websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Upstream version 4.0.5

Browse Source
This commit is contained in:
Mario Fetka
2021-07-25 07:50:50 +02:00
parent 8ff3be4216
commit 3bfaa6e020
2049 changed files with 317193 additions and 1632423 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
ipa-client/AUTHORS Normal file
View File

142
ipa-client/Makefile.am Normal file
View File

@@ -0,0 +1,142 @@
# This file will be processed with automake-1.7 to create Makefile.in
AUTOMAKE_OPTIONS = 1.7
NULL =
AM_CFLAGS = $(NULL)
if HAVE_GCC
AM_CFLAGS += -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith \
-Wcast-align -Werror-implicit-function-declaration \
$(NULL)
endif
export AM_CFLAGS
KRB5_UTIL_DIR=../util
KRB5_UTIL_SRCS=$(KRB5_UTIL_DIR)/ipa_krb5.c
AM_CPPFLAGS = \
-I. \
-I$(srcdir) \
-I$(KRB5_UTIL_DIR) \
-DPREFIX=\""$(prefix)"\" \
-DBINDIR=\""$(bindir)"\" \
-DLIBDIR=\""$(libdir)"\" \
-DLIBEXECDIR=\""$(libexecdir)"\" \
-DDATADIR=\""$(datadir)"\" \
-DLOCALEDIR=\""$(localedir)"\" \
$(KRB5_CFLAGS) \
$(OPENLDAP_CFLAGS) \
$(SASL_CFLAGS) \
$(POPT_CFLAGS) \
$(WARN_CFLAGS) \
$(NULL)
sbin_PROGRAMS = \
ipa-getkeytab \
ipa-rmkeytab \
ipa-join \
$(NULL)
ipa_getkeytab_SOURCES = \
ipa-getkeytab.c \
ipa-client-common.c \
$(KRB5_UTIL_SRCS) \
$(NULL)
ipa_getkeytab_LDADD = \
$(KRB5_LIBS) \
$(OPENLDAP_LIBS) \
$(SASL_LIBS) \
$(POPT_LIBS) \
$(LIBINTL_LIBS) \
$(NULL)
ipa_rmkeytab_SOURCES = \
ipa-rmkeytab.c \
ipa-client-common.c \
$(NULL)
ipa_rmkeytab_LDADD = \
$(KRB5_LIBS) \
$(POPT_LIBS) \
$(LIBINTL_LIBS) \
$(NULL)
ipa_join_SOURCES = \
config.c \
ipa-client-common.c \
ipa-join.c \
$(NULL)
ipa_join_LDADD = \
$(KRB5_LIBS) \
$(OPENLDAP_LIBS) \
$(SASL_LIBS) \
$(CURL_LIBS) \
$(XMLRPC_LIBS) \
$(POPT_LIBS) \
$(LIBINTL_LIBS) \
$(NULL)
SUBDIRS = \
ipaclient \
ipa-install \
man \
$(NULL)
EXTRA_DIST = \
ipa-client.spec \
COPYING \
AUTHORS \
INSTALL \
README \
HACKING \
NEWS \
ChangeLog \
$(NULL)
DISTCLEANFILES = \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
intltool-*.in \
compile \
configure \
COPYING \
INSTALL \
install-sh \
missing \
mkinstalldirs \
config.guess \
ltmain.sh \
config.sub \
depcomp \
Makefile.in \
config.h.* \
aclocal.m4 \
version.m4 \
ipa-client.spec \
py-compile \
$(NULL)
# Creating ChangeLog from hg log (taken from cairo/Makefile.am):
ChangeLog: $(srcdir)/ChangeLog
$(srcdir)/ChangeLog:
@if test -d "$(srcdir)/../.hg"; then \
(cd "$(srcdir)" && \
./missing --run hg log --verbose) | fmt --split-only > $@.tmp \
&& mv -f $@.tmp $@ \
|| ($(RM) $@.tmp; \
echo Failed to generate ChangeLog, your ChangeLog may be outdated >&2; \
(test -f $@ || echo hg log is required to generate this file >> $@)); \
else \
test -f $@ || \
(echo A hg checkout and hg -log is required to generate ChangeLog >&2 && \
echo A hg checkout and hg log is required to generate this file >> $@); \
fi
.PHONY: ChangeLog $(srcdir)/ChangeLog

1121
ipa-client/Makefile.in Normal file
View File

File diff suppressed because it is too large Load Diff

0
ipa-client/NEWS Normal file
View File

24
ipa-client/README Normal file
View File

@@ -0,0 +1,24 @@
Code to be installed on any client that wants to be in an IPA domain.
Mostly consists of a tool for Linux systems that will help configure the
client so it will work properly in a kerberized environment.
It also includes several ways to configure Firefox to do single sign-on.
The two methods on the client side are:
1. globalsetup.sh. This modifies the global Firefox installation so that
any profiles created will be pre-configured.
2. usersetup.sh. This will update a user's existing profile.
The downside of #1 is that an rpm -V will return a failure. It will also
need to be run with every update of Firefox.
One a profile contains the proper preferences it will be unaffected by
upgrades to Firefox.
The downside of #2 is that every user would need to run this each time they
create a new profile.
There is a third, server-side method. See ipa-server/README for details.

10017
ipa-client/aclocal.m4 vendored Normal file
View File

File diff suppressed because it is too large Load Diff

15332
ipa-client/autom4te.cache/output.0 Normal file
View File

File diff suppressed because it is too large Load Diff

15328
ipa-client/autom4te.cache/output.1 Normal file
View File

File diff suppressed because it is too large Load Diff

304
ipa-client/autom4te.cache/requests Normal file
View File

@@ -0,0 +1,304 @@
# This file was generated.
# It contains the lists of macros which have been traced.
# It can be safely removed.
@request = (
bless( [
'0',
1,
[
'/usr/share/autoconf'
],
[
'/usr/share/autoconf/autoconf/autoconf.m4f',
'-',
'/usr/share/aclocal-1.14/internal/ac-config-macro-dirs.m4',
'/usr/share/aclocal/argz.m4',
'/usr/share/aclocal/libtool.m4',
'/usr/share/aclocal/ltdl.m4',
'/usr/share/aclocal/ltoptions.m4',
'/usr/share/aclocal/ltsugar.m4',
'/usr/share/aclocal/ltversion.m4',
'/usr/share/aclocal/lt~obsolete.m4',
'/usr/share/aclocal-1.14/amversion.m4',
'/usr/share/aclocal-1.14/auxdir.m4',
'/usr/share/aclocal-1.14/cond.m4',
'/usr/share/aclocal-1.14/depend.m4',
'/usr/share/aclocal-1.14/depout.m4',
'/usr/share/aclocal-1.14/init.m4',
'/usr/share/aclocal-1.14/install-sh.m4',
'/usr/share/aclocal-1.14/lead-dot.m4',
'/usr/share/aclocal-1.14/maintainer.m4',
'/usr/share/aclocal-1.14/make.m4',
'/usr/share/aclocal-1.14/missing.m4',
'/usr/share/aclocal-1.14/options.m4',
'/usr/share/aclocal-1.14/prog-cc-c-o.m4',
'/usr/share/aclocal-1.14/python.m4',
'/usr/share/aclocal-1.14/runlog.m4',
'/usr/share/aclocal-1.14/sanity.m4',
'/usr/share/aclocal-1.14/silent.m4',
'/usr/share/aclocal-1.14/strip.m4',
'/usr/share/aclocal-1.14/substnot.m4',
'/usr/share/aclocal-1.14/tar.m4',
'configure.ac'
],
{
'LTOPTIONS_VERSION' => 1,
'LT_SYS_SYMBOL_USCORE' => 1,
'_AM_SET_OPTION' => 1,
'LT_PATH_LD' => 1,
'AM_SUBST_NOTMAKE' => 1,
'_LT_LINKER_OPTION' => 1,
'AC_LTDL_SYSSEARCHPATH' => 1,
'_LT_AC_SYS_LIBPATH_AIX' => 1,
'AC_PROG_LD_GNU' => 1,
'AC_LTDL_SYMBOL_USCORE' => 1,
'AC_LIBTOOL_LANG_CXX_CONFIG' => 1,
'LT_SYS_DLOPEN_SELF' => 1,
'LT_PROG_RC' => 1,
'_LT_WITH_SYSROOT' => 1,
'_LT_AC_LANG_CXX' => 1,
'AC_DISABLE_SHARED' => 1,
'LT_AC_PROG_EGREP' => 1,
'_AM_PROG_TAR' => 1,
'LTVERSION_VERSION' => 1,
'LT_INIT' => 1,
'AC_PROG_LD_RELOAD_FLAG' => 1,
'AC_ENABLE_SHARED' => 1,
'AC_LIBTOOL_CXX' => 1,
'AM_PROG_INSTALL_SH' => 1,
'AM_ENABLE_SHARED' => 1,
'AC_LIBTOOL_FC' => 1,
'AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
'AM_MISSING_PROG' => 1,
'LT_LIB_M' => 1,
'_LT_PROG_CXX' => 1,
'AM_RUN_LOG' => 1,
'AC_DISABLE_FAST_INSTALL' => 1,
'LT_SYS_MODULE_PATH' => 1,
'AC_LIBTOOL_PROG_COMPILER_NO_RTTI' => 1,
'AC_PATH_MAGIC' => 1,
'AM_INIT_AUTOMAKE' => 1,
'AC_LTDL_SYS_DLOPEN_DEPLIBS' => 1,
'AC_WITH_LTDL' => 1,
'AM_SET_LEADING_DOT' => 1,
'AM_SANITY_CHECK' => 1,
'AC_LIBTOOL_PROG_CC_C_O' => 1,
'AC_LTDL_PREOPEN' => 1,
'_AM_SUBST_NOTMAKE' => 1,
'_LT_PROG_ECHO_BACKSLASH' => 1,
'_LT_PROG_F77' => 1,
'm4_include' => 1,
'AM_AUTOMAKE_VERSION' => 1,
'AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH' => 1,
'AM_MAKE_INCLUDE' => 1,
'AC_LTDL_DLLIB' => 1,
'AC_DISABLE_STATIC' => 1,
'AM_PROG_CC_C_O' => 1,
'_LT_COMPILER_OPTION' => 1,
'_LT_PROG_LTMAIN' => 1,
'AC_LIBTOOL_LANG_RC_CONFIG' => 1,
'_AM_MANGLE_OPTION' => 1,
'_AC_PROG_LIBTOOL' => 1,
'LTDL_CONVENIENCE' => 1,
'_LT_AC_TRY_DLOPEN_SELF' => 1,
'm4_pattern_allow' => 1,
'LT_AC_PROG_SED' => 1,
'_m4_warn' => 1,
'AC_LIBTOOL_SYS_MAX_CMD_LEN' => 1,
'LT_SYS_DLSEARCH_PATH' => 1,
'AM_PYTHON_CHECK_VERSION' => 1,
'_LT_AC_LANG_GCJ' => 1,
'_LT_AC_LANG_C_CONFIG' => 1,
'AM_PROG_LD' => 1,
'AC_LIBTOOL_F77' => 1,
'AM_SET_CURRENT_AUTOMAKE_VERSION' => 1,
'AC_LIBTOOL_SETUP' => 1,
'AC_LIBTOOL_PICMODE' => 1,
'_LT_AC_FILE_LTDLL_C' => 1,
'LT_AC_PROG_GCJ' => 1,
'AC_LIBTOOL_GCJ' => 1,
'gl_PREREQ_ARGZ' => 1,
'_LT_AC_LANG_F77' => 1,
'_LT_AC_SHELL_INIT' => 1,
'_LT_AC_LOCK' => 1,
'AC_LIBTOOL_SYS_LIB_STRIP' => 1,
'_LT_AC_LANG_CXX_CONFIG' => 1,
'LTSUGAR_VERSION' => 1,
'LT_WITH_LTDL' => 1,
'AC_LIBTOOL_SYS_DYNAMIC_LINKER' => 1,
'AM_AUX_DIR_EXPAND' => 1,
'AC_ENABLE_STATIC' => 1,
'AC_LTDL_SHLIBPATH' => 1,
'_AC_AM_CONFIG_HEADER_HOOK' => 1,
'LT_OUTPUT' => 1,
'AC_LIBTOOL_SYS_OLD_ARCHIVE' => 1,
'LT_PROG_GO' => 1,
'AM_ENABLE_STATIC' => 1,
'LT_FUNC_DLSYM_USCORE' => 1,
'_LT_AC_LANG_GCJ_CONFIG' => 1,
'AC_LTDL_OBJDIR' => 1,
'AC_PATH_TOOL_PREFIX' => 1,
'AC_LTDL_ENABLE_INSTALL' => 1,
'_LT_AC_SYS_COMPILER' => 1,
'AC_LIBTOOL_DLOPEN_SELF' => 1,
'_LT_COMPILER_BOILERPLATE' => 1,
'AC_LIBTOOL_POSTDEP_PREDEP' => 1,
'_AM_DEPENDENCIES' => 1,
'AC_LIBTOOL_LINKER_OPTION' => 1,
'AC_CHECK_LIBM' => 1,
'LTDL_INIT' => 1,
'LT_SYS_MODULE_EXT' => 1,
'AC_LIB_LTDL' => 1,
'_AM_IF_OPTION' => 1,
'LTOBSOLETE_VERSION' => 1,
'include' => 1,
'_LT_AC_PROG_ECHO_BACKSLASH' => 1,
'AC_LIBTOOL_LANG_F77_CONFIG' => 1,
'm4_pattern_forbid' => 1,
'AC_LTDL_DLSYM_USCORE' => 1,
'AC_LIBTOOL_RC' => 1,
'AC_CONFIG_MACRO_DIR_TRACE' => 1,
'AC_LIBTOOL_LANG_GCJ_CONFIG' => 1,
'_AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
'AM_SILENT_RULES' => 1,
'LT_AC_PROG_RC' => 1,
'_LT_AC_LANG_F77_CONFIG' => 1,
'AM_PATH_PYTHON' => 1,
'AM_PROG_INSTALL_STRIP' => 1,
'AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE' => 1,
'AM_SET_DEPDIR' => 1,
'AC_LIBTOOL_CONFIG' => 1,
'AC_LIBTOOL_PROG_LD_SHLIBS' => 1,
'AC_PROG_LD' => 1,
'AC_DEFUN' => 1,
'_LT_AC_CHECK_DLFCN' => 1,
'LT_PATH_NM' => 1,
'LT_SYS_DLOPEN_DEPLIBS' => 1,
'AC_ENABLE_FAST_INSTALL' => 1,
'_LT_AC_TAGCONFIG' => 1,
'AC_DEPLIBS_CHECK_METHOD' => 1,
'_AM_SET_OPTIONS' => 1,
'_LT_LINKER_BOILERPLATE' => 1,
'_LT_LIBOBJ' => 1,
'_AM_PROG_CC_C_O' => 1,
'_LT_PROG_FC' => 1,
'AC_LIBTOOL_OBJDIR' => 1,
'AC_LIBTOOL_PROG_COMPILER_PIC' => 1,
'AC_LIBTOOL_LANG_C_CONFIG' => 1,
'AC_LIBLTDL_CONVENIENCE' => 1,
'LT_LIB_DLLOAD' => 1,
'AM_MAINTAINER_MODE' => 1,
'AM_DISABLE_SHARED' => 1,
'AC_CONFIG_MACRO_DIR' => 1,
'AM_MISSING_HAS_RUN' => 1,
'AC_LIBTOOL_DLOPEN' => 1,
'AC_PROG_EGREP' => 1,
'AM_PROG_LIBTOOL' => 1,
'AU_DEFUN' => 1,
'_AM_AUTOCONF_VERSION' => 1,
'AM_CONDITIONAL' => 1,
'AC_LIBLTDL_INSTALLABLE' => 1,
'LT_CONFIG_LTDL_DIR' => 1,
'LT_CMD_MAX_LEN' => 1,
'AM_DEP_TRACK' => 1,
'gl_FUNC_ARGZ' => 1,
'_LT_AC_PROG_CXXCPP' => 1,
'AC_LIBTOOL_WIN32_DLL' => 1,
'_LT_PREPARE_SED_QUOTE_VARS' => 1,
'LT_LANG' => 1,
'AC_PROG_LIBTOOL' => 1,
'AM_DISABLE_STATIC' => 1,
'LTDL_INSTALLABLE' => 1,
'AC_DEFUN_ONCE' => 1,
'AM_PROG_NM' => 1,
'AC_LTDL_SHLIBEXT' => 1,
'_LTDL_SETUP' => 1,
'_LT_CC_BASENAME' => 1,
'_LT_AC_TAGVAR' => 1,
'AC_LIBTOOL_COMPILER_OPTION' => 1,
'AC_PROG_NM' => 1,
'_LT_REQUIRED_DARWIN_CHECKS' => 1,
'LT_PROG_GCJ' => 1,
'_AM_CONFIG_MACRO_DIRS' => 1,
'AC_LIBTOOL_SYS_HARD_LINK_LOCKS' => 1,
'_LT_AC_LANG_RC_CONFIG' => 1,
'LT_SUPPORTED_TAG' => 1,
'_LT_PATH_TOOL_PREFIX' => 1
}
], 'Autom4te::Request' ),
bless( [
'1',
1,
[
'/usr/share/autoconf'
],
[
'/usr/share/autoconf/autoconf/autoconf.m4f',
'aclocal.m4',
'configure.ac'
],
{
'_AM_COND_IF' => 1,
'AC_DEFINE_TRACE_LITERAL' => 1,
'_m4_warn' => 1,
'AM_MAKEFILE_INCLUDE' => 1,
'include' => 1,
'AM_PROG_MKDIR_P' => 1,
'_AM_MAKEFILE_INCLUDE' => 1,
'AC_PROG_LIBTOOL' => 1,
'_AM_COND_ENDIF' => 1,
'm4_pattern_forbid' => 1,
'AC_FC_SRCEXT' => 1,
'AC_CANONICAL_TARGET' => 1,
'AC_CANONICAL_SYSTEM' => 1,
'm4_sinclude' => 1,
'AC_CANONICAL_HOST' => 1,
'AC_SUBST_TRACE' => 1,
'AM_SILENT_RULES' => 1,
'AC_CONFIG_HEADERS' => 1,
'AM_PROG_FC_C_O' => 1,
'AH_OUTPUT' => 1,
'AC_SUBST' => 1,
'AM_INIT_AUTOMAKE' => 1,
'AM_EXTRA_RECURSIVE_TARGETS' => 1,
'AC_CONFIG_FILES' => 1,
'LT_SUPPORTED_TAG' => 1,
'AC_FC_PP_SRCEXT' => 1,
'_AM_COND_ELSE' => 1,
'AC_FC_PP_DEFINE' => 1,
'AC_FC_FREEFORM' => 1,
'AC_CONFIG_AUX_DIR' => 1,
'_AM_SUBST_NOTMAKE' => 1,
'AM_PATH_GUILE' => 1,
'AM_AUTOMAKE_VERSION' => 1,
'_LT_AC_TAGCONFIG' => 1,
'm4_include' => 1,
'AC_CANONICAL_BUILD' => 1,
'AC_REQUIRE_AUX_FILE' => 1,
'AM_ENABLE_MULTILIB' => 1,
'AM_PROG_CC_C_O' => 1,
'AC_LIBSOURCE' => 1,
'AM_GNU_GETTEXT' => 1,
'AM_PROG_CXX_C_O' => 1,
'AM_NLS' => 1,
'AM_MAINTAINER_MODE' => 1,
'AC_CONFIG_LIBOBJ_DIR' => 1,
'AM_POT_TOOLS' => 1,
'AC_INIT' => 1,
'AC_CONFIG_LINKS' => 1,
'AM_CONDITIONAL' => 1,
'AM_PROG_MOC' => 1,
'AM_PROG_AR' => 1,
'AM_GNU_GETTEXT_INTL_SUBDIR' => 1,
'sinclude' => 1,
'LT_CONFIG_LTDL_DIR' => 1,
'LT_INIT' => 1,
'm4_pattern_allow' => 1,
'AM_PROG_F77_C_O' => 1,
'AC_CONFIG_SUBDIRS' => 1,
'AM_XGETTEXT_OPTION' => 1
}
], 'Autom4te::Request' )
);

2846
ipa-client/autom4te.cache/traces.0 Normal file
View File

File diff suppressed because it is too large Load Diff

626
ipa-client/autom4te.cache/traces.1 Normal file
View File

@@ -0,0 +1,626 @@
m4trace:configure.ac:2: -1- m4_include([version.m4])
m4trace:configure.ac:3: -1- AC_INIT([ipa-client], [4.0.5], [https://hosted.fedoraproject.org/projects/freeipa/newticket])
m4trace:configure.ac:3: -1- m4_pattern_forbid([^_?A[CHUM]_])
m4trace:configure.ac:3: -1- m4_pattern_forbid([_AC_])
m4trace:configure.ac:3: -1- m4_pattern_forbid([^LIBOBJS$], [do not use LIBOBJS directly, use AC_LIBOBJ (see section `AC_LIBOBJ vs LIBOBJS'])
m4trace:configure.ac:3: -1- m4_pattern_allow([^AS_FLAGS$])
m4trace:configure.ac:3: -1- m4_pattern_forbid([^_?m4_])
m4trace:configure.ac:3: -1- m4_pattern_forbid([^dnl$])
m4trace:configure.ac:3: -1- m4_pattern_forbid([^_?AS_])
m4trace:configure.ac:3: -1- AC_SUBST([SHELL])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([SHELL])
m4trace:configure.ac:3: -1- m4_pattern_allow([^SHELL$])
m4trace:configure.ac:3: -1- AC_SUBST([PATH_SEPARATOR])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([PATH_SEPARATOR])
m4trace:configure.ac:3: -1- m4_pattern_allow([^PATH_SEPARATOR$])
m4trace:configure.ac:3: -1- AC_SUBST([PACKAGE_NAME], [m4_ifdef([AC_PACKAGE_NAME], ['AC_PACKAGE_NAME'])])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([PACKAGE_NAME])
m4trace:configure.ac:3: -1- m4_pattern_allow([^PACKAGE_NAME$])
m4trace:configure.ac:3: -1- AC_SUBST([PACKAGE_TARNAME], [m4_ifdef([AC_PACKAGE_TARNAME], ['AC_PACKAGE_TARNAME'])])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([PACKAGE_TARNAME])
m4trace:configure.ac:3: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
m4trace:configure.ac:3: -1- AC_SUBST([PACKAGE_VERSION], [m4_ifdef([AC_PACKAGE_VERSION], ['AC_PACKAGE_VERSION'])])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([PACKAGE_VERSION])
m4trace:configure.ac:3: -1- m4_pattern_allow([^PACKAGE_VERSION$])
m4trace:configure.ac:3: -1- AC_SUBST([PACKAGE_STRING], [m4_ifdef([AC_PACKAGE_STRING], ['AC_PACKAGE_STRING'])])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([PACKAGE_STRING])
m4trace:configure.ac:3: -1- m4_pattern_allow([^PACKAGE_STRING$])
m4trace:configure.ac:3: -1- AC_SUBST([PACKAGE_BUGREPORT], [m4_ifdef([AC_PACKAGE_BUGREPORT], ['AC_PACKAGE_BUGREPORT'])])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([PACKAGE_BUGREPORT])
m4trace:configure.ac:3: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
m4trace:configure.ac:3: -1- AC_SUBST([PACKAGE_URL], [m4_ifdef([AC_PACKAGE_URL], ['AC_PACKAGE_URL'])])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([PACKAGE_URL])
m4trace:configure.ac:3: -1- m4_pattern_allow([^PACKAGE_URL$])
m4trace:configure.ac:3: -1- AC_SUBST([exec_prefix], [NONE])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([exec_prefix])
m4trace:configure.ac:3: -1- m4_pattern_allow([^exec_prefix$])
m4trace:configure.ac:3: -1- AC_SUBST([prefix], [NONE])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([prefix])
m4trace:configure.ac:3: -1- m4_pattern_allow([^prefix$])
m4trace:configure.ac:3: -1- AC_SUBST([program_transform_name], [s,x,x,])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([program_transform_name])
m4trace:configure.ac:3: -1- m4_pattern_allow([^program_transform_name$])
m4trace:configure.ac:3: -1- AC_SUBST([bindir], ['${exec_prefix}/bin'])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([bindir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^bindir$])
m4trace:configure.ac:3: -1- AC_SUBST([sbindir], ['${exec_prefix}/sbin'])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([sbindir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^sbindir$])
m4trace:configure.ac:3: -1- AC_SUBST([libexecdir], ['${exec_prefix}/libexec'])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([libexecdir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^libexecdir$])
m4trace:configure.ac:3: -1- AC_SUBST([datarootdir], ['${prefix}/share'])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([datarootdir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^datarootdir$])
m4trace:configure.ac:3: -1- AC_SUBST([datadir], ['${datarootdir}'])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([datadir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^datadir$])
m4trace:configure.ac:3: -1- AC_SUBST([sysconfdir], ['${prefix}/etc'])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([sysconfdir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^sysconfdir$])
m4trace:configure.ac:3: -1- AC_SUBST([sharedstatedir], ['${prefix}/com'])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([sharedstatedir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^sharedstatedir$])
m4trace:configure.ac:3: -1- AC_SUBST([localstatedir], ['${prefix}/var'])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([localstatedir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^localstatedir$])
m4trace:configure.ac:3: -1- AC_SUBST([includedir], ['${prefix}/include'])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([includedir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^includedir$])
m4trace:configure.ac:3: -1- AC_SUBST([oldincludedir], ['/usr/include'])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([oldincludedir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^oldincludedir$])
m4trace:configure.ac:3: -1- AC_SUBST([docdir], [m4_ifset([AC_PACKAGE_TARNAME],
['${datarootdir}/doc/${PACKAGE_TARNAME}'],
['${datarootdir}/doc/${PACKAGE}'])])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([docdir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^docdir$])
m4trace:configure.ac:3: -1- AC_SUBST([infodir], ['${datarootdir}/info'])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([infodir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^infodir$])
m4trace:configure.ac:3: -1- AC_SUBST([htmldir], ['${docdir}'])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([htmldir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^htmldir$])
m4trace:configure.ac:3: -1- AC_SUBST([dvidir], ['${docdir}'])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([dvidir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^dvidir$])
m4trace:configure.ac:3: -1- AC_SUBST([pdfdir], ['${docdir}'])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([pdfdir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^pdfdir$])
m4trace:configure.ac:3: -1- AC_SUBST([psdir], ['${docdir}'])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([psdir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^psdir$])
m4trace:configure.ac:3: -1- AC_SUBST([libdir], ['${exec_prefix}/lib'])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([libdir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^libdir$])
m4trace:configure.ac:3: -1- AC_SUBST([localedir], ['${datarootdir}/locale'])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([localedir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^localedir$])
m4trace:configure.ac:3: -1- AC_SUBST([mandir], ['${datarootdir}/man'])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([mandir])
m4trace:configure.ac:3: -1- m4_pattern_allow([^mandir$])
m4trace:configure.ac:3: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_NAME])
m4trace:configure.ac:3: -1- m4_pattern_allow([^PACKAGE_NAME$])
m4trace:configure.ac:3: -1- AH_OUTPUT([PACKAGE_NAME], [/* Define to the full name of this package. */
@%:@undef PACKAGE_NAME])
m4trace:configure.ac:3: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_TARNAME])
m4trace:configure.ac:3: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
m4trace:configure.ac:3: -1- AH_OUTPUT([PACKAGE_TARNAME], [/* Define to the one symbol short name of this package. */
@%:@undef PACKAGE_TARNAME])
m4trace:configure.ac:3: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_VERSION])
m4trace:configure.ac:3: -1- m4_pattern_allow([^PACKAGE_VERSION$])
m4trace:configure.ac:3: -1- AH_OUTPUT([PACKAGE_VERSION], [/* Define to the version of this package. */
@%:@undef PACKAGE_VERSION])
m4trace:configure.ac:3: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_STRING])
m4trace:configure.ac:3: -1- m4_pattern_allow([^PACKAGE_STRING$])
m4trace:configure.ac:3: -1- AH_OUTPUT([PACKAGE_STRING], [/* Define to the full name and version of this package. */
@%:@undef PACKAGE_STRING])
m4trace:configure.ac:3: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_BUGREPORT])
m4trace:configure.ac:3: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
m4trace:configure.ac:3: -1- AH_OUTPUT([PACKAGE_BUGREPORT], [/* Define to the address where bug reports for this package should be sent. */
@%:@undef PACKAGE_BUGREPORT])
m4trace:configure.ac:3: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_URL])
m4trace:configure.ac:3: -1- m4_pattern_allow([^PACKAGE_URL$])
m4trace:configure.ac:3: -1- AH_OUTPUT([PACKAGE_URL], [/* Define to the home page for this package. */
@%:@undef PACKAGE_URL])
m4trace:configure.ac:3: -1- AC_SUBST([DEFS])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([DEFS])
m4trace:configure.ac:3: -1- m4_pattern_allow([^DEFS$])
m4trace:configure.ac:3: -1- AC_SUBST([ECHO_C])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([ECHO_C])
m4trace:configure.ac:3: -1- m4_pattern_allow([^ECHO_C$])
m4trace:configure.ac:3: -1- AC_SUBST([ECHO_N])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([ECHO_N])
m4trace:configure.ac:3: -1- m4_pattern_allow([^ECHO_N$])
m4trace:configure.ac:3: -1- AC_SUBST([ECHO_T])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([ECHO_T])
m4trace:configure.ac:3: -1- m4_pattern_allow([^ECHO_T$])
m4trace:configure.ac:3: -1- AC_SUBST([LIBS])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([LIBS])
m4trace:configure.ac:3: -1- m4_pattern_allow([^LIBS$])
m4trace:configure.ac:3: -1- AC_SUBST([build_alias])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([build_alias])
m4trace:configure.ac:3: -1- m4_pattern_allow([^build_alias$])
m4trace:configure.ac:3: -1- AC_SUBST([host_alias])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([host_alias])
m4trace:configure.ac:3: -1- m4_pattern_allow([^host_alias$])
m4trace:configure.ac:3: -1- AC_SUBST([target_alias])
m4trace:configure.ac:3: -1- AC_SUBST_TRACE([target_alias])
m4trace:configure.ac:3: -1- m4_pattern_allow([^target_alias$])
m4trace:configure.ac:6: -1- LT_INIT([])
m4trace:configure.ac:6: -1- m4_pattern_forbid([^_?LT_[A-Z_]+$])
m4trace:configure.ac:6: -1- m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])
m4trace:configure.ac:6: -1- AC_REQUIRE_AUX_FILE([ltmain.sh])
m4trace:configure.ac:6: -1- AC_SUBST([LIBTOOL])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([LIBTOOL])
m4trace:configure.ac:6: -1- m4_pattern_allow([^LIBTOOL$])
m4trace:configure.ac:6: -1- AC_CANONICAL_HOST
m4trace:configure.ac:6: -1- AC_CANONICAL_BUILD
m4trace:configure.ac:6: -1- AC_REQUIRE_AUX_FILE([config.sub])
m4trace:configure.ac:6: -1- AC_REQUIRE_AUX_FILE([config.guess])
m4trace:configure.ac:6: -1- AC_SUBST([build], [$ac_cv_build])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([build])
m4trace:configure.ac:6: -1- m4_pattern_allow([^build$])
m4trace:configure.ac:6: -1- AC_SUBST([build_cpu], [$[1]])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([build_cpu])
m4trace:configure.ac:6: -1- m4_pattern_allow([^build_cpu$])
m4trace:configure.ac:6: -1- AC_SUBST([build_vendor], [$[2]])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([build_vendor])
m4trace:configure.ac:6: -1- m4_pattern_allow([^build_vendor$])
m4trace:configure.ac:6: -1- AC_SUBST([build_os])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([build_os])
m4trace:configure.ac:6: -1- m4_pattern_allow([^build_os$])
m4trace:configure.ac:6: -1- AC_SUBST([host], [$ac_cv_host])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([host])
m4trace:configure.ac:6: -1- m4_pattern_allow([^host$])
m4trace:configure.ac:6: -1- AC_SUBST([host_cpu], [$[1]])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([host_cpu])
m4trace:configure.ac:6: -1- m4_pattern_allow([^host_cpu$])
m4trace:configure.ac:6: -1- AC_SUBST([host_vendor], [$[2]])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([host_vendor])
m4trace:configure.ac:6: -1- m4_pattern_allow([^host_vendor$])
m4trace:configure.ac:6: -1- AC_SUBST([host_os])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([host_os])
m4trace:configure.ac:6: -1- m4_pattern_allow([^host_os$])
m4trace:configure.ac:6: -1- AC_SUBST([CC])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:6: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:6: -1- AC_SUBST([CFLAGS])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([CFLAGS])
m4trace:configure.ac:6: -1- m4_pattern_allow([^CFLAGS$])
m4trace:configure.ac:6: -1- AC_SUBST([LDFLAGS])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([LDFLAGS])
m4trace:configure.ac:6: -1- m4_pattern_allow([^LDFLAGS$])
m4trace:configure.ac:6: -1- AC_SUBST([LIBS])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([LIBS])
m4trace:configure.ac:6: -1- m4_pattern_allow([^LIBS$])
m4trace:configure.ac:6: -1- AC_SUBST([CPPFLAGS])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([CPPFLAGS])
m4trace:configure.ac:6: -1- m4_pattern_allow([^CPPFLAGS$])
m4trace:configure.ac:6: -1- AC_SUBST([CC])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:6: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:6: -1- AC_SUBST([CC])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:6: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:6: -1- AC_SUBST([CC])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:6: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:6: -1- AC_SUBST([CC])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:6: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:6: -1- AC_SUBST([ac_ct_CC])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([ac_ct_CC])
m4trace:configure.ac:6: -1- m4_pattern_allow([^ac_ct_CC$])
m4trace:configure.ac:6: -1- AC_SUBST([EXEEXT], [$ac_cv_exeext])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([EXEEXT])
m4trace:configure.ac:6: -1- m4_pattern_allow([^EXEEXT$])
m4trace:configure.ac:6: -1- AC_SUBST([OBJEXT], [$ac_cv_objext])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([OBJEXT])
m4trace:configure.ac:6: -1- m4_pattern_allow([^OBJEXT$])
m4trace:configure.ac:6: -1- AC_REQUIRE_AUX_FILE([compile])
m4trace:configure.ac:6: -1- AC_SUBST([SED])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([SED])
m4trace:configure.ac:6: -1- m4_pattern_allow([^SED$])
m4trace:configure.ac:6: -1- AC_SUBST([GREP])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([GREP])
m4trace:configure.ac:6: -1- m4_pattern_allow([^GREP$])
m4trace:configure.ac:6: -1- AC_SUBST([EGREP])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([EGREP])
m4trace:configure.ac:6: -1- m4_pattern_allow([^EGREP$])
m4trace:configure.ac:6: -1- AC_SUBST([FGREP])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([FGREP])
m4trace:configure.ac:6: -1- m4_pattern_allow([^FGREP$])
m4trace:configure.ac:6: -1- AC_SUBST([GREP])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([GREP])
m4trace:configure.ac:6: -1- m4_pattern_allow([^GREP$])
m4trace:configure.ac:6: -1- AC_SUBST([LD])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([LD])
m4trace:configure.ac:6: -1- m4_pattern_allow([^LD$])
m4trace:configure.ac:6: -1- AC_SUBST([DUMPBIN])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([DUMPBIN])
m4trace:configure.ac:6: -1- m4_pattern_allow([^DUMPBIN$])
m4trace:configure.ac:6: -1- AC_SUBST([ac_ct_DUMPBIN])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([ac_ct_DUMPBIN])
m4trace:configure.ac:6: -1- m4_pattern_allow([^ac_ct_DUMPBIN$])
m4trace:configure.ac:6: -1- AC_SUBST([DUMPBIN])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([DUMPBIN])
m4trace:configure.ac:6: -1- m4_pattern_allow([^DUMPBIN$])
m4trace:configure.ac:6: -1- AC_SUBST([NM])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([NM])
m4trace:configure.ac:6: -1- m4_pattern_allow([^NM$])
m4trace:configure.ac:6: -1- AC_SUBST([LN_S], [$as_ln_s])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([LN_S])
m4trace:configure.ac:6: -1- m4_pattern_allow([^LN_S$])
m4trace:configure.ac:6: -1- AC_SUBST([OBJDUMP])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([OBJDUMP])
m4trace:configure.ac:6: -1- m4_pattern_allow([^OBJDUMP$])
m4trace:configure.ac:6: -1- AC_SUBST([OBJDUMP])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([OBJDUMP])
m4trace:configure.ac:6: -1- m4_pattern_allow([^OBJDUMP$])
m4trace:configure.ac:6: -1- AC_SUBST([DLLTOOL])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([DLLTOOL])
m4trace:configure.ac:6: -1- m4_pattern_allow([^DLLTOOL$])
m4trace:configure.ac:6: -1- AC_SUBST([DLLTOOL])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([DLLTOOL])
m4trace:configure.ac:6: -1- m4_pattern_allow([^DLLTOOL$])
m4trace:configure.ac:6: -1- AC_SUBST([AR])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AR])
m4trace:configure.ac:6: -1- m4_pattern_allow([^AR$])
m4trace:configure.ac:6: -1- AC_SUBST([ac_ct_AR])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([ac_ct_AR])
m4trace:configure.ac:6: -1- m4_pattern_allow([^ac_ct_AR$])
m4trace:configure.ac:6: -1- AC_SUBST([STRIP])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([STRIP])
m4trace:configure.ac:6: -1- m4_pattern_allow([^STRIP$])
m4trace:configure.ac:6: -1- AC_SUBST([RANLIB])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([RANLIB])
m4trace:configure.ac:6: -1- m4_pattern_allow([^RANLIB$])
m4trace:configure.ac:6: -1- AC_SUBST([AWK])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AWK])
m4trace:configure.ac:6: -1- m4_pattern_allow([^AWK$])
m4trace:configure.ac:6: -1- m4_pattern_allow([LT_OBJDIR])
m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([LT_OBJDIR])
m4trace:configure.ac:6: -1- m4_pattern_allow([^LT_OBJDIR$])
m4trace:configure.ac:6: -1- AH_OUTPUT([LT_OBJDIR], [/* Define to the sub-directory in which libtool stores uninstalled libraries.
*/
@%:@undef LT_OBJDIR])
m4trace:configure.ac:6: -1- LT_SUPPORTED_TAG([CC])
m4trace:configure.ac:6: -1- AC_SUBST([MANIFEST_TOOL])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([MANIFEST_TOOL])
m4trace:configure.ac:6: -1- m4_pattern_allow([^MANIFEST_TOOL$])
m4trace:configure.ac:6: -1- AC_SUBST([DSYMUTIL])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([DSYMUTIL])
m4trace:configure.ac:6: -1- m4_pattern_allow([^DSYMUTIL$])
m4trace:configure.ac:6: -1- AC_SUBST([NMEDIT])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([NMEDIT])
m4trace:configure.ac:6: -1- m4_pattern_allow([^NMEDIT$])
m4trace:configure.ac:6: -1- AC_SUBST([LIPO])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([LIPO])
m4trace:configure.ac:6: -1- m4_pattern_allow([^LIPO$])
m4trace:configure.ac:6: -1- AC_SUBST([OTOOL])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([OTOOL])
m4trace:configure.ac:6: -1- m4_pattern_allow([^OTOOL$])
m4trace:configure.ac:6: -1- AC_SUBST([OTOOL64])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([OTOOL64])
m4trace:configure.ac:6: -1- m4_pattern_allow([^OTOOL64$])
m4trace:configure.ac:6: -1- AH_OUTPUT([HAVE_DLFCN_H], [/* Define to 1 if you have the <dlfcn.h> header file. */
@%:@undef HAVE_DLFCN_H])
m4trace:configure.ac:6: -1- AC_SUBST([CPP])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([CPP])
m4trace:configure.ac:6: -1- m4_pattern_allow([^CPP$])
m4trace:configure.ac:6: -1- AC_SUBST([CPPFLAGS])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([CPPFLAGS])
m4trace:configure.ac:6: -1- m4_pattern_allow([^CPPFLAGS$])
m4trace:configure.ac:6: -1- AC_SUBST([CPP])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([CPP])
m4trace:configure.ac:6: -1- m4_pattern_allow([^CPP$])
m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS])
m4trace:configure.ac:6: -1- m4_pattern_allow([^STDC_HEADERS$])
m4trace:configure.ac:6: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */
@%:@undef STDC_HEADERS])
m4trace:configure.ac:6: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */
@%:@undef HAVE_SYS_TYPES_H])
m4trace:configure.ac:6: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
@%:@undef HAVE_SYS_STAT_H])
m4trace:configure.ac:6: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
@%:@undef HAVE_STDLIB_H])
m4trace:configure.ac:6: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
@%:@undef HAVE_STRING_H])
m4trace:configure.ac:6: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the <memory.h> header file. */
@%:@undef HAVE_MEMORY_H])
m4trace:configure.ac:6: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
@%:@undef HAVE_STRINGS_H])
m4trace:configure.ac:6: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
@%:@undef HAVE_INTTYPES_H])
m4trace:configure.ac:6: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
@%:@undef HAVE_STDINT_H])
m4trace:configure.ac:6: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
@%:@undef HAVE_UNISTD_H])
m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DLFCN_H])
m4trace:configure.ac:6: -1- m4_pattern_allow([^HAVE_DLFCN_H$])
m4trace:configure.ac:7: -1- AC_PROG_LIBTOOL
m4trace:configure.ac:7: -1- _m4_warn([obsolete], [The macro `AC_PROG_LIBTOOL' is obsolete.
You should run autoupdate.], [aclocal.m4:129: AC_PROG_LIBTOOL is expanded from...
configure.ac:7: the top level])
m4trace:configure.ac:7: -1- LT_INIT
m4trace:configure.ac:10: -1- AC_CONFIG_HEADERS([config.h])
m4trace:configure.ac:12: -1- AM_INIT_AUTOMAKE([foreign])
m4trace:configure.ac:12: -1- m4_pattern_allow([^AM_[A-Z]+FLAGS$])
m4trace:configure.ac:12: -1- AM_AUTOMAKE_VERSION([1.14.1])
m4trace:configure.ac:12: -1- AC_REQUIRE_AUX_FILE([install-sh])
m4trace:configure.ac:12: -1- AC_SUBST([INSTALL_PROGRAM])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([INSTALL_PROGRAM])
m4trace:configure.ac:12: -1- m4_pattern_allow([^INSTALL_PROGRAM$])
m4trace:configure.ac:12: -1- AC_SUBST([INSTALL_SCRIPT])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([INSTALL_SCRIPT])
m4trace:configure.ac:12: -1- m4_pattern_allow([^INSTALL_SCRIPT$])
m4trace:configure.ac:12: -1- AC_SUBST([INSTALL_DATA])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([INSTALL_DATA])
m4trace:configure.ac:12: -1- m4_pattern_allow([^INSTALL_DATA$])
m4trace:configure.ac:12: -1- AC_SUBST([am__isrc], [' -I$(srcdir)'])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([am__isrc])
m4trace:configure.ac:12: -1- m4_pattern_allow([^am__isrc$])
m4trace:configure.ac:12: -1- _AM_SUBST_NOTMAKE([am__isrc])
m4trace:configure.ac:12: -1- AC_SUBST([CYGPATH_W])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([CYGPATH_W])
m4trace:configure.ac:12: -1- m4_pattern_allow([^CYGPATH_W$])
m4trace:configure.ac:12: -1- AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([PACKAGE])
m4trace:configure.ac:12: -1- m4_pattern_allow([^PACKAGE$])
m4trace:configure.ac:12: -1- AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([VERSION])
m4trace:configure.ac:12: -1- m4_pattern_allow([^VERSION$])
m4trace:configure.ac:12: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE])
m4trace:configure.ac:12: -1- m4_pattern_allow([^PACKAGE$])
m4trace:configure.ac:12: -1- AH_OUTPUT([PACKAGE], [/* Name of package */
@%:@undef PACKAGE])
m4trace:configure.ac:12: -1- AC_DEFINE_TRACE_LITERAL([VERSION])
m4trace:configure.ac:12: -1- m4_pattern_allow([^VERSION$])
m4trace:configure.ac:12: -1- AH_OUTPUT([VERSION], [/* Version number of package */
@%:@undef VERSION])
m4trace:configure.ac:12: -1- AC_REQUIRE_AUX_FILE([missing])
m4trace:configure.ac:12: -1- AC_SUBST([ACLOCAL])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([ACLOCAL])
m4trace:configure.ac:12: -1- m4_pattern_allow([^ACLOCAL$])
m4trace:configure.ac:12: -1- AC_SUBST([AUTOCONF])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([AUTOCONF])
m4trace:configure.ac:12: -1- m4_pattern_allow([^AUTOCONF$])
m4trace:configure.ac:12: -1- AC_SUBST([AUTOMAKE])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([AUTOMAKE])
m4trace:configure.ac:12: -1- m4_pattern_allow([^AUTOMAKE$])
m4trace:configure.ac:12: -1- AC_SUBST([AUTOHEADER])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([AUTOHEADER])
m4trace:configure.ac:12: -1- m4_pattern_allow([^AUTOHEADER$])
m4trace:configure.ac:12: -1- AC_SUBST([MAKEINFO])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([MAKEINFO])
m4trace:configure.ac:12: -1- m4_pattern_allow([^MAKEINFO$])
m4trace:configure.ac:12: -1- AC_SUBST([install_sh])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([install_sh])
m4trace:configure.ac:12: -1- m4_pattern_allow([^install_sh$])
m4trace:configure.ac:12: -1- AC_SUBST([STRIP])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([STRIP])
m4trace:configure.ac:12: -1- m4_pattern_allow([^STRIP$])
m4trace:configure.ac:12: -1- AC_SUBST([INSTALL_STRIP_PROGRAM])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([INSTALL_STRIP_PROGRAM])
m4trace:configure.ac:12: -1- m4_pattern_allow([^INSTALL_STRIP_PROGRAM$])
m4trace:configure.ac:12: -1- AC_REQUIRE_AUX_FILE([install-sh])
m4trace:configure.ac:12: -1- AC_SUBST([MKDIR_P])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([MKDIR_P])
m4trace:configure.ac:12: -1- m4_pattern_allow([^MKDIR_P$])
m4trace:configure.ac:12: -1- AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([mkdir_p])
m4trace:configure.ac:12: -1- m4_pattern_allow([^mkdir_p$])
m4trace:configure.ac:12: -1- AC_SUBST([SET_MAKE])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([SET_MAKE])
m4trace:configure.ac:12: -1- m4_pattern_allow([^SET_MAKE$])
m4trace:configure.ac:12: -1- AC_SUBST([am__leading_dot])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([am__leading_dot])
m4trace:configure.ac:12: -1- m4_pattern_allow([^am__leading_dot$])
m4trace:configure.ac:12: -1- AC_SUBST([AMTAR], ['$${TAR-tar}'])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([AMTAR])
m4trace:configure.ac:12: -1- m4_pattern_allow([^AMTAR$])
m4trace:configure.ac:12: -1- AC_SUBST([am__tar])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([am__tar])
m4trace:configure.ac:12: -1- m4_pattern_allow([^am__tar$])
m4trace:configure.ac:12: -1- AC_SUBST([am__untar])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([am__untar])
m4trace:configure.ac:12: -1- m4_pattern_allow([^am__untar$])
m4trace:configure.ac:12: -1- AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([DEPDIR])
m4trace:configure.ac:12: -1- m4_pattern_allow([^DEPDIR$])
m4trace:configure.ac:12: -1- AC_SUBST([am__include])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([am__include])
m4trace:configure.ac:12: -1- m4_pattern_allow([^am__include$])
m4trace:configure.ac:12: -1- AC_SUBST([am__quote])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([am__quote])
m4trace:configure.ac:12: -1- m4_pattern_allow([^am__quote$])
m4trace:configure.ac:12: -1- AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
m4trace:configure.ac:12: -1- AC_SUBST([AMDEP_TRUE])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([AMDEP_TRUE])
m4trace:configure.ac:12: -1- m4_pattern_allow([^AMDEP_TRUE$])
m4trace:configure.ac:12: -1- AC_SUBST([AMDEP_FALSE])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([AMDEP_FALSE])
m4trace:configure.ac:12: -1- m4_pattern_allow([^AMDEP_FALSE$])
m4trace:configure.ac:12: -1- _AM_SUBST_NOTMAKE([AMDEP_TRUE])
m4trace:configure.ac:12: -1- _AM_SUBST_NOTMAKE([AMDEP_FALSE])
m4trace:configure.ac:12: -1- AC_SUBST([AMDEPBACKSLASH])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([AMDEPBACKSLASH])
m4trace:configure.ac:12: -1- m4_pattern_allow([^AMDEPBACKSLASH$])
m4trace:configure.ac:12: -1- _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])
m4trace:configure.ac:12: -1- AC_SUBST([am__nodep])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([am__nodep])
m4trace:configure.ac:12: -1- m4_pattern_allow([^am__nodep$])
m4trace:configure.ac:12: -1- _AM_SUBST_NOTMAKE([am__nodep])
m4trace:configure.ac:12: -1- AC_SUBST([CCDEPMODE], [depmode=$am_cv_CC_dependencies_compiler_type])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([CCDEPMODE])
m4trace:configure.ac:12: -1- m4_pattern_allow([^CCDEPMODE$])
m4trace:configure.ac:12: -1- AM_CONDITIONAL([am__fastdepCC], [
test "x$enable_dependency_tracking" != xno \
&& test "$am_cv_CC_dependencies_compiler_type" = gcc3])
m4trace:configure.ac:12: -1- AC_SUBST([am__fastdepCC_TRUE])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([am__fastdepCC_TRUE])
m4trace:configure.ac:12: -1- m4_pattern_allow([^am__fastdepCC_TRUE$])
m4trace:configure.ac:12: -1- AC_SUBST([am__fastdepCC_FALSE])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([am__fastdepCC_FALSE])
m4trace:configure.ac:12: -1- m4_pattern_allow([^am__fastdepCC_FALSE$])
m4trace:configure.ac:12: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_TRUE])
m4trace:configure.ac:12: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_FALSE])
m4trace:configure.ac:12: -1- AM_SILENT_RULES
m4trace:configure.ac:12: -1- AC_SUBST([AM_V])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([AM_V])
m4trace:configure.ac:12: -1- m4_pattern_allow([^AM_V$])
m4trace:configure.ac:12: -1- _AM_SUBST_NOTMAKE([AM_V])
m4trace:configure.ac:12: -1- AC_SUBST([AM_DEFAULT_V])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([AM_DEFAULT_V])
m4trace:configure.ac:12: -1- m4_pattern_allow([^AM_DEFAULT_V$])
m4trace:configure.ac:12: -1- _AM_SUBST_NOTMAKE([AM_DEFAULT_V])
m4trace:configure.ac:12: -1- AC_SUBST([AM_DEFAULT_VERBOSITY])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([AM_DEFAULT_VERBOSITY])
m4trace:configure.ac:12: -1- m4_pattern_allow([^AM_DEFAULT_VERBOSITY$])
m4trace:configure.ac:12: -1- AC_SUBST([AM_BACKSLASH])
m4trace:configure.ac:12: -1- AC_SUBST_TRACE([AM_BACKSLASH])
m4trace:configure.ac:12: -1- m4_pattern_allow([^AM_BACKSLASH$])
m4trace:configure.ac:12: -1- _AM_SUBST_NOTMAKE([AM_BACKSLASH])
m4trace:configure.ac:14: -1- AM_MAINTAINER_MODE
m4trace:configure.ac:14: -1- AM_CONDITIONAL([MAINTAINER_MODE], [test $USE_MAINTAINER_MODE = yes])
m4trace:configure.ac:14: -1- AC_SUBST([MAINTAINER_MODE_TRUE])
m4trace:configure.ac:14: -1- AC_SUBST_TRACE([MAINTAINER_MODE_TRUE])
m4trace:configure.ac:14: -1- m4_pattern_allow([^MAINTAINER_MODE_TRUE$])
m4trace:configure.ac:14: -1- AC_SUBST([MAINTAINER_MODE_FALSE])
m4trace:configure.ac:14: -1- AC_SUBST_TRACE([MAINTAINER_MODE_FALSE])
m4trace:configure.ac:14: -1- m4_pattern_allow([^MAINTAINER_MODE_FALSE$])
m4trace:configure.ac:14: -1- _AM_SUBST_NOTMAKE([MAINTAINER_MODE_TRUE])
m4trace:configure.ac:14: -1- _AM_SUBST_NOTMAKE([MAINTAINER_MODE_FALSE])
m4trace:configure.ac:14: -1- AC_SUBST([MAINT])
m4trace:configure.ac:14: -1- AC_SUBST_TRACE([MAINT])
m4trace:configure.ac:14: -1- m4_pattern_allow([^MAINT$])
m4trace:configure.ac:17: -1- _m4_warn([obsolete], [The macro `AC_STDC_HEADERS' is obsolete.
You should run autoupdate.], [../../lib/autoconf/oldnames.m4:75: AC_STDC_HEADERS is expanded from...
configure.ac:17: the top level])
m4trace:configure.ac:17: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS])
m4trace:configure.ac:17: -1- m4_pattern_allow([^STDC_HEADERS$])
m4trace:configure.ac:17: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */
@%:@undef STDC_HEADERS])
m4trace:configure.ac:20: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS])
m4trace:configure.ac:20: -1- m4_pattern_allow([^STDC_HEADERS$])
m4trace:configure.ac:20: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */
@%:@undef STDC_HEADERS])
m4trace:configure.ac:22: -1- AM_CONDITIONAL([HAVE_GCC], [test "$ac_cv_prog_gcc" = yes])
m4trace:configure.ac:22: -1- AC_SUBST([HAVE_GCC_TRUE])
m4trace:configure.ac:22: -1- AC_SUBST_TRACE([HAVE_GCC_TRUE])
m4trace:configure.ac:22: -1- m4_pattern_allow([^HAVE_GCC_TRUE$])
m4trace:configure.ac:22: -1- AC_SUBST([HAVE_GCC_FALSE])
m4trace:configure.ac:22: -1- AC_SUBST_TRACE([HAVE_GCC_FALSE])
m4trace:configure.ac:22: -1- m4_pattern_allow([^HAVE_GCC_FALSE$])
m4trace:configure.ac:22: -1- _AM_SUBST_NOTMAKE([HAVE_GCC_TRUE])
m4trace:configure.ac:22: -1- _AM_SUBST_NOTMAKE([HAVE_GCC_FALSE])
m4trace:configure.ac:22: -1- _m4_warn([obsolete], [The macro `ac_cv_prog_gcc' is obsolete.
You should run autoupdate.], [../../lib/autoconf/c.m4:436: ac_cv_prog_gcc is expanded from...
aclocal.m4:8720: AM_CONDITIONAL is expanded from...
configure.ac:22: the top level])
m4trace:configure.ac:24: -1- AC_SUBST([VERSION])
m4trace:configure.ac:24: -1- AC_SUBST_TRACE([VERSION])
m4trace:configure.ac:24: -1- m4_pattern_allow([^VERSION$])
m4trace:configure.ac:25: -1- AC_SUBST([INSTALL_DATA], ['$(INSTALL) -m 644 -p'])
m4trace:configure.ac:25: -1- AC_SUBST_TRACE([INSTALL_DATA])
m4trace:configure.ac:25: -1- m4_pattern_allow([^INSTALL_DATA$])
m4trace:configure.ac:38: -1- AH_OUTPUT([HAVE_HEIM_ERR_H], [/* Define to 1 if you have the <heim_err.h> header file. */
@%:@undef HAVE_HEIM_ERR_H])
m4trace:configure.ac:38: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HEIM_ERR_H])
m4trace:configure.ac:38: -1- m4_pattern_allow([^HAVE_HEIM_ERR_H$])
m4trace:configure.ac:67: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HEIMDAL_KERBEROS])
m4trace:configure.ac:67: -1- m4_pattern_allow([^HAVE_HEIMDAL_KERBEROS$])
m4trace:configure.ac:67: -1- AH_OUTPUT([HAVE_HEIMDAL_KERBEROS], [/* define if you have HEIMDAL Kerberos */
@%:@undef HAVE_HEIMDAL_KERBEROS])
m4trace:configure.ac:78: -1- AC_DEFINE_TRACE_LITERAL([HAVE_KRB5])
m4trace:configure.ac:78: -1- m4_pattern_allow([^HAVE_KRB5$])
m4trace:configure.ac:78: -1- AH_OUTPUT([HAVE_KRB5], [/* define if you have Kerberos V */
@%:@undef HAVE_KRB5])
m4trace:configure.ac:87: -1- AC_SUBST([KRB5_LIBS])
m4trace:configure.ac:87: -1- AC_SUBST_TRACE([KRB5_LIBS])
m4trace:configure.ac:87: -1- m4_pattern_allow([^KRB5_LIBS$])
m4trace:configure.ac:121: -1- AC_SUBST([OPENLDAP_LIBS])
m4trace:configure.ac:121: -1- AC_SUBST_TRACE([OPENLDAP_LIBS])
m4trace:configure.ac:121: -1- m4_pattern_allow([^OPENLDAP_LIBS$])
m4trace:configure.ac:131: -1- AC_SUBST([POPT_LIBS])
m4trace:configure.ac:131: -1- AC_SUBST_TRACE([POPT_LIBS])
m4trace:configure.ac:131: -1- m4_pattern_allow([^POPT_LIBS$])
m4trace:configure.ac:140: -1- AC_SUBST([SASL_LIBS])
m4trace:configure.ac:140: -1- AC_SUBST_TRACE([SASL_LIBS])
m4trace:configure.ac:140: -1- m4_pattern_allow([^SASL_LIBS$])
m4trace:configure.ac:148: -1- AC_SUBST([PYTHON])
m4trace:configure.ac:148: -1- AC_SUBST_TRACE([PYTHON])
m4trace:configure.ac:148: -1- m4_pattern_allow([^PYTHON$])
m4trace:configure.ac:148: -1- AC_SUBST([PYTHON])
m4trace:configure.ac:148: -1- AC_SUBST_TRACE([PYTHON])
m4trace:configure.ac:148: -1- m4_pattern_allow([^PYTHON$])
m4trace:configure.ac:148: -1- AC_SUBST([PYTHON_VERSION], [$am_cv_python_version])
m4trace:configure.ac:148: -1- AC_SUBST_TRACE([PYTHON_VERSION])
m4trace:configure.ac:148: -1- m4_pattern_allow([^PYTHON_VERSION$])
m4trace:configure.ac:148: -1- AC_SUBST([PYTHON_PREFIX], ['${prefix}'])
m4trace:configure.ac:148: -1- AC_SUBST_TRACE([PYTHON_PREFIX])
m4trace:configure.ac:148: -1- m4_pattern_allow([^PYTHON_PREFIX$])
m4trace:configure.ac:148: -1- AC_SUBST([PYTHON_EXEC_PREFIX], ['${exec_prefix}'])
m4trace:configure.ac:148: -1- AC_SUBST_TRACE([PYTHON_EXEC_PREFIX])
m4trace:configure.ac:148: -1- m4_pattern_allow([^PYTHON_EXEC_PREFIX$])
m4trace:configure.ac:148: -1- AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform])
m4trace:configure.ac:148: -1- AC_SUBST_TRACE([PYTHON_PLATFORM])
m4trace:configure.ac:148: -1- m4_pattern_allow([^PYTHON_PLATFORM$])
m4trace:configure.ac:148: -1- AC_SUBST([pythondir], [$am_cv_python_pythondir])
m4trace:configure.ac:148: -1- AC_SUBST_TRACE([pythondir])
m4trace:configure.ac:148: -1- m4_pattern_allow([^pythondir$])
m4trace:configure.ac:148: -1- AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE])
m4trace:configure.ac:148: -1- AC_SUBST_TRACE([pkgpythondir])
m4trace:configure.ac:148: -1- m4_pattern_allow([^pkgpythondir$])
m4trace:configure.ac:148: -1- AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir])
m4trace:configure.ac:148: -1- AC_SUBST_TRACE([pyexecdir])
m4trace:configure.ac:148: -1- m4_pattern_allow([^pyexecdir$])
m4trace:configure.ac:148: -1- AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE])
m4trace:configure.ac:148: -1- AC_SUBST_TRACE([pkgpyexecdir])
m4trace:configure.ac:148: -1- m4_pattern_allow([^pkgpyexecdir$])
m4trace:configure.ac:164: -1- AC_SUBST([CURL_LIBS])
m4trace:configure.ac:164: -1- AC_SUBST_TRACE([CURL_LIBS])
m4trace:configure.ac:164: -1- m4_pattern_allow([^CURL_LIBS$])
m4trace:configure.ac:176: -1- AC_SUBST([XMLRPC_LIBS])
m4trace:configure.ac:176: -1- AC_SUBST_TRACE([XMLRPC_LIBS])
m4trace:configure.ac:176: -1- m4_pattern_allow([^XMLRPC_LIBS$])
m4trace:configure.ac:191: -1- AC_SUBST([LIBINTL_LIBS])
m4trace:configure.ac:191: -1- AC_SUBST_TRACE([LIBINTL_LIBS])
m4trace:configure.ac:191: -1- m4_pattern_allow([^LIBINTL_LIBS$])
m4trace:configure.ac:198: -1- AC_SUBST([IPA_DATA_DIR])
m4trace:configure.ac:198: -1- AC_SUBST_TRACE([IPA_DATA_DIR])
m4trace:configure.ac:198: -1- m4_pattern_allow([^IPA_DATA_DIR$])
m4trace:configure.ac:206: -1- AC_CONFIG_FILES([
Makefile
ipaclient/Makefile
ipa-install/Makefile
man/Makefile
])
m4trace:configure.ac:213: -1- AC_SUBST([LIB@&t@OBJS], [$ac_libobjs])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
m4trace:configure.ac:213: -1- m4_pattern_allow([^LIB@&t@OBJS$])
m4trace:configure.ac:213: -1- AC_SUBST([LTLIBOBJS], [$ac_ltlibobjs])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([LTLIBOBJS])
m4trace:configure.ac:213: -1- m4_pattern_allow([^LTLIBOBJS$])
m4trace:configure.ac:213: -1- AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])
m4trace:configure.ac:213: -1- AC_SUBST([am__EXEEXT_TRUE])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([am__EXEEXT_TRUE])
m4trace:configure.ac:213: -1- m4_pattern_allow([^am__EXEEXT_TRUE$])
m4trace:configure.ac:213: -1- AC_SUBST([am__EXEEXT_FALSE])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([am__EXEEXT_FALSE])
m4trace:configure.ac:213: -1- m4_pattern_allow([^am__EXEEXT_FALSE$])
m4trace:configure.ac:213: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_TRUE])
m4trace:configure.ac:213: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_FALSE])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([top_builddir])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([top_build_prefix])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([srcdir])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([abs_srcdir])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([top_srcdir])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([abs_top_srcdir])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([builddir])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([abs_builddir])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([abs_top_builddir])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([INSTALL])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([MKDIR_P])
m4trace:configure.ac:213: -1- AC_REQUIRE_AUX_FILE([ltmain.sh])

347
ipa-client/compile Executable file
View File

@@ -0,0 +1,347 @@
#! /bin/sh
# Wrapper for compilers which do not understand '-c -o'.
scriptversion=2012-10-14.11; # UTC
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# This file is maintained in Automake, please report
# bugs to <bug-automake@gnu.org> or send patches to
# <automake-patches@gnu.org>.
nl='
'
# We need space, tab and new line, in precisely that order. Quoting is
# there to prevent tools from complaining about whitespace usage.
IFS=" "" $nl"
file_conv=
# func_file_conv build_file lazy
# Convert a $build file to $host form and store it in $file
# Currently only supports Windows hosts. If the determined conversion
# type is listed in (the comma separated) LAZY, no conversion will
# take place.
func_file_conv ()
{
file=$1
case $file in
/ | /[!/]*) # absolute file, and not a UNC file
if test -z "$file_conv"; then
# lazily determine how to convert abs files
case `uname -s` in
MINGW*)
file_conv=mingw
;;
CYGWIN*)
file_conv=cygwin
;;
*)
file_conv=wine
;;
esac
fi
case $file_conv/,$2, in
*,$file_conv,*)
;;
mingw/*)
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
;;
cygwin/*)
file=`cygpath -m "$file" || echo "$file"`
;;
wine/*)
file=`winepath -w "$file" || echo "$file"`
;;
esac
;;
esac
}
# func_cl_dashL linkdir
# Make cl look for libraries in LINKDIR
func_cl_dashL ()
{
func_file_conv "$1"
if test -z "$lib_path"; then
lib_path=$file
else
lib_path="$lib_path;$file"
fi
linker_opts="$linker_opts -LIBPATH:$file"
}
# func_cl_dashl library
# Do a library search-path lookup for cl
func_cl_dashl ()
{
lib=$1
found=no
save_IFS=$IFS
IFS=';'
for dir in $lib_path $LIB
do
IFS=$save_IFS
if $shared && test -f "$dir/$lib.dll.lib"; then
found=yes
lib=$dir/$lib.dll.lib
break
fi
if test -f "$dir/$lib.lib"; then
found=yes
lib=$dir/$lib.lib
break
fi
if test -f "$dir/lib$lib.a"; then
found=yes
lib=$dir/lib$lib.a
break
fi
done
IFS=$save_IFS
if test "$found" != yes; then
lib=$lib.lib
fi
}
# func_cl_wrapper cl arg...
# Adjust compile command to suit cl
func_cl_wrapper ()
{
# Assume a capable shell
lib_path=
shared=:
linker_opts=
for arg
do
if test -n "$eat"; then
eat=
else
case $1 in
-o)
# configure might choose to run compile as 'compile cc -o foo foo.c'.
eat=1
case $2 in
*.o | *.[oO][bB][jJ])
func_file_conv "$2"
set x "$@" -Fo"$file"
shift
;;
*)
func_file_conv "$2"
set x "$@" -Fe"$file"
shift
;;
esac
;;
-I)
eat=1
func_file_conv "$2" mingw
set x "$@" -I"$file"
shift
;;
-I*)
func_file_conv "${1#-I}" mingw
set x "$@" -I"$file"
shift
;;
-l)
eat=1
func_cl_dashl "$2"
set x "$@" "$lib"
shift
;;
-l*)
func_cl_dashl "${1#-l}"
set x "$@" "$lib"
shift
;;
-L)
eat=1
func_cl_dashL "$2"
;;
-L*)
func_cl_dashL "${1#-L}"
;;
-static)
shared=false
;;
-Wl,*)
arg=${1#-Wl,}
save_ifs="$IFS"; IFS=','
for flag in $arg; do
IFS="$save_ifs"
linker_opts="$linker_opts $flag"
done
IFS="$save_ifs"
;;
-Xlinker)
eat=1
linker_opts="$linker_opts $2"
;;
-*)
set x "$@" "$1"
shift
;;
*.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
func_file_conv "$1"
set x "$@" -Tp"$file"
shift
;;
*.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
func_file_conv "$1" mingw
set x "$@" "$file"
shift
;;
*)
set x "$@" "$1"
shift
;;
esac
fi
shift
done
if test -n "$linker_opts"; then
linker_opts="-link$linker_opts"
fi
exec "$@" $linker_opts
exit 1
}
eat=
case $1 in
'')
echo "$0: No command. Try '$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
cat <<\EOF
Usage: compile [--help] [--version] PROGRAM [ARGS]
Wrapper for compilers which do not understand '-c -o'.
Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
arguments, and rename the output as expected.
If you are trying to build a whole package this is not the
right script to run: please start by reading the file 'INSTALL'.
Report bugs to <bug-automake@gnu.org>.
EOF
exit $?
;;
-v | --v*)
echo "compile $scriptversion"
exit $?
;;
cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
func_cl_wrapper "$@" # Doesn't return...
;;
esac
ofile=
cfile=
for arg
do
if test -n "$eat"; then
eat=
else
case $1 in
-o)
# configure might choose to run compile as 'compile cc -o foo foo.c'.
# So we strip '-o arg' only if arg is an object.
eat=1
case $2 in
*.o | *.obj)
ofile=$2
;;
*)
set x "$@" -o "$2"
shift
;;
esac
;;
*.c)
cfile=$1
set x "$@" "$1"
shift
;;
*)
set x "$@" "$1"
shift
;;
esac
fi
shift
done
if test -z "$ofile" || test -z "$cfile"; then
# If no '-o' option was seen then we might have been invoked from a
# pattern rule where we don't need one. That is ok -- this is a
# normal compilation that the losing compiler can handle. If no
# '.c' file was seen then we are probably linking. That is also
# ok.
exec "$@"
fi
# Name of file we expect compiler to create.
cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
# Create the lock directory.
# Note: use '[/\\:.-]' here to ensure that we don't use the same name
# that we are using for the .o file. Also, base the name on the expected
# object file name, since that is what matters with a parallel build.
lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
while true; do
if mkdir "$lockdir" >/dev/null 2>&1; then
break
fi
sleep 1
done
# FIXME: race condition here if user kills between mkdir and trap.
trap "rmdir '$lockdir'; exit 1" 1 2 15
# Run the compile.
"$@"
ret=$?
if test -f "$cofile"; then
test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
elif test -f "${cofile}bj"; then
test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
fi
rmdir "$lockdir"
exit $ret
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

174
ipa-client/config.c Normal file
View File

@@ -0,0 +1,174 @@
/* Authors: Rob Crittenden <rcritten@redhat.com>
*
* Copyright (C) 2009 Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/* Simple and INI-style file reader.
*
* usage is:
* char * data = read_config_file("/path/to/something.conf")
* char * entry = get_config_entry(data, "section", "mykey")
*
* caller must free data and entry.
*/
#define _GNU_SOURCE
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
#include <errno.h>
#include "config.h"
#include "ipa-client-common.h"
char *
read_config_file(const char *filename)
{
int fd = -1;
struct stat st;
char *data = NULL;
char *dest;
size_t left;
fd = open(filename, O_RDONLY);
if (fd == -1) {
fprintf(stderr, _("cannot open configuration file %s\n"), filename);
goto error_out;
}
/* stat() the file so we know the size and can pre-allocate the right
* amount of memory. */
if (fstat(fd, &st) == -1) {
fprintf(stderr, _("cannot stat() configuration file %s\n"), filename);
goto error_out;
}
left = st.st_size;
data = malloc(st.st_size + 1);
if (data == NULL) {
fprintf(stderr, _("out of memory\n"));
goto error_out;
}
dest = data;
while (left != 0) {
ssize_t res;
res = read(fd, dest, left);
if (res == 0)
break;
if (res < 0) {
fprintf(stderr, _("read error\n"));
goto error_out;
}
dest += res;
left -= res;
}
close(fd);
*dest = 0;
return data;
error_out:
if (fd != -1) close(fd);
free(data);
return NULL;
}
char *
get_config_entry(char * in_data, const char *section, const char *key)
{
char *ptr = NULL, *p, *tmp;
char *line;
int in_section = 0;
char * data;
if (NULL == in_data)
return NULL;
else
data = strdup(in_data);
for (line = strtok_r(data, "\n", &ptr); line != NULL;
line = strtok_r(NULL, "\n", &ptr)) {
/* Skip initial whitespace. */
while (isspace((unsigned char)*line) && (*line != '\0'))
line++;
/* If it's a comment, bail. */
if (*line == '#') {
continue;
}
/* If it's the beginning of a section, process it and clear the key
* and value values. */
if (*line == '[') {
line++;
p = strchr(line, ']');
if (p) {
tmp = strndup(line, p - line);
if (in_section) {
/* We exited the matching section without a match */
free(data);
return NULL;
}
if (strcmp(section, tmp) == 0) {
free(tmp);
in_section = 1;
continue;
}
}
} /* [ */
p = strchr(line, '=');
if (p != NULL && in_section) {
/* Trim any trailing whitespace off the key name. */
while (p != line && isspace((unsigned char)p[-1]))
p--;
/* Save the key. */
tmp = strndup(line, p - line);
if (strcmp(key, tmp) != 0) {
free(tmp);
} else {
free(tmp);
/* Skip over any whitespace after the equal sign. */
line = strchr(line, '=');
line++;
while (isspace((unsigned char)*line) && (*line != '\0'))
line++;
/* Trim off any trailing whitespace. */
p = strchr(line, '\0');
while (p != line && isspace((unsigned char)p[-1]))
p--;
/* Save the value. */
tmp = strndup(line, p - line);
free(data);
return tmp;
}
}
}
free(data);
return NULL;
}

1420
ipa-client/config.guess vendored Executable file
View File

File diff suppressed because it is too large Load Diff

71
ipa-client/config.h.in Normal file
View File

@@ -0,0 +1,71 @@
/* config.h.in. Generated from configure.ac by autoheader. */
/* Define to 1 if you have the <dlfcn.h> header file. */
#undef HAVE_DLFCN_H
/* define if you have HEIMDAL Kerberos */
#undef HAVE_HEIMDAL_KERBEROS
/* Define to 1 if you have the <heim_err.h> header file. */
#undef HAVE_HEIM_ERR_H
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
/* define if you have Kerberos V */
#undef HAVE_KRB5
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
/* Define to 1 if you have the <stdlib.h> header file. */
#undef HAVE_STDLIB_H
/* Define to 1 if you have the <strings.h> header file. */
#undef HAVE_STRINGS_H
/* Define to 1 if you have the <string.h> header file. */
#undef HAVE_STRING_H
/* Define to 1 if you have the <sys/stat.h> header file. */
#undef HAVE_SYS_STAT_H
/* Define to 1 if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
/* Define to the sub-directory in which libtool stores uninstalled libraries.
*/
#undef LT_OBJDIR
/* Name of package */
#undef PACKAGE
/* Define to the address where bug reports for this package should be sent. */
#undef PACKAGE_BUGREPORT
/* Define to the full name of this package. */
#undef PACKAGE_NAME
/* Define to the full name and version of this package. */
#undef PACKAGE_STRING
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
/* Define to the home page for this package. */
#undef PACKAGE_URL
/* Define to the version of this package. */
#undef PACKAGE_VERSION
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Version number of package */
#undef VERSION

71
ipa-client/config.h.in~ Normal file
View File

@@ -0,0 +1,71 @@
/* config.h.in. Generated from configure.ac by autoheader. */
/* Define to 1 if you have the <dlfcn.h> header file. */
#undef HAVE_DLFCN_H
/* define if you have HEIMDAL Kerberos */
#undef HAVE_HEIMDAL_KERBEROS
/* Define to 1 if you have the <heim_err.h> header file. */
#undef HAVE_HEIM_ERR_H
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
/* define if you have Kerberos V */
#undef HAVE_KRB5
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
/* Define to 1 if you have the <stdlib.h> header file. */
#undef HAVE_STDLIB_H
/* Define to 1 if you have the <strings.h> header file. */
#undef HAVE_STRINGS_H
/* Define to 1 if you have the <string.h> header file. */
#undef HAVE_STRING_H
/* Define to 1 if you have the <sys/stat.h> header file. */
#undef HAVE_SYS_STAT_H
/* Define to 1 if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
/* Define to the sub-directory in which libtool stores uninstalled libraries.
*/
#undef LT_OBJDIR
/* Name of package */
#undef PACKAGE
/* Define to the address where bug reports for this package should be sent. */
#undef PACKAGE_BUGREPORT
/* Define to the full name of this package. */
#undef PACKAGE_NAME
/* Define to the full name and version of this package. */
#undef PACKAGE_STRING
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
/* Define to the home page for this package. */
#undef PACKAGE_URL
/* Define to the version of this package. */
#undef PACKAGE_VERSION
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Version number of package */
#undef VERSION

1798
ipa-client/config.sub vendored Executable file
View File

File diff suppressed because it is too large Load Diff

15328
ipa-client/configure vendored Executable file
View File

File diff suppressed because it is too large Load Diff

229
ipa-client/configure.ac Normal file
View File

@@ -0,0 +1,229 @@
AC_PREREQ(2.59)
m4_include(version.m4)
AC_INIT([ipa-client],
IPA_VERSION,
[https://hosted.fedoraproject.org/projects/freeipa/newticket])
LT_INIT()
AC_PROG_LIBTOOL
AC_CONFIG_SRCDIR([ipaclient/__init__.py])
AC_CONFIG_HEADERS([config.h])
AM_INIT_AUTOMAKE([foreign])
AM_MAINTAINER_MODE
AC_PROG_CC_C99
AC_STDC_HEADERS
AC_DISABLE_STATIC
AC_HEADER_STDC
AM_CONDITIONAL([HAVE_GCC], [test "$ac_cv_prog_gcc" = yes])
AC_SUBST(VERSION)
AC_SUBST([INSTALL_DATA], ['$(INSTALL) -m 644 -p'])
dnl ---------------------------------------------------------------------------
dnl - Check for KRB5
dnl ---------------------------------------------------------------------------
KRB5_LIBS=
AC_CHECK_HEADER(krb5.h, [], [AC_MSG_ERROR([krb5.h not found])])
krb5_impl=mit
if test "x$ac_cv_header_krb5_h" = "xyes" ; then
dnl lazy check for Heimdal Kerberos
AC_CHECK_HEADERS(heim_err.h)
if test $ac_cv_header_heim_err_h = yes ; then
krb5_impl=heimdal
else
krb5_impl=mit
fi
if test "x$krb5_impl" = "xmit"; then
AC_CHECK_LIB(k5crypto, main,
[krb5crypto=k5crypto],
[krb5crypto=crypto])
AC_CHECK_LIB(krb5, main,
[have_krb5=yes
KRB5_LIBS="-lkrb5 -l$krb5crypto -lcom_err"],
[have_krb5=no],
[-l$krb5crypto -lcom_err])
elif test "x$krb5_impl" = "xheimdal"; then
AC_CHECK_LIB(des, main,
[krb5crypto=des],
[krb5crypto=crypto])
AC_CHECK_LIB(krb5, main,
[have_krb5=yes
KRB5_LIBS="-lkrb5 -l$krb5crypto -lasn1 -lroken -lcom_err"],
[have_krb5=no],
[-l$krb5crypto -lasn1 -lroken -lcom_err])
AC_DEFINE(HAVE_HEIMDAL_KERBEROS, 1,
[define if you have HEIMDAL Kerberos])
else
have_krb5=no
AC_MSG_WARN([Unrecognized Kerberos5 Implementation])
fi
if test "x$have_krb5" = "xyes" ; then
ol_link_krb5=yes
AC_DEFINE(HAVE_KRB5, 1,
[define if you have Kerberos V])
else
AC_MSG_ERROR([Required Kerberos 5 support not available])
fi
fi
AC_SUBST(KRB5_LIBS)
dnl ---------------------------------------------------------------------------
dnl - OpenLDAP SDK
dnl ---------------------------------------------------------------------------
AC_CHECK_LIB(ldap, ldap_search, with_ldap=yes)
dnl Check for other libraries we need to link with to get the main routines.
test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes], , -llber) }
test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes], , -llber -lkrb) }
test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes with_ldap_des=yes], , -llber -lkrb -ldes) }
dnl Recently, we need -lber even though the main routines are elsewhere,
dnl because otherwise be get link errors w.r.t. ber_pvt_opt_on. So just
dnl check for that (it's a variable not a fun but that doesn't seem to
dnl matter in these checks) and stick in -lber if so. Can't hurt (even to
dnl stick it in always shouldn't hurt, I don't think) ... #### Someone who
dnl #### understands LDAP needs to fix this properly.
test "$with_ldap_lber" != "yes" && { AC_CHECK_LIB(lber, ber_pvt_opt_on, with_ldap_lber=yes) }
if test "$with_ldap" = "yes"; then
if test "$with_ldap_des" = "yes" ; then
OPENLDAP_LIBS="${OPENLDAP_LIBS} -ldes"
fi
if test "$with_ldap_krb" = "yes" ; then
OPENLDAP_LIBS="${OPENLDAP_LIBS} -lkrb"
fi
if test "$with_ldap_lber" = "yes" ; then
OPENLDAP_LIBS="${OPENLDAP_LIBS} -llber"
fi
OPENLDAP_LIBS="${OPENLDAP_LIBS} -lldap"
else
AC_MSG_ERROR([OpenLDAP not found])
fi
AC_SUBST(OPENLDAP_LIBS)
dnl ---------------------------------------------------------------------------
dnl - Check for POPT
dnl ---------------------------------------------------------------------------
POPT_LIBS=
AC_CHECK_HEADER(popt.h, [], [AC_MSG_ERROR([popt.h not found])])
AC_CHECK_LIB(popt, poptGetContext, [POPT_LIBS="-lpopt"])
AC_SUBST(POPT_LIBS)
dnl ---------------------------------------------------------------------------
dnl - Check for SASL
dnl ---------------------------------------------------------------------------
SASL_LIBS=
AC_CHECK_HEADER(sasl/sasl.h, [], [AC_MSG_ERROR([sasl/sasl.h not found])])
AC_CHECK_LIB(sasl2, sasl_client_init, [SASL_LIBS="-lsasl2"])
AC_SUBST(SASL_LIBS)
dnl ---------------------------------------------------------------------------
dnl - Check for Python
dnl ---------------------------------------------------------------------------
AC_MSG_NOTICE([Checking for Python])
have_python=no
AM_PATH_PYTHON(2.3)
if test "x$PYTHON" = "x" ; then
AC_MSG_ERROR([Python not found])
fi
dnl ---------------------------------------------------------------------------
dnl - Check for CURL
dnl ---------------------------------------------------------------------------
CURL_LIBS=
AC_CHECK_HEADER(curl/curl.h, [], [AC_MSG_ERROR([curl/curl.h not found])])
AC_CHECK_LIB(curl, curl_easy_init, [CURL_LIBS="-lcurl"])
if test "x$CURL_LIBS" = "x" ; then
AC_MSG_ERROR([curl not found])
fi
AC_SUBST(CURL_LIBS)
dnl ---------------------------------------------------------------------------
dnl - Check for XMLRPC-C
dnl ---------------------------------------------------------------------------
XMLRPC_LIBS=
AC_CHECK_HEADER(xmlrpc-c/base.h, [], [AC_MSG_ERROR([xmlrpc-c/base.h not found])])
AC_CHECK_LIB(xmlrpc_client, xmlrpc_client_init2, [XMLRPC_LIBS="-lxmlrpc -lxmlrpc_client -lxmlrpc_util"])
if test "x$XMLRPC_LIBS" = "x" ; then
AC_MSG_ERROR([xmlrpc-c not found])
fi
AC_SUBST(XMLRPC_LIBS)
dnl ---------------------------------------------------------------------------
dnl - Check for libintl
dnl ---------------------------------------------------------------------------
SAVE_LIBS="$LIBS"
LIBINTL_LIBS=
AC_CHECK_HEADER(libintl.h, [], [AC_MSG_ERROR([libintl.h not found, please install xgettext])])
AC_SEARCH_LIBS([bindtextdomain], [libintl],[], [])
if test "x$ac_cv_search_bindtextdomain" = "xno" ; then
AC_MSG_ERROR([libintl is not found and your libc does not support gettext, please install xgettext])
elif test "x$ac_cv_search_bindtextdomain" != "xnone required" ; then
LIBINTL_LIBS="$ac_cv_search_bindtextdomain"
fi
LIBS="$SAVELIBS"
AC_SUBST(LIBINTL_LIBS)
dnl ---------------------------------------------------------------------------
dnl - Set the data install directory since we don't use pkgdatadir
dnl ---------------------------------------------------------------------------
IPA_DATA_DIR="$datadir/ipa"
AC_SUBST(IPA_DATA_DIR)
dnl ---------------------------------------------------------------------------
dnl Finish
dnl ---------------------------------------------------------------------------
# Files
AC_CONFIG_FILES([
Makefile
ipaclient/Makefile
ipa-install/Makefile
man/Makefile
])
AC_OUTPUT
echo "
IPA client $VERSION
========================
prefix: ${prefix}
exec_prefix: ${exec_prefix}
libdir: ${libdir}
bindir: ${bindir}
sbindir: ${sbindir}
sysconfdir: ${sysconfdir}
localstatedir: ${localstatedir}
datadir: ${datadir}
source code location: ${srcdir}
Maintainer mode: ${USE_MAINTAINER_MODE}
"

791
ipa-client/depcomp Executable file
View File

@@ -0,0 +1,791 @@
#! /bin/sh
# depcomp - compile a program generating dependencies as side-effects
scriptversion=2013-05-30.07; # UTC
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
case $1 in
'')
echo "$0: No command. Try '$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
cat <<\EOF
Usage: depcomp [--help] [--version] PROGRAM [ARGS]
Run PROGRAMS ARGS to compile a file, generating dependencies
as side-effects.
Environment variables:
depmode Dependency tracking mode.
source Source file read by 'PROGRAMS ARGS'.
object Object file output by 'PROGRAMS ARGS'.
DEPDIR directory where to store dependencies.
depfile Dependency file to output.
tmpdepfile Temporary file to use when outputting dependencies.
libtool Whether libtool is used (yes/no).
Report bugs to <bug-automake@gnu.org>.
EOF
exit $?
;;
-v | --v*)
echo "depcomp $scriptversion"
exit $?
;;
esac
# Get the directory component of the given path, and save it in the
# global variables '$dir'. Note that this directory component will
# be either empty or ending with a '/' character. This is deliberate.
set_dir_from ()
{
case $1 in
*/*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;;
*) dir=;;
esac
}
# Get the suffix-stripped basename of the given path, and save it the
# global variable '$base'.
set_base_from ()
{
base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'`
}
# If no dependency file was actually created by the compiler invocation,
# we still have to create a dummy depfile, to avoid errors with the
# Makefile "include basename.Plo" scheme.
make_dummy_depfile ()
{
echo "#dummy" > "$depfile"
}
# Factor out some common post-processing of the generated depfile.
# Requires the auxiliary global variable '$tmpdepfile' to be set.
aix_post_process_depfile ()
{
# If the compiler actually managed to produce a dependency file,
# post-process it.
if test -f "$tmpdepfile"; then
# Each line is of the form 'foo.o: dependency.h'.
# Do two passes, one to just change these to
# $object: dependency.h
# and one to simply output
# dependency.h:
# which is needed to avoid the deleted-header problem.
{ sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile"
sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile"
} > "$depfile"
rm -f "$tmpdepfile"
else
make_dummy_depfile
fi
}
# A tabulation character.
tab=' '
# A newline character.
nl='
'
# Character ranges might be problematic outside the C locale.
# These definitions help.
upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ
lower=abcdefghijklmnopqrstuvwxyz
digits=0123456789
alpha=${upper}${lower}
if test -z "$depmode" || test -z "$source" || test -z "$object"; then
echo "depcomp: Variables source, object and depmode must be set" 1>&2
exit 1
fi
# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
depfile=${depfile-`echo "$object" |
sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
rm -f "$tmpdepfile"
# Avoid interferences from the environment.
gccflag= dashmflag=
# Some modes work just like other modes, but use different flags. We
# parameterize here, but still list the modes in the big case below,
# to make depend.m4 easier to write. Note that we *cannot* use a case
# here, because this file can only contain one case statement.
if test "$depmode" = hp; then
# HP compiler uses -M and no extra arg.
gccflag=-M
depmode=gcc
fi
if test "$depmode" = dashXmstdout; then
# This is just like dashmstdout with a different argument.
dashmflag=-xM
depmode=dashmstdout
fi
cygpath_u="cygpath -u -f -"
if test "$depmode" = msvcmsys; then
# This is just like msvisualcpp but w/o cygpath translation.
# Just convert the backslash-escaped backslashes to single forward
# slashes to satisfy depend.m4
cygpath_u='sed s,\\\\,/,g'
depmode=msvisualcpp
fi
if test "$depmode" = msvc7msys; then
# This is just like msvc7 but w/o cygpath translation.
# Just convert the backslash-escaped backslashes to single forward
# slashes to satisfy depend.m4
cygpath_u='sed s,\\\\,/,g'
depmode=msvc7
fi
if test "$depmode" = xlc; then
# IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information.
gccflag=-qmakedep=gcc,-MF
depmode=gcc
fi
case "$depmode" in
gcc3)
## gcc 3 implements dependency tracking that does exactly what
## we want. Yay! Note: for some reason libtool 1.4 doesn't like
## it if -MD -MP comes after the -MF stuff. Hmm.
## Unfortunately, FreeBSD c89 acceptance of flags depends upon
## the command line argument order; so add the flags where they
## appear in depend2.am. Note that the slowdown incurred here
## affects only configure: in makefiles, %FASTDEP% shortcuts this.
for arg
do
case $arg in
-c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
*) set fnord "$@" "$arg" ;;
esac
shift # fnord
shift # $arg
done
"$@"
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
mv "$tmpdepfile" "$depfile"
;;
gcc)
## Note that this doesn't just cater to obsosete pre-3.x GCC compilers.
## but also to in-use compilers like IMB xlc/xlC and the HP C compiler.
## (see the conditional assignment to $gccflag above).
## There are various ways to get dependency output from gcc. Here's
## why we pick this rather obscure method:
## - Don't want to use -MD because we'd like the dependencies to end
## up in a subdir. Having to rename by hand is ugly.
## (We might end up doing this anyway to support other compilers.)
## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
## -MM, not -M (despite what the docs say). Also, it might not be
## supported by the other compilers which use the 'gcc' depmode.
## - Using -M directly means running the compiler twice (even worse
## than renaming).
if test -z "$gccflag"; then
gccflag=-MD,
fi
"$@" -Wp,"$gccflag$tmpdepfile"
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
echo "$object : \\" > "$depfile"
# The second -e expression handles DOS-style file names with drive
# letters.
sed -e 's/^[^:]*: / /' \
-e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
## This next piece of magic avoids the "deleted header file" problem.
## The problem is that when a header file which appears in a .P file
## is deleted, the dependency causes make to die (because there is
## typically no way to rebuild the header). We avoid this by adding
## dummy dependencies for each header file. Too bad gcc doesn't do
## this for us directly.
## Some versions of gcc put a space before the ':'. On the theory
## that the space means something, we add a space to the output as
## well. hp depmode also adds that space, but also prefixes the VPATH
## to the object. Take care to not repeat it in the output.
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
hp)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
sgi)
if test "$libtool" = yes; then
"$@" "-Wp,-MDupdate,$tmpdepfile"
else
"$@" -MDupdate "$tmpdepfile"
fi
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files
echo "$object : \\" > "$depfile"
# Clip off the initial element (the dependent). Don't try to be
# clever and replace this with sed code, as IRIX sed won't handle
# lines with more than a fixed number of characters (4096 in
# IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines;
# the IRIX cc adds comments like '#:fec' to the end of the
# dependency line.
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \
| tr "$nl" ' ' >> "$depfile"
echo >> "$depfile"
# The second pass generates a dummy entry for each header file.
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
>> "$depfile"
else
make_dummy_depfile
fi
rm -f "$tmpdepfile"
;;
xlc)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
aix)
# The C for AIX Compiler uses -M and outputs the dependencies
# in a .u file. In older versions, this file always lives in the
# current directory. Also, the AIX compiler puts '$object:' at the
# start of each line; $object doesn't have directory information.
# Version 6 uses the directory in both cases.
set_dir_from "$object"
set_base_from "$object"
if test "$libtool" = yes; then
tmpdepfile1=$dir$base.u
tmpdepfile2=$base.u
tmpdepfile3=$dir.libs/$base.u
"$@" -Wc,-M
else
tmpdepfile1=$dir$base.u
tmpdepfile2=$dir$base.u
tmpdepfile3=$dir$base.u
"$@" -M
fi
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
exit $stat
fi
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
do
test -f "$tmpdepfile" && break
done
aix_post_process_depfile
;;
tcc)
# tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26
# FIXME: That version still under development at the moment of writing.
# Make that this statement remains true also for stable, released
# versions.
# It will wrap lines (doesn't matter whether long or short) with a
# trailing '\', as in:
#
# foo.o : \
# foo.c \
# foo.h \
#
# It will put a trailing '\' even on the last line, and will use leading
# spaces rather than leading tabs (at least since its commit 0394caf7
# "Emit spaces for -MD").
"$@" -MD -MF "$tmpdepfile"
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
# Each non-empty line is of the form 'foo.o : \' or ' dep.h \'.
# We have to change lines of the first kind to '$object: \'.
sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile"
# And for each line of the second kind, we have to emit a 'dep.h:'
# dummy dependency, to avoid the deleted-header problem.
sed -n -e 's|^ *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile"
rm -f "$tmpdepfile"
;;
## The order of this option in the case statement is important, since the
## shell code in configure will try each of these formats in the order
## listed in this file. A plain '-MD' option would be understood by many
## compilers, so we must ensure this comes after the gcc and icc options.
pgcc)
# Portland's C compiler understands '-MD'.
# Will always output deps to 'file.d' where file is the root name of the
# source file under compilation, even if file resides in a subdirectory.
# The object file name does not affect the name of the '.d' file.
# pgcc 10.2 will output
# foo.o: sub/foo.c sub/foo.h
# and will wrap long lines using '\' :
# foo.o: sub/foo.c ... \
# sub/foo.h ... \
# ...
set_dir_from "$object"
# Use the source, not the object, to determine the base name, since
# that's sadly what pgcc will do too.
set_base_from "$source"
tmpdepfile=$base.d
# For projects that build the same source file twice into different object
# files, the pgcc approach of using the *source* file root name can cause
# problems in parallel builds. Use a locking strategy to avoid stomping on
# the same $tmpdepfile.
lockdir=$base.d-lock
trap "
echo '$0: caught signal, cleaning up...' >&2
rmdir '$lockdir'
exit 1
" 1 2 13 15
numtries=100
i=$numtries
while test $i -gt 0; do
# mkdir is a portable test-and-set.
if mkdir "$lockdir" 2>/dev/null; then
# This process acquired the lock.
"$@" -MD
stat=$?
# Release the lock.
rmdir "$lockdir"
break
else
# If the lock is being held by a different process, wait
# until the winning process is done or we timeout.
while test -d "$lockdir" && test $i -gt 0; do
sleep 1
i=`expr $i - 1`
done
fi
i=`expr $i - 1`
done
trap - 1 2 13 15
if test $i -le 0; then
echo "$0: failed to acquire lock after $numtries attempts" >&2
echo "$0: check lockdir '$lockdir'" >&2
exit 1
fi
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
# Each line is of the form `foo.o: dependent.h',
# or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
# Do two passes, one to just change these to
# `$object: dependent.h' and one to simply `dependent.h:'.
sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
# Some versions of the HPUX 10.20 sed can't process this invocation
# correctly. Breaking it into two sed invocations is a workaround.
sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
hp2)
# The "hp" stanza above does not work with aCC (C++) and HP's ia64
# compilers, which have integrated preprocessors. The correct option
# to use with these is +Maked; it writes dependencies to a file named
# 'foo.d', which lands next to the object file, wherever that
# happens to be.
# Much of this is similar to the tru64 case; see comments there.
set_dir_from "$object"
set_base_from "$object"
if test "$libtool" = yes; then
tmpdepfile1=$dir$base.d
tmpdepfile2=$dir.libs/$base.d
"$@" -Wc,+Maked
else
tmpdepfile1=$dir$base.d
tmpdepfile2=$dir$base.d
"$@" +Maked
fi
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile1" "$tmpdepfile2"
exit $stat
fi
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
do
test -f "$tmpdepfile" && break
done
if test -f "$tmpdepfile"; then
sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile"
# Add 'dependent.h:' lines.
sed -ne '2,${
s/^ *//
s/ \\*$//
s/$/:/
p
}' "$tmpdepfile" >> "$depfile"
else
make_dummy_depfile
fi
rm -f "$tmpdepfile" "$tmpdepfile2"
;;
tru64)
# The Tru64 compiler uses -MD to generate dependencies as a side
# effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'.
# At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
# dependencies in 'foo.d' instead, so we check for that too.
# Subdirectories are respected.
set_dir_from "$object"
set_base_from "$object"
if test "$libtool" = yes; then
# Libtool generates 2 separate objects for the 2 libraries. These
# two compilations output dependencies in $dir.libs/$base.o.d and
# in $dir$base.o.d. We have to check for both files, because
# one of the two compilations can be disabled. We should prefer
# $dir$base.o.d over $dir.libs/$base.o.d because the latter is
# automatically cleaned when .libs/ is deleted, while ignoring
# the former would cause a distcleancheck panic.
tmpdepfile1=$dir$base.o.d # libtool 1.5
tmpdepfile2=$dir.libs/$base.o.d # Likewise.
tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504
"$@" -Wc,-MD
else
tmpdepfile1=$dir$base.d
tmpdepfile2=$dir$base.d
tmpdepfile3=$dir$base.d
"$@" -MD
fi
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
exit $stat
fi
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
do
test -f "$tmpdepfile" && break
done
# Same post-processing that is required for AIX mode.
aix_post_process_depfile
;;
msvc7)
if test "$libtool" = yes; then
showIncludes=-Wc,-showIncludes
else
showIncludes=-showIncludes
fi
"$@" $showIncludes > "$tmpdepfile"
stat=$?
grep -v '^Note: including file: ' "$tmpdepfile"
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
echo "$object : \\" > "$depfile"
# The first sed program below extracts the file names and escapes
# backslashes for cygpath. The second sed program outputs the file
# name when reading, but also accumulates all include files in the
# hold buffer in order to output them again at the end. This only
# works with sed implementations that can handle large buffers.
sed < "$tmpdepfile" -n '
/^Note: including file: *\(.*\)/ {
s//\1/
s/\\/\\\\/g
p
}' | $cygpath_u | sort -u | sed -n '
s/ /\\ /g
s/\(.*\)/'"$tab"'\1 \\/p
s/.\(.*\) \\/\1:/
H
$ {
s/.*/'"$tab"'/
G
p
}' >> "$depfile"
echo >> "$depfile" # make sure the fragment doesn't end with a backslash
rm -f "$tmpdepfile"
;;
msvc7msys)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
#nosideeffect)
# This comment above is used by automake to tell side-effect
# dependency tracking mechanisms from slower ones.
dashmstdout)
# Important note: in order to support this mode, a compiler *must*
# always write the preprocessed file to stdout, regardless of -o.
"$@" || exit $?
# Remove the call to Libtool.
if test "$libtool" = yes; then
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
# Remove '-o $object'.
IFS=" "
for arg
do
case $arg in
-o)
shift
;;
$object)
shift
;;
*)
set fnord "$@" "$arg"
shift # fnord
shift # $arg
;;
esac
done
test -z "$dashmflag" && dashmflag=-M
# Require at least two characters before searching for ':'
# in the target name. This is to cope with DOS-style filenames:
# a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise.
"$@" $dashmflag |
sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile"
rm -f "$depfile"
cat < "$tmpdepfile" > "$depfile"
# Some versions of the HPUX 10.20 sed can't process this sed invocation
# correctly. Breaking it into two sed invocations is a workaround.
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
dashXmstdout)
# This case only exists to satisfy depend.m4. It is never actually
# run, as this mode is specially recognized in the preamble.
exit 1
;;
makedepend)
"$@" || exit $?
# Remove any Libtool call
if test "$libtool" = yes; then
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
# X makedepend
shift
cleared=no eat=no
for arg
do
case $cleared in
no)
set ""; shift
cleared=yes ;;
esac
if test $eat = yes; then
eat=no
continue
fi
case "$arg" in
-D*|-I*)
set fnord "$@" "$arg"; shift ;;
# Strip any option that makedepend may not understand. Remove
# the object too, otherwise makedepend will parse it as a source file.
-arch)
eat=yes ;;
-*|$object)
;;
*)
set fnord "$@" "$arg"; shift ;;
esac
done
obj_suffix=`echo "$object" | sed 's/^.*\././'`
touch "$tmpdepfile"
${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
rm -f "$depfile"
# makedepend may prepend the VPATH from the source file name to the object.
# No need to regex-escape $object, excess matching of '.' is harmless.
sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile"
# Some versions of the HPUX 10.20 sed can't process the last invocation
# correctly. Breaking it into two sed invocations is a workaround.
sed '1,2d' "$tmpdepfile" \
| tr ' ' "$nl" \
| sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile" "$tmpdepfile".bak
;;
cpp)
# Important note: in order to support this mode, a compiler *must*
# always write the preprocessed file to stdout.
"$@" || exit $?
# Remove the call to Libtool.
if test "$libtool" = yes; then
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
# Remove '-o $object'.
IFS=" "
for arg
do
case $arg in
-o)
shift
;;
$object)
shift
;;
*)
set fnord "$@" "$arg"
shift # fnord
shift # $arg
;;
esac
done
"$@" -E \
| sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
-e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
| sed '$ s: \\$::' > "$tmpdepfile"
rm -f "$depfile"
echo "$object : \\" > "$depfile"
cat < "$tmpdepfile" >> "$depfile"
sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
msvisualcpp)
# Important note: in order to support this mode, a compiler *must*
# always write the preprocessed file to stdout.
"$@" || exit $?
# Remove the call to Libtool.
if test "$libtool" = yes; then
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
IFS=" "
for arg
do
case "$arg" in
-o)
shift
;;
$object)
shift
;;
"-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
set fnord "$@"
shift
shift
;;
*)
set fnord "$@" "$arg"
shift
shift
;;
esac
done
"$@" -E 2>/dev/null |
sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
rm -f "$depfile"
echo "$object : \\" > "$depfile"
sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile"
echo "$tab" >> "$depfile"
sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
rm -f "$tmpdepfile"
;;
msvcmsys)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
none)
exec "$@"
;;
*)
echo "Unknown depmode $depmode" 1>&2
exit 1
;;
esac
exit 0
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

527
ipa-client/install-sh Executable file
View File

@@ -0,0 +1,527 @@
#!/bin/sh
# install - install a program, script, or datafile
scriptversion=2011-11-20.07; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
# following copyright and license.
#
# Copyright (C) 1994 X Consortium
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
# Except as contained in this notice, the name of the X Consortium shall not
# be used in advertising or otherwise to promote the sale, use or other deal-
# ings in this Software without prior written authorization from the X Consor-
# tium.
#
#
# FSF changes to this file are in the public domain.
#
# Calling this script install-sh is preferred over install.sh, to prevent
# 'make' implicit rules from creating a file called install from it
# when there is no Makefile.
#
# This script is compatible with the BSD install script, but was written
# from scratch.
nl='
'
IFS=" "" $nl"
# set DOITPROG to echo to test this script
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit=${DOITPROG-}
if test -z "$doit"; then
doit_exec=exec
else
doit_exec=$doit
fi
# Put in absolute file names if you don't have them in your path;
# or use environment vars.
chgrpprog=${CHGRPPROG-chgrp}
chmodprog=${CHMODPROG-chmod}
chownprog=${CHOWNPROG-chown}
cmpprog=${CMPPROG-cmp}
cpprog=${CPPROG-cp}
mkdirprog=${MKDIRPROG-mkdir}
mvprog=${MVPROG-mv}
rmprog=${RMPROG-rm}
stripprog=${STRIPPROG-strip}
posix_glob='?'
initialize_posix_glob='
test "$posix_glob" != "?" || {
if (set -f) 2>/dev/null; then
posix_glob=
else
posix_glob=:
fi
}
'
posix_mkdir=
# Desired mode of installed file.
mode=0755
chgrpcmd=
chmodcmd=$chmodprog
chowncmd=
mvcmd=$mvprog
rmcmd="$rmprog -f"
stripcmd=
src=
dst=
dir_arg=
dst_arg=
copy_on_change=false
no_target_directory=
usage="\
Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
or: $0 [OPTION]... SRCFILES... DIRECTORY
or: $0 [OPTION]... -t DIRECTORY SRCFILES...
or: $0 [OPTION]... -d DIRECTORIES...
In the 1st form, copy SRCFILE to DSTFILE.
In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
In the 4th, create DIRECTORIES.
Options:
--help display this help and exit.
--version display version info and exit.
-c (ignored)
-C install only if different (preserve the last data modification time)
-d create directories instead of installing files.
-g GROUP $chgrpprog installed files to GROUP.
-m MODE $chmodprog installed files to MODE.
-o USER $chownprog installed files to USER.
-s $stripprog installed files.
-t DIRECTORY install into DIRECTORY.
-T report an error if DSTFILE is a directory.
Environment variables override the default commands:
CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
RMPROG STRIPPROG
"
while test $# -ne 0; do
case $1 in
-c) ;;
-C) copy_on_change=true;;
-d) dir_arg=true;;
-g) chgrpcmd="$chgrpprog $2"
shift;;
--help) echo "$usage"; exit $?;;
-m) mode=$2
case $mode in
*' '* | *' '* | *'
'* | *'*'* | *'?'* | *'['*)
echo "$0: invalid mode: $mode" >&2
exit 1;;
esac
shift;;
-o) chowncmd="$chownprog $2"
shift;;
-s) stripcmd=$stripprog;;
-t) dst_arg=$2
# Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
shift;;
-T) no_target_directory=true;;
--version) echo "$0 $scriptversion"; exit $?;;
--) shift
break;;
-*) echo "$0: invalid option: $1" >&2
exit 1;;
*) break;;
esac
shift
done
if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
# When -d is used, all remaining arguments are directories to create.
# When -t is used, the destination is already specified.
# Otherwise, the last argument is the destination. Remove it from $@.
for arg
do
if test -n "$dst_arg"; then
# $@ is not empty: it contains at least $arg.
set fnord "$@" "$dst_arg"
shift # fnord
fi
shift # arg
dst_arg=$arg
# Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
done
fi
if test $# -eq 0; then
if test -z "$dir_arg"; then
echo "$0: no input file specified." >&2
exit 1
fi
# It's OK to call 'install-sh -d' without argument.
# This can happen when creating conditional directories.
exit 0
fi
if test -z "$dir_arg"; then
do_exit='(exit $ret); exit $ret'
trap "ret=129; $do_exit" 1
trap "ret=130; $do_exit" 2
trap "ret=141; $do_exit" 13
trap "ret=143; $do_exit" 15
# Set umask so as not to create temps with too-generous modes.
# However, 'strip' requires both read and write access to temps.
case $mode in
# Optimize common cases.
*644) cp_umask=133;;
*755) cp_umask=22;;
*[0-7])
if test -z "$stripcmd"; then
u_plus_rw=
else
u_plus_rw='% 200'
fi
cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
*)
if test -z "$stripcmd"; then
u_plus_rw=
else
u_plus_rw=,u+rw
fi
cp_umask=$mode$u_plus_rw;;
esac
fi
for src
do
# Protect names problematic for 'test' and other utilities.
case $src in
-* | [=\(\)!]) src=./$src;;
esac
if test -n "$dir_arg"; then
dst=$src
dstdir=$dst
test -d "$dstdir"
dstdir_status=$?
else
# Waiting for this to be detected by the "$cpprog $src $dsttmp" command
# might cause directories to be created, which would be especially bad
# if $src (and thus $dsttmp) contains '*'.
if test ! -f "$src" && test ! -d "$src"; then
echo "$0: $src does not exist." >&2
exit 1
fi
if test -z "$dst_arg"; then
echo "$0: no destination specified." >&2
exit 1
fi
dst=$dst_arg
# If destination is a directory, append the input filename; won't work
# if double slashes aren't ignored.
if test -d "$dst"; then
if test -n "$no_target_directory"; then
echo "$0: $dst_arg: Is a directory" >&2
exit 1
fi
dstdir=$dst
dst=$dstdir/`basename "$src"`
dstdir_status=0
else
# Prefer dirname, but fall back on a substitute if dirname fails.
dstdir=`
(dirname "$dst") 2>/dev/null ||
expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$dst" : 'X\(//\)[^/]' \| \
X"$dst" : 'X\(//\)$' \| \
X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
echo X"$dst" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
}
/^X\(\/\/\)[^/].*/{
s//\1/
q
}
/^X\(\/\/\)$/{
s//\1/
q
}
/^X\(\/\).*/{
s//\1/
q
}
s/.*/./; q'
`
test -d "$dstdir"
dstdir_status=$?
fi
fi
obsolete_mkdir_used=false
if test $dstdir_status != 0; then
case $posix_mkdir in
'')
# Create intermediate dirs using mode 755 as modified by the umask.
# This is like FreeBSD 'install' as of 1997-10-28.
umask=`umask`
case $stripcmd.$umask in
# Optimize common cases.
*[2367][2367]) mkdir_umask=$umask;;
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
*[0-7])
mkdir_umask=`expr $umask + 22 \
- $umask % 100 % 40 + $umask % 20 \
- $umask % 10 % 4 + $umask % 2
`;;
*) mkdir_umask=$umask,go-w;;
esac
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
mkdir_mode=-m$mode
else
mkdir_mode=
fi
posix_mkdir=false
case $umask in
*[123567][0-7][0-7])
# POSIX mkdir -p sets u+wx bits regardless of umask, which
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
;;
*)
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
if (umask $mkdir_umask &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
ls_ld_tmpdir=`ls -ld "$tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/d" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
fi
trap '' 0;;
esac;;
esac
if
$posix_mkdir && (
umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
)
then :
else
# The umask is ridiculous, or mkdir does not conform to POSIX,
# or it failed possibly due to a race condition. Create the
# directory the slow way, step by step, checking for races as we go.
case $dstdir in
/*) prefix='/';;
[-=\(\)!]*) prefix='./';;
*) prefix='';;
esac
eval "$initialize_posix_glob"
oIFS=$IFS
IFS=/
$posix_glob set -f
set fnord $dstdir
shift
$posix_glob set +f
IFS=$oIFS
prefixes=
for d
do
test X"$d" = X && continue
prefix=$prefix$d
if test -d "$prefix"; then
prefixes=
else
if $posix_mkdir; then
(umask=$mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
else
case $prefix in
*\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
*) qprefix=$prefix;;
esac
prefixes="$prefixes '$qprefix'"
fi
fi
prefix=$prefix/
done
if test -n "$prefixes"; then
# Don't fail if two instances are running concurrently.
(umask $mkdir_umask &&
eval "\$doit_exec \$mkdirprog $prefixes") ||
test -d "$dstdir" || exit 1
obsolete_mkdir_used=true
fi
fi
fi
if test -n "$dir_arg"; then
{ test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
{ test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
{ test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
else
# Make a couple of temp file names in the proper directory.
dsttmp=$dstdir/_inst.$$_
rmtmp=$dstdir/_rm.$$_
# Trap to clean up those temp files at exit.
trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
# Copy the file name to the temp name.
(umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
# and set any options; do chmod last to preserve setuid bits.
#
# If any of these fail, we abort the whole thing. If we want to
# ignore errors from any of these, just make sure not to ignore
# errors from the above "$doit $cpprog $src $dsttmp" command.
#
{ test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
{ test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
{ test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
{ test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
# If -C, don't bother to copy if it wouldn't change the file.
if $copy_on_change &&
old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
eval "$initialize_posix_glob" &&
$posix_glob set -f &&
set X $old && old=:$2:$4:$5:$6 &&
set X $new && new=:$2:$4:$5:$6 &&
$posix_glob set +f &&
test "$old" = "$new" &&
$cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
then
rm -f "$dsttmp"
else
# Rename the file to the real destination.
$doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
# The rename failed, perhaps because mv can't rename something else
# to itself, or perhaps because mv is so ancient that it does not
# support -f.
{
# Now remove or move aside any old file at destination location.
# We try this two ways since rm can't unlink itself on some
# systems and the destination file might be busy for other
# reasons. In this case, the final cleanup might fail but the new
# file should still install successfully.
{
test ! -f "$dst" ||
$doit $rmcmd -f "$dst" 2>/dev/null ||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
} ||
{ echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
}
} &&
# Now rename the file to the real destination.
$doit $mvcmd "$dsttmp" "$dst"
}
fi || exit 1
trap '' 0
fi
done
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

48
ipa-client/ipa-client-common.c Normal file
View File

@@ -0,0 +1,48 @@
/* Authors: Jakub Hrozek <jhrozek@redhat.com>
*
* Copyright (C) 2010 Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <locale.h>
#include <libintl.h>
#include <errno.h>
#include "config.h"
int init_gettext(void)
{
char *c;
c = setlocale(LC_ALL, "");
if (!c) {
return EIO;
}
errno = 0;
c = bindtextdomain("ipa", LOCALEDIR);
if (c == NULL) {
return errno;
}
errno = 0;
c = textdomain("ipa");
if (c == NULL) {
return errno;
}
return 0;
}

33
ipa-client/ipa-client-common.h Normal file
View File

@@ -0,0 +1,33 @@
/* Authors: Jakub Hrozek <jhrozek@redhat.com>
*
* Copyright (C) 2010 Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __IPA_CLIENT_COMMON_H
#define __IPA_CLIENT_COMMON_H
#include <libintl.h>
#define _(STRING) gettext(STRING)
#include <stdint.h>
#ifndef discard_const
#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
#endif
int init_gettext(void);
#endif /* __IPA_CLIENT_COMMON_H */

86
ipa-client/ipa-client.spec Normal file
View File

@@ -0,0 +1,86 @@
Name: ipa-client
Version: 4.0.5
Release: 0%{?dist}
Summary: IPA client
Group: System Environment/Base
License: GPLv2
URL: http://www.freeipa.org
Source0: %{name}-%{version}.tgz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: python python-ldap python-krbV ipa-python cyrus-sasl-gssapi
%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
%description
IPA is a server for identity, policy, and audit.
The client package provide install and configuration scripts for clients.
%prep
%setup -q
./configure --prefix=%{buildroot}/usr --libdir=%{buildroot}/%{_libdir} --sysconfdir=%{buildroot}/etc --mandir=%{buildroot}/%{_mandir}
%build
make
%install
rm -rf %{buildroot}
make install
mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa-client/sysrestore
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root,-)
%{_sbindir}/ipa-client-install
%{_sbindir}/ipa-getkeytab
%dir %{_usr}/share/ipa
%{_usr}/share/ipa/*
%dir %{python_sitelib}/ipaclient
%{python_sitelib}/ipaclient/*.py*
%dir %{_localstatedir}/lib/ipa-client
%dir %{_localstatedir}/lib/ipa-client/sysrestore
%{_mandir}/man1/*
%changelog
* Thu Apr 3 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-1
- Version bump for release
* Mon Feb 25 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-2
- Add ipa-getkeytab man page
* Thu Feb 21 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-1
- Version bump for release
* Thu Jan 31 2008 Rob Crittenden <rcritten@redhat.com> - 0.6.0-3
- Marked with wrong license. IPA is GPLv2.
* Thu Jan 17 2008 Rob Crittenden <rcritten@redhat.com> - 0.6.0-2
- Fixed License in specfile
- Move client python files to /usr/lib*/python*/site-packages
* Fri Dec 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.6.0-1
- Version bump for release
* Wed Nov 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.5.0-1
- Version bump for release and rpm name change
* Thu Nov 1 2007 Karl MacMillan <kmacmill@redhat.com> - 0.3.1-1
- Version bump for release
* Thu Oct 18 2007 Karl MacMillan <kmacmill@redhat.com> - 0.3.0-2
- Convert to autotools-based build
* Thu Aug 16 2007 Simo Sorce <ssorce@redhat.com> - 0.1.0-1
- Initial rpm version

86
ipa-client/ipa-client.spec.in Normal file
View File

@@ -0,0 +1,86 @@
Name: ipa-client
Version: __VERSION__
Release: __RELEASE__%{?dist}
Summary: IPA client
Group: System Environment/Base
License: GPLv2
URL: http://www.freeipa.org
Source0: %{name}-%{version}.tgz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: python python-ldap python-krbV ipa-python cyrus-sasl-gssapi
%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
%description
IPA is a server for identity, policy, and audit.
The client package provide install and configuration scripts for clients.
%prep
%setup -q
./configure --prefix=%{buildroot}/usr --libdir=%{buildroot}/%{_libdir} --sysconfdir=%{buildroot}/etc --mandir=%{buildroot}/%{_mandir}
%build
make
%install
rm -rf %{buildroot}
make install
mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa-client/sysrestore
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root,-)
%{_sbindir}/ipa-client-install
%{_sbindir}/ipa-getkeytab
%dir %{_usr}/share/ipa
%{_usr}/share/ipa/*
%dir %{python_sitelib}/ipaclient
%{python_sitelib}/ipaclient/*.py*
%dir %{_localstatedir}/lib/ipa-client
%dir %{_localstatedir}/lib/ipa-client/sysrestore
%{_mandir}/man1/*
%changelog
* Thu Apr 3 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-1
- Version bump for release
* Mon Feb 25 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-2
- Add ipa-getkeytab man page
* Thu Feb 21 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-1
- Version bump for release
* Thu Jan 31 2008 Rob Crittenden <rcritten@redhat.com> - 0.6.0-3
- Marked with wrong license. IPA is GPLv2.
* Thu Jan 17 2008 Rob Crittenden <rcritten@redhat.com> - 0.6.0-2
- Fixed License in specfile
- Move client python files to /usr/lib*/python*/site-packages
* Fri Dec 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.6.0-1
- Version bump for release
* Wed Nov 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.5.0-1
- Version bump for release and rpm name change
* Thu Nov 1 2007 Karl MacMillan <kmacmill@redhat.com> - 0.3.1-1
- Version bump for release
* Thu Oct 18 2007 Karl MacMillan <kmacmill@redhat.com> - 0.3.0-2
- Convert to autotools-based build
* Thu Aug 16 2007 Simo Sorce <ssorce@redhat.com> - 0.1.0-1
- Initial rpm version

974
ipa-client/ipa-getkeytab.c Normal file
View File

@@ -0,0 +1,974 @@
/* Authors: Simo Sorce <ssorce@redhat.com>
*
* Copyright (C) 2007 Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#define _GNU_SOURCE
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/time.h>
#include <unistd.h>
#include <stdio.h>
#include <stdarg.h>
#include <stdlib.h>
#include <stdint.h>
#include <stdbool.h>
#include <string.h>
#include <errno.h>
#include <time.h>
#include <krb5.h>
#include <ldap.h>
#include <sasl/sasl.h>
#include <popt.h>
#include "config.h"
#include "ipa_krb5.h"
#include "ipa-client-common.h"
static int ldap_sasl_interact(LDAP *ld, unsigned flags, void *priv_data, void *sit)
{
sasl_interact_t *in = NULL;
int ret = LDAP_OTHER;
krb5_principal princ = (krb5_principal)priv_data;
krb5_context krbctx;
char *outname = NULL;
krb5_error_code krberr;
if (!ld) return LDAP_PARAM_ERROR;
for (in = sit; in && in->id != SASL_CB_LIST_END; in++) {
switch(in->id) {
case SASL_CB_USER:
krberr = krb5_init_context(&krbctx);
if (krberr) {
fprintf(stderr, _("Kerberos context initialization failed: %1$s (%2$d)\n"),
error_message(krberr), krberr);
in->result = NULL;
in->len = 0;
ret = LDAP_LOCAL_ERROR;
break;
}
krberr = krb5_unparse_name(krbctx, princ, &outname);
if (krberr) {
fprintf(stderr, _("Unable to parse principal: %1$s (%2$d)\n"),
error_message(krberr), krberr);
in->result = NULL;
in->len = 0;
ret = LDAP_LOCAL_ERROR;
break;
}
in->result = outname;
in->len = strlen(outname);
ret = LDAP_SUCCESS;
krb5_free_context(krbctx);
break;
case SASL_CB_GETREALM:
in->result = princ->realm.data;
in->len = princ->realm.length;
ret = LDAP_SUCCESS;
break;
default:
in->result = NULL;
in->len = 0;
ret = LDAP_OTHER;
}
}
return ret;
}
int filter_keys(krb5_context krbctx, struct keys_container *keys,
ber_int_t *enctypes)
{
struct krb_key_salt *ksdata;
int i, j, n;
n = keys->nkeys;
ksdata = keys->ksdata;
for (i = 0; i < n; i++) {
if (ksdata[i].enctype == enctypes[i]) continue;
if (enctypes[i] == 0) {
/* remove unsupported one */
krb5_free_keyblock_contents(krbctx, &ksdata[i].key);
krb5_free_data_contents(krbctx, &ksdata[i].salt);
for (j = i; j < n-1; j++) {
ksdata[j] = ksdata[j + 1];
enctypes[j] = enctypes[j + 1];
}
n--;
/* new key has been moved to this position, make sure
* we do not skip it, by neutralizing next i increment */
i--;
}
}
if (n == 0) {
fprintf(stderr, _("No keys accepted by KDC\n"));
return 0;
}
keys->nkeys = n;
return n;
}
static int ipa_ldap_init(LDAP ** ld, const char * scheme, const char * servername, const int port)
{
char* url = NULL;
int url_len = snprintf(url,0,"%s://%s:%d",scheme,servername,port) +1;
url = (char *)malloc (url_len);
if (!url){
fprintf(stderr, _("Out of memory \n"));
return LDAP_NO_MEMORY;
}
sprintf(url,"%s://%s:%d",scheme,servername,port);
int rc = ldap_initialize(ld, url);
free(url);
return rc;
}
const char *ca_cert_file = "/etc/ipa/ca.crt";
static int ipa_ldap_bind(const char *server_name, krb5_principal bind_princ,
const char *bind_dn, const char *bind_pw, LDAP **_ld)
{
char *msg = NULL;
struct berval bv;
int version;
LDAP *ld;
int ssl;
int ret;
/* TODO: support referrals ? */
if (bind_dn) {
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, ca_cert_file);
if (ret != LDAP_OPT_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP_OPT_X_TLS_CERTIFICATE\n"));
return ret;
}
ret = ipa_ldap_init(&ld, "ldaps", server_name, 636);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to init for ldaps(636) connection\n"));
return ret;
}
ssl = LDAP_OPT_X_TLS_HARD;;
ret = ldap_set_option(ld, LDAP_OPT_X_TLS, &ssl);
if (ret != LDAP_OPT_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP_OPT_X_TLS\n"));
goto done;
}
} else {
ret = ipa_ldap_init(&ld, "ldap", server_name, 389);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to init for ldap(389) connection\n"));
return ret;
}
}
if (ld == NULL) {
fprintf(stderr, _("Unable to initialize ldap library!\n"));
return LDAP_OPERATIONS_ERROR;
}
#ifdef LDAP_OPT_X_SASL_NOCANON
/* Don't do DNS canonicalization */
ret = ldap_set_option(ld, LDAP_OPT_X_SASL_NOCANON, LDAP_OPT_ON);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP_OPT_X_SASL_NOCANON\n"));
goto done;
}
#endif
version = LDAP_VERSION3;
ret = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP_OPT_PROTOCOL_VERSION\n"));
goto done;
}
if (bind_dn) {
bv.bv_val = discard_const(bind_pw);
bv.bv_len = strlen(bind_pw);
ret = ldap_sasl_bind_s(ld, bind_dn, LDAP_SASL_SIMPLE,
&bv, NULL, NULL, NULL);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Simple bind failed\n"));
goto done;
}
} else {
ret = ldap_sasl_interactive_bind_s(ld, NULL, "GSSAPI",
NULL, NULL, LDAP_SASL_QUIET,
ldap_sasl_interact, bind_princ);
if (ret != LDAP_SUCCESS) {
#ifdef LDAP_OPT_DIAGNOSTIC_MESSAGE
ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*)&msg);
#endif
fprintf(stderr, "SASL Bind failed %s (%d) %s!\n",
ldap_err2string(ret), ret, msg ? msg : "");
goto done;
}
}
ret = LDAP_SUCCESS;
done:
if (ret != LDAP_SUCCESS) {
if (ld) ldap_unbind_ext(ld, NULL, NULL);
} else {
*_ld = ld;
}
return ret;
}
static int ipa_ldap_extended_op(LDAP *ld, const char *reqoid,
struct berval *control,
LDAPControl ***srvctrl)
{
struct berval *retdata = NULL;
LDAPMessage *res = NULL;
char *retoid = NULL;
struct timeval tv;
char *err = NULL;
int msgid;
int ret, rc;
ret = ldap_extended_operation(ld, reqoid, control,
NULL, NULL, &msgid);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Operation failed: %s\n"), ldap_err2string(ret));
return ret;
}
/* wait max 10 secs for the answer */
tv.tv_sec = 10;
tv.tv_usec = 0;
ret = ldap_result(ld, msgid, 1, &tv, &res);
if (ret == -1) {
fprintf(stderr, _("Failed to get result: %s\n"), ldap_err2string(ret));
goto done;
}
ret = ldap_parse_extended_result(ld, res, &retoid, &retdata, 0);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Failed to parse extended result: %s\n"),
ldap_err2string(ret));
goto done;
}
ret = ldap_parse_result(ld, res, &rc, NULL, &err, NULL, srvctrl, 0);
if (ret != LDAP_SUCCESS || rc != LDAP_SUCCESS) {
fprintf(stderr, _("Failed to parse result: %s\n"),
err ? err : ldap_err2string(ret));
if (ret == LDAP_SUCCESS) ret = rc;
goto done;
}
done:
if (err) ldap_memfree(err);
if (res) ldap_msgfree(res);
return ret;
}
static BerElement *get_control_data(LDAPControl **list, const char *repoid)
{
LDAPControl *control = NULL;
int i;
if (!list) {
fprintf(stderr, _("Missing reply control list!\n"));
return NULL;
}
for (i = 0; list[i]; i++) {
if (strcmp(list[i]->ldctl_oid, repoid) == 0) {
control = list[i];
}
}
if (!control) {
fprintf(stderr, _("Missing reply control!\n"));
return NULL;
}
return ber_init(&control->ldctl_value);
}
static int ldap_set_keytab(krb5_context krbctx,
const char *servername,
const char *principal_name,
krb5_principal princ,
const char *binddn,
const char *bindpw,
struct keys_container *keys)
{
LDAP *ld = NULL;
BerElement *sctrl = NULL;
struct berval *control = NULL;
LDAPControl **srvctrl = NULL;
int ret;
int kvno, i;
ber_tag_t rtag;
ber_int_t *encs = NULL;
int successful_keys = 0;
/* cant' return more than nkeys, sometimes less */
encs = calloc(keys->nkeys + 1, sizeof(ber_int_t));
if (!encs) {
fprintf(stderr, _("Out of Memory!\n"));
return 0;
}
/* build password change control */
control = create_key_control(keys, principal_name);
if (!control) {
fprintf(stderr, _("Failed to create control!\n"));
goto error_out;
}
ret = ipa_ldap_bind(servername, princ, binddn, bindpw, &ld);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Failed to bind to server!\n"));
goto error_out;
}
/* perform password change */
ret = ipa_ldap_extended_op(ld, KEYTAB_SET_OID, control, &srvctrl);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Failed to get keytab!\n"));
goto error_out;
}
ber_bvfree(control);
control = NULL;
sctrl = get_control_data(srvctrl, KEYTAB_RET_OID);
if (!sctrl) {
fprintf(stderr, _("ber_init() failed, Invalid control ?!\n"));
goto error_out;
}
/* Format of response
*
* KeytabGetRequest ::= SEQUENCE {
* new_kvno Int32
* SEQUENCE OF KeyTypes
* }
*
* * List of accepted enctypes *
* KeyTypes ::= SEQUENCE {
* enctype Int32
* }
*/
rtag = ber_scanf(sctrl, "{i{", &kvno);
if (rtag == LBER_ERROR) {
fprintf(stderr, _("ber_scanf() failed, unable to find kvno ?!\n"));
goto error_out;
}
for (i = 0; i < keys->nkeys; i++) {
ret = ber_scanf(sctrl, "{i}", &encs[i]);
if (ret == LBER_ERROR) {
char enc[79]; /* fit std terminal or truncate */
krb5_error_code krberr;
krberr = krb5_enctype_to_string(
keys->ksdata[i].enctype, enc, 79);
if (krberr) {
fprintf(stderr, _("Failed to retrieve "
"encryption type type #%d\n"),
keys->ksdata[i].enctype);
} else {
fprintf(stderr, _("Failed to retrieve "
"encryption type %1$s (#%2$d)\n"),
enc, keys->ksdata[i].enctype);
}
} else {
successful_keys++;
}
}
if (successful_keys == 0) {
fprintf(stderr, _("Failed to retrieve any keys"));
goto error_out;
}
ret = filter_keys(krbctx, keys, encs);
if (ret == 0) goto error_out;
ber_free(sctrl, 1);
ldap_controls_free(srvctrl);
ldap_unbind_ext(ld, NULL, NULL);
free(encs);
return kvno;
error_out:
if (sctrl) ber_free(sctrl, 1);
if (srvctrl) ldap_controls_free(srvctrl);
if (ld) ldap_unbind_ext(ld, NULL, NULL);
if (control) ber_bvfree(control);
free(encs);
return -1;
}
/* Format of getkeytab control
*
* KeytabGetRequest ::= CHOICE {
* newkeys [0] Newkeys,
* curkeys [1] CurrentKeys,
* reply [2] Reply
* }
*
* NewKeys ::= SEQUENCE {
* serviceIdentity [0] OCTET STRING,
* enctypes [1] SEQUENCE OF Int16
* password [2] OCTET STRING OPTIONAL,
* }
*
* CurrentKeys ::= SEQUENCE {
* serviceIdentity [0] OCTET STRING,
* }
*
* Reply ::= SEQUENCE {
* new_kvno Int32
* keys SEQUENCE OF KrbKey,
* }
*
* KrbKey ::= SEQUENCE {
* key [0] EncryptionKey,
* salt [1] KrbSalt OPTIONAL,
* s2kparams [2] OCTET STRING OPTIONAL,
* }
*
* EncryptionKey ::= SEQUENCE {
* keytype [0] Int32,
* keyvalue [1] OCTET STRING
* }
*
* KrbSalt ::= SEQUENCE {
* type [0] Int32,
* salt [1] OCTET STRING
* }
*/
#define GK_REQUEST_NEWKEYS (LBER_CLASS_CONTEXT | LBER_CONSTRUCTED | 0)
#define GK_REQUEST_CURKEYS (LBER_CLASS_CONTEXT | LBER_CONSTRUCTED | 1)
#define GKREQ_SVCNAME_TAG (LBER_CLASS_CONTEXT | LBER_CONSTRUCTED | 1)
#define GKREQ_ENCTYPES_TAG (LBER_CLASS_CONTEXT | LBER_CONSTRUCTED | 1)
#define GKREQ_PASSWORD_TAG (LBER_CLASS_CONTEXT | LBER_CONSTRUCTED | 2)
static struct berval *create_getkeytab_control(const char *svc_princ, bool gen,
const char *password,
struct krb_key_salt *encsalts,
int num_encsalts)
{
struct berval *bval = NULL;
BerElement *be;
ber_tag_t ctag;
ber_int_t e;
int ret, i;
be = ber_alloc_t(LBER_USE_DER);
if (!be) {
return NULL;
}
if (gen) {
ctag = GK_REQUEST_NEWKEYS;
} else {
ctag = GK_REQUEST_CURKEYS;
}
ret = ber_printf(be, "t{ts", ctag, GKREQ_SVCNAME_TAG, svc_princ);
if (ret == -1) {
ber_free(be, 1);
goto done;
}
if (gen) {
ret = ber_printf(be, "t{", GKREQ_ENCTYPES_TAG);
if (ret == -1) {
ber_free(be, 1);
goto done;
}
for (i = 0; i < num_encsalts; i++) {
e = encsalts[i].enctype;
ret = ber_printf(be, "i", e);
if (ret == -1) {
ber_free(be, 1);
goto done;
}
}
ret = ber_printf(be, "}");
if (ret == -1) {
ber_free(be, 1);
goto done;
}
if (password) {
ret = ber_printf(be, "ts", GKREQ_PASSWORD_TAG, password);
if (ret == -1) {
ber_free(be, 1);
goto done;
}
}
}
ret = ber_printf(be, "}");
if (ret == -1) {
ber_free(be, 1);
goto done;
}
ret = ber_flatten(be, &bval);
if (ret == -1) {
ber_free(be, 1);
goto done;
}
done:
ber_free(be, 1);
return bval;
}
#define GK_REPLY_TAG (LBER_CLASS_CONTEXT | LBER_CONSTRUCTED | 2)
#define GKREP_KEY_TAG (LBER_CLASS_CONTEXT | LBER_CONSTRUCTED | 0)
#define GKREP_SALT_TAG (LBER_CLASS_CONTEXT | LBER_CONSTRUCTED | 1)
static int ldap_get_keytab(krb5_context krbctx, bool generate, char *password,
const char *enctypes, const char *bind_server,
const char *svc_princ, krb5_principal bind_princ,
const char *bind_dn, const char *bind_pw,
struct keys_container *keys, int *kvno,
char **err_msg)
{
struct krb_key_salt *es = NULL;
int num_es = 0;
struct berval *control = NULL;
LDAP *ld = NULL;
LDAPControl **srvctrl = NULL;
BerElement *ber = NULL;
ber_tag_t rtag;
ber_tag_t ctag;
ber_len_t tlen;
ber_int_t vno;
ber_int_t tint;
struct berval tbval;
int ret;
*err_msg = NULL;
if (enctypes) {
ret = ipa_string_to_enctypes(enctypes, &es, &num_es, err_msg);
if (ret || num_es == 0) {
return LDAP_OPERATIONS_ERROR;
}
}
control = create_getkeytab_control(svc_princ, generate,
password, es, num_es);
if (!control) {
*err_msg = _("Failed to create control!\n");
ret = LDAP_OPERATIONS_ERROR;
goto done;
}
ret = ipa_ldap_bind(bind_server, bind_princ, bind_dn, bind_pw, &ld);
if (ret != LDAP_SUCCESS) {
*err_msg = _("Failed to bind to server!\n");
goto done;
}
/* perform extedned opt to get keytab */
ret = ipa_ldap_extended_op(ld, KEYTAB_GET_OID, control, &srvctrl);
if (ret != LDAP_SUCCESS) {
goto done;
}
ber = get_control_data(srvctrl, KEYTAB_GET_OID);
if (!ber) {
*err_msg = _("Failed to find or parse reply control!\n");
ret = LDAP_OPERATIONS_ERROR;
goto done;
}
rtag = ber_scanf(ber, "t{i{", &ctag, &vno);
if (rtag == LBER_ERROR || ctag != GK_REPLY_TAG) {
*err_msg = _("Failed to parse control head!\n");
ret = LDAP_OPERATIONS_ERROR;
goto done;
}
keys->nkeys = 0;
keys->ksdata = NULL;
rtag = ber_peek_tag(ber, &tlen);
for (int i = 0; rtag == LBER_SEQUENCE; i++) {
if ((i % 5) == 0) {
struct krb_key_salt *ksdata;
ksdata = realloc(keys->ksdata,
(i + 5) * sizeof(struct krb_key_salt));
if (!ksdata) {
*err_msg = _("Out of memory!\n");
ret = LDAP_OPERATIONS_ERROR;
goto done;
}
keys->ksdata = ksdata;
}
memset(&keys->ksdata[i], 0, sizeof(struct krb_key_salt));
keys->nkeys = i + 1;
rtag = ber_scanf(ber, "{t{io}", &ctag, &tint, &tbval);
if (rtag == LBER_ERROR || ctag != GKREP_KEY_TAG) {
*err_msg = _("Failed to parse enctype in key data!\n");
ret = LDAP_OPERATIONS_ERROR;
goto done;
}
keys->ksdata[i].enctype = tint;
keys->ksdata[i].key.enctype = tint;
keys->ksdata[i].key.length = tbval.bv_len;
keys->ksdata[i].key.contents = malloc(tbval.bv_len);
if (!keys->ksdata[i].key.contents) {
*err_msg = _("Out of memory!\n");
ret = LDAP_OPERATIONS_ERROR;
goto done;
}
memcpy(keys->ksdata[i].key.contents, tbval.bv_val, tbval.bv_len);
ber_memfree(tbval.bv_val);
rtag = ber_peek_tag(ber, &tlen);
if (rtag == GKREP_SALT_TAG) {
rtag = ber_scanf(ber, "t{io}", &ctag, &tint, &tbval);
if (rtag == LBER_ERROR) {
*err_msg = _("Failed to parse salt in key data!\n");
ret = LDAP_OPERATIONS_ERROR;
goto done;
}
keys->ksdata[i].salttype = tint;
keys->ksdata[i].salt.length = tbval.bv_len;
keys->ksdata[i].salt.data = malloc(tbval.bv_len);
if (!keys->ksdata[i].salt.data) {
*err_msg = _("Out of memory!\n");
ret = LDAP_OPERATIONS_ERROR;
goto done;
}
memcpy(keys->ksdata[i].salt.data, tbval.bv_val, tbval.bv_len);
ber_memfree(tbval.bv_val);
}
rtag = ber_scanf(ber, "}");
if (rtag == LBER_ERROR) {
*err_msg = _("Failed to parse ending of key data!\n");
ret = LDAP_OPERATIONS_ERROR;
goto done;
}
rtag = ber_peek_tag(ber, &tlen);
}
rtag = ber_scanf(ber, "}}");
if (rtag == LBER_ERROR) {
*err_msg = _("Failed to parse ending of control!\n");
ret = LDAP_OPERATIONS_ERROR;
goto done;
}
*kvno = vno;
ret = LDAP_SUCCESS;
done:
if (ber) ber_free(ber, 1);
if (ld) ldap_unbind_ext(ld, NULL, NULL);
if (control) ber_bvfree(control);
free(es);
if (ret) {
free_keys_contents(krbctx, keys);
}
return ret;
}
static char *ask_password(krb5_context krbctx)
{
krb5_prompt ap_prompts[2];
krb5_data k5d_pw0;
krb5_data k5d_pw1;
char pw0[256];
char pw1[256];
char *password;
k5d_pw0.length = sizeof(pw0);
k5d_pw0.data = pw0;
ap_prompts[0].prompt = _("New Principal Password");
ap_prompts[0].hidden = 1;
ap_prompts[0].reply = &k5d_pw0;
k5d_pw1.length = sizeof(pw1);
k5d_pw1.data = pw1;
ap_prompts[1].prompt = _("Verify Principal Password");
ap_prompts[1].hidden = 1;
ap_prompts[1].reply = &k5d_pw1;
krb5_prompter_posix(krbctx, NULL,
NULL, NULL,
2, ap_prompts);
if (strcmp(pw0, pw1)) {
fprintf(stderr, _("Passwords do not match!"));
return NULL;
}
password = malloc(k5d_pw0.length + 1);
if (!password) return NULL;
memcpy(password, pw0, k5d_pw0.length);
password[k5d_pw0.length] = '\0';
return password;
}
int main(int argc, const char *argv[])
{
static const char *server = NULL;
static const char *principal = NULL;
static const char *keytab = NULL;
static const char *enctypes_string = NULL;
static const char *binddn = NULL;
static const char *bindpw = NULL;
int quiet = 0;
int askpass = 0;
int permitted_enctypes = 0;
int retrieve = 0;
struct poptOption options[] = {
{ "quiet", 'q', POPT_ARG_NONE, &quiet, 0,
_("Print as little as possible"), _("Output only on errors")},
{ "server", 's', POPT_ARG_STRING, &server, 0,
_("Contact this specific KDC Server"),
_("Server Name") },
{ "principal", 'p', POPT_ARG_STRING, &principal, 0,
_("The principal to get a keytab for (ex: ftp/ftp.example.com@EXAMPLE.COM)"),
_("Kerberos Service Principal Name") },
{ "keytab", 'k', POPT_ARG_STRING, &keytab, 0,
_("File were to store the keytab information"),
_("Keytab File Name") },
{ "enctypes", 'e', POPT_ARG_STRING, &enctypes_string, 0,
_("Encryption types to request"),
_("Comma separated encryption types list") },
{ "permitted-enctypes", 0, POPT_ARG_NONE, &permitted_enctypes, 0,
_("Show the list of permitted encryption types and exit"),
_("Permitted Encryption Types") },
{ "password", 'P', POPT_ARG_NONE, &askpass, 0,
_("Asks for a non-random password to use for the principal"), NULL },
{ "binddn", 'D', POPT_ARG_STRING, &binddn, 0,
_("LDAP DN"), _("DN to bind as if not using kerberos") },
{ "bindpw", 'w', POPT_ARG_STRING, &bindpw, 0,
_("LDAP password"), _("password to use if not using kerberos") },
{ "retrieve", 'r', POPT_ARG_NONE, &retrieve, 0,
_("Retrieve current keys without changing them"), NULL },
POPT_AUTOHELP
POPT_TABLEEND
};
poptContext pc;
char *ktname;
char *password = NULL;
krb5_context krbctx;
krb5_ccache ccache;
krb5_principal uprinc;
krb5_principal sprinc;
krb5_error_code krberr;
struct keys_container keys = { 0 };
krb5_keytab kt;
int kvno;
int i, ret;
char *err_msg;
ret = init_gettext();
if (ret) {
exit(1);
}
krberr = krb5_init_context(&krbctx);
if (krberr) {
fprintf(stderr, _("Kerberos context initialization failed\n"));
exit(1);
}
pc = poptGetContext("ipa-getkeytab", argc, (const char **)argv, options, 0);
ret = poptGetNextOpt(pc);
if (ret == -1 && permitted_enctypes &&
!(server || principal || keytab || quiet)) {
krb5_enctype *ktypes;
char enc[79]; /* fit std terminal or truncate */
krberr = krb5_get_permitted_enctypes(krbctx, &ktypes);
if (krberr) {
fprintf(stderr, _("No system preferred enctypes ?!\n"));
exit(1);
}
fprintf(stdout, _("Supported encryption types:\n"));
for (i = 0; ktypes[i]; i++) {
krberr = krb5_enctype_to_string(ktypes[i], enc, 79);
if (krberr) {
fprintf(stderr, _("Warning: "
"failed to convert type (#%d)\n"), i);
continue;
}
fprintf(stdout, "%s\n", enc);
}
ipa_krb5_free_ktypes(krbctx, ktypes);
exit (0);
}
if (ret != -1 || !server || !principal || !keytab || permitted_enctypes) {
if (!quiet) {
poptPrintUsage(pc, stderr, 0);
}
exit(2);
}
if (NULL!=binddn && NULL==bindpw) {
fprintf(stderr,
_("Bind password required when using a bind DN.\n"));
if (!quiet)
poptPrintUsage(pc, stderr, 0);
exit(10);
}
if (askpass && retrieve) {
fprintf(stderr, _("Incompatible options provided (-r and -P)\n"));
exit(2);
}
if (askpass) {
password = ask_password(krbctx);
if (!password) {
exit(2);
}
} else if (enctypes_string && strchr(enctypes_string, ':')) {
if (!quiet) {
fprintf(stderr, _("Warning: salt types are not honored"
" with randomized passwords (see opt. -P)\n"));
}
}
ret = asprintf(&ktname, "WRFILE:%s", keytab);
if (ret == -1) {
exit(3);
}
krberr = krb5_parse_name(krbctx, principal, &sprinc);
if (krberr) {
fprintf(stderr, _("Invalid Service Principal Name\n"));
exit(4);
}
if (NULL == bindpw) {
krberr = krb5_cc_default(krbctx, &ccache);
if (krberr) {
fprintf(stderr,
_("Kerberos Credential Cache not found. "
"Do you have a Kerberos Ticket?\n"));
exit(5);
}
krberr = krb5_cc_get_principal(krbctx, ccache, &uprinc);
if (krberr) {
fprintf(stderr,
_("Kerberos User Principal not found. "
"Do you have a valid Credential Cache?\n"));
exit(6);
}
}
krberr = krb5_kt_resolve(krbctx, ktname, &kt);
if (krberr) {
fprintf(stderr, _("Failed to open Keytab\n"));
exit(7);
}
kvno = -1;
ret = ldap_get_keytab(krbctx, (retrieve == 0), password, enctypes_string,
server, principal, uprinc, binddn, bindpw,
&keys, &kvno, &err_msg);
if (ret) {
if (!quiet && err_msg != NULL) {
fprintf(stderr, "%s", err_msg);
}
}
if (retrieve == 0 && kvno == -1) {
if (!quiet) {
fprintf(stderr,
_("Retrying with pre-4.0 keytab retrieval method...\n"));
}
/* create key material */
ret = create_keys(krbctx, sprinc, password, enctypes_string, &keys, &err_msg);
if (!ret) {
if (err_msg != NULL) {
fprintf(stderr, "%s", err_msg);
}
fprintf(stderr, _("Failed to create key material\n"));
exit(8);
}
kvno = ldap_set_keytab(krbctx, server, principal, uprinc, binddn, bindpw, &keys);
}
if (kvno == -1) {
fprintf(stderr, _("Failed to get keytab\n"));
exit(9);
}
for (i = 0; i < keys.nkeys; i++) {
krb5_keytab_entry kt_entry;
memset((char *)&kt_entry, 0, sizeof(kt_entry));
kt_entry.principal = sprinc;
kt_entry.key = keys.ksdata[i].key;
kt_entry.vno = kvno;
krberr = krb5_kt_add_entry(krbctx, kt, &kt_entry);
if (krberr) {
fprintf(stderr,
_("Failed to add key to the keytab\n"));
exit (11);
}
}
free_keys_contents(krbctx, &keys);
krberr = krb5_kt_close(krbctx, kt);
if (krberr) {
fprintf(stderr, _("Failed to close the keytab\n"));
exit (12);
}
if (!quiet) {
fprintf(stderr,
_("Keytab successfully retrieved and stored in: %s\n"),
keytab);
}
exit(0);
}

14
ipa-client/ipa-install/Makefile.am Normal file
View File

@@ -0,0 +1,14 @@
NULL =
sbin_SCRIPTS = \
ipa-client-install \
ipa-client-automount \
$(NULL)
EXTRA_DIST = \
$(sbin_SCRIPTS) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in

520
ipa-client/ipa-install/Makefile.in Normal file
View File

@@ -0,0 +1,520 @@
# Makefile.in generated by automake 1.14.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = ipa-install
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/version.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
am__install_max = 40
am__nobase_strip_setup = \
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
am__nobase_strip = \
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
am__nobase_list = $(am__nobase_strip_setup); \
for p in $$list; do echo "$$p $$p"; done | \
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
if (++n[$$2] == $(am__install_max)) \
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
END { for (dir in files) print dir, files[dir] }'
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__uninstall_files_from_dir = { \
test -z "$$files" \
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
am__installdirs = "$(DESTDIR)$(sbindir)"
SCRIPTS = $(sbin_SCRIPTS)
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
SOURCES =
DIST_SOURCES =
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CURL_LIBS = @CURL_LIBS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
IPA_DATA_DIR = @IPA_DATA_DIR@
KRB5_LIBS = @KRB5_LIBS@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBINTL_LIBS = @LIBINTL_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OPENLDAP_LIBS = @OPENLDAP_LIBS@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
POPT_LIBS = @POPT_LIBS@
PYTHON = @PYTHON@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
SASL_LIBS = @SASL_LIBS@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
VERSION = @VERSION@
XMLRPC_LIBS = @XMLRPC_LIBS@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
pkgpyexecdir = @pkgpyexecdir@
pkgpythondir = @pkgpythondir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
pyexecdir = @pyexecdir@
pythondir = @pythondir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
NULL =
sbin_SCRIPTS = \
ipa-client-install \
ipa-client-automount \
$(NULL)
EXTRA_DIST = \
$(sbin_SCRIPTS) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in
all: all-am
.SUFFIXES:
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign ipa-install/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign ipa-install/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
install-sbinSCRIPTS: $(sbin_SCRIPTS)
@$(NORMAL_INSTALL)
@list='$(sbin_SCRIPTS)'; test -n "$(sbindir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
$(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
done | \
sed -e 'p;s,.*/,,;n' \
-e 'h;s|.*|.|' \
-e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
{ d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
if ($$2 == $$4) { files[d] = files[d] " " $$1; \
if (++n[d] == $(am__install_max)) { \
print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
else { print "f", d "/" $$4, $$1 } } \
END { for (d in files) print "f", d, files[d] }' | \
while read type dir files; do \
if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
test -z "$$files" || { \
echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
$(INSTALL_SCRIPT) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
} \
; done
uninstall-sbinSCRIPTS:
@$(NORMAL_UNINSTALL)
@list='$(sbin_SCRIPTS)'; test -n "$(sbindir)" || exit 0; \
files=`for p in $$list; do echo "$$p"; done | \
sed -e 's,.*/,,;$(transform)'`; \
dir='$(DESTDIR)$(sbindir)'; $(am__uninstall_files_from_dir)
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
tags TAGS:
ctags CTAGS:
cscope cscopelist:
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile $(SCRIPTS)
installdirs:
for dir in "$(DESTDIR)$(sbindir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
clean: clean-am
clean-am: clean-generic clean-libtool mostlyclean-am
distclean: distclean-am
-rm -f Makefile
distclean-am: clean-am distclean-generic
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am:
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am: install-sbinSCRIPTS
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man:
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am: uninstall-sbinSCRIPTS
.MAKE: install-am install-strip
.PHONY: all all-am check check-am clean clean-generic clean-libtool \
cscopelist-am ctags-am distclean distclean-generic \
distclean-libtool distdir dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am install-dvi \
install-dvi-am install-exec install-exec-am install-html \
install-html-am install-info install-info-am install-man \
install-pdf install-pdf-am install-ps install-ps-am \
install-sbinSCRIPTS install-strip installcheck installcheck-am \
installdirs maintainer-clean maintainer-clean-generic \
mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
ps ps-am tags-am uninstall uninstall-am uninstall-sbinSCRIPTS
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

489
ipa-client/ipa-install/ipa-client-automount Executable file
View File

@@ -0,0 +1,489 @@
#!/usr/bin/python2 -E
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2012 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Configure the automount client for ldap.
import sys
import os
import urlparse
import time
import tempfile
import SSSDConfig
from optparse import OptionParser
from ipalib import api, errors
from ipapython import sysrestore
from ipapython import ipautil
from ipaclient import ipadiscovery
from ipaclient import ipachangeconf
from ipapython.ipa_log_manager import *
from ipapython.dn import DN
from ipaplatform.tasks import tasks
from ipaplatform import services
from ipaplatform.paths import paths
AUTOFS_CONF = paths.SYSCONFIG_AUTOFS
NSSWITCH_CONF = paths.NSSWITCH_CONF
AUTOFS_LDAP_AUTH = paths.AUTOFS_LDAP_AUTH_CONF
NFS_CONF = paths.SYSCONFIG_NFS
IDMAPD_CONF = paths.IDMAPD_CONF
def parse_options():
usage = "%prog [options]\n"
parser = OptionParser(usage=usage)
parser.add_option("--server", dest="server", help="IPA server")
parser.add_option("--location", dest="location", help="Automount location",
default="default")
parser.add_option("-S", "--no-sssd", dest="sssd",
action="store_false", default=True,
help="Do not configure the client to use SSSD for automount")
parser.add_option("--debug", dest="debug", action="store_true",
default=False, help="enable debugging")
parser.add_option("-U", "--unattended", dest="unattended",
action="store_true", default=False,
help="unattended installation never prompts the user")
parser.add_option("--uninstall", dest="uninstall", action="store_true",
default=False, help="Unconfigure automount")
options, args = parser.parse_args()
return options, args
def wait_for_sssd():
"""
It takes a bit for sssd to get going, lets loop until it is
serving data.
This function returns nothing.
"""
n = 0
found = False
time.sleep(1)
while n < 10 and not found:
try:
ipautil.run(["getent", "passwd", "admin@%s" % api.env.realm])
found = True
except Exception, e:
time.sleep(1)
n = n + 1
# This should never happen but if it does, may as well warn the user
if not found:
err_msg = ("Unable to find 'admin' user with "
"'getent passwd admin@%s'!" % api.env.realm)
root_logger.debug(err_msg)
print err_msg
print "This may mean that sssd didn't re-start properly after the configuration changes."
def configure_xml(fstore):
from lxml import etree
fstore.backup_file(AUTOFS_LDAP_AUTH)
try:
f = open(AUTOFS_LDAP_AUTH, 'r')
lines = f.read()
f.close()
saslconf = etree.fromstring(lines)
element = saslconf.xpath('//autofs_ldap_sasl_conf')
root = saslconf.getroottree()
except IOError, e:
root_logger.debug('Unable to open file %s' % e)
root_logger.debug('Creating new from template')
element = [etree.Element('autofs_ldap_sasl_conf')]
root = element[0].getroottree()
if len(element) != 1:
raise RuntimeError('Unable to parse %s' % AUTOFS_LDAP_AUTH)
element[0].set('usetls', 'no')
element[0].set('tlsrequired', 'no')
element[0].set('authrequired', 'yes')
element[0].set('authtype', 'GSSAPI')
element[0].set('clientprinc', 'host/%s@%s' % (api.env.host, api.env.realm))
newconf = open(AUTOFS_LDAP_AUTH, 'w')
try:
root.write(newconf, pretty_print=True, xml_declaration=True, encoding='UTF-8')
newconf.close()
except IOError, e:
print "Unable to write %s: %s" % (AUTOFS_LDAP_AUTH, e)
print "Configured %s" % AUTOFS_LDAP_AUTH
def configure_nsswitch(fstore, options):
"""
Point automount to ldap in nsswitch.conf. This function is for non-SSSD
setups only
"""
fstore.backup_file(NSSWITCH_CONF)
conf = ipachangeconf.IPAChangeConf("IPA Installer")
conf.setOptionAssignment(':')
nss_value = ' files ldap'
opts = [{'name':'automount', 'type':'option', 'action':'set', 'value':nss_value},
{'name':'empty', 'type':'empty'}]
conf.changeConf(NSSWITCH_CONF, opts)
print "Configured %s" % NSSWITCH_CONF
def configure_autofs_sssd(fstore, statestore, autodiscover, options):
try:
sssdconfig = SSSDConfig.SSSDConfig()
sssdconfig.import_config()
domains = sssdconfig.list_active_domains()
except Exception, e:
sys.exit(e)
try:
sssdconfig.new_service('autofs')
except SSSDConfig.ServiceAlreadyExists:
pass
except SSSDConfig.ServiceNotRecognizedError:
root_logger.error("Unable to activate the Autofs service in SSSD config.")
root_logger.info(
"Please make sure you have SSSD built with autofs support installed.")
root_logger.info(
"Configure autofs support manually in /etc/sssd/sssd.conf.")
sys.exit("Cannot create the autofs service in sssd.conf")
sssdconfig.activate_service('autofs')
domain = None
for name in domains:
domain = sssdconfig.get_domain(name)
try:
provider = domain.get_option('id_provider')
except SSSDConfig.NoOptionError:
continue
if provider == "ipa":
domain.add_provider('ipa', 'autofs')
try:
location = domain.get_option('ipa_automount_location')
sys.exit('An automount location is already configured')
except SSSDConfig.NoOptionError:
domain.set_option('ipa_automount_location', options.location)
break
if domain is None:
sys.exit('SSSD is not configured.')
sssdconfig.save_domain(domain)
sssdconfig.write(paths.SSSD_CONF)
statestore.backup_state('autofs', 'sssd', True)
sssd = services.service('sssd')
sssd.restart()
print "Restarting sssd, waiting for it to become available."
wait_for_sssd()
def configure_autofs(fstore, statestore, autodiscover, server, options):
"""
fstore: the FileStore to back up files in
options.server: the IPA server to use
options.location: the Automount location to use
"""
if not autodiscover:
ldap_uri = "ldap://%s" % server
else:
ldap_uri = "ldap:///%s" % api.env.basedn
search_base = str(DN(('cn', options.location), api.env.container_automount, api.env.basedn))
replacevars = {
'MAP_OBJECT_CLASS': 'automountMap',
'ENTRY_OBJECT_CLASS': 'automount',
'MAP_ATTRIBUTE': 'automountMapName',
'ENTRY_ATTRIBUTE': 'automountKey',
'VALUE_ATTRIBUTE': 'automountInformation',
'SEARCH_BASE': search_base,
'LDAP_URI': ldap_uri,
}
ipautil.backup_config_and_replace_variables(fstore,
AUTOFS_CONF, replacevars=replacevars)
tasks.restore_context(AUTOFS_CONF)
statestore.backup_state('autofs', 'sssd', False)
print "Configured %s" % AUTOFS_CONF
def configure_autofs_common(fstore, statestore, options):
autofs = services.knownservices.autofs
statestore.backup_state('autofs', 'enabled', autofs.is_enabled())
statestore.backup_state('autofs', 'running', autofs.is_running())
try:
autofs.restart()
print "Started %s" % autofs.service_name
except Exception, e:
root_logger.error("%s failed to restart: %s", autofs.service_name, e)
try:
autofs.enable()
except Exception, e:
print "Failed to configure automatic startup of the %s daemon" % (autofs.service_name)
root_logger.error("Failed to enable automatic startup of the %s daemon: %s" % (autofs.service_name, str(e)))
def uninstall(fstore, statestore):
print "Restoring configuration"
if fstore.has_file(AUTOFS_CONF):
fstore.restore_file(AUTOFS_CONF)
if fstore.has_file(NSSWITCH_CONF):
fstore.restore_file(NSSWITCH_CONF)
if fstore.has_file(AUTOFS_LDAP_AUTH):
fstore.restore_file(AUTOFS_LDAP_AUTH)
if fstore.has_file(NFS_CONF):
fstore.restore_file(NFS_CONF)
if fstore.has_file(IDMAPD_CONF):
fstore.restore_file(IDMAPD_CONF)
if statestore.has_state('autofs'):
enabled = statestore.restore_state('autofs', 'enabled')
running = statestore.restore_state('autofs', 'running')
sssd = statestore.restore_state('autofs', 'sssd')
autofs = services.knownservices.autofs
if not enabled:
autofs.disable()
if not running:
autofs.stop()
if sssd:
try:
sssdconfig = SSSDConfig.SSSDConfig()
sssdconfig.import_config()
sssdconfig.deactivate_service('autofs')
domains = sssdconfig.list_active_domains()
for name in domains:
domain = sssdconfig.get_domain(name)
try:
provider = domain.get_option('id_provider')
except SSSDConfig.NoOptionError:
continue
if provider == "ipa":
domain.remove_option('ipa_automount_location')
domain.remove_provider('autofs')
break
sssdconfig.save_domain(domain)
sssdconfig.write(paths.SSSD_CONF)
sssd = services.service('sssd')
sssd.restart()
wait_for_sssd()
except Exception, e:
print 'Unable to restore SSSD configuration: %s' % str(e)
root_logger.debug('Unable to restore SSSD configuration: %s' % str(e))
if statestore.has_state('rpcidmapd'):
enabled = statestore.restore_state('rpcidmapd', 'enabled')
running = statestore.restore_state('rpcidmapd', 'running')
rpcidmapd = services.knownservices.rpcidmapd
if not enabled:
rpcidmapd.disable()
if not running:
rpcidmapd.stop()
if statestore.has_state('rpcgssd'):
enabled = statestore.restore_state('rpcgssd', 'enabled')
running = statestore.restore_state('rpcgssd', 'running')
rpcgssd = services.knownservices.rpcgssd
if not enabled:
rpcgssd.disable()
if not running:
rpcgssd.stop()
return 0
def configure_nfs(fstore, statestore):
"""
Configure secure NFS
"""
replacevars = {
'SECURE_NFS': 'yes',
}
ipautil.backup_config_and_replace_variables(fstore,
NFS_CONF, replacevars=replacevars)
tasks.restore_context(NFS_CONF)
print "Configured %s" % NFS_CONF
replacevars = {
'Domain': api.env.domain,
}
ipautil.backup_config_and_replace_variables(fstore,
IDMAPD_CONF, replacevars=replacevars)
tasks.restore_context(IDMAPD_CONF)
print "Configured %s" % IDMAPD_CONF
rpcidmapd = services.knownservices.rpcidmapd
statestore.backup_state('rpcidmapd', 'enabled', rpcidmapd.is_enabled())
statestore.backup_state('rpcidmapd', 'running', rpcidmapd.is_running())
try:
rpcidmapd.restart()
print "Started %s" % rpcidmapd.service_name
except Exception, e:
root_logger.error("%s failed to restart: %s", rpcidmapd.service_name, e)
try:
rpcidmapd.enable()
except Exception, e:
print "Failed to configure automatic startup of the %s daemon" % (rpcidmapd.service_name)
root_logger.error("Failed to enable automatic startup of the %s daemon: %s" % (rpcidmapd.service_name, str(e)))
rpcgssd = services.knownservices.rpcgssd
statestore.backup_state('rpcgssd', 'enabled', rpcgssd.is_enabled())
statestore.backup_state('rpcgssd', 'running', rpcgssd.is_running())
try:
rpcgssd.restart()
print "Started %s" % rpcgssd.service_name
except Exception, e:
root_logger.error("%s failed to restart: %s", rpcgssd.service_name, e)
try:
rpcgssd.enable()
except Exception, e:
print "Failed to configure automatic startup of the %s daemon" % (rpcgssd.service_name)
root_logger.error("Failed to enable automatic startup of the %s daemon: %s" % (rpcgssd.service_name, str(e)))
def main():
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
if not fstore.has_files() and not os.path.exists(paths.IPA_DEFAULT_CONF):
sys.exit('IPA client is not configured on this system.\n')
options, args = parse_options()
standard_logging_setup(
paths.IPACLIENT_INSTALL_LOG, verbose=False, debug=options.debug,
filemode='a', console_format='%(message)s')
cfg = dict(
context='cli_installer',
in_server=False,
debug=options.debug,
verbose=0,
)
api.bootstrap(**cfg)
api.finalize()
if options.uninstall:
return uninstall(fstore, statestore)
if statestore.has_state('autofs'):
sys.exit('automount is already configured on this system.\n')
autodiscover = False
servers = []
ds = ipadiscovery.IPADiscovery()
if not options.server:
print "Searching for IPA server..."
ret = ds.search()
root_logger.debug('Executing DNS discovery')
if ret == ipadiscovery.NO_LDAP_SERVER:
root_logger.debug('Autodiscovery did not find LDAP server')
s = urlparse.urlsplit(api.env.xmlrpc_uri)
server = [s.netloc]
root_logger.debug('Setting server to %s' % s.netloc)
else:
autodiscover = True
if not ds.servers:
sys.exit('Autodiscovery was successful but didn\'t return a server')
root_logger.debug('Autodiscovery success, possible servers %s' % ','.join(ds.servers))
server = ds.servers[0]
else:
server = options.server
root_logger.debug("Verifying that %s is an IPA server" % server)
ldapret = ds.ipacheckldap(server, api.env.realm)
if ldapret[0] == ipadiscovery.NO_ACCESS_TO_LDAP:
print "Anonymous access to the LDAP server is disabled."
print "Proceeding without strict verification."
print "Note: This is not an error if anonymous access has been explicitly restricted."
elif ldapret[0] != 0:
sys.exit('Unable to confirm that %s is an IPA server' % server)
if not autodiscover:
print "IPA server: %s" % server
root_logger.debug('Using fixed server %s' % server)
else:
print "IPA server: DNS discovery"
root_logger.debug('Configuring to use DNS discovery')
search_base = str(DN(('cn', options.location), api.env.container_automount, api.env.basedn))
print "Location: %s" % options.location
root_logger.debug('Using automount location %s' % options.location)
# Verify that the location is valid
(ccache_fd, ccache_name) = tempfile.mkstemp()
os.close(ccache_fd)
try:
try:
os.environ['KRB5CCNAME'] = ccache_name
ipautil.run([paths.KINIT, '-k', '-t', paths.KRB5_KEYTAB, 'host/%s@%s' % (api.env.host, api.env.realm)])
except ipautil.CalledProcessError, e:
sys.exit("Failed to obtain host TGT.")
# Now we have a TGT, connect to IPA
try:
api.Backend.rpcclient.connect()
except errors.KerberosError, e:
sys.exit('Cannot connect to the server due to ' + str(e))
try:
# Use the RPC directly so older servers are supported
result = api.Backend.rpcclient.forward(
'automountlocation_show',
unicode(options.location),
version=u'2.0',
)
except errors.VersionError, e:
sys.exit('This client is incompatible: ' + str(e))
except errors.NotFound:
sys.exit("Automount location '%s' does not exist" % options.location)
except errors.PublicError, e:
sys.exit("Cannot connect to the server due to generic error: %s" % str(e))
finally:
os.remove(ccache_name)
if not options.unattended and not ipautil.user_input("Continue to configure the system with these values?", False):
sys.exit("Installation aborted")
try:
if not options.sssd:
configure_nsswitch(fstore, options)
configure_nfs(fstore, statestore)
if options.sssd:
configure_autofs_sssd(fstore, statestore, autodiscover, options)
else:
configure_xml(fstore)
configure_autofs(fstore, statestore, autodiscover, server, options)
configure_autofs_common(fstore, statestore, options)
except Exception, e:
root_logger.debug('Raised exception %s' % e)
print "Installation failed. Rolling back changes."
uninstall(fstore, statestore)
return 1
return 0
try:
if not os.geteuid()==0:
sys.exit("\nMust be run as root\n")
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except RuntimeError, e:
sys.exit(e)
except (KeyboardInterrupt, EOFError):
sys.exit(1)

2801
ipa-client/ipa-install/ipa-client-install Executable file
View File

File diff suppressed because it is too large Load Diff

1160
ipa-client/ipa-join.c Normal file
View File

File diff suppressed because it is too large Load Diff

268
ipa-client/ipa-rmkeytab.c Normal file
View File

@@ -0,0 +1,268 @@
/* Authors: Rob Crittenden <rcritten@redhat.com>
*
* Copyright (C) 2009 Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#define _GNU_SOURCE
#include <stdlib.h>
#include <stdbool.h>
#include <stdio.h>
#include <string.h>
#include <krb5.h>
#include <popt.h>
#include <errno.h>
#include "ipa-client-common.h"
#include "config.h"
int
remove_principal(krb5_context context, krb5_keytab ktid, const char *principal, int debug)
{
krb5_error_code krberr;
krb5_keytab_entry entry, entry2;
int rval = 0;
int removed = 0;
memset(&entry, 0, sizeof(entry));
krberr = krb5_parse_name(context, principal, &entry.principal);
if (krberr) {
fprintf(stderr, _("Unable to parse principal name\n"));
if (debug)
fprintf(stderr, _("krb5_parse_name %1$d: %2$s\n"),
krberr, error_message(krberr));
rval = 4;
goto done;
}
/* Loop through the keytab and remove all entries with this principal name
* irrespective of the encryption type. A failure to find one after the
* first means we're done.
*/
fprintf(stderr, _("Removing principal %s\n"), principal);
while (1) {
memset(&entry2, 0, sizeof(entry2));
krberr = krb5_kt_get_entry(context, ktid,
entry.principal,
0,
0,
&entry2);
if (krberr) {
if (removed > 0)
/* not found but we've removed some, we're done */
break;
if (krberr == ENOENT) {
fprintf(stderr, _("Failed to open keytab\n"));
rval = 3;
goto done;
}
fprintf(stderr, _("principal not found\n"));
if (debug)
fprintf(stderr, _("krb5_kt_get_entry %1$d: %2$s\n"),
krberr, error_message(krberr));
rval = 5;
break;
}
krberr = krb5_kt_remove_entry(context, ktid, &entry2);
if (krberr) {
fprintf(stderr, _("Unable to remove entry\n"));
if (debug) {
fprintf(stdout, _("kvno %d\n"), entry2.vno);
fprintf(stderr, _("krb5_kt_remove_entry %1$d: %2$s\n"),
krberr, error_message(krberr));
}
rval = 6;
break;
}
krb5_free_keytab_entry_contents(context, &entry2);
removed++;
}
if (entry2.principal)
krb5_free_keytab_entry_contents(context, &entry2);
done:
return rval;
}
int
remove_realm(krb5_context context, krb5_keytab ktid, const char *realm, int debug)
{
krb5_error_code krberr;
krb5_keytab_entry entry;
krb5_kt_cursor kt_cursor;
char * entry_princ_s = NULL;
int rval = 0;
bool realm_found = false;
krberr = krb5_kt_start_seq_get(context, ktid, &kt_cursor);
memset(&entry, 0, sizeof(entry));
while (krb5_kt_next_entry(context, ktid, &entry, &kt_cursor) == 0) {
krberr = krb5_unparse_name(context, entry.principal, &entry_princ_s);
if (krberr) {
fprintf(stderr, _("Unable to parse principal\n"));
if (debug) {
fprintf(stderr, _("krb5_unparse_name %1$d: %2$s\n"),
krberr, error_message(krberr));
}
rval = 4;
goto done;
}
/* keytab entries are locked when looping. Temporarily suspend
* the looping. */
krb5_kt_end_seq_get(context, ktid, &kt_cursor);
if (strstr(entry_princ_s, realm) != NULL) {
realm_found = true;
rval = remove_principal(context, ktid, entry_princ_s, debug);
if (rval != 0)
goto done;
/* Have to reset the cursor */
krberr = krb5_kt_start_seq_get(context, ktid, &kt_cursor);
}
}
if (!realm_found) {
fprintf(stderr, _("realm not found\n"));
return 5;
}
done:
return rval;
}
int
main(int argc, const char **argv)
{
krb5_context context;
krb5_error_code krberr;
krb5_keytab ktid;
krb5_kt_cursor cursor;
char * ktname = NULL;
char * atrealm = NULL;
poptContext pc;
static const char *keytab = NULL;
static const char *principal = NULL;
static const char *realm = NULL;
int debug = 0;
int ret, rval = 0;
struct poptOption options[] = {
{ "debug", 'd', POPT_ARG_NONE, &debug, 0,
_("Print debugging information"), _("Debugging output") },
{ "principal", 'p', POPT_ARG_STRING, &principal, 0,
_("The principal to get a keytab for (ex: ftp/ftp.example.com@EXAMPLE.COM)"),
_("Kerberos Service Principal Name") },
{ "keytab", 'k', POPT_ARG_STRING, &keytab, 0,
_("File were to store the keytab information"), _("Keytab File Name") },
{ "realm", 'r', POPT_ARG_STRING, &realm, 0,
_("Remove all principals in this realm"), _("Realm name") },
POPT_AUTOHELP
POPT_TABLEEND
};
ret = init_gettext();
if (ret) {
exit(1);
}
memset(&ktid, 0, sizeof(ktid));
krberr = krb5_init_context(&context);
if (krberr) {
fprintf(stderr, _("Kerberos context initialization failed\n"));
exit(1);
}
pc = poptGetContext("ipa-rmkeytab", argc, (const char **)argv, options, 0);
ret = poptGetNextOpt(pc);
if (ret != -1 || (!principal && !realm) || !keytab) {
poptPrintUsage(pc, stderr, 0);
rval = 1;
goto cleanup;
}
ret = asprintf(&ktname, "WRFILE:%s", keytab);
if (ret == -1) {
rval = 2;
goto cleanup;
}
/* The remove_realm function just does a substring match. Ensure that
* the string we pass in looks like a realm.
*/
if (realm) {
if (realm[0] != '@') {
ret = asprintf(&atrealm, "@%s", realm);
if (ret == -1) {
rval = 2;
goto cleanup;
}
} else {
atrealm = strdup(realm);
if (NULL == atrealm) {
rval = 2;
goto cleanup;
}
}
}
krberr = krb5_kt_resolve(context, ktname, &ktid);
if (krberr) {
fprintf(stderr, _("Failed to open keytab '%1$s': %2$s\n"), keytab,
error_message(krberr));
rval = 3;
goto cleanup;
}
krberr = krb5_kt_start_seq_get(context, ktid, &cursor);
if (krberr) {
fprintf(stderr, _("Failed to open keytab '%1$s': %2$s\n"), keytab,
error_message(krberr));
rval = 3;
goto cleanup;
}
krb5_kt_end_seq_get(context, ktid, &cursor);
if (principal)
rval = remove_principal(context, ktid, principal, debug);
else if (realm)
rval = remove_realm(context, ktid, atrealm, debug);
cleanup:
if (rval == 0 || rval > 3) {
krberr = krb5_kt_close(context, ktid);
if (krberr) {
fprintf(stderr, _("Closing keytab failed\n"));
if (debug)
fprintf(stderr, _("krb5_kt_close %1$d: %2$s\n"),
krberr, error_message(krberr));
}
}
krb5_free_context(context);
poptFreeContext(pc);
free(atrealm);
free(ktname);
return rval;
}

16
ipa-client/ipaclient/Makefile.am Normal file
View File

@@ -0,0 +1,16 @@
NULL =
appdir = $(pythondir)/ipaclient
app_PYTHON = \
__init__.py \
ipachangeconf.py \
ipadiscovery.py \
ntpconf.py \
$(NULL)
EXTRA_DIST = \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in

539
ipa-client/ipaclient/Makefile.in Normal file
View File

@@ -0,0 +1,539 @@
# Makefile.in generated by automake 1.14.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = ipaclient
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(app_PYTHON) $(top_srcdir)/py-compile
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/version.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
SOURCES =
DIST_SOURCES =
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
am__install_max = 40
am__nobase_strip_setup = \
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
am__nobase_strip = \
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
am__nobase_list = $(am__nobase_strip_setup); \
for p in $$list; do echo "$$p $$p"; done | \
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
if (++n[$$2] == $(am__install_max)) \
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
END { for (dir in files) print dir, files[dir] }'
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__uninstall_files_from_dir = { \
test -z "$$files" \
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
am__py_compile = PYTHON=$(PYTHON) $(SHELL) $(py_compile)
am__installdirs = "$(DESTDIR)$(appdir)"
am__pep3147_tweak = \
sed -e 's|\.py$$||' -e 's|[^/]*$$|__pycache__/&.*.py|'
py_compile = $(top_srcdir)/py-compile
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CURL_LIBS = @CURL_LIBS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
IPA_DATA_DIR = @IPA_DATA_DIR@
KRB5_LIBS = @KRB5_LIBS@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBINTL_LIBS = @LIBINTL_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OPENLDAP_LIBS = @OPENLDAP_LIBS@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
POPT_LIBS = @POPT_LIBS@
PYTHON = @PYTHON@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
SASL_LIBS = @SASL_LIBS@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
VERSION = @VERSION@
XMLRPC_LIBS = @XMLRPC_LIBS@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
pkgpyexecdir = @pkgpyexecdir@
pkgpythondir = @pkgpythondir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
pyexecdir = @pyexecdir@
pythondir = @pythondir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
NULL =
appdir = $(pythondir)/ipaclient
app_PYTHON = \
__init__.py \
ipachangeconf.py \
ipadiscovery.py \
ntpconf.py \
$(NULL)
EXTRA_DIST = \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in
all: all-am
.SUFFIXES:
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign ipaclient/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign ipaclient/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
install-appPYTHON: $(app_PYTHON)
@$(NORMAL_INSTALL)
@list='$(app_PYTHON)'; dlist=; list2=; test -n "$(appdir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(appdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(appdir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then b=; else b="$(srcdir)/"; fi; \
if test -f $$b$$p; then \
$(am__strip_dir) \
dlist="$$dlist $$f"; \
list2="$$list2 $$b$$p"; \
else :; fi; \
done; \
for file in $$list2; do echo $$file; done | $(am__base_list) | \
while read files; do \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(appdir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(appdir)" || exit $$?; \
done || exit $$?; \
if test -n "$$dlist"; then \
$(am__py_compile) --destdir "$(DESTDIR)" \
--basedir "$(appdir)" $$dlist; \
else :; fi
uninstall-appPYTHON:
@$(NORMAL_UNINSTALL)
@list='$(app_PYTHON)'; test -n "$(appdir)" || list=; \
py_files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
test -n "$$py_files" || exit 0; \
dir='$(DESTDIR)$(appdir)'; \
pyc_files=`echo "$$py_files" | sed 's|$$|c|'`; \
pyo_files=`echo "$$py_files" | sed 's|$$|o|'`; \
py_files_pep3147=`echo "$$py_files" | $(am__pep3147_tweak)`; \
echo "$$py_files_pep3147";\
pyc_files_pep3147=`echo "$$py_files_pep3147" | sed 's|$$|c|'`; \
pyo_files_pep3147=`echo "$$py_files_pep3147" | sed 's|$$|o|'`; \
st=0; \
for files in \
"$$py_files" \
"$$pyc_files" \
"$$pyo_files" \
"$$pyc_files_pep3147" \
"$$pyo_files_pep3147" \
; do \
$(am__uninstall_files_from_dir) || st=$$?; \
done; \
exit $$st
tags TAGS:
ctags CTAGS:
cscope cscopelist:
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile
installdirs:
for dir in "$(DESTDIR)$(appdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
clean: clean-am
clean-am: clean-generic clean-libtool mostlyclean-am
distclean: distclean-am
-rm -f Makefile
distclean-am: clean-am distclean-generic
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am: install-appPYTHON
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am:
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man:
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am: uninstall-appPYTHON
.MAKE: install-am install-strip
.PHONY: all all-am check check-am clean clean-generic clean-libtool \
cscopelist-am ctags-am distclean distclean-generic \
distclean-libtool distdir dvi dvi-am html html-am info info-am \
install install-am install-appPYTHON install-data \
install-data-am install-dvi install-dvi-am install-exec \
install-exec-am install-html install-html-am install-info \
install-info-am install-man install-pdf install-pdf-am \
install-ps install-ps-am install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-generic \
mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
uninstall-am uninstall-appPYTHON
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

18
ipa-client/ipaclient/__init__.py Normal file
View File

@@ -0,0 +1,18 @@
# Authors: Simo Sorce <ssorce@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#

535
ipa-client/ipaclient/ipachangeconf.py Normal file
View File

@@ -0,0 +1,535 @@
#
# ipachangeconf - configuration file manipulation classes and functions
# partially based on authconfig code
# Copyright (c) 1999-2007 Red Hat, Inc.
# Author: Simo Sorce <ssorce@redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import fcntl
import os
import string
import time
import shutil
def openLocked(filename, perms):
fd = -1
try:
fd = os.open(filename, os.O_RDWR | os.O_CREAT, perms)
fcntl.lockf(fd, fcntl.LOCK_EX)
except OSError, (errno, strerr):
if fd != -1:
try:
os.close(fd)
except OSError:
pass
raise IOError(errno, strerr)
return os.fdopen(fd, "r+")
#TODO: add subsection as a concept
# (ex. REALM.NAME = { foo = x bar = y } )
#TODO: put section delimiters as separating element of the list
# so that we can process multiple sections in one go
#TODO: add a comment all but provided options as a section option
class IPAChangeConf:
def __init__(self, name):
self.progname = name
self.indent = ("", "", "")
self.assign = (" = ", "=")
self.dassign = self.assign[0]
self.comment = ("#",)
self.dcomment = self.comment[0]
self.eol = ("\n",)
self.deol = self.eol[0]
self.sectnamdel = ("[", "]")
self.subsectdel = ("{", "}")
def setProgName(self, name):
self.progname = name
def setIndent(self, indent):
if type(indent) is tuple:
self.indent = indent
elif type(indent) is str:
self.indent = (indent, )
else:
raise ValueError('Indent must be a list of strings')
def setOptionAssignment(self, assign):
if type(assign) is tuple:
self.assign = assign
else:
self.assign = (assign, )
self.dassign = self.assign[0]
def setCommentPrefix(self, comment):
if type(comment) is tuple:
self.comment = comment
else:
self.comment = (comment, )
self.dcomment = self.comment[0]
def setEndLine(self, eol):
if type(eol) is tuple:
self.eol = eol
else:
self.eol = (eol, )
self.deol = self.eol[0]
def setSectionNameDelimiters(self, delims):
self.sectnamdel = delims
def setSubSectionDelimiters(self, delims):
self.subsectdel = delims
def matchComment(self, line):
for v in self.comment:
if line.lstrip().startswith(v):
return line.lstrip()[len(v):]
return False
def matchEmpty(self, line):
if line.strip() == "":
return True
return False
def matchSection(self, line):
cl = "".join(line.strip().split()).lower()
if len(self.sectnamdel) != 2:
return False
if not cl.startswith(self.sectnamdel[0]):
return False
if not cl.endswith(self.sectnamdel[1]):
return False
return cl[len(self.sectnamdel[0]):-len(self.sectnamdel[1])]
def matchSubSection(self, line):
if self.matchComment(line):
return False
parts = line.split(self.dassign, 1)
if len(parts) < 2:
return False
if parts[1].strip() == self.subsectdel[0]:
return parts[0].strip()
return False
def matchSubSectionEnd(self, line):
if self.matchComment(line):
return False
if line.strip() == self.subsectdel[1]:
return True
return False
def getSectionLine(self, section):
if len(self.sectnamdel) != 2:
return section
return self._dump_line(self.sectnamdel[0],
section,
self.sectnamdel[1],
self.deol)
def _dump_line(self, *args):
return u"".join(unicode(x) for x in args)
def dump(self, options, level=0):
output = []
if level >= len(self.indent):
level = len(self.indent) - 1
for o in options:
if o['type'] == "section":
output.append(self._dump_line(self.sectnamdel[0],
o['name'],
self.sectnamdel[1]))
output.append(self.dump(o['value'], (level + 1)))
continue
if o['type'] == "subsection":
output.append(self._dump_line(self.indent[level],
o['name'],
self.dassign,
self.subsectdel[0]))
output.append(self.dump(o['value'], (level + 1)))
output.append(self._dump_line(self.indent[level],
self.subsectdel[1]))
continue
if o['type'] == "option":
delim = o.get('delim', self.dassign)
if delim not in self.assign:
raise ValueError('Unknown delim "%s" must be one of "%s"' % (delim, " ".join([d for d in self.assign])))
output.append(self._dump_line(self.indent[level],
o['name'],
delim,
o['value']))
continue
if o['type'] == "comment":
output.append(self._dump_line(self.dcomment, o['value']))
continue
if o['type'] == "empty":
output.append('')
continue
raise SyntaxError('Unknown type: [%s]' % o['type'])
return self.deol.join(output)
def parseLine(self, line):
if self.matchEmpty(line):
return {'name': 'empty', 'type': 'empty'}
value = self.matchComment(line)
if value:
return {'name': 'comment',
'type': 'comment',
'value': value.rstrip()} # pylint: disable=E1103
o = dict()
parts = line.split(self.dassign, 1)
if len(parts) < 2:
# The default assign didn't match, try the non-default
for d in self.assign[1:]:
parts = line.split(d, 1)
if len(parts) >= 2:
o['delim'] = d
break
if 'delim' not in o:
raise SyntaxError, 'Syntax Error: Unknown line format'
o.update({'name':parts[0].strip(), 'type':'option', 'value':parts[1].rstrip()})
return o
def findOpts(self, opts, type, name, exclude_sections=False):
num = 0
for o in opts:
if o['type'] == type and o['name'] == name:
return (num, o)
if exclude_sections and (o['type'] == "section" or
o['type'] == "subsection"):
return (num, None)
num += 1
return (num, None)
def commentOpts(self, inopts, level=0):
opts = []
if level >= len(self.indent):
level = len(self.indent) - 1
for o in inopts:
if o['type'] == 'section':
no = self.commentOpts(o['value'], (level + 1))
val = self._dump_line(self.dcomment,
self.sectnamdel[0],
o['name'],
self.sectnamdel[1])
opts.append({'name': 'comment',
'type': 'comment',
'value': val})
for n in no:
opts.append(n)
continue
if o['type'] == 'subsection':
no = self.commentOpts(o['value'], (level + 1))
val = self._dump_line(self.indent[level],
o['name'],
self.dassign,
self.subsectdel[0])
opts.append({'name': 'comment',
'type': 'comment',
'value': val})
opts.extend(no)
val = self._dump_line(self.indent[level], self.subsectdel[1])
opts.append({'name': 'comment',
'type': 'comment',
'value': val})
continue
if o['type'] == 'option':
delim = o.get('delim', self.dassign)
if delim not in self.assign:
val = self._dump_line(self.indent[level],
o['name'],
delim,
o['value'])
opts.append({'name':'comment', 'type':'comment', 'value':val})
continue
if o['type'] == 'comment':
opts.append(o)
continue
if o['type'] == 'empty':
opts.append({'name': 'comment',
'type': 'comment',
'value': ''})
continue
raise SyntaxError('Unknown type: [%s]' % o['type'])
return opts
def mergeOld(self, oldopts, newopts):
opts = []
for o in oldopts:
if o['type'] == "section" or o['type'] == "subsection":
(num, no) = self.findOpts(newopts, o['type'], o['name'])
if not no:
opts.append(o)
continue
if no['action'] == "set":
mo = self.mergeOld(o['value'], no['value'])
opts.append({'name': o['name'],
'type': o['type'],
'value': mo})
continue
if no['action'] == "comment":
co = self.commentOpts(o['value'])
for c in co:
opts.append(c)
continue
if no['action'] == "remove":
continue
raise SyntaxError('Unknown action: [%s]' % no['action'])
if o['type'] == "comment" or o['type'] == "empty":
opts.append(o)
continue
if o['type'] == "option":
(num, no) = self.findOpts(newopts, 'option', o['name'], True)
if not no:
opts.append(o)
continue
if no['action'] == 'comment' or no['action'] == 'remove':
if (no['value'] is not None and
o['value'] is not no['value']):
opts.append(o)
continue
if no['action'] == 'comment':
value = self._dump_line(self.dcomment,
o['name'],
self.dassign,
o['value'])
opts.append({'name': 'comment',
'type': 'comment',
'value': value})
continue
if no['action'] == 'set':
opts.append(no)
continue
if no['action'] == 'addifnotset':
opts.append({'name': 'comment', 'type': 'comment',
'value': self._dump_line(no['name'],
self.dassign,
no['value'],
u' # modified by IPA'
)})
opts.append(o)
continue
raise SyntaxError('Unknown action: [%s]' % no['action'])
raise SyntaxError('Unknown type: [%s]' % o['type'])
return opts
def mergeNew(self, opts, newopts):
cline = 0
for no in newopts:
if no['type'] == "section" or no['type'] == "subsection":
(num, o) = self.findOpts(opts, no['type'], no['name'])
if not o:
if no['action'] == 'set':
opts.append(no)
continue
if no['action'] == "set":
self.mergeNew(o['value'], no['value'])
continue
cline = num + 1
continue
if no['type'] == "option":
(num, o) = self.findOpts(opts, no['type'], no['name'], True)
if not o:
if no['action'] == 'set' or no['action'] == 'addifnotset':
opts.append(no)
continue
cline = num + 1
continue
if no['type'] == "comment" or no['type'] == "empty":
opts.insert(cline, no)
cline += 1
continue
raise SyntaxError('Unknown type: [%s]' % no['type'])
def merge(self, oldopts, newopts):
#Use a two pass strategy
#First we create a new opts tree from oldopts removing/commenting
# the options as indicated by the contents of newopts
#Second we fill in the new opts tree with options as indicated
# in the newopts tree (this is becaus eentire (sub)sections may
# in the newopts tree (this is becaus entire (sub)sections may
# exist in the newopts that do not exist in oldopts)
opts = self.mergeOld(oldopts, newopts)
self.mergeNew(opts, newopts)
return opts
#TODO: Make parse() recursive?
def parse(self, f):
opts = []
sectopts = []
section = None
subsectopts = []
subsection = None
curopts = opts
fatheropts = opts
# Read in the old file.
for line in f:
# It's a section start.
value = self.matchSection(line)
if value:
if section is not None:
opts.append({'name': section,
'type': 'section',
'value': sectopts})
sectopts = []
curopts = sectopts
fatheropts = sectopts
section = value
continue
# It's a subsection start.
value = self.matchSubSection(line)
if value:
if subsection is not None:
raise SyntaxError('nested subsections are not '
'supported yet')
subsectopts = []
curopts = subsectopts
subsection = value
continue
value = self.matchSubSectionEnd(line)
if value:
if subsection is None:
raise SyntaxError('Unmatched end subsection terminator '
'found')
fatheropts.append({'name': subsection,
'type': 'subsection',
'value': subsectopts})
subsection = None
curopts = fatheropts
continue
# Copy anything else as is.
curopts.append(self.parseLine(line))
#Add last section if any
if len(sectopts) is not 0:
opts.append({'name': section,
'type': 'section',
'value': sectopts})
return opts
# Write settings to configuration file
# file is a path
# options is a set of dictionaries in the form:
# [{'name': 'foo', 'value': 'bar', 'action': 'set/comment'}]
# section is a section name like 'global'
def changeConf(self, file, newopts):
autosection = False
savedsection = None
done = False
output = ""
f = None
try:
# Do not catch an unexisting file error
# we want to fail in that case
shutil.copy2(file, (file + ".ipabkp"))
f = openLocked(file, 0644)
oldopts = self.parse(f)
options = self.merge(oldopts, newopts)
output = self.dump(options)
# Write it out and close it.
f.seek(0)
f.truncate(0)
f.write(output)
finally:
try:
if f:
f.close()
except IOError:
pass
return True
# Write settings to new file, backup old
# file is a path
# options is a set of dictionaries in the form:
# [{'name': 'foo', 'value': 'bar', 'action': 'set/comment'}]
# section is a section name like 'global'
def newConf(self, file, options):
autosection = False
savedsection = None
done = False
output = ""
f = None
try:
try:
shutil.copy2(file, (file + ".ipabkp"))
except IOError, err:
if err.errno == 2:
# The orign file did not exist
pass
f = openLocked(file, 0644)
# Trunkate
f.seek(0)
f.truncate(0)
output = self.dump(options)
f.write(output)
finally:
try:
if f:
f.close()
except IOError:
pass
return True

501
ipa-client/ipaclient/ipadiscovery.py Normal file
View File

@@ -0,0 +1,501 @@
# Authors: Simo Sorce <ssorce@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import socket
import os
import tempfile
from ipapython.ipa_log_manager import root_logger
from dns import resolver, rdatatype
from dns.exception import DNSException
from ipalib import errors
from ipapython import ipaldap
from ipaplatform.paths import paths
from ipapython.ipautil import valid_ip, get_ipa_basedn, realm_to_suffix
from ipapython.dn import DN
NOT_FQDN = -1
NO_LDAP_SERVER = -2
REALM_NOT_FOUND = -3
NOT_IPA_SERVER = -4
NO_ACCESS_TO_LDAP = -5
NO_TLS_LDAP = -6
BAD_HOST_CONFIG = -10
UNKNOWN_ERROR = -15
error_names = {
0: 'Success',
NOT_FQDN: 'NOT_FQDN',
NO_LDAP_SERVER: 'NO_LDAP_SERVER',
REALM_NOT_FOUND: 'REALM_NOT_FOUND',
NOT_IPA_SERVER: 'NOT_IPA_SERVER',
NO_ACCESS_TO_LDAP: 'NO_ACCESS_TO_LDAP',
NO_TLS_LDAP: 'NO_TLS_LDAP',
BAD_HOST_CONFIG: 'BAD_HOST_CONFIG',
UNKNOWN_ERROR: 'UNKNOWN_ERROR',
}
class IPADiscovery(object):
def __init__(self):
self.realm = None
self.domain = None
self.server = None
self.servers = []
self.basedn = None
self.realm_source = None
self.domain_source = None
self.server_source = None
self.basedn_source = None
def __get_resolver_domains(self):
"""
Read /etc/resolv.conf and return all the domains found in domain and
search.
Returns a list of (domain, info) pairs. The info contains a reason why
the domain is returned.
"""
domains = []
domain = None
try:
fp = open(paths.RESOLV_CONF, 'r')
lines = fp.readlines()
fp.close()
for line in lines:
if line.lower().startswith('domain'):
domain = (line.split()[-1],
'local domain from /etc/resolv.conf')
elif line.lower().startswith('search'):
domains += [(d, 'search domain from /etc/resolv.conf') for
d in line.split()[1:]]
except:
pass
if domain:
domains = [domain] + domains
return domains
def getServerName(self):
return self.server
def getDomainName(self):
return self.domain
def getRealmName(self):
return self.realm
def getKDCName(self):
return self.kdc
def getBaseDN(self):
return self.basedn
def check_domain(self, domain, tried, reason):
"""
Given a domain search it for SRV records, breaking it down to search
all subdomains too.
Returns a tuple (servers, domain) or (None,None) if a SRV record
isn't found. servers is a list of servers found. domain is a string.
:param tried: A set of domains that were tried already
:param reason: Reason this domain is searched (included in the log)
"""
servers = None
root_logger.debug('Start searching for LDAP SRV record in "%s" (%s) ' +
'and its sub-domains', domain, reason)
while not servers:
if domain in tried:
root_logger.debug("Already searched %s; skipping", domain)
break
tried.add(domain)
servers = self.ipadns_search_srv(domain, '_ldap._tcp', 389,
break_on_first=False)
if servers:
return (servers, domain)
else:
p = domain.find(".")
if p == -1: #no ldap server found and last component of the domain already tested
return (None, None)
domain = domain[p+1:]
return (None, None)
def search(self, domain="", servers="", realm=None, hostname=None, ca_cert_path=None):
"""
Use DNS discovery to identify valid IPA servers.
servers may contain an optional list of servers which will be used
instead of discovering available LDAP SRV records.
Returns a constant representing the overall search result.
"""
root_logger.debug("[IPA Discovery]")
root_logger.debug(
'Starting IPA discovery with domain=%s, servers=%s, hostname=%s',
domain, servers, hostname)
self.server = None
autodiscovered = False
if not servers:
if not domain: #domain not provided do full DNS discovery
# get the local host name
if not hostname:
hostname = socket.getfqdn()
root_logger.debug('Hostname: %s', hostname)
if not hostname:
return BAD_HOST_CONFIG
if valid_ip(hostname):
return NOT_FQDN
# first, check for an LDAP server for the local domain
p = hostname.find(".")
if p == -1: #no domain name
return NOT_FQDN
domain = hostname[p+1:]
# Get the list of domains from /etc/resolv.conf, we'll search
# them all. We search the domain of our hostname first though.
# This is to avoid the situation where domain isn't set in
# /etc/resolv.conf and the search list has the hostname domain
# not first. We could end up with the wrong SRV record.
domains = self.__get_resolver_domains()
domains = [(domain, 'domain of the hostname')] + domains
tried = set()
for domain, reason in domains:
servers, domain = self.check_domain(domain, tried, reason)
if servers:
autodiscovered = True
self.domain = domain
self.server_source = self.domain_source = (
'Discovered LDAP SRV records from %s (%s)' %
(domain, reason))
break
if not self.domain: #no ldap server found
root_logger.debug('No LDAP server found')
return NO_LDAP_SERVER
else:
root_logger.debug("Search for LDAP SRV record in %s", domain)
servers = self.ipadns_search_srv(domain, '_ldap._tcp', 389,
break_on_first=False)
if servers:
autodiscovered = True
self.domain = domain
self.server_source = self.domain_source = (
'Discovered LDAP SRV records from %s' % domain)
else:
self.server = None
root_logger.debug('No LDAP server found')
return NO_LDAP_SERVER
else:
root_logger.debug("Server and domain forced")
self.domain = domain
self.domain_source = self.server_source = 'Forced'
#search for kerberos
root_logger.debug("[Kerberos realm search]")
if realm:
root_logger.debug("Kerberos realm forced")
self.realm = realm
self.realm_source = 'Forced'
else:
realm = self.ipadnssearchkrbrealm()
self.realm = realm
self.realm_source = (
'Discovered Kerberos DNS records from %s' % self.domain)
if not servers and not realm:
return REALM_NOT_FOUND
self.kdc = self.ipadnssearchkrbkdc()
self.kdc_source = (
'Discovered Kerberos DNS records from %s' % self.domain)
# We may have received multiple servers corresponding to the domain
# Iterate through all of those to check if it is IPA LDAP server
ldapret = [NOT_IPA_SERVER]
ldapaccess = True
root_logger.debug("[LDAP server check]")
valid_servers = []
for server in servers:
root_logger.debug('Verifying that %s (realm %s) is an IPA server',
server, self.realm)
# check ldap now
ldapret = self.ipacheckldap(server, self.realm, ca_cert_path=ca_cert_path)
if ldapret[0] == 0:
self.server = ldapret[1]
self.realm = ldapret[2]
self.server_source = self.realm_source = (
'Discovered from LDAP DNS records in %s' % self.server)
valid_servers.append(server)
# verified, we actually talked to the remote server and it
# is definetely an IPA server
if autodiscovered:
# No need to keep verifying servers if we discovered them
# via DNS
break
elif ldapret[0] == NO_ACCESS_TO_LDAP or ldapret[0] == NO_TLS_LDAP:
ldapaccess = False
valid_servers.append(server)
# we may set verified_servers below, we don't have it yet
if autodiscovered:
# No need to keep verifying servers if we discovered them
# via DNS
break
elif ldapret[0] == NOT_IPA_SERVER:
root_logger.warn(
'Skip %s: not an IPA server', server)
elif ldapret[0] == NO_LDAP_SERVER:
root_logger.warn(
'Skip %s: LDAP server is not responding, unable to verify if '
'this is an IPA server', server)
else:
root_logger.warn(
'Skip %s: cannot verify if this is an IPA server', server)
# If one of LDAP servers checked rejects access (maybe anonymous
# bind is disabled), assume realm and basedn generated off domain.
# Note that in case ldapret[0] == 0 and ldapaccess == False (one of
# servers didn't provide access but another one succeeded), self.realm
# will be set already to a proper value above, self.basdn will be
# initialized during the LDAP check itself and we'll skip these two checks.
if not ldapaccess and self.realm is None:
# Assume realm is the same as domain.upper()
self.realm = self.domain.upper()
self.realm_source = 'Assumed same as domain'
root_logger.debug(
"Assuming realm is the same as domain: %s", self.realm)
if not ldapaccess and self.basedn is None:
# Generate suffix from realm
self.basedn = realm_to_suffix(self.realm)
self.basedn_source = 'Generated from Kerberos realm'
root_logger.debug("Generated basedn from realm: %s" % self.basedn)
root_logger.debug(
"Discovery result: %s; server=%s, domain=%s, kdc=%s, basedn=%s",
error_names.get(ldapret[0], ldapret[0]),
self.server, self.domain, self.kdc, self.basedn)
root_logger.debug("Validated servers: %s" % ','.join(valid_servers))
self.servers = valid_servers
# If we have any servers left then override the last return value
# to indicate success.
if valid_servers:
self.server = servers[0]
ldapret[0] = 0
return ldapret[0]
def ipacheckldap(self, thost, trealm, ca_cert_path=None):
"""
Given a host and kerberos realm verify that it is an IPA LDAP
server hosting the realm.
Returns a list [errno, host, realm] or an empty list on error.
Errno is an error number:
0 means all ok
1 means we could not check the info in LDAP (may happend when
anonymous binds are disabled)
2 means the server is certainly not an IPA server
"""
lrealms = []
i = 0
#now verify the server is really an IPA server
try:
root_logger.debug("Init LDAP connection to: %s", thost)
if ca_cert_path:
lh = ipaldap.IPAdmin(thost, protocol='ldap',
cacert=ca_cert_path, start_tls=True,
no_schema=True, decode_attrs=False,
demand_cert=True)
else:
lh = ipaldap.IPAdmin(thost, protocol='ldap',
no_schema=True, decode_attrs=False)
try:
lh.do_simple_bind(DN(), '')
# get IPA base DN
root_logger.debug("Search LDAP server for IPA base DN")
basedn = get_ipa_basedn(lh)
except errors.ACIError:
root_logger.debug("LDAP Error: Anonymous access not allowed")
return [NO_ACCESS_TO_LDAP]
except errors.DatabaseError, err:
root_logger.error("Error checking LDAP: %s" % err.strerror)
# We should only get UNWILLING_TO_PERFORM if the remote LDAP
# server has minssf > 0 and we have attempted a non-TLS conn.
if ca_cert_path is None:
root_logger.debug(
"Cannot connect to LDAP server. Check that minssf is "
"not enabled")
return [NO_TLS_LDAP]
else:
return [UNKNOWN_ERROR]
if basedn is None:
root_logger.debug("The server is not an IPA server")
return [NOT_IPA_SERVER]
self.basedn = basedn
self.basedn_source = 'From IPA server %s' % lh.ldap_uri
#search and return known realms
root_logger.debug(
"Search for (objectClass=krbRealmContainer) in %s (sub)",
self.basedn)
try:
lret = lh.get_entries(
DN(('cn', 'kerberos'), self.basedn),
lh.SCOPE_SUBTREE, "(objectClass=krbRealmContainer)")
except errors.NotFound:
#something very wrong
return [REALM_NOT_FOUND]
for lres in lret:
root_logger.debug("Found: %s", lres.dn)
lrealms.append(lres.single_value['cn'])
if trealm:
for r in lrealms:
if trealm == r:
return [0, thost, trealm]
# must match or something is very wrong
return [REALM_NOT_FOUND]
else:
if len(lrealms) != 1:
#which one? we can't attach to a multi-realm server without DNS working
return [REALM_NOT_FOUND]
else:
return [0, thost, lrealms[0]]
#we shouldn't get here
return [UNKNOWN_ERROR]
except errors.DatabaseTimeout:
root_logger.debug("LDAP Error: timeout")
return [NO_LDAP_SERVER]
except errors.NetworkError, err:
root_logger.debug("LDAP Error: %s" % err.strerror)
return [NO_LDAP_SERVER]
except errors.ACIError:
root_logger.debug("LDAP Error: Anonymous access not allowed")
return [NO_ACCESS_TO_LDAP]
except errors.DatabaseError, err:
root_logger.debug("Error checking LDAP: %s" % err.strerror)
return [UNKNOWN_ERROR]
except Exception, err:
root_logger.debug("Error checking LDAP: %s" % err)
return [UNKNOWN_ERROR]
def ipadns_search_srv(self, domain, srv_record_name, default_port,
break_on_first=True):
"""
Search for SRV records in given domain. When no record is found,
en empty list is returned
:param domain: Search domain name
:param srv_record_name: SRV record name, e.g. "_ldap._tcp"
:param default_port: When default_port is not None, it is being
checked with the port in SRV record and if they don't
match, the port from SRV record is appended to
found hostname in this format: "hostname:port"
:param break_on_first: break on the first find and return just one
entry
"""
servers = []
qname = '%s.%s' % (srv_record_name, domain)
root_logger.debug("Search DNS for SRV record of %s", qname)
try:
answers = resolver.query(qname, rdatatype.SRV)
except DNSException, e:
root_logger.debug("DNS record not found: %s", e.__class__.__name__)
answers = []
for answer in answers:
root_logger.debug("DNS record found: %s", answer)
server = str(answer.target).rstrip(".")
if not server:
root_logger.debug("Cannot parse the hostname from SRV record: %s", answer)
continue
if default_port is not None and answer.port != default_port:
server = "%s:%s" % (server, str(answer.port))
servers.append(server)
if break_on_first:
break
return servers
def ipadnssearchkrbrealm(self, domain=None):
realm = None
if not domain:
domain = self.domain
# now, check for a Kerberos realm the local host or domain is in
qname = "_kerberos." + domain
root_logger.debug("Search DNS for TXT record of %s", qname)
try:
answers = resolver.query(qname, rdatatype.TXT)
except DNSException, e:
root_logger.debug("DNS record not found: %s", e.__class__.__name__)
answers = []
for answer in answers:
root_logger.debug("DNS record found: %s", answer)
if answer.strings:
realm = answer.strings[0]
if realm:
break
return realm
def ipadnssearchkrbkdc(self, domain=None):
kdc = None
if not domain:
domain = self.domain
kdc = self.ipadns_search_srv(domain, '_kerberos._udp', 88,
break_on_first=False)
if kdc:
kdc = ','.join(kdc)
else:
root_logger.debug("SRV record for KDC not found! Domain: %s" % domain)
kdc = None
return kdc

223
ipa-client/ipaclient/ntpconf.py Normal file
View File

@@ -0,0 +1,223 @@
# Authors: Karl MacMillan <kmacmillan@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
from ipapython import ipautil
import shutil
import os
from ipaplatform.tasks import tasks
from ipaplatform import services
from ipaplatform.paths import paths
ntp_conf = """# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server $SERVER
#broadcast 192.168.1.255 key 42 # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 key 42 # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 key 42 # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
server 127.127.1.0 # local clock
#fudge 127.127.1.0 stratum 10
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
driftfile /var/lib/ntp/drift
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
"""
ntp_sysconfig = """OPTIONS="-x -p /var/run/ntpd.pid"
# Set to 'yes' to sync hw clock after successful ntpdate
SYNC_HWCLOCK=yes
# Additional options for ntpdate
NTPDATE_OPTIONS=""
"""
ntp_step_tickers = """# Use IPA-provided NTP server for initial time
$SERVER
"""
def __backup_config(path, fstore = None):
if fstore:
fstore.backup_file(path)
else:
shutil.copy(path, "%s.ipasave" % (path))
def __write_config(path, content):
fd = open(path, "w")
fd.write(content)
fd.close()
def config_ntp(server_fqdn, fstore = None, sysstore = None):
path_step_tickers = paths.NTP_STEP_TICKERS
path_ntp_conf = paths.NTP_CONF
path_ntp_sysconfig = paths.SYSCONFIG_NTPD
sub_dict = { }
sub_dict["SERVER"] = server_fqdn
nc = ipautil.template_str(ntp_conf, sub_dict)
config_step_tickers = False
if os.path.exists(path_step_tickers):
config_step_tickers = True
ns = ipautil.template_str(ntp_step_tickers, sub_dict)
__backup_config(path_step_tickers, fstore)
__write_config(path_step_tickers, ns)
tasks.restore_context(path_step_tickers)
if sysstore:
module = 'ntp'
sysstore.backup_state(module, "enabled", services.knownservices.ntpd.is_enabled())
if config_step_tickers:
sysstore.backup_state(module, "step-tickers", True)
__backup_config(path_ntp_conf, fstore)
__write_config(path_ntp_conf, nc)
tasks.restore_context(path_ntp_conf)
__backup_config(path_ntp_sysconfig, fstore)
__write_config(path_ntp_sysconfig, ntp_sysconfig)
tasks.restore_context(path_ntp_sysconfig)
# Set the ntpd to start on boot
services.knownservices.ntpd.enable()
# Restart ntpd
services.knownservices.ntpd.restart()
def synconce_ntp(server_fqdn):
"""
Syncs time with specified server using ntpd.
Primarily designed to be used before Kerberos setup
to get time following the KDC time
Returns True if sync was successful
"""
ntpd = paths.NTPD
if not os.path.exists(ntpd):
return False
tmp_ntp_conf = ipautil.write_tmp_file('server %s' % server_fqdn)
try:
ipautil.run([ntpd, '-qgc', tmp_ntp_conf.name])
return True
except ipautil.CalledProcessError:
return False
class NTPConfigurationError(Exception):
pass
class NTPConflictingService(NTPConfigurationError):
def __init__(self, message='', conflicting_service=None):
super(NTPConflictingService, self).__init__(self, message)
self.conflicting_service = conflicting_service
def check_timedate_services():
"""
System may contain conflicting services used for time&date synchronization.
As IPA server/client supports only ntpd, make sure that other services are
not enabled to prevent conflicts. For example when both chronyd and ntpd
are enabled, systemd would always start only chronyd to manage system
time&date which would make IPA configuration of ntpd ineffective.
Reference links:
https://fedorahosted.org/freeipa/ticket/2974
http://fedoraproject.org/wiki/Features/ChronyDefaultNTP
"""
for service in services.timedate_services:
if service == 'ntpd':
continue
# Make sure that the service is not enabled
instance = services.service(service)
if instance.is_enabled() or instance.is_running():
raise NTPConflictingService(conflicting_service=instance.service_name)
def force_ntpd(statestore):
"""
Force ntpd configuration and disable and stop any other conflicting
time&date service
"""
for service in services.timedate_services:
if service == 'ntpd':
continue
instance = services.service(service)
enabled = instance.is_enabled()
running = instance.is_running()
if enabled or running:
statestore.backup_state(instance.service_name, 'enabled', enabled)
statestore.backup_state(instance.service_name, 'running', running)
if running:
instance.stop()
if enabled:
instance.disable()
def restore_forced_ntpd(statestore):
"""
Restore from --force-ntpd installation and enable/start service that were
disabled/stopped during installation
"""
for service in services.timedate_services:
if service == 'ntpd':
continue
if statestore.has_state(service):
instance = services.service(service)
enabled = statestore.restore_state(instance.service_name, 'enabled')
running = statestore.restore_state(instance.service_name, 'running')
if enabled:
instance.enable()
if running:
instance.start()

9655
ipa-client/ltmain.sh Normal file
View File

File diff suppressed because it is too large Load Diff

23
ipa-client/man/Makefile.am Normal file
View File

@@ -0,0 +1,23 @@
# This file will be processed with automake-1.7 to create Makefile.in
AUTOMAKE_OPTIONS = 1.7
NULL =
man1_MANS = \
ipa-getkeytab.1 \
ipa-rmkeytab.1 \
ipa-client-install.1 \
ipa-client-automount.1 \
ipa-join.1
man5_MANS = \
default.conf.5
install-data-hook:
@for i in $(man1_MANS) ; do gzip -f $(DESTDIR)$(man1dir)/$$i ; done
@for i in $(man5_MANS) ; do gzip -f $(DESTDIR)$(man5dir)/$$i ; done
MAINTAINERCLEANFILES = \
Makefile.in \
$(NULL)

582
ipa-client/man/Makefile.in Normal file
View File

@@ -0,0 +1,582 @@
# Makefile.in generated by automake 1.14.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
# This file will be processed with automake-1.7 to create Makefile.in
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = man
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/version.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
SOURCES =
DIST_SOURCES =
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
am__install_max = 40
am__nobase_strip_setup = \
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
am__nobase_strip = \
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
am__nobase_list = $(am__nobase_strip_setup); \
for p in $$list; do echo "$$p $$p"; done | \
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
if (++n[$$2] == $(am__install_max)) \
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
END { for (dir in files) print dir, files[dir] }'
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__uninstall_files_from_dir = { \
test -z "$$files" \
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
man1dir = $(mandir)/man1
am__installdirs = "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)"
man5dir = $(mandir)/man5
NROFF = nroff
MANS = $(man1_MANS) $(man5_MANS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CURL_LIBS = @CURL_LIBS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
IPA_DATA_DIR = @IPA_DATA_DIR@
KRB5_LIBS = @KRB5_LIBS@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBINTL_LIBS = @LIBINTL_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OPENLDAP_LIBS = @OPENLDAP_LIBS@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
POPT_LIBS = @POPT_LIBS@
PYTHON = @PYTHON@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
SASL_LIBS = @SASL_LIBS@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
VERSION = @VERSION@
XMLRPC_LIBS = @XMLRPC_LIBS@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
pkgpyexecdir = @pkgpyexecdir@
pkgpythondir = @pkgpythondir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
pyexecdir = @pyexecdir@
pythondir = @pythondir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AUTOMAKE_OPTIONS = 1.7
NULL =
man1_MANS = \
ipa-getkeytab.1 \
ipa-rmkeytab.1 \
ipa-client-install.1 \
ipa-client-automount.1 \
ipa-join.1
man5_MANS = \
default.conf.5
MAINTAINERCLEANFILES = \
Makefile.in \
$(NULL)
all: all-am
.SUFFIXES:
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign man/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign man/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
install-man1: $(man1_MANS)
@$(NORMAL_INSTALL)
@list1='$(man1_MANS)'; \
list2=''; \
test -n "$(man1dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \
$(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \
{ for i in $$list1; do echo "$$i"; done; \
if test -n "$$list2"; then \
for i in $$list2; do echo "$$i"; done \
| sed -n '/\.1[a-z]*$$/p'; \
fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
done | \
sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
sed 'N;N;s,\n, ,g' | { \
list=; while read file base inst; do \
if test "$$base" = "$$inst"; then list="$$list $$file"; else \
echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
$(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \
fi; \
done; \
for i in $$list; do echo "$$i"; done | $(am__base_list) | \
while read files; do \
test -z "$$files" || { \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \
done; }
uninstall-man1:
@$(NORMAL_UNINSTALL)
@list='$(man1_MANS)'; test -n "$(man1dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir)
install-man5: $(man5_MANS)
@$(NORMAL_INSTALL)
@list1='$(man5_MANS)'; \
list2=''; \
test -n "$(man5dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \
$(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \
{ for i in $$list1; do echo "$$i"; done; \
if test -n "$$list2"; then \
for i in $$list2; do echo "$$i"; done \
| sed -n '/\.5[a-z]*$$/p'; \
fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
done | \
sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
sed 'N;N;s,\n, ,g' | { \
list=; while read file base inst; do \
if test "$$base" = "$$inst"; then list="$$list $$file"; else \
echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
$(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
fi; \
done; \
for i in $$list; do echo "$$i"; done | $(am__base_list) | \
while read files; do \
test -z "$$files" || { \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
done; }
uninstall-man5:
@$(NORMAL_UNINSTALL)
@list='$(man5_MANS)'; test -n "$(man5dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
tags TAGS:
ctags CTAGS:
cscope cscopelist:
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile $(MANS)
installdirs:
for dir in "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
clean: clean-am
clean-am: clean-generic clean-libtool mostlyclean-am
distclean: distclean-am
-rm -f Makefile
distclean-am: clean-am distclean-generic
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am: install-man
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am:
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man: install-man1 install-man5
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am: uninstall-man
uninstall-man: uninstall-man1 uninstall-man5
.MAKE: install-am install-data-am install-strip
.PHONY: all all-am check check-am clean clean-generic clean-libtool \
cscopelist-am ctags-am distclean distclean-generic \
distclean-libtool distdir dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am \
install-data-hook install-dvi install-dvi-am install-exec \
install-exec-am install-html install-html-am install-info \
install-info-am install-man install-man1 install-man5 \
install-pdf install-pdf-am install-ps install-ps-am \
install-strip installcheck installcheck-am installdirs \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags-am uninstall uninstall-am uninstall-man uninstall-man1 \
uninstall-man5
install-data-hook:
@for i in $(man1_MANS) ; do gzip -f $(DESTDIR)$(man1dir)/$$i ; done
@for i in $(man5_MANS) ; do gzip -f $(DESTDIR)$(man5dir)/$$i ; done
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

242
ipa-client/man/default.conf.5 Normal file
View File

@@ -0,0 +1,242 @@
.\" A man page for default.conf
.\" Copyright (C) 2011 Red Hat, Inc.
.\"
.\" This program is free software; you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation, either version 3 of the License, or
.\" (at your option) any later version.
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program. If not, see <http://www.gnu.org/licenses/>.
.\"
.\" Author: Rob Crittenden <rcritten@@redhat.com>
.\"
.TH "default.conf" "5" "Feb 21 2011" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
default.conf \- IPA configuration file
.SH "SYNOPSIS"
/etc/ipa/default.conf, ~/.ipa/default.conf, /etc/ipa/server.conf, /etc/ipa/cli.conf
.SH "DESCRIPTION"
The \fIdefault.conf \fRconfiguration file is used to set system\-wide defaults to be applied when running IPA clients and servers.
Users may create an optional configuration file in \fI~/.ipa/default.conf\fR which will be merged into the system\-wide defaults file.
The following files are read, in order:
.nf
~/.ipa/default.conf
/etc/ipa/<context>.conf
/etc/ipa/default.conf
built\-in constants
.fi
The IPA server does not read ~/.ipa/default.conf.
The first setting wins.
.SH "SYNTAX"
The configuration options are not case sensitive. The values may be case sensitive, depending on the option.
Blank lines are ignored.
Lines beginning with # are comments and are ignored.
Valid lines consist of an option name, an equals sign and a value. Spaces surrounding equals sign are ignored. An option terminates at the end of a line.
Values should not be quoted, the quotes will not be stripped.
.np
# Wrong \- don't include quotes
verbose = "True"
# Right \- Properly formatted options
verbose = True
verbose=True
.fi
Options must appear in the section named [global]. There are no other sections defined or used currently.
Options may be defined that are not used by IPA. Be careful of misspellings, they will not be rejected.
.SH "OPTIONS"
The following options are relevant for the server:
.TP
.B basedn\fR <base>
Specifies the base DN to use when performing LDAP operations. The base must be in DN format (dc=example,dc=com).
.TP
.B ca_agent_port <port>
Specifies the secure CA agent port. The default is 9443 for Dogtag 9, and 8443 for Dogtag 10.
.TP
.B ca_ee_port <port>
Specifies the secure CA end user port. The default is 9444 for Dogtag 9, and 8443 for Dogtag 10.
.TP
.B ca_host <hostname>
Specifies the hostname of the dogtag CA server. The default is the hostname of the IPA server.
.TP
.B ca_port <port>
Specifies the insecure CA end user port. The default is 9180 for Dogtag 9, and 8080 for Dogtag 10.
.TP
.B context <context>
Specifies the context that IPA is being executed in. IPA may operate differently depending on the context. The current defined contexts are cli and server. Additionally this value is used to load /etc/ipa/\fBcontext\fR.conf to provide context\-specific configuration. For example, if you want to always perform client requests in verbose mode but do not want to have verbose enabled on the server, add the verbose option to \fI/etc/ipa/cli.conf\fR.
.TP
.B debug <boolean>
When True provides detailed information. Specifically this set the global log level to "debug". Default is False.
.TP
.B dogtag_version <version>
Stores the version of Dogtag. Value 9 is assumed if not specified otherwise.
.TP
.B domain <domain>
The domain of the IPA server e.g. example.com.
.TP
.B enable_ra <boolean>
Specifies whether the CA is acting as an RA agent, such as when dogtag is being used as the Certificate Authority. This setting only applies to the IPA server configuration.
.TP
.B fallback <boolean>
Specifies whether an IPA client should attempt to fall back and try other services if the first connection fails.
.TP
.B host <hostname>
Specifies the hostname of the IPA server. This value is used to construct URL values on the client and server.
.TP
.B in_server <boolean>
Specifies whether requests should be forwarded to an IPA server or handled locally. This is used internally by IPA in a similar way as context. The same IPA framework is used by the ipa command\-line tool and the server. This setting tells the framework whether it should execute the command as if on the server or forward it via XML\-RPC to a remote server.
.TP
.B in_tree <boolean>
This is used in development and is generally a detected value. It means that the code is being executed within a source tree.
.TP
.B interactive <boolean>
Specifies whether values should be prompted for or not. The default is True.
.TP
.B ldap_uri <URI>
Specifies the URI of the IPA LDAP server to connect to. The URI scheme may be one of \fBldap\fR or \fBldapi\fR. The default is to use ldapi, e.g. ldapi://%2fvar%2frun%2fslapd\-EXAMPLE\-COM.socket
.TP
.B log_logger_XXX <comma separated list of regexps>
loggers matching regexp will be assigned XXX level.
.IP
Logger levels can be explicitly specified for specific loggers as
opposed to a global logging level. Specific loggers are indicated
by a list of regular expressions bound to a level. If a logger's
name matches the regexp then it is assigned that level. This config item
must begin with "log_logger_level_" and then be
followed by a symbolic or numeric log level, for example:
.IP
log_logger_level_debug = ipalib\\.dn\\..*
.IP
log_logger_level_35 = ipalib\\.plugins\\.dogtag
.IP
The first line says any logger belonging to the ipalib.dn module
will have it's level configured to debug.
.IP
The second line say the ipa.plugins.dogtag logger will be
configured to level 35.
.IP
This config item is useful when you only want to see the log output from
one or more selected loggers. Turning on the global debug flag will produce
an enormous amount of output. This allows you to leave the global debug flag
off and selectively enable output from a specific logger. Typically loggers
are bound to classes and plugins.
.IP
Note: logger names are a dot ('.') separated list forming a path
in the logger tree. The dot character is also a regular
expression metacharacter (matches any character) therefore you
will usually need to escape the dot in the logger names by
preceeding it with a backslash.
.TP
.B mode <mode>
Specifies the mode the server is running in. The currently support values are \fBproduction\fR and \fBdevelopment\fR. When running in production mode some self\-tests are skipped to improve performance.
.TP
.B mount_ipa <URI>
Specifies the mount point that the development server will register. The default is /ipa/
.TP
.B prompt_all <boolean>
Specifies that all options should be prompted for in the IPA client, even optional values. Default is False.
.TP
.B ra_plugin <name>
Specifies the name of the CA back end to use. The current options are \fBdogtag\fR and \fBnone\fR. This is a server\-side setting. Changing this value is not recommended as the CA back end is only set up during initial installation.
.TP
.B realm <realm>
Specifies the Kerberos realm.
.TP
.B session_auth_duration <time duration spec>
Specifies the length of time authentication credentials cached in the session are valid. After the duration expires credentials will be automatically reacquired. Examples are "2 hours", "1h:30m", "10 minutes", "5min, 30sec".
.TP
.B session_duration_type <inactivity_timeout|from_start>
Specifies how the expiration of a session is computed. With \fBinactivity_timeout\fR the expiration time is advanced by the value of session_auth_duration everytime the user accesses the service. With \fBfrom_start\fR the session expiration is the start of the user's session plus the value of session_auth_duration.
.TP
.B server <hostname>
Specifies the IPA Server hostname. This option is deprecated.
.TP
.B startup_timeout <time in seconds>
Controls the amount of time waited when starting a service. The default value is 120 seconds.
.TP
.B startup_traceback <boolean>
If the IPA server fails to start and this value is True the server will attempt to generate a python traceback to make identifying the underlying problem easier.
.TP
.B validate_api <boolean>
Used internally in the IPA source package to verify that the API has not changed. This is used to prevent regressions. If it is true then some errors are ignored so enough of the IPA framework can be loaded to verify all of the API, even if optional components are not installed. The default is False.
.TP
.B verbose <boolean>
When True provides more information. Specifically this sets the global log level to "info".
.TP
.B wait_for_dns <number of attempts>
Controls whether the IPA commands dnsrecord\-{add,mod,del} work synchronously or not. The DNS commands will repeat DNS queries up to the specified number of attempts until the DNS server returns an up-to-date answer to a query for modified records. Delay between retries is one second.
.IP
The DNS commands will raise a DNSDataMismatch exception if the answer doesn't match the expected value even after the specified number of attempts.
.IP
The DNS queries will be sent to the resolver configured in /etc/resolv.conf on the IPA server.
.IP
Do not enable this in production! This will cause problems if the resolver on IPA server uses a caching server instead of a local authoritative server or e.g. if DNS answers are modified by DNS64. The default is disabled (the option is not present).
.TP
.B xmlrpc_uri <URI>
Specifies the URI of the XML\-RPC server for a client. This may be used by IPA, and is used by some external tools, such as ipa\-getcert. Example: https://ipa.example.com/ipa/xml
.TP
.B jsonrpc_uri <URI>
Specifies the URI of the JSON server for a client. This is used by IPA. If not given, it is derived from xmlrpc_uri. Example: https://ipa.example.com/ipa/json
.TP
.B rpc_protocol <URI>
Specifies the type of RPC calls IPA makes: 'jsonrpc' or 'xmlrpc'. Defaults to 'jsonrpc'.
.TP
The following define the containers for the IPA server. Containers define where in the DIT that objects can be found. The full location is the value of container + basedn.
container_accounts: cn=accounts
container_applications: cn=applications,cn=configs,cn=policies
container_automount: cn=automount
container_configs: cn=configs,cn=policies
container_dns: cn=dns
container_group: cn=groups,cn=accounts
container_hbac: cn=hbac
container_hbacservice: cn=hbacservices,cn=hbac
container_hbacservicegroup: cn=hbacservicegroups,cn=hbac
container_host: cn=computers,cn=accounts
container_hostgroup: cn=hostgroups,cn=accounts
container_netgroup: cn=ng,cn=alt
container_permission: cn=permissions,cn=pbac
container_policies: cn=policies
container_policygroups: cn=policygroups,cn=configs,cn=policies
container_policylinks: cn=policylinks,cn=configs,cn=policies
container_privilege: cn=privileges,cn=pbac
container_rolegroup: cn=roles,cn=accounts
container_roles: cn=roles,cn=policies
container_service: cn=services,cn=accounts
container_sudocmd: cn=sudocmds,cn=sudo
container_sudocmdgroup: cn=sudocmdgroups,cn=sudo
container_sudorule: cn=sudorules,cn=sudo
container_user: cn=users,cn=accounts
container_virtual: cn=virtual operations,cn=etc
.SH "FILES"
.TP
.I /etc/ipa/default.conf
system\-wide IPA configuration file
.TP
.I $HOME/.ipa/default.conf
user IPA configuration file
.TP
It is also possible to define context\-specific configuration files. The \fBcontext\fR is set when the IPA api is initialized. The two currently defined contexts in IPA are \fBcli\fR and \fBserver\fR. This is helpful, for example, if you only want \fBdebug\fR enabled on the server and not in the client. If this is set to True in \fIdefault.conf\fR it will affect both the ipa client tool and the IPA server. If it is only set in \fIserver.conf\fR then only the server will have \fBdebug\fR set. These files will be loaded if they exist:
.TP
.I /etc/ipa/cli.conf
system\-wide IPA client configuration file
.TP
.I /etc/ipa/server.conf
system\-wide IPA server configuration file
.SH "SEE ALSO"
.BR ipa (1)

89
ipa-client/man/ipa-client-automount.1 Normal file
View File

@@ -0,0 +1,89 @@
.\" A man page for ipa-client-automount
.\" Copyright (C) 2012 Red Hat, Inc.
.\"
.\" This program is free software; you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation, either version 3 of the License, or
.\" (at your option) any later version.
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program. If not, see <http://www.gnu.org/licenses/>.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-client-automount" "1" "May 25 2012" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-client\-automount \- Configure automount and NFS for IPA
.SH "SYNOPSIS"
ipa\-client\-automount [\fIOPTION\fR]... <location>
.SH "DESCRIPTION"
Configures automount for IPA.
The automount configuration consists of three files:
.PP
.IP o
/etc/nsswitch.conf
.IP o
/etc/sysconfig/autofs
.IP o
/etc/autofs_ldap_auth.conf
.TP
By default this will use DNS discovery to attempt to determine the IPA server(s) to use. If IPA servers are discovered then the automount client will be configured to use DNS discovery.
.TP
If DNS discovery fails or a specific server is desired, use the \-\-server option.
.TP
The default automount location is named default. To specify a different one use the \-\-location option.
.TP
The IPA client must already be configured in order to configure automount. The IPA client is configured as part of a server installation.
.TP
There are two ways to configure automount. The default is to use sssd to manage the automount maps. Alternatively autofs can configured to bind to LDAP over GSSAPI and authenticate using the machine's host principal.
.TP
The nsswitch automount service is configured to use either sss or ldap and files depending on whether SSSD is configured or not.
.TP
NFSv4 is also configured. The rpc.gssd and rpc.idmapd are started on clients to support Kerberos\-secured mounts.
.SH "OPTIONS"
\fB\-\-server\fR=\fISERVER\fR
Set the IPA server to connect to
.TP
\fB\-\-location\fR=\fILOCATION\fR
Automount location
.TP
\fB\-S\fR, \fB\-\-no\-sssd\fR
Do not configure the client to use SSSD for automount
.TP
\fB\-d\fR, \fB\-\-debug\fR
Print debugging information to stdout
.TP
\fB\-U\fR, \fB\-\-unattended\fR
Unattended installation. The user will not be prompted
.TP
\fB\-\-uninstall\fR
Restore the automount configuration files
.SH "FILES"
.TP
Files that will be always be configured:
/etc/nsswitch.conf
.TP
Files that will be configured when SSSD is the automount client (default):
/etc/sssd/sssd.conf
.TP
Files that will be configured when using the ldap automount client:
/etc/sysconfig/autofs
/etc/autofs_ldap_auth.conf
.SH "EXIT STATUS"
0 if the installation was successful
1 if an error occurred

251
ipa-client/man/ipa-client-install.1 Normal file
View File

@@ -0,0 +1,251 @@
.\" A man page for ipa-client-install
.\" Copyright (C) 2008 Red Hat, Inc.
.\"
.\" This program is free software; you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation, either version 3 of the License, or
.\" (at your option) any later version.
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program. If not, see <http://www.gnu.org/licenses/>.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-client-install" "1" "Jan 31 2013" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-client\-install \- Configure an IPA client
.SH "SYNOPSIS"
ipa\-client\-install [\fIOPTION\fR]...
.SH "DESCRIPTION"
Configures a client machine to use IPA for authentication and identity services.
By default this configures SSSD to connect to an IPA server for authentication and authorization. Optionally one can instead configure PAM and NSS (Name Switching Service) to work with an IPA server over Kerberos and LDAP.
An authorized user is required to join a client machine to IPA. This can take the form of a kerberos principal or a one\-time password associated with the machine.
This same tool is used to unconfigure IPA and attempts to return the machine to its previous state. Part of this process is to unenroll the host from the IPA server. Unenrollment consists of disabling the principal key on the IPA server so that it may be re\-enrolled. The machine principal in /etc/krb5.keytab (host/<fqdn>@REALM) is used to authenticate to the IPA server to unenroll itself. If this principal does not exist then unenrollment will fail and an administrator will need to disable the host principal (ipa host\-disable <fqdn>).
.SS "Assumptions"
The ipa\-client\-install script assumes that the machine has already generated SSH keys. It will not generate SSH keys of its own accord. If SSH keys are not present (e.g when running the ipa\-client\-install in a kickstart, before ever running sshd), they will not be uploaded to the client host entry on the server.
.SS "Hostname Requirements"
Client must use a \fBstatic hostname\fR. If the machine hostname changes for example due to a dynamic hostname assignment by a DHCP server, client enrollment to IPA server breaks and user then would not be able to perform Kerberos authentication.
\-\-hostname option may be used to specify a static hostname that persists over reboot.
.SS "DNS Autodiscovery"
Client installer by default tries to search for _ldap._tcp.DOMAIN DNS SRV records for all domains that are parent to its hostname. For example, if a client machine has a hostname 'client1.lab.example.com', the installer will try to retrieve an IPA server hostname from _ldap._tcp.lab.example.com, _ldap._tcp.example.com and _ldap._tcp.com DNS SRV records, respectively. The discovered domain is then used to configure client components (e.g. SSSD and Kerberos 5 configuration) on the machine.
When the client machine hostname is not in a subdomain of an IPA server, its domain can be passed with \-\-domain option. In that case, both SSSD and Kerberos components have the domain set in the configuration files and will use it to autodiscover IPA servers.
Client machine can also be configured without a DNS autodiscovery at all. When both \-\-server and \-\-domain options are used, client installer will use the specified server and domain directly. \-\-server option accepts multiple server hostnames which can be used for failover mechanism. Without DNS autodiscovery, Kerberos is configured with a fixed list of KDC and Admin servers. SSSD is still configured to either try to read domain's SRV records or the specified fixed list of servers. When \-\-fixed\-primary option is specified, SSSD will not try to read DNS SRV record at all (see sssd\-ipa(5) for details).
.SS "The Failover Mechanism"
When some of the IPA servers is not available, client components are able to fallback to other IPA replica and thus preserving a continued service. When client machine is configured to use DNS SRV record autodiscovery (no fixed server was passed to the installer), client components do the fallback automatically, based on the IPA server hostnames and priorities discovered from the DNS SRV records.
If DNS autodiscovery is not available, clients should be configured at least with a fixed list of IPA servers that can be used in case of a failure. When only one IPA server is configured, IPA client services will not be available in case of a failure of the IPA server. Please note, that in case of a fixed list of IPA servers, the fixed server lists in client components need to be updated when a new IPA server is enrolled or a current IPA server is decommissioned.
.SS "Coexistence With Other Directory Servers"
Other directory servers deployed in the network (e.g. Microsoft Active Directory) may use the same DNS SRV records to denote hosts with a directory service (_ldap._tcp.DOMAIN). Such DNS SRV records may break the installation if the installer discovers these DNS records before it finds DNS SRV records pointing to IPA servers. The installer would then fail to discover the IPA server and exit with error.
In order to avoid the aforementioned DNS autodiscovery issues, the client machine hostname should be in a domain with properly defined DNS SRV records pointing to IPA servers, either manually with a custom DNS server or with IPA DNS integrated solution. A second approach would be to avoid autodiscovery and configure the installer to use a fixed list of IPA server hostnames using the \-\-server option and with a \-\-fixed\-primary option disabling DNS SRV record autodiscovery in SSSD.
.SS "Re\-enrollment of the host"
Requirements:
1. Host has not been un\-enrolled (the ipa\-client\-install \-\-uninstall command has not been run).
.br
2. The host entry has not been disabled via the ipa host\-disable command.
If this has been the case, host can be re\-enrolled using the usual methods.
There are two method of authenticating a re\-enrollment:
1. You can use \-\-force\-join option with ipa\-client\-install command. This authenticates the re\-enrollment using the admin's credentials provided via the \-w/\-\-password option.
.br
2. If providing the admin's password via the command line is not an option (e.g you want to create a script to re\-enroll a host and keep the admin's password secure), you can use backed up keytab from the previous enrollment of this host to authenticate. See \-\-keytab option.
Consequences of the re\-enrollment on the host entry:
1. A new host certificate is issued
.br
2. The old host certificate is revoked
.br
3. New SSH keys are generated
.br
4. ipaUniqueID is preserved
.SH "OPTIONS"
.SS "BASIC OPTIONS"
.TP
\fB\-\-domain\fR=\fIDOMAIN\fR
Set the domain name to DOMAIN. When no \-\-server option is specified, the installer will try to discover all available servers via DNS SRV record autodiscovery (see DNS Autodiscovery section for details).
.TP
\fB\-\-server\fR=\fISERVER\fR
Set the IPA server to connect to. May be specified multiple times to add multiple servers to ipa_server value in sssd.conf or krb5.conf. Only the first value is considered when used with \-\-no\-sssd. When this option is used, DNS autodiscovery for Kerberos is disabled and a fixed list of KDC and Admin servers is configured.
.TP
\fB\-\-realm\fR=\fIREALM_NAME\fR
Set the IPA realm name to REALM_NAME. Under normal circumstances, this option is not needed as the realm name is retrieved from the IPA server.
.TP
\fB\-\-fixed\-primary\fR
Configure SSSD to use a fixed server as the primary IPA server. The default is to use DNS SRV records to determine the primary server to use and fall back to the server the client is enrolled with. When used in conjunction with \-\-server then no _srv_ value is set in the ipa_server option in sssd.conf.
.TP
\fB\-p\fR, \fB\-\-principal\fR
Authorized kerberos principal to use to join the IPA realm.
.TP
\fB\-w\fR \fIPASSWORD\fR, \fB\-\-password\fR=\fIPASSWORD\fR
Password for joining a machine to the IPA realm. Assumes bulk password unless principal is also set.
.TP
\fB\-W\fR
Prompt for the password for joining a machine to the IPA realm.
.TP
\fB\-k\fR, \fB\-\-keytab\fR
Path to backed up host keytab from previous enrollment. Joins the host even if it is already enrolled.
.TP
\fB\-\-mkhomedir\fR
Configure PAM to create a users home directory if it does not exist.
.TP
\fB\-\-hostname\fR
The hostname of this machine (FQDN). If specified, the hostname will be set and the system configuration will be updated to persist over reboot. By default a nodename result from uname(2) is used.
.TP
\fB\-\-force\-join\fR
Join the host even if it is already enrolled.
.TP
\fB\-\-ntp\-server\fR=\fINTP_SERVER\fR
Configure ntpd to use this NTP server.
.TP
\fB\-N\fR, \fB\-\-no\-ntp\fR
Do not configure or enable NTP.
.TP
\fB\-\-force\-ntpd\fR
Stop and disable any time&date synchronization services besides ntpd.
.TP
\fB\-\-nisdomain\fR=\fINIS_DOMAIN\fR
Set the NIS domain name as specified. By default, this is set to the IPA domain name.
.TP
\fB\-\-no\-nisdomain\fR
Do not configure NIS domain name.
.TP
\fB\-\-ssh\-trust\-dns\fR
Configure OpenSSH client to trust DNS SSHFP records.
.TP
\fB\-\-no\-ssh\fR
Do not configure OpenSSH client.
.TP
\fB\-\-no\-sshd\fR
Do not configure OpenSSH server.
.TP
\fB\-\-no\-sudo\fR
Do not configure SSSD as a data source for sudo.
.TP
\fB\-\-no\-dns\-sshfp\fR
Do not automatically create DNS SSHFP records.
.TP
\fB\-\-noac\fR
Do not use Authconfig to modify the nsswitch.conf and PAM configuration.
.TP
\fB\-f\fR, \fB\-\-force\fR
Force the settings even if errors occur
.TP
\fB\-d\fR, \fB\-\-debug\fR
Print debugging information to stdout
.TP
\fB\-U\fR, \fB\-\-unattended\fR
Unattended installation. The user will not be prompted.
.TP
\fB\-\-ca\-cert\-file\fR=\fICA_FILE\fR
Do not attempt to acquire the IPA CA certificate via automated means,
instead use the CA certificate found locally in in \fICA_FILE\fR. The
\fICA_FILE\fR must be an absolute path to a PEM formatted certificate
file. The CA certificate found in \fICA_FILE\fR is considered
authoritative and will be installed without checking to see if it's
valid for the IPA domain.
.TP
\fB\-\-automount\-location\fR=\fILOCATION\fR
Configure automount by running ipa\-client\-automount(1) with \fILOCATION\fR as
automount location.
.SS "SSSD OPTIONS"
.TP
\fB\-\-permit\fR
Configure SSSD to permit all access. Otherwise the machine will be controlled by the Host\-based Access Controls (HBAC) on the IPA server.
.TP
\fB\-\-enable\-dns\-updates\fR
This option tells SSSD to automatically update DNS with the IP address of this client.
.TP
\fB\-\-no\-krb5\-offline\-passwords\fR
Configure SSSD not to store user password when the server is offline.
.TP
\fB\-S\fR, \fB\-\-no\-sssd\fR
Do not configure the client to use SSSD for authentication, use nss_ldap instead.
.TP
\fB\-\-preserve\-sssd\fR
Disabled by default. When enabled, preserves old SSSD configuration if it is
not possible to merge it with a new one. Effectively, if the merge is not
possible due to SSSDConfig reader encountering unsupported options,
\fBipa\-client\-install\fR will not run further and ask to fix SSSD config
first. When this option is not specified, \fBipa\-client\-install\fR will back
up SSSD config and create new one. The back up version will be restored during
uninstall.
.SS "UNINSTALL OPTIONS"
.TP
\fB\-\-uninstall\fR
Remove the IPA client software and restore the configuration to the pre\-IPA state.
.TP
\fB\-U\fR, \fB\-\-unattended\fR
Unattended uninstallation. The user will not be prompted.
.SH "FILES"
.TP
Files that will be replaced if SSSD is configured (default):
/etc/sssd/sssd.conf\p
.TP
Files that will be replaced if they exist and SSSD is not configured (\-\-no\-sssd):
/etc/ldap.conf\p
/etc/nss_ldap.conf\p
/etc/libnss\-ldap.conf\p
/etc/pam_ldap.conf\p
/etc/nslcd.conf\p
.TP
Files replaced if NTP is enabled:
/etc/ntp.conf\p
/etc/sysconfig/ntpd\p
/etc/ntp/step\-tickers\p
.TP
Files always created (replacing existing content):
/etc/krb5.conf\p
/etc/ipa/ca.crt\p
/etc/ipa/default.conf\p
/etc/openldap/ldap.conf\p
.TP
Files updated, existing content is maintained:
/etc/nsswitch.conf\p
/etc/pki/nssdb\p
/etc/krb5.keytab\p
/etc/sysconfig/network\p
.SH "EXIT STATUS"
0 if the installation was successful
1 if an error occurred
2 if uninstalling and the client is not configured
3 if installing and the client is already configured
4 if an uninstall error occurred
.SH "SEE ALSO"
.BR ipa\-client\-automount(1),
.BR krb5.conf(5),
.BR sssd.conf(5)

145
ipa-client/man/ipa-getkeytab.1 Normal file
View File

@@ -0,0 +1,145 @@
.\" A man page for ipa-getkeytab
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This program is free software; you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation, either version 3 of the License, or
.\" (at your option) any later version.
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program. If not, see <http://www.gnu.org/licenses/>.
.\"
.\" Author: Karl MacMillan <kmacmill@redhat.com>
.\" Author: Simo Sorce <ssorce@redhat.com>
.\"
.TH "ipa-getkeytab" "1" "Oct 10 2007" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-getkeytab \- Get a keytab for a Kerberos principal
.SH "SYNOPSIS"
ipa\-getkeytab \fB\-s\fR \fIipaserver\fR \fB\-p\fR \fIprincipal\-name\fR \fB\-k\fR \fIkeytab\-file\fR [ \fB\-e\fR encryption\-types ] [ \fB\-q\fR ] [ \fB\-D\fR|\fB\-\-binddn\fR \fIBINDDN\fR ] [ \fB\-w|\-\-bindpw\fR ] [ \fB\-P\fR|\fB\-\-password\fR \fIPASSWORD\fR ] [ \fB\-r\fR ]
.SH "DESCRIPTION"
Retrieves a Kerberos \fIkeytab\fR.
Kerberos keytabs are used for services (like sshd) to
perform Kerberos authentication. A keytab is a file
with one or more secrets (or keys) for a Kerberos
principal.
A Kerberos service principal is a Kerberos identity
that can be used for authentication. Service principals
contain the name of the service, the hostname of the
server, and the realm name. For example, the following
is an example principal for an ldap server:
ldap/foo.example.com@EXAMPLE.COM
When using ipa\-getkeytab the realm name is already
provided, so the principal name is just the service
name and hostname (ldap/foo.example.com from the
example above).
\fBWARNING:\fR retrieving the keytab resets the secret for the Kerberos principal.
This renders all other keytabs for that principal invalid.
This is used during IPA client enrollment to retrieve a host service principal and store it in /etc/krb5.keytab. It is possible to retrieve the keytab without Kerberos credentials if the host was pre\-created with a one\-time password. The keytab can be retrieved by binding as the host and authenticating with this one\-time password. The \fB\-D|\-\-binddn\fR and \fB\-w|\-\-bindpw\fR options are used for this authentication.
.SH "OPTIONS"
.TP
\fB\-s ipaserver\fR
The IPA server to retrieve the keytab from (FQDN).
.TP
\fB\-p principal\-name\fR
The non\-realm part of the full principal name.
.TP
\fB\-k keytab\-file\fR
The keytab file where to append the new key (will be
created if it does not exist).
.TP
\fB\-e encryption\-types\fR
The list of encryption types to use to generate keys.
ipa\-getkeytab will use local client defaults if not provided.
Valid values depend on the Kerberos library version and configuration.
Common values are:
aes256\-cts
aes128\-cts
des3\-hmac\-sha1
arcfour\-hmac
des\-hmac\-sha1
des\-cbc\-md5
des\-cbc\-crc
.TP
\fB\-q\fR
Quiet mode. Only errors are displayed.
.TP
\fB\-\-permitted\-enctypes\fR
This options returns a description of the permitted encryption types, like this:
Supported encryption types:
AES\-256 CTS mode with 96\-bit SHA\-1 HMAC
AES\-128 CTS mode with 96\-bit SHA\-1 HMAC
Triple DES cbc mode with HMAC/sha1
ArcFour with HMAC/md5
DES cbc mode with CRC\-32
DES cbc mode with RSA\-MD5
DES cbc mode with RSA\-MD4
.TP
\fB\-P, \-\-password\fR
Use this password for the key instead of one randomly generated.
.TP
\fB\-D, \-\-binddn\fR
The LDAP DN to bind as when retrieving a keytab without Kerberos credentials. Generally used with the \fB\-w\fR option.
.TP
\fB\-w, \-\-bindpw\fR
The LDAP password to use when not binding with Kerberos.
.TP
\fB\-r\fR
Retrieve mode. Retrieve an existing key from the server instead of generating a
new one. This is incompatibile with the \-\-password option, and will work only
against a FreeIPA server more recent than version 3.3. The user requesting the
keytab must have access to the keys for this operation to succeed.
.SH "EXAMPLES"
Add and retrieve a keytab for the NFS service principal on
the host foo.example.com and save it in the file /tmp/nfs.keytab and retrieve just the des\-cbc\-crc key.
# ipa\-getkeytab \-s ipaserver.example.com \-p nfs/foo.example.com \-k /tmp/nfs.keytab \-e des\-cbc\-crc
Add and retrieve a keytab for the ldap service principal on
the host foo.example.com and save it in the file /tmp/ldap.keytab.
# ipa\-getkeytab \-s ipaserver.example.com \-p ldap/foo.example.com \-k /tmp/ldap.keytab
Retrieve a keytab using LDAP credentials (this will typically be done by \fBipa\-join(1)\fR when enrolling a client using the \fBipa\-client\-install(1)\fR command:
# ipa\-getkeytab \-s ipaserver.example.com \-p host/foo.example.com \-k /etc/krb5.keytab \-D fqdn=foo.example.com,cn=computers,cn=accounts,dc=example,dc=com \-w password
.SH "EXIT STATUS"
The exit status is 0 on success, nonzero on error.
0 Success
1 Kerberos context initialization failed
2 Incorrect usage
3 Out of memory
4 Invalid service principal name
5 No Kerberos credentials cache
6 No Kerberos principal and no bind DN and password
7 Failed to open keytab
8 Failed to create key material
9 Setting keytab failed
10 Bind password required when using a bind DN
11 Failed to add key to keytab
12 Failed to close keytab

142
ipa-client/man/ipa-join.1 Normal file
View File

@@ -0,0 +1,142 @@
.\" A man page for ipa-join
.\" Copyright (C) 2009 Red Hat, Inc.
.\"
.\" This program is free software; you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation, either version 3 of the License, or
.\" (at your option) any later version.
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program. If not, see <http://www.gnu.org/licenses/>.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-join" "1" "Oct 8 2009" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-join \- Join a machine to an IPA realm and get a keytab for the host service principal
.SH "SYNOPSIS"
ipa\-join [\fB\-d\fR|\fB\-\-debug\fR] [\fB\-q\fR|\fB\-\-quiet\fR] [\fB\-u\fR|\fB\-\-unenroll\fR] [\fB\-h\fR|\fB\-\-hostname\fR hostname] [\fB\-s\fR|\fB\-\-server\fR hostname] [\fB\-k\fR|\fB\-\-keytab\fR filename] [\fB\-w\fR|\fB\-\-bindpw\fR password] [\fB-b\fR|\-\-\fBbasedn basedn\fR] [\fB\-?\fR|\fB\-\-help\fR] [\fB\-\-usage\fR]
.SH "DESCRIPTION"
Joins a host to an IPA realm and retrieves a kerberos \fIkeytab\fR for the host service principal, or unenrolls an enrolled host from an IPA server.
Kerberos keytabs are used for services (like sshd) to perform kerberos authentication. A keytab is a file with one or more secrets (or keys) for a kerberos principal.
The ipa\-join command will create and retrieve a service principal for host/foo.example.com@EXAMPLE.COM and place it by default into /etc/krb5.keytab. The location can be overridden with the \-k option.
The IPA server to contact is set in /etc/ipa/default.conf by default and can be overridden using the \-s,\-\-server option.
In order to join the machine needs to be authenticated. This can happen in one of two ways:
* Authenticate using the current kerberos principal
* Provide a password to authenticate with
If a client host has already been joined to the IPA realm the ipa\-join command will fail. The host will need to be removed from the server using `ipa host\-del FQDN` in order to join the client to the realm.
This command is normally executed by the ipa\-client\-install command as part of the enrollment process.
The reverse is unenrollment. Unenrolling a host removes the Kerberos key on the IPA server. This prepares the host to be re\-enrolled. This uses the host principal stored in /etc/krb5.conf to authenticate to the IPA server to perform the unenrollment.
Please note, that while the ipa\-join option removes the client from the domain, it does not actually uninstall the client or properly remove all of the IPA\-related configuration. The only way to uninstall a client completely is to use ipa\-client\-install \-\-uninstall
(see
.BR ipa\-client\-install (1)).
.SH "OPTIONS"
.TP
\fB\-h,\-\-hostname hostname\fR
The hostname of this server (FQDN). By default of nodename from uname(2) is used.
.TP
\fB\-s,\-\-server server\fR
The hostname of the IPA server (FQDN). Note that by default there is no /etc/ipa/default.conf, in most cases it needs to be supplied.
.TP
\fB\-k,\-\-keytab keytab\-file\fR
The keytab file where to append the new key (will be created if it does not exist). Default: /etc/krb5.keytab
.TP
\fB\-w,\-\-bindpw password\fR
The password to use if not using Kerberos to authenticate. Use a password of this particular host (one time password created on IPA server)
.TP
\fB\-b,\-\-basedn basedn\fR
The basedn of the IPA server (of the form dc=example,dc=com). This is only needed when not using Kerberos to authenticate and anonymous binds are disallowed in the IPA LDAP server.
.TP
\fB\-f,\-\-force\fR
Force enrolling the host even if host entry exists.
.TP
\fB\-u,\-\-unenroll\fR
Unenroll this host from the IPA server. No keytab entry is removed in the process
(see
.BR ipa-rmkeytab (1)).
.TP
\fB\-q,\-\-quiet\fR
Quiet mode. Only errors are displayed.
.TP
\fB\-d,\-\-debug\fR
Print the raw XML-RPC output in GSSAPI mode.
.SH "EXAMPLES"
Join IPA domain and retrieve a keytab with kerberos credentials.
# kinit admin
# ipa\-join
Join IPA domain and retrieve a keytab using a one\-time password.
# ipa\-join \-w secret123
Join IPA domain and save the keytab in another location.
# ipa\-join \-k /tmp/host.keytab
.SH "EXIT STATUS"
The exit status is 0 on success, nonzero on error.
0 Success
1 Kerberos context initialization failed
2 Incorrect usage
3 Out of memory
4 Invalid service principal name
5 No Kerberos credentials cache
6 No Kerberos principal and no bind DN and password
7 Failed to open keytab
8 Failed to create key material
9 Setting keytab failed
10 Bind password required when using a bind DN
11 Failed to add key to keytab
12 Failed to close keytab
13 Host is already enrolled
14 LDAP failure
15 Incorrect bulk password
16 Host name must be fully\-qualified
17 XML\-RPC fault
18 Principal not found in host entry
19 Unable to generate Kerberos credentials cache
20 Unenrollment result not in XML\-RPC response
21 Failed to get default Kerberos realm
.SH "SEE ALSO"
.BR ipa-rmkeytab (1)
.BR ipa-client-install (1)

89
ipa-client/man/ipa-rmkeytab.1 Normal file
View File

@@ -0,0 +1,89 @@
.\" A man page for ipa-rmkeytab
.\" Copyright (C) 2009 Red Hat, Inc.
.\"
.\" This program is free software; you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation, either version 3 of the License, or
.\" (at your option) any later version.
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program. If not, see <http://www.gnu.org/licenses/>.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.\"
.TH "ipa-rmkeytab" "1" "Oct 30 2009" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-rmkeytab \- Remove a kerberos principal from a keytab
.SH "SYNOPSIS"
ipa\-rmkeytab [ \fB\-p\fR principal\-name ] [ \fB\-k\fR keytab\-file ] [ \fB\-r\fR realm ] [ \fB\-d\fR ]
.SH "DESCRIPTION"
Removes a kerberos principal from a \fIkeytab\fR.
Kerberos keytabs are used for services (like sshd) to
perform kerberos authentication. A keytab is a file
with one or more secrets (or keys) for a kerberos
principal.
A kerberos service principal is a kerberos identity
that can be used for authentication. Service principals
contain the name of the service, the hostname of the
server, and the realm name.
ipa\-rmkeytab provides two ways to remove principals.
A specific principal can be removed or all
principals for a given realm can be removed.
All encryption types and versions of a principal are removed.
The realm may be included when removing a specific principal but
it is not required.
\fBNOTE:\fR removing a principal from the keytab does not affect
the Kerberos principal stored in the IPA server. It merely removes
the entry from the local keytab.
.SH "OPTIONS"
.TP
\fB\-p principal\-name\fR
The non\-realm part of the full principal name.
.TP
\fB\-k keytab\-file\fR
The keytab file to append the principal(s) from.
.TP
\fB\-r realm\fR
A realm to remove all principals for.
.TP
\fB\-d\fR
Debug mode. Additional information is displayed.
.SH "EXAMPLES"
Remove the NFS service principal on the host foo.example.com from /tmp/nfs.keytab.
# ipa\-rmkeytab \-p nfs/foo.example.com \-k /tmp/nfs.keytab
Remove the ldap service principal on the host foo.example.com from /etc/krb5.keytab.
# ipa\-rmkeytab \-p ldap/foo.example.com \-k /etc/krb5.keytab
Remove all principals for the realm EXAMPLE.COM.
# ipa\-rmkeytab \-r EXAMPLE.COM \-k /etc/krb5.keytab
.SH "EXIT STATUS"
The exit status is 0 on success, nonzero on error.
1 Kerberos initialization failed
2 Memory allocation error
3 Unable to open keytab
4 Unable to parse the principal name
5 Principal name or realm not found in keytab
6 Unable to remove principal from keytab

215
ipa-client/missing Executable file
View File

@@ -0,0 +1,215 @@
#! /bin/sh
# Common wrapper for a few potentially missing GNU programs.
scriptversion=2013-10-28.13; # UTC
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
if test $# -eq 0; then
echo 1>&2 "Try '$0 --help' for more information"
exit 1
fi
case $1 in
--is-lightweight)
# Used by our autoconf macros to check whether the available missing
# script is modern enough.
exit 0
;;
--run)
# Back-compat with the calling convention used by older automake.
shift
;;
-h|--h|--he|--hel|--help)
echo "\
$0 [OPTION]... PROGRAM [ARGUMENT]...
Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due
to PROGRAM being missing or too old.
Options:
-h, --help display this help and exit
-v, --version output version information and exit
Supported PROGRAM values:
aclocal autoconf autoheader autom4te automake makeinfo
bison yacc flex lex help2man
Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and
'g' are ignored when checking the name.
Send bug reports to <bug-automake@gnu.org>."
exit $?
;;
-v|--v|--ve|--ver|--vers|--versi|--versio|--version)
echo "missing $scriptversion (GNU Automake)"
exit $?
;;
-*)
echo 1>&2 "$0: unknown '$1' option"
echo 1>&2 "Try '$0 --help' for more information"
exit 1
;;
esac
# Run the given program, remember its exit status.
"$@"; st=$?
# If it succeeded, we are done.
test $st -eq 0 && exit 0
# Also exit now if we it failed (or wasn't found), and '--version' was
# passed; such an option is passed most likely to detect whether the
# program is present and works.
case $2 in --version|--help) exit $st;; esac
# Exit code 63 means version mismatch. This often happens when the user
# tries to use an ancient version of a tool on a file that requires a
# minimum version.
if test $st -eq 63; then
msg="probably too old"
elif test $st -eq 127; then
# Program was missing.
msg="missing on your system"
else
# Program was found and executed, but failed. Give up.
exit $st
fi
perl_URL=http://www.perl.org/
flex_URL=http://flex.sourceforge.net/
gnu_software_URL=http://www.gnu.org/software
program_details ()
{
case $1 in
aclocal|automake)
echo "The '$1' program is part of the GNU Automake package:"
echo "<$gnu_software_URL/automake>"
echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:"
echo "<$gnu_software_URL/autoconf>"
echo "<$gnu_software_URL/m4/>"
echo "<$perl_URL>"
;;
autoconf|autom4te|autoheader)
echo "The '$1' program is part of the GNU Autoconf package:"
echo "<$gnu_software_URL/autoconf/>"
echo "It also requires GNU m4 and Perl in order to run:"
echo "<$gnu_software_URL/m4/>"
echo "<$perl_URL>"
;;
esac
}
give_advice ()
{
# Normalize program name to check for.
normalized_program=`echo "$1" | sed '
s/^gnu-//; t
s/^gnu//; t
s/^g//; t'`
printf '%s\n' "'$1' is $msg."
configure_deps="'configure.ac' or m4 files included by 'configure.ac'"
case $normalized_program in
autoconf*)
echo "You should only need it if you modified 'configure.ac',"
echo "or m4 files included by it."
program_details 'autoconf'
;;
autoheader*)
echo "You should only need it if you modified 'acconfig.h' or"
echo "$configure_deps."
program_details 'autoheader'
;;
automake*)
echo "You should only need it if you modified 'Makefile.am' or"
echo "$configure_deps."
program_details 'automake'
;;
aclocal*)
echo "You should only need it if you modified 'acinclude.m4' or"
echo "$configure_deps."
program_details 'aclocal'
;;
autom4te*)
echo "You might have modified some maintainer files that require"
echo "the 'autom4te' program to be rebuilt."
program_details 'autom4te'
;;
bison*|yacc*)
echo "You should only need it if you modified a '.y' file."
echo "You may want to install the GNU Bison package:"
echo "<$gnu_software_URL/bison/>"
;;
lex*|flex*)
echo "You should only need it if you modified a '.l' file."
echo "You may want to install the Fast Lexical Analyzer package:"
echo "<$flex_URL>"
;;
help2man*)
echo "You should only need it if you modified a dependency" \
"of a man page."
echo "You may want to install the GNU Help2man package:"
echo "<$gnu_software_URL/help2man/>"
;;
makeinfo*)
echo "You should only need it if you modified a '.texi' file, or"
echo "any other file indirectly affecting the aspect of the manual."
echo "You might want to install the Texinfo package:"
echo "<$gnu_software_URL/texinfo/>"
echo "The spurious makeinfo call might also be the consequence of"
echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might"
echo "want to install GNU make:"
echo "<$gnu_software_URL/make/>"
;;
*)
echo "You might have modified some files without having the proper"
echo "tools for further handling them. Check the 'README' file, it"
echo "often tells you about the needed prerequisites for installing"
echo "this package. You may also peek at any GNU archive site, in"
echo "case some other package contains this missing '$1' program."
;;
esac
}
give_advice "$1" | sed -e '1s/^/WARNING: /' \
-e '2,$s/^/ /' >&2
# Propagate the correct exit status (expected to be 127 for a program
# not found, 63 for a program that failed due to version mismatch).
exit $st
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

170
ipa-client/py-compile Executable file
View File

@@ -0,0 +1,170 @@
#!/bin/sh
# py-compile - Compile a Python program
scriptversion=2011-06-08.12; # UTC
# Copyright (C) 2000-2013 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# This file is maintained in Automake, please report
# bugs to <bug-automake@gnu.org> or send patches to
# <automake-patches@gnu.org>.
if [ -z "$PYTHON" ]; then
PYTHON=python
fi
me=py-compile
usage_error ()
{
echo "$me: $*" >&2
echo "Try '$me --help' for more information." >&2
exit 1
}
basedir=
destdir=
while test $# -ne 0; do
case "$1" in
--basedir)
if test $# -lt 2; then
usage_error "option '--basedir' requires an argument"
else
basedir=$2
fi
shift
;;
--destdir)
if test $# -lt 2; then
usage_error "option '--destdir' requires an argument"
else
destdir=$2
fi
shift
;;
-h|--help)
cat <<\EOF
Usage: py-compile [--help] [--version] [--basedir DIR] [--destdir DIR] FILES..."
Byte compile some python scripts FILES. Use --destdir to specify any
leading directory path to the FILES that you don't want to include in the
byte compiled file. Specify --basedir for any additional path information you
do want to be shown in the byte compiled file.
Example:
py-compile --destdir /tmp/pkg-root --basedir /usr/share/test test.py test2.py
Report bugs to <bug-automake@gnu.org>.
EOF
exit $?
;;
-v|--version)
echo "$me $scriptversion"
exit $?
;;
--)
shift
break
;;
-*)
usage_error "unrecognized option '$1'"
;;
*)
break
;;
esac
shift
done
files=$*
if test -z "$files"; then
usage_error "no files given"
fi
# if basedir was given, then it should be prepended to filenames before
# byte compilation.
if [ -z "$basedir" ]; then
pathtrans="path = file"
else
pathtrans="path = os.path.join('$basedir', file)"
fi
# if destdir was given, then it needs to be prepended to the filename to
# byte compile but not go into the compiled file.
if [ -z "$destdir" ]; then
filetrans="filepath = path"
else
filetrans="filepath = os.path.normpath('$destdir' + os.sep + path)"
fi
$PYTHON -c "
import sys, os, py_compile, imp
files = '''$files'''
sys.stdout.write('Byte-compiling python modules...\n')
for file in files.split():
$pathtrans
$filetrans
if not os.path.exists(filepath) or not (len(filepath) >= 3
and filepath[-3:] == '.py'):
continue
sys.stdout.write(file)
sys.stdout.flush()
if hasattr(imp, 'get_tag'):
py_compile.compile(filepath, imp.cache_from_source(filepath), path)
else:
py_compile.compile(filepath, filepath + 'c', path)
sys.stdout.write('\n')" || exit $?
# this will fail for python < 1.5, but that doesn't matter ...
$PYTHON -O -c "
import sys, os, py_compile, imp
# pypy does not use .pyo optimization
if hasattr(sys, 'pypy_translation_info'):
sys.exit(0)
files = '''$files'''
sys.stdout.write('Byte-compiling python modules (optimized versions) ...\n')
for file in files.split():
$pathtrans
$filetrans
if not os.path.exists(filepath) or not (len(filepath) >= 3
and filepath[-3:] == '.py'):
continue
sys.stdout.write(file)
sys.stdout.flush()
if hasattr(imp, 'get_tag'):
py_compile.compile(filepath, imp.cache_from_source(filepath, False), path)
else:
py_compile.compile(filepath, filepath + 'o', path)
sys.stdout.write('\n')" 2>/dev/null || :
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

1
ipa-client/version.m4 Normal file
View File

@@ -0,0 +1 @@
define([IPA_VERSION], [4.0.5])

1
ipa-client/version.m4.in Normal file
View File

@@ -0,0 +1 @@
define([IPA_VERSION], [__VERSION__])