diff --git a/CMakeLists.txt b/CMakeLists.txt index 53fa2aaa..f9640ca6 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,7 +3,12 @@ project(ELOG) cmake_minimum_required(VERSION 2.8) # compile options -option(USE_SSL "Use OpenSSL library for https" OFF) +option(USE_SSL "Use OpenSSL library for https" ON) +option(USE_KRB5 "Use Kerberos library for authentication" OFF) +option(USE_LDAP "Use LDAP library for authentication" OFF) +option(USE_PAM "Use PAM library for authentication" OFF) + +#---------------------------------- include_directories(${CMAKE_SOURCE_DIR}/mxml) @@ -13,13 +18,37 @@ add_compile_options(-Wall -Wno-deprecated-declarations) # disable warnings for regex.c set_source_files_properties(${CMAKE_SOURCE_DIR}/src/regex.c PROPERTIES COMPILE_FLAGS -w) -# optional SSL stuff +# Package finders +list(APPEND CMAKE_MODULE_PATH ${CMAKE_CURRENT_LIST_DIR}/cmake) + +# optional SSL library if (USE_SSL) add_compile_definitions(HAVE_SSL) find_package(OPENSSL REQUIRED) include_directories(${OPENSSL_INCLUDE_DIR}) endif (USE_SSL) +# optional KRB5 library +if (USE_KRB5) + add_compile_definitions(HAVE_KRB5) + find_package(KRB5 REQUIRED) + include_directories(${KERBROS5_INCLUDE_DIR}) +endif (USE_KRB5) + +# optional LDAP library +if (USE_LDAP) + add_compile_definitions(HAVE_LDAP) + find_package(LDAP REQUIRED) + include_directories(${LDAP_INCLUDE_DIR}) +endif (USE_LDAP) + +# optional PAM library +if (USE_PAM) + add_compile_definitions(HAVE_PAM) + find_package(PAM REQUIRED) + include_directories(${PAM_INCLUDE_DIR}) +endif (USE_PAM) + add_executable(elogd ${CMAKE_SOURCE_DIR}/src/elogd.c ${CMAKE_SOURCE_DIR}/src/auth.c @@ -33,7 +62,16 @@ add_executable(elog ${CMAKE_SOURCE_DIR}/src/crypt.c ) -target_link_libraries(elogd ${OPENSSL_LIBRARIES}) -target_link_libraries(elog ${OPENSSL_LIBRARIES}) - - +if(USE_SSL) + target_link_libraries(elogd ${OPENSSL_LIBRARIES}) + target_link_libraries(elog ${OPENSSL_LIBRARIES}) +endif(USE_SSL) +if(USE_KRB5) + target_link_libraries(elogd ${KRB5_LIBRARIES}) +endif(USE_KRB5) +if(USE_LDAP) + target_link_libraries(elogd ${LDAP_LIBRARIES}) +endif(USE_LDAP) +if(USE_PAM) + target_link_libraries(elogd ${PAM_LIBRARIES}) +endif(USE_PAM) diff --git a/cmake/FindKrb5.cmake b/cmake/FindKrb5.cmake new file mode 100644 index 00000000..38a9cac9 --- /dev/null +++ b/cmake/FindKrb5.cmake @@ -0,0 +1,154 @@ +# - Find kerberos 5 +# Find the native Kerberos 5 headers and libraries. +# KRB5_INCLUDE_DIRS - where to find krb5.h, etc. +# KRB5_LIBRARIES - List of libraries when using kerberos 5. +# KRB5_FOUND - True if kerberos 5 found. +# KRB5 modules may be specified as components for this find module. +# Modules may be listed by running "krb5-config". Modules include: +# krb5 Kerberos 5 application +# gssapi GSSAPI application with Kerberos 5 bindings +# krb4 Kerberos 4 application +# kadm-client Kadmin client +# kadm-server Kadmin server +# kdb Application that accesses the kerberos database +# Typical usage: +# FIND_PACKAGE(KRB5 REQUIRED gssapi) + +# First find the config script from which to obtain other values. +IF(KRB5_PREFIX) + FIND_PROGRAM(KRB5_C_CONFIG NAMES krb5-config + PATHS ${KRB5_PREFIX} + NO_SYSTEM_ENVIRONMENT_PATH + NO_DEFAULT_PATH + ) +ENDIF(KRB5_PREFIX) +FIND_PROGRAM(KRB5_C_CONFIG NAMES krb5-config) + +MESSAGE(STATUS "found krb5-config here ${KRB5_C_CONFIG}") + +# Check whether we found anything. +IF(KRB5_C_CONFIG) + SET(KRB5_FOUND 1) +ELSE(KRB5_C_CONFIG) + SET(KRB5_FOUND 0) +ENDIF(KRB5_C_CONFIG) + +# Lookup the include directories needed for the components requested. +IF(KRB5_FOUND) + # Use the newer EXECUTE_PROCESS command if it is available. + IF(COMMAND EXECUTE_PROCESS) + EXECUTE_PROCESS( + COMMAND ${KRB5_C_CONFIG} ${KRB5_FIND_COMPONENTS} --cflags + OUTPUT_VARIABLE KRB5_C_CONFIG_CFLAGS + OUTPUT_STRIP_TRAILING_WHITESPACE + RESULT_VARIABLE KRB5_C_CONFIG_RESULT + ) + ELSE(COMMAND EXECUTE_PROCESS) + EXEC_PROGRAM(${KRB5_C_CONFIG} ARGS "${KRB5_FIND_COMPONENTS} --cflags" + OUTPUT_VARIABLE KRB5_C_CONFIG_CFLAGS + RETURN_VALUE KRB5_C_CONFIG_RESULT + ) + ENDIF(COMMAND EXECUTE_PROCESS) + + # Parse the include flags. + IF("${KRB5_C_CONFIG_RESULT}" MATCHES "^0$") + # Convert the compile flags to a CMake list. + STRING(REGEX REPLACE " +" ";" + KRB5_C_CONFIG_CFLAGS "${KRB5_C_CONFIG_CFLAGS}") + + # Look for -I options. + SET(KRB5_INCLUDE_DIRS) + FOREACH(flag ${KRB5_C_CONFIG_CFLAGS}) + IF("${flag}" MATCHES "^-I") + STRING(REGEX REPLACE "^-I" "" DIR "${flag}") + FILE(TO_CMAKE_PATH "${DIR}" DIR) + SET(KRB5_INCLUDE_DIRS ${KRB5_INCLUDE_DIRS} "${DIR}") + ENDIF("${flag}" MATCHES "^-I") + ENDFOREACH(flag) + ELSE("${KRB5_C_CONFIG_RESULT}" MATCHES "^0$") + MESSAGE("Error running ${KRB5_C_CONFIG}: [${KRB5_C_CONFIG_RESULT}]") + SET(KRB5_FOUND 0) + ENDIF("${KRB5_C_CONFIG_RESULT}" MATCHES "^0$") +ENDIF(KRB5_FOUND) + +SET(KRB5_INCLUDE_DIRS "${KRB5_PREFIX}/include" ${KRB5_INCLUDE_DIRS}) + +# Lookup the libraries needed for the components requested. +IF(KRB5_FOUND) + # Use the newer EXECUTE_PROCESS command if it is available. + IF(COMMAND EXECUTE_PROCESS) + EXECUTE_PROCESS( + COMMAND ${KRB5_C_CONFIG} ${KRB5_FIND_COMPONENTS} --libs + OUTPUT_VARIABLE KRB5_C_CONFIG_LIBS + OUTPUT_STRIP_TRAILING_WHITESPACE + RESULT_VARIABLE KRB5_C_CONFIG_RESULT + ) + ELSE(COMMAND EXECUTE_PROCESS) + EXEC_PROGRAM(${KRB5_C_CONFIG} ARGS "${KRB5_FIND_COMPONENTS} --libs" + OUTPUT_VARIABLE KRB5_C_CONFIG_LIBS + RETURN_VALUE KRB5_C_CONFIG_RESULT + ) + ENDIF(COMMAND EXECUTE_PROCESS) + + # Parse the library names and directories. + IF("${KRB5_C_CONFIG_RESULT}" MATCHES "^0$") + STRING(REGEX REPLACE " +" ";" + KRB5_C_CONFIG_LIBS "${KRB5_C_CONFIG_LIBS}") + + # Look for -L flags for directories and -l flags for library names. + SET(KRB5_LIBRARY_DIRS) + SET(KRB5_LIBRARY_NAMES) + FOREACH(flag ${KRB5_C_CONFIG_LIBS}) + IF("${flag}" MATCHES "^-L") + STRING(REGEX REPLACE "^-L" "" DIR "${flag}") + FILE(TO_CMAKE_PATH "${DIR}" DIR) + SET(KRB5_LIBRARY_DIRS ${KRB5_LIBRARY_DIRS} "${DIR}") + ELSEIF("${flag}" MATCHES "^-l") + STRING(REGEX REPLACE "^-l" "" NAME "${flag}") + SET(KRB5_LIBRARY_NAMES ${KRB5_LIBRARY_NAMES} "${NAME}") + ENDIF("${flag}" MATCHES "^-L") + ENDFOREACH(flag) + + # add gssapi_krb5 (MIT) + SET(KRB5_LIBRARY_NAMES ${KRB5_LIBRARY_NAMES} "gssapi_krb5") + + # Search for each library needed using the directories given. + FOREACH(name ${KRB5_LIBRARY_NAMES}) + # Look for this library. + FIND_LIBRARY(KRB5_${name}_LIBRARY + NAMES ${name} + PATHS ${KRB5_LIBRARY_DIRS} + NO_DEFAULT_PATH + ) + FIND_LIBRARY(KRB5_${name}_LIBRARY NAMES ${name}) + MARK_AS_ADVANCED(KRB5_${name}_LIBRARY) + + # If any library is not found then the whole package is not found. + IF(NOT KRB5_${name}_LIBRARY) + SET(KRB5_FOUND 0) + ENDIF(NOT KRB5_${name}_LIBRARY) + + # Build an ordered list of all the libraries needed. + SET(KRB5_LIBRARIES ${KRB5_LIBRARIES} "${KRB5_${name}_LIBRARY}") + ENDFOREACH(name) + ELSE("${KRB5_C_CONFIG_RESULT}" MATCHES "^0$") + MESSAGE("Error running ${KRB5_C_CONFIG}: [${KRB5_C_CONFIG_RESULT}]") + SET(KRB5_FOUND 0) + ENDIF("${KRB5_C_CONFIG_RESULT}" MATCHES "^0$") +ENDIF(KRB5_FOUND) + +# Report the results. +IF(NOT KRB5_FOUND) + SET(KRB5_DIR_MESSAGE + "KRB5 was not found. Make sure the entries KRB5_* are set.") + IF(NOT KRB5_FIND_QUIETLY) + MESSAGE(STATUS "${KRB5_DIR_MESSAGE}") + ELSE(NOT KRB5_FIND_QUIETLY) + IF(KRB5_FIND_REQUIRED) + MESSAGE(FATAL_ERROR "${KRB5_DIR_MESSAGE}") + ENDIF(KRB5_FIND_REQUIRED) + ENDIF(NOT KRB5_FIND_QUIETLY) +ELSE(NOT KRB5_FOUND) + MESSAGE(STATUS "Found kerberos 5 headers: ${KRB5_INCLUDE_DIRS}") + MESSAGE(STATUS "Found kerberos 5 libs: ${KRB5_LIBRARIES}") +ENDIF(NOT KRB5_FOUND) diff --git a/cmake/FindLDAP.cmake b/cmake/FindLDAP.cmake new file mode 100644 index 00000000..97b1fd5d --- /dev/null +++ b/cmake/FindLDAP.cmake @@ -0,0 +1,23 @@ +# Try to find attr +# Once done, this will define +# +# LDAP_FOUND - system has libldap +# LDAP_INCLUDE_DIRS - the ldap include directories +# LDAP_LIBRARIES - ldap libraries directories + +if(LDAP_INCLUDE_DIRS AND LDAP_LIBRARIES) +set(LDAP_FIND_QUIETLY TRUE) +endif(LDAP_INCLUDE_DIRS AND LDAP_LIBRARIES) + +find_path(LDAP_INCLUDE_DIR ldap.h) +find_library(LDAP_LIBRARY ldap) + +set(LDAP_INCLUDE_DIRS ${LDAP_INCLUDE_DIR}) +set(LDAP_LIBRARIES ${LDAP_LIBRARY}) + +# handle the QUIETLY and REQUIRED arguments and set LDAP_FOUND to TRUE if +# all listed variables are TRUE +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(attr DEFAULT_MSG LDAP_INCLUDE_DIR LDAP_LIBRARY) + +mark_as_advanced(LDAP_INCLUDE_DIR LDAP_LIBRARY) diff --git a/cmake/FindPAM.cmake b/cmake/FindPAM.cmake new file mode 100644 index 00000000..6264680b --- /dev/null +++ b/cmake/FindPAM.cmake @@ -0,0 +1,94 @@ +# - Try to find the PAM libraries +# Once done this will define +# +# PAM_FOUND - system has pam +# PAM_INCLUDE_DIR - the pam include directory +# PAM_LIBRARIES - libpam library +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +if (PAM_INCLUDE_DIR AND PAM_LIBRARY) + # Already in cache, be silent + set(PAM_FIND_QUIETLY TRUE) +endif (PAM_INCLUDE_DIR AND PAM_LIBRARY) + +find_path(PAM_INCLUDE_DIR NAMES security/pam_appl.h pam/pam_appl.h) +find_library(PAM_LIBRARY pam) +find_library(DL_LIBRARY dl) + +if (PAM_INCLUDE_DIR AND PAM_LIBRARY) + set(PAM_FOUND TRUE) + if (DL_LIBRARY) + set(PAM_LIBRARIES ${PAM_LIBRARY} ${DL_LIBRARY}) + else (DL_LIBRARY) + set(PAM_LIBRARIES ${PAM_LIBRARY}) + endif (DL_LIBRARY) + + if (EXISTS ${PAM_INCLUDE_DIR}/pam/pam_appl.h) + # darwin claims to be something special + set(HAVE_PAM_PAM_APPL_H 1) + endif (EXISTS ${PAM_INCLUDE_DIR}/pam/pam_appl.h) + + if (NOT DEFINED PAM_MESSAGE_CONST) + include(CheckCXXSourceCompiles) + # XXX does this work with plain c? + check_cxx_source_compiles(" +#if ${HAVE_PAM_PAM_APPL_H}+0 +# include +#else +# include +#endif +static int PAM_conv( + int num_msg, + const struct pam_message **msg, /* this is the culprit */ + struct pam_response **resp, + void *ctx) +{ + return 0; +} +int main(void) +{ + struct pam_conv PAM_conversation = { + &PAM_conv, /* this bombs out if the above does not match */ + 0 + }; + return 0; +} +" PAM_MESSAGE_CONST) + endif (NOT DEFINED PAM_MESSAGE_CONST) + set(PAM_MESSAGE_CONST ${PAM_MESSAGE_CONST} CACHE BOOL "PAM expects a conversation function with const pam_message") + +endif (PAM_INCLUDE_DIR AND PAM_LIBRARY) + +if (PAM_FOUND) + if (NOT PAM_FIND_QUIETLY) + message(STATUS "Found PAM: ${PAM_LIBRARIES}") + endif (NOT PAM_FIND_QUIETLY) +else (PAM_FOUND) + if (PAM_FIND_REQUIRED) + message(FATAL_ERROR "PAM was not found") + endif(PAM_FIND_REQUIRED) +endif (PAM_FOUND) + +mark_as_advanced(PAM_INCLUDE_DIR PAM_LIBRARY DL_LIBRARY PAM_MESSAGE_CONST)