Arthur de Jong

+config.log

+config.h

+config.cache

+config.status

+stamp-h

+Makefile

+NSS_LDAP

+

+ ANNOUNCING NSS_LDAP

+ ===================

+

+1. What is nss_ldap?

+--------------------

+

+nss_ldap is a set of C library extensions which allows X.500 and LDAP

+directory servers to be used as a primary source of aliases, ethers,

+groups, hosts, networks, protocol, users, RPCs, services and shadow

+passwords (instead of or in addition to using flat files or NIS).

+

+nss_ldap nominally supports the following operating system libraries:

+

+ o the Nameservice Switch in Solaris 2.4 to 9

+ o the Nameservice Switch in HP-UX 11

+ o the Nameservice Switch in the GNU C Library 2.1 (as

+ in libc.so.6 under Linux)

+ o the Nameservice Switch in FreeBSD 5.x

+ o the Information Retrieval Service (IRS) in BIND

+ o the Information Retrieval Service (IRS) and proprietary

+ authentication and identity interface in AIX 4.3.3

+

+nss_ldap is an implementation of the schema specified in RFC 2307

+and is compatible with that used in PADL Software Pty Ltd's

+NIS/LDAP gateway (ypldapd), and current versions of Solaris,

+HP-UX and MacOS X.

+

+2. What can it do for me?

+-------------------------

+

+nss_ldap lets you use LDAP servers, like Netscape's Directory Server,

+to distribute users, hosts, groups and other like information throughout

+an organization. Because LDAP is a hierarchical directory service,

+you can distribute the information in a manner which reflects an

+organizational structure. This contrasts with the flat, single domain

+policy of NIS. LDAP has many of the advantages of NIS+ (security and

+scalability) without the complexity.

+

+nss_ldap will work alongside your existing NIS, NIS+, DNS and flat file

+name services. More importantly, because it builds as a shared library,

+you don't have to recompile any of your applications to take advantage

+of LDAP. When used with a directory server under NT, it may be helpful

+in synchronizing Unix and NT accounts.

+

+3. What are its limitations?

+----------------------------

+

+Currently, some "maps" (like bootparams) are not supported. It's also

+alpha software, so use it at your own risk. This should be considered

+with respect to the fact the nss_ldap is loaded into the address space

+of *every* process which uses the C library's resolver functions and

+has LDAP in its search order. (This isn't entirely true under Solaris,

+but the implications are similar.)

+

+Finally, it only supports Linux and Solaris (and some versions of

+BSD). You might want to look at ypldapd (see below) if you need to

+support NIS clients.

+

+4. How much does it cost?

+-------------------------

+

+It's free, and distributed under the GNU General Library Public

+Licence (LGPL). Please read the file COPYING.LIB For more information.

+

+5. Where do I get it?

+---------------------

+

+nss_ldap is available from:

+

+ <URL:http://www.padl.com/download/nss_ldap.tgz>

+ <URL:ftp://ftp.padl.com/pub/nss_ldap.tgz>

+

+We have also made available some Perl scripts for populating LDAP

+databases from existing flat files, NIS and/or NetInfo data.

+

+ <URL:http://www.padl.com/download/MigrationTools.tgz>

+ <URL:ftp://www.padl.com/pub/MigrationTools.tgz>

+

+You'll need to compile a position-independent LDAP client library

+(libldap). You can either get the entire LDAP package from the University

+of Michigan (see below) and add "-fPIC" (if you're using gcc) to the

+C compiler flags; download the Mozilla SDK from www.mozilla.org;

+download the prebuilt Netscape LDAP SDK from developer.netscape.com;

+or download OpenLDAP from www.openldap.org.

+

+6. Where can I get more information?

+------------------------------------

+

+To discuss nss_ldap, ypldapd, and related technologies, you may subscribe

+to the following mailing list:

+

+ <URL:mailto:ldap-nis-request@padl.com>

+

+Send an electronic mail message with "subscribe" in the message body to

+join the list.

+

+To contact the developers, email:

+

+ <URL:mailto:dev@padl.com>

+

+Note that PADL offer commercial support on a per-incident basis. The

+support@padl.com is for commercial support customers only.

+

+For more information on using LDAP for name resolution, and related software,

+see:

+

+ <URL:http://www.padl.com>

+

+And if you need an LDAP server, or some general information on LDAP,

+see:

+

+ <URL:http://www.openldap.org>

+

+7. Who wrote it?

+----------------

+

+nss_ldap was written by PADL Software Pty Ltd <dev@padl.com>. Many

+others have contributed, see the file AUTHORS in this directory.

+

+Please read the following document before submitting any

+contributions:

+

+ <URL:http://www.padl.com/Articles/GuidelinesforContributing.html>

+

+

+nss_ldap was written by Luke Howard <lukeh@padl.com>.

+

+Development commenced in mid-1997 and continues to this day.

+

+Special thanks go to people who have volunteered their time, effort,

+and ideas to make this software available.

+

+Please note that unless specifically indicated otherwise,

+Luke Howard retains copyright in all contributed code.

+

+ Steven Barrus <sbarrus@eng.utah.edu>

+ David Begley <david@avarice.nepean.uws.edu.au>

+ Maxim Batourine <Batourine_M@ald.utoronto.ca>

+ Michael Brownea <mbrown@fensystems.co.uk>

+ Max Caines <Max.Caines@wlv.ac.uk>

+ Carlos Celso <carlos.celso@embraer.com.br>

+ Peter Cherny <peterc@luddite.com.au>

+ Howard Chu <hyc@symas.com>

+ Ben Collins <bcollins@debian.org>

+ Stephan Cremer <scremer@dohle.com>

+ Alejandro Forero Cuervo <azul@freaks-unidos.net>

+ Guenther Deschner <gd@samba.org>

+ Luca Filipozzi <lucaf+nssldap@ece.ubc.ca>

+ Andrew Findlay <Andrew.Findlay@skills-1st.co.uk>

+ Cristian Gafton <gafton@redhat.com>

+ Gabor Gombas <gombasg@inf.elte.hu>

+ DJ Gregor <dj@gregor.com>

+ Bob Guo <bob@mail.ied.ac.cn>

+ Daniel Hanks <hanksdc@plug.org>

+ Leif Hedstrom <leif@ogre.com>

+ Emile Heitor <eheitor@isdnet.net>

+ Geert Jansen <undisclosed>

+ Szymon Juraszczyk <szymon@ssk.pl>

+ Anselm Kruis <kruis@till-photonics.com>

+ Thorsten Kukuk <kukuk@suse.de>

+ Steve Langasek <vorlon@netexpress.net>

+ Joe Little <jlittle@open-it.org>

+ Phillip Liu <phillip@loudcloud.com>

+ Larry Lile <llile@dreamworks.com>

+ Jeff Mandel <jeff.mandel@probes.com>

+ Peter Marschall <peter@adpm.de>

+ Michael Mattice <mike@bmisystems.com>

+ Dejan Muhamedagic <dejan.muhamedagic@at.ibm.com>

+ Doug Nazar <nazard@dragoninc.on.ca>

+ Frode Nordahl <frode@nordahl.net>

+ Lars Oergel <lars.oergel@innominate.de>

+ Fredrik Ohrn <ohrn@chl.chalmers.se>

+ Rakesh Patel <rpatel@globix.com>

+ Nathan Hawkins <Nathan.Hawkins@FMR.COM>

+ Andrew Rechenberg <ARechenberg@shermanfinancialgroup.com>

+ Greg Retowski <greg@rage.net>

+ Alain Richard <alain.richard@equation.fr>

+ Michael Shuey <shuey@ecn.purdue.edu>

+ Oliver Schulze L. <oliver@samera.com.py>

+ Alexander Spannagel <spannagel@jobpilot.com>

+ Scott M. Stone <sstone@foo3.com>

+ Gero Treuner <gero@faveve.uni-stuttgart.de>

+ Jarkko Turkulainen <jt@wapit.com>

+ Stein Vrale <stein@terminator.net>

+ Simon Wilkinson <sxw@sxw.org.uk>

+

+If I've forgotton anyone, please let me know.

+

+Contributors should appraise themselves of the document at

+http://www.padl.com/Articles/GuidelinesforContributing.html.

+

+--

+Luke Howard <lukeh@padl.com>

+

+ GNU LIBRARY GENERAL PUBLIC LICENSE

+ Version 2, June 1991

+

+ Copyright (C) 1991 Free Software Foundation, Inc.

+ 675 Mass Ave, Cambridge, MA 02139, USA

+ Everyone is permitted to copy and distribute verbatim copies

+ of this license document, but changing it is not allowed.

+

+[This is the first released version of the library GPL. It is

+ numbered 2 because it goes with version 2 of the ordinary GPL.]

+

+ Preamble

+

+ The licenses for most software are designed to take away your

+freedom to share and change it. By contrast, the GNU General Public

+Licenses are intended to guarantee your freedom to share and change

+free software--to make sure the software is free for all its users.

+

+ This license, the Library General Public License, applies to some

+specially designated Free Software Foundation software, and to any

+other libraries whose authors decide to use it. You can use it for

+your libraries, too.

+

+ When we speak of free software, we are referring to freedom, not

+price. Our General Public Licenses are designed to make sure that you

+have the freedom to distribute copies of free software (and charge for

+this service if you wish), that you receive source code or can get it

+if you want it, that you can change the software or use pieces of it

+in new free programs; and that you know you can do these things.

+

+ To protect your rights, we need to make restrictions that forbid

+anyone to deny you these rights or to ask you to surrender the rights.

+These restrictions translate to certain responsibilities for you if

+you distribute copies of the library, or if you modify it.

+

+ For example, if you distribute copies of the library, whether gratis

+or for a fee, you must give the recipients all the rights that we gave

+you. You must make sure that they, too, receive or can get the source

+code. If you link a program with the library, you must provide

+complete object files to the recipients so that they can relink them

+with the library, after making changes to the library and recompiling

+it. And you must show them these terms so they know their rights.

+

+ Our method of protecting your rights has two steps: (1) copyright

+the library, and (2) offer you this license which gives you legal

+permission to copy, distribute and/or modify the library.

+

+ Also, for each distributor's protection, we want to make certain

+that everyone understands that there is no warranty for this free

+library. If the library is modified by someone else and passed on, we

+want its recipients to know that what they have is not the original

+version, so that any problems introduced by others will not reflect on

+the original authors' reputations.

+

+ Finally, any free program is threatened constantly by software

+patents. We wish to avoid the danger that companies distributing free

+software will individually obtain patent licenses, thus in effect

+transforming the program into proprietary software. To prevent this,

+we have made it clear that any patent must be licensed for everyone's

+free use or not licensed at all.

+

+ Most GNU software, including some libraries, is covered by the ordinary

+GNU General Public License, which was designed for utility programs. This

+license, the GNU Library General Public License, applies to certain

+designated libraries. This license is quite different from the ordinary

+one; be sure to read it in full, and don't assume that anything in it is

+the same as in the ordinary license.

+

+ The reason we have a separate public license for some libraries is that

+they blur the distinction we usually make between modifying or adding to a

+program and simply using it. Linking a program with a library, without

+changing the library, is in some sense simply using the library, and is

+analogous to running a utility program or application program. However, in

+a textual and legal sense, the linked executable is a combined work, a

+derivative of the original library, and the ordinary General Public License

+treats it as such.

+

+ Because of this blurred distinction, using the ordinary General

+Public License for libraries did not effectively promote software

+sharing, because most developers did not use the libraries. We

+concluded that weaker conditions might promote sharing better.

+

+ However, unrestricted linking of non-free programs would deprive the

+users of those programs of all benefit from the free status of the

+libraries themselves. This Library General Public License is intended to

+permit developers of non-free programs to use free libraries, while

+preserving your freedom as a user of such programs to change the free

+libraries that are incorporated in them. (We have not seen how to achieve

+this as regards changes in header files, but we have achieved it as regards

+changes in the actual functions of the Library.) The hope is that this

+will lead to faster development of free libraries.

+

+ The precise terms and conditions for copying, distribution and

+modification follow. Pay close attention to the difference between a

+"work based on the library" and a "work that uses the library". The

+former contains code derived from the library, while the latter only

+works together with the library.

+

+ Note that it is possible for a library to be covered by the ordinary

+General Public License rather than by this special one.

+

+ GNU LIBRARY GENERAL PUBLIC LICENSE

+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

+

+ 0. This License Agreement applies to any software library which

+contains a notice placed by the copyright holder or other authorized

+party saying it may be distributed under the terms of this Library

+General Public License (also called "this License"). Each licensee is

+addressed as "you".

+

+ A "library" means a collection of software functions and/or data

+prepared so as to be conveniently linked with application programs

+(which use some of those functions and data) to form executables.

+

+ The "Library", below, refers to any such software library or work

+which has been distributed under these terms. A "work based on the

+Library" means either the Library or any derivative work under

+copyright law: that is to say, a work containing the Library or a

+portion of it, either verbatim or with modifications and/or translated

+straightforwardly into another language. (Hereinafter, translation is

+included without limitation in the term "modification".)

+

+ "Source code" for a work means the preferred form of the work for

+making modifications to it. For a library, complete source code means

+all the source code for all modules it contains, plus any associated

+interface definition files, plus the scripts used to control compilation

+and installation of the library.

+

+ Activities other than copying, distribution and modification are not

+covered by this License; they are outside its scope. The act of

+running a program using the Library is not restricted, and output from

+such a program is covered only if its contents constitute a work based

+on the Library (independent of the use of the Library in a tool for

+writing it). Whether that is true depends on what the Library does

+and what the program that uses the Library does.

+

+ 1. You may copy and distribute verbatim copies of the Library's

+complete source code as you receive it, in any medium, provided that

+you conspicuously and appropriately publish on each copy an

+appropriate copyright notice and disclaimer of warranty; keep intact

+all the notices that refer to this License and to the absence of any

+warranty; and distribute a copy of this License along with the

+Library.

+

+ You may charge a fee for the physical act of transferring a copy,

+and you may at your option offer warranty protection in exchange for a

+fee.

+

+ 2. You may modify your copy or copies of the Library or any portion

+of it, thus forming a work based on the Library, and copy and

+distribute such modifications or work under the terms of Section 1

+above, provided that you also meet all of these conditions:

+

+ a) The modified work must itself be a software library.

+

+ b) You must cause the files modified to carry prominent notices

+ stating that you changed the files and the date of any change.

+

+ c) You must cause the whole of the work to be licensed at no

+ charge to all third parties under the terms of this License.

+

+ d) If a facility in the modified Library refers to a function or a

+ table of data to be supplied by an application program that uses

+ the facility, other than as an argument passed when the facility

+ is invoked, then you must make a good faith effort to ensure that,

+ in the event an application does not supply such function or

+ table, the facility still operates, and performs whatever part of

+ its purpose remains meaningful.

+

+ (For example, a function in a library to compute square roots has

+ a purpose that is entirely well-defined independent of the

+ application. Therefore, Subsection 2d requires that any

+ application-supplied function or table used by this function must

+ be optional: if the application does not supply it, the square

+ root function must still compute square roots.)

+

+These requirements apply to the modified work as a whole. If

+identifiable sections of that work are not derived from the Library,

+and can be reasonably considered independent and separate works in

+themselves, then this License, and its terms, do not apply to those

+sections when you distribute them as separate works. But when you

+distribute the same sections as part of a whole which is a work based

+on the Library, the distribution of the whole must be on the terms of

+this License, whose permissions for other licensees extend to the

+entire whole, and thus to each and every part regardless of who wrote

+it.

+

+Thus, it is not the intent of this section to claim rights or contest

+your rights to work written entirely by you; rather, the intent is to

+exercise the right to control the distribution of derivative or

+collective works based on the Library.

+

+In addition, mere aggregation of another work not based on the Library

+with the Library (or with a work based on the Library) on a volume of

+a storage or distribution medium does not bring the other work under

+the scope of this License.

+

+ 3. You may opt to apply the terms of the ordinary GNU General Public

+License instead of this License to a given copy of the Library. To do

+this, you must alter all the notices that refer to this License, so

+that they refer to the ordinary GNU General Public License, version 2,

+instead of to this License. (If a newer version than version 2 of the

+ordinary GNU General Public License has appeared, then you can specify

+that version instead if you wish.) Do not make any other change in

+these notices.

+

+ Once this change is made in a given copy, it is irreversible for

+that copy, so the ordinary GNU General Public License applies to all

+subsequent copies and derivative works made from that copy.

+

+ This option is useful when you wish to copy part of the code of

+the Library into a program that is not a library.

+

+ 4. You may copy and distribute the Library (or a portion or

+derivative of it, under Section 2) in object code or executable form

+under the terms of Sections 1 and 2 above provided that you accompany

+it with the complete corresponding machine-readable source code, which

+must be distributed under the terms of Sections 1 and 2 above on a

+medium customarily used for software interchange.

+

+ If distribution of object code is made by offering access to copy

+from a designated place, then offering equivalent access to copy the

+source code from the same place satisfies the requirement to

+distribute the source code, even though third parties are not

+compelled to copy the source along with the object code.

+

+ 5. A program that contains no derivative of any portion of the

+Library, but is designed to work with the Library by being compiled or

+linked with it, is called a "work that uses the Library". Such a

+work, in isolation, is not a derivative work of the Library, and

+therefore falls outside the scope of this License.

+

+ However, linking a "work that uses the Library" with the Library

+creates an executable that is a derivative of the Library (because it

+contains portions of the Library), rather than a "work that uses the

+library". The executable is therefore covered by this License.

+Section 6 states terms for distribution of such executables.

+

+ When a "work that uses the Library" uses material from a header file

+that is part of the Library, the object code for the work may be a

+derivative work of the Library even though the source code is not.

+Whether this is true is especially significant if the work can be

+linked without the Library, or if the work is itself a library. The

+threshold for this to be true is not precisely defined by law.

+

+ If such an object file uses only numerical parameters, data

+structure layouts and accessors, and small macros and small inline

+functions (ten lines or less in length), then the use of the object

+file is unrestricted, regardless of whether it is legally a derivative

+work. (Executables containing this object code plus portions of the

+Library will still fall under Section 6.)

+

+ Otherwise, if the work is a derivative of the Library, you may

+distribute the object code for the work under the terms of Section 6.

+Any executables containing that work also fall under Section 6,

+whether or not they are linked directly with the Library itself.

+

+ 6. As an exception to the Sections above, you may also compile or

+link a "work that uses the Library" with the Library to produce a

+work containing portions of the Library, and distribute that work

+under terms of your choice, provided that the terms permit

+modification of the work for the customer's own use and reverse

+engineering for debugging such modifications.

+

+ You must give prominent notice with each copy of the work that the

+Library is used in it and that the Library and its use are covered by

+this License. You must supply a copy of this License. If the work

+during execution displays copyright notices, you must include the

+copyright notice for the Library among them, as well as a reference

+directing the user to the copy of this License. Also, you must do one

+of these things:

+

+ a) Accompany the work with the complete corresponding

+ machine-readable source code for the Library including whatever

+ changes were used in the work (which must be distributed under

+ Sections 1 and 2 above); and, if the work is an executable linked

+ with the Library, with the complete machine-readable "work that

+ uses the Library", as object code and/or source code, so that the

+ user can modify the Library and then relink to produce a modified

+ executable containing the modified Library. (It is understood

+ that the user who changes the contents of definitions files in the

+ Library will not necessarily be able to recompile the application

+ to use the modified definitions.)

+

+ b) Accompany the work with a written offer, valid for at

+ least three years, to give the same user the materials

+ specified in Subsection 6a, above, for a charge no more

+ than the cost of performing this distribution.

+

+ c) If distribution of the work is made by offering access to copy

+ from a designated place, offer equivalent access to copy the above

+ specified materials from the same place.

+

+ d) Verify that the user has already received a copy of these

+ materials or that you have already sent this user a copy.

+

+ For an executable, the required form of the "work that uses the

+Library" must include any data and utility programs needed for

+reproducing the executable from it. However, as a special exception,

+the source code distributed need not include anything that is normally

+distributed (in either source or binary form) with the major

+components (compiler, kernel, and so on) of the operating system on

+which the executable runs, unless that component itself accompanies

+the executable.

+

+ It may happen that this requirement contradicts the license

+restrictions of other proprietary libraries that do not normally

+accompany the operating system. Such a contradiction means you cannot

+use both them and the Library together in an executable that you

+distribute.

+

+ 7. You may place library facilities that are a work based on the

+Library side-by-side in a single library together with other library

+facilities not covered by this License, and distribute such a combined

+library, provided that the separate distribution of the work based on

+the Library and of the other library facilities is otherwise

+permitted, and provided that you do these two things:

+

+ a) Accompany the combined library with a copy of the same work

+ based on the Library, uncombined with any other library

+ facilities. This must be distributed under the terms of the

+ Sections above.

+

+ b) Give prominent notice with the combined library of the fact

+ that part of it is a work based on the Library, and explaining

+ where to find the accompanying uncombined form of the same work.

+

+ 8. You may not copy, modify, sublicense, link with, or distribute

+the Library except as expressly provided under this License. Any

+attempt otherwise to copy, modify, sublicense, link with, or

+distribute the Library is void, and will automatically terminate your

+rights under this License. However, parties who have received copies,

+or rights, from you under this License will not have their licenses

+terminated so long as such parties remain in full compliance.

+

+ 9. You are not required to accept this License, since you have not

+signed it. However, nothing else grants you permission to modify or

+distribute the Library or its derivative works. These actions are

+prohibited by law if you do not accept this License. Therefore, by

+modifying or distributing the Library (or any work based on the

+Library), you indicate your acceptance of this License to do so, and

+all its terms and conditions for copying, distributing or modifying

+the Library or works based on it.

+

+ 10. Each time you redistribute the Library (or any work based on the

+Library), the recipient automatically receives a license from the

+original licensor to copy, distribute, link with or modify the Library

+subject to these terms and conditions. You may not impose any further

+restrictions on the recipients' exercise of the rights granted herein.

+You are not responsible for enforcing compliance by third parties to

+this License.

+

+ 11. If, as a consequence of a court judgment or allegation of patent

+infringement or for any other reason (not limited to patent issues),

+conditions are imposed on you (whether by court order, agreement or

+otherwise) that contradict the conditions of this License, they do not

+excuse you from the conditions of this License. If you cannot

+distribute so as to satisfy simultaneously your obligations under this

+License and any other pertinent obligations, then as a consequence you

+may not distribute the Library at all. For example, if a patent

+license would not permit royalty-free redistribution of the Library by

+all those who receive copies directly or indirectly through you, then

+the only way you could satisfy both it and this License would be to

+refrain entirely from distribution of the Library.

+

+If any portion of this section is held invalid or unenforceable under any

+particular circumstance, the balance of the section is intended to apply,

+and the section as a whole is intended to apply in other circumstances.

+

+It is not the purpose of this section to induce you to infringe any

+patents or other property right claims or to contest validity of any

+such claims; this section has the sole purpose of protecting the

+integrity of the free software distribution system which is

+implemented by public license practices. Many people have made

+generous contributions to the wide range of software distributed

+through that system in reliance on consistent application of that

+system; it is up to the author/donor to decide if he or she is willing

+to distribute software through any other system and a licensee cannot

+impose that choice.

+

+This section is intended to make thoroughly clear what is believed to

+be a consequence of the rest of this License.

+

+ 12. If the distribution and/or use of the Library is restricted in

+certain countries either by patents or by copyrighted interfaces, the

+original copyright holder who places the Library under this License may add

+an explicit geographical distribution limitation excluding those countries,

+so that distribution is permitted only in or among countries not thus

+excluded. In such case, this License incorporates the limitation as if

+written in the body of this License.

+

+ 13. The Free Software Foundation may publish revised and/or new

+versions of the Library General Public License from time to time.

+Such new versions will be similar in spirit to the present version,

+but may differ in detail to address new problems or concerns.

+

+Each version is given a distinguishing version number. If the Library

+specifies a version number of this License which applies to it and

+"any later version", you have the option of following the terms and

+conditions either of that version or of any later version published by

+the Free Software Foundation. If the Library does not specify a

+license version number, you may choose any version ever published by

+the Free Software Foundation.

+

+ 14. If you wish to incorporate parts of the Library into other free

+programs whose distribution conditions are incompatible with these,

+write to the author to ask for permission. For software which is

+copyrighted by the Free Software Foundation, write to the Free

+Software Foundation; we sometimes make exceptions for this. Our

+decision will be guided by the two goals of preserving the free status

+of all derivatives of our free software and of promoting the sharing

+and reuse of software generally.

+

+ NO WARRANTY

+

+ 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO

+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.

+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR

+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY

+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE

+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE

+LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME

+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

+

+ 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN

+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY

+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU

+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR

+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE

+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING

+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A

+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF

+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH

+DAMAGES.

+

+ END OF TERMS AND CONDITIONS

+

+ Appendix: How to Apply These Terms to Your New Libraries

+

+ If you develop a new library, and you want it to be of the greatest

+possible use to the public, we recommend making it free software that

+everyone can redistribute and change. You can do so by permitting

+redistribution under these terms (or, alternatively, under the terms of the

+ordinary General Public License).

+

+ To apply these terms, attach the following notices to the library. It is

+safest to attach them to the start of each source file to most effectively

+convey the exclusion of warranty; and each file should have at least the

+"copyright" line and a pointer to where the full notice is found.

+

+ <one line to give the library's name and a brief idea of what it does.>

+ Copyright (C) <year> <name of author>

+

+ This library is free software; you can redistribute it and/or

+ modify it under the terms of the GNU Library General Public

+ License as published by the Free Software Foundation; either

+ version 2 of the License, or (at your option) any later version.

+

+ This library is distributed in the hope that it will be useful,

+ but WITHOUT ANY WARRANTY; without even the implied warranty of

+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

+ Library General Public License for more details.

+

+ You should have received a copy of the GNU Library General Public

+ License along with this library; if not, write to the Free

+ Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

+

+Also add information on how to contact you by electronic and paper mail.

+

+You should also get your employer (if you work as a programmer) or your

+school, if any, to sign a "copyright disclaimer" for the library, if

+necessary. Here is a sample; alter the names:

+

+ Yoyodyne, Inc., hereby disclaims all copyright interest in the

+ library `Frob' (a library for tweaking knobs) written by James Random Hacker.

+

+ <signature of Ty Coon>, 1 April 1990

+ Ty Coon, President of Vice

+

+That's all there is to it!

+# Created and modified by checkpoint; do not edit

+# $Id: CVSVersionInfo.txt,v 2.293 2006/06/22 02:39:11 lukeh Exp $

+# $Name: nss_ldap-251 $

+ProjectName: nss_ldap

+ProjectVersion: 251

+ProjectMaintainer: lukeh

+#

+# run this before building in RC. @@@PLATFORM@@@ is

+# substituted for our platform names (linux, solaris etc)

+PreBuild: configure --with-ldap-lib=netscape4 --with-ldap-dir=/usr/local/ldapsdk4 --enable-rfc2307bis --disable-ssl

+PostBuild: make distclean

+# binaries to ship (although we don't do that at the moment)

+Shippables: nss_ldap.so

+$Id: ChangeLog,v 2.374 2006/05/15 08:13:44 lukeh Exp $

+===============================================================

+

+251 Luke Howard <lukeh@padl.com>

+

+ * remove doc/rfc2307.txt, it is available from

+ http://www.ietf.org/rfc/rfc2307.txt

+ * make objectClass a mappable attribute

+

+250 Luke Howard <lukeh@padl.com>

+

+ * don't use static _nss_ldap_no_members buffer,

+ causes crash when nss_ldap is unloaded and memory

+ is still referenced

+ * fix for BUG#249: tcsh closes file descriptors,

+ confuses nss_ldap and hangs (from David Houlder)

+ * fix for BUG#257: initgroups() broken in RFC2307bis

+ support disabled

+ * fix for BUG#261: sslpath example wrong

+ * fix for BUG#263: compile do_triple_permutations()

+ when IRS enabled

+

+249 Luke Howard <lukeh@padl.com>

+

+ * fix for BUG#253: build broken on AIX

+ * fix for BUG#255: deadlock in initgroups

+

+248 Luke Howard <lukeh@padl.com>

+

+ * fix regression in per-objectclass attribute mapping

+ introduced in nss_ldap-246

+

+247 Luke Howard <lukeh@padl.com>

+

+ * double-check *ld != NULL even if mapped eror return

+ from ldap_initialize() returns NSS_SUCCESS

+

+246 Luke Howard <lukeh@padl.com>

+

+ * paged results and RFC2307bis support are now always

+ compiled in; they are by default disabled unless

+ you configured with --enable-paged-results and

+ --enable-rfc2307bis, respectively. See nss_ldap(5)

+ for configuration options.

+ * fix for BUG#219: paged results delivers wrong results

+ * fix for BUG#222: use asynchronous start TLS if

+ available, using bind_timeout value

+ * fix for BUG#235: make DNS SRV lookup domain

+ configurable (nss_srv_domain)

+ * fix for BUG#240: return "*" rather than "x" for

+ userPassword if not present

+ * fix for BUG#245: paged results broken since nss_ldap-241

+ * patch from Ralf Haferkamp <rhafer@suse.de>:

+ compile fix for IPv6

+ * compile for Solaris

+ * schema mapping is always enabled, cleanup schema

+ mapping code

+ * allow for map-specific objectclass mapping

+ * partial implementation of Solaris Simplified LDAP

+ API, allows automountd support on Solaris via nss_ldap

+ * for Linux automounter, always close connection after

+ endautomntent() to avoid persistent connection

+ * add nss_connect_policy argument to ldap.conf

+

+245 Luke Howard <lukeh@padl.com>

+

+ * don't leak LDAP connection if do_bind() failed or

+ descriptor owner had changed. If do_bind() failed the

+ underlying descriptor would also be leaked, causing a

+ large number of sockets to be consumed during failover

+ * add nss_initgroups_ignoreusers parameter to ldap.conf,

+ returns NOTFOUND if nss_ldap's initgroups() is called

+ for users (comma separated)

+ * try to deal with systems that have headers for both

+ versions of the SASL library installed

+ * better logging of failed connections and reconnections

+ * patch from Dean Michaels <dean@interdynamix.com>:

+ build with Netscape 5 library on Solaris

+ * patch from Ralf Haferkamp <rhafer@suse.de>:

+ manual page fix to bind_policy

+

+244 Luke Howard <lukeh@padl.com>

+

+ * patch from Ralf Haferkamp <rhafer@suse.de>:

+ enusre bytesleft macro does not return values < 0

+ * include <sys/param.h> in ldap-nss.c

+

+243 Luke Howard <lukeh@padl.com>

+

+ * fix for BUG#225: invalid pointer dereferencing when

+ reading rootpw

+

+242 Luke Howard <lukeh@padl.com>

+

+ * fixes for compiling on Solaris 10

+

+241 Luke Howard <lukeh@padl.com>

+

+ * new, more robust reconnection logic

+ * both "host" and "uri" directives can be used in

+ ldap.conf

+ * new (undocumented) nss_reconnect_tries,

+ nss_reconnect_sleeptime, nss_reconnect_maxsleeptime,

+ nss_reconnect_maxconntries directives

+ * reload configuration file if changed

+

+240 Luke Howard <lukeh@padl.com>

+

+ * new API for resolving automounts (requires custom

+ autofs plugin for Linux at present):

+ _nss_ldap_setautomntent(), _nss_ldap_getautomntent(),

+ _nss_ldap_endautomntent(), _nss_ldap_getautomntbyname_r()

+ * fix for BUG#200: rename SOCKLEN_T as it conflicts on AIX

+ * fix for BUG#205: accept line feeds in ldap.conf

+ * fix for BUG#211: nss_ldap fails to start TLS on referred

+ connections

+ * fix for BUG#213: initgroups crash if RFC2307bis undefined

+ * turn down reconnection logging volume

+

+239 Luke Howard <lukeh@padl.com>

+

+ * support for initgroups using backlinks (selectable

+ at runtime if RFC2307bis support is enabled, using

+ the nss_initgroups backlink configuration directive)

+ * support for dynamically expanding filter sizes

+ * from Peter Marschall <peter@adpm.de>:

+ revert the deletion of blanks/tabs in ldap.conf that

+ happened between 235 and 238

+ * from Peter Marschall <peter@adpm.de>:

+ This patch changes configure.in and Makefile.am so that

+ ldap.conf gets installed in the place and with the name

+ that is given to the configure option --with-ldap-conf-file.

+ In addition to that it fixes a long standing bug in

+ Makefile.am that tries to install a file before the

+ destination directory is guaranteed to be created (hunk #3),

+ and uses $(mkinstalldirs) for AIX (hunk #2).

+

+238 Luke Howard <lukeh@padl.com>

+

+ * more manual page updates

+

+237 Luke Howard <lukeh@padl.com>

+

+ * more manual page updates

+

+236 Luke Howard <lukeh@padl.com>

+

+ * fix for BUG#201: typo in ldap-schema.c causing build

+ to fail

+ * add manual page for nss_ldap

+

+235 Luke Howard <lukeh@padl.com>

+

+ * fix for BUG#198: make pagesize configurable

+ * fix for BUG#199: correct fix for BUG#138

+ (blind last char remove in ldap.secret)

+

+234 Luke Howard <lukeh@padl.com>

+

+ * don't reacquire global lock in do_next_page()

+ * restore old "bind_policy hard" behaviour (don't try to

+ reconnect if initialization failed). The behaviour

+ introduced in nss_ldap-227 can be enabled with

+ "bind_policy hard_init".

+

+233 Luke Howard <lukeh@padl.com>

+

+ * if do_open() returns NSS_UNAVAIL, don't try to do

+ server reconnect; only do it if NSS_TRYAGAIN is returned

+ This should fix the problems introduced by the fixes in

+ nss_ldap-227 (delayed binding)

+

+232 Luke Howard <lukeh@padl.com>

+

+ * fix for BUG#138 (blind last char remove in ldap.secret)

+

+230 Luke Howard <lukeh@padl.com>

+

+ * don't free gss_krb5_ccache_name() output (Heimdal)

+

+229 Luke Howard <lukeh@padl.com>

+

+ * more debugging in initgroups and _nss_ldap_getentry()

+ * fix _nss_ldap_getentry() enumeration behaviour, and

+ optimize by not searching if the requested attribute

+ cannot be mapped

+

+228 Luke Howard <lukeh@padl.com>

+

+ * fix for BUG#188: better documentation for OpenLDAP

+ SSL options

+ * fix for BUG#189: do not configure tls_checkpeer

+ unless it is explicitly specifier in ldap.conf

+ * fix for BUG#190: set ls_state to LS_UNINITIALIZED

+ after fork

+

+227 Luke Howard <lukeh@padl.com>

+

+ * separate initializing LDAP session with actually

+ connecting to the DSA, so that we don't try to

+ bind until we actually need to search (which allows

+ the retry logic in the search function to also apply

+ to binding). NB: this will only provide improved

+ behaviour for LDAP client libraries that support

+ ldap_init() or ldap_initialize() rather than ldap_open

+ * fix for BUG#183: support pw_change and pw_expire

+ on BSD

+ * fix for BUG#187: NSS_BUFLEN_DEFAULT causing problems

+ on IRS platforms

+ * fix for glibc 2.1 from Alexander Spannagel

+

+226 Luke Howard <lukeh@padl.com>

+

+ * make LDAP_NSS_NGROUPS configurable with

+ --with-ngroups (experts only) option

+

+225 Luke Howard <lukeh@padl.com>

+

+ * make LDAP_NSS_NGROUPS 64 - better choice for

+ small directories

+

+224 Luke Howard <lukeh@padl.com>

+

+ * don't double-free on realloc() failure in

+ do_parse_group_members()

+ * don't pass LDAP session as an argument, as

+ it may refer to a stale LDAP handle. If this

+ does not work we will need to replace LDAPMessage

+ pointers with pointers to a structure that

+ contains a reference-counted LDAP handle as well

+ as the message

+ * fix crasher when internal group membership

+ buffer was reallocated (introduced with nested

+ group expansion code)

+ * immediately return NSS_TRYAGAIN and errno=ERANGE

+ if there is not enough buffer space to handle

+ LDAP_NSS_NGROUPS groups; this prevents getgrXXX()

+ from expensive repeated directory searches when

+ there is a priori knowledge that group memberships

+ are large

+

+223 Luke Howard <lukeh@padl.com>

+

+ * allow empty lines in /etc/ldap.conf

+ * do loop detection in nested groups

+ * fixes for building with IRS on FreeBSD 4.10

+

+222 Luke Howard <lukeh@padl.com>

+

+ * fix deadlock in _nss_ldap_getentry()

+ * support more AIX usersec attributes

+ * more AIX porting fixes

+ * support Heimdal as well as MIT Kerberos

+

+221 Luke Howard <lukeh@padl.com>

+

+ * AIX fix from <carlos.celso@embraer.com.br>

+ Recall #169033

+ * support for expansion of nested RFC2307bis groups

+ * support for searching using range retrieval

+ * fix memory leak with private contexts

+ * fix memory leak in do_result()

+ * implement _nss_ldap_getentry for AIX enumeration

+ * implement netgroups for IRS/AIX

+ * remove dependency on Berkeley DB - schema mapping

+ and RFC2307bis no longer requires DB

+ * remove old NeXT cruft in resolve.c

+

+220 Luke Howard <lukeh@padl.com>

+

+ * fix for BUG#169: getntohost() on Solaris

+ * fix for BUG#170: _nss_ldap_getgroupsbymember_r fails

+ to return all groups when NSCD is running and

+ attribute mapping is enabled on Solaris

+ * fix for BUG#173: reinstate use of sigaction()

+ (XXX what is the correct fix here?)

+ * fix for BUG#174: innetgr() depth checking

+

+218 Luke Howard <lukeh@padl.com>

+

+ * fix for BUG#168: set errnop to ENOENT if not found

+ * check for -lgssapi before -lgssapi_krb5

+

+217 Luke Howard <lukeh@padl.com>

+

+ * fix for BUG#167: compilation fails on Solaris

+

+216 Luke Howard <lukeh@padl.com>

+

+ * patch from Thorsten Kukuk to avoid overwriting

+ sockaddr storage for IPv6; use struct

+ sockaddr_storage if available

+ * fix for BUG#153: use asynchronous search API

+ in initgroups()

+ * fix for BUG#157: check for __pthread_once rather

+ than __pthread_atfork on glibc, as the latter is

+ no longer exported

+ * fix for BUG#158: escape netgroup search filters

+ correctly

+ * fix for BUG#161: remove redundant lock in

+ _nss_ldap_innetgr()

+ * fix for BUG#164: set schema element array size

+ to LM_NONE + 1 not LM_NONE

+ * fix for BUG#165: make _nss_ldap_result() private

+ * fix for BUG#166: chase all nested netgroups in

+ innetgr()

+ * fix deadlock if getXXXent() called without first

+ calling setXXXent()

+ * only request gidNumber attribute when initgroups()

+ (avoids sending back rest of a group's entry)

+ * don't request any attributes when mapping a user

+ to a DN (we want the DN only)

+

+215 Luke Howard <lukeh@padl.com>

+

+ * choose between using native GSS-API and putenv()

+ for setting ccache path

+ * per-map attribute mapping for attributes that

+ appear in multiple maps

+

+214 Luke Howard <lukeh@padl.com>

+

+ * define LDAP_DEPRECATED for compiling against

+ OpenLDAP 2.2

+

+213 Luke Howard <lukeh@padl.com>

+

+ * fix netgroup compilation error when debugging is

+ enabled

+ * support GSS-API for setting ccache name

+ * initgroups() should require user to be a POSIX

+ account

+ * define LOGNAME_MAX for HP-UX

+ * do not use sigprocmask() - this blocks rather

+ than disabling signals

+ * SASL version check fix from Howard Chu

+

+212 Luke Howard <lukeh@padl.com>

+

+ * Solaris netgroup support test release

+ * fix crasher in do_sasl_interact()

+ * do_sasl_interact() needs to strdup() result for

+ Cyrus SASL 1.x but not 2.x

+ * merge in LDAP debug patch from Howard Chu

+ * try alternate search descriptors on NSS_NOTFOUND

+ as well as NSS_SUCCESS

+

+211 Luke Howard <lukeh@padl.com>

+

+ * do AT_OC_MAP cache initialization at config init

+ * BSD build fixes

+ * replace [h]errno2nssstat lookup tables with switch

+ statement; should help building on AIX!

+

+210 Luke Howard <lukeh@padl.com>

+

+ * initialize DBT structures

+ * fix SASL crasher

+

+209 Luke Howard <lukeh@padl.com>

+

+ * fix SASL breakage

+

+208 Luke Howard <lukeh@padl.com>

+

+ * use socklen_t not int

+ * remove OpenLDAP SASL code

+ * incorporated patches from (see below) Geert Jansen

+ * add the "sasl_secprops" option to configure SASL

+ security layers (usage as for OpenLDAP ldap.conf)

+ * add the "krb5_ccname" option to specify the

+ location of the Kerberos ticket cache

+ (requires --enable-configurable-krb5-ccname for

+ now as it is a fairly coarse solution to a lack

+ of appropriate API in the Kerberos libraries)

+ * add support for native Active Directory password

+ policy attributes (enabled if shadowLastChange is

+ mapped to pwdLastSet)

+ * add "nss_override_attribute_value" and

+ "nss_default_attribute_value" keywords for over-

+ riding and setting default attribute values,

+ respectively

+

+207 Luke Howard <lukeh@padl.com>

+

+ * work without LDAP_OPT_X_TLS_RANDOM_FILE

+ * fix schema mapping regression from nss_ldap-205;

+ attribute mapping now works again

+

+205 Luke Howard <lukeh@padl.com>

+

+ * build with Sleepycat DB without db185 compat layer

+ (tested with 4.x; needs testing on 3.x)

+

+204 Luke Howard <lukeh@padl.com>

+

+ * Linux netgroup implementation from Larry Lile

+ * Multiple service search descriptor support from

+ Symas

+ * IPv6 patch from Thorsten Kukuk at SuSE

+

+203 Luke Howard <lukeh@padl.com>

+

+ * fix for BUG#115

+ * fix for BUG#121

+

+202 Luke Howard <lukeh@padl.com>

+

+ * getsockname() fixes from Howard Chu

+ * configuration parser crasher fix

+

+201 Luke Howard <lukeh@padl.com>

+

+ * Berkeley DB fixes from Howard Chu

+ * Netscape client library build fix

+

+200 Luke Howard <lukeh@padl.com>

+

+ * use sigprocmask() if available to block SIGPIPE

+ * fix build breakage with OpenLDAP HEAD

+

+199 Luke Howard <lukeh@padl.com>

+

+ * HP-UX port

+ * BUG#111: incorrect debugging statement in

+ _nss_ldap_enter()

+ * export required symbols only on Linux

+ * corrected symbol names for glibc alias enumeration

+ functions

+ * the DNS response parser doesn't stop after parsing the

+ right number of records, and doesn't handle long responses

+ (Nalin at RedHat)

+

+198 Luke Howard <lukeh@padl.com>

+

+ * BUG#108: fix potential buffer overflow in dnsconfig.c

+ (could be triggered if no flat file configuration

+ for nss_ldap and large DNS SRV data for domain;

+ because nss_ldap in SRV mode trusts DNS we do

+ not believe this to be exploitable to elevate

+ privilege in the default configuration)

+ * do not malloc() configuration structure; use

+ buffer

+

+197 Luke Howard <lukeh@padl.com>

+

+ * improved AIX documentation from Dejan Muhamedagic

+ * define LDAP_OPT_SSL for Solaris 9

+

+196 Luke Howard <lukeh@padl.com>

+

+ * return NSS_TRYAGAIN not NSS_NOTFOUND for insufficient

+ buffer space in dn2uid_cache_get()

+ * support automake 1.5 and friends

+ * out of box build on AIX 4.3.3

+ * fixed BUG#104: do_ssl_options() return code ignored

+

+195 Luke Howard <lukeh@padl.com>

+

+ * fixed BUG#98: large groups cause buffer length

+ wraparound with rfc2307bis

+

+194 Luke Howard <lukeh@padl.com>

+

+ * bugfix for Debian Bug report #147553: lack of global

+ mutex use in initgroups()

+

+193 Luke Howard <lukeh@padl.com>

+

+ * support for PADL GSS-SASL client library

+

+192 Luke Howard <lukeh@padl.com>

+

+ * more carefully compare cached socket and peer

+ addresses

+

+191 Luke Howard <lukeh@padl.com>

+

+ * added configurable [hard|soft] reconnect, see the

+ bind_policy parameter in ldap.conf.

+

+190 Luke Howard <lukeh@padl.com>

+

+ * check for Netscape 4 SDK without SSL; don't require

+ pthreads for these

+

+189 Luke Howard <lukeh@padl.com>

+

+ * patch for building on OpenLDAP 1.x from Nalin

+ at RedHat

+

+188 Luke Howard <lukeh@padl.com>

+

+ * specify runtime path for LDAP library correctly to

+ native Solaris linker

+ * check for gcc correctly

+ * use native linker on Solaris and AIX

+

+187 Luke Howard <lukeh@padl.com>

+

+ * make bogusSd in ldap-nss.c conditional on

+ !HAVE_LDAP_LD_FREE

+ * merge in paged result support from Max Caines

+ * bugfixes for Debian Bug report #140854

+

+186 Luke Howard <lukeh@padl.com>

+

+ * incorporated patch for Debian Bug report #140854,

+ where nss_ldap could in some cases close a

+ descriptor it did not own. Patch was provided

+ by Luca Filipozzi.

+

+185 Luke Howard <lukeh@padl.com>

+

+ * updated copyrights

+ * fix for BUG#82: set close on exec (Debian bug 136953)

+

+184 Luke Howard <lukeh@padl.com>

+

+ * return NSS_TRYAGAIN if no buffer space in ldap-grp.c

+

+183 Luke Howard <lukeh@padl.com>

+

+ * return error strings in AIX authentication routine

+ * initialise schema in getgroupsbymember()

+ * fix for tls_checkpeer; pass NULL session in to

+ set global option

+ * BUG#77: configurable config file locations

+

+181 Luke Howard <lukeh@padl.com>

+

+ * ignore SIGPIPE whilst inside nss_ldap library routines

+ to prevent crashing on down LDAP server; possible fix

+ for Debian bug 130006

+ * removed --enable-no-so-keepalive; always try to

+ disable SO_KEEPALIVE on underlying socket to LDAP

+ server

+ * include local copy of irs.h under AIX

+ * general cleanup of locking code

+ * _nss_ldap_no_members appears to only need defining for

+ when RFC2307bis is enabled

+

+180 Luke Howard <lukeh@padl.com>

+

+ * pull in libpthreads on AIX

+

+179 Luke Howard <lukeh@padl.com>

+

+ * a couple more patches for AIX

+

+178 Luke Howard <lukeh@padl.com>

+

+ * patch from Gabor Gombas for AIX support

+ * Makefile.am: sasl.o needed by NSS_LDAP

+ * aix_authmeth.c: method_passwordexpired is

+ really method_passwdexpired; but since the struct

+ was bzero()ed no need to set it to NULL

+ * configure.in: support both gcc and xlc_r

+ * exports.aix: sv_byport was not exported

+ * ldap-grp.c: getgrset() returned group names instead of

+ gid numbers

+

+177 Luke Howard <lukeh@padl.com>

+

+ * patch for building on AIX from IBM

+ * added simple authentication support for AIX

+ * cleaned up SASL patch to not break if Cyrus

+ SASL is not installed

+

+176 Luke Howard <lukeh@padl.com>

+

+ * fixed bug in SASL patch which had required

+ OpenLDAP headers

+

+175 Luke Howard <lukeh@padl.com>

+

+ * incorporated GSS-API SASL patches

+ * rebind to server on LDAP_LOCAL_ERROR

+

+174 Luke Howard <lukeh@padl.com>

+

+ * added patches from Maxim Batourine for compiling

+ with Sun workshop compiler

+ * added notes re: 64-bit compile on Solaris from

+ above source

+

+173 Luke Howard <lukeh@padl.com>

+

+ * notes on IRS in doc/README.IRS

+ * added irs.h for AIX compat

+ * patch from Bob Guo for stripping trailing

+ spaces in ldap.conf.

+

+172 Luke Howard <lukeh@padl.com>

+

+ * fixed schema mapping bug by storing a copy of the

+ mapped schema in the Berkeley DB rather than the

+ element itself. Because the DB library returns

+ static storage, this was causing problems where

+ the schema mapping calls were used to build the

+ attribute table in ldap-schema.c. This bugfix was

+ sponsored by n2h2.com; thanks!

+

+171 Luke Howard <lukeh@padl.com>

+

+ * added ldap.conf stanza for AIX

+ * workaround for schema mapping bug.

+

+170 Luke Howard <lukeh@padl.com>

+

+ * use _nss_ldap_getrdnvalue() for determining canonical

+ group name

+

+169 Luke Howard <lukeh@padl.com>

+

+ * fixed typo in ldap-service.c; prefix filters now

+ with _nss_ldap

+

+168 Luke Howard <lukeh@padl.com>

+

+ * initialize old_handler to SIG_DFL

+ * incorporate Stephan Cremer's mapping patches,

+ a big thanks to Stephan for these!

+ * use LDAP_OPT_NETWORK_TIMEOUT if available for

+ network connect timeout

+ * removed hard-coded schema mapping for

+ authPassword, NDS and MSSFU

+

+167 Luke Howard <lukeh@padl.com>

+

+ * support for new OpenLDAP rebind proc prototype

+ * in rebind function, respect timeout

+ * fix for PADL Release Control

+

+166 Luke Howard <lukeh@padl.com>

+

+ * corrected small typos

+

+165 Luke Howard <lukeh@padl.com>

+

+ * posixMember is a distinguished name, don't pretend it

+ is a login name

+ * cleaned up code referencing different member syntaxes

+

+164 Luke Howard <lukeh@padl.com>

+

+ * removed IDS_UID code, never worked properly

+

+163 Luke Howard <lukeh@padl.com>

+

+ * removed context_free function, usage confusing

+

+162 Luke Howard <lukeh@padl.com>

+

+ * in reconnect harness, do not treat entry not found

+ errors as requiring a reconnect

+

+161 Luke Howard <lukeh@padl.com>

+

+ * hopefully fixed use of synchronous searches in

+ _nss_ldap_getbyname()

+

+160 Luke Howard <lukeh@padl.com>

+

+ * patch from RedHat to check for DB3, override

+ install user/group optionally

+ * use synchoronous searches for _nss_ldap_getbyname()

+ * only set SSL options if we have values for those

+ options

+

+159 Luke Howard <lukeh@padl.com>

+

+ * make do_ssl_options() take a config parameter;

+ avoid segfault with SSL?

+

+158 Luke Howard <lukeh@padl.com>

+

+ * in the distinguished name to login cache (dn2uid)

+ make sure we use the AT(uid) macro for the uid

+ attribute rather than the hard-coded value of "uid"

+ This should enable the cache for MSSFU support.

+

+157 Luke Howard <lukeh@padl.com>

+

+ * for MSSFU, use posixMember for group memberships

+ rather than member (reported by Andy Rechenberg)

+ * ignore SIGPIPE before calling do_close() for

+ idle_timeout

+

+156 Luke Howard <lukeh@padl.com>

+

+ * logic was around the wrong way in do_search(),

+ all searches were broken!

+ * --disable-ssl option for configure

+ * removed "Obsoletes: pam_ldap" from spec file

+

+155 Luke Howard <lukeh@padl.com>

+

+ * do not use private API when setting OpenLDAP TLS

+ options (do_ssl_options())

+

+154 Luke Howard <lukeh@padl.com>

+

+ * notes from Scott M. Stone <sstone@foo3.com>

+ * idle timeout patch from Steve Barrus

+

+153 Luke Howard <lukeh@padl.com>

+

+ * SSL fix

+

+152 Luke Howard <lukeh@padl.com>

+

+ * further patch from Jarkko for TLS/SSL auth:

+ support for LDAPS/cipher suite selection/

+ client key/cert authentication

+

+151 Luke Howard <lukeh@padl.com>

+

+ * patch from Andrew Rechenberg for Active

+ Directory schema support

+ * patch from Jarkko Turkulainen <jt@wapit.com> for

+ peer certificate support with OpenLDAP

+

+150 Luke Howard <lukeh@padl.com>

+

+ * patch from Anselm Kruis for URI support

+

+149 Luke Howard <lukeh@padl.com>

+

+ * fixed compile on Solaris, broken in 145 by

+ malformed Linux patch

+

+148 Luke Howard <lukeh@padl.com>

+

+ * check for HAVE_LDAP_SET_OPTION always

+

+147 Luke Howard <lukeh@padl.com>

+

+ * check for ldap_set_option(), as LDAP_OPT_REFERRALS

+ is defined for OpenLDAP 1.x but without the

+ ldap_set_option() function

+

+146 Luke Howard <lukeh@padl.com>

+

+ * mass reindentation, GNU style

+ * patch from Simon Wilkinson <sxw@sxw.org.uk>

+ for compatibility with old initgroups entry

+ point

+ * request authPassword attribute if

+ --enable-authpassword

+ * authPassword support in ldap-spwd.c (shadow)

+

+145 Luke Howard <lukeh@padl.com>

+

+ * preliminary support for authPassword attribute

+ * updated COPYING

+ * patch from Szymon Juraszczyk to suppot

+ _nss_ldap_initgroups_dyn prototype

+

+144 Luke Howard <lukeh@padl.com>

+

+ * when specifying filters with nss_base_XXX,

+ only escape the filter argument not the entire

+ filter

+

+143 Luke Howard <lukeh@padl.com>

+

+ * patch from nalin@redhat.com to avoid

+ corrupting the heap when the configuration

+ file exists but has no host and base values.

+ _nss_ldap_readconfigfromdns() will write to

+ the region which was already freed.

+

+142 Luke Howard <lukeh@padl.com>

+

+ * patch from Simon Wilkinson <sxw@sxw.org.uk>

+ for memory leak in ldap-service.c

+

+141 Luke Howard <lukeh@padl.com>

+

+ * fix for BUG#54 (AIX detection broken)

+ * use -rpath on all platforms except Solaris,

+ not just Linux

+

+140 Luke Howard <lukeh@padl.com>

+

+ * fix configure bug for DISABLE_SO_KEEPALIVE

+ * fix alignment bug in util.c; this was causing

+ Solaris to crash whenever per-map search

+ descriptors were specified in ldap.conf

+

+139 Luke Howard <lukeh@padl.com>

+

+ * updated INSTALL file with boilerplate

+ * fixed pointer error in ldap-nss.c

+

+138 Luke Howard <lukeh@padl.com>

+

+ * close config file FILE * if out of buffer space

+ for parsing search descriptor

+ * fixed bug where non-recognized directives in

+ ldap.conf would cause the configuration file to

+ not be parsed at all, if they were the last

+ entries in the config file.

+

+137.1 Luke Howard <lukeh@padl.com>

+

+ * patch from nalin@redhat.com; return { NULL } not

+ NULL for no group members

+ * cleaned up usage of libc-lock.h weak aliases

+ to pthreads API; use in ltf.c also

+ * use __libc_atfork() or pthread_atfork() to

+ close off connection on fork, rather than

+ checking PIDs; this is expensive and breaks

+ on Linux where each thread may have a

+ different PID.

+

+137 Gabor Gombas <gombasg@inf.elte.hu>

+

+ * build nss_ldap as a loadable module on AIX

+ * doco on AIX

+

+136 Luke Howard <lukeh@padl.com>

+

+ * define -DPIC for FreeBSD

+ * link with -shared not --shared

+ * fixes for AIX

+

+135 Luke Howard <lukeh@padl.com>

+

+ * merged ldap.conf

+ * fixed bug in concatenating relative search

+ bases in ldap-nss.c (profile support)

+

+134 Luke Howard <lukeh@padl.com>

+

+ * fixed Makefile.am

+ * reordered DB search order in util.c

+

+133 Luke Howard <lukeh@padl.com>

+

+ * make /usr/lib directory in Makefile.am

+ * new spec file from Joe Little

+

+132 Luke Howard <lukeh@padl.com>

+

+ * fixed rebind preprocessor logic

+

+131 Luke Howard <lukeh@padl.com>

+

+ * created files for automake happiness

+

+130 Luke Howard <lukeh@padl.com>

+

+ * fixed typo preventing build with Netscape

+ client library

+

+129 Luke Howard <lukeh@padl.com>

+

+ * updated version number

+ * fixed build bug on Solaris

+

+128 Luke Howard <lukeh@padl.com>

+

+ * fixed logic bug in util.c introduced in

+ nss_ldap-127

+

+127 Luke Howard <lukeh@padl.com>

+

+ * updating copyright notices

+ * autoconf support; IRIX and OSF/1 support has

+ been dropped (dl-*.[ch]) as no one really

+ used this, the implementation was a hack,

+ and these operating systems have their

+ own LDAP implementations now

+ * added support for "referrals" and "restart"

+ options to ldap.conf

+ * use OpenLDAP 2.x rebind proc with correct

+ arguments

+ * added "timelimit" and "bind_timelimit"

+ directives to ldap.conf

+ * fixed bug with dereferencing aliases

+ * preliminary support for profiles; recognise

+ profile semantics in ldap-nss.c/util.c

+ * parity with pam_ldap; "ssl" directive in

+ ldap.conf can now specify "yes" or

+ "start_tls" for Start TLS

+ * hopefully fixed Berkeley DB include

+ mess in util.c

+ * fixed potential buffer overflow in util.c

+ * default to LDAP protocol version 3

+ * fixed leaks in util.c, dnsconfig.c

+ * accept on/yes/true for boolean configuration

+ values

+ * tested building on FreeBSD, Solaris 8, Linux

+ * tested functionality on RedHat 6.2

+

+126 Luke Howard <lukeh@padl.com>

+

+125 Luke Howard <lukeh@padl.com>

+

+ * fixed up Linux Makefiles to build libnss_ldap

+

+124 Luke Howard <lukeh@padl.com>

+

+ * patch from nalin@redhat.com for StartTLS

+ * fixed up indenting

+

+123 Luke Howard <lukeh@padl.com>

+

+ * rolled in BUG#52 branch with fixes for AIX

+

+122.BZ52.2 Luke Howard <lukeh@padl.com>

+

+ * included ldap-schema.c; omitted from previous

+ checkpoint

+

+122.BZ52.1 Luke Howard <lukeh@padl.com>

+

+ * preliminary fix for BUG#52 (support for different

+ naming contexts for each map)

+ * fixed bug in enumerating services map

+

+122 Luke Howard <lukeh@padl.com>

+

+ * fixed BUG#50 (check return value of ldap_simple_bind())

+

+121 Luke Howard <lukeh@padl.com>

+

+ * fixed BUG#49 (fix acknowledged race condition)

+

+120 Luke Howard <lukeh@padl.com>

+

+ * added Makefile.aix and exports.aix (forgot)

+

+119 Luke Howard <lukeh@padl.com>

+

+ * patch from Gabor Gombas <gombasg@inf.elte.hu>

+ to support AIX implementation of BIND IRS

+

+118 Luke Howard <lukeh@padl.com>

+

+ * Makefile.RPM.openldap2 from Joe Little

+

+117 Luke Howard <lukeh@padl.com>

+

+ * permanently ignore SIGPIPE when using SSL. This

+ bug should be fixed properly.

+

+116 Luke Howard <lukeh@padl.com>

+

+ * added irs-nss.diff and README.IRS from Emile

+ Heitor

+

+115 Luke Howard <lukeh@padl.com>

+

+ * fixed filter escaping

+ * call ldapssl_client_init() once only

+ * include db_185.h not db.h for dn2uid cache

+ * fixes for FreeBSD (IRS) support from Emile

+ Heitor

+

+113 Luke Howard <lukeh@padl.com>

+

+ * patch from Ben Collins to escape '*' in filters

+

+110 Luke Howrad <lukeh@padl.com>

+

+ * patch from Phlilip Liu for async binds

+

+109 Luke Howard <lukeh@padl.com>

+

+ * omit socket check for -DSSL; it doesn't work

+ * updated CONTRIBUTORS

+ * updated README re HAVE_LDAP_LD_FREE

+

+108 Luke Howard <lukeh@padl.com>

+

+ * included "deref" option in /etc/ldap.conf, compatible

+ with OpenLDAP syntax. Patch from Michael Mattice.

+

+107 Luke Howard <lukeh@padl.com>

+

+ * fixed argument to _nss_ldap_getent() in ldap-ethers.c

+

+106.2 Luke Howard <lukeh@padl.com>

+

+ * if root, use rootbinddn/rootbindpw in rebind proc

+ * include objectClass in pwd required attributes

+

+106.1 Luke Howard <lukeh@padl.com>

+

+ * if user is a shadowAccount, then don't return password

+ in getpwent(), getpwuid() or getpwnam()

+ * incorporated patch (from Doug Nazar):

+ * allow getgrent() to be called without setgrent();

+ note arguments to _nss_ldap_getent() have changed.

+ * return NSS_NOTFOUND instead of NSS_UNAVAIL at the

+ end of a search

+ * initialize len for getpeername()

+

+105 Luke Howard <lukeh@padl.com>

+

+ * incorporated patch for deadlock under Solaris (from

+ Dave Begley)

+

+104 Luke Howard <lukeh@padl.com>

+

+ * new spec file

+

+103 Luke Howard <lukeh@padl.com>

+

+ * don't call ldap_parse_result() with V2 API

+

+102 Luke Howard <lukeh@padl.com>

+

+ * added defines for LDAP_MSG_ONE et al if not in ldap.h

+ * removed LDAP_MORE_RESULTS_TO_RETURN test

+

+101 Luke Howard <lukeh@padl.com>

+

+ * fixed spec file

+

+100 Luke Howard <lukeh@padl.com>

+

+ * support for asynchronous search API!

+ * added some contributors

+ * notes about ldap_ld_free()

+ * merged in ChangeLog

+

+99 Luke Howard <lukeh@padl.com>

+

+ * added some netgroup implementation tips

+ * do_close_no_unbind() cleanup

+

+98 Luke Howard <lukeh@padl.com>

+

+ * /etc/nss_ldap.secret -> /etc/ldap.secret (sorry,

+ Doug!)

+ * deleted crypt-mechanism code. Junk.

+ * fixed call to _nss_ldap_read() after changing

+ prototypes in nss_ldap-88

+

+97 Luke Howard <lukeh@padl.com>

+

+ * #ifndef HAVE_LDAP_LD_FREE, still call ldap_unbind(),

+ but having closed the descriptor.

+

+96 Luke Howard <lukeh@padl.com>

+

+ * re-orged

+

+95 Luke Howard <lukeh@padl.com>

+

+ * disable SO_KEEPALIVE on socket rather than blocking

+ SIGPIPE. Need to figure out the right way to do this.

+

+94 Luke Howard <lukeh@padl.com>

+

+ * committed some changes for the parent/child close

+ problem. It relies on internal libldap APIs so

+ it may be non-portable but should work with OpenLDAP

+ and Netscape client libraries, and perhaps most UMich-

+ derived client libraries. There's a possible workaround

+ for client libraries without this; undefine

+ HAVE_LDAP_LD_FREE to test this.

+

+93 Luke Howard <lukeh@padl.com>

+

+ * important fix: make sure return status is reset

+ after do_open() == NSS_SUCCESS, just in case

+ no entries are returned. This bug was introduced

+ in nss_ldap-88 and could potentially cause a

+ security hole.

+

+92 Luke Howard <lukeh@padl.com>

+

+ * signal handling fix: don't restore handler

+ unnecessarily.

+ * don't open nss_ldap.secret unless a root pw

+ is specified in ldap.conf

+

+91 Luke Howard <lukeh@padl.com>

+

+ * reorganized SIGPIPE blocking code

+ * added SSL support

+

+90 Luke Howard <lukeh@padl.com>

+

+ * only reconnect if we've changed to/from root

+

+89 Luke Howard <lukeh@padl.com>

+

+ * cleaned up a few things

+

+88 Luke Howard <lukeh@padl.com>

+

+ * added breaks to switch in _nss_ldap_lookup

+ (thanks to Nathan.Hawkins@FMR.COM for pointing

+ this out)

+ * save signal handler and ignore SIGPIPE for

+ appropriate sections of do_open() and confirm

+ connection is still active (patch from

+ rpatel@globix.com)

+ * allow root users to bind as a different user,

+ to provide quasi-shadow password support (patch

+ from nazard@dragoninc.on.ca)

+ * under Linux, make Makefile look at last libc

+ version (patch from nazard@dragoninc.on.ca)

+ * never clobber nsswitch.ldap/ldap.conf when

+ making install (patch from nazard@dragoninc.on.ca)

+ * change do_open() to not unbind the parent ldap

+ connection when the pid changes but simply open a

+ new connection (patch from nazard@dragoninc.on.ca)

+ * changed _nss_ldap_lookup() and _nss_ldap_read()

+ prototypes to return NSS_STATUS error codes,

+ so that NSS_UNAVAIL percolates as appropriate.

+

+87 Luke Howard <lukeh@padl.com>

+

+ * fixed looking up DN-membered groups by member. Thanks

+ to Jeff Mandel for spotting this hard to find bug.

+

+86 Luke Howard <lukeh@padl.com>

+

+ * member for NDS vs uniqueMember (needs further

+ investigation; -DNDS)

+

+85 Luke Howard <lukeh@padl.com>

+

+ * check non-NULLity of userdn before freeing

+ * use AT(uid) for groupsbymember filter

+

+84 Luke Howard <lukeh@padl.com>

+

+ * implemented _nss_ldap_initgroups()

+

+81 Luke Howard <lukeh@padl.com>

+

+ * removed extraneous do_sleep() code

+ * updated spec file

+

+80 Luke Howard <lukeh@padl.com>

+

+ * (really 2.80) changed version number a la Solaris 7!

+ * cleaned up schema stuff into ldap-schema.h

+

+2.79 Luke Howard <lukeh@padl.com>

+

+ * implemented exponential backoff reconnect logic

+

+2.78 Luke Howard <lukeh@padl.com>

+

+ * removed ldap.conf.ragenet from lineup

+ * removed spurious do_close()

+

+2.76 Luke Howard <lukeh@padl.com>

+

+ * added -lresolv to Solaris makefiles

+

+2.75 Luke Howard <lukeh@padl.com>

+

+ * incorporated RPM patches from stein@terminator.net

+

+2.72 Luke Howard <lukeh@padl.com>

+

+ * implemented getgroupsbymember() for Solaris.

+ Supplementary groups should be initialized now.

+ (NB: doesn't appear to be quite working for

+ RFC2307bis yet.)

+ * GNU indent-ified

+

+2.71 Luke Howard <lukeh@padl.com>

+

+ * removed -DDEBUG as default build flag

+

+2.70 Luke Howard <lukeh@padl.com>

+

+ * put /usr/ucblib back into linker search path for

+ Solaris.

+

+2.69 Luke Howard <lukeh@padl.com>

+

+ * added timeout, unavailable, and server busy

+ conditions to rebind logic

+ * indent -gnu all source files

+

+2.68 Luke Howard <lukeh@padl.com>

+

+ * mods for glibc 2.1 (__set_errno is obselete it seems)

+

+2.65 Luke Howard <lukeh@padl.com>

+

+ * mods to compile with OpenLDAP 2

+

+2.64 Luke Howard <lukeh@padl.com>

+

+ * changed alias schema to Sun SDS nisMailAlias schema

+ * updated TODO list to reflect Bugzilla entries

+ * restored capitalization of attributes for "niceness"

+

+2.63 Luke Howard <lukeh@padl.com>

+

+ * added patch from gero@faveve.uni-stuttgart.de for

+ parsing of ldap.conf with tabs

+ * some fixes for BSDI BSD/OS IRS

+

+2.62 Luke Howard <lukeh@padl.com>

+

+ * added experimental support for DN-membered groups;

+ to enable, define RFC2307BIS

+ * fixed align bug (where buflen wasn't being

+ decremented after pointer alignment)

+

+2.61 Luke Howard <lukeh@padl.com>

+

+ * added warning about compiling with DS 4.1 LDAP SDK

+

+2.60 Luke Howard <lukeh@padl.com>

+

+ * fixed missing close brace

+

+2.59 Luke Howard <lukeh@padl.com>

+

+ * pw_comment field defaults to pw_gecos (Solaris only)

+

+2.56 Luke Howard <lukeh@padl.com>

+

+ * fixed Makefile.linux.mozilla NSSLIBVER

+

+2.55 Luke Howard <lukeh@padl.com>

+

+ * merged in glibc-2.1 branch

+

+2.54.6 Luke Howard <lukeh@padl.com>

+

+ * misc fixes.

+

+2.54.5 Luke Howard <lukeh@padl.com>

+

+ * misc fixes.

+

+2.54.4 Luke Howard <lukeh@padl.com>

+

+ * glibc-2.1 patches from bcollins@debian.org

+

+2.54.3 Luke Howard <lukeh@padl.com>

+

+ * glibc-2.1 support. (Recall #93)

+ * set erange correctly on Solaris (related to above)

+

+2.51 Luke Howaed <lukeh@padl.com>

+

+ * added rebind function

+

+2.51 Luke Howard <lukeh@padl.com>

+

+ * added stuff for RC

+

+2.49 Luke Howard <lukeh@padl.com>

+

+ * configuration file is now case insensitive

+

+2.47 Luke Howard <lukeh@xedoc.com>

+

+ * RFC2052BIS (_ldap._tcp) support

+

+2.45 Luke Howard <lukeh@xedoc.com>

+

+ * added #include <stdlib.h> to globals.c

+

+2.44 Luke Howard <lukeh@xedoc.com>

+

+ * NULL search base allowed (omit basedn from config file)

+

+2.42 Luke Howard <lukeh@xedoc.com>

+

+ * fixed potential crasher in dnsconfig.c

+ * LDAP session is now persistent for performance reasons.

+ Removed references to the session anywhere outside

+ ldap-nss.c. The process ID is cached and the session

+ reopened after a fork().

+

+2.39 Luke Howard <lukeh@xedoc.com>

+

+ * fixed warning in ldap-ethers.c (removed const from

+ struct ether)

+ * added ldap_version keyword to ldap.conf for parity with

+ pam_ldap

+

+2.38 Luke Howard <lukeh@xedoc.com>

+

+ * debugged ldap_explode_rdn() code

+ * added support for Mozilla LDAP client library; see

+ Makefile.linux.mozilla and ltf.c for more information.

+ Thanks to Netscape for making their library

+ available.

+

+2.37 Luke Howard <lukeh@xedoc.com>

+

+ * moved to CVS repository and Linux as development

+ environment

+ * incorporated ldap-service.c fix from Greg

+

+2.36 Luke Howard <lukeh@xedoc.com>

+

+ * util.c: will use ldap_explode_rdn() if it exists

+

+2.35 Luke Howard <lukeh@xedoc.com>

+

+ * made util.c compile again. Silly me.

+

+2.34 Luke Howard <lukeh@xedoc.com>

+

+ * fixed #endif in testpw.c

+ * fixed another DN freeing leak in util.c

+ * added RFC 2307 to distribution (fixed the two

+ typos in it:

+ * fixed bug in ...getrdnvalue() (thanks, Greg)

+

+% diff rfc2307.txt ~/rfc2307.txt

+480c480

+< MUST ( cn $ ipProtocolNumber )

+---

+> MUST ( cn $ ipProtocolNumber $ description )

+1038c1038

+< lester:X5/DBrWPOQQaI:10:10:Lester:/home/lester:/bin/csh

+---

+> lester:X5/DBrWPOQQaI:10:10:Lester:/home/lester:/bin/sh

+

+2.33 Luke Howard <lukeh@xedoc.com>

+

+ * rolled in more patches from greg@rage.net:

+ * removed _r from setXXXent and endXXXent functions

+ for GNU_NSS

+ * cleaned up testpw.c to use pthreads and protos

+ * fixed prototype for gethostbyaddr_r on GNU_NSS

+ * braced conditional in getservbyname_r

+ * merged in Makefile.linux and README.LINUX diffs

+ * added htons(port) in getservbyport_r

+ * added nsswitch.test

+ * added ldaptest.pl

+ * added ldap.conf.ragenet

+

+2.32 Luke Howard <lukeh@xedoc.com>

+

+ * moved Makefile to Makefile.solaris

+ * cleaned up mutex code for Linux, hopefully

+

+2.31 Luke Howard <lukeh@xedoc.com>

+

+ * fixed leak in util.c (need to free dn)

+ * rolled in patches from greg@rage.net:

+ * fixed ldap-ethers.c to use struct ether

+ * fixed bracing in ldap-hosts.c (?)

+ * added SSLEAY patch to ldap-nss.h

+ * fixed locking in ldap-nss.h

+ * Makefile changes incorporated into Makefile.linux

+

+2.30 Luke Howard <lukeh@xedoc.com>

+

+ * synced into DevMan repository again

+ * RFC 2307 is the one!

+

+2.29e Luke Howard <lhoward@apple.com>

+

+ * util.c: fixed memory leak (call to ldap_value_free())

+

+2.29d Luke Howard <lhoward@apple.com>

+

+ * ldap-ethers.c: fixed to use HOSTNAME attribute

+

+2.29c Luke Howard <lhoward@apple.com>

+

+ * ieee8022Device -> ieee802Device

+

+2.29b Luke Howard <lhoward@apple.com>

+

+ * added ieee8022Device and bootableDevice classes,

+ at Sun's request.

+

+2.29a Luke Howard <lhoward@apple.com>

+

+ * dc -> cn

+

+2.29 Luke Howard <lukeh@xedoc.com>

+

+ * changed host/network/ethers naming schema

+ see the -02 draft revision for more info

+

+2.28 Luke Howard <lukeh@xedoc.com>

+

+ * ldap-pwd.c, ldap-spwd.c: fixed tmpbuf stuff. Yuck.

+

+2.27 Luke Howard <lukeh@xedoc.com>

+

+ * ANNOUNCE: reflected draft-howard-nis-schema-01.txt

+ * ldap-spwd.c: default for shadow integer values is -1, not 0

+ and fixed crasher (thanks to dj@gregor.com)

+

+2.26 Luke Howard <lukeh@xedoc.com>

+

+ * globals.c: added offset stuff back for mapping errnumbers.

+ Weird: this stuff *was* in an earlier version of the work

+ area. I have no idea where it went. Scary.

+

+2.25 Luke Howard <lukeh@xedoc.com>

+

+ * irs-nss.h: added prototype for irs_ldap_acc()

+ * ldap-*.[ch]: removed redundent PARSER macro

+ * unbroke for GNU NSS (context_key_t changed to context_handle_t)

+

+2.24 Luke Howard <lukeh@xedoc.com>

+

+ * irs-nss.c: added dispatch table for IRS library

+ * testpw5.c: added additional test program

+ * ldap-nss.c: removed spurious debug statement

+ * ldap-nss.c, util.c, dnsconfig.c: cleaned up memory

+ allocation for config. (This could be improved, but

+ there is no longer a static ldap_config_t structure.)

+ * Makefile: general cleanup

+

+2.23 Luke Howard <lukeh@xedoc.com>

+

+ * default destructor is now simply wrapped around by individual backend

+ destructors

+ * __EXTENSIONS__ defined for Solaris 2.6 to import strncasecmp()

+ * getbyname: fixed crasher in ldap-nss.c due to uninitialized variable

+ * ldap-parse.h, assorted others: tidied up resolver calls to use

+ NSS_ARGS() macro and not to interfere with the previous backend's

+ status (bad thing!)

+ * ldap-service.c: cleaned up potential uninitialized var in parser

+ * ldap-nss.c: no valued arrays are now { NULL } instead of NULL.

+

+2.22 Luke Howard <lukeh@xedoc.com>

+

+ * testpw.c: XXX problem. dies with segfault, but gdb doesn't give

+ me enough information; it's definitely within nss_ldap.so though.

+ I just can't see the symbols. (Maybe dbx would be better...)

+ However, testpw doesn't work at *all* under 2.5.1, and technically

+ it shouldn't as it's not linked against liblthread. I haven't been

+ able to duplicate this with testpw2, which is the same code linked

+ with the thread library.

+ * backported to NeXT

+

+2.21 Luke Howard <lukeh@xedoc.com>

+

+ * resolve.h: renamed functions so as to keep namespace clean

+ * snprintf.h: tidied up for systems which already have snprintf()

+ and renamed anyway to keep namespace clean (_nss_ldap_snprintf)

+ * ldap-*.h: made character constants const to avoid nasty warnings

+ * globals.[ch]: as above

+ * README, TODO, ANNOUNCE: general documentation updates

+ * ldap-nss.c, et al: general work on Solaris 2.6 port, to get

+ nscd working. Lots of fiddling with the locking.

+ * Major architectural changes to Solaris NSS implementation.

+ Thread specific data is now stored in the backend, where it

+ should be: just like it is in IRS. Locking is a little more

+ coarse now, but it will do for the moment.

+ * Paul Henson's DCE module gave me the inspiration to do the

+ backend stuff the "right" way -- thanks, Paul!

+ * As a result, a lot of the bugs listed in TODO have mysteriously

+ fixed themselves. :-)

+

+2.20 Luke Howard <lukeh@xedoc.com>

+

+ * Makefile.*: ensured resolve.[ch] and dnsconfig.[ch] were there.

+ * Makefile: should link now with gcc -shared instead of requiring

+ cc.

+

+2.19 Luke Howard <lukeh@xedoc.com>

+

+ * testpw4.c: added irs hostbyname() test

+ * Makefile: added correct flags to build position indepdenent

+ code with Sun's compiler (thanks, Bill). Added SRV sources.

+ * testpw.c: works under NeXT, cleaned up a bit.

+ * ldap.conf: documented what this file does

+ * util.c: ignore blank lines in ldap.conf properly

+ * resolve.h: fixed up for Solaris

+

+2.18 Luke Howard <lukeh@xedoc.com>

+

+ * ldap-network.c: fixed infinite loop in getnetbyname()

+ * util.c: goto out causes a compiler warning under Solaris.

+ Documented this. Should fix this, I suppose, but we need

+ to break out of two blocks. (We could remove the code that

+ handles multivalued DNs, as it's fairly unlikely that someone

+ will use a DN of o=Xedoc+dc=xedoc,c=US+dc=com, but who knows?)

+ * ldap-ethers.c: line 215, result was not assigned to an

+ lvalue (should have been args->status, not args). Fixed.

+

+2.17 Luke Howard <lukeh@xedoc.com>

+

+ * Cleaned up documentation and testpw4.c

+ * dnsconfig.c: Fixed strtok() bug which was clobbering domain

+

+2.16 Luke Howard <lukeh@xedoc.com>

+

+ * util.c (_nss_ldap_readconfig) fixed strtok() typo

+

+2.15 Luke Howard <lukeh@xedoc.com>

+

+ * dnsconfig.c: got DNS SRV support working under NEXTSTEP

+ * util.c: (_nss_ldap_getdomainname) made host and network DN parsing

+ compliant with current draft

+

+2.2 - 2.14 Luke Howard <lukeh@xedoc.com>

+

+ * I'll get around to merging in the RCS log here one day.

+ Nothing very exciting happened, I just backported the code to

+ NEXTSTEP and compiled it.

+

+2.1 Luke Howard <lukeh@xedoc.com>

+

+ * merged in old RCS tree (now nss_ldap 0.2)

+

+1.x Luke Howard <lukeh@xedoc.com>

+

+ * old RCS repository (corresponds to nss_ldap 0.1)

+

+Basic Installation

+==================

+

+ These are generic installation instructions.

+

+ The `configure' shell script attempts to guess correct values for

+various system-dependent variables used during compilation. It uses

+those values to create a `Makefile' in each directory of the package.

+It may also create one or more `.h' files containing system-dependent

+definitions. Finally, it creates a shell script `config.status' that

+you can run in the future to recreate the current configuration, a file

+`config.cache' that saves the results of its tests to speed up

+reconfiguring, and a file `config.log' containing compiler output

+(useful mainly for debugging `configure').

+

+ If you need to do unusual things to compile the package, please try

+to figure out how `configure' could check whether to do them, and mail

+diffs or instructions to the address given in the `README' so they can

+be considered for the next release. If at some point `config.cache'

+contains results you don't want to keep, you may remove or edit it.

+

+ The file `configure.in' is used to create `configure' by a program

+called `autoconf'. You only need `configure.in' if you want to change

+it or regenerate `configure' using a newer version of `autoconf'.

+

+The simplest way to compile this package is:

+

+ 1. `cd' to the directory containing the package's source code and type

+ `./configure' to configure the package for your system. If you're

+ using `csh' on an old version of System V, you might need to type

+ `sh ./configure' instead to prevent `csh' from trying to execute

+ `configure' itself.

+

+ Running `configure' takes awhile. While running, it prints some

+ messages telling which features it is checking for.

+

+ 2. Type `make' to compile the package.

+

+ 3. Optionally, type `make check' to run any self-tests that come with

+ the package.

+

+ 4. Type `make install' to install the programs and any data files and

+ documentation.

+

+ 5. You can remove the program binaries and object files from the

+ source code directory by typing `make clean'. To also remove the

+ files that `configure' created (so you can compile the package for

+ a different kind of computer), type `make distclean'. There is

+ also a `make maintainer-clean' target, but that is intended mainly

+ for the package's developers. If you use it, you may have to get

+ all sorts of other programs in order to regenerate files that came

+ with the distribution.

+

+Compilers and Options

+=====================

+

+ Some systems require unusual options for compilation or linking that

+the `configure' script does not know about. You can give `configure'

+initial values for variables by setting them in the environment. Using

+a Bourne-compatible shell, you can do that on the command line like

+this:

+ CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure

+

+Or on systems that have the `env' program, you can do it like this:

+ env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure

+

+Compiling For Multiple Architectures

+====================================

+

+ You can compile the package for more than one kind of computer at the

+same time, by placing the object files for each architecture in their

+own directory. To do this, you must use a version of `make' that

+supports the `VPATH' variable, such as GNU `make'. `cd' to the

+directory where you want the object files and executables to go and run

+the `configure' script. `configure' automatically checks for the

+source code in the directory that `configure' is in and in `..'.

+

+ If you have to use a `make' that does not supports the `VPATH'

+variable, you have to compile the package for one architecture at a time

+in the source code directory. After you have installed the package for

+one architecture, use `make distclean' before reconfiguring for another

+architecture.

+

+Installation Names

+==================

+

+ By default, `make install' will install the package's files in

+`/usr/local/bin', `/usr/local/man', etc. You can specify an

+installation prefix other than `/usr/local' by giving `configure' the

+option `--prefix=PATH'.

+

+ You can specify separate installation prefixes for

+architecture-specific files and architecture-independent files. If you

+give `configure' the option `--exec-prefix=PATH', the package will use

+PATH as the prefix for installing programs and libraries.

+Documentation and other data files will still use the regular prefix.

+

+ In addition, if you use an unusual directory layout you can give

+options like `--bindir=PATH' to specify different values for particular

+kinds of files. Run `configure --help' for a list of the directories

+you can set and what kinds of files go in them.

+

+ If the package supports it, you can cause programs to be installed

+with an extra prefix or suffix on their names by giving `configure' the

+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.

+

+Optional Features

+=================

+

+ Some packages pay attention to `--enable-FEATURE' options to

+`configure', where FEATURE indicates an optional part of the package.

+They may also pay attention to `--with-PACKAGE' options, where PACKAGE

+is something like `gnu-as' or `x' (for the X Window System). The

+`README' should mention any `--enable-' and `--with-' options that the

+package recognizes.

+

+ For packages that use the X Window System, `configure' can usually

+find the X include and library files automatically, but if it doesn't,

+you can use the `configure' options `--x-includes=DIR' and

+`--x-libraries=DIR' to specify their locations.

+

+Specifying the System Type

+==========================

+

+ There may be some features `configure' can not figure out

+automatically, but needs to determine by the type of host the package

+will run on. Usually `configure' can figure that out, but if it prints

+a message saying it can not guess the host type, give it the

+`--host=TYPE' option. TYPE can either be a short name for the system

+type, such as `sun4', or a canonical name with three fields:

+ CPU-COMPANY-SYSTEM

+

+See the file `config.sub' for the possible values of each field. If

+`config.sub' isn't included in this package, then this package doesn't

+need to know the host type.

+

+ If you are building compiler tools for cross-compiling, you can also

+use the `--target=TYPE' option to select the type of system they will

+produce code for and the `--build=TYPE' option to select the type of

+system on which you are compiling the package.

+

+Sharing Defaults

+================

+

+ If you want to set default values for `configure' scripts to share,

+you can create a site shell script called `config.site' that gives

+default values for variables like `CC', `cache_file', and `prefix'.

+`configure' looks for `PREFIX/share/config.site' if it exists, then

+`PREFIX/etc/config.site' if it exists. Or, you can set the

+`CONFIG_SITE' environment variable to the location of the site script.

+A warning: not all `configure' scripts look for a site script.

+

+Operation Controls

+==================

+

+ `configure' recognizes the following options to control how it

+operates.

+

+`--cache-file=FILE'

+ Use and save the results of the tests in FILE instead of

+ `./config.cache'. Set FILE to `/dev/null' to disable caching, for

+ debugging `configure'.

+

+`--help'

+ Print a summary of the options to `configure', and exit.

+

+`--quiet'

+`--silent'

+`-q'

+ Do not print messages saying which checks are being made. To

+ suppress all normal output, redirect it to `/dev/null' (any error

+ messages will still be shown).

+

+`--srcdir=DIR'

+ Look for the package's source code in directory DIR. Usually

+ `configure' can determine that directory automatically.

+

+`--version'

+ Print the version of Autoconf used to generate the `configure'

+ script, and exit.

+

+`configure' also accepts some other, not widely useful, options.

+if AIX

+authmod = NSS_LDAP

+else

+authmod =

+endif

+

+noinst_PROGRAMS = nss_ldap.so $(authmod)

+INST_UID=root

+if AIX

+INST_GID=system

+else

+INST_GID=root

+endif

+

+EXTRA_DIST = CVSVersionInfo.txt ChangeLog \

+ AUTHORS ANNOUNCE NEWS INSTALL README LICENSE.OpenLDAP COPYING\

+ ldap.conf nss_ldap.spec nsswitch.ldap

+

+man_MANS = nss_ldap.5

+

+nss_ldap_so_SOURCES = ldap-nss.c ldap-pwd.c ldap-grp.c ldap-netgrp.c ldap-rpc.c \

+ ldap-hosts.c ldap-network.c ldap-proto.c ldap-spwd.c \

+ ldap-alias.c ldap-service.c ldap-schema.c ldap-ethers.c \

+ ldap-bp.c ldap-automount.c util.c ltf.c snprintf.c resolve.c \

+ dnsconfig.c irs-nss.c pagectrl.c ldap-sldap.c

+

+nss_ldap_so_LDFLAGS = @nss_ldap_so_LDFLAGS@

+

+NSS_LDAP_PATH_CONF = @NSS_LDAP_PATH_CONF@

+NSS_LDAP_PATH_ROOTPASSWD = @NSS_LDAP_PATH_ROOTPASSWD@

+

+NSS_LDAP_SOURCES = ldap-nss.c ldap-grp.c ldap-pwd.c ldap-netgrp.c ldap-schema.c \

+ util.c ltf.c snprintf.c resolve.c dnsconfig.c \

+ irs-nss.c pagectrl.c aix_authmeth.c

+

+NSS_LDAP_LDFLAGS = @NSS_LDAP_LDFLAGS@

+DEFS = @DEFS@

+#INCLUDES = -I$(top_builddir) -I$(srcdir)

+

+if GLIBC

+LIBC_VERS = `ls /lib/libc-*.so | tail -n 1 |sed -e 's/\/lib\/libc-\(.*\)\.so/\1/'`

+NSS_LDAP_LIBC_VERSIONED = libnss_ldap-$(LIBC_VERS).so

+

+NSS_VERS = $(shell ls /lib/libnss_files.so.? | tail -n 1 | sed -e 's/\/lib\/libnss_files\.so\.\(.*\)/\1/')

+NSS_LDAP_NSS_VERSIONED = libnss_ldap.so.$(NSS_VERS)

+endif

+

+if USE_NATIVE_LINKER

+NATIVE_LINK = $(nss_ldap_so_LD) $(AM_LDFLAGS) -o $@

+else

+GNU_LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@

+endif

+

+# This is horrible but appears to be the only way to work with

+# recent versions of automake. Any better ideas, let me know.

+LINK = $(NATIVE_LINK) $(GNU_LINK)

+

+if AIX

+

+# AIX install instructions per doc/README.AIX

+

+install-exec-local: nss_ldap.so NSS_LDAP

+ $(mkinstalldirs) $(DESTDIR)$(libdir)/netsvc/dynload

+ $(INSTALL_PROGRAM) -o $(INST_UID) -g $(INST_GID) nss_ldap.so $(DESTDIR)$(libdir)/netsvc/dynload/nss_ldap.so

+ $(mkinstalldirs) $(DESTDIR)$(libdir)/security

+ $(INSTALL_PROGRAM) -o $(INST_UID) -g $(INST_GID) NSS_LDAP $(DESTDIR)$(libdir)/security/NSS_LDAP

+

+else

+

+# Linux, Solaris, other platform install instructions

+

+install-exec-local: nss_ldap.so

+ @$(NORMAL_INSTALL)

+if GLIBC

+ -rm -f $(DESTDIR)$(libdir)/$(NSS_LDAP_LIBC_VERSIONED)

+ $(mkinstalldirs) $(DESTDIR)$(libdir)

+ $(INSTALL_PROGRAM) -o $(INST_UID) -g $(INST_GID) nss_ldap.so $(DESTDIR)$(libdir)/$(NSS_LDAP_LIBC_VERSIONED)

+ (cd $(DESTDIR)$(libdir); ln -sf $(NSS_LDAP_LIBC_VERSIONED) $(NSS_LDAP_NSS_VERSIONED))

+ $(mkinstalldirs) $(DESTDIR)/usr$(libdir)

+ (cd $(DESTDIR)/usr$(libdir); ln -sf ../..$(libdir)/$(NSS_LDAP_NSS_VERSIONED) .)

+else

+ $(mkinstalldirs) $(DESTDIR)$(libdir)

+if HPUX

+ $(INSTALL_PROGRAM) -o $(INST_UID) -g $(INST_GID) nss_ldap.so $(DESTDIR)$(libdir)/libnss_ldap.1

+else

+ $(INSTALL_PROGRAM) -o $(INST_UID) -g $(INST_GID) nss_ldap.so $(DESTDIR)$(libdir)/nss_ldap.so.1

+ (cd $(DESTDIR)$(libdir); rm -f nss_ldap.so; ln -s nss_ldap.so.1 nss_ldap.so)

+endif

+endif

+

+endif

+

+install-data-local:

+ @$(NORMAL_INSTALL)

+ @if test ! -f $(DESTDIR)$(NSS_LDAP_PATH_CONF); then \

+ $(mkinstalldirs) $(DESTDIR)$(dir $(NSS_LDAP_PATH_CONF)); \

+ $(INSTALL_DATA) -o $(INST_UID) -g $(INST_GID) $(srcdir)/ldap.conf $(DESTDIR)$(NSS_LDAP_PATH_CONF); \

+ fi

+ $(INSTALL_DATA) -o $(INST_UID) -g $(INST_GID) $(srcdir)/nsswitch.ldap $(DESTDIR)$(sysconfdir)/nsswitch.ldap;

+

+uninstall-local:

+ @$(NORMAL_UNINSTALL)

+

+# Makefile.in generated automatically by automake 1.4-p5 from Makefile.am

+

+# Copyright (C) 1994, 1995-8, 1999, 2001 Free Software Foundation, Inc.

+# This Makefile.in is free software; the Free Software Foundation

+# gives unlimited permission to copy and/or distribute it,

+# with or without modifications, as long as this notice is preserved.

+

+# This program is distributed in the hope that it will be useful,

+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without

+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A

+# PARTICULAR PURPOSE.

+

+

+SHELL = @SHELL@

+

+srcdir = @srcdir@

+top_srcdir = @top_srcdir@

+VPATH = @srcdir@

+prefix = @prefix@

+exec_prefix = @exec_prefix@

+

+bindir = @bindir@

+sbindir = @sbindir@

+libexecdir = @libexecdir@

+datadir = @datadir@

+sysconfdir = @sysconfdir@

+sharedstatedir = @sharedstatedir@

+localstatedir = @localstatedir@

+libdir = @libdir@

+infodir = @infodir@

+mandir = @mandir@

+includedir = @includedir@

+oldincludedir = /usr/include

+

+DESTDIR =

+

+pkgdatadir = $(datadir)/@PACKAGE@

+pkglibdir = $(libdir)/@PACKAGE@

+pkgincludedir = $(includedir)/@PACKAGE@

+

+top_builddir = .

+

+ACLOCAL = @ACLOCAL@

+AUTOCONF = @AUTOCONF@

+AUTOMAKE = @AUTOMAKE@

+AUTOHEADER = @AUTOHEADER@

+

+INSTALL = @INSTALL@

+INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS)

+INSTALL_DATA = @INSTALL_DATA@

+INSTALL_SCRIPT = @INSTALL_SCRIPT@

+transform = @program_transform_name@

+

+NORMAL_INSTALL = :

+PRE_INSTALL = :

+POST_INSTALL = :

+NORMAL_UNINSTALL = :

+PRE_UNINSTALL = :

+POST_UNINSTALL = :

+build_alias = @build_alias@

+build_triplet = @build@

+host_alias = @host_alias@

+host_triplet = @host@

+target_alias = @target_alias@

+target_triplet = @target@

+CC = @CC@

+CPP = @CPP@

+MAKEINFO = @MAKEINFO@

+PACKAGE = @PACKAGE@

+VERSION = @VERSION@

+nss_ldap_so_LD = @nss_ldap_so_LD@

+@AIX_TRUE@authmod = NSS_LDAP

+@AIX_FALSE@authmod =

+

+noinst_PROGRAMS = nss_ldap.so $(authmod)

+INST_UID = root

+@AIX_TRUE@INST_GID = system

+@AIX_FALSE@INST_GID = root

+

+EXTRA_DIST = CVSVersionInfo.txt ChangeLog AUTHORS ANNOUNCE NEWS INSTALL README LICENSE.OpenLDAP COPYING ldap.conf nss_ldap.spec nsswitch.ldap

+

+

+man_MANS = nss_ldap.5

+

+nss_ldap_so_SOURCES = ldap-nss.c ldap-pwd.c ldap-grp.c ldap-netgrp.c ldap-rpc.c ldap-hosts.c ldap-network.c ldap-proto.c ldap-spwd.c ldap-alias.c ldap-service.c ldap-schema.c ldap-ethers.c ldap-bp.c ldap-automount.c util.c ltf.c snprintf.c resolve.c dnsconfig.c irs-nss.c pagectrl.c ldap-sldap.c

+

+

+nss_ldap_so_LDFLAGS = @nss_ldap_so_LDFLAGS@

+

+NSS_LDAP_PATH_CONF = @NSS_LDAP_PATH_CONF@

+NSS_LDAP_PATH_ROOTPASSWD = @NSS_LDAP_PATH_ROOTPASSWD@

+

+NSS_LDAP_SOURCES = ldap-nss.c ldap-grp.c ldap-pwd.c ldap-netgrp.c ldap-schema.c util.c ltf.c snprintf.c resolve.c dnsconfig.c irs-nss.c pagectrl.c aix_authmeth.c

+

+

+NSS_LDAP_LDFLAGS = @NSS_LDAP_LDFLAGS@

+DEFS = @DEFS@

+#INCLUDES = -I$(top_builddir) -I$(srcdir)

+

+@GLIBC_TRUE@LIBC_VERS = `ls /lib/libc-*.so | tail -n 1 |sed -e 's/\/lib\/libc-\(.*\)\.so/\1/'`

+@GLIBC_TRUE@NSS_LDAP_LIBC_VERSIONED = libnss_ldap-$(LIBC_VERS).so

+

+@GLIBC_TRUE@NSS_VERS = $(shell ls /lib/libnss_files.so.? | tail -n 1 | sed -e 's/\/lib\/libnss_files\.so\.\(.*\)/\1/')

+@GLIBC_TRUE@NSS_LDAP_NSS_VERSIONED = libnss_ldap.so.$(NSS_VERS)

+

+@USE_NATIVE_LINKER_TRUE@NATIVE_LINK = $(nss_ldap_so_LD) $(AM_LDFLAGS) -o $@

+@USE_NATIVE_LINKER_FALSE@GNU_LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@

+

+# This is horrible but appears to be the only way to work with

+# recent versions of automake. Any better ideas, let me know.

+LINK = $(NATIVE_LINK) $(GNU_LINK)

+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4

+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs

+CONFIG_HEADER = config.h

+CONFIG_CLEAN_FILES =

+PROGRAMS = $(noinst_PROGRAMS)

+

+CPPFLAGS = @CPPFLAGS@

+LDFLAGS = @LDFLAGS@

+LIBS = @LIBS@

+nss_ldap_so_OBJECTS = ldap-nss.o ldap-pwd.o ldap-grp.o ldap-netgrp.o \

+ldap-rpc.o ldap-hosts.o ldap-network.o ldap-proto.o ldap-spwd.o \

+ldap-alias.o ldap-service.o ldap-schema.o ldap-ethers.o ldap-bp.o \

+ldap-automount.o util.o ltf.o snprintf.o resolve.o dnsconfig.o \

+irs-nss.o pagectrl.o ldap-sldap.o

+nss_ldap_so_LDADD = $(LDADD)

+nss_ldap_so_DEPENDENCIES =

+NSS_LDAP_OBJECTS = ldap-nss.o ldap-grp.o ldap-pwd.o ldap-netgrp.o \

+ldap-schema.o util.o ltf.o snprintf.o resolve.o dnsconfig.o irs-nss.o \

+pagectrl.o aix_authmeth.o

+NSS_LDAP_LDADD = $(LDADD)

+NSS_LDAP_DEPENDENCIES =

+CFLAGS = @CFLAGS@

+COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)

+CCLD = $(CC)

+man5dir = $(mandir)/man5

+MANS = $(man_MANS)

+

+NROFF = nroff

+DIST_COMMON = README ./stamp-h.in AUTHORS COPYING ChangeLog INSTALL \

+Makefile.am Makefile.in NEWS acconfig.h aclocal.m4 config.guess \

+config.h.in config.sub configure configure.in install-sh missing \

+mkinstalldirs

+

+

+DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)

+

+TAR = tar

+GZIP_ENV = --best

+DEP_FILES = .deps/aix_authmeth.P .deps/dnsconfig.P .deps/irs-nss.P \

+.deps/ldap-alias.P .deps/ldap-automount.P .deps/ldap-bp.P \

+.deps/ldap-ethers.P .deps/ldap-grp.P .deps/ldap-hosts.P \

+.deps/ldap-netgrp.P .deps/ldap-network.P .deps/ldap-nss.P \

+.deps/ldap-proto.P .deps/ldap-pwd.P .deps/ldap-rpc.P \

+.deps/ldap-schema.P .deps/ldap-service.P .deps/ldap-sldap.P \

+.deps/ldap-spwd.P .deps/ltf.P .deps/pagectrl.P .deps/resolve.P \

+.deps/snprintf.P .deps/util.P

+SOURCES = $(nss_ldap_so_SOURCES) $(NSS_LDAP_SOURCES)

+OBJECTS = $(nss_ldap_so_OBJECTS) $(NSS_LDAP_OBJECTS)

+

+all: all-redirect

+.SUFFIXES:

+.SUFFIXES: .S .c .o .s

+$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4)

+ cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile

+

+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status $(BUILT_SOURCES)

+ cd $(top_builddir) \

+ && CONFIG_FILES=$@ CONFIG_HEADERS= $(SHELL) ./config.status

+

+$(ACLOCAL_M4): configure.in

+ cd $(srcdir) && $(ACLOCAL)

+

+config.status: $(srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)

+ $(SHELL) ./config.status --recheck

+$(srcdir)/configure: $(srcdir)/configure.in $(ACLOCAL_M4) $(CONFIGURE_DEPENDENCIES)

+ cd $(srcdir) && $(AUTOCONF)

+

+config.h: stamp-h

+ @if test ! -f $@; then \

+ rm -f stamp-h; \

+ $(MAKE) stamp-h; \

+ else :; fi

+stamp-h: $(srcdir)/config.h.in $(top_builddir)/config.status

+ cd $(top_builddir) \

+ && CONFIG_FILES= CONFIG_HEADERS=config.h \

+ $(SHELL) ./config.status

+ @echo timestamp > stamp-h 2> /dev/null

+$(srcdir)/config.h.in: $(srcdir)/stamp-h.in

+ @if test ! -f $@; then \

+ rm -f $(srcdir)/stamp-h.in; \

+ $(MAKE) $(srcdir)/stamp-h.in; \

+ else :; fi

+$(srcdir)/stamp-h.in: $(top_srcdir)/configure.in $(ACLOCAL_M4) acconfig.h

+ cd $(top_srcdir) && $(AUTOHEADER)

+ @echo timestamp > $(srcdir)/stamp-h.in 2> /dev/null

+

+mostlyclean-hdr:

+

+clean-hdr:

+

+distclean-hdr:

+ -rm -f config.h

+

+maintainer-clean-hdr:

+

+mostlyclean-noinstPROGRAMS:

+

+clean-noinstPROGRAMS:

+ -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)

+

+distclean-noinstPROGRAMS:

+

+maintainer-clean-noinstPROGRAMS:

+

+.s.o:

+ $(COMPILE) -c $<

+

+.S.o:

+ $(COMPILE) -c $<

+

+mostlyclean-compile:

+ -rm -f *.o core *.core

+

+clean-compile:

+

+distclean-compile:

+ -rm -f *.tab.c

+

+maintainer-clean-compile:

+

+nss_ldap.so: $(nss_ldap_so_OBJECTS) $(nss_ldap_so_DEPENDENCIES)

+ @rm -f nss_ldap.so

+ $(LINK) $(nss_ldap_so_LDFLAGS) $(nss_ldap_so_OBJECTS) $(nss_ldap_so_LDADD) $(LIBS)

+

+NSS_LDAP: $(NSS_LDAP_OBJECTS) $(NSS_LDAP_DEPENDENCIES)

+ @rm -f NSS_LDAP

+ $(LINK) $(NSS_LDAP_LDFLAGS) $(NSS_LDAP_OBJECTS) $(NSS_LDAP_LDADD) $(LIBS)

+

+install-man5:

+ $(mkinstalldirs) $(DESTDIR)$(man5dir)

+ @list='$(man5_MANS)'; \

+ l2='$(man_MANS)'; for i in $$l2; do \

+ case "$$i" in \

+ *.5*) list="$$list $$i" ;; \

+ esac; \

+ done; \

+ for i in $$list; do \

+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \

+ else file=$$i; fi; \

+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \

+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \

+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \

+ echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst"; \

+ $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst; \

+ done

+

+uninstall-man5:

+ @list='$(man5_MANS)'; \

+ l2='$(man_MANS)'; for i in $$l2; do \

+ case "$$i" in \

+ *.5*) list="$$list $$i" ;; \

+ esac; \

+ done; \

+ for i in $$list; do \

+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \

+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \

+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \

+ echo " rm -f $(DESTDIR)$(man5dir)/$$inst"; \

+ rm -f $(DESTDIR)$(man5dir)/$$inst; \

+ done

+install-man: $(MANS)

+ @$(NORMAL_INSTALL)

+ $(MAKE) $(AM_MAKEFLAGS) install-man5

+uninstall-man:

+ @$(NORMAL_UNINSTALL)

+ $(MAKE) $(AM_MAKEFLAGS) uninstall-man5

+

+tags: TAGS

+

+ID: $(HEADERS) $(SOURCES) $(LISP)

+ list='$(SOURCES) $(HEADERS)'; \

+ unique=`for i in $$list; do echo $$i; done | \

+ awk ' { files[$$0] = 1; } \

+ END { for (i in files) print i; }'`; \

+ here=`pwd` && cd $(srcdir) \

+ && mkid -f$$here/ID $$unique $(LISP)

+

+TAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) $(LISP)

+ tags=; \

+ here=`pwd`; \

+ list='$(SOURCES) $(HEADERS)'; \

+ unique=`for i in $$list; do echo $$i; done | \

+ awk ' { files[$$0] = 1; } \

+ END { for (i in files) print i; }'`; \

+ test -z "$(ETAGS_ARGS)config.h.in$$unique$(LISP)$$tags" \

+ || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags config.h.in $$unique $(LISP) -o $$here/TAGS)

+

+mostlyclean-tags:

+

+clean-tags:

+

+distclean-tags:

+ -rm -f TAGS ID

+

+maintainer-clean-tags:

+

+distdir = $(PACKAGE)-$(VERSION)

+top_distdir = $(distdir)

+

+# This target untars the dist file and tries a VPATH configuration. Then

+# it guarantees that the distribution is self-contained by making another

+# tarfile.

+distcheck: dist

+ -rm -rf $(distdir)

+ GZIP=$(GZIP_ENV) $(TAR) zxf $(distdir).tar.gz

+ mkdir $(distdir)/=build

+ mkdir $(distdir)/=inst

+ dc_install_base=`cd $(distdir)/=inst && pwd`; \

+ cd $(distdir)/=build \

+ && ../configure --srcdir=.. --prefix=$$dc_install_base \

+ && $(MAKE) $(AM_MAKEFLAGS) \

+ && $(MAKE) $(AM_MAKEFLAGS) dvi \

+ && $(MAKE) $(AM_MAKEFLAGS) check \

+ && $(MAKE) $(AM_MAKEFLAGS) install \

+ && $(MAKE) $(AM_MAKEFLAGS) installcheck \

+ && $(MAKE) $(AM_MAKEFLAGS) dist

+ -rm -rf $(distdir)

+ @banner="$(distdir).tar.gz is ready for distribution"; \

+ dashes=`echo "$$banner" | sed s/./=/g`; \

+ echo "$$dashes"; \

+ echo "$$banner"; \

+ echo "$$dashes"

+dist: distdir

+ -chmod -R a+r $(distdir)

+ GZIP=$(GZIP_ENV) $(TAR) chozf $(distdir).tar.gz $(distdir)

+ -rm -rf $(distdir)

+dist-all: distdir

+ -chmod -R a+r $(distdir)

+ GZIP=$(GZIP_ENV) $(TAR) chozf $(distdir).tar.gz $(distdir)

+ -rm -rf $(distdir)

+distdir: $(DISTFILES)

+ -rm -rf $(distdir)

+ mkdir $(distdir)

+ -chmod 777 $(distdir)

+ here=`cd $(top_builddir) && pwd`; \

+ top_distdir=`cd $(distdir) && pwd`; \

+ distdir=`cd $(distdir) && pwd`; \

+ cd $(top_srcdir) \

+ && $(AUTOMAKE) --include-deps --build-dir=$$here --srcdir-name=$(top_srcdir) --output-dir=$$top_distdir --gnu Makefile

+ @for file in $(DISTFILES); do \

+ d=$(srcdir); \

+ if test -d $$d/$$file; then \

+ cp -pr $$d/$$file $(distdir)/$$file; \

+ else \

+ test -f $(distdir)/$$file \

+ || ln $$d/$$file $(distdir)/$$file 2> /dev/null \

+ || cp -p $$d/$$file $(distdir)/$$file || :; \

+ fi; \

+ done

+

+DEPS_MAGIC := $(shell mkdir .deps > /dev/null 2>&1 || :)

+

+-include $(DEP_FILES)

+

+mostlyclean-depend:

+

+clean-depend:

+

+distclean-depend:

+ -rm -rf .deps

+

+maintainer-clean-depend:

+

+%.o: %.c

+ @echo '$(COMPILE) -c $<'; \

+ $(COMPILE) -Wp,-MD,.deps/$(*F).pp -c $<

+ @-cp .deps/$(*F).pp .deps/$(*F).P; \

+ tr ' ' '\012' < .deps/$(*F).pp \

+ | sed -e 's/^\\$$//' -e '/^$$/ d' -e '/:$$/ d' -e 's/$$/ :/' \

+ >> .deps/$(*F).P; \

+ rm .deps/$(*F).pp

+

+%.lo: %.c

+ @echo '$(LTCOMPILE) -c $<'; \

+ $(LTCOMPILE) -Wp,-MD,.deps/$(*F).pp -c $<

+ @-sed -e 's/^\([^:]*\)\.o[ ]*:/\1.lo \1.o :/' \

+ < .deps/$(*F).pp > .deps/$(*F).P; \

+ tr ' ' '\012' < .deps/$(*F).pp \

+ | sed -e 's/^\\$$//' -e '/^$$/ d' -e '/:$$/ d' -e 's/$$/ :/' \

+ >> .deps/$(*F).P; \

+ rm -f .deps/$(*F).pp

+info-am:

+info: info-am

+dvi-am:

+dvi: dvi-am

+check-am: all-am

+check: check-am

+installcheck-am:

+installcheck: installcheck-am

+all-recursive-am: config.h

+ $(MAKE) $(AM_MAKEFLAGS) all-recursive

+

+install-exec-am: install-exec-local

+install-exec: install-exec-am

+

+install-data-am: install-man install-data-local

+install-data: install-data-am

+

+install-am: all-am

+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am

+install: install-am

+uninstall-am: uninstall-man uninstall-local

+uninstall: uninstall-am

+all-am: Makefile $(PROGRAMS) $(MANS) config.h

+all-redirect: all-am

+install-strip:

+ $(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install

+installdirs:

+ $(mkinstalldirs) $(DESTDIR)$(mandir)/man5

+

+

+mostlyclean-generic:

+

+clean-generic:

+

+distclean-generic:

+ -rm -f Makefile $(CONFIG_CLEAN_FILES)

+ -rm -f config.cache config.log stamp-h stamp-h[0-9]*

+

+maintainer-clean-generic:

+mostlyclean-am: mostlyclean-hdr mostlyclean-noinstPROGRAMS \

+ mostlyclean-compile mostlyclean-tags mostlyclean-depend \

+ mostlyclean-generic

+

+mostlyclean: mostlyclean-am

+

+clean-am: clean-hdr clean-noinstPROGRAMS clean-compile clean-tags \

+ clean-depend clean-generic mostlyclean-am

+

+clean: clean-am

+

+distclean-am: distclean-hdr distclean-noinstPROGRAMS distclean-compile \

+ distclean-tags distclean-depend distclean-generic \

+ clean-am

+

+distclean: distclean-am

+ -rm -f config.status

+

+maintainer-clean-am: maintainer-clean-hdr \

+ maintainer-clean-noinstPROGRAMS \

+ maintainer-clean-compile maintainer-clean-tags \

+ maintainer-clean-depend maintainer-clean-generic \

+ distclean-am

+ @echo "This command is intended for maintainers to use;"

+ @echo "it deletes files that may require special tools to rebuild."

+

+maintainer-clean: maintainer-clean-am

+ -rm -f config.status

+

+.PHONY: mostlyclean-hdr distclean-hdr clean-hdr maintainer-clean-hdr \

+mostlyclean-noinstPROGRAMS distclean-noinstPROGRAMS \

+clean-noinstPROGRAMS maintainer-clean-noinstPROGRAMS \

+mostlyclean-compile distclean-compile clean-compile \

+maintainer-clean-compile install-man5 uninstall-man5 install-man \

+uninstall-man tags mostlyclean-tags distclean-tags clean-tags \

+maintainer-clean-tags distdir mostlyclean-depend distclean-depend \

+clean-depend maintainer-clean-depend info-am info dvi-am dvi check \

+check-am installcheck-am installcheck all-recursive-am \

+install-exec-local install-exec-am install-exec install-data-local \

+install-data-am install-data install-am install uninstall-local \

+uninstall-am uninstall all-redirect all-am all installdirs \

+mostlyclean-generic distclean-generic clean-generic \

+maintainer-clean-generic clean mostlyclean distclean maintainer-clean

+

+

+# AIX install instructions per doc/README.AIX

+

+@AIX_TRUE@install-exec-local: nss_ldap.so NSS_LDAP

+@AIX_TRUE@ $(mkinstalldirs) $(DESTDIR)$(libdir)/netsvc/dynload

+@AIX_TRUE@ $(INSTALL_PROGRAM) -o $(INST_UID) -g $(INST_GID) nss_ldap.so $(DESTDIR)$(libdir)/netsvc/dynload/nss_ldap.so

+@AIX_TRUE@ $(mkinstalldirs) $(DESTDIR)$(libdir)/security

+@AIX_TRUE@ $(INSTALL_PROGRAM) -o $(INST_UID) -g $(INST_GID) NSS_LDAP $(DESTDIR)$(libdir)/security/NSS_LDAP

+

+# Linux, Solaris, other platform install instructions

+

+@AIX_FALSE@install-exec-local: nss_ldap.so

+@AIX_FALSE@ @$(NORMAL_INSTALL)

+@AIX_FALSE@@GLIBC_TRUE@ -rm -f $(DESTDIR)$(libdir)/$(NSS_LDAP_LIBC_VERSIONED)

+@AIX_FALSE@@GLIBC_TRUE@ $(mkinstalldirs) $(DESTDIR)$(libdir)

+@AIX_FALSE@@GLIBC_TRUE@ $(INSTALL_PROGRAM) -o $(INST_UID) -g $(INST_GID) nss_ldap.so $(DESTDIR)$(libdir)/$(NSS_LDAP_LIBC_VERSIONED)

+@AIX_FALSE@@GLIBC_TRUE@ (cd $(DESTDIR)$(libdir); ln -sf $(NSS_LDAP_LIBC_VERSIONED) $(NSS_LDAP_NSS_VERSIONED))

+@AIX_FALSE@@GLIBC_TRUE@ $(mkinstalldirs) $(DESTDIR)/usr$(libdir)

+@AIX_FALSE@@GLIBC_TRUE@ (cd $(DESTDIR)/usr$(libdir); ln -sf ../..$(libdir)/$(NSS_LDAP_NSS_VERSIONED) .)

+@AIX_FALSE@@GLIBC_FALSE@ $(mkinstalldirs) $(DESTDIR)$(libdir)

+@AIX_FALSE@@GLIBC_FALSE@@HPUX_TRUE@ $(INSTALL_PROGRAM) -o $(INST_UID) -g $(INST_GID) nss_ldap.so $(DESTDIR)$(libdir)/libnss_ldap.1

+@AIX_FALSE@@GLIBC_FALSE@@HPUX_FALSE@ $(INSTALL_PROGRAM) -o $(INST_UID) -g $(INST_GID) nss_ldap.so $(DESTDIR)$(libdir)/nss_ldap.so.1

+@AIX_FALSE@@GLIBC_FALSE@@HPUX_FALSE@ (cd $(DESTDIR)$(libdir); rm -f nss_ldap.so; ln -s nss_ldap.so.1 nss_ldap.so)

+

+install-data-local:

+ @$(NORMAL_INSTALL)

+ @if test ! -f $(DESTDIR)$(NSS_LDAP_PATH_CONF); then \

+ $(mkinstalldirs) $(DESTDIR)$(dir $(NSS_LDAP_PATH_CONF)); \

+ $(INSTALL_DATA) -o $(INST_UID) -g $(INST_GID) $(srcdir)/ldap.conf $(DESTDIR)$(NSS_LDAP_PATH_CONF); \

+ fi

+ $(INSTALL_DATA) -o $(INST_UID) -g $(INST_GID) $(srcdir)/nsswitch.ldap $(DESTDIR)$(sysconfdir)/nsswitch.ldap;

+

+uninstall-local:

+ @$(NORMAL_UNINSTALL)

+

+# Tell versions [3.59,3.63) of GNU make to not export all variables.

+# Otherwise a system limit (for SysV at least) may be exceeded.

+.NOEXPORT:

+#ident $Id: NEWS,v 2.5 2004/06/19 05:23:05 lukeh Exp $

+

+Please contact PADL Software Development Support <dev@padl.com>

+if you wish to contribute.

+

+Please see http://bugzilla.padl.com for more information!

+

+BUGZILLA BUGS:

+==============

+

+BUGS 18, 19, 20, 34 would be good to fix soon.

+

+[BUG#12]

+- we should probably put the session, under Solaris, in the backend.

+ We need to do so in a way that remains compatible with the GNU NSS,

+ where I expect we need to open a connection for every lookup.

+ In nscd, where the backends are cached, it doesn't make sense to keep

+ opening and closing sockets to the LDAP server, particularly as the

+ rebinding logic was put there to *allow* the connection to be long

+ lived (marked RESOLVED LATER; a single connection is now used per

+ process)

+

+[BUG#12]

+- ditto for IRS: the private data should contain the session and be long

+ lived.

+

+[BUG#13]

+- we could clean up the text segment a bit by generating filters on the

+ fly from object classes and attributes, instead of storing them. This

+ seems to be important under Solaris as the linker doesn't intern strings (?)

+ All that filter-constructing stuff in the ldap-*.h headers is UGLY.

+ (marked RESOLVED LATER)

+

+[BUG#14]

+- infinite recursion is host lookup -- libldap uses gethostbyname(). Perhaps

+ we should link with a custom gethostbyname() which uses DNS only??? (This

+ is nominally the LDAP client library's problem but we could short-circuit

+ by resolving the IP addresses ourselves). (marked RESOLVED INVALID)

+

+[BUG#16]

+- finish implementing dl-*.c (LOW priority). In fact I'm tempted to remove

+ this from the line up: SGI have their own LDAP C library support, and

+ so do DEC (with SIA). (removed dl-*.c; marked RESOLVED WONTFIX)

+

+[BUG#17]

+- implement gethostbyname2() and

+ debug IPv6 support in ldap-hosts.c (and ldap-network.c?) (Uli?)

+

+[BUG#19]

+- add support for DHCP and coldstart configuration. Coldstart should

+ update /etc/ldap.conf (/var/ldap/LDAP_CLIENT_CACHE?). Should probably

+ add support for the HP/Sun server profile schema (marked RESOLVED

+ LATER)

+

+[BUG#21]

+- write testsuite (marked RESOLVED LATER)

+

+[BUG#22]

+- support for bootparams map (marked RESOLVED LATER)

+

+[BUG#34]

+- shells hang on Solaris for LDAP users (marked RESOLVED LATER;

+Solaris 7 users get patch cluster 106541-12)

+

+[BUG#49]

+- race condition in ldap-nss.c (FIXED in nss_ldap-121)

+

+[BUG#50]

+- check return value of ldap_simple_bind() (FIXED in nss_ldap-122)

+

+[BUG#63]

+- integrate support for runtime schema mapping (FIXED in nss_ldap-168)

+

+To: linux-ldap@rage.net

+Cc: ldap-nis@padl.com

+Subject: Re: Netgroups [in nss_ldap]

+Fcc: +outgoing

+Reply-To: lukeh@padl.com

+

+[ ldap-nis readers may find this interesting. ]

+

+Matt,

+

+>Ok, i am going to see if I can do something with netgroups. Which of

+>the services would be best to model ldap-netgrp.c after?

+>

+>I am not familiar with adding a new service to nss_ldap. What is

+>involved? Do you think you could give a general overview of what has

+>to happen to get the netgroup service doing SOMETHING?

+

+First, you need to familiarize yourself with the netgroup resolution

+APIs. It's important that you implement something that works for both

+Solaris and the GNU C Library (and, possibly, the BIND IRS, although

+no one seems to be particularly interested in that switch). I haven't

+looked into them in great detail. You'll need to create ldap-netgrp.c

+(rip off ldap-pwd.c for starters). and implement the following:

+

+Linux

+=====

+

+NSS_STATUS

+_nss_ldap_setnetgrent(const char *group, struct __netgrent *result);

+

+NSS_STATUS

+_nss_ldap_endnetgrent(struct __netgrent *result);

+

+NSS_STATUS

+_nss_ldap_getnetgrent_r(struct __netgrent *result, char *buffer,

+ size_t buflen, int *errnop);

+

+Because netgroups are just triples in LDAP, you should be able to avail

+yourself of the _nss_netgroup_parseline() helper function. (Having

+the glibc source handy would be helpful.) Call this from the parser

+(see below) for values of the "nisNetgroupTriple" attribute.

+

+Solaris

+=======

+

+Check out /usr/include/nss_dbdefs.h. It looks pretty hairy:

+FYI, let's look at how a user is resolved:

+

+NSS_STATUS

+_nss_ldap_getpwnam_r (

+ const char *name,

+ struct passwd * result,

+ char *buffer,

+ size_t buflen,

+ int *errnop)

+{

+ LOOKUP_NAME (name, result, buffer, buflen, errnop, filt_getpwnam, pw_attributes, _nss_ldap_parse_pw);

+}

+

+The LOOKUP_NAME macro marshalls arguments to pass to

+_nss_ldap_getbyname(), which is responsible for searching in the

+directory. If the search is successful, this function will call

+the parser (_nss_ldap_parse_pw()) with the LDAP result, and

+the buffers supplied by the user. The parser is responsible

+for mapping the LDAP entry into a struct pwent or whatever.

+There are helper functions provided for doing such, for example

+_nss_ldap_assign_attrval():

+

+ stat = _nss_ldap_assign_attrval (ld, e, LDAP_ATTR_USERNAME, &pw->pw_name, &buffer, &buflen);

+ if (stat != NSS_SUCCESS)

+

+This model works well when there is a 1:1 mapping between LDAP

+entries and entities that the host API is responsible for. Things

+get a bit trickier for things like getgroupsbymember(). Hope

+this helps. Note that for Solaris, each backend has a dispatch

+table, a "constructor" (_nss_ldap_passwd_constr, for example).

+

+LDAP NAMESERVICE SWITCH LIBRARY

+===============================

+

+This is the nss_ldap library, an LDAP module for the Solaris Nameservice

+Switch (NSS), the GNU libc NSS, and the ISC BIND IRS (used on BSDI

+and IRS).

+

+The LDAP schema used is described in RFC 2307

+

+Insert this:

+

+passwd: files nis ldap

+group: files nis ldap

+

+or something similar in /etc/nsswitch.conf.

+

+The source code is distributed under the GNU General Library Public Licence

+(see COPYING.LIB).

+

+Platforms this has been built under:

+

+ o Linux 2.x

+ o Solaris 2.4, 2.6, 7, 8

+ o FreeBSD BIND 8.x (not useful unless you recompile libc)

+ o AIX 4.3.3 with IRS

+

+If you are willing to use an older, and possibly buggy, version

+of nss_ldap, you *might* find patches to get it to work with the

+"real" FreeBSD nsswitch at http://www.nectar.com/freebsd/nsswitch.

+

+To install:

+

+% ./configure

+% make

+% make install

+

+NB: you need to use GNU make! (often called gmake or gnumake)

+

+1. Installation

+---------------

+

+You need to ensure libnss_ldap.so.1 (or nss_ldap.so.1, for Solaris) is in

+/usr/lib.

+

+2. Building shared LDAP client libraries

+----------------------------------------

+

+You can build a position independent LDAP client library by compiling

+-fPIC and linking with -shared, or downloading the Mozilla or Netscape

+LDAP SDKs. Note that OpenLDAP only appears to build shared libraries

+on some platforms (apparently not Solaris?). To build these, configure

+with --enable-shared.

+

+Q: Using the Netscape LDAP library with pam_ldap on Solaris 8

+- aka Solaris 2.8 - fails to link properly! David Begley writes:

+

+There are two releases of the Netscape LDAP library, one marked

+for Solaris 8 and the other marked for Solaris 2.6 - the additional

+catch is that the Solaris 8 library is a 64-bit library (this is marked

+on Netscape's site) whilst the other is a 32-bit library.

+

+It doesn't matter if you have a 64-bit UltraSPARC processor running

+the 64-bit Solaris kernel, if your compiler only works with 32-bit

+objects then it won't successfully link the 64-bit Solaris 8

+Netscape LDAP library.

+

+GCC (up to version 2.95.2) does not work properly with 64-bit objects

+under Solaris, so just use the Solaris 2.6 (32-bit) Netscape LDAP

+library and everything should be fine.

+

+Q: Can I use a third-party client LDAP library (such as Netscape's)

+on Solaris 7? David Begley writes:

+

+Yes, but if you have the Solaris 7 LDAP library installed (package

+SUNWlldap or SUNWldapx) configure will find it before the third-party

+library - in this case, you can't rely on the auto-lib-type detection of

+configure and must use the "--with-ldap-lib=" parameter.

+

+Q: Why does linking fail on Solaris 2.6 (complaining about

+relocations remaining against libcrypt)? David Begley

+writes:

+

+In short, the problem is that GCC is looking for a shared libcrypt

+(in response to the "--shared" parameter) which doesn't exist on

+Solaris 2.6 (but does on Solaris 7). The fix is quite simple, use

+"-G" instead of "--shared" (could this be a GCC bug?). This change

+should already be included in newer versions of pam_ldap.

+

+It doesn't look like libcrypt is even needed if you're using the

+Netscape LDAP client library (maybe it's required for OpenLDAP?).

+

+Scott M. Stone <sstone@foo3.com> writes:

+Your openldap libs *and* your SSL/RSAREF libs must be DYNAMIC LIBRARIES

+or neither nss_ldap nor pam_ldap will work.

+

+3. glibc 2.0 compatibility

+--------------------------

+

+Current versions of the nss_ldap library are designed to work with

+glibc 2.1, not glibc 2.0. They _may_ work with glibc 2.0. YMMV.

+

+4. RFC2307BIS

+-------------

+

+Compiling with -DRFC2307BIS adds rfc2307bis support, which at the

+moment just gets you support for groups with distinguished name

+members (instead of login names). A posixGroup can thus have the

+both memberUid and uniqueMember attributes.

+

+5. Building under FreeBSD

+-------------------------

+

+Here's what I do to build it under FreeBSD. You will need to

+link it into libbind.a for it actually to be useful.

+

+CPPFLAGS="-I/usr/local/include -I/usr/local/include/bind -DPIC"

+export CPPFLAGS

+CFLAGS=$CPPFLAGS # this is weird

+export CFLAGS

+LDFLAGS="-L/usr/local/lib"

+LIBS="-lbind_r -lgnuregex -lsasl -lkrb"

+export LDFLAGS LIBS

+./configure

+make

+

+6. Solaris, shadowAccount

+-------------------------

+

+Joerg Paysen notes:

+

+> I think its extremly important that you have a

+> /etc/shadow file so that an ObjectClass shadowAccount

+> will be created in the ldap database. My experience is

+> that without shadowAccount nss_ldap does not work on

+> solaris!!

+

+7. Secret file

+--------------

+

+If using /etc/ldap.secret, it must have a newline at the end

+of the secret.

+

+8. Mailing lists

+----------------

+

+To discuss nss_ldap and related technologies, you may

+subscribe to the following mailing lists:

+

+ <URL:mailto:nssldap-request@padl.com>

+and

+ <URL:mailto:ldap-nis-request@padl.com>

+

+Send an electronic mail message with "subscribe" in the

+message body to join the list.

+

+9. Commercial support

+---------------------

+

+Note that PADL now offer commercial support on a

+per-incident basis.

+

+To request a support incident, send email to: nssldap-support@padl.com

+

+--

+PADL Software Pty Ltd

+nssldap-support@padl.com

+http://www.padl.com/

+

+/* Define to the number of arguments to ldap_set_rebindproc */

+#undef LDAP_SET_REBIND_PROC_ARGS

+

+/* define to the number of args to gethostbyname_r */

+#undef GETHOSTBYNAME_R_ARGS

+

+/* define to set RFC2307BIS support */

+#undef RFC2307BIS

+

+/* define to enable debug code */

+#undef DEBUG

+

+/* define to enable attribute/objectclass mapping */

+#undef AT_OC_MAP

+

+/* define to enable proxy authentication for AIX */

+#undef PROXY_AUTH

+

+/* define to enable paged results control */

+#undef PAGE_RESULTS

+

+/* define to enable configurable Kerberos credentials cache */

+#undef CONFIGURE_KRB5_CCNAME

+

+/* define to enable configurable Kerberos credentials cache (putenv method) */

+#undef CONFIGURE_KRB5_CCNAME_ENV

+

+/* define to enable configurable Kerberos credentials cache (gssapi method) */

+#undef CONFIGURE_KRB5_CCNAME_GSSAPI

+

+/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */

+#undef HAVE_GSSAPI_GSSAPI_KRB5_H

+

+/* define to enable struct ether_addr definition */

+#undef HAVE_STRUCT_ETHER_ADDR

+

+/* define to enable socklen_t definition */

+#undef HAVE_SOCKLEN_T

+

+/* define if struct passwd has a pw_change member */

+#undef HAVE_PASSWD_PW_CHANGE

+

+/* define if struct passwd has a pw_expire member */

+#undef HAVE_PASSWD_PW_EXPIRE

+

+/* path to LDAP configuration file */

+#define NSS_LDAP_PATH_CONF "/etc/ldap.conf"

+

+/* path to LDAP root secret file */

+#define NSS_LDAP_PATH_ROOTPASSWD "/etc/ldap.secret"

+

+/* maximum number of group members in static buffer */

+#define LDAP_NSS_NGROUPS 64

+

+dnl aclocal.m4 generated automatically by aclocal 1.4-p5

+

+dnl Copyright (C) 1994, 1995-8, 1999, 2001 Free Software Foundation, Inc.

+dnl This file is free software; the Free Software Foundation

+dnl gives unlimited permission to copy and/or distribute it,

+dnl with or without modifications, as long as this notice is preserved.

+

+dnl This program is distributed in the hope that it will be useful,

+dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without

+dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A

+dnl PARTICULAR PURPOSE.

+

+# Do all the work for Automake. This macro actually does too much --

+# some checks are only needed if your package does certain things.

+# But this isn't really a big deal.

+

+# serial 1

+

+dnl Usage:

+dnl AM_INIT_AUTOMAKE(package,version, [no-define])

+

+AC_DEFUN([AM_INIT_AUTOMAKE],

+[AC_REQUIRE([AC_PROG_INSTALL])

+PACKAGE=[$1]

+AC_SUBST(PACKAGE)

+VERSION=[$2]

+AC_SUBST(VERSION)

+dnl test to see if srcdir already configured

+if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then

+ AC_MSG_ERROR([source directory already configured; run "make distclean" there first])

+fi

+ifelse([$3],,

+AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])

+AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package]))

+AC_REQUIRE([AM_SANITY_CHECK])

+AC_REQUIRE([AC_ARG_PROGRAM])

+dnl FIXME This is truly gross.

+missing_dir=`cd $ac_aux_dir && pwd`

+AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir)

+AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir)

+AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir)

+AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir)

+AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir)

+AC_REQUIRE([AC_PROG_MAKE_SET])])

+

+#

+# Check to make sure that the build environment is sane.

+#

+

+AC_DEFUN([AM_SANITY_CHECK],

+[AC_MSG_CHECKING([whether build environment is sane])

+# Just in case

+sleep 1

+echo timestamp > conftestfile

+# Do `set' in a subshell so we don't clobber the current shell's

+# arguments. Must try -L first in case configure is actually a

+# symlink; some systems play weird games with the mod time of symlinks

+# (eg FreeBSD returns the mod time of the symlink's containing

+# directory).

+if (

+ set X `ls -Lt $srcdir/configure conftestfile 2> /dev/null`

+ if test "[$]*" = "X"; then

+ # -L didn't work.

+ set X `ls -t $srcdir/configure conftestfile`

+ fi

+ if test "[$]*" != "X $srcdir/configure conftestfile" \

+ && test "[$]*" != "X conftestfile $srcdir/configure"; then

+

+ # If neither matched, then we have a broken ls. This can happen

+ # if, for instance, CONFIG_SHELL is bash and it inherits a

+ # broken ls alias from the environment. This has actually

+ # happened. Such a system could not be considered "sane".

+ AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken

+alias in your environment])

+ fi

+

+ test "[$]2" = conftestfile

+ )

+then

+ # Ok.

+ :

+else

+ AC_MSG_ERROR([newly created file is older than distributed files!

+Check your system clock])

+fi

+rm -f conftest*

+AC_MSG_RESULT(yes)])

+

+dnl AM_MISSING_PROG(NAME, PROGRAM, DIRECTORY)

+dnl The program must properly implement --version.

+AC_DEFUN([AM_MISSING_PROG],

+[AC_MSG_CHECKING(for working $2)

+# Run test in a subshell; some versions of sh will print an error if

+# an executable is not found, even if stderr is redirected.

+# Redirect stdin to placate older versions of autoconf. Sigh.

+if ($2 --version) < /dev/null > /dev/null 2>&1; then

+ $1=$2

+ AC_MSG_RESULT(found)

+else

+ $1="$3/missing $2"

+ AC_MSG_RESULT(missing)

+fi

+AC_SUBST($1)])

+

+# Like AC_CONFIG_HEADER, but automatically create stamp file.

+

+AC_DEFUN([AM_CONFIG_HEADER],

+[AC_PREREQ([2.12])

+AC_CONFIG_HEADER([$1])

+dnl When config.status generates a header, we must update the stamp-h file.

+dnl This file resides in the same directory as the config header

+dnl that is generated. We must strip everything past the first ":",

+dnl and everything past the last "/".

+AC_OUTPUT_COMMANDS(changequote(<<,>>)dnl

+ifelse(patsubst(<<$1>>, <<[^ ]>>, <<>>), <<>>,

+<<test -z "<<$>>CONFIG_HEADERS" || echo timestamp > patsubst(<<$1>>, <<^\([^:]*/\)?.*>>, <<\1>>)stamp-h<<>>dnl>>,

+<<am_indx=1

+for am_file in <<$1>>; do

+ case " <<$>>CONFIG_HEADERS " in

+ *" <<$>>am_file "*<<)>>

+ echo timestamp > `echo <<$>>am_file | sed -e 's%:.*%%' -e 's%[^/]*$%%'`stamp-h$am_indx

+ ;;

+ esac

+ am_indx=`expr "<<$>>am_indx" + 1`

+done<<>>dnl>>)

+changequote([,]))])

+

+# Define a conditional.

+

+AC_DEFUN([AM_CONDITIONAL],

+[AC_SUBST($1_TRUE)

+AC_SUBST($1_FALSE)

+if $2; then

+ $1_TRUE=

+ $1_FALSE='#'

+else

+ $1_TRUE='#'

+ $1_FALSE=

+fi])

+

+/* Copyright (C) 2002-2005 Luke Howard.

+ This file is part of the nss_ldap library.

+ Contributed by Luke Howard, <lukeh@padl.com>, 2002.

+

+ The nss_ldap library is free software; you can redistribute it and/or

+ modify it under the terms of the GNU Library General Public License as

+ published by the Free Software Foundation; either version 2 of the

+ License, or (at your option) any later version.

+

+ The nss_ldap library is distributed in the hope that it will be useful,

+ but WITHOUT ANY WARRANTY; without even the implied warranty of

+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

+ Library General Public License for more details.

+

+ You should have received a copy of the GNU Library General Public

+ License along with the nss_ldap library; see the file COPYING.LIB. If not,

+ write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,

+ Boston, MA 02111-1307, USA.

+ */

+

+/*

+ * Shim to support AIX loadable authentication modules

+ */

+

+#include "config.h"

+

+static char rcsId[] =

+ "$Id: aix_authmeth.c,v 2.31 2006/02/24 01:28:59 lukeh Exp $";

+

+#ifdef HAVE_USERSEC_H

+

+#include <stdlib.h>

+#include <string.h>

+#include <usersec.h>

+

+#ifdef HAVE_LBER_H

+#include <lber.h>

+#endif

+#ifdef HAVE_LDAP_H

+#include <ldap.h>

+#endif

+

+#include "ldap-nss.h"

+#include "util.h"

+

+#define TABLE_KEY_ALL "ALL"

+#define TABLE_USER "user"

+#define TABLE_GROUP "group"

+

+#define S_LDAPDN "ldapdn"

+

+static struct irs_gr *uess_gr_be = NULL;

+static struct irs_pw *uess_pw_be = NULL;

+

+extern void *gr_pvtinit (void); /* irs-grp.c */

+extern void *pw_pvtinit (void); /* irs-pwd.c */

+

+/* from ldap-grp.c */

+extern char *_nss_ldap_getgrset (char *user);

+

+/* search arguments for getentry method */

+typedef struct ldap_uess_args

+{

+ /* argument block */

+ const char *lua_key;

+ const char *lua_table;

+ char **lua_attributes;

+ attrval_t *lua_results;

+ int lua_size;

+

+ /* private */

+ ldap_map_selector_t lua_map;

+ size_t lua__bufsiz;

+ size_t lua__buflen;

+ char *lua__buffer;

+ const char *lua_naming_attribute;

+}

+ldap_uess_args_t;

+

+static NSS_STATUS uess_get_char (LDAPMessage * e, ldap_uess_args_t * arg, int index);

+static NSS_STATUS uess_get_char_ex (LDAPMessage * e, ldap_uess_args_t * arg, int index, const char *attribute);

+static NSS_STATUS uess_get_int (LDAPMessage * e, ldap_uess_args_t * arg, int index);

+static NSS_STATUS uess_get_pgrp (LDAPMessage * e, ldap_uess_args_t * arg, int index);

+static NSS_STATUS uess_get_groupsids (LDAPMessage * e, ldap_uess_args_t * arg, int index);

+static NSS_STATUS uess_get_gecos (LDAPMessage * e, ldap_uess_args_t * arg, int index);

+static NSS_STATUS uess_get_pwd (LDAPMessage * e, ldap_uess_args_t * arg, int index);

+static NSS_STATUS uess_get_dn (LDAPMessage * e, ldap_uess_args_t * arg, int index);

+

+/* dispatch table for retrieving UESS attribute from an LDAP entry */

+struct ldap_uess_fn

+{

+ const char *luf_attribute;

+ NSS_STATUS (*luf_translator) (LDAPMessage * e,

+ ldap_uess_args_t *, int);

+}

+ldap_uess_fn_t;

+

+static struct ldap_uess_fn __uess_fns[] = {

+ {S_GECOS, uess_get_gecos},

+ {S_GROUPSIDS, uess_get_groupsids},

+ {S_HOME, uess_get_char},

+ {S_ID, uess_get_int},

+ {S_PWD, uess_get_pwd},

+ {S_SHELL, uess_get_char},

+ {S_PGRP, uess_get_pgrp},

+ {SEC_PASSWD, uess_get_char},

+ {SEC_LASTUP, uess_get_int},

+ {S_MAXAGE, uess_get_int},

+ {S_MINAGE, uess_get_int},

+ {S_MAXEXPIRED, uess_get_int},

+ {S_PWDWARNTIME, uess_get_int},

+ /* add additional attributes we know about here */

+ {S_LDAPDN, uess_get_dn},

+ {NULL, NULL}

+};

+

+#define GR_PVTINIT() do { \

+ if (uess_gr_be == NULL) { \

+ uess_gr_be = (struct irs_gr *) gr_pvtinit (); \

+ if (uess_gr_be == NULL) \

+ return NULL; \

+ } \

+ } while (0)

+

+#define PW_PVTINIT() do { \

+ if (uess_pw_be == NULL) { \

+ uess_pw_be = (struct irs_pw *) pw_pvtinit (); \

+ if (uess_pw_be == NULL) \

+ return NULL; \

+ } \

+ } while (0)

+

+static void *

+_nss_ldap_uess_open (const char *name, const char *domain,

+ const int mode, char *options)

+{

+ /* Currently we do not use the above parameters */

+ GR_PVTINIT();

+ PW_PVTINIT();

+

+ return NULL;

+}

+

+static void

+_nss_ldap_uess_close (void *token)

+{

+ if (uess_gr_be != NULL)

+ {

+ (uess_gr_be->close) (uess_gr_be);

+ uess_gr_be = NULL;

+ }

+

+ if (uess_pw_be != NULL)

+ {

+ (uess_pw_be->close) (uess_pw_be);

+ uess_pw_be = NULL;

+ }

+}

+

+static struct group *

+_nss_ldap_getgrgid (gid_t gid)

+{

+ GR_PVTINIT ();

+

+ return (uess_gr_be->bygid) (uess_gr_be, gid);

+}

+

+static struct group *

+_nss_ldap_getgrnam (const char *name)

+{

+ GR_PVTINIT ();

+

+ return (uess_gr_be->byname) (uess_gr_be, name);

+}

+

+static struct passwd *

+_nss_ldap_getpwuid (uid_t uid)

+{

+ PW_PVTINIT ();

+

+ return (uess_pw_be->byuid) (uess_pw_be, uid);

+}

+

+static struct passwd *

+_nss_ldap_getpwnam (const char *name)

+{

+ PW_PVTINIT ();

+

+ return (uess_pw_be->byname) (uess_pw_be, name);

+}

+

+static struct group *

+_nss_ldap_getgracct (void *id, int type)

+{

+ GR_PVTINIT ();

+

+ if (type == SEC_INT)

+ return (uess_gr_be->bygid) (uess_gr_be, *(gid_t *) id);

+ else

+ return (uess_gr_be->byname) (uess_gr_be, (char *) id);

+}

+

+static int

+_nss_ldap_authenticate (char *user, char *response, int *reenter,

+ char **message)

+{

+ NSS_STATUS stat;

+ int rc;

+

+ debug ("==> _nss_ldap_authenticate");

+

+ *reenter = FALSE;

+ *message = NULL;

+

+ stat = _nss_ldap_proxy_bind (user, response);

+

+ switch (stat)

+ {

+ case NSS_TRYAGAIN:

+ rc = AUTH_FAILURE;

+ break;

+ case NSS_NOTFOUND:

+ rc = AUTH_NOTFOUND;

+ break;

+ case NSS_SUCCESS:

+ rc = AUTH_SUCCESS;

+ break;

+ default:

+ case NSS_UNAVAIL:

+ rc = AUTH_UNAVAIL;

+ break;

+ }

+

+ debug ("<== _nss_ldap_authenticate");

+

+ return rc;

+}

+

+/*

+ * Support this for when proxy authentication is disabled.

+ * There may be some re-entrancy issues here; not sure

+ * if we are supposed to return allocated memory or not,

+ * this is not documented. I am assuming not in line with

+ * the other APIs.

+ */

+static char *

+_nss_ldap_getpasswd (char *user)

+{

+ struct passwd *pw;

+ static char pwdbuf[32];

+ char *p = NULL;

+

+ debug ("==> _nss_ldap_getpasswd");

+

+ pw = _nss_ldap_getpwnam (user);

+ if (pw != NULL)

+ {

+ if (strlen (pw->pw_passwd) > sizeof (pwdbuf) - 1)

+ {

+ errno = ERANGE;

+ }

+ else

+ {

+ strcpy (pwdbuf, pw->pw_passwd);

+ p = pwdbuf;

+ }

+ }

+ else

+ {

+ errno = ENOENT; /* user does not exist */

+ }

+

+ debug ("<== _nss_ldap_getpasswd");

+

+ return p;

+}

+

+/*

+ * Convert a UESS table string to an nss_ldap map type

+ */

+static ldap_map_selector_t

+table2map (const char *table)

+{

+ if (strcmp (table, TABLE_USER) == 0)

+ return LM_PASSWD;

+ else if (strcmp (table, TABLE_GROUP) == 0)

+ return LM_GROUP;

+

+ return LM_NONE;

+}

+

+/*

+ * Convert a UESS key to an nss_ldap internal search query

+ */

+static ldap_args_t *

+key2filter (char *key, ldap_map_selector_t map,

+ ldap_args_t * a, const char **filter)

+{

+ if (strcmp (key, TABLE_KEY_ALL) == 0)

+ {

+ if (map == LM_PASSWD)

+ *filter = _nss_ldap_filt_getpwent;

+ else

+ *filter = _nss_ldap_filt_getgrent;

+

+ return NULL; /* indicates enumeration */

+ }

+

+ LA_INIT (*a);

+ LA_TYPE (*a) = LA_TYPE_STRING;

+ LA_STRING (*a) = key;

+

+ if (map == LM_PASSWD)

+ *filter = _nss_ldap_filt_getpwnam;

+ else

+ *filter = _nss_ldap_filt_getgrnam;

+

+ return a;

+}

+

+/*

+ * Map a UESS attribute to an LDAP attribute

+ */

+static const char *

+uess2ldapattr (ldap_map_selector_t map, const char *attribute)

+{

+ if (strcmp (attribute, "username") == 0)

+ return ATM (LM_PASSWD, uid);

+ else if (strcmp (attribute, "groupname") == 0)

+ return ATM (LM_GROUP, cn);

+ else if (strcmp (attribute, S_ID) == 0)

+ {

+ if (map == LM_PASSWD)

+ return ATM (LM_PASSWD, uidNumber);

+ else

+ return ATM (LM_GROUP, gidNumber);

+ }

+ else if (strcmp (attribute, S_PWD) == 0)

+ return ATM (LM_PASSWD, userPassword);

+ else if (strcmp (attribute, S_HOME) == 0)

+ return ATM (LM_PASSWD, homeDirectory);

+ else if (strcmp (attribute, S_SHELL) == 0)

+ return ATM (LM_PASSWD, loginShell);

+ else if (strcmp (attribute, S_GECOS) == 0)

+ return ATM (LM_PASSWD, gecos);

+ else if (strcmp (attribute, SEC_PASSWD) == 0)

+ return ATM (LM_SHADOW, userPassword);

+ else if (strcmp (attribute, SEC_LASTUP) == 0)

+ return ATM (LM_SHADOW, shadowLastChange);

+ else if (strcmp (attribute, S_MAXAGE) == 0)

+ return ATM (LM_SHADOW, shadowMax);

+ else if (strcmp (attribute, S_MINAGE) == 0)

+ return ATM (LM_SHADOW, shadowMin);

+ else if (strcmp (attribute, S_MAXEXPIRED) == 0)

+ return ATM (LM_SHADOW, shadowExpire);

+ else if (strcmp (attribute, S_PWDWARNTIME) == 0)

+ return ATM (LM_SHADOW, shadowWarning);

+ else if (strcmp (attribute, S_PGRP) == 0)

+ return ATM (LM_GROUP, cn);

+ else if (strcmp (attribute, S_USERS) == 0)

+ return ATM (LM_GROUP, memberUid);

+

+ return NULL;

+}

+

+/*

+ * Get primary group name for a user

+ */

+static NSS_STATUS

+uess_get_pgrp (LDAPMessage * e, ldap_uess_args_t * lua, int i)

+{

+ char **vals;

+ LDAPMessage *res;

+ const char *attrs[2];

+ NSS_STATUS stat;

+ ldap_args_t a;

+

+ vals = _nss_ldap_get_values (e, ATM (LM_PASSWD, gidNumber));

+ if (vals == NULL)

+ return NSS_NOTFOUND;

+

+ LA_INIT (a);

+ LA_TYPE (a) = LA_TYPE_NUMBER;

+ LA_NUMBER (a) = atol(vals[0]);

+

+ attrs[0] = ATM (LM_GROUP, cn);

+ attrs[1] = NULL;

+

+ stat = _nss_ldap_search_s (&a, _nss_ldap_filt_getgrgid, LM_GROUP,

+ attrs, 1, &res);

+ if (stat != NSS_SUCCESS)

+ {

+ ldap_value_free (vals);

+ return NSS_NOTFOUND;

+ }

+

+ ldap_value_free (vals);

+

+ e = _nss_ldap_first_entry (res);

+ if (e == NULL)

+ {

+ ldap_msgfree (res);

+ return NSS_NOTFOUND;

+ }

+

+ stat = uess_get_char_ex (e, lua, i, attrs[0]);

+

+ ldap_msgfree (res);

+

+ return stat;

+}

+

+/*

+ * Get groups to which a user belongs

+ */

+static NSS_STATUS

+uess_get_groupsids (LDAPMessage * e, ldap_uess_args_t * lua, int i)

+{

+ char *p, *q;

+ size_t len;

+

+ p = _nss_ldap_getgrset ((char *) lua->lua_key);

+ if (p == NULL)

+ return NSS_NOTFOUND;

+

+ len = strlen (p);

+ q = malloc (len + 2);

+ if (q == NULL)

+ {

+ errno = ENOMEM;

+ return NSS_NOTFOUND;

+ }

+

+ memcpy (q, p, len + 1);

+ q[len + 1] = '\0';

+

+ free (p);

+ p = NULL;

+

+ for (p = q; *p != '\0'; p++)

+ {

+ if (*p == ',')

+ *p++ = '\0';

+ }

+

+ lua->lua_results[i].attr_un.au_char = q;

+

+ return NSS_SUCCESS;

+}

+

+/*

+ * Get a mapped UESS string attribute

+ */

+static NSS_STATUS

+uess_get_char (LDAPMessage * e, ldap_uess_args_t * lua, int i)

+{

+ const char *attribute;

+

+ attribute = uess2ldapattr (lua->lua_map, lua->lua_attributes[i]);

+ if (attribute == NULL)

+ return NSS_NOTFOUND;

+

+ return uess_get_char_ex (e, lua, i, attribute);

+}

+

+/*

+ * Get a specific LDAP attribute

+ */

+static NSS_STATUS

+uess_get_char_ex (LDAPMessage * e,

+ ldap_uess_args_t * lua, int i, const char *attribute)

+{

+ char **vals;

+ attrval_t *av = &lua->lua_results[i];

+

+ vals = _nss_ldap_get_values (e, attribute);

+ if (vals == NULL)

+ return NSS_NOTFOUND;

+

+ if (vals[0] == NULL)

+ {

+ ldap_value_free (vals);

+ return NSS_NOTFOUND;

+ }

+

+ av->attr_un.au_char = strdup (vals[0]);

+ if (av->attr_un.au_char == NULL)

+ {

+ ldap_value_free (vals);

+ return NSS_TRYAGAIN;

+ }

+

+ ldap_value_free (vals);

+ return NSS_SUCCESS;

+}

+

+/*

+ * Get an encoded crypt password

+ */

+static NSS_STATUS

+uess_get_pwd (LDAPMessage * e, ldap_uess_args_t * lua, int i)

+{

+ char **vals;

+ attrval_t *av = &lua->lua_results[i];

+ const char *pwd;

+ const char *attribute;

+

+ attribute = uess2ldapattr (lua->lua_map, lua->lua_attributes[i]);

+ if (attribute == NULL)

+ return NSS_NOTFOUND;

+

+ vals = _nss_ldap_get_values (e, attribute);

+ pwd = _nss_ldap_locate_userpassword (vals);

+

+ av->attr_un.au_char = strdup (pwd);

+ if (vals != NULL)

+ ldap_value_free (vals);

+

+ return (av->attr_un.au_char == NULL) ? NSS_TRYAGAIN : NSS_SUCCESS;

+}

+

+/*

+ * Get a UESS integer attribute

+ */

+static NSS_STATUS

+uess_get_int (LDAPMessage * e, ldap_uess_args_t * lua, int i)

+{

+ const char *attribute;

+ char **vals;

+ attrval_t *av = &lua->lua_results[i];

+

+ attribute = uess2ldapattr (lua->lua_map, lua->lua_attributes[i]);

+ if (attribute == NULL)

+ return NSS_NOTFOUND;

+

+ vals = _nss_ldap_get_values (e, attribute);

+ if (vals == NULL)

+ return NSS_NOTFOUND;

+

+ if (vals[0] == NULL)

+ {

+ ldap_value_free (vals);

+ return NSS_NOTFOUND;

+ }

+

+ av->attr_un.au_int = atoi (vals[0]);

+ ldap_value_free (vals);

+ return NSS_SUCCESS;

+}

+

+/*

+ * Get the GECOS/cn attribute

+ */

+static NSS_STATUS

+uess_get_gecos (LDAPMessage * e, ldap_uess_args_t * lua, int i)

+{

+ NSS_STATUS stat;

+

+ stat = uess_get_char (e, lua, i);

+ if (stat == NSS_NOTFOUND)

+ {

+ stat = uess_get_char_ex (e, lua, i, ATM (LM_PASSWD, cn));

+ }

+

+ return stat;

+}

+

+/*

+ * Get the DN

+ */

+static NSS_STATUS

+uess_get_dn (LDAPMessage * e, ldap_uess_args_t * lua, int i)

+{

+ lua->lua_results[i].attr_un.au_char = _nss_ldap_get_dn (e);

+ if (lua->lua_results[i].attr_un.au_char == NULL)

+ return NSS_NOTFOUND;

+

+ return NSS_SUCCESS;

+}

+

+static NSS_STATUS

+do_parse_uess_getentry (LDAPMessage * e,

+ ldap_state_t * pvt, void *result,

+ char *buffer, size_t buflen)

+{

+ ldap_uess_args_t *lua = (ldap_uess_args_t *) result;

+ int i;

+ char **vals;

+ size_t len;

+ NSS_STATUS stat;

+

+ /* If a buffer is supplied, then we are enumerating. */

+ if (lua->lua__buffer != NULL)

+ {

+ attrval_t *av = lua->lua_results;

+

+ vals = _nss_ldap_get_values (e, lua->lua_naming_attribute);

+ if (vals == NULL)

+ return NSS_NOTFOUND;

+

+ if (vals[0] == NULL)

+ {

+ ldap_value_free (vals);

+ return NSS_NOTFOUND;

+ }

+

+ len = strlen (vals[0]) + 1; /* for string terminator */

+

+ if (lua->lua__buflen < len + 1) /* for list terminator */

+ {

+ size_t grow = len + 1;

+ size_t offset = (lua->lua__buffer - av->attr_un.au_char);

+

+ grow += NSS_BUFSIZ - 1;

+ grow -= (grow % NSS_BUFSIZ);

+

+ av->attr_un.au_char =

+ realloc (lua->lua__buffer, lua->lua__bufsiz + grow);

+ if (av->attr_un.au_char == NULL)

+ {

+ ldap_value_free (vals);

+ return NSS_TRYAGAIN;

+ }

+ /* reset buffer pointer in case realloc() returned a new region */

+ lua->lua__buffer = &av->attr_un.au_char[offset];

+ lua->lua__buflen += grow;

+ lua->lua__bufsiz += grow;

+ }

+

+ memcpy (lua->lua__buffer, vals[0], len);

+ lua->lua__buflen -= len;

+ lua->lua__buffer += len;

+ ldap_value_free (vals);

+

+ lua->lua__buffer[0] = '\0'; /* ensure _list_ is always terminated */

+

+ if (av->attr_flag != 0)

+ av->attr_flag = 0;

+

+ return NSS_NOTFOUND; /* trick caller into calling us again */

+ }

+ else

+ {

+ for (i = 0; i < lua->lua_size; i++)

+ {

+ int j;

+ attrval_t *av = &lua->lua_results[i];

+

+ av->attr_flag = -1;

+ av->attr_un.au_char = NULL;

+

+ for (j = 0; __uess_fns[j].luf_attribute != NULL; j++)

+ {

+ if (strcmp (__uess_fns[j].luf_attribute, lua->lua_attributes[i])

+ == 0)

+ {

+ stat = (__uess_fns[j].luf_translator) (e, lua, i);

+ switch (stat)

+ {

+ case NSS_SUCCESS:

+ av->attr_flag = 0;

+ break;

+ case NSS_TRYAGAIN:

+ return NSS_TRYAGAIN;

+ break;

+ default:

+ break;

+ }

+ }

+ }

+ }

+ }

+

+ return NSS_SUCCESS;

+}

+

+static int

+_nss_ldap_getentry (char *key, char *table, char *attributes[],

+ attrval_t results[], int size)

+{

+ NSS_STATUS stat;

+ ent_context_t *ctx = NULL;

+ ldap_args_t a, *ap;

+ const char *filter;

+ int erange = 0;

+ ldap_uess_args_t lua;

+ const char *namingAttributes[2];

+

+ debug ("==> _nss_ldap_getentry (key=%s table=%s attributes[0]=%s size=%d)",

+ (key != NULL) ? key : "(null)",

+ (table != NULL) ? table : "(null)",

+ (size >= 1) ? attributes[0] : "(null)",

+ size);

+

+ lua.lua_key = key;

+ lua.lua_table = table;

+ lua.lua_attributes = attributes;

+ lua.lua_results = results;

+ lua.lua_size = size;

+ lua.lua_naming_attribute = NULL;

+

+ lua.lua_map = table2map (table);

+ if (lua.lua_map == LM_NONE)

+ {

+ errno = ENOSYS;

+ debug ("<== _nss_ldap_getentry (no such map)");

+ return -1;

+ }

+

+ lua.lua__buffer = NULL;

+ lua.lua__bufsiz = 0;

+ lua.lua__buflen = 0;

+

+ ap = key2filter (key, lua.lua_map, &a, &filter);

+ if (ap == NULL) /* enumeration */

+ {

+ const char **attrs;

+

+ if (size != 1)

+ {

+ errno = EINVAL;

+ debug ("<== _nss_ldap_getentry (size != 1)");

+ return -1;

+ }

+

+ debug (":== _nss_ldap_getentry filter=%s attribute=%s",

+ filter, lua.lua_attributes[0]);

+

+ lua.lua__bufsiz = NSS_BUFSIZ;

+ lua.lua__buflen = lua.lua__bufsiz;

+ lua.lua__buffer = results[0].attr_un.au_char = malloc (lua.lua__bufsiz);

+ if (lua.lua__buffer == NULL)

+ {

+ errno = ENOMEM;

+ debug ("<== _nss_ldap_getentry (no memory)");

+ return -1;

+ }

+ results[0].attr_flag = -1;

+

+ /* just request the naming attributes */

+ attrs = _nss_ldap_get_attributes (lua.lua_map);

+ if (attrs == NULL || attrs[0] == NULL)

+ {

+ errno = ENOENT;

+ debug ("<== _nss_ldap_getentry (could not read schema)");

+ return -1;

+ }

+

+ lua.lua_naming_attribute = attrs[0];

+ namingAttributes[0] = lua.lua_naming_attribute;

+ namingAttributes[1] = NULL;

+ }

+ else

+ {

+ /* Check at least one attribute is mapped before searching */

+ int i, found = 0;

+

+ for (i = 0; i < size; i++)

+ {

+ if (uess2ldapattr (lua.lua_map, lua.lua_attributes[i]) != NULL)

+ {

+ found++;

+ break;

+ }

+ }

+

+ if (!found)

+ {

+ errno = ENOENT;

+ debug ("<== _nss_ldap_getentry (no mappable attribute requested)");

+ return -1;

+ }

+ }

+

+ _nss_ldap_enter ();

+ if (_nss_ldap_ent_context_init_locked (&ctx) == NULL)

+ {

+ _nss_ldap_leave ();

+ if (results[0].attr_un.au_char != NULL)

+ free (results[0].attr_un.au_char);

+ errno = ENOMEM;

+ debug ("<== _nss_ldap_getentry (ent_context_init failed)");

+ return -1;

+ }

+

+ stat = _nss_ldap_getent_ex (ap, &ctx, (void *) &lua, NULL, 0,

+ &erange, filter, lua.lua_map,

+ (ap == NULL) ? namingAttributes : NULL,

+ do_parse_uess_getentry);

+

+ _nss_ldap_ent_context_release (ctx);

+ free (ctx);

+ _nss_ldap_leave ();

+

+ /*

+ * Whilst enumerating, we have the parser always return

+ * NSS_NOTFOUND so that it will be called for each entry.

+ *

+ * Although this is probably bogus overloading of the

+ * _nss_ldap_getent_ex() API, it does allow us to share

+ * the same code for matches and enumerations. However,

+ * for the enumeration case we need to treat NSS_NOTFOUND

+ * as a success code; hence, we use the attr_flag to

+ * indicate failure.

+ */

+ if (ap == NULL)

+ {

+ if (stat == NSS_NOTFOUND && results[0].attr_flag == 0)

+ stat = NSS_SUCCESS;

+ }

+

+ if (stat != NSS_SUCCESS)

+ {

+ if (stat == NSS_TRYAGAIN)

+ errno = ERANGE;

+ else

+ errno = ENOENT;

+

+ debug ("<== _nss_ldap_getentry (failed with stat=%d)", stat);

+ return -1;

+ }

+

+ debug ("<== _nss_ldap_getentry (success)");

+ return AUTH_SUCCESS;

+}

+

+/*

+ *

+ */

+static NSS_STATUS

+uess_get_pwuid(const char *user, uid_t *uid)

+{

+ char **vals;

+ LDAPMessage *res, *e;

+ const char *attrs[2];

+ NSS_STATUS stat;

+ ldap_args_t a;

+

+ LA_INIT (a);

+ LA_TYPE (a) = LA_TYPE_STRING;

+ LA_STRING (a) = user;

+

+ attrs[0] = ATM (LM_PASSWD, uidNumber);

+ attrs[1] = NULL;

+

+ stat = _nss_ldap_search_s (&a, _nss_ldap_filt_getpwuid, LM_PASSWD,

+ attrs, 1, &res);

+ if (stat != NSS_SUCCESS)

+ return stat;

+

+ e = _nss_ldap_first_entry (res);

+ if (e == NULL)

+ {

+ ldap_msgfree (res);

+ return NSS_NOTFOUND;

+ }

+

+ vals = _nss_ldap_get_values (e, attrs[0]);

+ if (vals == NULL)

+ {

+ ldap_msgfree (res);

+ return NSS_NOTFOUND;

+ }

+

+ if (vals[0] == NULL || (vals[0])[0] == '\0')

+ {

+ ldap_value_free (vals);

+ ldap_msgfree (res);

+ return NSS_NOTFOUND;

+ }

+

+ *uid = atoi(vals[0]);

+

+ ldap_value_free (vals);

+ ldap_msgfree (res);

+

+ return NSS_SUCCESS;

+}

+

+/*

+ * Get membership for a group

+ */

+static int

+_nss_ldap_getgrusers (char *group, void *result, int type, int *size)

+{

+ struct group *gr;

+ struct irs_gr *be;

+ char **memp;

+ size_t i;

+

+ be = (struct irs_gr *) gr_pvtinit ();

+ if (be == NULL)

+ {

+ errno = ENOSYS;

+ return -1;

+ }

+

+ gr = (be->byname) (be, group);

+ if (gr == NULL)

+ {

+ (be->close) (be);

+ errno = ENOENT;

+ return -1;

+ }

+

+ if (gr->gr_mem == NULL)

+ {

+ (be->close) (be);

+ *size = 0;

+ return 0;

+ }

+

+ for (i = 0; gr->gr_mem[i] != NULL; i++)

+ ;

+

+ if (i > *size)

+ {

+ (be->close) (be);

+ *size = i;

+ errno = ERANGE;

+ return -1;

+ }

+

+ _nss_ldap_enter ();

+

+ for (i = 0, memp = gr->gr_mem; *memp != NULL; memp++)

+ {

+ if (type == SEC_INT)

+ {

+ if (uess_get_pwuid(*memp, &(((uid_t *)result)[i])) != NSS_SUCCESS)

+ continue;

+ }

+ else

+ {

+ ((char **)result)[i] = strdup(*memp);

+ if (((char **)result)[i] == NULL)

+ {

+ _nss_ldap_leave ();

+ (be->close) (be);

+ errno = ENOMEM;

+ return -1;

+ }

+ }

+ i++;

+ }

+

+ _nss_ldap_leave ();

+

+ *size = i;

+

+ (be->close) (be);

+

+ return AUTH_SUCCESS;

+}

+

+#if 0

+/*

+ * Additional attributes supported

+ */

+static attrlist_t **

+_nss_ldap_attrlist(void)

+{

+ attrlist_t **a;

+

+ a = malloc(2 * sizeof(attrlist_t *) + sizeof(attrlist_t));

+ if (a == NULL)

+ {

+ errno = ENOMEM;

+ return NULL;

+ }

+

+ a[0] = (attrlist_t *)(a + 2);

+

+ a[0]->al_name = strdup(S_LDAPDN);

+ a[0]->al_flags = AL_USERATTR;

+ a[0]->al_type = SEC_CHAR;

+

+ a[1] = NULL;

+

+ return a;

+}

+#endif /* notdef */

+

+#if 0

+/* not implemented yet */

+static int

+_nss_ldap_normalize (char *longname, char *shortname)

+{

+}

+#endif

+

+int

+nss_ldap_initialize (struct secmethod_table *meths)

+{

+ memset (meths, 0, sizeof (*meths));

+

+ /* Initialize schema */

+ (void) _nss_ldap_init();

+

+ /* Identification methods */

+ meths->method_getpwnam = _nss_ldap_getpwnam;

+ meths->method_getpwuid = _nss_ldap_getpwuid;

+ meths->method_getgrnam = _nss_ldap_getgrnam;

+ meths->method_getgrgid = _nss_ldap_getgrgid;

+ meths->method_getgrset = _nss_ldap_getgrset;

+ meths->method_getentry = _nss_ldap_getentry;

+/* meths->method_attrlist = _nss_ldap_attrlist; */

+ meths->method_getgrusers = _nss_ldap_getgrusers;

+/* meths->method_normalize = _nss_ldap_normalize; */

+ meths->method_getgracct = _nss_ldap_getgracct;

+ meths->method_getpasswd = _nss_ldap_getpasswd;

+

+ /* Support methods */

+ meths->method_open = _nss_ldap_uess_open;

+ meths->method_close = _nss_ldap_uess_close;

+

+ /* Authentication methods */

+ meths->method_authenticate = _nss_ldap_authenticate;

+

+ return AUTH_SUCCESS;

+}

+

+#endif /* HAVE_USERSEC_H */

+#!/bin/sh

+aclocal14

+automake14

+autoheader213

+autoconf213

+#!/bin/sh

+#ident $Id: certutil,v 2.2 2001/05/27 12:16:31 lukeh Exp $

+#

+# certutil -- manage trusted X.509 certificates

+# inspired by Netscape PKCS #11 toolkit

+# contributed by Jarkko Turkulainen <jt@wapit.com>

+#

+#

+# INTRODUCTION

+#

+# certutil can be used with various OpenSSL routines and tools

+# that utilize OpenSSL. Example:

+#

+# $ openssl s_client -CApath certdir

+#

+# where certdir is a directory created by certutil. Other well known

+# programs that use the same format are stunnel, sendmail and pam_ldap

+#

+#

+#

+# HOWTO

+#

+# 1. Initialize certificate database

+#

+# Simply by adding a new certificate. If the certificate directory

+# doesn't exist, the script asks for creating a one. Example:

+#

+# $ certutil -a -n "First Cert" -i cert.pem -d /home/jt/mycerts

+# ./certutil: cannot access /home/jt/mycerts, create? [y/N] y

+#

+#

+# 2. Add new certificate

+#

+# $ certutil -a -n "My Cert" -i cert.pem [-d certdir]

+#

+# Note that nickname (-n) must exist. certdir is optional - if it's

+# not given, $PWD is used. The directory must have a file named certs.dat.

+# If that file doesn't exist, the script refuses to do anything. If your

+# certs.dat file is corrupted, "rm -rf" the whole dir and start from

+# the scratch. cert.pem is the actual sertificate.

+#

+# 3. Delete certificate

+#

+# $ certutil -r -n "My Cert" [-d certdir]

+#

+# This command removes the certificate named "My Cert". certdir is

+# optional, see 2.

+#

+# 4. List sertificates

+#

+# $ certutil -l [-d certdir]

+#

+# And again, certdir is optional.

+#

+# 5. View certificate properties

+#

+# $ certutil -v -n "My Cert" [-d certdir]

+#

+#

+

+

+# Print usage

+usage() {

+ cat << EOF

+

+Usage: $0 -l [-d dir]

+ -a -n name -i file [-d dir]

+ -r -n name [-d dir]

+ -v -n name [-d dir]

+

+ Commands:

+ -l -- List sertificates (requires a valid dir)

+ -a -- Add sertificate and create dir if necessary

+ -r -- Remove sertificate (requires a valid dir)

+ -v -- View sertificate (requires a valid dir)

+

+ Parameters:

+ dir -- Certificate directory, or \$PWD if not given

+ name -- Nickname of the certificate

+ file -- Certificate file in PEM format

+

+EOF

+ exit 1

+}

+

+# Check path

+check_path() {

+

+ # check the directory

+ if [ ! -d $CDIR -a $ADD -eq 1 ]; then

+ echo -n "$0: cannot access $CDIR, create? [y/N] "

+ read LINE

+ case $LINE in

+ y|Y)

+ mkdir $CDIR

+ chmod 700 $CDIR

+ touch $CDIR/certs.dat

+ chmod 600 $CDIR/certs.dat

+ ;;

+ *)

+ exit 1

+ ;;

+ esac

+ fi

+

+ # check certs.dat

+ if [ ! -e $CDIR/certs.dat ]; then

+ echo "$0: please specify a valid cert directory"

+ exit 1

+ fi

+}

+

+# Add certificates

+add_cert() {

+ check_path

+ if [ ! -e $FILE ]; then

+ echo "$0: cannot find $FILE"

+ exit 1

+ fi

+ HASH=`openssl x509 -in $FILE -hash -noout 2>/dev/null`.0

+ if [ $? -ne 0 ]; then

+ echo "$0: unable to load certificate $FILE"

+ exit 1

+ fi

+

+ if grep "^$CNAME|" $CDIR/certs.dat 1>/dev/null 2>&1; then

+ echo "$0: nickname already in use"

+ exit 1

+ fi

+

+ if [ -e $CDIR/$HASH ]; then

+ echo "$0: certificate already in directory"

+ echo `openssl x509 -in $CDIR/$HASH -subject -noout`

+ exit 1

+ else

+ cp $FILE $CDIR/$HASH

+ chmod 600 $CDIR/$HASH

+ echo "$CNAME|$HASH" >> $CDIR/certs.dat

+ chmod 600 $CDIR/certs.dat

+ fi

+

+}

+

+# List certificates

+#

+# (this is too slow...)

+#

+list_cert() {

+ check_path

+ echo

+ echo "Certificates in directory $CDIR"

+ echo

+ printf "%-30s%s\n" nickname subject/issuer

+ echo "----------------------------------------------------------------------------"

+ cat $CDIR/certs.dat | while read LINE; do

+ NICK=`echo $LINE | cut -d "|" -f 1`

+ HASH=`echo $LINE | cut -d "|" -f 2`

+ SUBJECT=`openssl x509 -in $CDIR/$HASH -subject -noout`

+ ISSUER=`openssl x509 -in $CDIR/$HASH -issuer -noout`

+ printf "%-30s%s\n" "$NICK" "$SUBJECT"

+ printf "%-30s%s\n\n" "" "$ISSUER"

+

+ done

+}

+

+# Remove certificates

+remove_cert() {

+ check_path

+ (

+ cat $CDIR/certs.dat | while read LINE; do

+ NICK=`echo $LINE | cut -d "|" -f 1`

+ HASH=`echo $LINE | cut -d "|" -f 2`

+ if [ "$CNAME" = "$NICK" ]; then

+ rm $CDIR/$HASH

+ else

+ echo $LINE

+ fi

+ done

+ ) > /tmp/$$

+ mv /tmp/$$ $CDIR/certs.dat

+ chmod 600 $CDIR/certs.dat

+}

+

+# View certificate

+view_cert() {

+ check_path

+ cat $CDIR/certs.dat | while read LINE; do

+ NICK=`echo $LINE | cut -d "|" -f 1`

+ HASH=`echo $LINE | cut -d "|" -f 2`

+ if [ "$CNAME" = "$NICK" ]; then

+ openssl x509 -in $CDIR/$HASH -text

+ return 1

+ fi

+ done

+}

+

+# Parse option string

+ADD=0

+REMOVE=0

+LIST=0

+VIEW=0

+while getopts "arlvd:n:i:" OPT; do

+ case $OPT in

+ a)

+ ADD=1

+ ;;

+ r)

+ REMOVE=1

+ ;;

+ l)

+ LIST=1

+ ;;

+ v)

+ VIEW=1

+ ;;

+ d)

+ CDIR=$OPTARG

+ ;;

+ n)

+ CNAME=$OPTARG

+ ;;

+ i)

+ FILE=$OPTARG

+ ;;

+ *)

+ usage

+ ;;

+ esac

+done

+

+# Default options

+CDIR=${CDIR:=.}

+

+# Check command line options

+if [ $ADD -eq 1 -a $REMOVE -eq 0 -a $LIST -eq 0 -a $VIEW -eq 0 ]; then

+ if [ -n "$CNAME" -a -n "$FILE" ]; then

+ add_cert

+ else

+ echo "$0: missing certificate name or file"

+ usage

+ fi

+elif [ $REMOVE -eq 1 -a $ADD -eq 0 -a $LIST -eq 0 -a $VIEW -eq 0 ]; then

+ if [ -n "$CNAME" ]; then

+ remove_cert

+ else

+ echo "$0: missing certificate name"

+ usage

+ fi

+elif [ $LIST -eq 1 -a $ADD -eq 0 -a $REMOVE -eq 0 -a $VIEW -eq 0 ]; then

+ list_cert

+elif [ $VIEW -eq 1 -a $ADD -eq 0 -a $REMOVE -eq 0 -a $LIST -eq 0 ]; then

+ if [ -n "$CNAME" ]; then

+ if view_cert; then

+ echo "$0: cert named \"$CNAME\" not found"

+ exit 1

+ fi

+ else

+ echo "$0: missing certificate name"

+ usage

+ fi

+else

+ usage

+fi

+#! /bin/sh

+# Attempt to guess a canonical system name.

+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,

+# 2000, 2001, 2002 Free Software Foundation, Inc.

+# Portions Copyright 1998-2002 OpenLDAP Foundation.

+

+timestamp='2002-01-30'

+

+# This file is free software; you can redistribute it and/or modify it

+# under the terms of the GNU General Public License as published by

+# the Free Software Foundation; either version 2 of the License, or

+# (at your option) any later version.

+#

+# This program is distributed in the hope that it will be useful, but

+# WITHOUT ANY WARRANTY; without even the implied warranty of

+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

+# General Public License for more details.

+#

+# You should have received a copy of the GNU General Public License

+# along with this program; if not, write to the Free Software

+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

+#

+# As a special exception to the GNU General Public License, if you

+# distribute this file as part of a program that contains a

+# configuration script generated by Autoconf, you may include it under

+# the same distribution terms that you use for the rest of that program.

+

+# This file is distributed with OpenLDAP Software, which contains a

+# configuration script generated by Autoconf, and is distributable

+# under the same distributions terms as OpenLDAP inself.

+# See the OpenLDAP COPYRIGHT and LICENSE file for details.

+# $OpenLDAP: pkg/ldap/build/config.guess,v 1.11 2002/02/11 05:45:59 kurt Exp $

+

+# Originally written by Per Bothner <per@bothner.com>.

+# Please send patches to <config-patches@gnu.org>. Submit a context

+# diff and a properly formatted ChangeLog entry.

+#

+# This script attempts to guess a canonical system name similar to

+# config.sub. If it succeeds, it prints the system name on stdout, and

+# exits with 0. Otherwise, it exits with 1.

+#

+# The plan is that this can be called by configure scripts if you

+# don't specify an explicit build system type.

+

+me=`echo "$0" | sed -e 's,.*/,,'`

+

+usage="\

+Usage: $0 [OPTION]

+

+Output the configuration name of the system \`$me' is run on.

+

+Operation modes:

+ -h, --help print this help, then exit

+ -t, --time-stamp print date of last modification, then exit

+ -v, --version print version number, then exit

+

+Report bugs and patches to <config-patches@gnu.org>."

+

+version="\

+GNU config.guess ($timestamp)

+

+Originally written by Per Bothner.

+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001

+Free Software Foundation, Inc.

+

+This is free software; see the source for copying conditions. There is NO

+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."

+

+help="

+Try \`$me --help' for more information."

+

+# Parse command line

+while test $# -gt 0 ; do

+ case $1 in

+ --time-stamp | --time* | -t )

+ echo "$timestamp" ; exit 0 ;;

+ --version | -v )

+ echo "$version" ; exit 0 ;;

+ --help | --h* | -h )

+ echo "$usage"; exit 0 ;;

+ -- ) # Stop option processing

+ shift; break ;;

+ - ) # Use stdin as input.

+ break ;;

+ -* )

+ echo "$me: invalid option $1$help" >&2

+ exit 1 ;;

+ * )

+ break ;;

+ esac

+done

+

+if test $# != 0; then

+ echo "$me: too many arguments$help" >&2

+ exit 1

+fi

+

+

+dummy=dummy-$$

+trap 'rm -f $dummy.c $dummy.o $dummy.rel $dummy; exit 1' 1 2 15

+

+# CC_FOR_BUILD -- compiler used by this script.

+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still

+# use `HOST_CC' if defined, but it is deprecated.

+

+set_cc_for_build='case $CC_FOR_BUILD,$HOST_CC,$CC in

+ ,,) echo "int dummy(){}" > $dummy.c ;

+ for c in cc gcc c89 ; do

+ ($c $dummy.c -c -o $dummy.o) >/dev/null 2>&1 ;

+ if test $? = 0 ; then

+ CC_FOR_BUILD="$c"; break ;

+ fi ;

+ done ;

+ rm -f $dummy.c $dummy.o $dummy.rel ;

+ if test x"$CC_FOR_BUILD" = x ; then

+ CC_FOR_BUILD=no_compiler_found ;

+ fi

+ ;;

+ ,,*) CC_FOR_BUILD=$CC ;;

+ ,*,*) CC_FOR_BUILD=$HOST_CC ;;

+esac'

+

+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.

+# (ghazi@noc.rutgers.edu 1994-08-24)

+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then

+ PATH=$PATH:/.attbin ; export PATH

+fi

+

+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown

+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown

+UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown

+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown

+

+# Note: order is significant - the case branches are not exclusive.

+

+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in

+ *:NetBSD:*:*)

+ # NetBSD (nbsd) targets should (where applicable) match one or

+ # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,

+ # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently

+ # switched to ELF, *-*-netbsd* would select the old

+ # object file format. This provides both forward

+ # compatibility and a consistent mechanism for selecting the

+ # object file format.

+ #

+ # Note: NetBSD doesn't particularly care about the vendor

+ # portion of the name. We always set it to "unknown".

+ UNAME_MACHINE_ARCH=`(uname -p) 2>/dev/null` || \

+ UNAME_MACHINE_ARCH=unknown

+ case "${UNAME_MACHINE_ARCH}" in

+ arm*) machine=arm-unknown ;;

+ sh3el) machine=shl-unknown ;;

+ sh3eb) machine=sh-unknown ;;

+ *) machine=${UNAME_MACHINE_ARCH}-unknown ;;

+ esac

+ # The Operating System including object format, if it has switched

+ # to ELF recently, or will in the future.

+ case "${UNAME_MACHINE_ARCH}" in

+ arm*|i386|m68k|ns32k|sh3*|sparc|vax)

+ eval $set_cc_for_build

+ if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \

+ | grep __ELF__ >/dev/null

+ then

+ # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).

+ # Return netbsd for either. FIX?

+ os=netbsd

+ else

+ os=netbsdelf

+ fi

+ ;;

+ *)

+ os=netbsd

+ ;;

+ esac

+ # The OS release

+ release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`

+ # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:

+ # contains redundant information, the shorter form:

+ # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.

+ echo "${machine}-${os}${release}"

+ exit 0 ;;

+ amiga:OpenBSD:*:*)

+ echo m68k-unknown-openbsd${UNAME_RELEASE}

+ exit 0 ;;

+ arc:OpenBSD:*:*)

+ echo mipsel-unknown-openbsd${UNAME_RELEASE}

+ exit 0 ;;

+ hp300:OpenBSD:*:*)

+ echo m68k-unknown-openbsd${UNAME_RELEASE}

+ exit 0 ;;

+ mac68k:OpenBSD:*:*)

+ echo m68k-unknown-openbsd${UNAME_RELEASE}

+ exit 0 ;;

+ macppc:OpenBSD:*:*)

+ echo powerpc-unknown-openbsd${UNAME_RELEASE}

+ exit 0 ;;

+ mvme68k:OpenBSD:*:*)

+ echo m68k-unknown-openbsd${UNAME_RELEASE}

+ exit 0 ;;

+ mvme88k:OpenBSD:*:*)

+ echo m88k-unknown-openbsd${UNAME_RELEASE}

+ exit 0 ;;

+ mvmeppc:OpenBSD:*:*)

+ echo powerpc-unknown-openbsd${UNAME_RELEASE}

+ exit 0 ;;

+ pmax:OpenBSD:*:*)

+ echo mipsel-unknown-openbsd${UNAME_RELEASE}

+ exit 0 ;;

+ sgi:OpenBSD:*:*)

+ echo mipseb-unknown-openbsd${UNAME_RELEASE}

+ exit 0 ;;

+ sun3:OpenBSD:*:*)

+ echo m68k-unknown-openbsd${UNAME_RELEASE}

+ exit 0 ;;

+ wgrisc:OpenBSD:*:*)

+ echo mipsel-unknown-openbsd${UNAME_RELEASE}

+ exit 0 ;;

+ *:OpenBSD:*:*)

+ echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE}

+ exit 0 ;;

+ alpha:OSF1:*:*)

+ if test $UNAME_RELEASE = "V4.0"; then

+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`

+ fi

+ # A Vn.n version is a released version.

+ # A Tn.n version is a released field test version.

+ # A Xn.n version is an unreleased experimental baselevel.

+ # 1.2 uses "1.2" for uname -r.

+ cat <<EOF >$dummy.s

+ .data

+\$Lformat:

+ .byte 37,100,45,37,120,10,0 # "%d-%x\n"

+

+ .text

+ .globl main

+ .align 4

+ .ent main

+main:

+ .frame \$30,16,\$26,0

+ ldgp \$29,0(\$27)

+ .prologue 1

+ .long 0x47e03d80 # implver \$0

+ lda \$2,-1

+ .long 0x47e20c21 # amask \$2,\$1

+ lda \$16,\$Lformat

+ mov \$0,\$17

+ not \$1,\$18

+ jsr \$26,printf

+ ldgp \$29,0(\$26)

+ mov 0,\$16

+ jsr \$26,exit

+ .end main

+EOF

+ eval $set_cc_for_build

+ $CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null

+ if test "$?" = 0 ; then

+ case `./$dummy` in

+ 0-0)

+ UNAME_MACHINE="alpha"

+ ;;

+ 1-0)

+ UNAME_MACHINE="alphaev5"

+ ;;

+ 1-1)

+ UNAME_MACHINE="alphaev56"

+ ;;

+ 1-101)

+ UNAME_MACHINE="alphapca56"

+ ;;

+ 2-303)

+ UNAME_MACHINE="alphaev6"

+ ;;

+ 2-307)

+ UNAME_MACHINE="alphaev67"

+ ;;

+ 2-1307)

+ UNAME_MACHINE="alphaev68"

+ ;;

+ esac

+ fi

+ rm -f $dummy.s $dummy

+ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`

+ exit 0 ;;

+ Alpha\ *:Windows_NT*:*)

+ # How do we know it's Interix rather than the generic POSIX subsystem?

+ # Should we change UNAME_MACHINE based on the output of uname instead

+ # of the specific Alpha model?

+ echo alpha-pc-interix

+ exit 0 ;;

+ 21064:Windows_NT:50:3)

+ echo alpha-dec-winnt3.5

+ exit 0 ;;

+ Amiga*:UNIX_System_V:4.0:*)

+ echo m68k-unknown-sysv4

+ exit 0;;

+ *:[Aa]miga[Oo][Ss]:*:*)

+ echo ${UNAME_MACHINE}-unknown-amigaos

+ exit 0 ;;

+ *:[Mm]orph[Oo][Ss]:*:*)

+ echo ${UNAME_MACHINE}-unknown-morphos

+ exit 0 ;;

+ *:OS/390:*:*)

+ echo i370-ibm-openedition

+ exit 0 ;;

+ arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)

+ echo arm-acorn-riscix${UNAME_RELEASE}

+ exit 0;;

+ SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)

+ echo hppa1.1-hitachi-hiuxmpp

+ exit 0;;

+ Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)

+ # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.

+ if test "`(/bin/universe) 2>/dev/null`" = att ; then

+ echo pyramid-pyramid-sysv3

+ else

+ echo pyramid-pyramid-bsd

+ fi

+ exit 0 ;;

+ NILE*:*:*:dcosx)

+ echo pyramid-pyramid-svr4

+ exit 0 ;;

+ sun4H:SunOS:5.*:*)

+ echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`

+ exit 0 ;;

+ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)

+ echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`

+ exit 0 ;;

+ i86pc:SunOS:5.*:*)

+ echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`

+ exit 0 ;;

+ sun4*:SunOS:6*:*)

+ # According to config.sub, this is the proper way to canonicalize

+ # SunOS6. Hard to guess exactly what SunOS6 will be like, but

+ # it's likely to be more like Solaris than SunOS4.

+ echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`

+ exit 0 ;;

+ sun4*:SunOS:*:*)

+ case "`/usr/bin/arch -k`" in

+ Series*|S4*)

+ UNAME_RELEASE=`uname -v`

+ ;;

+ esac

+ # Japanese Language versions have a version number like `4.1.3-JL'.

+ echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`

+ exit 0 ;;

+ sun3*:SunOS:*:*)

+ echo m68k-sun-sunos${UNAME_RELEASE}

+ exit 0 ;;

+ sun*:*:4.2BSD:*)

+ UNAME_RELEASE=`(head -1 /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`

+ test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3

+ case "`/bin/arch`" in

+ sun3)

+ echo m68k-sun-sunos${UNAME_RELEASE}

+ ;;

+ sun4)

+ echo sparc-sun-sunos${UNAME_RELEASE}

+ ;;

+ esac

+ exit 0 ;;

+ aushp:SunOS:*:*)

+ echo sparc-auspex-sunos${UNAME_RELEASE}

+ exit 0 ;;

+ # The situation for MiNT is a little confusing. The machine name

+ # can be virtually everything (everything which is not

+ # "atarist" or "atariste" at least should have a processor

+ # > m68000). The system name ranges from "MiNT" over "FreeMiNT"

+ # to the lowercase version "mint" (or "freemint"). Finally

+ # the system name "TOS" denotes a system which is actually not

+ # MiNT. But MiNT is downward compatible to TOS, so this should

+ # be no problem.

+ atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)

+ echo m68k-atari-mint${UNAME_RELEASE}

+ exit 0 ;;

+ atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)

+ echo m68k-atari-mint${UNAME_RELEASE}

+ exit 0 ;;

+ *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)

+ echo m68k-atari-mint${UNAME_RELEASE}

+ exit 0 ;;

+ milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)

+ echo m68k-milan-mint${UNAME_RELEASE}

+ exit 0 ;;

+ hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)

+ echo m68k-hades-mint${UNAME_RELEASE}

+ exit 0 ;;

+ *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)

+ echo m68k-unknown-mint${UNAME_RELEASE}

+ exit 0 ;;

+ powerpc:machten:*:*)

+ echo powerpc-apple-machten${UNAME_RELEASE}

+ exit 0 ;;

+ RISC*:Mach:*:*)

+ echo mips-dec-mach_bsd4.3

+ exit 0 ;;

+ RISC*:ULTRIX:*:*)

+ echo mips-dec-ultrix${UNAME_RELEASE}

+ exit 0 ;;

+ VAX*:ULTRIX*:*:*)

+ echo vax-dec-ultrix${UNAME_RELEASE}

+ exit 0 ;;

+ 2020:CLIX:*:* | 2430:CLIX:*:*)

+ echo clipper-intergraph-clix${UNAME_RELEASE}

+ exit 0 ;;

+ mips:*:*:UMIPS | mips:*:*:RISCos)

+ eval $set_cc_for_build

+ sed 's/^ //' << EOF >$dummy.c

+#ifdef __cplusplus

+#include <stdio.h> /* for printf() prototype */

+ int main (int argc, char *argv[]) {

+#else

+ int main (argc, argv) int argc; char *argv[]; {

+#endif

+ #if defined (host_mips) && defined (MIPSEB)

+ #if defined (SYSTYPE_SYSV)

+ printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);

+ #endif

+ #if defined (SYSTYPE_SVR4)

+ printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);

+ #endif

+ #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)

+ printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);

+ #endif

+ #endif

+ exit (-1);

+ }

+EOF

+ $CC_FOR_BUILD $dummy.c -o $dummy \

+ && ./$dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \

+ && rm -f $dummy.c $dummy && exit 0

+ rm -f $dummy.c $dummy

+ echo mips-mips-riscos${UNAME_RELEASE}

+ exit 0 ;;

+ Motorola:PowerMAX_OS:*:*)

+ echo powerpc-motorola-powermax

+ exit 0 ;;

+ Night_Hawk:Power_UNIX:*:*)

+ echo powerpc-harris-powerunix

+ exit 0 ;;

+ m88k:CX/UX:7*:*)

+ echo m88k-harris-cxux7

+ exit 0 ;;

+ m88k:*:4*:R4*)

+ echo m88k-motorola-sysv4

+ exit 0 ;;

+ m88k:*:3*:R3*)

+ echo m88k-motorola-sysv3

+ exit 0 ;;

+ AViiON:dgux:*:*)

+ # DG/UX returns AViiON for all architectures

+ UNAME_PROCESSOR=`/usr/bin/uname -p`

+ if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]

+ then

+ if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \

+ [ ${TARGET_BINARY_INTERFACE}x = x ]

+ then

+ echo m88k-dg-dgux${UNAME_RELEASE}

+ else

+ echo m88k-dg-dguxbcs${UNAME_RELEASE}

+ fi

+ else

+ echo i586-dg-dgux${UNAME_RELEASE}

+ fi

+ exit 0 ;;

+ M88*:DolphinOS:*:*) # DolphinOS (SVR3)

+ echo m88k-dolphin-sysv3

+ exit 0 ;;

+ M88*:*:R3*:*)

+ # Delta 88k system running SVR3

+ echo m88k-motorola-sysv3

+ exit 0 ;;

+ XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)

+ echo m88k-tektronix-sysv3

+ exit 0 ;;

+ Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)

+ echo m68k-tektronix-bsd

+ exit 0 ;;

+ *:IRIX*:*:*)

+ echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`

+ exit 0 ;;

+ ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.

+ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id

+ exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX '

+ i*86:AIX:*:*)

+ echo i386-ibm-aix

+ exit 0 ;;

+ ia64:AIX:*:*)

+ if [ -x /usr/bin/oslevel ] ; then

+ IBM_REV=`/usr/bin/oslevel`

+ else

+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}

+ fi

+ echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}

+ exit 0 ;;

+ *:AIX:2:3)

+ if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then

+ eval $set_cc_for_build

+ sed 's/^ //' << EOF >$dummy.c

+ #include <sys/systemcfg.h>

+

+ main()

+ {

+ if (!__power_pc())

+ exit(1);

+ puts("powerpc-ibm-aix3.2.5");

+ exit(0);

+ }

+EOF

+ $CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0

+ rm -f $dummy.c $dummy

+ echo rs6000-ibm-aix3.2.5

+ elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then

+ echo rs6000-ibm-aix3.2.4

+ else

+ echo rs6000-ibm-aix3.2

+ fi

+ exit 0 ;;

+ *:AIX:*:[45])

+ IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | head -1 | awk '{ print $1 }'`

+ if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then

+ IBM_ARCH=rs6000

+ else

+ IBM_ARCH=powerpc

+ fi

+ if [ -x /usr/bin/oslevel ] ; then

+ IBM_REV=`/usr/bin/oslevel`

+ else

+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}

+ fi

+ echo ${IBM_ARCH}-ibm-aix${IBM_REV}

+ exit 0 ;;

+ *:AIX:*:*)

+ echo rs6000-ibm-aix

+ exit 0 ;;

+ ibmrt:4.4BSD:*|romp-ibm:BSD:*)

+ echo romp-ibm-bsd4.4

+ exit 0 ;;

+ ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and

+ echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to

+ exit 0 ;; # report: romp-ibm BSD 4.3

+ *:BOSX:*:*)

+ echo rs6000-bull-bosx

+ exit 0 ;;

+ DPX/2?00:B.O.S.:*:*)

+ echo m68k-bull-sysv3

+ exit 0 ;;

+ 9000/[34]??:4.3bsd:1.*:*)

+ echo m68k-hp-bsd

+ exit 0 ;;

+ hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)

+ echo m68k-hp-bsd4.4

+ exit 0 ;;

+ 9000/[34678]??:HP-UX:*:*)

+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`

+ case "${UNAME_MACHINE}" in

+ 9000/31? ) HP_ARCH=m68000 ;;

+ 9000/[34]?? ) HP_ARCH=m68k ;;

+ 9000/[678][0-9][0-9])

+ if [ -x /usr/bin/getconf ]; then

+ sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`

+ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`

+ case "${sc_cpu_version}" in

+ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0

+ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1

+ 532) # CPU_PA_RISC2_0

+ case "${sc_kernel_bits}" in

+ 32) HP_ARCH="hppa2.0n" ;;

+ 64) HP_ARCH="hppa2.0w" ;;

+ '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20

+ esac ;;

+ esac

+ fi

+ if [ "${HP_ARCH}" = "" ]; then

+ eval $set_cc_for_build

+ sed 's/^ //' << EOF >$dummy.c

+

+ #define _HPUX_SOURCE

+ #include <stdlib.h>

+ #include <unistd.h>

+

+ int main ()

+ {

+ #if defined(_SC_KERNEL_BITS)

+ long bits = sysconf(_SC_KERNEL_BITS);

+ #endif

+ long cpu = sysconf (_SC_CPU_VERSION);

+

+ switch (cpu)

+ {

+ case CPU_PA_RISC1_0: puts ("hppa1.0"); break;

+ case CPU_PA_RISC1_1: puts ("hppa1.1"); break;

+ case CPU_PA_RISC2_0:

+ #if defined(_SC_KERNEL_BITS)

+ switch (bits)

+ {

+ case 64: puts ("hppa2.0w"); break;

+ case 32: puts ("hppa2.0n"); break;

+ default: puts ("hppa2.0"); break;

+ } break;

+ #else /* !defined(_SC_KERNEL_BITS) */

+ puts ("hppa2.0"); break;

+ #endif

+ default: puts ("hppa1.0"); break;

+ }

+ exit (0);

+ }

+EOF

+ (CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null) && HP_ARCH=`./$dummy`

+ if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi

+ rm -f $dummy.c $dummy

+ fi ;;

+ esac

+ echo ${HP_ARCH}-hp-hpux${HPUX_REV}

+ exit 0 ;;

+ ia64:HP-UX:*:*)

+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`

+ echo ia64-hp-hpux${HPUX_REV}

+ exit 0 ;;

+ 3050*:HI-UX:*:*)

+ eval $set_cc_for_build

+ sed 's/^ //' << EOF >$dummy.c

+ #include <unistd.h>

+ int

+ main ()

+ {

+ long cpu = sysconf (_SC_CPU_VERSION);

+ /* The order matters, because CPU_IS_HP_MC68K erroneously returns

+ true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct

+ results, however. */

+ if (CPU_IS_PA_RISC (cpu))

+ {

+ switch (cpu)

+ {

+ case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;

+ case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;

+ case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;

+ default: puts ("hppa-hitachi-hiuxwe2"); break;

+ }

+ }

+ else if (CPU_IS_HP_MC68K (cpu))

+ puts ("m68k-hitachi-hiuxwe2");

+ else puts ("unknown-hitachi-hiuxwe2");

+ exit (0);

+ }

+EOF

+ $CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0

+ rm -f $dummy.c $dummy

+ echo unknown-hitachi-hiuxwe2

+ exit 0 ;;

+ 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )

+ echo hppa1.1-hp-bsd

+ exit 0 ;;

+ 9000/8??:4.3bsd:*:*)

+ echo hppa1.0-hp-bsd

+ exit 0 ;;

+ *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)

+ echo hppa1.0-hp-mpeix

+ exit 0 ;;

+ hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )

+ echo hppa1.1-hp-osf

+ exit 0 ;;

+ hp8??:OSF1:*:*)

+ echo hppa1.0-hp-osf

+ exit 0 ;;

+ i*86:OSF1:*:*)

+ if [ -x /usr/sbin/sysversion ] ; then

+ echo ${UNAME_MACHINE}-unknown-osf1mk

+ else

+ echo ${UNAME_MACHINE}-unknown-osf1

+ fi

+ exit 0 ;;

+ parisc*:Lites*:*:*)

+ echo hppa1.1-hp-lites

+ exit 0 ;;

+ C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)

+ echo c1-convex-bsd

+ exit 0 ;;

+ C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)

+ if getsysinfo -f scalar_acc

+ then echo c32-convex-bsd

+ else echo c2-convex-bsd

+ fi

+ exit 0 ;;

+ C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)

+ echo c34-convex-bsd

+ exit 0 ;;

+ C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)

+ echo c38-convex-bsd

+ exit 0 ;;

+ C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)

+ echo c4-convex-bsd

+ exit 0 ;;

+ CRAY*X-MP:*:*:*)

+ echo xmp-cray-unicos

+ exit 0 ;;

+ CRAY*Y-MP:*:*:*)

+ echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'

+ exit 0 ;;

+ CRAY*[A-Z]90:*:*:*)

+ echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \

+ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \

+ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \

+ -e 's/\.[^.]*$/.X/'

+ exit 0 ;;

+ CRAY*TS:*:*:*)

+ echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'

+ exit 0 ;;

+ CRAY*T3D:*:*:*)

+ echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'

+ exit 0 ;;

+ CRAY*T3E:*:*:*)

+ echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'

+ exit 0 ;;

+ CRAY*SV1:*:*:*)

+ echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'

+ exit 0 ;;

+ CRAY-2:*:*:*)

+ echo cray2-cray-unicos

+ exit 0 ;;

+ F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)

+ FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`

+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`

+ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`

+ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"

+ exit 0 ;;

+ i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)

+ echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}

+ exit 0 ;;

+ sparc*:BSD/OS:*:*)

+ echo sparc-unknown-bsdi${UNAME_RELEASE}

+ exit 0 ;;

+ *:BSD/OS:*:*)

+ echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}

+ exit 0 ;;

+ *:FreeBSD:*:*)

+ echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`

+ exit 0 ;;

+ i*:CYGWIN*:*)

+ echo ${UNAME_MACHINE}-pc-cygwin

+ exit 0 ;;

+ i*:MINGW*:*)

+ echo ${UNAME_MACHINE}-pc-mingw32

+ exit 0 ;;

+ i*:PW*:*)

+ echo ${UNAME_MACHINE}-pc-pw32

+ exit 0 ;;

+ x86:Interix*:3*)

+ echo i386-pc-interix3

+ exit 0 ;;

+ i*:Windows_NT*:* | Pentium*:Windows_NT*:*)

+ # How do we know it's Interix rather than the generic POSIX subsystem?

+ # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we

+ # UNAME_MACHINE based on the output of uname instead of i386?

+ echo i386-pc-interix

+ exit 0 ;;

+ i*:UWIN*:*)

+ echo ${UNAME_MACHINE}-pc-uwin

+ exit 0 ;;

+ p*:CYGWIN*:*)

+ echo powerpcle-unknown-cygwin

+ exit 0 ;;

+ prep*:SunOS:5.*:*)

+ echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`

+ exit 0 ;;

+ *:GNU:*:*)

+ echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`

+ exit 0 ;;

+ i*86:Minix:*:*)

+ echo ${UNAME_MACHINE}-pc-minix

+ exit 0 ;;

+ arm*:Linux:*:*)

+ echo ${UNAME_MACHINE}-unknown-linux-gnu

+ exit 0 ;;

+ ia64:Linux:*:*)

+ echo ${UNAME_MACHINE}-unknown-linux

+ exit 0 ;;

+ m68*:Linux:*:*)

+ echo ${UNAME_MACHINE}-unknown-linux-gnu

+ exit 0 ;;

+ mips:Linux:*:*)

+ eval $set_cc_for_build

+ sed 's/^ //' << EOF >$dummy.c

+ #undef CPU

+ #undef mips

+ #undef mipsel

+ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)

+ CPU=mipsel

+ #else

+ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)

+ CPU=mips

+ #else

+ CPU=

+ #endif

+ #endif

+EOF

+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`

+ rm -f $dummy.c

+ test x"${CPU}" != x && echo "${CPU}-pc-linux-gnu" && exit 0

+ ;;

+ ppc:Linux:*:*)

+ echo powerpc-unknown-linux-gnu

+ exit 0 ;;

+ ppc64:Linux:*:*)

+ echo powerpc64-unknown-linux-gnu

+ exit 0 ;;

+ alpha:Linux:*:*)

+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in

+ EV5) UNAME_MACHINE=alphaev5 ;;

+ EV56) UNAME_MACHINE=alphaev56 ;;

+ PCA56) UNAME_MACHINE=alphapca56 ;;

+ PCA57) UNAME_MACHINE=alphapca56 ;;

+ EV6) UNAME_MACHINE=alphaev6 ;;

+ EV67) UNAME_MACHINE=alphaev67 ;;

+ EV68*) UNAME_MACHINE=alphaev68 ;;

+ esac

+ objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null

+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi

+ echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}

+ exit 0 ;;

+ parisc:Linux:*:* | hppa:Linux:*:*)

+ # Look for CPU level

+ case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in

+ PA7*) echo hppa1.1-unknown-linux-gnu ;;

+ PA8*) echo hppa2.0-unknown-linux-gnu ;;

+ *) echo hppa-unknown-linux-gnu ;;

+ esac

+ exit 0 ;;

+ parisc64:Linux:*:* | hppa64:Linux:*:*)

+ echo hppa64-unknown-linux-gnu

+ exit 0 ;;

+ s390:Linux:*:* | s390x:Linux:*:*)

+ echo ${UNAME_MACHINE}-ibm-linux

+ exit 0 ;;

+ sh*:Linux:*:*)

+ echo ${UNAME_MACHINE}-unknown-linux-gnu

+ exit 0 ;;

+ sparc:Linux:*:* | sparc64:Linux:*:*)

+ echo ${UNAME_MACHINE}-unknown-linux-gnu

+ exit 0 ;;

+ x86_64:Linux:*:*)

+ echo x86_64-unknown-linux-gnu

+ exit 0 ;;

+ i*86:Linux:*:*)

+ # The BFD linker knows what the default object file format is, so

+ # first see if it will tell us. cd to the root directory to prevent

+ # problems with other programs or directories called `ld' in the path.

+ # Export LANG=C to prevent ld from outputting information in other

+ # languages.

+ ld_supported_targets=`LANG=C; export LANG; cd /; ld --help 2>&1 \

+ | sed -ne '/supported targets:/!d

+ s/[ ][ ]*/ /g

+ s/.*supported targets: *//

+ s/ .*//

+ p'`

+ case "$ld_supported_targets" in

+ elf32-i386)

+ TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"

+ ;;

+ a.out-i386-linux)

+ echo "${UNAME_MACHINE}-pc-linux-gnuaout"

+ exit 0 ;;

+ coff-i386)

+ echo "${UNAME_MACHINE}-pc-linux-gnucoff"

+ exit 0 ;;

+ "")

+ # Either a pre-BFD a.out linker (linux-gnuoldld) or

+ # one that does not give us useful --help.

+ echo "${UNAME_MACHINE}-pc-linux-gnuoldld"

+ exit 0 ;;

+ esac

+ # Determine whether the default compiler is a.out or elf

+ eval $set_cc_for_build

+ sed 's/^ //' << EOF >$dummy.c

+ #include <features.h>

+ #ifdef __ELF__

+ # ifdef __GLIBC__

+ # if __GLIBC__ >= 2

+ LIBC=gnu

+ # else

+ LIBC=gnulibc1

+ # endif

+ # else

+ LIBC=gnulibc1

+ # endif

+ #else

+ #ifdef __INTEL_COMPILER

+ LIBC=gnu

+ #else

+ LIBC=gnuaout

+ #endif

+ #endif

+EOF

+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`

+ rm -f $dummy.c

+ test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0

+ test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0

+ ;;

+ i*86:DYNIX/ptx:4*:*)

+ # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.

+ # earlier versions are messed up and put the nodename in both

+ # sysname and nodename.

+ echo i386-sequent-sysv4

+ exit 0 ;;

+ i*86:UNIX_SV:4.2MP:2.*)

+ # Unixware is an offshoot of SVR4, but it has its own version

+ # number series starting with 2...

+ # I am not positive that other SVR4 systems won't match this,

+ # I just have to hope. -- rms.

+ # Use sysv4.2uw... so that sysv4* matches it.

+ echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}

+ exit 0 ;;

+ i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)

+ UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`

+ if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then

+ echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}

+ else

+ echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}

+ fi

+ exit 0 ;;

+ i*86:*:5:[78]*)

+ case `/bin/uname -X | grep "^Machine"` in

+ *486*) UNAME_MACHINE=i486 ;;

+ *Pentium) UNAME_MACHINE=i586 ;;

+ *Pent*|*Celeron) UNAME_MACHINE=i686 ;;

+ esac

+ echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}

+ exit 0 ;;

+ i*86:*:3.2:*)

+ if test -f /usr/options/cb.name; then

+ UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`

+ echo ${UNAME_MACHINE}-pc-isc$UNAME_REL

+ elif /bin/uname -X 2>/dev/null >/dev/null ; then

+ UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')`

+ (/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486

+ (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \

+ && UNAME_MACHINE=i586

+ (/bin/uname -X|egrep '^Machine.*Pent ?II' >/dev/null) \

+ && UNAME_MACHINE=i686

+ (/bin/uname -X|egrep '^Machine.*Pentium Pro' >/dev/null) \

+ && UNAME_MACHINE=i686

+ echo ${UNAME_MACHINE}-pc-sco$UNAME_REL

+ else

+ echo ${UNAME_MACHINE}-pc-sysv32

+ fi

+ exit 0 ;;

+ i*86:*DOS:*:*)

+ echo ${UNAME_MACHINE}-pc-msdosdjgpp

+ exit 0 ;;

+ pc:*:*:*)

+ # Left here for compatibility:

+ # uname -m prints for DJGPP always 'pc', but it prints nothing about

+ # the processor, so we play safe by assuming i386.

+ echo i386-pc-msdosdjgpp

+ exit 0 ;;

+ Intel:Mach:3*:*)

+ echo i386-pc-mach3

+ exit 0 ;;

+ paragon:*:*:*)

+ echo i860-intel-osf1

+ exit 0 ;;

+ i860:*:4.*:*) # i860-SVR4

+ if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then

+ echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4

+ else # Add other i860-SVR4 vendors below as they are discovered.

+ echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4

+ fi

+ exit 0 ;;

+ mini*:CTIX:SYS*5:*)

+ # "miniframe"

+ echo m68010-convergent-sysv

+ exit 0 ;;

+ M68*:*:R3V[567]*:*)

+ test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;

+ 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0)

+ OS_REL=''

+ test -r /etc/.relid \

+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`

+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \

+ && echo i486-ncr-sysv4.3${OS_REL} && exit 0

+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \

+ && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;

+ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)

+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \

+ && echo i486-ncr-sysv4 && exit 0 ;;

+ m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)

+ echo m68k-unknown-lynxos${UNAME_RELEASE}

+ exit 0 ;;

+ mc68030:UNIX_System_V:4.*:*)

+ echo m68k-atari-sysv4

+ exit 0 ;;

+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)

+ echo i386-unknown-lynxos${UNAME_RELEASE}

+ exit 0 ;;

+ TSUNAMI:LynxOS:2.*:*)

+ echo sparc-unknown-lynxos${UNAME_RELEASE}

+ exit 0 ;;

+ rs6000:LynxOS:2.*:*)

+ echo rs6000-unknown-lynxos${UNAME_RELEASE}

+ exit 0 ;;

+ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)

+ echo powerpc-unknown-lynxos${UNAME_RELEASE}

+ exit 0 ;;

+ SM[BE]S:UNIX_SV:*:*)

+ echo mips-dde-sysv${UNAME_RELEASE}

+ exit 0 ;;

+ RM*:ReliantUNIX-*:*:*)

+ echo mips-sni-sysv4

+ exit 0 ;;

+ RM*:SINIX-*:*:*)

+ echo mips-sni-sysv4

+ exit 0 ;;

+ *:SINIX-*:*:*)

+ if uname -p 2>/dev/null >/dev/null ; then

+ UNAME_MACHINE=`(uname -p) 2>/dev/null`

+ echo ${UNAME_MACHINE}-sni-sysv4

+ else

+ echo ns32k-sni-sysv

+ fi

+ exit 0 ;;

+ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort

+ # says <Richard.M.Bartel@ccMail.Census.GOV>

+ echo i586-unisys-sysv4

+ exit 0 ;;

+ *:UNIX_System_V:4*:FTX*)

+ # From Gerald Hewes <hewes@openmarket.com>.

+ # How about differentiating between stratus architectures? -djm

+ echo hppa1.1-stratus-sysv4

+ exit 0 ;;

+ *:*:*:FTX*)

+ # From seanf@swdc.stratus.com.

+ echo i860-stratus-sysv4

+ exit 0 ;;

+ *:VOS:*:*)

+ # From Paul.Green@stratus.com.

+ echo hppa1.1-stratus-vos

+ exit 0 ;;

+ mc68*:A/UX:*:*)

+ echo m68k-apple-aux${UNAME_RELEASE}

+ exit 0 ;;

+ news*:NEWS-OS:6*:*)

+ echo mips-sony-newsos6

+ exit 0 ;;

+ R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)

+ if [ -d /usr/nec ]; then

+ echo mips-nec-sysv${UNAME_RELEASE}

+ else

+ echo mips-unknown-sysv${UNAME_RELEASE}

+ fi

+ exit 0 ;;

+ BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.

+ echo powerpc-be-beos

+ exit 0 ;;

+ BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.

+ echo powerpc-apple-beos

+ exit 0 ;;

+ BePC:BeOS:*:*) # BeOS running on Intel PC compatible.

+ echo i586-pc-beos

+ exit 0 ;;

+ SX-4:SUPER-UX:*:*)

+ echo sx4-nec-superux${UNAME_RELEASE}

+ exit 0 ;;

+ SX-5:SUPER-UX:*:*)

+ echo sx5-nec-superux${UNAME_RELEASE}

+ exit 0 ;;

+ Power*:Rhapsody:*:*)

+ echo powerpc-apple-rhapsody${UNAME_RELEASE}

+ exit 0 ;;

+ *:Rhapsody:*:*)

+ echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}

+ exit 0 ;;

+ *:Darwin:*:*)

+ echo `uname -p`-apple-darwin${UNAME_RELEASE}

+ exit 0 ;;

+ *:procnto*:*:* | *:QNX:[0123456789]*:*)

+ if test "${UNAME_MACHINE}" = "x86pc"; then

+ UNAME_MACHINE=pc

+ echo i386-${UNAME_MACHINE}-nto-qnx

+ else

+ echo `uname -p`-${UNAME_MACHINE}-nto-qnx

+ fi

+ exit 0 ;;

+ *:QNX:*:4*)

+ echo i386-pc-qnx

+ exit 0 ;;

+ NSR-[GKLNPTVW]:NONSTOP_KERNEL:*:*)

+ echo nsr-tandem-nsk${UNAME_RELEASE}

+ exit 0 ;;

+ *:NonStop-UX:*:*)

+ echo mips-compaq-nonstopux

+ exit 0 ;;

+ BS2000:POSIX*:*:*)

+ echo bs2000-siemens-sysv

+ exit 0 ;;

+ DS/*:UNIX_System_V:*:*)

+ echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}

+ exit 0 ;;

+ *:Plan9:*:*)

+ # "uname -m" is not consistent, so use $cputype instead. 386

+ # is converted to i386 for consistency with other x86

+ # operating systems.

+ if test "$cputype" = "386"; then

+ UNAME_MACHINE=i386

+ else

+ UNAME_MACHINE="$cputype"

+ fi

+ echo ${UNAME_MACHINE}-unknown-plan9

+ exit 0 ;;

+ i*86:OS/2:*:*)

+ # If we were able to find `uname', then EMX Unix compatibility

+ # is probably installed.

+ echo ${UNAME_MACHINE}-pc-os2-emx

+ exit 0 ;;

+ *:TOPS-10:*:*)

+ echo pdp10-unknown-tops10

+ exit 0 ;;

+ *:TENEX:*:*)

+ echo pdp10-unknown-tenex

+ exit 0 ;;

+ KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)

+ echo pdp10-dec-tops20

+ exit 0 ;;

+ XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)

+ echo pdp10-xkl-tops20

+ exit 0 ;;

+ *:TOPS-20:*:*)

+ echo pdp10-unknown-tops20

+ exit 0 ;;

+ *:ITS:*:*)

+ echo pdp10-unknown-its

+ exit 0 ;;

+ i*86:XTS-300:*:STOP)

+ echo ${UNAME_MACHINE}-unknown-stop

+ exit 0 ;;

+ i*86:atheos:*:*)

+ echo ${UNAME_MACHINE}-unknown-atheos

+ exit 0 ;;

+esac

+

+#echo '(No uname command or uname output not recognized.)' 1>&2

+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2

+

+eval $set_cc_for_build

+cat >$dummy.c <<EOF

+#ifdef _SEQUENT_

+# include <sys/types.h>

+# include <sys/utsname.h>

+#endif

+main ()

+{

+#if defined (sony)

+#if defined (MIPSEB)

+ /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,

+ I don't know.... */

+ printf ("mips-sony-bsd\n"); exit (0);

+#else

+#include <sys/param.h>

+ printf ("m68k-sony-newsos%s\n",

+#ifdef NEWSOS4

+ "4"

+#else

+ ""

+#endif

+ ); exit (0);

+#endif

+#endif

+

+#if defined (__arm) && defined (__acorn) && defined (__unix)

+ printf ("arm-acorn-riscix"); exit (0);

+#endif

+

+#if defined (hp300) && !defined (hpux)

+ printf ("m68k-hp-bsd\n"); exit (0);

+#endif

+

+#if defined (NeXT)

+#if !defined (__ARCHITECTURE__)

+#define __ARCHITECTURE__ "m68k"

+#endif

+ int version;

+ version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;

+ if (version < 4)

+ printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);

+ else

+ printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);

+ exit (0);

+#endif

+

+#if defined (MULTIMAX) || defined (n16)

+#if defined (UMAXV)

+ printf ("ns32k-encore-sysv\n"); exit (0);

+#else

+#if defined (CMU)

+ printf ("ns32k-encore-mach\n"); exit (0);

+#else

+ printf ("ns32k-encore-bsd\n"); exit (0);

+#endif

+#endif

+#endif

+

+#if defined (__386BSD__)

+ printf ("i386-pc-bsd\n"); exit (0);

+#endif

+

+#if defined (sequent)

+#if defined (i386)

+ printf ("i386-sequent-dynix\n"); exit (0);

+#endif

+#if defined (ns32000)

+ printf ("ns32k-sequent-dynix\n"); exit (0);

+#endif

+#endif

+

+#if defined (_SEQUENT_)

+ struct utsname un;

+

+ uname(&un);

+

+ if (strncmp(un.version, "V2", 2) == 0) {

+ printf ("i386-sequent-ptx2\n"); exit (0);

+ }

+ if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */

+ printf ("i386-sequent-ptx1\n"); exit (0);

+ }

+ printf ("i386-sequent-ptx\n"); exit (0);

+

+#endif

+

+#if defined (vax)

+# if !defined (ultrix)

+# include <sys/param.h>

+# if defined (BSD)

+# if BSD == 43

+ printf ("vax-dec-bsd4.3\n"); exit (0);

+# else

+# if BSD == 199006

+ printf ("vax-dec-bsd4.3reno\n"); exit (0);

+# else

+ printf ("vax-dec-bsd\n"); exit (0);

+# endif

+# endif

+# else

+ printf ("vax-dec-bsd\n"); exit (0);

+# endif

+# else

+ printf ("vax-dec-ultrix\n"); exit (0);

+# endif

+#endif

+

+#if defined (alliant) && defined (i860)

+ printf ("i860-alliant-bsd\n"); exit (0);

+#endif

+

+ exit (1);

+}

+EOF

+

+$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy && rm -f $dummy.c $dummy && exit 0

+rm -f $dummy.c $dummy

+

+# Apollos put the system type in the environment.

+

+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }

+

+# Convex versions that predate uname can use getsysinfo(1)

+

+if [ -x /usr/convex/getsysinfo ]

+then

+ case `getsysinfo -f cpu_type` in

+ c1*)

+ echo c1-convex-bsd

+ exit 0 ;;

+ c2*)

+ if getsysinfo -f scalar_acc

+ then echo c32-convex-bsd

+ else echo c2-convex-bsd

+ fi

+ exit 0 ;;

+ c34*)

+ echo c34-convex-bsd

+ exit 0 ;;

+ c38*)

+ echo c38-convex-bsd

+ exit 0 ;;

+ c4*)

+ echo c4-convex-bsd

+ exit 0 ;;

+ esac

+fi

+

+cat >&2 <<EOF

+$0: unable to guess system type

+

+This script, last modified $timestamp, has failed to recognize

+the operating system you are using. It is advised that you

+download the most up to date version of the config scripts from

+

+ ftp://ftp.gnu.org/pub/gnu/config/

+

+If the version you run ($0) is already up to date, please

+send the following data and any information you think might be

+pertinent to <config-patches@gnu.org> in order to provide the needed

+information to handle your system.

+

+config.guess timestamp = $timestamp

+

+uname -m = `(uname -m) 2>/dev/null || echo unknown`

+uname -r = `(uname -r) 2>/dev/null || echo unknown`

+uname -s = `(uname -s) 2>/dev/null || echo unknown`

+uname -v = `(uname -v) 2>/dev/null || echo unknown`

+

+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`

+/bin/uname -X = `(/bin/uname -X) 2>/dev/null`

+

+hostinfo = `(hostinfo) 2>/dev/null`

+/bin/universe = `(/bin/universe) 2>/dev/null`

+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`

+/bin/arch = `(/bin/arch) 2>/dev/null`

+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`

+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`

+

+UNAME_MACHINE = ${UNAME_MACHINE}

+UNAME_RELEASE = ${UNAME_RELEASE}

+UNAME_SYSTEM = ${UNAME_SYSTEM}

+UNAME_VERSION = ${UNAME_VERSION}

+EOF

+

+exit 1

+

+# Local variables:

+# eval: (add-hook 'write-file-hooks 'time-stamp)

+# time-stamp-start: "timestamp='"

+# time-stamp-format: "%:y-%02m-%02d"

+# time-stamp-end: "'"

+# End:

+/* config.h.in. Generated from configure.in by autoheader. */

+/* Define to the number of arguments to ldap_set_rebindproc */

+#undef LDAP_SET_REBIND_PROC_ARGS

+

+/* define to the number of args to gethostbyname_r */

+#undef GETHOSTBYNAME_R_ARGS

+

+/* define to set RFC2307BIS support */

+#undef RFC2307BIS

+

+/* define to enable debug code */

+#undef DEBUG

+

+/* define to enable attribute/objectclass mapping */

+#undef AT_OC_MAP

+

+/* define to enable proxy authentication for AIX */

+#undef PROXY_AUTH

+

+/* define to enable paged results control */

+#undef PAGE_RESULTS

+

+/* define to enable configurable Kerberos credentials cache */

+#undef CONFIGURE_KRB5_CCNAME

+

+/* define to enable configurable Kerberos credentials cache (putenv method) */

+#undef CONFIGURE_KRB5_CCNAME_ENV

+

+/* define to enable configurable Kerberos credentials cache (gssapi method) */

+#undef CONFIGURE_KRB5_CCNAME_GSSAPI

+

+/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */

+#undef HAVE_GSSAPI_GSSAPI_KRB5_H

+

+/* define to enable struct ether_addr definition */

+#undef HAVE_STRUCT_ETHER_ADDR

+

+/* define to enable socklen_t definition */

+#undef HAVE_SOCKLEN_T

+

+/* define if struct passwd has a pw_change member */

+#undef HAVE_PASSWD_PW_CHANGE

+

+/* define if struct passwd has a pw_expire member */

+#undef HAVE_PASSWD_PW_EXPIRE

+

+/* path to LDAP configuration file */

+#define NSS_LDAP_PATH_CONF "/etc/ldap.conf"

+

+/* path to LDAP root secret file */

+#define NSS_LDAP_PATH_ROOTPASSWD "/etc/ldap.secret"

+

+/* maximum number of group members in static buffer */

+#define LDAP_NSS_NGROUPS 64

+

+

+/* Define to 1 if you have the <aliases.h> header file. */

+#undef HAVE_ALIASES_H

+

+/* Define to 1 if you have the <alignof.h> header file. */

+#undef HAVE_ALIGNOF_H

+

+/* Define to 1 if you have the <bits/libc-lock.h> header file. */

+#undef HAVE_BITS_LIBC_LOCK_H

+

+/* Define to 1 if you have the <ctype.h> header file. */

+#undef HAVE_CTYPE_H

+

+/* Define to 1 if you have the `dn_expand' function. */

+#undef HAVE_DN_EXPAND

+

+/* Define to 1 if you have the `ether_aton' function. */

+#undef HAVE_ETHER_ATON

+

+/* Define to 1 if you have the `ether_ntoa' function. */

+#undef HAVE_ETHER_NTOA

+

+/* Define to 1 if you have the `gethostbyname' function. */

+#undef HAVE_GETHOSTBYNAME

+

+/* Define to 1 if you have the `gethostbyname_r' function. */

+#undef HAVE_GETHOSTBYNAME_R

+

+/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */

+#undef HAVE_GSSAPI_GSSAPI_KRB5_H

+

+/* Define to 1 if you have the <gssapi.h> header file. */

+#undef HAVE_GSSAPI_H

+

+/* Define to 1 if you have the <gssldap.h> header file. */

+#undef HAVE_GSSLDAP_H

+

+/* Define to 1 if you have the <gsssasl.h> header file. */

+#undef HAVE_GSSSASL_H

+

+/* Define to 1 if you have the <inttypes.h> header file. */

+#undef HAVE_INTTYPES_H

+

+/* Define to 1 if you have the <irs.h> header file. */

+#undef HAVE_IRS_H

+

+/* Define to 1 if you have the <lber.h> header file. */

+#undef HAVE_LBER_H

+

+/* Define to 1 if you have the `ldapssl_client_init' function. */

+#undef HAVE_LDAPSSL_CLIENT_INIT

+

+/* Define to 1 if you have the `ldap_controls_free' function. */

+#undef HAVE_LDAP_CONTROLS_FREE

+

+/* Define to 1 if you have the `ldap_create_control' function. */

+#undef HAVE_LDAP_CREATE_CONTROL

+

+/* Define to 1 if you have the `ldap_create_page_control' function. */

+#undef HAVE_LDAP_CREATE_PAGE_CONTROL

+

+/* Define to 1 if you have the `ldap_explode_rdn' function. */

+#undef HAVE_LDAP_EXPLODE_RDN

+

+/* Define to 1 if you have the `ldap_get_lderrno' function. */

+#undef HAVE_LDAP_GET_LDERRNO

+

+/* Define to 1 if you have the `ldap_get_option' function. */

+#undef HAVE_LDAP_GET_OPTION

+

+/* Define to 1 if you have the <ldap.h> header file. */

+#undef HAVE_LDAP_H

+

+/* Define to 1 if you have the `ldap_init' function. */

+#undef HAVE_LDAP_INIT

+

+/* Define to 1 if you have the `ldap_initialize' function. */

+#undef HAVE_LDAP_INITIALIZE

+

+/* Define to 1 if you have the `ldap_ld_free' function. */

+#undef HAVE_LDAP_LD_FREE

+

+/* Define to 1 if you have the `ldap_memfree' function. */

+#undef HAVE_LDAP_MEMFREE

+

+/* Define to 1 if you have the `ldap_parse_page_control' function. */

+#undef HAVE_LDAP_PARSE_PAGE_CONTROL

+

+/* Define to 1 if you have the `ldap_parse_result' function. */

+#undef HAVE_LDAP_PARSE_RESULT

+

+/* Define to 1 if you have the `ldap_pvt_tls_set_option' function. */

+#undef HAVE_LDAP_PVT_TLS_SET_OPTION

+

+/* Define to 1 if you have the `ldap_sasl_interactive_bind_s' function. */

+#undef HAVE_LDAP_SASL_INTERACTIVE_BIND_S

+

+/* Define to 1 if you have the `ldap_search_ext' function. */

+#undef HAVE_LDAP_SEARCH_EXT

+

+/* Define to 1 if you have the `ldap_set_option' function. */

+#undef HAVE_LDAP_SET_OPTION

+

+/* Define to 1 if you have the `ldap_set_rebind_proc' function. */

+#undef HAVE_LDAP_SET_REBIND_PROC

+

+/* Define to 1 if you have the <ldap_ssl.h> header file. */

+#undef HAVE_LDAP_SSL_H

+

+/* Define to 1 if you have the `ldap_start_tls' function. */

+#undef HAVE_LDAP_START_TLS

+

+/* Define to 1 if you have the `ldap_start_tls_s' function. */

+#undef HAVE_LDAP_START_TLS_S

+

+/* Define to 1 if you have the <libc-lock.h> header file. */

+#undef HAVE_LIBC_LOCK_H

+

+/* Define to 1 if you have the `lber' library (-llber). */

+#undef HAVE_LIBLBER

+

+/* Define to 1 if you have the `nsl' library (-lnsl). */

+#undef HAVE_LIBNSL

+

+/* Define to 1 if you have the `pthread' library (-lpthread). */

+#undef HAVE_LIBPTHREAD

+

+/* Define to 1 if you have the `resolv' library (-lresolv). */

+#undef HAVE_LIBRESOLV

+

+/* Define to 1 if you have the `socket' library (-lsocket). */

+#undef HAVE_LIBSOCKET

+

+/* Define to 1 if you have the <malloc.h> header file. */

+#undef HAVE_MALLOC_H

+

+/* Define to 1 if you have the <memory.h> header file. */

+#undef HAVE_MEMORY_H

+

+/* Define to 1 if you have the <netinet/ether.h> header file. */

+#undef HAVE_NETINET_ETHER_H

+

+/* Define to 1 if you have the <netinet/if_ether.h> header file. */

+#undef HAVE_NETINET_IF_ETHER_H

+

+/* Define to 1 if you have the <net/route.h> header file. */

+#undef HAVE_NET_ROUTE_H

+

+/* Define to 1 if you have the `nsdispatch' function. */

+#undef HAVE_NSDISPATCH

+

+/* Define to 1 if you have the <nsswitch.h> header file. */

+#undef HAVE_NSSWITCH_H

+

+/* Define to 1 if you have the <nss.h> header file. */

+#undef HAVE_NSS_H

+

+/* Define to 1 if you have the <port_after.h> header file. */

+#undef HAVE_PORT_AFTER_H

+

+/* Define to 1 if you have the <port_before.h> header file. */

+#undef HAVE_PORT_BEFORE_H

+

+/* Define to 1 if you have the <prot.h> header file. */

+#undef HAVE_PROT_H

+

+/* Define to 1 if you have the `pthread_atfork' function. */

+#undef HAVE_PTHREAD_ATFORK

+

+/* Define to 1 if you have the <pthread.h> header file. */

+#undef HAVE_PTHREAD_H

+

+/* Define to 1 if you have the `res_search' function. */

+#undef HAVE_RES_SEARCH

+

+/* Define to 1 if you have the <rpc/rpcent.h> header file. */

+#undef HAVE_RPC_RPCENT_H

+

+/* Define to 1 if you have the `sasl_auxprop_request' function. */

+#undef HAVE_SASL_AUXPROP_REQUEST

+

+/* Define to 1 if you have the <sasl.h> header file. */

+#undef HAVE_SASL_H

+

+/* Define to 1 if you have the <sasl/sasl.h> header file. */

+#undef HAVE_SASL_SASL_H

+

+/* Define to 1 if you have the <shadow.h> header file. */

+#undef HAVE_SHADOW_H

+

+/* Define to 1 if you have the `sigaction' function. */

+#undef HAVE_SIGACTION

+

+/* Define to 1 if you have the `sigset' function. */

+#undef HAVE_SIGSET

+

+/* Define to 1 if you have the `snprintf' function. */

+#undef HAVE_SNPRINTF

+

+/* Define to 1 if you have the <stdint.h> header file. */

+#undef HAVE_STDINT_H

+

+/* Define to 1 if you have the <stdlib.h> header file. */

+#undef HAVE_STDLIB_H

+

+/* Define to 1 if you have the <strings.h> header file. */

+#undef HAVE_STRINGS_H

+

+/* Define to 1 if you have the <string.h> header file. */

+#undef HAVE_STRING_H

+

+/* Define to 1 if you have the `strtok_r' function. */

+#undef HAVE_STRTOK_R

+

+/* Define to 1 if you have the <synch.h> header file. */

+#undef HAVE_SYNCH_H

+

+/* Define to 1 if you have the <sys/byteorder.h> header file. */

+#undef HAVE_SYS_BYTEORDER_H

+

+/* Define to 1 if you have the <sys/stat.h> header file. */

+#undef HAVE_SYS_STAT_H

+

+/* Define to 1 if you have the <sys/types.h> header file. */

+#undef HAVE_SYS_TYPES_H

+

+/* Define to 1 if you have the <sys/un.h> header file. */

+#undef HAVE_SYS_UN_H

+

+/* Define to 1 if you have the <thread.h> header file. */

+#undef HAVE_THREAD_H

+

+/* Define to 1 if you have the <unistd.h> header file. */

+#undef HAVE_UNISTD_H

+

+/* Define to 1 if you have the <usersec.h> header file. */

+#undef HAVE_USERSEC_H

+

+/* Name of package */

+#undef PACKAGE

+

+/* Define to the address where bug reports for this package should be sent. */

+#undef PACKAGE_BUGREPORT

+

+/* Define to the full name of this package. */

+#undef PACKAGE_NAME

+

+/* Define to the full name and version of this package. */

+#undef PACKAGE_STRING

+

+/* Define to the one symbol short name of this package. */

+#undef PACKAGE_TARNAME

+

+/* Define to the version of this package. */

+#undef PACKAGE_VERSION

+

+/* Define to 1 if you have the ANSI C header files. */

+#undef STDC_HEADERS

+

+/* Version number of package */

+#undef VERSION

+#! /bin/sh

+# Configuration validation subroutine script.

+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,

+# 2000, 2001, 2002 Free Software Foundation, Inc.

+# Portions Copyright 1998-2002 OpenLDAP Foundation.

+