Implement authentication on control socket.

* Makefile.am (SUBDIRS): Add src.
* configure.ac: Check for crypt.h and PAM
Build ident/Makefile
* grecs: Update.

* ident/Makefile.am: New file.
* ident/ident.c: New file.
* ident/ident.h: New file.
* ident/identity.h: New file.
* ident/pam.c: New file.
* ident/provider.c: New file.
* ident/system.c: New file.

* lib/Makefile.am: Add arraymember.c
* lib/arraymember.c: New file.
* lib/libpies.h (is_array_member): New proto.

* src/Makefile.am (LDADD): Add libident.a and @PAM_LIBS@
* src/acl.c (acl_entry): Remove groups. Add new members:
names and name_match.
(pies_acl_create): Deep copy the locus.
Set free_entry function for the list.
(pies_acl_free): Free locus.
(_parse_from): Set free_entry function for the list.
(_parse_group): Parse the "user" construct.
(parse_acl_line): Deep copy the locus.
Allow for null value.
(acl_keywords): Update docstrings.
(_acl_check): Rewrite identity checks.
* src/acl.h (acl_input)<user,groups>: Remove.
<identity>: New member.
(pies_acl_free): New proto.
* src/ctl.c (identity): New global.
(cmdtab): New command: auth
(ctlio) <addr,addrlen>: New members.
(ctlio_create): Start from authenticated state
only if no identity_providers are configured.
(cmd_auth): New function.
(cmd_help): Print only commands that are available
in the current state.
(ctl_accept): Initialize io->addr and io->addrlen.
* src/inetd-bi.c: Change call to check_acl
* src/pies.c: Include identity.h
(control_keywords): New statement "identity-acl"
(pies_keywords): New statement "identity-provider"
(config_init): Register identity mechanisms.
(config_parse): New function.
(config_help): Print help on identity-provider
statements.
(main): Use config_parse to parse grecs-style configurations.
* src/pies.h: Include identity.h
(check_acl): Change argument list.  All callers changed.
(control): Remove acl. Add conn_acl and id_acl instead.
* src/progman.c (check_acl): Change argument list.  Take
identity as the 3rd argument.

1 files changed, 41 insertions, 2 deletions

diff --git a/configure.ac b/configure.ac
index 92ffbbd..8fb1eac 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,3 +1,3 @@
 # This file is part of GNU Pies.  -*- autoconf -*-
-# Copyright (C) 2009-2014 Sergey Poznyakoff
+# Copyright (C) 2009-2015 Sergey Poznyakoff
 #
@@ -35,5 +35,8 @@ AC_PROG_LEX
 # Checks for libraries.
+AC_CHECK_LIB(crypt, crypt)
 
 # Checks for header files.
-AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdint.h stdlib.h string.h sys/socket.h sys/time.h syslog.h unistd.h utmp.h utmpx.h])
+AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdint.h stdlib.h\
+ string.h sys/socket.h sys/time.h syslog.h unistd.h utmp.h utmpx.h\
+ crypt.h shadow.h])
 
@@ -82,2 +85,37 @@ AM_GNU_GETTEXT_VERSION([0.18])
 
+# PAM
+status_pam=maybe
+AC_ARG_ENABLE([pam],
+              AC_HELP_STRING([--enable-pam],
+                             [enable PAM]),
+              [
+case "${enableval}" in
+  yes) status_pam=yes ;;
+  no)  status_pam=no ;;
+  *)   AC_MSG_ERROR([bad value ${enableval} for --enable-pam]) ;;
+esac],[status_pam=maybe])
+
+AC_SUBST(PAM_LIBS,-lpam)
+if test "$status_pam" != "no"; then
+  pam=$status_pam
+  AC_CHECK_HEADERS(security/pam_appl.h)
+  if test "$ac_cv_header_security_pam_appl_h" = "yes"; then
+    AC_CHECK_LIB(dl, dlopen, [PAM_LIBS="$PAM_LIBS -ldl"])
+    AC_CHECK_LIB(pam, pam_start,
+	         [status_pam=yes],
+	         [status_pam=no], $PAM_LIBS)
+  else
+    status_pam=no
+  fi
+  if test $pam = yes && test $pam != $status_pam; then
+      AC_MSG_ERROR([required module PAM cannot be built because of missing prerequisites])
+  fi
+fi
+
+AM_CONDITIONAL([PAM_COND], [test $status_pam = yes])
+if test $status_pam = yes; then
+    AC_DEFINE_UNQUOTED(WITH_PAM, 1, [PAM support enabled])
+fi    
+
+# Build inetd
 AC_ARG_ENABLE([inetd],
@@ -102,2 +140,3 @@ AC_CONFIG_FILES([Makefile
                  src/Makefile
+		 ident/Makefile
                  doc/Makefile