├── VERSION ├── debian ├── source │ ├── format │ └── options ├── clean ├── libpam-radius-auth.docs ├── libpam-radius-auth.examples ├── .gitignore ├── upstream │ └── metadata ├── libpam-radius-auth.postinst ├── libpam-radius-auth.install.in ├── lintian-overrides ├── changelog.in ├── libpam-radius-auth.NEWS ├── libpam-radius-auth.prerm ├── watch ├── pam-configs │ └── radius ├── libpam-radius-auth.doc-base ├── pam_sshd_example ├── control ├── rules └── pam_example ├── pamsymbols.ver ├── scripts └── ci │ ├── extra-packages.debian.control │ ├── setup-rsyslog.sh │ ├── setup-pam_radius.sh │ ├── setup-sshd.sh │ └── setup-freeradius.sh ├── src ├── Makefile ├── md5.h ├── pam_radius_auth.h ├── radius.h ├── config.h.in └── md5.c ├── Make.inc.in ├── TODO ├── redhat ├── pam_sshd_example └── pam_radius_auth.spec ├── .gitignore ├── Changelog ├── index.html ├── pam_radius_auth.conf ├── m4 ├── ax_with_prog.m4 ├── ax_compare_version.m4 └── ax_cc.m4 ├── README.md ├── INSTALL ├── Makefile ├── USAGE ├── install-sh ├── .github └── workflows │ ├── ci-rpm.yml │ ├── ci-deb.yml │ └── ci.yml ├── acinclude.m4 ├── LICENSE ├── configure.ac └── config.sub /VERSION: -------------------------------------------------------------------------------- 1 | 3.0.0 2 | -------------------------------------------------------------------------------- /debian/source/format: -------------------------------------------------------------------------------- 1 | 3.0 (quilt) 2 | -------------------------------------------------------------------------------- /debian/clean: -------------------------------------------------------------------------------- 1 | config.log 2 | src/config.h 3 | -------------------------------------------------------------------------------- /pamsymbols.ver: -------------------------------------------------------------------------------- 1 | { 2 | global: pam_sm_*; 3 | local: *; 4 | }; 5 | -------------------------------------------------------------------------------- /debian/libpam-radius-auth.docs: -------------------------------------------------------------------------------- 1 | README.md 2 | USAGE 3 | index.html 4 | -------------------------------------------------------------------------------- /debian/libpam-radius-auth.examples: -------------------------------------------------------------------------------- 1 | debian/pam_example 2 | pam_radius_auth.conf 3 | -------------------------------------------------------------------------------- /debian/.gitignore: -------------------------------------------------------------------------------- 1 | changelog 2 | files 3 | libpam-radius-auth/ 4 | libpam-radius-auth.install 5 | -------------------------------------------------------------------------------- /debian/upstream/metadata: -------------------------------------------------------------------------------- 1 | Repository-Browse: https://github.com/FreeRADIUS/pam_radius 2 | Bug-Submit: https://github.com/FreeRADIUS/pam_radius/issues 3 | -------------------------------------------------------------------------------- /debian/source/options: -------------------------------------------------------------------------------- 1 | extend-diff-ignore=aclocal\.m4 2 | extend-diff-ignore=configure 3 | extend-diff-ignore=config\.status 4 | extend-diff-ignore=config\.guess 5 | 6 | -------------------------------------------------------------------------------- /scripts/ci/extra-packages.debian.control: -------------------------------------------------------------------------------- 1 | # Extra packages that are installed for CI purposes 2 | Source: freeradius 3 | Build-Depends: 4 | libpam0g-dev, 5 | sshpass 6 | -------------------------------------------------------------------------------- /debian/libpam-radius-auth.postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | pam-auth-update --package radius 6 | #pam-auth-update --force 7 | 8 | #DEBHELPER# 9 | 10 | exit 0 11 | -------------------------------------------------------------------------------- /debian/libpam-radius-auth.install.in: -------------------------------------------------------------------------------- 1 | debian/pam-configs/radius usr/share/pam-configs 2 | pam_radius_auth.conf etc 3 | pam_radius_auth.so lib/@DEB_HOST_MULTIARCH@/security 4 | -------------------------------------------------------------------------------- /debian/lintian-overrides: -------------------------------------------------------------------------------- 1 | # It contains the radius secret, which should not be in a 2 | # "world readable" file. 3 | libpam-radius-auth: non-standard-file-perm etc/pam_radius_auth.conf 0600 != 0644 4 | -------------------------------------------------------------------------------- /debian/changelog.in: -------------------------------------------------------------------------------- 1 | libpam-radius-auth (@VERSION@) unstable; urgency=medium 2 | 3 | * Initial Debian version. 4 | 5 | -- Network RADIUS SARL Tue, 2 Nov 2021 11:37:12 -0300 6 | -------------------------------------------------------------------------------- /debian/libpam-radius-auth.NEWS: -------------------------------------------------------------------------------- 1 | libpam-radius-auth (2.0.1) experimental; urgency=medium 2 | 3 | Initial Version 4 | 5 | -- Network RADIUS SARL Tue, 2 Nov 2021 11:37:12 -0300 6 | -------------------------------------------------------------------------------- /debian/libpam-radius-auth.prerm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | if [ "$1" = "remove" ]; then 6 | pam-auth-update --package --remove radius 7 | fi 8 | 9 | #DEBHELPER# 10 | 11 | exit 0 12 | -------------------------------------------------------------------------------- /src/Makefile: -------------------------------------------------------------------------------- 1 | all: pam_radius_auth.o md5.o 2 | 3 | pam_radius_auth.o: pam_radius_auth.c pam_radius_auth.h config.h 4 | $(CC) $(CFLAGS) -c $< -o $@ 5 | 6 | md5.o: md5.c md5.h 7 | $(CC) $(CFLAGS) -c $< -o $@ 8 | 9 | .PHONY: clean 10 | clean: 11 | @rm -f *~ *.so *.o src/*.o src/*~ 12 | -------------------------------------------------------------------------------- /Make.inc.in: -------------------------------------------------------------------------------- 1 | # -*- makefile -*- 2 | # Make.inc.in 3 | # 4 | # Version: $Id: dc3f7040bd40b7c0b65df63ba74405b33e9f8993 $ 5 | # 6 | 7 | CC = @CC@ 8 | RANLIB = @RANLIB@ 9 | CFLAGS = -fPIC -fno-strict-aliasing @CFLAGS@ 10 | CPPFLAGS = -fPIC -fno-strict-aliasing @CPPFLAGS@ 11 | LDFLAGS = -fPIC @LDFLAGS@ 12 | 13 | -------------------------------------------------------------------------------- /debian/watch: -------------------------------------------------------------------------------- 1 | # uscan watch file 2 | version=4 3 | 4 | opts="mode=git, \ 5 | uversionmangle=s/-(beta|rc|dev)/~$1/; \ 6 | s/\.-(beta|rc|dev)\.\d.*//; \ 7 | s/\.\.//,\ 8 | dversionmangle=s/\+dfsg(\.?\d+)?$//" \ 9 | https://github.com/FreeRADIUS/pam_radius/ \ 10 | refs/tags/release_(\d+)_(\d+)_(\d) 11 | -------------------------------------------------------------------------------- /debian/pam-configs/radius: -------------------------------------------------------------------------------- 1 | Name: Radius Authentication 2 | Default: no 3 | Priority: 129 4 | Auth-Type: Primary 5 | Auth-Initial: 6 | [success=end default=ignore] pam_radius_auth.so 7 | Auth: 8 | [success=end default=ignore] pam_radius_auth.so use_first_pass 9 | Account-Type: Additional 10 | Account: 11 | [success=ok new_authtok_reqd=done ignore=ignore user_unknown=ignore authinfo_unavail=ignore default=bad] pam_radius_auth.so 12 | -------------------------------------------------------------------------------- /scripts/ci/setup-rsyslog.sh: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # @copyright 2024 Network RADIUS SAS (legal@networkradius.com) 3 | ## 4 | 5 | cat > /etc/rsyslog.conf <<'EOF' 6 | # Generated by $0 7 | 8 | module(load="imuxsock") 9 | 10 | $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat 11 | $FileOwner root 12 | $FileGroup adm 13 | $FileCreateMode 0640 14 | $DirCreateMode 0755 15 | $Umask 0022 16 | $WorkDirectory /var/spool/rsyslog 17 | 18 | auth,authpriv.* /var/log/auth.log 19 | EOF 20 | 21 | rm -f /var/log/auth.log 22 | -------------------------------------------------------------------------------- /debian/libpam-radius-auth.doc-base: -------------------------------------------------------------------------------- 1 | Document: libpam-radius-auth 2 | Title: PAM RADIUS authentication module documentation 3 | Author: FreeRadius developers 4 | Abstract: The documentation for the PAM RADIUS authentication module 5 | This documentation is about the PAM to RADIUS authentication module. This 6 | PAM allows any PAM-capable machine to become a RADIUS client for 7 | authentication and accounting requests. 8 | Section: System/Administration 9 | 10 | Format: HTML 11 | Index: /usr/share/doc/libpam-radius-auth/index.html 12 | Files: /usr/share/doc/libpam-radius-auth/* 13 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | ------------------------------------------------------------ 2 | 3 | Note that root won't be able to change anyone's passwords via this 4 | method, as RADIUS doesn't support the notion of root. 5 | 6 | ------------------------------------------------------------ 7 | 8 | Add in pam_set_data && pam_get_data to keep track of which RADIUS 9 | server we were talking to, and what the session_time was. 10 | 11 | Oddly enough, the session_time information seems to be happy to be 12 | a 'static', but the radius_server_t *live_server doesn't. It works 13 | for login, is re-used for open_session, but is ignored for close_session. 14 | 15 | ------------------------------------------------------------ 16 | -------------------------------------------------------------------------------- /redhat/pam_sshd_example: -------------------------------------------------------------------------------- 1 | # Example of SSHD+PAM for CentOS 2 | #%PAM-1.0 3 | auth required pam_radius_auth.so conf=/etc/pam_radius_auth.conf debug retry=123 client_id=666 4 | account required pam_nologin.so 5 | account include password-auth 6 | password include password-auth 7 | # pam_selinux.so close should be the first session rule 8 | session required pam_selinux.so close 9 | session required pam_loginuid.so 10 | # pam_selinux.so open should only be followed by sessions to be executed in the user 11 | #context 12 | session required pam_selinux.so open env_params 13 | session required pam_namespace.so 14 | session optional pam_keyinit.so force revoke 15 | session include password-auth 16 | -------------------------------------------------------------------------------- /scripts/ci/setup-pam_radius.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # @copyright 2021 Network RADIUS SAS (legal@networkradius.com) 3 | # Author: Jorge Pereira 4 | ## 5 | 6 | if [ -z "$CI_TEST_USER" ]; then 7 | echo "$0: ERROR: Missing the env CI_TEST_USER" 8 | exit 1 9 | fi 10 | 11 | if [ -z "$CI_TEST_PASS" ]; then 12 | echo "$0: ERROR: Missing the env CI_TEST_PASS" 13 | exit 1 14 | fi 15 | 16 | # Setup the basic user setting 17 | if [ -f /etc/redhat-release ]; then 18 | cp -f redhat/pam_sshd_example /etc/pam.d/sshd 19 | else 20 | cp -f debian/pam_sshd_example /etc/pam.d/sshd 21 | fi 22 | 23 | cat > /etc/pam_radius_auth.conf < 4 | ## 5 | 6 | if [ -z "$CI_TEST_USER" ]; then 7 | echo "$0: ERROR: Missing the env CI_TEST_USER" 8 | exit 1 9 | fi 10 | 11 | if [ -z "$CI_TEST_PASS" ]; then 12 | echo "$0: ERROR: Missing the env CI_TEST_PASS" 13 | exit 1 14 | fi 15 | 16 | # Configure SSH 17 | cat > /etc/ssh/sshd_config < 3 | Uploaders: Network RADIUS SARL 4 | Section: admin 5 | Priority: optional 6 | Standards-Version: 4.5.1 7 | Build-Depends: 8 | debhelper-compat (= 12), 9 | libpam0g-dev | libpam-dev, 10 | Rules-Requires-Root: no 11 | Homepage: https://www.freeradius.org/pam_radius_auth/ 12 | Vcs-Browser: https://github.com/FreeRADIUS/pam_radius/ 13 | Vcs-Git: https://github.com/FreeRADIUS/pam_radius.git 14 | 15 | Package: libpam-radius-auth 16 | Architecture: any 17 | Depends: 18 | ${misc:Depends}, 19 | ${shlibs:Depends}, 20 | Suggests: 21 | radius-server, 22 | Description: PAM RADIUS authentication module 23 | This is the PAM to RADIUS authentication module. It allows any PAM-capable 24 | machine to become a RADIUS client for authentication and accounting 25 | requests. You will, however, need to supply your own RADIUS server to 26 | perform the actual authentication 27 | -------------------------------------------------------------------------------- /Changelog: -------------------------------------------------------------------------------- 1 | pam_radius_auth 3.0.0 Fri 09 Aug 2024 12:00:00 EDT urgency=low 2 | Feature improvements 3 | * RPM and DEB packages can be built from the source. 4 | Just do "make rpm" or "make deb". 5 | * Add continuous integration (CI) tests 6 | * Configuration is now in /etc/pam_radius_auth.conf 7 | * BlastRADIUS attack mitigations (add Message-Authenticator to 8 | Access-Request packets, new require_message_authenticator config flag) 9 | 10 | Bug fixes 11 | * All known and reported bugs have been fixed. 12 | * Ignore packets from unknown sources. Based on patches 13 | from Alex Malowany. 14 | * Remove obsolete functionality (Old-Password support, workarounds for 15 | Livingston RADIUS server, password change support, etc) 16 | 17 | pam_radius_auth 2.0.0 Tue 21 Jul 2020 12:00:00 EDT urgency=low 18 | * Add IPv6 support 19 | * environment variable attribute Framed-IP-Address when present 20 | from Antonio Silva 21 | * add Management-Privilege-Level attribute support 22 | from Deepak Kumar Bhagat 23 | * Honor radius prompt attribute during challenge response 24 | From Koch 25 | * Add support for Linux VRF (SO_BINDTODEVICE), use per-server sockets if src_ip or vrf are requested 26 | * Use per-server socket if src_ip is set in config file 27 | from Luca Boccassi 28 | * many other Linux fixes from Luca Boccassi. 29 | * Fix memory leak in add_nas_ip_address 30 | from Matt Knutson 31 | * Add Calling-Station-Id to accounting requests. 32 | from Thomas Liske 33 | * Thread safety fixes 34 | from Samuel Varley 35 | * Many other fixes from Justin Standring, mweissen13, and Benny Siegert. 36 | -------------------------------------------------------------------------------- /index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | <code>pam_radius_auth</CODE>: The PAM RADIUS authentication module 4 | 5 | 6 |

pam_radius_auth: The PAM RADIUS authentication module

7 | 8 | This is the PAM to RADIUS authentication module. It allows any 9 | PAM-capable machine to become a RADIUS client for authentication and 10 | accounting requests. You will need a RADIUS server to perform the 11 | actual authentication. 12 | 13 |

14 |

Files included with the module

15 | 16 | README Introduction and documentation
17 | INSTALL Installation instructions
18 | USAGE Module configuration and usage documentation
19 | Changelog What's changed
20 | pam_radius_auth.conf Sample 21 | configuration file for telling the client the location of the RADIUS server.
22 | pam_radius_auth.c C source file
23 | pam_radius_auth.h C header file
24 |
25 | 26 | 27 |

28 |

Updates

29 | 30 | For the latest version and updates, see the main web or ftp site: 31 |

32 | http://www.freeradius.org/pam_radius_auth/
33 | ftp://ftp.freeradius.org/pub/radius/ 34 |

35 | $Id: index.html,v 1.5 2003/09/19 14:44:43 aland Exp $ 36 | 37 | 38 | -------------------------------------------------------------------------------- /debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | # @copyright 2021 Network RADIUS SAS (legal@networkradius.com) 3 | # Author: Jorge Pereira 4 | ## 5 | 6 | # Uncomment this to turn on verbose mode. 7 | export DH_VERBOSE=1 8 | DPKG_EXPORT_BUILDFLAGS = 1 9 | include /usr/share/dpkg/default.mk 10 | 11 | .NOTPARALLEL: 12 | 13 | export DEB_BUILD_MAINT_OPTIONS=hardening=+all 14 | 15 | # These are used for cross-compiling and for saving the configure script 16 | # from having to guess our platform (since we know it already) 17 | export DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) 18 | export DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) 19 | 20 | export DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) 21 | 22 | # Let the make decide that! 23 | unexport CC 24 | 25 | ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE)) 26 | confflags += --build $(DEB_HOST_GNU_TYPE) 27 | else 28 | confflags += --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE) 29 | endif 30 | 31 | debian/%.install: debian/%.install.in 32 | sed 's/@DEB_HOST_MULTIARCH@/$(DEB_HOST_MULTIARCH)/g' $< > $@ 33 | 34 | %: 35 | dh $@ 36 | 37 | # Don't touch in our config.guess 38 | override_dh_update_autotools_config: 39 | 40 | # ... even the configure/aclocal 41 | override_dh_autoreconf: 42 | 43 | override_dh_gencontrol: 44 | dh_gencontrol 45 | 46 | override_dh_auto_configure: 47 | ./configure $(confflags) \ 48 | --disable-developer 49 | 50 | override_dh_auto_clean: 51 | # work around some stupid logic in top level makefile 52 | make -C src/ clean 53 | 54 | # Skip 55 | override_dh_auto_install: debian/libpam-radius-auth.install 56 | 57 | override_dh_fixperms: 58 | dh_fixperms 59 | chmod 600 debian/libpam-radius-auth/etc/pam_radius_auth.conf 60 | -------------------------------------------------------------------------------- /debian/pam_example: -------------------------------------------------------------------------------- 1 | This is a simple and safe example on how to enable radius 2 | authentication to the console login on a Debian system and 3 | you are too lazy to read the USAGE documentation. 4 | 5 | Edit /etc/pam.d/login 6 | 7 | The default looks like: 8 | 9 | [SNIP] 10 | 11 | # Disallows other than root logins when /etc/nologin exists 12 | # (Replaces the `NOLOGINS_FILE' option from login.defs) 13 | auth requisite pam_nologin.so 14 | 15 | # This module parses /etc/environment (the standard for setting 16 | # environ vars) and also allows you to use an extended config 17 | # file /etc/security/pam_env.conf. 18 | # (Replaces the `ENVIRON_FILE' setting from login.defs) 19 | auth required pam_env.so 20 | 21 | # Standard Un*x authentication. The "nullok" line allows passwordless 22 | # accounts. 23 | @include common-auth 24 | 25 | [SNIP] 26 | 27 | 28 | Insert the following line: 29 | 30 | auth sufficient pam_radius_auth.so 31 | 32 | AFTER 33 | 34 | auth required pam_env.so 35 | 36 | and BEFORE 37 | 38 | # Standard Un*x authentication. The "nullok" line allows passwordless 39 | # accounts. 40 | @include common-auth 41 | 42 | so that it will looks like: 43 | 44 | [SNIP] 45 | 46 | # This module parses /etc/environment (the standard for setting 47 | # environ vars) and also allows you to use an extended config 48 | # file /etc/security/pam_env.conf. 49 | # (Replaces the `ENVIRON_FILE' setting from login.defs) 50 | auth required pam_env.so 51 | 52 | ##### RADIUS ##### 53 | auth sufficient pam_radius_auth.so 54 | 55 | # Standard Un*x authentication. The "nullok" line allows passwordless 56 | # accounts. 57 | @include common-auth 58 | 59 | [SNIP] 60 | 61 | Try now to login in one of the consoles using the radius password. 62 | If it fails the system will prompt again for a password. This time 63 | provide the local one. 64 | 65 | -------------------------------------------------------------------------------- /src/md5.h: -------------------------------------------------------------------------------- 1 | #ifndef MD5_H 2 | #define MD5_H 3 | #include "config.h" 4 | 5 | /* 6 | * Try and determine endianness of the target system. 7 | * 8 | * Other projects seem to use endian.h and variants, but these are 9 | * in non standard locations, and may mess up cross compiling. 10 | * 11 | * Here at least the endianness can be set explicitly with 12 | * -DLITTLE_ENDIAN or -DBIG_ENDIAN. 13 | */ 14 | #if !defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) 15 | # if defined(__LITTLE_ENDIAN__) || \ 16 | (defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) || \ 17 | defined(AC_LITTLE_ENDIAN) 18 | # define LITTLE_ENDIAN 1 19 | # elif defined(__BIG_ENDIAN__) || \ 20 | (defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)) || \ 21 | defined(AC_BIG_ENDIAN) 22 | # define BIG_ENDIAN 1 23 | # else 24 | # error Failed determining endianness of system 25 | # endif 26 | #endif 27 | 28 | /* 29 | * Some operating systems MAY resolve the MD5* functions to 30 | * secret functions in one of their libraries. These OS supplied 31 | * MD5 functions almost always blow up, and cause problems. 32 | * To get around the issue, we re-define the MD5 function names 33 | * so that we're sure that our module uses our tested and working 34 | * MD5 functions. 35 | */ 36 | #define MD5Init pra_MD5Init 37 | #define MD5Update pra_MD5Update 38 | #define MD5Final pra_MD5Final 39 | #define MD5Transform pra_MD5Transform 40 | 41 | #include 42 | #include 43 | 44 | struct MD5Context { 45 | uint32_t buf[4]; 46 | uint32_t bits[2]; 47 | unsigned char in[64]; 48 | }; 49 | 50 | void MD5Init(struct MD5Context *); 51 | void MD5Update(struct MD5Context *, unsigned const char *, unsigned); 52 | void MD5Final(unsigned char digest[16], struct MD5Context *); 53 | void MD5Transform(uint32_t buf[4], uint32_t const in[16]); 54 | 55 | void hmac_md5(uint8_t digest[16], uint8_t const *text, size_t text_len, 56 | uint8_t const *key, size_t key_len); 57 | 58 | /* 59 | * This is needed to make RSAREF happy on some MS-DOS compilers. 60 | */ 61 | 62 | typedef struct MD5Context MD5_CTX; 63 | 64 | #endif /* MD5_H */ 65 | -------------------------------------------------------------------------------- /redhat/pam_radius_auth.spec: -------------------------------------------------------------------------------- 1 | # 2 | # @copyright 2021 Network RADIUS SAS (legal@networkradius.com) 3 | # Author: Jorge Pereira 4 | # 5 | %global debug_package %{nil} 6 | %define name pam_radius_auth 7 | %define version %{_version} 8 | %define release 0 9 | 10 | Name: %{name} 11 | Summary: PAM Module for RADIUS Authentication 12 | Version: %{version} 13 | Release: %{release} 14 | Source: ftp://ftp.freeradius.org/pub/freeradius/pam_radius-%{version}.tar.bz2 15 | URL: http://www.freeradius.org/pam_radius_auth/ 16 | Group: System Environment/Libraries 17 | BuildRoot: %{_tmppath}/%{name}-buildroot 18 | Requires: pam 19 | BuildRequires: pam-devel 20 | BuildRequires: gcc 21 | License: GNU GPL 22 | Packager: Network RADIUS SARL 23 | Vendor: Network RADIUS SARL 24 | 25 | # Disable shebang mangling script, 26 | # which errors out on any file with versionless `python` in its shebang 27 | # See: https://github.com/atom/atom/issues/21937 28 | %undefine __brp_mangle_shebangs 29 | 30 | %description 31 | This is the PAM to RADIUS authentication module. It allows any PAM-capable 32 | machine to become a RADIUS client for authentication and accounting 33 | requests. You will need a RADIUS server to perform the actual 34 | authentication. 35 | 36 | %prep 37 | %setup -q -n pam_radius-%{version} 38 | 39 | %build 40 | # Retain CFLAGS from the environment... 41 | export CFLAGS="$CFLAGS -fpic" 42 | export CXXFLAGS="$CFLAGS" 43 | 44 | # Need to pass these explicitly for clang, else rpmbuilder bails when trying to extract debug info from 45 | # the libraries. Guessing GCC does this by default. Why use clang over gcc? The version of clang 46 | # which ships with RHEL 6 has basic C11 support, gcc doesn't. 47 | export LDFLAGS="-Wl,--build-id" 48 | 49 | %configure --disable-developer 50 | make 51 | 52 | %install 53 | rm -rf %{buildroot} 54 | mkdir -p %{buildroot}/%{_lib}/security 55 | install -m 0755 pam_radius_auth.so %{buildroot}/%{_lib}/security 56 | 57 | # It contains the radius secret, which should not be in a "world readable" file. 58 | mkdir -p %{buildroot}%{_sysconfdir} 59 | install -m 0600 pam_radius_auth.conf %{buildroot}%{_sysconfdir}/pam_radius_auth.conf 60 | 61 | %clean 62 | rm -rf %{buildroot} 63 | 64 | %files 65 | %defattr(-,root,root) 66 | %doc README.md INSTALL USAGE LICENSE Changelog 67 | %config(noreplace) %attr(0600, root, root) %{_sysconfdir}/pam_radius_auth.conf 68 | %dir %attr(755,root,root) /%{_lib}/security/ 69 | /%{_lib}/security/pam_radius_auth.so 70 | 71 | %changelog 72 | * Thu Nov 4 2021 Network RADIUS SARL - %{_version} 73 | - Initial Debian version. 74 | -------------------------------------------------------------------------------- /pam_radius_auth.conf: -------------------------------------------------------------------------------- 1 | # /etc/pam_radius_auth.conf configuration file. 2 | # 3 | # For proper security, this file SHOULD have permissions 0600, 4 | # that is readable by root, and NO ONE else. If anyone other than 5 | # root can read this file, then they can spoof responses from the server! 6 | # 7 | # There are 5 fields per line in this file. There may be multiple 8 | # lines. Blank lines or lines beginning with '#' are treated as 9 | # comments, and are ignored. The fields are: 10 | # 11 | # server[:port] secret [timeout [source_ip [vrf]]] 12 | # 13 | # the port name or number is optional. The default port name is 14 | # "radius", and is looked up from /etc/services The timeout field is 15 | # optional. The default timeout is 3 seconds. 16 | # The source_ip field is optional and the default is none. 17 | # The vrf field is optional and the default is none. 18 | # 19 | # For IPv6 literal addresses, the address has to be surrounded by 20 | # square brackets as usual. E.g. [2001:0db8:85a3::4]. 21 | # 22 | # If multiple RADIUS server lines exist, they are tried in order. The 23 | # first server to return success or failure causes the module to return 24 | # success or failure. Only if a server fails to response is it skipped, 25 | # and the next server in turn is used. 26 | # 27 | # The timeout field controls how many seconds the module waits before 28 | # deciding that the server has failed to respond. Timeouts MUST be 29 | # between 3 and 60 seconds. If they are outside of this range, the 30 | # timeouts are clamped to this range. 31 | # 32 | # The source_ip field can be used to make the library bind the socket 33 | # that connects to that particular server to a particular IP address. 34 | # Note: specifying a timeout field is mandatory due to config parsing, 35 | # but if not needed it can be just set to the default of 3. 36 | # 37 | # The vrf field can be used on Linux to make the library bind the socket 38 | # that connects to that particualar server to a particular VRF. 39 | # See: https://www.kernel.org/doc/Documentation/networking/vrf.txt for 40 | # more information. 41 | # Note: specifying a source_ip field is mandatory due to config parsing, 42 | # but if not needed it can be just set to 0. 43 | # 44 | # server[:port] shared_secret timeout (s) source_ip vrf 45 | 127.0.0.1 secret 3 46 | other-server other-secret 5 192.168.1.10 vrf-blue 47 | [2001:0db8:85a3::4]:1812 other6-secret 3 [2001:0db8:85a3::3] vrf-red 48 | other-other-server other-other-secret 5 0 vrf-blue 49 | # 50 | # having localhost in your radius configuration is a Good Thing. 51 | # 52 | # See the INSTALL file for pam.conf hints. 53 | -------------------------------------------------------------------------------- /m4/ax_with_prog.m4: -------------------------------------------------------------------------------- 1 | # =========================================================================== 2 | # http://www.gnu.org/software/autoconf-archive/ax_with_prog.html 3 | # =========================================================================== 4 | # 5 | # SYNOPSIS 6 | # 7 | # AX_WITH_PROG([VARIABLE],[program],[VALUE-IF-NOT-FOUND],[PATH]) 8 | # 9 | # DESCRIPTION 10 | # 11 | # Locates an installed program binary, placing the result in the precious 12 | # variable VARIABLE. Accepts a present VARIABLE, then --with-program, and 13 | # failing that searches for program in the given path (which defaults to 14 | # the system path). If program is found, VARIABLE is set to the full path 15 | # of the binary; if it is not found VARIABLE is set to VALUE-IF-NOT-FOUND 16 | # if provided, unchanged otherwise. 17 | # 18 | # A typical example could be the following one: 19 | # 20 | # AX_WITH_PROG(PERL,perl) 21 | # 22 | # NOTE: This macro is based upon the original AX_WITH_PYTHON macro from 23 | # Dustin J. Mitchell . 24 | # 25 | # LICENSE 26 | # 27 | # Copyright (c) 2008 Francesco Salvestrini 28 | # Copyright (c) 2008 Dustin J. Mitchell 29 | # 30 | # Copying and distribution of this file, with or without modification, are 31 | # permitted in any medium without royalty provided the copyright notice 32 | # and this notice are preserved. This file is offered as-is, without any 33 | # warranty. 34 | 35 | #serial 16 36 | 37 | AC_DEFUN([AX_WITH_PROG],[ 38 | AC_PREREQ([2.61]) 39 | 40 | pushdef([VARIABLE],$1) 41 | pushdef([EXECUTABLE],$2) 42 | pushdef([VALUE_IF_NOT_FOUND],$3) 43 | pushdef([PATH_PROG],$4) 44 | 45 | AC_ARG_VAR(VARIABLE,Absolute path to EXECUTABLE executable) 46 | 47 | AS_IF(test -z "$VARIABLE",[ 48 | AC_MSG_CHECKING(whether EXECUTABLE executable path has been provided) 49 | AC_ARG_WITH(EXECUTABLE,AS_HELP_STRING([--with-EXECUTABLE=[[[PATH]]]],absolute path to EXECUTABLE executable), [ 50 | AS_IF([test "$withval" != yes && test "$withval" != no],[ 51 | VARIABLE="$withval" 52 | AC_MSG_RESULT($VARIABLE) 53 | ],[ 54 | VARIABLE="" 55 | AC_MSG_RESULT([no]) 56 | AS_IF([test "$withval" != no], [ 57 | AC_PATH_PROG([]VARIABLE[],[]EXECUTABLE[],[]VALUE_IF_NOT_FOUND[],[]PATH_PROG[]) 58 | ]) 59 | ]) 60 | ],[ 61 | AC_MSG_RESULT([no]) 62 | AC_PATH_PROG([]VARIABLE[],[]EXECUTABLE[],[]VALUE_IF_NOT_FOUND[],[]PATH_PROG[]) 63 | ]) 64 | ]) 65 | 66 | popdef([PATH_PROG]) 67 | popdef([VALUE_IF_NOT_FOUND]) 68 | popdef([EXECUTABLE]) 69 | popdef([VARIABLE]) 70 | ]) 71 | -------------------------------------------------------------------------------- /scripts/ci/setup-freeradius.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # @copyright 2021 Network RADIUS SAS (legal@networkradius.com) 3 | # Author: Jorge Pereira 4 | ## 5 | 6 | if [ -e "/etc/freeradius/3.0/mods-config/files/authorize" ]; then 7 | raddb="/etc/freeradius/3.0" 8 | elif [ -e "/etc/freeradius/mods-config/files/authorize" ]; then 9 | raddb="/etc/freeradius" 10 | elif [ -e "/etc/raddb/mods-config/files/authorize" ]; then 11 | raddb="/etc/raddb" 12 | else 13 | echo "$0: ERROR: We did not find the /etc/freeradius/mods-config/files/authorize or /etc/freeradius/3.0/mods-config/files/authorize" 14 | exit 123 15 | fi 16 | 17 | radiusd="/usr/sbin/freeradius" 18 | 19 | if [ -z "$CI_TEST_USER" ]; then 20 | echo "$0: ERROR: Missing the env CI_TEST_USER" 21 | exit 1 22 | fi 23 | 24 | if [ -z "$CI_TEST_PASS" ]; then 25 | echo "$0: ERROR: Missing the env CI_TEST_PASS" 26 | exit 1 27 | fi 28 | 29 | # Setup the basic user setting 30 | cat > ${raddb}/mods-config/files/authorize < ${raddb}/sites-enabled/default < ${raddb}/clients.conf < 51 | 52 | ## Debugging 53 | 54 | When building under clang and some later versions of GCC with `--enable-developer`, you can add the following flags: 55 | 56 | - `--enable-address-sanitizer`, enables address sanitizer (detects use after 57 | free issues, and out of bounds accesses). 58 | 59 | - `--enable-leak-sanitizer`, enables leak sanitizer (detects memory leaks). 60 | 61 | ## Packages 62 | 63 | ## RPM (RedHat, CentOS, Rocky Linux etc) 64 | 65 | ``` 66 | $ ./configure 67 | $ make rpm 68 | $ rpm -ivh rpmbuild/RPMS/x86_64/pam*.rpm 69 | ``` 70 | 71 | Configuration example for sshd+PAM in [redhat/pam_sshd_example](redhat/pam_sshd_example) 72 | 73 | ## DEB (Debian, Ubuntu etc) 74 | 75 | ``` 76 | $ ./configure 77 | $ make deb 78 | $ dpkg -i ../libpam-radius-auth_*.deb 79 | ``` 80 | 81 | Configuration example for sshd+PAM in [debian/pam_sshd_example](debian/pam_sshd_example) 82 | -------------------------------------------------------------------------------- /INSTALL: -------------------------------------------------------------------------------- 1 | ********************************************************************** 2 | Redhat Linux 4.2 (PAM 0.54) 3 | ********************************************************************** 4 | 5 | make. 6 | 7 | Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so 8 | 9 | In /etc/pam.conf, add the line: 10 | 11 | login auth sufficient /lib/security/pam_radius_auth.so 12 | 13 | AFTER 14 | 15 | login auth required /lib/security/pam_securetty.so 16 | 17 | and BEFORE 18 | 19 | login auth required /lib/security/pam_unix_auth.so 20 | 21 | i.e. 22 | 23 | login auth required /lib/security/pam_securetty.so 24 | login auth sufficient /lib/security/pam_radius_auth.so 25 | login auth required /lib/security/pam_unix_auth.so 26 | 27 | 28 | ********************************************************************** 29 | Redhat Linux > 5.0 30 | ********************************************************************** 31 | 32 | make. 33 | 34 | Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so 35 | 36 | In the per-application configuration (/etc/pam.d/application) add: 37 | 38 | auth sufficient /lib/security/pam_radius_auth.so 39 | 40 | AFTER 41 | 42 | auth required /lib/security/pam_securetty.so 43 | 44 | and BEFORE 45 | 46 | auth required /lib/security/pam_unix_auth.so 47 | 48 | i.e. 49 | 50 | auth required /lib/security/pam_securetty.so 51 | auth sufficient /lib/security/pam_radius_auth.so 52 | auth required /lib/security/pam_unix_auth.so 53 | 54 | 55 | ********************************************************************** 56 | Solaris 2.6 57 | ********************************************************************** 58 | 59 | make. 60 | 61 | Copy 'pam_radius_auth.so' to /usr/lib/security/pam_radius_auth.so.1 62 | 63 | in /etc/pam.conf, add the line: 64 | 65 | login auth sufficient /usr/lib/security/pam_radius_auth.so.1 66 | 67 | BEFORE 68 | 69 | login auth required /usr/lib/security/pam_unix_auth.so.1 70 | 71 | You will probably also have to add the lines: 72 | 73 | telnet auth sufficient /usr/lib/security/pam_radius_auth.so.1 74 | telnet auth required /usr/lib/security/pam_unix.so.1 75 | 76 | in order to perform network logins. 77 | 78 | ---------------------------------------------------------------------- 79 | 80 | Password change requests are pretty much the same. Add a line like: 81 | 82 | passwd password sufficient /lib/security/pam_radius_auth.so 83 | 84 | And you're set. 85 | 86 | Note that password change requests will NOT work for RADIUS users 87 | using challenge-response authentication. 88 | 89 | ---------------------------------------------------------------------- 90 | 91 | If you're familiar with PAM, configuring RADIUS authentication for 92 | other applications should be straightforward. 93 | 94 | Note that you should be *very* careful when configuring users who 95 | use RADIUS challenge-response. They should *not* have a Unix password 96 | defined, or the challenge-response token card may become meaningless. 97 | 98 | Users who have have a RADIUS challenge-response configuration must 99 | enter an initial password, unless 'skip_passwd' (see below) is 100 | defined. The password they enter may not be blank or empty. 101 | 102 | ---------------------------------------------------------------------- 103 | 104 | You will need a server configuration file. An example is given in 105 | the file pam_radius_auth.conf. You will need to copy this file to 106 | /etc/raddb/server. The file MUST be secure! i.e. 107 | 108 | chown root /etc/raddb 109 | chmod go-rwx /etc/raddb 110 | chmod go-rwx /etc/raddb/server 111 | 112 | See 'USAGE' for details of the configuration file. 113 | 114 | ---------------------------------------------------------------------- 115 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | ###################################################################### 2 | # 3 | # A minimal 'Makefile', by Alan DeKok 4 | # 5 | # $Id: Makefile,v 1.13 2007/03/26 04:22:11 fcusack Exp $ 6 | # 7 | ############################################################################# 8 | 9 | # 10 | # We require Make.inc, UNLESS the target is "make deb" or "make rpm" 11 | # 12 | # Since "make deb" re-runs configure... there's no point in 13 | # requiring the developer to run configure *before* making 14 | # the debian packages. 15 | # 16 | ifneq "$(MAKECMDGOALS)" "deb" 17 | ifneq "$(MAKECMDGOALS)" "rpm" 18 | $(if $(wildcard src/config.h),,$(error You must run './configure [options]' before doing 'make')) 19 | $(if $(wildcard Make.inc),,$(error Missing 'Make.inc' Run './configure [options]' and retry)) 20 | 21 | include Make.inc 22 | endif 23 | endif 24 | 25 | VERSION = $(shell cat VERSION) 26 | 27 | ###################################################################### 28 | # 29 | # If we're really paranoid, use these flags 30 | #CFLAGS = -Wall -Wshadow -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Waggregate-return 31 | # 32 | # If you're not using GCC, then you'll have to change the CFLAGS. 33 | # 34 | CFLAGS += -Wall 35 | 36 | # 37 | # On Irix, use this with MIPSPRo C Compiler, and don't forget to export CC=cc 38 | # gcc on Irix does not work yet for pam_radius 39 | # Also, use gmake instead of make 40 | # Then copy pam_radius_auth.so to /usr/freeware/lib32/security (PAM dir) 41 | # CFLAGS = 42 | 43 | #LDFLAGS += -shared -Wl,--version-script=pamsymbols.ver 44 | LDFLAGS += -shared 45 | 46 | ###################################################################### 47 | # 48 | # The default rule to build everything. 49 | # 50 | all: pam_radius_auth.so 51 | 52 | ###################################################################### 53 | # 54 | # Build the object file from the C source. 55 | # 56 | export CFLAGS LDFLAGS 57 | 58 | src/pam_radius_auth.o: src/pam_radius_auth.c src/pam_radius_auth.h 59 | @$(MAKE) -C src $(notdir $@) 60 | 61 | src/md5.o: src/md5.c src/md5.h 62 | @$(MAKE) -C src $(notdir $@) 63 | 64 | # 65 | # This is what should work on Irix: 66 | #pam_radius_auth.so: pam_radius_auth.o md5.o 67 | # ld -shared pam_radius_auth.o md5.o -L/usr/freeware/lib32 -lpam -lc -o pam_radius_auth.so 68 | 69 | ###################################################################### 70 | # 71 | # Build the shared library. 72 | # 73 | # The -Bshareable flag *should* work on *most* operating systems. 74 | # 75 | # On Solaris, you might try using '-G', instead. 76 | # 77 | # On systems with a newer GCC, you will need to do: 78 | # 79 | # gcc -shared pam_radius_auth.o md5.o -lpam -lc -o pam_radius_auth.so 80 | # 81 | pam_radius_auth.so: src/pam_radius_auth.o src/md5.o 82 | $(CC) $(LDFLAGS) $^ -lpam -o pam_radius_auth.so 83 | 84 | ###################################################################### 85 | # 86 | # Check a distribution out of the source tree, and make a tar file. 87 | # 88 | 89 | BRANCH = $(shell git rev-parse --abbrev-ref HEAD) 90 | 91 | pam_radius-$(VERSION).tar.gz: .git/HEAD 92 | git archive --format=tar --prefix=pam_radius-$(VERSION)/ $(BRANCH) | gzip > $@ 93 | 94 | pam_radius-$(VERSION).tar.bz2: .git/HEAD 95 | git archive --format=tar --prefix=pam_radius-$(VERSION)/ $(BRANCH) | bzip2 > $@ 96 | 97 | %.sig: % 98 | gpg --default-key packages@freeradius.org -b $< 99 | 100 | .PHONY: dist 101 | dist: pam_radius-$(VERSION).tar.gz pam_radius-$(VERSION).tar.bz2 102 | 103 | dist-sign: pam_radius-$(VERSION).tar.gz.sig pam_radius-$(VERSION).tar.bz2.sig 104 | 105 | ###################################################################### 106 | # 107 | # Clean up everything 108 | # 109 | .PHONY: clean 110 | clean: 111 | @rm -f *~ *.so *.o src/*.o src/*~ 112 | 113 | ###################################################################### 114 | # 115 | # Install it 116 | # 117 | .PHONY: install 118 | install: all 119 | install -Dm 0644 pam_radius_auth.so $(DESTDIR)/lib/security/pam_radius_auth.so 120 | install -Dm 0644 pam_radius_auth.conf $(DESTDIR)/etc/pam_radius_auth.conf 121 | 122 | ###################################################################### 123 | # 124 | # Build a debian package 125 | # 126 | debian/changelog: debian/changelog.in 127 | sed "s/@VERSION@/$(VERSION)/g" < $^ > $@ 128 | 129 | .PHONY: deb 130 | deb: debian/changelog 131 | @if ! command -v fakeroot; then \ 132 | if ! command -v apt-get; then \ 133 | echo "'make deb' only works on debian systems" ; \ 134 | exit 1; \ 135 | fi ; \ 136 | echo "Please run 'apt-get install build-essential fakeroot' "; \ 137 | exit 1; \ 138 | fi 139 | fakeroot debian/rules debian/control 140 | fakeroot dpkg-buildpackage -b -uc 141 | 142 | # 143 | # Build an RPM package 144 | # 145 | .PHONY: rpm 146 | rpmbuild/SOURCES/pam_radius-$(VERSION).tar.bz2: pam_radius-$(VERSION).tar.bz2 147 | @mkdir -p $(addprefix rpmbuild/,SOURCES SPECS BUILD RPMS SRPMS BUILDROOT) 148 | @for file in `awk '/^Source...:/ {print $$2}' redhat/pam_radius_auth.spec` ; do cp redhat/$$file rpmbuild/SOURCES/$$file ; done 149 | @cp $< $@ 150 | 151 | rpm: rpmbuild/SOURCES/pam_radius-$(VERSION).tar.bz2 152 | @if ! yum-builddep -q -C --assumeno --define "_version $(VERSION)" redhat/pam_radius_auth.spec 1> /dev/null 2>&1; then \ 153 | echo "ERROR: Required dependencies not found, install them with: yum-builddep redhat/pam_radius_auth.spec"; \ 154 | exit 1; \ 155 | fi 156 | @QA_RPATHS=0x0003 rpmbuild --define "_version $(VERSION)" --define "_topdir `pwd`/rpmbuild" -bb redhat/pam_radius_auth.spec 157 | -------------------------------------------------------------------------------- /src/pam_radius_auth.h: -------------------------------------------------------------------------------- 1 | #ifndef PAM_RADIUS_H 2 | #define PAM_RADIUS_H 3 | 4 | #include "config.h" 5 | 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | 29 | #if defined(HAVE_LINUX_IF_H) 30 | #include 31 | #else 32 | #define IFNAMSIZ 16 /* fallback to current value */ 33 | #endif 34 | 35 | #ifdef HAVE_POLL_H 36 | #include 37 | #endif 38 | 39 | #if defined(HAVE_SECURITY_PAM_APPL_H) 40 | # include 41 | #elif defined(HAVE_PAM_PAM_APPL_H) 42 | # include 43 | #endif 44 | 45 | #if defined(HAVE_SECURITY_PAM_MODULES_H) 46 | # include 47 | #elif defined(HAVE_PAM_PAM_APPL_H) 48 | # include 49 | #else 50 | # error security/pam_modules.h or pam/pam_modules.h required 51 | #endif 52 | 53 | 54 | #include "radius.h" 55 | #include "md5.h" 56 | 57 | /* Defaults for the prompt option */ 58 | #define MAXPROMPT 33 /* max prompt length, including '\0' */ 59 | #define DEFAULT_PROMPT "Password" /* default prompt, without the ': ' */ 60 | 61 | 62 | /************************************************************************* 63 | * Platform specific defines 64 | *************************************************************************/ 65 | 66 | #ifndef CONST 67 | # if defined(__sun) || defined(__linux__) || defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__APPLE__) 68 | /* 69 | * On older versions of Solaris, you may have to change this to: 70 | * #define CONST 71 | */ 72 | # define CONST const 73 | # else 74 | # define CONST 75 | # endif 76 | #endif 77 | 78 | #ifndef PAM_EXTERN 79 | # ifdef __sun 80 | # define PAM_EXTERN extern 81 | # else 82 | # define PAM_EXTERN 83 | # endif 84 | #endif 85 | 86 | 87 | /************************************************************************* 88 | * Useful macros and defines 89 | *************************************************************************/ 90 | 91 | #define _pam_forget(X) if (X) {memset(X, 0, strlen(X));free(X);X = NULL;} 92 | #ifndef _pam_drop 93 | #define _pam_drop(X) if (X) {free(X);X = NULL;} 94 | #endif 95 | 96 | #define PAM_DEBUG_ARG 1 97 | #define PAM_SKIP_PASSWD 2 98 | #define PAM_USE_FIRST_PASS 4 99 | #define PAM_TRY_FIRST_PASS 8 100 | #define PAM_RUSER_ARG 16 101 | 102 | 103 | /* buffer size for IP address in string form */ 104 | #define MAX_IP_LEN 16 105 | 106 | /* Module defines */ 107 | #ifndef BUFFER_SIZE 108 | #define BUFFER_SIZE 1024 109 | #endif /* BUFFER_SIZE */ 110 | #define MAXPWNAM 253 /* maximum user name length. Server dependent, 111 | * this is the default value 112 | */ 113 | #define MAXPASS 128 /* max password length. Again, depends on server 114 | * compiled in. This is the default. 115 | */ 116 | #ifndef CONF_FILE /* the configuration file holding the server secret */ 117 | #define CONF_FILE "/etc/pam_radius_auth.conf" 118 | #endif /* CONF_FILE */ 119 | 120 | #ifndef FALSE 121 | #define FALSE 0 122 | #undef TRUE 123 | #define TRUE !FALSE 124 | #endif 125 | 126 | /** Should be placed before the function return type 127 | * 128 | */ 129 | #define NEVER_RETURNS _Noreturn 130 | #define UNUSED CC_HINT(unused) 131 | 132 | /* 133 | * Only use GCC __attribute__ if were building with a GCClike 134 | * compiler. 135 | */ 136 | #ifdef __GNUC__ 137 | # define CC_HINT(...) __attribute__ ((__VA_ARGS__)) 138 | # define likely(_x) __builtin_expect((_x), 1) 139 | # define unlikely(_x) __builtin_expect((_x), 0) 140 | #else 141 | # define CC_HINT(...) 142 | # define likely(_x) _x 143 | # define unlikely(_x) _x 144 | #endif 145 | 146 | /** Should be placed before the function return type 147 | * 148 | */ 149 | #define UNUSED CC_HINT(unused) 150 | 151 | /************************************************************************* 152 | * Additional RADIUS definitions 153 | *************************************************************************/ 154 | 155 | /* Per-attribute structure */ 156 | typedef struct attribute_t { 157 | unsigned char attribute; 158 | unsigned char length; 159 | unsigned char data[1]; 160 | } attribute_t; 161 | 162 | typedef struct radius_server_t { 163 | struct radius_server_t *next; 164 | struct sockaddr_storage ip_storage; 165 | struct sockaddr *ip; 166 | char *hostname; 167 | char *secret; 168 | int timeout; 169 | int accounting; 170 | int sockfd; 171 | int sockfd6; 172 | char vrf[IFNAMSIZ]; 173 | } radius_server_t; 174 | 175 | typedef struct radius_conf_t { 176 | radius_server_t *server; 177 | int retries; 178 | int use_ipv4; 179 | int use_ipv6; 180 | int localifdown; 181 | CONST char *client_id; 182 | int force_prompt; 183 | int max_challenge; 184 | int sockfd; 185 | int sockfd6; 186 | int debug; 187 | CONST char *conf_file; 188 | char prompt[MAXPROMPT]; 189 | int prompt_attribute; 190 | int privilege_level; 191 | int require_message_authenticator; 192 | uint8_t *message_authenticator; 193 | char hostname[MAXHOSTNAMELEN + 1]; 194 | } radius_conf_t; 195 | 196 | #endif /* PAM_RADIUS_H */ 197 | -------------------------------------------------------------------------------- /src/radius.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * RADIUS 4 | * Remote Authentication Dial In User Service 5 | * 6 | * 7 | * Livingston Enterprises, Inc. 8 | * 6920 Koll Center Parkway 9 | * Pleasanton, CA 94566 10 | * 11 | * Copyright 1992 Livingston Enterprises, Inc. 12 | * 13 | * Permission to use, copy, modify, and distribute this software for any 14 | * purpose and without fee is hereby granted, provided that this 15 | * copyright and permission notice appear on all copies and supporting 16 | * documentation, the name of Livingston Enterprises, Inc. not be used 17 | * in advertising or publicity pertaining to distribution of the 18 | * program without specific prior permission, and notice be given 19 | * in supporting documentation that copying and distribution is by 20 | * permission of Livingston Enterprises, Inc. 21 | * 22 | * Livingston Enterprises, Inc. makes no representations about 23 | * the suitability of this software for any purpose. It is 24 | * provided "as is" without express or implied warranty. 25 | * 26 | */ 27 | 28 | /* 29 | * @(#)radius.h 1.9 11/14/94 30 | */ 31 | #ifndef RADIUS_H 32 | #define RADIUS_H 33 | 34 | #define AUTH_VECTOR_LEN 16 35 | #define AUTH_PASS_LEN 16 36 | #define AUTH_STRING_LEN 128 /* maximum of 254 */ 37 | 38 | typedef struct pw_auth_hdr { 39 | uint8_t code; 40 | uint8_t id; 41 | uint16_t length; 42 | uint8_t vector[AUTH_VECTOR_LEN]; 43 | uint8_t data[2]; 44 | } AUTH_HDR; 45 | 46 | #define AUTH_HDR_LEN 20 47 | #define CHAP_VALUE_LENGTH 16 48 | 49 | #define PW_AUTH_UDP_PORT 1645 50 | #define PW_ACCT_UDP_PORT 1646 51 | 52 | #define PW_TYPE_STRING 0 53 | #define PW_TYPE_INTEGER 1 54 | #define PW_TYPE_IPADDR 2 55 | #define PW_TYPE_DATE 3 56 | 57 | 58 | #define PW_ACCESS_REQUEST 1 59 | #define PW_ACCESS_ACCEPT 2 60 | #define PW_ACCESS_REJECT 3 61 | #define PW_ACCOUNTING_REQUEST 4 62 | #define PW_ACCOUNTING_RESPONSE 5 63 | #define PW_ACCOUNTING_STATUS 6 64 | #define PW_ACCOUNTING_MESSAGE 10 65 | #define PW_ACCESS_CHALLENGE 11 66 | 67 | #define PW_USER_NAME 1 68 | #define PW_USER_PASSWORD 2 69 | #define PW_CHAP_PASSWORD 3 70 | #define PW_NAS_IP_ADDRESS 4 71 | #define PW_NAS_PORT_ID 5 72 | #define PW_USER_SERVICE_TYPE 6 73 | #define PW_FRAMED_PROTOCOL 7 74 | #define PW_FRAMED_ADDRESS 8 75 | #define PW_FRAMED_NETMASK 9 76 | #define PW_FRAMED_ROUTING 10 77 | #define PW_FRAMED_FILTER_ID 11 78 | #define PW_FRAMED_MTU 12 79 | #define PW_FRAMED_COMPRESSION 13 80 | #define PW_LOGIN_HOST 14 81 | #define PW_LOGIN_SERVICE 15 82 | #define PW_LOGIN_TCP_PORT 16 83 | #define PW_REPLY_MESSAGE 18 84 | #define PW_CALLBACK_NUMBER 19 85 | #define PW_CALLBACK_ID 20 86 | #define PW_EXPIRATION 21 87 | #define PW_FRAMED_ROUTE 22 88 | #define PW_FRAMED_IPXNET 23 89 | #define PW_STATE 24 90 | #define PW_CLASS 25 /* string */ 91 | #define PW_VENDOR_SPECIFIC 26 /* vendor */ 92 | #define PW_SESSION_TIMEOUT 27 /* integer */ 93 | #define PW_IDLE_TIMEOUT 28 /* integer */ 94 | #define PW_TERMINATION_ACTION 29 /* integer */ 95 | #define PW_CALLED_STATION_ID 30 /* string */ 96 | #define PW_CALLING_STATION_ID 31 /* string */ 97 | #define PW_NAS_IDENTIFIER 32 /* string */ 98 | #define PW_PROXY_STATE 33 /* string */ 99 | #define PW_LOGIN_LAT_SERVICE 34 /* string */ 100 | #define PW_LOGIN_LAT_NODE 35 /* string */ 101 | #define PW_LOGIN_LAT_GROUP 36 /* string */ 102 | #define PW_FRAMED_APPLETALK_LINK 37 /* integer */ 103 | #define PW_FRAMED_APPLETALK_NETWORK 38 /* integer */ 104 | #define PW_FRAMED_APPLETALK_ZONE 39 /* string */ 105 | 106 | #define PW_ACCT_STATUS_TYPE 40 107 | #define PW_ACCT_DELAY_TIME 41 108 | #define PW_ACCT_INPUT_OCTETS 42 109 | #define PW_ACCT_OUTPUT_OCTETS 43 110 | #define PW_ACCT_SESSION_ID 44 111 | #define PW_ACCT_AUTHENTIC 45 112 | #define PW_ACCT_SESSION_TIME 46 113 | 114 | #define PW_CHAP_CHALLENGE 60 /* string */ 115 | #define PW_NAS_PORT_TYPE 61 /* integer */ 116 | #define PW_PORT_LIMIT 62 /* integer */ 117 | #define PW_LOGIN_LAT_PORT 63 /* string */ 118 | #define PW_PROMPT 76 /* integer */ 119 | 120 | #define PW_MESSAGE_AUTHENTICATOR 80 /* octets */ 121 | 122 | #define PW_MANAGEMENT_PRIVILEGE_LEVEL 136 /* integer */ 123 | 124 | #define PW_NAS_IPV6_ADDRESS 95 /* octets */ 125 | 126 | /* 127 | * INTEGER TRANSLATIONS 128 | */ 129 | 130 | /* USER TYPES */ 131 | 132 | #define PW_LOGIN_USER 1 133 | #define PW_FRAMED_USER 2 134 | #define PW_DIALBACK_LOGIN_USER 3 135 | #define PW_DIALBACK_FRAMED_USER 4 136 | #define PW_OUTBOUND_USER 5 137 | #define PW_SHELL_USER 6 138 | 139 | /* FRAMED PROTOCOLS */ 140 | 141 | #define PW_PPP 1 142 | #define PW_SLIP 2 143 | 144 | /* FRAMED ROUTING VALUES */ 145 | 146 | #define PW_NONE 0 147 | #define PW_BROADCAST 1 148 | #define PW_LISTEN 2 149 | #define PW_BROADCAST_LISTEN 3 150 | 151 | /* NAS PORT TYPES */ 152 | #define PW_NAS_PORT_TYPE_VIRTUAL 5 153 | 154 | /* FRAMED COMPRESSION TYPES */ 155 | 156 | #define PW_VAN_JACOBSEN_TCP_IP 1 157 | 158 | /* LOGIN SERVICES */ 159 | 160 | #define PW_TELNET 0 161 | #define PW_RLOGIN 1 162 | #define PW_TCP_CLEAR 2 163 | #define PW_PORTMASTER 3 164 | #define PW_AUTHENTICATE_ONLY 8 165 | 166 | /* AUTHENTICATION LEVEL */ 167 | 168 | #define PW_AUTH_NONE 0 169 | #define PW_AUTH_RADIUS 1 170 | #define PW_AUTH_LOCAL 2 171 | 172 | /* STATUS TYPES */ 173 | 174 | #define PW_STATUS_START 1 175 | #define PW_STATUS_STOP 2 176 | #define PW_STATUS_ALIVE 3 177 | 178 | #endif /* RADIUS_H */ 179 | -------------------------------------------------------------------------------- /USAGE: -------------------------------------------------------------------------------- 1 | The module takes a number of configuration options. Password changing 2 | is not implemented, as the RADIUS protocol does not support it. 3 | 4 | The pam configuration can be: 5 | ... 6 | auth sufficient pam_radius_auth.so [options] 7 | ... 8 | account sufficient pam_radius_auth.so 9 | 10 | --------------------------------------------------------------------------- 11 | 12 | The 'options' section is optional, and can contain one or more of 13 | the following strings. Note that not all of these options are 14 | relevant in for all uses of the module. 15 | 16 | debug - print out extensive debugging information via pam_log. 17 | These messages generally end up being handled by 18 | syslog(), and go to /var/log/messages. Depending on 19 | your host operating system, the log messages may be 20 | elsewhere. 21 | You should generally use the debug option when first 22 | trying to install the module, as it will help 23 | enormously in tracking down problems. 24 | 25 | use_first_pass - Instead of prompting the user for a password, retrieve 26 | the password from the previous authentication module. 27 | If the password does not exist, return failure. 28 | If the password exists, try it, returning success/failure 29 | as appropriate. 30 | 31 | try_first_pass - Instead of prompting the user for a password, retrieve 32 | the password from the previous authentication module. 33 | If the password exists, try it, and return success if it 34 | passes. 35 | If there was no previous password, or the previous password 36 | fails authentication, prompt the user with 37 | "Enter RADIUS password: ", and ask for another password. 38 | Try this password, and return success/failure as appropriate. 39 | 40 | This is the default for authentication. 41 | 42 | skip_passwd - Do not prompt for a password, even if there was none 43 | retrieved from the previous layer. 44 | Send the previous one (if it exists), or else send a NULL 45 | password. 46 | If this fails, exit. 47 | If an Access-Challenge is returned, display the challenge 48 | message, and ask the user for the response. 49 | Return success/failure as appropriate. 50 | 51 | The password sent to the next authentication module will 52 | NOT be the response to the challenge. If a password from 53 | a previous authentication module exists, it is passed on. 54 | Otherwise, no password is sent to the next module. 55 | 56 | conf=foo - set the configuration filename to 'foo'. 57 | Default is /etc/pam_radius_auth.conf 58 | 59 | client_id=bar - send a NAS-Identifier RADIUS attribute with string 60 | 'bar'. If the client_id is not specified, the PAM_SERVICE 61 | type is used instead. ('login', 'su', 'passwd', etc.) 62 | This feature may be disabled by using 'client_id='. 63 | i.e. A blank client ID. 64 | 65 | hostname=foo - use the given value for the host name instead of the 66 | value returned by gethostname(). 67 | This value is used to do a DNS lookup to set 68 | NAS-IP-Address and/or the NAS-IPv6-Address. 69 | 70 | retry=# - How many times to re-send a packet if there is no 71 | response. Once the retry count has been reached, 72 | the module fails, and PAM continues to the next module. 73 | 74 | use_authtok - force the use of a previously entered password. 75 | This is needed for pluggable password strength checking 76 | i.e. try cracklib to be sure it's secure, then go update 77 | the RADIUS server. 78 | 79 | ruser - If PAM_USER is root, Use the value of PAM_RUSER instead 80 | of PAM_USER to determine the username to authenticate via 81 | RADIUS. This is to allow 'su' to act like 'sudo'. 82 | 83 | localifdown - This option tells pam_radius to return PAM_IGNORE instead 84 | of PAM_AUTHINFO_UNAVAIL if RADIUS auth failed due to 85 | network unavailability. PAM_IGNORE tells the pam stack 86 | to continue down the stack regardless of the control flag. 87 | 88 | prompt=string - Specifies the prompt, without the ': ', that PAM should 89 | display when prompting for the password. This is useful 90 | when using hardware tokens as part of multi-factor 91 | authentication and presenting the same prompt twice would 92 | confuse users. Use prompt=TokenCode (or some other 93 | relevant string different from Password) in this 94 | situation. 95 | 96 | force_prompt - Request a new password and not using the previously entered 97 | password. This useful for multi-factor authentication 98 | when used with a Token. 99 | 100 | max_challenge=# - configure maximum number of challenges that a server 101 | may request. This is a workaround for broken servers 102 | and disabled by default. 103 | 104 | prompt_attribute - Enable honoring of Prompt attribute sent from server for 105 | challenge-response to enable/disable of echoing of user 106 | input. Without this option all user input during 107 | challenge-response will be echoed. See RFC2869 Section 5.10 108 | 109 | require_message_authenticator - Discard Access-Accept, Access-Challenge, and 110 | Access-Reject packets which do not contain Message-Authenticator. 111 | 112 | ipv4=no - Disable use of IPv4 113 | 114 | ipv6=no - Disable use of IPv6 115 | 116 | privilege_level - If set, the value of the Management-Privilege-Level RADIUS 117 | attribute from the Access-Accept response will be put in to 118 | the "Privilege" environment variable. 119 | 120 | --------------------------------------------------------------------------- 121 | 122 | -------------------------------------------------------------------------------- /install-sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # install - install a program, script, or datafile 4 | # This comes from X11R5 (mit/util/scripts/install.sh). 5 | # 6 | # Copyright 1991 by the Massachusetts Institute of Technology 7 | # 8 | # Permission to use, copy, modify, distribute, and sell this software and its 9 | # documentation for any purpose is hereby granted without fee, provided that 10 | # the above copyright notice appear in all copies and that both that 11 | # copyright notice and this permission notice appear in supporting 12 | # documentation, and that the name of M.I.T. not be used in advertising or 13 | # publicity pertaining to distribution of the software without specific, 14 | # written prior permission. M.I.T. makes no representations about the 15 | # suitability of this software for any purpose. It is provided "as is" 16 | # without express or implied warranty. 17 | # 18 | # Calling this script install-sh is preferred over install.sh, to prevent 19 | # `make' implicit rules from creating a file called install from it 20 | # when there is no Makefile. 21 | # 22 | # This script is compatible with the BSD install script, but was written 23 | # from scratch. It can only install one file at a time, a restriction 24 | # shared with many OS's install programs. 25 | 26 | 27 | # set DOITPROG to echo to test this script 28 | 29 | # Don't use :- since 4.3BSD and earlier shells don't like it. 30 | doit="${DOITPROG-}" 31 | 32 | 33 | # put in absolute paths if you don't have them in your path; or use env. vars. 34 | 35 | mvprog="${MVPROG-mv}" 36 | cpprog="${CPPROG-cp}" 37 | chmodprog="${CHMODPROG-chmod}" 38 | chownprog="${CHOWNPROG-chown}" 39 | chgrpprog="${CHGRPPROG-chgrp}" 40 | stripprog="${STRIPPROG-strip}" 41 | rmprog="${RMPROG-rm}" 42 | mkdirprog="${MKDIRPROG-mkdir}" 43 | 44 | transformbasename="" 45 | transform_arg="" 46 | instcmd="$mvprog" 47 | chmodcmd="$chmodprog 0755" 48 | chowncmd="" 49 | chgrpcmd="" 50 | stripcmd="" 51 | rmcmd="$rmprog -f" 52 | mvcmd="$mvprog" 53 | src="" 54 | dst="" 55 | dir_arg="" 56 | 57 | while [ x"$1" != x ]; do 58 | case $1 in 59 | -c) instcmd="$cpprog" 60 | shift 61 | continue;; 62 | 63 | -d) dir_arg=true 64 | shift 65 | continue;; 66 | 67 | -m) chmodcmd="$chmodprog $2" 68 | shift 69 | shift 70 | continue;; 71 | 72 | -o) chowncmd="$chownprog $2" 73 | shift 74 | shift 75 | continue;; 76 | 77 | -g) chgrpcmd="$chgrpprog $2" 78 | shift 79 | shift 80 | continue;; 81 | 82 | -s) stripcmd="$stripprog" 83 | shift 84 | continue;; 85 | 86 | -t=*) transformarg=`echo $1 | sed 's/-t=//'` 87 | shift 88 | continue;; 89 | 90 | -b=*) transformbasename=`echo $1 | sed 's/-b=//'` 91 | shift 92 | continue;; 93 | 94 | *) if [ x"$src" = x ] 95 | then 96 | src=$1 97 | else 98 | # this colon is to work around a 386BSD /bin/sh bug 99 | : 100 | dst=$1 101 | fi 102 | shift 103 | continue;; 104 | esac 105 | done 106 | 107 | if [ x"$src" = x ] 108 | then 109 | echo "install: no input file specified" 110 | exit 1 111 | else 112 | true 113 | fi 114 | 115 | if [ x"$dir_arg" != x ]; then 116 | dst=$src 117 | src="" 118 | 119 | if [ -d $dst ]; then 120 | instcmd=: 121 | chmodcmd="" 122 | else 123 | instcmd=mkdir 124 | fi 125 | else 126 | 127 | # Waiting for this to be detected by the "$instcmd $src $dsttmp" command 128 | # might cause directories to be created, which would be especially bad 129 | # if $src (and thus $dsttmp) contains '*'. 130 | 131 | if [ -f $src -o -d $src ] 132 | then 133 | true 134 | else 135 | echo "install: $src does not exist" 136 | exit 1 137 | fi 138 | 139 | if [ x"$dst" = x ] 140 | then 141 | echo "install: no destination specified" 142 | exit 1 143 | else 144 | true 145 | fi 146 | 147 | # If destination is a directory, append the input filename; if your system 148 | # does not like double slashes in filenames, you may need to add some logic 149 | 150 | if [ -d $dst ] 151 | then 152 | dst="$dst"/`basename $src` 153 | else 154 | true 155 | fi 156 | fi 157 | 158 | ## this sed command emulates the dirname command 159 | dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` 160 | 161 | # Make sure that the destination directory exists. 162 | # this part is taken from Noah Friedman's mkinstalldirs script 163 | 164 | # Skip lots of stat calls in the usual case. 165 | if [ ! -d "$dstdir" ]; then 166 | defaultIFS=' 167 | ' 168 | IFS="${IFS-${defaultIFS}}" 169 | 170 | oIFS="${IFS}" 171 | # Some sh's can't handle IFS=/ for some reason. 172 | IFS='%' 173 | set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` 174 | IFS="${oIFS}" 175 | 176 | pathcomp='' 177 | 178 | while [ $# -ne 0 ] ; do 179 | pathcomp="${pathcomp}${1}" 180 | shift 181 | 182 | if [ ! -d "${pathcomp}" ] ; 183 | then 184 | $mkdirprog "${pathcomp}" 185 | else 186 | true 187 | fi 188 | 189 | pathcomp="${pathcomp}/" 190 | done 191 | fi 192 | 193 | if [ x"$dir_arg" != x ] 194 | then 195 | $doit $instcmd $dst && 196 | 197 | if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && 198 | if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && 199 | if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && 200 | if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi 201 | else 202 | 203 | # If we're going to rename the final executable, determine the name now. 204 | 205 | if [ x"$transformarg" = x ] 206 | then 207 | dstfile=`basename $dst` 208 | else 209 | dstfile=`basename $dst $transformbasename | 210 | sed $transformarg`$transformbasename 211 | fi 212 | 213 | # don't allow the sed command to completely eliminate the filename 214 | 215 | if [ x"$dstfile" = x ] 216 | then 217 | dstfile=`basename $dst` 218 | else 219 | true 220 | fi 221 | 222 | # Make a temp file name in the proper directory. 223 | 224 | dsttmp=$dstdir/#inst.$$# 225 | 226 | # Move or copy the file name to the temp name 227 | 228 | $doit $instcmd $src $dsttmp && 229 | 230 | trap "rm -f ${dsttmp}" 0 && 231 | 232 | # and set any options; do chmod last to preserve setuid bits 233 | 234 | # If any of these fail, we abort the whole thing. If we want to 235 | # ignore errors from any of these, just make sure not to ignore 236 | # errors from the above "$doit $instcmd $src $dsttmp" command. 237 | 238 | if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && 239 | if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && 240 | if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && 241 | if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && 242 | 243 | # Now rename the file to the real destination. 244 | 245 | $doit $rmcmd -f $dstdir/$dstfile && 246 | $doit $mvcmd $dsttmp $dstdir/$dstfile 247 | 248 | fi && 249 | 250 | 251 | exit 0 252 | -------------------------------------------------------------------------------- /m4/ax_compare_version.m4: -------------------------------------------------------------------------------- 1 | # =========================================================================== 2 | # http://www.gnu.org/software/autoconf-archive/ax_compare_version.html 3 | # =========================================================================== 4 | # 5 | # SYNOPSIS 6 | # 7 | # AX_COMPARE_VERSION(VERSION_A, OP, VERSION_B, [ACTION-IF-TRUE], [ACTION-IF-FALSE]) 8 | # 9 | # DESCRIPTION 10 | # 11 | # This macro compares two version strings. Due to the various number of 12 | # minor-version numbers that can exist, and the fact that string 13 | # comparisons are not compatible with numeric comparisons, this is not 14 | # necessarily trivial to do in a autoconf script. This macro makes doing 15 | # these comparisons easy. 16 | # 17 | # The six basic comparisons are available, as well as checking equality 18 | # limited to a certain number of minor-version levels. 19 | # 20 | # The operator OP determines what type of comparison to do, and can be one 21 | # of: 22 | # 23 | # eq - equal (test A == B) 24 | # ne - not equal (test A != B) 25 | # le - less than or equal (test A <= B) 26 | # ge - greater than or equal (test A >= B) 27 | # lt - less than (test A < B) 28 | # gt - greater than (test A > B) 29 | # 30 | # Additionally, the eq and ne operator can have a number after it to limit 31 | # the test to that number of minor versions. 32 | # 33 | # eq0 - equal up to the length of the shorter version 34 | # ne0 - not equal up to the length of the shorter version 35 | # eqN - equal up to N sub-version levels 36 | # neN - not equal up to N sub-version levels 37 | # 38 | # When the condition is true, shell commands ACTION-IF-TRUE are run, 39 | # otherwise shell commands ACTION-IF-FALSE are run. The environment 40 | # variable 'ax_compare_version' is always set to either 'true' or 'false' 41 | # as well. 42 | # 43 | # Examples: 44 | # 45 | # AX_COMPARE_VERSION([3.15.7],[lt],[3.15.8]) 46 | # AX_COMPARE_VERSION([3.15],[lt],[3.15.8]) 47 | # 48 | # would both be true. 49 | # 50 | # AX_COMPARE_VERSION([3.15.7],[eq],[3.15.8]) 51 | # AX_COMPARE_VERSION([3.15],[gt],[3.15.8]) 52 | # 53 | # would both be false. 54 | # 55 | # AX_COMPARE_VERSION([3.15.7],[eq2],[3.15.8]) 56 | # 57 | # would be true because it is only comparing two minor versions. 58 | # 59 | # AX_COMPARE_VERSION([3.15.7],[eq0],[3.15]) 60 | # 61 | # would be true because it is only comparing the lesser number of minor 62 | # versions of the two values. 63 | # 64 | # Note: The characters that separate the version numbers do not matter. An 65 | # empty string is the same as version 0. OP is evaluated by autoconf, not 66 | # configure, so must be a string, not a variable. 67 | # 68 | # The author would like to acknowledge Guido Draheim whose advice about 69 | # the m4_case and m4_ifvaln functions make this macro only include the 70 | # portions necessary to perform the specific comparison specified by the 71 | # OP argument in the final configure script. 72 | # 73 | # LICENSE 74 | # 75 | # Copyright (c) 2008 Tim Toolan 76 | # 77 | # Copying and distribution of this file, with or without modification, are 78 | # permitted in any medium without royalty provided the copyright notice 79 | # and this notice are preserved. This file is offered as-is, without any 80 | # warranty. 81 | 82 | #serial 11 83 | 84 | dnl ######################################################################### 85 | AC_DEFUN([AX_COMPARE_VERSION], [ 86 | AC_REQUIRE([AC_PROG_AWK]) 87 | 88 | # Used to indicate true or false condition 89 | ax_compare_version=false 90 | 91 | # Convert the two version strings to be compared into a format that 92 | # allows a simple string comparison. The end result is that a version 93 | # string of the form 1.12.5-r617 will be converted to the form 94 | # 0001001200050617. In other words, each number is zero padded to four 95 | # digits, and non digits are removed. 96 | AS_VAR_PUSHDEF([A],[ax_compare_version_A]) 97 | A=`echo "$1" | sed -e 's/\([[0-9]]*\)/Z\1Z/g' \ 98 | -e 's/Z\([[0-9]]\)Z/Z0\1Z/g' \ 99 | -e 's/Z\([[0-9]][[0-9]]\)Z/Z0\1Z/g' \ 100 | -e 's/Z\([[0-9]][[0-9]][[0-9]]\)Z/Z0\1Z/g' \ 101 | -e 's/[[^0-9]]//g'` 102 | 103 | AS_VAR_PUSHDEF([B],[ax_compare_version_B]) 104 | B=`echo "$3" | sed -e 's/\([[0-9]]*\)/Z\1Z/g' \ 105 | -e 's/Z\([[0-9]]\)Z/Z0\1Z/g' \ 106 | -e 's/Z\([[0-9]][[0-9]]\)Z/Z0\1Z/g' \ 107 | -e 's/Z\([[0-9]][[0-9]][[0-9]]\)Z/Z0\1Z/g' \ 108 | -e 's/[[^0-9]]//g'` 109 | 110 | dnl # In the case of le, ge, lt, and gt, the strings are sorted as necessary 111 | dnl # then the first line is used to determine if the condition is true. 112 | dnl # The sed right after the echo is to remove any indented white space. 113 | m4_case(m4_tolower($2), 114 | [lt],[ 115 | ax_compare_version=`echo "x$A 116 | x$B" | sed 's/^ *//' | sort -r | sed "s/x${A}/false/;s/x${B}/true/;1q"` 117 | ], 118 | [gt],[ 119 | ax_compare_version=`echo "x$A 120 | x$B" | sed 's/^ *//' | sort | sed "s/x${A}/false/;s/x${B}/true/;1q"` 121 | ], 122 | [le],[ 123 | ax_compare_version=`echo "x$A 124 | x$B" | sed 's/^ *//' | sort | sed "s/x${A}/true/;s/x${B}/false/;1q"` 125 | ], 126 | [ge],[ 127 | ax_compare_version=`echo "x$A 128 | x$B" | sed 's/^ *//' | sort -r | sed "s/x${A}/true/;s/x${B}/false/;1q"` 129 | ],[ 130 | dnl Split the operator from the subversion count if present. 131 | m4_bmatch(m4_substr($2,2), 132 | [0],[ 133 | # A count of zero means use the length of the shorter version. 134 | # Determine the number of characters in A and B. 135 | ax_compare_version_len_A=`echo "$A" | $AWK '{print(length)}'` 136 | ax_compare_version_len_B=`echo "$B" | $AWK '{print(length)}'` 137 | 138 | # Set A to no more than B's length and B to no more than A's length. 139 | A=`echo "$A" | sed "s/\(.\{$ax_compare_version_len_B\}\).*/\1/"` 140 | B=`echo "$B" | sed "s/\(.\{$ax_compare_version_len_A\}\).*/\1/"` 141 | ], 142 | [[0-9]+],[ 143 | # A count greater than zero means use only that many subversions 144 | A=`echo "$A" | sed "s/\(\([[0-9]]\{4\}\)\{m4_substr($2,2)\}\).*/\1/"` 145 | B=`echo "$B" | sed "s/\(\([[0-9]]\{4\}\)\{m4_substr($2,2)\}\).*/\1/"` 146 | ], 147 | [.+],[ 148 | AC_WARNING( 149 | [illegal OP numeric parameter: $2]) 150 | ],[]) 151 | 152 | # Pad zeros at end of numbers to make same length. 153 | ax_compare_version_tmp_A="$A`echo $B | sed 's/./0/g'`" 154 | B="$B`echo $A | sed 's/./0/g'`" 155 | A="$ax_compare_version_tmp_A" 156 | 157 | # Check for equality or inequality as necessary. 158 | m4_case(m4_tolower(m4_substr($2,0,2)), 159 | [eq],[ 160 | test "x$A" = "x$B" && ax_compare_version=true 161 | ], 162 | [ne],[ 163 | test "x$A" != "x$B" && ax_compare_version=true 164 | ],[ 165 | AC_WARNING([illegal OP parameter: $2]) 166 | ]) 167 | ]) 168 | 169 | AS_VAR_POPDEF([A])dnl 170 | AS_VAR_POPDEF([B])dnl 171 | 172 | dnl # Execute ACTION-IF-TRUE / ACTION-IF-FALSE. 173 | if test "$ax_compare_version" = "true" ; then 174 | m4_ifvaln([$4],[$4],[:])dnl 175 | m4_ifvaln([$5],[else $5])dnl 176 | fi 177 | ]) dnl AX_COMPARE_VERSION 178 | -------------------------------------------------------------------------------- /src/config.h.in: -------------------------------------------------------------------------------- 1 | /* src/config.h.in. Generated from configure.ac by autoheader. */ 2 | 3 | /* Define if building universal (internal helper macro) */ 4 | #undef AC_APPLE_UNIVERSAL_BUILD 5 | 6 | /* Define if your processor stores words with the most significant byte first 7 | */ 8 | #undef AC_BIG_ENDIAN 9 | 10 | /* Define if your processor stores words with the least significant byte first 11 | */ 12 | #undef AC_LITTLE_ENDIAN 13 | 14 | /* Define to 1 if you have the header file. */ 15 | #undef HAVE_CTYPE_H 16 | 17 | /* Define to 1 if you have the header file. */ 18 | #undef HAVE_ERRNO_H 19 | 20 | /* Define to 1 if you have the header file. */ 21 | #undef HAVE_FCNTL_H 22 | 23 | /* Define to 1 if you have the `inet_aton' function. */ 24 | #undef HAVE_INET_ATON 25 | 26 | /* Define to 1 if you have the `inet_ntop' function. */ 27 | #undef HAVE_INET_NTOP 28 | 29 | /* Define to 1 if you have the `inet_pton' function. */ 30 | #undef HAVE_INET_PTON 31 | 32 | /* Define to 1 if you have the header file. */ 33 | #undef HAVE_INTTYPES_H 34 | 35 | /* Define to 1 if you have the `nsl' library (-lnsl). */ 36 | #undef HAVE_LIBNSL 37 | 38 | /* Define to 1 if you have the `resolv' library (-lresolv). */ 39 | #undef HAVE_LIBRESOLV 40 | 41 | /* Define to 1 if you have the header file. */ 42 | #undef HAVE_LIMITS_H 43 | 44 | /* Define to 1 if you have the header file. */ 45 | #undef HAVE_MALLOC_H 46 | 47 | /* Define to 1 if you have the header file. */ 48 | #undef HAVE_MEMORY_H 49 | 50 | /* Define to 1 if you have the header file. */ 51 | #undef HAVE_NETDB_H 52 | 53 | /* Define to 1 if you have the header file. */ 54 | #undef HAVE_NETINET_IN_H 55 | 56 | /* Define to 1 if you have the header file. */ 57 | #undef HAVE_NET_IF_H 58 | 59 | /* Define to 1 if you have the header file. */ 60 | #undef HAVE_PAM_PAM_APPL_H 61 | 62 | /* Define to 1 if you have the header file. */ 63 | #undef HAVE_PAM_PAM_MODULES_H 64 | 65 | /* Define to 1 if you have the header file. */ 66 | #undef HAVE_POLL_H 67 | 68 | /* Define to 1 if you have the header file. */ 69 | #undef HAVE_SECURITY_PAM_APPL_H 70 | 71 | /* Define to 1 if you have the header file. */ 72 | #undef HAVE_SECURITY_PAM_MODULES_H 73 | 74 | /* Define to 1 if you have the `snprintf' function. */ 75 | #undef HAVE_SNPRINTF 76 | 77 | /* Define to 1 if you have the header file. */ 78 | #undef HAVE_STDARG_H 79 | 80 | /* Define to 1 if you have the header file. */ 81 | #undef HAVE_STDINT_H 82 | 83 | /* Define to 1 if you have the header file. */ 84 | #undef HAVE_STDIO_H 85 | 86 | /* Define to 1 if you have the header file. */ 87 | #undef HAVE_STDLIB_H 88 | 89 | /* Define to 1 if you have the header file. */ 90 | #undef HAVE_STRINGS_H 91 | 92 | /* Define to 1 if you have the header file. */ 93 | #undef HAVE_STRING_H 94 | 95 | /* Define to 1 if you have the `strlcat' function. */ 96 | #undef HAVE_STRLCAT 97 | 98 | /* Define to 1 if you have the `strlcpy' function. */ 99 | #undef HAVE_STRLCPY 100 | 101 | /* IPv6 address structure */ 102 | #undef HAVE_STRUCT_IN6_ADDR 103 | 104 | /* Define to 1 if you have the header file. */ 105 | #undef HAVE_SYSLOG_H 106 | 107 | /* Define to 1 if you have the header file. */ 108 | #undef HAVE_SYS_PARAM_H 109 | 110 | /* Define to 1 if you have the header file. */ 111 | #undef HAVE_SYS_RESOURCE_H 112 | 113 | /* Define to 1 if you have the header file. */ 114 | #undef HAVE_SYS_SOCKET_H 115 | 116 | /* Define to 1 if you have the header file. */ 117 | #undef HAVE_SYS_STAT_H 118 | 119 | /* Define to 1 if you have the header file. */ 120 | #undef HAVE_SYS_TIME_H 121 | 122 | /* Define to 1 if you have the header file. */ 123 | #undef HAVE_SYS_TYPES_H 124 | 125 | /* Define to 1 if you have the header file. */ 126 | #undef HAVE_TIME_H 127 | 128 | /* Define to 1 if you have the header file. */ 129 | #undef HAVE_UNISTD_H 130 | 131 | /* Define to the address where bug reports for this package should be sent. */ 132 | #undef PACKAGE_BUGREPORT 133 | 134 | /* Define to the full name of this package. */ 135 | #undef PACKAGE_NAME 136 | 137 | /* Define to the full name and version of this package. */ 138 | #undef PACKAGE_STRING 139 | 140 | /* Define to the one symbol short name of this package. */ 141 | #undef PACKAGE_TARNAME 142 | 143 | /* Define to the home page for this package. */ 144 | #undef PACKAGE_URL 145 | 146 | /* Define to the version of this package. */ 147 | #undef PACKAGE_VERSION 148 | 149 | /* Version integer in format */ 150 | #undef PAM_RADIUS_VERSION 151 | 152 | /* Raw version string from VERSION file */ 153 | #undef PAM_RADIUS_VERSION_STRING 154 | 155 | /* Define to 1 if you have the ANSI C header files. */ 156 | #undef STDC_HEADERS 157 | 158 | /* Enable extensions on AIX 3, Interix. */ 159 | #ifndef _ALL_SOURCE 160 | # undef _ALL_SOURCE 161 | #endif 162 | /* Enable GNU extensions on systems that have them. */ 163 | #ifndef _GNU_SOURCE 164 | # undef _GNU_SOURCE 165 | #endif 166 | /* Enable threading extensions on Solaris. */ 167 | #ifndef _POSIX_PTHREAD_SEMANTICS 168 | # undef _POSIX_PTHREAD_SEMANTICS 169 | #endif 170 | /* Enable extensions on HP NonStop. */ 171 | #ifndef _TANDEM_SOURCE 172 | # undef _TANDEM_SOURCE 173 | #endif 174 | /* Enable general extensions on Solaris. */ 175 | #ifndef __EXTENSIONS__ 176 | # undef __EXTENSIONS__ 177 | #endif 178 | 179 | 180 | /* define if pam_radius was built with -DNDEBUG */ 181 | #undef WITH_NDEBUG 182 | 183 | /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most 184 | significant byte first (like Motorola and SPARC, unlike Intel). */ 185 | #if defined AC_APPLE_UNIVERSAL_BUILD 186 | # if defined __BIG_ENDIAN__ 187 | # define WORDS_BIGENDIAN 1 188 | # endif 189 | #else 190 | # ifndef WORDS_BIGENDIAN 191 | # undef WORDS_BIGENDIAN 192 | # endif 193 | #endif 194 | 195 | /* Define to 1 if on MINIX. */ 196 | #undef _MINIX 197 | 198 | /* Define to 2 if the system does not provide POSIX.1 features except with 199 | this defined. */ 200 | #undef _POSIX_1_SOURCE 201 | 202 | /* Define to 1 if you need to in order for `stat' and other things to work. */ 203 | #undef _POSIX_SOURCE 204 | 205 | /* Define to empty if `const' does not conform to ANSI C. */ 206 | #undef const 207 | 208 | /* Define to `int' if doesn't define. */ 209 | #undef gid_t 210 | 211 | /* Define to `long int' if does not define. */ 212 | #undef off_t 213 | 214 | /* Define to `int' if does not define. */ 215 | #undef pid_t 216 | 217 | /* Define to `unsigned int' if does not define. */ 218 | #undef size_t 219 | 220 | /* socklen_t is generally 'int' on systems which don't use it */ 221 | #undef socklen_t 222 | 223 | /* Define to `int' if doesn't define. */ 224 | #undef uid_t 225 | 226 | /* uint16_t should be the canonical '2 octets' for network traffic */ 227 | #undef uint16_t 228 | 229 | /* uint32_t should be the canonical 'network integer' */ 230 | #undef uint32_t 231 | 232 | /* uint64_t is required for larger counters */ 233 | #undef uint64_t 234 | 235 | /* uint8_t should be the canonical 'octet' for network traffic */ 236 | #undef uint8_t 237 | 238 | /* pam radius version */ 239 | #undef PAM_RADIUS_VERSION_STRING 240 | 241 | /* pam radius commit hash */ 242 | #undef PAM_RADIUS_VERSION_COMMIT 243 | 244 | /* pam radius release id */ 245 | #undef PAM_RADIUS_VERSION_RELEASE -------------------------------------------------------------------------------- /.github/workflows/ci-rpm.yml: -------------------------------------------------------------------------------- 1 | name: "CI RPM" 2 | 3 | on: 4 | push: 5 | branches-ignore: 6 | - coverity_scan 7 | pull_request: 8 | 9 | env: 10 | CI: 1 11 | CI_TEST_USER: tapioca 12 | CI_TEST_PASS: queijo 13 | GH_ACTIONS: 1 14 | 15 | jobs: 16 | pre-ci: 17 | runs-on: ubuntu-latest 18 | # Map a step output to a job output 19 | outputs: 20 | should_skip: ${{ steps.skip_check.outputs.should_skip }} 21 | steps: 22 | - id: skip_check 23 | uses: fkirc/skip-duplicate-actions@master 24 | 25 | rpm-build: 26 | # If branch protection is in place with status checks enabled, ensure 27 | # names are updated if new matrix entries are added or the name format 28 | # changes. 29 | name: "RPM Build (${{ matrix.env.NAME }})" 30 | 31 | needs: pre-ci 32 | if: ${{ needs.pre-ci.outputs.should_skip != 'true' }} 33 | 34 | runs-on: ubuntu-latest 35 | 36 | container: 37 | image: ${{ matrix.env.OS }} 38 | 39 | strategy: 40 | fail-fast: false 41 | matrix: 42 | env: 43 | - { "NAME": "rocky-8", "OS": "rockylinux/rockylinux:8", "DIST": "rocky" } 44 | - { "NAME": "rocky-9", "OS": "rockylinux/rockylinux:9", "DIST": "rocky" } 45 | 46 | steps: 47 | 48 | - name: "Install prerequisites" 49 | run: | 50 | yum install -y \ 51 | bzip2 \ 52 | gcc \ 53 | git \ 54 | git-core \ 55 | hostname \ 56 | make \ 57 | openssl \ 58 | perl \ 59 | procps-ng \ 60 | psmisc \ 61 | rpm-build \ 62 | yum-utils 63 | 64 | - uses: actions/checkout@v4 65 | with: 66 | lfs: false 67 | path: pam_radius 68 | 69 | - name: "Install build dependencies" 70 | working-directory: pam_radius 71 | run: | 72 | yum-builddep -y redhat/pam_radius_auth.spec 73 | 74 | - name: "Build pam_radius packages" 75 | working-directory: pam_radius 76 | run: | 77 | make rpm 78 | 79 | - name: "Install pam_radius package" 80 | run: | 81 | echo "#######################################################" 82 | echo "# Install package" 83 | rpm -ivh pam_radius/rpmbuild/RPMS/x86_64/pam*.rpm 84 | 85 | echo "#######################################################" 86 | echo "# Show package info" 87 | rpm -qi pam_radius_auth 88 | 89 | echo "#######################################################" 90 | echo "# List package contents" 91 | rpm -qs pam_radius_auth 92 | 93 | - name: "Create test user" 94 | run: | 95 | useradd -d /tmp ${CI_TEST_USER} 96 | id ${CI_TEST_USER} 97 | 98 | - name: "Install packages for testing" 99 | run: | 100 | yum -y update 101 | yum -y install \ 102 | freeradius \ 103 | freeradius-utils \ 104 | openssh-server \ 105 | rsyslog \ 106 | sshpass 107 | 108 | - name: "Setup FreeRADIUS, sshd, rsyslog and PAM" 109 | working-directory: pam_radius 110 | run: | 111 | echo "#######################################################" 112 | echo "# Kill services" 113 | pkill -9 rsyslogd || : 114 | pkill -9 freeradius || : 115 | pkill -9 sshd || : 116 | 117 | echo "#######################################################" 118 | echo "# Run setup scripts" 119 | export CI_TEST_USER="$CI_TEST_USER" CI_TEST_PASS="$CI_TEST_PASS" 120 | for FILE in setup-rsyslog.sh setup-pam_radius.sh setup-freeradius.sh setup-sshd.sh; do 121 | SCRIPT="${PWD}/scripts/ci/$FILE" 122 | 123 | echo "Calling $FILE" 124 | $SCRIPT 125 | done 126 | 127 | echo "#######################################################" 128 | echo "# Start services" 129 | /usr/sbin/rsyslogd 130 | /usr/sbin/sshd 131 | rm -f /run/nologin 132 | 133 | ( make -C /etc/raddb/certs/ destroycerts all && \ 134 | sed 's/dh_file =/#dh_file =/g' -i /etc/raddb/mods-available/eap && \ 135 | chmod 0644 /etc/raddb/certs/server.pem 136 | ) 137 | /usr/sbin/radiusd 138 | 139 | echo "#######################################################" 140 | echo "# Show processes" 141 | ps -ef 142 | 143 | - name: "Show config files" 144 | run: | 145 | for FILE in \ 146 | /etc/ssh/sshd_config \ 147 | /etc/pam.d/sshd \ 148 | /etc/pam_radius_auth.conf 149 | do 150 | echo "#####################################################" 151 | echo "# $FILE" 152 | echo 153 | cat "$FILE" 154 | echo 155 | done 156 | 157 | - name: "Positive authentication tests" 158 | run: | 159 | : > /var/log/auth.log 160 | 161 | radtest -x "$CI_TEST_USER" "$CI_TEST_PASS" localhost 0 testing123 162 | 163 | sshpass -p "${CI_TEST_PASS}" -v \ 164 | /usr/bin/ssh -T -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 22 ${CI_TEST_USER}@localhost \ 165 | "echo 'User logged in successfully' > /tmp/OK" 166 | cat /tmp/OK 167 | 168 | grep -q "pam_radius_auth: authentication succeeded" /var/log/auth.log 169 | ! grep -q "pam_radius_auth: authentication failed" /var/log/auth.log 170 | 171 | - name: "Show positive auth logs" 172 | run: | 173 | cat -n /var/log/auth.log 174 | 175 | - name: "Negative authentication tests" 176 | run: | 177 | : > /var/log/auth.log 178 | 179 | if radtest -x "$CI_TEST_USER" "not$CI_TEST_PASS" localhost 0 testing123; then 180 | echo "Something bad happened - this radtest authentication should have failed" 181 | exit 1 182 | fi 183 | 184 | if sshpass -p "not$CI_TEST_PASS" -v \ 185 | /usr/bin/ssh -T -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 22 ${CI_TEST_USER}@localhost \ 186 | "echo NOTOK > /tmp/NOTOK"; then 187 | echo "Something bad happened - this ssh authentication should have failed" 188 | exit 1 189 | fi 190 | 191 | grep -q "pam_radius_auth: authentication failed" /var/log/auth.log 192 | ! grep -q "pam_radius_auth: authentication succeeded" /var/log/auth.log 193 | 194 | - name: "Show negative auth logs" 195 | if: ${{ success() || failure() }} 196 | run: | 197 | cat -n /var/log/auth.log 198 | 199 | # 200 | # If the CI has failed and the branch is ci-debug then we start a tmate 201 | # session to provide interactive shell access to the session. 202 | # 203 | # The SSH rendezvous point will be emitted continuously in the job output, 204 | # which will look something like: 205 | # 206 | # SSH: ssh VfuX8SrNuU5pGPMyZcz7TpJTa@sfo2.tmate.io 207 | # 208 | # For example: 209 | # 210 | # git push origin ci-debug --force 211 | # 212 | # Look at the job output in: https://github.com/FreeRADIUS/freeradius-server/actions 213 | # 214 | # ssh VfuX8SrNuU5pGPMyZcz7TpJTa@sfo2.tmate.io 215 | # 216 | # Access requires that you have the private key corresponding to the 217 | # public key of the GitHub user that initiated the job. 218 | # 219 | - name: "Debug: Start tmate" 220 | uses: mxschmitt/action-tmate@v3 221 | with: 222 | limit-access-to-actor: true 223 | if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} 224 | -------------------------------------------------------------------------------- /.github/workflows/ci-deb.yml: -------------------------------------------------------------------------------- 1 | name: "CI DEB" 2 | 3 | on: 4 | push: 5 | branches-ignore: 6 | - coverity_scan 7 | pull_request: 8 | 9 | env: 10 | DEBIAN_FRONTEND: noninteractive 11 | CI: 1 12 | CI_TEST_USER: tapioca 13 | CI_TEST_PASS: queijo 14 | GH_ACTIONS: 1 15 | 16 | jobs: 17 | pre-ci: 18 | runs-on: ubuntu-latest 19 | # Map a step output to a job output 20 | outputs: 21 | should_skip: ${{ steps.skip_check.outputs.should_skip }} 22 | steps: 23 | - id: skip_check 24 | uses: fkirc/skip-duplicate-actions@master 25 | 26 | deb-build: 27 | # If branch protection is in place with status checks enabled, ensure 28 | # names are updated if new matrix entries are added or the name format 29 | # changes. 30 | name: "DEB Build (${{ matrix.env.NAME }})" 31 | 32 | needs: pre-ci 33 | if: ${{ needs.pre-ci.outputs.should_skip != 'true' }} 34 | 35 | runs-on: ubuntu-latest 36 | 37 | container: 38 | image: ${{ matrix.env.OS }} 39 | 40 | strategy: 41 | fail-fast: false 42 | matrix: 43 | env: 44 | - { "NAME": "ubuntu20", "OS": "ubuntu:20.04", "DIST": "ubuntu" } 45 | - { "NAME": "ubuntu22", "OS": "ubuntu:22.04", "DIST": "ubuntu" } 46 | - { "NAME": "ubuntu24", "OS": "ubuntu:24.04", "DIST": "ubuntu" } 47 | - { "NAME": "debian10", "OS": "debian:10", "DIST": "debian" } 48 | - { "NAME": "debian11", "OS": "debian:11", "DIST": "debian" } 49 | - { "NAME": "debian12", "OS": "debian:12", "DIST": "debian" } 50 | 51 | steps: 52 | 53 | - name: "Package manager performance improvements" 54 | run: | 55 | sh -c 'echo force-unsafe-io > /etc/dpkg/dpkg.cfg.d/02speedup' 56 | 57 | - name: "Install prerequisites" 58 | run: | 59 | apt-get update 60 | apt-get install -y --no-install-recommends \ 61 | build-essential \ 62 | devscripts \ 63 | equivs \ 64 | fakeroot \ 65 | quilt \ 66 | libpam0g-dev 67 | 68 | - uses: actions/checkout@v4 69 | with: 70 | lfs: false 71 | path: pam_radius 72 | 73 | - name: "Install build dependencies" 74 | working-directory: pam_radius 75 | run: | 76 | mk-build-deps -irt"apt-get -y --no-install-recommends" scripts/ci/extra-packages.debian.control 77 | 78 | - name: "Build pam_radius packages" 79 | working-directory: pam_radius 80 | run: | 81 | make deb 82 | 83 | - name: "Install pam_radius package" 84 | run: | 85 | echo "#######################################################" 86 | echo "# Install package" 87 | dpkg -i libpam-radius-auth_*.deb 88 | 89 | echo "#######################################################" 90 | echo "# Show package info" 91 | dpkg -s libpam-radius-auth 92 | 93 | echo "#######################################################" 94 | echo "# List package contents" 95 | dpkg -L libpam-radius-auth 96 | 97 | - name: "Create test user" 98 | run: | 99 | useradd -d /tmp ${CI_TEST_USER} 100 | id ${CI_TEST_USER} 101 | 102 | - name: "Install packages for testing" 103 | run: | 104 | apt-get update 105 | apt-get install -y --no-install-recommends \ 106 | freeradius \ 107 | freeradius-utils \ 108 | freeradius-config \ 109 | openssh-server \ 110 | rsyslog \ 111 | sshpass 112 | 113 | - name: "Setup FreeRADIUS, sshd, rsyslog and PAM" 114 | working-directory: pam_radius 115 | run: | 116 | echo "#######################################################" 117 | echo "# Kill services" 118 | pkill -9 rsyslogd || : 119 | pkill -9 freeradius || : 120 | pkill -9 sshd || : 121 | 122 | echo "#######################################################" 123 | echo "# Run setup scripts" 124 | export CI_TEST_USER="$CI_TEST_USER" CI_TEST_PASS="$CI_TEST_PASS" 125 | for FILE in setup-rsyslog.sh setup-pam_radius.sh setup-freeradius.sh setup-sshd.sh; do 126 | SCRIPT="${PWD}/scripts/ci/$FILE" 127 | 128 | echo "Calling $FILE" 129 | $SCRIPT 130 | done 131 | 132 | echo "#######################################################" 133 | echo "# Start services" 134 | /usr/sbin/rsyslogd 135 | /usr/sbin/sshd 136 | /usr/sbin/freeradius 137 | 138 | echo "#######################################################" 139 | echo "# Show processes" 140 | ps -ef 141 | 142 | - name: "Show config files" 143 | run: | 144 | for FILE in \ 145 | /etc/ssh/sshd_config \ 146 | /etc/pam.d/sshd \ 147 | /etc/pam_radius_auth.conf 148 | do 149 | echo "#####################################################" 150 | echo "# $FILE" 151 | echo 152 | cat "$FILE" 153 | echo 154 | done 155 | 156 | - name: "Positive authentication tests" 157 | run: | 158 | : > /var/log/auth.log 159 | 160 | radtest -x "$CI_TEST_USER" "$CI_TEST_PASS" localhost 0 testing123 161 | 162 | sshpass -p "${CI_TEST_PASS}" -v \ 163 | /usr/bin/ssh -T -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 22 ${CI_TEST_USER}@localhost \ 164 | "echo 'User logged in successfully' > /tmp/OK" 165 | cat /tmp/OK 166 | 167 | grep -q "pam_radius_auth: authentication succeeded" /var/log/auth.log 168 | ! grep -q "pam_radius_auth: authentication failed" /var/log/auth.log 169 | 170 | - name: "Show positive auth logs" 171 | run: | 172 | cat -n /var/log/auth.log 173 | 174 | - name: "Negative authentication tests" 175 | run: | 176 | : > /var/log/auth.log 177 | 178 | if radtest -x "$CI_TEST_USER" "not$CI_TEST_PASS" localhost 0 testing123; then 179 | echo "Something bad happened - this radtest authentication should have failed" 180 | exit 1 181 | fi 182 | 183 | if sshpass -p "not$CI_TEST_PASS" -v \ 184 | /usr/bin/ssh -T -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 22 ${CI_TEST_USER}@localhost \ 185 | "echo NOTOK > /tmp/NOTOK"; then 186 | echo "Something bad happened - this ssh authentication should have failed" 187 | exit 1 188 | fi 189 | 190 | grep -q "pam_radius_auth: authentication failed" /var/log/auth.log 191 | ! grep -q "pam_radius_auth: authentication succeeded" /var/log/auth.log 192 | 193 | - name: "Show negative auth logs" 194 | if: ${{ success() || failure() }} 195 | run: | 196 | cat -n /var/log/auth.log 197 | 198 | # 199 | # If the CI has failed and the branch is ci-debug then we start a tmate 200 | # session to provide interactive shell access to the session. 201 | # 202 | # The SSH rendezvous point will be emitted continuously in the job output, 203 | # which will look something like: 204 | # 205 | # SSH: ssh VfuX8SrNuU5pGPMyZcz7TpJTa@sfo2.tmate.io 206 | # 207 | # For example: 208 | # 209 | # git push origin ci-debug --force 210 | # 211 | # Look at the job output in: https://github.com/FreeRADIUS/freeradius-server/actions 212 | # 213 | # ssh VfuX8SrNuU5pGPMyZcz7TpJTa@sfo2.tmate.io 214 | # 215 | # Access requires that you have the private key corresponding to the 216 | # public key of the GitHub user that initiated the job. 217 | # 218 | - name: "Debug: Start tmate" 219 | uses: mxschmitt/action-tmate@v3 220 | with: 221 | limit-access-to-actor: true 222 | if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} 223 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: CI 2 | 3 | on: 4 | push: 5 | branches-ignore: 6 | - coverity_scan 7 | pull_request: 8 | 9 | env: 10 | ASAN_OPTIONS: symbolize=1 detect_leaks=1 detect_stack_use_after_return=1 11 | LSAN_OPTIONS: fast_unwind_on_malloc=0:malloc_context_size=50 12 | M_PERTURB: "0x42" 13 | DEBIAN_FRONTEND: noninteractive 14 | CI: 1 15 | GH_ACTIONS: 1 16 | CI_TEST_USER: tapioca 17 | CI_TEST_PASS: queijo 18 | 19 | jobs: 20 | pre-ci: 21 | runs-on: ubuntu-latest 22 | # Map a step output to a job output 23 | outputs: 24 | should_skip: ${{ steps.skip_check.outputs.should_skip }} 25 | steps: 26 | - id: skip_check 27 | uses: fkirc/skip-duplicate-actions@master 28 | 29 | ci: 30 | needs: pre-ci 31 | if: ${{ needs.pre-ci.outputs.should_skip != 'true' }} 32 | 33 | runs-on: ${{ matrix.env.OS }} 34 | 35 | strategy: 36 | fail-fast: false 37 | matrix: 38 | env: 39 | - { CC: gcc, OS: ubuntu-20.04, BUILD_CFLAGS: "", NAME: linux-gcc } 40 | - { CC: gcc, OS: ubuntu-20.04, BUILD_CFLAGS: "-O2 -g3", NAME: linux-gcc-O2-g3 } 41 | - { CC: gcc, OS: ubuntu-20.04, BUILD_CFLAGS: "-DNDEBUG", NAME: linux-gcc-ndebug } 42 | - { CC: clang, OS: ubuntu-20.04, BUILD_CFLAGS: "", NAME: linux-clang } 43 | - { CC: clang, OS: ubuntu-20.04, BUILD_CFLAGS: "-O2 -g3", NAME: linux-clang-O2-g3 } 44 | - { CC: clang, OS: ubuntu-20.04, BUILD_CFLAGS: "-DNDEBUG", NAME: linux-clang-ndebug } 45 | 46 | env: ${{ matrix.env }} 47 | 48 | # If branch protection is in place with status checks enabled, ensure 49 | # names are updated if new matrix entries are added or the name format 50 | # changes. 51 | name: "master-${{ matrix.env.NAME }}" 52 | 53 | steps: 54 | 55 | # Checkout, but defer pulling LFS objects until we've restored the cache 56 | - uses: actions/checkout@v2 57 | with: 58 | lfs: false 59 | 60 | - name: Package manager performance improvements 61 | run: | 62 | sudo sh -c 'echo force-unsafe-io > /etc/dpkg/dpkg.cfg.d/02speedup' 63 | echo 'man-db man-db/auto-update boolean false' | sudo debconf-set-selections 64 | sudo dpkg-reconfigure man-db 65 | sudo sed -i 's/^update_initramfs=.*/update_initramfs=no/' /etc/initramfs-tools/update-initramfs.conf 66 | 67 | - name: Install build dependencies based CI packages 68 | run: | 69 | sudo apt-get update 70 | sudo apt-get install -y --no-install-recommends build-essential devscripts equivs quilt 71 | sudo mk-build-deps -irt"apt-get -y --no-install-recommends" scripts/ci/extra-packages.debian.control 72 | 73 | - name: Install LLVM 10 74 | if: ${{ matrix.env.CC == 'clang' }} 75 | run: | 76 | sudo apt-get install -y --no-install-recommends clang-10 llvm-10 gdb 77 | sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-10 60 && sudo update-alternatives --set clang /usr/bin/clang-10 78 | sudo update-alternatives --install /usr/bin/llvm-symbolizer llvm-symbolizer /usr/bin/llvm-symbolizer-10 60 && sudo update-alternatives --set llvm-symbolizer /usr/bin/llvm-symbolizer-10 79 | 80 | - name: Set compiler to GCC 10 81 | if: ${{ matrix.env.CC == 'gcc' }} 82 | run: | 83 | sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-10 60 && sudo update-alternatives --set gcc /usr/bin/gcc-10 84 | 85 | - name: Show versions 86 | run: | 87 | $CC --version 88 | make --version 89 | 90 | - name: Configure 91 | run: | 92 | if $CC -v 2>&1 | grep -q clang; then 93 | echo "Enabling sanitizers" 94 | enable_sanitizers="--enable-address-sanitizer --enable-leak-sanitizer" 95 | else 96 | enable_sanitizers="" 97 | fi 98 | 99 | CFLAGS="${BUILD_CFLAGS}" ./configure -C --enable-werror \ 100 | $enable_sanitizers \ 101 | || cat ./config.log 102 | 103 | - name: Make 104 | run: | 105 | make -j `nproc` 2> build.warnings.log 106 | 107 | - name: "Check if we have 'warnings'" 108 | run: | 109 | count=$(cat build.warnings.log | wc -l) 110 | if [ $count -gt 0 ]; then 111 | echo "ERROR: We can't continue due to the below 'build warnings'" 112 | echo "----------------------------------------------------------" 113 | cat build.warnings.log 114 | echo "----------------------------------------------------------" 115 | exit 666 116 | fi 117 | 118 | - name: Install /lib/security/pam_radius_auth.so 119 | run: | 120 | sudo make install 121 | sudo ls -l /lib/security/ 122 | 123 | - name: Create the CI_TEST_USER user in /etc/passwd (no-password) 124 | run: | 125 | sudo useradd -d /tmp ${CI_TEST_USER} 126 | id ${CI_TEST_USER} 127 | 128 | - name: Setup FreeRADIUS/SSHD/SYSLOG-NG/PAM then run full CI tests 129 | run: | 130 | sudo apt-get update 131 | sudo apt-get install -y --no-install-recommends \ 132 | freeradius freeradius-utils freeradius-config \ 133 | syslog-ng \ 134 | openssh-server sshpass 135 | 136 | echo "#######################################################" 137 | echo "## Stop the services syslog-ng/sshd/freeradius" 138 | sudo rm -f /var/log/auth.log # Needed to see the last results 139 | sudo systemctl restart syslog-ng 140 | sudo systemctl stop ssh 141 | sudo systemctl stop freeradius 142 | 143 | echo "#######################################################" 144 | echo "## Setup the services" 145 | export CI_TEST_USER="$CI_TEST_USER" CI_TEST_PASS="$CI_TEST_PASS" 146 | for i in setup-pam_radius.sh setup-freeradius.sh setup-sshd.sh; do 147 | script="./scripts/ci/$i" 148 | 149 | echo "Calling $i" 150 | sudo -E $script 151 | done 152 | 153 | echo "#######################################################" 154 | echo "## Start the services syslog-ng/sshd/freeradius" 155 | sudo systemctl start ssh 156 | sudo systemctl start freeradius 157 | 158 | echo "#######################################################" 159 | echo "## Show processes" 160 | ps aux | grep -E "([r]adius|[s]sh|[s]yslog)" 161 | 162 | - name: Content of /etc/ssh/sshd_config 163 | run: | 164 | cat /etc/ssh/sshd_config 165 | 166 | - name: Content of /etc/pam.d/sshd 167 | run: | 168 | cat /etc/pam.d/sshd 169 | 170 | - name: Content of /etc/pam_radius_auth.conf 171 | run: | 172 | cat /etc/pam_radius_auth.conf 173 | 174 | - name: Validate freeradius instance using radtest 175 | run: | 176 | radtest -x $CI_TEST_USER $CI_TEST_PASS localhost 0 testing123 177 | 178 | - name: Run ssh authorization over pam_radius 179 | run: | 180 | if ! sshpass -p "${CI_TEST_PASS}" -v \ 181 | /usr/bin/ssh -T -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 22 ${CI_TEST_USER}@localhost id; then 182 | echo "ERROR: Something goes wrong with the SSH + PAM_RADIUS authentication!" 183 | echo "############## Show the logs in /var/log/auth.log" 184 | sudo cat -n /var/log/auth.log 185 | exit 1 186 | fi 187 | 188 | - name: "Looking for 'pam_radius_auth: authentication succeeded' in /var/log/auth.log" 189 | run: | 190 | echo "#######################################################" 191 | echo "## Show the logs in /var/log/auth.log" 192 | sudo cat -n /var/log/auth.log 193 | 194 | if ! sudo grep -q "pam_radius_auth: authentication succeeded" /var/log/auth.log; then 195 | echo "ERROR: Something goes wrong with the SSH + PAM_RADIUS authentication!" 196 | exit 1 197 | fi 198 | 199 | # 200 | # If the CI has failed and the branch is ci-debug then we start a tmate 201 | # session to provide interactive shell access to the session. 202 | # 203 | # The SSH rendezvous point will be emitted continuously in the job output, 204 | # which will look something like: 205 | # 206 | # SSH: ssh VfuX8SrNuU5pGPMyZcz7TpJTa@sfo2.tmate.io 207 | # 208 | # For example: 209 | # 210 | # git push origin ci-debug --force 211 | # 212 | # Look at the job output in: https://github.com/FreeRADIUS/freeradius-server/actions 213 | # 214 | # ssh VfuX8SrNuU5pGPMyZcz7TpJTa@sfo2.tmate.io 215 | # 216 | # Access requires that you have the private key corresponding to the 217 | # public key of the GitHub user that initiated the job. 218 | # 219 | - name: "Debug: Start tmate" 220 | uses: mxschmitt/action-tmate@v3 221 | with: 222 | limit-access-to-actor: true 223 | if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} 224 | -------------------------------------------------------------------------------- /m4/ax_cc.m4: -------------------------------------------------------------------------------- 1 | dnl # 2 | dnl # check if were compiling with CLANG, autoconf GCC macro identifies CLANG as GCC 3 | dnl # 4 | AC_DEFUN([AX_CC_IS_CLANG],[ 5 | AC_CACHE_CHECK([if compiler is clang], [ax_cv_cc_clang],[ 6 | 7 | AC_COMPILE_IFELSE( 8 | [AC_LANG_PROGRAM([], [[ 9 | #ifndef __clang__ 10 | not clang 11 | #endif 12 | ]])], 13 | [ax_cv_cc_clang=yes], 14 | [ax_cv_cc_clang=no]) 15 | ]) 16 | ]) 17 | 18 | dnl # 19 | dnl # clang and gcc originally used different flags to specify c11 support 20 | dnl # 21 | AC_DEFUN([AX_CC_STD_C11],[ 22 | AC_CACHE_CHECK([for the compiler flag to enable C11 support], [ax_cv_cc_std_c11_flag],[ 23 | ax_cv_cc_std_c11_flag= 24 | 25 | CFLAGS_SAVED=$CFLAGS 26 | CFLAGS="$CFLAGS -Werror -std=c11" 27 | 28 | AC_LANG_PUSH(C) 29 | AC_TRY_COMPILE( 30 | [], 31 | [ 32 | struct foo { 33 | union { 34 | int a; 35 | int b; 36 | }; 37 | } bar; 38 | ], 39 | [ax_cv_cc_std_c11_flag="-std=c11"]) 40 | 41 | if test "x$ax_cv_cc_std_c11_flag" = x; then 42 | CFLAGS="$CFLAGS_SAVED -std=c1x" 43 | AC_TRY_COMPILE( 44 | [], 45 | [ 46 | struct foo { 47 | union { 48 | int a; 49 | int b; 50 | }; 51 | } bar; 52 | ], 53 | [ax_cv_cc_std_c11_flag="-std=c1x"]) 54 | fi 55 | 56 | AC_LANG_POP 57 | CFLAGS="$CFLAGS_SAVED" 58 | ]) 59 | ]) 60 | 61 | dnl # 62 | dnl # Check if we have the _Generic construct 63 | dnl # 64 | AC_DEFUN([AX_CC_HAVE_C11_GENERIC], 65 | [ 66 | AC_CACHE_CHECK([for _Generic support in compiler], [ax_cv_cc_c11_generic],[ 67 | AC_RUN_IFELSE( 68 | [ 69 | AC_LANG_SOURCE( 70 | [ 71 | int main(int argc, char **argv) { 72 | int foo = 1; 73 | return _Generic(foo, int: 0, char: 1); 74 | } 75 | ]) 76 | ], 77 | [ax_cv_cc_c11_generic=yes], 78 | [ax_cv_cc_c11_generic=no] 79 | ) 80 | ]) 81 | if test "x$ax_cv_cc_c11_generic" = "xyes"; then 82 | AC_DEFINE([HAVE_C11_GENERIC],1,[Define if the compiler supports the C11 _Generic construct]) 83 | fi 84 | ]) 85 | 86 | AC_DEFUN([AX_CC_QUNUSED_ARGUMENTS_FLAG],[ 87 | AC_CACHE_CHECK([for the compiler flag "-Qunused-arguments"], [ax_cv_cc_qunused_arguments_flag],[ 88 | 89 | CFLAGS_SAVED=$CFLAGS 90 | CFLAGS="$CFLAGS -Werror -Qunused-arguments -foobar" 91 | 92 | AC_LANG_PUSH(C) 93 | AC_TRY_COMPILE( 94 | [], 95 | [return 0;], 96 | [ax_cv_cc_qunused_arguments_flag="yes"], 97 | [ax_cv_cc_qunused_arguments_flag="no"]) 98 | AC_LANG_POP 99 | 100 | CFLAGS="$CFLAGS_SAVED" 101 | ]) 102 | ]) 103 | 104 | AC_DEFUN([AX_CC_NO_UNKNOWN_WARNING_OPTION_FLAG],[ 105 | AC_CACHE_CHECK([for the compiler flag "-Wno-unknown-warning-option"], [ax_cv_cc_no_unknown_warning_option_flag],[ 106 | 107 | CFLAGS_SAVED=$CFLAGS 108 | CFLAGS="-Werror -Wno-unknown-warning-option" 109 | 110 | AC_COMPILE_IFELSE( 111 | [AC_LANG_PROGRAM([], [[ 112 | /* 113 | * gcc will happily accept -Wno-unknown-warning-option 114 | * only emitting an error about it, if an error ocurrs in the source file. 115 | */ 116 | #if defined(__GNUC__) && !defined(__clang__) 117 | gcc sucks 118 | #endif 119 | 120 | return 0; 121 | ]])], 122 | [ax_cv_cc_no_unknown_warning_option_flag=yes], 123 | [ax_cv_cc_no_unknown_warning_option_flag=no]) 124 | 125 | CFLAGS="$CFLAGS_SAVED" 126 | ]) 127 | ]) 128 | 129 | 130 | 131 | AC_DEFUN([AX_CC_WEVERYTHING_FLAG],[ 132 | AC_CACHE_CHECK([for the compiler flag "-Weverything"], [ax_cv_cc_weverything_flag],[ 133 | 134 | CFLAGS_SAVED=$CFLAGS 135 | CFLAGS="$CFLAGS -Werror -Weverything -Wno-reserved-id-macro -Wno-unused-macros -Wno-unreachable-code-return -Wno-poison-system-directories" 136 | 137 | AC_LANG_PUSH(C) 138 | AC_TRY_COMPILE( 139 | [], 140 | [return 0;], 141 | [ax_cv_cc_weverything_flag="yes"], 142 | [ax_cv_cc_weverything_flag="no"]) 143 | AC_LANG_POP 144 | 145 | CFLAGS="$CFLAGS_SAVED" 146 | ]) 147 | ]) 148 | 149 | AC_DEFUN([AX_CC_WDOCUMENTATION_FLAG],[ 150 | AC_CACHE_CHECK([for the compiler flag "-Wdocumentation"], [ax_cv_cc_wdocumentation_flag],[ 151 | 152 | CFLAGS_SAVED=$CFLAGS 153 | CFLAGS="$CFLAGS -Werror -Wdocumentation" 154 | 155 | AC_LANG_PUSH(C) 156 | AC_TRY_COMPILE( 157 | [], 158 | [return 0;], 159 | [ax_cv_cc_wdocumentation_flag="yes"], 160 | [ax_cv_cc_wdocumentation_flag="no"]) 161 | AC_LANG_POP 162 | 163 | CFLAGS="$CFLAGS_SAVED" 164 | ]) 165 | ]) 166 | 167 | AC_DEFUN([AX_CC_IMPLICIT_FALLTHROUGH_FLAG],[ 168 | AC_CACHE_CHECK([for the compiler flag "-Wimplicit-fallthrough"], [ax_cv_cc_wimplicit_fallthrough_flag],[ 169 | 170 | CFLAGS_SAVED=$CFLAGS 171 | CFLAGS="$CFLAGS -Werror -Wimplicit-fallthrough" 172 | 173 | AC_LANG_PUSH(C) 174 | AC_TRY_COMPILE( 175 | [], 176 | [return 0;], 177 | [ax_cv_cc_wimplicit_fallthrough_flag="yes"], 178 | [ax_cv_cc_wimplicit_fallthrough_flag="no"]) 179 | AC_LANG_POP 180 | 181 | CFLAGS="$CFLAGS_SAVED" 182 | ]) 183 | ]) 184 | 185 | AC_DEFUN([AX_CC_NO_DATE_TIME_FLAG],[ 186 | AC_CACHE_CHECK([for the compiler flag "-Wno-date-time"], [ax_cv_cc_no_date_time_flag],[ 187 | 188 | CFLAGS_SAVED=$CFLAGS 189 | CFLAGS="$CFLAGS -Werror -Wno-date-time" 190 | 191 | AC_LANG_PUSH(C) 192 | AC_TRY_COMPILE( 193 | [], 194 | [return 0;], 195 | [ax_cv_cc_no_date_time_flag="yes"], 196 | [ax_cv_cc_no_date_time_flag="no"]) 197 | AC_LANG_POP 198 | 199 | CFLAGS="$CFLAGS_SAVED" 200 | ]) 201 | ]) 202 | 203 | AC_DEFUN([AX_CC_PTHREAD_FLAG],[ 204 | AC_CACHE_CHECK([for the compiler flag "-pthread"], [ax_cv_cc_pthread_flag],[ 205 | 206 | CFLAGS_SAVED=$CFLAGS 207 | CFLAGS="$CFLAGS -Werror -pthread" 208 | 209 | AC_LANG_PUSH(C) 210 | AC_TRY_COMPILE( 211 | [], 212 | [return 0;], 213 | [ax_cv_cc_pthread_flag="yes"], 214 | [ax_cv_cc_pthread_flag="no"]) 215 | AC_LANG_POP 216 | 217 | CFLAGS="$CFLAGS_SAVED" 218 | ]) 219 | ]) 220 | 221 | AC_DEFUN([AX_CC_SANITZE_ADDRESS_USE_AFTER_SCOPE_FLAG],[ 222 | AC_CACHE_CHECK([for the compiler flag "-fsanitize-address-use-after-scope"], [ax_cv_cc_sanitize_address_use_after_scope],[ 223 | 224 | dnl # Need -fsanitize=address else we get an unused argument error 225 | CFLAGS_SAVED=$CFLAGS 226 | CFLAGS="$CFLAGS -Werror -fsanitize=address -fsanitize-address-use-after-scope" 227 | 228 | AC_LANG_PUSH(C) 229 | AC_TRY_COMPILE( 230 | [], 231 | [return 0;], 232 | [ax_cv_cc_sanitize_address_use_after_scope="yes"], 233 | [ax_cv_cc_sanitize_address_use_after_scope="no"]) 234 | AC_LANG_POP 235 | 236 | CFLAGS="$CFLAGS_SAVED" 237 | ]) 238 | ]) 239 | 240 | dnl # 241 | dnl # Check if we have the choose expr builtin 242 | dnl # 243 | AC_DEFUN([AX_CC_BUILTIN_CHOOSE_EXPR], 244 | [ 245 | AC_CACHE_CHECK([for __builtin_choose_expr support in compiler], [ax_cv_cc_builtin_choose_expr],[ 246 | AC_RUN_IFELSE( 247 | [ 248 | AC_LANG_SOURCE( 249 | [ 250 | int main(int argc, char **argv) { 251 | if ((argc < 0) || !argv) return 1; /* -Werror=unused-parameter */ 252 | return __builtin_choose_expr(0, 1, 0); 253 | } 254 | ]) 255 | ], 256 | [ax_cv_cc_builtin_choose_expr=yes], 257 | [ax_cv_cc_builtin_choose_expr=no] 258 | ) 259 | ]) 260 | if test "x$ax_cv_cc_builtin_choose_expr" = "xyes"; then 261 | AC_DEFINE([HAVE_BUILTIN_CHOOSE_EXPR],1,[Define if the compiler supports __builtin_choose_expr]) 262 | fi 263 | ]) 264 | 265 | dnl # 266 | dnl # Check if we have the types compatible p builtin 267 | dnl # 268 | AC_DEFUN([AX_CC_BUILTIN_TYPES_COMPATIBLE_P], 269 | [ 270 | AC_CACHE_CHECK([for __builtin_types_compatible_p support in compiler], [ax_cv_cc_builtin_types_compatible_p],[ 271 | AC_RUN_IFELSE( 272 | [ 273 | AC_LANG_SOURCE( 274 | [ 275 | int main(int argc, char **argv) { 276 | if ((argc < 0) || !argv) return 1; /* -Werror=unused-parameter */ 277 | return !(__builtin_types_compatible_p(char *, char *)); 278 | } 279 | ]) 280 | ], 281 | [ax_cv_cc_builtin_types_compatible_p=yes], 282 | [ax_cv_cc_builtin_types_compatible_p=no] 283 | ) 284 | ]) 285 | if test "x$ax_cv_cc_builtin_types_compatible_p" = "xyes"; then 286 | AC_DEFINE([HAVE_BUILTIN_TYPES_COMPATIBLE_P],1,[Define if the compiler supports __builtin_types_compatible_p]) 287 | fi 288 | ]) 289 | 290 | dnl # 291 | dnl # Check if we have the bwsap64 builtin 292 | dnl # 293 | AC_DEFUN([AX_CC_BUILTIN_BSWAP64], 294 | [ 295 | AC_CACHE_CHECK([for __builtin_bswap64 support in compiler], [ax_cv_cc_builtin_bswap64],[ 296 | AC_RUN_IFELSE( 297 | [ 298 | AC_LANG_SOURCE([ 299 | int main(int argc, char **argv) { 300 | if ((argc < 0) || !argv) return 1; /* -Werror=unused-parameter */ 301 | return (__builtin_bswap64(0)); 302 | } 303 | ]) 304 | ], 305 | [ax_cv_cc_builtin_bswap64=yes], 306 | [ax_cv_cc_builtin_bswap64=no] 307 | ) 308 | ]) 309 | if test "x$ax_cv_cc_builtin_bswap64" = "xyes"; then 310 | AC_DEFINE([HAVE_BUILTIN_BSWAP64],1,[Define if the compiler supports __builtin_bswap64]) 311 | fi 312 | ]) 313 | 314 | dnl # 315 | dnl # Check if we have the clzll builtin 316 | dnl # 317 | AC_DEFUN([AX_CC_BUILTIN_CLZLL], 318 | [ 319 | AC_CACHE_CHECK([for __builtin_clzll support in compiler], [ax_cv_cc_builtin_clzll],[ 320 | AC_RUN_IFELSE( 321 | [ 322 | AC_LANG_SOURCE([ 323 | int main(int argc, char **argv) { 324 | if ((argc < 0) || !argv) return 1; /* -Werror=unused-parameter */ 325 | return (__builtin_clzll(0) - (sizeof(unsigned long long) * 8)); 326 | } 327 | ]) 328 | ], 329 | [ax_cv_cc_builtin_clzll=yes], 330 | [ax_cv_cc_builtin_clzll=no] 331 | ) 332 | ]) 333 | if test "x$ax_cv_cc_builtin_clzll" = "xyes"; then 334 | AC_DEFINE([HAVE_BUILTIN_CLZLL],1,[Define if the compiler supports __builtin_clzll]) 335 | fi 336 | ]) 337 | 338 | dnl # 339 | dnl # Determine the number of system cores we have 340 | dnl # 341 | AC_DEFUN([AX_SYSTEM_CORES],[ 342 | AC_CACHE_CHECK([number of system cores], [ax_cv_system_cores], 343 | [ 344 | AC_LANG_PUSH(C) 345 | AC_TRY_RUN( 346 | [ 347 | #include 348 | #include 349 | #ifdef _WIN32 350 | # include 351 | #elif MACOS 352 | # include 353 | # include 354 | #else 355 | # include 356 | #endif 357 | 358 | int main (int argc, char *argv[]) 359 | { 360 | uint32_t count; 361 | 362 | #ifdef WIN32 363 | SYSTEM_INFO sysinfo; 364 | GetSystemInfo(&sysinfo); 365 | 366 | count = sysinfo.dwNumberOfProcessors; 367 | 368 | #elif MACOS 369 | int nm[2]; 370 | size_t len = 4; 371 | 372 | nm[0] = CTL_HW; 373 | nm[1] = HW_AVAILCPU; 374 | sysctl(nm, 2, &count, &len, NULL, 0); 375 | 376 | if(count < 1) { 377 | nm[1] = HW_NCPU; 378 | sysctl(nm, 2, &count, &len, NULL, 0); 379 | if(count < 1) { 380 | count = 1; 381 | } 382 | } 383 | 384 | #else 385 | count = sysconf(_SC_NPROCESSORS_ONLN); 386 | #endif 387 | 388 | return count; 389 | } 390 | ], 391 | [ax_cv_system_cores=$?], 392 | [ax_cv_system_cores=$?], 393 | [ax_cv_system_cores=] 394 | ) 395 | AC_LANG_POP 396 | ]) 397 | ]) 398 | 399 | -------------------------------------------------------------------------------- /src/md5.c: -------------------------------------------------------------------------------- 1 | /* $Id: md5.c,v 1.3 2007/03/26 04:21:07 fcusack Exp $ 2 | * 3 | * This code implements the MD5 message-digest algorithm. 4 | * The algorithm is due to Ron Rivest. This code was 5 | * written by Colin Plumb in 1993, no copyright is claimed. 6 | * This code is in the public domain; do with it what you wish. 7 | * 8 | * Equivalent code is available from RSA Data Security, Inc. 9 | * This code has been tested against that, and is equivalent, 10 | * except that you don't need to include two pages of legalese 11 | * with every copy. 12 | * 13 | * To compute the message digest of a chunk of bytes, declare an 14 | * MD5Context structure, pass it to MD5Init, call MD5Update as 15 | * needed on buffers full of bytes, and then call MD5Final, which 16 | * will fill a supplied 16-byte array with the digest. 17 | * 18 | * $Log: md5.c,v $ 19 | * Revision 1.3 2007/03/26 04:21:07 fcusack 20 | * use uint32_t (C99) not u_int32_t 21 | * 22 | * Revision 1.2 2002/06/28 06:29:21 fcusack 23 | * change HIGHFIRST #ifdef from 'sun' to __sparc, and add __mips 24 | * 25 | * Revision 1.1.1.1 1999/08/19 13:13:26 aland 26 | * Start of the pam_radius module 27 | * 28 | * Revision 1.2 1998/04/03 20:19:21 aland 29 | * now builds cleanly on Solaris 2.6 30 | * 31 | * Revision 1.1 1998/04/03 19:36:59 aland 32 | * oh yeah, do MD5 stuff, too 33 | * 34 | * Revision 1.1 1996/12/01 03:06:54 morgan 35 | * Initial revision 36 | * 37 | * Revision 1.1 1996/09/05 06:43:31 morgan 38 | * Initial revision 39 | * 40 | */ 41 | 42 | #include 43 | #include "md5.h" 44 | 45 | #ifdef LITTLE_ENDIAN 46 | # define byteReverse(buf, len) /* Nothing */ 47 | #else 48 | void byteReverse(unsigned char *buf, unsigned longs); 49 | 50 | #ifndef ASM_MD5 51 | /* 52 | * Note: this code is harmless on little-endian machines. 53 | */ 54 | void byteReverse(unsigned char *buf, unsigned longs) 55 | { 56 | uint32_t t; 57 | do { 58 | t = (uint32_t) ((unsigned) buf[3] << 8 | buf[2]) << 16 | 59 | ((unsigned) buf[1] << 8 | buf[0]); 60 | *(uint32_t *) buf = t; 61 | buf += 4; 62 | } while (--longs); 63 | } 64 | #endif 65 | #endif 66 | 67 | /* 68 | * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious 69 | * initialization constants. 70 | */ 71 | void MD5Init(struct MD5Context *ctx) 72 | { 73 | ctx->buf[0] = 0x67452301U; 74 | ctx->buf[1] = 0xefcdab89U; 75 | ctx->buf[2] = 0x98badcfeU; 76 | ctx->buf[3] = 0x10325476U; 77 | 78 | ctx->bits[0] = 0; 79 | ctx->bits[1] = 0; 80 | } 81 | 82 | /* 83 | * Update context to reflect the concatenation of another buffer full 84 | * of bytes. 85 | */ 86 | void MD5Update(struct MD5Context *ctx, unsigned const char *buf, unsigned len) 87 | { 88 | uint32_t t; 89 | 90 | /* Update bitcount */ 91 | 92 | t = ctx->bits[0]; 93 | if ((ctx->bits[0] = t + ((uint32_t) len << 3)) < t) { 94 | ctx->bits[1]++; /* Carry from low to high */ 95 | } 96 | ctx->bits[1] += len >> 29; 97 | 98 | t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ 99 | 100 | /* Handle any leading odd-sized chunks */ 101 | 102 | if (t) { 103 | unsigned char *p = (unsigned char *) ctx->in + t; 104 | 105 | t = 64 - t; 106 | if (len < t) { 107 | memcpy(p, buf, len); 108 | return; 109 | } 110 | memcpy(p, buf, t); 111 | byteReverse(ctx->in, 16); 112 | MD5Transform(ctx->buf, (uint32_t *) ctx->in); 113 | buf += t; 114 | len -= t; 115 | } 116 | /* Process data in 64-byte chunks */ 117 | 118 | while (len >= 64) { 119 | memcpy(ctx->in, buf, 64); 120 | byteReverse(ctx->in, 16); 121 | MD5Transform(ctx->buf, (uint32_t *) ctx->in); 122 | buf += 64; 123 | len -= 64; 124 | } 125 | 126 | /* Handle any remaining bytes of data. */ 127 | 128 | memcpy(ctx->in, buf, len); 129 | } 130 | 131 | /* 132 | * Final wrapup - pad to 64-byte boundary with the bit pattern 133 | * 1 0* (64-bit count of bits processed, MSB-first) 134 | */ 135 | void MD5Final(unsigned char digest[16], struct MD5Context *ctx) 136 | { 137 | unsigned count; 138 | unsigned char *p; 139 | 140 | /* Compute number of bytes mod 64 */ 141 | count = (ctx->bits[0] >> 3) & 0x3F; 142 | 143 | /* Set the first char of padding to 0x80. This is safe since there is always at least one byte free */ 144 | p = ctx->in + count; 145 | *p++ = 0x80; 146 | 147 | /* Bytes of padding needed to make 64 bytes */ 148 | count = 64 - 1 - count; 149 | 150 | /* Pad out to 56 mod 64 */ 151 | if (count < 8) { 152 | /* Two lots of padding: Pad the first block to 64 bytes */ 153 | memset(p, 0, count); 154 | byteReverse(ctx->in, 16); 155 | MD5Transform(ctx->buf, (uint32_t *) ctx->in); 156 | 157 | /* Now fill the next block with 56 bytes */ 158 | memset(ctx->in, 0, 56); 159 | } else { 160 | /* Pad block to 56 bytes */ 161 | memset(p, 0, count - 8); 162 | } 163 | 164 | byteReverse(ctx->in, 14); 165 | 166 | /* Append length in bits and transform */ 167 | ((uint32_t *) ctx->in)[14] = ctx->bits[0]; 168 | ((uint32_t *) ctx->in)[15] = ctx->bits[1]; 169 | 170 | MD5Transform(ctx->buf, (uint32_t *) ctx->in); 171 | byteReverse((unsigned char *) ctx->buf, 4); 172 | memcpy(digest, ctx->buf, 16); 173 | memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ 174 | } 175 | 176 | /** Calculate HMAC using internal MD5 implementation 177 | * 178 | * @param digest Caller digest to be filled in. 179 | * @param text Pointer to data stream. 180 | * @param text_len length of data stream. 181 | * @param key Pointer to authentication key. 182 | * @param key_len Length of authentication key. 183 | * 184 | */ 185 | void hmac_md5(uint8_t digest[16], uint8_t const *text, size_t text_len, 186 | uint8_t const *key, size_t key_len) 187 | { 188 | MD5_CTX context; 189 | uint8_t k_ipad[65]; /* inner padding - key XORd with ipad */ 190 | uint8_t k_opad[65]; /* outer padding - key XORd with opad */ 191 | uint8_t tk[16]; 192 | int i; 193 | 194 | /* if key is longer than 64 bytes reset it to key=MD5(key) */ 195 | if (key_len > 64) { 196 | MD5_CTX tctx; 197 | 198 | MD5Init(&tctx); 199 | MD5Update(&tctx, key, key_len); 200 | MD5Final(tk, &tctx); 201 | 202 | key = tk; 203 | key_len = 16; 204 | } 205 | 206 | /* 207 | * the HMAC_MD5 transform looks like: 208 | * 209 | * MD5(K XOR opad, MD5(K XOR ipad, text)) 210 | * 211 | * where K is an n byte key 212 | * ipad is the byte 0x36 repeated 64 times 213 | 214 | * opad is the byte 0x5c repeated 64 times 215 | * and text is the data being protected 216 | */ 217 | 218 | /* start out by storing key in pads */ 219 | memset( k_ipad, 0, sizeof(k_ipad)); 220 | memset( k_opad, 0, sizeof(k_opad)); 221 | memcpy( k_ipad, key, key_len); 222 | memcpy( k_opad, key, key_len); 223 | 224 | /* XOR key with ipad and opad values */ 225 | for (i = 0; i < 64; i++) { 226 | k_ipad[i] ^= 0x36; 227 | k_opad[i] ^= 0x5c; 228 | } 229 | /* 230 | * perform inner MD5 231 | */ 232 | MD5Init(&context); /* init context for 1st 233 | * pass */ 234 | MD5Update(&context, k_ipad, 64); /* start with inner pad */ 235 | MD5Update(&context, text, text_len); /* then text of datagram */ 236 | MD5Final(digest, &context); /* finish up 1st pass */ 237 | /* 238 | * perform outer MD5 239 | */ 240 | MD5Init(&context); /* init context for 2nd 241 | * pass */ 242 | MD5Update(&context, k_opad, 64); /* start with outer pad */ 243 | MD5Update(&context, digest, 16); /* then results of 1st 244 | * hash */ 245 | MD5Final(digest, &context); /* finish up 2nd pass */ 246 | } 247 | 248 | 249 | #ifndef ASM_MD5 250 | 251 | /* The four core functions - F1 is optimized somewhat */ 252 | 253 | /* #define F1(x, y, z) (x & y | ~x & z) */ 254 | #define F1(x, y, z) (z ^ (x & (y ^ z))) 255 | #define F2(x, y, z) F1(z, x, y) 256 | #define F3(x, y, z) (x ^ y ^ z) 257 | #define F4(x, y, z) (y ^ (x | ~z)) 258 | 259 | /* This is the central step in the MD5 algorithm. */ 260 | #define MD5STEP(f, w, x, y, z, data, s) \ 261 | (w += f(x, y, z) + data, w = w<>(32-s), w += x) 262 | 263 | /* 264 | * The core of the MD5 algorithm, this alters an existing MD5 hash to 265 | * reflect the addition of 16 longwords of new data. MD5Update blocks 266 | * the data and converts bytes into longwords for this routine. 267 | */ 268 | void MD5Transform(uint32_t buf[4], uint32_t const in[16]) 269 | { 270 | register uint32_t a, b, c, d; 271 | 272 | a = buf[0]; 273 | b = buf[1]; 274 | c = buf[2]; 275 | d = buf[3]; 276 | 277 | MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478U, 7); 278 | MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756U, 12); 279 | MD5STEP(F1, c, d, a, b, in[2] + 0x242070dbU, 17); 280 | MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceeeU, 22); 281 | MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0fafU, 7); 282 | MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62aU, 12); 283 | MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613U, 17); 284 | MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501U, 22); 285 | MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8U, 7); 286 | MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7afU, 12); 287 | MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1U, 17); 288 | MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7beU, 22); 289 | MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122U, 7); 290 | MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193U, 12); 291 | MD5STEP(F1, c, d, a, b, in[14] + 0xa679438eU, 17); 292 | MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821U, 22); 293 | 294 | MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562U, 5); 295 | MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340U, 9); 296 | MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51U, 14); 297 | MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aaU, 20); 298 | MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105dU, 5); 299 | MD5STEP(F2, d, a, b, c, in[10] + 0x02441453U, 9); 300 | MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681U, 14); 301 | MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8U, 20); 302 | MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6U, 5); 303 | MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6U, 9); 304 | MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87U, 14); 305 | MD5STEP(F2, b, c, d, a, in[8] + 0x455a14edU, 20); 306 | MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905U, 5); 307 | MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8U, 9); 308 | MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9U, 14); 309 | MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8aU, 20); 310 | 311 | MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942U, 4); 312 | MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681U, 11); 313 | MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122U, 16); 314 | MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380cU, 23); 315 | MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44U, 4); 316 | MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9U, 11); 317 | MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60U, 16); 318 | MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70U, 23); 319 | MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6U, 4); 320 | MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127faU, 11); 321 | MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085U, 16); 322 | MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05U, 23); 323 | MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039U, 4); 324 | MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5U, 11); 325 | MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8U, 16); 326 | MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665U, 23); 327 | 328 | MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244U, 6); 329 | MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97U, 10); 330 | MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7U, 15); 331 | MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039U, 21); 332 | MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3U, 6); 333 | MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92U, 10); 334 | MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47dU, 15); 335 | MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1U, 21); 336 | MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4fU, 6); 337 | MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0U, 10); 338 | MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314U, 15); 339 | MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1U, 21); 340 | MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82U, 6); 341 | MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235U, 10); 342 | MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bbU, 15); 343 | MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391U, 21); 344 | 345 | buf[0] += a; 346 | buf[1] += b; 347 | buf[2] += c; 348 | buf[3] += d; 349 | } 350 | 351 | #endif 352 | -------------------------------------------------------------------------------- /acinclude.m4: -------------------------------------------------------------------------------- 1 | dnl Checks to see if this is SUNPro we're building with 2 | dnl Usage: 3 | dnl AC_PROG_CC_SUNPRO 4 | AC_DEFUN([AC_PROG_CC_SUNPRO], 5 | [AC_CACHE_CHECK(whether we are using SUNPro C, ac_cv_prog_suncc, 6 | [dnl The semicolon is to pacify NeXT's syntax-checking cpp. 7 | cat > conftest.c </dev/null 2>&1; then 13 | ac_cv_prog_suncc=yes 14 | else 15 | ac_cv_prog_suncc=no 16 | fi])]) 17 | 18 | dnl # 19 | dnl # FR_CHECK_TYPE_INCLUDE([#includes ...], type, default-C-types) 20 | dnl # 21 | dnl # This function is like AC_CHECK_TYPE, but you can give this one 22 | dnl # a list of include files to check. 23 | dnl # 24 | AC_DEFUN([FR_CHECK_TYPE_INCLUDE], 25 | [ 26 | AC_CACHE_CHECK(for $2, ac_cv_type_$2, 27 | [ ac_cv_type_$2=no 28 | AC_TRY_COMPILE($1, 29 | [$2 foo], 30 | ac_cv_type_$2=yes, 31 | ) 32 | ] 33 | ) 34 | 35 | if test "$ac_cv_type_$2" != "yes"; then 36 | AC_DEFINE($2, $3, $4) 37 | fi 38 | ]) 39 | 40 | dnl # 41 | dnl # Locate the directory in which a particular file is found. 42 | dnl # 43 | dnl # Usage: FR_LOCATE_DIR(MYSQLLIB_DIR, libmysqlclient.a) 44 | dnl # 45 | dnl # Defines the variable MYSQLLIB_DIR to be the directory(s) in 46 | dnl # which the file libmysqlclient.a is to be found. 47 | dnl # 48 | dnl # 49 | AC_DEFUN([FR_LOCATE_DIR], 50 | [ 51 | dnl # If we have the program 'locate', then the problem of finding a 52 | dnl # particular file becomes MUCH easier. 53 | dnl # 54 | 55 | dnl # 56 | dnl # No 'locate' defined, do NOT do anything. 57 | dnl # 58 | if test "x$LOCATE" != "x"; then 59 | dnl # 60 | dnl # Root through a series of directories, looking for the given file. 61 | dnl # 62 | DIRS= 63 | file=$2 64 | 65 | for x in `${LOCATE} $file 2>/dev/null`; do 66 | dnl # 67 | dnl # When asked for 'foo', locate will also find 'foo_bar', which we 68 | dnl # don't want. We want that EXACT filename. 69 | dnl # 70 | dnl # We ALSO want to be able to look for files like 'mysql/mysql.h', 71 | dnl # and properly match them, too. So we try to strip off the last 72 | dnl # part of the filename, using the name of the file we're looking 73 | dnl # for. If we CANNOT strip it off, then the name will be unchanged. 74 | dnl # 75 | base=`echo $x | sed "s%/${file}%%"` 76 | if test "x$x" = "x$base"; then 77 | continue; 78 | fi 79 | 80 | dir=`${DIRNAME} $x 2>/dev/null` 81 | dnl # 82 | dnl # Exclude a number of directories. 83 | dnl # 84 | exclude=`echo ${dir} | ${GREP} /home` 85 | if test "x$exclude" != "x"; then 86 | continue 87 | fi 88 | 89 | dnl # 90 | dnl # OK, we have an exact match. Let's be sure that we only find ONE 91 | dnl # matching directory. 92 | dnl # 93 | already=`echo \$$1 ${DIRS} | ${GREP} ${dir}` 94 | if test "x$already" = "x"; then 95 | DIRS="$DIRS $dir" 96 | fi 97 | done 98 | fi 99 | 100 | dnl # 101 | dnl # And remember the directory in which we found the file. 102 | dnl # 103 | eval "$1=\"\$$1 $DIRS\"" 104 | ]) 105 | 106 | 107 | dnl ####################################################################### 108 | dnl # 109 | dnl # Look for a library in a number of places. 110 | dnl # 111 | dnl # FR_SMART_CHECK_LIB(library, function) 112 | dnl # 113 | AC_DEFUN([FR_SMART_CHECK_LIB], [ 114 | 115 | sm_lib_safe=`echo "$1" | sed 'y%./+-%__p_%'` 116 | sm_func_safe=`echo "$2" | sed 'y%./+-%__p_%'` 117 | 118 | dnl # 119 | dnl # We pass all arguments for linker testing in CCPFLAGS as these 120 | dnl # will be passed to the compiler (then linker) first. 121 | dnl # 122 | dnl # The linker will search through -L directories in the order they 123 | dnl # appear on the command line. Unfortunately the same rules appear 124 | dnl # to apply to directories specified with --sysroot, so we must 125 | dnl # pass the user specified directory first. 126 | dnl # 127 | dnl # Really we should be using LDFLAGS (-L) for this. 128 | dnl # 129 | old_LIBS="$LIBS" 130 | old_CPPFLAGS="$CPPFLAGS" 131 | smart_lib= 132 | smart_ldflags= 133 | smart_lib_dir= 134 | 135 | dnl # 136 | dnl # Try first any user-specified directory, otherwise we may pick up 137 | dnl # the wrong version. 138 | dnl # 139 | if test "x$smart_try_dir" != "x"; then 140 | for try in $smart_try_dir; do 141 | AC_MSG_CHECKING([for $2 in -l$1 in $try]) 142 | LIBS="-l$1 $old_LIBS" 143 | CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" 144 | AC_TRY_LINK([extern char $2();], 145 | [$2()], 146 | [ 147 | smart_lib="-l$1" 148 | smart_ldflags="-L$try -Wl,-rpath,$try" 149 | AC_MSG_RESULT(yes) 150 | break 151 | ], 152 | [AC_MSG_RESULT(no)]) 153 | done 154 | LIBS="$old_LIBS" 155 | CPPFLAGS="$old_CPPFLAGS" 156 | fi 157 | 158 | dnl # 159 | dnl # Try using the default library path 160 | dnl # 161 | if test "x$smart_lib" = "x"; then 162 | AC_MSG_CHECKING([for $2 in -l$1]) 163 | LIBS="-l$1 $old_LIBS" 164 | AC_TRY_LINK([extern char $2();], 165 | [$2()], 166 | [ 167 | smart_lib="-l$1" 168 | AC_MSG_RESULT(yes) 169 | ], 170 | [AC_MSG_RESULT(no)]) 171 | LIBS="$old_LIBS" 172 | fi 173 | 174 | dnl # 175 | dnl # Try to guess possible locations. 176 | dnl # 177 | if test "x$smart_lib" = "x"; then 178 | FR_LOCATE_DIR(smart_lib_dir,[lib$1${libltdl_cv_shlibext}]) 179 | FR_LOCATE_DIR(smart_lib_dir,[lib$1.a]) 180 | 181 | for try in $smart_lib_dir /usr/local/lib /opt/lib; do 182 | AC_MSG_CHECKING([for $2 in -l$1 in $try]) 183 | LIBS="-l$1 $old_LIBS" 184 | CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" 185 | AC_TRY_LINK([extern char $2();], 186 | [$2()], 187 | [ 188 | smart_lib="-l$1" 189 | smart_ldflags="-L$try -Wl,-rpath,$try" 190 | AC_MSG_RESULT(yes) 191 | break 192 | ], 193 | [AC_MSG_RESULT(no)]) 194 | done 195 | LIBS="$old_LIBS" 196 | CPPFLAGS="$old_CPPFLAGS" 197 | fi 198 | 199 | dnl # 200 | dnl # Found it, set the appropriate variable. 201 | dnl # 202 | if test "x$smart_lib" != "x"; then 203 | eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" 204 | LIBS="$smart_ldflags $smart_lib $old_LIBS" 205 | SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" 206 | fi 207 | ]) 208 | 209 | dnl ####################################################################### 210 | dnl # 211 | dnl # Look for a header file in a number of places. 212 | dnl # 213 | dnl # FR_SMART_CHECK_INCLUDE(foo.h, [ #include ]) 214 | dnl # 215 | AC_DEFUN([FR_SMART_CHECK_INCLUDE], [ 216 | 217 | ac_safe=`echo "$1" | sed 'y%./+-%__pm%'` 218 | old_CPPFLAGS="$CPPFLAGS" 219 | smart_include= 220 | smart_include_dir= 221 | 222 | dnl # 223 | dnl # Try first any user-specified directory, otherwise we may pick up 224 | dnl # the wrong version. 225 | dnl # 226 | if test "x$smart_try_dir" != "x"; then 227 | for try in $smart_try_dir; do 228 | AC_MSG_CHECKING([for $1 in $try]) 229 | CPPFLAGS="-isystem $try $old_CPPFLAGS" 230 | AC_TRY_COMPILE([$2 231 | #include <$1>], 232 | [int a = 1;], 233 | [ 234 | smart_include="-isystem $try" 235 | AC_MSG_RESULT(yes) 236 | break 237 | ], 238 | [ 239 | smart_include= 240 | AC_MSG_RESULT(no) 241 | ]) 242 | done 243 | CPPFLAGS="$old_CPPFLAGS" 244 | fi 245 | 246 | dnl # 247 | dnl # Try using the default includes. 248 | dnl # 249 | if test "x$smart_include" = "x"; then 250 | AC_MSG_CHECKING([for $1]) 251 | AC_TRY_COMPILE([$2 252 | #include <$1>], 253 | [int a = 1;], 254 | [ 255 | smart_include=" " 256 | AC_MSG_RESULT(yes) 257 | break 258 | ], 259 | [ 260 | smart_include= 261 | AC_MSG_RESULT(no) 262 | ]) 263 | fi 264 | 265 | dnl # 266 | dnl # Try to guess possible locations. 267 | dnl # 268 | if test "x$smart_include" = "x"; then 269 | FR_LOCATE_DIR(smart_include_dir,$1) 270 | for try in $smart_include_dir /usr/local/include /opt/include; do 271 | AC_MSG_CHECKING([for $1 in $try]) 272 | CPPFLAGS="-isystem $try $old_CPPFLAGS" 273 | AC_TRY_COMPILE([$2 274 | #include <$1>], 275 | [int a = 1;], 276 | [ 277 | smart_include="-isystem $try" 278 | AC_MSG_RESULT(yes) 279 | break 280 | ], 281 | [ 282 | smart_include= 283 | AC_MSG_RESULT(no) 284 | ]) 285 | done 286 | CPPFLAGS="$old_CPPFLAGS" 287 | fi 288 | 289 | dnl # 290 | dnl # Found it, set the appropriate variable. 291 | dnl # 292 | if test "x$smart_include" != "x"; then 293 | eval "ac_cv_header_$ac_safe=yes" 294 | CPPFLAGS="$smart_include $old_CPPFLAGS" 295 | SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" 296 | fi 297 | ]) 298 | 299 | dnl ####################################################################### 300 | dnl # 301 | dnl # Look for a header file in a number of places. 302 | dnl # 303 | dnl # Usage: FR_CHECK_STRUCT_HAS_MEMBER([#include ], [struct foo], member) 304 | dnl # If the member is defined, then the variable 305 | dnl # ac_cv_type_struct_foo_has_member is set to 'yes' 306 | dnl # 307 | AC_DEFUN([FR_CHECK_STRUCT_HAS_MEMBER], [ 308 | AC_MSG_CHECKING([for $3 in $2]) 309 | 310 | dnl BASED on 'offsetof': 311 | dnl #define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) 312 | dnl 313 | 314 | AC_TRY_COMPILE([ 315 | $1 316 | #ifdef HAVE_STDDEF_H 317 | #include 318 | #endif 319 | #ifndef offsetof 320 | #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER) 321 | #endif 322 | ], 323 | [ int foo = offsetof($2, $3) ], 324 | has_element=" ", 325 | has_element=) 326 | 327 | ac_safe_type=`echo "$2" | sed 'y% %_%'` 328 | if test "x$has_element" != "x"; then 329 | AC_MSG_RESULT(yes) 330 | eval "ac_cv_type_${ac_safe_type}_has_$3=yes" 331 | else 332 | AC_MSG_RESULT(no) 333 | eval "ac_cv_type_${ac_safe_type}_has_$3=" 334 | fi 335 | ]) 336 | 337 | dnl Autoconf 2.61 breaks the support for chained configure scripts 338 | dnl in combination with config.cache 339 | m4_pushdef([AC_OUTPUT], 340 | [ 341 | unset ac_cv_env_LIBS_set 342 | unset ac_cv_env_LIBS_value 343 | m4_popdef([AC_OUTPUT]) 344 | AC_OUTPUT([$1],[$2],[$3]) 345 | ]) 346 | 347 | dnl # 348 | dnl # Figure out which storage class specifier for Thread Local Storage is supported by the compiler 349 | dnl # 350 | AC_DEFUN([FR_TLS], 351 | [ 352 | dnl # 353 | dnl # See if the compilation works with __thread, for thread-local storage 354 | dnl # 355 | AC_MSG_CHECKING(for __thread support in compiler) 356 | AC_RUN_IFELSE( 357 | [AC_LANG_SOURCE( 358 | [[ 359 | static __thread int val; 360 | int main(int argc, char **argv) { 361 | val = 0; 362 | return val; 363 | } 364 | ]]) 365 | ],[have_tls=yes],[have_tls=no],[have_tls=no]) 366 | AC_MSG_RESULT($have_tls) 367 | if test "x$have_tls" = "xyes"; then 368 | AC_DEFINE([TLS_STORAGE_CLASS],[__thread],[Define if the compiler supports a thread local storage class]) 369 | fi 370 | 371 | dnl # 372 | dnl # __declspec(thread) does exactly the same thing as __thread, but is supported by MSVS 373 | dnl # 374 | if test "x$have_tls" = "xno"; then 375 | AC_MSG_CHECKING(for __declspec(thread) support in compiler) 376 | AC_RUN_IFELSE( 377 | [AC_LANG_SOURCE( 378 | [[ 379 | static _Thread_local int val; 380 | int main(int argc, char **argv) { 381 | val = 0; 382 | return val; 383 | } 384 | ]]) 385 | ],[have_tls=yes],[have_tls=no],[have_tls=no]) 386 | AC_MSG_RESULT($have_tls) 387 | if test "x$have_tls" = "xyes"; then 388 | AC_DEFINE([TLS_STORAGE_CLASS],[__declspec(thread)],[Define if the compiler supports a thread local storage class]) 389 | fi 390 | fi 391 | dnl # 392 | dnl # _Thread_local does exactly the same thing as __thread, but it's standards compliant with C11. 393 | dnl # we, however, state we are only compliant with C99, so the compiler will probably emit warnings 394 | dnl # if we use it. So save it as a last resort. 395 | dnl # 396 | if test "x$have_tls" = "xno"; then 397 | AC_MSG_CHECKING(for _Thread_local support in compiler) 398 | AC_RUN_IFELSE( 399 | [AC_LANG_SOURCE( 400 | [[ 401 | static _Thread_local int val; 402 | int main(int argc, char **argv) { 403 | val = 0; 404 | return val; 405 | } 406 | ]]) 407 | ],[have_tls=yes],[have_tls=no],[have_tls=no]) 408 | AC_MSG_RESULT($have_tls) 409 | if test "x$have_tls" = "xyes"; then 410 | AC_DEFINE([TLS_STORAGE_CLASS],[_Thread_local],[Define if the compiler supports a thread local storage class]) 411 | fi 412 | fi 413 | ]) 414 | 415 | AC_DEFUN([VL_LIB_READLINE], [ 416 | AC_CACHE_CHECK([for a readline compatible library], 417 | vl_cv_lib_readline, [ 418 | ORIG_LIBS="$LIBS" 419 | for readline_lib in readline edit editline; do 420 | for termcap_lib in "" termcap curses ncurses; do 421 | if test -z "$termcap_lib"; then 422 | TRY_LIB="-l$readline_lib" 423 | else 424 | TRY_LIB="-l$readline_lib -l$termcap_lib" 425 | fi 426 | LIBS="$ORIG_LIBS $TRY_LIB" 427 | AC_TRY_LINK_FUNC(readline, vl_cv_lib_readline="$TRY_LIB") 428 | if test -n "$vl_cv_lib_readline"; then 429 | break 430 | fi 431 | done 432 | if test -n "$vl_cv_lib_readline"; then 433 | break 434 | fi 435 | done 436 | if test -z "$vl_cv_lib_readline"; then 437 | vl_cv_lib_readline="no" 438 | LIBS="$ORIG_LIBS" 439 | fi 440 | ]) 441 | 442 | if test "$vl_cv_lib_readline" != "no"; then 443 | LIBREADLINE="$vl_cv_lib_readline" 444 | AC_DEFINE(HAVE_LIBREADLINE, 1, 445 | [Define if you have a readline compatible library]) 446 | AC_CHECK_HEADERS(readline.h readline/readline.h) 447 | AC_CACHE_CHECK([whether readline supports history], 448 | [vl_cv_lib_readline_history], [ 449 | vl_cv_lib_readline_history="no" 450 | AC_TRY_LINK_FUNC([add_history], [vl_cv_lib_readline_history="yes"]) 451 | ]) 452 | if test "$vl_cv_lib_readline_history" = "yes"; then 453 | AC_DEFINE(HAVE_READLINE_HISTORY, 1, 454 | [Define if your readline library has \`add_history']) 455 | AC_CHECK_HEADERS(history.h readline/history.h) 456 | fi 457 | fi 458 | AC_SUBST(LIBREADLINE) 459 | ])dnl 460 | 461 | AC_INCLUDE(aclocal.m4) 462 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc. 5 | 675 Mass Ave, Cambridge, MA 02139, USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Library General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | -------------------------------------------------------------------------------- /configure.ac: -------------------------------------------------------------------------------- 1 | dnl ############################################################# 2 | dnl # 3 | dnl # For information about autoconf, see: 4 | dnl # 5 | dnl # http://www.gnu.org/software/autoconf/ 6 | dnl # 7 | dnl # The recommended order is: 8 | dnl # 9 | dnl # AC_INIT(file) 10 | dnl # 0. checks for compiler, libtool, and command line options 11 | dnl # 1. checks for programs 12 | dnl # 2. checks for libraries 13 | dnl # 3. checks for header files 14 | dnl # 4. checks for typedefs 15 | dnl # 5. checks for structures and functions 16 | dnl # 6. checks for compiler characteristics 17 | dnl # 7. checks for library functions 18 | dnl # 8. checks for system services 19 | dnl # AC_OUTPUT([file...]) 20 | dnl # 21 | dnl ############################################################# 22 | 23 | AC_PREREQ([2.59]) 24 | export CFLAGS LIBS LDFLAGS CPPFLAGS 25 | 26 | AC_INIT([pam_radius],$Id$,[https://github.com/FreeRADIUS/pam_radius/issues],,[http://www.freeradius.org]) 27 | AC_CONFIG_SRCDIR([src/pam_radius_auth.c]) 28 | AC_CONFIG_HEADER([src/config.h]) 29 | m4_include([m4/ax_cc.m4]) 30 | 31 | dnl # 32 | dnl # See if we have Git. 33 | dnl # 34 | AC_CHECK_PROG(GIT, git, yes, no) 35 | 36 | dnl ############################################################# 37 | dnl # 38 | dnl # Custom hackery to discover version at configure time 39 | dnl # 40 | dnl ############################################################# 41 | 42 | PAM_RADIUS_MAJOR_VERSION=`cat VERSION | sed 's/\..*//'` 43 | PAM_RADIUS_MINOR_VERSION=`cat VERSION | sed 's/^[[^\.]]*\.//' | sed 's/\..*$//'` 44 | PAM_RADIUS_INCRM_VERSION=`cat VERSION | sed 's/^.*\..*\.//' | sed 's/[[\.-]].*$//'` 45 | 46 | PAM_RADIUS_VERSION=`echo | awk -v major="$PAM_RADIUS_MAJOR_VERSION" \ 47 | -v minor="$PAM_RADIUS_MINOR_VERSION" \ 48 | -v incrm="$PAM_RADIUS_INCRM_VERSION" \ 49 | '{ printf "%02i%02i%02i", major, minor, incrm }'` 50 | 51 | dnl # 52 | dnl # Still useful for custom builds 53 | dnl # 54 | PAM_RADIUS_VERSION_STRING=`cat VERSION` 55 | 56 | dnl # 57 | dnl # Add definitions to Make.inc as it's used by various build targets 58 | dnl # 59 | AC_SUBST([PAM_RADIUS_VERSION_STRING]) 60 | 61 | dnl # 62 | dnl # Add definitions to autoconf.h, so that the headers that we install 63 | dnl # contain the version number of the server. 64 | dnl # 65 | AC_DEFINE_UNQUOTED([PAM_RADIUS_VERSION], [${PAM_RADIUS_VERSION}], [Version integer in format ]) 66 | AC_DEFINE_UNQUOTED([PAM_RADIUS_VERSION_STRING], ["${PAM_RADIUS_VERSION_STRING}"], [Raw version string from VERSION file]) 67 | 68 | dnl ############################################################# 69 | dnl # 70 | dnl # 0. Checks for compiler, libtool, and command line options. 71 | dnl # 72 | dnl ############################################################# 73 | 74 | dnl # 75 | dnl # Get system information 76 | dnl # 77 | AC_CANONICAL_SYSTEM 78 | 79 | dnl # 80 | dnl # Check for GNU cc 81 | dnl # 82 | AC_PROG_CC 83 | AC_PROG_CXX 84 | 85 | dnl # 86 | dnl # check for AIX, to allow us to use some BSD functions 87 | dnl # must be before macros that call the compiler. 88 | dnl # 89 | AC_AIX 90 | 91 | AC_PROG_GCC_TRADITIONAL 92 | AC_PROG_CC_SUNPRO 93 | AC_PROG_RANLIB 94 | 95 | dnl # 96 | dnl # Definitive check for whether the compiler is clang 97 | dnl # 98 | AX_CC_IS_CLANG 99 | if test "x$ax_cv_cc_clang" = "xyes"; then 100 | AC_SUBST(clang_path, "$CC") 101 | else 102 | AC_SUBST(clang_path, "") 103 | fi 104 | 105 | dnl # 106 | dnl # Set Default CFLAGS for GCC compatible compilers 107 | dnl # 108 | if test "x$GCC" = "xyes"; then 109 | CFLAGS="$CFLAGS -Wall -std=c99 -D_GNU_SOURCE" 110 | fi 111 | 112 | dnl # 113 | dnl # Enable developer features like debugging symbols. 114 | dnl # These checks must be done before expanding the AC_PROG_CC 115 | dnl # and AC_PROG_CXX macros. 116 | dnl # 117 | AC_ARG_ENABLE(developer, 118 | [ --enable-developer enables features of interest to developers.], 119 | [ case "$enableval" in 120 | no) 121 | developer=no 122 | ;; 123 | *) 124 | developer=yes 125 | esac ] 126 | ) 127 | 128 | dnl # 129 | dnl # Turn on the developer flag when taken from a git checkout (not a release) 130 | dnl # 131 | if test "x$GIT" = "xyes" && git status 2>&1 > /dev/null; then 132 | if test "x$PAM_RADIUS_VERSION_RELEASE" = "x"; then 133 | AC_MSG_CHECKING([build release]) 134 | PAM_RADIUS_VERSION_RELEASE=`git describe | sed -e 's/^.*-\([[0-9]]*\)-g[[0-9a-f]]*/\1/'` 135 | AC_MSG_RESULT($PAM_RADIUS_VERSION_RELEASE) 136 | fi 137 | 138 | if test "x$PAM_RADIUS_VERSION_COMMIT" = "x"; then 139 | AC_MSG_CHECKING([build commit]) 140 | PAM_RADIUS_VERSION_COMMIT=`git rev-parse --short=8 HEAD` 141 | AC_MSG_RESULT($PAM_RADIUS_VERSION_COMMIT) 142 | fi 143 | 144 | if test "x$developer" != "xno"; then 145 | AC_MSG_NOTICE([in git repository, enabling developer build implicitly, disable with --disable-developer]) 146 | developer="yes" 147 | fi 148 | fi 149 | 150 | if test "x$PAM_RADIUS_VERSION_RELEASE" != "x"; then 151 | AC_DEFINE_UNQUOTED([PAM_RADIUS_VERSION_RELEASE],["${PAM_RADIUS_VERSION_RELEASE}"],[Version release number at time of configuring]) 152 | fi 153 | 154 | if test "x$PAM_RADIUS_VERSION_COMMIT" != "x"; then 155 | AC_DEFINE_UNQUOTED([PAM_RADIUS_VERSION_COMMIT],["${PAM_RADIUS_VERSION_COMMIT}"],[Commit HEAD at time of configuring]) 156 | fi 157 | 158 | dnl # 159 | dnl # Enable the -fsanitize=address and link in the address sanitizer 160 | dnl # libraries. 161 | dnl # 162 | AC_ARG_ENABLE(address-sanitizer, 163 | [AS_HELP_STRING([--enable-address-sanitizer], 164 | [build with support for address sanitizer.])], 165 | [ case "$enableval" in 166 | no) 167 | address_sanitizer=no 168 | ;; 169 | *) 170 | address_sanitizer=yes 171 | esac ] 172 | ) 173 | 174 | dnl # 175 | dnl # Enable -fsanitize=leak and link in the leak sanitizer 176 | dnl # libraries. 177 | dnl # 178 | AC_ARG_ENABLE(leak-sanitizer, 179 | [AS_HELP_STRING([--enable-leak-sanitizer], 180 | [build with support for leak sanitizer.])], 181 | [ case "$enableval" in 182 | no) 183 | leak_sanitizer=no 184 | ;; 185 | *) 186 | leak_sanitizer=yes 187 | esac ] 188 | ) 189 | 190 | dnl # 191 | dnl # Enable the -fsanitize=undefined and link in the address sanitizer 192 | dnl # libraries. 193 | dnl # 194 | AC_ARG_ENABLE(undefined-behaviour-sanitizer, 195 | [AS_HELP_STRING([--enable-undefined-behaviour-sanitizer], 196 | [build with support for undefined behaviour sanitizer.])], 197 | [ case "$enableval" in 198 | no) 199 | undefined_behaviour_sanitizer=no 200 | ;; 201 | *) 202 | undefined_behaviour_sanitizer=yes 203 | esac ] 204 | ) 205 | 206 | dnl # 207 | dnl # -Qunused-arguments means the compiler won't complain about unsupported arguments 208 | dnl # 209 | AX_CC_QUNUSED_ARGUMENTS_FLAG 210 | if test "x$ax_cv_cc_qunused_arguments_flag" = "xyes"; then 211 | CFLAGS="$CFLAGS -Qunused-arguments" 212 | LDFLAGS="$LDFLAGS -Qunused-arguments" 213 | fi 214 | 215 | dnl # 216 | dnl # check for system bytesex 217 | dnl # AC_DEFINES WORDS_BIGENDIAN 218 | dnl # 219 | AC_C_BIGENDIAN 220 | 221 | AC_ARG_ENABLE(werror, 222 | [ --enable-werror causes the build to fail if any warnings are generated.], 223 | [ case "$enableval" in 224 | no) 225 | werror=no 226 | ;; 227 | *) 228 | werror=yes 229 | esac ] 230 | ) 231 | 232 | dnl ############################################################# 233 | dnl # 234 | dnl # 2. Checks for libraries 235 | dnl # 236 | dnl ############################################################# 237 | 238 | dnl # 239 | dnl # Check for -lresolv 240 | dnl # This library may be needed later. 241 | dnl # 242 | AC_CHECK_LIB(resolv, inet_aton) 243 | 244 | dnl # 245 | dnl # Check if we need -lnsl. Usually if we want to 246 | dnl # link against -lsocket we need to include -lnsl as well. 247 | dnl # 248 | AC_CHECK_LIB(nsl, inet_ntoa) 249 | 250 | dnl ############################################################# 251 | dnl # 252 | dnl # 3. Checks for header files 253 | dnl # 254 | dnl ############################################################# 255 | 256 | AC_CHECK_HEADERS( \ 257 | ctype.h \ 258 | errno.h \ 259 | fcntl.h \ 260 | limits.h \ 261 | malloc.h \ 262 | netdb.h \ 263 | netinet/in.h \ 264 | stdarg.h \ 265 | stdio.h \ 266 | stdlib.h \ 267 | string.h \ 268 | sys/param.h \ 269 | sys/resource.h \ 270 | sys/socket.h \ 271 | sys/stat.h \ 272 | sys/time.h \ 273 | sys/types.h \ 274 | syslog.h \ 275 | poll.h \ 276 | time.h \ 277 | unistd.h 278 | ) 279 | 280 | AC_CHECK_HEADERS(security/pam_appl.h pam/pam_appl.h) 281 | AC_CHECK_HEADERS(security/pam_modules.h pam/pam_modules.h, [], [], 282 | [ 283 | #ifdef HAVE_SECURITY_PAM_APPL_H 284 | # include 285 | #endif 286 | ] 287 | ) 288 | if test x"$ac_cv_header_security_pam_modules_h" != x"yes" -a x"$ac_cv_header_pam_modules_appl_h" != x"yes"; then 289 | AC_MSG_ERROR([pam_modules.h not found]) 290 | fi 291 | 292 | dnl # 293 | dnl # FreeBSD requires sys/socket.h before net/if.h 294 | dnl # 295 | AC_CHECK_HEADERS(net/if.h, [], [], 296 | [ 297 | #ifdef HAVE_SYS_SOCKET_H 298 | # include 299 | #endif 300 | ] 301 | ) 302 | 303 | dnl # 304 | dnl # Linux requires sys/socket.h before linux/if.h 305 | dnl # 306 | AC_CHECK_HEADERS([linux/if.h],[],[], 307 | [ 308 | #if HAVE_SYS_SOCKET_H 309 | # include 310 | #endif 311 | ] 312 | ) 313 | 314 | dnl ############################################################# 315 | dnl # 316 | dnl # 4. Checks for typedefs 317 | dnl # 318 | dnl ############################################################# 319 | 320 | dnl # 321 | dnl # Ensure that these are defined 322 | dnl # 323 | AC_TYPE_OFF_T 324 | AC_TYPE_PID_T 325 | AC_TYPE_SIZE_T 326 | AC_TYPE_UID_T 327 | 328 | dnl # 329 | dnl # Check for socklen_t 330 | dnl # 331 | FR_CHECK_TYPE_INCLUDE( 332 | [ 333 | #ifdef HAVE_SYS_TYPES_H 334 | # include 335 | #endif 336 | 337 | #ifdef HAVE_SYS_SOCKET_H 338 | # include 339 | #endif 340 | ], 341 | socklen_t, int, [socklen_t is generally 'int' on systems which don't use it] 342 | ) 343 | 344 | dnl # 345 | dnl # Check for uint8_t 346 | dnl # 347 | FR_CHECK_TYPE_INCLUDE( 348 | [ 349 | #ifdef HAVE_INTTYPES_H 350 | # include 351 | #endif 352 | 353 | #ifdef HAVE_STDINT_H 354 | # include 355 | #endif 356 | ], 357 | uint8_t, unsigned char, [uint8_t should be the canonical 'octet' for network traffic] 358 | ) 359 | 360 | dnl # 361 | dnl # Check for uint16_t 362 | dnl # 363 | FR_CHECK_TYPE_INCLUDE( 364 | [ 365 | #ifdef HAVE_INTTYPES_H 366 | # include 367 | #endif 368 | 369 | #ifdef HAVE_STDINT_H 370 | # include 371 | #endif 372 | ], 373 | uint16_t, unsigned short, [uint16_t should be the canonical '2 octets' for network traffic] 374 | ) 375 | 376 | dnl # 377 | dnl # Check for uint32_t 378 | dnl # 379 | FR_CHECK_TYPE_INCLUDE( 380 | [ 381 | #ifdef HAVE_INTTYPES_H 382 | # include 383 | #endif 384 | 385 | #ifdef HAVE_STDINT_H 386 | # include 387 | #endif 388 | ], 389 | uint32_t, unsigned int, [uint32_t should be the canonical 'network integer'] 390 | ) 391 | 392 | dnl # 393 | dnl # Check for uint64_t 394 | dnl # 395 | FR_CHECK_TYPE_INCLUDE( 396 | [ 397 | #ifdef HAVE_INTTYPES_H 398 | # include 399 | #endif 400 | 401 | #ifdef HAVE_STDINT_H 402 | # include 403 | #endif 404 | ], 405 | uint64_t, unsigned long long, [uint64_t is required for larger counters] 406 | ) 407 | 408 | dnl ############################################################# 409 | dnl # 410 | dnl # 5. Checks for structures and functions 411 | dnl # 412 | dnl ############################################################# 413 | AC_CHECK_FUNCS( \ 414 | snprintf \ 415 | inet_aton \ 416 | inet_pton \ 417 | inet_ntop \ 418 | setsockopt \ 419 | strlcat \ 420 | strlcpy 421 | ) 422 | 423 | AC_CHECK_TYPE(struct in6_addr, AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1, [IPv6 address structure]), [], 424 | [ 425 | #ifdef HAVE_NETINET_IN_H 426 | # include 427 | #endif 428 | ] 429 | ) 430 | 431 | dnl ############################################################# 432 | dnl # 433 | dnl # 6. Checks for compiler characteristics 434 | dnl # 435 | dnl ############################################################# 436 | 437 | dnl # 438 | dnl # Check for system bytesex 439 | dnl # 440 | AC_C_BIGENDIAN( 441 | [AC_DEFINE(AC_BIG_ENDIAN, 1, [Define if your processor stores words with the most significant byte first])], 442 | [AC_DEFINE(AC_LITTLE_ENDIAN, 1, [Define if your processor stores words with the least significant byte first])] 443 | ) 444 | 445 | dnl # 446 | dnl # Ensure that these are defined 447 | dnl # 448 | AC_C_CONST 449 | 450 | 451 | 452 | 453 | if test "x$developer" = "xyes"; then 454 | AC_MSG_NOTICE([Setting additional developer CFLAGS]) 455 | 456 | dnl # 457 | dnl # If we have -Weverything, it really means *everything* unlike -Wall 458 | dnl # It's so verbose we need to turn off warnings which aren't useful. 459 | dnl # 460 | AX_CC_WEVERYTHING_FLAG 461 | if test "x$ax_cv_cc_weverything_flag" = "xyes"; then 462 | devcflags="$devcflags \ 463 | -W \ 464 | -Weverything \ 465 | -Wformat=2 \ 466 | -Wno-date-time \ 467 | -Wno-disabled-macro-expansion \ 468 | -Wno-format-pedantic \ 469 | -Wno-missing-field-initializers \ 470 | -Wno-cast-align \ 471 | -Wno-conversion \ 472 | -Wno-covered-switch-default \ 473 | -Wno-documentation-unknown-command \ 474 | -Wno-invalid-offsetof \ 475 | -Wno-gnu-empty-initializer \ 476 | -Wno-gnu-statement-expression \ 477 | -Wno-gnu-zero-variadic-macro-arguments \ 478 | -Wno-packed \ 479 | -Wno-padded \ 480 | -Wno-poison-system-directories \ 481 | -Wno-reserved-id-macro \ 482 | -Wno-shorten-64-to-32 \ 483 | -Wno-sign-conversion \ 484 | -Wno-switch-enum \ 485 | -Wno-vla" 486 | else 487 | if test "x$GCC" = "xyes"; then 488 | devcflags="$devcflags \ 489 | -W \ 490 | -Wall \ 491 | -Wcast-align \ 492 | -Wcast-qual \ 493 | -Wformat-nonliteral \ 494 | -Wformat-security \ 495 | -Wformat-y2k \ 496 | -Wformat=2 \ 497 | -Wmissing-declarations \ 498 | -Wmissing-prototypes \ 499 | -Wnested-externs \ 500 | -Wno-cast-align \ 501 | -Wno-format-extra-args \ 502 | -Wno-format-zero-length \ 503 | -Wno-missing-field-initializers \ 504 | -Wpointer-arith \ 505 | -Wredundant-decls \ 506 | -Wshadow \ 507 | -Wstrict-prototypes \ 508 | -Wundef \ 509 | -Wwrite-strings" 510 | INSTALLSTRIP="" 511 | fi 512 | fi 513 | 514 | dnl # 515 | dnl # Tell the compiler to parse doxygen documentation and verify it against function and variable declarations 516 | dnl # 517 | AX_CC_WDOCUMENTATION_FLAG 518 | if test "x$ax_cv_cc_wdocumentation_flag" = "xyes"; then 519 | devcflags="$devcflags -Wdocumentation" 520 | AC_DEFINE([HAVE_WDOCUMENTATION],1,[Define if the compiler supports -Wdocumentation]) 521 | fi 522 | 523 | dnl # 524 | dnl # Older versions of GCC don't support this, but 7 seems to 525 | dnl # 526 | AX_CC_IMPLICIT_FALLTHROUGH_FLAG 527 | if test "x$ax_cv_cc_wimplicit_fallthrough_flag" = "xyes"; then 528 | devcflags="$devcflags -Wimplicit-fallthrough" 529 | fi 530 | 531 | dnl # 532 | dnl # Can't use multiple -fsanitize flags, so we need to combine 533 | dnl # the values into one. 534 | dnl # 535 | fsanitizeflags= 536 | 537 | dnl # 538 | dnl # Add in ASAN 539 | dnl # 540 | if test "x$address_sanitizer" = "xyes"; then 541 | dnl # 542 | dnl # -fsanitize=address - Build with address sanitizer support 543 | dnl # -fno-omit-frame-pointer - Always keep the frame pointer in a register 544 | dnl # -fno-optimize-sibling-calls - Don't optimize away tail recursion. 545 | dnl # 546 | devcflags="$devcflags -fno-omit-frame-pointer -fno-optimize-sibling-calls" 547 | 548 | AC_CHECK_HEADERS(sanitizer/lsan_interface.h) 549 | fsanitizeflags="$fsanitizeflags,address" 550 | fi 551 | 552 | dnl # 553 | dnl # Add in LSAN 554 | dnl # 555 | if test "x$leak_sanitizer" = "xyes"; then 556 | dnl # 557 | dnl # -fsanitize=leak - Build with lsan support 558 | dnl # 559 | fsanitizeflags="$fsanitizeflags,leak" 560 | fi 561 | 562 | dnl # 563 | dnl # Clean the flags up 564 | dnl # 565 | devcflags="$(echo $devcflags | sed -e 's/\\t//g;s/ //g')" 566 | devldflags="$(echo $devldflags | sed -e 's/\\t//g;s/ //g')" 567 | 568 | AC_MSG_NOTICE([Developer CFLAGS are "$devcflags"]) 569 | AC_MSG_NOTICE([Developer LDFLAGS are "$devldflags"]) 570 | 571 | dnl # 572 | dnl # Enable experimental modules (we want to know if code changes breaks one of them) 573 | dnl # 574 | if test "x$EXPERIMENTAL" != "xno"; then 575 | AC_MSG_NOTICE([is developer build, enabling experimental modules implicitly, disable with --without-experimental-modules]) 576 | EXPERIMENTAL=yes 577 | fi 578 | else 579 | devcflags="" 580 | devldflags="" 581 | CFLAGS="$CFLAGS -DNDEBUG" 582 | INSTALLSTRIP="" 583 | fi 584 | 585 | dnl # 586 | dnl # Tell the compiler to parse doxygen documentation and verify it against function and variable declarations 587 | dnl # 588 | AX_CC_WDOCUMENTATION_FLAG 589 | if test "x$ax_cv_cc_wdocumentation_flag" = "xyes"; then 590 | devflags="-Wdocumentation" 591 | fi 592 | 593 | dnl # 594 | dnl # May of been set outside of this configure script 595 | dnl # 596 | AC_MSG_CHECKING([if building with -DNDEBUG]) 597 | if echo "$CFLAGS" | grep '\-DNDEBUG' > /dev/null; then 598 | AC_MSG_RESULT([yes]) 599 | AC_DEFINE([WITH_NDEBUG], [1], [define if pam_radius was built with -DNDEBUG]) 600 | else 601 | AC_MSG_RESULT([no]) 602 | fi 603 | 604 | AC_SUBST(HOSTINFO, $host) 605 | 606 | dnl ############################################################# 607 | dnl # 608 | dnl # Add -Werror last, so it doesn't interfere with autoconf's 609 | dnl # test programs. 610 | dnl # 611 | dnl ############################################################# 612 | CFLAGS="$CFLAGS $devcflags" 613 | LDFLAGS="$LDFLAGS $devldflags" 614 | if test "x$werror" = "xyes"; then 615 | CFLAGS="-Werror $CFLAGS" 616 | fi 617 | 618 | AC_SUBST(LIBS) 619 | AC_OUTPUT(Make.inc) 620 | -------------------------------------------------------------------------------- /config.sub: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # Configuration validation subroutine script. 3 | # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 4 | # 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, 5 | # Inc. 6 | 7 | timestamp='2007-11-19' 8 | 9 | # This file is (in principle) common to ALL GNU software. 10 | # The presence of a machine in this file suggests that SOME GNU software 11 | # can handle that machine. It does not imply ALL GNU software can. 12 | # 13 | # This file is free software; you can redistribute it and/or modify 14 | # it under the terms of the GNU General Public License as published by 15 | # the Free Software Foundation; either version 2 of the License, or 16 | # (at your option) any later version. 17 | # 18 | # This program is distributed in the hope that it will be useful, 19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | # GNU General Public License for more details. 22 | # 23 | # You should have received a copy of the GNU General Public License 24 | # along with this program; if not, write to the Free Software 25 | # Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 26 | # 02110-1301, USA. 27 | # 28 | # As a special exception to the GNU General Public License, if you 29 | # distribute this file as part of a program that contains a 30 | # configuration script generated by Autoconf, you may include it under 31 | # the same distribution terms that you use for the rest of that program. 32 | 33 | 34 | # Please send patches to . Submit a context 35 | # diff and a properly formatted ChangeLog entry. 36 | # 37 | # Configuration subroutine to validate and canonicalize a configuration type. 38 | # Supply the specified configuration type as an argument. 39 | # If it is invalid, we print an error message on stderr and exit with code 1. 40 | # Otherwise, we print the canonical config type on stdout and succeed. 41 | 42 | # This file is supposed to be the same for all GNU packages 43 | # and recognize all the CPU types, system types and aliases 44 | # that are meaningful with *any* GNU software. 45 | # Each package is responsible for reporting which valid configurations 46 | # it does not support. The user should be able to distinguish 47 | # a failure to support a valid configuration from a meaningless 48 | # configuration. 49 | 50 | # The goal of this file is to map all the various variations of a given 51 | # machine specification into a single specification in the form: 52 | # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM 53 | # or in some cases, the newer four-part form: 54 | # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM 55 | # It is wrong to echo any other type of specification. 56 | 57 | me=`echo "$0" | sed -e 's,.*/,,'` 58 | 59 | usage="\ 60 | Usage: $0 [OPTION] CPU-MFR-OPSYS 61 | $0 [OPTION] ALIAS 62 | 63 | Canonicalize a configuration name. 64 | 65 | Operation modes: 66 | -h, --help print this help, then exit 67 | -t, --time-stamp print date of last modification, then exit 68 | -v, --version print version number, then exit 69 | 70 | Report bugs and patches to ." 71 | 72 | version="\ 73 | GNU config.sub ($timestamp) 74 | 75 | Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 76 | Free Software Foundation, Inc. 77 | 78 | This is free software; see the source for copying conditions. There is NO 79 | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." 80 | 81 | help=" 82 | Try \`$me --help' for more information." 83 | 84 | # Parse command line 85 | while test $# -gt 0 ; do 86 | case $1 in 87 | --time-stamp | --time* | -t ) 88 | echo "$timestamp" ; exit ;; 89 | --version | -v ) 90 | echo "$version" ; exit ;; 91 | --help | --h* | -h ) 92 | echo "$usage"; exit ;; 93 | -- ) # Stop option processing 94 | shift; break ;; 95 | - ) # Use stdin as input. 96 | break ;; 97 | -* ) 98 | echo "$me: invalid option $1$help" 99 | exit 1 ;; 100 | 101 | *local*) 102 | # First pass through any local machine types. 103 | echo $1 104 | exit ;; 105 | 106 | * ) 107 | break ;; 108 | esac 109 | done 110 | 111 | case $# in 112 | 0) echo "$me: missing argument$help" >&2 113 | exit 1;; 114 | 1) ;; 115 | *) echo "$me: too many arguments$help" >&2 116 | exit 1;; 117 | esac 118 | 119 | # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). 120 | # Here we must recognize all the valid KERNEL-OS combinations. 121 | maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` 122 | case $maybe_os in 123 | nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ 124 | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ 125 | storm-chaos* | os2-emx* | rtmk-nova*) 126 | os=-$maybe_os 127 | basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` 128 | ;; 129 | *) 130 | basic_machine=`echo $1 | sed 's/-[^-]*$//'` 131 | if [ $basic_machine != $1 ] 132 | then os=`echo $1 | sed 's/.*-/-/'` 133 | else os=; fi 134 | ;; 135 | esac 136 | 137 | ### Let's recognize common machines as not being operating systems so 138 | ### that things like config.sub decstation-3100 work. We also 139 | ### recognize some manufacturers as not being operating systems, so we 140 | ### can provide default operating systems below. 141 | case $os in 142 | -sun*os*) 143 | # Prevent following clause from handling this invalid input. 144 | ;; 145 | -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ 146 | -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ 147 | -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ 148 | -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ 149 | -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ 150 | -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ 151 | -apple | -axis | -knuth | -cray) 152 | os= 153 | basic_machine=$1 154 | ;; 155 | -sim | -cisco | -oki | -wec | -winbond) 156 | os= 157 | basic_machine=$1 158 | ;; 159 | -scout) 160 | ;; 161 | -wrs) 162 | os=-vxworks 163 | basic_machine=$1 164 | ;; 165 | -chorusos*) 166 | os=-chorusos 167 | basic_machine=$1 168 | ;; 169 | -chorusrdb) 170 | os=-chorusrdb 171 | basic_machine=$1 172 | ;; 173 | -hiux*) 174 | os=-hiuxwe2 175 | ;; 176 | -sco6) 177 | os=-sco5v6 178 | basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` 179 | ;; 180 | -sco5) 181 | os=-sco3.2v5 182 | basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` 183 | ;; 184 | -sco4) 185 | os=-sco3.2v4 186 | basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` 187 | ;; 188 | -sco3.2.[4-9]*) 189 | os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` 190 | basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` 191 | ;; 192 | -sco3.2v[4-9]*) 193 | # Don't forget version if it is 3.2v4 or newer. 194 | basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` 195 | ;; 196 | -sco5v6*) 197 | # Don't forget version if it is 3.2v4 or newer. 198 | basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` 199 | ;; 200 | -sco*) 201 | os=-sco3.2v2 202 | basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` 203 | ;; 204 | -udk*) 205 | basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` 206 | ;; 207 | -isc) 208 | os=-isc2.2 209 | basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` 210 | ;; 211 | -clix*) 212 | basic_machine=clipper-intergraph 213 | ;; 214 | -isc*) 215 | basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` 216 | ;; 217 | -lynx*) 218 | os=-lynxos 219 | ;; 220 | -ptx*) 221 | basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` 222 | ;; 223 | -windowsnt*) 224 | os=`echo $os | sed -e 's/windowsnt/winnt/'` 225 | ;; 226 | -psos*) 227 | os=-psos 228 | ;; 229 | -mint | -mint[0-9]*) 230 | basic_machine=m68k-atari 231 | os=-mint 232 | ;; 233 | esac 234 | 235 | # Decode aliases for certain CPU-COMPANY combinations. 236 | case $basic_machine in 237 | # Recognize the basic CPU types without company name. 238 | # Some are omitted here because they have special meanings below. 239 | 1750a | 580 \ 240 | | a29k \ 241 | | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ 242 | | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ 243 | | am33_2.0 \ 244 | | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ 245 | | bfin \ 246 | | c4x | clipper \ 247 | | d10v | d30v | dlx | dsp16xx \ 248 | | fido | fr30 | frv \ 249 | | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ 250 | | i370 | i860 | i960 | ia64 \ 251 | | ip2k | iq2000 \ 252 | | m32c | m32r | m32rle | m68000 | m68k | m88k \ 253 | | maxq | mb | microblaze | mcore | mep \ 254 | | mips | mipsbe | mipseb | mipsel | mipsle \ 255 | | mips16 \ 256 | | mips64 | mips64el \ 257 | | mips64vr | mips64vrel \ 258 | | mips64orion | mips64orionel \ 259 | | mips64vr4100 | mips64vr4100el \ 260 | | mips64vr4300 | mips64vr4300el \ 261 | | mips64vr5000 | mips64vr5000el \ 262 | | mips64vr5900 | mips64vr5900el \ 263 | | mipsisa32 | mipsisa32el \ 264 | | mipsisa32r2 | mipsisa32r2el \ 265 | | mipsisa64 | mipsisa64el \ 266 | | mipsisa64r2 | mipsisa64r2el \ 267 | | mipsisa64sb1 | mipsisa64sb1el \ 268 | | mipsisa64sr71k | mipsisa64sr71kel \ 269 | | mipstx39 | mipstx39el \ 270 | | mn10200 | mn10300 \ 271 | | mt \ 272 | | msp430 \ 273 | | nios | nios2 \ 274 | | ns16k | ns32k \ 275 | | or32 \ 276 | | pdp10 | pdp11 | pj | pjl \ 277 | | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ 278 | | pyramid \ 279 | | score \ 280 | | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ 281 | | sh64 | sh64le \ 282 | | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ 283 | | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ 284 | | spu | strongarm \ 285 | | tahoe | thumb | tic4x | tic80 | tron \ 286 | | v850 | v850e \ 287 | | we32k \ 288 | | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ 289 | | z8k) 290 | basic_machine=$basic_machine-unknown 291 | ;; 292 | m6811 | m68hc11 | m6812 | m68hc12) 293 | # Motorola 68HC11/12. 294 | basic_machine=$basic_machine-unknown 295 | os=-none 296 | ;; 297 | m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) 298 | ;; 299 | ms1) 300 | basic_machine=mt-unknown 301 | ;; 302 | 303 | # We use `pc' rather than `unknown' 304 | # because (1) that's what they normally are, and 305 | # (2) the word "unknown" tends to confuse beginning users. 306 | i*86 | x86_64) 307 | basic_machine=$basic_machine-pc 308 | ;; 309 | # Object if more than one company name word. 310 | *-*-*) 311 | echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 312 | exit 1 313 | ;; 314 | # Recognize the basic CPU types with company name. 315 | 580-* \ 316 | | a29k-* \ 317 | | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ 318 | | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ 319 | | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ 320 | | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ 321 | | avr-* | avr32-* \ 322 | | bfin-* | bs2000-* \ 323 | | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ 324 | | clipper-* | craynv-* | cydra-* \ 325 | | d10v-* | d30v-* | dlx-* \ 326 | | elxsi-* \ 327 | | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ 328 | | h8300-* | h8500-* \ 329 | | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ 330 | | i*86-* | i860-* | i960-* | ia64-* \ 331 | | ip2k-* | iq2000-* \ 332 | | m32c-* | m32r-* | m32rle-* \ 333 | | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ 334 | | m88110-* | m88k-* | maxq-* | mcore-* \ 335 | | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ 336 | | mips16-* \ 337 | | mips64-* | mips64el-* \ 338 | | mips64vr-* | mips64vrel-* \ 339 | | mips64orion-* | mips64orionel-* \ 340 | | mips64vr4100-* | mips64vr4100el-* \ 341 | | mips64vr4300-* | mips64vr4300el-* \ 342 | | mips64vr5000-* | mips64vr5000el-* \ 343 | | mips64vr5900-* | mips64vr5900el-* \ 344 | | mipsisa32-* | mipsisa32el-* \ 345 | | mipsisa32r2-* | mipsisa32r2el-* \ 346 | | mipsisa64-* | mipsisa64el-* \ 347 | | mipsisa64r2-* | mipsisa64r2el-* \ 348 | | mipsisa64sb1-* | mipsisa64sb1el-* \ 349 | | mipsisa64sr71k-* | mipsisa64sr71kel-* \ 350 | | mipstx39-* | mipstx39el-* \ 351 | | mmix-* \ 352 | | mt-* \ 353 | | msp430-* \ 354 | | nios-* | nios2-* \ 355 | | none-* | np1-* | ns16k-* | ns32k-* \ 356 | | orion-* \ 357 | | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ 358 | | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ 359 | | pyramid-* \ 360 | | romp-* | rs6000-* \ 361 | | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ 362 | | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ 363 | | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ 364 | | sparclite-* \ 365 | | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ 366 | | tahoe-* | thumb-* \ 367 | | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ 368 | | tron-* \ 369 | | v850-* | v850e-* | vax-* \ 370 | | we32k-* \ 371 | | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ 372 | | xstormy16-* | xtensa*-* \ 373 | | ymp-* \ 374 | | z8k-*) 375 | ;; 376 | # Recognize the basic CPU types without company name, with glob match. 377 | xtensa*) 378 | basic_machine=$basic_machine-unknown 379 | ;; 380 | # Recognize the various machine names and aliases which stand 381 | # for a CPU type and a company and sometimes even an OS. 382 | 386bsd) 383 | basic_machine=i386-unknown 384 | os=-bsd 385 | ;; 386 | 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) 387 | basic_machine=m68000-att 388 | ;; 389 | 3b*) 390 | basic_machine=we32k-att 391 | ;; 392 | a29khif) 393 | basic_machine=a29k-amd 394 | os=-udi 395 | ;; 396 | abacus) 397 | basic_machine=abacus-unknown 398 | ;; 399 | adobe68k) 400 | basic_machine=m68010-adobe 401 | os=-scout 402 | ;; 403 | alliant | fx80) 404 | basic_machine=fx80-alliant 405 | ;; 406 | altos | altos3068) 407 | basic_machine=m68k-altos 408 | ;; 409 | am29k) 410 | basic_machine=a29k-none 411 | os=-bsd 412 | ;; 413 | amd64) 414 | basic_machine=x86_64-pc 415 | ;; 416 | amd64-*) 417 | basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` 418 | ;; 419 | amdahl) 420 | basic_machine=580-amdahl 421 | os=-sysv 422 | ;; 423 | amiga | amiga-*) 424 | basic_machine=m68k-unknown 425 | ;; 426 | amigaos | amigados) 427 | basic_machine=m68k-unknown 428 | os=-amigaos 429 | ;; 430 | amigaunix | amix) 431 | basic_machine=m68k-unknown 432 | os=-sysv4 433 | ;; 434 | apollo68) 435 | basic_machine=m68k-apollo 436 | os=-sysv 437 | ;; 438 | apollo68bsd) 439 | basic_machine=m68k-apollo 440 | os=-bsd 441 | ;; 442 | aux) 443 | basic_machine=m68k-apple 444 | os=-aux 445 | ;; 446 | balance) 447 | basic_machine=ns32k-sequent 448 | os=-dynix 449 | ;; 450 | c90) 451 | basic_machine=c90-cray 452 | os=-unicos 453 | ;; 454 | convex-c1) 455 | basic_machine=c1-convex 456 | os=-bsd 457 | ;; 458 | convex-c2) 459 | basic_machine=c2-convex 460 | os=-bsd 461 | ;; 462 | convex-c32) 463 | basic_machine=c32-convex 464 | os=-bsd 465 | ;; 466 | convex-c34) 467 | basic_machine=c34-convex 468 | os=-bsd 469 | ;; 470 | convex-c38) 471 | basic_machine=c38-convex 472 | os=-bsd 473 | ;; 474 | cray | j90) 475 | basic_machine=j90-cray 476 | os=-unicos 477 | ;; 478 | craynv) 479 | basic_machine=craynv-cray 480 | os=-unicosmp 481 | ;; 482 | cr16) 483 | basic_machine=cr16-unknown 484 | os=-elf 485 | ;; 486 | crds | unos) 487 | basic_machine=m68k-crds 488 | ;; 489 | crisv32 | crisv32-* | etraxfs*) 490 | basic_machine=crisv32-axis 491 | ;; 492 | cris | cris-* | etrax*) 493 | basic_machine=cris-axis 494 | ;; 495 | crx) 496 | basic_machine=crx-unknown 497 | os=-elf 498 | ;; 499 | da30 | da30-*) 500 | basic_machine=m68k-da30 501 | ;; 502 | decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) 503 | basic_machine=mips-dec 504 | ;; 505 | decsystem10* | dec10*) 506 | basic_machine=pdp10-dec 507 | os=-tops10 508 | ;; 509 | decsystem20* | dec20*) 510 | basic_machine=pdp10-dec 511 | os=-tops20 512 | ;; 513 | delta | 3300 | motorola-3300 | motorola-delta \ 514 | | 3300-motorola | delta-motorola) 515 | basic_machine=m68k-motorola 516 | ;; 517 | delta88) 518 | basic_machine=m88k-motorola 519 | os=-sysv3 520 | ;; 521 | djgpp) 522 | basic_machine=i586-pc 523 | os=-msdosdjgpp 524 | ;; 525 | dpx20 | dpx20-*) 526 | basic_machine=rs6000-bull 527 | os=-bosx 528 | ;; 529 | dpx2* | dpx2*-bull) 530 | basic_machine=m68k-bull 531 | os=-sysv3 532 | ;; 533 | ebmon29k) 534 | basic_machine=a29k-amd 535 | os=-ebmon 536 | ;; 537 | elxsi) 538 | basic_machine=elxsi-elxsi 539 | os=-bsd 540 | ;; 541 | encore | umax | mmax) 542 | basic_machine=ns32k-encore 543 | ;; 544 | es1800 | OSE68k | ose68k | ose | OSE) 545 | basic_machine=m68k-ericsson 546 | os=-ose 547 | ;; 548 | fx2800) 549 | basic_machine=i860-alliant 550 | ;; 551 | genix) 552 | basic_machine=ns32k-ns 553 | ;; 554 | gmicro) 555 | basic_machine=tron-gmicro 556 | os=-sysv 557 | ;; 558 | go32) 559 | basic_machine=i386-pc 560 | os=-go32 561 | ;; 562 | h3050r* | hiux*) 563 | basic_machine=hppa1.1-hitachi 564 | os=-hiuxwe2 565 | ;; 566 | h8300hms) 567 | basic_machine=h8300-hitachi 568 | os=-hms 569 | ;; 570 | h8300xray) 571 | basic_machine=h8300-hitachi 572 | os=-xray 573 | ;; 574 | h8500hms) 575 | basic_machine=h8500-hitachi 576 | os=-hms 577 | ;; 578 | harris) 579 | basic_machine=m88k-harris 580 | os=-sysv3 581 | ;; 582 | hp300-*) 583 | basic_machine=m68k-hp 584 | ;; 585 | hp300bsd) 586 | basic_machine=m68k-hp 587 | os=-bsd 588 | ;; 589 | hp300hpux) 590 | basic_machine=m68k-hp 591 | os=-hpux 592 | ;; 593 | hp3k9[0-9][0-9] | hp9[0-9][0-9]) 594 | basic_machine=hppa1.0-hp 595 | ;; 596 | hp9k2[0-9][0-9] | hp9k31[0-9]) 597 | basic_machine=m68000-hp 598 | ;; 599 | hp9k3[2-9][0-9]) 600 | basic_machine=m68k-hp 601 | ;; 602 | hp9k6[0-9][0-9] | hp6[0-9][0-9]) 603 | basic_machine=hppa1.0-hp 604 | ;; 605 | hp9k7[0-79][0-9] | hp7[0-79][0-9]) 606 | basic_machine=hppa1.1-hp 607 | ;; 608 | hp9k78[0-9] | hp78[0-9]) 609 | # FIXME: really hppa2.0-hp 610 | basic_machine=hppa1.1-hp 611 | ;; 612 | hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) 613 | # FIXME: really hppa2.0-hp 614 | basic_machine=hppa1.1-hp 615 | ;; 616 | hp9k8[0-9][13679] | hp8[0-9][13679]) 617 | basic_machine=hppa1.1-hp 618 | ;; 619 | hp9k8[0-9][0-9] | hp8[0-9][0-9]) 620 | basic_machine=hppa1.0-hp 621 | ;; 622 | hppa-next) 623 | os=-nextstep3 624 | ;; 625 | hppaosf) 626 | basic_machine=hppa1.1-hp 627 | os=-osf 628 | ;; 629 | hppro) 630 | basic_machine=hppa1.1-hp 631 | os=-proelf 632 | ;; 633 | i370-ibm* | ibm*) 634 | basic_machine=i370-ibm 635 | ;; 636 | # I'm not sure what "Sysv32" means. Should this be sysv3.2? 637 | i*86v32) 638 | basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` 639 | os=-sysv32 640 | ;; 641 | i*86v4*) 642 | basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` 643 | os=-sysv4 644 | ;; 645 | i*86v) 646 | basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` 647 | os=-sysv 648 | ;; 649 | i*86sol2) 650 | basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` 651 | os=-solaris2 652 | ;; 653 | i386mach) 654 | basic_machine=i386-mach 655 | os=-mach 656 | ;; 657 | i386-vsta | vsta) 658 | basic_machine=i386-unknown 659 | os=-vsta 660 | ;; 661 | iris | iris4d) 662 | basic_machine=mips-sgi 663 | case $os in 664 | -irix*) 665 | ;; 666 | *) 667 | os=-irix4 668 | ;; 669 | esac 670 | ;; 671 | isi68 | isi) 672 | basic_machine=m68k-isi 673 | os=-sysv 674 | ;; 675 | m88k-omron*) 676 | basic_machine=m88k-omron 677 | ;; 678 | magnum | m3230) 679 | basic_machine=mips-mips 680 | os=-sysv 681 | ;; 682 | merlin) 683 | basic_machine=ns32k-utek 684 | os=-sysv 685 | ;; 686 | mingw32) 687 | basic_machine=i386-pc 688 | os=-mingw32 689 | ;; 690 | mingw32ce) 691 | basic_machine=arm-unknown 692 | os=-mingw32ce 693 | ;; 694 | miniframe) 695 | basic_machine=m68000-convergent 696 | ;; 697 | *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) 698 | basic_machine=m68k-atari 699 | os=-mint 700 | ;; 701 | mips3*-*) 702 | basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` 703 | ;; 704 | mips3*) 705 | basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown 706 | ;; 707 | monitor) 708 | basic_machine=m68k-rom68k 709 | os=-coff 710 | ;; 711 | morphos) 712 | basic_machine=powerpc-unknown 713 | os=-morphos 714 | ;; 715 | msdos) 716 | basic_machine=i386-pc 717 | os=-msdos 718 | ;; 719 | ms1-*) 720 | basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` 721 | ;; 722 | mvs) 723 | basic_machine=i370-ibm 724 | os=-mvs 725 | ;; 726 | ncr3000) 727 | basic_machine=i486-ncr 728 | os=-sysv4 729 | ;; 730 | netbsd386) 731 | basic_machine=i386-unknown 732 | os=-netbsd 733 | ;; 734 | netwinder) 735 | basic_machine=armv4l-rebel 736 | os=-linux 737 | ;; 738 | news | news700 | news800 | news900) 739 | basic_machine=m68k-sony 740 | os=-newsos 741 | ;; 742 | news1000) 743 | basic_machine=m68030-sony 744 | os=-newsos 745 | ;; 746 | news-3600 | risc-news) 747 | basic_machine=mips-sony 748 | os=-newsos 749 | ;; 750 | necv70) 751 | basic_machine=v70-nec 752 | os=-sysv 753 | ;; 754 | next | m*-next ) 755 | basic_machine=m68k-next 756 | case $os in 757 | -nextstep* ) 758 | ;; 759 | -ns2*) 760 | os=-nextstep2 761 | ;; 762 | *) 763 | os=-nextstep3 764 | ;; 765 | esac 766 | ;; 767 | nh3000) 768 | basic_machine=m68k-harris 769 | os=-cxux 770 | ;; 771 | nh[45]000) 772 | basic_machine=m88k-harris 773 | os=-cxux 774 | ;; 775 | nindy960) 776 | basic_machine=i960-intel 777 | os=-nindy 778 | ;; 779 | mon960) 780 | basic_machine=i960-intel 781 | os=-mon960 782 | ;; 783 | nonstopux) 784 | basic_machine=mips-compaq 785 | os=-nonstopux 786 | ;; 787 | np1) 788 | basic_machine=np1-gould 789 | ;; 790 | nsr-tandem) 791 | basic_machine=nsr-tandem 792 | ;; 793 | op50n-* | op60c-*) 794 | basic_machine=hppa1.1-oki 795 | os=-proelf 796 | ;; 797 | openrisc | openrisc-*) 798 | basic_machine=or32-unknown 799 | ;; 800 | os400) 801 | basic_machine=powerpc-ibm 802 | os=-os400 803 | ;; 804 | OSE68000 | ose68000) 805 | basic_machine=m68000-ericsson 806 | os=-ose 807 | ;; 808 | os68k) 809 | basic_machine=m68k-none 810 | os=-os68k 811 | ;; 812 | pa-hitachi) 813 | basic_machine=hppa1.1-hitachi 814 | os=-hiuxwe2 815 | ;; 816 | paragon) 817 | basic_machine=i860-intel 818 | os=-osf 819 | ;; 820 | pbd) 821 | basic_machine=sparc-tti 822 | ;; 823 | pbb) 824 | basic_machine=m68k-tti 825 | ;; 826 | pc532 | pc532-*) 827 | basic_machine=ns32k-pc532 828 | ;; 829 | pc98) 830 | basic_machine=i386-pc 831 | ;; 832 | pc98-*) 833 | basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` 834 | ;; 835 | pentium | p5 | k5 | k6 | nexgen | viac3) 836 | basic_machine=i586-pc 837 | ;; 838 | pentiumpro | p6 | 6x86 | athlon | athlon_*) 839 | basic_machine=i686-pc 840 | ;; 841 | pentiumii | pentium2 | pentiumiii | pentium3) 842 | basic_machine=i686-pc 843 | ;; 844 | pentium4) 845 | basic_machine=i786-pc 846 | ;; 847 | pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) 848 | basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` 849 | ;; 850 | pentiumpro-* | p6-* | 6x86-* | athlon-*) 851 | basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` 852 | ;; 853 | pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) 854 | basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` 855 | ;; 856 | pentium4-*) 857 | basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` 858 | ;; 859 | pn) 860 | basic_machine=pn-gould 861 | ;; 862 | power) basic_machine=power-ibm 863 | ;; 864 | ppc) basic_machine=powerpc-unknown 865 | ;; 866 | ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` 867 | ;; 868 | ppcle | powerpclittle | ppc-le | powerpc-little) 869 | basic_machine=powerpcle-unknown 870 | ;; 871 | ppcle-* | powerpclittle-*) 872 | basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` 873 | ;; 874 | ppc64) basic_machine=powerpc64-unknown 875 | ;; 876 | ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` 877 | ;; 878 | ppc64le | powerpc64little | ppc64-le | powerpc64-little) 879 | basic_machine=powerpc64le-unknown 880 | ;; 881 | ppc64le-* | powerpc64little-*) 882 | basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` 883 | ;; 884 | ps2) 885 | basic_machine=i386-ibm 886 | ;; 887 | pw32) 888 | basic_machine=i586-unknown 889 | os=-pw32 890 | ;; 891 | rdos) 892 | basic_machine=i386-pc 893 | os=-rdos 894 | ;; 895 | rom68k) 896 | basic_machine=m68k-rom68k 897 | os=-coff 898 | ;; 899 | rm[46]00) 900 | basic_machine=mips-siemens 901 | ;; 902 | rtpc | rtpc-*) 903 | basic_machine=romp-ibm 904 | ;; 905 | s390 | s390-*) 906 | basic_machine=s390-ibm 907 | ;; 908 | s390x | s390x-*) 909 | basic_machine=s390x-ibm 910 | ;; 911 | sa29200) 912 | basic_machine=a29k-amd 913 | os=-udi 914 | ;; 915 | sb1) 916 | basic_machine=mipsisa64sb1-unknown 917 | ;; 918 | sb1el) 919 | basic_machine=mipsisa64sb1el-unknown 920 | ;; 921 | sde) 922 | basic_machine=mipsisa32-sde 923 | os=-elf 924 | ;; 925 | sei) 926 | basic_machine=mips-sei 927 | os=-seiux 928 | ;; 929 | sequent) 930 | basic_machine=i386-sequent 931 | ;; 932 | sh) 933 | basic_machine=sh-hitachi 934 | os=-hms 935 | ;; 936 | sh5el) 937 | basic_machine=sh5le-unknown 938 | ;; 939 | sh64) 940 | basic_machine=sh64-unknown 941 | ;; 942 | sparclite-wrs | simso-wrs) 943 | basic_machine=sparclite-wrs 944 | os=-vxworks 945 | ;; 946 | sps7) 947 | basic_machine=m68k-bull 948 | os=-sysv2 949 | ;; 950 | spur) 951 | basic_machine=spur-unknown 952 | ;; 953 | st2000) 954 | basic_machine=m68k-tandem 955 | ;; 956 | stratus) 957 | basic_machine=i860-stratus 958 | os=-sysv4 959 | ;; 960 | sun2) 961 | basic_machine=m68000-sun 962 | ;; 963 | sun2os3) 964 | basic_machine=m68000-sun 965 | os=-sunos3 966 | ;; 967 | sun2os4) 968 | basic_machine=m68000-sun 969 | os=-sunos4 970 | ;; 971 | sun3os3) 972 | basic_machine=m68k-sun 973 | os=-sunos3 974 | ;; 975 | sun3os4) 976 | basic_machine=m68k-sun 977 | os=-sunos4 978 | ;; 979 | sun4os3) 980 | basic_machine=sparc-sun 981 | os=-sunos3 982 | ;; 983 | sun4os4) 984 | basic_machine=sparc-sun 985 | os=-sunos4 986 | ;; 987 | sun4sol2) 988 | basic_machine=sparc-sun 989 | os=-solaris2 990 | ;; 991 | sun3 | sun3-*) 992 | basic_machine=m68k-sun 993 | ;; 994 | sun4) 995 | basic_machine=sparc-sun 996 | ;; 997 | sun386 | sun386i | roadrunner) 998 | basic_machine=i386-sun 999 | ;; 1000 | sv1) 1001 | basic_machine=sv1-cray 1002 | os=-unicos 1003 | ;; 1004 | symmetry) 1005 | basic_machine=i386-sequent 1006 | os=-dynix 1007 | ;; 1008 | t3e) 1009 | basic_machine=alphaev5-cray 1010 | os=-unicos 1011 | ;; 1012 | t90) 1013 | basic_machine=t90-cray 1014 | os=-unicos 1015 | ;; 1016 | tic54x | c54x*) 1017 | basic_machine=tic54x-unknown 1018 | os=-coff 1019 | ;; 1020 | tic55x | c55x*) 1021 | basic_machine=tic55x-unknown 1022 | os=-coff 1023 | ;; 1024 | tic6x | c6x*) 1025 | basic_machine=tic6x-unknown 1026 | os=-coff 1027 | ;; 1028 | tx39) 1029 | basic_machine=mipstx39-unknown 1030 | ;; 1031 | tx39el) 1032 | basic_machine=mipstx39el-unknown 1033 | ;; 1034 | toad1) 1035 | basic_machine=pdp10-xkl 1036 | os=-tops20 1037 | ;; 1038 | tower | tower-32) 1039 | basic_machine=m68k-ncr 1040 | ;; 1041 | tpf) 1042 | basic_machine=s390x-ibm 1043 | os=-tpf 1044 | ;; 1045 | udi29k) 1046 | basic_machine=a29k-amd 1047 | os=-udi 1048 | ;; 1049 | ultra3) 1050 | basic_machine=a29k-nyu 1051 | os=-sym1 1052 | ;; 1053 | v810 | necv810) 1054 | basic_machine=v810-nec 1055 | os=-none 1056 | ;; 1057 | vaxv) 1058 | basic_machine=vax-dec 1059 | os=-sysv 1060 | ;; 1061 | vms) 1062 | basic_machine=vax-dec 1063 | os=-vms 1064 | ;; 1065 | vpp*|vx|vx-*) 1066 | basic_machine=f301-fujitsu 1067 | ;; 1068 | vxworks960) 1069 | basic_machine=i960-wrs 1070 | os=-vxworks 1071 | ;; 1072 | vxworks68) 1073 | basic_machine=m68k-wrs 1074 | os=-vxworks 1075 | ;; 1076 | vxworks29k) 1077 | basic_machine=a29k-wrs 1078 | os=-vxworks 1079 | ;; 1080 | w65*) 1081 | basic_machine=w65-wdc 1082 | os=-none 1083 | ;; 1084 | w89k-*) 1085 | basic_machine=hppa1.1-winbond 1086 | os=-proelf 1087 | ;; 1088 | xbox) 1089 | basic_machine=i686-pc 1090 | os=-mingw32 1091 | ;; 1092 | xps | xps100) 1093 | basic_machine=xps100-honeywell 1094 | ;; 1095 | ymp) 1096 | basic_machine=ymp-cray 1097 | os=-unicos 1098 | ;; 1099 | z8k-*-coff) 1100 | basic_machine=z8k-unknown 1101 | os=-sim 1102 | ;; 1103 | none) 1104 | basic_machine=none-none 1105 | os=-none 1106 | ;; 1107 | 1108 | # Here we handle the default manufacturer of certain CPU types. It is in 1109 | # some cases the only manufacturer, in others, it is the most popular. 1110 | w89k) 1111 | basic_machine=hppa1.1-winbond 1112 | ;; 1113 | op50n) 1114 | basic_machine=hppa1.1-oki 1115 | ;; 1116 | op60c) 1117 | basic_machine=hppa1.1-oki 1118 | ;; 1119 | romp) 1120 | basic_machine=romp-ibm 1121 | ;; 1122 | mmix) 1123 | basic_machine=mmix-knuth 1124 | ;; 1125 | rs6000) 1126 | basic_machine=rs6000-ibm 1127 | ;; 1128 | vax) 1129 | basic_machine=vax-dec 1130 | ;; 1131 | pdp10) 1132 | # there are many clones, so DEC is not a safe bet 1133 | basic_machine=pdp10-unknown 1134 | ;; 1135 | pdp11) 1136 | basic_machine=pdp11-dec 1137 | ;; 1138 | we32k) 1139 | basic_machine=we32k-att 1140 | ;; 1141 | sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) 1142 | basic_machine=sh-unknown 1143 | ;; 1144 | sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) 1145 | basic_machine=sparc-sun 1146 | ;; 1147 | cydra) 1148 | basic_machine=cydra-cydrome 1149 | ;; 1150 | orion) 1151 | basic_machine=orion-highlevel 1152 | ;; 1153 | orion105) 1154 | basic_machine=clipper-highlevel 1155 | ;; 1156 | mac | mpw | mac-mpw) 1157 | basic_machine=m68k-apple 1158 | ;; 1159 | pmac | pmac-mpw) 1160 | basic_machine=powerpc-apple 1161 | ;; 1162 | *-unknown) 1163 | # Make sure to match an already-canonicalized machine name. 1164 | ;; 1165 | *) 1166 | echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 1167 | exit 1 1168 | ;; 1169 | esac 1170 | 1171 | # Here we canonicalize certain aliases for manufacturers. 1172 | case $basic_machine in 1173 | *-digital*) 1174 | basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` 1175 | ;; 1176 | *-commodore*) 1177 | basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` 1178 | ;; 1179 | *) 1180 | ;; 1181 | esac 1182 | 1183 | # Decode manufacturer-specific aliases for certain operating systems. 1184 | 1185 | if [ x"$os" != x"" ] 1186 | then 1187 | case $os in 1188 | # First match some system type aliases 1189 | # that might get confused with valid system types. 1190 | # -solaris* is a basic system type, with this one exception. 1191 | -solaris1 | -solaris1.*) 1192 | os=`echo $os | sed -e 's|solaris1|sunos4|'` 1193 | ;; 1194 | -solaris) 1195 | os=-solaris2 1196 | ;; 1197 | -svr4*) 1198 | os=-sysv4 1199 | ;; 1200 | -unixware*) 1201 | os=-sysv4.2uw 1202 | ;; 1203 | -gnu/linux*) 1204 | os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` 1205 | ;; 1206 | # First accept the basic system types. 1207 | # The portable systems comes first. 1208 | # Each alternative MUST END IN A *, to match a version number. 1209 | # -sysv* is not here because it comes later, after sysvr4. 1210 | -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ 1211 | | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ 1212 | | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ 1213 | | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ 1214 | | -aos* \ 1215 | | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ 1216 | | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ 1217 | | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ 1218 | | -openbsd* | -solidbsd* \ 1219 | | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ 1220 | | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ 1221 | | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ 1222 | | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ 1223 | | -chorusos* | -chorusrdb* \ 1224 | | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ 1225 | | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ 1226 | | -uxpv* | -beos* | -mpeix* | -udk* \ 1227 | | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ 1228 | | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ 1229 | | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ 1230 | | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ 1231 | | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ 1232 | | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ 1233 | | -skyos* | -haiku* | -rdos* | -toppers* | -drops*) 1234 | # Remember, each alternative MUST END IN *, to match a version number. 1235 | ;; 1236 | -qnx*) 1237 | case $basic_machine in 1238 | x86-* | i*86-*) 1239 | ;; 1240 | *) 1241 | os=-nto$os 1242 | ;; 1243 | esac 1244 | ;; 1245 | -nto-qnx*) 1246 | ;; 1247 | -nto*) 1248 | os=`echo $os | sed -e 's|nto|nto-qnx|'` 1249 | ;; 1250 | -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ 1251 | | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ 1252 | | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) 1253 | ;; 1254 | -mac*) 1255 | os=`echo $os | sed -e 's|mac|macos|'` 1256 | ;; 1257 | -linux-dietlibc) 1258 | os=-linux-dietlibc 1259 | ;; 1260 | -linux*) 1261 | os=`echo $os | sed -e 's|linux|linux-gnu|'` 1262 | ;; 1263 | -sunos5*) 1264 | os=`echo $os | sed -e 's|sunos5|solaris2|'` 1265 | ;; 1266 | -sunos6*) 1267 | os=`echo $os | sed -e 's|sunos6|solaris3|'` 1268 | ;; 1269 | -opened*) 1270 | os=-openedition 1271 | ;; 1272 | -os400*) 1273 | os=-os400 1274 | ;; 1275 | -wince*) 1276 | os=-wince 1277 | ;; 1278 | -osfrose*) 1279 | os=-osfrose 1280 | ;; 1281 | -osf*) 1282 | os=-osf 1283 | ;; 1284 | -utek*) 1285 | os=-bsd 1286 | ;; 1287 | -dynix*) 1288 | os=-bsd 1289 | ;; 1290 | -acis*) 1291 | os=-aos 1292 | ;; 1293 | -atheos*) 1294 | os=-atheos 1295 | ;; 1296 | -syllable*) 1297 | os=-syllable 1298 | ;; 1299 | -386bsd) 1300 | os=-bsd 1301 | ;; 1302 | -ctix* | -uts*) 1303 | os=-sysv 1304 | ;; 1305 | -nova*) 1306 | os=-rtmk-nova 1307 | ;; 1308 | -ns2 ) 1309 | os=-nextstep2 1310 | ;; 1311 | -nsk*) 1312 | os=-nsk 1313 | ;; 1314 | # Preserve the version number of sinix5. 1315 | -sinix5.*) 1316 | os=`echo $os | sed -e 's|sinix|sysv|'` 1317 | ;; 1318 | -sinix*) 1319 | os=-sysv4 1320 | ;; 1321 | -tpf*) 1322 | os=-tpf 1323 | ;; 1324 | -triton*) 1325 | os=-sysv3 1326 | ;; 1327 | -oss*) 1328 | os=-sysv3 1329 | ;; 1330 | -svr4) 1331 | os=-sysv4 1332 | ;; 1333 | -svr3) 1334 | os=-sysv3 1335 | ;; 1336 | -sysvr4) 1337 | os=-sysv4 1338 | ;; 1339 | # This must come after -sysvr4. 1340 | -sysv*) 1341 | ;; 1342 | -ose*) 1343 | os=-ose 1344 | ;; 1345 | -es1800*) 1346 | os=-ose 1347 | ;; 1348 | -xenix) 1349 | os=-xenix 1350 | ;; 1351 | -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) 1352 | os=-mint 1353 | ;; 1354 | -aros*) 1355 | os=-aros 1356 | ;; 1357 | -kaos*) 1358 | os=-kaos 1359 | ;; 1360 | -zvmoe) 1361 | os=-zvmoe 1362 | ;; 1363 | -none) 1364 | ;; 1365 | *) 1366 | # Get rid of the `-' at the beginning of $os. 1367 | os=`echo $os | sed 's/[^-]*-//'` 1368 | echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 1369 | exit 1 1370 | ;; 1371 | esac 1372 | else 1373 | 1374 | # Here we handle the default operating systems that come with various machines. 1375 | # The value should be what the vendor currently ships out the door with their 1376 | # machine or put another way, the most popular os provided with the machine. 1377 | 1378 | # Note that if you're going to try to match "-MANUFACTURER" here (say, 1379 | # "-sun"), then you have to tell the case statement up towards the top 1380 | # that MANUFACTURER isn't an operating system. Otherwise, code above 1381 | # will signal an error saying that MANUFACTURER isn't an operating 1382 | # system, and we'll never get to this point. 1383 | 1384 | case $basic_machine in 1385 | score-*) 1386 | os=-elf 1387 | ;; 1388 | spu-*) 1389 | os=-elf 1390 | ;; 1391 | *-acorn) 1392 | os=-riscix1.2 1393 | ;; 1394 | arm*-rebel) 1395 | os=-linux 1396 | ;; 1397 | arm*-semi) 1398 | os=-aout 1399 | ;; 1400 | c4x-* | tic4x-*) 1401 | os=-coff 1402 | ;; 1403 | # This must come before the *-dec entry. 1404 | pdp10-*) 1405 | os=-tops20 1406 | ;; 1407 | pdp11-*) 1408 | os=-none 1409 | ;; 1410 | *-dec | vax-*) 1411 | os=-ultrix4.2 1412 | ;; 1413 | m68*-apollo) 1414 | os=-domain 1415 | ;; 1416 | i386-sun) 1417 | os=-sunos4.0.2 1418 | ;; 1419 | m68000-sun) 1420 | os=-sunos3 1421 | # This also exists in the configure program, but was not the 1422 | # default. 1423 | # os=-sunos4 1424 | ;; 1425 | m68*-cisco) 1426 | os=-aout 1427 | ;; 1428 | mep-*) 1429 | os=-elf 1430 | ;; 1431 | mips*-cisco) 1432 | os=-elf 1433 | ;; 1434 | mips*-*) 1435 | os=-elf 1436 | ;; 1437 | or32-*) 1438 | os=-coff 1439 | ;; 1440 | *-tti) # must be before sparc entry or we get the wrong os. 1441 | os=-sysv3 1442 | ;; 1443 | sparc-* | *-sun) 1444 | os=-sunos4.1.1 1445 | ;; 1446 | *-be) 1447 | os=-beos 1448 | ;; 1449 | *-haiku) 1450 | os=-haiku 1451 | ;; 1452 | *-ibm) 1453 | os=-aix 1454 | ;; 1455 | *-knuth) 1456 | os=-mmixware 1457 | ;; 1458 | *-wec) 1459 | os=-proelf 1460 | ;; 1461 | *-winbond) 1462 | os=-proelf 1463 | ;; 1464 | *-oki) 1465 | os=-proelf 1466 | ;; 1467 | *-hp) 1468 | os=-hpux 1469 | ;; 1470 | *-hitachi) 1471 | os=-hiux 1472 | ;; 1473 | i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) 1474 | os=-sysv 1475 | ;; 1476 | *-cbm) 1477 | os=-amigaos 1478 | ;; 1479 | *-dg) 1480 | os=-dgux 1481 | ;; 1482 | *-dolphin) 1483 | os=-sysv3 1484 | ;; 1485 | m68k-ccur) 1486 | os=-rtu 1487 | ;; 1488 | m88k-omron*) 1489 | os=-luna 1490 | ;; 1491 | *-next ) 1492 | os=-nextstep 1493 | ;; 1494 | *-sequent) 1495 | os=-ptx 1496 | ;; 1497 | *-crds) 1498 | os=-unos 1499 | ;; 1500 | *-ns) 1501 | os=-genix 1502 | ;; 1503 | i370-*) 1504 | os=-mvs 1505 | ;; 1506 | *-next) 1507 | os=-nextstep3 1508 | ;; 1509 | *-gould) 1510 | os=-sysv 1511 | ;; 1512 | *-highlevel) 1513 | os=-bsd 1514 | ;; 1515 | *-encore) 1516 | os=-bsd 1517 | ;; 1518 | *-sgi) 1519 | os=-irix 1520 | ;; 1521 | *-siemens) 1522 | os=-sysv4 1523 | ;; 1524 | *-masscomp) 1525 | os=-rtu 1526 | ;; 1527 | f30[01]-fujitsu | f700-fujitsu) 1528 | os=-uxpv 1529 | ;; 1530 | *-rom68k) 1531 | os=-coff 1532 | ;; 1533 | *-*bug) 1534 | os=-coff 1535 | ;; 1536 | *-apple) 1537 | os=-macos 1538 | ;; 1539 | *-atari*) 1540 | os=-mint 1541 | ;; 1542 | *) 1543 | os=-none 1544 | ;; 1545 | esac 1546 | fi 1547 | 1548 | # Here we handle the case where we know the os, and the CPU type, but not the 1549 | # manufacturer. We pick the logical manufacturer. 1550 | vendor=unknown 1551 | case $basic_machine in 1552 | *-unknown) 1553 | case $os in 1554 | -riscix*) 1555 | vendor=acorn 1556 | ;; 1557 | -sunos*) 1558 | vendor=sun 1559 | ;; 1560 | -aix*) 1561 | vendor=ibm 1562 | ;; 1563 | -beos*) 1564 | vendor=be 1565 | ;; 1566 | -hpux*) 1567 | vendor=hp 1568 | ;; 1569 | -mpeix*) 1570 | vendor=hp 1571 | ;; 1572 | -hiux*) 1573 | vendor=hitachi 1574 | ;; 1575 | -unos*) 1576 | vendor=crds 1577 | ;; 1578 | -dgux*) 1579 | vendor=dg 1580 | ;; 1581 | -luna*) 1582 | vendor=omron 1583 | ;; 1584 | -genix*) 1585 | vendor=ns 1586 | ;; 1587 | -mvs* | -opened*) 1588 | vendor=ibm 1589 | ;; 1590 | -os400*) 1591 | vendor=ibm 1592 | ;; 1593 | -ptx*) 1594 | vendor=sequent 1595 | ;; 1596 | -tpf*) 1597 | vendor=ibm 1598 | ;; 1599 | -vxsim* | -vxworks* | -windiss*) 1600 | vendor=wrs 1601 | ;; 1602 | -aux*) 1603 | vendor=apple 1604 | ;; 1605 | -hms*) 1606 | vendor=hitachi 1607 | ;; 1608 | -mpw* | -macos*) 1609 | vendor=apple 1610 | ;; 1611 | -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) 1612 | vendor=atari 1613 | ;; 1614 | -vos*) 1615 | vendor=stratus 1616 | ;; 1617 | esac 1618 | basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` 1619 | ;; 1620 | esac 1621 | 1622 | echo $basic_machine$os 1623 | exit 1624 | 1625 | # Local variables: 1626 | # eval: (add-hook 'write-file-hooks 'time-stamp) 1627 | # time-stamp-start: "timestamp='" 1628 | # time-stamp-format: "%:y-%02m-%02d" 1629 | # time-stamp-end: "'" 1630 | # End: 1631 | --------------------------------------------------------------------------------