From 9cc0283b30d1b49da016eeed4fe5ccdfe0506da4 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Mon, 30 Mar 2009 16:33:59 -0400 Subject: [PATCH] Build the sss_client code in the same tree as the server Move the contents of the sss_client tree into the server directory so that we can build them from a common makefile and build command. This will allow us to share a config.h between the server and client so we don't have to separately configure pipe paths on both sides so they are in agreement. This code also modifies the monitor so the service pipe is always fixed at compile-time, rather than at runtime. Allowing the monitor to change pipes while running adds needless complexity to config reloading. --- Makefile | 4 +- server/Makefile.in | 15 +- server/client.mk | 28 + server/conf_macros.m4 | 14 + server/configure.ac | 1 + server/monitor/monitor.c | 30 +- server/monitor/monitor.h | 2 +- server/responder/common/responder_cmd.h | 2 +- server/responder/common/responder_packet.h | 2 +- server/responder/nss/nsssrv.h | 2 +- server/responder/pam/pamsrv.c | 2 +- server/rules.mk | 4 +- server/sbus/sssd_dbus_server.c | 7 + server/sss_client/common.c | 625 +++++++++++ server/sss_client/exports.linux | 73 ++ server/sss_client/group.c | 425 ++++++++ server/sss_client/pam_sss.c | 429 ++++++++ server/sss_client/pam_test_client.c | 75 ++ server/sss_client/passwd.c | 346 ++++++ server/sss_client/protos.h | 137 +++ server/sss_client/sss_cli.h | 199 ++++ server/sss_client/sss_errno.h | 18 + sss_client/Makefile.in | 89 -- sss_client/autogen.sh | 14 - sss_client/common.c | 625 ----------- sss_client/config.guess | 1464 -------------------------- sss_client/config.sub | 1577 ---------------------------- sss_client/configure.ac | 13 - sss_client/exports.linux | 73 -- sss_client/group.c | 425 -------- sss_client/install-sh | 238 ----- sss_client/pam_sss.c | 429 -------- sss_client/pam_test_client.c | 75 -- sss_client/passwd.c | 346 ------ sss_client/protos.h | 137 --- sss_client/sss_cli.h | 198 ---- sss_client/sss_errno.h | 18 - sssd.spec | 11 +- 38 files changed, 2411 insertions(+), 5761 deletions(-) create mode 100644 server/client.mk create mode 100644 server/sss_client/common.c create mode 100644 server/sss_client/exports.linux create mode 100644 server/sss_client/group.c create mode 100644 server/sss_client/pam_sss.c create mode 100644 server/sss_client/pam_test_client.c create mode 100644 server/sss_client/passwd.c create mode 100644 server/sss_client/protos.h create mode 100644 server/sss_client/sss_cli.h create mode 100644 server/sss_client/sss_errno.h delete mode 100644 sss_client/Makefile.in delete mode 100755 sss_client/autogen.sh delete mode 100644 sss_client/common.c delete mode 100755 sss_client/config.guess delete mode 100755 sss_client/config.sub delete mode 100644 sss_client/configure.ac delete mode 100644 sss_client/exports.linux delete mode 100644 sss_client/group.c delete mode 100755 sss_client/install-sh delete mode 100644 sss_client/pam_sss.c delete mode 100644 sss_client/pam_test_client.c delete mode 100644 sss_client/passwd.c delete mode 100644 sss_client/protos.h delete mode 100644 sss_client/sss_cli.h delete mode 100644 sss_client/sss_errno.h diff --git a/Makefile b/Makefile index d8eb90a..113200a 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ PACKAGE_NAME = sssd -PACKAGE_VERSION = 0.1.0 +PACKAGE_VERSION = 0.2.1 TARGET ?= master -SUBDIRS = server replace sss_client +SUBDIRS = server replace TARBALL_PREFIX = $(PACKAGE_NAME)-$(PACKAGE_VERSION) TARBALL = $(TARBALL_PREFIX).tar.gz LIBDIR ?= /usr/lib diff --git a/server/Makefile.in b/server/Makefile.in index 0e091de..e81f09c 100644 --- a/server/Makefile.in +++ b/server/Makefile.in @@ -6,6 +6,7 @@ exec_prefix = @exec_prefix@ datarootdir = @datarootdir@ includedir = @includedir@ libdir = @libdir@ +clientlibdir = @clientlibdir@ libexecdir = @libexecdir@ bindir = @bindir@ sbindir = @sbindir@ @@ -16,6 +17,7 @@ VPATH = @srcdir@:@libreplacedir@ srcdir = @srcdir@ builddir = @builddir@ sharedbuilddir = @sharedbuilddir@ +SONAMEFLAG = @SONAMEFLAG@ INSTALLCMD = @INSTALL@ EXTRA_OBJ=@EXTRA_OBJ@ SSSD_LIBEXEC_PATH = @libexecdir@/@PACKAGE_NAME@ @@ -27,6 +29,7 @@ srvdir = @srcdir@ SSSD_PIPE_PATH = @pipepath@ SSSD_DB_PATH = @dbpath@ SSSD_PID_PATH = @pidpath@ +LIB_PATH_VAR = @LIB_PATH_VAR@ TALLOC_LIBS = @TALLOC_LIBS@ TALLOC_CFLAGS = @TALLOC_CFLAGS@ @@ -100,6 +103,7 @@ default: all include $(srvdir)/rules.mk include $(srvdir)/server.mk +include $(srvdir)/client.mk OBJS = $(SERVER_OBJ) $(EXTRA_OBJ) @@ -120,7 +124,7 @@ TOOLSBINS = sbin/sss_useradd sbin/sss_userdel sbin/sss_groupadd sbin/sss_groupde BINS = sbin/sssd $(LIBEXECBINS) $(TOOLSBINS) ifneq (x$(HAVE_TESTS), x) - TESTS = tests/sysdb-tests tests/infopipe-tests + TESTS = tests/sysdb-tests tests/infopipe-tests tests/$(PAM_CLIENT) TESTS_DATA = tests/tests.ldb tests/tests_conf.ldb tests/introspect.ref endif @@ -128,10 +132,11 @@ SOLIBS = lib/$(PROXY_BE_SOLIB) lib/$(LDAP_BE_SOLIB) LDBLIBS = lib/$(MEMBEROF_SOLIB) SONAMELIBS = lib/$(PROXY_BE_SONAME) lib/$(MEMBEROF_SONAME) lib/$(LDAP_BE_SONAME) SOBASELIBS = lib/$(PROXY_BE_SOBASE) lib/$(MEMBEROF_SOBASE) lib/$(LDAP_BE_SOBASE) +SSSCLIENTLIBS = lib/$(PAM_SSS_SOLIB) lib/$(NSS_SSS_SOLIB) DIRS = sbin lib -all: showflags dirs $(OBJS) $(BINS) $(SOBASELIBS) +all: showflags dirs $(OBJS) $(BINS) $(SOBASELIBS) $(SSSCLIENTLIBS) shared-build: all @@ -146,6 +151,7 @@ clean:: testclean rm -f *.o */*.o */*/*.o rm -f $(BINS) rm -f $(SOBASELIBS) $(SONAMELIBS) $(SOLIBS) $(LDBLIBS) + rm -f $(NSS_SSS_SOLIB) $(NSS_SSS_SONAME) $(PAM_SSS_SOLIB) $(PAM_CLIENT) distclean:: clean rm -rf $(DIRS) @@ -165,6 +171,11 @@ install:: all installdirs installheaders installlibs installbin installsupport ${INSTALLCMD} -m 755 sysv/sssd $(DESTDIR)$(initdir) ${INSTALLCMD} -d $(DESTDIR)$(SSSD_LIBEXEC_PATH) ${INSTALLCMD} -m 755 $(LIBEXECBINS) $(DESTDIR)$(SSSD_LIBEXEC_PATH) + $(INSTALLCMD) -d $(DESTDIR)${clientlibdir} + $(INSTALLCMD) -m 755 lib/$(NSS_SSS_SOLIB) $(DESTDIR)${clientlibdir} + ln -fs $(NSS_SSS_SOLIB) $(DESTDIR)${clientlibdir}/$(NSS_SSS_SONAME) + $(INSTALLCMD) -d $(DESTDIR)${clientlibdir}/security + $(INSTALLCMD) -m 755 lib/$(PAM_SSS_SOLIB) $(DESTDIR)${clientlibdir}/security installdirs:: mkdir -p $(DESTDIR)$(includedir) \ diff --git a/server/client.mk b/server/client.mk new file mode 100644 index 0000000..fbe4e06 --- /dev/null +++ b/server/client.mk @@ -0,0 +1,28 @@ +NSS_SSS_SOLIB = libnss_sss.$(SHLIBEXT) +NSS_SSS_SONAME = libnss_sss.$(SHLIBEXT).2 + +NSS_SSS_OBJS = sss_client/common.o sss_client/passwd.o sss_client/group.o + +PAM_SSS_SOLIB = pam_sss.$(SHLIBEXT) +PAM_SSS_OBJS = sss_client/pam_sss.o sss_client/common.o +PAM_LIBS = -lpam -lpam_misc +PAM_CFLAGS = -Wall -Werror + +PAM_CLIENT = pam_test_client +PAM_CLIENT_OBJS = sss_client/pam_test_client.o + +lib/$(NSS_SSS_SOLIB): $(NSS_SSS_OBJS) + $(SHLD) $(SHLD_FLAGS) -o $@ $(NSS_SSS_OBJS) $(SONAMEFLAG)$(NSS_SSS_SONAME) + +lib/$(NSS_SSS_SONAME): $(NSS_SSS_SOLIB) + ln -fs $< $@ + +sss_client/pam_sss.o: sss_client/pam_sss.c + @echo Compiling $*.c + @$(CC) $(PICFLAG) $(CFLAGS) $(PAM_CFLAGS) -c $< -o $@ + +tests/$(PAM_CLIENT): $(PAM_CLIENT_OBJS) + @$(CC) $(CFLAGS) $(PAM_CFLAGS) $< -o $@ $(PAM_LIBS) + +lib/$(PAM_SSS_SOLIB): $(PAM_SSS_OBJS) + $(SHLD) $(SHLD_FLAGS) -o $@ $(PAM_SSS_OBJS) $(PAM_LIBS) \ No newline at end of file diff --git a/server/conf_macros.m4 b/server/conf_macros.m4 index f6821e0..a50f738 100644 --- a/server/conf_macros.m4 +++ b/server/conf_macros.m4 @@ -129,4 +129,18 @@ AC_DEFUN(WITH_INIT_DIR, AC_SUBST(initdir) ]) +AC_DEFUN(WITH_CLIENT_LIBDIR, + [ AC_ARG_WITH([client-libdir], + [AC_HELP_STRING([--with-client-libdir=PATH], + [Path to install the client libraries [/lib]] + ) + ] + ) + clientlibdir="/lib" + if test x"$with_client_libdir" != x; then + clientlibdir=$with_client_libdir + fi + AC_SUBST(clientlibdir) + AC_DEFINE_UNQUOTED(CLIENT_LIBDIR, "$clientlibdir", [Path to install client libraries]) + ]) diff --git a/server/configure.ac b/server/configure.ac index a61289c..8e0eb91 100644 --- a/server/configure.ac +++ b/server/configure.ac @@ -39,6 +39,7 @@ WITH_INFOPIPE WITH_POLICYKIT WITH_TESTS WITH_INIT_DIR +WITH_CLIENT_LIBDIR m4_include(pkg.m4) m4_include(libpopt.m4) diff --git a/server/monitor/monitor.c b/server/monitor/monitor.c index 9320ed8..7ec1e78 100644 --- a/server/monitor/monitor.c +++ b/server/monitor/monitor.c @@ -128,50 +128,40 @@ static int monitor_dbus_init(struct mt_ctx *ctx) { struct sbus_method_ctx *sd_ctx; struct sbus_srv_ctx *sbus_srv; - char *sbus_address; - char *default_monitor_address; + char *monitor_address; int ret; - default_monitor_address = talloc_asprintf(ctx, "unix:path=%s/%s", - PIPE_PATH, SSSD_SERVICE_PIPE); - if (!default_monitor_address) { + sd_ctx = talloc_zero(ctx, struct sbus_method_ctx); + if (!sd_ctx) { return ENOMEM; } - ret = confdb_get_string(ctx->cdb, ctx, - MONITOR_CONF_ENTRY, "sbusAddress", - default_monitor_address, &sbus_address); - if (ret != EOK) { - talloc_free(default_monitor_address); - return ret; - } - talloc_free(default_monitor_address); - - sd_ctx = talloc_zero(ctx, struct sbus_method_ctx); - if (!sd_ctx) { - talloc_free(sbus_address); + monitor_address = talloc_asprintf(sd_ctx, "unix:path=%s/%s", + PIPE_PATH, SSSD_SERVICE_PIPE); + if (!monitor_address) { + talloc_free(sd_ctx); return ENOMEM; } /* Set up globally-available D-BUS methods */ sd_ctx->interface = talloc_strdup(sd_ctx, MONITOR_DBUS_INTERFACE); if (!sd_ctx->interface) { - talloc_free(sbus_address); talloc_free(sd_ctx); return ENOMEM; } sd_ctx->path = talloc_strdup(sd_ctx, MONITOR_DBUS_PATH); if (!sd_ctx->path) { - talloc_free(sbus_address); talloc_free(sd_ctx); return ENOMEM; } sd_ctx->methods = monitor_methods; sd_ctx->message_handler = sbus_message_handler; - ret = sbus_new_server(ctx, ctx->ev, sd_ctx, &sbus_srv, sbus_address, dbus_service_init, ctx); + ret = sbus_new_server(ctx, ctx->ev, sd_ctx, &sbus_srv, monitor_address, dbus_service_init, ctx); ctx->sbus_srv = sbus_srv; + talloc_free(monitor_address); + return ret; } diff --git a/server/monitor/monitor.h b/server/monitor/monitor.h index 77b6e78..8f75908 100644 --- a/server/monitor/monitor.h +++ b/server/monitor/monitor.h @@ -1,4 +1,4 @@ -/* +/* SSSD Service monitor diff --git a/server/responder/common/responder_cmd.h b/server/responder/common/responder_cmd.h index eb3bd08..b139771 100644 --- a/server/responder/common/responder_cmd.h +++ b/server/responder/common/responder_cmd.h @@ -27,7 +27,7 @@ #include "talloc.h" #include "tevent.h" #include "ldb.h" -#include "../sss_client/sss_cli.h" +#include "sss_client/sss_cli.h" #include "util/btreemap.h" /* needed until nsssrv.h is updated */ diff --git a/server/responder/common/responder_packet.h b/server/responder/common/responder_packet.h index 5dc8b01..20bfce1 100644 --- a/server/responder/common/responder_packet.h +++ b/server/responder/common/responder_packet.h @@ -22,7 +22,7 @@ #ifndef __SSSSRV_PACKET_H__ #define __SSSSRV_PACKET_H__ -#include "../sss_client/sss_cli.h" +#include "sss_client/sss_cli.h" #define SSS_PACKET_MAX_RECV_SIZE 1024 diff --git a/server/responder/nss/nsssrv.h b/server/responder/nss/nsssrv.h index b2aee38..aaadc26 100644 --- a/server/responder/nss/nsssrv.h +++ b/server/responder/nss/nsssrv.h @@ -28,7 +28,7 @@ #include "talloc.h" #include "tevent.h" #include "ldb.h" -#include "../sss_client/sss_cli.h" +#include "sss_client/sss_cli.h" #include "dbus/dbus.h" #include "sbus/sssd_dbus.h" #include "responder/common/responder_packet.h" diff --git a/server/responder/pam/pamsrv.c b/server/responder/pam/pamsrv.c index d653a00..4d99bb0 100644 --- a/server/responder/pam/pamsrv.c +++ b/server/responder/pam/pamsrv.c @@ -44,7 +44,7 @@ #include "monitor/monitor_interfaces.h" #include "sbus/sbus_client.h" #include "responder/pam/pamsrv.h" -#include "../sss_client/sss_cli.h" +#include "sss_client/sss_cli.h" #define PAM_SBUS_SERVICE_VERSION 0x0001 #define PAM_SBUS_SERVICE_NAME "pam" diff --git a/server/rules.mk b/server/rules.mk index 8ef3676..9d9d5dc 100644 --- a/server/rules.mk +++ b/server/rules.mk @@ -17,8 +17,10 @@ ctags: @$(CC) -fPIC $(CFLAGS) -c $< -o $@ showflags:: - @echo 'server will be compiled with flags:' + @echo 'Compile flags:' @echo ' CFLAGS = $(CFLAGS)' + @echo ' CPPFLAGS = $(CPPFLAGS)' + @echo ' LDFLAGS = $(LDFLAGS)' @echo ' LIBS = $(LIBS)' distclean:: diff --git a/server/sbus/sssd_dbus_server.c b/server/sbus/sssd_dbus_server.c index e30f9ab..9632af8 100644 --- a/server/sbus/sssd_dbus_server.c +++ b/server/sbus/sssd_dbus_server.c @@ -39,6 +39,7 @@ struct sbus_srv_ctx { */ struct tevent_context *ev; struct sbus_method_ctx *sd_ctx; + char *address; sbus_server_conn_init_fn init_fn; void *init_pvt_data; }; @@ -293,6 +294,12 @@ int sbus_new_server(TALLOC_CTX *mem_ctx, talloc_set_destructor((TALLOC_CTX *)srv_ctx, sbus_server_destructor); + srv_ctx->address = talloc_strdup(srv_ctx, address); + if (!srv_ctx->address) { + talloc_free(srv_ctx); + return ENOMEM; + } + /* Set up D-BUS new connection handler */ dbus_server_set_new_connection_function(srv_ctx->server, sbus_server_init_new_connection, diff --git a/server/sss_client/common.c b/server/sss_client/common.c new file mode 100644 index 0000000..d0fb011 --- /dev/null +++ b/server/sss_client/common.c @@ -0,0 +1,625 @@ +/* + * System Security Services Daemon. NSS client interface + * + * Copyright (C) Simo Sorce 2007 + * + * Winbind derived code: + * Copyright (C) Tim Potter 2000 + * Copyright (C) Andrew Tridgell 2000 + * Copyright (C) Andrew Bartlett 2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "sss_cli.h" + +/* common functions */ + +int sss_cli_sd = -1; /* the sss client socket descriptor */ + +static void sss_cli_close_socket(void) +{ + if (sss_cli_sd != -1) { + close(sss_cli_sd); + sss_cli_sd = -1; + } +} + +/* Requests: + * + * byte 0-3: 32bit unsigned with length (the complete packet length: 0 to X) + * byte 4-7: 32bit unsigned with command code + * byte 8-11: 32bit unsigned (reserved) + * byte 12-15: 32bit unsigned (reserved) + * byte 16-X: (optional) request structure associated to the command code used + */ +static enum nss_status sss_nss_send_req(enum sss_cli_command cmd, + struct sss_cli_req_data *rd, + int *errnop) +{ + uint32_t header[4]; + size_t datasent; + + header[0] = SSS_NSS_HEADER_SIZE + (rd?rd->len:0); + header[1] = cmd; + header[2] = 0; + header[3] = 0; + + datasent = 0; + + while (datasent < header[0]) { + struct pollfd pfd; + int rdsent; + int res; + + *errnop = 0; + pfd.fd = sss_cli_sd; + pfd.events = POLLOUT; + + res = poll(&pfd, 1, SSS_CLI_SOCKET_TIMEOUT); + switch (res) { + case -1: + *errnop = errno; + break; + case 0: + *errnop = ETIME; + break; + case 1: + if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { + *errnop = EPIPE; + } + if (!(pfd.revents & POLLOUT)) { + *errnop = EBUSY; + } + break; + default: /* more than one avail ?? */ + *errnop = EBADF; + break; + } + if (*errnop) { + sss_cli_close_socket(); + return NSS_STATUS_UNAVAIL; + } + + if (datasent < SSS_NSS_HEADER_SIZE) { + res = write(sss_cli_sd, + (char *)header + datasent, + SSS_NSS_HEADER_SIZE - datasent); + } else { + rdsent = datasent - SSS_NSS_HEADER_SIZE; + res = write(sss_cli_sd, + (const char *)rd->data + rdsent, + rd->len - rdsent); + } + + if ((res == -1) || (res == 0)) { + + /* Write failed */ + sss_cli_close_socket(); + *errnop = errno; + return NSS_STATUS_UNAVAIL; + } + + datasent += res; + } + + return NSS_STATUS_SUCCESS; +} + +/* Replies: + * + * byte 0-3: 32bit unsigned with length (the complete packet length: 0 to X) + * byte 4-7: 32bit unsigned with command code + * byte 8-11: 32bit unsigned with the request status (server errno) + * byte 12-15: 32bit unsigned (reserved) + * byte 16-X: (optional) reply structure associated to the command code used + */ + +static enum nss_status sss_nss_recv_rep(enum sss_cli_command cmd, + uint8_t **buf, int *len, + int *errnop) +{ + uint32_t header[4]; + size_t datarecv; + + header[0] = SSS_NSS_HEADER_SIZE; /* unitl we know the real lenght */ + header[1] = 0; + header[2] = 0; + header[3] = 0; + + datarecv = 0; + *buf = NULL; + *len = 0; + + while (datarecv < header[0]) { + struct pollfd pfd; + int bufrecv; + int res; + + *errnop = 0; + pfd.fd = sss_cli_sd; + pfd.events = POLLIN; + + res = poll(&pfd, 1, SSS_CLI_SOCKET_TIMEOUT); + switch (res) { + case -1: + *errnop = errno; + break; + case 0: + *errnop = ETIME; + break; + case 1: + if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { + *errnop = EPIPE; + } + if (!(pfd.revents & POLLIN)) { + *errnop = EBUSY; + } + break; + default: /* more than one avail ?? */ + *errnop = EBADF; + break; + } + if (*errnop) { + sss_cli_close_socket(); + return NSS_STATUS_UNAVAIL; + } + + if (datarecv < SSS_NSS_HEADER_SIZE) { + res = read(sss_cli_sd, + (char *)header + datarecv, + SSS_NSS_HEADER_SIZE - datarecv); + } else { + bufrecv = datarecv - SSS_NSS_HEADER_SIZE; + res = read(sss_cli_sd, + (char *)(*buf) + bufrecv, + header[0] - datarecv); + } + + if ((res == -1) || (res == 0)) { + + /* Read failed. I think the only useful thing + * we can do here is just return -1 and fail + * since the transaction has failed half way + * through. */ + + sss_cli_close_socket(); + *errnop = errno; + return NSS_STATUS_UNAVAIL; + } + + datarecv += res; + + if (datarecv == SSS_NSS_HEADER_SIZE && *len == 0) { + /* at this point recv buf is not yet + * allocated and the header has just + * been read, do checks and proceed */ + if (header[2] != 0) { + /* server side error */ + sss_cli_close_socket(); + *errnop = header[2]; + if (*errnop == EAGAIN) { + return NSS_STATUS_TRYAGAIN; + } else { + return NSS_STATUS_UNAVAIL; + } + } + if (header[1] != cmd) { + /* wrong command id */ + sss_cli_close_socket(); + *errnop = EBADMSG; + return NSS_STATUS_UNAVAIL; + } + if (header[0] > SSS_NSS_HEADER_SIZE) { + *len = header[0] - SSS_NSS_HEADER_SIZE; + *buf = malloc(*len); + if (!*buf) { + sss_cli_close_socket(); + *errnop = ENOMEM; + return NSS_STATUS_UNAVAIL; + } + } + } + } + + return NSS_STATUS_SUCCESS; +} + +/* this function will check command codes match and returned length is ok */ +/* repbuf and replen report only the data section not the header */ +static enum nss_status sss_nss_make_request_nochecks( + enum sss_cli_command cmd, + struct sss_cli_req_data *rd, + uint8_t **repbuf, size_t *replen, + int *errnop) +{ + enum nss_status ret; + uint8_t *buf = NULL; + int len = 0; + + /* send data */ + ret = sss_nss_send_req(cmd, rd, errnop); + if (ret != NSS_STATUS_SUCCESS) { + return ret; + } + + /* data sent, now get reply */ + ret = sss_nss_recv_rep(cmd, &buf, &len, errnop); + if (ret != NSS_STATUS_SUCCESS) { + return ret; + } + + /* we got through, now we have the custom data in buf if any, + * return it if requested */ + if (repbuf && buf) { + *repbuf = buf; + if (replen) { + *replen = len; + } + } else { + free(buf); + if (replen) { + *replen = 0; + } + } + + return NSS_STATUS_SUCCESS; +} + +/* GET_VERSION Reply: + * 0-3: 32bit unsigned version number + */ + +static int sss_nss_check_version(void) +{ + uint8_t *repbuf; + size_t replen; + enum nss_status nret; + int errnop; + int res = NSS_STATUS_UNAVAIL; + + nret = sss_nss_make_request_nochecks(SSS_GET_VERSION, NULL, + &repbuf, &replen, &errnop); + if (nret != NSS_STATUS_SUCCESS) { + return nret; + } + + if (!repbuf) { + return res; + } + + if (((uint32_t *)repbuf)[0] == SSS_PROTOCOL_VERSION) { + res = NSS_STATUS_SUCCESS; + } + + free(repbuf); + return res; +} + +/* this 2 functions are adapted from samba3 winbinbd's wb_common.c */ + +/* Make sure socket handle isn't stdin (0), stdout(1) or stderr(2) by setting + * the limit to 3 */ +#define RECURSION_LIMIT 3 + +static int make_nonstd_fd_internals(int fd, int limit) +{ + int new_fd; + if (fd >= 0 && fd <= 2) { +#ifdef F_DUPFD + if ((new_fd = fcntl(fd, F_DUPFD, 3)) == -1) { + return -1; + } + /* Paranoia */ + if (new_fd < 3) { + close(new_fd); + return -1; + } + close(fd); + return new_fd; +#else + if (limit <= 0) + return -1; + + new_fd = dup(fd); + if (new_fd == -1) + return -1; + + /* use the program stack to hold our list of FDs to close */ + new_fd = make_nonstd_fd_internals(new_fd, limit - 1); + close(fd); + return new_fd; +#endif + } + return fd; +} + +/**************************************************************************** + Set a fd into blocking/nonblocking mode. Uses POSIX O_NONBLOCK if available, + else + if SYSV use O_NDELAY + if BSD use FNDELAY + Set close on exec also. +****************************************************************************/ + +static int make_safe_fd(int fd) +{ + int result, flags; + int new_fd = make_nonstd_fd_internals(fd, RECURSION_LIMIT); + if (new_fd == -1) { + close(fd); + return -1; + } + + /* Socket should be nonblocking. */ +#ifdef O_NONBLOCK +#define FLAG_TO_SET O_NONBLOCK +#else +#ifdef SYSV +#define FLAG_TO_SET O_NDELAY +#else /* BSD */ +#define FLAG_TO_SET FNDELAY +#endif +#endif + + if ((flags = fcntl(new_fd, F_GETFL)) == -1) { + close(new_fd); + return -1; + } + + flags |= FLAG_TO_SET; + if (fcntl(new_fd, F_SETFL, flags) == -1) { + close(new_fd); + return -1; + } + +#undef FLAG_TO_SET + + /* Socket should be closed on exec() */ +#ifdef FD_CLOEXEC + result = flags = fcntl(new_fd, F_GETFD, 0); + if (flags >= 0) { + flags |= FD_CLOEXEC; + result = fcntl( new_fd, F_SETFD, flags ); + } + if (result < 0) { + close(new_fd); + return -1; + } +#endif + return new_fd; +} + +static int sss_nss_open_socket(int *errnop, const char *socket_name) +{ + struct sockaddr_un nssaddr; + int inprogress = 1; + int wait_time, sleep_time; + int sd; + + memset(&nssaddr, 0, sizeof(struct sockaddr_un)); + nssaddr.sun_family = AF_UNIX; + strncpy(nssaddr.sun_path, socket_name, + strlen(socket_name) + 1); + + sd = socket(AF_UNIX, SOCK_STREAM, 0); + if (sd == -1) { + *errnop = errno; + return -1; + } + + /* set as non-blocking, close on exec, and make sure standard + * descriptors are not used */ + sd = make_safe_fd(sd); + if (sd == -1) { + *errnop = errno; + return -1; + } + + /* this piece is adapted from winbind client code */ + wait_time = 0; + sleep_time = 0; + while(inprogress) { + int connect_errno = 0; + socklen_t errnosize; + struct timeval tv; + fd_set w_fds; + int ret; + + wait_time += sleep_time; + + ret = connect(sd, (struct sockaddr *)&nssaddr, + sizeof(nssaddr)); + if (ret == 0) { + return sd; + } + + switch(errno) { + case EINPROGRESS: + FD_ZERO(&w_fds); + FD_SET(sd, &w_fds); + tv.tv_sec = SSS_CLI_SOCKET_TIMEOUT - wait_time; + tv.tv_usec = 0; + + ret = select(sd + 1, NULL, &w_fds, NULL, &tv); + + if (ret > 0) { + errnosize = sizeof(connect_errno); + ret = getsockopt(sd, SOL_SOCKET, SO_ERROR, + &connect_errno, &errnosize); + if (ret >= 0 && connect_errno == 0) { + return sd; + } + } + wait_time += SSS_CLI_SOCKET_TIMEOUT; + break; + case EAGAIN: + if (wait_time < SSS_CLI_SOCKET_TIMEOUT) { + sleep_time = rand() % 2 + 1; + sleep(sleep_time); + } + break; + default: + *errnop = errno; + inprogress = 0; + break; + } + + if (wait_time >= SSS_CLI_SOCKET_TIMEOUT) { + inprogress = 0; + } + } + + /* if we get here connect() failed or we timed out */ + + close(sd); + return -1; +} + +static enum sss_status sss_cli_check_socket(int *errnop, const char *socket_name) +{ + static pid_t mypid; + int mysd; + + if (getpid() != mypid) { + sss_cli_close_socket(); + mypid = getpid(); + } + + /* check if the socket has been closed on the other side */ + if (sss_cli_sd != -1) { + struct pollfd pfd; + int res; + + *errnop = 0; + pfd.fd = sss_cli_sd; + pfd.events = POLLIN | POLLOUT; + + res = poll(&pfd, 1, SSS_CLI_SOCKET_TIMEOUT); + switch (res) { + case -1: + *errnop = errno; + break; + case 0: + *errnop = ETIME; + break; + case 1: + if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { + *errnop = EPIPE; + } + if (!(pfd.revents & (POLLIN | POLLOUT))) { + *errnop = EBUSY; + } + break; + default: /* more than one avail ?? */ + *errnop = EBADF; + break; + } + if (*errnop) { + sss_cli_close_socket(); + return SSS_STATUS_UNAVAIL; + } + + return SSS_STATUS_SUCCESS; + } + + mysd = sss_nss_open_socket(errnop, socket_name); + if (mysd == -1) { + return SSS_STATUS_UNAVAIL; + } + + sss_cli_sd = mysd; + + if (sss_nss_check_version()) { + return SSS_STATUS_SUCCESS; + } + + sss_cli_close_socket(); + *errnop = EFAULT; + return SSS_STATUS_UNAVAIL; +} + +/* this function will check command codes match and returned length is ok */ +/* repbuf and replen report only the data section not the header */ +enum nss_status sss_nss_make_request(enum sss_cli_command cmd, + struct sss_cli_req_data *rd, + uint8_t **repbuf, size_t *replen, + int *errnop) +{ + enum nss_status ret; + char *envval; + + /* avoid looping in the nss daemon */ + envval = getenv("_SSS_LOOPS"); + if (envval && strcmp(envval, "NO") == 0) { + return NSS_STATUS_NOTFOUND; + } + + ret = sss_cli_check_socket(errnop, SSS_NSS_SOCKET_NAME); + if (ret != SSS_STATUS_SUCCESS) { + return NSS_STATUS_UNAVAIL; + } + + return sss_nss_make_request_nochecks(cmd, rd, repbuf, replen, errnop); +} + +int sss_pam_make_request(enum sss_cli_command cmd, + struct sss_cli_req_data *rd, + uint8_t **repbuf, size_t *replen, + int *errnop) +{ + int ret; + char *envval; + struct stat stat_buf; + + /* avoid looping in the pam daemon */ + envval = getenv("_SSS_LOOPS"); + if (envval && strcmp(envval, "NO") == 0) { + return PAM_SERVICE_ERR; + } + + /* only root shall use the privileged pipe */ + if (getuid() == 0 && getgid() == 0) { + ret = stat(SSS_PAM_PRIV_SOCKET_NAME, &stat_buf); + if (ret != 0) return PAM_SERVICE_ERR; + if ( ! (stat_buf.st_uid == 0 && + stat_buf.st_gid == 0 && + (stat_buf.st_mode&(S_IFSOCK|S_IRUSR|S_IWUSR)) == stat_buf.st_mode)) { + return PAM_SERVICE_ERR; + } + + ret = sss_cli_check_socket(errnop, SSS_PAM_PRIV_SOCKET_NAME); + } else { + ret = sss_cli_check_socket(errnop, SSS_PAM_SOCKET_NAME); + } + if (ret != NSS_STATUS_SUCCESS) { + return PAM_SERVICE_ERR; + } + + return sss_nss_make_request_nochecks(cmd, rd, repbuf, replen, errnop); +} diff --git a/server/sss_client/exports.linux b/server/sss_client/exports.linux new file mode 100644 index 0000000..bcc6b10 --- /dev/null +++ b/server/sss_client/exports.linux @@ -0,0 +1,73 @@ +EXPORTED { + + # public functions + global: + + _nss_sss_getpwnam_r; + _nss_sss_getpwuid_r; + _nss_sss_setpwent; + _nss_sss_getpwent_r; + _nss_sss_endpwent; + + _nss_sss_getgrnam_r; + _nss_sss_getgrgid_r; + _nss_sss_setgrent; + _nss_sss_getgrent_r; + _nss_sss_endgrent; + _nss_sss_initgroups_dyn; + + #_nss_sss_getaliasbyname_r; + #_nss_sss_setaliasent; + #_nss_sss_getaliasent_r; + #_nss_sss_endaliasent; + + #_nss_sss_gethostton_r; + #_nss_sss_getntohost_r; + #_nss_sss_setetherent; + #_nss_sss_getetherent_r; + #_nss_sss_endetherent; + + #_nss_sss_gethostbyname_r; + #_nss_sss_gethostbyname2_r; + #_nss_sss_gethostbyaddr_r; + #_nss_sss_sethostent; + #_nss_sss_gethostent_r; + #_nss_sss_endhostent; + + #_nss_sss_setnetgrent; + #_nss_sss_getnetgrent_r; + #_nss_sss_endnetgrent; + + #_nss_sss_getnetbyname_r; + #_nss_sss_getnetbyaddr_r; + #_nss_sss_setnetent; + #_nss_sss_getnetent_r; + #_nss_sss_endnetent; + + #_nss_sss_getprotobyname_r; + #_nss_sss_getprotobynumber_r; + #_nss_sss_setprotoent; + #_nss_sss_getprotoent_r; + #_nss_sss_endprotoent; + + #_nss_sss_getrpcbyname_r; + #_nss_sss_getrpcbynumber_r; + #_nss_sss_setrpcent; + #_nss_sss_getrpcent_r; + #_nss_sss_endrpcent; + + #_nss_sss_getservbyname_r; + #_nss_sss_getservbyport_r; + #_nss_sss_setservent; + #_nss_sss_getservent_r; + #_nss_sss_endservent; + + #_nss_sss_getspnam_r; + #_nss_sss_setspent; + #_nss_sss_getspent_r; + #_nss_sss_endspent; + + # everything else is local + local: + *; +}; diff --git a/server/sss_client/group.c b/server/sss_client/group.c new file mode 100644 index 0000000..4ba11e3 --- /dev/null +++ b/server/sss_client/group.c @@ -0,0 +1,425 @@ +/* + * System Security Services Daemon. NSS client interface + * + * Copyright (C) Simo Sorce 2007 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* GROUP database NSS interface */ + +#include +#include +#include +#include +#include +#include +#include +#include "sss_cli.h" + +static struct sss_nss_getgrent_data { + size_t len; + size_t ptr; + uint8_t *data; +} sss_nss_getgrent_data; + +static void sss_nss_getgrent_data_clean(void) { + + if (sss_nss_getgrent_data.data != NULL) { + free(sss_nss_getgrent_data.data); + sss_nss_getgrent_data.data = NULL; + } + sss_nss_getgrent_data.len = 0; + sss_nss_getgrent_data.ptr = 0; +} + +/* GETGRNAM Request: + * + * 0-X: string with name + * + * GERTGRGID Request: + * + * 0-7: 32bit number with gid + * + * INITGROUPS Request: + * + * 0-3: 32bit number with gid + * 4-7: 32bit unsigned with max num of entries + * + * Replies: + * + * 0-3: 32bit unsigned number of results + * 4-7: 32bit unsigned (reserved/padding) + * For each result (64bit padded ?): + * 0-3: 32bit number gid + * 4-7: 32bit unsigned number of members + * 8-X: sequence of 0 terminated strings (name, passwd, mem..) + */ +struct sss_nss_gr_rep { + struct group *result; + char *buffer; + size_t buflen; +}; + +static int sss_nss_getgr_readrep(struct sss_nss_gr_rep *pr, + uint8_t *buf, size_t *len) +{ + size_t i, l, slen, ptmem; + ssize_t dlen; + char *sbuf; + uint32_t mem_num; + int err; + + if (*len < 11) { /* not enough space for data, bad packet */ + return EBADMSG; + } + + pr->result->gr_gid = ((uint32_t *)buf)[0]; + mem_num = ((uint32_t *)buf)[1]; + + sbuf = (char *)&buf[8]; + slen = *len - 8; + dlen = pr->buflen; + + pr->result->gr_name = &(pr->buffer[0]); + i = 0; + while (slen > i && dlen > 0) { + pr->buffer[i] = sbuf[i]; + if (pr->buffer[i] == '\0') break; + i++; + dlen--; + } + if (slen <= i) { /* premature end of buf */ + return EBADMSG; + } + if (dlen <= 0) { /* not enough memory */ + return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ + } + i++; + dlen--; + + pr->result->gr_passwd = &(pr->buffer[i]); + while (slen > i && dlen > 0) { + pr->buffer[i] = sbuf[i]; + if (pr->buffer[i] == '\0') break; + i++; + dlen--; + } + if (slen <= i) { /* premature end of buf */ + return EBADMSG; + } + if (dlen <= 0) { /* not enough memory */ + return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ + } + i++; + dlen--; + + /* now members */ + pr->result->gr_mem = (char **)&(pr->buffer[i]); + ptmem = sizeof(char *) * (mem_num + 1); + dlen -= ptmem; + if (0 > dlen) { /* not enough mem in buffer */ + return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ + } + ptmem += i; + pr->result->gr_mem[mem_num] = NULL; /* terminate array */ + + for (l = 0; l < mem_num; l++) { + pr->result->gr_mem[l] = &(pr->buffer[ptmem]); + while ((slen > i) && (dlen > 0)) { + pr->buffer[ptmem] = sbuf[i]; + i++; + dlen--; + if (pr->buffer[ptmem] == '\0') break; + ptmem++; + } + if (pr->buffer[ptmem] != '\0') { + if (slen <= i) { /* premature end of buf */ + return EBADMSG; + } + if (dlen <= 0) { /* not enough memory */ + return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ + } + } + ptmem++; + } + + *len = slen -i; + return 0; +} + +/* INITGROUP Reply: + * + * 0-3: 32bit unsigned number of results + * 4-7: 32bit unsigned (reserved/padding) + * For each result: + * 0-4: 32bit number with gid + */ + + +enum nss_status _nss_sss_initgroups_dyn(const char *user, gid_t group, + long int *start, long int *size, + gid_t **groups, long int limit, + int *errnop) +{ + struct sss_cli_req_data rd; + uint8_t *repbuf; + size_t replen; + enum nss_status nret; + uint32_t *rbuf; + uint32_t num_ret; + long int l, max_ret; + + rd.len = strlen(user) +1; + rd.data = user; + + nret = sss_nss_make_request(SSS_NSS_INITGR, &rd, + &repbuf, &replen, errnop); + if (nret != NSS_STATUS_SUCCESS) { + return nret; + } + + /* no results if not found */ + num_ret = ((uint32_t *)repbuf)[0]; + if (num_ret == 0) { + free(repbuf); + return NSS_STATUS_NOTFOUND; + } + max_ret = num_ret; + + /* check we have enough space in the buffer */ + if ((*size - *start) < num_ret) { + long int newsize; + gid_t *newgroups; + + newsize = *size + num_ret; + if ((limit > 0) && (newsize > limit)) { + newsize = limit; + max_ret = newsize - *start; + } + + newgroups = (gid_t *)realloc((*groups), newsize * sizeof(**groups)); + if (!newgroups) { + *errnop = ENOMEM; + free(repbuf); + return NSS_STATUS_TRYAGAIN; + } + *groups = newgroups; + *size = newsize; + } + + rbuf = &((uint32_t *)repbuf)[2]; + for (l = 0; l < max_ret; l++) { + (*groups)[*start] = rbuf[l]; + *start += 1; + } + + return NSS_STATUS_SUCCESS; +} + + +enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result, + char *buffer, size_t buflen, int *errnop) +{ + struct sss_cli_req_data rd; + struct sss_nss_gr_rep grrep; + uint8_t *repbuf; + size_t replen, len; + enum nss_status nret; + int ret; + + rd.len = strlen(name) + 1; + rd.data = name; + + nret = sss_nss_make_request(SSS_NSS_GETGRNAM, &rd, + &repbuf, &replen, errnop); + if (nret != NSS_STATUS_SUCCESS) { + return nret; + } + + grrep.result = result; + grrep.buffer = buffer; + grrep.buflen = buflen; + + /* no results if not found */ + if (((uint32_t *)repbuf)[0] == 0) { + free(repbuf); + return NSS_STATUS_NOTFOUND; + } + + /* only 1 result is accepted for this function */ + if (((uint32_t *)repbuf)[0] != 1) { + *errnop = EBADMSG; + return NSS_STATUS_TRYAGAIN; + } + + len = replen - 8; + ret = sss_nss_getgr_readrep(&grrep, repbuf+8, &len); + free(repbuf); + if (ret) { + *errnop = ret; + return NSS_STATUS_TRYAGAIN; + } + + return NSS_STATUS_SUCCESS; +} + +enum nss_status _nss_sss_getgrgid_r(gid_t gid, struct group *result, + char *buffer, size_t buflen, int *errnop) +{ + struct sss_cli_req_data rd; + struct sss_nss_gr_rep grrep; + uint8_t *repbuf; + size_t replen, len; + enum nss_status nret; + uint32_t group_gid; + int ret; + + group_gid = gid; + rd.len = sizeof(uint32_t); + rd.data = &group_gid; + + nret = sss_nss_make_request(SSS_NSS_GETGRGID, &rd, + &repbuf, &replen, errnop); + if (nret != NSS_STATUS_SUCCESS) { + return nret; + } + + grrep.result = result; + grrep.buffer = buffer; + grrep.buflen = buflen; + + /* no results if not found */ + if (((uint32_t *)repbuf)[0] == 0) { + free(repbuf); + return NSS_STATUS_NOTFOUND; + } + + /* only 1 result is accepted for this function */ + if (((uint32_t *)repbuf)[0] != 1) { + *errnop = EBADMSG; + return NSS_STATUS_TRYAGAIN; + } + + len = replen - 8; + ret = sss_nss_getgr_readrep(&grrep, repbuf+8, &len); + free(repbuf); + if (ret) { + *errnop = ret; + return NSS_STATUS_TRYAGAIN; + } + + return NSS_STATUS_SUCCESS; +} + +enum nss_status _nss_sss_setgrent(void) +{ + enum nss_status nret; + int errnop; + + /* make sure we do not have leftovers, and release memory */ + sss_nss_getgrent_data_clean(); + + nret = sss_nss_make_request(SSS_NSS_SETGRENT, + NULL, NULL, NULL, &errnop); + if (nret != NSS_STATUS_SUCCESS) { + errno = errnop; + return nret; + } + + return NSS_STATUS_SUCCESS; +} + +enum nss_status _nss_sss_getgrent_r(struct group *result, + char *buffer, size_t buflen, int *errnop) +{ + struct sss_cli_req_data rd; + struct sss_nss_gr_rep grrep; + uint8_t *repbuf; + size_t replen; + enum nss_status nret; + uint32_t num_entries; + int ret; + + /* if there are leftovers return the next one */ + if (sss_nss_getgrent_data.data != NULL && + sss_nss_getgrent_data.ptr < sss_nss_getgrent_data.len) { + + repbuf = (uint8_t *)sss_nss_getgrent_data.data + + sss_nss_getgrent_data.ptr; + replen = sss_nss_getgrent_data.len - + sss_nss_getgrent_data.ptr; + + grrep.result = result; + grrep.buffer = buffer; + grrep.buflen = buflen; + + ret = sss_nss_getgr_readrep(&grrep, repbuf, &replen); + if (ret) { + *errnop = ret; + return NSS_STATUS_TRYAGAIN; + } + + /* advance buffer pointer */ + sss_nss_getgrent_data.ptr = sss_nss_getgrent_data.len - replen; + + return NSS_STATUS_SUCCESS; + } + + /* release memory if any */ + sss_nss_getgrent_data_clean(); + + /* retrieve no more than SSS_NSS_MAX_ENTRIES at a time */ + num_entries = SSS_NSS_MAX_ENTRIES; + rd.len = sizeof(uint32_t); + rd.data = &num_entries; + + nret = sss_nss_make_request(SSS_NSS_GETGRENT, &rd, + &repbuf, &replen, errnop); + if (nret != NSS_STATUS_SUCCESS) { + return nret; + } + + /* no results if not found */ + if ((((uint32_t *)repbuf)[0] == 0) || (replen - 8 == 0)) { + free(repbuf); + return NSS_STATUS_NOTFOUND; + } + + sss_nss_getgrent_data.data = repbuf; + sss_nss_getgrent_data.len = replen; + sss_nss_getgrent_data.ptr = 8; /* skip metadata fields */ + + /* call again ourselves, this will return the first result */ + return _nss_sss_getgrent_r(result, buffer, buflen, errnop); +} + +enum nss_status _nss_sss_endgrent(void) +{ + enum nss_status nret; + int errnop; + + /* make sure we do not have leftovers, and release memory */ + sss_nss_getgrent_data_clean(); + + nret = sss_nss_make_request(SSS_NSS_ENDGRENT, + NULL, NULL, NULL, &errnop); + if (nret != NSS_STATUS_SUCCESS) { + errno = errnop; + return nret; + } + + return NSS_STATUS_SUCCESS; +} diff --git a/server/sss_client/pam_sss.c b/server/sss_client/pam_sss.c new file mode 100644 index 0000000..6fb7637 --- /dev/null +++ b/server/sss_client/pam_sss.c @@ -0,0 +1,429 @@ + +#define PAM_SM_AUTH +#define PAM_SM_ACCOUNT +#define PAM_SM_SESSION +#define PAM_SM_PASSWORD + +#include +#include +#include +#include +#include +#include + +#include "sss_cli.h" + +struct pam_items { + const char* pam_service; + const char* pam_user; + const char* pam_tty; + const char* pam_ruser; + const char* pam_rhost; + const char* pam_authtok; + const char* pam_newauthtok; + const char* pamstack_authtok; + const char* pamstack_oldauthtok; + int pam_service_size; + int pam_user_size; + int pam_tty_size; + int pam_ruser_size; + int pam_rhost_size; + int pam_authtok_type; + int pam_authtok_size; + int pam_newauthtok_type; + int pam_newauthtok_size; +}; + +static int eval_response(pam_handle_t *pamh, int buflen, uint8_t *buf) +{ + int ret; + int p=0; + char *env_item; + int32_t *c; + int32_t *type; + int32_t *len; + int32_t *pam_status; + + pam_status = ((int32_t *)(buf+p)); + p += sizeof(int32_t); + + + c = ((int32_t *)(buf+p)); + p += sizeof(int32_t); + + while(*c>0) { + type = ((int32_t *)(buf+p)); + p += sizeof(int32_t); + len = ((int32_t *)(buf+p)); + p += sizeof(int32_t); + switch(*type) { + case PAM_USER_INFO: + D(("user info: [%s]", &buf[p])); + break; + case PAM_DOMAIN_NAME: + D(("domain name: [%s]", &buf[p])); + break; + case ENV_ITEM: + case PAM_ENV_ITEM: + case ALL_ENV_ITEM: + if (buf[p + (*len -1)] != '\0') { + D(("env item does not end with \\0.\n")); + break; + } + + D(("env item: [%s]", &buf[p])); + if (*type == PAM_ENV_ITEM || *type == ALL_ENV_ITEM) { + ret = pam_putenv(pamh, (char *)&buf[p]); + if (ret != PAM_SUCCESS) { + D(("pam_putenv failed.\n")); + break; + } + } + + if (*type == ENV_ITEM || *type == ALL_ENV_ITEM) { + env_item = strdup((char *)&buf[p]); + if (env_item == NULL) { + D(("strdup failed\n")); + break; + } + ret = putenv(env_item); + if (ret == -1) { + D(("putenv failed.\n")); + break; + } + } + break; + } + p += *len; + + --(*c); + } + + return 0; +} + +static int get_pam_items(pam_handle_t *pamh, struct pam_items *pi) +{ + int ret; + + ret = pam_get_item(pamh, PAM_SERVICE, (const void **) &(pi->pam_service)); + if (ret != PAM_SUCCESS) return ret; + if (pi->pam_service == NULL) pi->pam_service=""; + pi->pam_service_size=strlen(pi->pam_service)+1; + + ret = pam_get_item(pamh, PAM_USER, (const void **) &(pi->pam_user)); + if (ret != PAM_SUCCESS) return ret; + if (pi->pam_user == NULL) pi->pam_user=""; + pi->pam_user_size=strlen(pi->pam_user)+1; + + ret = pam_get_item(pamh, PAM_TTY, (const void **) &(pi->pam_tty)); + if (ret != PAM_SUCCESS) return ret; + if (pi->pam_tty == NULL) pi->pam_tty=""; + pi->pam_tty_size=strlen(pi->pam_tty)+1; + + ret = pam_get_item(pamh, PAM_RUSER, (const void **) &(pi->pam_ruser)); + if (ret != PAM_SUCCESS) return ret; + if (pi->pam_ruser == NULL) pi->pam_ruser=""; + pi->pam_ruser_size=strlen(pi->pam_ruser)+1; + + ret = pam_get_item(pamh, PAM_RHOST, (const void **) &(pi->pam_rhost)); + if (ret != PAM_SUCCESS) return ret; + if (pi->pam_rhost == NULL) pi->pam_rhost=""; + pi->pam_rhost_size=strlen(pi->pam_rhost)+1; + + ret = pam_get_item(pamh, PAM_AUTHTOK, (const void **) &(pi->pamstack_authtok)); + if (ret != PAM_SUCCESS) return ret; + if (pi->pamstack_authtok == NULL) pi->pamstack_authtok=""; + + ret = pam_get_item(pamh, PAM_OLDAUTHTOK, (const void **) &(pi->pamstack_oldauthtok)); + if (ret != PAM_SUCCESS) return ret; + if (pi->pamstack_oldauthtok == NULL) pi->pamstack_oldauthtok=""; + + return PAM_SUCCESS; +} + +static void print_pam_items(struct pam_items pi) +{ + D(("Service: %s", *pi.pam_service!='\0' ? pi.pam_service : "(not available)")); + D(("User: %s", *pi.pam_user!='\0' ? pi.pam_user : "(not available)")); + D(("Tty: %s", *pi.pam_tty!='\0' ? pi.pam_tty : "(not available)")); + D(("Ruser: %s", *pi.pam_ruser!='\0' ? pi.pam_ruser : "(not available)")); + D(("Rhost: %s", *pi.pam_rhost!='\0' ? pi.pam_rhost : "(not available)")); + D(("Authtok: %s", *pi.pamstack_authtok!='\0' ? pi.pamstack_authtok : "(not available)")); + D(("Oldauthtok: %s", *pi.pamstack_oldauthtok!='\0' ? pi.pamstack_oldauthtok : "(not available)")); +} + +static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc, + const char **argv) +{ + int ret; + int errnop; + int c; + struct pam_items pi; + struct sss_cli_req_data rd; + uint8_t *repbuf=NULL; + size_t replen; + size_t rp; + char *buf=NULL; + struct pam_conv *conv; + struct pam_message *mesg[1]; + struct pam_response *resp=NULL; + int pam_status; + char *newpwd[2]; + + D(("Hello pam_sssd: %d", task)); + +/* TODO: add useful prelim check */ + if (task == SSS_PAM_CHAUTHTOK && (flags & PAM_PRELIM_CHECK)) { + D(("ignoring PAM_PRELIM_CHECK")); + return PAM_SUCCESS; + } + + ret = get_pam_items(pamh, &pi); + if (ret != PAM_SUCCESS) { + D(("get items returned error: %s", pam_strerror(pamh,ret))); + return ret; + } + + pi.pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY; + pi.pam_authtok = NULL; + pi.pam_authtok_size = 0; + pi.pam_newauthtok_type = SSS_AUTHTOK_TYPE_EMPTY; + pi.pam_newauthtok = NULL; + pi.pam_newauthtok_size = 0; +/* according to pam_conv(3) only one message should be requested by conv to + * keep compatibility to Solaris. Therefore we make separate calls to request + * AUTHTOK and OLDAUTHTOK. */ + if ( task == SSS_PAM_AUTHENTICATE || + (task == SSS_PAM_CHAUTHTOK && getuid() != 0)) { + ret=pam_get_item(pamh, PAM_CONV, (const void **) &conv); + if (ret != PAM_SUCCESS) return ret; + + mesg[0] = malloc(sizeof(struct pam_message)); + if (mesg[0] == NULL) { + D(("Malloc failed.\n")); + return PAM_SYSTEM_ERR; + } + mesg[0]->msg_style = PAM_PROMPT_ECHO_OFF; + mesg[0]->msg = strdup("Password: "); + + ret=conv->conv(1, (const struct pam_message **) mesg, &resp, + conv->appdata_ptr); + free((void *)mesg[0]->msg); + free(mesg[0]); + if (ret != PAM_SUCCESS) { + D(("Conversation failure: %s.\n", pam_strerror(pamh,ret))); + pam_status = ret; + goto done; + } + + if (resp[0].resp == NULL) { + D(("Empty password\n")); + pi.pam_authtok = NULL; + pi.pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY; + } else { + pi.pam_authtok = strdup(resp[0].resp); + pi.pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD; + } + pi.pam_authtok_size=strlen(pi.pam_authtok); + } + + if (task == SSS_PAM_CHAUTHTOK) { + ret=pam_get_item(pamh, PAM_CONV, (const void **) &conv); + if (ret != PAM_SUCCESS) return ret; + + mesg[0] = malloc(sizeof(struct pam_message)); + if (mesg[0] == NULL) { + D(("Malloc failed.\n")); + return PAM_SYSTEM_ERR; + } + mesg[0]->msg_style = PAM_PROMPT_ECHO_OFF; + mesg[0]->msg = strdup("New Password: "); + + c = 0; + do { + ret=conv->conv(1, (const struct pam_message **) mesg, &resp, + conv->appdata_ptr); + free((void *)mesg[0]->msg); + if (ret != PAM_SUCCESS) { + D(("Conversation failure: %s.\n", pam_strerror(pamh,ret))); + pam_status = ret; + goto done; + } + + newpwd[c++] = strdup(resp[0].resp); + _pam_overwrite((void *)resp[0].resp); + free(resp[0].resp); + free(resp); + resp = NULL; + + mesg[0]->msg = strdup("Reenter new password: "); + } while(c < 2); + free(mesg[0]); + + if (strcmp(newpwd[0],newpwd[1]) != 0) { + pam_status = PAM_AUTHTOK_ERR; + goto done; + } + + if (newpwd[0] == NULL) { + D(("Empty password\n")); + pi.pam_newauthtok = NULL; + pi.pam_newauthtok_type = SSS_AUTHTOK_TYPE_EMPTY; + } else { + pi.pam_newauthtok = strdup(newpwd[0]); + pi.pam_newauthtok_type = SSS_AUTHTOK_TYPE_PASSWORD; + } + pi.pam_newauthtok_size=strlen(pi.pam_newauthtok); + + _pam_overwrite((void *)newpwd[0]); + free(newpwd[0]); + _pam_overwrite((void *)newpwd[1]); + free(newpwd[1]); + } + + print_pam_items(pi); + + if (pi.pam_user) { + rd.len = pi.pam_user_size + + pi.pam_service_size + + pi.pam_tty_size + + pi.pam_ruser_size + + pi.pam_rhost_size + + 2*sizeof(uint32_t) + pi.pam_authtok_size + + 2*sizeof(uint32_t) + pi.pam_newauthtok_size + + sizeof(uint32_t); + buf = malloc(rd.len); + + memcpy(buf, pi.pam_user, pi.pam_user_size); + rp = pi.pam_user_size; + + memcpy(&buf[rp], pi.pam_service, pi.pam_service_size); + rp += pi.pam_service_size; + + memcpy(&buf[rp], pi.pam_tty, pi.pam_tty_size); + rp += pi.pam_tty_size; + + memcpy(&buf[rp], pi.pam_ruser, pi.pam_ruser_size); + rp += pi.pam_ruser_size; + + memcpy(&buf[rp], pi.pam_rhost, pi.pam_rhost_size); + rp += pi.pam_rhost_size; + + ((uint32_t *)(&buf[rp]))[0] = pi.pam_authtok_type; + rp += sizeof(uint32_t); + ((uint32_t *)(&buf[rp]))[0] = pi.pam_authtok_size; + rp += sizeof(uint32_t); + memcpy(&buf[rp], pi.pam_authtok, pi.pam_authtok_size); + rp += pi.pam_authtok_size; + _pam_overwrite((void *)pi.pam_authtok); + free((void *)pi.pam_authtok); + + ((uint32_t *)(&buf[rp]))[0] = pi.pam_newauthtok_type; + rp += sizeof(uint32_t); + ((uint32_t *)(&buf[rp]))[0] = pi.pam_newauthtok_size; + rp += sizeof(uint32_t); + memcpy(&buf[rp], pi.pam_newauthtok, pi.pam_newauthtok_size); + rp += pi.pam_newauthtok_size; + _pam_overwrite((void *)pi.pam_newauthtok); + free((void *)pi.pam_newauthtok); + + ((uint32_t *)(&buf[rp]))[0] = END_OF_PAM_REQUEST; + rp += sizeof(uint32_t); + + if (rp != rd.len) { + D(("error during packet creation.")); + pam_status = PAM_ABORT; + goto done; + } + rd.data = buf; + + ret = sss_pam_make_request(task, &rd, &repbuf, &replen, &errnop); + + if (ret != NSS_STATUS_SUCCESS) { + D(("sss_pam_make_request failed.")); + pam_status = ret; + goto done; + } + +/* FIXME: add an end signature */ + if (replen +#endif + +#include +#include + +#include +#include + +static struct pam_conv conv = { + misc_conv, + NULL +}; + +int main(int argc, char *argv[]) { + + pam_handle_t *pamh; + char *user; + char *action; + int ret; + + if (argc == 1) { + fprintf(stderr, "missing action and user name, using default\n"); + action = strdup("auth"); + user = strdup("dummy"); + } else if (argc == 2) { + fprintf(stdout, "using first argument as action and default user name\n"); + action = strdup(argv[1]); + user = strdup("dummy"); + } else { + action = strdup(argv[1]); + user = strdup(argv[2]); + } + + fprintf(stdout, "action: %s\nuser: %s\n", action,user); + + ret = pam_start("sss_test", user, &conv, &pamh); + if (ret != PAM_SUCCESS) { + fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, ret)); + return 1; + } + + if ( strncmp(action, "auth", 4)== 0 ) { + fprintf(stdout, "testing pam_authenticate\n"); + ret = pam_authenticate(pamh, 0); + fprintf(stderr, "pam_authenticate: %s\n", pam_strerror(pamh, ret)); + } else if ( strncmp(action, "chau", 4)== 0 ) { + fprintf(stdout, "testing pam_chauthtok\n"); + ret = pam_chauthtok(pamh, 0); + fprintf(stderr, "pam_chauthtok: %s\n", pam_strerror(pamh, ret)); + } else if ( strncmp(action, "acct", 4)== 0 ) { + fprintf(stdout, "testing pam_acct_mgmt\n"); + ret = pam_acct_mgmt(pamh, 0); + fprintf(stderr, "pam_acct_mgmt: %s\n", pam_strerror(pamh, ret)); + } else if ( strncmp(action, "setc", 4)== 0 ) { + fprintf(stdout, "testing pam_setcred\n"); + ret = pam_setcred(pamh, 0); + fprintf(stderr, "pam_setcred: %d[%s]\n", ret, pam_strerror(pamh, ret)); + } else if ( strncmp(action, "open", 4)== 0 ) { + fprintf(stdout, "testing pam_open_session\n"); + ret = pam_open_session(pamh, 0); + fprintf(stderr, "pam_open_session: %s\n", pam_strerror(pamh, ret)); + } else if ( strncmp(action, "clos", 4)== 0 ) { + fprintf(stdout, "testing pam_close_session\n"); + ret = pam_close_session(pamh, 0); + fprintf(stderr, "pam_close_session: %s\n", pam_strerror(pamh, ret)); + } else { + fprintf(stderr, "unknown action\n"); + } + + pam_end(pamh, ret); + + return 0; +} diff --git a/server/sss_client/passwd.c b/server/sss_client/passwd.c new file mode 100644 index 0000000..a2ffcad --- /dev/null +++ b/server/sss_client/passwd.c @@ -0,0 +1,346 @@ +/* + * System Security Services Daemon. NSS client interface + * + * Copyright (C) Simo Sorce 2007 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* PASSWD database NSS interface */ + +#include +#include +#include +#include +#include +#include +#include +#include "sss_cli.h" + +static struct sss_nss_getpwent_data { + size_t len; + size_t ptr; + uint8_t *data; +} sss_nss_getpwent_data; + +static void sss_nss_getpwent_data_clean(void) { + + if (sss_nss_getpwent_data.data != NULL) { + free(sss_nss_getpwent_data.data); + sss_nss_getpwent_data.data = NULL; + } + sss_nss_getpwent_data.len = 0; + sss_nss_getpwent_data.ptr = 0; +} + +/* GETPWNAM Request: + * + * 0-X: string with name + * + * GERTPWUID Request: + * + * 0-3: 32bit number with uid + * + * Replies: + * + * 0-3: 32bit unsigned number of results + * 4-7: 32bit unsigned (reserved/padding) + * For each result: + * 0-3: 32bit number uid + * 4-7: 32bit number gid + * 8-X: sequence of 5, 0 terminated, strings (name, passwd, gecos, dir, shell) + */ + +struct sss_nss_pw_rep { + struct passwd *result; + char *buffer; + size_t buflen; +}; + +static int sss_nss_getpw_readrep(struct sss_nss_pw_rep *pr, + uint8_t *buf, size_t *len) +{ + size_t i, slen; + char *sbuf; + int err; + + if (*len < 13) { /* not enough space for data, bad packet */ + return EBADMSG; + } + + pr->result->pw_uid = ((uint32_t *)buf)[0]; + pr->result->pw_gid = ((uint32_t *)buf)[1]; + + sbuf = (char *)&buf[8]; + if (*len < pr->buflen) { + slen = *len; + err = EBADMSG; + } else { + slen = pr->buflen; + err = ENOMEM; + } + + pr->result->pw_name = &(pr->buffer[0]); + i = 0; + while (i < slen) { + pr->buffer[i] = sbuf[i]; + if (pr->buffer[i] == '\0') break; + i++; + } + if (i == slen) { /* premature end of buf */ + return err; + } + + i++; + pr->result->pw_passwd = &(pr->buffer[i]); + while (i < slen) { + pr->buffer[i] = sbuf[i]; + if (pr->buffer[i] == '\0') break; + i++; + } + if (i == slen) { /* premature end of buf */ + return err; + } + + i++; + pr->result->pw_gecos = &(pr->buffer[i]); + while (i < slen) { + pr->buffer[i] = sbuf[i]; + if (pr->buffer[i] == '\0') break; + i++; + } + if (i == slen) { /* premature end of buf */ + return err; + } + + i++; + pr->result->pw_dir = &(pr->buffer[i]); + while (i < slen) { + pr->buffer[i] = sbuf[i]; + if (pr->buffer[i] == '\0') break; + i++; + } + if (i == slen) { /* premature end of buf */ + return err; + } + + i++; + pr->result->pw_shell = &(pr->buffer[i]); + while (i < slen) { + pr->buffer[i] = sbuf[i]; + if (pr->buffer[i] == '\0') break; + i++; + } + if (pr->buffer[i] != '\0') { /* premature end of buf */ + return err; + } + + *len = *len -8 -i -1; + + return 0; +} + +enum nss_status _nss_sss_getpwnam_r(const char *name, struct passwd *result, + char *buffer, size_t buflen, int *errnop) +{ + struct sss_cli_req_data rd; + struct sss_nss_pw_rep pwrep; + uint8_t *repbuf; + size_t replen, len; + enum nss_status nret; + int ret; + + rd.len = strlen(name) + 1; + rd.data = name; + + nret = sss_nss_make_request(SSS_NSS_GETPWNAM, &rd, + &repbuf, &replen, errnop); + if (nret != NSS_STATUS_SUCCESS) { + return nret; + } + + pwrep.result = result; + pwrep.buffer = buffer; + pwrep.buflen = buflen; + + /* no results if not found */ + if (((uint32_t *)repbuf)[0] == 0) { + free(repbuf); + return NSS_STATUS_NOTFOUND; + } + + /* only 1 result is accepted for this function */ + if (((uint32_t *)repbuf)[0] != 1) { + *errnop = EBADMSG; + return NSS_STATUS_TRYAGAIN; + } + + len = replen - 8; + ret = sss_nss_getpw_readrep(&pwrep, repbuf+8, &len); + free(repbuf); + if (ret) { + *errnop = ret; + return NSS_STATUS_TRYAGAIN; + } + + return NSS_STATUS_SUCCESS; +} + +enum nss_status _nss_sss_getpwuid_r(uid_t uid, struct passwd *result, + char *buffer, size_t buflen, int *errnop) +{ + struct sss_cli_req_data rd; + struct sss_nss_pw_rep pwrep; + uint8_t *repbuf; + size_t replen, len; + enum nss_status nret; + uint32_t user_uid; + int ret; + + user_uid = uid; + rd.len = sizeof(uint32_t); + rd.data = &user_uid; + + nret = sss_nss_make_request(SSS_NSS_GETPWUID, &rd, + &repbuf, &replen, errnop); + if (nret != NSS_STATUS_SUCCESS) { + return nret; + } + + pwrep.result = result; + pwrep.buffer = buffer; + pwrep.buflen = buflen; + + /* no results if not found */ + if (((uint32_t *)repbuf)[0] == 0) { + free(repbuf); + return NSS_STATUS_NOTFOUND; + } + + /* only 1 result is accepted for this function */ + if (((uint32_t *)repbuf)[0] != 1) { + *errnop = EBADMSG; + return NSS_STATUS_TRYAGAIN; + } + + len = replen - 8; + ret = sss_nss_getpw_readrep(&pwrep, repbuf+8, &len); + free(repbuf); + if (ret) { + *errnop = ret; + return NSS_STATUS_TRYAGAIN; + } + + return NSS_STATUS_SUCCESS; +} + +enum nss_status _nss_sss_setpwent(void) +{ + enum nss_status nret; + int errnop; + + /* make sure we do not have leftovers, and release memory */ + sss_nss_getpwent_data_clean(); + + nret = sss_nss_make_request(SSS_NSS_SETPWENT, + NULL, NULL, NULL, &errnop); + if (nret != NSS_STATUS_SUCCESS) { + errno = errnop; + return nret; + } + + return NSS_STATUS_SUCCESS; +} + +enum nss_status _nss_sss_getpwent_r(struct passwd *result, + char *buffer, size_t buflen, + int *errnop) +{ + struct sss_cli_req_data rd; + struct sss_nss_pw_rep pwrep; + uint8_t *repbuf; + size_t replen; + enum nss_status nret; + uint32_t num_entries; + int ret; + + /* if there are leftovers return the next one */ + if (sss_nss_getpwent_data.data != NULL && + sss_nss_getpwent_data.ptr < sss_nss_getpwent_data.len) { + + repbuf = sss_nss_getpwent_data.data + sss_nss_getpwent_data.ptr; + replen = sss_nss_getpwent_data.len - sss_nss_getpwent_data.ptr; + + pwrep.result = result; + pwrep.buffer = buffer; + pwrep.buflen = buflen; + + ret = sss_nss_getpw_readrep(&pwrep, repbuf, &replen); + if (ret) { + *errnop = ret; + return NSS_STATUS_TRYAGAIN; + } + + /* advance buffer pointer */ + sss_nss_getpwent_data.ptr = sss_nss_getpwent_data.len - replen; + + return NSS_STATUS_SUCCESS; + } + + /* release memory if any */ + sss_nss_getpwent_data_clean(); + + /* retrieve no more than SSS_NSS_MAX_ENTRIES at a time */ + num_entries = SSS_NSS_MAX_ENTRIES; + rd.len = sizeof(uint32_t); + rd.data = &num_entries; + + nret = sss_nss_make_request(SSS_NSS_GETPWENT, &rd, + &repbuf, &replen, errnop); + if (nret != NSS_STATUS_SUCCESS) { + return nret; + } + + /* no results if not found */ + if ((((uint32_t *)repbuf)[0] == 0) || (replen - 8 == 0)) { + free(repbuf); + return NSS_STATUS_NOTFOUND; + } + + sss_nss_getpwent_data.data = repbuf; + sss_nss_getpwent_data.len = replen; + sss_nss_getpwent_data.ptr = 8; /* skip metadata fields */ + + /* call again ourselves, this will return the first result */ + return _nss_sss_getpwent_r(result, buffer, buflen, errnop); +} + +enum nss_status _nss_sss_endpwent(void) +{ + enum nss_status nret; + int errnop; + + /* make sure we do not have leftovers, and release memory */ + sss_nss_getpwent_data_clean(); + + nret = sss_nss_make_request(SSS_NSS_ENDPWENT, + NULL, NULL, NULL, &errnop); + if (nret != NSS_STATUS_SUCCESS) { + errno = errnop; + return nret; + } + + return NSS_STATUS_SUCCESS; +} diff --git a/server/sss_client/protos.h b/server/sss_client/protos.h new file mode 100644 index 0000000..adb0b7b --- /dev/null +++ b/server/sss_client/protos.h @@ -0,0 +1,137 @@ +/* + * System Security Services Daemon. NSS Interface + * + * Copyright (C) Simo Sorce 2007 + * + * You can used this header file in any way you see fit provided copyright + * notices are preserved. + * + */ + +#if 0 +/* SHADOW database NSS interface */ +enum nss_status _nss_sss_getspnam_r(const char *name, struct spwd *result, + char *buffer, size_t buflen, int *errnop); +enum nss_status _nss_sss_setspent(void); +enum nss_status _nss_sss_getspent_r(struct spwd *result, + char *buffer, size_t buflen, int *errnop); +enum nss_status _nss_sss_endspent(void); + + +/* HOSTS database NSS interface */ +enum nss_status _nss_sss_gethostbyname_r(const char *name, + struct hostent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_gethostbyname2_r(const char *name, int af, + struct hostent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_gethostbyaddr_r(const void *addr, socklen_t len, + int af, struct hostent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_sethostent(void); +enum nss_status _nss_sss_gethostent_r(struct hostent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_endhostent(void); + +/* NETGROUP database NSS interface */ +enum nss_status _nss_sss_setnetgrent(const char *netgroup, + struct __netgrent *result); +enum nss_status _nss_sss_getnetgrent_r(struct __netgrent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_ldap_endnetgrent(void); +/* too bad innetgr is currently implemented as an iteration over + * {set|get|end}netgroup ... */ + +/* NETWORKS database NSS interface */ +enum nss_status _nss_sss_getnetbyname_r(const char *name, + struct netent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_getnetbyaddr_r(uint32_t addr, int af, + struct netent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_setnetent(void); +enum nss_status _nss_sss_getnetent_r(struct netent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_endnetent(void); + + +/* PROTOCOLS database NSS interface */ +enum nss_status _nss_sss_getprotobyname_r(const char *name, + struct protoent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_getprotobynumber_r(int number, + struct protoent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_setprotoent(void); +enum nss_status _nss_sss_getprotoent_r(struct protoent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_endprotoent(void); + +/* SERVICES database NSS interface */ +enum nss_status _nss_sss_getservbyname_r(const char *name, + const char *protocol, + struct servent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_getservbyport_r(int port, const char *protocol, + struct servent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_setservent(void); +enum nss_status _nss_sss_getservent_r(struct servent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_endservent(void); + +/* ALIASES database NSS interface */ +enum nss_status _nss_sss_getaliasbyname_r(const char *name, + struct aliasent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_setaliasent(void); +enum nss_status _nss_sss_getaliasent_r(struct aliasent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_endaliasent(void); + +/* ETHERS database NSS interface */ +enum nss_status _nss_sss_gethostton_r(const char *name, + struct etherent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_getntohost_r(const struct ether_addr *addr, + struct etherent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_setetherent(void); +enum nss_status _nss_sss_getetherent_r(struct etherent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_endetherent(void); + +/* RPC database NSS interface */ +enum nss_status _nss_sss_getrpcbyname_r(const char *name, + struct rpcent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_getrpcbynumber_r(int number, struct rpcent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_setrpcent(void); +enum nss_status _nss_sss_getrpcent_r(struct rpcent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_endrpcent(void); + +#endif diff --git a/server/sss_client/sss_cli.h b/server/sss_client/sss_cli.h new file mode 100644 index 0000000..165baaa --- /dev/null +++ b/server/sss_client/sss_cli.h @@ -0,0 +1,199 @@ +/* + * System Security Services Daemon. Client Interface for NSS and PAM. + * + * Copyright (C) Simo Sorce 2007 + * + * You can used this header file in any way you see fit provided copyright + * notices are preserved. + * + */ + +#ifndef _SSSCLI_H +#define _SSSCLI_H + +#include +#include +#include +#include "config.h" + +/* SELinux will have a better way to regulate access if they are seprate + * Also a change in one of the pipes will not affect the others */ +#define SSS_NSS_SOCKET_NAME PIPE_PATH"/nss" +#define SSS_PAM_SOCKET_NAME PIPE_PATH"/pam" +#define SSS_PAM_PRIV_SOCKET_NAME PIPE_PATH"/private/pam" + +#define SSS_PROTOCOL_VERSION 1 + +enum sss_cli_command { +/* null */ + SSS_CLI_NULL = 0x0000, + +/* version */ + SSS_GET_VERSION = 0x0001, + +/* passwd */ + + SSS_NSS_GETPWNAM = 0x0011, + SSS_NSS_GETPWUID = 0x0012, + SSS_NSS_SETPWENT = 0x0013, + SSS_NSS_GETPWENT = 0x0014, + SSS_NSS_ENDPWENT = 0x0015, + +/* group */ + + SSS_NSS_GETGRNAM = 0x0021, + SSS_NSS_GETGRGID = 0x0022, + SSS_NSS_SETGRENT = 0x0023, + SSS_NSS_GETGRENT = 0x0024, + SSS_NSS_ENDGRENT = 0x0025, + SSS_NSS_INITGR = 0x0026, + +#if 0 +/* aliases */ + + SSS_NSS_GETALIASBYNAME = 0x0031, + SSS_NSS_GETALIASBYPORT = 0x0032, + SSS_NSS_SETALIASENT = 0x0033, + SSS_NSS_GETALIASENT = 0x0034, + SSS_NSS_ENDALIASENT = 0x0035, + +/* ethers */ + + SSS_NSS_GETHOSTTON = 0x0041, + SSS_NSS_GETNTOHOST = 0x0042, + SSS_NSS_SETETHERENT = 0x0043, + SSS_NSS_GETETHERENT = 0x0044, + SSS_NSS_ENDETHERENT = 0x0045, + +/* hosts */ + + SSS_NSS_GETHOSTBYNAME = 0x0051, + SSS_NSS_GETHOSTBYNAME2 = 0x0052, + SSS_NSS_GETHOSTBYADDR = 0x0053, + SSS_NSS_SETHOSTENT = 0x0054, + SSS_NSS_GETHOSTENT = 0x0055, + SSS_NSS_ENDHOSTENT = 0x0056, + +/* netgroup */ + + SSS_NSS_SETNETGRENT = 0x0061, + SSS_NSS_GETNETGRENT = 0x0062, + SSS_NSS_ENDNETGRENT = 0x0063, + /* SSS_NSS_INNETGR = 0x0064, */ + +/* networks */ + + SSS_NSS_GETNETBYNAME = 0x0071, + SSS_NSS_GETNETBYADDR = 0x0072, + SSS_NSS_SETNETENT = 0x0073, + SSS_NSS_GETNETENT = 0x0074, + SSS_NSS_ENDNETENT = 0x0075, + +/* protocols */ + + SSS_NSS_GETPROTOBYNAME = 0x0081, + SSS_NSS_GETPROTOBYNUM = 0x0082, + SSS_NSS_SETPROTOENT = 0x0083, + SSS_NSS_GETPROTOENT = 0x0084, + SSS_NSS_ENDPROTOENT = 0x0085, + +/* rpc */ + + SSS_NSS_GETRPCBYNAME = 0x0091, + SSS_NSS_GETRPCBYNUM = 0x0092, + SSS_NSS_SETRPCENT = 0x0093, + SSS_NSS_GETRPCENT = 0x0094, + SSS_NSS_ENDRPCENT = 0x0095, + +/* services */ + + SSS_NSS_GETSERVBYNAME = 0x00A1, + SSS_NSS_GETSERVBYPORT = 0x00A2, + SSS_NSS_SETSERVENT = 0x00A3, + SSS_NSS_GETSERVENT = 0x00A4, + SSS_NSS_ENDSERVENT = 0x00A5, + +/* shadow */ + + SSS_NSS_GETSPNAM = 0x00B1, + SSS_NSS_GETSPUID = 0x00B2, + SSS_NSS_SETSPENT = 0x00B3, + SSS_NSS_GETSPENT = 0x00B4, + SSS_NSS_ENDSPENT = 0x00B5, +#endif + +/* PAM related calls */ + SSS_PAM_AUTHENTICATE = 0x00F1, + SSS_PAM_SETCRED = 0x00F2, + SSS_PAM_ACCT_MGMT = 0x00F3, + SSS_PAM_OPEN_SESSION = 0x00F4, + SSS_PAM_CLOSE_SESSION = 0x00F5, + SSS_PAM_CHAUTHTOK = 0x00F6, + SSS_PAM_CHAUTHTOK_PRELIM = 0x00F6, + +}; + +enum sss_authtok_type { + SSS_AUTHTOK_TYPE_EMPTY = 0x0000, + SSS_AUTHTOK_TYPE_PASSWORD = 0x0001, +}; + +#define END_OF_PAM_REQUEST 0x4950414d + +#define SSS_NSS_MAX_ENTRIES 256 +#define SSS_NSS_HEADER_SIZE (sizeof(uint32_t) * 4) +struct sss_cli_req_data { + size_t len; + const void *data; +}; + +/* this is in milliseconds, wait up to 300 seconds */ +#define SSS_CLI_SOCKET_TIMEOUT 300000 + +enum sss_status { + SSS_STATUS_UNAVAIL, + SSS_STATUS_SUCCESS +}; + +enum response_type { + PAM_USER_INFO = 0x01, + PAM_DOMAIN_NAME, + PAM_ENV_ITEM, /* only pam environment */ + ENV_ITEM, /* only user environment */ + ALL_ENV_ITEM, /* pam and user environment */ +}; + +enum nss_status sss_nss_make_request(enum sss_cli_command cmd, + struct sss_cli_req_data *rd, + uint8_t **repbuf, size_t *replen, + int *errnop); + +int sss_pam_make_request(enum sss_cli_command cmd, + struct sss_cli_req_data *rd, + uint8_t **repbuf, size_t *replen, + int *errnop); + +#endif /* _SSSCLI_H */ + +#if 0 + +/* GETSPNAM Request: + * + * 0-X: string with name + * + * Replies: + * + * 0-3: 32bit unsigned number of results + * 4-7: 32bit unsigned (reserved/padding) + * For each result: + * 0-7: 64bit unsigned with Date of last change + * 8-15: 64bit unsigned with Min #days between changes + * 16-23: 64bit unsigned with Max #days between changes + * 24-31: 64bit unsigned with #days before pwd expires + * 32-39: 64bit unsigned with #days after pwd expires until account is disabled + * 40-47: 64bit unsigned with expiration date in days since 1970-01-01 + * 48-55: 64bit unsigned (flags/reserved) + * 56-X: sequence of 2, 0 terminated, strings (name, pwd) 64bit padded + */ +#endif + diff --git a/server/sss_client/sss_errno.h b/server/sss_client/sss_errno.h new file mode 100644 index 0000000..365263f --- /dev/null +++ b/server/sss_client/sss_errno.h @@ -0,0 +1,18 @@ +/* + * System Security Services Daemon. NSS Interface + * + * Copyright (C) Simo Sorce 2007 + * + * You can used this header file in any way you see fit provided copyright + * notices are preserved. + * + */ + +#ifndef _SSSERR_H +#define _SSSERR_H + +#define SSSE_OK 0 +#define SSSE_INTERR -10 /* internal error */ +#define SSSE_BADDB -11 /* bad database */ + +#endif diff --git a/sss_client/Makefile.in b/sss_client/Makefile.in deleted file mode 100644 index 37156e3..0000000 --- a/sss_client/Makefile.in +++ /dev/null @@ -1,89 +0,0 @@ -#!gmake -# -# Makefile for nss client - -CC = @CC@ -prefix = @prefix@ -exec_prefix = @exec_prefix@ -bindir = @bindir@ -includedir = @includedir@ -libdir = @libdir@ -VPATH = @srcdir@ -srcdir = @srcdir@ -builddir = @builddir@ -INSTALLCMD = @INSTALL@ -CPPFLAGS = @CPPFLAGS@ -CFLAGS := $(CPPFLAGS) @CFLAGS@ $(CFLAGS) -LDFLAGS = @LDFLAGS@ -EXEEXT = @EXEEXT@ -SHLD = @SHLD@ -SHLD_FLAGS = @SHLD_FLAGS@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PICFLAG = @PICFLAG@ -SHLIBEXT = @SHLIBEXT@ -LIB_PATH_VAR = @LIB_PATH_VAR@ - -NSS_SSS_SOLIB = libnss_sss.$(SHLIBEXT) -NSS_SSS_SONAME = libnss_sss.$(SHLIBEXT).2 - -NSS_SSS_OBJS = common.o passwd.o group.o - -PAM_SSS_SOLIB = pam_sss.$(SHLIBEXT) -PAM_SSS_OBJS = pam_sss.o common.o -PAM_LIBS = -lpam -lpam_misc -PAM_CFLAGS = -Wall -Werror - -PAM_CLIENT = pam_test_client -PAM_CLIENT_OBJS = pam_test_client.o - -default: all - -showflags: - @echo 'Compile flags:' - @echo ' CFLAGS = $(CFLAGS)' - @echo ' CPPFLAGS = $(CPPFLAGS)' - @echo ' LDFLAGS = $(LDFLAGS)' - @echo ' LIBS = $(LIBS)' - -.SUFFIXES: .c .o - -.c.o: - @echo Compiling $*.c - @$(CC) $(PICFLAG) $(CFLAGS) -c $< -o $@ - -$(NSS_SSS_SOLIB): $(NSS_SSS_OBJS) - $(SHLD) $(SHLD_FLAGS) -o $@ $(NSS_SSS_OBJS) @SONAMEFLAG@$(NSS_SSS_SONAME) - -$(NSS_SSS_SONAME): $(NSS_SSS_SOLIB) - ln -fs $< $@ - -pam_sss.o: pam_sss.c - @echo Compiling $*.c - @$(CC) $(PICFLAG) $(CFLAGS) $(PAM_CFLAGS) -c $< -o $@ - -$(PAM_CLIENT): $(PAM_CLIENT_OBJS) - @$(CC) $(CFLAGS) $(PAM_CFLAGS) $< -o $@ $(PAM_LIBS) - -$(PAM_SSS_SOLIB): $(PAM_SSS_OBJS) - $(SHLD) $(SHLD_FLAGS) -o $@ $(PAM_SSS_OBJS) $(PAM_LIBS) - -all: showflags $(NSS_SSS_OBJS) $(NSS_SSS_SOLIB) $(NSS_SSS_SONAME) $(PAM_SSS_SOLIB) $(PAM_CLIENT) - -install: all - $(INSTALLCMD) -d $(DESTDIR)${libdir} - $(INSTALLCMD) -m 755 $(NSS_SSS_SOLIB) $(DESTDIR)${libdir} - ln -fs $(NSS_SSS_SOLIB) $(DESTDIR)${libdir}/$(NSS_SSS_SONAME) - $(INSTALLCMD) -d $(DESTDIR)${libdir}/security - $(INSTALLCMD) -m 755 $(PAM_SSS_SOLIB) $(DESTDIR)${libdir}/security - -clean: - rm -f *.o *.a */*.o - rm -f $(NSS_SSS_SOLIB) $(NSS_SSS_SONAME) $(PAM_SSS_SOLIB) $(PAM_CLIENT) - -distclean: clean - rm -f config.log config.status config.h config.cache - rm -f Makefile - rm -f *~ */*~ - -realdistclean: distclean - rm -f configure config.h.in diff --git a/sss_client/autogen.sh b/sss_client/autogen.sh deleted file mode 100755 index bf84eee..0000000 --- a/sss_client/autogen.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh - -rm -rf autom4te.cache -rm -f configure config.h.in - -IPATHS="-I libreplace -I lib/replace -I ../libreplace -I ../replace" -autoconf $IPATHS || exit 1 -autoheader $IPATHS || exit 1 - -rm -rf autom4te.cache - -echo "Now run ./configure and then make." -exit 0 - diff --git a/sss_client/common.c b/sss_client/common.c deleted file mode 100644 index d0fb011..0000000 --- a/sss_client/common.c +++ /dev/null @@ -1,625 +0,0 @@ -/* - * System Security Services Daemon. NSS client interface - * - * Copyright (C) Simo Sorce 2007 - * - * Winbind derived code: - * Copyright (C) Tim Potter 2000 - * Copyright (C) Andrew Tridgell 2000 - * Copyright (C) Andrew Bartlett 2002 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "sss_cli.h" - -/* common functions */ - -int sss_cli_sd = -1; /* the sss client socket descriptor */ - -static void sss_cli_close_socket(void) -{ - if (sss_cli_sd != -1) { - close(sss_cli_sd); - sss_cli_sd = -1; - } -} - -/* Requests: - * - * byte 0-3: 32bit unsigned with length (the complete packet length: 0 to X) - * byte 4-7: 32bit unsigned with command code - * byte 8-11: 32bit unsigned (reserved) - * byte 12-15: 32bit unsigned (reserved) - * byte 16-X: (optional) request structure associated to the command code used - */ -static enum nss_status sss_nss_send_req(enum sss_cli_command cmd, - struct sss_cli_req_data *rd, - int *errnop) -{ - uint32_t header[4]; - size_t datasent; - - header[0] = SSS_NSS_HEADER_SIZE + (rd?rd->len:0); - header[1] = cmd; - header[2] = 0; - header[3] = 0; - - datasent = 0; - - while (datasent < header[0]) { - struct pollfd pfd; - int rdsent; - int res; - - *errnop = 0; - pfd.fd = sss_cli_sd; - pfd.events = POLLOUT; - - res = poll(&pfd, 1, SSS_CLI_SOCKET_TIMEOUT); - switch (res) { - case -1: - *errnop = errno; - break; - case 0: - *errnop = ETIME; - break; - case 1: - if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { - *errnop = EPIPE; - } - if (!(pfd.revents & POLLOUT)) { - *errnop = EBUSY; - } - break; - default: /* more than one avail ?? */ - *errnop = EBADF; - break; - } - if (*errnop) { - sss_cli_close_socket(); - return NSS_STATUS_UNAVAIL; - } - - if (datasent < SSS_NSS_HEADER_SIZE) { - res = write(sss_cli_sd, - (char *)header + datasent, - SSS_NSS_HEADER_SIZE - datasent); - } else { - rdsent = datasent - SSS_NSS_HEADER_SIZE; - res = write(sss_cli_sd, - (const char *)rd->data + rdsent, - rd->len - rdsent); - } - - if ((res == -1) || (res == 0)) { - - /* Write failed */ - sss_cli_close_socket(); - *errnop = errno; - return NSS_STATUS_UNAVAIL; - } - - datasent += res; - } - - return NSS_STATUS_SUCCESS; -} - -/* Replies: - * - * byte 0-3: 32bit unsigned with length (the complete packet length: 0 to X) - * byte 4-7: 32bit unsigned with command code - * byte 8-11: 32bit unsigned with the request status (server errno) - * byte 12-15: 32bit unsigned (reserved) - * byte 16-X: (optional) reply structure associated to the command code used - */ - -static enum nss_status sss_nss_recv_rep(enum sss_cli_command cmd, - uint8_t **buf, int *len, - int *errnop) -{ - uint32_t header[4]; - size_t datarecv; - - header[0] = SSS_NSS_HEADER_SIZE; /* unitl we know the real lenght */ - header[1] = 0; - header[2] = 0; - header[3] = 0; - - datarecv = 0; - *buf = NULL; - *len = 0; - - while (datarecv < header[0]) { - struct pollfd pfd; - int bufrecv; - int res; - - *errnop = 0; - pfd.fd = sss_cli_sd; - pfd.events = POLLIN; - - res = poll(&pfd, 1, SSS_CLI_SOCKET_TIMEOUT); - switch (res) { - case -1: - *errnop = errno; - break; - case 0: - *errnop = ETIME; - break; - case 1: - if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { - *errnop = EPIPE; - } - if (!(pfd.revents & POLLIN)) { - *errnop = EBUSY; - } - break; - default: /* more than one avail ?? */ - *errnop = EBADF; - break; - } - if (*errnop) { - sss_cli_close_socket(); - return NSS_STATUS_UNAVAIL; - } - - if (datarecv < SSS_NSS_HEADER_SIZE) { - res = read(sss_cli_sd, - (char *)header + datarecv, - SSS_NSS_HEADER_SIZE - datarecv); - } else { - bufrecv = datarecv - SSS_NSS_HEADER_SIZE; - res = read(sss_cli_sd, - (char *)(*buf) + bufrecv, - header[0] - datarecv); - } - - if ((res == -1) || (res == 0)) { - - /* Read failed. I think the only useful thing - * we can do here is just return -1 and fail - * since the transaction has failed half way - * through. */ - - sss_cli_close_socket(); - *errnop = errno; - return NSS_STATUS_UNAVAIL; - } - - datarecv += res; - - if (datarecv == SSS_NSS_HEADER_SIZE && *len == 0) { - /* at this point recv buf is not yet - * allocated and the header has just - * been read, do checks and proceed */ - if (header[2] != 0) { - /* server side error */ - sss_cli_close_socket(); - *errnop = header[2]; - if (*errnop == EAGAIN) { - return NSS_STATUS_TRYAGAIN; - } else { - return NSS_STATUS_UNAVAIL; - } - } - if (header[1] != cmd) { - /* wrong command id */ - sss_cli_close_socket(); - *errnop = EBADMSG; - return NSS_STATUS_UNAVAIL; - } - if (header[0] > SSS_NSS_HEADER_SIZE) { - *len = header[0] - SSS_NSS_HEADER_SIZE; - *buf = malloc(*len); - if (!*buf) { - sss_cli_close_socket(); - *errnop = ENOMEM; - return NSS_STATUS_UNAVAIL; - } - } - } - } - - return NSS_STATUS_SUCCESS; -} - -/* this function will check command codes match and returned length is ok */ -/* repbuf and replen report only the data section not the header */ -static enum nss_status sss_nss_make_request_nochecks( - enum sss_cli_command cmd, - struct sss_cli_req_data *rd, - uint8_t **repbuf, size_t *replen, - int *errnop) -{ - enum nss_status ret; - uint8_t *buf = NULL; - int len = 0; - - /* send data */ - ret = sss_nss_send_req(cmd, rd, errnop); - if (ret != NSS_STATUS_SUCCESS) { - return ret; - } - - /* data sent, now get reply */ - ret = sss_nss_recv_rep(cmd, &buf, &len, errnop); - if (ret != NSS_STATUS_SUCCESS) { - return ret; - } - - /* we got through, now we have the custom data in buf if any, - * return it if requested */ - if (repbuf && buf) { - *repbuf = buf; - if (replen) { - *replen = len; - } - } else { - free(buf); - if (replen) { - *replen = 0; - } - } - - return NSS_STATUS_SUCCESS; -} - -/* GET_VERSION Reply: - * 0-3: 32bit unsigned version number - */ - -static int sss_nss_check_version(void) -{ - uint8_t *repbuf; - size_t replen; - enum nss_status nret; - int errnop; - int res = NSS_STATUS_UNAVAIL; - - nret = sss_nss_make_request_nochecks(SSS_GET_VERSION, NULL, - &repbuf, &replen, &errnop); - if (nret != NSS_STATUS_SUCCESS) { - return nret; - } - - if (!repbuf) { - return res; - } - - if (((uint32_t *)repbuf)[0] == SSS_PROTOCOL_VERSION) { - res = NSS_STATUS_SUCCESS; - } - - free(repbuf); - return res; -} - -/* this 2 functions are adapted from samba3 winbinbd's wb_common.c */ - -/* Make sure socket handle isn't stdin (0), stdout(1) or stderr(2) by setting - * the limit to 3 */ -#define RECURSION_LIMIT 3 - -static int make_nonstd_fd_internals(int fd, int limit) -{ - int new_fd; - if (fd >= 0 && fd <= 2) { -#ifdef F_DUPFD - if ((new_fd = fcntl(fd, F_DUPFD, 3)) == -1) { - return -1; - } - /* Paranoia */ - if (new_fd < 3) { - close(new_fd); - return -1; - } - close(fd); - return new_fd; -#else - if (limit <= 0) - return -1; - - new_fd = dup(fd); - if (new_fd == -1) - return -1; - - /* use the program stack to hold our list of FDs to close */ - new_fd = make_nonstd_fd_internals(new_fd, limit - 1); - close(fd); - return new_fd; -#endif - } - return fd; -} - -/**************************************************************************** - Set a fd into blocking/nonblocking mode. Uses POSIX O_NONBLOCK if available, - else - if SYSV use O_NDELAY - if BSD use FNDELAY - Set close on exec also. -****************************************************************************/ - -static int make_safe_fd(int fd) -{ - int result, flags; - int new_fd = make_nonstd_fd_internals(fd, RECURSION_LIMIT); - if (new_fd == -1) { - close(fd); - return -1; - } - - /* Socket should be nonblocking. */ -#ifdef O_NONBLOCK -#define FLAG_TO_SET O_NONBLOCK -#else -#ifdef SYSV -#define FLAG_TO_SET O_NDELAY -#else /* BSD */ -#define FLAG_TO_SET FNDELAY -#endif -#endif - - if ((flags = fcntl(new_fd, F_GETFL)) == -1) { - close(new_fd); - return -1; - } - - flags |= FLAG_TO_SET; - if (fcntl(new_fd, F_SETFL, flags) == -1) { - close(new_fd); - return -1; - } - -#undef FLAG_TO_SET - - /* Socket should be closed on exec() */ -#ifdef FD_CLOEXEC - result = flags = fcntl(new_fd, F_GETFD, 0); - if (flags >= 0) { - flags |= FD_CLOEXEC; - result = fcntl( new_fd, F_SETFD, flags ); - } - if (result < 0) { - close(new_fd); - return -1; - } -#endif - return new_fd; -} - -static int sss_nss_open_socket(int *errnop, const char *socket_name) -{ - struct sockaddr_un nssaddr; - int inprogress = 1; - int wait_time, sleep_time; - int sd; - - memset(&nssaddr, 0, sizeof(struct sockaddr_un)); - nssaddr.sun_family = AF_UNIX; - strncpy(nssaddr.sun_path, socket_name, - strlen(socket_name) + 1); - - sd = socket(AF_UNIX, SOCK_STREAM, 0); - if (sd == -1) { - *errnop = errno; - return -1; - } - - /* set as non-blocking, close on exec, and make sure standard - * descriptors are not used */ - sd = make_safe_fd(sd); - if (sd == -1) { - *errnop = errno; - return -1; - } - - /* this piece is adapted from winbind client code */ - wait_time = 0; - sleep_time = 0; - while(inprogress) { - int connect_errno = 0; - socklen_t errnosize; - struct timeval tv; - fd_set w_fds; - int ret; - - wait_time += sleep_time; - - ret = connect(sd, (struct sockaddr *)&nssaddr, - sizeof(nssaddr)); - if (ret == 0) { - return sd; - } - - switch(errno) { - case EINPROGRESS: - FD_ZERO(&w_fds); - FD_SET(sd, &w_fds); - tv.tv_sec = SSS_CLI_SOCKET_TIMEOUT - wait_time; - tv.tv_usec = 0; - - ret = select(sd + 1, NULL, &w_fds, NULL, &tv); - - if (ret > 0) { - errnosize = sizeof(connect_errno); - ret = getsockopt(sd, SOL_SOCKET, SO_ERROR, - &connect_errno, &errnosize); - if (ret >= 0 && connect_errno == 0) { - return sd; - } - } - wait_time += SSS_CLI_SOCKET_TIMEOUT; - break; - case EAGAIN: - if (wait_time < SSS_CLI_SOCKET_TIMEOUT) { - sleep_time = rand() % 2 + 1; - sleep(sleep_time); - } - break; - default: - *errnop = errno; - inprogress = 0; - break; - } - - if (wait_time >= SSS_CLI_SOCKET_TIMEOUT) { - inprogress = 0; - } - } - - /* if we get here connect() failed or we timed out */ - - close(sd); - return -1; -} - -static enum sss_status sss_cli_check_socket(int *errnop, const char *socket_name) -{ - static pid_t mypid; - int mysd; - - if (getpid() != mypid) { - sss_cli_close_socket(); - mypid = getpid(); - } - - /* check if the socket has been closed on the other side */ - if (sss_cli_sd != -1) { - struct pollfd pfd; - int res; - - *errnop = 0; - pfd.fd = sss_cli_sd; - pfd.events = POLLIN | POLLOUT; - - res = poll(&pfd, 1, SSS_CLI_SOCKET_TIMEOUT); - switch (res) { - case -1: - *errnop = errno; - break; - case 0: - *errnop = ETIME; - break; - case 1: - if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { - *errnop = EPIPE; - } - if (!(pfd.revents & (POLLIN | POLLOUT))) { - *errnop = EBUSY; - } - break; - default: /* more than one avail ?? */ - *errnop = EBADF; - break; - } - if (*errnop) { - sss_cli_close_socket(); - return SSS_STATUS_UNAVAIL; - } - - return SSS_STATUS_SUCCESS; - } - - mysd = sss_nss_open_socket(errnop, socket_name); - if (mysd == -1) { - return SSS_STATUS_UNAVAIL; - } - - sss_cli_sd = mysd; - - if (sss_nss_check_version()) { - return SSS_STATUS_SUCCESS; - } - - sss_cli_close_socket(); - *errnop = EFAULT; - return SSS_STATUS_UNAVAIL; -} - -/* this function will check command codes match and returned length is ok */ -/* repbuf and replen report only the data section not the header */ -enum nss_status sss_nss_make_request(enum sss_cli_command cmd, - struct sss_cli_req_data *rd, - uint8_t **repbuf, size_t *replen, - int *errnop) -{ - enum nss_status ret; - char *envval; - - /* avoid looping in the nss daemon */ - envval = getenv("_SSS_LOOPS"); - if (envval && strcmp(envval, "NO") == 0) { - return NSS_STATUS_NOTFOUND; - } - - ret = sss_cli_check_socket(errnop, SSS_NSS_SOCKET_NAME); - if (ret != SSS_STATUS_SUCCESS) { - return NSS_STATUS_UNAVAIL; - } - - return sss_nss_make_request_nochecks(cmd, rd, repbuf, replen, errnop); -} - -int sss_pam_make_request(enum sss_cli_command cmd, - struct sss_cli_req_data *rd, - uint8_t **repbuf, size_t *replen, - int *errnop) -{ - int ret; - char *envval; - struct stat stat_buf; - - /* avoid looping in the pam daemon */ - envval = getenv("_SSS_LOOPS"); - if (envval && strcmp(envval, "NO") == 0) { - return PAM_SERVICE_ERR; - } - - /* only root shall use the privileged pipe */ - if (getuid() == 0 && getgid() == 0) { - ret = stat(SSS_PAM_PRIV_SOCKET_NAME, &stat_buf); - if (ret != 0) return PAM_SERVICE_ERR; - if ( ! (stat_buf.st_uid == 0 && - stat_buf.st_gid == 0 && - (stat_buf.st_mode&(S_IFSOCK|S_IRUSR|S_IWUSR)) == stat_buf.st_mode)) { - return PAM_SERVICE_ERR; - } - - ret = sss_cli_check_socket(errnop, SSS_PAM_PRIV_SOCKET_NAME); - } else { - ret = sss_cli_check_socket(errnop, SSS_PAM_SOCKET_NAME); - } - if (ret != NSS_STATUS_SUCCESS) { - return PAM_SERVICE_ERR; - } - - return sss_nss_make_request_nochecks(cmd, rd, repbuf, replen, errnop); -} diff --git a/sss_client/config.guess b/sss_client/config.guess deleted file mode 100755 index 354dbe1..0000000 --- a/sss_client/config.guess +++ /dev/null @@ -1,1464 +0,0 @@ -#! /bin/sh -# Attempt to guess a canonical system name. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. - -timestamp='2005-08-03' - -# This file is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, see . -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - - -# Originally written by Per Bothner . -# Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. -# -# This script attempts to guess a canonical system name similar to -# config.sub. If it succeeds, it prints the system name on stdout, and -# exits with 0. Otherwise, it exits with 1. -# -# The plan is that this can be called by configure scripts if you -# don't specify an explicit build system type. - -me=`echo "$0" | sed -e 's,.*/,,'` - -usage="\ -Usage: $0 [OPTION] - -Output the configuration name of the system \`$me' is run on. - -Operation modes: - -h, --help print this help, then exit - -t, --time-stamp print date of last modification, then exit - -v, --version print version number, then exit - -Report bugs and patches to ." - -version="\ -GNU config.guess ($timestamp) - -Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. - -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." - -help=" -Try \`$me --help' for more information." - -# Parse command line -while test $# -gt 0 ; do - case $1 in - --time-stamp | --time* | -t ) - echo "$timestamp" ; exit ;; - --version | -v ) - echo "$version" ; exit ;; - --help | --h* | -h ) - echo "$usage"; exit ;; - -- ) # Stop option processing - shift; break ;; - - ) # Use stdin as input. - break ;; - -* ) - echo "$me: invalid option $1$help" >&2 - exit 1 ;; - * ) - break ;; - esac -done - -if test $# != 0; then - echo "$me: too many arguments$help" >&2 - exit 1 -fi - -trap 'exit 1' 1 2 15 - -# CC_FOR_BUILD -- compiler used by this script. Note that the use of a -# compiler to aid in system detection is discouraged as it requires -# temporary files to be created and, as you can see below, it is a -# headache to deal with in a portable fashion. - -# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still -# use `HOST_CC' if defined, but it is deprecated. - -# Portable tmp directory creation inspired by the Autoconf team. - -set_cc_for_build=' -trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; -trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; -: ${TMPDIR=/tmp} ; - { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || - { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || - { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || - { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; -dummy=$tmp/dummy ; -tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; -case $CC_FOR_BUILD,$HOST_CC,$CC in - ,,) echo "int x;" > $dummy.c ; - for c in cc gcc c89 c99 ; do - if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then - CC_FOR_BUILD="$c"; break ; - fi ; - done ; - if test x"$CC_FOR_BUILD" = x ; then - CC_FOR_BUILD=no_compiler_found ; - fi - ;; - ,,*) CC_FOR_BUILD=$CC ;; - ,*,*) CC_FOR_BUILD=$HOST_CC ;; -esac ; set_cc_for_build= ;' - -# This is needed to find uname on a Pyramid OSx when run in the BSD universe. -# (ghazi@noc.rutgers.edu 1994-08-24) -if (test -f /.attbin/uname) >/dev/null 2>&1 ; then - PATH=$PATH:/.attbin ; export PATH -fi - -UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown -UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown -UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown -UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown - -# Note: order is significant - the case branches are not exclusive. - -case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in - *:NetBSD:*:*) - # NetBSD (nbsd) targets should (where applicable) match one or - # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, - # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently - # switched to ELF, *-*-netbsd* would select the old - # object file format. This provides both forward - # compatibility and a consistent mechanism for selecting the - # object file format. - # - # Note: NetBSD doesn't particularly care about the vendor - # portion of the name. We always set it to "unknown". - sysctl="sysctl -n hw.machine_arch" - UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || echo unknown)` - case "${UNAME_MACHINE_ARCH}" in - armeb) machine=armeb-unknown ;; - arm*) machine=arm-unknown ;; - sh3el) machine=shl-unknown ;; - sh3eb) machine=sh-unknown ;; - *) machine=${UNAME_MACHINE_ARCH}-unknown ;; - esac - # The Operating System including object format, if it has switched - # to ELF recently, or will in the future. - case "${UNAME_MACHINE_ARCH}" in - arm*|i386|m68k|ns32k|sh3*|sparc|vax) - eval $set_cc_for_build - if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep __ELF__ >/dev/null - then - # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). - # Return netbsd for either. FIX? - os=netbsd - else - os=netbsdelf - fi - ;; - *) - os=netbsd - ;; - esac - # The OS release - # Debian GNU/NetBSD machines have a different userland, and - # thus, need a distinct triplet. However, they do not need - # kernel version information, so it can be replaced with a - # suitable tag, in the style of linux-gnu. - case "${UNAME_VERSION}" in - Debian*) - release='-gnu' - ;; - *) - release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` - ;; - esac - # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: - # contains redundant information, the shorter form: - # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}" - exit ;; - *:OpenBSD:*:*) - UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} - exit ;; - *:ekkoBSD:*:*) - echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} - exit ;; - macppc:MirBSD:*:*) - echo powerppc-unknown-mirbsd${UNAME_RELEASE} - exit ;; - *:MirBSD:*:*) - echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} - exit ;; - alpha:OSF1:*:*) - case $UNAME_RELEASE in - *4.0) - UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` - ;; - *5.*) - UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` - ;; - esac - # According to Compaq, /usr/sbin/psrinfo has been available on - # OSF/1 and Tru64 systems produced since 1995. I hope that - # covers most systems running today. This code pipes the CPU - # types through head -n 1, so we only detect the type of CPU 0. - ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` - case "$ALPHA_CPU_TYPE" in - "EV4 (21064)") - UNAME_MACHINE="alpha" ;; - "EV4.5 (21064)") - UNAME_MACHINE="alpha" ;; - "LCA4 (21066/21068)") - UNAME_MACHINE="alpha" ;; - "EV5 (21164)") - UNAME_MACHINE="alphaev5" ;; - "EV5.6 (21164A)") - UNAME_MACHINE="alphaev56" ;; - "EV5.6 (21164PC)") - UNAME_MACHINE="alphapca56" ;; - "EV5.7 (21164PC)") - UNAME_MACHINE="alphapca57" ;; - "EV6 (21264)") - UNAME_MACHINE="alphaev6" ;; - "EV6.7 (21264A)") - UNAME_MACHINE="alphaev67" ;; - "EV6.8CB (21264C)") - UNAME_MACHINE="alphaev68" ;; - "EV6.8AL (21264B)") - UNAME_MACHINE="alphaev68" ;; - "EV6.8CX (21264D)") - UNAME_MACHINE="alphaev68" ;; - "EV6.9A (21264/EV69A)") - UNAME_MACHINE="alphaev69" ;; - "EV7 (21364)") - UNAME_MACHINE="alphaev7" ;; - "EV7.9 (21364A)") - UNAME_MACHINE="alphaev79" ;; - esac - # A Pn.n version is a patched version. - # A Vn.n version is a released version. - # A Tn.n version is a released field test version. - # A Xn.n version is an unreleased experimental baselevel. - # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - exit ;; - Alpha\ *:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # Should we change UNAME_MACHINE based on the output of uname instead - # of the specific Alpha model? - echo alpha-pc-interix - exit ;; - 21064:Windows_NT:50:3) - echo alpha-dec-winnt3.5 - exit ;; - Amiga*:UNIX_System_V:4.0:*) - echo m68k-unknown-sysv4 - exit ;; - *:[Aa]miga[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-amigaos - exit ;; - *:[Mm]orph[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-morphos - exit ;; - *:OS/390:*:*) - echo i370-ibm-openedition - exit ;; - *:z/VM:*:*) - echo s390-ibm-zvmoe - exit ;; - *:OS400:*:*) - echo powerpc-ibm-os400 - exit ;; - arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix${UNAME_RELEASE} - exit ;; - arm:riscos:*:*|arm:RISCOS:*:*) - echo arm-unknown-riscos - exit ;; - SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) - echo hppa1.1-hitachi-hiuxmpp - exit ;; - Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) - # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. - if test "`(/bin/universe) 2>/dev/null`" = att ; then - echo pyramid-pyramid-sysv3 - else - echo pyramid-pyramid-bsd - fi - exit ;; - NILE*:*:*:dcosx) - echo pyramid-pyramid-svr4 - exit ;; - DRS?6000:unix:4.0:6*) - echo sparc-icl-nx6 - exit ;; - DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) - case `/usr/bin/uname -p` in - sparc) echo sparc-icl-nx7; exit ;; - esac ;; - sun4H:SunOS:5.*:*) - echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - i86pc:SunOS:5.*:*) - echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4*:SunOS:6*:*) - # According to config.sub, this is the proper way to canonicalize - # SunOS6. Hard to guess exactly what SunOS6 will be like, but - # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4*:SunOS:*:*) - case "`/usr/bin/arch -k`" in - Series*|S4*) - UNAME_RELEASE=`uname -v` - ;; - esac - # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` - exit ;; - sun3*:SunOS:*:*) - echo m68k-sun-sunos${UNAME_RELEASE} - exit ;; - sun*:*:4.2BSD:*) - UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 - case "`/bin/arch`" in - sun3) - echo m68k-sun-sunos${UNAME_RELEASE} - ;; - sun4) - echo sparc-sun-sunos${UNAME_RELEASE} - ;; - esac - exit ;; - aushp:SunOS:*:*) - echo sparc-auspex-sunos${UNAME_RELEASE} - exit ;; - # The situation for MiNT is a little confusing. The machine name - # can be virtually everything (everything which is not - # "atarist" or "atariste" at least should have a processor - # > m68000). The system name ranges from "MiNT" over "FreeMiNT" - # to the lowercase version "mint" (or "freemint"). Finally - # the system name "TOS" denotes a system which is actually not - # MiNT. But MiNT is downward compatible to TOS, so this should - # be no problem. - atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} - exit ;; - atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} - exit ;; - *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} - exit ;; - milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint${UNAME_RELEASE} - exit ;; - hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint${UNAME_RELEASE} - exit ;; - *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint${UNAME_RELEASE} - exit ;; - m68k:machten:*:*) - echo m68k-apple-machten${UNAME_RELEASE} - exit ;; - powerpc:machten:*:*) - echo powerpc-apple-machten${UNAME_RELEASE} - exit ;; - RISC*:Mach:*:*) - echo mips-dec-mach_bsd4.3 - exit ;; - RISC*:ULTRIX:*:*) - echo mips-dec-ultrix${UNAME_RELEASE} - exit ;; - VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix${UNAME_RELEASE} - exit ;; - 2020:CLIX:*:* | 2430:CLIX:*:*) - echo clipper-intergraph-clix${UNAME_RELEASE} - exit ;; - mips:*:*:UMIPS | mips:*:*:RISCos) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c -#ifdef __cplusplus -#include /* for printf() prototype */ - int main (int argc, char *argv[]) { -#else - int main (argc, argv) int argc; char *argv[]; { -#endif - #if defined (host_mips) && defined (MIPSEB) - #if defined (SYSTYPE_SYSV) - printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); - #endif - #if defined (SYSTYPE_SVR4) - printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); - #endif - #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) - printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); - #endif - #endif - exit (-1); - } -EOF - $CC_FOR_BUILD -o $dummy $dummy.c && - dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && - SYSTEM_NAME=`$dummy $dummyarg` && - { echo "$SYSTEM_NAME"; exit; } - echo mips-mips-riscos${UNAME_RELEASE} - exit ;; - Motorola:PowerMAX_OS:*:*) - echo powerpc-motorola-powermax - exit ;; - Motorola:*:4.3:PL8-*) - echo powerpc-harris-powermax - exit ;; - Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) - echo powerpc-harris-powermax - exit ;; - Night_Hawk:Power_UNIX:*:*) - echo powerpc-harris-powerunix - exit ;; - m88k:CX/UX:7*:*) - echo m88k-harris-cxux7 - exit ;; - m88k:*:4*:R4*) - echo m88k-motorola-sysv4 - exit ;; - m88k:*:3*:R3*) - echo m88k-motorola-sysv3 - exit ;; - AViiON:dgux:*:*) - # DG/UX returns AViiON for all architectures - UNAME_PROCESSOR=`/usr/bin/uname -p` - if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] - then - if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ - [ ${TARGET_BINARY_INTERFACE}x = x ] - then - echo m88k-dg-dgux${UNAME_RELEASE} - else - echo m88k-dg-dguxbcs${UNAME_RELEASE} - fi - else - echo i586-dg-dgux${UNAME_RELEASE} - fi - exit ;; - M88*:DolphinOS:*:*) # DolphinOS (SVR3) - echo m88k-dolphin-sysv3 - exit ;; - M88*:*:R3*:*) - # Delta 88k system running SVR3 - echo m88k-motorola-sysv3 - exit ;; - XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) - echo m88k-tektronix-sysv3 - exit ;; - Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) - echo m68k-tektronix-bsd - exit ;; - *:IRIX*:*:*) - echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` - exit ;; - ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. - echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id - exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' - i*86:AIX:*:*) - echo i386-ibm-aix - exit ;; - ia64:AIX:*:*) - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` - else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} - fi - echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} - exit ;; - *:AIX:2:3) - if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - - main() - { - if (!__power_pc()) - exit(1); - puts("powerpc-ibm-aix3.2.5"); - exit(0); - } -EOF - if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` - then - echo "$SYSTEM_NAME" - else - echo rs6000-ibm-aix3.2.5 - fi - elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then - echo rs6000-ibm-aix3.2.4 - else - echo rs6000-ibm-aix3.2 - fi - exit ;; - *:AIX:*:[45]) - IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` - if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then - IBM_ARCH=rs6000 - else - IBM_ARCH=powerpc - fi - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` - else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} - fi - echo ${IBM_ARCH}-ibm-aix${IBM_REV} - exit ;; - *:AIX:*:*) - echo rs6000-ibm-aix - exit ;; - ibmrt:4.4BSD:*|romp-ibm:BSD:*) - echo romp-ibm-bsd4.4 - exit ;; - ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and - echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to - exit ;; # report: romp-ibm BSD 4.3 - *:BOSX:*:*) - echo rs6000-bull-bosx - exit ;; - DPX/2?00:B.O.S.:*:*) - echo m68k-bull-sysv3 - exit ;; - 9000/[34]??:4.3bsd:1.*:*) - echo m68k-hp-bsd - exit ;; - hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) - echo m68k-hp-bsd4.4 - exit ;; - 9000/[34678]??:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - case "${UNAME_MACHINE}" in - 9000/31? ) HP_ARCH=m68000 ;; - 9000/[34]?? ) HP_ARCH=m68k ;; - 9000/[678][0-9][0-9]) - if [ -x /usr/bin/getconf ]; then - sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` - sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 - 532) # CPU_PA_RISC2_0 - case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; - '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 - esac ;; - esac - fi - if [ "${HP_ARCH}" = "" ]; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - - #define _HPUX_SOURCE - #include - #include - - int main () - { - #if defined(_SC_KERNEL_BITS) - long bits = sysconf(_SC_KERNEL_BITS); - #endif - long cpu = sysconf (_SC_CPU_VERSION); - - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1"); break; - case CPU_PA_RISC2_0: - #if defined(_SC_KERNEL_BITS) - switch (bits) - { - case 64: puts ("hppa2.0w"); break; - case 32: puts ("hppa2.0n"); break; - default: puts ("hppa2.0"); break; - } break; - #else /* !defined(_SC_KERNEL_BITS) */ - puts ("hppa2.0"); break; - #endif - default: puts ("hppa1.0"); break; - } - exit (0); - } -EOF - (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` - test -z "$HP_ARCH" && HP_ARCH=hppa - fi ;; - esac - if [ ${HP_ARCH} = "hppa2.0w" ] - then - eval $set_cc_for_build - - # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating - # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler - # generating 64-bit code. GNU and HP use different nomenclature: - # - # $ CC_FOR_BUILD=cc ./config.guess - # => hppa2.0w-hp-hpux11.23 - # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess - # => hppa64-hp-hpux11.23 - - if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | - grep __LP64__ >/dev/null - then - HP_ARCH="hppa2.0w" - else - HP_ARCH="hppa64" - fi - fi - echo ${HP_ARCH}-hp-hpux${HPUX_REV} - exit ;; - ia64:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - echo ia64-hp-hpux${HPUX_REV} - exit ;; - 3050*:HI-UX:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - int - main () - { - long cpu = sysconf (_SC_CPU_VERSION); - /* The order matters, because CPU_IS_HP_MC68K erroneously returns - true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct - results, however. */ - if (CPU_IS_PA_RISC (cpu)) - { - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; - case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; - default: puts ("hppa-hitachi-hiuxwe2"); break; - } - } - else if (CPU_IS_HP_MC68K (cpu)) - puts ("m68k-hitachi-hiuxwe2"); - else puts ("unknown-hitachi-hiuxwe2"); - exit (0); - } -EOF - $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - echo unknown-hitachi-hiuxwe2 - exit ;; - 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) - echo hppa1.1-hp-bsd - exit ;; - 9000/8??:4.3bsd:*:*) - echo hppa1.0-hp-bsd - exit ;; - *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) - echo hppa1.0-hp-mpeix - exit ;; - hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) - echo hppa1.1-hp-osf - exit ;; - hp8??:OSF1:*:*) - echo hppa1.0-hp-osf - exit ;; - i*86:OSF1:*:*) - if [ -x /usr/sbin/sysversion ] ; then - echo ${UNAME_MACHINE}-unknown-osf1mk - else - echo ${UNAME_MACHINE}-unknown-osf1 - fi - exit ;; - parisc*:Lites*:*:*) - echo hppa1.1-hp-lites - exit ;; - C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) - echo c1-convex-bsd - exit ;; - C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) - echo c34-convex-bsd - exit ;; - C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) - echo c38-convex-bsd - exit ;; - C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) - echo c4-convex-bsd - exit ;; - CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*[A-Z]90:*:*:*) - echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ - | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ - -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ - -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*TS:*:*:*) - echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*T3E:*:*:*) - echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*SV1:*:*:*) - echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - *:UNICOS/mp:*:*) - echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) - FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` - echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; - 5000:UNIX_System_V:4.*:*) - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` - echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; - i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) - echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} - exit ;; - sparc*:BSD/OS:*:*) - echo sparc-unknown-bsdi${UNAME_RELEASE} - exit ;; - *:BSD/OS:*:*) - echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} - exit ;; - *:FreeBSD:*:*) - echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` - exit ;; - i*:CYGWIN*:*) - echo ${UNAME_MACHINE}-pc-cygwin - exit ;; - i*:MINGW*:*) - echo ${UNAME_MACHINE}-pc-mingw32 - exit ;; - i*:windows32*:*) - # uname -m includes "-pc" on this system. - echo ${UNAME_MACHINE}-mingw32 - exit ;; - i*:PW*:*) - echo ${UNAME_MACHINE}-pc-pw32 - exit ;; - x86:Interix*:[34]*) - echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//' - exit ;; - [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) - echo i${UNAME_MACHINE}-pc-mks - exit ;; - i*:Windows_NT*:* | Pentium*:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we - # UNAME_MACHINE based on the output of uname instead of i386? - echo i586-pc-interix - exit ;; - i*:UWIN*:*) - echo ${UNAME_MACHINE}-pc-uwin - exit ;; - amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) - echo x86_64-unknown-cygwin - exit ;; - p*:CYGWIN*:*) - echo powerpcle-unknown-cygwin - exit ;; - prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - *:GNU:*:*) - # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` - exit ;; - *:GNU/*:*:*) - # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu - exit ;; - i*86:Minix:*:*) - echo ${UNAME_MACHINE}-pc-minix - exit ;; - arm*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit ;; - cris:Linux:*:*) - echo cris-axis-linux-gnu - exit ;; - crisv32:Linux:*:*) - echo crisv32-axis-linux-gnu - exit ;; - frv:Linux:*:*) - echo frv-unknown-linux-gnu - exit ;; - ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit ;; - m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit ;; - m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit ;; - mips:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #undef CPU - #undef mips - #undef mipsel - #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=mipsel - #else - #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=mips - #else - CPU= - #endif - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } - ;; - mips64:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #undef CPU - #undef mips64 - #undef mips64el - #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=mips64el - #else - #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=mips64 - #else - CPU= - #endif - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } - ;; - or32:Linux:*:*) - echo or32-unknown-linux-gnu - exit ;; - ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu - exit ;; - ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu - exit ;; - alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in - EV5) UNAME_MACHINE=alphaev5 ;; - EV56) UNAME_MACHINE=alphaev56 ;; - PCA56) UNAME_MACHINE=alphapca56 ;; - PCA57) UNAME_MACHINE=alphapca56 ;; - EV6) UNAME_MACHINE=alphaev6 ;; - EV67) UNAME_MACHINE=alphaev67 ;; - EV68*) UNAME_MACHINE=alphaev68 ;; - esac - objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} - exit ;; - parisc:Linux:*:* | hppa:Linux:*:*) - # Look for CPU level - case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-gnu ;; - PA8*) echo hppa2.0-unknown-linux-gnu ;; - *) echo hppa-unknown-linux-gnu ;; - esac - exit ;; - parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu - exit ;; - s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux - exit ;; - sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit ;; - sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit ;; - sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit ;; - x86_64:Linux:*:*) - echo x86_64-unknown-linux-gnu - exit ;; - i*86:Linux:*:*) - # The BFD linker knows what the default object file format is, so - # first see if it will tell us. cd to the root directory to prevent - # problems with other programs or directories called `ld' in the path. - # Set LC_ALL=C to ensure ld outputs messages in English. - ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ - | sed -ne '/supported targets:/!d - s/[ ][ ]*/ /g - s/.*supported targets: *// - s/ .*// - p'` - case "$ld_supported_targets" in - elf32-i386) - TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" - ;; - a.out-i386-linux) - echo "${UNAME_MACHINE}-pc-linux-gnuaout" - exit ;; - coff-i386) - echo "${UNAME_MACHINE}-pc-linux-gnucoff" - exit ;; - "") - # Either a pre-BFD a.out linker (linux-gnuoldld) or - # one that does not give us useful --help. - echo "${UNAME_MACHINE}-pc-linux-gnuoldld" - exit ;; - esac - # Determine whether the default compiler is a.out or elf - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - #ifdef __ELF__ - # ifdef __GLIBC__ - # if __GLIBC__ >= 2 - LIBC=gnu - # else - LIBC=gnulibc1 - # endif - # else - LIBC=gnulibc1 - # endif - #else - #ifdef __INTEL_COMPILER - LIBC=gnu - #else - LIBC=gnuaout - #endif - #endif - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` - test x"${LIBC}" != x && { - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" - exit - } - test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } - ;; - i*86:DYNIX/ptx:4*:*) - # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. - # earlier versions are messed up and put the nodename in both - # sysname and nodename. - echo i386-sequent-sysv4 - exit ;; - i*86:UNIX_SV:4.2MP:2.*) - # Unixware is an offshoot of SVR4, but it has its own version - # number series starting with 2... - # I am not positive that other SVR4 systems won't match this, - # I just have to hope. -- rms. - # Use sysv4.2uw... so that sysv4* matches it. - echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} - exit ;; - i*86:OS/2:*:*) - # If we were able to find `uname', then EMX Unix compatibility - # is probably installed. - echo ${UNAME_MACHINE}-pc-os2-emx - exit ;; - i*86:XTS-300:*:STOP) - echo ${UNAME_MACHINE}-unknown-stop - exit ;; - i*86:atheos:*:*) - echo ${UNAME_MACHINE}-unknown-atheos - exit ;; - i*86:syllable:*:*) - echo ${UNAME_MACHINE}-pc-syllable - exit ;; - i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) - echo i386-unknown-lynxos${UNAME_RELEASE} - exit ;; - i*86:*DOS:*:*) - echo ${UNAME_MACHINE}-pc-msdosdjgpp - exit ;; - i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) - UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` - if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then - echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} - else - echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} - fi - exit ;; - i*86:*:5:[678]*) - # UnixWare 7.x, OpenUNIX and OpenServer 6. - case `/bin/uname -X | grep "^Machine"` in - *486*) UNAME_MACHINE=i486 ;; - *Pentium) UNAME_MACHINE=i586 ;; - *Pent*|*Celeron) UNAME_MACHINE=i686 ;; - esac - echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} - exit ;; - i*86:*:3.2:*) - if test -f /usr/options/cb.name; then - UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then - UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` - (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 - (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ - && UNAME_MACHINE=i586 - (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ - && UNAME_MACHINE=i686 - (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ - && UNAME_MACHINE=i686 - echo ${UNAME_MACHINE}-pc-sco$UNAME_REL - else - echo ${UNAME_MACHINE}-pc-sysv32 - fi - exit ;; - pc:*:*:*) - # Left here for compatibility: - # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i386. - echo i386-pc-msdosdjgpp - exit ;; - Intel:Mach:3*:*) - echo i386-pc-mach3 - exit ;; - paragon:*:*:*) - echo i860-intel-osf1 - exit ;; - i860:*:4.*:*) # i860-SVR4 - if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 - else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 - fi - exit ;; - mini*:CTIX:SYS*5:*) - # "miniframe" - echo m68010-convergent-sysv - exit ;; - mc68k:UNIX:SYSTEM5:3.51m) - echo m68k-convergent-sysv - exit ;; - M680?0:D-NIX:5.3:*) - echo m68k-diab-dnix - exit ;; - M68*:*:R3V[5678]*:*) - test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; - 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) - OS_REL='' - test -r /etc/.relid \ - && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } - /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; - 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4; exit; } ;; - m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) - echo m68k-unknown-lynxos${UNAME_RELEASE} - exit ;; - mc68030:UNIX_System_V:4.*:*) - echo m68k-atari-sysv4 - exit ;; - TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos${UNAME_RELEASE} - exit ;; - rs6000:LynxOS:2.*:*) - echo rs6000-unknown-lynxos${UNAME_RELEASE} - exit ;; - PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) - echo powerpc-unknown-lynxos${UNAME_RELEASE} - exit ;; - SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv${UNAME_RELEASE} - exit ;; - RM*:ReliantUNIX-*:*:*) - echo mips-sni-sysv4 - exit ;; - RM*:SINIX-*:*:*) - echo mips-sni-sysv4 - exit ;; - *:SINIX-*:*:*) - if uname -p 2>/dev/null >/dev/null ; then - UNAME_MACHINE=`(uname -p) 2>/dev/null` - echo ${UNAME_MACHINE}-sni-sysv4 - else - echo ns32k-sni-sysv - fi - exit ;; - PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort - # says - echo i586-unisys-sysv4 - exit ;; - *:UNIX_System_V:4*:FTX*) - # From Gerald Hewes . - # How about differentiating between stratus architectures? -djm - echo hppa1.1-stratus-sysv4 - exit ;; - *:*:*:FTX*) - # From seanf@swdc.stratus.com. - echo i860-stratus-sysv4 - exit ;; - i*86:VOS:*:*) - # From Paul.Green@stratus.com. - echo ${UNAME_MACHINE}-stratus-vos - exit ;; - *:VOS:*:*) - # From Paul.Green@stratus.com. - echo hppa1.1-stratus-vos - exit ;; - mc68*:A/UX:*:*) - echo m68k-apple-aux${UNAME_RELEASE} - exit ;; - news*:NEWS-OS:6*:*) - echo mips-sony-newsos6 - exit ;; - R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) - if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} - else - echo mips-unknown-sysv${UNAME_RELEASE} - fi - exit ;; - BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. - echo powerpc-be-beos - exit ;; - BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. - echo powerpc-apple-beos - exit ;; - BePC:BeOS:*:*) # BeOS running on Intel PC compatible. - echo i586-pc-beos - exit ;; - SX-4:SUPER-UX:*:*) - echo sx4-nec-superux${UNAME_RELEASE} - exit ;; - SX-5:SUPER-UX:*:*) - echo sx5-nec-superux${UNAME_RELEASE} - exit ;; - SX-6:SUPER-UX:*:*) - echo sx6-nec-superux${UNAME_RELEASE} - exit ;; - Power*:Rhapsody:*:*) - echo powerpc-apple-rhapsody${UNAME_RELEASE} - exit ;; - *:Rhapsody:*:*) - echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} - exit ;; - *:Darwin:*:*) - UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - case $UNAME_PROCESSOR in - *86) UNAME_PROCESSOR=i686 ;; - unknown) UNAME_PROCESSOR=powerpc ;; - esac - echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} - exit ;; - *:procnto*:*:* | *:QNX:[0123456789]*:*) - UNAME_PROCESSOR=`uname -p` - if test "$UNAME_PROCESSOR" = "x86"; then - UNAME_PROCESSOR=i386 - UNAME_MACHINE=pc - fi - echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} - exit ;; - *:QNX:*:4*) - echo i386-pc-qnx - exit ;; - NSE-?:NONSTOP_KERNEL:*:*) - echo nse-tandem-nsk${UNAME_RELEASE} - exit ;; - NSR-?:NONSTOP_KERNEL:*:*) - echo nsr-tandem-nsk${UNAME_RELEASE} - exit ;; - *:NonStop-UX:*:*) - echo mips-compaq-nonstopux - exit ;; - BS2000:POSIX*:*:*) - echo bs2000-siemens-sysv - exit ;; - DS/*:UNIX_System_V:*:*) - echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} - exit ;; - *:Plan9:*:*) - # "uname -m" is not consistent, so use $cputype instead. 386 - # is converted to i386 for consistency with other x86 - # operating systems. - if test "$cputype" = "386"; then - UNAME_MACHINE=i386 - else - UNAME_MACHINE="$cputype" - fi - echo ${UNAME_MACHINE}-unknown-plan9 - exit ;; - *:TOPS-10:*:*) - echo pdp10-unknown-tops10 - exit ;; - *:TENEX:*:*) - echo pdp10-unknown-tenex - exit ;; - KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) - echo pdp10-dec-tops20 - exit ;; - XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) - echo pdp10-xkl-tops20 - exit ;; - *:TOPS-20:*:*) - echo pdp10-unknown-tops20 - exit ;; - *:ITS:*:*) - echo pdp10-unknown-its - exit ;; - SEI:*:*:SEIUX) - echo mips-sei-seiux${UNAME_RELEASE} - exit ;; - *:DragonFly:*:*) - echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` - exit ;; - *:*VMS:*:*) - UNAME_MACHINE=`(uname -p) 2>/dev/null` - case "${UNAME_MACHINE}" in - A*) echo alpha-dec-vms ; exit ;; - I*) echo ia64-dec-vms ; exit ;; - V*) echo vax-dec-vms ; exit ;; - esac ;; - *:XENIX:*:SysV) - echo i386-pc-xenix - exit ;; - i*86:skyos:*:*) - echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' - exit ;; -esac - -#echo '(No uname command or uname output not recognized.)' 1>&2 -#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 - -eval $set_cc_for_build -cat >$dummy.c < -# include -#endif -main () -{ -#if defined (sony) -#if defined (MIPSEB) - /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, - I don't know.... */ - printf ("mips-sony-bsd\n"); exit (0); -#else -#include - printf ("m68k-sony-newsos%s\n", -#ifdef NEWSOS4 - "4" -#else - "" -#endif - ); exit (0); -#endif -#endif - -#if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix\n"); exit (0); -#endif - -#if defined (hp300) && !defined (hpux) - printf ("m68k-hp-bsd\n"); exit (0); -#endif - -#if defined (NeXT) -#if !defined (__ARCHITECTURE__) -#define __ARCHITECTURE__ "m68k" -#endif - int version; - version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; - if (version < 4) - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); - else - printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); - exit (0); -#endif - -#if defined (MULTIMAX) || defined (n16) -#if defined (UMAXV) - printf ("ns32k-encore-sysv\n"); exit (0); -#else -#if defined (CMU) - printf ("ns32k-encore-mach\n"); exit (0); -#else - printf ("ns32k-encore-bsd\n"); exit (0); -#endif -#endif -#endif - -#if defined (__386BSD__) - printf ("i386-pc-bsd\n"); exit (0); -#endif - -#if defined (sequent) -#if defined (i386) - printf ("i386-sequent-dynix\n"); exit (0); -#endif -#if defined (ns32000) - printf ("ns32k-sequent-dynix\n"); exit (0); -#endif -#endif - -#if defined (_SEQUENT_) - struct utsname un; - - uname(&un); - - if (strncmp(un.version, "V2", 2) == 0) { - printf ("i386-sequent-ptx2\n"); exit (0); - } - if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ - printf ("i386-sequent-ptx1\n"); exit (0); - } - printf ("i386-sequent-ptx\n"); exit (0); - -#endif - -#if defined (vax) -# if !defined (ultrix) -# include -# if defined (BSD) -# if BSD == 43 - printf ("vax-dec-bsd4.3\n"); exit (0); -# else -# if BSD == 199006 - printf ("vax-dec-bsd4.3reno\n"); exit (0); -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# endif -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# else - printf ("vax-dec-ultrix\n"); exit (0); -# endif -#endif - -#if defined (alliant) && defined (i860) - printf ("i860-alliant-bsd\n"); exit (0); -#endif - - exit (1); -} -EOF - -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - -# Apollos put the system type in the environment. - -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } - -# Convex versions that predate uname can use getsysinfo(1) - -if [ -x /usr/convex/getsysinfo ] -then - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd - exit ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - c34*) - echo c34-convex-bsd - exit ;; - c38*) - echo c38-convex-bsd - exit ;; - c4*) - echo c4-convex-bsd - exit ;; - esac -fi - -cat >&2 < in order to provide the needed -information to handle your system. - -config.guess timestamp = $timestamp - -uname -m = `(uname -m) 2>/dev/null || echo unknown` -uname -r = `(uname -r) 2>/dev/null || echo unknown` -uname -s = `(uname -s) 2>/dev/null || echo unknown` -uname -v = `(uname -v) 2>/dev/null || echo unknown` - -/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` -/bin/uname -X = `(/bin/uname -X) 2>/dev/null` - -hostinfo = `(hostinfo) 2>/dev/null` -/bin/universe = `(/bin/universe) 2>/dev/null` -/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` -/bin/arch = `(/bin/arch) 2>/dev/null` -/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` -/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` - -UNAME_MACHINE = ${UNAME_MACHINE} -UNAME_RELEASE = ${UNAME_RELEASE} -UNAME_SYSTEM = ${UNAME_SYSTEM} -UNAME_VERSION = ${UNAME_VERSION} -EOF - -exit 1 - -# Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "timestamp='" -# time-stamp-format: "%:y-%02m-%02d" -# time-stamp-end: "'" -# End: diff --git a/sss_client/config.sub b/sss_client/config.sub deleted file mode 100755 index 23cd6fd..0000000 --- a/sss_client/config.sub +++ /dev/null @@ -1,1577 +0,0 @@ -#! /bin/sh -# Configuration validation subroutine script. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. - -timestamp='2005-07-08' - -# This file is (in principle) common to ALL GNU software. -# The presence of a machine in this file suggests that SOME GNU software -# can handle that machine. It does not imply ALL GNU software can. -# -# This file is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, see . -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - - -# Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. -# -# Configuration subroutine to validate and canonicalize a configuration type. -# Supply the specified configuration type as an argument. -# If it is invalid, we print an error message on stderr and exit with code 1. -# Otherwise, we print the canonical config type on stdout and succeed. - -# This file is supposed to be the same for all GNU packages -# and recognize all the CPU types, system types and aliases -# that are meaningful with *any* GNU software. -# Each package is responsible for reporting which valid configurations -# it does not support. The user should be able to distinguish -# a failure to support a valid configuration from a meaningless -# configuration. - -# The goal of this file is to map all the various variations of a given -# machine specification into a single specification in the form: -# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM -# or in some cases, the newer four-part form: -# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM -# It is wrong to echo any other type of specification. - -me=`echo "$0" | sed -e 's,.*/,,'` - -usage="\ -Usage: $0 [OPTION] CPU-MFR-OPSYS - $0 [OPTION] ALIAS - -Canonicalize a configuration name. - -Operation modes: - -h, --help print this help, then exit - -t, --time-stamp print date of last modification, then exit - -v, --version print version number, then exit - -Report bugs and patches to ." - -version="\ -GNU config.sub ($timestamp) - -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. - -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." - -help=" -Try \`$me --help' for more information." - -# Parse command line -while test $# -gt 0 ; do - case $1 in - --time-stamp | --time* | -t ) - echo "$timestamp" ; exit ;; - --version | -v ) - echo "$version" ; exit ;; - --help | --h* | -h ) - echo "$usage"; exit ;; - -- ) # Stop option processing - shift; break ;; - - ) # Use stdin as input. - break ;; - -* ) - echo "$me: invalid option $1$help" - exit 1 ;; - - *local*) - # First pass through any local machine types. - echo $1 - exit ;; - - * ) - break ;; - esac -done - -case $# in - 0) echo "$me: missing argument$help" >&2 - exit 1;; - 1) ;; - *) echo "$me: too many arguments$help" >&2 - exit 1;; -esac - -# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). -# Here we must recognize all the valid KERNEL-OS combinations. -maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` -case $maybe_os in - nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \ - kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) - os=-$maybe_os - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` - ;; - *) - basic_machine=`echo $1 | sed 's/-[^-]*$//'` - if [ $basic_machine != $1 ] - then os=`echo $1 | sed 's/.*-/-/'` - else os=; fi - ;; -esac - -### Let's recognize common machines as not being operating systems so -### that things like config.sub decstation-3100 work. We also -### recognize some manufacturers as not being operating systems, so we -### can provide default operating systems below. -case $os in - -sun*os*) - # Prevent following clause from handling this invalid input. - ;; - -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ - -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ - -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ - -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ - -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ - -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray) - os= - basic_machine=$1 - ;; - -sim | -cisco | -oki | -wec | -winbond) - os= - basic_machine=$1 - ;; - -scout) - ;; - -wrs) - os=-vxworks - basic_machine=$1 - ;; - -chorusos*) - os=-chorusos - basic_machine=$1 - ;; - -chorusrdb) - os=-chorusrdb - basic_machine=$1 - ;; - -hiux*) - os=-hiuxwe2 - ;; - -sco5) - os=-sco3.2v5 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco4) - os=-sco3.2v4 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2.[4-9]*) - os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2v[4-9]*) - # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco*) - os=-sco3.2v2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -udk*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -isc) - os=-isc2.2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -clix*) - basic_machine=clipper-intergraph - ;; - -isc*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -lynx*) - os=-lynxos - ;; - -ptx*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` - ;; - -windowsnt*) - os=`echo $os | sed -e 's/windowsnt/winnt/'` - ;; - -psos*) - os=-psos - ;; - -mint | -mint[0-9]*) - basic_machine=m68k-atari - os=-mint - ;; -esac - -# Decode aliases for certain CPU-COMPANY combinations. -case $basic_machine in - # Recognize the basic CPU types without company name. - # Some are omitted here because they have special meanings below. - 1750a | 580 \ - | a29k \ - | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ - | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ - | am33_2.0 \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ - | bfin \ - | c4x | clipper \ - | d10v | d30v | dlx | dsp16xx \ - | fr30 | frv \ - | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ - | i370 | i860 | i960 | ia64 \ - | ip2k | iq2000 \ - | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \ - | mips | mipsbe | mipseb | mipsel | mipsle \ - | mips16 \ - | mips64 | mips64el \ - | mips64vr | mips64vrel \ - | mips64orion | mips64orionel \ - | mips64vr4100 | mips64vr4100el \ - | mips64vr4300 | mips64vr4300el \ - | mips64vr5000 | mips64vr5000el \ - | mips64vr5900 | mips64vr5900el \ - | mipsisa32 | mipsisa32el \ - | mipsisa32r2 | mipsisa32r2el \ - | mipsisa64 | mipsisa64el \ - | mipsisa64r2 | mipsisa64r2el \ - | mipsisa64sb1 | mipsisa64sb1el \ - | mipsisa64sr71k | mipsisa64sr71kel \ - | mipstx39 | mipstx39el \ - | mn10200 | mn10300 \ - | ms1 \ - | msp430 \ - | ns16k | ns32k \ - | or32 \ - | pdp10 | pdp11 | pj | pjl \ - | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ - | pyramid \ - | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ - | sh64 | sh64le \ - | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \ - | sparcv8 | sparcv9 | sparcv9b \ - | strongarm \ - | tahoe | thumb | tic4x | tic80 | tron \ - | v850 | v850e \ - | we32k \ - | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \ - | z8k) - basic_machine=$basic_machine-unknown - ;; - m32c) - basic_machine=$basic_machine-unknown - ;; - m6811 | m68hc11 | m6812 | m68hc12) - # Motorola 68HC11/12. - basic_machine=$basic_machine-unknown - os=-none - ;; - m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) - ;; - - # We use `pc' rather than `unknown' - # because (1) that's what they normally are, and - # (2) the word "unknown" tends to confuse beginning users. - i*86 | x86_64) - basic_machine=$basic_machine-pc - ;; - # Object if more than one company name word. - *-*-*) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 - exit 1 - ;; - # Recognize the basic CPU types with company name. - 580-* \ - | a29k-* \ - | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ - | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ - | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ - | avr-* \ - | bfin-* | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ - | clipper-* | craynv-* | cydra-* \ - | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ - | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ - | h8300-* | h8500-* \ - | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ - | i*86-* | i860-* | i960-* | ia64-* \ - | ip2k-* | iq2000-* \ - | m32r-* | m32rle-* \ - | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* \ - | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ - | mips16-* \ - | mips64-* | mips64el-* \ - | mips64vr-* | mips64vrel-* \ - | mips64orion-* | mips64orionel-* \ - | mips64vr4100-* | mips64vr4100el-* \ - | mips64vr4300-* | mips64vr4300el-* \ - | mips64vr5000-* | mips64vr5000el-* \ - | mips64vr5900-* | mips64vr5900el-* \ - | mipsisa32-* | mipsisa32el-* \ - | mipsisa32r2-* | mipsisa32r2el-* \ - | mipsisa64-* | mipsisa64el-* \ - | mipsisa64r2-* | mipsisa64r2el-* \ - | mipsisa64sb1-* | mipsisa64sb1el-* \ - | mipsisa64sr71k-* | mipsisa64sr71kel-* \ - | mipstx39-* | mipstx39el-* \ - | mmix-* \ - | ms1-* \ - | msp430-* \ - | none-* | np1-* | ns16k-* | ns32k-* \ - | orion-* \ - | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ - | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ - | pyramid-* \ - | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \ - | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \ - | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ - | tahoe-* | thumb-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ - | tron-* \ - | v850-* | v850e-* | vax-* \ - | we32k-* \ - | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \ - | xstormy16-* | xtensa-* \ - | ymp-* \ - | z8k-*) - ;; - m32c-*) - ;; - # Recognize the various machine names and aliases which stand - # for a CPU type and a company and sometimes even an OS. - 386bsd) - basic_machine=i386-unknown - os=-bsd - ;; - 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) - basic_machine=m68000-att - ;; - 3b*) - basic_machine=we32k-att - ;; - a29khif) - basic_machine=a29k-amd - os=-udi - ;; - abacus) - basic_machine=abacus-unknown - ;; - adobe68k) - basic_machine=m68010-adobe - os=-scout - ;; - alliant | fx80) - basic_machine=fx80-alliant - ;; - altos | altos3068) - basic_machine=m68k-altos - ;; - am29k) - basic_machine=a29k-none - os=-bsd - ;; - amd64) - basic_machine=x86_64-pc - ;; - amd64-*) - basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - amdahl) - basic_machine=580-amdahl - os=-sysv - ;; - amiga | amiga-*) - basic_machine=m68k-unknown - ;; - amigaos | amigados) - basic_machine=m68k-unknown - os=-amigaos - ;; - amigaunix | amix) - basic_machine=m68k-unknown - os=-sysv4 - ;; - apollo68) - basic_machine=m68k-apollo - os=-sysv - ;; - apollo68bsd) - basic_machine=m68k-apollo - os=-bsd - ;; - aux) - basic_machine=m68k-apple - os=-aux - ;; - balance) - basic_machine=ns32k-sequent - os=-dynix - ;; - c90) - basic_machine=c90-cray - os=-unicos - ;; - convex-c1) - basic_machine=c1-convex - os=-bsd - ;; - convex-c2) - basic_machine=c2-convex - os=-bsd - ;; - convex-c32) - basic_machine=c32-convex - os=-bsd - ;; - convex-c34) - basic_machine=c34-convex - os=-bsd - ;; - convex-c38) - basic_machine=c38-convex - os=-bsd - ;; - cray | j90) - basic_machine=j90-cray - os=-unicos - ;; - craynv) - basic_machine=craynv-cray - os=-unicosmp - ;; - cr16c) - basic_machine=cr16c-unknown - os=-elf - ;; - crds | unos) - basic_machine=m68k-crds - ;; - crisv32 | crisv32-* | etraxfs*) - basic_machine=crisv32-axis - ;; - cris | cris-* | etrax*) - basic_machine=cris-axis - ;; - crx) - basic_machine=crx-unknown - os=-elf - ;; - da30 | da30-*) - basic_machine=m68k-da30 - ;; - decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) - basic_machine=mips-dec - ;; - decsystem10* | dec10*) - basic_machine=pdp10-dec - os=-tops10 - ;; - decsystem20* | dec20*) - basic_machine=pdp10-dec - os=-tops20 - ;; - delta | 3300 | motorola-3300 | motorola-delta \ - | 3300-motorola | delta-motorola) - basic_machine=m68k-motorola - ;; - delta88) - basic_machine=m88k-motorola - os=-sysv3 - ;; - djgpp) - basic_machine=i586-pc - os=-msdosdjgpp - ;; - dpx20 | dpx20-*) - basic_machine=rs6000-bull - os=-bosx - ;; - dpx2* | dpx2*-bull) - basic_machine=m68k-bull - os=-sysv3 - ;; - ebmon29k) - basic_machine=a29k-amd - os=-ebmon - ;; - elxsi) - basic_machine=elxsi-elxsi - os=-bsd - ;; - encore | umax | mmax) - basic_machine=ns32k-encore - ;; - es1800 | OSE68k | ose68k | ose | OSE) - basic_machine=m68k-ericsson - os=-ose - ;; - fx2800) - basic_machine=i860-alliant - ;; - genix) - basic_machine=ns32k-ns - ;; - gmicro) - basic_machine=tron-gmicro - os=-sysv - ;; - go32) - basic_machine=i386-pc - os=-go32 - ;; - h3050r* | hiux*) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - h8300hms) - basic_machine=h8300-hitachi - os=-hms - ;; - h8300xray) - basic_machine=h8300-hitachi - os=-xray - ;; - h8500hms) - basic_machine=h8500-hitachi - os=-hms - ;; - harris) - basic_machine=m88k-harris - os=-sysv3 - ;; - hp300-*) - basic_machine=m68k-hp - ;; - hp300bsd) - basic_machine=m68k-hp - os=-bsd - ;; - hp300hpux) - basic_machine=m68k-hp - os=-hpux - ;; - hp3k9[0-9][0-9] | hp9[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hp9k2[0-9][0-9] | hp9k31[0-9]) - basic_machine=m68000-hp - ;; - hp9k3[2-9][0-9]) - basic_machine=m68k-hp - ;; - hp9k6[0-9][0-9] | hp6[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hp9k7[0-79][0-9] | hp7[0-79][0-9]) - basic_machine=hppa1.1-hp - ;; - hp9k78[0-9] | hp78[0-9]) - # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp - ;; - hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) - # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp - ;; - hp9k8[0-9][13679] | hp8[0-9][13679]) - basic_machine=hppa1.1-hp - ;; - hp9k8[0-9][0-9] | hp8[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hppa-next) - os=-nextstep3 - ;; - hppaosf) - basic_machine=hppa1.1-hp - os=-osf - ;; - hppro) - basic_machine=hppa1.1-hp - os=-proelf - ;; - i370-ibm* | ibm*) - basic_machine=i370-ibm - ;; -# I'm not sure what "Sysv32" means. Should this be sysv3.2? - i*86v32) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv32 - ;; - i*86v4*) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv4 - ;; - i*86v) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv - ;; - i*86sol2) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-solaris2 - ;; - i386mach) - basic_machine=i386-mach - os=-mach - ;; - i386-vsta | vsta) - basic_machine=i386-unknown - os=-vsta - ;; - iris | iris4d) - basic_machine=mips-sgi - case $os in - -irix*) - ;; - *) - os=-irix4 - ;; - esac - ;; - isi68 | isi) - basic_machine=m68k-isi - os=-sysv - ;; - m88k-omron*) - basic_machine=m88k-omron - ;; - magnum | m3230) - basic_machine=mips-mips - os=-sysv - ;; - merlin) - basic_machine=ns32k-utek - os=-sysv - ;; - mingw32) - basic_machine=i386-pc - os=-mingw32 - ;; - miniframe) - basic_machine=m68000-convergent - ;; - *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) - basic_machine=m68k-atari - os=-mint - ;; - mips3*-*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` - ;; - mips3*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown - ;; - monitor) - basic_machine=m68k-rom68k - os=-coff - ;; - morphos) - basic_machine=powerpc-unknown - os=-morphos - ;; - msdos) - basic_machine=i386-pc - os=-msdos - ;; - mvs) - basic_machine=i370-ibm - os=-mvs - ;; - ncr3000) - basic_machine=i486-ncr - os=-sysv4 - ;; - netbsd386) - basic_machine=i386-unknown - os=-netbsd - ;; - netwinder) - basic_machine=armv4l-rebel - os=-linux - ;; - news | news700 | news800 | news900) - basic_machine=m68k-sony - os=-newsos - ;; - news1000) - basic_machine=m68030-sony - os=-newsos - ;; - news-3600 | risc-news) - basic_machine=mips-sony - os=-newsos - ;; - necv70) - basic_machine=v70-nec - os=-sysv - ;; - next | m*-next ) - basic_machine=m68k-next - case $os in - -nextstep* ) - ;; - -ns2*) - os=-nextstep2 - ;; - *) - os=-nextstep3 - ;; - esac - ;; - nh3000) - basic_machine=m68k-harris - os=-cxux - ;; - nh[45]000) - basic_machine=m88k-harris - os=-cxux - ;; - nindy960) - basic_machine=i960-intel - os=-nindy - ;; - mon960) - basic_machine=i960-intel - os=-mon960 - ;; - nonstopux) - basic_machine=mips-compaq - os=-nonstopux - ;; - np1) - basic_machine=np1-gould - ;; - nsr-tandem) - basic_machine=nsr-tandem - ;; - op50n-* | op60c-*) - basic_machine=hppa1.1-oki - os=-proelf - ;; - openrisc | openrisc-*) - basic_machine=or32-unknown - ;; - os400) - basic_machine=powerpc-ibm - os=-os400 - ;; - OSE68000 | ose68000) - basic_machine=m68000-ericsson - os=-ose - ;; - os68k) - basic_machine=m68k-none - os=-os68k - ;; - pa-hitachi) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - paragon) - basic_machine=i860-intel - os=-osf - ;; - pbd) - basic_machine=sparc-tti - ;; - pbb) - basic_machine=m68k-tti - ;; - pc532 | pc532-*) - basic_machine=ns32k-pc532 - ;; - pentium | p5 | k5 | k6 | nexgen | viac3) - basic_machine=i586-pc - ;; - pentiumpro | p6 | 6x86 | athlon | athlon_*) - basic_machine=i686-pc - ;; - pentiumii | pentium2 | pentiumiii | pentium3) - basic_machine=i686-pc - ;; - pentium4) - basic_machine=i786-pc - ;; - pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) - basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumpro-* | p6-* | 6x86-* | athlon-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentium4-*) - basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pn) - basic_machine=pn-gould - ;; - power) basic_machine=power-ibm - ;; - ppc) basic_machine=powerpc-unknown - ;; - ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppcle | powerpclittle | ppc-le | powerpc-little) - basic_machine=powerpcle-unknown - ;; - ppcle-* | powerpclittle-*) - basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppc64) basic_machine=powerpc64-unknown - ;; - ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppc64le | powerpc64little | ppc64-le | powerpc64-little) - basic_machine=powerpc64le-unknown - ;; - ppc64le-* | powerpc64little-*) - basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ps2) - basic_machine=i386-ibm - ;; - pw32) - basic_machine=i586-unknown - os=-pw32 - ;; - rom68k) - basic_machine=m68k-rom68k - os=-coff - ;; - rm[46]00) - basic_machine=mips-siemens - ;; - rtpc | rtpc-*) - basic_machine=romp-ibm - ;; - s390 | s390-*) - basic_machine=s390-ibm - ;; - s390x | s390x-*) - basic_machine=s390x-ibm - ;; - sa29200) - basic_machine=a29k-amd - os=-udi - ;; - sb1) - basic_machine=mipsisa64sb1-unknown - ;; - sb1el) - basic_machine=mipsisa64sb1el-unknown - ;; - sei) - basic_machine=mips-sei - os=-seiux - ;; - sequent) - basic_machine=i386-sequent - ;; - sh) - basic_machine=sh-hitachi - os=-hms - ;; - sh64) - basic_machine=sh64-unknown - ;; - sparclite-wrs | simso-wrs) - basic_machine=sparclite-wrs - os=-vxworks - ;; - sps7) - basic_machine=m68k-bull - os=-sysv2 - ;; - spur) - basic_machine=spur-unknown - ;; - st2000) - basic_machine=m68k-tandem - ;; - stratus) - basic_machine=i860-stratus - os=-sysv4 - ;; - sun2) - basic_machine=m68000-sun - ;; - sun2os3) - basic_machine=m68000-sun - os=-sunos3 - ;; - sun2os4) - basic_machine=m68000-sun - os=-sunos4 - ;; - sun3os3) - basic_machine=m68k-sun - os=-sunos3 - ;; - sun3os4) - basic_machine=m68k-sun - os=-sunos4 - ;; - sun4os3) - basic_machine=sparc-sun - os=-sunos3 - ;; - sun4os4) - basic_machine=sparc-sun - os=-sunos4 - ;; - sun4sol2) - basic_machine=sparc-sun - os=-solaris2 - ;; - sun3 | sun3-*) - basic_machine=m68k-sun - ;; - sun4) - basic_machine=sparc-sun - ;; - sun386 | sun386i | roadrunner) - basic_machine=i386-sun - ;; - sv1) - basic_machine=sv1-cray - os=-unicos - ;; - symmetry) - basic_machine=i386-sequent - os=-dynix - ;; - t3e) - basic_machine=alphaev5-cray - os=-unicos - ;; - t90) - basic_machine=t90-cray - os=-unicos - ;; - tic54x | c54x*) - basic_machine=tic54x-unknown - os=-coff - ;; - tic55x | c55x*) - basic_machine=tic55x-unknown - os=-coff - ;; - tic6x | c6x*) - basic_machine=tic6x-unknown - os=-coff - ;; - tx39) - basic_machine=mipstx39-unknown - ;; - tx39el) - basic_machine=mipstx39el-unknown - ;; - toad1) - basic_machine=pdp10-xkl - os=-tops20 - ;; - tower | tower-32) - basic_machine=m68k-ncr - ;; - tpf) - basic_machine=s390x-ibm - os=-tpf - ;; - udi29k) - basic_machine=a29k-amd - os=-udi - ;; - ultra3) - basic_machine=a29k-nyu - os=-sym1 - ;; - v810 | necv810) - basic_machine=v810-nec - os=-none - ;; - vaxv) - basic_machine=vax-dec - os=-sysv - ;; - vms) - basic_machine=vax-dec - os=-vms - ;; - vpp*|vx|vx-*) - basic_machine=f301-fujitsu - ;; - vxworks960) - basic_machine=i960-wrs - os=-vxworks - ;; - vxworks68) - basic_machine=m68k-wrs - os=-vxworks - ;; - vxworks29k) - basic_machine=a29k-wrs - os=-vxworks - ;; - w65*) - basic_machine=w65-wdc - os=-none - ;; - w89k-*) - basic_machine=hppa1.1-winbond - os=-proelf - ;; - xbox) - basic_machine=i686-pc - os=-mingw32 - ;; - xps | xps100) - basic_machine=xps100-honeywell - ;; - ymp) - basic_machine=ymp-cray - os=-unicos - ;; - z8k-*-coff) - basic_machine=z8k-unknown - os=-sim - ;; - none) - basic_machine=none-none - os=-none - ;; - -# Here we handle the default manufacturer of certain CPU types. It is in -# some cases the only manufacturer, in others, it is the most popular. - w89k) - basic_machine=hppa1.1-winbond - ;; - op50n) - basic_machine=hppa1.1-oki - ;; - op60c) - basic_machine=hppa1.1-oki - ;; - romp) - basic_machine=romp-ibm - ;; - mmix) - basic_machine=mmix-knuth - ;; - rs6000) - basic_machine=rs6000-ibm - ;; - vax) - basic_machine=vax-dec - ;; - pdp10) - # there are many clones, so DEC is not a safe bet - basic_machine=pdp10-unknown - ;; - pdp11) - basic_machine=pdp11-dec - ;; - we32k) - basic_machine=we32k-att - ;; - sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) - basic_machine=sh-unknown - ;; - sparc | sparcv8 | sparcv9 | sparcv9b) - basic_machine=sparc-sun - ;; - cydra) - basic_machine=cydra-cydrome - ;; - orion) - basic_machine=orion-highlevel - ;; - orion105) - basic_machine=clipper-highlevel - ;; - mac | mpw | mac-mpw) - basic_machine=m68k-apple - ;; - pmac | pmac-mpw) - basic_machine=powerpc-apple - ;; - *-unknown) - # Make sure to match an already-canonicalized machine name. - ;; - *) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 - exit 1 - ;; -esac - -# Here we canonicalize certain aliases for manufacturers. -case $basic_machine in - *-digital*) - basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` - ;; - *-commodore*) - basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` - ;; - *) - ;; -esac - -# Decode manufacturer-specific aliases for certain operating systems. - -if [ x"$os" != x"" ] -then -case $os in - # First match some system type aliases - # that might get confused with valid system types. - # -solaris* is a basic system type, with this one exception. - -solaris1 | -solaris1.*) - os=`echo $os | sed -e 's|solaris1|sunos4|'` - ;; - -solaris) - os=-solaris2 - ;; - -svr4*) - os=-sysv4 - ;; - -unixware*) - os=-sysv4.2uw - ;; - -gnu/linux*) - os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` - ;; - # First accept the basic system types. - # The portable systems comes first. - # Each alternative MUST END IN A *, to match a version number. - # -sysv* is not here because it comes later, after sysvr4. - -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ - | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ - | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ - | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* \ - | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ - | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \ - | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ - | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ - | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ - | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* \ - | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \ - | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ - | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ - | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ - | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ - | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ - | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku*) - # Remember, each alternative MUST END IN *, to match a version number. - ;; - -qnx*) - case $basic_machine in - x86-* | i*86-*) - ;; - *) - os=-nto$os - ;; - esac - ;; - -nto-qnx*) - ;; - -nto*) - os=`echo $os | sed -e 's|nto|nto-qnx|'` - ;; - -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ - | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ - | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) - ;; - -mac*) - os=`echo $os | sed -e 's|mac|macos|'` - ;; - -linux-dietlibc) - os=-linux-dietlibc - ;; - -linux*) - os=`echo $os | sed -e 's|linux|linux-gnu|'` - ;; - -sunos5*) - os=`echo $os | sed -e 's|sunos5|solaris2|'` - ;; - -sunos6*) - os=`echo $os | sed -e 's|sunos6|solaris3|'` - ;; - -opened*) - os=-openedition - ;; - -os400*) - os=-os400 - ;; - -wince*) - os=-wince - ;; - -osfrose*) - os=-osfrose - ;; - -osf*) - os=-osf - ;; - -utek*) - os=-bsd - ;; - -dynix*) - os=-bsd - ;; - -acis*) - os=-aos - ;; - -atheos*) - os=-atheos - ;; - -syllable*) - os=-syllable - ;; - -386bsd) - os=-bsd - ;; - -ctix* | -uts*) - os=-sysv - ;; - -nova*) - os=-rtmk-nova - ;; - -ns2 ) - os=-nextstep2 - ;; - -nsk*) - os=-nsk - ;; - # Preserve the version number of sinix5. - -sinix5.*) - os=`echo $os | sed -e 's|sinix|sysv|'` - ;; - -sinix*) - os=-sysv4 - ;; - -tpf*) - os=-tpf - ;; - -triton*) - os=-sysv3 - ;; - -oss*) - os=-sysv3 - ;; - -svr4) - os=-sysv4 - ;; - -svr3) - os=-sysv3 - ;; - -sysvr4) - os=-sysv4 - ;; - # This must come after -sysvr4. - -sysv*) - ;; - -ose*) - os=-ose - ;; - -es1800*) - os=-ose - ;; - -xenix) - os=-xenix - ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - os=-mint - ;; - -aros*) - os=-aros - ;; - -kaos*) - os=-kaos - ;; - -zvmoe) - os=-zvmoe - ;; - -none) - ;; - *) - # Get rid of the `-' at the beginning of $os. - os=`echo $os | sed 's/[^-]*-//'` - echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 - exit 1 - ;; -esac -else - -# Here we handle the default operating systems that come with various machines. -# The value should be what the vendor currently ships out the door with their -# machine or put another way, the most popular os provided with the machine. - -# Note that if you're going to try to match "-MANUFACTURER" here (say, -# "-sun"), then you have to tell the case statement up towards the top -# that MANUFACTURER isn't an operating system. Otherwise, code above -# will signal an error saying that MANUFACTURER isn't an operating -# system, and we'll never get to this point. - -case $basic_machine in - *-acorn) - os=-riscix1.2 - ;; - arm*-rebel) - os=-linux - ;; - arm*-semi) - os=-aout - ;; - c4x-* | tic4x-*) - os=-coff - ;; - # This must come before the *-dec entry. - pdp10-*) - os=-tops20 - ;; - pdp11-*) - os=-none - ;; - *-dec | vax-*) - os=-ultrix4.2 - ;; - m68*-apollo) - os=-domain - ;; - i386-sun) - os=-sunos4.0.2 - ;; - m68000-sun) - os=-sunos3 - # This also exists in the configure program, but was not the - # default. - # os=-sunos4 - ;; - m68*-cisco) - os=-aout - ;; - mips*-cisco) - os=-elf - ;; - mips*-*) - os=-elf - ;; - or32-*) - os=-coff - ;; - *-tti) # must be before sparc entry or we get the wrong os. - os=-sysv3 - ;; - sparc-* | *-sun) - os=-sunos4.1.1 - ;; - *-be) - os=-beos - ;; - *-haiku) - os=-haiku - ;; - *-ibm) - os=-aix - ;; - *-knuth) - os=-mmixware - ;; - *-wec) - os=-proelf - ;; - *-winbond) - os=-proelf - ;; - *-oki) - os=-proelf - ;; - *-hp) - os=-hpux - ;; - *-hitachi) - os=-hiux - ;; - i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) - os=-sysv - ;; - *-cbm) - os=-amigaos - ;; - *-dg) - os=-dgux - ;; - *-dolphin) - os=-sysv3 - ;; - m68k-ccur) - os=-rtu - ;; - m88k-omron*) - os=-luna - ;; - *-next ) - os=-nextstep - ;; - *-sequent) - os=-ptx - ;; - *-crds) - os=-unos - ;; - *-ns) - os=-genix - ;; - i370-*) - os=-mvs - ;; - *-next) - os=-nextstep3 - ;; - *-gould) - os=-sysv - ;; - *-highlevel) - os=-bsd - ;; - *-encore) - os=-bsd - ;; - *-sgi) - os=-irix - ;; - *-siemens) - os=-sysv4 - ;; - *-masscomp) - os=-rtu - ;; - f30[01]-fujitsu | f700-fujitsu) - os=-uxpv - ;; - *-rom68k) - os=-coff - ;; - *-*bug) - os=-coff - ;; - *-apple) - os=-macos - ;; - *-atari*) - os=-mint - ;; - *) - os=-none - ;; -esac -fi - -# Here we handle the case where we know the os, and the CPU type, but not the -# manufacturer. We pick the logical manufacturer. -vendor=unknown -case $basic_machine in - *-unknown) - case $os in - -riscix*) - vendor=acorn - ;; - -sunos*) - vendor=sun - ;; - -aix*) - vendor=ibm - ;; - -beos*) - vendor=be - ;; - -hpux*) - vendor=hp - ;; - -mpeix*) - vendor=hp - ;; - -hiux*) - vendor=hitachi - ;; - -unos*) - vendor=crds - ;; - -dgux*) - vendor=dg - ;; - -luna*) - vendor=omron - ;; - -genix*) - vendor=ns - ;; - -mvs* | -opened*) - vendor=ibm - ;; - -os400*) - vendor=ibm - ;; - -ptx*) - vendor=sequent - ;; - -tpf*) - vendor=ibm - ;; - -vxsim* | -vxworks* | -windiss*) - vendor=wrs - ;; - -aux*) - vendor=apple - ;; - -hms*) - vendor=hitachi - ;; - -mpw* | -macos*) - vendor=apple - ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - vendor=atari - ;; - -vos*) - vendor=stratus - ;; - esac - basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` - ;; -esac - -echo $basic_machine$os -exit - -# Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "timestamp='" -# time-stamp-format: "%:y-%02m-%02d" -# time-stamp-end: "'" -# End: diff --git a/sss_client/configure.ac b/sss_client/configure.ac deleted file mode 100644 index 5d3bb0c..0000000 --- a/sss_client/configure.ac +++ /dev/null @@ -1,13 +0,0 @@ -AC_PREREQ(2.50) -AC_INIT(nss_sss, 0.2.1) -AC_CONFIG_HEADER(config.h) - -AC_LIBREPLACE_ALL_CHECKS -AC_LD_SONAMEFLAG -AC_LD_PICFLAG -AC_LD_SHLIBEXT -AC_LIBREPLACE_SHLD -AC_LIBREPLACE_SHLD_FLAGS -AC_LIBREPLACE_RUNTIME_LIB_PATH_VAR - -AC_OUTPUT(Makefile) diff --git a/sss_client/exports.linux b/sss_client/exports.linux deleted file mode 100644 index bcc6b10..0000000 --- a/sss_client/exports.linux +++ /dev/null @@ -1,73 +0,0 @@ -EXPORTED { - - # public functions - global: - - _nss_sss_getpwnam_r; - _nss_sss_getpwuid_r; - _nss_sss_setpwent; - _nss_sss_getpwent_r; - _nss_sss_endpwent; - - _nss_sss_getgrnam_r; - _nss_sss_getgrgid_r; - _nss_sss_setgrent; - _nss_sss_getgrent_r; - _nss_sss_endgrent; - _nss_sss_initgroups_dyn; - - #_nss_sss_getaliasbyname_r; - #_nss_sss_setaliasent; - #_nss_sss_getaliasent_r; - #_nss_sss_endaliasent; - - #_nss_sss_gethostton_r; - #_nss_sss_getntohost_r; - #_nss_sss_setetherent; - #_nss_sss_getetherent_r; - #_nss_sss_endetherent; - - #_nss_sss_gethostbyname_r; - #_nss_sss_gethostbyname2_r; - #_nss_sss_gethostbyaddr_r; - #_nss_sss_sethostent; - #_nss_sss_gethostent_r; - #_nss_sss_endhostent; - - #_nss_sss_setnetgrent; - #_nss_sss_getnetgrent_r; - #_nss_sss_endnetgrent; - - #_nss_sss_getnetbyname_r; - #_nss_sss_getnetbyaddr_r; - #_nss_sss_setnetent; - #_nss_sss_getnetent_r; - #_nss_sss_endnetent; - - #_nss_sss_getprotobyname_r; - #_nss_sss_getprotobynumber_r; - #_nss_sss_setprotoent; - #_nss_sss_getprotoent_r; - #_nss_sss_endprotoent; - - #_nss_sss_getrpcbyname_r; - #_nss_sss_getrpcbynumber_r; - #_nss_sss_setrpcent; - #_nss_sss_getrpcent_r; - #_nss_sss_endrpcent; - - #_nss_sss_getservbyname_r; - #_nss_sss_getservbyport_r; - #_nss_sss_setservent; - #_nss_sss_getservent_r; - #_nss_sss_endservent; - - #_nss_sss_getspnam_r; - #_nss_sss_setspent; - #_nss_sss_getspent_r; - #_nss_sss_endspent; - - # everything else is local - local: - *; -}; diff --git a/sss_client/group.c b/sss_client/group.c deleted file mode 100644 index 4ba11e3..0000000 --- a/sss_client/group.c +++ /dev/null @@ -1,425 +0,0 @@ -/* - * System Security Services Daemon. NSS client interface - * - * Copyright (C) Simo Sorce 2007 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -/* GROUP database NSS interface */ - -#include -#include -#include -#include -#include -#include -#include -#include "sss_cli.h" - -static struct sss_nss_getgrent_data { - size_t len; - size_t ptr; - uint8_t *data; -} sss_nss_getgrent_data; - -static void sss_nss_getgrent_data_clean(void) { - - if (sss_nss_getgrent_data.data != NULL) { - free(sss_nss_getgrent_data.data); - sss_nss_getgrent_data.data = NULL; - } - sss_nss_getgrent_data.len = 0; - sss_nss_getgrent_data.ptr = 0; -} - -/* GETGRNAM Request: - * - * 0-X: string with name - * - * GERTGRGID Request: - * - * 0-7: 32bit number with gid - * - * INITGROUPS Request: - * - * 0-3: 32bit number with gid - * 4-7: 32bit unsigned with max num of entries - * - * Replies: - * - * 0-3: 32bit unsigned number of results - * 4-7: 32bit unsigned (reserved/padding) - * For each result (64bit padded ?): - * 0-3: 32bit number gid - * 4-7: 32bit unsigned number of members - * 8-X: sequence of 0 terminated strings (name, passwd, mem..) - */ -struct sss_nss_gr_rep { - struct group *result; - char *buffer; - size_t buflen; -}; - -static int sss_nss_getgr_readrep(struct sss_nss_gr_rep *pr, - uint8_t *buf, size_t *len) -{ - size_t i, l, slen, ptmem; - ssize_t dlen; - char *sbuf; - uint32_t mem_num; - int err; - - if (*len < 11) { /* not enough space for data, bad packet */ - return EBADMSG; - } - - pr->result->gr_gid = ((uint32_t *)buf)[0]; - mem_num = ((uint32_t *)buf)[1]; - - sbuf = (char *)&buf[8]; - slen = *len - 8; - dlen = pr->buflen; - - pr->result->gr_name = &(pr->buffer[0]); - i = 0; - while (slen > i && dlen > 0) { - pr->buffer[i] = sbuf[i]; - if (pr->buffer[i] == '\0') break; - i++; - dlen--; - } - if (slen <= i) { /* premature end of buf */ - return EBADMSG; - } - if (dlen <= 0) { /* not enough memory */ - return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ - } - i++; - dlen--; - - pr->result->gr_passwd = &(pr->buffer[i]); - while (slen > i && dlen > 0) { - pr->buffer[i] = sbuf[i]; - if (pr->buffer[i] == '\0') break; - i++; - dlen--; - } - if (slen <= i) { /* premature end of buf */ - return EBADMSG; - } - if (dlen <= 0) { /* not enough memory */ - return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ - } - i++; - dlen--; - - /* now members */ - pr->result->gr_mem = (char **)&(pr->buffer[i]); - ptmem = sizeof(char *) * (mem_num + 1); - dlen -= ptmem; - if (0 > dlen) { /* not enough mem in buffer */ - return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ - } - ptmem += i; - pr->result->gr_mem[mem_num] = NULL; /* terminate array */ - - for (l = 0; l < mem_num; l++) { - pr->result->gr_mem[l] = &(pr->buffer[ptmem]); - while ((slen > i) && (dlen > 0)) { - pr->buffer[ptmem] = sbuf[i]; - i++; - dlen--; - if (pr->buffer[ptmem] == '\0') break; - ptmem++; - } - if (pr->buffer[ptmem] != '\0') { - if (slen <= i) { /* premature end of buf */ - return EBADMSG; - } - if (dlen <= 0) { /* not enough memory */ - return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ - } - } - ptmem++; - } - - *len = slen -i; - return 0; -} - -/* INITGROUP Reply: - * - * 0-3: 32bit unsigned number of results - * 4-7: 32bit unsigned (reserved/padding) - * For each result: - * 0-4: 32bit number with gid - */ - - -enum nss_status _nss_sss_initgroups_dyn(const char *user, gid_t group, - long int *start, long int *size, - gid_t **groups, long int limit, - int *errnop) -{ - struct sss_cli_req_data rd; - uint8_t *repbuf; - size_t replen; - enum nss_status nret; - uint32_t *rbuf; - uint32_t num_ret; - long int l, max_ret; - - rd.len = strlen(user) +1; - rd.data = user; - - nret = sss_nss_make_request(SSS_NSS_INITGR, &rd, - &repbuf, &replen, errnop); - if (nret != NSS_STATUS_SUCCESS) { - return nret; - } - - /* no results if not found */ - num_ret = ((uint32_t *)repbuf)[0]; - if (num_ret == 0) { - free(repbuf); - return NSS_STATUS_NOTFOUND; - } - max_ret = num_ret; - - /* check we have enough space in the buffer */ - if ((*size - *start) < num_ret) { - long int newsize; - gid_t *newgroups; - - newsize = *size + num_ret; - if ((limit > 0) && (newsize > limit)) { - newsize = limit; - max_ret = newsize - *start; - } - - newgroups = (gid_t *)realloc((*groups), newsize * sizeof(**groups)); - if (!newgroups) { - *errnop = ENOMEM; - free(repbuf); - return NSS_STATUS_TRYAGAIN; - } - *groups = newgroups; - *size = newsize; - } - - rbuf = &((uint32_t *)repbuf)[2]; - for (l = 0; l < max_ret; l++) { - (*groups)[*start] = rbuf[l]; - *start += 1; - } - - return NSS_STATUS_SUCCESS; -} - - -enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result, - char *buffer, size_t buflen, int *errnop) -{ - struct sss_cli_req_data rd; - struct sss_nss_gr_rep grrep; - uint8_t *repbuf; - size_t replen, len; - enum nss_status nret; - int ret; - - rd.len = strlen(name) + 1; - rd.data = name; - - nret = sss_nss_make_request(SSS_NSS_GETGRNAM, &rd, - &repbuf, &replen, errnop); - if (nret != NSS_STATUS_SUCCESS) { - return nret; - } - - grrep.result = result; - grrep.buffer = buffer; - grrep.buflen = buflen; - - /* no results if not found */ - if (((uint32_t *)repbuf)[0] == 0) { - free(repbuf); - return NSS_STATUS_NOTFOUND; - } - - /* only 1 result is accepted for this function */ - if (((uint32_t *)repbuf)[0] != 1) { - *errnop = EBADMSG; - return NSS_STATUS_TRYAGAIN; - } - - len = replen - 8; - ret = sss_nss_getgr_readrep(&grrep, repbuf+8, &len); - free(repbuf); - if (ret) { - *errnop = ret; - return NSS_STATUS_TRYAGAIN; - } - - return NSS_STATUS_SUCCESS; -} - -enum nss_status _nss_sss_getgrgid_r(gid_t gid, struct group *result, - char *buffer, size_t buflen, int *errnop) -{ - struct sss_cli_req_data rd; - struct sss_nss_gr_rep grrep; - uint8_t *repbuf; - size_t replen, len; - enum nss_status nret; - uint32_t group_gid; - int ret; - - group_gid = gid; - rd.len = sizeof(uint32_t); - rd.data = &group_gid; - - nret = sss_nss_make_request(SSS_NSS_GETGRGID, &rd, - &repbuf, &replen, errnop); - if (nret != NSS_STATUS_SUCCESS) { - return nret; - } - - grrep.result = result; - grrep.buffer = buffer; - grrep.buflen = buflen; - - /* no results if not found */ - if (((uint32_t *)repbuf)[0] == 0) { - free(repbuf); - return NSS_STATUS_NOTFOUND; - } - - /* only 1 result is accepted for this function */ - if (((uint32_t *)repbuf)[0] != 1) { - *errnop = EBADMSG; - return NSS_STATUS_TRYAGAIN; - } - - len = replen - 8; - ret = sss_nss_getgr_readrep(&grrep, repbuf+8, &len); - free(repbuf); - if (ret) { - *errnop = ret; - return NSS_STATUS_TRYAGAIN; - } - - return NSS_STATUS_SUCCESS; -} - -enum nss_status _nss_sss_setgrent(void) -{ - enum nss_status nret; - int errnop; - - /* make sure we do not have leftovers, and release memory */ - sss_nss_getgrent_data_clean(); - - nret = sss_nss_make_request(SSS_NSS_SETGRENT, - NULL, NULL, NULL, &errnop); - if (nret != NSS_STATUS_SUCCESS) { - errno = errnop; - return nret; - } - - return NSS_STATUS_SUCCESS; -} - -enum nss_status _nss_sss_getgrent_r(struct group *result, - char *buffer, size_t buflen, int *errnop) -{ - struct sss_cli_req_data rd; - struct sss_nss_gr_rep grrep; - uint8_t *repbuf; - size_t replen; - enum nss_status nret; - uint32_t num_entries; - int ret; - - /* if there are leftovers return the next one */ - if (sss_nss_getgrent_data.data != NULL && - sss_nss_getgrent_data.ptr < sss_nss_getgrent_data.len) { - - repbuf = (uint8_t *)sss_nss_getgrent_data.data + - sss_nss_getgrent_data.ptr; - replen = sss_nss_getgrent_data.len - - sss_nss_getgrent_data.ptr; - - grrep.result = result; - grrep.buffer = buffer; - grrep.buflen = buflen; - - ret = sss_nss_getgr_readrep(&grrep, repbuf, &replen); - if (ret) { - *errnop = ret; - return NSS_STATUS_TRYAGAIN; - } - - /* advance buffer pointer */ - sss_nss_getgrent_data.ptr = sss_nss_getgrent_data.len - replen; - - return NSS_STATUS_SUCCESS; - } - - /* release memory if any */ - sss_nss_getgrent_data_clean(); - - /* retrieve no more than SSS_NSS_MAX_ENTRIES at a time */ - num_entries = SSS_NSS_MAX_ENTRIES; - rd.len = sizeof(uint32_t); - rd.data = &num_entries; - - nret = sss_nss_make_request(SSS_NSS_GETGRENT, &rd, - &repbuf, &replen, errnop); - if (nret != NSS_STATUS_SUCCESS) { - return nret; - } - - /* no results if not found */ - if ((((uint32_t *)repbuf)[0] == 0) || (replen - 8 == 0)) { - free(repbuf); - return NSS_STATUS_NOTFOUND; - } - - sss_nss_getgrent_data.data = repbuf; - sss_nss_getgrent_data.len = replen; - sss_nss_getgrent_data.ptr = 8; /* skip metadata fields */ - - /* call again ourselves, this will return the first result */ - return _nss_sss_getgrent_r(result, buffer, buflen, errnop); -} - -enum nss_status _nss_sss_endgrent(void) -{ - enum nss_status nret; - int errnop; - - /* make sure we do not have leftovers, and release memory */ - sss_nss_getgrent_data_clean(); - - nret = sss_nss_make_request(SSS_NSS_ENDGRENT, - NULL, NULL, NULL, &errnop); - if (nret != NSS_STATUS_SUCCESS) { - errno = errnop; - return nret; - } - - return NSS_STATUS_SUCCESS; -} diff --git a/sss_client/install-sh b/sss_client/install-sh deleted file mode 100755 index 5871924..0000000 --- a/sss_client/install-sh +++ /dev/null @@ -1,238 +0,0 @@ -#! /bin/sh -# -# install - install a program, script, or datafile -# This comes from X11R5. -# -# Calling this script install-sh is preferred over install.sh, to prevent -# `make' implicit rules from creating a file called install from it -# when there is no Makefile. -# -# This script is compatible with the BSD install script, but was written -# from scratch. -# - - -# set DOITPROG to echo to test this script - -# Don't use :- since 4.3BSD and earlier shells don't like it. -doit="${DOITPROG-}" - - -# put in absolute paths if you don't have them in your path; or use env. vars. - -mvprog="${MVPROG-mv}" -cpprog="${CPPROG-cp}" -chmodprog="${CHMODPROG-chmod}" -chownprog="${CHOWNPROG-chown}" -chgrpprog="${CHGRPPROG-chgrp}" -stripprog="${STRIPPROG-strip}" -rmprog="${RMPROG-rm}" -mkdirprog="${MKDIRPROG-mkdir}" - -transformbasename="" -transform_arg="" -instcmd="$mvprog" -chmodcmd="$chmodprog 0755" -chowncmd="" -chgrpcmd="" -stripcmd="" -rmcmd="$rmprog -f" -mvcmd="$mvprog" -src="" -dst="" -dir_arg="" - -while [ x"$1" != x ]; do - case $1 in - -c) instcmd="$cpprog" - shift - continue;; - - -d) dir_arg=true - shift - continue;; - - -m) chmodcmd="$chmodprog $2" - shift - shift - continue;; - - -o) chowncmd="$chownprog $2" - shift - shift - continue;; - - -g) chgrpcmd="$chgrpprog $2" - shift - shift - continue;; - - -s) stripcmd="$stripprog" - shift - continue;; - - -t=*) transformarg=`echo $1 | sed 's/-t=//'` - shift - continue;; - - -b=*) transformbasename=`echo $1 | sed 's/-b=//'` - shift - continue;; - - *) if [ x"$src" = x ] - then - src=$1 - else - # this colon is to work around a 386BSD /bin/sh bug - : - dst=$1 - fi - shift - continue;; - esac -done - -if [ x"$src" = x ] -then - echo "install: no input file specified" - exit 1 -else - true -fi - -if [ x"$dir_arg" != x ]; then - dst=$src - src="" - - if [ -d $dst ]; then - instcmd=: - else - instcmd=mkdir - fi -else - -# Waiting for this to be detected by the "$instcmd $src $dsttmp" command -# might cause directories to be created, which would be especially bad -# if $src (and thus $dsttmp) contains '*'. - - if [ -f $src -o -d $src ] - then - true - else - echo "install: $src does not exist" - exit 1 - fi - - if [ x"$dst" = x ] - then - echo "install: no destination specified" - exit 1 - else - true - fi - -# If destination is a directory, append the input filename; if your system -# does not like double slashes in filenames, you may need to add some logic - - if [ -d $dst ] - then - dst="$dst"/`basename $src` - else - true - fi -fi - -## this sed command emulates the dirname command -dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` - -# Make sure that the destination directory exists. -# this part is taken from Noah Friedman's mkinstalldirs script - -# Skip lots of stat calls in the usual case. -if [ ! -d "$dstdir" ]; then -defaultIFS=' -' -IFS="${IFS-${defaultIFS}}" - -oIFS="${IFS}" -# Some sh's can't handle IFS=/ for some reason. -IFS='%' -set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` -IFS="${oIFS}" - -pathcomp='' - -while [ $# -ne 0 ] ; do - pathcomp="${pathcomp}${1}" - shift - - if [ ! -d "${pathcomp}" ] ; - then - $mkdirprog "${pathcomp}" - else - true - fi - - pathcomp="${pathcomp}/" -done -fi - -if [ x"$dir_arg" != x ] -then - $doit $instcmd $dst && - - if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && - if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && - if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && - if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi -else - -# If we're going to rename the final executable, determine the name now. - - if [ x"$transformarg" = x ] - then - dstfile=`basename $dst` - else - dstfile=`basename $dst $transformbasename | - sed $transformarg`$transformbasename - fi - -# don't allow the sed command to completely eliminate the filename - - if [ x"$dstfile" = x ] - then - dstfile=`basename $dst` - else - true - fi - -# Make a temp file name in the proper directory. - - dsttmp=$dstdir/#inst.$$# - -# Move or copy the file name to the temp name - - $doit $instcmd $src $dsttmp && - - trap "rm -f ${dsttmp}" 0 && - -# and set any options; do chmod last to preserve setuid bits - -# If any of these fail, we abort the whole thing. If we want to -# ignore errors from any of these, just make sure not to ignore -# errors from the above "$doit $instcmd $src $dsttmp" command. - - if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && - if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && - if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && - if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && - -# Now rename the file to the real destination. - - $doit $rmcmd -f $dstdir/$dstfile && - $doit $mvcmd $dsttmp $dstdir/$dstfile - -fi && - - -exit 0 diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c deleted file mode 100644 index 6fb7637..0000000 --- a/sss_client/pam_sss.c +++ /dev/null @@ -1,429 +0,0 @@ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD - -#include -#include -#include -#include -#include -#include - -#include "sss_cli.h" - -struct pam_items { - const char* pam_service; - const char* pam_user; - const char* pam_tty; - const char* pam_ruser; - const char* pam_rhost; - const char* pam_authtok; - const char* pam_newauthtok; - const char* pamstack_authtok; - const char* pamstack_oldauthtok; - int pam_service_size; - int pam_user_size; - int pam_tty_size; - int pam_ruser_size; - int pam_rhost_size; - int pam_authtok_type; - int pam_authtok_size; - int pam_newauthtok_type; - int pam_newauthtok_size; -}; - -static int eval_response(pam_handle_t *pamh, int buflen, uint8_t *buf) -{ - int ret; - int p=0; - char *env_item; - int32_t *c; - int32_t *type; - int32_t *len; - int32_t *pam_status; - - pam_status = ((int32_t *)(buf+p)); - p += sizeof(int32_t); - - - c = ((int32_t *)(buf+p)); - p += sizeof(int32_t); - - while(*c>0) { - type = ((int32_t *)(buf+p)); - p += sizeof(int32_t); - len = ((int32_t *)(buf+p)); - p += sizeof(int32_t); - switch(*type) { - case PAM_USER_INFO: - D(("user info: [%s]", &buf[p])); - break; - case PAM_DOMAIN_NAME: - D(("domain name: [%s]", &buf[p])); - break; - case ENV_ITEM: - case PAM_ENV_ITEM: - case ALL_ENV_ITEM: - if (buf[p + (*len -1)] != '\0') { - D(("env item does not end with \\0.\n")); - break; - } - - D(("env item: [%s]", &buf[p])); - if (*type == PAM_ENV_ITEM || *type == ALL_ENV_ITEM) { - ret = pam_putenv(pamh, (char *)&buf[p]); - if (ret != PAM_SUCCESS) { - D(("pam_putenv failed.\n")); - break; - } - } - - if (*type == ENV_ITEM || *type == ALL_ENV_ITEM) { - env_item = strdup((char *)&buf[p]); - if (env_item == NULL) { - D(("strdup failed\n")); - break; - } - ret = putenv(env_item); - if (ret == -1) { - D(("putenv failed.\n")); - break; - } - } - break; - } - p += *len; - - --(*c); - } - - return 0; -} - -static int get_pam_items(pam_handle_t *pamh, struct pam_items *pi) -{ - int ret; - - ret = pam_get_item(pamh, PAM_SERVICE, (const void **) &(pi->pam_service)); - if (ret != PAM_SUCCESS) return ret; - if (pi->pam_service == NULL) pi->pam_service=""; - pi->pam_service_size=strlen(pi->pam_service)+1; - - ret = pam_get_item(pamh, PAM_USER, (const void **) &(pi->pam_user)); - if (ret != PAM_SUCCESS) return ret; - if (pi->pam_user == NULL) pi->pam_user=""; - pi->pam_user_size=strlen(pi->pam_user)+1; - - ret = pam_get_item(pamh, PAM_TTY, (const void **) &(pi->pam_tty)); - if (ret != PAM_SUCCESS) return ret; - if (pi->pam_tty == NULL) pi->pam_tty=""; - pi->pam_tty_size=strlen(pi->pam_tty)+1; - - ret = pam_get_item(pamh, PAM_RUSER, (const void **) &(pi->pam_ruser)); - if (ret != PAM_SUCCESS) return ret; - if (pi->pam_ruser == NULL) pi->pam_ruser=""; - pi->pam_ruser_size=strlen(pi->pam_ruser)+1; - - ret = pam_get_item(pamh, PAM_RHOST, (const void **) &(pi->pam_rhost)); - if (ret != PAM_SUCCESS) return ret; - if (pi->pam_rhost == NULL) pi->pam_rhost=""; - pi->pam_rhost_size=strlen(pi->pam_rhost)+1; - - ret = pam_get_item(pamh, PAM_AUTHTOK, (const void **) &(pi->pamstack_authtok)); - if (ret != PAM_SUCCESS) return ret; - if (pi->pamstack_authtok == NULL) pi->pamstack_authtok=""; - - ret = pam_get_item(pamh, PAM_OLDAUTHTOK, (const void **) &(pi->pamstack_oldauthtok)); - if (ret != PAM_SUCCESS) return ret; - if (pi->pamstack_oldauthtok == NULL) pi->pamstack_oldauthtok=""; - - return PAM_SUCCESS; -} - -static void print_pam_items(struct pam_items pi) -{ - D(("Service: %s", *pi.pam_service!='\0' ? pi.pam_service : "(not available)")); - D(("User: %s", *pi.pam_user!='\0' ? pi.pam_user : "(not available)")); - D(("Tty: %s", *pi.pam_tty!='\0' ? pi.pam_tty : "(not available)")); - D(("Ruser: %s", *pi.pam_ruser!='\0' ? pi.pam_ruser : "(not available)")); - D(("Rhost: %s", *pi.pam_rhost!='\0' ? pi.pam_rhost : "(not available)")); - D(("Authtok: %s", *pi.pamstack_authtok!='\0' ? pi.pamstack_authtok : "(not available)")); - D(("Oldauthtok: %s", *pi.pamstack_oldauthtok!='\0' ? pi.pamstack_oldauthtok : "(not available)")); -} - -static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc, - const char **argv) -{ - int ret; - int errnop; - int c; - struct pam_items pi; - struct sss_cli_req_data rd; - uint8_t *repbuf=NULL; - size_t replen; - size_t rp; - char *buf=NULL; - struct pam_conv *conv; - struct pam_message *mesg[1]; - struct pam_response *resp=NULL; - int pam_status; - char *newpwd[2]; - - D(("Hello pam_sssd: %d", task)); - -/* TODO: add useful prelim check */ - if (task == SSS_PAM_CHAUTHTOK && (flags & PAM_PRELIM_CHECK)) { - D(("ignoring PAM_PRELIM_CHECK")); - return PAM_SUCCESS; - } - - ret = get_pam_items(pamh, &pi); - if (ret != PAM_SUCCESS) { - D(("get items returned error: %s", pam_strerror(pamh,ret))); - return ret; - } - - pi.pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY; - pi.pam_authtok = NULL; - pi.pam_authtok_size = 0; - pi.pam_newauthtok_type = SSS_AUTHTOK_TYPE_EMPTY; - pi.pam_newauthtok = NULL; - pi.pam_newauthtok_size = 0; -/* according to pam_conv(3) only one message should be requested by conv to - * keep compatibility to Solaris. Therefore we make separate calls to request - * AUTHTOK and OLDAUTHTOK. */ - if ( task == SSS_PAM_AUTHENTICATE || - (task == SSS_PAM_CHAUTHTOK && getuid() != 0)) { - ret=pam_get_item(pamh, PAM_CONV, (const void **) &conv); - if (ret != PAM_SUCCESS) return ret; - - mesg[0] = malloc(sizeof(struct pam_message)); - if (mesg[0] == NULL) { - D(("Malloc failed.\n")); - return PAM_SYSTEM_ERR; - } - mesg[0]->msg_style = PAM_PROMPT_ECHO_OFF; - mesg[0]->msg = strdup("Password: "); - - ret=conv->conv(1, (const struct pam_message **) mesg, &resp, - conv->appdata_ptr); - free((void *)mesg[0]->msg); - free(mesg[0]); - if (ret != PAM_SUCCESS) { - D(("Conversation failure: %s.\n", pam_strerror(pamh,ret))); - pam_status = ret; - goto done; - } - - if (resp[0].resp == NULL) { - D(("Empty password\n")); - pi.pam_authtok = NULL; - pi.pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY; - } else { - pi.pam_authtok = strdup(resp[0].resp); - pi.pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD; - } - pi.pam_authtok_size=strlen(pi.pam_authtok); - } - - if (task == SSS_PAM_CHAUTHTOK) { - ret=pam_get_item(pamh, PAM_CONV, (const void **) &conv); - if (ret != PAM_SUCCESS) return ret; - - mesg[0] = malloc(sizeof(struct pam_message)); - if (mesg[0] == NULL) { - D(("Malloc failed.\n")); - return PAM_SYSTEM_ERR; - } - mesg[0]->msg_style = PAM_PROMPT_ECHO_OFF; - mesg[0]->msg = strdup("New Password: "); - - c = 0; - do { - ret=conv->conv(1, (const struct pam_message **) mesg, &resp, - conv->appdata_ptr); - free((void *)mesg[0]->msg); - if (ret != PAM_SUCCESS) { - D(("Conversation failure: %s.\n", pam_strerror(pamh,ret))); - pam_status = ret; - goto done; - } - - newpwd[c++] = strdup(resp[0].resp); - _pam_overwrite((void *)resp[0].resp); - free(resp[0].resp); - free(resp); - resp = NULL; - - mesg[0]->msg = strdup("Reenter new password: "); - } while(c < 2); - free(mesg[0]); - - if (strcmp(newpwd[0],newpwd[1]) != 0) { - pam_status = PAM_AUTHTOK_ERR; - goto done; - } - - if (newpwd[0] == NULL) { - D(("Empty password\n")); - pi.pam_newauthtok = NULL; - pi.pam_newauthtok_type = SSS_AUTHTOK_TYPE_EMPTY; - } else { - pi.pam_newauthtok = strdup(newpwd[0]); - pi.pam_newauthtok_type = SSS_AUTHTOK_TYPE_PASSWORD; - } - pi.pam_newauthtok_size=strlen(pi.pam_newauthtok); - - _pam_overwrite((void *)newpwd[0]); - free(newpwd[0]); - _pam_overwrite((void *)newpwd[1]); - free(newpwd[1]); - } - - print_pam_items(pi); - - if (pi.pam_user) { - rd.len = pi.pam_user_size + - pi.pam_service_size + - pi.pam_tty_size + - pi.pam_ruser_size + - pi.pam_rhost_size + - 2*sizeof(uint32_t) + pi.pam_authtok_size + - 2*sizeof(uint32_t) + pi.pam_newauthtok_size + - sizeof(uint32_t); - buf = malloc(rd.len); - - memcpy(buf, pi.pam_user, pi.pam_user_size); - rp = pi.pam_user_size; - - memcpy(&buf[rp], pi.pam_service, pi.pam_service_size); - rp += pi.pam_service_size; - - memcpy(&buf[rp], pi.pam_tty, pi.pam_tty_size); - rp += pi.pam_tty_size; - - memcpy(&buf[rp], pi.pam_ruser, pi.pam_ruser_size); - rp += pi.pam_ruser_size; - - memcpy(&buf[rp], pi.pam_rhost, pi.pam_rhost_size); - rp += pi.pam_rhost_size; - - ((uint32_t *)(&buf[rp]))[0] = pi.pam_authtok_type; - rp += sizeof(uint32_t); - ((uint32_t *)(&buf[rp]))[0] = pi.pam_authtok_size; - rp += sizeof(uint32_t); - memcpy(&buf[rp], pi.pam_authtok, pi.pam_authtok_size); - rp += pi.pam_authtok_size; - _pam_overwrite((void *)pi.pam_authtok); - free((void *)pi.pam_authtok); - - ((uint32_t *)(&buf[rp]))[0] = pi.pam_newauthtok_type; - rp += sizeof(uint32_t); - ((uint32_t *)(&buf[rp]))[0] = pi.pam_newauthtok_size; - rp += sizeof(uint32_t); - memcpy(&buf[rp], pi.pam_newauthtok, pi.pam_newauthtok_size); - rp += pi.pam_newauthtok_size; - _pam_overwrite((void *)pi.pam_newauthtok); - free((void *)pi.pam_newauthtok); - - ((uint32_t *)(&buf[rp]))[0] = END_OF_PAM_REQUEST; - rp += sizeof(uint32_t); - - if (rp != rd.len) { - D(("error during packet creation.")); - pam_status = PAM_ABORT; - goto done; - } - rd.data = buf; - - ret = sss_pam_make_request(task, &rd, &repbuf, &replen, &errnop); - - if (ret != NSS_STATUS_SUCCESS) { - D(("sss_pam_make_request failed.")); - pam_status = ret; - goto done; - } - -/* FIXME: add an end signature */ - if (replen -#endif - -#include -#include - -#include -#include - -static struct pam_conv conv = { - misc_conv, - NULL -}; - -int main(int argc, char *argv[]) { - - pam_handle_t *pamh; - char *user; - char *action; - int ret; - - if (argc == 1) { - fprintf(stderr, "missing action and user name, using default\n"); - action = strdup("auth"); - user = strdup("dummy"); - } else if (argc == 2) { - fprintf(stdout, "using first argument as action and default user name\n"); - action = strdup(argv[1]); - user = strdup("dummy"); - } else { - action = strdup(argv[1]); - user = strdup(argv[2]); - } - - fprintf(stdout, "action: %s\nuser: %s\n", action,user); - - ret = pam_start("sss_test", user, &conv, &pamh); - if (ret != PAM_SUCCESS) { - fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, ret)); - return 1; - } - - if ( strncmp(action, "auth", 4)== 0 ) { - fprintf(stdout, "testing pam_authenticate\n"); - ret = pam_authenticate(pamh, 0); - fprintf(stderr, "pam_authenticate: %s\n", pam_strerror(pamh, ret)); - } else if ( strncmp(action, "chau", 4)== 0 ) { - fprintf(stdout, "testing pam_chauthtok\n"); - ret = pam_chauthtok(pamh, 0); - fprintf(stderr, "pam_chauthtok: %s\n", pam_strerror(pamh, ret)); - } else if ( strncmp(action, "acct", 4)== 0 ) { - fprintf(stdout, "testing pam_acct_mgmt\n"); - ret = pam_acct_mgmt(pamh, 0); - fprintf(stderr, "pam_acct_mgmt: %s\n", pam_strerror(pamh, ret)); - } else if ( strncmp(action, "setc", 4)== 0 ) { - fprintf(stdout, "testing pam_setcred\n"); - ret = pam_setcred(pamh, 0); - fprintf(stderr, "pam_setcred: %d[%s]\n", ret, pam_strerror(pamh, ret)); - } else if ( strncmp(action, "open", 4)== 0 ) { - fprintf(stdout, "testing pam_open_session\n"); - ret = pam_open_session(pamh, 0); - fprintf(stderr, "pam_open_session: %s\n", pam_strerror(pamh, ret)); - } else if ( strncmp(action, "clos", 4)== 0 ) { - fprintf(stdout, "testing pam_close_session\n"); - ret = pam_close_session(pamh, 0); - fprintf(stderr, "pam_close_session: %s\n", pam_strerror(pamh, ret)); - } else { - fprintf(stderr, "unknown action\n"); - } - - pam_end(pamh, ret); - - return 0; -} diff --git a/sss_client/passwd.c b/sss_client/passwd.c deleted file mode 100644 index a2ffcad..0000000 --- a/sss_client/passwd.c +++ /dev/null @@ -1,346 +0,0 @@ -/* - * System Security Services Daemon. NSS client interface - * - * Copyright (C) Simo Sorce 2007 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -/* PASSWD database NSS interface */ - -#include -#include -#include -#include -#include -#include -#include -#include "sss_cli.h" - -static struct sss_nss_getpwent_data { - size_t len; - size_t ptr; - uint8_t *data; -} sss_nss_getpwent_data; - -static void sss_nss_getpwent_data_clean(void) { - - if (sss_nss_getpwent_data.data != NULL) { - free(sss_nss_getpwent_data.data); - sss_nss_getpwent_data.data = NULL; - } - sss_nss_getpwent_data.len = 0; - sss_nss_getpwent_data.ptr = 0; -} - -/* GETPWNAM Request: - * - * 0-X: string with name - * - * GERTPWUID Request: - * - * 0-3: 32bit number with uid - * - * Replies: - * - * 0-3: 32bit unsigned number of results - * 4-7: 32bit unsigned (reserved/padding) - * For each result: - * 0-3: 32bit number uid - * 4-7: 32bit number gid - * 8-X: sequence of 5, 0 terminated, strings (name, passwd, gecos, dir, shell) - */ - -struct sss_nss_pw_rep { - struct passwd *result; - char *buffer; - size_t buflen; -}; - -static int sss_nss_getpw_readrep(struct sss_nss_pw_rep *pr, - uint8_t *buf, size_t *len) -{ - size_t i, slen; - char *sbuf; - int err; - - if (*len < 13) { /* not enough space for data, bad packet */ - return EBADMSG; - } - - pr->result->pw_uid = ((uint32_t *)buf)[0]; - pr->result->pw_gid = ((uint32_t *)buf)[1]; - - sbuf = (char *)&buf[8]; - if (*len < pr->buflen) { - slen = *len; - err = EBADMSG; - } else { - slen = pr->buflen; - err = ENOMEM; - } - - pr->result->pw_name = &(pr->buffer[0]); - i = 0; - while (i < slen) { - pr->buffer[i] = sbuf[i]; - if (pr->buffer[i] == '\0') break; - i++; - } - if (i == slen) { /* premature end of buf */ - return err; - } - - i++; - pr->result->pw_passwd = &(pr->buffer[i]); - while (i < slen) { - pr->buffer[i] = sbuf[i]; - if (pr->buffer[i] == '\0') break; - i++; - } - if (i == slen) { /* premature end of buf */ - return err; - } - - i++; - pr->result->pw_gecos = &(pr->buffer[i]); - while (i < slen) { - pr->buffer[i] = sbuf[i]; - if (pr->buffer[i] == '\0') break; - i++; - } - if (i == slen) { /* premature end of buf */ - return err; - } - - i++; - pr->result->pw_dir = &(pr->buffer[i]); - while (i < slen) { - pr->buffer[i] = sbuf[i]; - if (pr->buffer[i] == '\0') break; - i++; - } - if (i == slen) { /* premature end of buf */ - return err; - } - - i++; - pr->result->pw_shell = &(pr->buffer[i]); - while (i < slen) { - pr->buffer[i] = sbuf[i]; - if (pr->buffer[i] == '\0') break; - i++; - } - if (pr->buffer[i] != '\0') { /* premature end of buf */ - return err; - } - - *len = *len -8 -i -1; - - return 0; -} - -enum nss_status _nss_sss_getpwnam_r(const char *name, struct passwd *result, - char *buffer, size_t buflen, int *errnop) -{ - struct sss_cli_req_data rd; - struct sss_nss_pw_rep pwrep; - uint8_t *repbuf; - size_t replen, len; - enum nss_status nret; - int ret; - - rd.len = strlen(name) + 1; - rd.data = name; - - nret = sss_nss_make_request(SSS_NSS_GETPWNAM, &rd, - &repbuf, &replen, errnop); - if (nret != NSS_STATUS_SUCCESS) { - return nret; - } - - pwrep.result = result; - pwrep.buffer = buffer; - pwrep.buflen = buflen; - - /* no results if not found */ - if (((uint32_t *)repbuf)[0] == 0) { - free(repbuf); - return NSS_STATUS_NOTFOUND; - } - - /* only 1 result is accepted for this function */ - if (((uint32_t *)repbuf)[0] != 1) { - *errnop = EBADMSG; - return NSS_STATUS_TRYAGAIN; - } - - len = replen - 8; - ret = sss_nss_getpw_readrep(&pwrep, repbuf+8, &len); - free(repbuf); - if (ret) { - *errnop = ret; - return NSS_STATUS_TRYAGAIN; - } - - return NSS_STATUS_SUCCESS; -} - -enum nss_status _nss_sss_getpwuid_r(uid_t uid, struct passwd *result, - char *buffer, size_t buflen, int *errnop) -{ - struct sss_cli_req_data rd; - struct sss_nss_pw_rep pwrep; - uint8_t *repbuf; - size_t replen, len; - enum nss_status nret; - uint32_t user_uid; - int ret; - - user_uid = uid; - rd.len = sizeof(uint32_t); - rd.data = &user_uid; - - nret = sss_nss_make_request(SSS_NSS_GETPWUID, &rd, - &repbuf, &replen, errnop); - if (nret != NSS_STATUS_SUCCESS) { - return nret; - } - - pwrep.result = result; - pwrep.buffer = buffer; - pwrep.buflen = buflen; - - /* no results if not found */ - if (((uint32_t *)repbuf)[0] == 0) { - free(repbuf); - return NSS_STATUS_NOTFOUND; - } - - /* only 1 result is accepted for this function */ - if (((uint32_t *)repbuf)[0] != 1) { - *errnop = EBADMSG; - return NSS_STATUS_TRYAGAIN; - } - - len = replen - 8; - ret = sss_nss_getpw_readrep(&pwrep, repbuf+8, &len); - free(repbuf); - if (ret) { - *errnop = ret; - return NSS_STATUS_TRYAGAIN; - } - - return NSS_STATUS_SUCCESS; -} - -enum nss_status _nss_sss_setpwent(void) -{ - enum nss_status nret; - int errnop; - - /* make sure we do not have leftovers, and release memory */ - sss_nss_getpwent_data_clean(); - - nret = sss_nss_make_request(SSS_NSS_SETPWENT, - NULL, NULL, NULL, &errnop); - if (nret != NSS_STATUS_SUCCESS) { - errno = errnop; - return nret; - } - - return NSS_STATUS_SUCCESS; -} - -enum nss_status _nss_sss_getpwent_r(struct passwd *result, - char *buffer, size_t buflen, - int *errnop) -{ - struct sss_cli_req_data rd; - struct sss_nss_pw_rep pwrep; - uint8_t *repbuf; - size_t replen; - enum nss_status nret; - uint32_t num_entries; - int ret; - - /* if there are leftovers return the next one */ - if (sss_nss_getpwent_data.data != NULL && - sss_nss_getpwent_data.ptr < sss_nss_getpwent_data.len) { - - repbuf = sss_nss_getpwent_data.data + sss_nss_getpwent_data.ptr; - replen = sss_nss_getpwent_data.len - sss_nss_getpwent_data.ptr; - - pwrep.result = result; - pwrep.buffer = buffer; - pwrep.buflen = buflen; - - ret = sss_nss_getpw_readrep(&pwrep, repbuf, &replen); - if (ret) { - *errnop = ret; - return NSS_STATUS_TRYAGAIN; - } - - /* advance buffer pointer */ - sss_nss_getpwent_data.ptr = sss_nss_getpwent_data.len - replen; - - return NSS_STATUS_SUCCESS; - } - - /* release memory if any */ - sss_nss_getpwent_data_clean(); - - /* retrieve no more than SSS_NSS_MAX_ENTRIES at a time */ - num_entries = SSS_NSS_MAX_ENTRIES; - rd.len = sizeof(uint32_t); - rd.data = &num_entries; - - nret = sss_nss_make_request(SSS_NSS_GETPWENT, &rd, - &repbuf, &replen, errnop); - if (nret != NSS_STATUS_SUCCESS) { - return nret; - } - - /* no results if not found */ - if ((((uint32_t *)repbuf)[0] == 0) || (replen - 8 == 0)) { - free(repbuf); - return NSS_STATUS_NOTFOUND; - } - - sss_nss_getpwent_data.data = repbuf; - sss_nss_getpwent_data.len = replen; - sss_nss_getpwent_data.ptr = 8; /* skip metadata fields */ - - /* call again ourselves, this will return the first result */ - return _nss_sss_getpwent_r(result, buffer, buflen, errnop); -} - -enum nss_status _nss_sss_endpwent(void) -{ - enum nss_status nret; - int errnop; - - /* make sure we do not have leftovers, and release memory */ - sss_nss_getpwent_data_clean(); - - nret = sss_nss_make_request(SSS_NSS_ENDPWENT, - NULL, NULL, NULL, &errnop); - if (nret != NSS_STATUS_SUCCESS) { - errno = errnop; - return nret; - } - - return NSS_STATUS_SUCCESS; -} diff --git a/sss_client/protos.h b/sss_client/protos.h deleted file mode 100644 index adb0b7b..0000000 --- a/sss_client/protos.h +++ /dev/null @@ -1,137 +0,0 @@ -/* - * System Security Services Daemon. NSS Interface - * - * Copyright (C) Simo Sorce 2007 - * - * You can used this header file in any way you see fit provided copyright - * notices are preserved. - * - */ - -#if 0 -/* SHADOW database NSS interface */ -enum nss_status _nss_sss_getspnam_r(const char *name, struct spwd *result, - char *buffer, size_t buflen, int *errnop); -enum nss_status _nss_sss_setspent(void); -enum nss_status _nss_sss_getspent_r(struct spwd *result, - char *buffer, size_t buflen, int *errnop); -enum nss_status _nss_sss_endspent(void); - - -/* HOSTS database NSS interface */ -enum nss_status _nss_sss_gethostbyname_r(const char *name, - struct hostent *result, - char *buffer, size_t buflen, - int *errnop, int *h_errnop); -enum nss_status _nss_sss_gethostbyname2_r(const char *name, int af, - struct hostent *result, - char *buffer, size_t buflen, - int *errnop, int *h_errnop); -enum nss_status _nss_sss_gethostbyaddr_r(const void *addr, socklen_t len, - int af, struct hostent *result, - char *buffer, size_t buflen, - int *errnop, int *h_errnop); -enum nss_status _nss_sss_sethostent(void); -enum nss_status _nss_sss_gethostent_r(struct hostent *result, - char *buffer, size_t buflen, - int *errnop, int *h_errnop); -enum nss_status _nss_sss_endhostent(void); - -/* NETGROUP database NSS interface */ -enum nss_status _nss_sss_setnetgrent(const char *netgroup, - struct __netgrent *result); -enum nss_status _nss_sss_getnetgrent_r(struct __netgrent *result, - char *buffer, size_t buflen, - int *errnop); -enum nss_status _nss_ldap_endnetgrent(void); -/* too bad innetgr is currently implemented as an iteration over - * {set|get|end}netgroup ... */ - -/* NETWORKS database NSS interface */ -enum nss_status _nss_sss_getnetbyname_r(const char *name, - struct netent *result, - char *buffer, size_t buflen, - int *errnop, int *h_errnop); -enum nss_status _nss_sss_getnetbyaddr_r(uint32_t addr, int af, - struct netent *result, - char *buffer, size_t buflen, - int *errnop, int *h_errnop); -enum nss_status _nss_sss_setnetent(void); -enum nss_status _nss_sss_getnetent_r(struct netent *result, - char *buffer, size_t buflen, - int *errnop, int *h_errnop); -enum nss_status _nss_sss_endnetent(void); - - -/* PROTOCOLS database NSS interface */ -enum nss_status _nss_sss_getprotobyname_r(const char *name, - struct protoent *result, - char *buffer, size_t buflen, - int *errnop); -enum nss_status _nss_sss_getprotobynumber_r(int number, - struct protoent *result, - char *buffer, size_t buflen, - int *errnop); -enum nss_status _nss_sss_setprotoent(void); -enum nss_status _nss_sss_getprotoent_r(struct protoent *result, - char *buffer, size_t buflen, - int *errnop); -enum nss_status _nss_sss_endprotoent(void); - -/* SERVICES database NSS interface */ -enum nss_status _nss_sss_getservbyname_r(const char *name, - const char *protocol, - struct servent *result, - char *buffer, size_t buflen, - int *errnop); -enum nss_status _nss_sss_getservbyport_r(int port, const char *protocol, - struct servent *result, - char *buffer, size_t buflen, - int *errnop); -enum nss_status _nss_sss_setservent(void); -enum nss_status _nss_sss_getservent_r(struct servent *result, - char *buffer, size_t buflen, - int *errnop); -enum nss_status _nss_sss_endservent(void); - -/* ALIASES database NSS interface */ -enum nss_status _nss_sss_getaliasbyname_r(const char *name, - struct aliasent *result, - char *buffer, size_t buflen, - int *errnop); -enum nss_status _nss_sss_setaliasent(void); -enum nss_status _nss_sss_getaliasent_r(struct aliasent *result, - char *buffer, size_t buflen, - int *errnop); -enum nss_status _nss_sss_endaliasent(void); - -/* ETHERS database NSS interface */ -enum nss_status _nss_sss_gethostton_r(const char *name, - struct etherent *result, - char *buffer, size_t buflen, - int *errnop); -enum nss_status _nss_sss_getntohost_r(const struct ether_addr *addr, - struct etherent *result, - char *buffer, size_t buflen, - int *errnop); -enum nss_status _nss_sss_setetherent(void); -enum nss_status _nss_sss_getetherent_r(struct etherent *result, - char *buffer, size_t buflen, - int *errnop); -enum nss_status _nss_sss_endetherent(void); - -/* RPC database NSS interface */ -enum nss_status _nss_sss_getrpcbyname_r(const char *name, - struct rpcent *result, - char *buffer, size_t buflen, - int *errnop); -enum nss_status _nss_sss_getrpcbynumber_r(int number, struct rpcent *result, - char *buffer, size_t buflen, - int *errnop); -enum nss_status _nss_sss_setrpcent(void); -enum nss_status _nss_sss_getrpcent_r(struct rpcent *result, - char *buffer, size_t buflen, - int *errnop); -enum nss_status _nss_sss_endrpcent(void); - -#endif diff --git a/sss_client/sss_cli.h b/sss_client/sss_cli.h deleted file mode 100644 index 17749af..0000000 --- a/sss_client/sss_cli.h +++ /dev/null @@ -1,198 +0,0 @@ -/* - * System Security Services Daemon. Client Interface for NSS and PAM. - * - * Copyright (C) Simo Sorce 2007 - * - * You can used this header file in any way you see fit provided copyright - * notices are preserved. - * - */ - -#ifndef _SSSCLI_H -#define _SSSCLI_H - -#include -#include -#include - -/* SELinux will have a better way to regulate access if they are seprate - * Also a change in one of the pipes will not affect the others */ -#define SSS_NSS_SOCKET_NAME "/var/lib/sss/pipes/nss" -#define SSS_PAM_SOCKET_NAME "/var/lib/sss/pipes/pam" -#define SSS_PAM_PRIV_SOCKET_NAME "/var/lib/sss/pipes/private/pam" - -#define SSS_PROTOCOL_VERSION 1 - -enum sss_cli_command { -/* null */ - SSS_CLI_NULL = 0x0000, - -/* version */ - SSS_GET_VERSION = 0x0001, - -/* passwd */ - - SSS_NSS_GETPWNAM = 0x0011, - SSS_NSS_GETPWUID = 0x0012, - SSS_NSS_SETPWENT = 0x0013, - SSS_NSS_GETPWENT = 0x0014, - SSS_NSS_ENDPWENT = 0x0015, - -/* group */ - - SSS_NSS_GETGRNAM = 0x0021, - SSS_NSS_GETGRGID = 0x0022, - SSS_NSS_SETGRENT = 0x0023, - SSS_NSS_GETGRENT = 0x0024, - SSS_NSS_ENDGRENT = 0x0025, - SSS_NSS_INITGR = 0x0026, - -#if 0 -/* aliases */ - - SSS_NSS_GETALIASBYNAME = 0x0031, - SSS_NSS_GETALIASBYPORT = 0x0032, - SSS_NSS_SETALIASENT = 0x0033, - SSS_NSS_GETALIASENT = 0x0034, - SSS_NSS_ENDALIASENT = 0x0035, - -/* ethers */ - - SSS_NSS_GETHOSTTON = 0x0041, - SSS_NSS_GETNTOHOST = 0x0042, - SSS_NSS_SETETHERENT = 0x0043, - SSS_NSS_GETETHERENT = 0x0044, - SSS_NSS_ENDETHERENT = 0x0045, - -/* hosts */ - - SSS_NSS_GETHOSTBYNAME = 0x0051, - SSS_NSS_GETHOSTBYNAME2 = 0x0052, - SSS_NSS_GETHOSTBYADDR = 0x0053, - SSS_NSS_SETHOSTENT = 0x0054, - SSS_NSS_GETHOSTENT = 0x0055, - SSS_NSS_ENDHOSTENT = 0x0056, - -/* netgroup */ - - SSS_NSS_SETNETGRENT = 0x0061, - SSS_NSS_GETNETGRENT = 0x0062, - SSS_NSS_ENDNETGRENT = 0x0063, - /* SSS_NSS_INNETGR = 0x0064, */ - -/* networks */ - - SSS_NSS_GETNETBYNAME = 0x0071, - SSS_NSS_GETNETBYADDR = 0x0072, - SSS_NSS_SETNETENT = 0x0073, - SSS_NSS_GETNETENT = 0x0074, - SSS_NSS_ENDNETENT = 0x0075, - -/* protocols */ - - SSS_NSS_GETPROTOBYNAME = 0x0081, - SSS_NSS_GETPROTOBYNUM = 0x0082, - SSS_NSS_SETPROTOENT = 0x0083, - SSS_NSS_GETPROTOENT = 0x0084, - SSS_NSS_ENDPROTOENT = 0x0085, - -/* rpc */ - - SSS_NSS_GETRPCBYNAME = 0x0091, - SSS_NSS_GETRPCBYNUM = 0x0092, - SSS_NSS_SETRPCENT = 0x0093, - SSS_NSS_GETRPCENT = 0x0094, - SSS_NSS_ENDRPCENT = 0x0095, - -/* services */ - - SSS_NSS_GETSERVBYNAME = 0x00A1, - SSS_NSS_GETSERVBYPORT = 0x00A2, - SSS_NSS_SETSERVENT = 0x00A3, - SSS_NSS_GETSERVENT = 0x00A4, - SSS_NSS_ENDSERVENT = 0x00A5, - -/* shadow */ - - SSS_NSS_GETSPNAM = 0x00B1, - SSS_NSS_GETSPUID = 0x00B2, - SSS_NSS_SETSPENT = 0x00B3, - SSS_NSS_GETSPENT = 0x00B4, - SSS_NSS_ENDSPENT = 0x00B5, -#endif - -/* PAM related calls */ - SSS_PAM_AUTHENTICATE = 0x00F1, - SSS_PAM_SETCRED = 0x00F2, - SSS_PAM_ACCT_MGMT = 0x00F3, - SSS_PAM_OPEN_SESSION = 0x00F4, - SSS_PAM_CLOSE_SESSION = 0x00F5, - SSS_PAM_CHAUTHTOK = 0x00F6, - SSS_PAM_CHAUTHTOK_PRELIM = 0x00F6, - -}; - -enum sss_authtok_type { - SSS_AUTHTOK_TYPE_EMPTY = 0x0000, - SSS_AUTHTOK_TYPE_PASSWORD = 0x0001, -}; - -#define END_OF_PAM_REQUEST 0x4950414d - -#define SSS_NSS_MAX_ENTRIES 256 -#define SSS_NSS_HEADER_SIZE (sizeof(uint32_t) * 4) -struct sss_cli_req_data { - size_t len; - const void *data; -}; - -/* this is in milliseconds, wait up to 300 seconds */ -#define SSS_CLI_SOCKET_TIMEOUT 300000 - -enum sss_status { - SSS_STATUS_UNAVAIL, - SSS_STATUS_SUCCESS -}; - -enum response_type { - PAM_USER_INFO = 0x01, - PAM_DOMAIN_NAME, - PAM_ENV_ITEM, /* only pam environment */ - ENV_ITEM, /* only user environment */ - ALL_ENV_ITEM, /* pam and user environment */ -}; - -enum nss_status sss_nss_make_request(enum sss_cli_command cmd, - struct sss_cli_req_data *rd, - uint8_t **repbuf, size_t *replen, - int *errnop); - -int sss_pam_make_request(enum sss_cli_command cmd, - struct sss_cli_req_data *rd, - uint8_t **repbuf, size_t *replen, - int *errnop); - -#endif /* _SSSCLI_H */ - -#if 0 - -/* GETSPNAM Request: - * - * 0-X: string with name - * - * Replies: - * - * 0-3: 32bit unsigned number of results - * 4-7: 32bit unsigned (reserved/padding) - * For each result: - * 0-7: 64bit unsigned with Date of last change - * 8-15: 64bit unsigned with Min #days between changes - * 16-23: 64bit unsigned with Max #days between changes - * 24-31: 64bit unsigned with #days before pwd expires - * 32-39: 64bit unsigned with #days after pwd expires until account is disabled - * 40-47: 64bit unsigned with expiration date in days since 1970-01-01 - * 48-55: 64bit unsigned (flags/reserved) - * 56-X: sequence of 2, 0 terminated, strings (name, pwd) 64bit padded - */ -#endif - diff --git a/sss_client/sss_errno.h b/sss_client/sss_errno.h deleted file mode 100644 index 365263f..0000000 --- a/sss_client/sss_errno.h +++ /dev/null @@ -1,18 +0,0 @@ -/* - * System Security Services Daemon. NSS Interface - * - * Copyright (C) Simo Sorce 2007 - * - * You can used this header file in any way you see fit provided copyright - * notices are preserved. - * - */ - -#ifndef _SSSERR_H -#define _SSSERR_H - -#define SSSE_OK 0 -#define SSSE_INTERR -10 /* internal error */ -#define SSSE_BADDB -11 /* bad database */ - -#endif diff --git a/sssd.spec b/sssd.spec index e052966..fc9d038 100644 --- a/sssd.spec +++ b/sssd.spec @@ -55,16 +55,11 @@ pushd server --without-policykit \ --with-infopipe \ --with-init-dir=%{_initrddir} \ + --with-client-libdir=/%{_lib} make %{?_smp_mflags} popd -pushd sss_client -./autogen.sh -%configure --libdir=/%{_lib} -make %{?_smp_mflags} -popd - %install rm -rf $RPM_BUILD_ROOT @@ -73,10 +68,6 @@ pushd server make install DESTDIR=$RPM_BUILD_ROOT popd -pushd sss_client -make install DESTDIR=$RPM_BUILD_ROOT -popd - %clean rm -rf $RPM_BUILD_ROOT -- 1.6.0.6