diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-12-16 14:58:07 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-12-16 14:58:07 +0200 |
commit | 6bb908898b833ec69c66e918de732af5bad68934 (patch) | |
tree | dd715a052f67849d38aedaa25eafa93241e938df /configure.ac | |
parent | 9cb7455b12462a3679ed5208540793d802570481 (diff) | |
download | pies-6bb908898b833ec69c66e918de732af5bad68934.tar.gz pies-6bb908898b833ec69c66e918de732af5bad68934.tar.bz2 |
Implement authentication on control socket.
* Makefile.am (SUBDIRS): Add src.
* configure.ac: Check for crypt.h and PAM
Build ident/Makefile
* grecs: Update.
* ident/Makefile.am: New file.
* ident/ident.c: New file.
* ident/ident.h: New file.
* ident/identity.h: New file.
* ident/pam.c: New file.
* ident/provider.c: New file.
* ident/system.c: New file.
* lib/Makefile.am: Add arraymember.c
* lib/arraymember.c: New file.
* lib/libpies.h (is_array_member): New proto.
* src/Makefile.am (LDADD): Add libident.a and @PAM_LIBS@
* src/acl.c (acl_entry): Remove groups. Add new members:
names and name_match.
(pies_acl_create): Deep copy the locus.
Set free_entry function for the list.
(pies_acl_free): Free locus.
(_parse_from): Set free_entry function for the list.
(_parse_group): Parse the "user" construct.
(parse_acl_line): Deep copy the locus.
Allow for null value.
(acl_keywords): Update docstrings.
(_acl_check): Rewrite identity checks.
* src/acl.h (acl_input)<user,groups>: Remove.
<identity>: New member.
(pies_acl_free): New proto.
* src/ctl.c (identity): New global.
(cmdtab): New command: auth
(ctlio) <addr,addrlen>: New members.
(ctlio_create): Start from authenticated state
only if no identity_providers are configured.
(cmd_auth): New function.
(cmd_help): Print only commands that are available
in the current state.
(ctl_accept): Initialize io->addr and io->addrlen.
* src/inetd-bi.c: Change call to check_acl
* src/pies.c: Include identity.h
(control_keywords): New statement "identity-acl"
(pies_keywords): New statement "identity-provider"
(config_init): Register identity mechanisms.
(config_parse): New function.
(config_help): Print help on identity-provider
statements.
(main): Use config_parse to parse grecs-style configurations.
* src/pies.h: Include identity.h
(check_acl): Change argument list. All callers changed.
(control): Remove acl. Add conn_acl and id_acl instead.
* src/progman.c (check_acl): Change argument list. Take
identity as the 3rd argument.
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac index 92ffbbd..8fb1eac 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,5 +1,5 @@ | |||
1 | # This file is part of GNU Pies. -*- autoconf -*- | 1 | # This file is part of GNU Pies. -*- autoconf -*- |
2 | # Copyright (C) 2009-2014 Sergey Poznyakoff | 2 | # Copyright (C) 2009-2015 Sergey Poznyakoff |
3 | # | 3 | # |
4 | # GNU Pies is free software; you can redistribute it and/or modify | 4 | # GNU Pies is free software; you can redistribute it and/or modify |
5 | # it under the terms of the GNU General Public License as published by | 5 | # it under the terms of the GNU General Public License as published by |
@@ -33,9 +33,12 @@ AC_PROG_YACC | |||
33 | AC_PROG_LEX | 33 | AC_PROG_LEX |
34 | 34 | ||
35 | # Checks for libraries. | 35 | # Checks for libraries. |
36 | AC_CHECK_LIB(crypt, crypt) | ||
36 | 37 | ||
37 | # Checks for header files. | 38 | # Checks for header files. |
38 | AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdint.h stdlib.h string.h sys/socket.h sys/time.h syslog.h unistd.h utmp.h utmpx.h]) | 39 | AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdint.h stdlib.h\ |
40 | string.h sys/socket.h sys/time.h syslog.h unistd.h utmp.h utmpx.h\ | ||
41 | crypt.h shadow.h]) | ||
39 | 42 | ||
40 | # Checks for typedefs, structures, and compiler characteristics. | 43 | # Checks for typedefs, structures, and compiler characteristics. |
41 | AC_TYPE_UID_T | 44 | AC_TYPE_UID_T |
@@ -80,6 +83,41 @@ AM_ICONV | |||
80 | AM_GNU_GETTEXT([external], [need-formatstring-macros]) | 83 | AM_GNU_GETTEXT([external], [need-formatstring-macros]) |
81 | AM_GNU_GETTEXT_VERSION([0.18]) | 84 | AM_GNU_GETTEXT_VERSION([0.18]) |
82 | 85 | ||
86 | # PAM | ||
87 | status_pam=maybe | ||
88 | AC_ARG_ENABLE([pam], | ||
89 | AC_HELP_STRING([--enable-pam], | ||
90 | [enable PAM]), | ||
91 | [ | ||
92 | case "${enableval}" in | ||
93 | yes) status_pam=yes ;; | ||
94 | no) status_pam=no ;; | ||
95 | *) AC_MSG_ERROR([bad value ${enableval} for --enable-pam]) ;; | ||
96 | esac],[status_pam=maybe]) | ||
97 | |||
98 | AC_SUBST(PAM_LIBS,-lpam) | ||
99 | if test "$status_pam" != "no"; then | ||
100 | pam=$status_pam | ||
101 | AC_CHECK_HEADERS(security/pam_appl.h) | ||
102 | if test "$ac_cv_header_security_pam_appl_h" = "yes"; then | ||
103 | AC_CHECK_LIB(dl, dlopen, [PAM_LIBS="$PAM_LIBS -ldl"]) | ||
104 | AC_CHECK_LIB(pam, pam_start, | ||
105 | [status_pam=yes], | ||
106 | [status_pam=no], $PAM_LIBS) | ||
107 | else | ||
108 | status_pam=no | ||
109 | fi | ||
110 | if test $pam = yes && test $pam != $status_pam; then | ||
111 | AC_MSG_ERROR([required module PAM cannot be built because of missing prerequisites]) | ||
112 | fi | ||
113 | fi | ||
114 | |||
115 | AM_CONDITIONAL([PAM_COND], [test $status_pam = yes]) | ||
116 | if test $status_pam = yes; then | ||
117 | AC_DEFINE_UNQUOTED(WITH_PAM, 1, [PAM support enabled]) | ||
118 | fi | ||
119 | |||
120 | # Build inetd | ||
83 | AC_ARG_ENABLE([inetd], | 121 | AC_ARG_ENABLE([inetd], |
84 | AC_HELP_STRING([--enable-inetd], | 122 | AC_HELP_STRING([--enable-inetd], |
85 | [build and install a replacement for SBINDIR/inetd]), | 123 | [build and install a replacement for SBINDIR/inetd]), |
@@ -100,6 +138,7 @@ AC_CONFIG_FILES([Makefile | |||
100 | gnu/Makefile | 138 | gnu/Makefile |
101 | lib/Makefile | 139 | lib/Makefile |
102 | src/Makefile | 140 | src/Makefile |
141 | ident/Makefile | ||
103 | doc/Makefile | 142 | doc/Makefile |
104 | po/Makefile.in]) | 143 | po/Makefile.in]) |
105 | AC_OUTPUT | 144 | AC_OUTPUT |