diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-12-16 14:58:07 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-12-16 14:58:07 +0200 |
commit | 6bb908898b833ec69c66e918de732af5bad68934 (patch) | |
tree | dd715a052f67849d38aedaa25eafa93241e938df /configure.ac | |
parent | 9cb7455b12462a3679ed5208540793d802570481 (diff) | |
download | pies-6bb908898b833ec69c66e918de732af5bad68934.tar.gz pies-6bb908898b833ec69c66e918de732af5bad68934.tar.bz2 |
Implement authentication on control socket.
* Makefile.am (SUBDIRS): Add src.
* configure.ac: Check for crypt.h and PAM
Build ident/Makefile
* grecs: Update.
* ident/Makefile.am: New file.
* ident/ident.c: New file.
* ident/ident.h: New file.
* ident/identity.h: New file.
* ident/pam.c: New file.
* ident/provider.c: New file.
* ident/system.c: New file.
* lib/Makefile.am: Add arraymember.c
* lib/arraymember.c: New file.
* lib/libpies.h (is_array_member): New proto.
* src/Makefile.am (LDADD): Add libident.a and @PAM_LIBS@
* src/acl.c (acl_entry): Remove groups. Add new members:
names and name_match.
(pies_acl_create): Deep copy the locus.
Set free_entry function for the list.
(pies_acl_free): Free locus.
(_parse_from): Set free_entry function for the list.
(_parse_group): Parse the "user" construct.
(parse_acl_line): Deep copy the locus.
Allow for null value.
(acl_keywords): Update docstrings.
(_acl_check): Rewrite identity checks.
* src/acl.h (acl_input)<user,groups>: Remove.
<identity>: New member.
(pies_acl_free): New proto.
* src/ctl.c (identity): New global.
(cmdtab): New command: auth
(ctlio) <addr,addrlen>: New members.
(ctlio_create): Start from authenticated state
only if no identity_providers are configured.
(cmd_auth): New function.
(cmd_help): Print only commands that are available
in the current state.
(ctl_accept): Initialize io->addr and io->addrlen.
* src/inetd-bi.c: Change call to check_acl
* src/pies.c: Include identity.h
(control_keywords): New statement "identity-acl"
(pies_keywords): New statement "identity-provider"
(config_init): Register identity mechanisms.
(config_parse): New function.
(config_help): Print help on identity-provider
statements.
(main): Use config_parse to parse grecs-style configurations.
* src/pies.h: Include identity.h
(check_acl): Change argument list. All callers changed.
(control): Remove acl. Add conn_acl and id_acl instead.
* src/progman.c (check_acl): Change argument list. Take
identity as the 3rd argument.
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac index 92ffbbd..8fb1eac 100644 --- a/configure.ac +++ b/configure.ac @@ -1,3 +1,3 @@ # This file is part of GNU Pies. -*- autoconf -*- -# Copyright (C) 2009-2014 Sergey Poznyakoff +# Copyright (C) 2009-2015 Sergey Poznyakoff # @@ -35,5 +35,8 @@ AC_PROG_LEX # Checks for libraries. +AC_CHECK_LIB(crypt, crypt) # Checks for header files. -AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdint.h stdlib.h string.h sys/socket.h sys/time.h syslog.h unistd.h utmp.h utmpx.h]) +AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdint.h stdlib.h\ + string.h sys/socket.h sys/time.h syslog.h unistd.h utmp.h utmpx.h\ + crypt.h shadow.h]) @@ -82,2 +85,37 @@ AM_GNU_GETTEXT_VERSION([0.18]) +# PAM +status_pam=maybe +AC_ARG_ENABLE([pam], + AC_HELP_STRING([--enable-pam], + [enable PAM]), + [ +case "${enableval}" in + yes) status_pam=yes ;; + no) status_pam=no ;; + *) AC_MSG_ERROR([bad value ${enableval} for --enable-pam]) ;; +esac],[status_pam=maybe]) + +AC_SUBST(PAM_LIBS,-lpam) +if test "$status_pam" != "no"; then + pam=$status_pam + AC_CHECK_HEADERS(security/pam_appl.h) + if test "$ac_cv_header_security_pam_appl_h" = "yes"; then + AC_CHECK_LIB(dl, dlopen, [PAM_LIBS="$PAM_LIBS -ldl"]) + AC_CHECK_LIB(pam, pam_start, + [status_pam=yes], + [status_pam=no], $PAM_LIBS) + else + status_pam=no + fi + if test $pam = yes && test $pam != $status_pam; then + AC_MSG_ERROR([required module PAM cannot be built because of missing prerequisites]) + fi +fi + +AM_CONDITIONAL([PAM_COND], [test $status_pam = yes]) +if test $status_pam = yes; then + AC_DEFINE_UNQUOTED(WITH_PAM, 1, [PAM support enabled]) +fi + +# Build inetd AC_ARG_ENABLE([inetd], @@ -102,2 +140,3 @@ AC_CONFIG_FILES([Makefile src/Makefile + ident/Makefile doc/Makefile |