ;; *) # Preserve sysroot, but never include relative directories case $dir in [\\/]* | [A-Za-z]:[\\/]* | =*) func_append deplibs " $arg" ;; *) func_append deplibs " -L$dir" ;; esac func_append lib_search_path " $dir" ;; esac case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'` case :$dllsearchpath: in *":$dir:"*) ;; ::) dllsearchpath=$dir;; *) func_append dllsearchpath ":$dir";; esac case :$dllsearchpath: in *":$testbindir:"*) ;; ::) dllsearchpath=$testbindir;; *) func_append dllsearchpath ":$testbindir";; esac ;; esac continue ;; -l*) if test X-lc = "X$arg" || test X-lm = "X$arg"; then case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) # These systems don't actually have a C or math library (as such) continue ;; *-*-os2*) # These systems don't actually have a C library (as such) test X-lc = "X$arg" && continue ;; *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) # Do not include libc due to us having libc/libc_r. test X-lc = "X$arg" && continue ;; *-*-rhapsody* | *-*-darwin1.[012]) # Rhapsody C and math libraries are in the System framework func_append deplibs " System.ltframework" continue ;; *-*-sco3.2v5* | *-*-sco5v6*) # Causes problems with __ctype test X-lc = "X$arg" && continue ;; *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) # Compiler inserts libc in the correct place for threads to work test X-lc = "X$arg" && continue ;; esac elif test X-lc_r = "X$arg"; then case $host in *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) # Do not include libc_r directly, use -pthread flag. continue ;; esac fi func_append deplibs " $arg" continue ;; -mllvm) prev=mllvm continue ;; -module) module=yes continue ;; # Tru64 UNIX uses -model [arg] to determine the layout of C++ # classes, name mangling, and exception handling. # Darwin uses the -arch flag to determine output architecture. -model|-arch|-isysroot|--sysroot) func_append compiler_flags " $arg" func_append compile_command " $arg" func_append finalize_command " $arg" prev=xcompiler continue ;; -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) func_append compiler_flags " $arg" func_append compile_command " $arg" func_append finalize_command " $arg" case "$new_inherited_linker_flags " in *" $arg "*) ;; * ) func_append new_inherited_linker_flags " $arg" ;; esac continue ;; -multi_module) single_module=$wl-multi_module continue ;; -no-fast-install) fast_install=no continue ;; -no-install) case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*) # The PATH hackery in wrapper scripts is required on Windows # and Darwin in order for the loader to find any dlls it needs. func_warning "'-no-install' is ignored for $host" func_warning "assuming '-no-fast-install' instead" fast_install=no ;; *) no_install=yes ;; esac continue ;; -no-undefined) allow_undefined=no continue ;; -objectlist) prev=objectlist continue ;; -os2dllname) prev=os2dllname continue ;; -o) prev=output ;; -precious-files-regex) prev=precious_regex continue ;; -release) prev=release continue ;; -rpath) prev=rpath continue ;; -R) prev=xrpath continue ;; -R*) func_stripname '-R' '' "$arg" dir=$func_stripname_result # We need an absolute path. case $dir in [\\/]* | [A-Za-z]:[\\/]*) ;; =*) func_stripname '=' '' "$dir" dir=$lt_sysroot$func_stripname_result ;; *) func_fatal_error "only absolute run-paths are allowed" ;; esac case "$xrpath " in *" $dir "*) ;; *) func_append xrpath " $dir" ;; esac continue ;; -shared) # The effects of -shared are defined in a previous loop. continue ;; -shrext) prev=shrext continue ;; -static | -static-libtool-libs) # The effects of -static are defined in a previous loop. # We used to do the same as -all-static on platforms that # didn't have a PIC flag, but the assumption that the effects # would be equivalent was wrong. It would break on at least # Digital Unix and AIX. continue ;; -thread-safe) thread_safe=yes continue ;; -version-info) prev=vinfo continue ;; -version-number) prev=vinfo vinfo_number=yes continue ;; -weak) prev=weak continue ;; -Wc,*) func_stripname '-Wc,' '' "$arg" args=$func_stripname_result arg= save_ifs=$IFS; IFS=, for flag in $args; do IFS=$save_ifs func_quote_for_eval "$flag" func_append arg " $func_quote_for_eval_result" func_append compiler_flags " $func_quote_for_eval_result" done IFS=$save_ifs func_stripname ' ' '' "$arg" arg=$func_stripname_result ;; -Wl,*) func_stripname '-Wl,' '' "$arg" args=$func_stripname_result arg= save_ifs=$IFS; IFS=, for flag in $args; do IFS=$save_ifs func_quote_for_eval "$flag" func_append arg " $wl$func_quote_for_eval_result" func_append compiler_flags " $wl$func_quote_for_eval_result" func_append linker_flags " $func_quote_for_eval_result" done IFS=$save_ifs func_stripname ' ' '' "$arg" arg=$func_stripname_result ;; -Xcompiler) prev=xcompiler continue ;; -Xlinker) prev=xlinker continue ;; -XCClinker) prev=xcclinker continue ;; # -msg_* for osf cc -msg_*) func_quote_for_eval "$arg" arg=$func_quote_for_eval_result ;; # Flags to be passed through unchanged, with rationale: # -64, -mips[0-9] enable 64-bit mode for the SGI compiler # -r[0-9][0-9]* specify processor for the SGI compiler # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler # +DA*, +DD* enable 64-bit mode for the HP compiler # -q* compiler args for the IBM compiler # -m*, -t[45]*, -txscale* architecture-specific flags for GCC # -F/path path to uninstalled frameworks, gcc on darwin # -p, -pg, --coverage, -fprofile-* profiling flags for GCC # -fstack-protector* stack protector flags for GCC # @file GCC response files # -tp=* Portland pgcc target processor selection # --sysroot=* for sysroot support # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization # -specs=* GCC specs files # -stdlib=* select c++ std lib with clang # -fsanitize=* Clang/GCC memory and address sanitizer -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \ -specs=*|-fsanitize=*) func_quote_for_eval "$arg" arg=$func_quote_for_eval_result func_append compile_command " $arg" func_append finalize_command " $arg" func_append compiler_flags " $arg" continue ;; -Z*) if test os2 = "`expr $host : '.*\(os2\)'`"; then # OS/2 uses -Zxxx to specify OS/2-specific options compiler_flags="$compiler_flags $arg" func_append compile_command " $arg" func_append finalize_command " $arg" case $arg in -Zlinker | -Zstack) prev=xcompiler ;; esac continue else # Otherwise treat like 'Some other compiler flag' below func_quote_for_eval "$arg" arg=$func_quote_for_eval_result fi ;; # Some other compiler flag. -* | +*) func_quote_for_eval "$arg" arg=$func_quote_for_eval_result ;; *.$objext) # A standard object. func_append objs " $arg" ;; *.lo) # A libtool-controlled object. # Check to see that this really is a libtool object. if func_lalib_unsafe_p "$arg"; then pic_object= non_pic_object= # Read the .lo file func_source "$arg" if test -z "$pic_object" || test -z "$non_pic_object" || test none = "$pic_object" && test none = "$non_pic_object"; then func_fatal_error "cannot find name of object for '$arg'" fi # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir=$func_dirname_result test none = "$pic_object" || { # Prepend the subdirectory the object is found in. pic_object=$xdir$pic_object if test dlfiles = "$prev"; then if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then func_append dlfiles " $pic_object" prev= continue else # If libtool objects are unsupported, then we need to preload. prev=dlprefiles fi fi # CHECK ME: I think I busted this. -Ossama if test dlprefiles = "$prev"; then # Preload the old-style object. func_append dlprefiles " $pic_object" prev= fi # A PIC object. func_append libobjs " $pic_object" arg=$pic_object } # Non-PIC object. if test none != "$non_pic_object"; then # Prepend the subdirectory the object is found in. non_pic_object=$xdir$non_pic_object # A standard non-PIC object func_append non_pic_objects " $non_pic_object" if test -z "$pic_object" || test none = "$pic_object"; then arg=$non_pic_object fi else # If the PIC object exists, use it instead. # $xdir was prepended to $pic_object above. non_pic_object=$pic_object func_append non_pic_objects " $non_pic_object" fi else # Only an error if not doing a dry-run. if $opt_dry_run; then # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir=$func_dirname_result func_lo2o "$arg" pic_object=$xdir$objdir/$func_lo2o_result non_pic_object=$xdir$func_lo2o_result func_append libobjs " $pic_object" func_append non_pic_objects " $non_pic_object" else func_fatal_error "'$arg' is not a valid libtool object" fi fi ;; *.$libext) # An archive. func_append deplibs " $arg" func_append old_deplibs " $arg" continue ;; *.la) # A libtool-controlled library. func_resolve_sysroot "$arg" if test dlfiles = "$prev"; then # This library was specified with -dlopen. func_append dlfiles " $func_resolve_sysroot_result" prev= elif test dlprefiles = "$prev"; then # The library was specified with -dlpreopen. func_append dlprefiles " $func_resolve_sysroot_result" prev= else func_append deplibs " $func_resolve_sysroot_result" fi continue ;; # Some other compiler argument. *) # Unknown arguments in both finalize_command and compile_command need # to be aesthetically quoted because they are evaled later. func_quote_for_eval "$arg" arg=$func_quote_for_eval_result ;; esac # arg # Now actually substitute the argument into the commands. if test -n "$arg"; then func_append compile_command " $arg" func_append finalize_command " $arg" fi done # argument parsing loop test -n "$prev" && \ func_fatal_help "the '$prevarg' option requires an argument" if test yes = "$export_dynamic" && test -n "$export_dynamic_flag_spec"; then eval arg=\"$export_dynamic_flag_spec\" func_append compile_command " $arg" func_append finalize_command " $arg" fi oldlibs= # calculate the name of the file, without its directory func_basename "$output" outputname=$func_basename_result libobjs_save=$libobjs if test -n "$shlibpath_var"; then # get the directories listed in $shlibpath_var eval shlib_search_path=\`\$ECHO \"\$$shlibpath_var\" \| \$SED \'s/:/ /g\'\` else shlib_search_path= fi eval sys_lib_search_path=\"$sys_lib_search_path_spec\" eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" # Definition is injected by LT_CONFIG during libtool generation. func_munge_path_list sys_lib_dlsearch_path "$LT_SYS_LIBRARY_PATH" func_dirname "$output" "/" "" output_objdir=$func_dirname_result$objdir func_to_tool_file "$output_objdir/" tool_output_objdir=$func_to_tool_file_result # Create the object directory. func_mkdir_p "$output_objdir" # Determine the type of output case $output in "") func_fatal_help "you must specify an output file" ;; *.$libext) linkmode=oldlib ;; *.lo | *.$objext) linkmode=obj ;; *.la) linkmode=lib ;; *) linkmode=prog ;; # Anything else should be a program. esac specialdeplibs= libs= # Find all interdependent deplibs by searching for libraries # that are linked more than once (e.g. -la -lb -la) for deplib in $deplibs; do if $opt_preserve_dup_deps; then case "$libs " in *" $deplib "*) func_append specialdeplibs " $deplib" ;; esac fi func_append libs " $deplib" done if test lib = "$linkmode"; then libs="$predeps $libs $compiler_lib_search_path $postdeps" # Compute libraries that are listed more than once in $predeps # $postdeps and mark them as special (i.e., whose duplicates are # not to be eliminated). pre_post_deps= if $opt_duplicate_compiler_generated_deps; then for pre_post_dep in $predeps $postdeps; do case "$pre_post_deps " in *" $pre_post_dep "*) func_append specialdeplibs " $pre_post_deps" ;; esac func_append pre_post_deps " $pre_post_dep" done fi pre_post_deps= fi deplibs= newdependency_libs= newlib_search_path= need_relink=no # whether we're linking any uninstalled libtool libraries notinst_deplibs= # not-installed libtool libraries notinst_path= # paths that contain not-installed libtool libraries case $linkmode in lib) passes="conv dlpreopen link" for file in $dlfiles $dlprefiles; do case $file in *.la) ;; *) func_fatal_help "libraries can '-dlopen' only libtool libraries: $file" ;; esac done ;; prog) compile_deplibs= finalize_deplibs= alldeplibs=false newdlfiles= newdlprefiles= passes="conv scan dlopen dlpreopen link" ;; *) passes="conv" ;; esac for pass in $passes; do # The preopen pass in lib mode reverses $deplibs; put it back here # so that -L comes before libs that need it for instance... if test lib,link = "$linkmode,$pass"; then ## FIXME: Find the place where the list is rebuilt in the wrong ## order, and fix it there properly tmp_deplibs= for deplib in $deplibs; do tmp_deplibs="$deplib $tmp_deplibs" done deplibs=$tmp_deplibs fi if test lib,link = "$linkmode,$pass" || test prog,scan = "$linkmode,$pass"; then libs=$deplibs deplibs= fi if test prog = "$linkmode"; then case $pass in dlopen) libs=$dlfiles ;; dlpreopen) libs=$dlprefiles ;; link) libs="$deplibs %DEPLIBS%" test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs" ;; esac fi if test lib,dlpreopen = "$linkmode,$pass"; then # Collect and forward deplibs of preopened libtool libs for lib in $dlprefiles; do # Ignore non-libtool-libs dependency_libs= func_resolve_sysroot "$lib" case $lib in *.la) func_source "$func_resolve_sysroot_result" ;; esac # Collect preopened libtool deplibs, except any this library # has declared as weak libs for deplib in $dependency_libs; do func_basename "$deplib" deplib_base=$func_basename_result case " $weak_libs " in *" $deplib_base "*) ;; *) func_append deplibs " $deplib" ;; esac done done libs=$dlprefiles fi if test dlopen = "$pass"; then # Collect dlpreopened libraries save_deplibs=$deplibs deplibs= fi for deplib in $libs; do lib= found=false case $deplib in -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) if test prog,link = "$linkmode,$pass"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else func_append compiler_flags " $deplib" if test lib = "$linkmode"; then case "$new_inherited_linker_flags " in *" $deplib "*) ;; * ) func_append new_inherited_linker_flags " $deplib" ;; esac fi fi continue ;; -l*) if test lib != "$linkmode" && test prog != "$linkmode"; then func_warning "'-l' is ignored for archives/objects" continue fi func_stripname '-l' '' "$deplib" name=$func_stripname_result if test lib = "$linkmode"; then searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" else searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" fi for searchdir in $searchdirs; do for search_ext in .la $std_shrext .so .a; do # Search the libtool library lib=$searchdir/lib$name$search_ext if test -f "$lib"; then if test .la = "$search_ext"; then found=: else found=false fi break 2 fi done done if $found; then # deplib is a libtool library # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, # We need to do some special things here, and not later. if test yes = "$allow_libtool_libs_with_static_runtimes"; then case " $predeps $postdeps " in *" $deplib "*) if func_lalib_p "$lib"; then library_names= old_library= func_source "$lib" for l in $old_library $library_names; do ll=$l done if test "X$ll" = "X$old_library"; then # only static version available found=false func_dirname "$lib" "" "." ladir=$func_dirname_result lib=$ladir/$old_library if test prog,link = "$linkmode,$pass"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" fi continue fi fi ;; *) ;; esac fi else # deplib doesn't seem to be a libtool library if test prog,link = "$linkmode,$pass"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" fi continue fi ;; # -l *.ltframework) if test prog,link = "$linkmode,$pass"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" if test lib = "$linkmode"; then case "$new_inherited_linker_flags " in *" $deplib "*) ;; * ) func_append new_inherited_linker_flags " $deplib" ;; esac fi fi continue ;; -L*) case $linkmode in lib) deplibs="$deplib $deplibs" test conv = "$pass" && continue newdependency_libs="$deplib $newdependency_libs" func_stripname '-L' '' "$deplib" func_resolve_sysroot "$func_stripname_result" func_append newlib_search_path " $func_resolve_sysroot_result" ;; prog) if test conv = "$pass"; then deplibs="$deplib $deplibs" continue fi if test scan = "$pass"; then deplibs="$deplib $deplibs" else compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" fi func_stripname '-L' '' "$deplib" func_resolve_sysroot "$func_stripname_result" func_append newlib_search_path " $func_resolve_sysroot_result" ;; *) func_warning "'-L' is ignored for archives/objects" ;; esac # linkmode continue ;; # -L -R*) if test link = "$pass"; then func_stripname '-R' '' "$deplib" func_resolve_sysroot "$func_stripname_result" dir=$func_resolve_sysroot_result # Make sure the xrpath contains only unique directories. case "$xrpath " in *" $dir "*) ;; *) func_append xrpath " $dir" ;; esac fi deplibs="$deplib $deplibs" continue ;; *.la) func_resolve_sysroot "$deplib" lib=$func_resolve_sysroot_result ;; *.$libext) if test conv = "$pass"; then deplibs="$deplib $deplibs" continue fi case $linkmode in lib) # Linking convenience modules into shared libraries is allowed, # but linking other static libraries is non-portable. case " $dlpreconveniencelibs " in *" $deplib "*) ;; *) valid_a_lib=false case $deplibs_check_method in match_pattern*) set dummy $deplibs_check_method; shift match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \ | $EGREP "$match_pattern_regex" > /dev/null; then valid_a_lib=: fi ;; pass_all) valid_a_lib=: ;; esac if $valid_a_lib; then echo $ECHO "*** Warning: Linking the shared library $output against the" $ECHO "*** static library $deplib is not portable!" deplibs="$deplib $deplibs" else echo $ECHO "*** Warning: Trying to link with static lib archive $deplib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have" echo "*** because the file extensions .$libext of this argument makes me believe" echo "*** that it is just a static archive that I should not use here." fi ;; esac continue ;; prog) if test link != "$pass"; then deplibs="$deplib $deplibs" else compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" fi continue ;; esac # linkmode ;; # *.$libext *.lo | *.$objext) if test conv = "$pass"; then deplibs="$deplib $deplibs" elif test prog = "$linkmode"; then if test dlpreopen = "$pass" || test yes != "$dlopen_support" || test no = "$build_libtool_libs"; then # If there is no dlopen support or we're linking statically, # we need to preload. func_append newdlprefiles " $deplib" compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else func_append newdlfiles " $deplib" fi fi continue ;; %DEPLIBS%) alldeplibs=: continue ;; esac # case $deplib $found || test -f "$lib" \ || func_fatal_error "cannot find the library '$lib' or unhandled argument '$deplib'" # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$lib" \ || func_fatal_error "'$lib' is not a valid libtool archive" func_dirname "$lib" "" "." ladir=$func_dirname_result dlname= dlopen= dlpreopen= libdir= library_names= old_library= inherited_linker_flags= # If the library was installed with an old release of libtool, # it will not redefine variables installed, or shouldnotlink installed=yes shouldnotlink=no avoidtemprpath= # Read the .la file func_source "$lib" # Convert "-framework foo" to "foo.ltframework" if test -n "$inherited_linker_flags"; then tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'` for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do case " $new_inherited_linker_flags " in *" $tmp_inherited_linker_flag "*) ;; *) func_append new_inherited_linker_flags " $tmp_inherited_linker_flag";; esac done fi dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` if test lib,link = "$linkmode,$pass" || test prog,scan = "$linkmode,$pass" || { test prog != "$linkmode" && test lib != "$linkmode"; }; then test -n "$dlopen" && func_append dlfiles " $dlopen" test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen" fi if test conv = "$pass"; then # Only check for convenience libraries deplibs="$lib $deplibs" if test -z "$libdir"; then if test -z "$old_library"; then func_fatal_error "cannot find name of link library for '$lib'" fi # It is a libtool convenience library, so add in its objects. func_append convenience " $ladir/$objdir/$old_library" func_append old_convenience " $ladir/$objdir/$old_library" tmp_libs= for deplib in $dependency_libs; do deplibs="$deplib $deplibs" if $opt_preserve_dup_deps; then case "$tmp_libs " in *" $deplib "*) func_append specialdeplibs " $deplib" ;; esac fi func_append tmp_libs " $deplib" done elif test prog != "$linkmode" && test lib != "$linkmode"; then func_fatal_error "'$lib' is not a convenience library" fi continue fi # $pass = conv # Get the name of the library we link against. linklib= if test -n "$old_library" && { test yes = "$prefer_static_libs" || test built,no = "$prefer_static_libs,$installed"; }; then linklib=$old_library else for l in $old_library $library_names; do linklib=$l done fi if test -z "$linklib"; then func_fatal_error "cannot find name of link library for '$lib'" fi # This library was specified with -dlopen. if test dlopen = "$pass"; then test -z "$libdir" \ && func_fatal_error "cannot -dlopen a convenience library: '$lib'" if test -z "$dlname" || test yes != "$dlopen_support" || test no = "$build_libtool_libs" then # If there is no dlname, no dlopen support or we're linking # statically, we need to preload. We also need to preload any # dependent libraries so libltdl's deplib preloader doesn't # bomb out in the load deplibs phase. func_append dlprefiles " $lib $dependency_libs" else func_append newdlfiles " $lib" fi continue fi # $pass = dlopen # We need an absolute path. case $ladir in [\\/]* | [A-Za-z]:[\\/]*) abs_ladir=$ladir ;; *) abs_ladir=`cd "$ladir" && pwd` if test -z "$abs_ladir"; then func_warning "cannot determine absolute directory name of '$ladir'" func_warning "passing it literally to the linker, although it might fail" abs_ladir=$ladir fi ;; esac func_basename "$lib" laname=$func_basename_result # Find the relevant object directory and library name. if test yes = "$installed"; then if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then func_warning "library '$lib' was moved." dir=$ladir absdir=$abs_ladir libdir=$abs_ladir else dir=$lt_sysroot$libdir absdir=$lt_sysroot$libdir fi test yes = "$hardcode_automatic" && avoidtemprpath=yes else if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then dir=$ladir absdir=$abs_ladir # Remove this search path later func_append notinst_path " $abs_ladir" else dir=$ladir/$objdir absdir=$abs_ladir/$objdir # Remove this search path later func_append notinst_path " $abs_ladir" fi fi # $installed = yes func_stripname 'lib' '.la' "$laname" name=$func_stripname_result # This library was specified with -dlpreopen. if test dlpreopen = "$pass"; then if test -z "$libdir" && test prog = "$linkmode"; then func_fatal_error "only libraries may -dlpreopen a convenience library: '$lib'" fi case $host in # special handling for platforms with PE-DLLs. *cygwin* | *mingw* | *cegcc* ) # Linker will automatically link against shared library if both # static and shared are present. Therefore, ensure we extract # symbols from the import library if a shared library is present # (otherwise, the dlopen module name will be incorrect). We do # this by putting the import library name into $newdlprefiles. # We recover the dlopen module name by 'saving' the la file # name in a special purpose variable, and (later) extracting the # dlname from the la file. if test -n "$dlname"; then func_tr_sh "$dir/$linklib" eval "libfile_$func_tr_sh_result=\$abs_ladir/\$laname" func_append newdlprefiles " $dir/$linklib" else func_append newdlprefiles " $dir/$old_library" # Keep a list of preopened convenience libraries to check # that they are being used correctly in the link pass. test -z "$libdir" && \ func_append dlpreconveniencelibs " $dir/$old_library" fi ;; * ) # Prefer using a static library (so that no silly _DYNAMIC symbols # are required to link). if test -n "$old_library"; then func_append newdlprefiles " $dir/$old_library" # Keep a list of preopened convenience libraries to check # that they are being used correctly in the link pass. test -z "$libdir" && \ func_append dlpreconveniencelibs " $dir/$old_library" # Otherwise, use the dlname, so that lt_dlopen finds it. elif test -n "$dlname"; then func_append newdlprefiles " $dir/$dlname" else func_append newdlprefiles " $dir/$linklib" fi ;; esac fi # $pass = dlpreopen if test -z "$libdir"; then # Link the convenience library if test lib = "$linkmode"; then deplibs="$dir/$old_library $deplibs" elif test prog,link = "$linkmode,$pass"; then compile_deplibs="$dir/$old_library $compile_deplibs" finalize_deplibs="$dir/$old_library $finalize_deplibs" else deplibs="$lib $deplibs" # used for prog,scan pass fi continue fi if test prog = "$linkmode" && test link != "$pass"; then func_append newlib_search_path " $ladir" deplibs="$lib $deplibs" linkalldeplibs=false if test no != "$link_all_deplibs" || test -z "$library_names" || test no = "$build_libtool_libs"; then linkalldeplibs=: fi tmp_libs= for deplib in $dependency_libs; do case $deplib in -L*) func_stripname '-L' '' "$deplib" func_resolve_sysroot "$func_stripname_result" func_append newlib_search_path " $func_resolve_sysroot_result" ;; esac # Need to link against all dependency_libs? if $linkalldeplibs; then deplibs="$deplib $deplibs" else # Need to hardcode shared library paths # or/and link against static libraries newdependency_libs="$deplib $newdependency_libs" fi if $opt_preserve_dup_deps; then case "$tmp_libs " in *" $deplib "*) func_append specialdeplibs " $deplib" ;; esac fi func_append tmp_libs " $deplib" done # for deplib continue fi # $linkmode = prog... if test prog,link = "$linkmode,$pass"; then if test -n "$library_names" && { { test no = "$prefer_static_libs" || test built,yes = "$prefer_static_libs,$installed"; } || test -z "$old_library"; }; then # We need to hardcode the library path if test -n "$shlibpath_var" && test -z "$avoidtemprpath"; then # Make sure the rpath contains only unique directories. case $temp_rpath: in *"$absdir:"*) ;; *) func_append temp_rpath "$absdir:" ;; esac fi # Hardcode the library path. # Skip directories that are in the system default run-time # search path. case " $sys_lib_dlsearch_path " in *" $absdir "*) ;; *) case "$compile_rpath " in *" $absdir "*) ;; *) func_append compile_rpath " $absdir" ;; esac ;; esac case " $sys_lib_dlsearch_path " in *" $libdir "*) ;; *) case "$finalize_rpath " in *" $libdir "*) ;; *) func_append finalize_rpath " $libdir" ;; esac ;; esac fi # $linkmode,$pass = prog,link... if $alldeplibs && { test pass_all = "$deplibs_check_method" || { test yes = "$build_libtool_libs" && test -n "$library_names"; }; }; then # We only need to search for static libraries continue fi fi link_static=no # Whether the deplib will be linked statically use_static_libs=$prefer_static_libs if test built = "$use_static_libs" && test yes = "$installed"; then use_static_libs=no fi if test -n "$library_names" && { test no = "$use_static_libs" || test -z "$old_library"; }; then case $host in *cygwin* | *mingw* | *cegcc* | *os2*) # No point in relinking DLLs because paths are not encoded func_append notinst_deplibs " $lib" need_relink=no ;; *) if test no = "$installed"; then func_append notinst_deplibs " $lib" need_relink=yes fi ;; esac # This is a shared library # Warn about portability, can't link against -module's on some # systems (darwin). Don't bleat about dlopened modules though! dlopenmodule= for dlpremoduletest in $dlprefiles; do if test "X$dlpremoduletest" = "X$lib"; then dlopenmodule=$dlpremoduletest break fi done if test -z "$dlopenmodule" && test yes = "$shouldnotlink" && test link = "$pass"; then echo if test prog = "$linkmode"; then $ECHO "*** Warning: Linking the executable $output against the loadable module" else $ECHO "*** Warning: Linking the shared library $output against the loadable module" fi $ECHO "*** $linklib is not portable!" fi if test lib = "$linkmode" && test yes = "$hardcode_into_libs"; then # Hardcode the library path. # Skip directories that are in the system default run-time # search path. case " $sys_lib_dlsearch_path " in *" $absdir "*) ;; *) case "$compile_rpath " in *" $absdir "*) ;; *) func_append compile_rpath " $absdir" ;; esac ;; esac case " $sys_lib_dlsearch_path " in *" $libdir "*) ;; *) case "$finalize_rpath " in *" $libdir "*) ;; *) func_append finalize_rpath " $libdir" ;; esac ;; esac fi if test -n "$old_archive_from_expsyms_cmds"; then # figure out the soname set dummy $library_names shift realname=$1 shift libname=`eval "\\$ECHO \"$libname_spec\""` # use dlname if we got it. it's perfectly good, no? if test -n "$dlname"; then soname=$dlname elif test -n "$soname_spec"; then # bleh windows case $host in *cygwin* | mingw* | *cegcc* | *os2*) func_arith $current - $age major=$func_arith_result versuffix=-$major ;; esac eval soname=\"$soname_spec\" else soname=$realname fi # Make a new name for the extract_expsyms_cmds to use soroot=$soname func_basename "$soroot" soname=$func_basename_result func_stripname 'lib' '.dll' "$soname" newlib=libimp-$func_stripname_result.a # If the library has no export list, then create one now if test -f "$output_objdir/$soname-def"; then : else func_verbose "extracting exported symbol list from '$soname'" func_execute_cmds "$extract_expsyms_cmds" 'exit $?' fi # Create $newlib if test -f "$output_objdir/$newlib"; then :; else func_verbose "generating import library for '$soname'" func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?' fi # make sure the library variables are pointing to the new library dir=$output_objdir linklib=$newlib fi # test -n "$old_archive_from_expsyms_cmds" if test prog = "$linkmode" || test relink != "$opt_mode"; then add_shlibpath= add_dir= add= lib_linked=yes case $hardcode_action in immediate | unsupported) if test no = "$hardcode_direct"; then add=$dir/$linklib case $host in *-*-sco3.2v5.0.[024]*) add_dir=-L$dir ;; *-*-sysv4*uw2*) add_dir=-L$dir ;; *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ *-*-unixware7*) add_dir=-L$dir ;; *-*-darwin* ) # if the lib is a (non-dlopened) module then we cannot # link against it, someone is ignoring the earlier warnings if /usr/bin/file -L $add 2> /dev/null | $GREP ": [^:]* bundle" >/dev/null; then if test "X$dlopenmodule" != "X$lib"; then $ECHO "*** Warning: lib $linklib is a module, not a shared library" if test -z "$old_library"; then echo echo "*** And there doesn't seem to be a static archive available" echo "*** The link will probably fail, sorry" else add=$dir/$old_library fi elif test -n "$old_library"; then add=$dir/$old_library fi fi esac elif test no = "$hardcode_minus_L"; then case $host in *-*-sunos*) add_shlibpath=$dir ;; esac add_dir=-L$dir add=-l$name elif test no = "$hardcode_shlibpath_var"; then add_shlibpath=$dir add=-l$name else lib_linked=no fi ;; relink) if test yes = "$hardcode_direct" && test no = "$hardcode_direct_absolute"; then add=$dir/$linklib elif test yes = "$hardcode_minus_L"; then add_dir=-L$absdir # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in [\\/]*) func_append add_dir " -L$inst_prefix_dir$libdir" ;; esac fi add=-l$name elif test yes = "$hardcode_shlibpath_var"; then add_shlibpath=$dir add=-l$name else lib_linked=no fi ;; *) lib_linked=no ;; esac if test yes != "$lib_linked"; then func_fatal_configuration "unsupported hardcode properties" fi if test -n "$add_shlibpath"; then case :$compile_shlibpath: in *":$add_shlibpath:"*) ;; *) func_append compile_shlibpath "$add_shlibpath:" ;; esac fi if test prog = "$linkmode"; then test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" test -n "$add" && compile_deplibs="$add $compile_deplibs" else test -n "$add_dir" && deplibs="$add_dir $deplibs" test -n "$add" && deplibs="$add $deplibs" if test yes != "$hardcode_direct" && test yes != "$hardcode_minus_L" && test yes = "$hardcode_shlibpath_var"; then case :$finalize_shlibpath: in *":$libdir:"*) ;; *) func_append finalize_shlibpath "$libdir:" ;; esac fi fi fi if test prog = "$linkmode" || test relink = "$opt_mode"; then add_shlibpath= add_dir= add= # Finalize command for both is simple: just hardcode it. if test yes = "$hardcode_direct" && test no = "$hardcode_direct_absolute"; then add=$libdir/$linklib elif test yes = "$hardcode_minus_L"; then add_dir=-L$libdir add=-l$name elif test yes = "$hardcode_shlibpath_var"; then case :$finalize_shlibpath: in *":$libdir:"*) ;; *) func_append finalize_shlibpath "$libdir:" ;; esac add=-l$name elif test yes = "$hardcode_automatic"; then if test -n "$inst_prefix_dir" && test -f "$inst_prefix_dir$libdir/$linklib"; then add=$inst_prefix_dir$libdir/$linklib else add=$libdir/$linklib fi else # We cannot seem to hardcode it, guess we'll fake it. add_dir=-L$libdir # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in [\\/]*) func_append add_dir " -L$inst_prefix_dir$libdir" ;; esac fi add=-l$name fi if test prog = "$linkmode"; then test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" test -n "$add" && finalize_deplibs="$add $finalize_deplibs" else test -n "$add_dir" && deplibs="$add_dir $deplibs" test -n "$add" && deplibs="$add $deplibs" fi fi elif test prog = "$linkmode"; then # Here we assume that one of hardcode_direct or hardcode_minus_L # is not unsupported. This is valid on all known static and # shared platforms. if test unsupported != "$hardcode_direct"; then test -n "$old_library" && linklib=$old_library compile_deplibs="$dir/$linklib $compile_deplibs" finalize_deplibs="$dir/$linklib $finalize_deplibs" else compile_deplibs="-l$name -L$dir $compile_deplibs" finalize_deplibs="-l$name -L$dir $finalize_deplibs" fi elif test yes = "$build_libtool_libs"; then # Not a shared library if test pass_all != "$deplibs_check_method"; then # We're trying link a shared library against a static one # but the system doesn't support it. # Just print a warning and add the library to dependency_libs so # that the program can be linked against the static library. echo $ECHO "*** Warning: This system cannot link to static lib archive $lib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have." if test yes = "$module"; then echo "*** But as you try to build a module library, libtool will still create " echo "*** a static module, that should work as long as the dlopening application" echo "*** is linked with the -dlopen flag to resolve symbols at runtime." if test -z "$global_symbol_pipe"; then echo echo "*** However, this would only work if libtool was able to extract symbol" echo "*** lists from a program, using 'nm' or equivalent, but libtool could" echo "*** not find such a program. So, this module is probably useless." echo "*** 'nm' from GNU binutils and a full rebuild may help." fi if test no = "$build_old_libs"; then build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi fi else deplibs="$dir/$old_library $deplibs" link_static=yes fi fi # link shared/static library? if test lib = "$linkmode"; then if test -n "$dependency_libs" && { test yes != "$hardcode_into_libs" || test yes = "$build_old_libs" || test yes = "$link_static"; }; then # Extract -R from dependency_libs temp_deplibs= for libdir in $dependency_libs; do case $libdir in -R*) func_stripname '-R' '' "$libdir" temp_xrpath=$func_stripname_result case " $xrpath " in *" $temp_xrpath "*) ;; *) func_append xrpath " $temp_xrpath";; esac;; *) func_append temp_deplibs " $libdir";; esac done dependency_libs=$temp_deplibs fi func_append newlib_search_path " $absdir" # Link against this library test no = "$link_static" && newdependency_libs="$abs_ladir/$laname $newdependency_libs" # ... and its dependency_libs tmp_libs= for deplib in $dependency_libs; do newdependency_libs="$deplib $newdependency_libs" case $deplib in -L*) func_stripname '-L' '' "$deplib" func_resolve_sysroot "$func_stripname_result";; *) func_resolve_sysroot "$deplib" ;; esac if $opt_preserve_dup_deps; then case "$tmp_libs " in *" $func_resolve_sysroot_result "*) func_append specialdeplibs " $func_resolve_sysroot_result" ;; esac fi func_append tmp_libs " $func_resolve_sysroot_result" done if test no != "$link_all_deplibs"; then # Add the search paths of all dependency libraries for deplib in $dependency_libs; do path= case $deplib in -L*) path=$deplib ;; *.la) func_resolve_sysroot "$deplib" deplib=$func_resolve_sysroot_result func_dirname "$deplib" "" "." dir=$func_dirname_result # We need an absolute path. case $dir in [\\/]* | [A-Za-z]:[\\/]*) absdir=$dir ;; *) absdir=`cd "$dir" && pwd` if test -z "$absdir"; then func_warning "cannot determine absolute directory name of '$dir'" absdir=$dir fi ;; esac if $GREP "^installed=no" $deplib > /dev/null; then case $host in *-*-darwin*) depdepl= eval deplibrary_names=`$SED -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` if test -n "$deplibrary_names"; then for tmp in $deplibrary_names; do depdepl=$tmp done if test -f "$absdir/$objdir/$depdepl"; then depdepl=$absdir/$objdir/$depdepl darwin_install_name=`$OTOOL -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` if test -z "$darwin_install_name"; then darwin_install_name=`$OTOOL64 -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` fi func_append compiler_flags " $wl-dylib_file $wl$darwin_install_name:$depdepl" func_append linker_flags " -dylib_file $darwin_install_name:$depdepl" path= fi fi ;; *) path=-L$absdir/$objdir ;; esac else eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` test -z "$libdir" && \ func_fatal_error "'$deplib' is not a valid libtool archive" test "$absdir" != "$libdir" && \ func_warning "'$deplib' seems to be moved" path=-L$absdir fi ;; esac case " $deplibs " in *" $path "*) ;; *) deplibs="$path $deplibs" ;; esac done fi # link_all_deplibs != no fi # linkmode = lib done # for deplib in $libs if test link = "$pass"; then if test prog = "$linkmode"; then compile_deplibs="$new_inherited_linker_flags $compile_deplibs" finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" else compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` fi fi dependency_libs=$newdependency_libs if test dlpreopen = "$pass"; then # Link the dlpreopened libraries before other libraries for deplib in $save_deplibs; do deplibs="$deplib $deplibs" done fi if test dlopen != "$pass"; then test conv = "$pass" || { # Make sure lib_search_path contains only unique directories. lib_search_path= for dir in $newlib_search_path; do case "$lib_search_path " in *" $dir "*) ;; *) func_append lib_search_path " $dir" ;; esac done newlib_search_path= } if test prog,link = "$linkmode,$pass"; then vars="compile_deplibs finalize_deplibs" else vars=deplibs fi for var in $vars dependency_libs; do # Add libraries to $var in reverse order eval tmp_libs=\"\$$var\" new_libs= for deplib in $tmp_libs; do # FIXME: Pedantically, this is the right thing to do, so # that some nasty dependency loop isn't accidentally # broken: #new_libs="$deplib $new_libs" # Pragmatically, this seems to cause very few problems in # practice: case $deplib in -L*) new_libs="$deplib $new_libs" ;; -R*) ;; *) # And here is the reason: when a library appears more # than once as an explicit dependence of a library, or # is implicitly linked in more than once by the # compiler, it is considered special, and multiple # occurrences thereof are not removed. Compare this # with having the same library being listed as a # dependency of multiple other libraries: in this case, # we know (pedantically, we assume) the library does not # need to be listed more than once, so we keep only the # last copy. This is not always right, but it is rare # enough that we require users that really mean to play # such unportable linking tricks to link the library # using -Wl,-lname, so that libtool does not consider it # for duplicate removal. case " $specialdeplibs " in *" $deplib "*) new_libs="$deplib $new_libs" ;; *) case " $new_libs " in *" $deplib "*) ;; *) new_libs="$deplib $new_libs" ;; esac ;; esac ;; esac done tmp_libs= for deplib in $new_libs; do case $deplib in -L*) case " $tmp_libs " in *" $deplib "*) ;; *) func_append tmp_libs " $deplib" ;; esac ;; *) func_append tmp_libs " $deplib" ;; esac done eval $var=\"$tmp_libs\" done # for var fi # Add Sun CC postdeps if required: test CXX = "$tagname" && { case $host_os in linux*) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 func_suncc_cstd_abi if test no != "$suncc_use_cstd_abi"; then func_append postdeps ' -library=Cstd -library=Crun' fi ;; esac ;; solaris*) func_cc_basename "$CC" case $func_cc_basename_result in CC* | sunCC*) func_suncc_cstd_abi if test no != "$suncc_use_cstd_abi"; then func_append postdeps ' -library=Cstd -library=Crun' fi ;; esac ;; esac } # Last step: remove runtime libs from dependency_libs # (they stay in deplibs) tmp_libs= for i in $dependency_libs; do case " $predeps $postdeps $compiler_lib_search_path " in *" $i "*) i= ;; esac if test -n "$i"; then func_append tmp_libs " $i" fi done dependency_libs=$tmp_libs done # for pass if test prog = "$linkmode"; then dlfiles=$newdlfiles fi if test prog = "$linkmode" || test lib = "$linkmode"; then dlprefiles=$newdlprefiles fi case $linkmode in oldlib) if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then func_warning "'-dlopen' is ignored for archives" fi case " $deplibs" in *\ -l* | *\ -L*) func_warning "'-l' and '-L' are ignored for archives" ;; esac test -n "$rpath" && \ func_warning "'-rpath' is ignored for archives" test -n "$xrpath" && \ func_warning "'-R' is ignored for archives" test -n "$vinfo" && \ func_warning "'-version-info/-version-number' is ignored for archives" test -n "$release" && \ func_warning "'-release' is ignored for archives" test -n "$export_symbols$export_symbols_regex" && \ func_warning "'-export-symbols' is ignored for archives" # Now set the variables for building old libraries. build_libtool_libs=no oldlibs=$output func_append objs "$old_deplibs" ;; lib) # Make sure we only generate libraries of the form 'libNAME.la'. case $outputname in lib*) func_stripname 'lib' '.la' "$outputname" name=$func_stripname_result eval shared_ext=\"$shrext_cmds\" eval libname=\"$libname_spec\" ;; *) test no = "$module" \ && func_fatal_help "libtool library '$output' must begin with 'lib'" if test no != "$need_lib_prefix"; then # Add the "lib" prefix for modules if required func_stripname '' '.la' "$outputname" name=$func_stripname_result eval shared_ext=\"$shrext_cmds\" eval libname=\"$libname_spec\" else func_stripname '' '.la' "$outputname" libname=$func_stripname_result fi ;; esac if test -n "$objs"; then if test pass_all != "$deplibs_check_method"; then func_fatal_error "cannot build libtool library '$output' from non-libtool objects on this host:$objs" else echo $ECHO "*** Warning: Linking the shared library $output against the non-libtool" $ECHO "*** objects $objs is not portable!" func_append libobjs " $objs" fi fi test no = "$dlself" \ || func_warning "'-dlopen self' is ignored for libtool libraries" set dummy $rpath shift test 1 -lt "$#" \ && func_warning "ignoring multiple '-rpath's for a libtool library" install_libdir=$1 oldlibs= if test -z "$rpath"; then if test yes = "$build_libtool_libs"; then # Building a libtool convenience library. # Some compilers have problems with a '.al' extension so # convenience libraries should have the same extension an # archive normally would. oldlibs="$output_objdir/$libname.$libext $oldlibs" build_libtool_libs=convenience build_old_libs=yes fi test -n "$vinfo" && \ func_warning "'-version-info/-version-number' is ignored for convenience libraries" test -n "$release" && \ func_warning "'-release' is ignored for convenience libraries" else # Parse the version information argument. save_ifs=$IFS; IFS=: set dummy $vinfo 0 0 0 shift IFS=$save_ifs test -n "$7" && \ func_fatal_help "too many parameters to '-version-info'" # convert absolute version numbers to libtool ages # this retains compatibility with .la files and attempts # to make the code below a bit more comprehensible case $vinfo_number in yes) number_major=$1 number_minor=$2 number_revision=$3 # # There are really only two kinds -- those that # use the current revision as the major version # and those that subtract age and use age as # a minor version. But, then there is irix # that has an extra 1 added just for fun # case $version_type in # correct linux to gnu/linux during the next big refactor darwin|freebsd-elf|linux|osf|windows|none) func_arith $number_major + $number_minor current=$func_arith_result age=$number_minor revision=$number_revision ;; freebsd-aout|qnx|sunos) current=$number_major revision=$number_minor age=0 ;; irix|nonstopux) func_arith $number_major + $number_minor current=$func_arith_result age=$number_minor revision=$number_minor lt_irix_increment=no ;; *) func_fatal_configuration "$modename: unknown library version type '$version_type'" ;; esac ;; no) current=$1 revision=$2 age=$3 ;; esac # Check that each of the things are valid numbers. case $current in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) func_error "CURRENT '$current' must be a nonnegative integer" func_fatal_error "'$vinfo' is not valid version information" ;; esac case $revision in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) func_error "REVISION '$revision' must be a nonnegative integer" func_fatal_error "'$vinfo' is not valid version information" ;; esac case $age in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) func_error "AGE '$age' must be a nonnegative integer" func_fatal_error "'$vinfo' is not valid version information" ;; esac if test "$age" -gt "$current"; then func_error "AGE '$age' is greater than the current interface number '$current'" func_fatal_error "'$vinfo' is not valid version information" fi # Calculate the version variables. major= versuffix= verstring= case $version_type in none) ;; darwin) # Like Linux, but with the current version available in # verstring for coding it into the library header func_arith $current - $age major=.$func_arith_result versuffix=$major.$age.$revision # Darwin ld doesn't like 0 for these options... func_arith $current + 1 minor_current=$func_arith_result xlcverstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" # On Darwin other compilers case $CC in nagfor*) verstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" ;; *) verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" ;; esac ;; freebsd-aout) major=.$current versuffix=.$current.$revision ;; freebsd-elf) func_arith $current - $age major=.$func_arith_result versuffix=$major.$age.$revision ;; irix | nonstopux) if test no = "$lt_irix_increment"; then func_arith $current - $age else func_arith $current - $age + 1 fi major=$func_arith_result case $version_type in nonstopux) verstring_prefix=nonstopux ;; *) verstring_prefix=sgi ;; esac verstring=$verstring_prefix$major.$revision # Add in all the interfaces that we are compatible with. loop=$revision while test 0 -ne "$loop"; do func_arith $revision - $loop iface=$func_arith_result func_arith $loop - 1 loop=$func_arith_result verstring=$verstring_prefix$major.$iface:$verstring done # Before this point, $major must not contain '.'. major=.$major versuffix=$major.$revision ;; linux) # correct to gnu/linux during the next big refactor func_arith $current - $age major=.$func_arith_result versuffix=$major.$age.$revision ;; osf) func_arith $current - $age major=.$func_arith_result versuffix=.$current.$age.$revision verstring=$current.$age.$revision # Add in all the interfaces that we are compatible with. loop=$age while test 0 -ne "$loop"; do func_arith $current - $loop iface=$func_arith_result func_arith $loop - 1 loop=$func_arith_result verstring=$verstring:$iface.0 done # Make executables depend on our current version. func_append verstring ":$current.0" ;; qnx) major=.$current versuffix=.$current ;; sco) major=.$current versuffix=.$current ;; sunos) major=.$current versuffix=.$current.$revision ;; windows) # Use '-' rather than '.', since we only want one # extension on DOS 8.3 file systems. func_arith $current - $age major=$func_arith_result versuffix=-$major ;; *) func_fatal_configuration "unknown library version type '$version_type'" ;; esac # Clear the version info if we defaulted, and they specified a release. if test -z "$vinfo" && test -n "$release"; then major= case $version_type in darwin) # we can't check for "0.0" in archive_cmds due to quoting # problems, so we reset it completely verstring= ;; *) verstring=0.0 ;; esac if test no = "$need_version"; then versuffix= else versuffix=.0.0 fi fi # Remove version info from name if versioning should be avoided if test yes,no = "$avoid_version,$need_version"; then major= versuffix= verstring= fi # Check to see if the archive will have undefined symbols. if test yes = "$allow_undefined"; then if test unsupported = "$allow_undefined_flag"; then if test yes = "$build_old_libs"; then func_warning "undefined symbols not allowed in $host shared libraries; building static only" build_libtool_libs=no else func_fatal_error "can't build $host shared library unless -no-undefined is specified" fi fi else # Don't allow undefined symbols. allow_undefined_flag=$no_undefined_flag fi fi func_generate_dlsyms "$libname" "$libname" : func_append libobjs " $symfileobj" test " " = "$libobjs" && libobjs= if test relink != "$opt_mode"; then # Remove our outputs, but don't remove object files since they # may have been created when compiling PIC objects. removelist= tempremovelist=`$ECHO "$output_objdir/*"` for p in $tempremovelist; do case $p in *.$objext | *.gcno) ;; $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/$libname$release.*) if test -n "$precious_files_regex"; then if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 then continue fi fi func_append removelist " $p" ;; *) ;; esac done test -n "$removelist" && \ func_show_eval "${RM}r \$removelist" fi # Now set the variables for building old libraries. if test yes = "$build_old_libs" && test convenience != "$build_libtool_libs"; then func_append oldlibs " $output_objdir/$libname.$libext" # Transform .lo files to .o files. oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; $lo2o" | $NL2SP` fi # Eliminate all temporary directories. #for path in $notinst_path; do # lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"` # deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"` # dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"` #done if test -n "$xrpath"; then # If the user specified any rpath flags, then add them. temp_xrpath= for libdir in $xrpath; do func_replace_sysroot "$libdir" func_append temp_xrpath " -R$func_replace_sysroot_result" case "$finalize_rpath " in *" $libdir "*) ;; *) func_append finalize_rpath " $libdir" ;; esac done if test yes != "$hardcode_into_libs" || test yes = "$build_old_libs"; then dependency_libs="$temp_xrpath $dependency_libs" fi fi # Make sure dlfiles contains only unique files that won't be dlpreopened old_dlfiles=$dlfiles dlfiles= for lib in $old_dlfiles; do case " $dlprefiles $dlfiles " in *" $lib "*) ;; *) func_append dlfiles " $lib" ;; esac done # Make sure dlprefiles contains only unique files old_dlprefiles=$dlprefiles dlprefiles= for lib in $old_dlprefiles; do case "$dlprefiles " in *" $lib "*) ;; *) func_append dlprefiles " $lib" ;; esac done if test yes = "$build_libtool_libs"; then if test -n "$rpath"; then case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*) # these systems don't actually have a c library (as such)! ;; *-*-rhapsody* | *-*-darwin1.[012]) # Rhapsody C library is in the System framework func_append deplibs " System.ltframework" ;; *-*-netbsd*) # Don't link with libc until the a.out ld.so is fixed. ;; *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) # Do not include libc due to us having libc/libc_r. ;; *-*-sco3.2v5* | *-*-sco5v6*) # Causes problems with __ctype ;; *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) # Compiler inserts libc in the correct place for threads to work ;; *) # Add libc to deplibs on all other systems if necessary. if test yes = "$build_libtool_need_lc"; then func_append deplibs " -lc" fi ;; esac fi # Transform deplibs into only deplibs that can be linked in shared. name_save=$name libname_save=$libname release_save=$release versuffix_save=$versuffix major_save=$major # I'm not sure if I'm treating the release correctly. I think # release should show up in the -l (ie -lgmp5) so we don't want to # add it in twice. Is that correct? release= versuffix= major= newdeplibs= droppeddeps=no case $deplibs_check_method in pass_all) # Don't check for shared/static. Everything works. # This might be a little naive. We might want to check # whether the library exists or not. But this is on # osf3 & osf4 and I'm not really sure... Just # implementing what was already the behavior. newdeplibs=$deplibs ;; test_compile) # This code stresses the "libraries are programs" paradigm to its # limits. Maybe even breaks it. We compile a program, linking it # against the deplibs as a proxy for the library. Then we can check # whether they linked in statically or dynamically with ldd. $opt_dry_run || $RM conftest.c cat > conftest.c </dev/null` $nocaseglob else potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null` fi for potent_lib in $potential_libs; do # Follow soft links. if ls -lLd "$potent_lib" 2>/dev/null | $GREP " -> " >/dev/null; then continue fi # The statement above tries to avoid entering an # endless loop below, in case of cyclic links. # We might still enter an endless loop, since a link # loop can be closed while we follow links, # but so what? potlib=$potent_lib while test -h "$potlib" 2>/dev/null; do potliblink=`ls -ld $potlib | $SED 's/.* -> //'` case $potliblink in [\\/]* | [A-Za-z]:[\\/]*) potlib=$potliblink;; *) potlib=`$ECHO "$potlib" | $SED 's|[^/]*$||'`"$potliblink";; esac done if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | $SED -e 10q | $EGREP "$file_magic_regex" > /dev/null; then func_append newdeplibs " $a_deplib" a_deplib= break 2 fi done done fi if test -n "$a_deplib"; then droppeddeps=yes echo $ECHO "*** Warning: linker path does not have real file for library $a_deplib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have" echo "*** because I did check the linker path looking for a file starting" if test -z "$potlib"; then $ECHO "*** with $libname but no candidates were found. (...for file magic test)" else $ECHO "*** with $libname and none of the candidates passed a file format test" $ECHO "*** using a file magic. Last file checked: $potlib" fi fi ;; *) # Add a -L argument. func_append newdeplibs " $a_deplib" ;; esac done # Gone through all deplibs. ;; match_pattern*) set dummy $deplibs_check_method; shift match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` for a_deplib in $deplibs; do case $a_deplib in -l*) func_stripname -l '' "$a_deplib" name=$func_stripname_result if test yes = "$allow_libtool_libs_with_static_runtimes"; then case " $predeps $postdeps " in *" $a_deplib "*) func_append newdeplibs " $a_deplib" a_deplib= ;; esac fi if test -n "$a_deplib"; then libname=`eval "\\$ECHO \"$libname_spec\""` for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do potential_libs=`ls $i/$libname[.-]* 2>/dev/null` for potent_lib in $potential_libs; do potlib=$potent_lib # see symlink-check above in file_magic test if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \ $EGREP "$match_pattern_regex" > /dev/null; then func_append newdeplibs " $a_deplib" a_deplib= break 2 fi done done fi if test -n "$a_deplib"; then droppeddeps=yes echo $ECHO "*** Warning: linker path does not have real file for library $a_deplib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have" echo "*** because I did check the linker path looking for a file starting" if test -z "$potlib"; then $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" else $ECHO "*** with $libname and none of the candidates passed a file format test" $ECHO "*** using a regex pattern. Last file checked: $potlib" fi fi ;; *) # Add a -L argument. func_append newdeplibs " $a_deplib" ;; esac done # Gone through all deplibs. ;; none | unknown | *) newdeplibs= tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'` if test yes = "$allow_libtool_libs_with_static_runtimes"; then for i in $predeps $postdeps; do # can't use Xsed below, because $i might contain '/' tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s|$i||"` done fi case $tmp_deplibs in *[!\ \ ]*) echo if test none = "$deplibs_check_method"; then echo "*** Warning: inter-library dependencies are not supported in this platform." else echo "*** Warning: inter-library dependencies are not known to be supported." fi echo "*** All declared inter-library dependencies are being dropped." droppeddeps=yes ;; esac ;; esac versuffix=$versuffix_save major=$major_save release=$release_save libname=$libname_save name=$name_save case $host in *-*-rhapsody* | *-*-darwin1.[012]) # On Rhapsody replace the C library with the System framework newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'` ;; esac if test yes = "$droppeddeps"; then if test yes = "$module"; then echo echo "*** Warning: libtool could not satisfy all declared inter-library" $ECHO "*** dependencies of module $libname. Therefore, libtool will create" echo "*** a static module, that should work as long as the dlopening" echo "*** application is linked with the -dlopen flag." if test -z "$global_symbol_pipe"; then echo echo "*** However, this would only work if libtool was able to extract symbol" echo "*** lists from a program, using 'nm' or equivalent, but libtool could" echo "*** not find such a program. So, this module is probably useless." echo "*** 'nm' from GNU binutils and a full rebuild may help." fi if test no = "$build_old_libs"; then oldlibs=$output_objdir/$libname.$libext build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi else echo "*** The inter-library dependencies that have been dropped here will be" echo "*** automatically added whenever a program is linked with this library" echo "*** or is declared to -dlopen it." if test no = "$allow_undefined"; then echo echo "*** Since this library must not contain undefined symbols," echo "*** because either the platform does not support them or" echo "*** it was explicitly requested with -no-undefined," echo "*** libtool will only create a static version of it." if test no = "$build_old_libs"; then oldlibs=$output_objdir/$libname.$libext build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi fi fi fi # Done checking deplibs! deplibs=$newdeplibs fi # Time to change all our "foo.ltframework" stuff back to "-framework foo" case $host in *-*-darwin*) newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` ;; esac # move library search paths that coincide with paths to not yet # installed libraries to the beginning of the library search list new_libs= for path in $notinst_path; do case " $new_libs " in *" -L$path/$objdir "*) ;; *) case " $deplibs " in *" -L$path/$objdir "*) func_append new_libs " -L$path/$objdir" ;; esac ;; esac done for deplib in $deplibs; do case $deplib in -L*) case " $new_libs " in *" $deplib "*) ;; *) func_append new_libs " $deplib" ;; esac ;; *) func_append new_libs " $deplib" ;; esac done deplibs=$new_libs # All the library-specific variables (install_libdir is set above). library_names= old_library= dlname= # Test again, we may have decided not to build it any more if test yes = "$build_libtool_libs"; then # Remove $wl instances when linking with ld. # FIXME: should test the right _cmds variable. case $archive_cmds in *\$LD\ *) wl= ;; esac if test yes = "$hardcode_into_libs"; then # Hardcode the library paths hardcode_libdirs= dep_rpath= rpath=$finalize_rpath test relink = "$opt_mode" || rpath=$compile_rpath$rpath for libdir in $rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then func_replace_sysroot "$libdir" libdir=$func_replace_sysroot_result if test -z "$hardcode_libdirs"; then hardcode_libdirs=$libdir else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" func_append dep_rpath " $flag" fi elif test -n "$runpath_var"; then case "$perm_rpath " in *" $libdir "*) ;; *) func_append perm_rpath " $libdir" ;; esac fi done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir=$hardcode_libdirs eval "dep_rpath=\"$hardcode_libdir_flag_spec\"" fi if test -n "$runpath_var" && test -n "$perm_rpath"; then # We should set the runpath_var. rpath= for dir in $perm_rpath; do func_append rpath "$dir:" done eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var" fi test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" fi shlibpath=$finalize_shlibpath test relink = "$opt_mode" || shlibpath=$compile_shlibpath$shlibpath if test -n "$shlibpath"; then eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" fi # Get the real and link names of the library. eval shared_ext=\"$shrext_cmds\" eval library_names=\"$library_names_spec\" set dummy $library_names shift realname=$1 shift if test -n "$soname_spec"; then eval soname=\"$soname_spec\" else soname=$realname fi if test -z "$dlname"; then dlname=$soname fi lib=$output_objdir/$realname linknames= for link do func_append linknames " $link" done # Use standard objects if they are pic test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP` test "X$libobjs" = "X " && libobjs= delfiles= if test -n "$export_symbols" && test -n "$include_expsyms"; then $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp" export_symbols=$output_objdir/$libname.uexp func_append delfiles " $export_symbols" fi orig_export_symbols= case $host_os in cygwin* | mingw* | cegcc*) if test -n "$export_symbols" && test -z "$export_symbols_regex"; then # exporting using user supplied symfile func_dll_def_p "$export_symbols" || { # and it's NOT already a .def file. Must figure out # which of the given symbols are data symbols and tag # them as such. So, trigger use of export_symbols_cmds. # export_symbols gets reassigned inside the "prepare # the list of exported symbols" if statement, so the # include_expsyms logic still works. orig_export_symbols=$export_symbols export_symbols= always_export_symbols=yes } fi ;; esac # Prepare the list of exported symbols if test -z "$export_symbols"; then if test yes = "$always_export_symbols" || test -n "$export_symbols_regex"; then func_verbose "generating symbol list for '$libname.la'" export_symbols=$output_objdir/$libname.exp $opt_dry_run || $RM $export_symbols cmds=$export_symbols_cmds save_ifs=$IFS; IFS='~' for cmd1 in $cmds; do IFS=$save_ifs # Take the normal branch if the nm_file_list_spec branch # doesn't work or if tool conversion is not needed. case $nm_file_list_spec~$to_tool_file_cmd in *~func_convert_file_noop | *~func_convert_file_msys_to_w32 | ~*) try_normal_branch=yes eval cmd=\"$cmd1\" func_len " $cmd" len=$func_len_result ;; *) try_normal_branch=no ;; esac if test yes = "$try_normal_branch" \ && { test "$len" -lt "$max_cmd_len" \ || test "$max_cmd_len" -le -1; } then func_show_eval "$cmd" 'exit $?' skipped_export=false elif test -n "$nm_file_list_spec"; then func_basename "$output" output_la=$func_basename_result save_libobjs=$libobjs save_output=$output output=$output_objdir/$output_la.nm func_to_tool_file "$output" libobjs=$nm_file_list_spec$func_to_tool_file_result func_append delfiles " $output" func_verbose "creating $NM input file list: $output" for obj in $save_libobjs; do func_to_tool_file "$obj" $ECHO "$func_to_tool_file_result" done > "$output" eval cmd=\"$cmd1\" func_show_eval "$cmd" 'exit $?' output=$save_output libobjs=$save_libobjs skipped_export=false else # The command line is too long to execute in one step. func_verbose "using reloadable object file for export list..." skipped_export=: # Break out early, otherwise skipped_export may be # set to false by a later but shorter cmd. break fi done IFS=$save_ifs if test -n "$export_symbols_regex" && test : != "$skipped_export"; then func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' func_show_eval '$MV "${export_symbols}T" "$export_symbols"' fi fi fi if test -n "$export_symbols" && test -n "$include_expsyms"; then tmp_export_symbols=$export_symbols test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' fi if test : != "$skipped_export" && test -n "$orig_export_symbols"; then # The given exports_symbols file has to be filtered, so filter it. func_verbose "filter symbol list for '$libname.la' to tag DATA exports" # FIXME: $output_objdir/$libname.filter potentially contains lots of # 's' commands, which not all seds can handle. GNU sed should be fine # though. Also, the filter scales superlinearly with the number of # global variables. join(1) would be nice here, but unfortunately # isn't a blessed tool. $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter func_append delfiles " $export_symbols $output_objdir/$libname.filter" export_symbols=$output_objdir/$libname.def $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols fi tmp_deplibs= for test_deplib in $deplibs; do case " $convenience " in *" $test_deplib "*) ;; *) func_append tmp_deplibs " $test_deplib" ;; esac done deplibs=$tmp_deplibs if test -n "$convenience"; then if test -n "$whole_archive_flag_spec" && test yes = "$compiler_needs_object" && test -z "$libobjs"; then # extract the archives, so we have objects to list. # TODO: could optimize this to just extract one archive. whole_archive_flag_spec= fi if test -n "$whole_archive_flag_spec"; then save_libobjs=$libobjs eval libobjs=\"\$libobjs $whole_archive_flag_spec\" test "X$libobjs" = "X " && libobjs= else gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_extract_archives $gentop $convenience func_append libobjs " $func_extract_archives_result" test "X$libobjs" = "X " && libobjs= fi fi if test yes = "$thread_safe" && test -n "$thread_safe_flag_spec"; then eval flag=\"$thread_safe_flag_spec\" func_append linker_flags " $flag" fi # Make a backup of the uninstalled library when relinking if test relink = "$opt_mode"; then $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $? fi # Do each of the archive commands. if test yes = "$module" && test -n "$module_cmds"; then if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then eval test_cmds=\"$module_expsym_cmds\" cmds=$module_expsym_cmds else eval test_cmds=\"$module_cmds\" cmds=$module_cmds fi else if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then eval test_cmds=\"$archive_expsym_cmds\" cmds=$archive_expsym_cmds else eval test_cmds=\"$archive_cmds\" cmds=$archive_cmds fi fi if test : != "$skipped_export" && func_len " $test_cmds" && len=$func_len_result && test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then : else # The command line is too long to link in one step, link piecewise # or, if using GNU ld and skipped_export is not :, use a linker # script. # Save the value of $output and $libobjs because we want to # use them later. If we have whole_archive_flag_spec, we # want to use save_libobjs as it was before # whole_archive_flag_spec was expanded, because we can't # assume the linker understands whole_archive_flag_spec. # This may have to be revisited, in case too many # convenience libraries get linked in and end up exceeding # the spec. if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then save_libobjs=$libobjs fi save_output=$output func_basename "$output" output_la=$func_basename_result # Clear the reloadable object creation command queue and # initialize k to one. test_cmds= concat_cmds= objlist= last_robj= k=1 if test -n "$save_libobjs" && test : != "$skipped_export" && test yes = "$with_gnu_ld"; then output=$output_objdir/$output_la.lnkscript func_verbose "creating GNU ld script: $output" echo 'INPUT (' > $output for obj in $save_libobjs do func_to_tool_file "$obj" $ECHO "$func_to_tool_file_result" >> $output done echo ')' >> $output func_append delfiles " $output" func_to_tool_file "$output" output=$func_to_tool_file_result elif test -n "$save_libobjs" && test : != "$skipped_export" && test -n "$file_list_spec"; then output=$output_objdir/$output_la.lnk func_verbose "creating linker input file list: $output" : > $output set x $save_libobjs shift firstobj= if test yes = "$compiler_needs_object"; then firstobj="$1 " shift fi for obj do func_to_tool_file "$obj" $ECHO "$func_to_tool_file_result" >> $output done func_append delfiles " $output" func_to_tool_file "$output" output=$firstobj\"$file_list_spec$func_to_tool_file_result\" else if test -n "$save_libobjs"; then func_verbose "creating reloadable object files..." output=$output_objdir/$output_la-$k.$objext eval test_cmds=\"$reload_cmds\" func_len " $test_cmds" len0=$func_len_result len=$len0 # Loop over the list of objects to be linked. for obj in $save_libobjs do func_len " $obj" func_arith $len + $func_len_result len=$func_arith_result if test -z "$objlist" || test "$len" -lt "$max_cmd_len"; then func_append objlist " $obj" else # The command $test_cmds is almost too long, add a # command to the queue. if test 1 -eq "$k"; then # The first file doesn't have a previous command to add. reload_objs=$objlist eval concat_cmds=\"$reload_cmds\" else # All subsequent reloadable object files will link in # the last one created. reload_objs="$objlist $last_robj" eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\" fi last_robj=$output_objdir/$output_la-$k.$objext func_arith $k + 1 k=$func_arith_result output=$output_objdir/$output_la-$k.$objext objlist=" $obj" func_len " $last_robj" func_arith $len0 + $func_len_result len=$func_arith_result fi done # Handle the remaining objects by creating one last # reloadable object file. All subsequent reloadable object # files will link in the last one created. test -z "$concat_cmds" || concat_cmds=$concat_cmds~ reload_objs="$objlist $last_robj" eval concat_cmds=\"\$concat_cmds$reload_cmds\" if test -n "$last_robj"; then eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" fi func_append delfiles " $output" else output= fi ${skipped_export-false} && { func_verbose "generating symbol list for '$libname.la'" export_symbols=$output_objdir/$libname.exp $opt_dry_run || $RM $export_symbols libobjs=$output # Append the command to create the export file. test -z "$concat_cmds" || concat_cmds=$concat_cmds~ eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\" if test -n "$last_robj"; then eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" fi } test -n "$save_libobjs" && func_verbose "creating a temporary reloadable object file: $output" # Loop through the commands generated above and execute them. save_ifs=$IFS; IFS='~' for cmd in $concat_cmds; do IFS=$save_ifs $opt_quiet || { func_quote_for_expand "$cmd" eval "func_echo $func_quote_for_expand_result" } $opt_dry_run || eval "$cmd" || { lt_exit=$? # Restore the uninstalled library and exit if test relink = "$opt_mode"; then ( cd "$output_objdir" && \ $RM "${realname}T" && \ $MV "${realname}U" "$realname" ) fi exit $lt_exit } done IFS=$save_ifs if test -n "$export_symbols_regex" && ${skipped_export-false}; then func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' func_show_eval '$MV "${export_symbols}T" "$export_symbols"' fi fi ${skipped_export-false} && { if test -n "$export_symbols" && test -n "$include_expsyms"; then tmp_export_symbols=$export_symbols test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' fi if test -n "$orig_export_symbols"; then # The given exports_symbols file has to be filtered, so filter it. func_verbose "filter symbol list for '$libname.la' to tag DATA exports" # FIXME: $output_objdir/$libname.filter potentially contains lots of # 's' commands, which not all seds can handle. GNU sed should be fine # though. Also, the filter scales superlinearly with the number of # global variables. join(1) would be nice here, but unfortunately # isn't a blessed tool. $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter func_append delfiles " $export_symbols $output_objdir/$libname.filter" export_symbols=$output_objdir/$libname.def $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols fi } libobjs=$output # Restore the value of output. output=$save_output if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then eval libobjs=\"\$libobjs $whole_archive_flag_spec\" test "X$libobjs" = "X " && libobjs= fi # Expand the library linking commands again to reset the # value of $libobjs for piecewise linking. # Do each of the archive commands. if test yes = "$module" && test -n "$module_cmds"; then if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then cmds=$module_expsym_cmds else cmds=$module_cmds fi else if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then cmds=$archive_expsym_cmds else cmds=$archive_cmds fi fi fi if test -n "$delfiles"; then # Append the command to remove temporary files to $cmds. eval cmds=\"\$cmds~\$RM $delfiles\" fi # Add any objects from preloaded convenience libraries if test -n "$dlprefiles"; then gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_extract_archives $gentop $dlprefiles func_append libobjs " $func_extract_archives_result" test "X$libobjs" = "X " && libobjs= fi save_ifs=$IFS; IFS='~' for cmd in $cmds; do IFS=$sp$nl eval cmd=\"$cmd\" IFS=$save_ifs $opt_quiet || { func_quote_for_expand "$cmd" eval "func_echo $func_quote_for_expand_result" } $opt_dry_run || eval "$cmd" || { lt_exit=$? # Restore the uninstalled library and exit if test relink = "$opt_mode"; then ( cd "$output_objdir" && \ $RM "${realname}T" && \ $MV "${realname}U" "$realname" ) fi exit $lt_exit } done IFS=$save_ifs # Restore the uninstalled library and exit if test relink = "$opt_mode"; then $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $? if test -n "$convenience"; then if test -z "$whole_archive_flag_spec"; then func_show_eval '${RM}r "$gentop"' fi fi exit $EXIT_SUCCESS fi # Create links to the real library. for linkname in $linknames; do if test "$realname" != "$linkname"; then func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?' fi done # If -module or -export-dynamic was specified, set the dlname. if test yes = "$module" || test yes = "$export_dynamic"; then # On all known operating systems, these are identical. dlname=$soname fi fi ;; obj) if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then func_warning "'-dlopen' is ignored for objects" fi case " $deplibs" in *\ -l* | *\ -L*) func_warning "'-l' and '-L' are ignored for objects" ;; esac test -n "$rpath" && \ func_warning "'-rpath' is ignored for objects" test -n "$xrpath" && \ func_warning "'-R' is ignored for objects" test -n "$vinfo" && \ func_warning "'-version-info' is ignored for objects" test -n "$release" && \ func_warning "'-release' is ignored for objects" case $output in *.lo) test -n "$objs$old_deplibs" && \ func_fatal_error "cannot build library object '$output' from non-libtool objects" libobj=$output func_lo2o "$libobj" obj=$func_lo2o_result ;; *) libobj= obj=$output ;; esac # Delete the old objects. $opt_dry_run || $RM $obj $libobj # Objects from convenience libraries. This assumes # single-version convenience libraries. Whenever we create # different ones for PIC/non-PIC, this we'll have to duplicate # the extraction. reload_conv_objs= gentop= # if reload_cmds runs $LD directly, get rid of -Wl from # whole_archive_flag_spec and hope we can get by with turning comma # into space. case $reload_cmds in *\$LD[\ \$]*) wl= ;; esac if test -n "$convenience"; then if test -n "$whole_archive_flag_spec"; then eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" test -n "$wl" || tmp_whole_archive_flags=`$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` reload_conv_objs=$reload_objs\ $tmp_whole_archive_flags else gentop=$output_objdir/${obj}x func_append generated " $gentop" func_extract_archives $gentop $convenience reload_conv_objs="$reload_objs $func_extract_archives_result" fi fi # If we're not building shared, we need to use non_pic_objs test yes = "$build_libtool_libs" || libobjs=$non_pic_objects # Create the old-style object. reload_objs=$objs$old_deplibs' '`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; /\.lib$/d; $lo2o" | $NL2SP`' '$reload_conv_objs output=$obj func_execute_cmds "$reload_cmds" 'exit $?' # Exit if we aren't doing a library object file. if test -z "$libobj"; then if test -n "$gentop"; then func_show_eval '${RM}r "$gentop"' fi exit $EXIT_SUCCESS fi test yes = "$build_libtool_libs" || { if test -n "$gentop"; then func_show_eval '${RM}r "$gentop"' fi # Create an invalid libtool object if no PIC, so that we don't # accidentally link it into a program. # $show "echo timestamp > $libobj" # $opt_dry_run || eval "echo timestamp > $libobj" || exit $? exit $EXIT_SUCCESS } if test -n "$pic_flag" || test default != "$pic_mode"; then # Only do commands if we really have different PIC objects. reload_objs="$libobjs $reload_conv_objs" output=$libobj func_execute_cmds "$reload_cmds" 'exit $?' fi if test -n "$gentop"; then func_show_eval '${RM}r "$gentop"' fi exit $EXIT_SUCCESS ;; prog) case $host in *cygwin*) func_stripname '' '.exe' "$output" output=$func_stripname_result.exe;; esac test -n "$vinfo" && \ func_warning "'-version-info' is ignored for programs" test -n "$release" && \ func_warning "'-release' is ignored for programs" $preload \ && test unknown,unknown,unknown = "$dlopen_support,$dlopen_self,$dlopen_self_static" \ && func_warning "'LT_INIT([dlopen])' not used. Assuming no dlopen support." case $host in *-*-rhapsody* | *-*-darwin1.[012]) # On Rhapsody replace the C library is the System framework compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'` finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'` ;; esac case $host in *-*-darwin*) # Don't allow lazy linking, it breaks C++ global constructors # But is supposedly fixed on 10.4 or later (yay!). if test CXX = "$tagname"; then case ${MACOSX_DEPLOYMENT_TARGET-10.0} in 10.[0123]) func_append compile_command " $wl-bind_at_load" func_append finalize_command " $wl-bind_at_load" ;; esac fi # Time to change all our "foo.ltframework" stuff back to "-framework foo" compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` ;; esac # move library search paths that coincide with paths to not yet # installed libraries to the beginning of the library search list new_libs= for path in $notinst_path; do case " $new_libs " in *" -L$path/$objdir "*) ;; *) case " $compile_deplibs " in *" -L$path/$objdir "*) func_append new_libs " -L$path/$objdir" ;; esac ;; esac done for deplib in $compile_deplibs; do case $deplib in -L*) case " $new_libs " in *" $deplib "*) ;; *) func_append new_libs " $deplib" ;; esac ;; *) func_append new_libs " $deplib" ;; esac done compile_deplibs=$new_libs func_append compile_command " $compile_deplibs" func_append finalize_command " $finalize_deplibs" if test -n "$rpath$xrpath"; then # If the user specified any rpath flags, then add them. for libdir in $rpath $xrpath; do # This is the magic to use -rpath. case "$finalize_rpath " in *" $libdir "*) ;; *) func_append finalize_rpath " $libdir" ;; esac done fi # Now hardcode the library paths rpath= hardcode_libdirs= for libdir in $compile_rpath $finalize_rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then hardcode_libdirs=$libdir else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" func_append rpath " $flag" fi elif test -n "$runpath_var"; then case "$perm_rpath " in *" $libdir "*) ;; *) func_append perm_rpath " $libdir" ;; esac fi case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) testbindir=`$ECHO "$libdir" | $SED -e 's*/lib$*/bin*'` case :$dllsearchpath: in *":$libdir:"*) ;; ::) dllsearchpath=$libdir;; *) func_append dllsearchpath ":$libdir";; esac case :$dllsearchpath: in *":$testbindir:"*) ;; ::) dllsearchpath=$testbindir;; *) func_append dllsearchpath ":$testbindir";; esac ;; esac done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir=$hardcode_libdirs eval rpath=\" $hardcode_libdir_flag_spec\" fi compile_rpath=$rpath rpath= hardcode_libdirs= for libdir in $finalize_rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then hardcode_libdirs=$libdir else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" func_append rpath " $flag" fi elif test -n "$runpath_var"; then case "$finalize_perm_rpath " in *" $libdir "*) ;; *) func_append finalize_perm_rpath " $libdir" ;; esac fi done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir=$hardcode_libdirs eval rpath=\" $hardcode_libdir_flag_spec\" fi finalize_rpath=$rpath if test -n "$libobjs" && test yes = "$build_old_libs"; then # Transform all the library objects into standard objects. compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP` finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP` fi func_generate_dlsyms "$outputname" "@PROGRAM@" false # template prelinking step if test -n "$prelink_cmds"; then func_execute_cmds "$prelink_cmds" 'exit $?' fi wrappers_required=: case $host in *cegcc* | *mingw32ce*) # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway. wrappers_required=false ;; *cygwin* | *mingw* ) test yes = "$build_libtool_libs" || wrappers_required=false ;; *) if test no = "$need_relink" || test yes != "$build_libtool_libs"; then wrappers_required=false fi ;; esac $wrappers_required || { # Replace the output file specification. compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'` link_command=$compile_command$compile_rpath # We have no uninstalled library dependencies, so finalize right now. exit_status=0 func_show_eval "$link_command" 'exit_status=$?' if test -n "$postlink_cmds"; then func_to_tool_file "$output" postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` func_execute_cmds "$postlink_cmds" 'exit $?' fi # Delete the generated files. if test -f "$output_objdir/${outputname}S.$objext"; then func_show_eval '$RM "$output_objdir/${outputname}S.$objext"' fi exit $exit_status } if test -n "$compile_shlibpath$finalize_shlibpath"; then compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" fi if test -n "$finalize_shlibpath"; then finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" fi compile_var= finalize_var= if test -n "$runpath_var"; then if test -n "$perm_rpath"; then # We should set the runpath_var. rpath= for dir in $perm_rpath; do func_append rpath "$dir:" done compile_var="$runpath_var=\"$rpath\$$runpath_var\" " fi if test -n "$finalize_perm_rpath"; then # We should set the runpath_var. rpath= for dir in $finalize_perm_rpath; do func_append rpath "$dir:" done finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " fi fi if test yes = "$no_install"; then # We don't need to create a wrapper script. link_command=$compile_var$compile_command$compile_rpath # Replace the output file specification. link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'` # Delete the old output file. $opt_dry_run || $RM $output # Link the executable and exit func_show_eval "$link_command" 'exit $?' if test -n "$postlink_cmds"; then func_to_tool_file "$output" postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` func_execute_cmds "$postlink_cmds" 'exit $?' fi exit $EXIT_SUCCESS fi case $hardcode_action,$fast_install in relink,*) # Fast installation is not supported link_command=$compile_var$compile_command$compile_rpath relink_command=$finalize_var$finalize_command$finalize_rpath func_warning "this platform does not like uninstalled shared libraries" func_warning "'$output' will be relinked during installation" ;; *,yes) link_command=$finalize_var$compile_command$finalize_rpath relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` ;; *,no) link_command=$compile_var$compile_command$compile_rpath relink_command=$finalize_var$finalize_command$finalize_rpath ;; *,needless) link_command=$finalize_var$compile_command$finalize_rpath relink_command= ;; esac # Replace the output file specification. link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` # Delete the old output files. $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname func_show_eval "$link_command" 'exit $?' if test -n "$postlink_cmds"; then func_to_tool_file "$output_objdir/$outputname" postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` func_execute_cmds "$postlink_cmds" 'exit $?' fi # Now create the wrapper script. func_verbose "creating $output" # Quote the relink command for shipping. if test -n "$relink_command"; then # Preserve any variables that may affect compiler behavior for var in $variables_saved_for_relink; do if eval test -z \"\${$var+set}\"; then relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" elif eval var_value=\$$var; test -z "$var_value"; then relink_command="$var=; export $var; $relink_command" else func_quote_for_eval "$var_value" relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" fi done relink_command="(cd `pwd`; $relink_command)" relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` fi # Only actually do things if not in dry run mode. $opt_dry_run || { # win32 will think the script is a binary if it has # a .exe suffix, so we strip it off here. case $output in *.exe) func_stripname '' '.exe' "$output" output=$func_stripname_result ;; esac # test for cygwin because mv fails w/o .exe extensions case $host in *cygwin*) exeext=.exe func_stripname '' '.exe' "$outputname" outputname=$func_stripname_result ;; *) exeext= ;; esac case $host in *cygwin* | *mingw* ) func_dirname_and_basename "$output" "" "." output_name=$func_basename_result output_path=$func_dirname_result cwrappersource=$output_path/$objdir/lt-$output_name.c cwrapper=$output_path/$output_name.exe $RM $cwrappersource $cwrapper trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 func_emit_cwrapperexe_src > $cwrappersource # The wrapper executable is built using the $host compiler, # because it contains $host paths and files. If cross- # compiling, it, like the target executable, must be # executed on the $host or under an emulation environment. $opt_dry_run || { $LTCC $LTCFLAGS -o $cwrapper $cwrappersource $STRIP $cwrapper } # Now, create the wrapper script for func_source use: func_ltwrapper_scriptname $cwrapper $RM $func_ltwrapper_scriptname_result trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15 $opt_dry_run || { # note: this script will not be executed, so do not chmod. if test "x$build" = "x$host"; then $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result else func_emit_wrapper no > $func_ltwrapper_scriptname_result fi } ;; * ) $RM $output trap "$RM $output; exit $EXIT_FAILURE" 1 2 15 func_emit_wrapper no > $output chmod +x $output ;; esac } exit $EXIT_SUCCESS ;; esac # See if we need to build an old-fashioned archive. for oldlib in $oldlibs; do case $build_libtool_libs in convenience) oldobjs="$libobjs_save $symfileobj" addlibs=$convenience build_libtool_libs=no ;; module) oldobjs=$libobjs_save addlibs=$old_convenience build_libtool_libs=no ;; *) oldobjs="$old_deplibs $non_pic_objects" $preload && test -f "$symfileobj" \ && func_append oldobjs " $symfileobj" addlibs=$old_convenience ;; esac if test -n "$addlibs"; then gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_extract_archives $gentop $addlibs func_append oldobjs " $func_extract_archives_result" fi # Do each command in the archive commands. if test -n "$old_archive_from_new_cmds" && test yes = "$build_libtool_libs"; then cmds=$old_archive_from_new_cmds else # Add any objects from preloaded convenience libraries if test -n "$dlprefiles"; then gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_extract_archives $gentop $dlprefiles func_append oldobjs " $func_extract_archives_result" fi # POSIX demands no paths to be encoded in archives. We have # to avoid creating archives with duplicate basenames if we # might have to extract them afterwards, e.g., when creating a # static archive out of a convenience library, or when linking # the entirety of a libtool archive into another (currently # not supported by libtool). if (for obj in $oldobjs do func_basename "$obj" $ECHO "$func_basename_result" done | sort | sort -uc >/dev/null 2>&1); then : else echo "copying selected object files to avoid basename conflicts..." gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_mkdir_p "$gentop" save_oldobjs=$oldobjs oldobjs= counter=1 for obj in $save_oldobjs do func_basename "$obj" objbase=$func_basename_result case " $oldobjs " in " ") oldobjs=$obj ;; *[\ /]"$objbase "*) while :; do # Make sure we don't pick an alternate name that also # overlaps. newobj=lt$counter-$objbase func_arith $counter + 1 counter=$func_arith_result case " $oldobjs " in *[\ /]"$newobj "*) ;; *) if test ! -f "$gentop/$newobj"; then break; fi ;; esac done func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj" func_append oldobjs " $gentop/$newobj" ;; *) func_append oldobjs " $obj" ;; esac done fi func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 tool_oldlib=$func_to_tool_file_result eval cmds=\"$old_archive_cmds\" func_len " $cmds" len=$func_len_result if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then cmds=$old_archive_cmds elif test -n "$archiver_list_spec"; then func_verbose "using command file archive linking..." for obj in $oldobjs do func_to_tool_file "$obj" $ECHO "$func_to_tool_file_result" done > $output_objdir/$libname.libcmd func_to_tool_file "$output_objdir/$libname.libcmd" oldobjs=" $archiver_list_spec$func_to_tool_file_result" cmds=$old_archive_cmds else # the command line is too long to link in one step, link in parts func_verbose "using piecewise archive linking..." save_RANLIB=$RANLIB RANLIB=: objlist= concat_cmds= save_oldobjs=$oldobjs oldobjs= # Is there a better way of finding the last object in the list? for obj in $save_oldobjs do last_oldobj=$obj done eval test_cmds=\"$old_archive_cmds\" func_len " $test_cmds" len0=$func_len_result len=$len0 for obj in $save_oldobjs do func_len " $obj" func_arith $len + $func_len_result len=$func_arith_result func_append objlist " $obj" if test "$len" -lt "$max_cmd_len"; then : else # the above command should be used before it gets too long oldobjs=$objlist if test "$obj" = "$last_oldobj"; then RANLIB=$save_RANLIB fi test -z "$concat_cmds" || concat_cmds=$concat_cmds~ eval concat_cmds=\"\$concat_cmds$old_archive_cmds\" objlist= len=$len0 fi done RANLIB=$save_RANLIB oldobjs=$objlist if test -z "$oldobjs"; then eval cmds=\"\$concat_cmds\" else eval cmds=\"\$concat_cmds~\$old_archive_cmds\" fi fi fi func_execute_cmds "$cmds" 'exit $?' done test -n "$generated" && \ func_show_eval "${RM}r$generated" # Now create the libtool archive. case $output in *.la) old_library= test yes = "$build_old_libs" && old_library=$libname.$libext func_verbose "creating $output" # Preserve any variables that may affect compiler behavior for var in $variables_saved_for_relink; do if eval test -z \"\${$var+set}\"; then relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" elif eval var_value=\$$var; test -z "$var_value"; then relink_command="$var=; export $var; $relink_command" else func_quote_for_eval "$var_value" relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" fi done # Quote the link command for shipping. relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` if test yes = "$hardcode_automatic"; then relink_command= fi # Only create the output if not a dry run. $opt_dry_run || { for installed in no yes; do if test yes = "$installed"; then if test -z "$install_libdir"; then break fi output=$output_objdir/${outputname}i # Replace all uninstalled libtool libraries with the installed ones newdependency_libs= for deplib in $dependency_libs; do case $deplib in *.la) func_basename "$deplib" name=$func_basename_result func_resolve_sysroot "$deplib" eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` test -z "$libdir" && \ func_fatal_error "'$deplib' is not a valid libtool archive" func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" ;; -L*) func_stripname -L '' "$deplib" func_replace_sysroot "$func_stripname_result" func_append newdependency_libs " -L$func_replace_sysroot_result" ;; -R*) func_stripname -R '' "$deplib" func_replace_sysroot "$func_stripname_result" func_append newdependency_libs " -R$func_replace_sysroot_result" ;; *) func_append newdependency_libs " $deplib" ;; esac done dependency_libs=$newdependency_libs newdlfiles= for lib in $dlfiles; do case $lib in *.la) func_basename "$lib" name=$func_basename_result eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` test -z "$libdir" && \ func_fatal_error "'$lib' is not a valid libtool archive" func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name" ;; *) func_append newdlfiles " $lib" ;; esac done dlfiles=$newdlfiles newdlprefiles= for lib in $dlprefiles; do case $lib in *.la) # Only pass preopened files to the pseudo-archive (for # eventual linking with the app. that links it) if we # didn't already link the preopened objects directly into # the library: func_basename "$lib" name=$func_basename_result eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` test -z "$libdir" && \ func_fatal_error "'$lib' is not a valid libtool archive" func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name" ;; esac done dlprefiles=$newdlprefiles else newdlfiles= for lib in $dlfiles; do case $lib in [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; *) abs=`pwd`"/$lib" ;; esac func_append newdlfiles " $abs" done dlfiles=$newdlfiles newdlprefiles= for lib in $dlprefiles; do case $lib in [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; *) abs=`pwd`"/$lib" ;; esac func_append newdlprefiles " $abs" done dlprefiles=$newdlprefiles fi $RM $output # place dlname in correct position for cygwin # In fact, it would be nice if we could use this code for all target # systems that can't hard-code library paths into their executables # and that have no shared library path variable independent of PATH, # but it turns out we can't easily determine that from inspecting # libtool variables, so we have to hard-code the OSs to which it # applies here; at the moment, that means platforms that use the PE # object format with DLL files. See the long comment at the top of # tests/bindir.at for full details. tdlname=$dlname case $host,$output,$installed,$module,$dlname in *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) # If a -bindir argument was supplied, place the dll there. if test -n "$bindir"; then func_relative_path "$install_libdir" "$bindir" tdlname=$func_relative_path_result/$dlname else # Otherwise fall back on heuristic. tdlname=../bin/$dlname fi ;; esac $ECHO > $output "\ # $outputname - a libtool library file # Generated by $PROGRAM (GNU $PACKAGE) $VERSION # # Please DO NOT delete this file! # It is necessary for linking the library. # The name that we can dlopen(3). dlname='$tdlname' # Names of this library. library_names='$library_names' # The name of the static archive. old_library='$old_library' # Linker flags that cannot go in dependency_libs. inherited_linker_flags='$new_inherited_linker_flags' # Libraries that this one depends upon. dependency_libs='$dependency_libs' # Names of additional weak libraries provided by this library weak_library_names='$weak_libs' # Version information for $libname. current=$current age=$age revision=$revision # Is this an already installed library? installed=$installed # Should we warn about portability when linking against -modules? shouldnotlink=$module # Files to dlopen/dlpreopen dlopen='$dlfiles' dlpreopen='$dlprefiles' # Directory that this library needs to be installed in: libdir='$install_libdir'" if test no,yes = "$installed,$need_relink"; then $ECHO >> $output "\ relink_command=\"$relink_command\"" fi done } # Do a symbolic link so that the libtool archive can be found in # LD_LIBRARY_PATH before the program is installed. func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?' ;; esac exit $EXIT_SUCCESS } if test link = "$opt_mode" || test relink = "$opt_mode"; then func_mode_link ${1+"$@"} fi # func_mode_uninstall arg... func_mode_uninstall () { $debug_cmd RM=$nonopt files= rmforce=false exit_status=0 # This variable tells wrapper scripts just to set variables rather # than running their programs. libtool_install_magic=$magic for arg do case $arg in -f) func_append RM " $arg"; rmforce=: ;; -*) func_append RM " $arg" ;; *) func_append files " $arg" ;; esac done test -z "$RM" && \ func_fatal_help "you must specify an RM program" rmdirs= for file in $files; do func_dirname "$file" "" "." dir=$func_dirname_result if test . = "$dir"; then odir=$objdir else odir=$dir/$objdir fi func_basename "$file" name=$func_basename_result test uninstall = "$opt_mode" && odir=$dir # Remember odir for removal later, being careful to avoid duplicates if test clean = "$opt_mode"; then case " $rmdirs " in *" $odir "*) ;; *) func_append rmdirs " $odir" ;; esac fi # Don't error if the file doesn't exist and rm -f was used. if { test -L "$file"; } >/dev/null 2>&1 || { test -h "$file"; } >/dev/null 2>&1 || test -f "$file"; then : elif test -d "$file"; then exit_status=1 continue elif $rmforce; then continue fi rmfiles=$file case $name in *.la) # Possibly a libtool archive, so verify it. if func_lalib_p "$file"; then func_source $dir/$name # Delete the libtool libraries and symlinks. for n in $library_names; do func_append rmfiles " $odir/$n" done test -n "$old_library" && func_append rmfiles " $odir/$old_library" case $opt_mode in clean) case " $library_names " in *" $dlname "*) ;; *) test -n "$dlname" && func_append rmfiles " $odir/$dlname" ;; esac test -n "$libdir" && func_append rmfiles " $odir/$name $odir/${name}i" ;; uninstall) if test -n "$library_names"; then # Do each command in the postuninstall commands. func_execute_cmds "$postuninstall_cmds" '$rmforce || exit_status=1' fi if test -n "$old_library"; then # Do each command in the old_postuninstall commands. func_execute_cmds "$old_postuninstall_cmds" '$rmforce || exit_status=1' fi # FIXME: should reinstall the best remaining shared library. ;; esac fi ;; *.lo) # Possibly a libtool object, so verify it. if func_lalib_p "$file"; then # Read the .lo file func_source $dir/$name # Add PIC object to the list of files to remove. if test -n "$pic_object" && test none != "$pic_object"; then func_append rmfiles " $dir/$pic_object" fi # Add non-PIC object to the list of files to remove. if test -n "$non_pic_object" && test none != "$non_pic_object"; then func_append rmfiles " $dir/$non_pic_object" fi fi ;; *) if test clean = "$opt_mode"; then noexename=$name case $file in *.exe) func_stripname '' '.exe' "$file" file=$func_stripname_result func_stripname '' '.exe' "$name" noexename=$func_stripname_result # $file with .exe has already been added to rmfiles, # add $file without .exe func_append rmfiles " $file" ;; esac # Do a test to see if this is a libtool program. if func_ltwrapper_p "$file"; then if func_ltwrapper_executable_p "$file"; then func_ltwrapper_scriptname "$file" relink_command= func_source $func_ltwrapper_scriptname_result func_append rmfiles " $func_ltwrapper_scriptname_result" else relink_command= func_source $dir/$noexename fi # note $name still contains .exe if it was in $file originally # as does the version of $file that was added into $rmfiles func_append rmfiles " $odir/$name $odir/${name}S.$objext" if test yes = "$fast_install" && test -n "$relink_command"; then func_append rmfiles " $odir/lt-$name" fi if test "X$noexename" != "X$name"; then func_append rmfiles " $odir/lt-$noexename.c" fi fi fi ;; esac func_show_eval "$RM $rmfiles" 'exit_status=1' done # Try to remove the $objdir's in the directories where we deleted files for dir in $rmdirs; do if test -d "$dir"; then func_show_eval "rmdir $dir >/dev/null 2>&1" fi done exit $exit_status } if test uninstall = "$opt_mode" || test clean = "$opt_mode"; then func_mode_uninstall ${1+"$@"} fi test -z "$opt_mode" && { help=$generic_help func_fatal_help "you must specify a MODE" } test -z "$exec_cmd" && \ func_fatal_help "invalid operation mode '$opt_mode'" if test -n "$exec_cmd"; then eval exec "$exec_cmd" exit $EXIT_FAILURE fi exit $exit_status # The TAGs below are defined such that we never get into a situation # where we disable both kinds of libraries. Given conflicting # choices, we go for a static library, that is the most portable, # since we can't tell whether shared libraries were disabled because # the user asked for that or because the platform doesn't support # them. This is particularly important on AIX, because we don't # support having both static and shared libraries enabled at the same # time on that platform, so we default to a shared-only configuration. # If a disable-shared tag is given, we'll fallback to a static-only # configuration. But we'll never go from static-only to shared-only. # ### BEGIN LIBTOOL TAG CONFIG: disable-shared build_libtool_libs=no build_old_libs=yes # ### END LIBTOOL TAG CONFIG: disable-shared # ### BEGIN LIBTOOL TAG CONFIG: disable-static build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` # ### END LIBTOOL TAG CONFIG: disable-static # Local Variables: # mode:shell-script # sh-indentation:2 # End: pam_pkcs11-0.6.9/src/0000755000175000017500000000000012772727123014564 5ustar rousseaurousseaupam_pkcs11-0.6.9/src/Makefile.in0000644000175000017500000004740412772703033016634 0ustar rousseaurousseau# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Process this file with automake to create Makefile.in VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/aclocal/ax_pthread.m4 \ $(top_srcdir)/aclocal/gettext.m4 \ $(top_srcdir)/aclocal/iconv.m4 \ $(top_srcdir)/aclocal/intlmacosx.m4 \ $(top_srcdir)/aclocal/lib-ld.m4 \ $(top_srcdir)/aclocal/lib-link.m4 \ $(top_srcdir)/aclocal/lib-prefix.m4 \ $(top_srcdir)/aclocal/libtool.m4 \ $(top_srcdir)/aclocal/ltoptions.m4 \ $(top_srcdir)/aclocal/ltsugar.m4 \ $(top_srcdir)/aclocal/ltversion.m4 \ $(top_srcdir)/aclocal/lt~obsolete.m4 \ $(top_srcdir)/aclocal/nls.m4 $(top_srcdir)/aclocal/po.m4 \ $(top_srcdir)/aclocal/progtest.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ install-exec-recursive install-html-recursive \ install-info-recursive install-pdf-recursive \ install-ps-recursive install-recursive installcheck-recursive \ installdirs-recursive pdf-recursive ps-recursive \ tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ $(RECURSIVE_TARGETS) \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ distdir am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ CRYPTO_LIBS = @CRYPTO_LIBS@ CURL_CFLAGS = @CURL_CFLAGS@ CURL_LIBS = @CURL_LIBS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDAP_CFLAGS = @LDAP_CFLAGS@ LDAP_LIBS = @LDAP_LIBS@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NM = @NM@ NMEDIT = @NMEDIT@ NSS_CFLAGS = @NSS_CFLAGS@ NSS_LIBS = @NSS_LIBS@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ POSUB = @POSUB@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ MAINTAINERCLEANFILES = Makefile.in # Order IS important SUBDIRS = scconf common mappers pam_pkcs11 tools all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. # To change the values of 'make' variables: instead of editing Makefiles, # (1) if the variable is set in 'config.status', edit 'config.status' # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): @fail=; \ if $(am__make_keepgoing); then \ failcom='fail=yes'; \ else \ failcom='exit 1'; \ fi; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-recursive TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-recursive CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscopelist: cscopelist-recursive cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ $(am__make_dryrun) \ || test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(am__recursive_targets) install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ check-am clean clean-generic clean-libtool cscopelist-am ctags \ ctags-am distclean distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ installdirs-am maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ ps ps-am tags tags-am uninstall uninstall-am .PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam_pkcs11-0.6.9/src/pam_pkcs11/0000755000175000017500000000000012772727123016523 5ustar rousseaurousseaupam_pkcs11-0.6.9/src/pam_pkcs11/Makefile.in0000644000175000017500000005552212772703034020574 0ustar rousseaurousseau# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # $Id$ VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/pam_pkcs11 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/aclocal/ax_pthread.m4 \ $(top_srcdir)/aclocal/gettext.m4 \ $(top_srcdir)/aclocal/iconv.m4 \ $(top_srcdir)/aclocal/intlmacosx.m4 \ $(top_srcdir)/aclocal/lib-ld.m4 \ $(top_srcdir)/aclocal/lib-link.m4 \ $(top_srcdir)/aclocal/lib-prefix.m4 \ $(top_srcdir)/aclocal/libtool.m4 \ $(top_srcdir)/aclocal/ltoptions.m4 \ $(top_srcdir)/aclocal/ltsugar.m4 \ $(top_srcdir)/aclocal/ltversion.m4 \ $(top_srcdir)/aclocal/lt~obsolete.m4 \ $(top_srcdir)/aclocal/nls.m4 $(top_srcdir)/aclocal/po.m4 \ $(top_srcdir)/aclocal/progtest.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(pamdir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(pam_LTLIBRARIES) libfinder_la_LIBADD = am_libfinder_la_OBJECTS = mapper_mgr.lo pam_config.lo libfinder_la_OBJECTS = $(am_libfinder_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = am__DEPENDENCIES_1 = pam_pkcs11_la_DEPENDENCIES = ../mappers/libmappers.la \ $(am__DEPENDENCIES_1) am_pam_pkcs11_la_OBJECTS = pam_pkcs11.lo mapper_mgr.lo pam_config.lo pam_pkcs11_la_OBJECTS = $(am_pam_pkcs11_la_OBJECTS) pam_pkcs11_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(pam_pkcs11_la_LDFLAGS) $(LDFLAGS) -o $@ AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) am__v_CC_0 = @echo " CC " $@; am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = SOURCES = $(libfinder_la_SOURCES) $(pam_pkcs11_la_SOURCES) DIST_SOURCES = $(libfinder_la_SOURCES) $(pam_pkcs11_la_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ CRYPTO_LIBS = @CRYPTO_LIBS@ CURL_CFLAGS = @CURL_CFLAGS@ CURL_LIBS = @CURL_LIBS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDAP_CFLAGS = @LDAP_CFLAGS@ LDAP_LIBS = @LDAP_LIBS@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NM = @NM@ NMEDIT = @NMEDIT@ NSS_CFLAGS = @NSS_CFLAGS@ NSS_LIBS = @NSS_LIBS@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ POSUB = @POSUB@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ MAINTAINERCLEANFILES = Makefile.in AM_CFLAGS = -Wall -fno-strict-aliasing $(CRYPTO_CFLAGS) AM_CPPFLAGS = -Wall -fno-strict-aliasing $(CRYPTO_CFLAGS) pamdir = $(libdir)/security pam_LTLIBRARIES = pam_pkcs11.la noinst_LTLIBRARIES = libfinder.la libfinder_la_SOURCES = mapper_mgr.c pam_config.c pam_pkcs11_la_SOURCES = pam_pkcs11.c \ mapper_mgr.c mapper_mgr.h \ pam_config.c pam_config.h pam_pkcs11_la_LDFLAGS = -module -avoid-version -shared \ -export-symbols-regex '^pam_' pam_pkcs11_la_LIBADD = ../mappers/libmappers.la @LTLIBINTL@ $(CRYPTO_LIBS) all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/pam_pkcs11/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/pam_pkcs11/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-noinstLTLIBRARIES: -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) @list='$(noinst_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } install-pamLTLIBRARIES: $(pam_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(pam_LTLIBRARIES)'; test -n "$(pamdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(MKDIR_P) '$(DESTDIR)$(pamdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(pamdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pamdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(pamdir)"; \ } uninstall-pamLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(pam_LTLIBRARIES)'; test -n "$(pamdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(pamdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(pamdir)/$$f"; \ done clean-pamLTLIBRARIES: -test -z "$(pam_LTLIBRARIES)" || rm -f $(pam_LTLIBRARIES) @list='$(pam_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } libfinder.la: $(libfinder_la_OBJECTS) $(libfinder_la_DEPENDENCIES) $(EXTRA_libfinder_la_DEPENDENCIES) $(AM_V_CCLD)$(LINK) $(libfinder_la_OBJECTS) $(libfinder_la_LIBADD) $(LIBS) pam_pkcs11.la: $(pam_pkcs11_la_OBJECTS) $(pam_pkcs11_la_DEPENDENCIES) $(EXTRA_pam_pkcs11_la_DEPENDENCIES) $(AM_V_CCLD)$(pam_pkcs11_la_LINK) -rpath $(pamdir) $(pam_pkcs11_la_OBJECTS) $(pam_pkcs11_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mapper_mgr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_config.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_pkcs11.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< .c.obj: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-am TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-am CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscopelist: cscopelist-am cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(pamdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ clean-pamLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-pamLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-pamLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ clean-libtool clean-noinstLTLIBRARIES clean-pamLTLIBRARIES \ cscopelist-am ctags ctags-am distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man \ install-pamLTLIBRARIES install-pdf install-pdf-am install-ps \ install-ps-am install-strip installcheck installcheck-am \ installdirs maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pamLTLIBRARIES .PRECIOUS: Makefile format: indent *.c *.h # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam_pkcs11-0.6.9/src/pam_pkcs11/mapper_mgr.h0000644000175000017500000000465612074274512021032 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * Mapper module copyright (c) 2005 Juan Antonio Martinez * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ /* * this module manages dynamic load of mapping modules * also is used as entry point for cert matching routines */ #ifndef _MAPPER_MGR_H_ #define _MAPPER_MGR_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../mappers/mapper.h" /* * mapper module descriptor */ struct mapper_instance { void *module_handler; const char *module_name; const char *module_path; mapper_module *module_data; }; /* * mapper module list */ struct mapper_listitem { struct mapper_instance *module; struct mapper_listitem *next; }; /* * load and initialize a module * returns descriptor on success, null on fail */ struct mapper_instance *load_module(scconf_context *ctx, const char * name); /** * Unload a module */ void unload_module( struct mapper_instance *module ); /** * compose mapper module chain */ struct mapper_listitem *load_mappers( scconf_context *ctx ); /** * unload mapper module chain */ void unload_mappers(void); /* * this function search mapper module list until * find a module that returns a login name for * provided certificate */ char * find_user(X509 *x509); /** * This function search mapper module list until * find a module that match provided login name * if login is null, call find_user and returns 1,or 0 depending on user found * @return 1 if match * 0 on no match * -1 on error */ int match_user(X509 *x509, const char *login); /* * This funcions goest throught the mapper list * and trying to get the certificate strings to be used on each * module to perform find/match functions. * No map / match are done: just print found strings on stdout. * This function is mostly used in pkcert_view toool */ void inspect_certificate(X509 *x509); #endif pam_pkcs11-0.6.9/src/pam_pkcs11/mapper_mgr.c0000644000175000017500000002231612074274512021016 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * Mapper module copyright (c) 2005 Juan Antonio Martinez * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ /* * this module manages dynamic load of mapping modules * also is used as entry point for cert matching routines */ #define _MAPPER_MGR_C_ #ifdef HAVE_CONFIG_H #include #endif #include #include #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../mappers/mapper.h" #include "../mappers/mapperlist.h" #include "mapper_mgr.h" struct mapper_listitem *root_mapper_list; /* * load and initialize a module * returns descriptor on success, null on fail */ struct mapper_instance *load_module(scconf_context *ctx, const char * name) { const scconf_block *root; scconf_block **blocks, *blk; struct mapper_instance *mymodule; mapper_module * (*mapper_init)(scconf_block *blk, const char *mapper_name); void *handler = NULL; int old_level=get_debug_level(); const char *libname = NULL; mapper_module * res = NULL; /* get module info */ root = scconf_find_block(ctx,NULL,"pam_pkcs11"); if(!root) return NULL; /* no pam_pkcs11 { ... } root block */ blocks = scconf_find_blocks(ctx,root,"mapper",name); if (!blocks) return NULL; /* named mapper not found */ blk=blocks[0]; /* should only be one */ free(blocks); if (!blk) { DBG1("Mapper entry '%s' not found. Assume static module with default values",name); } else { /* compose module path */ libname = scconf_get_str(blk, "module", NULL); } if ( (!blk) || (!libname) || (!strcmp(libname,"internal")) ) { int n; DBG1("Loading static module for mapper '%s'",name); libname = NULL; handler = NULL; mapper_init = NULL; for(n=0;static_mapper_list[n].name;n++) { if (strcmp(static_mapper_list[n].name,name)) continue; /* match found: get data */ mapper_init = static_mapper_list[n].init; res= mapper_init(blk,name); if (!res ) { /* init failed */ DBG1("Static mapper %s init failed",name); return NULL; } /* save dbg level of mapper and restore previous one */ res->dbg_level=get_debug_level(); set_debug_level(old_level); } if ( !mapper_init ) { DBG1("Static mapper '%s' not found",name); return NULL; } } else if (blk) { /* assume dynamic module */ DBG1("Loading dynamic module for mapper '%s'",name); handler= dlopen(libname,RTLD_NOW); if (!handler) { DBG3("dlopen failed for module: %s path: %s Error: %s",name,libname,dlerror()); return NULL; } mapper_init = ( mapper_module * (*)(scconf_block *blk, const char *mapper_name) ) dlsym(handler,"mapper_module_init"); if ( !mapper_init) { dlclose(handler); DBG1("Module %s is not a mapper",name); return NULL; } res= mapper_init(blk,name); if (!res ) { /* init failed */ DBG1("Module %s init failed",name); dlclose(handler); return NULL; } /* save dbg level of mapper and restore previous one */ res->dbg_level=get_debug_level(); set_debug_level(old_level); } /* allocate data */ mymodule = malloc (sizeof(struct mapper_instance)); if (!mymodule) { DBG1("No space to alloc module entry: '%s'",name); return NULL; } mymodule->module_handler=handler; mymodule->module_name=name; mymodule->module_path=libname; mymodule->module_data=res; /* that's all folks */ return mymodule; } void unload_module( struct mapper_instance *module ) { if (!module) { DBG("Trying to unmap empty module"); return; } DBG1("calling mapper_module_end() %s",module->module_name); if ( module->module_data->deinit ) { int old_level= get_debug_level(); set_debug_level(module->module_data->dbg_level); (*module->module_data->deinit)(module->module_data->context); set_debug_level(old_level); } if (module->module_handler) { DBG1("unloading module %s",module->module_name); dlclose(module->module_handler); } else {/* static mapper module */ DBG1("Module %s is static: don't remove",module->module_name); } module->module_data=NULL; /* don't free name and libname: they are elements of scconf tree */ free(module); return; } /** * compose mapper module chain */ struct mapper_listitem *load_mappers( scconf_context *ctx ) { struct mapper_listitem *last =NULL; const scconf_list *module_list = NULL; const scconf_block *root= NULL; root_mapper_list = NULL; /* extract mapper list */ root = scconf_find_block(ctx,NULL,"pam_pkcs11"); if (!root) { DBG("No pam_pkcs11 block in config file"); return NULL; } DBG("Retrieveing mapper module list"); root = scconf_find_block(ctx, NULL, "pam_pkcs11"); if (!root) { /* should not occurs, but Murphy says.. */ DBG("pam_pkcs11 block not found in config file"); return NULL; } module_list = scconf_find_list(root,"use_mappers"); if (!module_list) { DBG("No use_mappers entry found in config"); return NULL; } while (module_list) { char *name = module_list->data; struct mapper_instance *module = load_module(ctx,name); if (module) { struct mapper_listitem *item = malloc(sizeof(struct mapper_listitem)); if (!item) { DBG1("Error allocating modulelist entry: %s",name); unload_module(module); return NULL; } item->module = module; item->next = NULL; DBG1("Inserting mapper [%s] into list",name); if (!last) { /* empty list */ last = item; root_mapper_list = item; } else { /* insert at end of list */ last->next= item; last = item; } } module_list = module_list->next; } return root_mapper_list; } void unload_mappers(void) { struct mapper_listitem *next; struct mapper_listitem *item = root_mapper_list; DBG("unloading mapper module list"); while (item) { next=item->next; /* free the module */ unload_module(item->module); /* free the list item */ free(item); item=next; } root_mapper_list=NULL; return; } void inspect_certificate(X509 *x509) { int old_level=get_debug_level(); struct mapper_listitem *item = root_mapper_list; if (!x509) return; while (item) { char *str=NULL; char **data=NULL; if (! item->module->module_data->entries) { DBG1("Mapper '%s' has no inspect() function",item->module->module_name); item=item->next; continue; } set_debug_level(item->module->module_data->dbg_level); data = (*item->module->module_data->entries)(x509,item->module->module_data->context); set_debug_level(old_level); if (!data) { DBG1("Cannot find cert data for mapper %s",item->module->module_name); item=item->next; continue; } printf("Printing data for mapper %s:\n",item->module->module_name); for (str=*data; str; str=*++data) fprintf(stdout,"%s\n",str); item=item->next; } } /* * this function search mapper module list until * find a module that returns a login name for * provided certificate */ char * find_user(X509 *x509) { int old_level= get_debug_level(); struct mapper_listitem *item = root_mapper_list; if (!x509) return NULL; while (item) { char *login = NULL; if(! item->module->module_data->finder) { DBG1("Mapper '%s' has no find() function",item->module->module_name); } else { int match = 0; set_debug_level(item->module->module_data->dbg_level); login = (*item->module->module_data->finder)(x509,item->module->module_data->context, &match); set_debug_level(old_level); DBG3("Mapper '%s' found %s, matched %d", item->module->module_name,login, match); if (login) { if (match) return login; free(login); } } item=item->next; } return NULL; } /** * This function search mapper module list until * find a module that match provided login name * if login is null, call find_user and returns 1,or 0 depending on user found * @return 1 if match * 0 on no match * -1 on error */ int match_user(X509 *x509, const char *login) { int old_level= get_debug_level(); struct mapper_listitem *item = root_mapper_list; if (!x509) return -1; /* if no login provided, call */ if (!login) return 0; while (item) { int res=0; /* default: no match */ if (!item->module->module_data->matcher) { DBG1("Mapper '%s' has no match() function",item->module->module_name); } else { set_debug_level(item->module->module_data->dbg_level); res = (*item->module->module_data->matcher)(x509,login,item->module->module_data->context); set_debug_level(old_level); DBG2("Mapper module %s match() returns %d",item->module->module_name,res); } if (res>0) return res; if (res<0) { /* show error and continue */ DBG1("Error in module %s",item->module->module_name); } item=item->next; } return 0; } pam_pkcs11-0.6.9/src/pam_pkcs11/pam_config.c0000644000175000017500000003015012074274512020762 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * config mgmt copyright (c) 2005 Juan Antonio Martinez * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ #define _PAM_CONFIG_C_ #include #include #include "config.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/cert_vfy.h" #include "pam_config.h" #include "mapper_mgr.h" #undef DEBUG_CONFIG #define N_(string) (string) /* * configuration related functions */ struct configuration_st configuration = { CONFDIR "/pam_pkcs11.conf", /* char * config_file; */ NULL, /* scconf_context *ctx; */ 0, /* int debug; */ 0, /* int nullok; */ 0, /* int try_first_pass; */ 0, /* int use_first_pass; */ 0, /* int use_authok; */ 0, /* int card_only; */ 0, /* int wait_for_card; */ "default", /* const char *pkcs11_module; */ CONFDIR "/pkcs11_module.so",/* const char *pkcs11_module_path; */ NULL, /* screen savers */ NULL, /* slot_description */ -1, /* int slot_num; */ 0, /* support threads */ /* cert policy; */ { 0, CRLP_NONE, 0, CONFDIR "/cacerts", CONFDIR "/crls", CONFDIR "/nssdb", OCSP_NONE }, N_("Smart card"), /* token_type */ NULL, /* char *username */ 0, /* int quiet */ 0 /* err_display_time */ }; #ifdef DEBUG_CONFIG static void display_config (void) { DBG1("debug %d",configuration.debug); DBG1("nullok %d",configuration.nullok); DBG1("try_first_pass %d",configuration.try_first_pass); DBG1("use_first_pass %d", configuration.use_first_pass); DBG1("use_authok %d", configuration.use_authok); DBG1("card_only %d", configuration.card_only); DBG1("wait_for_card %d", configuration.wait_for_card); DBG1("pkcs11_module %s",configuration.pkcs11_module); DBG1("pkcs11_modulepath %s",configuration.pkcs11_modulepath); DBG1("slot_description %s",configuration.slot_description); DBG1("slot_num %d",configuration.slot_num); DBG1("ca_dir %s",configuration.policy.ca_dir); DBG1("crl_dir %s",configuration.policy.crl_dir); DBG1("nss_dir %s",configuration.policy.nss_dir); DBG1("support_threads %d",configuration.support_threads); DBG1("ca_policy %d",configuration.policy.ca_policy); DBG1("crl_policy %d",configuration.policy.crl_policy); DBG1("signature_policy %d",configuration.policy.signature_policy); DBG1("ocsp_policy %d",configuration.policy.ocsp_policy); DBG1("err_display_time %d", configuration.err_display_time); } #endif /* parse configuration file */ static void parse_config_file(void) { scconf_block **pkcs11_mblocks,*pkcs11_mblk; const scconf_list *mapper_list; const scconf_list *policy_list; const scconf_list *screen_saver_list; const scconf_list *tmp; scconf_context *ctx; const scconf_block *root; configuration.ctx = scconf_new(configuration.config_file); if (!configuration.ctx) { DBG("Error creating conf context"); return; } ctx = configuration.ctx; if ( scconf_parse(ctx) <=0 ) { DBG1("Error parsing file %s",configuration.config_file); return; } /* now parse options */ root = scconf_find_block(ctx, NULL, "pam_pkcs11"); if (!root) { DBG1("pam_pkcs11 block not found in config: %s",configuration.config_file); return; } configuration.err_display_time = scconf_get_int(root,"err_display_time",configuration.err_display_time); configuration.nullok = scconf_get_bool(root,"nullok",configuration.nullok); configuration.quiet = scconf_get_bool(root,"quiet",configuration.quiet); if (configuration.quiet) set_debug_level(-2); configuration.debug = scconf_get_bool(root,"debug",configuration.debug); if (configuration.debug) set_debug_level(1); configuration.use_first_pass = scconf_get_bool(root,"use_first_pass",configuration.use_first_pass); configuration.try_first_pass = scconf_get_bool(root,"try_first_pass",configuration.try_first_pass); configuration.use_authok = scconf_get_bool(root,"use_authok",configuration.use_authok); configuration.card_only = scconf_get_bool(root,"card_only",configuration.card_only); configuration.wait_for_card = scconf_get_bool(root,"wait_for_card",configuration.wait_for_card); configuration.pkcs11_module = ( char * ) scconf_get_str(root,"use_pkcs11_module",configuration.pkcs11_module); /* search pkcs11 module options */ pkcs11_mblocks = scconf_find_blocks(ctx,root,"pkcs11_module",configuration.pkcs11_module); if (!pkcs11_mblocks) { DBG1("Pkcs11 module name not found: %s",configuration.pkcs11_module); } else { pkcs11_mblk=pkcs11_mblocks[0]; /* should only be one */ free(pkcs11_mblocks); if (!pkcs11_mblk) { DBG1("No module entry: %s",configuration.pkcs11_module); } configuration.pkcs11_modulepath = (char *) scconf_get_str(pkcs11_mblk,"module",configuration.pkcs11_modulepath); configuration.policy.ca_dir = (char *) scconf_get_str(pkcs11_mblk,"ca_dir",configuration.policy.ca_dir); configuration.policy.crl_dir = (char *) scconf_get_str(pkcs11_mblk,"crl_dir",configuration.policy.crl_dir); configuration.policy.nss_dir = (char *) scconf_get_str(pkcs11_mblk,"nss_dir",configuration.policy.nss_dir); configuration.slot_description = (char *) scconf_get_str(pkcs11_mblk,"slot_description",configuration.slot_description); configuration.slot_num = scconf_get_int(pkcs11_mblk,"slot_num",configuration.slot_num); if (configuration.slot_description != NULL && configuration.slot_num != -1) { DBG1("Can not specify both slot_description and slot_num in file %s",configuration.config_file); return; } if (configuration.slot_description == NULL && configuration.slot_num == -1) { DBG1("Neither slot_description nor slot_num found in file %s",configuration.config_file); return; } configuration.support_threads = scconf_get_bool(pkcs11_mblk,"support_threads",configuration.support_threads); policy_list= scconf_find_list(pkcs11_mblk,"cert_policy"); while(policy_list) { if ( !strcmp(policy_list->data,"none") ) { configuration.policy.crl_policy=CRLP_NONE; configuration.policy.ocsp_policy=OCSP_NONE; configuration.policy.ca_policy=0; configuration.policy.signature_policy=0; break; } else if ( !strcmp(policy_list->data,"crl_auto") ) { configuration.policy.crl_policy=CRLP_AUTO; } else if ( !strcmp(policy_list->data,"crl_online") ) { configuration.policy.crl_policy=CRLP_ONLINE; } else if ( !strcmp(policy_list->data,"crl_offline") ) { configuration.policy.crl_policy=CRLP_OFFLINE; } else if ( !strcmp(policy_list->data,"ocsp_on") ) { configuration.policy.ocsp_policy=OCSP_ON; } else if ( !strcmp(policy_list->data,"ca") ) { configuration.policy.ca_policy=1; } else if ( !strcmp(policy_list->data,"signature") ) { configuration.policy.signature_policy=1; } else { DBG1("Invalid CRL policy: %s",policy_list->data); } policy_list= policy_list->next; } configuration.token_type = (char *) scconf_get_str(pkcs11_mblk,"token_type",configuration.token_type); } screen_saver_list = scconf_find_list(root,"screen_savers"); if (screen_saver_list) { int count,i; for (count=0, tmp=screen_saver_list; tmp ; tmp=tmp->next, count++); configuration.screen_savers = malloc((count+1)*sizeof(char *)); for (i=0, tmp=screen_saver_list; tmp; tmp=tmp->next, i++) { configuration.screen_savers[i] = (char *)tmp->data; } configuration.screen_savers[count] = 0; } /* now obtain and initialize mapper list */ mapper_list = scconf_find_list(root,"use_mappers"); if (!mapper_list) { DBG1("No mappers specified in config: %s",configuration.config_file); return; } /* load_mappers(ctx); */ /* that's all folks: return */ return; } /* * values are taken in this order (low to high precedence): * 1- default values * 2- configuration file * 3- commandline arguments options */ struct configuration_st *pk_configure( int argc, const char **argv ) { int i; /* try to find a configuration file entry */ for (i = 0; i < argc; i++) { if (strstr(argv[i],"config_file=") ) { configuration.config_file=1+strchr(argv[i],'='); break; } } DBG1("Using config file %s",configuration.config_file); /* parse configuration file */ parse_config_file(); #ifdef DEBUG_CONFIG display_config(); #endif /* finally parse provided arguments */ /* dont skip argv[0] */ for (i = 0; i < argc; i++) { if (strcmp("nullok", argv[i]) == 0) { configuration.nullok = 1; continue; } if (strcmp("try_first_pass", argv[i]) == 0) { configuration.try_first_pass = 1; continue; } if (strcmp("use_first_pass", argv[i]) == 0) { configuration.use_first_pass = 1; continue; } if (strcmp("wait_for_card", argv[i]) == 0) { configuration.wait_for_card = 1; continue; } if (strcmp("dont_wait_for_card", argv[i]) == 0) { configuration.wait_for_card = 0; continue; } if (strcmp("debug", argv[i]) == 0) { configuration.debug = 1; set_debug_level(1); continue; } if (strcmp("nodebug", argv[i]) == 0) { configuration.debug = 0; if (configuration.quiet) set_debug_level(-2); else set_debug_level(0); continue; } if (strcmp("quiet", argv[i]) == 0) { configuration.quiet = 1; set_debug_level(-2); continue; } if (strstr(argv[i],"pkcs11_module=") ) { configuration.pkcs11_module = argv[i] + sizeof("pkcs11_module=")-1; continue; } if (strstr(argv[i],"slot_description=") ) { configuration.slot_description = argv[i] + sizeof("slot_description=")-1; continue; } if (strstr(argv[i],"slot_num=") ) { sscanf(argv[i],"slot_num=%d",&configuration.slot_num); continue; } if (strstr(argv[i],"ca_dir=") ) { configuration.policy.ca_dir = argv[i] + sizeof("ca_dir=")-1; continue; } if (strstr(argv[i],"crl_dir=") ) { configuration.policy.crl_dir = argv[i] + sizeof("crl_dir=")-1; continue; } if (strstr(argv[i],"nss_dir=") ) { configuration.policy.nss_dir = argv[i] + sizeof("nss_dir=")-1; continue; } if (strstr(argv[i],"cert_policy=") ) { if (strstr(argv[i],"none")) { configuration.policy.crl_policy=CRLP_NONE; configuration.policy.ca_policy=0; configuration.policy.signature_policy=0; configuration.policy.ocsp_policy=OCSP_NONE; } if (strstr(argv[i],"crl_online")) { configuration.policy.crl_policy=CRLP_ONLINE; } if (strstr(argv[i],"crl_offline")) { configuration.policy.crl_policy=CRLP_OFFLINE; } if (strstr(argv[i],"crl_auto")) { configuration.policy.crl_policy=CRLP_AUTO; } if ( strstr(argv[i],"ocsp_on") ) { configuration.policy.ocsp_policy=OCSP_ON; } if (strstr(argv[i],"ca")) { configuration.policy.ca_policy=1; } if (strstr(argv[i],"signature")) { configuration.policy.signature_policy=1; } continue; } if (strstr(argv[i],"token_type=") ) { configuration.token_type = argv[i] + sizeof("token_type=")-1; continue; } if (strstr(argv[i],"config_file=") ) { /* already parsed, skip */ continue; } /* if argument is not recognised, log error message */ syslog(LOG_ERR, "argument %s is not supported by this module", argv[i]); DBG1("argument %s is not supported by this module", argv[i]); } #ifdef DEBUG_CONFIG display_config(); #endif return &configuration; } pam_pkcs11-0.6.9/src/pam_pkcs11/pam_pkcs11.c0000644000175000017500000007061612623042121020617 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ /* We have to make this definitions before we include the pam header files! */ #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #define PAM_SM_SESSION #define PAM_SM_PASSWORD #ifdef HAVE_CONFIG_H #include #endif #include #include #ifdef HAVE_SECURITY_PAM_EXT_H #include #endif /* OpenPAM used on *BSD and OS X */ #ifdef OPENPAM #include #endif #include #include #include #include #include #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/pkcs11_lib.h" #include "../common/cert_vfy.h" #include "../common/cert_info.h" #include "../common/cert_st.h" #include "pam_config.h" #include "mapper_mgr.h" #ifdef ENABLE_NLS #include #include #define _(string) gettext(string) #else #define _(string) string #endif #ifndef PAM_EXTERN #define PAM_EXTERN extern #endif #define LOGNAME "PAM-PKCS11" /* name for log-file entries */ /* * comodity function that returns 1 on null, empty o spaced string */ static int is_spaced_str(const char *str) { char *pt=(char *)str; if(!str) return 1; if (!strcmp(str,"")) return 1; for (;*pt;pt++) if (!isspace(*pt)) return 0; return 1; } #if !defined(HAVE_SECURITY_PAM_EXT_H) && !defined(OPENPAM) /* * implement pam utilities for older versions of pam. */ static int pam_prompt(pam_handle_t *pamh, int style, char **response, char *fmt, ...) { int rv; struct pam_conv *conv; struct pam_message msg; struct pam_response *resp; /* struct pam_message *(msgp[1]) = { &msg}; */ struct pam_message *(msgp[1]); msgp[0] = &msg; va_list va; char text[128]; va_start(va, fmt); vsnprintf(text, sizeof text, fmt, va); va_end(va); msg.msg_style = style; msg.msg = text; rv = pam_get_item(pamh, PAM_CONV, &conv); if (rv != PAM_SUCCESS) return rv; if ((conv == NULL) || (conv->conv == NULL)) return PAM_CRED_INSUFFICIENT; rv = conv->conv(1, msgp, &resp, conv->appdata_ptr); if (rv != PAM_SUCCESS) return rv; if ((resp == NULL) || (resp[0].resp == NULL)) return !response ? PAM_SUCCESS : PAM_CRED_INSUFFICIENT; if (response) { *response = strdup(resp[0].resp); } /* overwrite memory and release it */ memset(resp[0].resp, 0, strlen(resp[0].resp)); free(&resp[0]); return PAM_SUCCESS; } #endif #if !defined(HAVE_SECURITY_PAM_EXT_H) || defined(OPENPAM) static void pam_syslog(pam_handle_t *pamh, int priority, const char *fmt, ...) { va_list ap; va_start(ap, fmt); vsyslog(priority, fmt, ap); va_end(ap); } /* * With OpenPAM pam_prompt resp arg cannot be NULL, so this is just a wrapper. */ #undef pam_prompt #define pam_prompt(x, y, z, fmt, ...) pam_pkcs11_prompt((x), (y), (z), (fmt), ##__VA_ARGS__) static int pam_pkcs11_prompt(const pam_handle_t *pamh, int style, char **resp, const char *fmt, ...) { char *response = NULL; va_list va; int ret = 0; va_start(va, fmt); ret = pam_vprompt(pamh, style, &response, fmt, va); va_end(va); free(response); return ret; } #endif /* * Gets the users password. Depending whether it was already asked, either * a prompt is shown or the old value is returned. */ static int pam_get_pwd(pam_handle_t *pamh, char **pwd, char *text, int oitem, int nitem) { int rv; const char *old_pwd; struct pam_conv *conv; struct pam_message msg; struct pam_response *resp; /* struct pam_message *(msgp[1]) = { &msg}; */ const struct pam_message *(msgp[1]); msgp[0] = &msg; /* use stored password if variable oitem is set */ if ((oitem == PAM_AUTHTOK) || (oitem == PAM_OLDAUTHTOK)) { /* try to get stored item */ rv = pam_get_item(pamh, oitem, &old_pwd); if (rv != PAM_SUCCESS) return rv; if (old_pwd != NULL) { *pwd = strdup(old_pwd); return PAM_SUCCESS; } } /* ask the user for the password if variable text is set */ if (text != NULL) { msg.msg_style = PAM_PROMPT_ECHO_OFF; msg.msg = text; rv = pam_get_item(pamh, PAM_CONV, &conv); if (rv != PAM_SUCCESS) return rv; if ((conv == NULL) || (conv->conv == NULL)) return PAM_CRED_INSUFFICIENT; rv = conv->conv(1, msgp, &resp, conv->appdata_ptr); if (rv != PAM_SUCCESS) return rv; if ((resp == NULL) || (resp[0].resp == NULL)) return PAM_CRED_INSUFFICIENT; *pwd = strdup(resp[0].resp); /* overwrite memory and release it */ memset(resp[0].resp, 0, strlen(resp[0].resp)); free(&resp[0]); /* save password if variable nitem is set */ if ((nitem == PAM_AUTHTOK) || (nitem == PAM_OLDAUTHTOK)) { rv = pam_set_item(pamh, nitem, *pwd); if (rv != PAM_SUCCESS) return rv; } return PAM_SUCCESS; } return PAM_CRED_INSUFFICIENT; } PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { int i, rv; const char *user = NULL; char *password; unsigned int slot_num = 0; int is_a_screen_saver = 0; struct configuration_st *configuration; int pkcs11_pam_fail = PAM_AUTHINFO_UNAVAIL; pkcs11_handle_t *ph; cert_object_t *chosen_cert = NULL; cert_object_t **cert_list; int ncert; unsigned char random_value[128]; unsigned char *signature; unsigned long signature_length; /* enough space to hold an issuer DN */ char env_temp[256] = ""; char **issuer, **serial; const char *login_token_name = NULL; #ifdef ENABLE_NLS setlocale(LC_ALL, ""); bindtextdomain(PACKAGE, "/usr/share/locale"); textdomain(PACKAGE); #endif pam_prompt(pamh, PAM_TEXT_INFO , NULL, _("Smartcard authentication starts")); /* first of all check whether debugging should be enabled */ for (i = 0; i < argc; i++) if (strcmp("debug", argv[i]) == 0) { set_debug_level(1); } /* call configure routines */ configuration = pk_configure(argc,argv); if (!configuration ) { ERR("Error setting configuration parameters"); return PAM_AUTHINFO_UNAVAIL; } /* Either slot_description or slot_num, but not both, needs to be used */ if ((configuration->slot_description != NULL && configuration->slot_num != -1) || (configuration->slot_description == NULL && configuration->slot_num == -1)) { ERR("Error setting configuration parameters"); return PAM_AUTHINFO_UNAVAIL; } /* fail if we are using a remote server * local login: DISPLAY=:0 * XDMCP login: DISPLAY=host:0 */ { char *display = getenv("DISPLAY"); if (display) { if (strncmp(display, "localhost:", 10) != 0 && (display[0] != ':') && (display[0] != '\0')) { ERR1("Remote login (from %s) is not (yet) supported", display); pam_syslog(pamh, LOG_ERR, "Remote login (from %s) is not (yet) supported", display); return PAM_AUTHINFO_UNAVAIL; } } } /* init openssl */ rv = crypto_init(&configuration->policy); if (rv != 0) { ERR("Failed to initialize crypto"); if (!configuration->quiet) pam_syslog(pamh,LOG_ERR, "Failed to initialize crypto"); return PAM_AUTHINFO_UNAVAIL; } /* * card_only means: * 1) always get the userid from the certificate. * 2) don't prompt for the user name if the card is present. * 3) if the token is present, then we must use the cardAuth mechanism. * * wait_for_card means: * 1) nothing if card_only isn't set * 2) if logged in, block in pam conversation until the token used for login * is inserted * 3) if not logged in, block until a token that could be used for logging in * is inserted * right now, logged in means PKC11_LOGIN_TOKEN_NAME is set, * but we could something else later (like set some per-user state in * a pam session module keyed off uid) */ if (configuration->card_only) { char *service; if (configuration->screen_savers) { DBG("Is it a screen saver?"); pam_get_item(pamh, PAM_SERVICE, &service); for (i=0; configuration->screen_savers[i]; i++) { if (strcmp(configuration->screen_savers[i], service) == 0) { is_a_screen_saver = 1; break; } } } pkcs11_pam_fail = PAM_CRED_INSUFFICIENT; /* look to see if username is already set */ pam_get_item(pamh, PAM_USER, &user); if (user) { DBG1("explicit username = [%s]", user); } } else { rv = pam_get_item(pamh, PAM_USER, &user); if (rv != PAM_SUCCESS || user == NULL || user[0] == '\0') { pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Please insert your %s or enter your username."), _(configuration->token_type)); /* get user name */ rv = pam_get_user(pamh, &user, NULL); if (rv != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "pam_get_user() failed %s", pam_strerror(pamh, rv)); return PAM_USER_UNKNOWN; } } DBG1("username = [%s]", user); } login_token_name = getenv("PKCS11_LOGIN_TOKEN_NAME"); /* if we are using a screen saver, and we didn't log in using the smart card * drop to the next pam module. */ if (is_a_screen_saver && !login_token_name) { return PAM_IGNORE; } /* load pkcs #11 module */ DBG("loading pkcs #11 module..."); rv = load_pkcs11_module(configuration->pkcs11_modulepath, &ph); if (rv != 0) { ERR2("load_pkcs11_module() failed loading %s: %s", configuration->pkcs11_modulepath, get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "load_pkcs11_module() failed loading %s: %s", configuration->pkcs11_modulepath, get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2302: PKCS#11 module failed loading")); sleep(configuration->err_display_time); } return PAM_AUTHINFO_UNAVAIL; } /* initialise pkcs #11 module */ DBG("initialising pkcs #11 module..."); rv = init_pkcs11_module(ph,configuration->support_threads); if (rv != 0) { release_pkcs11_module(ph); ERR1("init_pkcs11_module() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "init_pkcs11_module() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2304: PKCS#11 module could not be initialized")); sleep(configuration->err_display_time); } return PAM_AUTHINFO_UNAVAIL; } /* open pkcs #11 session */ if (configuration->slot_description != NULL) { rv = find_slot_by_slotlabel_and_tokenlabel(ph, configuration->slot_description, login_token_name, &slot_num); } else if (configuration->slot_num != -1) { rv = find_slot_by_number_and_label(ph, configuration->slot_num, login_token_name, &slot_num); } if (rv != 0) { ERR("no suitable token available"); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "no suitable token available"); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2306: No suitable token available")); sleep(configuration->err_display_time); } if (!configuration->card_only) { release_pkcs11_module(ph); return PAM_AUTHINFO_UNAVAIL; } /* we must have a smart card, either because we've configured it as such, * or because we used one to log in */ if (login_token_name || configuration->wait_for_card) { if (login_token_name) { pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Please insert your smart card called \"%.32s\"."), login_token_name); } else { pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Please insert your smart card.")); } if (configuration->slot_description != NULL) { rv = wait_for_token_by_slotlabel(ph, configuration->slot_description, login_token_name, &slot_num); } else if (configuration->slot_num != -1) { rv = wait_for_token(ph, configuration->slot_num, login_token_name, &slot_num); } if (rv != 0) { release_pkcs11_module(ph); return pkcs11_pam_fail; } } else if (user) { if (!configuration->quiet) { pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2308: No smartcard found")); sleep(configuration->err_display_time); } /* we have a user and no smart card, go to the next pam module */ release_pkcs11_module(ph); return PAM_AUTHINFO_UNAVAIL; } else { /* we haven't prompted for the user yet, get the user and see if * the smart card has been inserted in the mean time */ pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Please insert your %s or enter your username."), _(configuration->token_type)); rv = pam_get_user(pamh, &user, NULL); /* check one last time for the smart card before bouncing to the next * module */ if (configuration->slot_description != NULL) { rv = find_slot_by_slotlabel(ph, configuration->slot_description, &slot_num); } else if (configuration->slot_num != -1) { rv = find_slot_by_number(ph, configuration->slot_num, &slot_num); } if (rv != 0) { /* user gave us a user id and no smart card go to next module */ if (!configuration->quiet) { pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2310: No smartcard found")); sleep(configuration->err_display_time); } release_pkcs11_module(ph); return PAM_AUTHINFO_UNAVAIL; } } } else { pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("%s found."), _(configuration->token_type)); } rv = open_pkcs11_session(ph, slot_num); if (rv != 0) { ERR1("open_pkcs11_session() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "open_pkcs11_session() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2312: open PKCS#11 session failed")); sleep(configuration->err_display_time); } release_pkcs11_module(ph); return pkcs11_pam_fail; } rv = get_slot_login_required(ph); if (rv == -1) { ERR1("get_slot_login_required() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "get_slot_login_required() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2314: Slot login failed")); sleep(configuration->err_display_time); } release_pkcs11_module(ph); return pkcs11_pam_fail; } else if (rv) { /* get password */ pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Welcome %.32s!"), get_slot_tokenlabel(ph)); /* no CKF_PROTECTED_AUTHENTICATION_PATH */ rv = get_slot_protected_authentication_path(ph); if ((-1 == rv) || (0 == rv)) { char password_prompt[128]; snprintf(password_prompt, sizeof(password_prompt), _("%s PIN: "), _(configuration->token_type)); if (configuration->use_first_pass) { rv = pam_get_pwd(pamh, &password, NULL, PAM_AUTHTOK, 0); } else if (configuration->try_first_pass) { rv = pam_get_pwd(pamh, &password, password_prompt, PAM_AUTHTOK, PAM_AUTHTOK); } else { rv = pam_get_pwd(pamh, &password, password_prompt, 0, PAM_AUTHTOK); } if (rv != PAM_SUCCESS) { if (!configuration->quiet) { pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2316: password could not be read")); sleep(configuration->err_display_time); } release_pkcs11_module(ph); pam_syslog(pamh, LOG_ERR, "pam_get_pwd() failed: %s", pam_strerror(pamh, rv)); return pkcs11_pam_fail; } #ifdef DEBUG_SHOW_PASSWORD DBG1("password = [%s]", password); #endif /* check password length */ if (!configuration->nullok && strlen(password) == 0) { release_pkcs11_module(ph); memset(password, 0, strlen(password)); free(password); pam_syslog(pamh, LOG_ERR, "password length is zero but the 'nullok' argument was not defined."); if (!configuration->quiet) { pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2318: Empty smartcard PIN not allowed.")); sleep(configuration->err_display_time); } return PAM_AUTH_ERR; } } else { pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Enter your %s PIN on the pinpad"), _(configuration->token_type)); /* use pin pad */ password = NULL; } /* call pkcs#11 login to ensure that the user is the real owner of the card * we need to do thise before get_certificate_list because some tokens * can not read their certificates until the token is authenticated */ rv = pkcs11_login(ph, password); /* erase and free in-memory password data asap */ if (password) { memset(password, 0, strlen(password)); free(password); } if (rv != 0) { ERR1("open_pkcs11_login() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "open_pkcs11_login() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2320: Wrong smartcard PIN")); sleep(configuration->err_display_time); } goto auth_failed_nopw; } } cert_list = get_certificate_list(ph, &ncert); if (rv<0) { ERR1("get_certificate_list() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "get_certificate_list() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2322: No certificate found")); sleep(configuration->err_display_time); } goto auth_failed_nopw; } /* load mapper modules */ load_mappers(configuration->ctx); /* find a valid and matching certificates */ for (i = 0; i < ncert; i++) { X509 *x509 = (X509 *)get_X509_certificate(cert_list[i]); if (!x509 ) continue; /* sanity check */ DBG1("verifying the certificate #%d", i + 1); if (!configuration->quiet) { pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("verifying certificate")); } /* verify certificate (date, signature, CRL, ...) */ rv = verify_certificate(x509,&configuration->policy); if (rv < 0) { ERR1("verify_certificate() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "verify_certificate() failed: %s", get_error()); switch (rv) { case -2: // X509_V_ERR_CERT_HAS_EXPIRED: pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2324: Certificate has expired")); break; case -3: // X509_V_ERR_CERT_NOT_YET_VALID: pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2326: Certificate not yet valid")); break; case -4: // X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2328: Certificate signature invalid")); break; default: pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2330: Certificate invalid")); break; } sleep(configuration->err_display_time); } continue; /* try next certificate */ } else if (rv != 1) { ERR1("verify_certificate() failed: %s", get_error()); continue; /* try next certificate */ } /* CA and CRL verified, now check/find user */ if ( is_spaced_str(user) ) { /* if provided user is null or empty extract and set user name from certificate */ DBG("Empty login: try to deduce from certificate"); user=find_user(x509); if (!user) { ERR2("find_user() failed: %s on cert #%d", get_error(),i+1); if (!configuration->quiet) pam_syslog(pamh, LOG_ERR, "find_user() failed: %s on cert #%d",get_error(),i+1); continue; /* try on next certificate */ } else { DBG1("certificate is valid and matches user %s",user); /* try to set up PAM user entry with evaluated value */ rv = pam_set_item(pamh, PAM_USER,(const void *)user); if (rv != PAM_SUCCESS) { ERR1("pam_set_item() failed %s", pam_strerror(pamh, rv)); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "pam_set_item() failed %s", pam_strerror(pamh, rv)); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2332: setting PAM userentry failed")); sleep(configuration->err_display_time); } goto auth_failed_nopw; } chosen_cert = cert_list[i]; break; /* end loop, as find user success */ } } else { /* User provided: check whether the certificate matches the user */ rv = match_user(x509, user); if (rv < 0) { /* match error; abort and return */ ERR1("match_user() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "match_user() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2334: No matching user")); sleep(configuration->err_display_time); } goto auth_failed_nopw; } else if (rv == 0) { /* match didn't success */ DBG("certificate is valid but does not match the user"); continue; /* try next certificate */ } else { /* match success */ DBG("certificate is valid and matches the user"); chosen_cert = cert_list[i]; break; } } /* if is_spaced string */ } /* for (i=0; iquiet) { pam_syslog(pamh, LOG_ERR, "no valid certificate which meets all requirements found"); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2336: No matching certificate found")); sleep(configuration->err_display_time); } goto auth_failed_nopw; } /* if signature check is enforced, generate random data, sign and verify */ if (configuration->policy.signature_policy) { pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Checking signature")); #ifdef notdef rv = get_private_key(ph); if (rv != 0) { ERR1("get_private_key() failed: %s", get_error()); if (!configuration->quiet) pam_syslog(pamh, LOG_ERR, "get_private_key() failed: %s", get_error()); goto auth_failed_nopw; } #endif /* read random value */ rv = get_random_value(random_value, sizeof(random_value)); if (rv != 0) { ERR1("get_random_value() failed: %s", get_error()); if (!configuration->quiet){ pam_syslog(pamh, LOG_ERR, "get_random_value() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2338: Getting random value failed")); sleep(configuration->err_display_time); } goto auth_failed_nopw; } /* sign random value */ signature = NULL; rv = sign_value(ph, chosen_cert, random_value, sizeof(random_value), &signature, &signature_length); if (rv != 0) { ERR1("sign_value() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "sign_value() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2340: Signing failed")); sleep(configuration->err_display_time); } goto auth_failed_nopw; } /* verify the signature */ DBG("verifying signature..."); rv = verify_signature((X509 *)get_X509_certificate(chosen_cert), random_value, sizeof(random_value), signature, signature_length); if (signature != NULL) { free(signature); } if (rv != 0) { close_pkcs11_session(ph); release_pkcs11_module(ph); ERR1("verify_signature() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "verify_signature() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2342: Verifying signature failed")); sleep(configuration->err_display_time); } return PAM_AUTH_ERR; } } else { DBG("Skipping signature check"); } /* * fill in the environment variables. */ snprintf(env_temp, sizeof(env_temp) - 1, "PKCS11_LOGIN_TOKEN_NAME=%.*s", (int)((sizeof(env_temp) - 1) - strlen("PKCS11_LOGIN_TOKEN_NAME=")), get_slot_tokenlabel(ph)); rv = pam_putenv(pamh, env_temp); if (rv != PAM_SUCCESS) { ERR1("could not put token name in environment: %s", pam_strerror(pamh, rv)); if (!configuration->quiet) pam_syslog(pamh, LOG_ERR, "could not put token name in environment: %s", pam_strerror(pamh, rv)); } issuer = cert_info((X509 *)get_X509_certificate(chosen_cert), CERT_ISSUER, ALGORITHM_NULL); if (issuer) { snprintf(env_temp, sizeof(env_temp) - 1, "PKCS11_LOGIN_CERT_ISSUER=%.*s", (int)((sizeof(env_temp) - 1) - strlen("PKCS11_LOGIN_CERT_ISSUER=")), issuer[0]); rv = pam_putenv(pamh, env_temp); } else { ERR("couldn't get certificate issuer."); if (!configuration->quiet) pam_syslog(pamh, LOG_ERR, "couldn't get certificate issuer."); } if (rv != PAM_SUCCESS) { ERR1("could not put cert issuer in environment: %s", pam_strerror(pamh, rv)); if (!configuration->quiet) pam_syslog(pamh, LOG_ERR, "could not put cert issuer in environment: %s", pam_strerror(pamh, rv)); } serial = cert_info((X509 *)get_X509_certificate(chosen_cert), CERT_SERIAL, ALGORITHM_NULL); if (serial) { snprintf(env_temp, sizeof(env_temp) - 1, "PKCS11_LOGIN_CERT_SERIAL=%.*s", (int)((sizeof(env_temp) - 1) - strlen("PKCS11_LOGIN_CERT_SERIAL=")), serial[0]); rv = pam_putenv(pamh, env_temp); } else { ERR("couldn't get certificate serial number."); if (!configuration->quiet) pam_syslog(pamh, LOG_ERR, "couldn't get certificate serial number."); } if (rv != PAM_SUCCESS) { ERR1("could not put cert serial in environment: %s", pam_strerror(pamh, rv)); if (!configuration->quiet) pam_syslog(pamh, LOG_ERR, "could not put cert serial in environment: %s", pam_strerror(pamh, rv)); } /* unload mapper modules */ unload_mappers(); /* close pkcs #11 session */ rv = close_pkcs11_session(ph); if (rv != 0) { release_pkcs11_module(ph); ERR1("close_pkcs11_session() failed: %s", get_error()); if (!configuration->quiet) { pam_syslog(pamh, LOG_ERR, "close_pkcs11_module() failed: %s", get_error()); pam_prompt(pamh, PAM_ERROR_MSG , NULL, ("Error 2344: Closing PKCS#11 session failed")); sleep(configuration->err_display_time); } return pkcs11_pam_fail; } /* release pkcs #11 module */ DBG("releasing pkcs #11 module..."); release_pkcs11_module(ph); DBG("authentication succeeded"); return PAM_SUCCESS; /* quick and dirty fail exit point */ memset(password, 0, strlen(password)); free(password); /* erase and free in-memory password data */ auth_failed_nopw: unload_mappers(); close_pkcs11_session(ph); release_pkcs11_module(ph); return pkcs11_pam_fail; } PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { DBG("pam_sm_setcred() called"); /* Actually, we should return the same value as pam_sm_authenticate(). */ return PAM_SUCCESS; } PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { ERR("Warning: Function pm_sm_acct_mgmt() is not implemented in this module"); pam_syslog(pamh, LOG_WARNING, "Function pm_sm_acct_mgmt() is not implemented in this module"); return PAM_SERVICE_ERR; } PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { ERR("Warning: Function pam_sm_open_session() is not implemented in this module"); pam_syslog(pamh, LOG_WARNING, "Function pm_sm_open_session() is not implemented in this module"); return PAM_SERVICE_ERR; } PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { ERR("Warning: Function pam_sm_close_session() is not implemented in this module"); pam_syslog(pamh, LOG_WARNING, "Function pm_sm_close_session() is not implemented in this module"); return PAM_SERVICE_ERR; } PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { char *login_token_name; ERR("Warning: Function pam_sm_chauthtok() is not implemented in this module"); pam_syslog(pamh, LOG_WARNING, "Function pam_sm_chauthtok() is not implemented in this module"); login_token_name = getenv("PKCS11_LOGIN_TOKEN_NAME"); if (login_token_name && (flags & PAM_PRELIM_CHECK)) { pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Cannot change the password on your smart card.")); } return PAM_SERVICE_ERR; } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_group_modstruct = { "pam_pkcs11", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok }; #endif pam_pkcs11-0.6.9/src/pam_pkcs11/pam_config.h0000644000175000017500000000260312074274512020771 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * config mgmt copyright (c) 2005 Juan Antonio Martinez * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ /* * configuration related functions */ #ifndef _PAM_CONFIG_H_ #define _PAM_CONFIG_H_ #include "../scconf/scconf.h" #include "../common/cert_vfy.h" struct configuration_st { const char *config_file; scconf_context *ctx; int debug; int nullok; int try_first_pass; int use_first_pass; int use_authok; int card_only; int wait_for_card; const char *pkcs11_module; const char *pkcs11_modulepath; const char **screen_savers; const char *slot_description; int slot_num; int support_threads; cert_policy policy; const char *token_type; const char *username; /* provided user name */ int quiet; int err_display_time; }; struct configuration_st *pk_configure( int argc, const char **argv ); #endif pam_pkcs11-0.6.9/src/pam_pkcs11/Makefile.am0000644000175000017500000000112012623042161020534 0ustar rousseaurousseau# $Id$ MAINTAINERCLEANFILES = Makefile.in AM_CFLAGS = -Wall -fno-strict-aliasing $(CRYPTO_CFLAGS) AM_CPPFLAGS = -Wall -fno-strict-aliasing $(CRYPTO_CFLAGS) pamdir=$(libdir)/security pam_LTLIBRARIES = pam_pkcs11.la noinst_LTLIBRARIES = libfinder.la libfinder_la_SOURCES = mapper_mgr.c pam_config.c pam_pkcs11_la_SOURCES = pam_pkcs11.c \ mapper_mgr.c mapper_mgr.h \ pam_config.c pam_config.h pam_pkcs11_la_LDFLAGS = -module -avoid-version -shared \ -export-symbols-regex '^pam_' pam_pkcs11_la_LIBADD = ../mappers/libmappers.la @LTLIBINTL@ $(CRYPTO_LIBS) format: indent *.c *.h pam_pkcs11-0.6.9/src/mappers/0000755000175000017500000000000012772727123016233 5ustar rousseaurousseaupam_pkcs11-0.6.9/src/mappers/ms_mapper.h0000644000175000017500000000253112074274512020362 0ustar rousseaurousseau/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #ifndef __MS_MAPPER_H_ #define __MS_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef MS_MAPPER_STATIC #ifndef __MS_MAPPER_C_ #define MS_EXTERN extern #else #define MS_EXTERN #endif MS_EXTERN mapper_module * ms_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef MS_EXTERN /* end of static (if any) declarations */ #endif /* End of ms_mapper.h */ #endif pam_pkcs11-0.6.9/src/mappers/digest_mapper.c0000644000175000017500000000766212074274512021227 0ustar rousseaurousseau/* * PAM-PKCS11 Certificate digest mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #define __DIGEST_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include "../common/cert_st.h" #include "../common/alg_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "digest_mapper.h" /* * Create Certificate digest and use it to perform mapping process */ static const char *mapfile = "none"; static ALGORITHM_TYPE algorithm= ALGORITHM_SHA1; static int debug= 0; /* * return fingerprint of certificate */ static char ** digest_mapper_find_entries(X509 *x509, void *context) { char **entries; if ( !x509 ) { DBG("NULL certificate provided"); return NULL; } entries= cert_info(x509,CERT_DIGEST,algorithm); DBG1("entries() Found digest '%s'",entries[0]); return entries; } static char * digest_mapper_find_user(X509 *x509, void *context, int *match) { char **entries; if ( !x509 ) { DBG("NULL certificate provided"); return NULL; } entries = cert_info(x509,CERT_DIGEST,algorithm); DBG1("find() Found digest '%s'",entries[0]); return mapfile_find(mapfile,entries[0],1,match); } /* * parses the certificate and try to macth certificate digest * with provided user */ static int digest_mapper_match_user(X509 *x509,const char *login, void *context) { char **entries; if (!x509) { DBG("NULL certificate provided"); return 0; } entries = cert_info(x509,CERT_DIGEST,algorithm); DBG1("match() Found digest '%s'",entries[0]); return mapfile_match(mapfile,entries[0],login,1); } _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = digest_mapper_find_entries; pt->finder = digest_mapper_find_user; pt->matcher = digest_mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * Initialize module * returns 1 on success, 0 on error */ #ifndef DIGEST_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * digest_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; const char *hash_alg_string = NULL; if (blk) { debug = scconf_get_bool( blk,"debug",0); hash_alg_string = scconf_get_str( blk,"algorithm","sha1"); mapfile= scconf_get_str(blk,"mapfile",mapfile); } else { /* should not occurs, but... */ DBG1("No block declaration for mapper '%s'",mapper_name); } set_debug_level(debug); algorithm = Alg_get_alg_from_string(hash_alg_string); if(algorithm == ALGORITHM_NULL) { DBG1("Invalid digest algorithm %s, using 'sha1'", hash_alg_string); algorithm = ALGORITHM_SHA1; } pt = init_mapper_st(blk,mapper_name); if (pt) DBG3("Digest mapper started. debug: %d, mapfile: %s, algorithm: %s",debug,mapfile,hash_alg_string); else DBG("Digest mapper initialization failed"); return pt; } pam_pkcs11-0.6.9/src/mappers/Makefile.in0000644000175000017500000007115512772703033020303 0ustar rousseaurousseau# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Process this file with automake to create Makefile.in VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/mappers ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/aclocal/ax_pthread.m4 \ $(top_srcdir)/aclocal/gettext.m4 \ $(top_srcdir)/aclocal/iconv.m4 \ $(top_srcdir)/aclocal/intlmacosx.m4 \ $(top_srcdir)/aclocal/lib-ld.m4 \ $(top_srcdir)/aclocal/lib-link.m4 \ $(top_srcdir)/aclocal/lib-prefix.m4 \ $(top_srcdir)/aclocal/libtool.m4 \ $(top_srcdir)/aclocal/ltoptions.m4 \ $(top_srcdir)/aclocal/ltsugar.m4 \ $(top_srcdir)/aclocal/ltversion.m4 \ $(top_srcdir)/aclocal/lt~obsolete.m4 \ $(top_srcdir)/aclocal/nls.m4 $(top_srcdir)/aclocal/po.m4 \ $(top_srcdir)/aclocal/progtest.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(libdir)" LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES) @HAVE_LDAP_TRUE@ldap_mapper_la_DEPENDENCIES = libmappers.la am__ldap_mapper_la_SOURCES_DIST = ldap_mapper.c ldap_mapper.h @HAVE_LDAP_TRUE@am_ldap_mapper_la_OBJECTS = ldap_mapper.lo ldap_mapper_la_OBJECTS = $(am_ldap_mapper_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = ldap_mapper_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(ldap_mapper_la_LDFLAGS) $(LDFLAGS) -o \ $@ @HAVE_LDAP_TRUE@am_ldap_mapper_la_rpath = -rpath $(libdir) libmappers_la_LIBADD = am_libmappers_la_OBJECTS = mapper.lo subject_mapper.lo mail_mapper.lo \ ms_mapper.lo krb_mapper.lo digest_mapper.lo cn_mapper.lo \ uid_mapper.lo pwent_mapper.lo generic_mapper.lo null_mapper.lo \ mapperlist.lo libmappers_la_OBJECTS = $(am_libmappers_la_OBJECTS) libmappers_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libmappers_la_LDFLAGS) $(LDFLAGS) -o $@ opensc_mapper_la_DEPENDENCIES = libmappers.la am_opensc_mapper_la_OBJECTS = opensc_mapper.lo opensc_mapper_la_OBJECTS = $(am_opensc_mapper_la_OBJECTS) opensc_mapper_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(opensc_mapper_la_LDFLAGS) $(LDFLAGS) \ -o $@ @HAVE_LDAP_FALSE@am_opensc_mapper_la_rpath = -rpath $(libdir) @HAVE_LDAP_TRUE@am_opensc_mapper_la_rpath = -rpath $(libdir) openssh_mapper_la_DEPENDENCIES = libmappers.la am_openssh_mapper_la_OBJECTS = openssh_mapper.lo openssh_mapper_la_OBJECTS = $(am_openssh_mapper_la_OBJECTS) openssh_mapper_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(openssh_mapper_la_LDFLAGS) $(LDFLAGS) \ -o $@ @HAVE_LDAP_FALSE@am_openssh_mapper_la_rpath = -rpath $(libdir) @HAVE_LDAP_TRUE@am_openssh_mapper_la_rpath = -rpath $(libdir) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) am__v_CC_0 = @echo " CC " $@; am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = SOURCES = $(ldap_mapper_la_SOURCES) $(libmappers_la_SOURCES) \ $(opensc_mapper_la_SOURCES) $(openssh_mapper_la_SOURCES) DIST_SOURCES = $(am__ldap_mapper_la_SOURCES_DIST) \ $(libmappers_la_SOURCES) $(opensc_mapper_la_SOURCES) \ $(openssh_mapper_la_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ CRYPTO_LIBS = @CRYPTO_LIBS@ CURL_CFLAGS = @CURL_CFLAGS@ CURL_LIBS = @CURL_LIBS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDAP_CFLAGS = @LDAP_CFLAGS@ LDAP_LIBS = @LDAP_LIBS@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NM = @NM@ NMEDIT = @NMEDIT@ NSS_CFLAGS = @NSS_CFLAGS@ NSS_LIBS = @NSS_LIBS@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ POSUB = @POSUB@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@/pam_pkcs11 libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ MAINTAINERCLEANFILES = Makefile.in # Add openssl specific flags # Statically linked mappers list # Uncomment to get the referred mapper statically linked # DON'T FORGET to update libmappers_la_SOURCES and lib_LTLIBRARIES entries below # nor the corresponding "module = ..." in etc/pam_pkcs11.conf.example # #AM_CFLAGS += -DLDAP_MAPPER_STATIC #AM_CFLAGS += -DOPENSC_MAPPER_STATIC #AM_CFLAGS += -DOPENSSH_MAPPER_STATIC AM_CFLAGS = $(CRYPTO_CFLAGS) -DSUBJECT_MAPPER_STATIC \ -DMAIL_MAPPER_STATIC -DMS_MAPPER_STATIC -DKRB_MAPPER_STATIC \ -DDIGEST_MAPPER_STATIC -DCN_MAPPER_STATIC -DUID_MAPPER_STATIC \ -DPWENT_MAPPER_STATIC -DGENERIC_MAPPER_STATIC \ -DNULL_MAPPER_STATIC AM_CPPFLAGS = $(CRYPTO_CFLAGS) # list of statically linked mappers noinst_LTLIBRARIES = libmappers.la libmappers_la_SOURCES = mapper.c mapper.h \ subject_mapper.c subject_mapper.h \ mail_mapper.c mail_mapper.h \ ms_mapper.c ms_mapper.h \ krb_mapper.c krb_mapper.h \ digest_mapper.c digest_mapper.h \ cn_mapper.c cn_mapper.h \ uid_mapper.c uid_mapper.h \ pwent_mapper.c pwent_mapper.h \ generic_mapper.c generic_mapper.h \ null_mapper.c null_mapper.h \ mapperlist.c mapperlist.h libmappers_la_LDFLAGS = ../scconf/libscconf.la ../common/libcommon.la -shared @HAVE_LDAP_FALSE@lib_LTLIBRARIES = opensc_mapper.la openssh_mapper.la # list of dynamic linked mappers @HAVE_LDAP_TRUE@lib_LTLIBRARIES = ldap_mapper.la opensc_mapper.la openssh_mapper.la openssh_mapper_la_SOURCES = openssh_mapper.c openssh_mapper.h openssh_mapper_la_LDFLAGS = -module -avoid-version -shared openssh_mapper_la_LIBADD = libmappers.la # generic_mapper_la_SOURCES = generic_mapper.c generic_mapper.h # generic_mapper_la_LDFLAGS = -module -avoid-version -shared # generic_mapper_la_LIBADD = libmappers.la # subject_mapper_la_SOURCES = subject_mapper.c subject_mapper.h # subject_mapper_la_LDFLAGS = -module -avoid-version -shared # subject_mapper_la_LIBADD = libmappers.la @HAVE_LDAP_TRUE@ldap_mapper_la_SOURCES = ldap_mapper.c ldap_mapper.h @HAVE_LDAP_TRUE@ldap_mapper_la_LDFLAGS = -module -avoid-version -shared @HAVE_LDAP_TRUE@ldap_mapper_la_LIBADD = libmappers.la opensc_mapper_la_SOURCES = opensc_mapper.c opensc_mapper.h opensc_mapper_la_LDFLAGS = -module -avoid-version -shared opensc_mapper_la_LIBADD = libmappers.la all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/mappers/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/mappers/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } clean-noinstLTLIBRARIES: -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) @list='$(noinst_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } ldap_mapper.la: $(ldap_mapper_la_OBJECTS) $(ldap_mapper_la_DEPENDENCIES) $(EXTRA_ldap_mapper_la_DEPENDENCIES) $(AM_V_CCLD)$(ldap_mapper_la_LINK) $(am_ldap_mapper_la_rpath) $(ldap_mapper_la_OBJECTS) $(ldap_mapper_la_LIBADD) $(LIBS) libmappers.la: $(libmappers_la_OBJECTS) $(libmappers_la_DEPENDENCIES) $(EXTRA_libmappers_la_DEPENDENCIES) $(AM_V_CCLD)$(libmappers_la_LINK) $(libmappers_la_OBJECTS) $(libmappers_la_LIBADD) $(LIBS) opensc_mapper.la: $(opensc_mapper_la_OBJECTS) $(opensc_mapper_la_DEPENDENCIES) $(EXTRA_opensc_mapper_la_DEPENDENCIES) $(AM_V_CCLD)$(opensc_mapper_la_LINK) $(am_opensc_mapper_la_rpath) $(opensc_mapper_la_OBJECTS) $(opensc_mapper_la_LIBADD) $(LIBS) openssh_mapper.la: $(openssh_mapper_la_OBJECTS) $(openssh_mapper_la_DEPENDENCIES) $(EXTRA_openssh_mapper_la_DEPENDENCIES) $(AM_V_CCLD)$(openssh_mapper_la_LINK) $(am_openssh_mapper_la_rpath) $(openssh_mapper_la_OBJECTS) $(openssh_mapper_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cn_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digest_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/generic_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/krb_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ldap_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mail_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mapperlist.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ms_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/null_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/opensc_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssh_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwent_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/subject_mapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/uid_mapper.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< .c.obj: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-am TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-am CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscopelist: cscopelist-am cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(libdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ clean-noinstLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-libLTLIBRARIES install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-libLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ clean-libLTLIBRARIES clean-libtool clean-noinstLTLIBRARIES \ cscopelist-am ctags ctags-am distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-libLTLIBRARIES \ install-man install-pdf install-pdf-am install-ps \ install-ps-am install-strip installcheck installcheck-am \ installdirs maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-libLTLIBRARIES .PRECIOUS: Makefile # mail_mapper_la_SOURCES = mail_mapper.c mail_mapper.h # mail_mapper_la_LDFLAGS = -module -avoid-version -shared # mail_mapper_la_LIBADD = libmappers.la # ms_mapper_la_SOURCES = ms_mapper.c ms_mapper.h # ms_mapper_la_LDFLAGS = -module -avoid-version -shared # ms_mapper_la_LIBADD = libmappers.la # krb_mapper_la_SOURCES = krb_mapper.c krb_mapper.h # krb_mapper_la_LDFLAGS = -module -avoid-version -shared # krb_mapper_la_LIBADD = libmappers.la # cn_mapper_la_SOURCES = cn_mapper.c cn_mapper.h # cn_mapper_la_LDFLAGS = -module -avoid-version -shared # cn_mapper_la_LIBADD = libmappers.la # uid_mapper_la_SOURCES = uid_mapper.c uid_mapper.h # uid_mapper_la_LDFLAGS = -module -avoid-version -shared # uid_mapper_la_LIBADD = libmappers.la # pwent_mapper_la_SOURCES = pwent_mapper.c pwent_mapper.h # pwent_mapper_la_LDFLAGS = -module -avoid-version -shared # pwent_mapper_la_LIBADD = libmappers.la # digest_mapper_la_SOURCES = digest_mapper.c digest_mapper.h # digest_mapper_la_LDFLAGS = -module -avoid-version -shared # digest_mapper_la_LIBADD = libmappers.la # null_mapper_la_SOURCES = null_mapper.c null_mapper.h # null_mapper_la_LDFLAGS = -module -avoid-version -shared # null_mapper_la_LIBADD = libmappers.la # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam_pkcs11-0.6.9/src/mappers/null_mapper.c0000644000175000017500000000541112772726077020725 0ustar rousseaurousseau/* * PAM-PKCS11 NULL mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #define __NULL_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "mapper.h" #include "null_mapper.h" /* * A blind mapper: just read from config default value * and return it withouth further checking */ static const char *default_user = "nobody"; static int match=0; static int debug=0; static char * mapper_find_user(X509 *x509,void *context,int *mp) { if ( !x509 ) return NULL; if (match) { *mp = 1; return clone_str((char *)default_user); } return NULL; } /* not used */ #if 0 _DEFAULT_MAPPER_FIND_ENTRIES #endif _DEFAULT_MAPPER_MATCH_USER _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; /* pt->entries = mapper_find_entries; */ /* nothing to list */ pt->entries = NULL; pt->finder = mapper_find_user; pt->matcher = mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * Initialize module * returns 1 on success, 0 on error */ #ifndef NULL_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *ctx,const char *mapper_name) { #else mapper_module * null_mapper_module_init(scconf_block *ctx,const char *mapper_name) { #endif mapper_module *pt= NULL; if (ctx) { default_user = scconf_get_str( ctx,"default_user",default_user); match = scconf_get_bool( ctx,"default_match",0); debug = scconf_get_bool( ctx,"debug",0); } else { DBG1("No block declaration for mapper '%s'", mapper_name); } set_debug_level(debug); pt = init_mapper_st(ctx,mapper_name); if (pt) DBG1("Null mapper match set to '%s'",match?"always":"never"); else DBG("Null mapper initialization failed"); return pt; } pam_pkcs11-0.6.9/src/mappers/mapper.h0000644000175000017500000001667512772726127017712 0ustar rousseaurousseau/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #ifndef __MAPPER_H_ #define __MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include <../common/cert_st.h> #include "../scconf/scconf.h" /** * Structure to be filled on mapper module initialization */ typedef struct mapper_module_st { /** mapper name */ const char *name; /** mapper configuration block */ scconf_block *block; /** debug level to set before call entry points */ int dbg_level; /** pointer to mapper local data */ void *context; /** cert. entries enumerator */ char **(*entries)(X509 *x509, void *context); /** cert. login finder */ char *(*finder)(X509 *x509, void *context, int *match); /** cert-to-login matcher*/ int (*matcher)(X509 *x509, const char *login, void *context); /** module de-initialization */ void (*deinit)( void *context); } mapper_module; /** * This struct is used in processing map files * a map file is a list of "key" " -> " "value" text lines */ struct mapfile { /** URL of mapfile */ const char *uri; /** buffer to content of mapfile */ char *buffer; /** lenght of buffer */ size_t length; /** pointer to last readed entry in buffer */ char *pt; /** key entry in current buffer */ char *key; /** value assigned to key */ char *value; }; /* ------------------------------------------------------- */ /** * Initialize module and mapper_module_st structure * * EVERY mapper module MUST provide and export this function if dinamycally linked *@param ctx Pointer to related configuration file context *@param mapper_name Name of this mapper. Used for multi-mapper modules *@return Pointer to a mapper_module structure, or NULL if failed */ mapper_module * mapper_module_init(scconf_block *ctx,const char *mapper_name); /* ------------------------------------------------------- */ /* * mapper.c prototype functions */ #ifndef __MAPPER_C_ #define MAPPER_EXTERN extern #else #define MAPPER_EXTERN #endif /* mapfile related functions */ /** * Initialize a mapper entry table *@param uri Universal Resource Locator of the file to be mapped *@return A mapfile structure pointer or NULL */ MAPPER_EXTERN struct mapfile *set_mapent(const char *uri); /** * Retrieve next entry of given map file *@param mfile Map file entry pointer *@return 1 on sucess, 0 on no more entries, -1 on error */ MAPPER_EXTERN int get_mapent(struct mapfile *mfile); /** * Release a mapentry structure *@param mfile Map file structure to be released */ MAPPER_EXTERN void end_mapent(struct mapfile *mfile); /** * Try to map "key" to provided mapfile *@param file URL of map file *@param key String to be mapped *@param ignorecase Flag to indicate upper/lowercase ignore in string compare *@param match Set to 1 for mapped string return, unmodified for key return *@return key on no match, else a clone_str()'d of found mapping */ MAPPER_EXTERN char *mapfile_find(const char *file,char *key,int ignorecase,int *match); /** * Try to match provided key to provided name by mean of a mapfile *@param file URL of map file *@param key String to be mapped *@param value String to be matched against mapped result *@param ignorecase Flag to indicate upper/lowercase ignore in string compare *@return 1 on match, 0 on no match, -1 on process error */ MAPPER_EXTERN int mapfile_match(const char *file,char *key,const char *value,int ignorecase); /* pwent related functions */ /** * find the user login that matches pw_name or pw_gecos with provided item *@param item Data to be searched from password database *@param ignorecase Flag to check upper/lowercase in string comparisions *@return userlogin if match found, else NULL */ MAPPER_EXTERN char *search_pw_entry(const char *item, int ignorecase); /** * Test if provided item matches pw_name or pw_gecos of provided password structure *@param item String to be compared *@param pw password entry to search into *@param ignorecase Flag to check upper/lowercase in string comparisions *@return 1 on match, 0 on no match, -1 on error */ MAPPER_EXTERN int compare_pw_entry(const char *item, struct passwd *pw,int ignorecase); #undef MAPPER_EXTERN /* ------------------------------------------------------- */ /** * Default macro for locate certificate entry * * Provided as sample for debugging, not for real user *@param x509 X509 Certificate *@param context Mapper context *@return String array with up to 15 results or NULL if fail */ #define _DEFAULT_MAPPER_FIND_ENTRIES \ static char ** mapper_find_entries(X509 *x509, void *context) { \ return NULL; \ } /** * Default macro for locating user * * Should not be used except for debugging, as always returns "nobody" *@param x509 X509 Certificate *@param context Mapper context *@return Found user, or NULL */ #define _DEFAULT_MAPPER_FIND_USER \ static char * mapper_find_user(X509 *x509,void *context,int *match) { \ if ( !x509 ) return NULL; \ *match = 1; \ return "nobody"; \ } /** * Macro for match mapper function * *@param x509 X509 Certificate *@param login user to match, or null to find user that matches certificate *@param context Mapper context *@return 1 on success; login points to matched user * 0 on no match * -1 on error */ #define _DEFAULT_MAPPER_MATCH_USER \ static int mapper_match_user(X509 *x509, const char *login, void *context) { \ int match = 0; \ char *username= mapper_find_user(x509,context,&match); \ if (!x509) return -1; \ if (!login) return -1; \ if (!username) return 0; /*user not found*/ \ if ( ! strcmp(login,username) ) return 1; /* match user */ \ return 0; /* no match */ \ } /** * Macro for de-initialization routine *@param context Mapper context */ #define _DEFAULT_MAPPER_END \ static void mapper_module_end(void *context) { \ free(context); \ return; \ } \ /** * Macro for default init function *@param blk Mapper Configuration file block *@param name Name of this mapper *@return pointer to mapper_module data, else NULL * NOTE: mapper module data MUST BE defined in module */ #define _DEFAULT_MAPPER_INIT \ mapper_module* mapper_module_init(scconf_block *blk,const char *name) { \ mapper_module *pt= malloc(sizeof (mapper_module)); \ if (!pt) return NULL; \ pt->name = name; \ pt->context = NULL; \ pt->block = blk; \ pt->dbg_level = get_debug_level(); \ pt->entries = mapper_find_entries; \ pt->finder = mapper_find_user; \ pt->matcher = mapper_match_user; \ pt->deinit = mapper_module_end; \ return pt; \ } \ /* end of mapper.h file */ #endif pam_pkcs11-0.6.9/src/mappers/digest_mapper.h0000644000175000017500000000260112074274512021220 0ustar rousseaurousseau/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #ifndef __DIGEST_MAPPER_H_ #define __DIGEST_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef DIGEST_MAPPER_STATIC #ifndef __DIGEST_MAPPER_C_ #define DIGEST_EXTERN extern #else #define DIGEST_EXTERN #endif DIGEST_EXTERN mapper_module * digest_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef DIGEST_EXTERN /* end of static (if any) declarations */ #endif /* End of digest_mapper.h */ #endif pam_pkcs11-0.6.9/src/mappers/mapperlist.c0000644000175000017500000000462012074274512020553 0ustar rousseaurousseau/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #define __MAPPERLIST_C_ #ifdef HAVE_CONFIG_H #include #endif #include "mapperlist.h" #include "subject_mapper.h" #ifdef HAVE_LDAP #include "ldap_mapper.h" #endif #include "opensc_mapper.h" #include "mail_mapper.h" #include "ms_mapper.h" #include "krb_mapper.h" #include "digest_mapper.h" #include "cn_mapper.h" #include "uid_mapper.h" #include "pwent_mapper.h" #include "null_mapper.h" #include "generic_mapper.h" #include "openssh_mapper.h" mapper_list static_mapper_list[] = { #ifdef SUBJECT_MAPPER_STATIC { "subject",subject_mapper_module_init }, #endif #ifdef HAVE_LDAP #ifdef LDAP_MAPPER_STATIC { "ldap",ldap_mapper_module_init }, #endif #endif #ifdef OPENSC_MAPPER_STATIC { "opensc",opensc_mapper_module_init }, #endif #ifdef MAIL_MAPPER_STATIC { "mail",mail_mapper_module_init }, #endif #ifdef MS_MAPPER_STATIC { "ms",ms_mapper_module_init }, #endif #ifdef KRB_MAPPER_STATIC { "krb",krb_mapper_module_init }, #endif #ifdef DIGEST_MAPPER_STATIC { "digest",digest_mapper_module_init }, #endif #ifdef CN_MAPPER_STATIC { "cn",cn_mapper_module_init }, #endif #ifdef UID_MAPPER_STATIC { "uid",uid_mapper_module_init }, #endif #ifdef PWENT_MAPPER_STATIC { "pwent",pwent_mapper_module_init }, #endif #ifdef GENERIC_MAPPER_STATIC { "generic",generic_mapper_module_init }, #endif #ifdef OPENSSH_MAPPER_STATIC { "openssh",openssh_mapper_module_init }, #endif #ifdef NULL_MAPPER_STATIC { "null", null_mapper_module_init }, #endif { NULL, NULL } }; /* End of mapperlist.c */ #undef __MAPPERLIST_C_ pam_pkcs11-0.6.9/src/mappers/opensc_mapper.h0000644000175000017500000000260112074274512021230 0ustar rousseaurousseau/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #ifndef __OPENSC_MAPPER_H_ #define __OPENSC_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef OPENSC_MAPPER_STATIC #ifndef __OPENSC_MAPPER_C_ #define OPENSC_EXTERN extern #else #define OPENSC_EXTERN #endif OPENSC_EXTERN mapper_module * opensc_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef OPENSC_EXTERN /* end of static (if any) declarations */ #endif /* End of opensc_mapper.h */ #endif pam_pkcs11-0.6.9/src/mappers/pwent_mapper.c0000644000175000017500000001302212377557007021101 0ustar rousseaurousseau/* * PAM-PKCS11 CN to passwd mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #define __PWENT_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include #include #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "pwent_mapper.h" /* * This mapper search the common name (CN) of the certificate in * getpwent() passwd entries by trying to match login or gecos fields * * note: nss implementations use /etc/nsswitch.conf as indicator to * where to retrieve pw entries ( see man 5 nsswitch.conf ) */ static int ignorecase = 0; static int debug = 0; /* * Returns the common name of certificate as an array list */ static char ** pwent_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_CN,ALGORITHM_NULL); if (!entries) { DBG("get_common_name() failed"); return NULL; } return entries; } /* parses the certificate and return the _first_ CN entry found, or NULL */ static char * pwent_mapper_find_user(X509 *x509,void *context, int *match) { char *str; struct passwd *pw; char *found_user = NULL; char **entries = cert_info(x509,CERT_CN,ALGORITHM_NULL); if (!entries) { DBG("get_common_name() failed"); return NULL; } DBG1("trying to find pw_entry for cn '%s'", *entries); /* First: direct try to avoid long searchtime or massive network traffic * for large amount of users in pw database. * (Think of 10000 or more users, mobile connection to ldap, etc.) */ for (str=*entries; str ; str=*++entries) { pw = getpwnam(str); if (pw == NULL) { DBG1("Entry for %s not found (direct).", str); } else { DBG1("Found CN in pw database for user %s (direct).", str); *match = 1; return pw->pw_name; } } /* Second: search all entries (old behaviour) */ /* parse list of uids until match */ for (str=*entries; str ; str=*++entries) { found_user= search_pw_entry((const char *)str,ignorecase); if (!found_user) { DBG1("CN entry '%s' not found in pw database. Trying next",str); continue; } else { DBG1("Found CN in pw database for user '%s'",found_user); *match = 1; /* WJG: Usually allocated mem is returned - memleak/problem? */ return found_user; } } DBG("No pw entry maps to any provided Common Name"); return NULL; } /* * parses the certificate and try to macht any CN in the certificate * with provided user * NOTE: * Instead of parse any pwent entry, this routine perform a direct * approach: obtain pw_entry for provided login, and compare against * provided CN's. i'ts easier and faster */ static int pwent_mapper_match_user(X509 *x509, const char *login, void *context) { char *str; struct passwd *pw = getpwnam(login); char **entries = cert_info(x509,CERT_CN,ALGORITHM_NULL); if (!entries) { DBG("get_common_name() failed"); return -1; } if (!pw) { DBG1("There are no pwentry for login '%s'",login); return -1; } /* parse list of uids until match */ for (str=*entries; str ; str=*++entries) { DBG1("Trying to match pw_entry for cn '%s'",str); if (compare_pw_entry(str,pw,ignorecase)) { DBG2("CN '%s' Match login '%s'",str,login); return 1; } else { DBG2("CN '%s' doesn't match login '%s'",str,login); continue; /* try another entry. or perhaps return(0) ? */ } } DBG("Provided user doesn't match to any found Common Name"); return 0; } _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = pwent_mapper_find_entries; pt->finder = pwent_mapper_find_user; pt->matcher = pwent_mapper_match_user; pt->deinit = mapper_module_end; return pt; } #ifndef PWENT_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * pwent_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; if (blk) { debug= scconf_get_bool(blk,"debug",0); ignorecase= scconf_get_bool(blk,"ignorecase",ignorecase); } else { DBG1("No block declarartion for mapper '%s'",mapper_name); } set_debug_level(debug); pt = init_mapper_st(blk,mapper_name); if (pt) DBG("pwent mapper started"); else DBG("pwent mapper initialization failed"); return pt; } pam_pkcs11-0.6.9/src/mappers/uid_mapper.h0000644000175000017500000000254312074274512020527 0ustar rousseaurousseau/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #ifndef __UID_MAPPER_H_ #define __UID_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef UID_MAPPER_STATIC #ifndef __UID_MAPPER_C_ #define UID_EXTERN extern #else #define UID_EXTERN #endif UID_EXTERN mapper_module * uid_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef UID_EXTERN /* end of static (if any) declarations */ #endif /* End of uid_mapper.h */ #endif pam_pkcs11-0.6.9/src/mappers/mapperlist.h0000644000175000017500000000250612074274512020561 0ustar rousseaurousseau/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #ifndef __MAPPERLIST_H_ #define __MAPPERLIST_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../mappers/mapper.h" /* * list of mappers that are statically linked */ typedef struct mapper_list_st { const char *name; mapper_module * (*init)(scconf_block *blk, const char *mapper_name); } mapper_list; #ifndef __MAPPERLIST_C_ extern mapper_list static_mapper_list[]; #endif /* End of mapperlist.h */ #endif pam_pkcs11-0.6.9/src/mappers/mail_mapper.c0000644000175000017500000001377012074274512020667 0ustar rousseaurousseau/* * PAM-PKCS11 mail mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #define __MAIL_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include #include #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "mail_mapper.h" /* * This mapper uses (if available) the optional email entry on the certificate * to find user name. */ /* where to retrieve aliases file ( email -> login pairs ) */ static const char *mapfile = "none"; /* ignore upper/lowercase in email comparisions */ static int ignorecase = 1; /* also check the domain part on email field */ static int ignoredomain = 1; static char *hostname = NULL; static int debug=0; /* * Extract list of email entries on certificate */ static char ** mail_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_EMAIL,ALGORITHM_NULL); if (!entries) { DBG("get_email() failed"); return NULL; } return entries; } /** * check mail domain name against hostname * returns match ignoredomain * false false -> 0 * false true -> 1 * true false -> 1 * true true -> 1 */ static int check_domain(char *domain) { if (ignoredomain) return 1; /* no domain check */ if (strlen(hostname)==0) return 1; /* empty domain */ if (!domain) return 0; if ( strstr(hostname,domain) ) return 1; return 0; } /** * compare previously mapped email against user name */ static int compare_email(char *email, const char *user) { char *c_email,*c_user; char *at; c_email= (ignorecase)?tolower_str(email):clone_str(email); c_user= (ignorecase)?tolower_str(user):clone_str(user); /* test if full login@mail.domain emailname is provided */ at = strchr(c_email, '@'); if (at != NULL) {/* domain provided: check ignoredomain flag*/ int flag= check_domain(1+at); if (!flag) { DBG2("Mail domain name %s does not match with %s",1+at,hostname); return 0; } return (at - c_email) == strlen(c_user) && !strncmp(c_email, c_user, strlen(c_user)); } else { /* no domain provide: just a strcmp */ return !strcmp(c_email, c_user); } } /* parses the certificate and return the email entry found, or NULL */ static char * mail_mapper_find_user(X509 *x509, void *context, int *match) { char **entries= cert_info(x509,CERT_EMAIL,ALGORITHM_NULL); if (!entries) { DBG("get_email() failed"); return NULL; } /* TODO: What's on ignoredomain flag ?*/ return mapfile_find(mapfile,entries[0],ignorecase,match); } /* * parses the certificate and try to macht any Email in the certificate * with provided user */ static int mail_mapper_match_user(X509 *x509, const char *login, void *context) { int match = 0; char *item; char *str; char **entries= cert_info(x509,CERT_EMAIL,ALGORITHM_NULL); if (!entries) { DBG("get_email() failed"); return 0; } DBG1("Trying to find match for user '%s'",login); for (item=*entries;item;item=*++entries) { DBG1("Trying to match email entry '%s'",item); str= mapfile_find(mapfile,item,ignorecase,&match); if (!str) { DBG("Mapping process failed"); return -1; /* TODO: perhaps should try to continue... */ } if(compare_email(str,login)) { DBG2("Found match from '%s' to '%s'",item,login); return 1; } } /* arriving here means no match */ DBG1("Cannot match any found email to '%s'",login); return 0; } _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = mail_mapper_find_entries; pt->finder = mail_mapper_find_user; pt->matcher = mail_mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * init routine * parse configuration block entry */ #ifndef MAIL_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * mail_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; if (blk) { debug = scconf_get_bool(blk,"debug",0); ignorecase = scconf_get_bool(blk,"ignorecase",ignorecase); ignoredomain = scconf_get_bool(blk,"ignoredomain",ignoredomain); mapfile = scconf_get_str(blk,"mapfile",mapfile); } else { DBG1("No block declaration for mapper '%s'",mapper_name); } set_debug_level(debug); /* obtain and store hostname */ /* Note: in some systems without nis/yp, getdomainname() call returns NULL. So instead we use gethostname() an match mail domain by mean strstr() funtion */ if (!ignoredomain) { hostname= calloc(256,sizeof(char)); if (!hostname) { DBG("Calloc for hostname failed"); } else { gethostname(hostname,255); *(hostname+255)='\0'; DBG1("Retrieved hostname: %s",hostname); } } pt = init_mapper_st(blk,mapper_name); if(pt) DBG3("Mail Mapper: ignorecase %d, ignoredomain %d, mapfile %s",ignorecase,ignoredomain, mapfile); else DBG("Mail mapper initialization error"); return pt; } pam_pkcs11-0.6.9/src/mappers/openssh_mapper.h0000644000175000017500000000261312074274512021423 0ustar rousseaurousseau/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #ifndef __OPENSSH_MAPPER_H_ #define __OPENSSH_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef OPENSSH_MAPPER_STATIC #ifndef __OPENSSH_MAPPER_C_ #define OPENSSH_EXTERN extern #else #define OPENSSH_EXTERN #endif OPENSSH_EXTERN mapper_module * openssh_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef OPENSSH_EXTERN /* end of static (if any) declarations */ #endif /* End of openssh_mapper.h */ #endif pam_pkcs11-0.6.9/src/mappers/generic_mapper.c0000644000175000017500000001352512623041315021350 0ustar rousseaurousseau/* * PAM-PKCS11 generic mapper skeleton * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #define __GENERIC_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif /*#include */ #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "generic_mapper.h" /* * Skeleton for mapper modules */ static const char *mapfile = "none"; static int usepwent = 0; static int ignorecase = 0; static int id_type = CERT_CN; static int debug = 0; static char **generic_mapper_find_entries(X509 *x509, void *context) { if (!x509) { DBG("NULL certificate provided"); return NULL; } return cert_info(x509, id_type, ALGORITHM_NULL); } static char **get_mapped_entries(char **entries) { int match = 0; char *entry; int n=0; char *res=NULL; /* if mapfile is provided, map entries according it */ if ( !strcmp(mapfile,"none") ) { DBG("Use map file is disabled"); } else { DBG1("Using map file '%s'",mapfile); for(n=0, entry=entries[n]; entry; entry=entries[++n]) { res = mapfile_find(mapfile,entry,ignorecase,&match); if (res) entries[n]=res; } } /* if NSS is set, re-map entries against it */ if ( usepwent==0 ) { DBG("Use Naming Services is disabled"); } else { res=NULL; DBG("Using Naming Services"); for(n=0,entry=entries[n];entry;entry=entries[++n]) { res = search_pw_entry(entry,ignorecase); if (res) entries[n]=res; } } return entries; } static char *generic_mapper_find_user(X509 *x509, void *context, int *match) { char **entries; int n; if (!x509) { DBG("NULL certificate provided"); return NULL; } /* get entries from certificate */ entries= generic_mapper_find_entries(x509,context); if (!entries) { DBG("Cannot find any entries in certificate"); return 0; } /* do file and pwent mapping */ entries= get_mapped_entries(entries); /* and now return first nonzero item */ for (n=0;nname = name; pt->block = blk; pt->context = NULL; pt->entries = generic_mapper_find_entries; pt->finder = generic_mapper_find_user; pt->matcher = generic_mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * Initialize module * returns 1 on success, 0 on error */ #ifndef GENERIC_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *name) { #else mapper_module * generic_mapper_module_init(scconf_block *blk,const char *name) { #endif mapper_module *pt; const char *item="cn"; if (blk) { debug = scconf_get_bool( blk,"debug",0); ignorecase = scconf_get_bool( blk,"ignorecase",0); usepwent = scconf_get_bool( blk,"use_getpwent",0); mapfile= scconf_get_str(blk,"mapfile",mapfile); item= scconf_get_str(blk,"cert_item","cn"); } else { /* should not occurs, but... */ DBG1("No block declaration for mapper '%s'",name); } set_debug_level(debug); if (!strcasecmp(item,"cn")) id_type=CERT_CN; else if (!strcasecmp(item,"subject")) id_type=CERT_SUBJECT; else if (!strcasecmp(item,"kpn") ) id_type=CERT_KPN; else if (!strcasecmp(item,"email") ) id_type=CERT_EMAIL; else if (!strcasecmp(item,"upn") ) id_type=CERT_UPN; else if (!strcasecmp(item,"uid") ) id_type=CERT_UID; else if (!strcasecmp(item,"serial") ) id_type=CERT_SERIAL; else { DBG1("Invalid certificate item to search '%s'; using 'cn'",item); } pt = init_mapper_st(blk,name); if (pt) DBG5("Generic mapper started. debug: %d, mapfile: '%s', ignorecase: %d usepwent: %d idType: '%d'",debug,mapfile,ignorecase,usepwent,id_type); else DBG("Generic mapper initialization failed"); return pt; } pam_pkcs11-0.6.9/src/mappers/krb_mapper.h0000644000175000017500000000254312074274512020524 0ustar rousseaurousseau/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #ifndef __KRB_MAPPER_H_ #define __KRB_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef KRB_MAPPER_STATIC #ifndef __KRB_MAPPER_C_ #define KRB_EXTERN extern #else #define KRB_EXTERN #endif KRB_EXTERN mapper_module * krb_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef KRB_EXTERN /* end of static (if any) declarations */ #endif /* End of krb_mapper.h */ #endif pam_pkcs11-0.6.9/src/mappers/cn_mapper.h0000644000175000017500000000253112074274512020343 0ustar rousseaurousseau/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #ifndef __CN_MAPPER_H_ #define __CN_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef CN_MAPPER_STATIC #ifndef __CN_MAPPER_C_ #define CN_EXTERN extern #else #define CN_EXTERN #endif CN_EXTERN mapper_module * cn_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef CN_EXTERN /* end of static (if any) declarations */ #endif /* End of cn_mapper.h */ #endif pam_pkcs11-0.6.9/src/mappers/pwent_mapper.h0000644000175000017500000000256712074274512021111 0ustar rousseaurousseau/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #ifndef __PWENT_MAPPER_H_ #define __PWENT_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef PWENT_MAPPER_STATIC #ifndef __PWENT_MAPPER_C_ #define PWENT_EXTERN extern #else #define PWENT_EXTERN #endif PWENT_EXTERN mapper_module * pwent_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef PWENT_EXTERN /* end of static (if any) declarations */ #endif /* End of pwent_mapper.h */ #endif pam_pkcs11-0.6.9/src/mappers/openssh_mapper.c0000644000175000017500000002564312772700002021417 0ustar rousseaurousseau/* * PAM-PKCS11 OPENSSH mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #define __OPENSSH_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include #include #include #include #include #include #include "../common/cert_st.h" #ifndef HAVE_NSS #include #include "../common/pam-pkcs11-ossl-compat.h" #include #include #endif #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/base64.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "openssh_mapper.h" /* TODO Not sure on usage of authorized keys map file... So the first version, will use getpwent() to navigate across all users and parsing ${userhome}/.ssh/authorized_keys */ static const char *keyfile=CONFDIR "/authorized_keys"; static int debug=0; /** * This mapper try to locate user by comparing authorized public keys * from each $HOME/.ssh user entry, as done in openssh package */ #define OPENSSH_LINE_MAX 8192 /* from openssh SSH_MAX_PUBKEY_BYTES */ #ifndef HAVE_NSS static EVP_PKEY *ssh1_line_to_key(char *line) { EVP_PKEY *key; RSA *rsa; BIGNUM *rsa_n, *rsa_e; char *b, *e, *m, *c; key = EVP_PKEY_new(); if (!key) return NULL; rsa = RSA_new(); if (!rsa) goto err; /* first digitstring: the bits */ b = line; /* second digitstring: the exponent */ /* skip all digits */ for (e = b; *e >= '0' && *e <= '0'; e++) ; /* must be a whitespace */ if (*e != ' ' && *e != '\t') return NULL; /* cut the string in two part */ *e = 0; e++; /* skip more whitespace */ while (*e == ' ' || *e == '\t') e++; /* third digitstring: the modulus */ /* skip all digits */ for (m = e; *m >= '0' && *m <= '0'; m++) ; /* must be a whitespace */ if (*m != ' ' && *m != '\t') return NULL; /* cut the string in two part */ *m = 0; m++; /* skip more whitespace */ while (*m == ' ' || *m == '\t') m++; /* look for a comment after the modulus */ for (c = m; *c >= '0' && *c <= '0'; c++) ; /* could be a whitespace or end of line */ if (*c != ' ' && *c != '\t' && *c != '\n' && *c != '\r' && *c != 0) return NULL; if (*c == ' ' || *c == '\t') { *c = 0; c++; /* skip more whitespace */ while (*c == ' ' || *c == '\t') c++; if (*c && *c != '\r' && *c != '\n') { /* we have a comment */ } else { c = NULL; } } else { *c = 0; c = NULL; } /* ok, now we have b e m pointing to pure digit * null terminated strings and maybe c pointing to a comment */ BN_dec2bn(&rsa_e, e); BN_dec2bn(&rsa_n, m); RSA_set0_key(rsa, rsa_e, rsa_n,NULL); EVP_PKEY_assign_RSA(key, rsa); return key; err: free(key); return NULL; } static EVP_PKEY *ssh2_line_to_key(char *line) { EVP_PKEY *key; RSA *rsa; BIGNUM *rsa_e, *rsa_n; unsigned char decoded[OPENSSH_LINE_MAX]; int len; char *b, *c; int i; /* find the mime-blob */ b = line; if (!b) return NULL; /* find the first whitespace */ while (*b && *b != ' ') b++; /* skip that whitespace */ b++; /* find the end of the blob / comment */ for (c = b; *c && *c != ' ' && 'c' != '\t' && *c != '\r' && *c != '\n'; c++) ; *c = 0; /* decode binary data */ if (base64_decode(b, decoded, OPENSSH_LINE_MAX) < 0) return NULL; i = 0; /* get integer from blob */ len = (decoded[i] << 24) + (decoded[i + 1] << 16) + (decoded[i + 2] << 8) + (decoded[i + 3]); i += 4; /* now: key_from_blob */ if (strncmp((char *)&decoded[i], "ssh-rsa", 7) != 0) return NULL; i += len; key = EVP_PKEY_new(); rsa = RSA_new(); /* get integer from blob */ len = (decoded[i] << 24) + (decoded[i + 1] << 16) + (decoded[i + 2] << 8) + (decoded[i + 3]); i += 4; /* get bignum */ rsa_e = BN_bin2bn(decoded + i, len, NULL); i += len; /* get integer from blob */ len = (decoded[i] << 24) + (decoded[i + 1] << 16) + (decoded[i + 2] << 8) + (decoded[i + 3]); i += 4; /* get bignum */ rsa_n = BN_bin2bn(decoded + i, len, NULL); RSA_set0_key(rsa, rsa_n, rsa_e, NULL); EVP_PKEY_assign_RSA(key, rsa); return key; } static void add_key(EVP_PKEY * key, EVP_PKEY *** keys, int *nkeys) { EVP_PKEY **keys2; /* sanity checks */ if (!key) return; if (!keys) return; if (!nkeys) return; /* no keys so far */ if (!*keys) { *keys = malloc(sizeof(void *)); if (!*keys) return; *keys[0] = key; *nkeys = 1; return; } /* enlarge */ keys2 = malloc(sizeof(void *) * ((*nkeys) + 1)); if (!keys2) return; memcpy(keys2, *keys, sizeof(void *) * (*nkeys)); keys2[*nkeys] = key; free(*keys); *keys = keys2; (*nkeys)++; } #endif /* * Returns the public key of certificate as an array list */ static char ** openssh_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_SSHPUK,ALGORITHM_NULL); if (!entries) { DBG("get_public_key() failed"); return NULL; } return entries; } static int openssh_mapper_match_keys(X509 *x509, const char *filename) { #ifdef HAVE_NSS return -1; #else FILE *fd; char line[OPENSSH_LINE_MAX]; int i; int nkeys =0; EVP_PKEY **keys = NULL; EVP_PKEY *authkey = X509_get_pubkey(x509); if (!authkey) { DBG("Cannot locate Cert Public key"); return 0; } /* parse list of authorized keys until match */ fd=fopen(filename,"rt"); if (!fd) { DBG2("fopen('%s') : '%s'",filename,strerror(errno)); return 0; /* no authorized_keys file -> no match :-) */ } /* read pkey files and compose chain */ for (;;) { char *cp; if (!fgets(line, OPENSSH_LINE_MAX, fd)) break; /* Skip leading whitespace, empty and comment lines. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) if (!*cp || *cp == '\n' || *cp == '#') continue; if (*cp >= '0' && *cp <= '9') { /* ssh v1 key format */ EVP_PKEY *key = ssh1_line_to_key(cp); if (key) add_key(key, &keys, &nkeys); } if (strncmp("ssh-rsa", cp, 7) == 0) { /* ssh v2 rsa key format */ EVP_PKEY *key = ssh2_line_to_key(cp); if (key) add_key(key, &keys, &nkeys); } } fclose(fd); for (i = 0; i < nkeys; i++) { RSA *authrsa, *rsa; BIGNUM *authrsa_n, *authrsa_e; BIGNUM *rsa_n, *rsa_e; authrsa = EVP_PKEY_get1_RSA(authkey); if (!authrsa) continue; /* not RSA */ rsa = EVP_PKEY_get1_RSA(keys[i]); if (!rsa) continue; /* not RSA */ if (BN_cmp(rsa_e, authrsa_e) != 0) continue; if (BN_cmp(rsa_n, authrsa_n) != 0) continue; return 1; /* FOUND */ } DBG("User authorized_keys file doesn't match cert public key(s)"); return 0; #endif } _DEFAULT_MAPPER_END /* * parses the certificate, extract public key and try to match * with contents of ${login}/.ssh/authorized_keys file * returns -1, 0 or 1 ( error, no match, or match) */ static int openssh_mapper_match_user(X509 *x509, const char *user, void *context) { struct passwd *pw; char filename[512]; if (!x509) return -1; if (!user) return -1; pw = getpwnam(user); if (!pw || is_empty_str(pw->pw_dir) ) { DBG1("User '%s' has no home directory",user); return -1; } sprintf(filename,"%s/.ssh/authorized_keys",pw->pw_dir); return openssh_mapper_match_keys(x509,filename); } /* parses the certificate and return the _first_ user that matches public key */ static char * openssh_mapper_find_user(X509 *x509, void *context, int *match) { int n = 0; struct passwd *pw = NULL; char *res = NULL; /* parse list of users until match */ setpwent(); while((pw=getpwent()) != NULL) { char filename[512]; DBG1("Trying to match certificate with user: '%s'",pw->pw_name); if ( is_empty_str(pw->pw_dir) ) { DBG1("User '%s' has no home directory",pw->pw_name); continue; } sprintf(filename,"%s/.ssh/authorized_keys",pw->pw_dir); n = openssh_mapper_match_keys (x509,filename); if (n<0) { DBG1("Error in matching process with user '%s'",pw->pw_name); endpwent(); return NULL; } if (n==0) { DBG1("Certificate doesn't match user '%s'",pw->pw_name); continue; } /* arriving here means user found */ DBG1("Certificate match found for user '%s'",pw->pw_name); res = clone_str(pw->pw_name); endpwent(); *match = 1; return res; } /* next login */ /* no user found that contains cert in their directory */ endpwent(); DBG("No entry at ${login}/.ssh/authorized_keys maps to any provided certificate"); return NULL; } static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = openssh_mapper_find_entries; pt->finder = openssh_mapper_find_user; pt->matcher = openssh_mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * Initialization routine */ #ifndef OPENSSH_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * openssh_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; if (blk) { debug = scconf_get_bool(blk,"debug",0); keyfile = scconf_get_str(blk,"keyfile",keyfile); } else { DBG1("No block declaration for mapper '%s'",mapper_name); } set_debug_level(debug); pt = init_mapper_st(blk,mapper_name); if(pt) DBG2("OpenSSH mapper started. debug: %d, mapfile: %s",debug,keyfile); else DBG("OpenSSH mapper initialization failed"); return pt; } pam_pkcs11-0.6.9/src/mappers/mapper.c0000644000175000017500000001524112074274512017660 0ustar rousseaurousseau/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #ifndef __MAPPER_C_ #define __MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include #include "../common/debug.h" #include "../common/error.h" #include "../common/uri.h" #include "../common/strings.h" #include "mapper.h" /* * Common functions to all mapping modules */ /** * Initialize a map file * Creates a mapfile entry * load url and store into mapfile * returns struct or NULL on error */ struct mapfile *set_mapent(const char *url) { int res; struct mapfile *mfile = malloc(sizeof(struct mapfile)); if (!mfile) return NULL; mfile->uri=url; mfile->pt = (char *) NULL; mfile->key = (char *) NULL; mfile->value = (char *) NULL; res = get_from_uri(mfile->uri,(unsigned char **)&mfile->buffer,&mfile->length); if (res<0) { DBG1("get_from_uri() error: %s",get_error()); free(mfile); return NULL; } mfile->pt = mfile->buffer; return mfile; } /** * Gets a key/value pair on provided mapfile * returns true (1) on success, false (0) on error */ int get_mapent(struct mapfile *mfile) { char *res; char *sep; size_t len; char *from,*to; /* set up environment */ free (mfile->key); mfile->key=NULL; mfile->value=NULL; try_again: /* get a line from buffer */ from = mfile->pt; /* set up pointer */ while( *from && isspace(*from) ) from++; to = strchr(from,'\n'); /* if no newline, assume string ends at end of buffer */ if (!to) to=mfile->buffer+mfile->length; if (to<=from) { DBG("EOF reached"); return 0; /* empty data */ } /* store and parse line */ len= to-from; res=malloc (len+1); if (!res) { DBG("malloc error"); return 0; /* not enough space to malloc string */ } strncpy(res,from,len); *(res+len)='\0'; if ('#' == res[0]) { DBG1("Line '%s' is a comment: skip",res); free(res); mfile->pt=to; goto try_again; /* repeat loop */ } sep = strstr(res," -> "); if (!sep) { DBG1("Line '%s' has no key -> value format: skip",res); free(res); mfile->pt=to; goto try_again; /* repeat loop */ } *sep='\0'; mfile->key=res; mfile->value=sep+4; mfile->pt=to; DBG2("Found key: '%s' value '%s'",mfile->key,mfile->value); return 1; } /** * closes and free a mapfile entry */ void end_mapent(struct mapfile *mfile) { if (!mfile) return; /* don't free uri: is a scconf provided "const char *" */; /* free (mfile->uri); */ /* don't free key/value: they are pointers to somewhere in buffer */ /* free (mfile->value); */ /* free (mfile->key); */ free (mfile->buffer); free(mfile); return; } /** * find a map from mapfile * @param file FileName * @param key Key to search in mapfile * @param icase ignore case * @param match Set to 1 for mapped string return, unmodified for key return * @return mapped string on match, key on no match, NULL on error */ char *mapfile_find(const char *file, char *key, int icase, int *match) { struct mapfile *mfile; if ( (!key) || is_empty_str(key) ) { DBG("key to map is null or empty"); return NULL; } if ( (!file)||(is_empty_str((char *)file))||(!strcmp(file,"none")) ) { char *res = clone_str(key); DBG("No mapping file specified"); return res; } DBG2("Using mapping file: '%s' to search '%s'",file,key); mfile = set_mapent(file); if (!mfile) { DBG1("Error processing mapfile %s",file); return NULL; } while (get_mapent(mfile)) { int done = 0; if (mfile->key[0]=='^' && mfile->key[strlen(mfile->key)-1]=='$') { regex_t re; DBG2("Trying RE '%s' match on '%s'",mfile->key,key); if (regcomp(&re,mfile->key,(icase ? REG_ICASE : 0)|REG_NEWLINE)) { DBG2("RE '%s' in mapfile '%s' is invalid",mfile->key,file); } else { done = !regexec(&re,key,0,NULL,0); regfree(&re); } } else if (icase) done = !strcasecmp(key, mfile->key); else done = !strcmp(key, mfile->key); if (done) { char *res=clone_str(mfile->value); DBG2("Found mapfile match '%s' -> '%s'",key,mfile->value); end_mapent(mfile); *match = 1; return res; } } /* arriving here means map not found, so return key as result */ DBG("Mapfile match not found"); end_mapent(mfile); return clone_str(key); } /** * find a match from mapfile * @param file FileName * @param key Key to search in mapfile * @param value string to match in mapfile * @param icase ignore upper/lower case * @return 1 on match, 0 on no match, -1 on error */ int mapfile_match(const char *file, char *key, const char *value, int icase) { int res; int match = 0; char *str=mapfile_find(file,key,icase,&match); if (!str) return -1; if (icase) res= (!strcasecmp(str,value))? 1:0; else res= (!strcmp(str,value))? 1:0; return res; } /* pwent related functions */ /** * Compare item to gecos or login pw_entry * returns 1 on match, else 0 */ int compare_pw_entry(const char *str,struct passwd *pw, int ignorecase) { if (ignorecase) { if ( !strcasecmp(pw->pw_name,str) || !strcasecmp(pw->pw_gecos,str) ) { return 1; } } else { if ( !strcmp(pw->pw_name,str) || !strcmp(pw->pw_gecos,str) ) { return 1; } } return 0; } /** * look in pw entries for an item that matches gecos or login to provided string * on success return login * on fail return null */ char *search_pw_entry(const char *str,int ignorecase) { char *res; struct passwd *pw; setpwent(); /* reset pwent parser */ while ( (pw=getpwent()) != NULL) { if( compare_pw_entry(str,pw,ignorecase) ) { DBG1("getpwent() match found: '%s'",pw->pw_name); res= clone_str(pw->pw_name); endpwent(); return res; } } endpwent(); DBG1("No pwent found matching string '%s'",str); return NULL; } #endif pam_pkcs11-0.6.9/src/mappers/uid_mapper.c0000644000175000017500000001020512377557007020525 0ustar rousseaurousseau/* * PAM-PKCS11 UID mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #define __UID_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "uid_mapper.h" /* * This mapper uses the Unique ID (UID) entry on the certificate to * find user name. */ static const char *mapfile = "none"; static int ignorecase = 0; static int debug = 0; /** * Return the list of UID's on this certificate */ static char ** uid_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_UID,ALGORITHM_NULL); if (!entries) { DBG("get_unique_id() failed"); return NULL; } return entries; } /* parses the certificate and return the map of the first UID entry found If no UID found or map error, return NULL */ static char * uid_mapper_find_user(X509 *x509, void *context, int *match) { char *res; char **entries= cert_info(x509,CERT_UID,ALGORITHM_NULL); if (!entries) { DBG("get_unique_id() failed"); return NULL; } DBG1("trying to map uid entry '%s'",entries[0]); res = mapfile_find(mapfile,entries[0],ignorecase,match); if (!res) { DBG("Error in map process"); return NULL; } return clone_str(res); } /* * parses the certificate and try to macht any UID in the certificate * with provided user */ static int uid_mapper_match_user(X509 *x509, const char *login, void *context) { char *str; int match_found = 0; char **entries = cert_info(x509,CERT_UID,ALGORITHM_NULL); if (!entries) { DBG("get_unique_id() failed"); return -1; } /* parse list of uids until match */ for (str=*entries; str && (match_found==0); str=*++entries) { int res=0; DBG1("trying to map & match uid entry '%s'",str); res = mapfile_match(mapfile,str,login,ignorecase); if (!res) { DBG("Error in map&match process"); return -1; /* or perhaps should be "continue" ??*/ } if (res>0) match_found=1; } return match_found; } _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = uid_mapper_find_entries; pt->finder = uid_mapper_find_user; pt->matcher = uid_mapper_match_user; pt->deinit = mapper_module_end; return pt; } #ifndef UID_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * uid_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; if (blk) { debug= scconf_get_bool(blk,"debug",0); mapfile = scconf_get_str(blk,"mapfile",mapfile); ignorecase = scconf_get_bool(blk,"ignorecase",ignorecase); } else { DBG1("No block declaration for mapper '%s'", mapper_name); } set_debug_level(debug); pt= init_mapper_st(blk,mapper_name); if(pt) DBG3("UniqueID mapper started. debug: %d, mapfile: %s, icase: %d",debug,mapfile,ignorecase); else DBG("UniqueID mapper initialization failed"); return pt; } pam_pkcs11-0.6.9/src/mappers/opensc_mapper.c0000644000175000017500000001351112074274512021225 0ustar rousseaurousseau/* * PAM-PKCS11 OPENSSH mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam_pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * Based in pam_opensc from Andreas Jellinghaus * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #define __OPENSC_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include #include #include #include #include #include #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "opensc_mapper.h" /** * This mapper try to locate user by comparing authorized certificates * from each $HOME/.eid/authorized_certificates user entry, * as stored by OpenSC package */ /* * Return the list of certificates as an array list */ static char ** opensc_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_PEM,ALGORITHM_NULL); if (!entries) { DBG("get_certificate() failed"); return NULL; } return entries; } /* * parses the certificate, extract it in PEM format, and try to match * with contents of ${login}/.ssh/authorized_certificates file * returns -1, 0 or 1 ( error, no match, or match) */ static int opensc_mapper_match_certs(X509 *x509, const char *home) { #ifdef HAVE_NSS /* still need to genericize the BIO functions here */ return -1; #else #ifndef PATH_MAX /* PATH_MAX is not defined (unlimited) on Hurd */ /* the correct solution would be to use a dynamic allocation */ #define PATH_MAX 1024 #endif char filename[PATH_MAX]; X509 **certs; int ncerts, i, rc; #include BIO *in; if (!x509) return -1; if (!home) return -1; snprintf(filename, sizeof(filename), "%s/.eid/authorized_certificates", home); in = BIO_new(BIO_s_file()); if (!in) { DBG("BIO_new() failed\n"); return -1; } rc = BIO_read_filename(in, filename); if (rc != 1) { DBG1("BIO_read_filename from %s failed\n",filename); return 0; /* fail means no file, or read error */ } /* create and compose certificate chain */ ncerts=0; certs=NULL; for (;;) { X509 *cert = PEM_read_bio_X509(in, NULL, 0, NULL); if (cert) add_cert(cert, &certs, &ncerts); else break; } BIO_free(in); for (i = 0; i < ncerts; i++) { if (X509_cmp(certs[i],x509) == 0) return 1; /* Match found */ } return 0; /* Don't match */ #endif } static int opensc_mapper_match_user(X509 *x509, const char *user, void *context) { struct passwd *pw; if (!x509) return -1; if (!user) return -1; pw = getpwnam(user); if (!pw || !pw->pw_dir) { DBG1("User '%s' has no home directory",user); return -1; } return opensc_mapper_match_certs(x509,pw->pw_dir); } /* parses the certificate and return the _first_ user that has it in their ${HOME}/.eid/authorized_certificates */ static char * opensc_mapper_find_user(X509 *x509, void *context, int *match) { int n = 0; struct passwd *pw = NULL; char *res = NULL; /* parse list of users until match */ setpwent(); while((pw=getpwent()) != NULL) { DBG1("Trying to match certificate with user: '%s'",pw->pw_name); n = opensc_mapper_match_certs (x509, pw->pw_dir); if (n<0) { DBG1("Error in matching process with user '%s'",pw->pw_name); endpwent(); return NULL; } if (n==0) { DBG1("Certificate doesn't match user '%s'",pw->pw_name); continue; } /* arriving here means user found */ DBG1("Certificate match found for user '%s'",pw->pw_name); res = clone_str(pw->pw_name); endpwent(); *match = 1; return res; } /* next login */ /* no user found that contains cert in their directory */ endpwent(); DBG("No entry at ${login}/.eid/authorized_certificates maps to any provided certificate"); return NULL; } _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = opensc_mapper_find_entries; pt->finder = opensc_mapper_find_user; pt->matcher = opensc_mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * Initialization routine */ #ifndef OPENSC_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * opensc_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; int debug = 0; if (blk) debug = scconf_get_bool(blk,"debug",0); set_debug_level(debug); pt = init_mapper_st(blk,mapper_name); if(pt) DBG1("OpenSC mapper started. debug: %d",debug); else DBG("OpenSC mapper initialization failed"); return pt; } pam_pkcs11-0.6.9/src/mappers/subject_mapper.h0000644000175000017500000000261312074274512021403 0ustar rousseaurousseau/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #ifndef __SUBJECT_MAPPER_H_ #define __SUBJECT_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef SUBJECT_MAPPER_STATIC #ifndef __SUBJECT_MAPPER_C_ #define SUBJECT_EXTERN extern #else #define SUBJECT_EXTERN #endif SUBJECT_EXTERN mapper_module * subject_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef SUBJECT_EXTERN /* end of static (if any) declarations */ #endif /* End of subject_mapper.h */ #endif pam_pkcs11-0.6.9/src/mappers/cn_mapper.c0000644000175000017500000001037612074274512020344 0ustar rousseaurousseau/* * PAM-PKCS11 CN mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #define __CN_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "cn_mapper.h" static const char *mapfile="none"; static int ignorecase=0; static int debug=0; /* * This mapper uses the common name (CN) entry on the certificate to * find user name. * When a mapfile is specified, try to map CN entry to a user login */ /** * Return array of found CN's */ static char ** cn_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_CN,ALGORITHM_NULL); if (!entries) { DBG("get_common_name() failed"); return NULL; } return entries; } /* parses the certificate and return the first CN entry found, or NULL */ static char * cn_mapper_find_user(X509 *x509, void *context, int *match) { char *res; char **entries= cert_info(x509,CERT_CN,ALGORITHM_NULL); if (!entries) { DBG("get_common_name() failed"); return NULL; } DBG1("trying to map CN entry '%s'",entries[0]); res = mapfile_find(mapfile,entries[0],ignorecase,match); if (!res) { DBG("Error in map process"); return NULL; } return clone_str(res); } /* * parses the certificate and try to macht any CN in the certificate * with provided user */ static int cn_mapper_match_user(X509 *x509,const char *login, void *context) { char *str; int match_found = 0; char **entries = cert_info(x509,CERT_CN,ALGORITHM_NULL); if (!entries) { DBG("get_common_name() failed"); return -1; } /* parse list of uids until match */ for (str=*entries; str && (match_found==0); str=*++entries) { int res=0; DBG1("trying to map & match CN entry '%s'",str); res = mapfile_match(mapfile,str,login,ignorecase); if (!res) { DBG("Error in map&match process"); return -1; /* or perhaps should be "continue" ??*/ } if (res>0) match_found=1; } return match_found; } _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = cn_mapper_find_entries; pt->finder = cn_mapper_find_user; pt->matcher = cn_mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * Initialization routine */ #ifndef CN_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * cn_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; if (blk) { debug= scconf_get_bool(blk,"debug",0); mapfile= scconf_get_str(blk,"mapfile",mapfile); ignorecase= scconf_get_bool(blk,"ignorecase",ignorecase); } else { DBG1("No block declaration for mapper '%s'",mapper_name); } set_debug_level(debug); pt = init_mapper_st(blk,mapper_name); if (pt) DBG3("CN mapper started. debug: %d, mapfile: %s, icase: %d",debug,mapfile,ignorecase); else DBG("CN mapper initialization error"); return pt; } pam_pkcs11-0.6.9/src/mappers/null_mapper.h0000644000175000017500000000255512074274512020723 0ustar rousseaurousseau/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #ifndef __NULL_MAPPER_H_ #define __NULL_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef NULL_MAPPER_STATIC #ifndef __NULL_MAPPER_C_ #define NULL_EXTERN extern #else #define NULL_EXTERN #endif NULL_EXTERN mapper_module * null_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef NULL_EXTERN /* end of static (if any) declarations */ #endif /* End of null_mapper.h */ #endif pam_pkcs11-0.6.9/src/mappers/ms_mapper.c0000644000175000017500000001416212074274512020360 0ustar rousseaurousseau/* * PAM-PKCS11 Microsoft Universal Principal Name mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #define __MS_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "ms_mapper.h" /* * This mapper uses (if available) the optional MS's Universal Principal Name * entry on the certificate to find user name. * According with MS documentation, UPN has following structure: * OID: 1.3.6.1.4.1.311.20.2.3 * UPN OtherName: user@domain.com * UPN encoding:ASN1 UTF8 * * As UPN has in-built login and domain, No mapping file is used: login * is implicit. * A "checkdomain" flag is tested to compare domain if set. * TODO: talk to Active Domain Service certificate an login validation */ static int ignorecase = 0; static int ignoredomain =0; static const char *domainname=""; static const char *domainnickname=""; static int debug =0; /* check syntax and domain match on provided string */ static char *check_upn(char *str) { char *domain; if (!str) return NULL; if (!strchr(str,'@')) { DBG1("'%s' is not a valid MS UPN",str); return NULL; } domain=strchr(str,'@'); *domain++='\0'; if (!domain) { DBG1("'%s' has not a valid MS UPN domain",str); return NULL; } if (ignoredomain) return str; if (strcmp(domainname,domain)) { DBG2("Domain '%s' doesn't match UPN domain '%s'",domainname,domain); return NULL; } if (domainnickname && domainnickname[0]) { char *tmp; size_t tmp_len; DBG1("Adding domain nick name '%s'",domainnickname); tmp_len = strlen(str) + strlen(domainnickname) + 2; tmp = malloc(tmp_len); snprintf(tmp, tmp_len, "%s\\%s", domainnickname, str); free(str); str = tmp; } return str; } static int compare_name(char *name, const char *user) { char *c_name= (ignorecase)?tolower_str(name):clone_str(name); char *c_user= (ignorecase)?tolower_str(user):clone_str(user); return !strcmp(c_name, c_user); } /* * Extract the MS Universal Principal Name array list */ static char ** ms_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_UPN,ALGORITHM_NULL); if (!entries) { DBG("get_ms_upn() failed"); return NULL; } return entries; } /* parses the certificate and return the first valid UPN entry found, or NULL */ static char * ms_mapper_find_user(X509 *x509, void *context, int *match) { char *str; char **entries = cert_info(x509,CERT_UPN,ALGORITHM_NULL); if (!entries) { DBG("get_ms_upn() failed"); return NULL; } /* parse list until a valid string is found */ for (str=*entries; str; str=*++entries) { char *item,*res; item = (ignorecase)?tolower_str(entries[0]):clone_str(entries[0]); res= check_upn(item); if (res) { DBG2("Found valid UPN: '%s' maps to '%s' ",str,res); *match = 1; return clone_str(res); } else { DBG1("Invalid UPN found '%s'",str); } } DBG("No valid upn found"); return NULL; } /* * parses the certificate and try to macht any UPN in the certificate * with provided user */ static int ms_mapper_match_user(X509 *x509, const char *user, void *context) { char *str; int match_found = 0; char **entries = cert_info(x509,CERT_UPN,ALGORITHM_NULL); if (!entries) { DBG("get_ms_upn() failed"); return -1; } /* parse list of uids until match */ for (str=*entries; str && (match_found==0); str=*++entries) { char *login; if (ignorecase) login= check_upn(tolower_str(str)); else login= check_upn(clone_str(str)); if ( compare_name(login,user) ) { DBG2("Match found for entry '%s' & login '%s'",str,login); match_found=1; } else { DBG1("Match failed for entry '%s'",str); } free(login); } return match_found; } _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = ms_mapper_find_entries; pt->finder = ms_mapper_find_user; pt->matcher = ms_mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * init routine * parse configuration block entry */ #ifndef MS_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * ms_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; if (blk) { debug = scconf_get_bool(blk,"debug",0); ignorecase = scconf_get_bool(blk,"ignorecase",ignorecase); ignoredomain = scconf_get_bool(blk,"ignoredomain",ignoredomain); domainname = scconf_get_str(blk,"domainname",domainname); domainnickname = scconf_get_str(blk,"domainnickname",domainnickname); } else { DBG1("No block declaration for mapper '%s'",mapper_name); } set_debug_level(debug); pt = init_mapper_st(blk,mapper_name); if (pt) DBG4("MS PrincipalName mapper started. debug: %d, idomain: %d, icase: %d, domainname: '%s'",debug,ignoredomain,ignorecase,domainname); else DBG("MS PrincipalName mapper initialization failed"); return pt; } pam_pkcs11-0.6.9/src/mappers/subject_mapper.c0000644000175000017500000000676712377557007021425 0ustar rousseaurousseau/* * PAM-PKCS11 Cert Subject to login file based mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #define __SUBJECT_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif /*#include */ /*#include */ #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "subject_mapper.h" static const char *filename = "none"; static int ignorecase = 0; static int debug = 0; /* * returns the Certificate subject */ static char ** subject_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_SUBJECT,ALGORITHM_NULL); if (!entries) { DBG("X509_get_subject_name failed"); return NULL; } return entries; } /* parses the certificate and return the first Subject entry found, or NULL */ static char * subject_mapper_find_user(X509 *x509, void *context, int *match) { char **entries = cert_info(x509,CERT_SUBJECT,ALGORITHM_NULL); if (!entries) { DBG("X509_get_subject_name failed"); return NULL; } return mapfile_find(filename,entries[0],ignorecase,match); } /* * parses the certificate and try to macth Subject in the certificate * with provided user */ static int subject_mapper_match_user(X509 *x509, const char *login, void *context) { char **entries = cert_info(x509,CERT_SUBJECT,ALGORITHM_NULL); if (!entries) { DBG("X509_get_subject_name failed"); return -1; } return mapfile_match(filename,entries[0],login,ignorecase); } _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = subject_mapper_find_entries; pt->finder = subject_mapper_find_user; pt->matcher = subject_mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * Initialization routine */ #ifndef SUBJECT_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * subject_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; if (blk) { debug = scconf_get_bool(blk,"debug",0); filename = scconf_get_str(blk,"mapfile",filename); ignorecase = scconf_get_bool(blk,"ignorecase",ignorecase); } else { DBG1("No block declaration for mapper '%s'",mapper_name); } set_debug_level(debug); pt= init_mapper_st(blk,mapper_name); if(pt) DBG3("Subject mapper started. debug: %d, mapfile: %s, icase: %d",debug,filename,ignorecase); else DBG("Subject mapper initialization failed"); return pt; } pam_pkcs11-0.6.9/src/mappers/krb_mapper.c0000644000175000017500000001011612074274512020512 0ustar rousseaurousseau/* * PAM-PKCS11 Kerberos Principal Name mapper module * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #define __KRB_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif #include "../common/cert_st.h" #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "krb_mapper.h" /* * This mapper uses (if available) the optional Kerberos Principal Name * entry on the certificate to find user name. */ static int debug = 0; /* TODO: Implement kerberos authentication via PKINIT protocol */ /* * get Kerberos principal name of certificate */ /** * Return array of found CN's */ static char ** krb_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_KPN,ALGORITHM_NULL); if (!entries) { DBG("get_krb_principalname() failed"); return NULL; } return entries; } /* parses the certificate and return the email entry found, or NULL */ static char * krb_mapper_find_user(X509 *x509, void *context, int *match) { char *res; char **entries= cert_info(x509,CERT_KPN,ALGORITHM_NULL); if (!entries) { DBG("get_krb_principalname() failed"); return NULL; } DBG1("trying to map kpn entry '%s'",entries[0]); res = mapfile_find("none",entries[0],0,match); if (!res) { DBG("Error in map process"); return NULL; } return clone_str(res); } /* * parses the certificate and try to macht any CN in the certificate * with provided user */ static int krb_mapper_match_user(X509 *x509, const char *login, void *context) { char *str; int match_found = 0; char **entries = cert_info(x509,CERT_KPN,ALGORITHM_NULL); if (!entries) { DBG("get_krb_principalname() failed"); return -1; } /* parse list of entries until match */ for (str=*entries; str && (match_found==0); str=*++entries) { int res=0; DBG1("trying to map & match KPN entry '%s'",str); res = mapfile_match("none",str,login,0); if (!res) { DBG("Error in map&match process"); return -1; /* or perhaps should be "continue" ??*/ } if (res>0) match_found=1; } return match_found; } _DEFAULT_MAPPER_END static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = krb_mapper_find_entries; pt->finder = krb_mapper_find_user; pt->matcher = krb_mapper_match_user; pt->deinit = mapper_module_end; return pt; } /** * init routine * parse configuration block entry */ #ifndef KRB_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * krb_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; if( blk) debug = scconf_get_bool(blk,"debug",0); set_debug_level(debug); pt=init_mapper_st(blk,mapper_name); if(pt) DBG("KPN mappper started"); else DBG("KPN mapper initialization failed"); return pt; } pam_pkcs11-0.6.9/src/mappers/ldap_mapper.c0000644000175000017500000010057312377562262020673 0ustar rousseaurousseau/* * PAM-PKCS11 ldap mapper module * Copyright (C) 2005 Dominik Fischer * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ /* * Sandro Wefel (SaW) added * TLS/SSL support (see autofs-ldap and libnss-ldap) * multiple LDAP-Server support * multi-value certificate entries */ #define __LDAP_MAPPER_C_ #ifdef HAVE_CONFIG_H #include #endif /* FIXME do not use deprecated ldap_* functions */ #define LDAP_DEPRECATED 1 #include #include #include #include "../common/cert_st.h" #include "../common/debug.h" #include "../common/error.h" #include "../scconf/scconf.h" #include "../common/strings.h" #include "../common/cert_info.h" #include "mapper.h" #include "ldap_mapper.h" /* * This mapper uses the "login" parameter from mapper_match_user and * uses it to get a certificate from a LDAP server. The digest of * this certificate is then compared to the digest of the certificate * from smartcard. * Configuration is done in pam_pkcs11.conf. */ static const int LDAP_CONFIG_URI_MAX = 10; /* * TODO: * - Support for SASL-AUTH not included yet, I can't test it * * - ldap_unbind (*ld) crash if you connect to a SSL port but have set TLS intead SSL * - no idea why!? * - you got no error-massage from your application * - believe skip ldap_unbind (*ld) for a bind handle isn't a good solution * * - implement searchtimeout * - implement ignorecase */ enum ldap_ssl_options { SSL_OFF, SSL_LDAPS, SSL_START_TLS }; typedef enum ldap_ssl_options ldap_ssl_options_t; #ifndef LDAPS_PORT #define LDAPS_PORT 636 #endif /*** Internal vars *****************************************************/ /* Host and Port */ static const char *ldaphost=""; static int ldapport=0; /* or URI (allow multiple hosts) */ static const char *ldapURI=""; static int scope=1; /* 0: LDAP_SCOPE_BASE, 1: LDAP_SCOPE_ONE, 2: LDAP_SCOPE_SUB */ static const char *binddn=""; static const char *passwd=""; static const char *base="ou=People,o=example,c=com"; static const char *attribute="userCertificate"; static const char *uid_attribute; static const scconf_list *attribute_map; static const char *filter="(&(objectClass=posixAccount)(uid=%s)"; static int searchtimeout=20; static int ignorecase=0; static char *uid_attribute_value; static int certcnt=0; static ldap_ssl_options_t ssl_on = SSL_OFF; #if defined HAVE_LDAP_START_TLS_S || (defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)) /* TLS/SSL specific options */ static const char *tls_randfile=""; static const char *tls_cacertfile=""; static const char *tls_cacertdir=""; static int tls_checkpeer=-1; static const char *tls_ciphers=""; static const char *tls_cert=""; static const char *tls_key=""; #endif static int ldapVersion = 3; #ifdef HAVE_LDAP_SET_OPTION static int timeout = 8; /* 8 seconds */ #endif static int bind_timelimit = 2; /* Timelimit for BIND */ static const int sscope[] = { LDAP_SCOPE_BASE, LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE}; /*** Internal funcs ****************************************************/ static int do_init (LDAP ** ld, const char *uri, int ldapdefport) { int rc; int ldaps; char uribuf[512]; char *p; DBG("do_init():"); ldaps = (strncasecmp (uri, "ldaps://", sizeof ("ldaps://") - 1) == 0); p = strchr (uri, ':'); /* we should be looking for the second instance to find the port number */ if (p != NULL) { p = strchr (p, ':'); } #ifdef HAVE_LDAP_INITIALIZE if (p == NULL && ((ldaps && ldapdefport != LDAPS_PORT) || (!ldaps && ldapdefport != LDAP_PORT))) { /* No port specified in URI and non-default port specified */ snprintf (uribuf, sizeof (uribuf), "%s:%d", uri, ldapdefport); uri = uribuf; } rc = ldap_initialize (ld, uri); #else /* TODO: !HAVE_LDAP_INITIALIZE => no ldaps:// possible? */ if (strncasecmp (uri, "ldap://", sizeof ("ldap://") - 1) != 0) { return LDAP_UNAVAILABLE; } uri += sizeof ("ldap://") - 1; p = strchr (uri, ':'); if (p != NULL) { size_t urilen = (p - uri); if (urilen >= sizeof (uribuf)) { return LDAP_UNAVAILABLE; } memcpy (uribuf, uri, urilen); uribuf[urilen] = '\0'; ldapdefport = atoi (p + 1); uri = uribuf; } # ifdef HAVE_LDAP_INIT *ld = ldap_init (uri, ldapdefport); # else *ld = ldap_open (uri, ldapdefport); # endif rc = (*ld == NULL) ? LDAP_SERVER_DOWN : LDAP_SUCCESS; #endif /* HAVE_LDAP_INITIALIZE */ if (rc == LDAP_SUCCESS && *ld == NULL) { rc = LDAP_UNAVAILABLE; } return rc; } #if defined HAVE_LDAP_START_TLS_S || (defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)) /* * Set the ssl option */ static int do_ssl_options (LDAP *ldap_connection) { int rc; DBG("do_ssl_options"); #ifdef LDAP_OPT_X_TLS_RANDOM_FILE if (strncmp(tls_randfile,"",1)) { /* rand file */ rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_RANDOM_FILE, tls_randfile); if (rc != LDAP_SUCCESS) { DBG("do_ssl_options: Setting of LDAP_OPT_X_TLS_RANDOM_FILE failed"); return LDAP_OPERATIONS_ERROR; } } #endif /* LDAP_OPT_X_TLS_RANDOM_FILE */ if (strncmp(tls_cacertfile,"",1)) { /* ca cert file */ rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE, tls_cacertfile); if (rc != LDAP_SUCCESS) { DBG("do_ssl_options: Setting of LDAP_OPT_X_TLS_CACERTFILE failed"); return LDAP_OPERATIONS_ERROR; } } if (strncmp(tls_cacertdir,"",1)) { /* ca cert directory */ rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR, tls_cacertdir); if (rc != LDAP_SUCCESS) { DBG("do_ssl_options: Setting of LDAP_OPT_X_TLS_CACERTDIR failed"); return LDAP_OPERATIONS_ERROR; } } /* the cert have to be checked ? */ if (tls_checkpeer > -1) { rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &tls_checkpeer); if (rc != LDAP_SUCCESS) { DBG("do_ssl_options: Setting of LDAP_OPT_X_TLS_REQUIRE_CERT failed"); return LDAP_OPERATIONS_ERROR; } } if (strncmp(tls_ciphers,"",1)) { /* set cipher suite, certificate and private key: */ rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, tls_ciphers); if (rc != LDAP_SUCCESS) { DBG("do_ssl_options: Setting of LDAP_OPT_X_TLS_CIPHER_SUITE failed"); return LDAP_OPERATIONS_ERROR; } } /* where is the requiered cert */ if (strncmp(tls_cert,"",1)) { rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE, tls_cert); if (rc != LDAP_SUCCESS) { DBG("do_ssl_options: Setting of LDAP_OPT_X_TLS_CERTFILE failed"); return LDAP_OPERATIONS_ERROR; } } /* where is the key */ if (strncmp(tls_key,"",1)) { rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE, tls_key); if (rc != LDAP_SUCCESS) { DBG("do_ssl_options: Setting of LDAP_OPT_X_TLS_KEYFILE failed"); return LDAP_OPERATIONS_ERROR; } } return LDAP_SUCCESS; } #endif static int do_bind (LDAP * ldap_connection, int timelimit) { int rc; int rv; struct timeval tv; LDAPMessage *result; /* * set timelimit in ld for select() call in ldap_pvt_connect() * function implemented in libldap2's os-ip.c */ tv.tv_sec = timelimit; tv.tv_usec = 0; DBG2("do_bind(): bind DN=\"%s\" pass=\"%s\"",binddn,passwd); /* LDAPv3 doesn't need bind at all, * nevertheless, if no binddn is given than bind anonymous */ if ( ! strncmp(binddn,"",1) ) { rv = ldap_simple_bind(ldap_connection, NULL, NULL); } else { rv = ldap_simple_bind(ldap_connection, binddn, passwd); } if (rv < 0) { DBG("do_bind: rv < 0"); #if defined(HAVE_LDAP_GET_OPTION) && defined(LDAP_OPT_ERROR_NUMBER) if (ldap_get_option (ldap_connection, LDAP_OPT_ERROR_NUMBER, &rc) != LDAP_SUCCESS) { rc = LDAP_UNAVAILABLE; } #else rc = ldap_connection->ld_errno; #endif /* LDAP_OPT_ERROR_NUMBER */ /* Notify if we failed. */ DBG3("could not connect to LDAP server as %s - %d - %s", binddn, rc, ldap_err2string (rc)); return rc; } rc = ldap_result (ldap_connection, rv, 0, &tv, &result); if (rc > 0) { DBG1("do_bind rc=%d", rc); /* debug ("<== do_bind"); */ return ldap_result2error (ldap_connection, result, 1); } /* took too long */ if (rc == 0) { DBG("do_bind rc=0"); ldap_abandon (ldap_connection, rv); } DBG("do_bind return -1"); return -1; } /* * Opes connection to an LDAP server * uri must be one URI */ static int do_open (LDAP **ld, const char* uri, int defport, ldap_ssl_options_t ssl_on_local) { #if defined(LDAP_OPT_NETWORK_TIMEOUT) || defined(HAVE_LDAP_START_TLS) struct timeval tv; #endif #ifdef HAVE_LDAP_START_TLS struct timeval *tvp; LDAPMessage *res = NULL; int msgid; #endif int rc; rc = do_init (ld, uri, defport); if (rc != LDAP_SUCCESS) { DBG("do_open(): do_init failed"); return rc; } if( ! *ld) { DBG("do_open(): internal error - assert (*ld != NULL)"); return(-2); } #if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_PROTOCOL_VERSION) ldap_set_option (*ld, LDAP_OPT_PROTOCOL_VERSION, &ldapVersion); #endif /* LDAP_OPT_PROTOCOL_VERSION */ #if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_NETWORK_TIMEOUT) /* ldap_set_option (*ld, LDAP_OPT_NETWORK_TIMEOUT, &timeout); */ rc = ldap_set_option(*ld, LDAP_OPT_NETWORK_TIMEOUT, &timeout); if ( rc != LDAP_SUCCESS ) { DBG2("Warning: failed to set connection timeout to %d: %s", timeout, ldap_err2string(rc)); } else DBG1("Set connection timeout to %d", timeout); #endif /* LDAP_OPT_NETWORK_TIMEOUT */ #if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_NETWORK_TIMEOUT) tv.tv_sec = bind_timelimit; tv.tv_usec = 0; ldap_set_option (*ld, LDAP_OPT_NETWORK_TIMEOUT, &tv); #endif /* LDAP_OPT_NETWORK_TIMEOUT */ #if defined(HAVE_LDAP_START_TLS_S) || defined(HAVE_LDAP_START_TLS) if (ssl_on_local == SSL_START_TLS) { int version; /* we need V3 at least */ if (ldap_get_option(*ld, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) { if (ldapVersion < LDAP_VERSION3) { ldapVersion = LDAP_VERSION3; ldap_set_option (*ld, LDAP_OPT_PROTOCOL_VERSION, &ldapVersion); } } /* set up SSL context */ if (do_ssl_options (*ld) != LDAP_SUCCESS) { ldap_unbind (*ld); DBG("do_open(): SSL setup failed"); return LDAP_UNAVAILABLE; } #ifdef HAVE_LDAP_START_TLS DBG("do_open(): do_start_tls"); rc = ldap_start_tls (*ld, NULL, NULL, &msgid); if (rc != LDAP_SUCCESS) { DBG1("do_open(): ldap_start_tls failed: %s", ldap_err2string (rc)); return rc; } if (bind_timelimit == LDAP_NO_LIMIT) { tvp = NULL; } else { tv.tv_sec = bind_timelimit; tv.tv_usec = 0; tvp = &tv; } rc = ldap_result (*ld, msgid, 1, tvp, &res); if (rc == -1) { #if defined(HAVE_LDAP_GET_OPTION) && defined(LDAP_OPT_ERROR_NUMBER) if (ldap_get_option (*ld, LDAP_OPT_ERROR_NUMBER, &rc) != LDAP_SUCCESS) { rc = LDAP_UNAVAILABLE; } #else rc = ld->ld_errno; #endif /* LDAP_OPT_ERROR_NUMBER */ DBG1("do_open(): ldap_start_tls failed: %s", ldap_err2string (rc)); return rc; } rc = ldap_result2error (*ld, res, 1); if (rc != LDAP_SUCCESS) { DBG1("do_open(): ldap_result2error failed: %s)", ldap_err2string (rc)); return rc; } rc = ldap_install_tls (*ld); #else rc = ldap_start_tls_s (*ld, NULL, NULL); #endif /* HAVE_LDAP_START_TLS */ if (rc == LDAP_SUCCESS) { DBG("do_open(): TLS startup succeeded"); } else { ldap_unbind (*ld); DBG2("do_open(): TLS startup failed for LDAP server %s: %s", uri, ldap_err2string (rc)); return rc; } } else #endif /* HAVE_LDAP_START_TLS_S || HAVE_LDAP_START_TLS */ /* * If SSL is desired, then enable it. */ if (ssl_on_local == SSL_LDAPS) { #if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS) int tls = LDAP_OPT_X_TLS_HARD; if (ldap_set_option (*ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) { ldap_unbind (*ld); DBG("do_open(): TLS setup failed"); return LDAP_UNAVAILABLE; } /* set up SSL context */ if (do_ssl_options (*ld) != LDAP_SUCCESS) { ldap_unbind (*ld); DBG("do_open(): SSL setup failed"); return LDAP_UNAVAILABLE; } #endif } rc = do_bind (*ld, bind_timelimit); if (rc != LDAP_SUCCESS) { DBG2("do_open(): failed to bind to LDAP server %s: %s", uri, ldap_err2string (rc)); ldap_unbind (*ld); } return rc; } /* * add singe URI to array of uris */ static int ldap_add_uri (char **uris, const char *a_uri, char **buffer, size_t *buflen) { int i; size_t uri_len; for (i = 0; uris[i] != NULL; i++) ; if (i == LDAP_CONFIG_URI_MAX) { DBG("maximum number of URIs exceeded"); return -1; } uri_len = strlen (a_uri); if (*buflen < uri_len + 1) { DBG("buffer to small for URI"); return -1; } memcpy (*buffer, a_uri, uri_len + 1); uris[i] = *buffer; uris[i + 1] = NULL; *buffer += uri_len + 1; *buflen -= uri_len + 1; DBG1("added URI %s", a_uri); return 0; } /* Build a filter suitable for locating the entry for the named user. */ static void ldap_x509_as_binary(X509 *x509, unsigned char **der, size_t *der_len) { #ifdef HAVE_NSS *der_len = 0; *der = malloc(x509->derCert.len); if (*der != NULL) { *der_len = x509->derCert.len; memcpy(*der, x509->derCert.data, *der_len); } #else unsigned char *p = NULL, *q; int len; *der_len = 0; *der = NULL; len = i2d_X509(x509, NULL); if (len > 0) { p = malloc(len); if (p != NULL) { q = p; if (i2d_X509(x509, &p) == len) { *der = q; *der_len = p - q; } } } #endif } /* Encode anything that isn't printable in the binary string as a hex escape, * and return the result as a NUL-terminated string. */ static char * ldap_encode_escapes(const unsigned char *binary, size_t length) { char *ret; unsigned int i, j; ret = malloc(length * 3 + 1); if (ret == NULL) { DBG("ldap_encode_escapes(): out of memory"); return NULL; } for (i = 0, j = 0; i < length; i++) { if (((binary[i] >= '0') && (binary[i] <= '9')) || ((binary[i] >= 'a') && (binary[i] <= 'z')) || ((binary[i] >= 'A') && (binary[i] <= 'Z'))) { ret[j++] = binary[i]; } else { ret[j++] = '\\'; ret[j++] = "0123456789abcdef"[(binary[i] >> 4) & 0x0f]; ret[j++] = "0123456789abcdef"[binary[i] & 0x0f]; } } ret[j] = '\0'; return ret; } /* Build a subfilter for matching the passed-in certificate against the * configured attribute. */ static char * ldap_build_default_cert_filter(X509 *x509) { char *buf, *cert; unsigned char *der; size_t buf_len, der_len; ldap_x509_as_binary(x509, &der, &der_len); if (der == NULL) { DBG("ldap_build_cert_filter(): failed to encode certificate"); return NULL; } cert = ldap_encode_escapes(der, der_len); free(der); if (cert == NULL) { DBG("ldap_build_cert_filter(): failed to escape certificate"); return NULL; } buf_len = 1 + strlen(attribute) + 1 + strlen(cert) + 2; buf = malloc(buf_len); if (buf == NULL) { DBG("ldap_build_cert_filter(): out of memory"); free(cert); return NULL; } snprintf(buf, buf_len, "(%s=%s)", attribute, cert); free(cert); return buf; } /* Build a subfilter for matching the passed-in certificate using the mapping * information, or against the configured attribute. */ static char * ldap_build_partial_cert_filter(const char *map, X509 *x509) { char *buf, *certs[2] = {NULL, NULL}, **values = NULL; unsigned char *der; const char *p, *q; size_t buf_len, der_len, len, n; int i; p = strchr(map, '='); if (p == NULL) { DBG1("ldap_build_cert_filter(): error parsing filter '%s'", map); return NULL; } q = p + strcspn(p, "&"); if (strncmp(p + 1, "cn", q - p - 1) == 0) { values = cert_info(x509, CERT_CN, ALGORITHM_NULL); } else if (strncmp(p + 1, "subject", q - p - 1) == 0) { values = cert_info(x509, CERT_SUBJECT, ALGORITHM_NULL); } else if (strncmp(p + 1, "kpn", q - p - 1) == 0) { values = cert_info(x509, CERT_KPN, ALGORITHM_NULL); } else if (strncmp(p + 1, "email", q - p - 1) == 0) { values = cert_info(x509, CERT_EMAIL, ALGORITHM_NULL); } else if (strncmp(p + 1, "upn", q - p - 1) == 0) { values = cert_info(x509, CERT_UPN, ALGORITHM_NULL); } else if (strncmp(p + 1, "uid", q - p - 1) == 0) { values = cert_info(x509, CERT_UID, ALGORITHM_NULL); } else if (strncmp(p + 1, "cert", q - p - 1) == 0) { ldap_x509_as_binary(x509, &der, &der_len); if (der == NULL) { DBG("ldap_build_cert_filter(): error encoding " "certificate"); return NULL; } certs[0] = ldap_encode_escapes(der, der_len); free(der); if (certs[0] == NULL) { DBG("ldap_build_cert_filter(): error escaping " "certificate"); return NULL; } values = certs; } else { DBG2("ldap_build_cert_filter(): unrecognized certificate " "attribute '%.*s'", (int)(q - p - 1), p + 1); return NULL; } if (values == NULL) { DBG2("ldap_build_cert_filter(): no values for certificate " "attribute '%.*s'", (int)(q - p - 1), p + 1); return NULL; } DBG4("ldap_build_cert_filter(): building subfilter '%.*s'='%.*s'", (int)(p - map), map, (int)(q - p - 1), p + 1); for (n = 0, buf_len = 0; values[n] != NULL; n++) { buf_len++; buf_len += (p - map); buf_len++; buf_len += strlen(values[n]); buf_len++; } buf_len += (n > 1) ? 4 : 1; buf = malloc(buf_len); if (buf == NULL) { DBG("ldap_build_cert_filter(): out of memory"); free(certs[0]); return NULL; } i = 0; if (n > 1) { strcpy(buf, "(|"); i += 2; } for (n = 0; values[n] != NULL; n++) { buf[i++] = '('; memcpy(buf + i, map, p - map); i += (p - map); buf[i++] = '='; len = strlen(values[n]); memcpy(buf + i, values[n], len); i += len; buf[i++] = ')'; } if (n > 1) { buf[i++] = ')'; } buf[i] = '\0'; free(certs[0]); return buf; } /* Build a filter for matching the passed-in certificate using the mapping * information, or against the configured attribute. */ static char * ldap_build_cert_filter(const char *map, X509 *x509) { char *buf = NULL, *tmp, *sub; const char *p; size_t length, n; if (map == NULL) { DBG("ldap_build_cert_filter(): building default filter"); return ldap_build_default_cert_filter(x509); } DBG1("ldap_build_cert_filter(): building filter '%s'", map); p = map; n = 0; while (*p != '\0') { sub = ldap_build_partial_cert_filter(p, x509); if (sub == NULL) { free(buf); return NULL; } if (buf != NULL) { length = strlen(buf) + strlen(sub) + 1; tmp = malloc(length); if (tmp == NULL) { free(buf); free(sub); return NULL; } snprintf(tmp, length, "%s%s", buf, sub); free(buf); free(sub); buf = tmp; } else { buf = sub; } n++; p += strcspn(p, "&"); p += strspn(p, "&"); } if (n > 1) { length = strlen(buf) + 4; tmp = malloc(length); if (tmp == NULL) { free(buf); return NULL; } snprintf(tmp, length, "(&%s)", buf); free(buf); buf = tmp; } return buf; } /* Build a filter suitable for locating the entry for the named user. */ static char * ldap_build_filter(const char *filter, const char *login, const char *map, X509 *x509) { char *buf, *user_filter, *escaped, *cert_filter; size_t buf_len, user_filter_len; /* If no user name is specified, this is a search across all users. */ if (login != NULL) { escaped = ldap_encode_escapes(login, strlen(login)); } else { escaped = strdup("*"); } if (escaped == NULL) { DBG1("ldap_build_filter(): error escaping user name '%s'", login); return NULL; } /* Build a user filter using the supplied filter and user name. */ user_filter_len = strlen(filter) + strlen(escaped) + 1; user_filter = malloc(user_filter_len); if (user_filter == NULL) { DBG("ldap_build_filter(): out of memory for user filter"); free(escaped); return NULL; } snprintf(user_filter, user_filter_len, filter, escaped); free(escaped); /* Build the part of the filter that's specific to the certificate. */ cert_filter = ldap_build_cert_filter(map, x509); if (cert_filter == NULL) { DBG("ldap_build_filter(): error building certificate filter"); free(user_filter); return NULL; } /* Build a filter combining the user filter and the certificate. */ buf_len = 3 + strlen(user_filter) + 2 + 2 + strlen(cert_filter) + 2; buf = malloc(buf_len); if (buf != NULL) { if (filter[0] == '(') { snprintf(buf, buf_len, "(&%s%s)", user_filter, cert_filter); } else { snprintf(buf, buf_len, "(&(%s)%s)", user_filter, cert_filter); } } else { DBG("ldap_build_filter(): out of memory"); } free(user_filter); free(cert_filter); return buf; } /** * Get certificate from LDAP-Server. */ static int ldap_get_certificate(const char *login, X509 *x509) { LDAP *ldap_connection; int entries; LDAPMessage *res; LDAPMessage *entry; struct berval **bvals = NULL, *bv; char *filter_str; char *attrs[3]; int rv = LDAP_SUCCESS; char uri[4096]; char uribuf[4096]; char *uris[LDAP_CONFIG_URI_MAX + 1]; const char *p; int current_uri = 0, start_uri = 0; const scconf_list *mapping; char *buffer; size_t buflen; uris[0] = NULL; attrs[0] = (char *)attribute; attrs[1] = (char *)uid_attribute; attrs[2] = NULL; free((char *)uid_attribute_value); uid_attribute_value = NULL; if (login != NULL) { DBG1("ldap_get_certificate(): begin login = %s", login); } else { DBG("ldap_get_certificate(): begin login unknown"); } /* parse and split URI config entry */ buffer = uribuf; buflen = sizeof (uribuf); strncpy(uri, ldapURI, sizeof (uri)-1); /* Add a space separated list of URIs */ /* TODO: no spaces in one URI allowed => URL-encoding? */ if(strncmp(ldapURI,"",1)) for (p = uri; p != NULL; ) { char *q = strchr (p, ' '); if (q != NULL) *q = '\0'; if( strlen(p) > 1 ) /* SAW: don't add spaces */ rv = ldap_add_uri (uris, p, &buffer, &buflen); p = (q != NULL) ? ++q : NULL; if (rv) break; } /* set the default port if no port is given */ if (ldapport == 0) { if (ssl_on == SSL_LDAPS) { ldapport = LDAPS_PORT; } else { ldapport = LDAP_PORT; } } /* add ldaphost to uris if set, nevermind "uri" is set in config */ if( strlen(ldaphost) > 1 ) { /* No port specified in URI and non-default port specified */ snprintf (uri, sizeof (uri), "%s%s:%d", ssl_on == SSL_LDAPS ? "ldaps://" : "ldap://", ldaphost, ldapport); ldap_add_uri (uris, uri, &buffer, &buflen); } if (uris[0] == NULL) { DBG("ldap_get_certificate(): Nor URI or usable Host entry found"); return(-1); } /* Attempt to connect to specified URI in order until do_open succeed */ start_uri = current_uri; do { if(uris[current_uri] != NULL) DBG1("ldap_get_certificate(): try do_open for %s", uris[current_uri]); rv = do_open(&ldap_connection, uris[current_uri], ldapport, ssl_on); /* hot-fix, because in some circumstances an LDAP_SERVER_DOWN is returned */ if (rv != LDAP_UNAVAILABLE && rv != LDAP_SERVER_DOWN) break; current_uri++; if (uris[current_uri] == NULL) current_uri = 0; } while (current_uri != start_uri); if( rv != LDAP_SUCCESS ) { DBG("ldap_get_certificate(): do_open failed"); return(-2); } /* TODO: (1) The problem: if an working uri is found it is used and if there is an (SSL-)error, no other one is tried (2) There is no session, so we don't know which LDAP_Server is the last with a successful connection. So we try the same server again. Perhaps create a state file/smem/etc. ? */ /* Search for matching entries. */ for (mapping = attribute_map;; mapping = mapping->next) { /* Walk the list of mappings, and if we're out of those, let * the ldap_build_filter() function just build one that uses * the certificate. */ if (mapping != NULL) { DBG1("ldap_get_certificate(): building filter_str " "from template '%s'", mapping->data); } else { DBG("ldap_get_certificate(): building default " "filter_str"); } filter_str = ldap_build_filter(filter, login, mapping ? mapping->data : NULL, x509); if (filter_str == NULL) { DBG("ldap_get_certificate(): error building filter_str"); continue; } DBG1("ldap_get_certificate(): searching with filter_str = %s", filter_str); rv = ldap_search_s(ldap_connection, base, sscope[scope], filter_str, attrs, 0, &res); free(filter_str); /* The first successful search means we're done. */ if ((rv == LDAP_SUCCESS) && (ldap_count_entries(ldap_connection, res) > 0)) { DBG("ldap_get_certificate(): found an entry"); break; } DBG("ldap_get_certificate(): no matching entries"); /* If this was the fallback (cert-only) search, we're done. */ if (mapping == NULL) { break; } } if (filter_str == NULL) { DBG("ldap_get_certificate(): unable to build any filter_str"); return(-8); } if ( rv != LDAP_SUCCESS ) { DBG1("ldap_search_s() failed: %s", ldap_err2string(rv)); ldap_unbind_s(ldap_connection); return(-3); } else { entries = ldap_count_entries(ldap_connection, res); DBG1("ldap_get_certificate(): entries = %d", entries); if( entries > 1 ) { DBG("! Warning, more than one entry found. Please choose \"filter\" and"); DBG("! \"attribute\" in ldap mapper config section of your config,"); DBG("! that only one entry with one attribute is matched"); DBG("! Maybe there is another problem in ldap with not unique user"); DBG("! entries in your LDAP server."); } /* Only first entry is used. "filter" and "attribute" * should be choosen, so that only one entry with * one attribute is returned */ if ( NULL == (entry = ldap_first_entry(ldap_connection, res))){ DBG("ldap_first_entry() failed"); ldap_unbind_s(ldap_connection); return(-4); } /* Count the number of certificates in the entry. */ DBG1("attribute name = %s", attribute); bvals = ldap_get_values_len(ldap_connection, entry, attribute); certcnt = ldap_count_values_len(bvals); DBG1("number of user certificates = %d", certcnt); ldap_value_free_len(bvals); if (uid_attribute != NULL) { /* Try to retrieve the user's login name from the * specified attribute in the entry. */ bvals = ldap_get_values_len(ldap_connection, entry, uid_attribute); DBG2("number of user names ('%s' values) = %d", uid_attribute, ldap_count_values_len(bvals)); if (ldap_count_values_len(bvals) == 1) { bv = bvals[0]; uid_attribute_value = malloc(bv->bv_len + 1); if (uid_attribute_value != NULL) { memcpy(uid_attribute_value, bv->bv_val, bv->bv_len); uid_attribute_value[bv->bv_len] = '\0'; } } ldap_value_free_len(bvals); } rv = 0; ldap_msgfree(res); } if ( 0 != ldap_unbind_s(ldap_connection)) { DBG("ldap_unbind_s() failed."); ldap_perror(ldap_connection, "ldap_unbind_s() failed."); return(-1); }; DBG("ldap_get_certificate(): end"); return 1; } static int read_config(scconf_block *blk) { int debug = scconf_get_bool(blk,"debug",0); const char *ssltls; const scconf_list *map; ldaphost = scconf_get_str(blk,"ldaphost",ldaphost); ldapport = scconf_get_int(blk,"ldapport",ldapport); ldapURI = scconf_get_str(blk,"uri",ldapURI); scope = scconf_get_int(blk,"scope",scope); binddn = scconf_get_str(blk,"binddn",binddn); passwd = scconf_get_str(blk,"passwd",passwd); base = scconf_get_str(blk,"base",base); attribute = scconf_get_str(blk,"attribute",attribute); uid_attribute = scconf_get_str(blk,"uid_attribute",uid_attribute); attribute_map = scconf_find_list(blk,"attribute_map"); filter = scconf_get_str(blk,"filter",filter); ignorecase = scconf_get_bool(blk,"ignorecase",ignorecase); searchtimeout = scconf_get_int(blk,"searchtimeout",searchtimeout); ssltls = scconf_get_str(blk,"ssl","off"); if (! strncasecmp (ssltls, "tls", 3)) ssl_on = SSL_START_TLS; else if( ! strncasecmp (ssltls, "on", 2)) ssl_on = SSL_LDAPS; else if( ! strncasecmp (ssltls, "ssl", 3)) ssl_on = SSL_LDAPS; #if defined HAVE_LDAP_START_TLS_S || (defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)) /* TLS specific options */ tls_randfile = scconf_get_str(blk,"tls_randfile",tls_randfile); tls_cacertfile = scconf_get_str(blk,"tls_cacertfile",tls_cacertfile); tls_cacertdir = scconf_get_str(blk,"tls_cacertdir",tls_cacertdir); tls_checkpeer=scconf_get_int(blk,"tls_checkpeer",tls_checkpeer); tls_ciphers = scconf_get_str(blk,"tls_ciphers",tls_ciphers); tls_cert = scconf_get_str(blk,"tls_cert",tls_cert); tls_key = scconf_get_str(blk,"tls_key",tls_key); #endif set_debug_level(debug); DBG1("test ssltls = %s", ssltls); DBG("LDAP mapper started."); DBG1("debug = %d", debug); DBG1("ignorecase = %d", ignorecase); DBG1("ldaphost = %s", ldaphost); DBG1("ldapport = %d", ldapport); DBG1("ldapURI = %s", ldapURI); DBG1("scope = %d", scope); DBG1("binddn = %s", binddn); DBG1("passwd = %s", passwd); DBG1("base = %s", base); DBG1("attribute = %s", attribute); DBG1("uid_attribute = %s", uid_attribute); for (map = attribute_map; map != NULL; map = map->next) { DBG1("attribute_map = %s", attribute_map->data); } DBG1("filter = %s", filter); DBG1("searchtimeout = %d", searchtimeout); DBG1("ssl_on = %d", ssl_on); #if defined HAVE_LDAP_START_TLS_S || (defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)) DBG1("tls_randfile = %s", tls_randfile); DBG1("tls_cacertfile= %s", tls_cacertfile); DBG1("tls_cacertdir = %s", tls_cacertdir); DBG1("tls_checkpeer = %d", tls_checkpeer); DBG1("tls_ciphers = %s", tls_ciphers); DBG1("tls_cert = %s", tls_cert); DBG1("tls_key = %s", tls_key); #endif return 1; } _DEFAULT_MAPPER_END static char ** ldap_mapper_find_entries(X509 *x509, void *context) { char **entries= cert_info(x509,CERT_PEM,ALGORITHM_NULL); if (!entries) { DBG("get_certificate() failed"); return NULL; } return entries; } static int ldap_mapper_match_user(X509 *x509, const char *login, void *context) { int match_found = 0; if ( 1 != ldap_get_certificate(login, x509)){ DBG("ldap_get_certificate() failed"); match_found = 0; } else { /* TODO: maybe compare public keys instead of hashes */ if (login != NULL) { DBG1("Found matching entry for user: '%s'", login); } else { DBG("Found matching entry for user"); } match_found = 1; certcnt=0; } return match_found; } static char * ldap_mapper_find_user(X509 *x509, void *context, int *match) { struct passwd *pw = NULL; char *found=NULL; if (uid_attribute != NULL) { if ((1 == ldap_mapper_match_user(x509, NULL, context)) && (uid_attribute_value != NULL)) { found = clone_str(uid_attribute_value); *match = 1; } return found; } setpwent(); while( (pw=getpwent()) !=NULL) { int res; DBG1("Trying to match certificate with user: '%s'",pw->pw_name); res= ldap_mapper_match_user(x509,pw->pw_name,context); if (res) { DBG1("Certificate maps to user '%s'",pw->pw_name); found= clone_str(pw->pw_name); *match = 1; break; } else { DBG1("Certificate map to user '%s' failed",pw->pw_name); } } endpwent(); #ifdef false int res; res= ldap_mapper_match_user(x509,"wefel",context); if (res) { DBG("Certificate maps to user wefel"); found= clone_str("wefel"); } else { DBG("Certificate map to user wefel failed"); } #endif return found; } static mapper_module * init_mapper_st(scconf_block *blk, const char *name) { mapper_module *pt= malloc(sizeof(mapper_module)); if (!pt) return NULL; pt->name = name; pt->block = blk; pt->context = NULL; pt->entries = ldap_mapper_find_entries; pt->finder = ldap_mapper_find_user; pt->matcher = ldap_mapper_match_user; pt->deinit = mapper_module_end; return pt; } #ifndef LDAP_MAPPER_STATIC mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) { #else mapper_module * ldap_mapper_module_init(scconf_block *blk,const char *mapper_name) { #endif mapper_module *pt; pt = init_mapper_st(blk,mapper_name); if (blk) { read_config(blk); } else { set_debug_level(1); DBG1("No configuration entry for mapper '%s'. Assume defaults", mapper_name); } return pt; } pam_pkcs11-0.6.9/src/mappers/Makefile.am0000644000175000017500000000712612074274512020267 0ustar rousseaurousseau# Process this file with automake to create Makefile.in MAINTAINERCLEANFILES = Makefile.in libdir = @libdir@/pam_pkcs11 # Add openssl specific flags AM_CFLAGS = $(CRYPTO_CFLAGS) AM_CPPFLAGS = $(CRYPTO_CFLAGS) # Statically linked mappers list # Uncomment to get the referred mapper statically linked # DON'T FORGET to update libmappers_la_SOURCES and lib_LTLIBRARIES entries below # nor the corresponding "module = ..." in etc/pam_pkcs11.conf.example # AM_CFLAGS += -DSUBJECT_MAPPER_STATIC #AM_CFLAGS += -DLDAP_MAPPER_STATIC #AM_CFLAGS += -DOPENSC_MAPPER_STATIC AM_CFLAGS += -DMAIL_MAPPER_STATIC AM_CFLAGS += -DMS_MAPPER_STATIC AM_CFLAGS += -DKRB_MAPPER_STATIC AM_CFLAGS += -DDIGEST_MAPPER_STATIC AM_CFLAGS += -DCN_MAPPER_STATIC AM_CFLAGS += -DUID_MAPPER_STATIC AM_CFLAGS += -DPWENT_MAPPER_STATIC AM_CFLAGS += -DGENERIC_MAPPER_STATIC #AM_CFLAGS += -DOPENSSH_MAPPER_STATIC AM_CFLAGS += -DNULL_MAPPER_STATIC # list of statically linked mappers noinst_LTLIBRARIES = libmappers.la libmappers_la_SOURCES = mapper.c mapper.h \ subject_mapper.c subject_mapper.h \ mail_mapper.c mail_mapper.h \ ms_mapper.c ms_mapper.h \ krb_mapper.c krb_mapper.h \ digest_mapper.c digest_mapper.h \ cn_mapper.c cn_mapper.h \ uid_mapper.c uid_mapper.h \ pwent_mapper.c pwent_mapper.h \ generic_mapper.c generic_mapper.h \ null_mapper.c null_mapper.h \ mapperlist.c mapperlist.h libmappers_la_LDFLAGS = ../scconf/libscconf.la ../common/libcommon.la -shared # list of dynamic linked mappers if HAVE_LDAP lib_LTLIBRARIES = ldap_mapper.la opensc_mapper.la openssh_mapper.la else lib_LTLIBRARIES = opensc_mapper.la openssh_mapper.la endif openssh_mapper_la_SOURCES = openssh_mapper.c openssh_mapper.h openssh_mapper_la_LDFLAGS = -module -avoid-version -shared openssh_mapper_la_LIBADD = libmappers.la # generic_mapper_la_SOURCES = generic_mapper.c generic_mapper.h # generic_mapper_la_LDFLAGS = -module -avoid-version -shared # generic_mapper_la_LIBADD = libmappers.la # subject_mapper_la_SOURCES = subject_mapper.c subject_mapper.h # subject_mapper_la_LDFLAGS = -module -avoid-version -shared # subject_mapper_la_LIBADD = libmappers.la if HAVE_LDAP ldap_mapper_la_SOURCES = ldap_mapper.c ldap_mapper.h ldap_mapper_la_LDFLAGS = -module -avoid-version -shared ldap_mapper_la_LIBADD = libmappers.la endif opensc_mapper_la_SOURCES = opensc_mapper.c opensc_mapper.h opensc_mapper_la_LDFLAGS = -module -avoid-version -shared opensc_mapper_la_LIBADD = libmappers.la # mail_mapper_la_SOURCES = mail_mapper.c mail_mapper.h # mail_mapper_la_LDFLAGS = -module -avoid-version -shared # mail_mapper_la_LIBADD = libmappers.la # ms_mapper_la_SOURCES = ms_mapper.c ms_mapper.h # ms_mapper_la_LDFLAGS = -module -avoid-version -shared # ms_mapper_la_LIBADD = libmappers.la # krb_mapper_la_SOURCES = krb_mapper.c krb_mapper.h # krb_mapper_la_LDFLAGS = -module -avoid-version -shared # krb_mapper_la_LIBADD = libmappers.la # cn_mapper_la_SOURCES = cn_mapper.c cn_mapper.h # cn_mapper_la_LDFLAGS = -module -avoid-version -shared # cn_mapper_la_LIBADD = libmappers.la # uid_mapper_la_SOURCES = uid_mapper.c uid_mapper.h # uid_mapper_la_LDFLAGS = -module -avoid-version -shared # uid_mapper_la_LIBADD = libmappers.la # pwent_mapper_la_SOURCES = pwent_mapper.c pwent_mapper.h # pwent_mapper_la_LDFLAGS = -module -avoid-version -shared # pwent_mapper_la_LIBADD = libmappers.la # digest_mapper_la_SOURCES = digest_mapper.c digest_mapper.h # digest_mapper_la_LDFLAGS = -module -avoid-version -shared # digest_mapper_la_LIBADD = libmappers.la # null_mapper_la_SOURCES = null_mapper.c null_mapper.h # null_mapper_la_LDFLAGS = -module -avoid-version -shared # null_mapper_la_LIBADD = libmappers.la pam_pkcs11-0.6.9/src/mappers/generic_mapper.h0000644000175000017500000000261312074274512021360 0ustar rousseaurousseau/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #ifndef __GENERIC_MAPPER_H_ #define __GENERIC_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef GENERIC_MAPPER_STATIC #ifndef __GENERIC_MAPPER_C_ #define GENERIC_EXTERN extern #else #define GENERIC_EXTERN #endif GENERIC_EXTERN mapper_module * generic_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef GENERIC_EXTERN /* end of static (if any) declarations */ #endif /* End of generic_mapper.h */ #endif pam_pkcs11-0.6.9/src/mappers/ldap_mapper.h0000644000175000017500000000255512074274512020671 0ustar rousseaurousseau/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #ifndef __LDAP_MAPPER_H_ #define __LDAP_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef LDAP_MAPPER_STATIC #ifndef __LDAP_MAPPER_C_ #define LDAP_EXTERN extern #else #define LDAP_EXTERN #endif LDAP_EXTERN mapper_module * ldap_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef LDAP_EXTERN /* end of static (if any) declarations */ #endif /* End of ldap_mapper.h */ #endif pam_pkcs11-0.6.9/src/mappers/mail_mapper.h0000644000175000017500000000255512074274512020673 0ustar rousseaurousseau/* * PAM-PKCS11 mapping modules * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #ifndef __MAIL_MAPPER_H_ #define __MAIL_MAPPER_H_ #ifdef HAVE_CONFIG_H #include #endif #include "../scconf/scconf.h" #include "mapper.h" #ifdef MAIL_MAPPER_STATIC #ifndef __MAIL_MAPPER_C_ #define MAIL_EXTERN extern #else #define MAIL_EXTERN #endif MAIL_EXTERN mapper_module * mail_mapper_module_init(scconf_block *blk,const char *mapper_name); #undef MAIL_EXTERN /* end of static (if any) declarations */ #endif /* End of mail_mapper.h */ #endif pam_pkcs11-0.6.9/src/common/0000755000175000017500000000000012772727122016053 5ustar rousseaurousseaupam_pkcs11-0.6.9/src/common/cert_vfy.c0000644000175000017500000003616112772700002020033 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ #include "debug.h" #include "cert_vfy.h" #ifdef HAVE_NSS #include #include "cert.h" #include "secutil.h" int verify_certificate(X509 * x509, cert_policy *policy) { SECStatus rv; CERTCertDBHandle *handle; handle = CERT_GetDefaultCertDB(); /* NSS already check all the revocation info with OCSP and crls */ DBG2("Verifying Cert: %s (%s)", x509->nickname, x509->subjectName); rv = CERT_VerifyCertNow(handle, x509, PR_TRUE, certUsageSSLClient, NULL); if (rv != SECSuccess) { DBG1("Couldn't verify Cert: %s", SECU_Strerror(PR_GetError())); } return rv == SECSuccess ? 1 : 0; } int verify_signature(X509 * x509, unsigned char *data, int data_length, unsigned char *signature, int signature_length) { SECKEYPublicKey *key; SECOidTag algid; SECStatus rv; SECItem sig; /* grab the key */ key = CERT_ExtractPublicKey(x509); if (key == NULL) { DBG1("Couldn't extract key from certificate: %s", SECU_Strerror(PR_GetError())); return -1; } /* shouldn't the algorithm be passed in? */ algid = SEC_GetSignatureAlgorithmOidTag(key->keyType, SEC_OID_SHA1); sig.data = signature; sig.len = signature_length; rv = VFY_VerifyData(data, data_length, key, &sig, algid, NULL); if (rv != SECSuccess) { DBG1("Couldn't verify Signature: %s", SECU_Strerror(PR_GetError())); } SECKEY_DestroyPublicKey(key); return (rv == SECSuccess)? 0 : 1; } #else #define __CERT_VFY_C_ #include #include "../common/pam-pkcs11-ossl-compat.h" #include #include #include #include #include #include "error.h" #include "base64.h" #include "uri.h" static X509_CRL *download_crl(const char *uri) { int rv; unsigned int i, j; unsigned char *data, *der; const unsigned char *p; size_t data_len, der_len; X509_CRL *crl; rv = get_from_uri(uri, &data, &data_len); if (rv != 0) { set_error("get_from_uri() failed: %s", get_error()); return NULL; } /* convert base64 to der if needed */ for (i = 0; i <= data_len - 24; i++) { if (!strncmp((const char *)&data[i], "-----BEGIN X509 CRL-----", 24)) break; } for (j = 0; j <= data_len - 22; j++) { if (!strncmp((const char *)&data[j], "-----END X509 CRL-----", 22)) break; } if (i <= data_len - 24 && j <= data_len - 22 && i < j) { /* base64 format */ DBG("crl is base64 encoded"); der_len = (j - i + 1); /* roughly */ der = malloc(der_len); if (der == NULL) { free(data); set_error("not enough free memory available"); return NULL; } data[j] = 0; der_len = base64_decode((const char *)&data[i + 24], der, der_len); free(data); if (der_len <= 0) { set_error("invalid base64 (pem) format"); return NULL; } p = der; crl = d2i_X509_CRL(NULL, &p, der_len); free(der); } else { /* der format */ DBG("crl is der encoded"); p = data; crl = d2i_X509_CRL(NULL, &p, data_len); free(data); } if (crl == NULL) set_error("d2i_X509_CRL() failed"); return crl; } static int verify_crl(X509_CRL * crl, X509_STORE_CTX * ctx) { int rv; X509_OBJECT *obj = NULL; EVP_PKEY *pkey = NULL; X509 *issuer_cert; /* get issuer certificate */ rv = X509_STORE_get_by_subject(ctx, X509_LU_X509, X509_CRL_get_issuer(crl), obj); if (rv <= 0) { set_error("getting the certificate of the crl-issuer failed"); return -1; } /* extract public key and verify signature */ issuer_cert = X509_OBJECT_get0_X509(obj); pkey = X509_get_pubkey(issuer_cert); if (obj) X509_OBJECT_free(obj); if (pkey == NULL) { set_error("getting the issuer's public key failed"); return -1; } rv = X509_CRL_verify(crl, pkey); EVP_PKEY_free(pkey); if (rv < 0) { set_error("X509_CRL_verify() failed: %s", ERR_error_string(ERR_get_error(), NULL)); return -1; } else if (rv == 0) { DBG("crl is invalid"); return 0; } /* compare update times */ rv = X509_cmp_current_time(X509_CRL_get_lastUpdate(crl)); if (rv == 0) { set_error("crl has an invalid last update field"); return -1; } if (rv > 0) { DBG("crl is not yet valid"); return 0; } rv = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl)); if (rv == 0) { set_error("crl has an invalid next update field"); return -1; } if (rv < 0) { DBG("crl has expired"); return 0; } return 1; } /* the structure DIST_POINT_NAME_st has been changed from 0.9.6 to 0.9.7 */ #if OPENSSL_VERSION_NUMBER >= 0x00907000L #define GET_FULLNAME(a) a->name.fullname #else #define GET_FULLNAME(a) a->fullname #endif static int check_for_revocation(X509 * x509, X509_STORE_CTX * ctx, crl_policy_t policy) { int rv, i, j; X509_OBJECT *obj = NULL; X509_REVOKED *rev = NULL; STACK_OF(DIST_POINT) * dist_points; DIST_POINT *point; GENERAL_NAME *name; X509_CRL *crl; X509 *x509_ca = NULL; DBG1("crl policy: %d", policy); if (policy == CRLP_NONE) { /* NONE */ DBG("no revocation-check performed"); return 1; } else if (policy == CRLP_AUTO) { /* AUTO -> first try it ONLINE then OFFLINE */ rv = check_for_revocation(x509, ctx, CRLP_ONLINE); if (rv < 0) { DBG1("check_for_revocation() failed: %s", get_error()); rv = check_for_revocation(x509, ctx, CRLP_OFFLINE); } return rv; } else if (policy == CRLP_OFFLINE) { /* OFFLINE */ DBG("looking for an dedicated local crl"); rv = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x509), obj); if (rv <= 0) { set_error("no dedicated crl available"); return -1; } crl = X509_OBJECT_get0_X509_CRL(obj); if (obj) X509_OBJECT_free(obj); } else if (policy == CRLP_ONLINE) { /* ONLINE */ DBG("extracting crl distribution points"); dist_points = X509_get_ext_d2i(x509, NID_crl_distribution_points, NULL, NULL); if (dist_points == NULL) { /* if there is not crl distribution point in the certificate hava a look at the ca certificate */ rv = X509_STORE_get_by_subject(ctx, X509_LU_X509, X509_get_issuer_name(x509), obj); if (rv <= 0) { set_error("no dedicated ca certificate available"); return -1; } x509_ca = X509_OBJECT_get0_X509(obj); dist_points = X509_get_ext_d2i(x509_ca, NID_crl_distribution_points, NULL, NULL); X509_OBJECT_free(obj); if (dist_points == NULL) { set_error("neither the user nor the ca certificate does contain a crl distribution point"); return -1; } } crl = NULL; for (i = 0; i < sk_DIST_POINT_num(dist_points) && crl == NULL; i++) { point = sk_DIST_POINT_value(dist_points, i); /* until now, only fullName is supported */ if (point->distpoint != NULL && GET_FULLNAME(point->distpoint) != NULL) { for (j = 0; j < sk_GENERAL_NAME_num(GET_FULLNAME(point->distpoint)); j++) { name = sk_GENERAL_NAME_value(GET_FULLNAME(point->distpoint), j); if (name != NULL && name->type == GEN_URI) { DBG1("downloading crl from %s", name->d.ia5->data); crl = download_crl((const char *)name->d.ia5->data); /*crl = download_crl("file:///home/mario/projects/pkcs11_login/tests/ca_crl_0.pem"); */ /*crl = download_crl("http://www-t.zhwin.ch/ca/root_ca.crl"); */ /*crl = download_crl("http://www.zhwin.ch/~sri/"); */ /*crl = download_crl("ldap://directory.verisign.com:389/CN=VeriSign IECA, OU=IECA-3, OU=Contractor, OU=PKI, OU=DOD, O=U.S. Government, C=US?certificateRevocationList;binary"); */ if (crl != NULL) break; else DBG1("download_crl() failed: %s", get_error()); } } } } sk_DIST_POINT_pop_free(dist_points, DIST_POINT_free); if (crl == NULL) { set_error("downloading the crl failed for all distribution points"); return -1; } } else { set_error("policy %d is not supported", policy); return -1; } /* verify the crl and check whether the certificate is revoked or not */ DBG("verifying crl"); rv = verify_crl(crl, ctx); if (rv < 0) { X509_CRL_free(crl); set_error("verify_crl() failed: %s", get_error()); return -1; } else if (rv == 0) { return 0; } rv = X509_CRL_get0_by_cert(crl, &rev, x509); X509_CRL_free(crl); X509_REVOKED_free(rev); return (rv == -1); } static int add_hash( X509_LOOKUP *lookup, const char *dir) { int rv=0; rv = X509_LOOKUP_add_dir(lookup,dir, X509_FILETYPE_PEM); if (rv != 1) { /* load all hash links in PEM format */ set_error("X509_LOOKUP_add_dir(PEM) failed: %s", ERR_error_string(ERR_get_error(), NULL)); return -1; } rv = X509_LOOKUP_add_dir(lookup, dir, X509_FILETYPE_ASN1); if (rv != 1) { /* load all hash links in ASN1 format */ set_error("X509_LOOKUP_add_dir(ASN1) failed: %s", ERR_error_string(ERR_get_error(), NULL)); return -1; } return 1; } static int add_file( X509_LOOKUP *lookup, const char *file) { int rv=0; rv = X509_LOOKUP_load_file(lookup,file, X509_FILETYPE_PEM); if (rv == 1) return 1; DBG("File format is not PEM: trying ASN1"); rv = X509_LOOKUP_load_file(lookup,file, X509_FILETYPE_ASN1); if(rv!=1) { set_error("X509_LOOKUP_load_file(ASN1) failed: %s", ERR_error_string(ERR_get_error(), NULL)); return -1; /* neither PEM nor ASN1 format: return error */ } return 1; } static X509_STORE * setup_store(cert_policy *policy) { int rv; X509_STORE *store = NULL; X509_LOOKUP *lookup = NULL; /* setup the x509 store to verify the certificate */ store = X509_STORE_new(); if (store == NULL) { set_error("X509_STORE_new() failed: %s", ERR_error_string(ERR_get_error(), NULL)); return NULL; } /* if needed add hash_dir lookup methods */ if ( (is_dir(policy->ca_dir)>0) || (is_dir(policy->crl_dir)>0) ) { DBG("Adding hashdir lookup to x509_store"); lookup = X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir()); if (!lookup) { X509_STORE_free(store); set_error("X509_STORE_add_lookup(hash_dir) failed: %s", ERR_error_string(ERR_get_error(), NULL)); return NULL; } } /* add needed hash dir pathname entries */ if ( (policy->ca_policy) && (is_dir(policy->ca_dir)>0) ) { const char *pt=policy->ca_dir; if ( strstr(pt,"file:///")) pt+=8; /* strip url if needed */ DBG1("Adding hash dir '%s' to CACERT checks",policy->ca_dir); rv = add_hash( lookup, pt); if (rv<0) goto add_store_error; } if ( (policy->crl_policy!=CRLP_NONE) && (is_dir(policy->crl_dir)>0 ) ) { const char *pt=policy->crl_dir; if ( strstr(pt,"file:///")) pt+=8; /* strip url if needed */ DBG1("Adding hash dir '%s' to CRL checks",policy->crl_dir); rv = add_hash( lookup, pt); if (rv<0) goto add_store_error; } /* if needed add file lookup methods */ if ( (is_file(policy->ca_dir)>0) || (is_file(policy->crl_dir)>0) ) { DBG("Adding file lookup to x509_store"); lookup = X509_STORE_add_lookup(store,X509_LOOKUP_file()); if (!lookup) { X509_STORE_free(store); set_error("X509_STORE_add_lookup(file) failed: %s", ERR_error_string(ERR_get_error(), NULL)); return NULL; } } /* and add file entries to lookup */ if ( (policy->ca_policy) && (is_file(policy->ca_dir)>0) ) { const char *pt=policy->ca_dir; if ( strstr(pt,"file:///")) pt+=8; /* strip url if needed */ DBG1("Adding file '%s' to CACERT checks",policy->ca_dir); rv = add_file(lookup, pt); if (rv<0) goto add_store_error; } if ( (policy->crl_policy!=CRLP_NONE) && (is_file(policy->crl_dir)>0 ) ) { const char *pt=policy->crl_dir; if ( strstr(pt,"file:///")) pt+=8; /* strip url if needed */ DBG1("Adding file '%s' to CRL checks",policy->crl_dir); rv = add_file(lookup, pt); if (rv<0) goto add_store_error; } return store; add_store_error: DBG1("setup_store() error: '%s'",get_error()); X509_LOOKUP_free(lookup); X509_STORE_free(store); return NULL; } /* * @return -1 on error, 0 on verify failed, 1 on verify sucess */ int verify_certificate(X509 * x509, cert_policy *policy) { int rv; X509_STORE *store; X509_STORE_CTX *ctx; /* if neither ca nor crl check are requested skip */ if ( (policy->ca_policy==0) && (policy->crl_policy==CRLP_NONE) ) { DBG("Neither CA nor CRL check requested. CertVrfy() skipped"); return 1; } /* setup the x509 store to verify the certificate */ store = setup_store(policy); if (store == NULL) { set_error("setup_store() failed: %s", ERR_error_string(ERR_get_error(), NULL)); return -1; } ctx = X509_STORE_CTX_new(); if (ctx == NULL) { X509_STORE_free(store); set_error("X509_STORE_CTX_new() failed: %s", ERR_error_string(ERR_get_error(), NULL)); return -1; } X509_STORE_CTX_init(ctx, store, x509, NULL); #if 0 X509_STORE_CTX_set_purpose(ctx, purpose); #endif if (policy->ca_policy) { rv = X509_verify_cert(ctx); if (rv != 1) { X509_STORE_CTX_free(ctx); X509_STORE_free(store); set_error("certificate is invalid: %s", X509_verify_cert_error_string(X509_STORE_CTX_get_error(ctx))); switch (X509_STORE_CTX_get_error(ctx)) { case X509_V_ERR_CERT_HAS_EXPIRED: rv = -2; break; case X509_V_ERR_CERT_NOT_YET_VALID: rv = -3; break; case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: rv = -4; break; default: rv = 0; break; } return rv; } else { DBG("certificate is valid"); } } /* verify whether the certificate was revoked or not */ rv = check_for_revocation(x509, ctx, policy->crl_policy); X509_STORE_CTX_free(ctx); X509_STORE_free(store); if (rv < 0) { set_error("check_for_revocation() failed: %s", get_error()); return -1; } else if (rv == 0) { DBG("certificate has been revoked"); } else { DBG("certificate has not been revoked"); } return rv; } int verify_signature(X509 * x509, unsigned char *data, int data_length, unsigned char *signature, int signature_length) { int rv; EVP_PKEY *pubkey; EVP_MD_CTX *md_ctx = NULL; /* get the public-key */ pubkey = X509_get_pubkey(x509); if (pubkey == NULL) { set_error("X509_get_pubkey() failed: %s", ERR_error_string(ERR_get_error(), NULL)); return -1; } md_ctx = EVP_MD_CTX_new(); /* verify the signature */ EVP_VerifyInit(md_ctx, EVP_sha1()); EVP_VerifyUpdate(md_ctx, data, data_length); rv = EVP_VerifyFinal(md_ctx, signature, signature_length, pubkey); EVP_PKEY_free(pubkey); EVP_MD_CTX_free(md_ctx); if (rv != 1) { set_error("EVP_VerifyFinal() failed: %s", ERR_error_string(ERR_get_error(), NULL)); return -1; } DBG("signature is valid"); return 0; } #endif pam_pkcs11-0.6.9/src/common/Makefile.in0000644000175000017500000010711212772703033020115 0ustar rousseaurousseau# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Process this file with automake to create Makefile.in VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ noinst_PROGRAMS = subdir = src/common ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/aclocal/ax_pthread.m4 \ $(top_srcdir)/aclocal/gettext.m4 \ $(top_srcdir)/aclocal/iconv.m4 \ $(top_srcdir)/aclocal/intlmacosx.m4 \ $(top_srcdir)/aclocal/lib-ld.m4 \ $(top_srcdir)/aclocal/lib-link.m4 \ $(top_srcdir)/aclocal/lib-prefix.m4 \ $(top_srcdir)/aclocal/libtool.m4 \ $(top_srcdir)/aclocal/ltoptions.m4 \ $(top_srcdir)/aclocal/ltsugar.m4 \ $(top_srcdir)/aclocal/ltversion.m4 \ $(top_srcdir)/aclocal/lt~obsolete.m4 \ $(top_srcdir)/aclocal/nls.m4 $(top_srcdir)/aclocal/po.m4 \ $(top_srcdir)/aclocal/progtest.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(noinst_HEADERS) \ $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = LTLIBRARIES = $(noinst_LTLIBRARIES) am__DEPENDENCIES_1 = libcommon_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am_libcommon_la_OBJECTS = libcommon_la-algorithm.lo \ libcommon_la-cert_vfy.lo libcommon_la-cert_info.lo \ libcommon_la-debug.lo libcommon_la-error.lo \ libcommon_la-uri.lo libcommon_la-strings.lo \ libcommon_la-pkcs11_lib.lo libcommon_la-strndup.lo \ libcommon_la-base64.lo libcommon_la_OBJECTS = $(am_libcommon_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = libcommon_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libcommon_la_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ PROGRAMS = $(noinst_PROGRAMS) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) am__v_CC_0 = @echo " CC " $@; am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = SOURCES = $(libcommon_la_SOURCES) DIST_SOURCES = $(libcommon_la_SOURCES) RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ install-exec-recursive install-html-recursive \ install-info-recursive install-pdf-recursive \ install-ps-recursive install-recursive installcheck-recursive \ installdirs-recursive pdf-recursive ps-recursive \ tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac HEADERS = $(noinst_HEADERS) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ $(RECURSIVE_TARGETS) \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ distdir am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ CRYPTO_LIBS = @CRYPTO_LIBS@ CURL_CFLAGS = @CURL_CFLAGS@ CURL_LIBS = @CURL_LIBS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDAP_CFLAGS = @LDAP_CFLAGS@ LDAP_LIBS = @LDAP_LIBS@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NM = @NM@ NMEDIT = @NMEDIT@ NSS_CFLAGS = @NSS_CFLAGS@ NSS_LIBS = @NSS_LIBS@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ POSUB = @POSUB@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ MAINTAINERCLEANFILES = Makefile.in AM_CFLAGS = $(CRYPTO_CFLAGS) AM_CPPFLAGS = $(CRYPTO_CFLAGS) SUBDIRS = . rsaref noinst_HEADERS = debug.h error.h uri.h strings.h \ cert_vfy.h cert_info.h base64.h pkcs11_lib.h \ cert_st.h alg_st.h SSLerrs.h SECerrs.h NSPRerrs.h \ secutil.h noinst_LTLIBRARIES = libcommon.la libcommon_la_SOURCES = algorithm.c cert_vfy.c cert_vfy.h \ cert_info.c cert_info.h \ debug.c debug.h error.c error.h \ uri.c uri.h strings.c strings.h \ pkcs11_lib.c \ strndup.c strndup.h \ pam-pkcs11-ossl-compat.h \ base64.c base64.h libcommon_la_LIBADD = $(CRYPTO_LIBS) $(PTHREAD_LIBS) $(LIBDL) libcommon_la_CFLAGS = $(PTHREAD_CFLAGS) all: all-recursive .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/common/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/common/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-noinstLTLIBRARIES: -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) @list='$(noinst_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } libcommon.la: $(libcommon_la_OBJECTS) $(libcommon_la_DEPENDENCIES) $(EXTRA_libcommon_la_DEPENDENCIES) $(AM_V_CCLD)$(libcommon_la_LINK) $(libcommon_la_OBJECTS) $(libcommon_la_LIBADD) $(LIBS) clean-noinstPROGRAMS: @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_la-algorithm.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_la-base64.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_la-cert_info.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_la-cert_vfy.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_la-debug.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_la-error.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_la-pkcs11_lib.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_la-strings.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_la-strndup.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_la-uri.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< .c.obj: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< libcommon_la-algorithm.lo: algorithm.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -MT libcommon_la-algorithm.lo -MD -MP -MF $(DEPDIR)/libcommon_la-algorithm.Tpo -c -o libcommon_la-algorithm.lo `test -f 'algorithm.c' || echo '$(srcdir)/'`algorithm.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_la-algorithm.Tpo $(DEPDIR)/libcommon_la-algorithm.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='algorithm.c' object='libcommon_la-algorithm.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -c -o libcommon_la-algorithm.lo `test -f 'algorithm.c' || echo '$(srcdir)/'`algorithm.c libcommon_la-cert_vfy.lo: cert_vfy.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -MT libcommon_la-cert_vfy.lo -MD -MP -MF $(DEPDIR)/libcommon_la-cert_vfy.Tpo -c -o libcommon_la-cert_vfy.lo `test -f 'cert_vfy.c' || echo '$(srcdir)/'`cert_vfy.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_la-cert_vfy.Tpo $(DEPDIR)/libcommon_la-cert_vfy.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cert_vfy.c' object='libcommon_la-cert_vfy.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -c -o libcommon_la-cert_vfy.lo `test -f 'cert_vfy.c' || echo '$(srcdir)/'`cert_vfy.c libcommon_la-cert_info.lo: cert_info.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -MT libcommon_la-cert_info.lo -MD -MP -MF $(DEPDIR)/libcommon_la-cert_info.Tpo -c -o libcommon_la-cert_info.lo `test -f 'cert_info.c' || echo '$(srcdir)/'`cert_info.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_la-cert_info.Tpo $(DEPDIR)/libcommon_la-cert_info.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cert_info.c' object='libcommon_la-cert_info.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -c -o libcommon_la-cert_info.lo `test -f 'cert_info.c' || echo '$(srcdir)/'`cert_info.c libcommon_la-debug.lo: debug.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -MT libcommon_la-debug.lo -MD -MP -MF $(DEPDIR)/libcommon_la-debug.Tpo -c -o libcommon_la-debug.lo `test -f 'debug.c' || echo '$(srcdir)/'`debug.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_la-debug.Tpo $(DEPDIR)/libcommon_la-debug.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='debug.c' object='libcommon_la-debug.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -c -o libcommon_la-debug.lo `test -f 'debug.c' || echo '$(srcdir)/'`debug.c libcommon_la-error.lo: error.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -MT libcommon_la-error.lo -MD -MP -MF $(DEPDIR)/libcommon_la-error.Tpo -c -o libcommon_la-error.lo `test -f 'error.c' || echo '$(srcdir)/'`error.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_la-error.Tpo $(DEPDIR)/libcommon_la-error.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='error.c' object='libcommon_la-error.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -c -o libcommon_la-error.lo `test -f 'error.c' || echo '$(srcdir)/'`error.c libcommon_la-uri.lo: uri.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -MT libcommon_la-uri.lo -MD -MP -MF $(DEPDIR)/libcommon_la-uri.Tpo -c -o libcommon_la-uri.lo `test -f 'uri.c' || echo '$(srcdir)/'`uri.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_la-uri.Tpo $(DEPDIR)/libcommon_la-uri.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='uri.c' object='libcommon_la-uri.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -c -o libcommon_la-uri.lo `test -f 'uri.c' || echo '$(srcdir)/'`uri.c libcommon_la-strings.lo: strings.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -MT libcommon_la-strings.lo -MD -MP -MF $(DEPDIR)/libcommon_la-strings.Tpo -c -o libcommon_la-strings.lo `test -f 'strings.c' || echo '$(srcdir)/'`strings.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_la-strings.Tpo $(DEPDIR)/libcommon_la-strings.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='strings.c' object='libcommon_la-strings.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -c -o libcommon_la-strings.lo `test -f 'strings.c' || echo '$(srcdir)/'`strings.c libcommon_la-pkcs11_lib.lo: pkcs11_lib.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -MT libcommon_la-pkcs11_lib.lo -MD -MP -MF $(DEPDIR)/libcommon_la-pkcs11_lib.Tpo -c -o libcommon_la-pkcs11_lib.lo `test -f 'pkcs11_lib.c' || echo '$(srcdir)/'`pkcs11_lib.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_la-pkcs11_lib.Tpo $(DEPDIR)/libcommon_la-pkcs11_lib.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pkcs11_lib.c' object='libcommon_la-pkcs11_lib.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -c -o libcommon_la-pkcs11_lib.lo `test -f 'pkcs11_lib.c' || echo '$(srcdir)/'`pkcs11_lib.c libcommon_la-strndup.lo: strndup.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -MT libcommon_la-strndup.lo -MD -MP -MF $(DEPDIR)/libcommon_la-strndup.Tpo -c -o libcommon_la-strndup.lo `test -f 'strndup.c' || echo '$(srcdir)/'`strndup.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_la-strndup.Tpo $(DEPDIR)/libcommon_la-strndup.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='strndup.c' object='libcommon_la-strndup.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -c -o libcommon_la-strndup.lo `test -f 'strndup.c' || echo '$(srcdir)/'`strndup.c libcommon_la-base64.lo: base64.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -MT libcommon_la-base64.lo -MD -MP -MF $(DEPDIR)/libcommon_la-base64.Tpo -c -o libcommon_la-base64.lo `test -f 'base64.c' || echo '$(srcdir)/'`base64.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_la-base64.Tpo $(DEPDIR)/libcommon_la-base64.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='base64.c' object='libcommon_la-base64.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_la_CFLAGS) $(CFLAGS) -c -o libcommon_la-base64.lo `test -f 'base64.c' || echo '$(srcdir)/'`base64.c mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. # To change the values of 'make' variables: instead of editing Makefiles, # (1) if the variable is set in 'config.status', edit 'config.status' # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): @fail=; \ if $(am__make_keepgoing); then \ failcom='fail=yes'; \ else \ failcom='exit 1'; \ fi; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-recursive TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-recursive CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscopelist: cscopelist-recursive cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ $(am__make_dryrun) \ || test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-recursive clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ clean-noinstPROGRAMS mostlyclean-am distclean: distclean-recursive -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(am__recursive_targets) install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ check-am clean clean-generic clean-libtool \ clean-noinstLTLIBRARIES clean-noinstPROGRAMS cscopelist-am \ ctags ctags-am distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am .PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam_pkcs11-0.6.9/src/common/algorithm.c0000644000175000017500000000400212074274512020174 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003-2004 Mario Strasser * Copyright (C) 2005 Juan Antonio Martinez * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ #ifdef HAVE_CONFIG_H #include #endif #include #include #ifdef HAVE_NSS ALGORITHM_TYPE Alg_get_alg_from_string(const char *hashString) { /* sigh, we don't have any string to out conversion * it would be nice to at least search the oid table by * description */ SECOidTag hashOIDTag; if (strcasecmp(hashString, "sha1") == 0) { hashOIDTag = SEC_OID_SHA1; } else if (strcasecmp(hashString, "md5") == 0) { hashOIDTag = SEC_OID_MD5; } else if (strcasecmp(hashString, "md2") == 0) { hashOIDTag = SEC_OID_MD2; } else if (strcasecmp(hashString, "sha512") == 0) { hashOIDTag = SEC_OID_SHA512; } else if (strcasecmp(hashString, "sha384") == 0) { hashOIDTag = SEC_OID_SHA384; } else if (strcasecmp(hashString, "sha256") == 0) { hashOIDTag = SEC_OID_SHA256; } else { hashOIDTag = ALGORITHM_NULL; } return hashOIDTag; } const ALGDIGEST *Alg_get_digest_by_name(ALGORITHM_TYPE hash) { return HASH_GetHashObjectByOidTag(hash); } #else ALGORITHM_TYPE Alg_get_alg_from_string(const char *hashString) { const EVP_MD *digest; digest = EVP_get_digestbyname(hashString); if (!digest) { return ALGORITHM_NULL; } return hashString; } const ALGDIGEST *Alg_get_digest_by_name(ALGORITHM_TYPE hash) { return EVP_get_digestbyname((char *)hash); } #endif pam_pkcs11-0.6.9/src/common/error.c0000644000175000017500000000236412074274512017350 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ #include "error.h" #include #include #define __ERROR_C_ static char error_buffer[ERROR_BUFFER_SIZE] = ""; /** * store an error message into a temporary buffer, in a similar way as sprintf does * @param format String to be stored * @param ... Additional parameters */ void set_error(const char *format, ...) { static char tmp[ERROR_BUFFER_SIZE]; va_list ap; va_start(ap, format); vsnprintf(tmp, ERROR_BUFFER_SIZE, format, ap); va_end(ap); strcpy(error_buffer, tmp); } /** * Retrieve error message string from buffer *@return Error message */ const char *get_error(void) { return (const char *)error_buffer; } pam_pkcs11-0.6.9/src/common/alg_st.h0000644000175000017500000000275612074274512017502 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003-2004 Mario Strasser * Copyright (C) 2005 Juan Antonio Martinez * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ #ifndef _ALG_ST_H #define _ALG_ST_H #ifdef HAVE_CONFIG_H #include #endif #ifdef HAVE_NSS #include #include typedef SECHashObject ALGDIGEST; #define ALGORITHM_SHA512 SEC_OID_SHA512 #define ALGORITHM_SHA384 SEC_OID_SHA385 #define ALGORITHM_SHA256 SEC_OID_SHA256 #define ALGORITHM_SHA1 SEC_OID_SHA1 #define ALGORITHM_MD5 SEC_OID_MD5 #define ALGORITHM_MD2 SEC_OID_MD2 #else #include typedef EVP_MD ALGDIGEST; #define ALGORITHM_SHA512 "sha512" #define ALGORITHM_SHA384 "sha384" #define ALGORITHM_SHA256 "sha256" #define ALGORITHM_SHA1 "sha1" #define ALGORITHM_MD5 "md5" #define ALGORITHM_MD2 "md2" #endif ALGORITHM_TYPE Alg_get_alg_from_string(const char *); /* EVP_get_digestbyname */ const ALGDIGEST *Alg_get_digest_by_name(ALGORITHM_TYPE hash); #endif /* _ALG_ST_H */ pam_pkcs11-0.6.9/src/common/rsaref/0000755000175000017500000000000012772727122017335 5ustar rousseaurousseaupam_pkcs11-0.6.9/src/common/rsaref/Makefile.in0000644000175000017500000003726512772703033021412 0ustar rousseaurousseau# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Process this file with automake to create Makefile.in VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/common/rsaref ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/aclocal/ax_pthread.m4 \ $(top_srcdir)/aclocal/gettext.m4 \ $(top_srcdir)/aclocal/iconv.m4 \ $(top_srcdir)/aclocal/intlmacosx.m4 \ $(top_srcdir)/aclocal/lib-ld.m4 \ $(top_srcdir)/aclocal/lib-link.m4 \ $(top_srcdir)/aclocal/lib-prefix.m4 \ $(top_srcdir)/aclocal/libtool.m4 \ $(top_srcdir)/aclocal/ltoptions.m4 \ $(top_srcdir)/aclocal/ltsugar.m4 \ $(top_srcdir)/aclocal/ltversion.m4 \ $(top_srcdir)/aclocal/lt~obsolete.m4 \ $(top_srcdir)/aclocal/nls.m4 $(top_srcdir)/aclocal/po.m4 \ $(top_srcdir)/aclocal/progtest.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(noinst_HEADERS) \ $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac HEADERS = $(noinst_HEADERS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ CRYPTO_LIBS = @CRYPTO_LIBS@ CURL_CFLAGS = @CURL_CFLAGS@ CURL_LIBS = @CURL_LIBS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDAP_CFLAGS = @LDAP_CFLAGS@ LDAP_LIBS = @LDAP_LIBS@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NM = @NM@ NMEDIT = @NMEDIT@ NSS_CFLAGS = @NSS_CFLAGS@ NSS_LIBS = @NSS_LIBS@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ POSUB = @POSUB@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ MAINTAINERCLEANFILES = Makefile.in EXTRA_DIST = PKCS11_README #include_HEADERS = pkcs11.h pkcs11f.h pkcs11t.h noinst_HEADERS = pkcs11.h pkcs11f.h pkcs11t.h all: all-am .SUFFIXES: $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/common/rsaref/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/common/rsaref/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-am TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-am CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscopelist: cscopelist-am cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(HEADERS) installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ clean-libtool cscopelist-am ctags ctags-am distclean \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am .PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam_pkcs11-0.6.9/src/common/rsaref/pkcs11f.h0000644000175000017500000006732412074274512020765 0ustar rousseaurousseau/* pkcs11f.h include file for PKCS #11. */ /* $Revision: 1.4 $ */ /* License to copy and use this software is granted provided that it is * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface * (Cryptoki)" in all material mentioning or referencing this software. * License is also granted to make and use derivative works provided that * such works are identified as "derived from the RSA Security Inc. PKCS #11 * Cryptographic Token Interface (Cryptoki)" in all material mentioning or * referencing the derived work. * RSA Security Inc. makes no representations concerning either the * merchantability of this software or the suitability of this software for * any particular purpose. It is provided "as is" without express or implied * warranty of any kind. */ /* This header file contains pretty much everything about all the */ /* Cryptoki function prototypes. Because this information is */ /* used for more than just declaring function prototypes, the */ /* order of the functions appearing herein is important, and */ /* should not be altered. */ /* General-purpose */ /* C_Initialize initializes the Cryptoki library. */ CK_PKCS11_FUNCTION_INFO(C_Initialize) #ifdef CK_NEED_ARG_LIST (CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets * cast to CK_C_INITIALIZE_ARGS_PTR * and dereferenced */ ); #endif /* C_Finalize indicates that an application is done with the * Cryptoki library. */ CK_PKCS11_FUNCTION_INFO(C_Finalize) #ifdef CK_NEED_ARG_LIST (CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */ ); #endif /* C_GetInfo returns general information about Cryptoki. */ CK_PKCS11_FUNCTION_INFO(C_GetInfo) #ifdef CK_NEED_ARG_LIST (CK_INFO_PTR pInfo /* location that receives information */ ); #endif /* C_GetFunctionList returns the function list. */ CK_PKCS11_FUNCTION_INFO(C_GetFunctionList) #ifdef CK_NEED_ARG_LIST (CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to * function list */ ); #endif /* Slot and token management */ /* C_GetSlotList obtains a list of slots in the system. */ CK_PKCS11_FUNCTION_INFO(C_GetSlotList) #ifdef CK_NEED_ARG_LIST (CK_BBOOL tokenPresent, /* only slots with tokens? */ CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */ CK_ULONG_PTR pulCount /* receives number of slots */ ); #endif /* C_GetSlotInfo obtains information about a particular slot in * the system. */ CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo) #ifdef CK_NEED_ARG_LIST (CK_SLOT_ID slotID, /* the ID of the slot */ CK_SLOT_INFO_PTR pInfo /* receives the slot information */ ); #endif /* C_GetTokenInfo obtains information about a particular token * in the system. */ CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo) #ifdef CK_NEED_ARG_LIST (CK_SLOT_ID slotID, /* ID of the token's slot */ CK_TOKEN_INFO_PTR pInfo /* receives the token information */ ); #endif /* C_GetMechanismList obtains a list of mechanism types * supported by a token. */ CK_PKCS11_FUNCTION_INFO(C_GetMechanismList) #ifdef CK_NEED_ARG_LIST (CK_SLOT_ID slotID, /* ID of token's slot */ CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */ CK_ULONG_PTR pulCount /* gets # of mechs. */ ); #endif /* C_GetMechanismInfo obtains information about a particular * mechanism possibly supported by a token. */ CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo) #ifdef CK_NEED_ARG_LIST (CK_SLOT_ID slotID, /* ID of the token's slot */ CK_MECHANISM_TYPE type, /* type of mechanism */ CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */ ); #endif /* C_InitToken initializes a token. */ CK_PKCS11_FUNCTION_INFO(C_InitToken) #ifdef CK_NEED_ARG_LIST /* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */ (CK_SLOT_ID slotID, /* ID of the token's slot */ CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */ CK_ULONG ulPinLen, /* length in bytes of the PIN */ CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */ ); #endif /* C_InitPIN initializes the normal user's PIN. */ CK_PKCS11_FUNCTION_INFO(C_InitPIN) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */ CK_ULONG ulPinLen /* length in bytes of the PIN */ ); #endif /* C_SetPIN modifies the PIN of the user who is logged in. */ CK_PKCS11_FUNCTION_INFO(C_SetPIN) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_UTF8CHAR_PTR pOldPin, /* the old PIN */ CK_ULONG ulOldLen, /* length of the old PIN */ CK_UTF8CHAR_PTR pNewPin, /* the new PIN */ CK_ULONG ulNewLen /* length of the new PIN */ ); #endif /* Session management */ /* C_OpenSession opens a session between an application and a * token. */ CK_PKCS11_FUNCTION_INFO(C_OpenSession) #ifdef CK_NEED_ARG_LIST (CK_SLOT_ID slotID, /* the slot's ID */ CK_FLAGS flags, /* from CK_SESSION_INFO */ CK_VOID_PTR pApplication, /* passed to callback */ CK_NOTIFY Notify, /* callback function */ CK_SESSION_HANDLE_PTR phSession /* gets session handle */ ); #endif /* C_CloseSession closes a session between an application and a * token. */ CK_PKCS11_FUNCTION_INFO(C_CloseSession) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession /* the session's handle */ ); #endif /* C_CloseAllSessions closes all sessions with a token. */ CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions) #ifdef CK_NEED_ARG_LIST (CK_SLOT_ID slotID /* the token's slot */ ); #endif /* C_GetSessionInfo obtains information about the session. */ CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_SESSION_INFO_PTR pInfo /* receives session info */ ); #endif /* C_GetOperationState obtains the state of the cryptographic operation * in a session. */ CK_PKCS11_FUNCTION_INFO(C_GetOperationState) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* session's handle */ CK_BYTE_PTR pOperationState, /* gets state */ CK_ULONG_PTR pulOperationStateLen /* gets state length */ ); #endif /* C_SetOperationState restores the state of the cryptographic * operation in a session. */ CK_PKCS11_FUNCTION_INFO(C_SetOperationState) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* session's handle */ CK_BYTE_PTR pOperationState, /* holds state */ CK_ULONG ulOperationStateLen, /* holds state length */ CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */ CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */ ); #endif /* C_Login logs a user into a token. */ CK_PKCS11_FUNCTION_INFO(C_Login) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_USER_TYPE userType, /* the user type */ CK_UTF8CHAR_PTR pPin, /* the user's PIN */ CK_ULONG ulPinLen /* the length of the PIN */ ); #endif /* C_Logout logs a user out from a token. */ CK_PKCS11_FUNCTION_INFO(C_Logout) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession /* the session's handle */ ); #endif /* Object management */ /* C_CreateObject creates a new object. */ CK_PKCS11_FUNCTION_INFO(C_CreateObject) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_ATTRIBUTE_PTR pTemplate, /* the object's template */ CK_ULONG ulCount, /* attributes in template */ CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */ ); #endif /* C_CopyObject copies an object, creating a new object for the * copy. */ CK_PKCS11_FUNCTION_INFO(C_CopyObject) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_OBJECT_HANDLE hObject, /* the object's handle */ CK_ATTRIBUTE_PTR pTemplate, /* template for new object */ CK_ULONG ulCount, /* attributes in template */ CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */ ); #endif /* C_DestroyObject destroys an object. */ CK_PKCS11_FUNCTION_INFO(C_DestroyObject) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_OBJECT_HANDLE hObject /* the object's handle */ ); #endif /* C_GetObjectSize gets the size of an object in bytes. */ CK_PKCS11_FUNCTION_INFO(C_GetObjectSize) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_OBJECT_HANDLE hObject, /* the object's handle */ CK_ULONG_PTR pulSize /* receives size of object */ ); #endif /* C_GetAttributeValue obtains the value of one or more object * attributes. */ CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_OBJECT_HANDLE hObject, /* the object's handle */ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */ CK_ULONG ulCount /* attributes in template */ ); #endif /* C_SetAttributeValue modifies the value of one or more object * attributes */ CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_OBJECT_HANDLE hObject, /* the object's handle */ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */ CK_ULONG ulCount /* attributes in template */ ); #endif /* C_FindObjectsInit initializes a search for token and session * objects that match a template. */ CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */ CK_ULONG ulCount /* attrs in search template */ ); #endif /* C_FindObjects continues a search for token and session * objects that match a template, obtaining additional object * handles. */ CK_PKCS11_FUNCTION_INFO(C_FindObjects) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* session's handle */ CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */ CK_ULONG ulMaxObjectCount, /* max handles to get */ CK_ULONG_PTR pulObjectCount /* actual # returned */ ); #endif /* C_FindObjectsFinal finishes a search for token and session * objects. */ CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession /* the session's handle */ ); #endif /* Encryption and decryption */ /* C_EncryptInit initializes an encryption operation. */ CK_PKCS11_FUNCTION_INFO(C_EncryptInit) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */ CK_OBJECT_HANDLE hKey /* handle of encryption key */ ); #endif /* C_Encrypt encrypts single-part data. */ CK_PKCS11_FUNCTION_INFO(C_Encrypt) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* session's handle */ CK_BYTE_PTR pData, /* the plaintext data */ CK_ULONG ulDataLen, /* bytes of plaintext */ CK_BYTE_PTR pEncryptedData, /* gets ciphertext */ CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */ ); #endif /* C_EncryptUpdate continues a multiple-part encryption * operation. */ CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* session's handle */ CK_BYTE_PTR pPart, /* the plaintext data */ CK_ULONG ulPartLen, /* plaintext data len */ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */ ); #endif /* C_EncryptFinal finishes a multiple-part encryption * operation. */ CK_PKCS11_FUNCTION_INFO(C_EncryptFinal) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* session handle */ CK_BYTE_PTR pLastEncryptedPart, /* last c-text */ CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */ ); #endif /* C_DecryptInit initializes a decryption operation. */ CK_PKCS11_FUNCTION_INFO(C_DecryptInit) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */ CK_OBJECT_HANDLE hKey /* handle of decryption key */ ); #endif /* C_Decrypt decrypts encrypted data in a single part. */ CK_PKCS11_FUNCTION_INFO(C_Decrypt) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* session's handle */ CK_BYTE_PTR pEncryptedData, /* ciphertext */ CK_ULONG ulEncryptedDataLen, /* ciphertext length */ CK_BYTE_PTR pData, /* gets plaintext */ CK_ULONG_PTR pulDataLen /* gets p-text size */ ); #endif /* C_DecryptUpdate continues a multiple-part decryption * operation. */ CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* session's handle */ CK_BYTE_PTR pEncryptedPart, /* encrypted data */ CK_ULONG ulEncryptedPartLen, /* input length */ CK_BYTE_PTR pPart, /* gets plaintext */ CK_ULONG_PTR pulPartLen /* p-text size */ ); #endif /* C_DecryptFinal finishes a multiple-part decryption * operation. */ CK_PKCS11_FUNCTION_INFO(C_DecryptFinal) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pLastPart, /* gets plaintext */ CK_ULONG_PTR pulLastPartLen /* p-text size */ ); #endif /* Message digesting */ /* C_DigestInit initializes a message-digesting operation. */ CK_PKCS11_FUNCTION_INFO(C_DigestInit) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism /* the digesting mechanism */ ); #endif /* C_Digest digests data in a single part. */ CK_PKCS11_FUNCTION_INFO(C_Digest) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pData, /* data to be digested */ CK_ULONG ulDataLen, /* bytes of data to digest */ CK_BYTE_PTR pDigest, /* gets the message digest */ CK_ULONG_PTR pulDigestLen /* gets digest length */ ); #endif /* C_DigestUpdate continues a multiple-part message-digesting * operation. */ CK_PKCS11_FUNCTION_INFO(C_DigestUpdate) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pPart, /* data to be digested */ CK_ULONG ulPartLen /* bytes of data to be digested */ ); #endif /* C_DigestKey continues a multi-part message-digesting * operation, by digesting the value of a secret key as part of * the data already digested. */ CK_PKCS11_FUNCTION_INFO(C_DigestKey) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_OBJECT_HANDLE hKey /* secret key to digest */ ); #endif /* C_DigestFinal finishes a multiple-part message-digesting * operation. */ CK_PKCS11_FUNCTION_INFO(C_DigestFinal) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pDigest, /* gets the message digest */ CK_ULONG_PTR pulDigestLen /* gets byte count of digest */ ); #endif /* Signing and MACing */ /* C_SignInit initializes a signature (private key encryption) * operation, where the signature is (will be) an appendix to * the data, and plaintext cannot be recovered from the *signature. */ CK_PKCS11_FUNCTION_INFO(C_SignInit) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */ CK_OBJECT_HANDLE hKey /* handle of signature key */ ); #endif /* C_Sign signs (encrypts with private key) data in a single * part, where the signature is (will be) an appendix to the * data, and plaintext cannot be recovered from the signature. */ CK_PKCS11_FUNCTION_INFO(C_Sign) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pData, /* the data to sign */ CK_ULONG ulDataLen, /* count of bytes to sign */ CK_BYTE_PTR pSignature, /* gets the signature */ CK_ULONG_PTR pulSignatureLen /* gets signature length */ ); #endif /* C_SignUpdate continues a multiple-part signature operation, * where the signature is (will be) an appendix to the data, * and plaintext cannot be recovered from the signature. */ CK_PKCS11_FUNCTION_INFO(C_SignUpdate) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pPart, /* the data to sign */ CK_ULONG ulPartLen /* count of bytes to sign */ ); #endif /* C_SignFinal finishes a multiple-part signature operation, * returning the signature. */ CK_PKCS11_FUNCTION_INFO(C_SignFinal) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pSignature, /* gets the signature */ CK_ULONG_PTR pulSignatureLen /* gets signature length */ ); #endif /* C_SignRecoverInit initializes a signature operation, where * the data can be recovered from the signature. */ CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */ CK_OBJECT_HANDLE hKey /* handle of the signature key */ ); #endif /* C_SignRecover signs data in a single operation, where the * data can be recovered from the signature. */ CK_PKCS11_FUNCTION_INFO(C_SignRecover) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pData, /* the data to sign */ CK_ULONG ulDataLen, /* count of bytes to sign */ CK_BYTE_PTR pSignature, /* gets the signature */ CK_ULONG_PTR pulSignatureLen /* gets signature length */ ); #endif /* Verifying signatures and MACs */ /* C_VerifyInit initializes a verification operation, where the * signature is an appendix to the data, and plaintext cannot * cannot be recovered from the signature (e.g. DSA). */ CK_PKCS11_FUNCTION_INFO(C_VerifyInit) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ CK_OBJECT_HANDLE hKey /* verification key */ ); #endif /* C_Verify verifies a signature in a single-part operation, * where the signature is an appendix to the data, and plaintext * cannot be recovered from the signature. */ CK_PKCS11_FUNCTION_INFO(C_Verify) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pData, /* signed data */ CK_ULONG ulDataLen, /* length of signed data */ CK_BYTE_PTR pSignature, /* signature */ CK_ULONG ulSignatureLen /* signature length */ ); #endif /* C_VerifyUpdate continues a multiple-part verification * operation, where the signature is an appendix to the data, * and plaintext cannot be recovered from the signature. */ CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pPart, /* signed data */ CK_ULONG ulPartLen /* length of signed data */ ); #endif /* C_VerifyFinal finishes a multiple-part verification * operation, checking the signature. */ CK_PKCS11_FUNCTION_INFO(C_VerifyFinal) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pSignature, /* signature to verify */ CK_ULONG ulSignatureLen /* signature length */ ); #endif /* C_VerifyRecoverInit initializes a signature verification * operation, where the data is recovered from the signature. */ CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ CK_OBJECT_HANDLE hKey /* verification key */ ); #endif /* C_VerifyRecover verifies a signature in a single-part * operation, where the data is recovered from the signature. */ CK_PKCS11_FUNCTION_INFO(C_VerifyRecover) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pSignature, /* signature to verify */ CK_ULONG ulSignatureLen, /* signature length */ CK_BYTE_PTR pData, /* gets signed data */ CK_ULONG_PTR pulDataLen /* gets signed data len */ ); #endif /* Dual-function cryptographic operations */ /* C_DigestEncryptUpdate continues a multiple-part digesting * and encryption operation. */ CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* session's handle */ CK_BYTE_PTR pPart, /* the plaintext data */ CK_ULONG ulPartLen, /* plaintext length */ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */ ); #endif /* C_DecryptDigestUpdate continues a multiple-part decryption and * digesting operation. */ CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* session's handle */ CK_BYTE_PTR pEncryptedPart, /* ciphertext */ CK_ULONG ulEncryptedPartLen, /* ciphertext length */ CK_BYTE_PTR pPart, /* gets plaintext */ CK_ULONG_PTR pulPartLen /* gets plaintext len */ ); #endif /* C_SignEncryptUpdate continues a multiple-part signing and * encryption operation. */ CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* session's handle */ CK_BYTE_PTR pPart, /* the plaintext data */ CK_ULONG ulPartLen, /* plaintext length */ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */ ); #endif /* C_DecryptVerifyUpdate continues a multiple-part decryption and * verify operation. */ CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* session's handle */ CK_BYTE_PTR pEncryptedPart, /* ciphertext */ CK_ULONG ulEncryptedPartLen, /* ciphertext length */ CK_BYTE_PTR pPart, /* gets plaintext */ CK_ULONG_PTR pulPartLen /* gets p-text length */ ); #endif /* Key management */ /* C_GenerateKey generates a secret key, creating a new key * object. */ CK_PKCS11_FUNCTION_INFO(C_GenerateKey) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* key generation mech. */ CK_ATTRIBUTE_PTR pTemplate, /* template for new key */ CK_ULONG ulCount, /* # of attrs in template */ CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */ ); #endif /* C_GenerateKeyPair generates a public-key/private-key pair, * creating new key objects. */ CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* session * handle */ CK_MECHANISM_PTR pMechanism, /* key-gen * mech. */ CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template * for pub. * key */ CK_ULONG ulPublicKeyAttributeCount, /* # pub. * attrs. */ CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template * for priv. * key */ CK_ULONG ulPrivateKeyAttributeCount, /* # priv. * attrs. */ CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. * key * handle */ CK_OBJECT_HANDLE_PTR phPrivateKey /* gets * priv. key * handle */ ); #endif /* C_WrapKey wraps (i.e., encrypts) a key. */ CK_PKCS11_FUNCTION_INFO(C_WrapKey) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */ CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */ CK_OBJECT_HANDLE hKey, /* key to be wrapped */ CK_BYTE_PTR pWrappedKey, /* gets wrapped key */ CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */ ); #endif /* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new * key object. */ CK_PKCS11_FUNCTION_INFO(C_UnwrapKey) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* session's handle */ CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */ CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */ CK_BYTE_PTR pWrappedKey, /* the wrapped key */ CK_ULONG ulWrappedKeyLen, /* wrapped key len */ CK_ATTRIBUTE_PTR pTemplate, /* new key template */ CK_ULONG ulAttributeCount, /* template length */ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */ ); #endif /* C_DeriveKey derives a key from a base key, creating a new key * object. */ CK_PKCS11_FUNCTION_INFO(C_DeriveKey) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* session's handle */ CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */ CK_OBJECT_HANDLE hBaseKey, /* base key */ CK_ATTRIBUTE_PTR pTemplate, /* new key template */ CK_ULONG ulAttributeCount, /* template length */ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */ ); #endif /* Random number generation */ /* C_SeedRandom mixes additional seed material into the token's * random number generator. */ CK_PKCS11_FUNCTION_INFO(C_SeedRandom) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pSeed, /* the seed material */ CK_ULONG ulSeedLen /* length of seed material */ ); #endif /* C_GenerateRandom generates random data. */ CK_PKCS11_FUNCTION_INFO(C_GenerateRandom) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR RandomData, /* receives the random data */ CK_ULONG ulRandomLen /* # of bytes to generate */ ); #endif /* Parallel function management */ /* C_GetFunctionStatus is a legacy function; it obtains an * updated status of a function running in parallel with an * application. */ CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession /* the session's handle */ ); #endif /* C_CancelFunction is a legacy function; it cancels a function * running in parallel. */ CK_PKCS11_FUNCTION_INFO(C_CancelFunction) #ifdef CK_NEED_ARG_LIST (CK_SESSION_HANDLE hSession /* the session's handle */ ); #endif /* Functions added in for Cryptoki Version 2.01 or later */ /* C_WaitForSlotEvent waits for a slot event (token insertion, * removal, etc.) to occur. */ CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent) #ifdef CK_NEED_ARG_LIST (CK_FLAGS flags, /* blocking/nonblocking flag */ CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */ CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */ ); #endif pam_pkcs11-0.6.9/src/common/rsaref/pkcs11t.h0000644000175000017500000014620612074274512021000 0ustar rousseaurousseau/* pkcs11t.h include file for PKCS #11. */ /* $Revision: 1.4 $ */ /* License to copy and use this software is granted provided that it is * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface * (Cryptoki)" in all material mentioning or referencing this software. * License is also granted to make and use derivative works provided that * such works are identified as "derived from the RSA Security Inc. PKCS #11 * Cryptographic Token Interface (Cryptoki)" in all material mentioning or * referencing the derived work. * RSA Security Inc. makes no representations concerning either the * merchantability of this software or the suitability of this software for * any particular purpose. It is provided "as is" without express or implied * warranty of any kind. */ /* See top of pkcs11.h for information about the macros that * must be defined and the structure-packing conventions that * must be set before including this file. */ #ifndef _PKCS11T_H_ #define _PKCS11T_H_ 1 #ifndef CK_DISABLE_TRUE_FALSE #ifndef FALSE #define FALSE 0 #endif #ifndef TRUE #define TRUE !(FALSE) #endif #endif #define CK_TRUE 1 #define CK_FALSE 0 /* an unsigned 8-bit value */ typedef unsigned char CK_BYTE; /* an unsigned 8-bit character */ typedef CK_BYTE CK_CHAR; /* an 8-bit UTF-8 character */ typedef CK_BYTE CK_UTF8CHAR; /* a BYTE-sized Boolean flag */ typedef CK_BYTE CK_BBOOL; /* an unsigned value, at least 32 bits long */ typedef unsigned long int CK_ULONG; /* a signed value, the same size as a CK_ULONG */ /* CK_LONG is new for v2.0 */ typedef long int CK_LONG; /* at least 32 bits; each bit is a Boolean flag */ typedef CK_ULONG CK_FLAGS; /* some special values for certain CK_ULONG variables */ #define CK_UNAVAILABLE_INFORMATION (~0UL) #define CK_EFFECTIVELY_INFINITE 0 typedef CK_BYTE CK_PTR CK_BYTE_PTR; typedef CK_CHAR CK_PTR CK_CHAR_PTR; typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR; typedef CK_ULONG CK_PTR CK_ULONG_PTR; typedef void CK_PTR CK_VOID_PTR; /* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */ typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR; /* The following value is always invalid if used as a session */ /* handle or object handle */ #define CK_INVALID_HANDLE 0 typedef struct CK_VERSION { CK_BYTE major; /* integer portion of version number */ CK_BYTE minor; /* 1/100ths portion of version number */ } CK_VERSION; typedef CK_VERSION CK_PTR CK_VERSION_PTR; typedef struct CK_INFO { /* manufacturerID and libraryDecription have been changed from * CK_CHAR to CK_UTF8CHAR for v2.10 */ CK_VERSION cryptokiVersion; /* Cryptoki interface ver */ CK_UTF8CHAR manufacturerID[32]; /* blank padded */ CK_FLAGS flags; /* must be zero */ /* libraryDescription and libraryVersion are new for v2.0 */ CK_UTF8CHAR libraryDescription[32]; /* blank padded */ CK_VERSION libraryVersion; /* version of library */ } CK_INFO; typedef CK_INFO CK_PTR CK_INFO_PTR; /* CK_NOTIFICATION enumerates the types of notifications that * Cryptoki provides to an application */ /* CK_NOTIFICATION has been changed from an enum to a CK_ULONG * for v2.0 */ typedef CK_ULONG CK_NOTIFICATION; #define CKN_SURRENDER 0 typedef CK_ULONG CK_SLOT_ID; typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR; /* CK_SLOT_INFO provides information about a slot */ typedef struct CK_SLOT_INFO { /* slotDescription and manufacturerID have been changed from * CK_CHAR to CK_UTF8CHAR for v2.10 */ CK_UTF8CHAR slotDescription[64]; /* blank padded */ CK_UTF8CHAR manufacturerID[32]; /* blank padded */ CK_FLAGS flags; /* hardwareVersion and firmwareVersion are new for v2.0 */ CK_VERSION hardwareVersion; /* version of hardware */ CK_VERSION firmwareVersion; /* version of firmware */ } CK_SLOT_INFO; /* flags: bit flags that provide capabilities of the slot * Bit Flag Mask Meaning */ #define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */ #define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices */ #define CKF_HW_SLOT 0x00000004 /* hardware slot */ typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR; /* CK_TOKEN_INFO provides information about a token */ typedef struct CK_TOKEN_INFO { /* label, manufacturerID, and model have been changed from * CK_CHAR to CK_UTF8CHAR for v2.10 */ CK_UTF8CHAR label[32]; /* blank padded */ CK_UTF8CHAR manufacturerID[32]; /* blank padded */ CK_UTF8CHAR model[16]; /* blank padded */ CK_CHAR serialNumber[16]; /* blank padded */ CK_FLAGS flags; /* see below */ /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount, * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been * changed from CK_USHORT to CK_ULONG for v2.0 */ CK_ULONG ulMaxSessionCount; /* max open sessions */ CK_ULONG ulSessionCount; /* sess. now open */ CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */ CK_ULONG ulRwSessionCount; /* R/W sess. now open */ CK_ULONG ulMaxPinLen; /* in bytes */ CK_ULONG ulMinPinLen; /* in bytes */ CK_ULONG ulTotalPublicMemory; /* in bytes */ CK_ULONG ulFreePublicMemory; /* in bytes */ CK_ULONG ulTotalPrivateMemory; /* in bytes */ CK_ULONG ulFreePrivateMemory; /* in bytes */ /* hardwareVersion, firmwareVersion, and time are new for * v2.0 */ CK_VERSION hardwareVersion; /* version of hardware */ CK_VERSION firmwareVersion; /* version of firmware */ CK_CHAR utcTime[16]; /* time */ } CK_TOKEN_INFO; /* The flags parameter is defined as follows: * Bit Flag Mask Meaning */ #define CKF_RNG 0x00000001 /* has random # * generator */ #define CKF_WRITE_PROTECTED 0x00000002 /* token is * write- * protected */ #define CKF_LOGIN_REQUIRED 0x00000004 /* user must * login */ #define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's * PIN is set */ /* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set, * that means that *every* time the state of cryptographic * operations of a session is successfully saved, all keys * needed to continue those operations are stored in the state */ #define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020 /* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means * that the token has some sort of clock. The time on that * clock is returned in the token info structure */ #define CKF_CLOCK_ON_TOKEN 0x00000040 /* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is * set, that means that there is some way for the user to login * without sending a PIN through the Cryptoki library itself */ #define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100 /* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true, * that means that a single session with the token can perform * dual simultaneous cryptographic operations (digest and * encrypt; decrypt and digest; sign and encrypt; and decrypt * and sign) */ #define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200 /* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the * token has been initialized using C_InitializeToken or an * equivalent mechanism outside the scope of PKCS #11. * Calling C_InitializeToken when this flag is set will cause * the token to be reinitialized. */ #define CKF_TOKEN_INITIALIZED 0x00000400 /* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is * true, the token supports secondary authentication for * private key objects. */ #define CKF_SECONDARY_AUTHENTICATION 0x00000800 /* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an * incorrect user login PIN has been entered at least once * since the last successful authentication. */ #define CKF_USER_PIN_COUNT_LOW 0x00010000 /* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true, * supplying an incorrect user PIN will it to become locked. */ #define CKF_USER_PIN_FINAL_TRY 0x00020000 /* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the * user PIN has been locked. User login to the token is not * possible. */ #define CKF_USER_PIN_LOCKED 0x00040000 /* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true, * the user PIN value is the default value set by token * initialization or manufacturing, or the PIN has been * expired by the card. */ #define CKF_USER_PIN_TO_BE_CHANGED 0x00080000 /* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an * incorrect SO login PIN has been entered at least once since * the last successful authentication. */ #define CKF_SO_PIN_COUNT_LOW 0x00100000 /* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true, * supplying an incorrect SO PIN will it to become locked. */ #define CKF_SO_PIN_FINAL_TRY 0x00200000 /* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO * PIN has been locked. SO login to the token is not possible. */ #define CKF_SO_PIN_LOCKED 0x00400000 /* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true, * the SO PIN value is the default value set by token * initialization or manufacturing, or the PIN has been * expired by the card. */ #define CKF_SO_PIN_TO_BE_CHANGED 0x00800000 typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR; /* CK_SESSION_HANDLE is a Cryptoki-assigned value that * identifies a session */ typedef CK_ULONG CK_SESSION_HANDLE; typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR; /* CK_USER_TYPE enumerates the types of Cryptoki users */ /* CK_USER_TYPE has been changed from an enum to a CK_ULONG for * v2.0 */ typedef CK_ULONG CK_USER_TYPE; /* Security Officer */ #define CKU_SO 0 /* Normal user */ #define CKU_USER 1 /* CK_STATE enumerates the session states */ /* CK_STATE has been changed from an enum to a CK_ULONG for * v2.0 */ typedef CK_ULONG CK_STATE; #define CKS_RO_PUBLIC_SESSION 0 #define CKS_RO_USER_FUNCTIONS 1 #define CKS_RW_PUBLIC_SESSION 2 #define CKS_RW_USER_FUNCTIONS 3 #define CKS_RW_SO_FUNCTIONS 4 /* CK_SESSION_INFO provides information about a session */ typedef struct CK_SESSION_INFO { CK_SLOT_ID slotID; CK_STATE state; CK_FLAGS flags; /* see below */ /* ulDeviceError was changed from CK_USHORT to CK_ULONG for * v2.0 */ CK_ULONG ulDeviceError; /* device-dependent error code */ } CK_SESSION_INFO; /* The flags are defined in the following table: * Bit Flag Mask Meaning */ #define CKF_RW_SESSION 0x00000002 /* session is r/w */ #define CKF_SERIAL_SESSION 0x00000004 /* no parallel */ typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR; /* CK_OBJECT_HANDLE is a token-specific identifier for an * object */ typedef CK_ULONG CK_OBJECT_HANDLE; typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR; /* CK_OBJECT_CLASS is a value that identifies the classes (or * types) of objects that Cryptoki recognizes. It is defined * as follows: */ /* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for * v2.0 */ typedef CK_ULONG CK_OBJECT_CLASS; /* The following classes of objects are defined: */ /* CKO_HW_FEATURE is new for v2.10 */ /* CKO_DOMAIN_PARAMETERS is new for v2.11 */ #define CKO_DATA 0x00000000 #define CKO_CERTIFICATE 0x00000001 #define CKO_PUBLIC_KEY 0x00000002 #define CKO_PRIVATE_KEY 0x00000003 #define CKO_SECRET_KEY 0x00000004 #define CKO_HW_FEATURE 0x00000005 #define CKO_DOMAIN_PARAMETERS 0x00000006 #define CKO_VENDOR_DEFINED 0x80000000 typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR; /* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a * value that identifies the hardware feature type of an object * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */ typedef CK_ULONG CK_HW_FEATURE_TYPE; /* The following hardware feature types are defined */ #define CKH_MONOTONIC_COUNTER 0x00000001 #define CKH_CLOCK 0x00000002 #define CKH_VENDOR_DEFINED 0x80000000 /* CK_KEY_TYPE is a value that identifies a key type */ /* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */ typedef CK_ULONG CK_KEY_TYPE; /* the following key types are defined: */ #define CKK_RSA 0x00000000 #define CKK_DSA 0x00000001 #define CKK_DH 0x00000002 /* CKK_ECDSA and CKK_KEA are new for v2.0 */ /* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */ #define CKK_ECDSA 0x00000003 #define CKK_EC 0x00000003 #define CKK_X9_42_DH 0x00000004 #define CKK_KEA 0x00000005 #define CKK_GENERIC_SECRET 0x00000010 #define CKK_RC2 0x00000011 #define CKK_RC4 0x00000012 #define CKK_DES 0x00000013 #define CKK_DES2 0x00000014 #define CKK_DES3 0x00000015 /* all these key types are new for v2.0 */ #define CKK_CAST 0x00000016 #define CKK_CAST3 0x00000017 /* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */ #define CKK_CAST5 0x00000018 #define CKK_CAST128 0x00000018 #define CKK_RC5 0x00000019 #define CKK_IDEA 0x0000001A #define CKK_SKIPJACK 0x0000001B #define CKK_BATON 0x0000001C #define CKK_JUNIPER 0x0000001D #define CKK_CDMF 0x0000001E #define CKK_AES 0x0000001F #define CKK_VENDOR_DEFINED 0x80000000 /* CK_CERTIFICATE_TYPE is a value that identifies a certificate * type */ /* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG * for v2.0 */ typedef CK_ULONG CK_CERTIFICATE_TYPE; /* The following certificate types are defined: */ /* CKC_X_509_ATTR_CERT is new for v2.10 */ #define CKC_X_509 0x00000000 #define CKC_X_509_ATTR_CERT 0x00000001 #define CKC_VENDOR_DEFINED 0x80000000 /* CK_ATTRIBUTE_TYPE is a value that identifies an attribute * type */ /* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for * v2.0 */ typedef CK_ULONG CK_ATTRIBUTE_TYPE; /* The following attribute types are defined: */ #define CKA_CLASS 0x00000000 #define CKA_TOKEN 0x00000001 #define CKA_PRIVATE 0x00000002 #define CKA_LABEL 0x00000003 #define CKA_APPLICATION 0x00000010 #define CKA_VALUE 0x00000011 /* CKA_OBJECT_ID is new for v2.10 */ #define CKA_OBJECT_ID 0x00000012 #define CKA_CERTIFICATE_TYPE 0x00000080 #define CKA_ISSUER 0x00000081 #define CKA_SERIAL_NUMBER 0x00000082 /* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new * for v2.10 */ #define CKA_AC_ISSUER 0x00000083 #define CKA_OWNER 0x00000084 #define CKA_ATTR_TYPES 0x00000085 /* CKA_TRUSTED is new for v2.11 */ #define CKA_TRUSTED 0x00000086 #define CKA_KEY_TYPE 0x00000100 #define CKA_SUBJECT 0x00000101 #define CKA_ID 0x00000102 #define CKA_SENSITIVE 0x00000103 #define CKA_ENCRYPT 0x00000104 #define CKA_DECRYPT 0x00000105 #define CKA_WRAP 0x00000106 #define CKA_UNWRAP 0x00000107 #define CKA_SIGN 0x00000108 #define CKA_SIGN_RECOVER 0x00000109 #define CKA_VERIFY 0x0000010A #define CKA_VERIFY_RECOVER 0x0000010B #define CKA_DERIVE 0x0000010C #define CKA_START_DATE 0x00000110 #define CKA_END_DATE 0x00000111 #define CKA_MODULUS 0x00000120 #define CKA_MODULUS_BITS 0x00000121 #define CKA_PUBLIC_EXPONENT 0x00000122 #define CKA_PRIVATE_EXPONENT 0x00000123 #define CKA_PRIME_1 0x00000124 #define CKA_PRIME_2 0x00000125 #define CKA_EXPONENT_1 0x00000126 #define CKA_EXPONENT_2 0x00000127 #define CKA_COEFFICIENT 0x00000128 #define CKA_PRIME 0x00000130 #define CKA_SUBPRIME 0x00000131 #define CKA_BASE 0x00000132 /* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */ #define CKA_PRIME_BITS 0x00000133 #define CKA_SUBPRIME_BITS 0x00000134 #define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS /* (To retain backwards-compatibility) */ #define CKA_VALUE_BITS 0x00000160 #define CKA_VALUE_LEN 0x00000161 /* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE, * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS, * and CKA_EC_POINT are new for v2.0 */ #define CKA_EXTRACTABLE 0x00000162 #define CKA_LOCAL 0x00000163 #define CKA_NEVER_EXTRACTABLE 0x00000164 #define CKA_ALWAYS_SENSITIVE 0x00000165 /* CKA_KEY_GEN_MECHANISM is new for v2.11 */ #define CKA_KEY_GEN_MECHANISM 0x00000166 #define CKA_MODIFIABLE 0x00000170 /* CKA_ECDSA_PARAMS is deprecated in v2.11, * CKA_EC_PARAMS is preferred. */ #define CKA_ECDSA_PARAMS 0x00000180 #define CKA_EC_PARAMS 0x00000180 #define CKA_EC_POINT 0x00000181 /* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS, * CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET * are new for v2.10 */ #define CKA_SECONDARY_AUTH 0x00000200 #define CKA_AUTH_PIN_FLAGS 0x00000201 #define CKA_HW_FEATURE_TYPE 0x00000300 #define CKA_RESET_ON_INIT 0x00000301 #define CKA_HAS_RESET 0x00000302 #define CKA_VENDOR_DEFINED 0x80000000 /* CK_ATTRIBUTE is a structure that includes the type, length * and value of an attribute */ typedef struct CK_ATTRIBUTE { CK_ATTRIBUTE_TYPE type; CK_VOID_PTR pValue; /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */ CK_ULONG ulValueLen; /* in bytes */ } CK_ATTRIBUTE; typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR; /* CK_DATE is a structure that defines a date */ typedef struct CK_DATE { CK_CHAR year[4]; /* the year ("1900" - "9999") */ CK_CHAR month[2]; /* the month ("01" - "12") */ CK_CHAR day[2]; /* the day ("01" - "31") */ } CK_DATE; /* CK_MECHANISM_TYPE is a value that identifies a mechanism * type */ /* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for * v2.0 */ typedef CK_ULONG CK_MECHANISM_TYPE; /* the following mechanism types are defined: */ #define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000 #define CKM_RSA_PKCS 0x00000001 #define CKM_RSA_9796 0x00000002 #define CKM_RSA_X_509 0x00000003 /* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS * are new for v2.0. They are mechanisms which hash and sign */ #define CKM_MD2_RSA_PKCS 0x00000004 #define CKM_MD5_RSA_PKCS 0x00000005 #define CKM_SHA1_RSA_PKCS 0x00000006 /* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and * CKM_RSA_PKCS_OAEP are new for v2.10 */ #define CKM_RIPEMD128_RSA_PKCS 0x00000007 #define CKM_RIPEMD160_RSA_PKCS 0x00000008 #define CKM_RSA_PKCS_OAEP 0x00000009 /* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31, * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */ #define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A #define CKM_RSA_X9_31 0x0000000B #define CKM_SHA1_RSA_X9_31 0x0000000C #define CKM_RSA_PKCS_PSS 0x0000000D #define CKM_SHA1_RSA_PKCS_PSS 0x0000000E #define CKM_DSA_KEY_PAIR_GEN 0x00000010 #define CKM_DSA 0x00000011 #define CKM_DSA_SHA1 0x00000012 #define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020 #define CKM_DH_PKCS_DERIVE 0x00000021 /* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE, * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for * v2.11 */ #define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030 #define CKM_X9_42_DH_DERIVE 0x00000031 #define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032 #define CKM_X9_42_MQV_DERIVE 0x00000033 #define CKM_RC2_KEY_GEN 0x00000100 #define CKM_RC2_ECB 0x00000101 #define CKM_RC2_CBC 0x00000102 #define CKM_RC2_MAC 0x00000103 /* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */ #define CKM_RC2_MAC_GENERAL 0x00000104 #define CKM_RC2_CBC_PAD 0x00000105 #define CKM_RC4_KEY_GEN 0x00000110 #define CKM_RC4 0x00000111 #define CKM_DES_KEY_GEN 0x00000120 #define CKM_DES_ECB 0x00000121 #define CKM_DES_CBC 0x00000122 #define CKM_DES_MAC 0x00000123 /* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */ #define CKM_DES_MAC_GENERAL 0x00000124 #define CKM_DES_CBC_PAD 0x00000125 #define CKM_DES2_KEY_GEN 0x00000130 #define CKM_DES3_KEY_GEN 0x00000131 #define CKM_DES3_ECB 0x00000132 #define CKM_DES3_CBC 0x00000133 #define CKM_DES3_MAC 0x00000134 /* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN, * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC, * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */ #define CKM_DES3_MAC_GENERAL 0x00000135 #define CKM_DES3_CBC_PAD 0x00000136 #define CKM_CDMF_KEY_GEN 0x00000140 #define CKM_CDMF_ECB 0x00000141 #define CKM_CDMF_CBC 0x00000142 #define CKM_CDMF_MAC 0x00000143 #define CKM_CDMF_MAC_GENERAL 0x00000144 #define CKM_CDMF_CBC_PAD 0x00000145 #define CKM_MD2 0x00000200 /* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */ #define CKM_MD2_HMAC 0x00000201 #define CKM_MD2_HMAC_GENERAL 0x00000202 #define CKM_MD5 0x00000210 /* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */ #define CKM_MD5_HMAC 0x00000211 #define CKM_MD5_HMAC_GENERAL 0x00000212 #define CKM_SHA_1 0x00000220 /* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */ #define CKM_SHA_1_HMAC 0x00000221 #define CKM_SHA_1_HMAC_GENERAL 0x00000222 /* CKM_RIPEMD128, CKM_RIPEMD128_HMAC, * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC, * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */ #define CKM_RIPEMD128 0x00000230 #define CKM_RIPEMD128_HMAC 0x00000231 #define CKM_RIPEMD128_HMAC_GENERAL 0x00000232 #define CKM_RIPEMD160 0x00000240 #define CKM_RIPEMD160_HMAC 0x00000241 #define CKM_RIPEMD160_HMAC_GENERAL 0x00000242 /* All of the following mechanisms are new for v2.0 */ /* Note that CAST128 and CAST5 are the same algorithm */ #define CKM_CAST_KEY_GEN 0x00000300 #define CKM_CAST_ECB 0x00000301 #define CKM_CAST_CBC 0x00000302 #define CKM_CAST_MAC 0x00000303 #define CKM_CAST_MAC_GENERAL 0x00000304 #define CKM_CAST_CBC_PAD 0x00000305 #define CKM_CAST3_KEY_GEN 0x00000310 #define CKM_CAST3_ECB 0x00000311 #define CKM_CAST3_CBC 0x00000312 #define CKM_CAST3_MAC 0x00000313 #define CKM_CAST3_MAC_GENERAL 0x00000314 #define CKM_CAST3_CBC_PAD 0x00000315 #define CKM_CAST5_KEY_GEN 0x00000320 #define CKM_CAST128_KEY_GEN 0x00000320 #define CKM_CAST5_ECB 0x00000321 #define CKM_CAST128_ECB 0x00000321 #define CKM_CAST5_CBC 0x00000322 #define CKM_CAST128_CBC 0x00000322 #define CKM_CAST5_MAC 0x00000323 #define CKM_CAST128_MAC 0x00000323 #define CKM_CAST5_MAC_GENERAL 0x00000324 #define CKM_CAST128_MAC_GENERAL 0x00000324 #define CKM_CAST5_CBC_PAD 0x00000325 #define CKM_CAST128_CBC_PAD 0x00000325 #define CKM_RC5_KEY_GEN 0x00000330 #define CKM_RC5_ECB 0x00000331 #define CKM_RC5_CBC 0x00000332 #define CKM_RC5_MAC 0x00000333 #define CKM_RC5_MAC_GENERAL 0x00000334 #define CKM_RC5_CBC_PAD 0x00000335 #define CKM_IDEA_KEY_GEN 0x00000340 #define CKM_IDEA_ECB 0x00000341 #define CKM_IDEA_CBC 0x00000342 #define CKM_IDEA_MAC 0x00000343 #define CKM_IDEA_MAC_GENERAL 0x00000344 #define CKM_IDEA_CBC_PAD 0x00000345 #define CKM_GENERIC_SECRET_KEY_GEN 0x00000350 #define CKM_CONCATENATE_BASE_AND_KEY 0x00000360 #define CKM_CONCATENATE_BASE_AND_DATA 0x00000362 #define CKM_CONCATENATE_DATA_AND_BASE 0x00000363 #define CKM_XOR_BASE_AND_DATA 0x00000364 #define CKM_EXTRACT_KEY_FROM_KEY 0x00000365 #define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370 #define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371 #define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372 /* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN, * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */ #define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373 #define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374 #define CKM_TLS_MASTER_KEY_DERIVE 0x00000375 #define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376 #define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377 #define CKM_SSL3_MD5_MAC 0x00000380 #define CKM_SSL3_SHA1_MAC 0x00000381 #define CKM_MD5_KEY_DERIVATION 0x00000390 #define CKM_MD2_KEY_DERIVATION 0x00000391 #define CKM_SHA1_KEY_DERIVATION 0x00000392 #define CKM_PBE_MD2_DES_CBC 0x000003A0 #define CKM_PBE_MD5_DES_CBC 0x000003A1 #define CKM_PBE_MD5_CAST_CBC 0x000003A2 #define CKM_PBE_MD5_CAST3_CBC 0x000003A3 #define CKM_PBE_MD5_CAST5_CBC 0x000003A4 #define CKM_PBE_MD5_CAST128_CBC 0x000003A4 #define CKM_PBE_SHA1_CAST5_CBC 0x000003A5 #define CKM_PBE_SHA1_CAST128_CBC 0x000003A5 #define CKM_PBE_SHA1_RC4_128 0x000003A6 #define CKM_PBE_SHA1_RC4_40 0x000003A7 #define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8 #define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9 #define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA #define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB /* CKM_PKCS5_PBKD2 is new for v2.10 */ #define CKM_PKCS5_PBKD2 0x000003B0 #define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0 #define CKM_KEY_WRAP_LYNKS 0x00000400 #define CKM_KEY_WRAP_SET_OAEP 0x00000401 /* Fortezza mechanisms */ #define CKM_SKIPJACK_KEY_GEN 0x00001000 #define CKM_SKIPJACK_ECB64 0x00001001 #define CKM_SKIPJACK_CBC64 0x00001002 #define CKM_SKIPJACK_OFB64 0x00001003 #define CKM_SKIPJACK_CFB64 0x00001004 #define CKM_SKIPJACK_CFB32 0x00001005 #define CKM_SKIPJACK_CFB16 0x00001006 #define CKM_SKIPJACK_CFB8 0x00001007 #define CKM_SKIPJACK_WRAP 0x00001008 #define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009 #define CKM_SKIPJACK_RELAYX 0x0000100a #define CKM_KEA_KEY_PAIR_GEN 0x00001010 #define CKM_KEA_KEY_DERIVE 0x00001011 #define CKM_FORTEZZA_TIMESTAMP 0x00001020 #define CKM_BATON_KEY_GEN 0x00001030 #define CKM_BATON_ECB128 0x00001031 #define CKM_BATON_ECB96 0x00001032 #define CKM_BATON_CBC128 0x00001033 #define CKM_BATON_COUNTER 0x00001034 #define CKM_BATON_SHUFFLE 0x00001035 #define CKM_BATON_WRAP 0x00001036 /* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11, * CKM_EC_KEY_PAIR_GEN is preferred */ #define CKM_ECDSA_KEY_PAIR_GEN 0x00001040 #define CKM_EC_KEY_PAIR_GEN 0x00001040 #define CKM_ECDSA 0x00001041 #define CKM_ECDSA_SHA1 0x00001042 /* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE * are new for v2.11 */ #define CKM_ECDH1_DERIVE 0x00001050 #define CKM_ECDH1_COFACTOR_DERIVE 0x00001051 #define CKM_ECMQV_DERIVE 0x00001052 #define CKM_JUNIPER_KEY_GEN 0x00001060 #define CKM_JUNIPER_ECB128 0x00001061 #define CKM_JUNIPER_CBC128 0x00001062 #define CKM_JUNIPER_COUNTER 0x00001063 #define CKM_JUNIPER_SHUFFLE 0x00001064 #define CKM_JUNIPER_WRAP 0x00001065 #define CKM_FASTHASH 0x00001070 /* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC, * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN, * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are * new for v2.11 */ #define CKM_AES_KEY_GEN 0x00001080 #define CKM_AES_ECB 0x00001081 #define CKM_AES_CBC 0x00001082 #define CKM_AES_MAC 0x00001083 #define CKM_AES_MAC_GENERAL 0x00001084 #define CKM_AES_CBC_PAD 0x00001085 #define CKM_DSA_PARAMETER_GEN 0x00002000 #define CKM_DH_PKCS_PARAMETER_GEN 0x00002001 #define CKM_X9_42_DH_PARAMETER_GEN 0x00002002 #define CKM_VENDOR_DEFINED 0x80000000 typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR; /* CK_MECHANISM is a structure that specifies a particular * mechanism */ typedef struct CK_MECHANISM { CK_MECHANISM_TYPE mechanism; CK_VOID_PTR pParameter; /* ulParameterLen was changed from CK_USHORT to CK_ULONG for * v2.0 */ CK_ULONG ulParameterLen; /* in bytes */ } CK_MECHANISM; typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR; /* CK_MECHANISM_INFO provides information about a particular * mechanism */ typedef struct CK_MECHANISM_INFO { CK_ULONG ulMinKeySize; CK_ULONG ulMaxKeySize; CK_FLAGS flags; } CK_MECHANISM_INFO; /* The flags are defined as follows: * Bit Flag Mask Meaning */ #define CKF_HW 0x00000001 /* performed by HW */ /* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN, * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER, * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP, * and CKF_DERIVE are new for v2.0. They specify whether or not * a mechanism can be used for a particular task */ #define CKF_ENCRYPT 0x00000100 #define CKF_DECRYPT 0x00000200 #define CKF_DIGEST 0x00000400 #define CKF_SIGN 0x00000800 #define CKF_SIGN_RECOVER 0x00001000 #define CKF_VERIFY 0x00002000 #define CKF_VERIFY_RECOVER 0x00004000 #define CKF_GENERATE 0x00008000 #define CKF_GENERATE_KEY_PAIR 0x00010000 #define CKF_WRAP 0x00020000 #define CKF_UNWRAP 0x00040000 #define CKF_DERIVE 0x00080000 /* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE, * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They * describe a token's EC capabilities not available in mechanism * information. */ #define CKF_EC_F_P 0x00100000 #define CKF_EC_F_2M 0x00200000 #define CKF_EC_ECPARAMETERS 0x00400000 #define CKF_EC_NAMEDCURVE 0x00800000 #define CKF_EC_UNCOMPRESS 0x01000000 #define CKF_EC_COMPRESS 0x02000000 #define CKF_EXTENSION 0x80000000 /* FALSE for 2.01 */ typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR; /* CK_RV is a value that identifies the return value of a * Cryptoki function */ /* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */ typedef CK_ULONG CK_RV; #define CKR_OK 0x00000000 #define CKR_CANCEL 0x00000001 #define CKR_HOST_MEMORY 0x00000002 #define CKR_SLOT_ID_INVALID 0x00000003 /* CKR_FLAGS_INVALID was removed for v2.0 */ /* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */ #define CKR_GENERAL_ERROR 0x00000005 #define CKR_FUNCTION_FAILED 0x00000006 /* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS, * and CKR_CANT_LOCK are new for v2.01 */ #define CKR_ARGUMENTS_BAD 0x00000007 #define CKR_NO_EVENT 0x00000008 #define CKR_NEED_TO_CREATE_THREADS 0x00000009 #define CKR_CANT_LOCK 0x0000000A #define CKR_ATTRIBUTE_READ_ONLY 0x00000010 #define CKR_ATTRIBUTE_SENSITIVE 0x00000011 #define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012 #define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013 #define CKR_DATA_INVALID 0x00000020 #define CKR_DATA_LEN_RANGE 0x00000021 #define CKR_DEVICE_ERROR 0x00000030 #define CKR_DEVICE_MEMORY 0x00000031 #define CKR_DEVICE_REMOVED 0x00000032 #define CKR_ENCRYPTED_DATA_INVALID 0x00000040 #define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041 #define CKR_FUNCTION_CANCELED 0x00000050 #define CKR_FUNCTION_NOT_PARALLEL 0x00000051 /* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */ #define CKR_FUNCTION_NOT_SUPPORTED 0x00000054 #define CKR_KEY_HANDLE_INVALID 0x00000060 /* CKR_KEY_SENSITIVE was removed for v2.0 */ #define CKR_KEY_SIZE_RANGE 0x00000062 #define CKR_KEY_TYPE_INCONSISTENT 0x00000063 /* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED, * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED, * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for * v2.0 */ #define CKR_KEY_NOT_NEEDED 0x00000064 #define CKR_KEY_CHANGED 0x00000065 #define CKR_KEY_NEEDED 0x00000066 #define CKR_KEY_INDIGESTIBLE 0x00000067 #define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068 #define CKR_KEY_NOT_WRAPPABLE 0x00000069 #define CKR_KEY_UNEXTRACTABLE 0x0000006A #define CKR_MECHANISM_INVALID 0x00000070 #define CKR_MECHANISM_PARAM_INVALID 0x00000071 /* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID * were removed for v2.0 */ #define CKR_OBJECT_HANDLE_INVALID 0x00000082 #define CKR_OPERATION_ACTIVE 0x00000090 #define CKR_OPERATION_NOT_INITIALIZED 0x00000091 #define CKR_PIN_INCORRECT 0x000000A0 #define CKR_PIN_INVALID 0x000000A1 #define CKR_PIN_LEN_RANGE 0x000000A2 /* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */ #define CKR_PIN_EXPIRED 0x000000A3 #define CKR_PIN_LOCKED 0x000000A4 #define CKR_SESSION_CLOSED 0x000000B0 #define CKR_SESSION_COUNT 0x000000B1 #define CKR_SESSION_HANDLE_INVALID 0x000000B3 #define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4 #define CKR_SESSION_READ_ONLY 0x000000B5 #define CKR_SESSION_EXISTS 0x000000B6 /* CKR_SESSION_READ_ONLY_EXISTS and * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */ #define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7 #define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8 #define CKR_SIGNATURE_INVALID 0x000000C0 #define CKR_SIGNATURE_LEN_RANGE 0x000000C1 #define CKR_TEMPLATE_INCOMPLETE 0x000000D0 #define CKR_TEMPLATE_INCONSISTENT 0x000000D1 #define CKR_TOKEN_NOT_PRESENT 0x000000E0 #define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1 #define CKR_TOKEN_WRITE_PROTECTED 0x000000E2 #define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0 #define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1 #define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2 #define CKR_USER_ALREADY_LOGGED_IN 0x00000100 #define CKR_USER_NOT_LOGGED_IN 0x00000101 #define CKR_USER_PIN_NOT_INITIALIZED 0x00000102 #define CKR_USER_TYPE_INVALID 0x00000103 /* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES * are new to v2.01 */ #define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104 #define CKR_USER_TOO_MANY_TYPES 0x00000105 #define CKR_WRAPPED_KEY_INVALID 0x00000110 #define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112 #define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113 #define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114 #define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115 #define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120 /* These are new to v2.0 */ #define CKR_RANDOM_NO_RNG 0x00000121 /* These are new to v2.11 */ #define CKR_DOMAIN_PARAMS_INVALID 0x00000130 /* These are new to v2.0 */ #define CKR_BUFFER_TOO_SMALL 0x00000150 #define CKR_SAVED_STATE_INVALID 0x00000160 #define CKR_INFORMATION_SENSITIVE 0x00000170 #define CKR_STATE_UNSAVEABLE 0x00000180 /* These are new to v2.01 */ #define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190 #define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191 #define CKR_MUTEX_BAD 0x000001A0 #define CKR_MUTEX_NOT_LOCKED 0x000001A1 #define CKR_VENDOR_DEFINED 0x80000000 /* CK_NOTIFY is an application callback that processes events */ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY) (CK_SESSION_HANDLE hSession, /* the session's handle */ CK_NOTIFICATION event, CK_VOID_PTR pApplication /* passed to C_OpenSession */ ); /* CK_FUNCTION_LIST is a structure holding a Cryptoki spec * version and pointers of appropriate types to all the * Cryptoki functions */ /* CK_FUNCTION_LIST is new for v2.0 */ typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR; typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR; /* CK_CREATEMUTEX is an application callback for creating a * mutex object */ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX) (CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */ ); /* CK_DESTROYMUTEX is an application callback for destroying a * mutex object */ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX) (CK_VOID_PTR pMutex /* pointer to mutex */ ); /* CK_LOCKMUTEX is an application callback for locking a mutex */ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX) (CK_VOID_PTR pMutex /* pointer to mutex */ ); /* CK_UNLOCKMUTEX is an application callback for unlocking a * mutex */ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX) (CK_VOID_PTR pMutex /* pointer to mutex */ ); /* CK_C_INITIALIZE_ARGS provides the optional arguments to * C_Initialize */ typedef struct CK_C_INITIALIZE_ARGS { CK_CREATEMUTEX CreateMutex; CK_DESTROYMUTEX DestroyMutex; CK_LOCKMUTEX LockMutex; CK_UNLOCKMUTEX UnlockMutex; CK_FLAGS flags; CK_VOID_PTR pReserved; } CK_C_INITIALIZE_ARGS; /* flags: bit flags that provide capabilities of the slot * Bit Flag Mask Meaning */ #define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001 #define CKF_OS_LOCKING_OK 0x00000002 typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR; /* additional flags for parameters to functions */ /* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */ #define CKF_DONT_BLOCK 1 /* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10. * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message * Generation Function (MGF) applied to a message block when * formatting a message block for the PKCS #1 OAEP encryption * scheme. */ typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE; typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR; /* The following MGFs are defined */ #define CKG_MGF1_SHA1 0x00000001 /* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10. * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source * of the encoding parameter when formatting a message block * for the PKCS #1 OAEP encryption scheme. */ typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE; typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR; /* The following encoding parameter sources are defined */ #define CKZ_DATA_SPECIFIED 0x00000001 /* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10. * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the * CKM_RSA_PKCS_OAEP mechanism. */ typedef struct CK_RSA_PKCS_OAEP_PARAMS { CK_MECHANISM_TYPE hashAlg; CK_RSA_PKCS_MGF_TYPE mgf; CK_RSA_PKCS_OAEP_SOURCE_TYPE source; CK_VOID_PTR pSourceData; CK_ULONG ulSourceDataLen; } CK_RSA_PKCS_OAEP_PARAMS; typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR; /* CK_RSA_PKCS_PSS_PARAMS is new for v2.11. * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the * CKM_RSA_PKCS_PSS mechanism(s). */ typedef struct CK_RSA_PKCS_PSS_PARAMS { CK_MECHANISM_TYPE hashAlg; CK_RSA_PKCS_MGF_TYPE mgf; CK_ULONG sLen; } CK_RSA_PKCS_PSS_PARAMS; typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR; /* CK_EC_KDF_TYPE is new for v2.11. */ typedef CK_ULONG CK_EC_KDF_TYPE; /* The following EC Key Derivation Functions are defined */ #define CKD_NULL 0x00000001 #define CKD_SHA1_KDF 0x00000002 /* CK_ECDH1_DERIVE_PARAMS is new for v2.11. * CK_ECDH1_DERIVE_PARAMS provides the parameters to the * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms, * where each party contributes one key pair. */ typedef struct CK_ECDH1_DERIVE_PARAMS { CK_EC_KDF_TYPE kdf; CK_ULONG ulSharedDataLen; CK_BYTE_PTR pSharedData; CK_ULONG ulPublicDataLen; CK_BYTE_PTR pPublicData; } CK_ECDH1_DERIVE_PARAMS; typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR; /* CK_ECDH2_DERIVE_PARAMS is new for v2.11. * CK_ECDH2_DERIVE_PARAMS provides the parameters to the * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */ typedef struct CK_ECDH2_DERIVE_PARAMS { CK_EC_KDF_TYPE kdf; CK_ULONG ulSharedDataLen; CK_BYTE_PTR pSharedData; CK_ULONG ulPublicDataLen; CK_BYTE_PTR pPublicData; CK_ULONG ulPrivateDataLen; CK_OBJECT_HANDLE hPrivateData; CK_ULONG ulPublicDataLen2; CK_BYTE_PTR pPublicData2; } CK_ECDH2_DERIVE_PARAMS; typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR; /* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */ typedef CK_ULONG CK_X9_42_DH_KDF_TYPE; typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR; /* The following X9.42 DH key derivation functions are defined: */ #define CKD_NULL 0x00000001 #define CKD_SHA1_KDF_ASN1 0x00000003 #define CKD_SHA1_KDF_CONCATENATE 0x00000004 /* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11. * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party * contributes one key pair */ typedef struct CK_X9_42_DH1_DERIVE_PARAMS { CK_X9_42_DH_KDF_TYPE kdf; CK_ULONG ulOtherInfoLen; CK_BYTE_PTR pOtherInfo; CK_ULONG ulPublicDataLen; CK_BYTE_PTR pPublicData; } CK_X9_42_DH1_DERIVE_PARAMS; typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR; /* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11. * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation * mechanisms, where each party contributes two key pairs */ typedef struct CK_X9_42_DH2_DERIVE_PARAMS { CK_X9_42_DH_KDF_TYPE kdf; CK_ULONG ulOtherInfoLen; CK_BYTE_PTR pOtherInfo; CK_ULONG ulPublicDataLen; CK_BYTE_PTR pPublicData; CK_ULONG ulPrivateDataLen; CK_OBJECT_HANDLE hPrivateData; CK_ULONG ulPublicDataLen2; CK_BYTE_PTR pPublicData2; } CK_X9_42_DH2_DERIVE_PARAMS; typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR; /* CK_KEA_DERIVE_PARAMS provides the parameters to the * CKM_KEA_DERIVE mechanism */ /* CK_KEA_DERIVE_PARAMS is new for v2.0 */ typedef struct CK_KEA_DERIVE_PARAMS { CK_BBOOL isSender; CK_ULONG ulRandomLen; CK_BYTE_PTR pRandomA; CK_BYTE_PTR pRandomB; CK_ULONG ulPublicDataLen; CK_BYTE_PTR pPublicData; } CK_KEA_DERIVE_PARAMS; typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR; /* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just * holds the effective keysize */ typedef CK_ULONG CK_RC2_PARAMS; typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR; /* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC * mechanism */ typedef struct CK_RC2_CBC_PARAMS { /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for * v2.0 */ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ CK_BYTE iv[8]; /* IV for CBC mode */ } CK_RC2_CBC_PARAMS; typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR; /* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the * CKM_RC2_MAC_GENERAL mechanism */ /* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */ typedef struct CK_RC2_MAC_GENERAL_PARAMS { CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ CK_ULONG ulMacLength; /* Length of MAC in bytes */ } CK_RC2_MAC_GENERAL_PARAMS; typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR CK_RC2_MAC_GENERAL_PARAMS_PTR; /* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and * CKM_RC5_MAC mechanisms */ /* CK_RC5_PARAMS is new for v2.0 */ typedef struct CK_RC5_PARAMS { CK_ULONG ulWordsize; /* wordsize in bits */ CK_ULONG ulRounds; /* number of rounds */ } CK_RC5_PARAMS; typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR; /* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC * mechanism */ /* CK_RC5_CBC_PARAMS is new for v2.0 */ typedef struct CK_RC5_CBC_PARAMS { CK_ULONG ulWordsize; /* wordsize in bits */ CK_ULONG ulRounds; /* number of rounds */ CK_BYTE_PTR pIv; /* pointer to IV */ CK_ULONG ulIvLen; /* length of IV in bytes */ } CK_RC5_CBC_PARAMS; typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR; /* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the * CKM_RC5_MAC_GENERAL mechanism */ /* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */ typedef struct CK_RC5_MAC_GENERAL_PARAMS { CK_ULONG ulWordsize; /* wordsize in bits */ CK_ULONG ulRounds; /* number of rounds */ CK_ULONG ulMacLength; /* Length of MAC in bytes */ } CK_RC5_MAC_GENERAL_PARAMS; typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR CK_RC5_MAC_GENERAL_PARAMS_PTR; /* CK_MAC_GENERAL_PARAMS provides the parameters to most block * ciphers' MAC_GENERAL mechanisms. Its value is the length of * the MAC */ /* CK_MAC_GENERAL_PARAMS is new for v2.0 */ typedef CK_ULONG CK_MAC_GENERAL_PARAMS; typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR; /* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the * CKM_SKIPJACK_PRIVATE_WRAP mechanism */ /* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */ typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS { CK_ULONG ulPasswordLen; CK_BYTE_PTR pPassword; CK_ULONG ulPublicDataLen; CK_BYTE_PTR pPublicData; CK_ULONG ulPAndGLen; CK_ULONG ulQLen; CK_ULONG ulRandomLen; CK_BYTE_PTR pRandomA; CK_BYTE_PTR pPrimeP; CK_BYTE_PTR pBaseG; CK_BYTE_PTR pSubprimeQ; } CK_SKIPJACK_PRIVATE_WRAP_PARAMS; typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR CK_SKIPJACK_PRIVATE_WRAP_PTR; /* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the * CKM_SKIPJACK_RELAYX mechanism */ /* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */ typedef struct CK_SKIPJACK_RELAYX_PARAMS { CK_ULONG ulOldWrappedXLen; CK_BYTE_PTR pOldWrappedX; CK_ULONG ulOldPasswordLen; CK_BYTE_PTR pOldPassword; CK_ULONG ulOldPublicDataLen; CK_BYTE_PTR pOldPublicData; CK_ULONG ulOldRandomLen; CK_BYTE_PTR pOldRandomA; CK_ULONG ulNewPasswordLen; CK_BYTE_PTR pNewPassword; CK_ULONG ulNewPublicDataLen; CK_BYTE_PTR pNewPublicData; CK_ULONG ulNewRandomLen; CK_BYTE_PTR pNewRandomA; } CK_SKIPJACK_RELAYX_PARAMS; typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR CK_SKIPJACK_RELAYX_PARAMS_PTR; typedef struct CK_PBE_PARAMS { CK_BYTE_PTR pInitVector; CK_UTF8CHAR_PTR pPassword; CK_ULONG ulPasswordLen; CK_BYTE_PTR pSalt; CK_ULONG ulSaltLen; CK_ULONG ulIteration; } CK_PBE_PARAMS; typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR; /* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the * CKM_KEY_WRAP_SET_OAEP mechanism */ /* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */ typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS { CK_BYTE bBC; /* block contents byte */ CK_BYTE_PTR pX; /* extra data */ CK_ULONG ulXLen; /* length of extra data in bytes */ } CK_KEY_WRAP_SET_OAEP_PARAMS; typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR CK_KEY_WRAP_SET_OAEP_PARAMS_PTR; typedef struct CK_SSL3_RANDOM_DATA { CK_BYTE_PTR pClientRandom; CK_ULONG ulClientRandomLen; CK_BYTE_PTR pServerRandom; CK_ULONG ulServerRandomLen; } CK_SSL3_RANDOM_DATA; typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS { CK_SSL3_RANDOM_DATA RandomInfo; CK_VERSION_PTR pVersion; } CK_SSL3_MASTER_KEY_DERIVE_PARAMS; typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR; typedef struct CK_SSL3_KEY_MAT_OUT { CK_OBJECT_HANDLE hClientMacSecret; CK_OBJECT_HANDLE hServerMacSecret; CK_OBJECT_HANDLE hClientKey; CK_OBJECT_HANDLE hServerKey; CK_BYTE_PTR pIVClient; CK_BYTE_PTR pIVServer; } CK_SSL3_KEY_MAT_OUT; typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR; typedef struct CK_SSL3_KEY_MAT_PARAMS { CK_ULONG ulMacSizeInBits; CK_ULONG ulKeySizeInBits; CK_ULONG ulIVSizeInBits; CK_BBOOL bIsExport; CK_SSL3_RANDOM_DATA RandomInfo; CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; } CK_SSL3_KEY_MAT_PARAMS; typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR; typedef struct CK_KEY_DERIVATION_STRING_DATA { CK_BYTE_PTR pData; CK_ULONG ulLen; } CK_KEY_DERIVATION_STRING_DATA; typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR CK_KEY_DERIVATION_STRING_DATA_PTR; /* The CK_EXTRACT_PARAMS is used for the * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit * of the base key should be used as the first bit of the * derived key */ /* CK_EXTRACT_PARAMS is new for v2.0 */ typedef CK_ULONG CK_EXTRACT_PARAMS; typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR; /* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10. * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to * indicate the Pseudo-Random Function (PRF) used to generate * key bits using PKCS #5 PBKDF2. */ typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE; typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR; /* The following PRFs are defined in PKCS #5 v2.0. */ #define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001 /* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10. * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the * source of the salt value when deriving a key using PKCS #5 * PBKDF2. */ typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE; typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR; /* The following salt value sources are defined in PKCS #5 v2.0. */ #define CKZ_SALT_SPECIFIED 0x00000001 /* CK_PKCS5_PBKD2_PARAMS is new for v2.10. * CK_PKCS5_PBKD2_PARAMS is a structure that provides the * parameters to the CKM_PKCS5_PBKD2 mechanism. */ typedef struct CK_PKCS5_PBKD2_PARAMS { CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; CK_VOID_PTR pSaltSourceData; CK_ULONG ulSaltSourceDataLen; CK_ULONG iterations; CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; CK_VOID_PTR pPrfData; CK_ULONG ulPrfDataLen; CK_UTF8CHAR_PTR pPassword; CK_ULONG_PTR ulPasswordLen; } CK_PKCS5_PBKD2_PARAMS; typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR; #endif pam_pkcs11-0.6.9/src/common/rsaref/PKCS11_README0000644000175000017500000000134512074274512021175 0ustar rousseaurousseauDISCLAIMER Regarding the header files in this directory: License to copy and use this software is granted provided that it is identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)" in all material mentioning or referencing the derived work. This software is provided AS IS and RSA Security, Inc. disclaims all warranties including but not limited to the implied warranty of merchantability, fitness for a particular purpose, and noninfringement. pam_pkcs11-0.6.9/src/common/rsaref/pkcs11.h0000644000175000017500000000732112074274512020606 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ #ifndef PKCS11_H #define PKCS11_H #include /* Some UNIX specific macros */ #define CK_PTR * #define CK_DEFINE_FUNCTION(returnType, name) \ returnType name #define CK_DECLARE_FUNCTION(returnType, name) \ returnType name #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ returnType (* name) #define CK_CALLBACK_FUNCTION(returnType, name) \ returnType (* name) #ifndef NULL_PTR #define NULL_PTR 0 #endif /* License to copy and use this software is granted provided that it is * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface * (Cryptoki)" in all material mentioning or referencing this software. * License is also granted to make and use derivative works provided that * such works are identified as "derived from the RSA Security Inc. PKCS #11 * Cryptographic Token Interface (Cryptoki)" in all material mentioning or * referencing the derived work. * RSA Security Inc. makes no representations concerning either the * merchantability of this software or the suitability of this software for * any particular purpose. It is provided "as is" without express or implied * warranty of any kind. */ /* All the various Cryptoki types and #define'd values are in the * file pkcs11t.h. */ #include "pkcs11t.h" #define __PASTE(x,y) x##y /* ============================================================== * Define the "extern" form of all the entry points. * ============================================================== */ #define CK_NEED_ARG_LIST 1 #define CK_PKCS11_FUNCTION_INFO(name) \ extern CK_DECLARE_FUNCTION(CK_RV, name) /* pkcs11f.h has all the information about the Cryptoki * function prototypes. */ #include "pkcs11f.h" #undef CK_NEED_ARG_LIST #undef CK_PKCS11_FUNCTION_INFO /* ============================================================== * Define the typedef form of all the entry points. That is, for * each Cryptoki function C_XXX, define a type CK_C_XXX which is * a pointer to that kind of function. * ============================================================== */ #define CK_NEED_ARG_LIST 1 #define CK_PKCS11_FUNCTION_INFO(name) \ typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name)) /* pkcs11f.h has all the information about the Cryptoki * function prototypes. */ #include "pkcs11f.h" #undef CK_NEED_ARG_LIST #undef CK_PKCS11_FUNCTION_INFO /* ============================================================== * Define structed vector of entry points. A CK_FUNCTION_LIST * contains a CK_VERSION indicating a library's Cryptoki version * and then a whole slew of function pointers to the routines in * the library. This type was declared, but not defined, in * pkcs11t.h. * ============================================================== */ #define CK_PKCS11_FUNCTION_INFO(name) \ __PASTE(CK_,name) name; struct CK_FUNCTION_LIST { CK_VERSION version; /* Cryptoki version */ /* Pile all the function pointers into the CK_FUNCTION_LIST. */ /* pkcs11f.h has all the information about the Cryptoki * function prototypes. */ #include "pkcs11f.h" }; #undef CK_PKCS11_FUNCTION_INFO #undef __PASTE #endif /* PKCS11_H */ pam_pkcs11-0.6.9/src/common/rsaref/Makefile.am0000644000175000017500000000032712074274512021366 0ustar rousseaurousseau# Process this file with automake to create Makefile.in MAINTAINERCLEANFILES = Makefile.in EXTRA_DIST = PKCS11_README #include_HEADERS = pkcs11.h pkcs11f.h pkcs11t.h noinst_HEADERS = pkcs11.h pkcs11f.h pkcs11t.h pam_pkcs11-0.6.9/src/common/secutil.h0000644000175000017500000003370612074274512017700 0ustar rousseaurousseau/* ***** BEGIN LICENSE BLOCK ***** * Version: MPL 1.1/GPL 2.0/LGPL 2.1 * * The contents of this file are subject to the Mozilla Public License Version * 1.1 (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" basis, * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License * for the specific language governing rights and limitations under the * License. * * The Original Code is the Netscape security libraries. * * The Initial Developer of the Original Code is * Netscape Communications Corporation. * Portions created by the Initial Developer are Copyright (C) 1994-2000 * the Initial Developer. All Rights Reserved. * * Contributor(s): * * Alternatively, the contents of this file may be used under the terms of * either the GNU General Public License Version 2 or later (the "GPL"), or * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), * in which case the provisions of the GPL or the LGPL are applicable instead * of those above. If you wish to allow use of your version of this file only * under the terms of either the GPL or the LGPL, and not to allow others to * use your version of this file under the terms of the MPL, indicate your * decision by deleting the provisions above and replace them with the notice * and other provisions required by the GPL or the LGPL. If you do not delete * the provisions above, a recipient may use your version of this file under * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ #ifndef _SEC_UTIL_H_ #define _SEC_UTIL_H_ #include "seccomon.h" #include "secitem.h" #include "prerror.h" #include "base64.h" #include "key.h" #include "secpkcs7.h" #include "secasn1.h" #include "secder.h" #include #define SEC_CT_PRIVATE_KEY "private-key" #define SEC_CT_PUBLIC_KEY "public-key" #define SEC_CT_CERTIFICATE "certificate" #define SEC_CT_CERTIFICATE_REQUEST "certificate-request" #define SEC_CT_PKCS7 "pkcs7" #define SEC_CT_CRL "crl" #define NS_CERTREQ_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----" #define NS_CERTREQ_TRAILER "-----END NEW CERTIFICATE REQUEST-----" #define NS_CERT_HEADER "-----BEGIN CERTIFICATE-----" #define NS_CERT_TRAILER "-----END CERTIFICATE-----" #define NS_CRL_HEADER "-----BEGIN CRL-----" #define NS_CRL_TRAILER "-----END CRL-----" /* From libsec/pcertdb.c --- it's not declared in sec.h */ extern SECStatus SEC_AddPermCertificate(CERTCertDBHandle *handle, SECItem *derCert, char *nickname, CERTCertTrust *trust); #ifdef SECUTIL_NEW typedef int (*SECU_PPFunc)(PRFileDesc *out, SECItem *item, char *msg, int level); #else typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level); #endif typedef struct { enum { PW_NONE = 0, PW_FROMFILE = 1, PW_PLAINTEXT = 2, PW_EXTERNAL = 3 } source; char *data; } secuPWData; /* ** Change a password on a token, or initialize a token with a password ** if it does not already have one. ** Use passwd to send the password in plaintext, pwFile to specify a ** file containing the password, or NULL for both to prompt the user. */ SECStatus SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile); /* These were stolen from the old sec.h... */ /* ** Check a password for legitimacy. Passwords must be at least 8 ** characters long and contain one non-alphabetic. Return DSTrue if the ** password is ok, DSFalse otherwise. */ extern PRBool SEC_CheckPassword(char *password); /* ** Blind check of a password. Complement to SEC_CheckPassword which ** ignores length and content type, just retuning DSTrue is the password ** exists, DSFalse if NULL */ extern PRBool SEC_BlindCheckPassword(char *password); /* ** Get a password. ** First prompt with "msg" on "out", then read the password from "in". ** The password is then checked using "chkpw". */ extern char *SEC_GetPassword(FILE *in, FILE *out, char *msg, PRBool (*chkpw)(char *)); char *SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg); char *SECU_GetPasswordString(void *arg, char *prompt); /* ** Write a dongle password. ** Uses MD5 to hash constant system data (hostname, etc.), and then ** creates RC4 key to encrypt a password "pw" into a file "fd". */ extern SECStatus SEC_WriteDongleFile(int fd, char *pw); /* ** Get a dongle password. ** Uses MD5 to hash constant system data (hostname, etc.), and then ** creates RC4 key to decrypt and return a password from file "fd". */ extern char *SEC_ReadDongleFile(int fd); /* End stolen headers */ /* Just sticks the two strings together with a / if needed */ char *SECU_AppendFilenameToDir(char *dir, char *filename); /* Returns result of getenv("SSL_DIR") or NULL */ extern char *SECU_DefaultSSLDir(void); /* ** Should be called once during initialization to set the default ** directory for looking for cert.db, key.db, and cert-nameidx.db files ** Removes trailing '/' in 'base' ** If 'base' is NULL, defaults to set to .netscape in home directory. */ extern char *SECU_ConfigDirectory(const char* base); /* ** Basic callback function for SSL_GetClientAuthDataHook */ extern int SECU_GetClientAuthData(void *arg, PRFileDesc *fd, struct CERTDistNamesStr *caNames, struct CERTCertificateStr **pRetCert, struct SECKEYPrivateKeyStr **pRetKey); /* print out an error message */ extern void SECU_PrintError(char *progName, char *msg, ...); /* print out a system error message */ extern void SECU_PrintSystemError(char *progName, char *msg, ...); /* Return informative error string */ extern const char * SECU_Strerror(PRErrorCode errNum); /* print information about cert verification failure */ extern void SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle, CERTCertificate *cert, PRBool checksig, SECCertificateUsage certUsage, void *pinArg, PRBool verbose); /* Read the contents of a file into a SECItem */ extern SECStatus SECU_FileToItem(SECItem *dst, PRFileDesc *src); extern SECStatus SECU_TextFileToItem(SECItem *dst, PRFileDesc *src); /* Read in a DER from a file, may be ascii */ extern SECStatus SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii); /* Indent based on "level" */ extern void SECU_Indent(FILE *out, int level); /* Print integer value and hex */ extern void SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level); /* Print ObjectIdentifier symbolically */ extern SECOidTag SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level); /* Print AlgorithmIdentifier symbolically */ extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, int level); /* Print SECItem as hex */ extern void SECU_PrintAsHex(FILE *out, SECItem *i, const char *m, int level); /* dump a buffer in hex and ASCII */ extern void SECU_PrintBuf(FILE *out, const char *msg, const void *vp, int len); /* * Format and print the UTC Time "t". If the tag message "m" is not NULL, * do indent formatting based on "level" and add a newline afterward; * otherwise just print the formatted time string only. */ extern void SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level); /* * Format and print the Generalized Time "t". If the tag message "m" * is not NULL, * do indent formatting based on "level" and add a newline * afterward; otherwise just print the formatted time string only. */ extern void SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m, int level); /* * Format and print the UTC or Generalized Time "t". If the tag message * "m" is not NULL, do indent formatting based on "level" and add a newline * afterward; otherwise just print the formatted time string only. */ extern void SECU_PrintTimeChoice(FILE *out, SECItem *t, char *m, int level); /* callback for listing certs through pkcs11 */ extern SECStatus SECU_PrintCertNickname(CERTCertListNode* cert, void *data); /* Dump all certificate nicknames in a database */ extern SECStatus SECU_PrintCertificateNames(CERTCertDBHandle *handle, PRFileDesc* out, PRBool sortByName, PRBool sortByTrust); /* See if nickname already in database. Return 1 true, 0 false, -1 error */ int SECU_CheckCertNameExists(CERTCertDBHandle *handle, char *nickname); /* Dump contents of cert req */ extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level); /* Dump contents of certificate */ extern int SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level); /* print trust flags on a cert */ extern void SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m, int level); /* Dump contents of public key */ extern int SECU_PrintPublicKey(FILE *out, SECItem *der, char *m, int level); #ifdef HAVE_EPV_TEMPLATE /* Dump contents of private key */ extern int SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level); #endif /* Print the MD5 and SHA1 fingerprints of a cert */ extern int SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, int level); /* Pretty-print any PKCS7 thing */ extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m, int level); /* Init PKCS11 stuff */ extern SECStatus SECU_PKCS11Init(PRBool readOnly); /* Dump contents of signed data */ extern int SECU_PrintSignedData(FILE *out, SECItem *der, char *m, int level, SECU_PPFunc inner); extern int SECU_PrintCrl(FILE *out, SECItem *der, char *m, int level); extern void SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level); extern void SECU_PrintString(FILE *out, SECItem *si, char *m, int level); extern void SECU_PrintAny(FILE *out, SECItem *i, char *m, int level); extern void SECU_PrintPolicy(FILE *out, SECItem *value, char *msg, int level); extern void SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value, char *msg, int level); extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions, char *msg, int level); extern void SECU_PrintName(FILE *out, CERTName *name, char *msg, int level); #ifdef SECU_GetPassword /* Convert a High public Key to a Low public Key */ extern SECKEYLowPublicKey *SECU_ConvHighToLow(SECKEYPublicKey *pubHighKey); #endif extern SECItem *SECU_GetPBEPassword(void *arg); extern char *SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg); extern SECStatus DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw); extern void SEC_Init(void); extern char *SECU_SECModDBName(void); extern void SECU_PrintPRandOSError(char *progName); extern SECStatus SECU_RegisterDynamicOids(void); /* Identifies hash algorithm tag by its string representation. */ extern SECOidTag SECU_StringToSignatureAlgTag(const char *alg); /* Store CRL in output file or pk11 db. Also * encodes with base64 and exports to file if ascii flag is set * and file is not NULL. */ extern SECStatus SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl, PRFileDesc *outFile, int ascii, char *url); /* ** DER sign a single block of data using private key encryption and the ** MD5 hashing algorithm. This routine first computes a digital signature ** using SEC_SignData, then wraps it with an CERTSignedData and then der ** encodes the result. ** "arena" is the memory arena to use to allocate data from ** "sd" returned CERTSignedData ** "result" the final der encoded data (memory is allocated) ** "buf" the input data to sign ** "len" the amount of data to sign ** "pk" the private key to encrypt with */ extern SECStatus SECU_DerSignDataCRL(PRArenaPool *arena, CERTSignedData *sd, unsigned char *buf, int len, SECKEYPrivateKey *pk, SECOidTag algID); typedef enum { noKeyFound = 1, noSignatureMatch = 2, failToEncode = 3, failToSign = 4, noMem = 5 } SignAndEncodeFuncExitStat; extern SECStatus SECU_SignAndEncodeCRL(CERTCertificate *issuer, CERTSignedCrl *signCrl, SECOidTag hashAlgTag, SignAndEncodeFuncExitStat *resCode); extern SECStatus SECU_CopyCRL(PRArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl); /* ** Finds the crl Authority Key Id extension. Returns NULL if no such extension ** was found. */ CERTAuthKeyID * SECU_FindCRLAuthKeyIDExten (PRArenaPool *arena, CERTSignedCrl *crl); /* * Find the issuer of a crl. Cert usage should be checked before signing a crl. */ CERTCertificate * SECU_FindCrlIssuer(CERTCertDBHandle *dbHandle, SECItem* subject, CERTAuthKeyID* id, PRTime validTime); /* call back function used in encoding of an extension. Called from * SECU_EncodeAndAddExtensionValue */ typedef SECStatus (* EXTEN_EXT_VALUE_ENCODER) (PRArenaPool *extHandleArena, void *value, SECItem *encodedValue); /* Encodes and adds extensions to the CRL or CRL entries. */ SECStatus SECU_EncodeAndAddExtensionValue(PRArenaPool *arena, void *extHandle, void *value, PRBool criticality, int extenType, EXTEN_EXT_VALUE_ENCODER EncodeValueFn); /* * * Utilities for parsing security tools command lines * */ /* A single command flag */ typedef struct { char flag; PRBool needsArg; char *arg; PRBool activated; } secuCommandFlag; /* A full array of command/option flags */ typedef struct { int numCommands; int numOptions; secuCommandFlag *commands; secuCommandFlag *options; } secuCommand; /* fill the "arg" and "activated" fields for each flag */ SECStatus SECU_ParseCommandLine(int argc, char **argv, char *progName, secuCommand *cmd); char * SECU_GetOptionArg(secuCommand *cmd, int optionNum); /* * * Error messaging * */ /* Return informative error string */ char *SECU_ErrorString(int16 err); /* Return informative error string. Does not call XP_GetString */ char *SECU_ErrorStringRaw(int16 err); void printflags(char *trusts, unsigned int flags); #ifndef XP_UNIX extern int ffs(unsigned int i); #endif #include "secerr.h" #include "sslerr.h" #endif /* _SEC_UTIL_H_ */ pam_pkcs11-0.6.9/src/common/strndup.c0000644000175000017500000000105012074274512017705 0ustar rousseaurousseau/* strndup.c * */ /* Written by Niels Möller * modified by Ludovic Rousseau * * This file is hereby placed in the public domain. */ #ifdef HAVE_CONFIG_H #include #endif #include #include #ifndef HAVE_STRNDUP char * strndup (const char *s, size_t size) { char *r; char *end = memchr(s, 0, size); if (NULL == end) return NULL; /* Length */ size = end - s; r = malloc(size+1); if (r) { memcpy(r, s, size); r[size] = '\0'; } return r; } #endif pam_pkcs11-0.6.9/src/common/base64.c0000644000175000017500000000767312772726422017322 0ustar rousseaurousseau/* * base64.c: Base64 converting functions * * Copyright (C) 2001, 2002 Juha Yrjölä * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #define __BASE64_C_ #include #include #include #include #include "debug.h" #include "error.h" #include "base64.h" static const unsigned char codes[66] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; static const unsigned char bin_table[128] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xE0, 0xD0, 0xFF, 0xFF, 0xD0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0xC0, 0xFF, 0xFF, 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, }; static int from_base64(const char *in, unsigned int *out, int *skip) { unsigned int res = 0, c, s = 18; const char *in0 = in; for (c = 0; c < 4; c++, in++) { unsigned char b; int k = *in; if (k < 0) return -1; if (k == 0 && c == 0) return 0; b = bin_table[k]; if (b == 0xC0) /* '=' */ break; switch (b) { case 0xD0: /* '\n' or '\r' */ c--; continue; } if (b > 0x3f) return -1; res |= b << s; s -= 6; } *skip = in - in0; *out = res; return c * 6 / 8; } int base64_encode(const unsigned char *in, size_t len, unsigned char *out, size_t *outlen) { size_t i, len2, leven; unsigned char *p; if (!in) return -1; if (!out) return -1; if (!outlen) return -1; /* valid output size ? */ len2 = 4 * ((len + 2) / 3); if (*outlen < len2 + 1) { DBG3("Not enough space '%zd' to process '%zd': needed '%zd' bytes",*outlen,len,len2+1); return -1; } p = out; leven = 3*(len / 3); for (i = 0; i < leven; i += 3) { *p++ = codes[(in[0] >> 2) & 0x3F]; *p++ = codes[(((in[0] & 3) << 4) + (in[1] >> 4)) & 0x3F]; *p++ = codes[(((in[1] & 0xf) << 2) + (in[2] >> 6)) & 0x3F]; *p++ = codes[in[2] & 0x3F]; in += 3; } /* Pad it if necessary... */ if (i < len) { unsigned a = in[0]; unsigned b = (i+1 < len) ? in[1] : 0; *p++ = codes[(a >> 2) & 0x3F]; *p++ = codes[(((a & 3) << 4) + (b >> 4)) & 0x3F]; *p++ = (i+1 < len) ? codes[(((b & 0xf) << 2)) & 0x3F] : '='; *p++ = '='; } /* append a NULL byte */ *p = '\0'; /* return ok */ *outlen = p - out; return 0; } int base64_decode(const char *in, unsigned char *out, size_t outlen) { int len = 0, r, skip; unsigned int i; while ((r = from_base64(in, &i, &skip)) > 0) { int finished = 0, s = 16; if (r < 3) finished = 1; while (r--) { if (outlen <= 0) return -1; *out++ = i >> s; s -= 8; outlen--; len++; } in += skip; if (finished || *in == 0) return len; } if (r == 0) return len; return -1; } #undef __BASE64_C_ /* end of file */ pam_pkcs11-0.6.9/src/common/base64.h0000644000175000017500000000304112074274512017301 0ustar rousseaurousseau/* * BASE64 Encoding funtions * Copyright (C) 2001, 2002 Juha Yrj\uffffl\uffff * Copyright (C) 2003-2004 Mario Strasser * Copyright (C) 2005 Juan Antonio Martinez * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ #ifndef __BASE64_H_ #define __BASE64_H_ #ifndef __BASE64_C_ #define BASE64_EXTERN extern #else #define BASE64_EXTERN #endif /** * Encode byte array into a base64 string *@param in Pointer to byte array *@param len lenght of input data *@param out Pointer to preallocated buffer space *@param outlen Size of buffer *@return 0 on sucess, -1 on error */ BASE64_EXTERN int base64_encode(const unsigned char *in, size_t len, unsigned char *out, size_t *outlen); /** * Decode a base64 string into a byte array *@param in Input string data *@param out Pointer to pre-allocated buffer space *@param outlen Size of buffer *@return Length of converted byte array, or -1 on error */ BASE64_EXTERN int base64_decode(const char *in, unsigned char *out, size_t outlen); #undef BASE64_EXTERN #endif /* __BASE64_H_ */ pam_pkcs11-0.6.9/src/common/debug.c0000644000175000017500000000314712074274512017305 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ #include "debug.h" #include #include #include #include /* current debug level */ static int debug_level = 0; void set_debug_level(int level) { debug_level = level; } int get_debug_level(void) { return debug_level; } void debug_print(int level, const char *file, int line, const char *format, ...) { va_list ap; if (debug_level >= level) { /* is stdout is a tty */ if (isatty(1)) { const char *t = "\033[34mDEBUG"; /* blue */ if (-1 == level) t = "\033[31mERROR"; /* red */ /* print preamble */ printf("%s:%s:%d: ", t, file, line); /* print message */ va_start(ap, format); vprintf(format, ap); va_end(ap); /* print postamble */ printf("\033[0m\n"); } else { /* else we use syslog(3) */ char buf[100]; /* print message */ va_start(ap, format); vsnprintf(buf, sizeof(buf), format, ap); va_end(ap); syslog(LOG_INFO, "%s", buf); } } } pam_pkcs11-0.6.9/src/common/pam-pkcs11-ossl-compat.h0000644000175000017500000002062112772700002022325 0ustar rousseaurousseau/* * sc-ossl-compat.h: OpenSC ecompatability for older OpenSSL versions * * Copyright (C) 2016 Douglas E. Engert * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #ifndef _PAM_PKCS11_OSSL_COMPAT_H #define _PAM_PKCS11_OSSL_COMPAT_H #ifdef __cplusplus extern "C" { #endif #include #include /* * Provide backward compatability to older versions of OpenSSL * while using most of OpenSSL 1.1 API */ /* * EVP_CIPHER_CTX functions: * EVP_CIPHER_CTX_new not in 0.9.7 * EVP_CIPHER_CTX_free not in 0.9.7 * EVP_CIPHER_CTX_init in 0.9.7 to 1.0.2. defined in 1.1 as EVP_CIPHER_CTX_reset * EVP_CIPHER_CTX_cleanup in 0.9.7 to 1.0.2, defined in 1.1 as EVP_CIPHER_CTX_reset * EVP_CIPHER_CTX_reset only in 1.1 * * EVP_CIPHER_CTX_new does a EVP_CIPHER_CTX_init * EVP_CIPHER_CTX_free does a EVP_CIPHER_CTX_cleanup * EVP_CIPHER_CTX_cleanup does equivelent of a EVP_CIPHER_CTX_init * Use EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free, and EVP_CIPHER_CTX_cleanup between operations */ #if OPENSSL_VERSION_NUMBER <= 0x009070dfL /* in 0.9.7 EVP_CIPHER_CTX was always allocated inline or in other structures */ #define EVP_CIPHER_CTX_new() ({ \ EVP_CIPHER_CTX * tmp = NULL; \ tmp = OPENSSL_malloc(sizeof(struct evp_cipher_ctx_st)); \ if (tmp) { \ EVP_CIPHER_CTX_init(tmp); \ } \ tmp; \ }) #define EVP_CIPHER_CTX_free(x) ({ \ if (x) { \ EVP_CIPHER_CTX_cleanup(x); \ OPENSSL_free(x); \ } \ }) #endif /* OPENSSL_VERSION_NUMBER =< 0x00907000L */ /* * 1.1 renames RSA_PKCS1_SSLeay to RSA_PKCS1_OpenSSL * use RSA_PKCS1_OpenSSL * Previous versions are missing a number of functions to access * some hidden structures. Define them here: */ /* EVP_PKEY_base_id introduced in 1.0.1 */ #if OPENSSL_VERSION_NUMBER < 0x10001000L #define EVP_PKEY_base_id(x) (x->type) #endif #if OPENSSL_VERSION_NUMBER < 0x10100000L #define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay #define OPENSSL_malloc_init CRYPTO_malloc_init #define EVP_PKEY_get0_RSA(x) (x->pkey.rsa) #define EVP_PKEY_get0_DSA(x) (x->pkey.dsa) #define X509_get_extension_flags(x) (x->ex_flags) #define X509_get_key_usage(x) (x->ex_kusage) #define X509_get_extended_key_usage(x) (x->ex_xkusage) #define EVP_MD_CTX_new EVP_MD_CTX_create #define EVP_MD_CTX_free EVP_MD_CTX_destroy #define EVP_PKEY_up_ref(user_key) CRYPTO_add(&user_key->references, 1, CRYPTO_LOCK_EVP_PKEY) #define X509_up_ref(cert) CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509) #define X509_get0_tbs_sigalg(x) (x->cert_info->key->algor) #define X509_OBJECT_get0_X509(x) (x->data.x509) #define X509_OBJECT_get0_X509_CRL(x) (x->data.crl) #define X509_OBJECT_free(x) ({ \ if (x) { \ X509_OBJECT_free_contents(x); \ OPENSSL_free(x); \ } \ }) #endif /* * OpenSSL-1.1.0-pre5 has hidden the RSA and DSA structures * One can no longer use statements like rsa->n = ... * Macros and defines don't work on all systems, so use inline versions * If that is not good enough, vsersions could be added to libopensc */ #if OPENSSL_VERSION_NUMBER < 0x10100000L /* based on OpenSSL-1.1.0 e_os2.h */ /* pam_pkcs11_ossl_inline: portable inline definition usable in public headers */ # if !defined(inline) && !defined(__cplusplus) # if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L /* just use inline */ # define pam_pkcs11_ossl_inline inline # elif defined(__GNUC__) && __GNUC__>=2 # define pam_pkcs11_ossl_inline __inline__ # elif defined(_MSC_VER) # define pam_pkcs11_ossl_inline __inline # else # define pam_pkcs11_ossl_inline # endif # else # define pam_pkcs11_ossl_inline inline # endif #endif #if OPENSSL_VERSION_NUMBER < 0x10100000L #define RSA_bits(R) (BN_num_bits(R->n)) #include #ifndef OPENSSL_NO_RSA #include #endif #ifndef OPENSSL_NO_DSA #include #endif #if 1 #ifndef OPENSSL_NO_RSA static pam_pkcs11_ossl_inline int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { /* d is the private component and may be NULL */ if (n == NULL || e == NULL) return 0; BN_free(r->n); BN_free(r->e); BN_free(r->d); r->n = n; r->e = e; r->d = d; return 1; } static pam_pkcs11_ossl_inline int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) { if (p == NULL || q == NULL) return 0; BN_free(r->p); BN_free(r->q); r->p = p; r->q = q; return 1; } static pam_pkcs11_ossl_inline int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) { if (dmp1 == NULL || dmq1 == NULL || iqmp == NULL) return 0; BN_free(r->dmp1); BN_free(r->dmq1); BN_free(r->iqmp); r->dmp1 = dmp1; r->dmq1 = dmq1; r->iqmp = iqmp; return 1; } static pam_pkcs11_ossl_inline void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) { if (n != NULL) *n = r->n; if (e != NULL) *e = r->e; if (d != NULL) *d = r->d; } static pam_pkcs11_ossl_inline void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) { if (p != NULL) *p = r->p; if (q != NULL) *q = r->q; } static pam_pkcs11_ossl_inline void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp) { if (dmp1 != NULL) *dmp1 = r->dmp1; if (dmq1 != NULL) *dmq1 = r->dmq1; if (iqmp != NULL) *iqmp = r->iqmp; } #endif /* OPENSSL_NO_RSA */ #ifndef OPENSSL_NO_DSA static pam_pkcs11_ossl_inline void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) { if (p != NULL) *p = d->p; if (q != NULL) *q = d->q; if (g != NULL) *g = d->g; } static pam_pkcs11_ossl_inline void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) { if (pub_key != NULL) *pub_key = d->pub_key; if (priv_key != NULL) *priv_key = d->priv_key; } /* NOTE: DSA_set0_* functions not defined because they are not currently used in OpenSC */ #endif /* OPENSSL_NO_DSA */ #else /* if we used macros */ #define RSA_set0_key(R, N, E, D) \ ({ \ int ret = 0; \ if (!(N) || !(E)) { \ ret = 0; \ } else { \ BN_free(R->n); \ BN_free(R->e); \ BN_free(R->d); \ R->n = (N); \ R->e = (E); \ R->d = (D); \ ret = 1; \ } \ ret; \ }) #define RSA_set0_factors(R, P, Q) \ ({ \ int ret= 0; \ if (!P || !Q) { \ ret = 0; \ } else { \ BN_free(R->p); \ BN_free(R->q); \ R->p = P; \ R->q = Q; \ ret = 1; \ } \ ret; \ }) #define RSA_set0_crt_params(R, DMP1, DMQ1, IQMP) \ ({ \ int ret = 0; \ if (!DMP1 || !DMQ1 || !IQMP) { \ ret = 0; \ } else { \ BN_free(R->dmp1); \ BN_free(R->dmq1); \ BN_free(R->iqmp); \ R->dmp1 = DMP1; \ R->dmq1 = DMQ1; \ R->iqmp = IQMP; \ ret = 1; \ } \ ret; \ }) #define RSA_get0_key(R, N, E, D) { \ BIGNUM **n = N; \ BIGNUM **e = E; \ BIGNUM **d = D; \ if (n) *(n) = R->n; \ if (e) *(e) = R->e; \ if (d) *(d) = R->d; \ } #define RSA_get0_factors(R, P, Q) {\ BIGNUM **p = P; \ BIGNUM **q = Q; \ if (p) *(p) = R->p; \ if (q) *(q) = R->q; \ } #define RSA_get0_crt_params(R, DMP1, DMQ1, IQMP) { \ BIGNUM **dmp1 = DMP1; \ BIGNUM **dmq1 = DMQ1; \ BIGNUM **iqmp = IQMP; \ if (dmp1) *(dmp1) = R->dmp1; \ if (dmq1) *(dmq1) = R->dmq1; \ if (iqmp) *(iqmp) = R->iqmp; \ } #define DSA_get0_key(D, PUB, PRIV) { \ BIGNUM **pub = PUB; \ BIGNUM **priv = PRIV; \ if (pub) *(pub) = D->pub_key; \ if (priv) *(priv) = D->priv_key; \ } #define DSA_get0_pqg(D, P, Q, G) { \ BIGNUM **p = P; \ BIGNUM **q = Q; \ BIGNUM **g = G; \ if (p) *(p) = D->p; \ if (q) *(q) = D->q; \ if (g) *(g) = D->g; \ } /* NOTE: DSA_set0_* functions not defined because they are not used in OpenSC */ #endif /* 0 */ #endif #ifdef __cplusplus } #endif #endif pam_pkcs11-0.6.9/src/common/cert_vfy.h0000644000175000017500000000421612074274512020043 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ /** \file Several routines to:
  • Verify certificate
  • Check for revocation list
  • Verify signature
*/ #ifndef __CERT_VFY_H_ #define __CERT_VFY_H_ #include "cert_st.h" typedef enum { /** Do not perform any CRL verification */ CRLP_NONE, /** Retrieve CRL from CA site */ CRLP_ONLINE, /** Retrieve CRL from local filesystem */ CRLP_OFFLINE, /** Try CRL check online, else ofline, else fail */ CRLP_AUTO } crl_policy_t; typedef enum { OCSP_NONE, OCSP_ON } ocsp_policy_t; struct cert_policy_st { int ca_policy; int crl_policy; int signature_policy; const char *ca_dir; const char *crl_dir; const char *nss_dir; int ocsp_policy; }; #ifndef __CERT_VFY_C #define CERTVFY_EXTERN extern #else #define CERTVFY_EXTERN #endif /** * Verify provided certificate, and if needed, CRL *@param x509 Certificate to check *@param policy CRL verify policy *@return 1 on cert vfy sucess, 0 on fail, -1 on process error */ CERTVFY_EXTERN int verify_certificate(X509 * x509, cert_policy *policy); /** * Verify signature of provided data *@param x509 Certificate to be used *@param data Byte array of data to check *@param data_length Lenght of provided byte array *@param signature Byte array of signature to check *@param signature_length Length of signature byte array *@return 1 on signature vfy sucess, 0 on vfy fail, -1 on process error */ CERTVFY_EXTERN int verify_signature(X509 * x509, unsigned char *data, int data_length, unsigned char *signature, int signature_length); #undef CERTVFY_EXTERN #endif /* __CERT_VFY_H_ */ pam_pkcs11-0.6.9/src/common/debug.h0000644000175000017500000000602612601774642017316 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ /** *@brief * This module contains macros for generate debugging messages * Will be compiled an linked only when -DDEBUG CFLAG is used */ #ifndef __DEBUG_H_ #define __DEBUG_H_ #ifdef HAVE_CONFIG_H #include #endif #ifndef DEBUG #warning "Debugging is completely disabled!" #define DBG #define DBG1 #define DBG2 #define DBG3 #define DBG4 #define DBG5 #define ERR #define ERR1 #define ERR2 #define ERR3 #define ERR4 #define ERR5 #else /* #define DBG(f, ...) debug_print(1, __FILE__, __LINE__, f, ## __VA_ARGS__) */ /* this syntax is redundant in GCC, just used to avoid warns in -pedantic */ #define DBG(f) debug_print(1, __FILE__, __LINE__, f ) #define DBG1(f,a) debug_print(1, __FILE__, __LINE__, f , a ) #define DBG2(f,a,b) debug_print(1, __FILE__, __LINE__, f , a , b ) #define DBG3(f,a,b,c) debug_print(1, __FILE__, __LINE__, f , a , b , c ) #define DBG4(f,a,b,c,d) debug_print(1, __FILE__, __LINE__, f , a , b , c , d ) #define DBG5(f,a,b,c,d,e) debug_print(1, __FILE__, __LINE__, f , a , b , c , d , e ) #define ERR(f) debug_print(-1, __FILE__, __LINE__, f ) #define ERR1(f,a) debug_print(-1, __FILE__, __LINE__, f , a ) #define ERR2(f,a,b) debug_print(-1, __FILE__, __LINE__, f , a , b ) #define ERR3(f,a,b,c) debug_print(-1, __FILE__, __LINE__, f , a , b , c ) #define ERR4(f,a,b,c,d) debug_print(-1, __FILE__, __LINE__, f , a , b , c , d ) #define ERR5(f,a,b,c,d,e) debug_print(-1, __FILE__, __LINE__, f , a , b , c , d , e ) #ifndef __DEBUG_C_ #define DEBUG_EXTERN extern #else #define DEBUG_EXTERN #endif /** * set_debug_level() Sets the current debug level. *@param level New debug level */ DEBUG_EXTERN void set_debug_level(int level); /** * get_debug_level() Returns the current debug level. *@return Current debug level */ DEBUG_EXTERN int get_debug_level(void); /** * debug_print() prints the given message * if the current debug-level * is greater or equal to the defined level. The format string as well as all * further arguments are interpreted as by the printf() function. *@param level Debug level of message *@param file Name of the file where message is generated *@param line Line number where message is generated *@param format Message format *@param .... Optional arguments */ DEBUG_EXTERN void debug_print(int level, const char *file, int line, const char *format, ...) #if defined __GNUC__ __attribute__((format(printf, 4, 5))) #endif ; #undef DEBUG_EXTERN #endif /* DEBUG */ #endif /* __DEBUG_H_ */ pam_pkcs11-0.6.9/src/common/strings.c0000644000175000017500000001255312074274512017711 0ustar rousseaurousseau/* * PAM-PKCS11 strings tools * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #ifndef __STRINGS_C_ #define __STRINGS_C_ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include #include "strings.h" /* check for null or blank string */ int is_empty_str(const char *str) { const char *pt; if (!str) return 1; for (pt=str; *pt;pt++) if (!isspace(*pt)) return 0; /* arriving here means no non-blank char found */ return 1; } /* returns a clone of provided string */ char *clone_str(const char *str) { size_t len= strlen(str); char *dst= malloc(1+len); if (!dst) return NULL; strncpy(dst,str,len); *(dst+len)='\0'; return dst; } /* returns a uppercased clone of provided string */ char *toupper_str(const char *str) { const char *from; char *to; char *dst= malloc(1+strlen(str)); if(!dst) return (char *) str; /* should I advise?? */ for (from=str,to=dst;*from; from++,to++) *to=toupper(*from); *to='\0'; return dst; } /* returns a lowercased clone of provided string */ char *tolower_str(const char *str) { const char *from; char *to; char *dst= malloc(1+strlen(str)); if(!dst) return (char *)str /* should I advise?? */; for (from=str,to=dst;*from; from++,to++) *to=tolower(*from); *to='\0'; return dst; } /* print a binary array in xx:xx:.... format */ char *bin2hex(const unsigned char *binstr,const int len) { int i; char *pt; char *res= malloc(1+3*len); if (!res) return NULL; if (len == 0) { *res = 0; return res; } for(i=0,pt=res;i, * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ /** \file This module contains several functions to retrieve data from an URL Some examples of valid URL's:
  • file:///home/mario/projects/pkcs11_login/tests/ca_crl_0.pem
  • ftp://ftp.rediris.es/certs/rediris_cacert.pem
  • http://www-t.zhwin.ch/ca/root_ca.crl
  • ldap://directory.verisign.com:389/CN=VeriSign IECA, OU=IECA-3, OU=Contractor, OU=PKI, OU=DOD, O=U.S. Government, C=US?certificateRevocationList;binary
*/ #ifndef __URI_H_ #define __URI_H_ #ifdef HAVE_CONFIG_H #include #endif #include #ifndef __URI_C_ #define URI_EXTERN extern #else #define URI_EXTERN #endif URI_EXTERN int is_uri(const char *path); URI_EXTERN int is_file(const char *path); URI_EXTERN int is_dir(const char *path); URI_EXTERN int is_symlink(const char *path); /** * Downloads data from a given URI *@param uri_str URL string where to retrieve data *@param data Pointer to a String buffer where data is retrieved *@param length Length of retrieved data *@return -1 on error, 0 on sucess */ URI_EXTERN int get_from_uri(const char *uri_str, unsigned char **data, size_t *length); #undef URI_EXTERN #endif /* __URI_H_ */ pam_pkcs11-0.6.9/src/common/cert_st.h0000644000175000017500000000227312772700002017657 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003-2004 Mario Strasser * Copyright (C) 2005 Juan Antonio Martinez * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ #ifndef _CERT_ST_H #define _CERT_ST_H #ifdef HAVE_CONFIG_H #include #endif typedef struct cert_policy_st cert_policy; #ifdef HAVE_NSS #include #include typedef SECOidTag ALGORITHM_TYPE; #define ALGORITHM_NULL SEC_OID_UNKNOWN /* we really should make a neutral define for this */ #define X509 CERTCertificate #else #include "../common/pam-pkcs11-ossl-compat.h" #include typedef const char *ALGORITHM_TYPE; #define ALGORITHM_NULL NULL #endif #endif /* _CERT_ST_H */ pam_pkcs11-0.6.9/src/common/pkcs11_lib.c0000644000175000017500000013524012772726447020165 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ #define __PKCS11_LIB_C__ /* * common includes */ #include #include #include #include #include #include #include #include #include "debug.h" #include "error.h" #include "cert_info.h" #include "pkcs11_lib.h" /* * this functions is completely common between both implementation. */ int pkcs11_pass_login(pkcs11_handle_t *h, int nullok) { int rv; char *pin; /* get password */ pin =getpass("PIN for token: "); #ifdef DEBUG_SHOW_PASSWORD DBG1("PIN = [%s]", pin); #endif if (NULL == pin) { set_error("Error encountered while reading PIN"); return -1; } /* for safety reasons, clean PIN string from memory asap */ /* check password length */ if (!nullok && strlen(pin) == 0) { set_error("Empty passwords not allowed"); return -1; } /* perform pkcs #11 login */ rv = pkcs11_login(h, pin); memset(pin, 0, strlen(pin)); if (rv != 0) { set_error("pkcs11_login() failed: %s", get_error()); return -1; } return 0; } /* * memcmp_pad_max() is a specialized version of memcmp() which compares two * pieces of data up to a maximum length. If the two data match up the * maximum length, they are considered matching. Trailing blanks do not cause * the match to fail if one of the data is shorted. * * Examples of matches: * "one" | * "one " | * ^maximum length * * "Number One | X" (X is beyond maximum length) * "Number One " | * ^maximum length * * Examples of mismatches: * " one" * "one" * * "Number One X|" * "Number One |" * ^maximum length */ static int memcmp_pad_max(void *d1, size_t d1_len, void *d2, size_t d2_len, size_t max_sz) { size_t len, extra_len; char *marker; /* No point in comparing anything beyond max_sz */ if (d1_len > max_sz) d1_len = max_sz; if (d2_len > max_sz) d2_len = max_sz; /* Find shorter of the two data. */ if (d1_len <= d2_len) { len = d1_len; extra_len = d2_len; marker = d2; } else { /* d1_len > d2_len */ len = d2_len; extra_len = d1_len; marker = d1; } /* Have a match in the shortest length of data? */ if (memcmp(d1, d2, len) != 0) /* CONSTCOND */ return (1); /* If the rest of longer data is nulls or blanks, call it a match. */ while (len < extra_len && marker[len]) if (!isspace(marker[len++])) /* CONSTCOND */ return (1); return (0); } #ifdef HAVE_NSS /* * Using NSS to find the manage the PKCS #11 modules */ #include "nss.h" #include "nspr.h" #include "cert.h" #include "secmod.h" #include "secutil.h" #include "pk11pub.h" #include "cert_st.h" #include "secutil.h" #include "cryptohi.h" #include "ocsp.h" #include #include #include "syslog.h" #include "cert_vfy.h" #ifndef PAM_PKCS11_POLL_TIME #define PAM_PKCS11_POLL_TIME 500 /* ms */ #endif struct pkcs11_handle_str { SECMODModule *module; PRBool is_user_module; PK11SlotInfo *slot; cert_object_t **certs; int cert_count; }; static int app_has_NSS = 0; static char * password_passthrough(PK11SlotInfo *slot, PRBool retry, void *arg) { /* give up if 1) no password was supplied, or 2) the password has already * been rejected once by this token. */ if (retry || (arg == NULL)) { return NULL; } return PL_strdup((char *)arg); } int crypto_init(cert_policy *policy) { SECStatus rv; DBG("Initializing NSS ..."); if (NSS_IsInitialized()) { app_has_NSS = 1; /* we should save the app's password function */ PK11_SetPasswordFunc(password_passthrough); DBG("... NSS is initialized"); return 0; } if (policy->nss_dir) { /* initialize with read only databases */ DBG1("Initializing NSS ... database=%s", policy->nss_dir); rv = NSS_Init(policy->nss_dir); } else { /* not database secified */ DBG("Initializing NSS ... with no db"); rv = NSS_NoDB_Init(NULL); } if (rv != SECSuccess) { DBG1("NSS_Initialize failed: %s", SECU_Strerror(PR_GetError())); return -1; } /* register a callback */ PK11_SetPasswordFunc(password_passthrough); if (policy->ocsp_policy == OCSP_ON) { CERT_EnableOCSPChecking(CERT_GetDefaultCertDB()); } DBG("... NSS Complete"); return 0; } static SECMODModule *find_module_by_library(char *pkcs11_module) { SECMODModule *module = NULL; SECMODModuleList *modList = SECMOD_GetDefaultModuleList(); /* threaded applications should also acquire the * DefaultModuleListLock */ DBG("Looking up module in list"); for ( ; modList; modList = modList->next) { char *dllName = modList->module->dllName; DBG2("modList = 0x%x next = 0x%x\n", modList, modList->next); DBG1("dllName= %s \n", dllName ? dllName : ""); if (dllName && strcmp(dllName,pkcs11_module) == 0) { module = SECMOD_ReferenceModule(modList->module); break; } } return module; } /* * NSS allows you to load a specific module. If the user specified a module * to load, load it, otherwize select on of the standard modules from the * secmod.db list. */ int load_pkcs11_module(const char *pkcs11_module, pkcs11_handle_t **hp) { pkcs11_handle_t *h = (pkcs11_handle_t *)calloc(sizeof(pkcs11_handle_t),1); SECMODModule *module = NULL; #define SPEC_TEMPLATE "library=\"%s\" name=\"SmartCard\"" char *moduleSpec = NULL; if (!pkcs11_module || (strcasecmp(pkcs11_module,"any module") == 0)) { h->is_user_module = PR_FALSE; h->module = NULL; *hp = h; return 0; } /* found it, use the existing module */ module = find_module_by_library(pkcs11_module); if (module) { h->is_user_module = PR_FALSE; h->module = module; *hp = h; return 0; } /* specified module is not already loaded, load it now */ moduleSpec = malloc(sizeof(SPEC_TEMPLATE) + strlen(pkcs11_module)); if (!moduleSpec) { DBG1("Malloc failed when allocating module spec", strerror(errno)); free (h); return -1; } sprintf(moduleSpec,SPEC_TEMPLATE, pkcs11_module); DBG2("loading Module explictly, moduleSpec=<%s> module=%s", moduleSpec, pkcs11_module); module = SECMOD_LoadUserModule(moduleSpec, NULL, 0); free(moduleSpec); if ((!module) || !module->loaded) { DBG1("Failed to load SmartCard software %s", SECU_Strerror(PR_GetError())); free (h); if (module) { SECMOD_DestroyModule(module); } return -1; } h->is_user_module = PR_TRUE; h->module = module; *hp = h; DBG("load module complete"); return 0; } int init_pkcs11_module(pkcs11_handle_t *h, int flag) { return 0; /* NSS initialized the module on load */ } int find_slot_by_number(pkcs11_handle_t *h, unsigned int slot_num, unsigned int *slotID) { SECMODModule *module = h->module; int i; /* if module is null, * any of the PKCS #11 modules specified in the system config * is available, find one */ if (module == NULL) { PK11SlotList *list; PK11SlotListElement *le; PK11SlotInfo *slot = NULL; /* find a slot, we haven't specifically selected a module, * so find an appropriate one. */ /* get them all */ list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, NULL); if (list == NULL) { return -1; } for (le = list->head; le; le = le->next) { CK_SLOT_INFO slInfo; SECStatus rv; slInfo.flags = 0; rv = PK11_GetSlotInfo(le->slot, &slInfo); if (rv == SECSuccess && (slInfo.flags & CKF_REMOVABLE_DEVICE)) { slot = PK11_ReferenceSlot(le->slot); module = SECMOD_ReferenceModule(PK11_GetModule(le->slot)); break; } } PK11_FreeSlotList(list); if (slot == NULL) { return -1; } h->slot = slot; h->module = module; *slotID = PK11_GetSlotID(slot); return 0; } /* * we're configured with a specific module, look for a present slot * on that module. */ if (slot_num == 0) { /* threaded applications should also acquire the * DefaultModuleListLock */ for (i=0; i < module->slotCount; i++) { if (module->slots[i] && PK11_IsPresent(module->slots[i])) { h->slot = PK11_ReferenceSlot(module->slots[i]); *slotID = PK11_GetSlotID(h->slot); return 0; } } } /* we're configured for a specific module and token, see if it's present */ slot_num--; if (slot_num < module->slotCount && module->slots && module->slots[slot_num] && PK11_IsPresent(module->slots[slot_num])) { h->slot = PK11_ReferenceSlot(module->slots[slot_num]); *slotID = PK11_GetSlotID(h->slot); return 0; } return -1; } /* * find a slot by it's slot number or label. If slot number is '0' any * slot is ok. */ int find_slot_by_number_and_label(pkcs11_handle_t *h, int wanted_slot_id, const char *wanted_token_label, unsigned int *slot_num) { int rv; const char *token_label = NULL; PK11SlotInfo *slot = NULL; /* we want a specific slot id, or we don't kare about the label */ if ((wanted_token_label == NULL) || (wanted_slot_id != 0)) { rv = find_slot_by_number(h, wanted_slot_id, slot_num); /* if we don't care about the label, or we failed, we're done */ if ((wanted_token_label == NULL) || (rv != 0)) { return rv; } /* verify it's the label we want */ token_label = PK11_GetTokenName(h->slot); if ((token_label != NULL) && (strcmp (wanted_token_label, token_label) == 0)) { return 0; } return -1; } /* we want a specific slot by label only */ slot = PK11_FindSlotByName(wanted_token_label); if (!slot) { return -1; } /* make sure it's in the right module */ if (h->module) { if (h->module != PK11_GetModule(slot)) { PK11_FreeSlot(slot); return -1; } } else { /* no module was specified, use the one slot came in */ h->module = SECMOD_ReferenceModule(PK11_GetModule(slot)); } h->slot = slot; /* Adopt the reference */ *slot_num = PK11_GetSlotID(h->slot); return 0; } int wait_for_token(pkcs11_handle_t *h, int wanted_slot_id, const char *wanted_token_label, unsigned int *slot_num) { int rv; rv = -1; do { /* see if the card we're looking for is inserted */ rv = find_slot_by_number_and_label (h, wanted_slot_id, wanted_token_label, slot_num); if (rv != 0) { PK11SlotInfo *slot; PRIntervalTime slot_poll_interval; /* only for legacy hardware */ /* if the card is not inserted, then block until something happens */ slot_poll_interval = PR_MillisecondsToInterval(PAM_PKCS11_POLL_TIME); slot = SECMOD_WaitForAnyTokenEvent(h->module, 0 /* flags */, slot_poll_interval); /* unexpected error */ if (slot == NULL) { break; } /* something happened, continue loop and check if the card * we're looking for is inserted */ PK11_FreeSlot(slot); continue; } } while (rv != 0); return rv; } /* * This function will search the slot list to find a slot based on the slot * label. If the wanted_slot_label is "none", then we will return the first * slot with the token presented. * * This function return 0 if it found a matching slot; otherwise, it returns * -1. */ int find_slot_by_slotlabel(pkcs11_handle_t *h, const char *wanted_slot_label, unsigned int *slotID) { SECMODModule *module = h->module; PK11SlotInfo *slot; int rv; int i; if (slotID == NULL || wanted_slot_label == NULL || strlen(wanted_slot_label) == 0 || module == NULL) return (-1); if (strcmp(wanted_slot_label, "none") == 0) { rv = find_slot_by_number(h, 0, slotID); return (rv); } else { /* wanted_slot_label is not "none" */ for (i = 0; i < module->slotCount; i++) { if (module->slots[i] && PK11_IsPresent(module->slots[i])) { const char *slot_label; slot = PK11_ReferenceSlot(module->slots[i]); slot_label = PK11_GetSlotName(slot); if (memcmp_pad_max((void *)slot_label, strlen(slot_label), (void *)wanted_slot_label, strlen(wanted_slot_label), 64) == 0) { h->slot = slot; *slotID = PK11_GetSlotID(slot); return 0; } } } } return (-1); } int find_slot_by_slotlabel_and_tokenlabel(pkcs11_handle_t *h, const char *wanted_slot_label, const char *wanted_token_label, unsigned int *slot_num) { SECMODModule *module = h->module; PK11SlotInfo *slot; unsigned long i; int rv; if (slot_num == NULL || module == NULL) return (-1); if (wanted_token_label == NULL){ rv = find_slot_by_slotlabel(h, wanted_slot_label, slot_num); return (rv); } /* wanted_token_label != NULL */ if (strcmp(wanted_slot_label, "none") == 0) { for (i = 0; i < module->slotCount; i++) { if (module->slots[i] && PK11_IsPresent(module->slots[i])) { const char *token_label; slot = PK11_ReferenceSlot(module->slots[i]); token_label = PK11_GetTokenName(slot); if (memcmp_pad_max((void *) token_label, strlen(token_label), (void *)wanted_token_label, strlen(wanted_token_label), 33) == 0) { h->slot = slot; *slot_num = PK11_GetSlotID(slot); return (0); } } } return (-1); } else { for (i = 0; i < module->slotCount; i++) { if (module->slots[i] && PK11_IsPresent(module->slots[i])) { const char *slot_label; const char *token_label; slot = PK11_ReferenceSlot(module->slots[i]); slot_label = PK11_GetSlotName(slot); token_label = PK11_GetTokenName(slot); if ((memcmp_pad_max((void *)slot_label, strlen(slot_label), (void *)wanted_slot_label, strlen(wanted_slot_label), 64) == 0) && (memcmp_pad_max((void *)token_label, strlen(token_label), (void *)wanted_token_label, strlen(wanted_token_label), 33) == 0)) { h->slot = slot; *slot_num = PK11_GetSlotID(slot); return (0); } } } return (-1); } } int wait_for_token_by_slotlabel(pkcs11_handle_t *h, const char *wanted_slot_label, const char *wanted_token_label, unsigned int *slot_num) { int rv; rv = -1; do { /* see if the card we're looking for is inserted */ rv = find_slot_by_slotlabel_and_tokenlabel (h, wanted_slot_label, wanted_token_label, slot_num); if (rv != 0) { PK11SlotInfo *slot; PRIntervalTime slot_poll_interval; /* only for legacy hardware */ /* if the card is not inserted, then block until something happens */ slot_poll_interval = PR_MillisecondsToInterval(PAM_PKCS11_POLL_TIME); slot = SECMOD_WaitForAnyTokenEvent(h->module, 0 /* flags */, slot_poll_interval); /* unexpected error */ if (slot == NULL) { break; } /* something happened, continue loop and check if the card * we're looking for is inserted */ PK11_FreeSlot(slot); continue; } } while (rv != 0); return rv; } void release_pkcs11_module(pkcs11_handle_t *h) { SECStatus rv; close_pkcs11_session(h); if (h->is_user_module) { rv = SECMOD_UnloadUserModule(h->module); if (rv != SECSuccess) { DBG1("Unloading UserModule failed: %s", SECU_Strerror(PR_GetError())); } } if (h->module) { SECMOD_DestroyModule(h->module); } memset(h, 0, sizeof(pkcs11_handle_t)); free(h); /* if we initialized NSS, then we need to shut it down */ if (!app_has_NSS) { rv = NSS_Shutdown(); if (rv != SECSuccess) { DBG1("NSS Shutdown Failed: %s", SECU_Strerror(PR_GetError())); } } } int open_pkcs11_session(pkcs11_handle_t *h, unsigned int slot_num) { /* NSS manages the sessions under the covers, use this function to * select a slot */ if (h->slot != NULL) { /* we've already selected the slot */ if (PK11_GetSlotID(h->slot) == slot_num) { return 0; } /* the slot we've selected isn't the one we want to open */ PK11_FreeSlot(h->slot); h->slot = NULL; } /* look the slot up */ h->slot = SECMOD_LookupSlot(h->module->moduleID, slot_num); if (h->slot == NULL) { return -1; } /* make sure it is present */ if (!PK11_IsPresent(h->slot)) { PK11_FreeSlot(h->slot); h->slot = NULL; return -1; } return 0; } int pkcs11_login(pkcs11_handle_t *h, char *password) { SECStatus rv; if (h->slot == NULL) { DBG("Login failed: No Slot selected"); return -1; } rv = PK11_Authenticate(h->slot, PR_FALSE, password); if (rv != SECSuccess) { DBG1("Login failed: %s", SECU_Strerror(PR_GetError())); } return (rv == SECSuccess) ? 0 : -1; } int get_slot_login_required(pkcs11_handle_t *h) { if (h->slot == NULL) { DBG("Login failed: No Slot selected"); return -1; } return PK11_NeedLogin(h->slot); } int get_slot_protected_authentication_path(pkcs11_handle_t *h) { if (h->slot == NULL) { DBG("Login failed: No Slot selected"); return -1; } return PK11_ProtectedAuthenticationPath(h->slot); } int close_pkcs11_session(pkcs11_handle_t *h) { if (h->slot) { PK11_Logout(h->slot); PK11_FreeSlot(h->slot); h->slot = NULL; } if (h->certs) { CERT_DestroyCertArray((CERTCertificate **)h->certs, h->cert_count); h->certs = NULL; h->cert_count = 0; } return 0; } const char *get_slot_tokenlabel(pkcs11_handle_t *h) { if (!h->slot) { return NULL; } return PK11_GetTokenName(h->slot); } cert_object_t **get_certificate_list(pkcs11_handle_t *h, int *count) { CERTCertList * certList; CERTCertListNode *node; cert_object_t **certs; int certCount = 0; int certIndex = 0; SECStatus rv; if (!h->slot) { return NULL; } if (h->certs) { *count = h->cert_count; return h->certs; } certList = PK11_ListCertsInSlot(h->slot); if (!certList) { DBG1("Couldn't get Certs from token: %s", SECU_Strerror(PR_GetError())); return NULL; } /* only want signing certs */ rv = CERT_FilterCertListByUsage(certList, certUsageSSLClient, PR_FALSE); if (rv != SECSuccess) { CERT_DestroyCertList(certList); DBG1("Couldn't filter out email certs: %s", SECU_Strerror(PR_GetError())); return NULL; } /* only user certs have keys */ rv = CERT_FilterCertListForUserCerts(certList); if (rv != SECSuccess) { CERT_DestroyCertList(certList); DBG1("Couldn't filter out user certs: %s", SECU_Strerror(PR_GetError())); return NULL; } /* convert the link list from NSS to the array used by pam_pkcs11 */ for (node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node,certList); node = CERT_LIST_NEXT(node)) { if (node->cert) { DBG3("cert %d: found (%s), \"%s\"", certCount, node->cert->nickname, node->cert->subjectName); certCount++; } } if (certCount == 0) { CERT_DestroyCertList(certList); DBG("no certs found found"); return NULL; } certs = malloc(sizeof(cert_object_t *)*certCount); if (certs == NULL) { return NULL; } for (node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node,certList); node = CERT_LIST_NEXT(node)) { if (node->cert) { certs[certIndex++] = (cert_object_t *)CERT_DupCertificate(node->cert); if (certIndex == certCount) { break; } } } CERT_DestroyCertList(certList); h->certs = certs; h->cert_count = certIndex; *count = certIndex; return certs; } int get_private_key(pkcs11_handle_t *h, cert_object_t *cert) { /* all certs returned from NSS are user certs, and the private key * has already been identified */ return 0; } const X509 *get_X509_certificate(cert_object_t *cert) { return (CERTCertificate *)cert; } int sign_value(pkcs11_handle_t *h, cert_object_t *cert, CK_BYTE *data, CK_ULONG length, CK_BYTE **signature, CK_ULONG *signature_length) { SECOidTag algtag; SECKEYPrivateKey *key; SECItem result; SECStatus rv; if (h->slot == NULL) { return -1; } /* get the key */ key = PK11_FindPrivateKeyFromCert(h->slot, (CERTCertificate *)cert, NULL); if (key == NULL) { DBG1("Couldn't Find key for Cert: %s", SECU_Strerror(PR_GetError())); return -1; } /* get the oid */ algtag = SEC_GetSignatureAlgorithmOidTag(key->keyType, SEC_OID_SHA1); /* sign the data */ rv = SEC_SignData(&result, data, length, key, algtag); SECKEY_DestroyPrivateKey(key); if (rv != SECSuccess) { DBG1("Signature failed: %s", SECU_Strerror(PR_GetError())); return -1; } *signature = (CK_BYTE *)result.data; *signature_length = result.len; return 0; } int get_random_value(unsigned char *data, int length) { SECStatus rv = PK11_GenerateRandom(data,length); if (rv != SECSuccess) { DBG1("couldn't generate random number: %s", SECU_Strerror(PR_GetError())); } return (rv == SECSuccess) ? 0 : -1; } struct tuple_str { PRErrorCode errNum; const char * errString; }; typedef struct tuple_str tuple_str; #define ER2(a,b) {a, b}, #define ER3(a,b,c) {a, c}, #include "secerr.h" #include "sslerr.h" const tuple_str errStrings[] = { /* keep this list in asceding order of error numbers */ #include "SSLerrs.h" #include "SECerrs.h" #include "NSPRerrs.h" }; const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str); /* Returns a UTF-8 encoded constant error string for "errNum". * Returns NULL of errNum is unknown. */ const char * SECU_Strerror(PRErrorCode errNum) { PRInt32 low = 0; PRInt32 high = numStrings - 1; PRInt32 i; PRErrorCode num; static int initDone; /* make sure table is in ascending order. * binary search depends on it. */ if (!initDone) { PRErrorCode lastNum = ((PRInt32)0x80000000); for (i = low; i <= high; ++i) { num = errStrings[i].errNum; if (num <= lastNum) { fprintf(stderr, "sequence error in error strings at item %d\n" "error %d (%s)\n" "should come after \n" "error %d (%s)\n", i, lastNum, errStrings[i-1].errString, num, errStrings[i].errString); } lastNum = num; } initDone = 1; } /* Do binary search of table. */ while (low + 1 < high) { i = (low + high) / 2; num = errStrings[i].errNum; if (errNum == num) return errStrings[i].errString; if (errNum < num) high = i; else low = i; } if (errNum == errStrings[low].errNum) return errStrings[low].errString; if (errNum == errStrings[high].errNum) return errStrings[high].errString; return NULL; } #else #include "cert_st.h" #include #include #include "rsaref/pkcs11.h" struct cert_object_str { CK_KEY_TYPE key_type; CK_CERTIFICATE_TYPE type; CK_BYTE *id; CK_ULONG id_length; CK_OBJECT_HANDLE private_key; X509 *x509; }; typedef struct { CK_SLOT_ID id; CK_BBOOL token_present; CK_UTF8CHAR label[33]; /* token label */ CK_UTF8CHAR slotDescription[64]; } slot_t; struct pkcs11_handle_str { void *module_handle; CK_FUNCTION_LIST_PTR fl; int should_finalize; slot_t *slots; CK_ULONG slot_count; CK_SESSION_HANDLE session; cert_object_t **certs; int cert_count; int current_slot; }; int crypto_init(cert_policy *policy) { /* arg is ignored for OPENSSL */ (void)policy; OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); return 0; } int load_pkcs11_module(const char *module, pkcs11_handle_t **hp) { int rv; struct stat module_stat; CK_C_GetFunctionList C_GetFunctionList_ptr; pkcs11_handle_t *h; DBG1("PKCS #11 module = [%s]", module); /* reset pkcs #11 handle */ h = (pkcs11_handle_t *)calloc(sizeof(pkcs11_handle_t), 1); if (h == NULL) { set_error("pkcs11_handle_t malloc failed: %s", strerror(errno)); return -1; } /* check module permissions */ rv = stat(module, &module_stat); if (rv < 0) { set_error("stat() failed: %s", strerror(errno)); free(h); return -1; } DBG3("module permissions: uid = %d, gid = %d, mode = %o", module_stat.st_uid, module_stat.st_gid, module_stat.st_mode & 0777); if (module_stat.st_mode & S_IWGRP || module_stat.st_mode & S_IWOTH || module_stat.st_uid != 0) { set_error("the pkcs #11 module MUST be owned by root and MUST NOT " "be writable by the group or others"); free(h); return -1; } /* load module */ DBG1("loading module %s", module); h->module_handle = dlopen(module, RTLD_NOW); if (h->module_handle == NULL) { set_error("dlopen() failed: %s", dlerror()); free(h); return -1; } /* try to get the function list */ DBG("getting function list"); C_GetFunctionList_ptr = (CK_C_GetFunctionList)dlsym(h->module_handle, "C_GetFunctionList"); if (C_GetFunctionList_ptr == NULL) { set_error("dlsym() failed: %s", dlerror()); free(h); return -1; } rv = C_GetFunctionList_ptr(&h->fl); if (rv != CKR_OK) { set_error("C_GetFunctionList() failed: 0x%08lX", rv); free(h); return -1; } *hp = h; return 0; } static int refresh_slots(pkcs11_handle_t *h) { CK_ULONG i, slot_count; CK_SLOT_ID_PTR slots; CK_RV rv; int j; slot_count = -1; slots = NULL; rv = h->fl->C_GetSlotList(FALSE, NULL, &slot_count); if (rv != CKR_OK) { set_error("C_GetSlotList() failed: 0x%08lX", rv); return -1; } /* number of slots has changed */ if (slot_count != h->slot_count) { free(h->slots); /* get a list of all slots */ rv = h->fl->C_GetSlotList(FALSE, NULL, &h->slot_count); if (rv != CKR_OK) { set_error("C_GetSlotList() failed: 0x%08lX", rv); return -1; } DBG1("number of slots (a): %ld", h->slot_count); if (h->slot_count == 0) { set_error("there are no slots available"); return -1; } slots = malloc(h->slot_count * sizeof(CK_SLOT_ID)); if (slots == NULL) { set_error("not enough free memory available"); return -1; } h->slots = malloc(h->slot_count * sizeof(slot_t)); if (h->slots == NULL) { free(slots); set_error("not enough free memory available"); return -1; } memset(h->slots, 0, h->slot_count * sizeof(slot_t)); rv = h->fl->C_GetSlotList(FALSE, slots, &h->slot_count); if (rv != CKR_OK) { free(slots); set_error("C_GetSlotList() failed: 0x%08lX", rv); return -1; } DBG1("number of slots (b): %ld", h->slot_count); /* show some information about the slots/tokens and setup slot info */ for (i = 0; i < h->slot_count; i++) { h->slots[i].id = slots[i]; } free(slots); } for (i = 0; i < h->slot_count; i++) { CK_SLOT_INFO sinfo; CK_TOKEN_INFO tinfo; CK_RV rv; DBG1("slot %ld:", i + 1); rv = h->fl->C_GetSlotInfo(h->slots[i].id, &sinfo); if (rv != CKR_OK) { set_error("C_GetSlotInfo() failed: 0x%08lX", rv); return -1; } (void) memcpy(h->slots[i].slotDescription, sinfo.slotDescription, sizeof(h->slots[i].slotDescription)); DBG1("- description: %.64s", sinfo.slotDescription); DBG1("- manufacturer: %.32s", sinfo.manufacturerID); DBG1("- flags: %04lx", sinfo.flags); if (sinfo.flags & CKF_TOKEN_PRESENT) { DBG("- token:"); rv = h->fl->C_GetTokenInfo(h->slots[i].id, &tinfo); if (rv != CKR_OK) { set_error("C_GetTokenInfo() failed: 0x%08lX", rv); return -1; } DBG1(" - label: %.32s", tinfo.label); DBG1(" - manufacturer: %.32s", tinfo.manufacturerID); DBG1(" - model: %.16s", tinfo.model); DBG1(" - serial: %.16s", tinfo.serialNumber); DBG1(" - flags: %04lx", tinfo.flags); h->slots[i].token_present = TRUE; memcpy(h->slots[i].label, tinfo.label, 32); for (j = 31; h->slots[i].label[j] == ' '; j--) h->slots[i].label[j] = 0; } } return 0; } int init_pkcs11_module(pkcs11_handle_t *h,int flag) { int rv; CK_ULONG i; /* CK_SLOT_ID_PTR slots; */ CK_INFO info; /* Set up arguments to allow native threads According with pkcs#11v2.20, must set all pointers to null and flags CKF_OS_LOCKING_OK */ CK_C_INITIALIZE_ARGS initArgs = { .CreateMutex = NULL, .DestroyMutex = NULL, .LockMutex = NULL, .UnlockMutex = NULL, .flags = CKF_OS_LOCKING_OK, .pReserved = NULL }; /* initialise the module */ if (flag) rv = h->fl->C_Initialize((CK_VOID_PTR) &initArgs); else rv = h->fl->C_Initialize(NULL); if (rv == CKR_OK) h->should_finalize = 1; else if (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) { set_error("C_Initialize() failed: 0x%08lX", rv); return -1; } rv = h->fl->C_GetInfo(&info); if (rv != CKR_OK) { set_error("C_GetInfo() failed: 0x%08lX", rv); return -1; } /* show some information about the module */ DBG("module information:"); DBG2("- version: %hhd.%hhd", info.cryptokiVersion.major, info.cryptokiVersion.minor); DBG1("- manufacturer: %.32s", info.manufacturerID); DBG1("- flags: %04lx", info.flags); DBG1("- library description: %.32s", info.libraryDescription); DBG2("- library version: %hhd.%hhd", info.libraryVersion.major, info.libraryVersion.minor); /* * As per PKCS#11 v2.2 we can call C_GetSlotList multiple times to check for * added/removed slots */ h->slot_count = -1; h->slots = NULL; return refresh_slots(h); } void release_pkcs11_module(pkcs11_handle_t *h) { /* finalise pkcs #11 module */ if (h->fl != NULL) if (h->should_finalize) h->fl->C_Finalize(NULL); /* unload the module */ if (h->module_handle != NULL) dlclose(h->module_handle); /* release all allocated memory */ if (h->slots != NULL) free(h->slots); memset(h, 0, sizeof(pkcs11_handle_t)); free(h); } int find_slot_by_number(pkcs11_handle_t *h, unsigned int slot_num, unsigned int *slot) { /* zero means find the best slot */ if (slot_num == 0) { for (slot_num = 0; slot_num < h->slot_count && !h->slots[slot_num].token_present; slot_num++); } else { /* otherwize it's an index into the slot table (it is *NOT* the slot * id!).... */ slot_num--; } if ((slot_num >= h->slot_count) || (!h->slots[slot_num].token_present)) { return -1; } *slot = slot_num; return 0; } int find_slot_by_number_and_label(pkcs11_handle_t *h, int wanted_slot_id, const char *wanted_token_label, unsigned int *slot_num) { unsigned int slot_index; int rv; const char *token_label = NULL; /* we want a specific slot id, or we don't care about the label */ if ((wanted_token_label == NULL) || (wanted_slot_id != 0)) { rv = find_slot_by_number(h, wanted_slot_id, slot_num); /* if we don't care about the label, or we failed, we're done */ if ((wanted_token_label == NULL) || (rv != 0)) { return rv; } /* verify it's the label we want */ token_label = h->slots[*slot_num].label; if ((token_label != NULL) && (strcmp (wanted_token_label, token_label) == 0)) { return 0; } return -1; } /* look up the slot by it's label from the list */ for (slot_index = 0; slot_index < h->slot_count; slot_index++) { if (h->slots[slot_index].token_present) { token_label = h->slots[slot_index].label; if ((token_label != NULL) && (strcmp (wanted_token_label, token_label) == 0)) { *slot_num = slot_index; return 0; } } } return -1; } /* * This function will search the slot list to find a slot based on the slot * label. If the wanted_slot_label is "none", then we will return the first * slot with the token presented. * * This function return 0 if it found a matching slot; otherwise, it returns * -1. */ int find_slot_by_slotlabel(pkcs11_handle_t *h, const char *wanted_slot_label, unsigned int *slot_num) { unsigned long idx; size_t len; if (slot_num == NULL || wanted_slot_label == NULL || strlen(wanted_slot_label) == 0) return (-1); if (strcmp(wanted_slot_label, "none") == 0) { for (idx = 0; idx < h->slot_count; idx++) { if (h->slots[idx].token_present) { *slot_num = idx; return (0); } } } else { /* Look up the slot by it's slotDescription */ len = strlen(wanted_slot_label); for (idx = 0; idx < h->slot_count; idx++) { if (h->slots[idx].token_present && memcmp_pad_max(h->slots[idx].slotDescription, 64, (void *)wanted_slot_label, len, 64) == 0) { *slot_num = idx; return (0); } } } return (-1); } int find_slot_by_slotlabel_and_tokenlabel(pkcs11_handle_t *h, const char *wanted_slot_label, const char *wanted_token_label, unsigned int *slot_num) { unsigned long i; int rv; if (slot_num == NULL) return (-1); if (wanted_token_label == NULL) { rv = find_slot_by_slotlabel(h, wanted_slot_label, slot_num); return (rv); } /* wanted_token_label != NULL */ if (strcmp(wanted_slot_label, "none") == 0) { for (i= 0; i < h->slot_count; i++) { if (h->slots[i].token_present && strcmp(wanted_token_label, (char *)h->slots[i].label) == 0) { *slot_num = i; return (0); } } return (-1); } else { for (i = 0; i < h->slot_count; i++) { if (h->slots[i].token_present) { const char *slot_label = h->slots[i].slotDescription; const char *token_label = h->slots[i].label; if ((memcmp_pad_max((void *)slot_label, strlen(slot_label), (void *)wanted_slot_label, strlen(wanted_slot_label), 64) == 0) && (memcmp_pad_max((void *)token_label, strlen(token_label), (void *)wanted_token_label, strlen(wanted_token_label), 33) == 0)) { *slot_num = i; return (0); } } } return (-1); } } int wait_for_token_by_slotlabel(pkcs11_handle_t *h, const char *wanted_slot_label, const char *wanted_token_label, unsigned int *slot_num) { int rv; do { /* see if the card we're looking for is inserted */ rv = find_slot_by_slotlabel_and_tokenlabel (h, wanted_slot_label, wanted_token_label, slot_num); if (rv != 0) { /* could call C_WaitForSlotEvent, for now just poll */ sleep(10); refresh_slots(h); continue; } } while (rv != 0); return rv; } int wait_for_token(pkcs11_handle_t *h, int wanted_slot_id, const char *wanted_token_label, unsigned int *slot_num) { int rv; do { /* see if the card we're looking for is inserted */ rv = find_slot_by_number_and_label (h, wanted_slot_id, wanted_token_label, slot_num); if (rv != 0) { /* could call C_WaitForSlotEvent, for now just poll */ sleep(10); refresh_slots(h); continue; } } while (rv != 0); return rv; } int open_pkcs11_session(pkcs11_handle_t *h, unsigned int slot) { int rv; DBG1("opening a new PKCS #11 session for slot %d", slot + 1); if (slot >= h->slot_count) { set_error("invalid slot number %d", slot); return -1; } /* open a readonly user-session */ rv = h->fl->C_OpenSession(h->slots[slot].id, CKF_SERIAL_SESSION, NULL, NULL, &h->session); if (rv != CKR_OK) { set_error("C_OpenSession() failed: 0x%08lX", rv); return -1; } h->current_slot = slot; return 0; } int pkcs11_login(pkcs11_handle_t *h, char *password) { int rv; DBG("login as user CKU_USER"); if (password) rv = h->fl->C_Login(h->session, CKU_USER, (unsigned char*)password, strlen(password)); else rv = h->fl->C_Login(h->session, CKU_USER, NULL, 0); if ((rv != CKR_OK) && (rv != CKR_USER_ALREADY_LOGGED_IN)) { set_error("C_Login() failed: 0x%08lX", rv); return -1; } return 0; } int get_slot_login_required(pkcs11_handle_t *h) { int rv; CK_TOKEN_INFO tinfo; rv = h->fl->C_GetTokenInfo(h->slots[h->current_slot].id, &tinfo); if (rv != CKR_OK) { set_error("C_GetTokenInfo() failed: 0x%08lX", rv); return -1; } return tinfo.flags & CKF_LOGIN_REQUIRED; } int get_slot_protected_authentication_path(pkcs11_handle_t *h) { int rv; CK_TOKEN_INFO tinfo; rv = h->fl->C_GetTokenInfo(h->slots[h->current_slot].id, &tinfo); if (rv != CKR_OK) { set_error("C_GetTokenInfo() failed: 0x%08lX", rv); return -1; } return tinfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH; } static void free_certs(cert_object_t **certs, int cert_count) { int i; for (i = 0; i < cert_count; i++) { if (!certs[i]) { continue; } if (certs[i]->x509 != NULL) X509_free(certs[i]->x509); if (certs[i]->id != NULL) free(certs[i]->id); free(certs[i]); } free(certs); } int close_pkcs11_session(pkcs11_handle_t *h) { int rv; /* close user-session */ DBG("logout user"); rv = h->fl->C_Logout(h->session); if (rv != CKR_OK && rv != CKR_USER_NOT_LOGGED_IN && rv != CKR_FUNCTION_NOT_SUPPORTED) { set_error("C_Logout() failed: 0x%08lX", rv); return -1; } DBG("closing the PKCS #11 session"); rv = h->fl->C_CloseSession(h->session); if (rv != CKR_OK && rv != CKR_FUNCTION_NOT_SUPPORTED) { set_error("C_CloseSession() failed: 0x%08lX", rv); return -1; } DBG("releasing keys and certificates"); if (h->certs != NULL) { free_certs(h->certs, h->cert_count); h->certs = NULL; h->cert_count = 0; } return 0; } /* get a list of certificates */ cert_object_t **get_certificate_list(pkcs11_handle_t *h, int *ncerts) { CK_BYTE *id_value; CK_BYTE *cert_value; CK_OBJECT_HANDLE object; CK_ULONG object_count; X509 *x509; cert_object_t **certs = NULL; int rv; CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE; CK_CERTIFICATE_TYPE cert_type = CKC_X_509; CK_ATTRIBUTE cert_template[] = { {CKA_CLASS, &cert_class, sizeof(CK_OBJECT_CLASS)} , {CKA_CERTIFICATE_TYPE, &cert_type, sizeof(CK_CERTIFICATE_TYPE)} , {CKA_ID, NULL, 0} , {CKA_VALUE, NULL, 0} }; if (h->certs) { *ncerts = h->cert_count; return h->certs; } rv = h->fl->C_FindObjectsInit(h->session, cert_template, 2); if (rv != CKR_OK) { set_error("C_FindObjectsInit() failed: 0x%08lX", rv); return NULL; } while(1) { /* look for certificates */ rv = h->fl->C_FindObjects(h->session, &object, 1, &object_count); if (rv != CKR_OK) { set_error("C_FindObjects() failed: 0x%08lX", rv); goto getlist_error; } if (object_count == 0) break; /* no more certs */ /* Cert found, read */ /* pass 1: get cert id */ /* retrieve cert object id length */ cert_template[2].pValue = NULL; cert_template[2].ulValueLen = 0; rv = h->fl->C_GetAttributeValue(h->session, object, cert_template, 3); if (rv != CKR_OK) { set_error("CertID length: C_GetAttributeValue() failed: 0x%08lX", rv); goto getlist_error; } /* allocate enough space */ id_value = malloc(cert_template[2].ulValueLen); if (id_value == NULL) { set_error("CertID malloc(%d): not enough free memory available", cert_template[2].ulValueLen); goto getlist_error; } /* read cert id into allocated space */ cert_template[2].pValue = id_value; rv = h->fl->C_GetAttributeValue(h->session, object, cert_template, 3); if (rv != CKR_OK) { free(id_value); set_error("CertID value: C_GetAttributeValue() failed: 0x%08lX", rv); goto getlist_error; } /* pass 2: get certificate */ /* retrieve cert length */ cert_template[3].pValue = NULL; rv = h->fl->C_GetAttributeValue(h->session, object, cert_template, 4); if (rv != CKR_OK) { set_error("Cert Length: C_GetAttributeValue() failed: 0x%08lX", rv); goto getlist_error; } /* allocate enough space */ cert_value = malloc(cert_template[3].ulValueLen); if (cert_value == NULL) { set_error("Cert Length malloc(%d): not enough free memory available", cert_template[3].ulValueLen); goto getlist_error; } /* read certificate into allocated space */ cert_template[3].pValue = cert_value; rv = h->fl->C_GetAttributeValue(h->session, object, cert_template, 4); if (rv != CKR_OK) { free(cert_value); set_error("Cert Value: C_GetAttributeValue() failed: 0x%08lX", rv); goto getlist_error; } /* Pass 3: store certificate */ /* convert to X509 data structure */ x509 = d2i_X509(NULL, (const unsigned char **)&cert_template[3].pValue, cert_template[3].ulValueLen); if (x509 == NULL) { free(id_value); free(cert_value); set_error("d2i_x509() failed: %s", ERR_error_string(ERR_get_error(), NULL)); goto getlist_error; } /* finally add certificate to chain */ certs= realloc(h->certs,(h->cert_count+1) * sizeof(cert_object_t *)); if (!certs) { free(id_value); X509_free(x509); set_error("realloc() not space to re-size cert table"); goto getlist_error; } h->certs=certs; DBG1("Saving Certificate #%d:", h->cert_count + 1); certs[h->cert_count] = NULL; DBG1("- type: %02lx", cert_type); DBG1("- id: %02x", id_value[0]); h->certs[h->cert_count] = (cert_object_t *)calloc(sizeof(cert_object_t),1); if (h->certs[h->cert_count] == NULL) { free(id_value); X509_free(x509); set_error("malloc() not space to allocate cert object"); goto getlist_error; } h->certs[h->cert_count]->type = cert_type; h->certs[h->cert_count]->id = id_value; h->certs[h->cert_count]->id_length = cert_template[2].ulValueLen; h->certs[h->cert_count]->x509 = x509; h->certs[h->cert_count]->private_key = CK_INVALID_HANDLE; h->certs[h->cert_count]->key_type = 0; ++h->cert_count; } /* end of while(1) */ /* release FindObject Sesion */ rv = h->fl->C_FindObjectsFinal(h->session); if (rv != CKR_OK) { set_error("C_FindObjectsFinal() failed: 0x%08lX", rv); free_certs(certs, h->cert_count); certs = NULL; h->certs = NULL; h->cert_count = 0; return NULL; } *ncerts = h->cert_count; /* arriving here means that's all right */ DBG1("Found %d certificates in token",h->cert_count); return h->certs; /* some error arrived: clean as possible, and return fail */ getlist_error: rv = h->fl->C_FindObjectsFinal(h->session); if (rv != CKR_OK) { set_error("C_FindObjectsFinal() failed: 0x%08lX", rv); } free_certs(h->certs, h->cert_count); h->certs = NULL; h->cert_count = 0; return NULL; } /* retrieve the private key associated with a given certificate */ int get_private_key(pkcs11_handle_t *h, cert_object_t *cert) { CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY; CK_BBOOL key_sign = CK_TRUE; CK_ATTRIBUTE key_template[] = { {CKA_CLASS, &key_class, sizeof(key_class)} , {CKA_SIGN, &key_sign, sizeof(key_sign)} , {CKA_ID, NULL, 0} }; CK_OBJECT_HANDLE object; CK_ULONG object_count; int rv; if (cert->private_key != CK_INVALID_HANDLE) { /* we've already found the private key for this certificate */ return 0; } /* search for a specific ID is any */ if (cert->id && cert->id_length) { key_template[2].pValue = cert->id; key_template[2].ulValueLen = cert->id_length; rv = h->fl->C_FindObjectsInit(h->session, key_template, 3); } else { rv = h->fl->C_FindObjectsInit(h->session, key_template, 2); } if (rv != CKR_OK) { set_error("C_FindObjectsInit() failed: 0x%08lX", rv); return -1; } rv = h->fl->C_FindObjects(h->session, &object, 1, &object_count); if (rv != CKR_OK) { set_error("C_FindObjects() failed: 0x%08lX", rv); goto get_privkey_failed; } if (object_count <= 0) { /* cert without prk: perhaps CA or CA-chain cert */ set_error("No private key found for cert: 0x%08lX", rv); goto get_privkey_failed; } /* and finally release Find session */ rv = h->fl->C_FindObjectsFinal(h->session); if (rv != CKR_OK) { set_error("C_FindObjectsFinal() failed: 0x%08lX", rv); return -1; } cert->private_key = object; cert->key_type = CKK_RSA; return 0; get_privkey_failed: rv = h->fl->C_FindObjectsFinal(h->session); if (rv != CKR_OK) { set_error("C_FindObjectsFinal() failed: 0x%08lX", rv); } return -1; } const char *get_slot_tokenlabel(pkcs11_handle_t *h) { return h->slots[h->current_slot].label; } const X509 *get_X509_certificate(cert_object_t *cert) { return cert->x509; } int sign_value(pkcs11_handle_t *h, cert_object_t *cert, CK_BYTE *data, CK_ULONG length, CK_BYTE **signature, CK_ULONG *signature_length) { int rv; CK_BYTE hash[15 + SHA_DIGEST_LENGTH] = "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14"; CK_MECHANISM mechanism = { 0, NULL, 0 }; if (get_private_key(h, cert) == -1) { set_error("Couldn't find private key for certificate"); return -1; } /* set mechanism */ switch (cert->key_type) { case CKK_RSA: mechanism.mechanism = CKM_RSA_PKCS; break; default: set_error("unsupported key type %d", cert->type); return -1; } /* compute hash-value */ SHA1(data, length, &hash[15]); DBG5("hash[%ld] = [...:%02x:%02x:%02x:...:%02x]", sizeof(hash), hash[15], hash[16], hash[17], hash[sizeof(hash) - 1]); /* sign the token */ rv = h->fl->C_SignInit(h->session, &mechanism, cert->private_key); if (rv != CKR_OK) { set_error("C_SignInit() failed: 0x%08lX", rv); return -1; } *signature = NULL; *signature_length = 128; while (*signature == NULL) { *signature = malloc(*signature_length); if (*signature == NULL) { set_error("not enough free memory available"); return -1; } rv = h->fl->C_Sign(h->session, hash, sizeof(hash), *signature, signature_length); if (rv == CKR_BUFFER_TOO_SMALL) { /* increase signature length as long as it it to short */ free(*signature); *signature = NULL; *signature_length *= 2; DBG1("increased signature buffer-length to %ld", *signature_length); } else if (rv != CKR_OK) { free(*signature); *signature = NULL; set_error("C_Sign() failed: 0x%08lX", rv); return -1; } } DBG5("signature[%ld] = [%02x:%02x:%02x:...:%02x]", *signature_length, (*signature)[0], (*signature)[1], (*signature)[2], (*signature)[*signature_length - 1]); return 0; } int get_random_value(unsigned char *data, int length) { static const char *random_device = "/dev/urandom"; int rv, fh, l; DBG2("reading %d random bytes from %s", length, random_device); fh = open(random_device, O_RDONLY); if (fh == -1) { set_error("open() failed: %s", strerror(errno)); return -1; } l = 0; while (l < length) { rv = read(fh, data + l, length - l); if (rv <= 0) { close(fh); set_error("read() failed: %s", strerror(errno)); return -1; } l += rv; } close(fh); DBG5("random-value[%d] = [%02x:%02x:%02x:...:%02x]", length, data[0], data[1], data[2], data[length - 1]); return 0; } #endif /* HAVE_NSS */ pam_pkcs11-0.6.9/src/common/cert_info.h0000644000175000017500000000447312074274512020177 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003-2004 Mario Strasser * Copyright (C) 2005 Juan Antonio Martinez * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ #ifndef __CERT_INFO_H_ #define __CERT_INFO_H_ #include "cert_st.h" /** Certificate Common Name */ #define CERT_CN 1 /** Certificate subject */ #define CERT_SUBJECT 2 /** Kerberos principal name */ #define CERT_KPN 3 /** Certificate e-mail */ #define CERT_EMAIL 4 /** Microsoft's Universal Principal Name */ #define CERT_UPN 5 /** Certificate Unique Identifier */ #define CERT_UID 6 /** Certificate Public Key (PEM Format)*/ #define CERT_PUK 7 /** Certificate Digest */ #define CERT_DIGEST 8 /** Certificate Public key in OpenSSH format */ #define CERT_SSHPUK 9 /** Certificate in PEM format */ #define CERT_PEM 10 /** Certificate issuer */ #define CERT_ISSUER 11 /** Certificate serial number */ #define CERT_SERIAL 12 /** Certificate key algorithm */ #define CERT_KEY_ALG 13 /** Max size of returned certificate content array */ #define CERT_INFO_SIZE 16 /** Max number of entries to find from certificate */ #define CERT_INFO_MAX_ENTRIES ( CERT_INFO_SIZE - 1 ) #ifndef __CERT_INFO_C_ #define CERTINFO_EXTERN extern #else #define CERTINFO_EXTERN #endif /** * Generate and compose a certificate chain * @param cert Certificate to add * @param certs pointer to list of certificates * @param ncerts pointer to number of certificates in list */ void add_cert(X509 *cert, X509 ***certs, int *ncerts); /** * Request info on certificate * @param x509 certificate to parse * @param type information to retrieve * @param algorithm to use in evaluate certificate digest; else null * @return utf-8 string array with provided information */ CERTINFO_EXTERN char **cert_info(X509 *x509, int type, ALGORITHM_TYPE algorithm); #undef CERTINFO_EXTERN #endif /* __CERT_INFO_H_ */ pam_pkcs11-0.6.9/src/common/strings.h0000644000175000017500000001020612074274512017707 0ustar rousseaurousseau/* * PAM-PKCS11 string tools * Copyright (C) 2005 Juan Antonio Martinez * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * $Id$ */ #ifndef __STRINGS_H_ #define __STRINGS_H_ #ifdef HAVE_CONFIG_H #include #endif #include #include /** * String management library */ #ifndef _STRINGS_C_ #define M_EXTERN extern #else #define M_EXTERN #endif /** * Check for a null or spaced string *@param str Tested string *@return nonzero on null, empty or spaced string, else zero */ M_EXTERN int is_empty_str(const char *str); /** * Duplicate a string *@param str String to be cloned *@return Pointer to cloned string or null if error in allocating memory */ M_EXTERN char *clone_str(const char *str); /** * Duplicate a string converting all chars to upper-case *@param str String to be cloned & uppercassed *@return Pointer to result string or null if error in allocating memory */ M_EXTERN char *toupper_str(const char *str); /** * Duplicate a string converting all chars to lower-case *@param str String to be cloned & lowercased *@return Pointer to result string or null if error in allocating memory */ M_EXTERN char *tolower_str(const char *str); /** * Convert a byte array into a colon-separated hexadecimal sequence *@param binstr ByteArray to be parsed *@param len Number of bytes to be converted *@return Pointer to result string or null if error in allocating memory */ M_EXTERN char *bin2hex(const unsigned char *binstr,const int len); /** * Convert a colon-separated hexadecimal data into a byte array *@param hexstr String to be parsed *@return Pointer to resulting byte array, or null if no memory available */ M_EXTERN unsigned char *hex2bin(const char *hexstr); /** * Convert a colon-separated hexadecimal data into a byte array, * store result into a previously allocated space *@param hexstr String to be parsed *@param res Pointer to pre-allocated user space *@param size Pointer to store lenght of data parsed *@return Pointer to resulting byte array, or null on parse error */ M_EXTERN unsigned char *hex2bin_static(const char *hexstr,unsigned char **res,int *size); /** * Splits a string to an array of nelems by using sep as character separator. * * To free() memory used by this call, call free(res[0]); free(res); *@param str String to be parsed *@param sep Character to be used as separator *@param nelems Number of elements of resulting array *@return res: Pointer to resulting string array, or null if malloc() error */ M_EXTERN char **split(const char *str,char sep, int nelems); /** * Splits a string to an array of nelems by using sep as character separator, * using dest as pre-allocated destination memory for the resulting array * * To free() memory used by this call, just call free result pointer *@param str String to be parsed *@param sep Character to be used as separator *@param nelems Number of elements of resulting array *@param dst Char array to store temporary data *@return Pointer to resulting string array, or null if malloc() error */ M_EXTERN char **split_static(const char *str,char sep, int nelems,char *dst); /** * Remove all extra spaces from a string. * a char is considered space if trues isspace() * *@param str String to be trimmed *@return Pointer to cloned string with all spaces trimmed or null if error in allocating memory */ M_EXTERN char *trim(const char *str); #undef M_EXTERN #endif pam_pkcs11-0.6.9/src/common/cert_info.c0000644000175000017500000006665712772726434020220 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003-2004 Mario Strasser * Copyright (C) 2005 Juan Antonio Martinez * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ #ifndef __CERT_INFO_C_ #define __CERT_INFO_C_ #ifdef HAVE_CONFIG_H #include #endif #include "debug.h" #include "error.h" #include "strings.h" #include "cert_info.h" #include "alg_st.h" #ifdef HAVE_NSS #include "secoid.h" /* * NSS dynamic oid support. * NSS is able to understand new oid tags provided by the application, * including * understanding new cert extensions that NSS previously did not understand. * This code adds the oids for the Kerberos Principle and the Microsoft UPN */ #define TO_ITEM(x) {siDEROID, (unsigned char *)(x), sizeof(x) } /* kerberois oid: 1.3.6.1.5.2.2 */ SECOidTag CERT_KerberosPN_OID = SEC_OID_UNKNOWN; static const unsigned char kerberosOID[] = { 0x2b, 0x6, 0x1, 0x5, 0x2, 0x2 }; static const SECOidData kerberosPN_Entry = { TO_ITEM(kerberosOID), SEC_OID_UNKNOWN, "Kerberos Priniciple", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION }; SECOidTag CERT_MicrosoftUPN_OID = SEC_OID_UNKNOWN; /* { 1.3.6.1.4.1.311 } */ static const unsigned char microsoftUPNOID[] = { 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37, 0x14, 0x2, 0x3 }; static const SECOidData microsoftUPN_Entry = { TO_ITEM(microsoftUPNOID), SEC_OID_UNKNOWN, "Microsoft Universal Priniciple", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION }; /* register the oid if we haven't already */ static void cert_fetchOID(SECOidTag *data, const SECOidData *src) { if (*data == SEC_OID_UNKNOWN) { /* AddEntry does the right thing if someone else has already * added the oid. (that is return that oid tag) */ *data = SECOID_AddEntry(src); } return; } static char ** cert_GetNameElements(CERTName *name, int wantedTag) { static char *results[CERT_INFO_SIZE]; CERTRDN** rdns; CERTRDN *rdn; char *buf = 0; int i=0; rdns = name->rdns; while (rdns && (rdn = *rdns++) != 0) { CERTAVA** avas = rdn->avas; CERTAVA* ava; while (avas && (ava = *avas++) != 0) { int tag = CERT_GetAVATag(ava); if ( tag == wantedTag ) { SECItem *decodeItem = CERT_DecodeAVAValue(&ava->value); if(!decodeItem) { results[i] = NULL; return results[0] ? results : NULL; } buf = malloc(decodeItem->len + 1); if ( buf ) { memcpy(buf, decodeItem->data, decodeItem->len); buf[decodeItem->len] = 0; } SECITEM_FreeItem(decodeItem, PR_TRUE); results[i] = buf; i++; if (i == CERT_INFO_SIZE-1) { goto done; } } } } done: results[i] = NULL; return results[0] ? results : NULL; } /* * Evaluate Certificate Signature Digest */ static char **cert_info_digest(X509 *x509, ALGORITHM_TYPE algorithm) { static char *entries[2] = { NULL,NULL }; HASH_HashType type = HASH_GetHashTypeByOidTag(algorithm); unsigned char data[HASH_LENGTH_MAX]; if (type == HASH_AlgNULL) { type = HASH_AlgSHA1; DBG1("Invalid digest algorithm, using 'sha1'",algorithm); } HASH_HashBuf(type, data, x509->derCert.data, x509->derCert.len); entries[0] = bin2hex(data,HASH_ResultLen(type)); return entries; } static char ** cert_info_upn (X509 *x509) { SECItem alt_name; SECStatus status; PRArenaPool *arena = NULL; CERTGeneralName *nameList; CERTGeneralName *current; SECOidTag tag; static char *results[CERT_INFO_SIZE] = { NULL }; int result = 0; SECItem decoded; DBG("Looking for ALT_NAME"); status = CERT_FindCertExtension(x509, SEC_OID_X509_SUBJECT_ALT_NAME, &alt_name); if (status != SECSuccess) { DBG("Not found"); goto no_upn; } arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) { DBG("Could not allocate arena"); goto no_upn; } nameList = current = CERT_DecodeAltNameExtension(arena, &alt_name); if (!nameList) { DBG("Could not decode name"); goto no_upn; } cert_fetchOID(&CERT_MicrosoftUPN_OID, µsoftUPN_Entry); do { if (current->type == certOtherName) { tag = SECOID_FindOIDTag(¤t->name.OthName.oid); DBG1("got other name with tag %#x", tag); if (tag == CERT_MicrosoftUPN_OID) { status = SEC_ASN1DecodeItem(arena, &decoded, SEC_UTF8StringTemplate, ¤t->name.OthName.name); if (status == SECSuccess) { results[result] = malloc(decoded.len + 1); memcpy(results[result], decoded.data, decoded.len); results[result][decoded.len] = '\0'; DBG1("Got upn: %s", results[result]); result++; } else { DBG("Could not decode upn..."); } } } else { DBG("not other name..."); } current = CERT_GetNextGeneralName(current); } while (current != nameList && result < CERT_INFO_MAX_ENTRIES); no_upn: if (arena) { PORT_FreeArena(arena, PR_FALSE); } if (alt_name.data) { SECITEM_FreeItem(&alt_name, PR_FALSE); } return results; } /** * request info on certificate * @param x509 Certificate to parse * @param type Information to retrieve * @param algorithm Digest algoritm to use * @return utf-8 string array with provided information */ char **cert_info(X509 *x509, int type, ALGORITHM_TYPE algorithm ) { static char *results[CERT_INFO_SIZE]; SECOidData *oid; int i; if (!x509) { DBG("Null certificate provided"); return NULL; } switch (type) { case CERT_CN : /* Certificate Common Name */ return cert_GetNameElements(&x509->subject, SEC_OID_AVA_COMMON_NAME); case CERT_SUBJECT : /* Certificate subject */ results[0] = CERT_NameToAscii(&x509->subject); results[1] = 0; break; case CERT_ISSUER : /* Certificate issuer */ results[0] = CERT_NameToAscii(&x509->issuer); results[1] = 0; break; case CERT_SERIAL : /* Certificate serial number */ results[0] = bin2hex(x509->serialNumber.data, x509->serialNumber.len); results[1] = 0; break; case CERT_KPN : /* Kerberos principal name */ cert_fetchOID(&CERT_KerberosPN_OID, &kerberosPN_Entry); return cert_GetNameElements(&x509->subject, CERT_KerberosPN_OID); case CERT_EMAIL : /* Certificate e-mail */ for (i=1, results[0] = CERT_GetFirstEmailAddress(x509); results[i-1] && i < CERT_INFO_SIZE; i++) { results[i] = CERT_GetNextEmailAddress(x509, results[i-1]); } results[i] = NULL; for (i=0; results[i]; i++) { results[i] = strdup(results[i]); } break; /* need oid tag. */ case CERT_UPN : /* Microsoft's Universal Principal Name */ return cert_info_upn(x509); case CERT_UID : /* Certificate Unique Identifier */ return cert_GetNameElements(&x509->subject, SEC_OID_RFC1274_UID); break; case CERT_PUK : /* Certificate Public Key */ return NULL; case CERT_DIGEST : /* Certificate Signature Digest */ if ( !algorithm ) { DBG("Must specify digest algorithm"); return NULL; } return cert_info_digest(x509,algorithm); case CERT_KEY_ALG : oid = SECOID_FindOID(&x509->subjectPublicKeyInfo.algorithm.algorithm); if (oid == NULL) { results[0] = strdup("Unknown"); } else { results[0] = strdup(oid->desc); } results[1] = 0; break; default : DBG1("Invalid info type requested: %d",type); return NULL; } if (results[0] == NULL) { return NULL; } return results; } #else #include "../common/pam-pkcs11-ossl-compat.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include "debug.h" #include "error.h" #include "strings.h" #include "base64.h" #include "cert_info.h" #if OPENSSL_VERSION_NUMBER >= 0x00907000L #define UID_TYPE NID_x500UniqueIdentifier #else #define UID_TYPE NID_uniqueIdentifier #endif /** * Generate and compose a certificate chain */ void add_cert(X509 *cert, X509 ***certs, int *ncerts) { X509 **certs2; /* sanity checks */ if (!cert) return; if (!certs) return; if (!ncerts) return; /* no certs so far */ if (!*certs) { *certs = malloc(sizeof(void *)); if (!*certs) return; *certs[0] = cert; *ncerts = 1; return; } /* enlarge current cert chain by malloc(new)+copy()+free(old) */ certs2 = malloc(sizeof(void *) * ((*ncerts) + 1)); if (!certs2) return; memcpy(certs2, *certs, sizeof(void *) * (*ncerts)); certs2[*ncerts] = cert; free(*certs); *certs = certs2; (*ncerts)++; } /* * Extract Certificate's Common Name */ static char **cert_info_cn(X509 *x509) { static char *results[CERT_INFO_SIZE]; int lastpos,position; X509_NAME *name = X509_get_subject_name(x509); if (!name) { DBG("Certificate has no subject"); return NULL; } for (position=0;positiontype==GEN_OTHERNAME ) { /* test for UPN */ if (OBJ_cmp(name->d.otherName->type_id, krb5PrincipalName)) continue; /* object is not a UPN */ else { /* NOTE: from PKINIT RFC, I deduce that stored format for kerberos Principal Name is ASN1_STRING, but not sure at 100% Any help will be granted */ unsigned char *txt; ASN1_TYPE *val = name->d.otherName->value; ASN1_STRING *str= val->value.asn1_string; DBG("Found Kerberos Principal Name "); if ( ( ASN1_STRING_to_UTF8(&txt, str) ) < 0) { DBG1("ASN1_STRING_to_UTF8() failed: %s", ERR_error_string(ERR_get_error(),NULL)); } else { DBG1("Adding KPN entry: %s",txt); entries[j++]= clone_str((const char *)txt); } } } } sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); ASN1_OBJECT_free(krb5PrincipalName); if(j==0) { DBG("Certificate does not contain a KPN entry"); return NULL; } return entries; } /* * Extract Certificate's email */ static char **cert_info_email(X509 *x509) { int i,j; static char *entries[CERT_INFO_SIZE]; STACK_OF(GENERAL_NAME) *gens; GENERAL_NAME *name; DBG("Trying to find an email in certificate"); gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL); if (!gens) { DBG("No alternate name(s) in certificate"); return 0; /* no alternate names */ } for (i=0,j=0; (i < sk_GENERAL_NAME_num(gens)) && (jtype==GEN_EMAIL ) { DBG1("Found E-Mail Entry = '%s'", name->d.ia5->data); entries[j++]=clone_str((const char *)name->d.ia5->data); } } sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); if(j==0) { DBG("Certificate does not contain a Email entry"); return NULL; } return entries; } /* * Extract Certificate's Microsoft Universal Principal Name */ static char **cert_info_upn(X509 *x509) { int i,j; static char *entries[CERT_INFO_SIZE]; STACK_OF(GENERAL_NAME) *gens; GENERAL_NAME *name; DBG("Trying to find an Universal Principal Name in certificate"); gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL); if (!gens) { DBG("No alternate name extensions found"); return NULL; } for (j=0;jtype==GEN_OTHERNAME ) { /* test for UPN */ if (OBJ_cmp(name->d.otherName->type_id, OBJ_nid2obj(NID_ms_upn))) continue; /* object is not a UPN */ DBG("Found MS Universal Principal Name "); /* try to extract string and return it */ if (name->d.otherName->value->type == V_ASN1_UTF8STRING) { ASN1_UTF8STRING *str = name->d.otherName->value->value.utf8string; DBG1("Adding UPN NAME entry= %s",str->data); entries[j++] = clone_str((const char *)str->data); } else { DBG("Found UPN entry is not an utf8string"); } } } sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); if(j==0) { DBG("Certificate does not contain a MS UPN entry"); return NULL; } return entries; } /* * Extract Certificate's Unique Identifier(s) * Array size is limited to CERT_INFO_MAX_ENTRIES UID's. expected to be enough... */ static char **cert_info_uid(X509 *x509) { static char *results[CERT_INFO_SIZE]; int lastpos,position; int uid_type = UID_TYPE; X509_NAME *name = X509_get_subject_name(x509); if (!name) { DBG("Certificate has no subject"); return NULL; } for (position=0;position>24; *pt++= (n&0x00ff0000) >>16; *pt++= (n&0x0000ff00) >>8; *pt = (n&0x000000ff) >>0; return 4; } /* store an string into buffer */ static int str_append(unsigned char *pt, const char *str, int len) { memcpy(pt,str,len); return len; } /* store a bignum into a buffer */ static int BN_append(unsigned char *pt, const BIGNUM *bn) { unsigned char *old=pt; int res=0; int extrabyte=0; int size= 1 + BN_num_bytes(bn); unsigned char *buff; if(BN_is_zero(bn)) { res= int_append(pt,0); return res; } buff=malloc(size); *buff=0x00; BN_bn2bin(bn,buff+1); /* TODO: handle error condition */ extrabyte=( buff[1] & 0x80 )? 0:1; res= int_append(pt,size-extrabyte); pt+=res; res= str_append(pt,(char *)(buff+extrabyte),size-extrabyte); pt+=res; free(buff); return pt-old; } /* * Extract Certificate's Public Key in OpenSSH format */ static char **cert_info_sshpuk(X509 *x509) { char **maillist; const char *type; char *buf; unsigned char *blob,*pt,*data = NULL; int data_len; int res; static char *entries[2] = { NULL,NULL }; const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; const BIGNUM *rsa_e, *rsa_n; DSA *dsa; RSA *rsa; EVP_PKEY *pubk = X509_get_pubkey(x509); if(!pubk) { DBG("Cannot extract public key"); return NULL; } blob=calloc(8192,sizeof(unsigned char)); if (!blob ) { DBG("Cannot allocate space to compose pkey string"); goto sshpuk_fail; } pt=blob; switch (EVP_PKEY_base_id(pubk)) { case EVP_PKEY_DSA: dsa = EVP_PKEY_get1_DSA(pubk); if (dsa == NULL) { DBG("No data for public DSA key"); goto sshpuk_fail; } type="ssh-dss"; /* dump key into a byte array */ DSA_get0_key(dsa, &dsa_pub_key,NULL); DSA_get0_pqg(dsa, &dsa_p, &dsa_q, &dsa_g); res= int_append(pt,strlen(type)); pt+=res; res= str_append(pt,type,strlen(type)); pt+=res; res= BN_append(pt, dsa_p); pt+=res; res= BN_append(pt, dsa_q); pt+=res; res= BN_append(pt, dsa_g); pt+=res; res= BN_append(pt, dsa_pub_key); pt+=res; DSA_free(dsa); break; case EVP_PKEY_RSA: rsa = EVP_PKEY_get1_RSA(pubk); if (rsa == NULL) { DBG("No data for public RSA key"); goto sshpuk_fail; } /* dump key into a byte array */ type="ssh-rsa"; RSA_get0_key(rsa, &rsa_n, &rsa_e, NULL); res= int_append(pt,strlen(type)); pt+=res; res= str_append(pt,type,strlen(type)); pt+=res; res= BN_append(pt, rsa_e); pt+=res; res= BN_append(pt, rsa_n); pt+=res; RSA_free(rsa); break; default: DBG("Unknown public key type"); goto sshpuk_fail; } /* encode data in base64 format */ data_len= 1+ 4*((2+pt-blob)/3); /* data_len=8192; */ data=calloc(data_len,sizeof(unsigned char)); if(!data) { DBG1("calloc() to uuencode buffer '%d'",data_len); goto sshpuk_fail; } res= base64_encode(blob,pt-blob,data,(size_t *) &data_len); if (res<0) { DBG("BASE64 Encode failed"); goto sshpuk_fail; } /* retrieve email from certificate and compose ssh-key string */ maillist= cert_info_email(x509); res=0; if (maillist && maillist[0]) res= strlen(maillist[0]); buf=malloc(3+res+strlen(type)+data_len); if (!buf) { DBG("No memory to store public key dump"); goto sshpuk_fail; } if (maillist && maillist[0]) sprintf(buf,"%s %s %s",type,data,maillist[0]); else sprintf(buf,"%s %s",type,data); DBG1("Public key is '%s'\n",buf); EVP_PKEY_free(pubk); free(blob); free(data); entries[0]=buf; return entries; sshpuk_fail: EVP_PKEY_free(pubk); free(blob); if (data) free(data); return NULL; } static char* get_fingerprint(X509 *cert,const EVP_MD *type) { unsigned char md[EVP_MAX_MD_SIZE]; unsigned int len; X509_digest(cert,type,md,&len); if (!len) { DBG("X509_digest() failed"); return NULL; } return bin2hex(md,len); } /* * Evaluate Certificate Signature Digest */ static char **cert_info_digest(X509 *x509, const char *algorithm) { static char *entries[2] = { NULL,NULL }; const EVP_MD *digest = EVP_get_digestbyname(algorithm); if(!digest) { digest= EVP_sha1(); DBG1("Invalid digest algorithm %s, using 'sha1'",algorithm); } entries[0]= get_fingerprint(x509,digest); return entries; } /* * Return certificate in PEM format */ static char **cert_info_pem(X509 *x509) { int len; char *pt,*res; static char *entries[2] = { NULL,NULL }; BIO *buf= BIO_new(BIO_s_mem()); if (!buf) { DBG("BIO_new() failed"); return NULL; } if ( ! PEM_write_bio_X509(buf,x509) ) { DBG("Cannot print certificate"); return NULL; } /* extract data */ len= BIO_get_mem_data(buf,&pt); if ( ! (res= malloc(len+1) ) ) { DBG("Cannot malloc() to copy certificate"); return NULL; } memcpy(res,pt,len); *(res+len)='\0'; /*BIO_set_close(buf,BIO_NOCLOSE); */ BIO_free(buf); entries[0]=res; return entries; } /* * Return certificate in PEM format */ static char **cert_key_alg(X509 *x509) { static char *entries[2] = { NULL,NULL }; X509_PUBKEY *pubkey = NULL; X509_ALGOR * pa= NULL; const char *alg; pubkey = X509_get_X509_PUBKEY(x509); X509_PUBKEY_get0_param(NULL, NULL, NULL, &pa, pubkey); alg = OBJ_nid2ln( OBJ_obj2nid(pa->algorithm)); entries[0]=strdup(alg); return entries; } /* * Return certificate serial number as a hex string */ static char **cert_info_serial_number(X509 *x509) { static char *entries[2] = { NULL,NULL }; ASN1_INTEGER *serial = X509_get_serialNumber(x509); int len; unsigned char *buffer = NULL, *tmp_ptr; #if OPENSSL_VERSION_NUMBER < 0x10100000L len = i2c_ASN1_INTEGER(serial, NULL); if (len < 0) { return NULL; } buffer = malloc(len); if (buffer == NULL) { return NULL; } /* i2c_ASN1_INTEGER "kindly" increments our pointer by len, * give it a temp ptr it can tweak to it's hearts content */ tmp_ptr = buffer; len = i2c_ASN1_INTEGER(serial, &tmp_ptr); entries[0] = bin2hex(buffer,len); free(buffer); #else /* * OpenSSL-1.1.0 does not support i2c_ASN1_INTEGER * We will use i2d_ASN1_INTEGER to get the asn1, then pickout the * binary data * Note: buffer is DER, and will have single tag byte and at least * one length byte we just need to skip the tag and length */ len = i2d_ASN1_INTEGER(serial, &buffer); if (len < 0) { return NULL; } if (buffer == NULL) { return NULL; } if (buffer[1] & 0x80) { /* extra length bytes? */ len -= 2 - (buffer[1] & 0x7f); tmp_ptr = buffer + 2 + (buffer[1] & 0x7f); } else { len -= 2; tmp_ptr = buffer + 2; } entries[0] = bin2hex(tmp_ptr, len); OPENSSL_free(buffer); #endif return entries; } /** * request info on certificate * @param x509 Certificate to parse * @param type Information to retrieve * @param algorithm Digest algoritm to use * @return utf-8 string array with provided information */ char **cert_info(X509 *x509, int type, const char *algorithm ) { if (!x509) { DBG("Null certificate provided"); return NULL; } switch (type) { case CERT_CN : /* Certificate Common Name */ return cert_info_cn(x509); case CERT_SUBJECT : /* Certificate subject */ return cert_info_subject(x509); case CERT_ISSUER : /* Certificate issuer */ return cert_info_issuer(x509); case CERT_SERIAL : /* Certificate serial number */ /* fix me */ return cert_info_serial_number(x509); case CERT_KPN : /* Kerberos principal name */ return cert_info_kpn(x509); case CERT_EMAIL : /* Certificate e-mail */ return cert_info_email(x509); case CERT_UPN : /* Microsoft's Universal Principal Name */ return cert_info_upn(x509); case CERT_UID : /* Certificate Unique Identifier */ return cert_info_uid(x509); case CERT_PUK : /* Certificate Public Key */ return cert_info_puk(x509); case CERT_SSHPUK : /* Certificate Public Key in OpenSSH format */ return cert_info_sshpuk(x509); case CERT_PEM : /* Certificate in PEM format */ return cert_info_pem(x509); case CERT_DIGEST : /* Certificate Signature Digest */ if ( !algorithm ) { DBG("Must specify digest algorithm"); return NULL; } return cert_info_digest(x509,algorithm); case CERT_KEY_ALG : /* certificate signature algorithm */ return cert_key_alg(x509); default : DBG1("Invalid info type requested: %d",type); return NULL; } /* should not get here */ return NULL; } #endif /* HAVE_NSS */ #endif /* _CERT_INFO_C */ pam_pkcs11-0.6.9/src/common/error.h0000644000175000017500000000250512074274512017352 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ #ifndef __ERROR_H_ #define __ERROR_H_ #ifdef HAVE_CONFIG_H #include #endif #include #include #ifndef HAVE_NSS #include #endif #include /** Default error message buffer size */ #define ERROR_BUFFER_SIZE 512 #ifndef __ERROR_C_ #define ERROR_EXTERN extern #else #define ERROR_EXTERN #endif /** * store an error message into a temporary buffer, in a similar way as sprintf does * @param format String to be stored * @param ... Additional parameters */ ERROR_EXTERN void set_error(const char *format, ...); /** * Retrieve error message string from buffer *@return Error message */ ERROR_EXTERN const char *get_error(void); #undef ERROR_EXTERN #endif /* __ERROR_H_ */ pam_pkcs11-0.6.9/src/common/Makefile.am0000644000175000017500000000134112772700345020104 0ustar rousseaurousseau# Process this file with automake to create Makefile.in MAINTAINERCLEANFILES = Makefile.in AM_CFLAGS = $(CRYPTO_CFLAGS) AM_CPPFLAGS = $(CRYPTO_CFLAGS) SUBDIRS = . rsaref noinst_HEADERS = debug.h error.h uri.h strings.h \ cert_vfy.h cert_info.h base64.h pkcs11_lib.h \ cert_st.h alg_st.h SSLerrs.h SECerrs.h NSPRerrs.h \ secutil.h noinst_PROGRAMS = noinst_LTLIBRARIES = libcommon.la libcommon_la_SOURCES = algorithm.c cert_vfy.c cert_vfy.h \ cert_info.c cert_info.h \ debug.c debug.h error.c error.h \ uri.c uri.h strings.c strings.h \ pkcs11_lib.c \ strndup.c strndup.h \ pam-pkcs11-ossl-compat.h \ base64.c base64.h libcommon_la_LIBADD = $(CRYPTO_LIBS) $(PTHREAD_LIBS) $(LIBDL) libcommon_la_CFLAGS = $(PTHREAD_CFLAGS) pam_pkcs11-0.6.9/src/common/uri.c0000644000175000017500000003612312074274512017016 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ #define __URI_C_ #include #include #include #include "uri.h" #include "debug.h" #include "error.h" #include "strings.h" static const char *valid_urls[]= {"file:///","http://","https://","ftp://","ldap://",NULL}; /* comodity functions Analize provided pathname and check type Returns 1 on true, 0 on false, -1 on error */ int is_uri(const char *path) { int n=0; if(is_empty_str(path)) return -1; while(valid_urls[n]) { if(strstr(path,valid_urls[n++])) return 1; } return 0; } static struct stat * stat_file(const char *path) { static struct stat buf; int res; const char *pt=path; if(is_empty_str(path)) return NULL; if (is_uri(path)) { if (!strstr(path,"file:///")) return NULL; pt=path+8; } res = stat(pt,&buf); if (res<0) return NULL; return &buf; } int is_file(const char *path){ struct stat *info = stat_file(path); if (!info) return -1; if ( S_ISREG(info->st_mode) ) return 1; return 0; } int is_dir(const char *path){ struct stat *info = stat_file(path); if (!info) return -1; if ( S_ISDIR(info->st_mode) ) return 1; return 0; } int is_symlink(const char *path){ struct stat *info = stat_file(path); if (!info) return -1; if ( S_ISLNK(info->st_mode) ) return 1; return 0; } #ifdef HAVE_CURL_CURL_H #include /* curl call-back data */ struct curl_data_s { unsigned char *data; size_t length; }; /* curl call-back function */ static size_t curl_get(void *ptr, size_t size, size_t nmemb, void *stream) { struct curl_data_s *cd = (struct curl_data_s*)stream; unsigned char *p; size *= nmemb; p = realloc(cd->data, cd->length + size); if (p == NULL) { free(cd->data); cd->data = NULL; cd->length = 0; return 0; } cd->data = p; memcpy(&cd->data[cd->length], ptr, size); cd->length += size; return size; } int get_from_uri(const char *uri_str, unsigned char **data, size_t *length) { int rv; CURL *curl; char curl_error[CURL_ERROR_SIZE] = "0"; struct curl_data_s curl_data = { NULL, 0}; /* init curl */ curl = curl_easy_init(); if (curl == NULL) { set_error("get_easy_init() failed"); return -1; } curl_easy_setopt(curl, CURLOPT_URL, uri_str); curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, curl_error); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, curl_get); curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void*)&curl_data); /* download data */ rv = curl_easy_perform(curl); curl_easy_cleanup(curl); if (rv != 0) { set_error("curl_easy_perform() failed: %s (%d)", curl_error, rv); return -1; } /* copy data */ *data = curl_data.data; *length = curl_data.length; return 0; } #else #include #include #include #include #include #ifdef HAVE_LDAP #include #endif typedef enum { unknown = 0, file, http, ldap } scheme_t; typedef struct { char *protocol; char *host; char *port; char *path; char *user; char *password; /* only data has to be freed */ char *data; } generic_uri_t; typedef struct { scheme_t scheme; generic_uri_t *file, *http; #ifdef HAVE_LDAP LDAPURLDesc *ldap; #endif } uri_t; static void free_uri(uri_t *uri) { /* remember that free() already checks for null */ if (uri) { if(uri->file) free(uri->file->data); free(uri->file); if(uri->http) free(uri->http->data); free(uri->http); #ifdef HAVE_LDAP if(uri->ldap) ldap_free_urldesc(uri->ldap); #endif free(uri); } } static int parse_generic_uri(const char *in, generic_uri_t **out) { char *p; *out = malloc(sizeof(generic_uri_t)); if (*out == NULL) { set_error("not enough free memory available"); return -1; } memset(*out, 0, sizeof(generic_uri_t)); p = (*out)->data = strdup(in); if ((*out)->data == NULL) { free(*out); *out = NULL; set_error("not enough free memory available"); return -1; } /* get protocol */ (*out)->protocol = p; p = strstr(p, ":/"); if (p == NULL) { free((*out)->data); free(*out); *out = NULL; set_error("no protocol defined"); return -1; } *p = 0; p += 2; /* distinguish between network path and absolute path */ if (p[0] != '/') { /* get absolute path */ (*out)->path = (p - 1); } else { /* get authority and path */ (*out)->path = strpbrk(p + 1, "/?"); if ((*out)->path == NULL) { (*out)->path = "/"; (*out)->host = p + 1; } else { (*out)->host = p; memmove(p, p + 1, (*out)->path - p); *((*out)->path - 1) = 0; } /* split authority */ p = strchr((*out)->host, '@'); if (p != NULL) { (*out)->user = (*out)->host; *p++ = 0; (*out)->host = p; } /* split host */ p = strchr((*out)->host, ':'); if (p != NULL) { *p++ = 0; (*out)->port = p; } /* split user */ if ((*out)->user) { p = strchr((*out)->user, ':'); if (p != NULL) { *p++ = 0; (*out)->password = p; } } } DBG1("protocol = [%s]", (*out)->protocol); DBG1("user = [%s]", (*out)->user); DBG1("password = [%s]", (*out)->password); DBG1("host = [%s]", (*out)->host); DBG1("port = [%s]", (*out)->port); DBG1("path = [%s]", (*out)->path); return 0; } #ifdef HAVE_LDAP static int parse_ldap_uri(const char *in, LDAPURLDesc ** out) { if (ldap_url_parse(in, out) != 0) { set_error("ldap_url_parse() failed"); return -1; } DBG1("protocol = [%s]", (*out)->lud_scheme); DBG1("host = [%s]", (*out)->lud_host); DBG1("port = [%d]", (*out)->lud_port); DBG1("base = [%s]", (*out)->lud_dn); DBG1("attributes = [%s]", (*out)->lud_attrs ? (*out)->lud_attrs[0] : NULL); DBG1("filter = [%s]", (*out)->lud_filter); return 0; } #endif static int parse_uri(const char *str, uri_t **uri) { int rv; *uri = malloc(sizeof(uri_t)); if (*uri == NULL) { set_error("not enough free memory available"); return -1; } memset(*uri, 0, sizeof(uri_t)); /* parse uri depending on the scheme */ if (strchr(str, ':') == NULL) { set_error("no scheme defined"); rv = -1; } else if (!strncmp(str, "file:", 5)) { (*uri)->scheme = file; rv = parse_generic_uri(str, &(*uri)->file); if (rv != 0) set_error("parse_generic_uri() failed: %s", get_error()); } else if (!strncmp(str, "http:", 5)) { (*uri)->scheme = http; rv = parse_generic_uri(str, &(*uri)->http); if (rv != 0) set_error("parse_generic_uri() failed: %s", get_error()); } else if (!strncmp(str, "ldap:", 5)) { #ifdef HAVE_LDAP (*uri)->scheme = ldap; rv = parse_ldap_uri(str, &(*uri)->ldap); if (rv != 0) set_error("parse_ldap_uri() failed: %s", get_error()); #else rv = -1; set_error("Compiled without ldap support"); #endif } else { (*uri)->scheme = unknown; rv = 0; } if (rv != 0) free_uri(*uri); return rv; } static int get_file(uri_t *uri, unsigned char **data, ssize_t * length) { int fd; ssize_t len, rv; *length = 0; *data = NULL; /* open file */ DBG("opening..."); fd = open(uri->file->path, O_RDONLY); if (fd == -1) { set_error("open() failed: %s", strerror(errno)); return -1; } /* get file size and allocate memory */ *length = (ssize_t) lseek(fd, 0, SEEK_END); if (*length == -1) { close(fd); set_error("lseek() failed: %s", strerror(errno)); return -1; } *data = malloc(*length); if (*data == NULL) { close(fd); set_error("not enough free memory available"); return -1; } lseek(fd, 0, SEEK_SET); /* read data */ DBG("reading..."); len = 0; while (len < *length) { rv = read(fd, *data + len, *length - len); if (rv <= 0) { free(*data); close(fd); set_error("read() failed: %s", strerror(errno)); return -1; } len += rv; } /* close file and exit */ close(fd); return 0; } static int get_http(uri_t *uri, unsigned char **data, size_t *length, int rec_level) { int rv, sock, i, j; struct addrinfo hint = { 0, PF_UNSPEC, SOCK_STREAM, 0, 0, NULL, NULL, NULL }; struct addrinfo *info; char *request; unsigned char *buf; ssize_t len, bufsize; *length = 0; *data = NULL; /* get host address and port */ if (uri->http->port == NULL) uri->http->port = "80"; rv = getaddrinfo(uri->http->host, uri->http->port, &hint, &info); if (rv != 0) { set_error("getaddrinfo() failed: %s", gai_strerror(rv)); return -1; } sock = socket(info->ai_family, info->ai_socktype, info->ai_protocol); if (sock == -1) { freeaddrinfo(info); set_error("socket() failed: %s", strerror(errno)); return -1; } DBG("connecting..."); rv = connect(sock, info->ai_addr, info->ai_addrlen); freeaddrinfo(info); if (rv == -1) { close(sock); set_error("connect() failed: %s", strerror(errno)); return -1; } /* send http 1.0 request */ request = malloc(32 + strlen(uri->http->path) + strlen(uri->http->host)); if (request == NULL) { close(sock); set_error("not enough free memory available"); return -1; } sprintf(request, "GET %s HTTP/1.0\nHost: %s\n\n\n", uri->http->path, uri->http->host); len = strlen(request); rv = send(sock, request, len, 0); free(request); if (rv != len) { close(sock); set_error("send() failed: %s", strerror(errno)); return -1; } /* receive response */ DBG("receiving..."); bufsize = 128; buf = malloc(bufsize); if (buf == NULL) { close(sock); set_error("not enough free memory available"); return -1; } len = 0; do { rv = recv(sock, &buf[len], bufsize - len, 0); if (rv == -1) { close(sock); free(buf); set_error("recv() failed: %s", strerror(errno)); return -1; } len += rv; if (len >= bufsize && rv) { unsigned char *b = (unsigned char *)realloc(buf, (bufsize <<= 1)); if (b == NULL) { close(sock); free(buf); set_error("not enough free memory available"); return -1; } buf = b; } } while (rv); close(sock); /* decode header */ DBG("decoding..."); if (sscanf((char *)buf, "HTTP/%d.%d %d", &i, &j, &rv) != 3) { free(buf); set_error("got a malformed http response from the server"); return -1; } /* decode result */ if (rv == 301 || rv == 302) { uri_t *ruri; /* extract the url to the new location */ for (i = 0; i < len - 10 && strncmp((char *)&buf[i], "Location: ", 10); i++); i += 10; for (j = i; j < len && buf[j] != '\r' && buf[j] != '\n' && buf[j] != ' '; j++); buf[j] = 0; DBG1("redirected to %s", &buf[i]); /* maximal 5 redirections are allowed */ if (rec_level > 5) { free(buf); set_error("to many redirections occurred"); return -1; } rv = parse_uri((char *)&buf[i], &ruri); if (rv != 0) { free(buf); set_error("parse_uri() failed: %s", get_error()); return -1; } if (ruri->scheme != http) { free(ruri); free(buf); set_error("redirection uri is invalid that is not of the scheme http"); return -1; } /* downlaod recursively */ rv = get_http(ruri, data, length, ++rec_level); free_uri(ruri); free(buf); return rv; } else if (rv != 200) { free(buf); set_error("http get command failed with error %d", rv); return -1; } /* ... skip rest of the header */ for (i = 0; i < len; i++) { if (i < len - 2 && !strncmp((char *) &buf[i], "\n\n", 2)) { i += 2; break; } if (i < len - 4 && !strncmp((char *)&buf[i], "\r\n\r\n", 4)) { i += 4; break; } } /* copy data */ *length = len - i; if (*length == 0) { free(buf); set_error("no data received"); return -1; } *data = malloc(*length); if (*data == NULL) { free(buf); set_error("not enough free memory available"); return -1; } memcpy(*data, &buf[i], *length); free(buf); return 0; } #ifdef HAVE_LDAP static int get_ldap(uri_t *uri, unsigned char **data, size_t *length) { int rv; LDAP *ldap; LDAPMessage *msg; struct berval **vals; BerElement *berptr; *length = 0; *data = NULL; /* bind to the ldap server */ DBG("connecting..."); ldap = ldap_init(uri->ldap->lud_host, uri->ldap->lud_port); if (ldap == NULL) { ldap_unbind_s(ldap); set_error("ldap_init() failed: %s", strerror(errno)); return -1; } rv = ldap_simple_bind_s(ldap, NULL, NULL); if (rv != LDAP_SUCCESS) { ldap_unbind_s(ldap); set_error("ldap_simple_bind_s() failed: %s", ldap_err2string(rv)); return -1; } /* search an item */ DBG("searching..."); rv = ldap_search_s(ldap, uri->ldap->lud_dn, uri->ldap->lud_scope, uri->ldap->lud_filter, uri->ldap->lud_attrs, 0, &msg); if (rv != LDAP_SUCCESS) { ldap_unbind_s(ldap); set_error("ldap_search_s() failed: %s", ldap_err2string(rv)); return -1; } vals = ldap_get_values_len(ldap, msg, ldap_first_attribute(ldap, msg, &berptr)); ber_free(berptr, 0); if (vals == NULL) { ldap_value_free_len(vals); ldap_msgfree(msg); ldap_unbind_s(ldap); ldap_get_option(ldap, LDAP_OPT_ERROR_NUMBER, &rv); set_error("ldap_ldap_get_values_len() failed: %s", ldap_err2string(rv)); return -1; } /* allocate memory and copy the item */ DBG("copying data..."); *length = (*vals)->bv_len; *data = malloc(*length); if (*data == NULL) { ldap_value_free_len(vals); ldap_msgfree(msg); ldap_unbind_s(ldap); set_error("not enough free memory available"); return -1; } memcpy(*data, (*vals)->bv_val, *length); ldap_value_free_len(vals); ldap_msgfree(msg); /* unbind from server end exit */ ldap_unbind_s(ldap); return 0; } #endif int get_from_uri(const char *str, unsigned char **data, size_t *length) { int rv; uri_t *uri; /* parse uri */ DBG("parsing uri:"); rv = parse_uri(str, &uri); if (rv != 0) { set_error("parse_uri() failed: %s", get_error()); return -1; } /* download data depending on the scheme */ switch (uri->scheme) { case file: rv = get_file(uri, data, (ssize_t *) length); if (rv != 0) set_error("get_file() failed: %s", get_error()); break; case http: rv = get_http(uri, data, length, 0); if (rv != 0) set_error("get_http() failed: %s", get_error()); break; case ldap: #ifdef HAVE_LDAP rv = get_ldap(uri, data, length); if (rv != 0) set_error("get_ldap() failed: %s", get_error()); #else rv = -1; set_error("Compiled without LDAP support"); #endif break; case unknown: default: set_error("unsupported protocol"); rv = -1; } free_uri(uri); return rv; } #endif /* USE_CURL */ pam_pkcs11-0.6.9/src/common/NSPRerrs.h0000644000175000017500000001623712074274512017706 0ustar rousseaurousseau/* ***** BEGIN LICENSE BLOCK ***** * Version: MPL 1.1/GPL 2.0/LGPL 2.1 * * The contents of this file are subject to the Mozilla Public License Version * 1.1 (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" basis, * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License * for the specific language governing rights and limitations under the * License. * * The Original Code is the Netscape security libraries. * * The Initial Developer of the Original Code is * Netscape Communications Corporation. * Portions created by the Initial Developer are Copyright (C) 1994-2000 * the Initial Developer. All Rights Reserved. * * Contributor(s): * * Alternatively, the contents of this file may be used under the terms of * either the GNU General Public License Version 2 or later (the "GPL"), or * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), * in which case the provisions of the GPL or the LGPL are applicable instead * of those above. If you wish to allow use of your version of this file only * under the terms of either the GPL or the LGPL, and not to allow others to * use your version of this file under the terms of the MPL, indicate your * decision by deleting the provisions above and replace them with the notice * and other provisions required by the GPL or the LGPL. If you do not delete * the provisions above, a recipient may use your version of this file under * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ /* General NSPR 2.0 errors */ /* Caller must #include "prerror.h" */ ER2( PR_OUT_OF_MEMORY_ERROR, "Memory allocation attempt failed." ) ER2( PR_BAD_DESCRIPTOR_ERROR, "Invalid file descriptor." ) ER2( PR_WOULD_BLOCK_ERROR, "The operation would have blocked." ) ER2( PR_ACCESS_FAULT_ERROR, "Invalid memory address argument." ) ER2( PR_INVALID_METHOD_ERROR, "Invalid function for file type." ) ER2( PR_ILLEGAL_ACCESS_ERROR, "Invalid memory address argument." ) ER2( PR_UNKNOWN_ERROR, "Some unknown error has occurred." ) ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." ) ER2( PR_NOT_IMPLEMENTED_ERROR, "function not implemented." ) ER2( PR_IO_ERROR, "I/O function error." ) ER2( PR_IO_TIMEOUT_ERROR, "I/O operation timed out." ) ER2( PR_IO_PENDING_ERROR, "I/O operation on busy file descriptor." ) ER2( PR_DIRECTORY_OPEN_ERROR, "The directory could not be opened." ) ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." ) ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." ) ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." ) ER2( PR_IS_CONNECTED_ERROR, "Already connected." ) ER2( PR_BAD_ADDRESS_ERROR, "Network address is invalid." ) ER2( PR_ADDRESS_IN_USE_ERROR, "Local Network address is in use." ) ER2( PR_CONNECT_REFUSED_ERROR, "Connection refused by peer." ) ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." ) ER2( PR_CONNECT_TIMEOUT_ERROR, "Connection attempt timed out." ) ER2( PR_NOT_CONNECTED_ERROR, "Network file descriptor is not connected." ) ER2( PR_LOAD_LIBRARY_ERROR, "Failure to load dynamic library." ) ER2( PR_UNLOAD_LIBRARY_ERROR, "Failure to unload dynamic library." ) ER2( PR_FIND_SYMBOL_ERROR, "Symbol not found in any of the loaded dynamic libraries." ) ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." ) ER2( PR_DIRECTORY_LOOKUP_ERROR, "A directory lookup on a network address has failed." ) ER2( PR_TPD_RANGE_ERROR, "Attempt to access a TPD key that is out of range." ) ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." ) ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." ) ER2( PR_NOT_SOCKET_ERROR, "Network operation attempted on non-network file descriptor." ) ER2( PR_NOT_TCP_SOCKET_ERROR, "TCP-specific function attempted on a non-TCP file descriptor." ) ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." ) ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." ) ER2( PR_OPERATION_NOT_SUPPORTED_ERROR, "The requested operation is not supported by the platform." ) ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR, "The host operating system does not support the protocol requested." ) ER2( PR_REMOTE_FILE_ERROR, "Access to the remote file has been severed." ) ER2( PR_BUFFER_OVERFLOW_ERROR, "The value requested is too large to be stored in the data buffer provided." ) ER2( PR_CONNECT_RESET_ERROR, "TCP connection reset by peer." ) ER2( PR_RANGE_ERROR, "Unused." ) ER2( PR_DEADLOCK_ERROR, "The operation would have deadlocked." ) ER2( PR_FILE_IS_LOCKED_ERROR, "The file is already locked." ) ER2( PR_FILE_TOO_BIG_ERROR, "Write would result in file larger than the system allows." ) ER2( PR_NO_DEVICE_SPACE_ERROR, "The device for storing the file is full." ) ER2( PR_PIPE_ERROR, "Unused." ) ER2( PR_NO_SEEK_DEVICE_ERROR, "Unused." ) ER2( PR_IS_DIRECTORY_ERROR, "Cannot perform a normal file operation on a directory." ) ER2( PR_LOOP_ERROR, "Symbolic link loop." ) ER2( PR_NAME_TOO_LONG_ERROR, "File name is too long." ) ER2( PR_FILE_NOT_FOUND_ERROR, "File not found." ) ER2( PR_NOT_DIRECTORY_ERROR, "Cannot perform directory operation on a normal file." ) ER2( PR_READ_ONLY_FILESYSTEM_ERROR, "Cannot write to a read-only file system." ) ER2( PR_DIRECTORY_NOT_EMPTY_ERROR, "Cannot delete a directory that is not empty." ) ER2( PR_FILESYSTEM_MOUNTED_ERROR, "Cannot delete or rename a file object while the file system is busy." ) ER2( PR_NOT_SAME_DEVICE_ERROR, "Cannot rename a file to a file system on another device." ) ER2( PR_DIRECTORY_CORRUPTED_ERROR, "The directory object in the file system is corrupted." ) ER2( PR_FILE_EXISTS_ERROR, "Cannot create or rename a filename that already exists." ) ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR, "Directory is full. No additional filenames may be added." ) ER2( PR_INVALID_DEVICE_STATE_ERROR, "The required device was in an invalid state." ) ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." ) ER2( PR_NO_MORE_FILES_ERROR, "No more entries in the directory." ) ER2( PR_END_OF_FILE_ERROR, "Encountered end of file." ) ER2( PR_FILE_SEEK_ERROR, "Seek error." ) ER2( PR_FILE_IS_BUSY_ERROR, "The file is busy." ) ER2( PR_IN_PROGRESS_ERROR, "Operation is still in progress (probably a non-blocking connect)." ) ER2( PR_ALREADY_INITIATED_ERROR, "Operation has already been initiated (probably a non-blocking connect)." ) #ifdef PR_GROUP_EMPTY_ERROR ER2( PR_GROUP_EMPTY_ERROR, "The wait group is empty." ) #endif #ifdef PR_INVALID_STATE_ERROR ER2( PR_INVALID_STATE_ERROR, "Object state improper for request." ) #endif #ifdef PR_NETWORK_DOWN_ERROR ER2( PR_NETWORK_DOWN_ERROR, "Network is down." ) #endif #ifdef PR_SOCKET_SHUTDOWN_ERROR ER2( PR_SOCKET_SHUTDOWN_ERROR, "The socket was previously shut down." ) #endif #ifdef PR_CONNECT_ABORTED_ERROR ER2( PR_CONNECT_ABORTED_ERROR, "TCP Connection aborted." ) #endif #ifdef PR_HOST_UNREACHABLE_ERROR ER2( PR_HOST_UNREACHABLE_ERROR, "Host is unreachable." ) #endif /* always last */ ER2( PR_MAX_ERROR, "Placeholder for the end of the list" ) pam_pkcs11-0.6.9/src/common/SSLerrs.h0000644000175000017500000003635112074274512017564 0ustar rousseaurousseau/* ***** BEGIN LICENSE BLOCK ***** * Version: MPL 1.1/GPL 2.0/LGPL 2.1 * * The contents of this file are subject to the Mozilla Public License Version * 1.1 (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" basis, * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License * for the specific language governing rights and limitations under the * License. * * The Original Code is the Netscape security libraries. * * The Initial Developer of the Original Code is * Netscape Communications Corporation. * Portions created by the Initial Developer are Copyright (C) 1994-2000 * the Initial Developer. All Rights Reserved. * * Contributor(s): * * Alternatively, the contents of this file may be used under the terms of * either the GNU General Public License Version 2 or later (the "GPL"), or * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), * in which case the provisions of the GPL or the LGPL are applicable instead * of those above. If you wish to allow use of your version of this file only * under the terms of either the GPL or the LGPL, and not to allow others to * use your version of this file under the terms of the MPL, indicate your * decision by deleting the provisions above and replace them with the notice * and other provisions required by the GPL or the LGPL. If you do not delete * the provisions above, a recipient may use your version of this file under * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ /* SSL-specific security error codes */ /* caller must include "sslerr.h" */ ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0, "Unable to communicate securely. Peer does not support high-grade encryption.") ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1, "Unable to communicate securely. Peer requires high-grade encryption which is not supported.") ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2, "Cannot communicate securely with peer: no common encryption algorithm(s).") ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3, "Unable to find the certificate or key necessary for authentication.") ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4, "Unable to communicate securely with peer: peers's certificate was rejected.") /* unused (SSL_ERROR_BASE + 5),*/ ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6, "The server has encountered bad data from the client.") ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7, "The client has encountered bad data from the server.") ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8, "Unsupported certificate type.") ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9, "Peer using unsupported version of security protocol.") /* unused (SSL_ERROR_BASE + 10),*/ ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11, "Client authentication failed: private key in key database does not match public key in certificate database.") ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12, "Unable to communicate securely with peer: requested domain name does not match the server's certificate.") /* SSL_ERROR_POST_WARNING (SSL_ERROR_BASE + 13), defined in sslerr.h */ ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14), "Peer only supports SSL version 2, which is locally disabled.") ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15), "SSL received a record with an incorrect Message Authentication Code.") ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16), "SSL peer reports incorrect Message Authentication Code.") ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17), "SSL peer cannot verify your certificate.") ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18), "SSL peer rejected your certificate as revoked.") ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19), "SSL peer rejected your certificate as expired.") ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20), "Cannot connect: SSL is disabled.") ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21), "Cannot connect: SSL peer is in another FORTEZZA domain.") ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE , (SSL_ERROR_BASE + 22), "An unknown SSL cipher suite has been requested.") ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED , (SSL_ERROR_BASE + 23), "No cipher suites are present and enabled in this program.") ER3(SSL_ERROR_BAD_BLOCK_PADDING , (SSL_ERROR_BASE + 24), "SSL received a record with bad block padding.") ER3(SSL_ERROR_RX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 25), "SSL received a record that exceeded the maximum permissible length.") ER3(SSL_ERROR_TX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 26), "SSL attempted to send a record that exceeded the maximum permissible length.") /* * Received a malformed (too long or short or invalid content) SSL handshake. */ ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST , (SSL_ERROR_BASE + 27), "SSL received a malformed Hello Request handshake message.") ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO , (SSL_ERROR_BASE + 28), "SSL received a malformed Client Hello handshake message.") ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO , (SSL_ERROR_BASE + 29), "SSL received a malformed Server Hello handshake message.") ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE , (SSL_ERROR_BASE + 30), "SSL received a malformed Certificate handshake message.") ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 31), "SSL received a malformed Server Key Exchange handshake message.") ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST , (SSL_ERROR_BASE + 32), "SSL received a malformed Certificate Request handshake message.") ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE , (SSL_ERROR_BASE + 33), "SSL received a malformed Server Hello Done handshake message.") ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY , (SSL_ERROR_BASE + 34), "SSL received a malformed Certificate Verify handshake message.") ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 35), "SSL received a malformed Client Key Exchange handshake message.") ER3(SSL_ERROR_RX_MALFORMED_FINISHED , (SSL_ERROR_BASE + 36), "SSL received a malformed Finished handshake message.") /* * Received a malformed (too long or short) SSL record. */ ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER , (SSL_ERROR_BASE + 37), "SSL received a malformed Change Cipher Spec record.") ER3(SSL_ERROR_RX_MALFORMED_ALERT , (SSL_ERROR_BASE + 38), "SSL received a malformed Alert record.") ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE , (SSL_ERROR_BASE + 39), "SSL received a malformed Handshake record.") ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40), "SSL received a malformed Application Data record.") /* * Received an SSL handshake that was inappropriate for the state we're in. * E.g. Server received message from server, or wrong state in state machine. */ ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST , (SSL_ERROR_BASE + 41), "SSL received an unexpected Hello Request handshake message.") ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO , (SSL_ERROR_BASE + 42), "SSL received an unexpected Client Hello handshake message.") ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO , (SSL_ERROR_BASE + 43), "SSL received an unexpected Server Hello handshake message.") ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE , (SSL_ERROR_BASE + 44), "SSL received an unexpected Certificate handshake message.") ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45), "SSL received an unexpected Server Key Exchange handshake message.") ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST , (SSL_ERROR_BASE + 46), "SSL received an unexpected Certificate Request handshake message.") ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE , (SSL_ERROR_BASE + 47), "SSL received an unexpected Server Hello Done handshake message.") ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY , (SSL_ERROR_BASE + 48), "SSL received an unexpected Certificate Verify handshake message.") ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49), "SSL received an unexpected Cllient Key Exchange handshake message.") ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED , (SSL_ERROR_BASE + 50), "SSL received an unexpected Finished handshake message.") /* * Received an SSL record that was inappropriate for the state we're in. */ ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER , (SSL_ERROR_BASE + 51), "SSL received an unexpected Change Cipher Spec record.") ER3(SSL_ERROR_RX_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 52), "SSL received an unexpected Alert record.") ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE , (SSL_ERROR_BASE + 53), "SSL received an unexpected Handshake record.") ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54), "SSL received an unexpected Application Data record.") /* * Received record/message with unknown discriminant. */ ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE , (SSL_ERROR_BASE + 55), "SSL received a record with an unknown content type.") ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE , (SSL_ERROR_BASE + 56), "SSL received a handshake message with an unknown message type.") ER3(SSL_ERROR_RX_UNKNOWN_ALERT , (SSL_ERROR_BASE + 57), "SSL received an alert record with an unknown alert description.") /* * Received an alert reporting what we did wrong. (more alerts above) */ ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT , (SSL_ERROR_BASE + 58), "SSL peer has closed this connection.") ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 59), "SSL peer was not expecting a handshake message it received.") ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT , (SSL_ERROR_BASE + 60), "SSL peer was unable to succesfully decompress an SSL record it received.") ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT , (SSL_ERROR_BASE + 61), "SSL peer was unable to negotiate an acceptable set of security parameters.") ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT , (SSL_ERROR_BASE + 62), "SSL peer rejected a handshake message for unacceptable content.") ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT , (SSL_ERROR_BASE + 63), "SSL peer does not support certificates of the type it received.") ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT , (SSL_ERROR_BASE + 64), "SSL peer had some unspecified issue with the certificate it received.") ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE , (SSL_ERROR_BASE + 65), "SSL experienced a failure of its random number generator.") ER3(SSL_ERROR_SIGN_HASHES_FAILURE , (SSL_ERROR_BASE + 66), "Unable to digitally sign data required to verify your certificate.") ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE , (SSL_ERROR_BASE + 67), "SSL was unable to extract the public key from the peer's certificate.") ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 68), "Unspecified failure while processing SSL Server Key Exchange handshake.") ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 69), "Unspecified failure while processing SSL Client Key Exchange handshake.") ER3(SSL_ERROR_ENCRYPTION_FAILURE , (SSL_ERROR_BASE + 70), "Bulk data encryption algorithm failed in selected cipher suite.") ER3(SSL_ERROR_DECRYPTION_FAILURE , (SSL_ERROR_BASE + 71), "Bulk data decryption algorithm failed in selected cipher suite.") ER3(SSL_ERROR_SOCKET_WRITE_FAILURE , (SSL_ERROR_BASE + 72), "Attempt to write encrypted data to underlying socket failed.") ER3(SSL_ERROR_MD5_DIGEST_FAILURE , (SSL_ERROR_BASE + 73), "MD5 digest function failed.") ER3(SSL_ERROR_SHA_DIGEST_FAILURE , (SSL_ERROR_BASE + 74), "SHA-1 digest function failed.") ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE , (SSL_ERROR_BASE + 75), "MAC computation failed.") ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE , (SSL_ERROR_BASE + 76), "Failure to create Symmetric Key context.") ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE , (SSL_ERROR_BASE + 77), "Failure to unwrap the Symmetric key in Client Key Exchange message.") ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED , (SSL_ERROR_BASE + 78), "SSL Server attempted to use domestic-grade public key with export cipher suite.") ER3(SSL_ERROR_IV_PARAM_FAILURE , (SSL_ERROR_BASE + 79), "PKCS11 code failed to translate an IV into a param.") ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE , (SSL_ERROR_BASE + 80), "Failed to initialize the selected cipher suite.") ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE , (SSL_ERROR_BASE + 81), "Client failed to generate session keys for SSL session.") ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG , (SSL_ERROR_BASE + 82), "Server has no key for the attempted key exchange algorithm.") ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL , (SSL_ERROR_BASE + 83), "PKCS#11 token was inserted or removed while operation was in progress.") ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND , (SSL_ERROR_BASE + 84), "No PKCS#11 token could be found to do a required operation.") ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP , (SSL_ERROR_BASE + 85), "Cannot communicate securely with peer: no common compression algorithm(s).") ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED , (SSL_ERROR_BASE + 86), "Cannot initiate another SSL handshake until current handshake is complete.") ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE , (SSL_ERROR_BASE + 87), "Received incorrect handshakes hash values from peer.") ER3(SSL_ERROR_CERT_KEA_MISMATCH , (SSL_ERROR_BASE + 88), "The certificate provided cannot be used with the selected key exchange algorithm.") ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA , (SSL_ERROR_BASE + 89), "No certificate authority is trusted for SSL client authentication.") ER3(SSL_ERROR_SESSION_NOT_FOUND , (SSL_ERROR_BASE + 90), "Client's SSL session ID not found in server's session cache.") ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT , (SSL_ERROR_BASE + 91), "Peer was unable to decrypt an SSL record it received.") ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT , (SSL_ERROR_BASE + 92), "Peer received an SSL record that was longer than is permitted.") ER3(SSL_ERROR_UNKNOWN_CA_ALERT , (SSL_ERROR_BASE + 93), "Peer does not recognize and trust the CA that issued your certificate.") ER3(SSL_ERROR_ACCESS_DENIED_ALERT , (SSL_ERROR_BASE + 94), "Peer received a valid certificate, but access was denied.") ER3(SSL_ERROR_DECODE_ERROR_ALERT , (SSL_ERROR_BASE + 95), "Peer could not decode an SSL handshake message.") ER3(SSL_ERROR_DECRYPT_ERROR_ALERT , (SSL_ERROR_BASE + 96), "Peer reports failure of signature verification or key exchange.") ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT , (SSL_ERROR_BASE + 97), "Peer reports negotiation not in compliance with export regulations.") ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT , (SSL_ERROR_BASE + 98), "Peer reports incompatible or unsupported protocol version.") ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT , (SSL_ERROR_BASE + 99), "Server requires ciphers more secure than those supported by client.") ER3(SSL_ERROR_INTERNAL_ERROR_ALERT , (SSL_ERROR_BASE + 100), "Peer reports it experienced an internal error.") ER3(SSL_ERROR_USER_CANCELED_ALERT , (SSL_ERROR_BASE + 101), "Peer user canceled handshake.") ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT , (SSL_ERROR_BASE + 102), "Peer does not permit renegotiation of SSL security parameters.") ER3(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED , (SSL_ERROR_BASE + 103), "SSL server cache not configured and not disabled for this socket.") pam_pkcs11-0.6.9/src/common/pkcs11_lib.h0000644000175000017500000000662612074274512020161 0ustar rousseaurousseau/* * PKCS #11 PAM Login Module * Copyright (C) 2003 Mario Strasser , * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ #ifndef __PKCS11_LIB_H__ #define __PKCS11_LIB_H__ #include "cert_st.h" typedef struct cert_object_str cert_object_t; typedef struct pkcs11_handle_str pkcs11_handle_t; #ifndef __PKCS11_LIB_C__ #define PKCS11_EXTERN extern #else #define PKCS11_EXTERN #endif PKCS11_EXTERN int crypto_init(cert_policy *policy); PKCS11_EXTERN int load_pkcs11_module(const char *module, pkcs11_handle_t **h); PKCS11_EXTERN int init_pkcs11_module(pkcs11_handle_t *h,int flag); PKCS11_EXTERN int find_slot_by_number(pkcs11_handle_t *h,unsigned int slot_num, unsigned int *slot); PKCS11_EXTERN int find_slot_by_number_and_label(pkcs11_handle_t *h, int slot_num, const char *slot_label, unsigned int *slot); PKCS11_EXTERN const char *get_slot_tokenlabel(pkcs11_handle_t *h); PKCS11_EXTERN int wait_for_token(pkcs11_handle_t *h, int wanted_slot_num, const char *wanted_token_label, unsigned int *slot); PKCS11_EXTERN int find_slot_by_slotlabel(pkcs11_handle_t *h, const char *wanted_slot_label, unsigned int *slot); PKCS11_EXTERN int find_slot_by_slotlabel_and_tokenlabel(pkcs11_handle_t *h, const char *wanted_slot_label, const char *wanted_token_label, unsigned int *slot); PKCS11_EXTERN int wait_for_token_by_slotlabel(pkcs11_handle_t *h, const char *wanted_slot_label, const char *wanted_token_label, unsigned int *slot); PKCS11_EXTERN const X509 *get_X509_certificate(cert_object_t *cert); PKCS11_EXTERN void release_pkcs11_module(pkcs11_handle_t *h); PKCS11_EXTERN int open_pkcs11_session(pkcs11_handle_t *h, unsigned int slot); PKCS11_EXTERN int close_pkcs11_session(pkcs11_handle_t *h); PKCS11_EXTERN int pkcs11_login(pkcs11_handle_t *h, char *password); PKCS11_EXTERN int pkcs11_pass_login(pkcs11_handle_t *h, int nullok); PKCS11_EXTERN int get_slot_login_required(pkcs11_handle_t *h); PKCS11_EXTERN int get_slot_protected_authentication_path(pkcs11_handle_t *h); PKCS11_EXTERN cert_object_t **get_certificate_list(pkcs11_handle_t *h, int *ncert); PKCS11_EXTERN int get_private_key(pkcs11_handle_t *h, cert_object_t *); PKCS11_EXTERN int sign_value(pkcs11_handle_t *h, cert_object_t *, unsigned char *data, unsigned long length, unsigned char **signature, unsigned long *signature_length); PKCS11_EXTERN int get_random_value(unsigned char *data, int length); #undef PKCS11_EXTERN /* end of pkcs11_lib.h */ #endif pam_pkcs11-0.6.9/src/Makefile.am0000644000175000017500000000024412074274512016612 0ustar rousseaurousseau# Process this file with automake to create Makefile.in MAINTAINERCLEANFILES = Makefile.in # Order IS important SUBDIRS = scconf common mappers pam_pkcs11 tools pam_pkcs11-0.6.9/src/tools/0000755000175000017500000000000012772727123015724 5ustar rousseaurousseaupam_pkcs11-0.6.9/src/tools/Makefile.in0000644000175000017500000006204012772703034017766 0ustar rousseaurousseau# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Process this file with automake to create Makefile.in VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_PCSC_FALSE@bin_PROGRAMS = pkcs11_eventmgr$(EXEEXT) \ @HAVE_PCSC_FALSE@ pklogin_finder$(EXEEXT) \ @HAVE_PCSC_FALSE@ pkcs11_inspect$(EXEEXT) \ @HAVE_PCSC_FALSE@ pkcs11_listcerts$(EXEEXT) \ @HAVE_PCSC_FALSE@ pkcs11_setup$(EXEEXT) @HAVE_PCSC_TRUE@bin_PROGRAMS = card_eventmgr$(EXEEXT) \ @HAVE_PCSC_TRUE@ pkcs11_eventmgr$(EXEEXT) \ @HAVE_PCSC_TRUE@ pklogin_finder$(EXEEXT) \ @HAVE_PCSC_TRUE@ pkcs11_inspect$(EXEEXT) \ @HAVE_PCSC_TRUE@ pkcs11_listcerts$(EXEEXT) \ @HAVE_PCSC_TRUE@ pkcs11_setup$(EXEEXT) subdir = src/tools ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/aclocal/ax_pthread.m4 \ $(top_srcdir)/aclocal/gettext.m4 \ $(top_srcdir)/aclocal/iconv.m4 \ $(top_srcdir)/aclocal/intlmacosx.m4 \ $(top_srcdir)/aclocal/lib-ld.m4 \ $(top_srcdir)/aclocal/lib-link.m4 \ $(top_srcdir)/aclocal/lib-prefix.m4 \ $(top_srcdir)/aclocal/libtool.m4 \ $(top_srcdir)/aclocal/ltoptions.m4 \ $(top_srcdir)/aclocal/ltsugar.m4 \ $(top_srcdir)/aclocal/ltversion.m4 \ $(top_srcdir)/aclocal/lt~obsolete.m4 \ $(top_srcdir)/aclocal/nls.m4 $(top_srcdir)/aclocal/po.m4 \ $(top_srcdir)/aclocal/progtest.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" PROGRAMS = $(bin_PROGRAMS) am__card_eventmgr_SOURCES_DIST = card_eventmgr.c daemon.c @HAVE_PCSC_TRUE@am_card_eventmgr_OBJECTS = card_eventmgr.$(OBJEXT) \ @HAVE_PCSC_TRUE@ daemon.$(OBJEXT) card_eventmgr_OBJECTS = $(am_card_eventmgr_OBJECTS) @HAVE_PCSC_TRUE@card_eventmgr_DEPENDENCIES = ../scconf/libscconf.la \ @HAVE_PCSC_TRUE@ ../common/libcommon.la AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = am_pkcs11_eventmgr_OBJECTS = pkcs11_eventmgr.$(OBJEXT) \ daemon.$(OBJEXT) pkcs11_eventmgr_OBJECTS = $(am_pkcs11_eventmgr_OBJECTS) am__DEPENDENCIES_1 = pkcs11_eventmgr_DEPENDENCIES = ../scconf/libscconf.la \ ../common/libcommon.la $(am__DEPENDENCIES_1) am_pkcs11_inspect_OBJECTS = pkcs11_inspect.$(OBJEXT) pkcs11_inspect_OBJECTS = $(am_pkcs11_inspect_OBJECTS) pkcs11_inspect_DEPENDENCIES = ../pam_pkcs11/libfinder.la \ ../mappers/libmappers.la am_pkcs11_listcerts_OBJECTS = pkcs11_listcerts.$(OBJEXT) pkcs11_listcerts_OBJECTS = $(am_pkcs11_listcerts_OBJECTS) pkcs11_listcerts_DEPENDENCIES = ../pam_pkcs11/libfinder.la \ ../scconf/libscconf.la ../common/libcommon.la \ $(am__DEPENDENCIES_1) am_pkcs11_setup_OBJECTS = pkcs11_setup.$(OBJEXT) pkcs11_setup_OBJECTS = $(am_pkcs11_setup_OBJECTS) pkcs11_setup_DEPENDENCIES = ../scconf/libscconf.la \ ../common/libcommon.la am_pklogin_finder_OBJECTS = pklogin_finder.$(OBJEXT) pklogin_finder_OBJECTS = $(am_pklogin_finder_OBJECTS) pklogin_finder_DEPENDENCIES = ../pam_pkcs11/libfinder.la \ ../mappers/libmappers.la AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) am__v_CC_0 = @echo " CC " $@; am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = SOURCES = $(card_eventmgr_SOURCES) $(pkcs11_eventmgr_SOURCES) \ $(pkcs11_inspect_SOURCES) $(pkcs11_listcerts_SOURCES) \ $(pkcs11_setup_SOURCES) $(pklogin_finder_SOURCES) DIST_SOURCES = $(am__card_eventmgr_SOURCES_DIST) \ $(pkcs11_eventmgr_SOURCES) $(pkcs11_inspect_SOURCES) \ $(pkcs11_listcerts_SOURCES) $(pkcs11_setup_SOURCES) \ $(pklogin_finder_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ CRYPTO_LIBS = @CRYPTO_LIBS@ CURL_CFLAGS = @CURL_CFLAGS@ CURL_LIBS = @CURL_LIBS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDAP_CFLAGS = @LDAP_CFLAGS@ LDAP_LIBS = @LDAP_LIBS@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NM = @NM@ NMEDIT = @NMEDIT@ NSS_CFLAGS = @NSS_CFLAGS@ NSS_LIBS = @NSS_LIBS@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ POSUB = @POSUB@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ MAINTAINERCLEANFILES = Makefile.in AM_CFLAGS = $(PCSC_CFLAGS) $(CRYPTO_CFLAGS) AM_LDFLAGS = $(PCSC_LIBS) @HAVE_PCSC_TRUE@card_eventmgr_SOURCES = card_eventmgr.c daemon.c @HAVE_PCSC_TRUE@card_eventmgr_LDADD = ../scconf/libscconf.la ../common/libcommon.la pklogin_finder_SOURCES = pklogin_finder.c pklogin_finder_LDADD = ../pam_pkcs11/libfinder.la ../mappers/libmappers.la pkcs11_listcerts_SOURCES = pkcs11_listcerts.c pkcs11_listcerts_LDADD = ../pam_pkcs11/libfinder.la ../scconf/libscconf.la ../common/libcommon.la $(OPENSSL_LIBS) pkcs11_eventmgr_SOURCES = pkcs11_eventmgr.c daemon.c pkcs11_eventmgr_LDADD = ../scconf/libscconf.la ../common/libcommon.la $(CRYPTO_LIBS) pkcs11_inspect_SOURCES = pkcs11_inspect.c pkcs11_inspect_LDADD = ../pam_pkcs11/libfinder.la ../mappers/libmappers.la pkcs11_setup_SOURCES = pkcs11_setup.c pkcs11_setup_LDADD = ../scconf/libscconf.la ../common/libcommon.la all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/tools/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/tools/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \ $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \ fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p \ || test -f $$p1 \ ; then echo "$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n;h' \ -e 's|.*|.|' \ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) files[d] = files[d] " " $$1; \ else { print "f", $$3 "/" $$4, $$1; } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ } \ ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -e 's/$$/$(EXEEXT)/' \ `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list card_eventmgr$(EXEEXT): $(card_eventmgr_OBJECTS) $(card_eventmgr_DEPENDENCIES) $(EXTRA_card_eventmgr_DEPENDENCIES) @rm -f card_eventmgr$(EXEEXT) $(AM_V_CCLD)$(LINK) $(card_eventmgr_OBJECTS) $(card_eventmgr_LDADD) $(LIBS) pkcs11_eventmgr$(EXEEXT): $(pkcs11_eventmgr_OBJECTS) $(pkcs11_eventmgr_DEPENDENCIES) $(EXTRA_pkcs11_eventmgr_DEPENDENCIES) @rm -f pkcs11_eventmgr$(EXEEXT) $(AM_V_CCLD)$(LINK) $(pkcs11_eventmgr_OBJECTS) $(pkcs11_eventmgr_LDADD) $(LIBS) pkcs11_inspect$(EXEEXT): $(pkcs11_inspect_OBJECTS) $(pkcs11_inspect_DEPENDENCIES) $(EXTRA_pkcs11_inspect_DEPENDENCIES) @rm -f pkcs11_inspect$(EXEEXT) $(AM_V_CCLD)$(LINK) $(pkcs11_inspect_OBJECTS) $(pkcs11_inspect_LDADD) $(LIBS) pkcs11_listcerts$(EXEEXT): $(pkcs11_listcerts_OBJECTS) $(pkcs11_listcerts_DEPENDENCIES) $(EXTRA_pkcs11_listcerts_DEPENDENCIES) @rm -f pkcs11_listcerts$(EXEEXT) $(AM_V_CCLD)$(LINK) $(pkcs11_listcerts_OBJECTS) $(pkcs11_listcerts_LDADD) $(LIBS) pkcs11_setup$(EXEEXT): $(pkcs11_setup_OBJECTS) $(pkcs11_setup_DEPENDENCIES) $(EXTRA_pkcs11_setup_DEPENDENCIES) @rm -f pkcs11_setup$(EXEEXT) $(AM_V_CCLD)$(LINK) $(pkcs11_setup_OBJECTS) $(pkcs11_setup_LDADD) $(LIBS) pklogin_finder$(EXEEXT): $(pklogin_finder_OBJECTS) $(pklogin_finder_DEPENDENCIES) $(EXTRA_pklogin_finder_DEPENDENCIES) @rm -f pklogin_finder$(EXEEXT) $(AM_V_CCLD)$(LINK) $(pklogin_finder_OBJECTS) $(pklogin_finder_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card_eventmgr.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/daemon.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_eventmgr.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_inspect.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_listcerts.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_setup.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pklogin_finder.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< .c.obj: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-am TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-am CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscopelist: cscopelist-am cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(PROGRAMS) installdirs: for dir in "$(DESTDIR)$(bindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-binPROGRAMS install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-binPROGRAMS .MAKE: install-am install-strip .PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \ clean-binPROGRAMS clean-generic clean-libtool cscopelist-am \ ctags ctags-am distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-binPROGRAMS \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-binPROGRAMS .PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam_pkcs11-0.6.9/src/tools/pkcs11_inspect.c0000644000175000017500000001110112074274512020703 0ustar rousseaurousseau/* * PKCS#11 Card viewer tool * Copyright (C) 2005 Juan Antonio Martinez * Based on a previous work of Mario Strasser , * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/pkcs11_lib.h" #include "../common/cert_vfy.h" #include "../pam_pkcs11/pam_config.h" #include "../pam_pkcs11/mapper_mgr.h" int main(int argc, const char **argv) { int i, rv; pkcs11_handle_t *ph; struct configuration_st *configuration; unsigned int slot_num = 0; cert_object_t **certs; int cert_count; /* first of all check whether debugging should be enabled */ for (i = 0; i < argc; i++) if (strcmp("debug", argv[i]) == 0) { set_debug_level(1); } /* call configure routines */ configuration = pk_configure(argc - 1, argv + 1); if (!configuration ) { ERR("Error setting configuration parameters"); return 1; } if ((configuration->slot_description != NULL && configuration->slot_num != -1) || (configuration->slot_description == NULL && configuration->slot_num == -1)) { ERR("Error setting configuration parameters"); return 1; } /* init openssl */ rv = crypto_init(&configuration->policy); if (rv != 0) { DBG1("crypto_init() failed: %s", get_error()); return 1; } /* load pkcs #11 module */ DBG("loading pkcs #11 module..."); rv = load_pkcs11_module(configuration->pkcs11_modulepath, &ph); if (rv != 0) { ERR2("load_pkcs11_module(%s) failed: %s", configuration->pkcs11_modulepath, get_error()); return 1; } /* initialise pkcs #11 module */ DBG("initialising pkcs #11 module..."); rv = init_pkcs11_module(ph,configuration->support_threads); if (rv != 0) { release_pkcs11_module(ph); DBG1("init_pkcs11_module() failed: %s", get_error()); return 1; } /* open pkcs #11 session */ if (configuration->slot_description != NULL) { rv = find_slot_by_slotlabel(ph, configuration->slot_description, &slot_num); } else { rv = find_slot_by_number(ph, configuration->slot_num, &slot_num); } if (rv != 0) { release_pkcs11_module(ph); DBG("no token available"); return 1; } rv = open_pkcs11_session(ph, slot_num); if (rv != 0) { release_pkcs11_module(ph); ERR1("open_pkcs11_session() failed: %s", get_error()); return 1; } /* not really needed, but.... */ rv = pkcs11_pass_login(ph,configuration->nullok); if (rv != 0) { ERR1("pkcs11_pass_login() failed: %s", get_error()); return 2; } /* get certificate list (cert space is owned by ph) */ certs = get_certificate_list(ph, &cert_count); if (certs == NULL) { close_pkcs11_session(ph); release_pkcs11_module(ph); ERR1("get_certificates() failed: %s", get_error()); return 3; } /* load mapper modules */ load_mappers(configuration->ctx); /* find valid certificates and look for contents */ DBG1("Found '%d' certificate(s)", cert_count); for (i = 0; i < cert_count; i++) { X509 *x509 = get_X509_certificate(certs[i]); if (x509 != NULL) { DBG1("verifying the certificate #%d", i + 1); /* verify certificate (date, signature, CRL, ...) */ rv = verify_certificate(x509, &configuration->policy); if (rv < 0) { close_pkcs11_session(ph); release_pkcs11_module(ph); unload_mappers(); ERR1("verify_certificate() failed: %s", get_error()); return 1; } else if (rv != 1) { ERR1("verify_certificate() failed: %s", get_error()); continue; } DBG1("Inspecting certificate #%d",i+1); inspect_certificate(x509); } } /* unload mappers */ unload_mappers(); /* close pkcs #11 session */ rv = close_pkcs11_session(ph); if (rv != 0) { release_pkcs11_module(ph); ERR1("close_pkcs11_session() failed: %s", get_error()); return 1; } /* release pkcs #11 module */ DBG("releasing pkcs #11 module..."); release_pkcs11_module(ph); DBG("Process completed"); return 0; } pam_pkcs11-0.6.9/src/tools/pkcs11_listcerts.c0000644000175000017500000001116112772700002021251 0ustar rousseaurousseau/* * PKCS#11 Card viewer tool * Copyright (C) 2005 Juan Antonio Martinez * Based on a previous work of Mario Strasser , * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * $Id$ */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include "../scconf/scconf.h" #include "../common/debug.h" #include "../common/error.h" #include "../common/pkcs11_lib.h" #include "../common/cert_info.h" #include "../pam_pkcs11/pam_config.h" #include "../pam_pkcs11/mapper_mgr.h" int main(int argc, const char **argv) { int i, rv; int ncerts; unsigned int slot_num = 0; struct configuration_st *configuration; pkcs11_handle_t *ph; cert_object_t **certs; /* first of all check whether debugging should be enabled */ for (i = 0; i < argc; i++) if (strcmp("debug", argv[i]) == 0) { set_debug_level(1); } /* call configure routines */ configuration = pk_configure(argc - 1, argv + 1); if (!configuration ) { DBG("Error setting configuration parameters"); return 1; } if ((configuration->slot_description != NULL && configuration->slot_num != -1) || (configuration->slot_description == NULL && configuration->slot_num == -1)) { ERR("Error setting configuration parameters"); return 1; } /* init openssl */ rv = crypto_init(&configuration->policy); if (rv != 0) { DBG("Couldn't initialize crypto module "); return 1; } /* load pkcs #11 module */ DBG("loading pkcs #11 module..."); rv = load_pkcs11_module(configuration->pkcs11_modulepath, &ph); if (rv != 0) { DBG1("load_pkcs11_module() failed: %s", get_error()); return 1; } /* initialise pkcs #11 module */ DBG("initialising pkcs #11 module..."); rv = init_pkcs11_module(ph,configuration->support_threads); if (rv != 0) { release_pkcs11_module(ph); DBG1("init_pkcs11_module() failed: %s", get_error()); return 1; } /* open pkcs #11 session */ if (configuration->slot_description != NULL) { rv = find_slot_by_slotlabel(ph,configuration->slot_description, &slot_num); } else { rv = find_slot_by_number(ph,configuration->slot_num, &slot_num); } if (rv != 0) { release_pkcs11_module(ph); DBG("no token available"); return 1; } rv = open_pkcs11_session(ph, slot_num); if (rv != 0) { release_pkcs11_module(ph); DBG1("open_pkcs11_session() failed: %s", get_error()); return 1; } /* do login */ rv = pkcs11_pass_login(ph,configuration->nullok); if (rv<0){ DBG1("Login failed: %s",get_error()); return 4; } /* get certificate list */ certs = get_certificate_list(ph, &ncerts); if (certs == NULL) { close_pkcs11_session(ph); release_pkcs11_module(ph); DBG1("get_certificates() failed: %s", get_error()); return 3; } /* print some info on found certificates */ printf("Found '%d' certificate(s)\n", ncerts); for(i =0; i< ncerts;i++) { char **name; X509 *cert=get_X509_certificate(certs[i]); printf("Certificate #%d:\n", i+1); name = cert_info(cert, CERT_SUBJECT, ALGORITHM_NULL); printf("- Subject: %s\n", name[0]); free(name[0]); name = cert_info(cert, CERT_ISSUER, ALGORITHM_NULL); printf("- Issuer: %s\n", name[0]); free(name[0]); name = cert_info(cert, CERT_KEY_ALG, ALGORITHM_NULL); printf("- Algorithm: %s\n", name[0]); free(name[0]); rv = verify_certificate(cert,&configuration->policy); if (rv < 0) { printf("verify_certificate() process error: %s\n", get_error()); continue; /* try next certificate */ } else if (rv != 1) { printf("verify_certificate() failed: %s\n", get_error()); continue; /* try next certificate */ } rv = get_private_key(ph, certs[i]); if (rv<0) { printf("Certificate '%d'does not have associated private key\n",i+1); } } /* for */ /* close pkcs #11 session */ rv = close_pkcs11_session(ph); if (rv != 0) { release_pkcs11_module(ph); DBG1("close_pkcs11_session() failed: %s", get_error()); return 4; } /* release pkcs #11 module */ DBG("releasing pkcs #11 module..."); release_pkcs11_module(ph); DBG("Process completed"); return 0; } pam_pkcs11-0.6.9/src/tools/pkcs11_eventmgr.c0000644000175000017500000003755312377557007021121 0ustar rousseaurousseau/* Generate events on card status change Copyrigt (C) 2005 Juan Antonio Martinez This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ #include #include #include #include #include #include #include #include #include "config.h" #include "../scconf/scconf.h" #include "../common/pkcs11_lib.h" #include "../common/debug.h" #include "../common/error.h" #ifdef HAVE_NSS #include #include #include #endif #ifndef HAVE_DAEMON int daemon(int nochdir, int noclose); #endif #define DEF_POLLING 1 /* 1 second timeout */ #define DEF_EXPIRE 0 /* no expire */ #define DEF_PKCS11_MODULE "/usr/lib/opensc-pkcs11.so" #define DEF_CONFIG_FILE CONFDIR "/pkcs11_eventmgr.conf" #define ONERROR_IGNORE 0 #define ONERROR_RETURN 1 #define ONERROR_QUIT 2 #define CARD_PRESENT 1 #define CARD_NOT_PRESENT 0 #define CARD_ERROR -1 int polling_time; int expire_time; int daemonize; int debug; const char *cfgfile; char *pkcs11_module = NULL; #ifdef HAVE_NSS char *nss_dir = NULL; #endif scconf_context *ctx; const scconf_block *root; #ifdef HAVE_NSS SECMODModule *module; #else #include "../common/rsaref/pkcs11.h" pkcs11_handle_t *ph; typedef struct slot_st slot_t; /* The direct calls should be abstracted, for now "expose" the pkcs11_handle_t */ struct pkcs11_handle_str { void *module_handle; CK_FUNCTION_LIST_PTR fl; int should_finalize; slot_t *slots; CK_ULONG slot_count; CK_SESSION_HANDLE session; cert_object_t *keys; int key_count; int current_slot; }; #endif static void thats_all_folks(void) { int rv; DBG("Exitting"); #ifdef HAVE_NSS if (module) { SECMOD_DestroyModule(module); } rv = NSS_Shutdown(); if (rv != SECSuccess) { DBG("NSS Shutdown failed"); return; } #else /* close pkcs #11 session */ rv = close_pkcs11_session(ph); if (rv != 0) { release_pkcs11_module(ph); DBG1("close_pkcs11_session() failed: %s", get_error()); return; } /* release pkcs #11 module */ DBG("releasing pkcs #11 module..."); release_pkcs11_module(ph); #endif return; } extern char **environ; static int my_system(char *command) { int pid, status; if (!command) return 1; pid = fork(); if (pid == -1) return -1; if (pid == 0) { char *argv[4]; argv[0] = "/bin/sh"; argv[1] = "-c"; argv[2] = command; argv[3] = 0; execve("/bin/sh", argv, environ); exit(127); } do { if (waitpid(pid, &status, 0) == -1) { if (errno != EINTR) return -1; } else return status; } while (1); } static int execute_event(const char *action) { int onerr; const char *onerrorstr; const scconf_list *actionlist; scconf_block **blocklist, *myblock; blocklist = scconf_find_blocks(ctx, root, "event", action); if (!blocklist) { DBG("Event block list not found"); return -1; } myblock = blocklist[0]; free(blocklist); if (!myblock) { DBG1("Event item not found: '%s'", action); return -1; } onerrorstr = scconf_get_str(myblock, "on_error", "ignore"); if (!strcmp(onerrorstr, "ignore")) onerr = ONERROR_IGNORE; else if (!strcmp(onerrorstr, "return")) onerr = ONERROR_RETURN; else if (!strcmp(onerrorstr, "quit")) onerr = ONERROR_QUIT; else { onerr = ONERROR_IGNORE; DBG1("Invalid onerror value: '%s'. Assumed 'ignore'", onerrorstr); } /* search actions */ actionlist = scconf_find_list(myblock, "action"); if (!actionlist) { DBG1("No action list for event '%s'", action); return 0; } DBG1("Onerror is set to: '%s'", onerrorstr); while (actionlist) { int res; char *action_cmd = actionlist->data; DBG1("Executiong action: '%s'", action_cmd); /* there are some security issues on using system() in setuid/setgid programs. so we will use an alternate function */ /* res=system(action_cmd); */ res = my_system(action_cmd); actionlist = actionlist->next; /* evaluate return and take care on "onerror" value */ DBG2("Action '%s' returns %d", action_cmd, res); if (!res) continue; switch (onerr) { case ONERROR_IGNORE: continue; case ONERROR_RETURN: return 0; case ONERROR_QUIT: thats_all_folks(); exit(0); default: DBG("Invalid onerror value"); return -1; } } return 0; } static int parse_config_file(void) { ctx = scconf_new(cfgfile); if (!ctx) { DBG("Error creating conf context"); return -1; } if (scconf_parse(ctx) <= 0) { DBG1("Error parsing file '%s'", cfgfile); return -1; } /* now parse options */ root = scconf_find_block(ctx, NULL, "pkcs11_eventmgr"); if (!root) { DBG1("pkcs11_eventmgr block not found in config: '%s'", cfgfile); return -1; } debug = scconf_get_bool(root, "debug", debug); daemonize = scconf_get_bool(root, "daemon", daemonize); polling_time = scconf_get_int(root, "polling_time", polling_time); expire_time = scconf_get_int(root, "expire_time", expire_time); pkcs11_module = (char *) scconf_get_str(root, "pkcs11_module", pkcs11_module); #ifdef HAVE_NSS nss_dir = (char *) scconf_get_str(root, "nss_dir", nss_dir); #endif if (debug) set_debug_level(1); return 0; } static int parse_args(int argc, char *argv[]) { int i; polling_time = DEF_POLLING; expire_time = DEF_EXPIRE; debug = 0; daemonize = 0; cfgfile = DEF_CONFIG_FILE; /* first of all check whether debugging should be enabled */ for (i = 0; i < argc; i++) { if (!strcmp("debug", argv[i])) set_debug_level(1); } /* try to find a configuration file entry */ for (i = 0; i < argc; i++) { if (strstr(argv[i], "config_file=")) { cfgfile = 1 + strchr(argv[i], '='); break; } } /* parse configuration file */ if (parse_config_file() < 0) { fprintf(stderr, "Error parsing configuration file %s\n", cfgfile); exit(-1); } /* and now re-parse command line to take precedence over cfgfile */ for (i = 1; i < argc; i++) { if (strcmp("daemon", argv[i]) == 0) { daemonize = 1; continue; } if (strcmp("nodaemon", argv[i]) == 0) { daemonize = 0; continue; } if (strstr(argv[i], "polling_time=")) { sscanf(argv[i], "polling_time=%d", &polling_time); continue; } if (strstr(argv[i], "expire_time=")) { sscanf(argv[i], "expire_time=%d", &expire_time); continue; } if (strstr(argv[i], "pkcs11_module=")) { pkcs11_module = 1 + strchr(argv[i], '='); continue; } #ifdef HAVE_NSS if (strstr(argv[i], "nss_dir=")) { nss_dir = 1 + strchr(argv[i], '='); continue; } #endif if (strstr(argv[i], "debug")) { continue; /* already parsed: skip */ } if (strstr(argv[i], "nodebug")) { set_debug_level(0); continue; /* already parsed: skip */ } if (strstr(argv[i], "config_file=")) { continue; /* already parsed: skip */ } fprintf(stderr, "unknown option %s\n", argv[i]); /* arriving here means syntax error */ fprintf(stderr, "PKCS#11 Event Manager\n\n"); fprintf(stderr, "Usage %s [[no]debug] [[no]daemon] [polling_time=