summaryrefslogtreecommitdiff
path: root/Linux-PAM
diff options
context:
space:
mode:
authorSteve Langasek <steve.langasek@ubuntu.com>2019-01-03 15:43:05 -0800
committerSteve Langasek <steve.langasek@ubuntu.com>2019-01-03 15:44:43 -0800
commit9a4298687784e7812c8aeef6e0e97830febbf393 (patch)
tree45942549c91c2ae3cb6b58aa5df40b9e121f908a /Linux-PAM
parentd5b06b67bbeeed7c05c0eb2e05d6a972ad050d1c (diff)
parent9bc383eeb9d9f5976645cb4c4850a8d36b2bd7da (diff)
New upstream version 0.99.8.1
Diffstat (limited to 'Linux-PAM')
-rw-r--r--Linux-PAM/ChangeLog235
-rw-r--r--Linux-PAM/NEWS17
-rw-r--r--Linux-PAM/README4
-rw-r--r--Linux-PAM/configure.in19
-rw-r--r--Linux-PAM/libpam/Makefile.am4
-rw-r--r--Linux-PAM/libpam/pam_audit.c31
-rw-r--r--Linux-PAM/modules/pam_access/README10
-rw-r--r--Linux-PAM/modules/pam_access/access.conf28
-rw-r--r--Linux-PAM/modules/pam_access/access.conf.535
-rw-r--r--Linux-PAM/modules/pam_access/access.conf.5.xml37
-rw-r--r--Linux-PAM/modules/pam_access/pam_access.853
-rw-r--r--Linux-PAM/modules/pam_access/pam_access.8.xml15
-rw-r--r--Linux-PAM/modules/pam_access/pam_access.c70
-rw-r--r--Linux-PAM/modules/pam_cracklib/README8
-rw-r--r--Linux-PAM/modules/pam_cracklib/pam_cracklib.8109
-rw-r--r--Linux-PAM/modules/pam_cracklib/pam_cracklib.8.xml18
-rw-r--r--Linux-PAM/modules/pam_cracklib/pam_cracklib.c119
-rw-r--r--Linux-PAM/modules/pam_ftp/pam_ftp.c8
-rw-r--r--Linux-PAM/modules/pam_limits/Makefile.am4
-rw-r--r--Linux-PAM/modules/pam_limits/README7
-rw-r--r--Linux-PAM/modules/pam_limits/limits.conf2
-rw-r--r--Linux-PAM/modules/pam_limits/limits.conf.5120
-rw-r--r--Linux-PAM/modules/pam_limits/limits.conf.5.xml2
-rw-r--r--Linux-PAM/modules/pam_limits/pam_limits.862
-rw-r--r--Linux-PAM/modules/pam_limits/pam_limits.8.xml10
-rw-r--r--Linux-PAM/modules/pam_limits/pam_limits.c95
-rw-r--r--Linux-PAM/modules/pam_loginuid/pam_loginuid.c5
-rw-r--r--Linux-PAM/modules/pam_mail/pam_mail.c5
-rw-r--r--Linux-PAM/modules/pam_mkhomedir/pam_mkhomedir.c4
-rw-r--r--Linux-PAM/modules/pam_namespace/README281
-rw-r--r--Linux-PAM/modules/pam_namespace/README.xml155
-rw-r--r--Linux-PAM/modules/pam_namespace/namespace.conf16
-rw-r--r--Linux-PAM/modules/pam_namespace/namespace.conf.5129
-rw-r--r--Linux-PAM/modules/pam_namespace/namespace.conf.5.xml55
-rwxr-xr-xLinux-PAM/modules/pam_namespace/namespace.init2
-rw-r--r--Linux-PAM/modules/pam_namespace/pam_namespace.859
-rw-r--r--Linux-PAM/modules/pam_namespace/pam_namespace.8.xml19
-rw-r--r--Linux-PAM/modules/pam_namespace/pam_namespace.c313
-rw-r--r--Linux-PAM/modules/pam_namespace/pam_namespace.h7
-rw-r--r--Linux-PAM/modules/pam_selinux/README15
-rw-r--r--Linux-PAM/modules/pam_selinux/pam_selinux.855
-rw-r--r--Linux-PAM/modules/pam_selinux/pam_selinux.8.xml39
-rw-r--r--Linux-PAM/modules/pam_selinux/pam_selinux.c462
-rw-r--r--Linux-PAM/modules/pam_umask/pam_umask.c4
-rw-r--r--Linux-PAM/modules/pam_unix/pam_unix_passwd.c27
-rw-r--r--Linux-PAM/modules/pam_unix/support.c12
-rw-r--r--Linux-PAM/modules/pam_unix/unix_chkpwd.c33
-rw-r--r--Linux-PAM/po/LINGUAS8
-rw-r--r--Linux-PAM/po/Linux-PAM.pot119
-rw-r--r--Linux-PAM/po/ar.po540
-rw-r--r--Linux-PAM/po/ca.po544
-rw-r--r--Linux-PAM/po/cs.po141
-rw-r--r--Linux-PAM/po/da.po547
-rw-r--r--Linux-PAM/po/de.po144
-rw-r--r--Linux-PAM/po/es.po141
-rw-r--r--Linux-PAM/po/fi.po141
-rw-r--r--Linux-PAM/po/fr.po141
-rw-r--r--Linux-PAM/po/hu.po155
-rw-r--r--Linux-PAM/po/it.po141
-rw-r--r--Linux-PAM/po/ja.po141
-rw-r--r--Linux-PAM/po/km.po141
-rw-r--r--Linux-PAM/po/nb.po141
-rw-r--r--Linux-PAM/po/nl.po141
-rw-r--r--Linux-PAM/po/pa.po145
-rw-r--r--Linux-PAM/po/pl.po141
-rw-r--r--Linux-PAM/po/pt.po141
-rw-r--r--Linux-PAM/po/pt_BR.po141
-rw-r--r--Linux-PAM/po/ru.po560
-rw-r--r--Linux-PAM/po/sv.po547
-rw-r--r--Linux-PAM/po/tr.po141
-rw-r--r--Linux-PAM/po/uk.po141
-rw-r--r--Linux-PAM/po/zh_CN.po141
-rw-r--r--Linux-PAM/po/zh_TW.po141
-rw-r--r--Linux-PAM/po/zu.po544
-rw-r--r--Linux-PAM/xtests/Makefile.am16
-rw-r--r--Linux-PAM/xtests/access.conf2
-rw-r--r--Linux-PAM/xtests/limits.conf2
-rwxr-xr-xLinux-PAM/xtests/run-xtests.sh30
-rw-r--r--Linux-PAM/xtests/tst-pam_access1.c131
-rw-r--r--Linux-PAM/xtests/tst-pam_access1.pamd6
-rwxr-xr-xLinux-PAM/xtests/tst-pam_access1.sh9
-rw-r--r--Linux-PAM/xtests/tst-pam_access2.c131
-rw-r--r--Linux-PAM/xtests/tst-pam_access2.pamd6
-rwxr-xr-xLinux-PAM/xtests/tst-pam_access2.sh9
-rw-r--r--Linux-PAM/xtests/tst-pam_access3.c131
-rw-r--r--Linux-PAM/xtests/tst-pam_access3.pamd6
-rwxr-xr-xLinux-PAM/xtests/tst-pam_access3.sh7
-rw-r--r--Linux-PAM/xtests/tst-pam_access4.c149
-rw-r--r--Linux-PAM/xtests/tst-pam_access4.pamd6
-rwxr-xr-xLinux-PAM/xtests/tst-pam_access4.sh7
-rw-r--r--Linux-PAM/xtests/tst-pam_cracklib1.c5
-rw-r--r--Linux-PAM/xtests/tst-pam_cracklib2.c140
-rw-r--r--Linux-PAM/xtests/tst-pam_cracklib2.pamd2
-rw-r--r--Linux-PAM/xtests/tst-pam_limits1.c148
-rw-r--r--Linux-PAM/xtests/tst-pam_limits1.pamd6
-rwxr-xr-xLinux-PAM/xtests/tst-pam_limits1.sh7
-rw-r--r--Linux-PAM/xtests/tst-pam_unix1.c121
-rw-r--r--Linux-PAM/xtests/tst-pam_unix1.pamd6
-rwxr-xr-xLinux-PAM/xtests/tst-pam_unix1.sh7
-rw-r--r--Linux-PAM/xtests/tst-pam_unix2.c153
-rw-r--r--Linux-PAM/xtests/tst-pam_unix2.pamd6
-rwxr-xr-xLinux-PAM/xtests/tst-pam_unix2.sh8
-rw-r--r--Linux-PAM/xtests/tst-pam_unix3.c154
-rw-r--r--Linux-PAM/xtests/tst-pam_unix3.pamd6
-rwxr-xr-xLinux-PAM/xtests/tst-pam_unix3.sh8
105 files changed, 8547 insertions, 1806 deletions
diff --git a/Linux-PAM/ChangeLog b/Linux-PAM/ChangeLog
index f65e67f8..79e8dc1f 100644
--- a/Linux-PAM/ChangeLog
+++ b/Linux-PAM/ChangeLog
@@ -1,3 +1,232 @@
+2007-07-18 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * release version 0.99.8.1
+
+ * libpam/pam_audit.c: Include unistd.h for getuid().
+ * libpam/Makefile.am: Bump version number.
+
+2007-07-12 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * libpam/pam_audit.c (_pam_audit_writelog): Don't return
+ error if application runs as normal user. Fixes regression
+ introduced with last change.
+
+2007-07-10 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * configure.in: Add --with-db-uniquename option to support
+ db libraries and functions with unique name extension.
+ Patch from Diego 'Flameeyes' Pettenò <flameeyes@gmail.com>.
+
+ * modules/pam_limits/pam_limits.c: Include locale.h.
+
+2007-07-06 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * release version 0.99.8.0
+
+ * configure.in: Check for audit_log_acct_message instead of
+ audit_log_user_message.
+ * libpam/pam_audit.c: Use audit_log_acct_message.
+ Based on patch from Mark J Cox <mjc@redhat.com>.
+ * libpam/Makefile.am: Bump version number of libpam.
+
+ * modules/pam_umask/pam_umask.c (set_umask): mode_t is 32bit,
+ not 64bit.
+
+ * xtests/tst-pam_limits1.c: Fix printf arguments.
+
+ * po/*.po: Merge po files with latest code changes.
+
+2007-06-26 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * modules/pam_limits/pam_limits.c (process_limit): Check upper and
+ lower limit of nice value, fix off-by-one in conversation to rlim_t.
+ * xtests/Makefile.am: Add new pam_limits test case.
+ * xtests/limits.conf: New, config file for test case.
+ * xtests/pam_limits1.c: New, test case for RLIMIT_NICE.
+ * xtests/pam_limits1.sh: Likewise.
+ * xtests/pam_limits1.pamd: Likewise.
+
+2007-06-25 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * modules/pam_access/pam_access.c (list_match): Use saveptr of strtok_r
+ result for recursive calls.
+ * xtests/Makefile.am: Add new pam_access test cases.
+ * xtests/pam_access1.c: New test case.
+ * xtests/pam_access2.c: Likewise.
+ * xtests/pam_access3.c: Likewise.
+ * xtests/pam_access4.c: Likewise.
+ * xtests/pam_access1.sh: Wrapper to create user accounts.
+ * xtests/pam_access2.sh: Likewise.
+ * xtests/pam_access3.sh: Likewise.
+ * xtests/pam_access4.sh: Likewise.
+ * xtests/pam_access1.pamd: PAM config file for pam_access tests.
+ * xtests/pam_access2.pamd: Likewise.
+ * xtests/pam_access3.pamd: Likewise.
+ * xtests/pam_access4.pamd: Likewise.
+ * xtests/access.conf: Config file for pam_access tests.
+ * xtests/run-tests.sh: Install access.conf into system.
+
+2007-06-22 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Print
+ better error message if /proc/self/loginuid cannot be opened.
+
+ * modules/pam_limits/pam_limits.c (process_limit): Check for
+ variable overflow after multiplication [bnc#283001].
+
+ * modules/pam_access/pam_access.c: Add new syntax for groups
+ in access.conf to differentiate group names from account names.
+ Based on patch from Julien Lecomte <julien@famille-lecomte.net>,
+ solves feature request [#411390].
+ * modules/pam_access/access.conf: Add example for new group
+ syntax.
+ * modules/pam_access/access.conf.5.xml: Document new syntax.
+
+2007-06-20 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * modules/pam_cracklib/pam_cracklib.8.xml: Document new minclass
+ option.
+ * modules/pam_cracklib/pam_cracklib.c: Add support for minimum
+ character classes [#1688777]. Based on patch from Keith Schincke.
+
+ * xtests/tst-pam_cracklib2.c: New, test case for minclass option.
+ * xtests/tst-pam_cracklib2.pamd: New, PAM config file for test case.
+ * xtests/Makefile.am: Add new testcase.
+
+ * xtests/pam_cracklib.c: Fix comment what this application tests.
+
+ * configure.in: Use /lib64 on x86-64, ppc64, s390x, sparc64
+
+2007-06-15 Tomas Mraz <t8m@centrum.cz>
+
+ * modules/pam_selinux/pam_selinux.8.xml: Remove multiple option,
+ add select_context and use_current_range options.
+ * modules/pam_selinux/pam_selinux.c (send_audit_message): Added
+ function for auditing role/level changes.
+ (query_response): Add default response.
+ (select_context): Removed.
+ (manual_context): Query only role and level.
+ (mls_range_allowed): Added function for range check.
+ (config_context): Added function for role and level override.
+ (pam_sm_open_session): Remove multiple option, add select_context
+ and use_current_range_options. Use getseuserbyname to obtain
+ SELinux user and level. Audit role/level changes. Call setkeycreatecon
+ to assign key creation context. Don't fail on errors when SELinux
+ is not in enforcing mode.
+ * configure.in: Check for setkeycreatecon().
+
+ * modules/pam_namespace/README.xml: Avoid duplication of
+ documentation.
+ * modules/pam_namespace/namespace.conf: More real life example
+ from MLS support.
+ * modules/pam_namespace/namespace.conf.5.xml: Likewise plus
+ properly describe how instance directory names are formed.
+ * modules/pam_namespace/namespace.init: Preserve euid when
+ called from setuid apps (su, newrole).
+ * modules/pam_namespace/pam_namespace.8.xml: Added option
+ no_unmount_on_close.
+ * modules/pam_namespace/pam_namespace.c (process_line): Polyinst
+ methods are now user, level and context. Fix crash on unknown
+ override user in config file.
+ (ns_override): Add explicit uid parameter.
+ (form_context): Skip for user method. Implement level based
+ polyinstantiation.
+ (poly_name): Initialize contexts. Add level based polyinst,
+ remove 'both' metod. Use raw contexts for instance names,
+ truncate long instance names and add hash.
+ (ns_setup): Hashing moved to poly_name().
+ (setup_namespace): Handle correctly override users for
+ su (when unmnt_remnt is used).
+ (pam_sm_close_session): Added no_unmount_on_close option.
+ * modules/pam_namespace/pam_namespace.h: Added
+ no_unmount_on_close_option, level method, limit on instance
+ directory name length.
+
+2007-05-04 Thorsten Kukuk <kukuk@suse.de>
+
+ * xtests/run-xtests.sh: Use SRCDIR to find PAM config files.
+ * xtests/Makefile.am: Call run-xtests.sh with srcdir as first
+ argument.
+ Based on patch by Bernard Leak <thisisnotapipe@hotmail.com>.
+
+2007-04-30 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * modules/pam_limits/limits.conf: Address space limit is KB.
+ * modules/pam_limits/limits.conf.5.xml: Likewise.
+ Reported by Thomas Vander Stichele <thomas@apestaart.org>.
+
+ * modules/pam_mail/pam_mail.c (_do_mail): Remove duplicate
+ check for PAM_SILENT and don't bail out if it is set [#1706247].
+
+2007-03-29 Tomas Mraz <t8m@centrum.cz>
+
+ * modules/pam_access/pam_access.c (login_access, list_match):
+ Replace strtok with strtok_r.
+ * modules/pam_cracklib/pam_cracklib.c (check_old_password):
+ Likewise.
+ * modules/pam_ftp/pam_ftp.c (lookup, pam_authenticate):
+ Likewise.
+ * modules/pam_unix/pam_unix_passwd.c (check_old_password,
+ save_old_password): Likewise.
+
+ * modules/pam_limits/Makefile.am: Define limits.d dir and install it.
+ * modules/pam_limits/pam_limits.8.xml: Describe limits.d parsing.
+ * modules/pam_limits/pam_limits.c (pam_limit_s): Make conf_file ptr.
+ (pam_parse): conf_file is now ptr.
+ (pam_sm_open_session): Add parsing files from limits.d subdir using
+ glob, change pl to pointer.
+
+2007-03-12 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * po/ar.po: New translation.
+ * po/ca.po: Likewise.
+ * po/da.po: Likewise.
+ * po/ru.po: Likewise.
+ * po/sv.po: Likewise.
+ * po/zu.po: Likewise.
+ * po/LINGUAS: Add ar, ca, da, ru, sv, zu
+
+ * po/hu.po: Update translation.
+
+2007-02-21 Tomas Mraz <t8m@centrum.cz>
+
+ * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Test for
+ allocation failure in bigcrypt().
+
+ * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Allow
+ modification of '*' password by root.
+
+2007-02-06 Tomas Mraz <t8m@centrum.cz>
+
+ * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Remove
+ debug syslog message when loginuid doesn't exist.
+
+2007-02-01 Tomas Mraz <t8m@centrum.cz>
+
+ * xtests/tst-pam_unix3.c: Fix typos in comments.
+
+ * modules/pam_unix/support.c (_unix_verify_password): Explicitly
+ disallow '!' in the beginning of password hash. Treat only
+ 13 bytes password hash specifically. (Suggested by Solar Designer.)
+ Fix a warning and test for allocation failure.
+ * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
+
+2007-01-31 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * xtests/Makefile.am: Add new pam_unix.so tests
+ * xtests/run-xtests.sh: Prefer shell scripts (wrapper)
+ over binaries.
+ * xtests/tst-pam_cracklib1.c: Fix typo.
+ * xtests/tst-pam_unix1.c: New, for sucurity fix.
+ * xtests/tst-pam_unix1.pamd: New.
+ * xtests/tst-pam_unix1.sh: New.
+ * xtests/tst-pam_unix2.c: New, for crypt checks.
+ * xtests/tst-pam_unix2.pamd: New.
+ * xtests/tst-pam_unix2.sh: New.
+ * xtests/tst-pam_unix3.c: New, for bigcrypt checks.
+ * xtests/tst-pam_unix3.pamd: New.
+ * xtests/tst-pam_unix3.sh: New.
+
2007-01-23 Thorsten Kukuk <kukuk@suse.de>
* release 0.99.7.1
@@ -5,7 +234,7 @@
* configure.in: Set version number to 0.99.7.1
2007-01-23 Thorsten Kukuk <kukuk@thukuk.de>
- Tomas Mraz <t2m@centrum.cz>
+ Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/support.c (_unix_verify_password): Always
compare full encrypted passwords (CVE-2007-0003).
@@ -27,12 +256,12 @@
* Makefile.am (M4_FILES): Replace GNU make extension by listing
all m4 files.
-2007-07-17 Tomas Mraz <t8m@centrum.cz>
+2007-01-17 Tomas Mraz <t8m@centrum.cz>
* po/*.po: Updated strings to translate.
* po/Linux-PAM.pot: Likewise.
-2007-07-16 Thorsten Kukuk <kukuk@thkukuk.de>
+2007-01-16 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/pam.conf-syntax.xml: Improve documentation about
sufficient keyword (Patch by Petteri Räty <betelgeuse@gentoo.org>)
diff --git a/Linux-PAM/NEWS b/Linux-PAM/NEWS
index 810660fc..4432cf31 100644
--- a/Linux-PAM/NEWS
+++ b/Linux-PAM/NEWS
@@ -1,6 +1,23 @@
Linux-PAM NEWS -- history of user-visible changes.
+Release 0.99.8.1
+* Fix a regression in audit code introduced with last release
+* Fix compiling with --disable-nls
+
+Release 0.99.8.0
+
+* Add translations for ar, ca, da, ru, sv and zu.
+* Update hungarian translation.
+* Add support for limits.d directory to pam_limits.
+* Improve pam_namespace module tobe more useful
+ for MLS, fixed crash with bad config files.
+* Improve pam_selinux module to be more useful
+ for MLS.
+* Add minclass option to pam_cracklib
+* Add new group syntax to pam_access
+
+
Release 0.99.7.1
* Security fix for pam_unix.so (CVE-2007-0003).
diff --git a/Linux-PAM/README b/Linux-PAM/README
index bd804b17..364890db 100644
--- a/Linux-PAM/README
+++ b/Linux-PAM/README
@@ -33,6 +33,10 @@ You can run additional checks after installing by executing
as root.
+WARNING: Running "make xtests" can overwrite configuration data
+or make the system insecure/unfunctional for a short time!
+Backup all important data before!
+
If you do not wish to make the modules dynamically loadable, but
build a static libpam including all PAM modules, you have to call:
diff --git a/Linux-PAM/configure.in b/Linux-PAM/configure.in
index 0c4c8cb0..4c6a4c81 100644
--- a/Linux-PAM/configure.in
+++ b/Linux-PAM/configure.in
@@ -1,6 +1,6 @@
dnl Process this file with autoconf to produce a configure script.
AC_INIT(conf/pam_conv1/pam_conv_y.y)
-AM_INIT_AUTOMAKE("Linux-PAM", 0.99.7.1)
+AM_INIT_AUTOMAKE("Linux-PAM", 0.99.8.1)
AC_PREREQ([2.60])
AM_CONFIG_HEADER(config.h)
AC_CANONICAL_HOST
@@ -24,7 +24,12 @@ dnl If we use /usr as prefix, use /etc for config files
fi
if test ${libdir} = '${exec_prefix}/lib'
then
- libdir="/lib"
+ case "`uname -m`" in
+ x86_64|ppc64|s390x|sparc64)
+ libdir="/lib64" ;;
+ *)
+ libdir="/lib" ;;
+ esac
fi
if test ${sbindir} = '${exec_prefix}/sbin'
then
@@ -326,7 +331,7 @@ AC_ARG_ENABLE([audit],
WITH_LIBAUDIT=$enableval, WITH_LIBAUDIT=yes)
if test x"$WITH_LIBAUDIT" != xno ; then
AC_CHECK_HEADER([libaudit.h],
- [AC_CHECK_LIB(audit, audit_log_user_message, LIBAUDIT=-laudit, LIBAUDIT="")]
+ [AC_CHECK_LIB(audit, audit_log_acct_message, LIBAUDIT=-laudit, LIBAUDIT="")]
)
if test ! -z "$LIBAUDIT" -a "ac_cv_header_libaudit_h" != "no" ; then
AC_DEFINE([HAVE_LIBAUDIT], 1, [Defined if audit support should be compiled in])
@@ -346,11 +351,13 @@ dnl libraries are unuseable, so try libdb first.
AC_ARG_ENABLE([db],
AC_HELP_STRING([--enable-db=(db|ndbm|yes|no)],[Default behavior 'yes', which is to check for libdb first, followed by ndbm. Use 'no' to disable db support.]),
WITH_DB=$enableval, WITH_DB=yes)
+AC_ARG_WITH([db-uniquename],
+ AC_HELP_STRING([--with-db-uniquename=extension],[Unique name for db libraries and functions.]))
if test x"$WITH_DB" != xno ; then
if test x"$WITH_DB" = xyes -o x"$WITH_DB" = xdb ; then
- AC_CHECK_LIB([db], [db_create], LIBDB="-ldb", LIBDB="")
+ AC_CHECK_LIB([db$with_db_uniquename], [db_create$with_db_uniquename], LIBDB="-ldb$with_db_uniquename", LIBDB="")
if test -z "$LIBDB" ; then
- AC_CHECK_LIB([db], [dbm_store], LIBDB="-ldb", LIBDB="")
+ AC_CHECK_LIB([db$with_db_uniquename], [dbm_store$with_db_uniquename], LIBDB="-ldb$with_db_uniquename", LIBDB="")
fi
fi
if test -z "$LIBDB" ; then
@@ -415,7 +422,7 @@ AC_CHECK_FUNCS(fseeko gethostname gettimeofday lckpwdf mkdir select)
AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
AC_CHECK_FUNCS(getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
AC_CHECK_FUNCS(getgrouplist getline getdelim)
-AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af)
+AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af setkeycreatecon)
AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
diff --git a/Linux-PAM/libpam/Makefile.am b/Linux-PAM/libpam/Makefile.am
index e96d6df8..57a44935 100644
--- a/Linux-PAM/libpam/Makefile.am
+++ b/Linux-PAM/libpam/Makefile.am
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
+# Copyright (c) 2005, 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de>
#
AM_CFLAGS = -DDEFAULT_MODULE_PATH=\"$(SECUREDIR)/\" -DLIBPAM_COMPILE \
@@ -20,7 +20,7 @@ include_HEADERS = include/security/_pam_compat.h \
noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \
pam_modutil_private.h pam_static_modules.h
-libpam_la_LDFLAGS = -no-undefined -version-info 81:6:81 \
+libpam_la_LDFLAGS = -no-undefined -version-info 81:8:81 \
@LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@
if STATIC_MODULES
libpam_la_LDFLAGS += `ls ../modules/pam_*/*.lo` \
diff --git a/Linux-PAM/libpam/pam_audit.c b/Linux-PAM/libpam/pam_audit.c
index ff1486aa..240d4a89 100644
--- a/Linux-PAM/libpam/pam_audit.c
+++ b/Linux-PAM/libpam/pam_audit.c
@@ -14,6 +14,7 @@
#include <libaudit.h>
#include <pwd.h>
#include <netdb.h>
+#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
@@ -27,22 +28,32 @@ _pam_audit_writelog(pam_handle_t *pamh, int audit_fd, int type,
{
static int old_errno = -1;
int rc;
- char buf[256];
+ char buf[32];
- snprintf(buf, sizeof(buf), "PAM: %s acct=%s ", message,
- (retval != PAM_USER_UNKNOWN && pamh->user) ? pamh->user : "?");
+ snprintf(buf, sizeof(buf), "PAM:%s", message);
- rc = audit_log_user_message( audit_fd, type, buf,
- pamh->rhost, NULL, pamh->tty, retval == PAM_SUCCESS );
+ rc = audit_log_acct_message (audit_fd, type, NULL, buf,
+ (retval != PAM_USER_UNKNOWN && pamh->user) ? pamh->user : "?",
+ -1, pamh->rhost, NULL, pamh->tty, retval == PAM_SUCCESS );
- if (rc == -1 && errno != old_errno)
+ /* libaudit sets errno to his own negative error code. This can be
+ an official errno number, but must not. It can also be a audit
+ internal error code. Which makes errno useless :-((. Try the
+ best to fix it. */
+ errno = -rc;
+
+ if (rc < 0 && errno != old_errno)
{
old_errno = errno;
- pam_syslog(pamh, LOG_CRIT, "audit_log_user_message() failed: %m");
+ pam_syslog (pamh, LOG_CRIT, "audit_log_acct_message() failed: %m");
}
pamh->audit_state |= PAMAUDIT_LOGGED;
- return rc;
+
+ if (rc == -EPERM && getuid () != 0)
+ return 0;
+ else
+ return rc;
}
int
@@ -73,11 +84,11 @@ _pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags)
type = AUDIT_USER_AUTH;
break;
case PAM_OPEN_SESSION:
- message = "session open";
+ message = "session_open";
type = AUDIT_USER_START;
break;
case PAM_CLOSE_SESSION:
- message = "session close";
+ message = "session_close";
type = AUDIT_USER_END;
break;
case PAM_ACCOUNT:
diff --git a/Linux-PAM/modules/pam_access/README b/Linux-PAM/modules/pam_access/README
index c3561da0..a3adcc8f 100644
--- a/Linux-PAM/modules/pam_access/README
+++ b/Linux-PAM/modules/pam_access/README
@@ -45,6 +45,11 @@ listsep=separators
information obtained from a Windows domain, where the default built-in
groups "Domain Users", "Domain Admins" contain a space.
+nodefgroup
+
+ The group database will not be used for tokens not identified as account
+ name.
+
EXAMPLES
These are some example lines which might be specified in /etc/security/
@@ -97,6 +102,11 @@ User john should get access from IPv6 net/mask.
+ : john : 2001:4ca0:0:101::/64
+Disallow console logins to all but the shutdown, sync and all other accounts,
+which are a member of the wheel group.
+
+-:ALL EXCEPT (wheel) shutdown sync:LOCAL
+
All other users should be denied to get access from all sources.
- : ALL : ALL
diff --git a/Linux-PAM/modules/pam_access/access.conf b/Linux-PAM/modules/pam_access/access.conf
index b22f1d43..74c5fbe8 100644
--- a/Linux-PAM/modules/pam_access/access.conf
+++ b/Linux-PAM/modules/pam_access/access.conf
@@ -1,14 +1,14 @@
# Login access control table.
-#
+#
# Comment line must start with "#", no space at front.
# Order of lines is important.
#
# When someone logs in, the table is scanned for the first entry that
# matches the (user, host) combination, or, in case of non-networked
# logins, the first entry that matches the (user, tty) combination. The
-# permissions field of that table entry determines whether the login will
+# permissions field of that table entry determines whether the login will
# be accepted or refused.
-#
+#
# Format of the login access control table is three fields separated by a
# ":" character:
#
@@ -17,11 +17,11 @@
# '|'. This is useful for configurations where you are trying to use
# pam_access with X applications that provide PAM_TTY values that are
# the display variable like "host:0".]
-#
+#
# permission : users : origins
-#
+#
# The first field should be a "+" (access granted) or "-" (access denied)
-# character.
+# character.
#
# The second field should be a list of one or more login names, group
# names, or ALL (always matches). A pattern of the form user@host is
@@ -42,20 +42,28 @@
# The group file is searched only when a name does not match that of the
# logged-in user. Both the user's primary group is matched, as well as
# groups in which users are explicitly listed.
+# To avoid problems with accounts, which have the same name as a group,
+# you can use brackets around group names '(group)' to differentiate.
+# In this case, you should also set the "nodefgroup" option.
#
# TTY NAMES: Must be in the form returned by ttyname(3) less the initial
# "/dev" (e.g. tty1 or vc/1)
#
##############################################################################
-#
+#
# Disallow non-root logins on tty1
#
#-:ALL EXCEPT root:tty1
-#
+#
# Disallow console logins to all but a few accounts.
#
#-:ALL EXCEPT wheel shutdown sync:LOCAL
#
+# Same, but make sure that really the group wheel and not the user
+# wheel is used (use nodefgroup argument, too):
+#
+#-:ALL EXCEPT (wheel) shutdown sync:LOCAL
+#
# Disallow non-local logins to privileged accounts (group wheel).
#
#-:wheel:ALL EXCEPT LOCAL .win.tue.nl
@@ -87,7 +95,7 @@
# Uses string matching also.
#+ : root : .foo.bar.org
#
-# User "root" should be denied to get access from all other sources.
+# User "root" should be denied to get access from all other sources.
#- : root : ALL
#
# User "foo" and members of netgroup "nis_group" should be
@@ -111,4 +119,4 @@
#+ : john : 2001:4ca0:0:101::/64
#
# All other users should be denied to get access from all sources.
-#- : ALL : ALL
+#- : ALL : ALL
diff --git a/Linux-PAM/modules/pam_access/access.conf.5 b/Linux-PAM/modules/pam_access/access.conf.5
index 43cc4fce..fcd33bb4 100644
--- a/Linux-PAM/modules/pam_access/access.conf.5
+++ b/Linux-PAM/modules/pam_access/access.conf.5
@@ -1,11 +1,11 @@
.\" Title: access.conf
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/21/2006
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: 06/22/2007
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "ACCESS.CONF" "5" "06/21/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "ACCESS.CONF" "5" "06/22/2007" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -16,32 +16,33 @@ access.conf \- the login access control table file
.PP
The
\fI/etc/security/access.conf\fR
-file specifies (\fIuser\fR,
-\fIhost\fR), (\fIuser\fR,
-\fInetwork/netmask\fR) or (\fIuser\fR,
+file specifies (\fIuser/group\fR,
+\fIhost\fR), (\fIuser/group\fR,
+\fInetwork/netmask\fR) or (\fIuser/group\fR,
\fItty\fR) combinations for which a login will be either accepted or refused.
.PP
When someone logs in, the file
\fIaccess.conf\fR
-is scanned for the first entry that matches the (\fIuser\fR,
-\fIhost\fR) or (\fIuser\fR,
-\fInetwork/netmask\fR) combination, or, in case of non\-networked logins, the first entry that matches the (\fIuser\fR,
+is scanned for the first entry that matches the (\fIuser/group\fR,
+\fIhost\fR) or (\fIuser/group\fR,
+\fInetwork/netmask\fR) combination, or, in case of non\-networked logins, the first entry that matches the (\fIuser/group\fR,
\fItty\fR) combination. The permissions field of that table entry determines whether the login will be accepted or refused.
.PP
Each line of the login access control table has three fields separated by a ":" character (colon):
.PP
-\fIpermission\fR:\fIusers\fR:\fIorigins\fR
+\fIpermission\fR:\fIusers/groups\fR:\fIorigins\fR
.PP
The first field, the
\fIpermission\fR
field, can be either a "\fI+\fR" character (plus) for access granted or a "\fI\-\fR" character (minus) for access denied.
.PP
The second field, the
-\fIusers\fR
+\fIusers\fR/\fIgroup\fR
field, should be a list of one or more login names, group names, or
\fIALL\fR
-(which always matches).
+(which always matches). To differentiate user entries from group entries, group entries should be written with brackets, e.g.
+\fI(group)\fR.
.PP
The third field, the
\fIorigins\fR
@@ -54,10 +55,12 @@ field, should be a list of one or more tty names (for non\-networked logins), ho
in host or user patterns.
.PP
The
-\fIexcept\fR
+\fIEXCEPT\fR
operator makes it possible to write very compact rules.
.PP
-The group file is searched only when a name does not match that of the logged\-in user. Only groups are matched in which users are explicitly listed. However the PAM module does not look at the primary group id of a user.
+If the
+\fBnodefgroup\fR
+is not set, the group file is searched when a name does not match that of the logged\-in user. Only groups are matched in which users are explicitly listed. However the PAM module does not look at the primary group id of a user.
.PP
The "\fI#\fR" character at start of line (no space at front) can be used to mark this line as a comment line.
.SH "EXAMPLES"
@@ -143,6 +146,10 @@ should get access from IPv6 net/mask.
.PP
+ : john : 2001:4ca0:0:101::/64
.PP
+Disallow console logins to all but the shutdown, sync and all other accounts, which are a member of the wheel group.
+.PP
+\-:ALL EXCEPT (wheel) shutdown sync:LOCAL
+.PP
All other users should be denied to get access from all sources.
.PP
\- : ALL : ALL
diff --git a/Linux-PAM/modules/pam_access/access.conf.5.xml b/Linux-PAM/modules/pam_access/access.conf.5.xml
index 492f995d..f8eb7a4e 100644
--- a/Linux-PAM/modules/pam_access/access.conf.5.xml
+++ b/Linux-PAM/modules/pam_access/access.conf.5.xml
@@ -20,19 +20,19 @@
<title>DESCRIPTION</title>
<para>
The <filename>/etc/security/access.conf</filename> file specifies
- (<replaceable>user</replaceable>, <replaceable>host</replaceable>),
- (<replaceable>user</replaceable>, <replaceable>network/netmask</replaceable>) or
- (<replaceable>user</replaceable>, <replaceable>tty</replaceable>)
+ (<replaceable>user/group</replaceable>, <replaceable>host</replaceable>),
+ (<replaceable>user/group</replaceable>, <replaceable>network/netmask</replaceable>) or
+ (<replaceable>user/group</replaceable>, <replaceable>tty</replaceable>)
combinations for which a login will be either accepted or refused.
</para>
<para>
When someone logs in, the file <filename>access.conf</filename> is
scanned for the first entry that matches the
- (<replaceable>user</replaceable>, <replaceable>host</replaceable>) or
- (<replaceable>user</replaceable>, <replaceable>network/netmask</replaceable>)
+ (<replaceable>user/group</replaceable>, <replaceable>host</replaceable>) or
+ (<replaceable>user/group</replaceable>, <replaceable>network/netmask</replaceable>)
combination, or, in case of non-networked logins, the first entry
that matches the
- (<replaceable>user</replaceable>, <replaceable>tty</replaceable>)
+ (<replaceable>user/group</replaceable>, <replaceable>tty</replaceable>)
combination. The permissions field of that table entry determines
whether the login will be accepted or refused.
</para>
@@ -43,7 +43,7 @@
</para>
<para>
- <replaceable>permission</replaceable>:<replaceable>users</replaceable>:<replaceable>origins</replaceable>
+ <replaceable>permission</replaceable>:<replaceable>users/groups</replaceable>:<replaceable>origins</replaceable>
</para>
@@ -54,9 +54,12 @@
</para>
<para>
- The second field, the <replaceable>users</replaceable>
+ The second field, the
+ <replaceable>users</replaceable>/<replaceable>group</replaceable>
field, should be a list of one or more login names, group names, or
- <emphasis>ALL</emphasis> (which always matches).
+ <emphasis>ALL</emphasis> (which always matches). To differentiate
+ user entries from group entries, group entries should be written
+ with brackets, e.g. <emphasis>(group)</emphasis>.
</para>
<para>
@@ -72,15 +75,15 @@
</para>
<para>
- The <replaceable>except</replaceable> operator makes it possible to
+ The <replaceable>EXCEPT</replaceable> operator makes it possible to
write very compact rules.
</para>
<para>
- The group file is searched only when a name does not match that of
- the logged-in user. Only groups are matched in which users are
- explicitly listed. However the PAM module does not look at the
- primary group id of a user.
+ If the <option>nodefgroup</option> is not set, the group file
+ is searched when a name does not match that of the logged-in
+ user. Only groups are matched in which users are explicitly listed.
+ However the PAM module does not look at the primary group id of a user.
</para>
@@ -163,6 +166,12 @@
<para>+ : john : 2001:4ca0:0:101::/64</para>
<para>
+ Disallow console logins to all but the shutdown, sync and all
+ other accounts, which are a member of the wheel group.
+ </para>
+ <para>-:ALL EXCEPT (wheel) shutdown sync:LOCAL</para>
+
+ <para>
All other users should be denied to get access from all sources.
</para>
<para>- : ALL : ALL</para>
diff --git a/Linux-PAM/modules/pam_access/pam_access.8 b/Linux-PAM/modules/pam_access/pam_access.8
index b613e323..ca8cc5b0 100644
--- a/Linux-PAM/modules/pam_access/pam_access.8
+++ b/Linux-PAM/modules/pam_access/pam_access.8
@@ -1,11 +1,11 @@
.\" Title: pam_access
.\" Author:
-.\" Generator: DocBook XSL Stylesheets vsnapshot_2006\-08\-24_0226 <http://docbook.sf.net/>
-.\" Date: 08/31/2006
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: 06/22/2007
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_ACCESS" "8" "08/31/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_ACCESS" "8" "06/22/2007" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -14,7 +14,7 @@
pam_access \- PAM module for logdaemon style login access control
.SH "SYNOPSIS"
.HP 14
-\fBpam_access.so\fR [debug] [accessfile=\fIfile\fR] [fieldsep=\fIsep\fR] [listsep=\fIsep\fR]
+\fBpam_access.so\fR [debug] [nodefgroup] [accessfile=\fIfile\fR] [fieldsep=\fIsep\fR] [listsep=\fIsep\fR]
.SH "DESCRIPTION"
.PP
The pam_access PAM module is mainly for access management. It provides logdaemon style login access control based on login names, host or domain names, internet addresses or network numbers, or on terminal line names in case of non\-networked logins.
@@ -23,52 +23,77 @@ By default rules for access management are taken from config file
\fI/etc/security/access.conf\fR
if you don't specify another file.
.SH "OPTIONS"
-.TP 3n
+.PP
\fBaccessfile=\fR\fB\fI/path/to/access.conf\fR\fR
+.RS 4
Indicate an alternative
\fIaccess.conf\fR
style configuration file to override the default. This can be useful when different services need different access lists.
-.TP 3n
+.RE
+.PP
\fBdebug\fR
+.RS 4
A lot of debug informations are printed with
\fBsyslog\fR(3).
-.TP 3n
+.RE
+.PP
\fBfieldsep=\fR\fB\fIseparators\fR\fR
+.RS 4
This option modifies the field separator character that pam_access will recognize when parsing the access configuration file. For example:
\fBfieldsep=|\fR
will cause the default `:' character to be treated as part of a field value and `|' becomes the field separator. Doing this may be useful in conjuction with a system that wants to use pam_access with X based applications, since the
\fBPAM_TTY\fR
item is likely to be of the form "hostname:0" which includes a `:' character in its value. But you should not need this.
-.TP 3n
+.RE
+.PP
\fBlistsep=\fR\fB\fIseparators\fR\fR
+.RS 4
This option modifies the list separator character that pam_access will recognize when parsing the access configuration file. For example:
\fBlistsep=,\fR
will cause the default ` ' (space) and `\\t' (tab) characters to be treated as part of a list element value and `,' becomes the only list element separator. Doing this may be useful on a system with group information obtained from a Windows domain, where the default built\-in groups "Domain Users", "Domain Admins" contain a space.
+.RE
+.PP
+\fBnodefgroup\fR
+.RS 4
+The group database will not be used for tokens not identified as account name.
+.RE
.SH "MODULE SERVICES PROVIDED"
.PP
All services are supported.
.SH "RETURN VALUES"
-.TP 3n
+.PP
PAM_SUCCESS
+.RS 4
Access was granted.
-.TP 3n
+.RE
+.PP
PAM_PERM_DENIED
+.RS 4
Access was not granted.
-.TP 3n
+.RE
+.PP
PAM_IGNORE
+.RS 4
\fBpam_setcred\fR
was called which does nothing.
-.TP 3n
+.RE
+.PP
PAM_ABORT
+.RS 4
Not all relevant data or options could be gotten.
-.TP 3n
+.RE
+.PP
PAM_USER_UNKNOWN
+.RS 4
The user is not known to the system.
+.RE
.SH "FILES"
-.TP 3n
+.PP
\fI/etc/security/access.conf\fR
+.RS 4
Default configuration file
+.RE
.SH "SEE ALSO"
.PP
diff --git a/Linux-PAM/modules/pam_access/pam_access.8.xml b/Linux-PAM/modules/pam_access/pam_access.8.xml
index 74e39993..1d814e88 100644
--- a/Linux-PAM/modules/pam_access/pam_access.8.xml
+++ b/Linux-PAM/modules/pam_access/pam_access.8.xml
@@ -26,6 +26,9 @@
debug
</arg>
<arg choice="opt">
+ nodefgroup
+ </arg>
+ <arg choice="opt">
accessfile=<replaceable>file</replaceable>
</arg>
<arg choice="opt">
@@ -123,6 +126,18 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <option>nodefgroup</option>
+ </term>
+ <listitem>
+ <para>
+ The group database will not be used for tokens not
+ identified as account name.
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
diff --git a/Linux-PAM/modules/pam_access/pam_access.c b/Linux-PAM/modules/pam_access/pam_access.c
index 80d94cc9..29a1606c 100644
--- a/Linux-PAM/modules/pam_access/pam_access.c
+++ b/Linux-PAM/modules/pam_access/pam_access.c
@@ -89,6 +89,9 @@ static const char *sep = ", \t"; /* list-element separator */
#define YES 1
#define NO 0
+/* Only allow group entries of the form "(xyz)" */
+static int only_new_group_syntax = NO;
+
/*
* A structure to bundle up all login-related information to keep the
* functional interfaces as generic as possible.
@@ -136,6 +139,8 @@ parse_args(pam_handle_t *pamh, struct login_info *loginfo,
} else if (strcmp (argv[i], "debug") == 0) {
pam_access_debug = YES;
+ } else if (strcmp (argv[i], "nodefgroup") == 0) {
+ only_new_group_syntax = YES;
} else {
pam_syslog(pamh, LOG_ERR, "unrecognized option [%s]", argv[i]);
}
@@ -151,6 +156,7 @@ typedef int match_func (pam_handle_t *, char *, struct login_info *);
static int list_match (pam_handle_t *, char *, struct login_info *,
match_func *);
static int user_match (pam_handle_t *, char *, struct login_info *);
+static int group_match (pam_handle_t *, const char *, const char *);
static int from_match (pam_handle_t *, char *, struct login_info *);
static int string_match (pam_handle_t *, const char *, const char *);
static int network_netmask_match (pam_handle_t *, const char *, const char *);
@@ -321,6 +327,7 @@ login_access (pam_handle_t *pamh, struct login_info *item)
int match = NO;
int end;
int lineno = 0; /* for diagnostics */
+ char *sptr;
if (pam_access_debug)
pam_syslog (pamh, LOG_DEBUG,
@@ -354,9 +361,9 @@ login_access (pam_handle_t *pamh, struct login_info *item)
continue;
/* Allow field seperator in last field of froms */
- if (!(perm = strtok(line, fs))
- || !(users = strtok((char *) 0, fs))
- || !(froms = strtok((char *) 0, "\n"))) {
+ if (!(perm = strtok_r(line, fs, &sptr))
+ || !(users = strtok_r(NULL, fs, &sptr))
+ || !(froms = strtok_r(NULL, "\n", &sptr))) {
pam_syslog(pamh, LOG_ERR, "%s: line %d: bad field count",
item->config_file, lineno);
continue;
@@ -398,6 +405,11 @@ static int list_match(pam_handle_t *pamh,
{
char *tok;
int match = NO;
+ char *sptr;
+
+ if (pam_access_debug)
+ pam_syslog (pamh, LOG_DEBUG,
+ "list_match: list=%s, item=%s", list, item->user->pw_name);
/*
* Process tokens one at a time. We have exhausted all possible matches
@@ -406,7 +418,8 @@ static int list_match(pam_handle_t *pamh,
* the match is affected by any exceptions.
*/
- for (tok = strtok(list, sep); tok != 0; tok = strtok((char *) 0, sep)) {
+ for (tok = strtok_r(list, sep, &sptr); tok != 0;
+ tok = strtok_r(NULL, sep, &sptr)) {
if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */
break;
if ((match = (*match_fn) (pamh, tok, item))) /* YES */
@@ -415,9 +428,9 @@ static int list_match(pam_handle_t *pamh,
/* Process exceptions to matches. */
if (match != NO) {
- while ((tok = strtok((char *) 0, sep)) && strcasecmp(tok, "EXCEPT"))
+ while ((tok = strtok_r(NULL, sep, &sptr)) && strcasecmp(tok, "EXCEPT"))
/* VOID */ ;
- if (tok == 0 || list_match(pamh, (char *) 0, item, match_fn) == NO)
+ if (tok == 0 || list_match(pamh, sptr, item, match_fn) == NO)
return (match);
}
return (NO);
@@ -425,7 +438,7 @@ static int list_match(pam_handle_t *pamh,
/* myhostname - figure out local machine name */
-static char * myhostname(void)
+static char *myhostname(void)
{
static char name[MAXHOSTNAMELEN + 1];
@@ -439,7 +452,7 @@ static char * myhostname(void)
/* netgroup_match - match group against machine or user */
static int
-netgroup_match (pam_handle_t *pamh, const char *group,
+netgroup_match (pam_handle_t *pamh, const char *netgroup,
const char *machine, const char *user)
{
char *mydomain = NULL;
@@ -448,11 +461,12 @@ netgroup_match (pam_handle_t *pamh, const char *group,
yp_get_default_domain(&mydomain);
- retval = innetgr (group, machine, user, mydomain);
+ retval = innetgr (netgroup, machine, user, mydomain);
if (pam_access_debug == YES)
pam_syslog (pamh, LOG_DEBUG,
- "netgroup_match: %d (group=%s, machine=%s, user=%s, domain=%s)",
- retval, group ? group : "NULL", machine ? machine : "NULL",
+ "netgroup_match: %d (netgroup=%s, machine=%s, user=%s, domain=%s)",
+ retval, netgroup ? netgroup : "NULL",
+ machine ? machine : "NULL",
user ? user : "NULL", mydomain ? mydomain : "NULL");
return retval;
@@ -487,15 +501,45 @@ user_match (pam_handle_t *pamh, char *tok, struct login_info *item)
from_match (pamh, at + 1, &fake_item));
} else if (tok[0] == '@') /* netgroup */
return (netgroup_match (pamh, tok + 1, (char *) 0, string));
+ else if (tok[0] == '(' && tok[strlen(tok) - 1] == ')')
+ return (group_match (pamh, tok, string));
else if (string_match (pamh, tok, string)) /* ALL or exact match */
- return YES;
- else if (pam_modutil_user_in_group_nam_nam (pamh, item->user->pw_name, tok))
+ return YES;
+ else if (only_new_group_syntax == NO &&
+ pam_modutil_user_in_group_nam_nam (pamh,
+ item->user->pw_name, tok))
/* try group membership */
return YES;
return NO;
}
+
+/* group_match - match a username against token named group */
+
+static int
+group_match (pam_handle_t *pamh, const char *tok, const char* usr)
+{
+ char grptok[BUFSIZ];
+
+ if (pam_access_debug)
+ pam_syslog (pamh, LOG_DEBUG,
+ "group_match: grp=%s, user=%s", grptok, usr);
+
+ if (strlen(tok) < 3)
+ return NO;
+
+ /* token is recieved under the format '(...)' */
+ memset(grptok, 0, BUFSIZ);
+ strncpy(grptok, tok + 1, strlen(tok) - 2);
+
+ if (pam_modutil_user_in_group_nam_nam(pamh, usr, grptok))
+ return YES;
+
+ return NO;
+}
+
+
/* from_match - match a host or tty against a list of tokens */
static int
diff --git a/Linux-PAM/modules/pam_cracklib/README b/Linux-PAM/modules/pam_cracklib/README
index 89e80318..25ec00b4 100644
--- a/Linux-PAM/modules/pam_cracklib/README
+++ b/Linux-PAM/modules/pam_cracklib/README
@@ -152,6 +152,14 @@ ocredit=N
(N < 0) This is the minimum number of other characters that must be met for
a new password.
+minclass=N
+
+ The minimum number of required classes of characters for the new password.
+ The default number is zero. The four classes are digits, upper and lower
+ letters and other characters. The difference to the credit check is that a
+ specific class if of characters is not required. Instead N out of four of
+ the classes are required.
+
use_authtok
This argument is used to force the module to not prompt the user for a new
diff --git a/Linux-PAM/modules/pam_cracklib/pam_cracklib.8 b/Linux-PAM/modules/pam_cracklib/pam_cracklib.8
index 526817a4..8ccf8059 100644
--- a/Linux-PAM/modules/pam_cracklib/pam_cracklib.8
+++ b/Linux-PAM/modules/pam_cracklib/pam_cracklib.8
@@ -1,11 +1,11 @@
.\" Title: pam_cracklib
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: 06/20/2007
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_CRACKLIB" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_CRACKLIB" "8" "06/20/2007" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -28,14 +28,19 @@ The first action is to prompt for a single password, check its strength and then
The strength checks works in the following manner: at first the
\fBCracklib\fR
routine is called to check if the password is part of a dictionary; if this is not the case an additional set of strength checks is done. These checks are:
-.TP 3n
+.PP
Palindrome
+.RS 4
Is the new password a palindrome of the old one?
-.TP 3n
+.RE
+.PP
Case Change Only
+.RS 4
Is the new password the the old one with only a change of case?
-.TP 3n
+.RE
+.PP
Similar
+.RS 4
Is the new password too much like the old one? This is primarily controlled by one argument,
\fBdifok\fR
which is a number of characters that if different between the old and new are enough to accept the new password, this defaults to 10 or 1/2 the size of the new password whichever is smaller.
@@ -47,52 +52,70 @@ is available. This argument can be used to specify the minimum length a new pass
value is ignored. The default value for
\fBdifignore\fR
is 23.
-.TP 3n
+.RE
+.PP
Simple
+.RS 4
Is the new password too small? This is controlled by 5 arguments
\fBminlen\fR,
\fBdcredit\fR,
\fBucredit\fR,
\fBlcredit\fR, and
\fBocredit\fR. See the section on the arguments for the details of how these work and there defaults.
-.TP 3n
+.RE
+.PP
Rotated
+.RS 4
Is the new password a rotated version of the old password?
-.TP 3n
+.RE
+.PP
Already used
+.RS 4
Was the password used in the past? Previously used passwords are to be found in
\fI/etc/security/opasswd\fR.
+.RE
.PP
This module with no arguments will work well for standard unix password encryption. With md5 encryption, passwords can be longer than 8 characters and the default settings for this module can make it hard for the user to choose a satisfactory new password. Notably, the requirement that the new password contain no more than 1/2 of the characters in the old password becomes a non\-trivial constraint. For example, an old password of the form "the quick brown fox jumped over the lazy dogs" would be difficult to change... In addition, the default action is to allow passwords as small as 5 characters in length. For a md5 systems it can be a good idea to increase the required minimum size of a password. One can then allow more credit for different kinds of characters but accept that the new password may share most of these characters with the old password.
.SH "OPTIONS"
.PP
-.TP 3n
+.PP
\fBdebug\fR
+.RS 4
This option makes the module write information to
\fBsyslog\fR(3)
indicating the behavior of the module (this option does not write password information to the log file).
-.TP 3n
+.RE
+.PP
\fBtype=\fR\fB\fIXXX\fR\fR
+.RS 4
The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: ". The default word
\fIUNIX\fR
can be replaced with this option.
-.TP 3n
+.RE
+.PP
\fBretry=\fR\fB\fIN\fR\fR
+.RS 4
Prompt user at most
\fIN\fR
times before returning with error. The default is
\fI1\fR
-.TP 3n
+.RE
+.PP
\fBdifok=\fR\fB\fIN\fR\fR
+.RS 4
This argument will change the default of
\fI5\fR
for the number of characters in the new password that must not be present in the old password. In addition, if 1/2 of the characters in the new password are different then the new password will be accepted anyway.
-.TP 3n
+.RE
+.PP
\fBdifignore=\fR\fB\fIN\fR\fR
+.RS 4
How many characters should the password have before difok will be ignored. The default is
\fI23\fR.
-.TP 3n
+.RE
+.PP
\fBminlen=\fR\fB\fIN\fR\fR
+.RS 4
The minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (\fIother\fR,
\fIupper\fR,
\fIlower\fR
@@ -103,8 +126,10 @@ which is good for a old style UNIX password all of the same type of character bu
\fICracklib\fR
itself, a "way too short" limit of 4 which is hard coded in and a defined limit (6) that will be checked without reference to
\fBminlen\fR. If you want to allow passwords as short as 5 characters you should not use this module.
-.TP 3n
+.RE
+.PP
\fBdcredit=\fR\fB\fIN\fR\fR
+.RS 4
(N >= 0) This is the maximum credit for having digits in the new password. If you have less than or
\fIN\fR
digits, each digit will count +1 towards meeting the current
@@ -116,8 +141,10 @@ is 1 which is the recommended value for
less than 10.
.sp
(N < 0) This is the minimum number of digits that must be met for a new password.
-.TP 3n
+.RE
+.PP
\fBucredit=\fR\fB\fIN\fR\fR
+.RS 4
(N >= 0) This is the maximum credit for having upper case letters in the new password. If you have less than or
\fIN\fR
upper case letters each letter will count +1 towards meeting the current
@@ -131,8 +158,10 @@ which is the recommended value for
less than 10.
.sp
(N > 0) This is the minimum number of upper case letters that must be met for a new password.
-.TP 3n
+.RE
+.PP
\fBlcredit=\fR\fB\fIN\fR\fR
+.RS 4
(N >= 0) This is the maximum credit for having lower case letters in the new password. If you have less than or
\fIN\fR
lower case letters, each letter will count +1 towards meeting the current
@@ -144,8 +173,10 @@ is 1 which is the recommended value for
less than 10.
.sp
(N < 0) This is the minimum number of lower case letters that must be met for a new password.
-.TP 3n
+.RE
+.PP
\fBocredit=\fR\fB\fIN\fR\fR
+.RS 4
(N >= 0) This is the maximum credit for having other characters in the new password. If you have less than or
\fIN\fR
other characters, each character will count +1 towards meeting the current
@@ -157,16 +188,30 @@ is 1 which is the recommended value for
less than 10.
.sp
(N < 0) This is the minimum number of other characters that must be met for a new password.
-.TP 3n
+.RE
+.PP
+\fBminclass=\fR\fB\fIN\fR\fR
+.RS 4
+The minimum number of required classes of characters for the new password. The default number is zero. The four classes are digits, upper and lower letters and other characters. The difference to the
+\fBcredit\fR
+check is that a specific class if of characters is not required. Instead
+\fIN\fR
+out of four of the classes are required.
+.RE
+.PP
\fBuse_authtok\fR
+.RS 4
This argument is used to
\fIforce\fR
the module to not prompt the user for a new password but use the one provided by the previously stacked
\fIpassword\fR
module.
-.TP 3n
+.RE
+.PP
\fBdictpath=\fR\fB\fI/path/to/dict\fR\fR
+.RS 4
Path to the cracklib dictionaries.
+.RE
.SH "MODULE SERVICES PROVIDED"
.PP
Only he
@@ -174,26 +219,34 @@ Only he
service is supported.
.SH "RETURN VALUES"
.PP
-.TP 3n
+.PP
PAM_SUCCESS
+.RS 4
The new password passes all checks.
-.TP 3n
+.RE
+.PP
PAM_AUTHTOK_ERR
+.RS 4
No new password was entered, the username could not be determined or the new password fails the strength checks.
-.TP 3n
+.RE
+.PP
PAM_AUTHTOK_RECOVERY_ERR
+.RS 4
The old password was not supplied by a previous stackked module or got not requested from the user. The first error can happen if
\fBuse_authtok\fR
is specified.
-.TP 3n
+.RE
+.PP
PAM_SERVICE_ERR
+.RS 4
A internal error occured.
+.RE
.SH "EXAMPLES"
.PP
For an example of the use of this module, we show how it may be stacked with the password component of
\fBpam_unix\fR(8)
.sp
-.RS 3n
+.RS 4
.nf
#
# These lines stack two password type modules. In this example the
@@ -213,7 +266,7 @@ Another example (in the
\fI/etc/pam.d/passwd\fR
format) is for the case that you want to use md5 password encryption:
.sp
-.RS 3n
+.RS 4
.nf
#%PAM\-1.0
#
@@ -232,7 +285,7 @@ password required pam_unix.so use_authtok nullok md5
.PP
And here is another example in case you don't want to use credits:
.sp
-.RS 3n
+.RS 4
.nf
#%PAM\-1.0
#
diff --git a/Linux-PAM/modules/pam_cracklib/pam_cracklib.8.xml b/Linux-PAM/modules/pam_cracklib/pam_cracklib.8.xml
index 7edabe0f..f97ad8fb 100644
--- a/Linux-PAM/modules/pam_cracklib/pam_cracklib.8.xml
+++ b/Linux-PAM/modules/pam_cracklib/pam_cracklib.8.xml
@@ -331,6 +331,24 @@
<varlistentry>
<term>
+ <option>minclass=<replaceable>N</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The minimum number of required classes of characters for
+ the new password. The default number is zero. The four
+ classes are digits, upper and lower letters and other
+ characters.
+ The difference to the <option>credit</option> check is
+ that a specific class if of characters is not required.
+ Instead <replaceable>N</replaceable> out of four of the
+ classes are required.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
<option>use_authtok</option>
</term>
<listitem>
diff --git a/Linux-PAM/modules/pam_cracklib/pam_cracklib.c b/Linux-PAM/modules/pam_cracklib/pam_cracklib.c
index 9b496202..6decf2bf 100644
--- a/Linux-PAM/modules/pam_cracklib/pam_cracklib.c
+++ b/Linux-PAM/modules/pam_cracklib/pam_cracklib.c
@@ -92,6 +92,7 @@ struct cracklib_options {
int up_credit;
int low_credit;
int oth_credit;
+ int min_class;
int use_authtok;
char prompt_type[BUFSIZ];
char cracklib_dictpath[PATH_MAX];
@@ -156,6 +157,12 @@ _pam_parse (pam_handle_t *pamh, struct cracklib_options *opt,
opt->oth_credit = strtol(*argv+8,&ep,10);
if (!ep)
opt->oth_credit = 0;
+ } else if (!strncmp(*argv,"minclass=",9)) {
+ opt->min_class = strtol(*argv+9,&ep,10);
+ if (!ep)
+ opt->min_class = 0;
+ if (opt->min_class > 4)
+ opt->min_class = 4 ;
} else if (!strncmp(*argv,"use_authtok",11)) {
opt->use_authtok = 1;
} else if (!strncmp(*argv,"dictpath=",9)) {
@@ -290,6 +297,47 @@ static int similar(struct cracklib_options *opt,
}
/*
+ * enough classes of charecters
+ */
+
+static int minclass (struct cracklib_options *opt,
+ const char *new)
+{
+ int digits = 0;
+ int uppers = 0;
+ int lowers = 0;
+ int others = 0;
+ int total_class;
+ int i;
+ int retval;
+
+ D(( "called" ));
+ for (i = 0; new[i]; i++)
+ {
+ if (isdigit (new[i]))
+ digits = 1;
+ else if (isupper (new[i]))
+ uppers = 1;
+ else if (islower (new[i]))
+ lowers = 1;
+ else
+ others = 1;
+ }
+
+ total_class = digits + uppers + lowers + others;
+
+ D (("total class: %d\tmin_class: %d", total_class, opt->min_class));
+
+ if (total_class >= opt->min_class)
+ retval = 0;
+ else
+ retval = 1;
+
+ return retval;
+}
+
+
+/*
* a nice mix of characters.
*/
static int simple(struct cracklib_options *opt, const char *new)
@@ -369,43 +417,51 @@ static char * str_lower(char *string)
return string;
}
-static const char * password_check(struct cracklib_options *opt, const char *old, const char *new)
+static const char *password_check(struct cracklib_options *opt,
+ const char *old, const char *new)
{
const char *msg = NULL;
- char *oldmono, *newmono, *wrapped;
+ char *oldmono = NULL, *newmono, *wrapped = NULL;
- if (strcmp(new, old) == 0) {
- msg = _("is the same as the old one");
- return msg;
- }
+ if (old && strcmp(new, old) == 0) {
+ msg = _("is the same as the old one");
+ return msg;
+ }
newmono = str_lower(x_strdup(new));
- oldmono = str_lower(x_strdup(old));
- wrapped = malloc(strlen(oldmono) * 2 + 1);
- strcpy (wrapped, oldmono);
- strcat (wrapped, oldmono);
+ if (old) {
+ oldmono = str_lower(x_strdup(old));
+ wrapped = malloc(strlen(oldmono) * 2 + 1);
+ strcpy (wrapped, oldmono);
+ strcat (wrapped, oldmono);
+ }
if (palindrome(newmono))
msg = _("is a palindrome");
- if (!msg && strcmp(oldmono, newmono) == 0)
+ if (!msg && oldmono && strcmp(oldmono, newmono) == 0)
msg = _("case changes only");
- if (!msg && similar(opt, oldmono, newmono))
+ if (!msg && oldmono && similar(opt, oldmono, newmono))
msg = _("is too similar to the old one");
if (!msg && simple(opt, new))
msg = _("is too simple");
- if (!msg && strstr(wrapped, newmono))
+ if (!msg && wrapped && strstr(wrapped, newmono))
msg = _("is rotated");
+ if (!msg && minclass (opt, new))
+ msg = _("not enough character classes");
+
memset(newmono, 0, strlen(newmono));
- memset(oldmono, 0, strlen(oldmono));
- memset(wrapped, 0, strlen(wrapped));
free(newmono);
- free(oldmono);
- free(wrapped);
+ if (old) {
+ memset(oldmono, 0, strlen(oldmono));
+ memset(wrapped, 0, strlen(wrapped));
+ free(oldmono);
+ free(wrapped);
+ }
return msg;
}
@@ -426,17 +482,18 @@ static const char * check_old_password(const char *forwho, const char *newpass)
while (fgets(buf, 16380, opwfile)) {
if (!strncmp(buf, forwho, strlen(forwho))) {
+ char *sptr;
buf[strlen(buf)-1] = '\0';
- s_luser = strtok(buf, ":,");
- s_uid = strtok(NULL, ":,");
- s_npas = strtok(NULL, ":,");
- s_pas = strtok(NULL, ":,");
+ s_luser = strtok_r(buf, ":,", &sptr);
+ s_uid = strtok_r(NULL, ":,", &sptr);
+ s_npas = strtok_r(NULL, ":,", &sptr);
+ s_pas = strtok_r(NULL, ":,", &sptr);
while (s_pas != NULL) {
if (!strcmp(crypt(newpass, s_pas), s_pas)) {
msg = _("has been already used");
break;
}
- s_pas = strtok(NULL, ":,");
+ s_pas = strtok_r(NULL, ":,", &sptr);
}
break;
}
@@ -469,7 +526,7 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh,
* if one wanted to hardwire authentication token strength
* checking this would be the place
*/
- msg = password_check(opt, pass_old,pass_new);
+ msg = password_check(opt, pass_old, pass_new);
if (!msg) {
retval = pam_get_item(pamh, PAM_USER, &user);
if (retval != PAM_SUCCESS || user == NULL) {
@@ -620,15 +677,13 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
} else {
/* check it for strength too... */
D(("for strength"));
- if (oldtoken) {
- retval = _pam_unix_approve_pass(pamh,ctrl,&options,
- oldtoken,token1);
- if (retval != PAM_SUCCESS) {
- if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
- retval = PAM_AUTHTOK_ERR;
- else
- retval = PAM_SUCCESS;
- }
+ retval = _pam_unix_approve_pass (pamh, ctrl, &options,
+ oldtoken, token1);
+ if (retval != PAM_SUCCESS) {
+ if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
+ retval = PAM_AUTHTOK_ERR;
+ else
+ retval = PAM_SUCCESS;
}
}
}
diff --git a/Linux-PAM/modules/pam_ftp/pam_ftp.c b/Linux-PAM/modules/pam_ftp/pam_ftp.c
index 948dd729..9c69c108 100644
--- a/Linux-PAM/modules/pam_ftp/pam_ftp.c
+++ b/Linux-PAM/modules/pam_ftp/pam_ftp.c
@@ -79,10 +79,11 @@ static int lookup(const char *name, const char *list, const char **_user)
if (list && *list) {
const char *l;
char *list_copy, *x;
+ char *sptr;
list_copy = x_strdup(list);
x = list_copy;
- while (list_copy && (l = strtok(x, ","))) {
+ while (list_copy && (l = strtok_r(x, ",", &sptr))) {
x = NULL;
if (!strcmp(name, l)) {
*_user = list;
@@ -170,11 +171,12 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
/* XXX: Some effort should be made to verify this email address! */
if (!(ctrl & PAM_IGNORE_EMAIL)) {
- token = strtok(resp, "@");
+ char *sptr;
+ token = strtok_r(resp, "@", &sptr);
retval = pam_set_item(pamh, PAM_RUSER, token);
if ((token) && (retval == PAM_SUCCESS)) {
- token = strtok(NULL, "@");
+ token = strtok_r(NULL, "@", &sptr);
retval = pam_set_item(pamh, PAM_RHOST, token);
}
}
diff --git a/Linux-PAM/modules/pam_limits/Makefile.am b/Linux-PAM/modules/pam_limits/Makefile.am
index be2852a9..60256a7c 100644
--- a/Linux-PAM/modules/pam_limits/Makefile.am
+++ b/Linux-PAM/modules/pam_limits/Makefile.am
@@ -13,8 +13,10 @@ TESTS = tst-pam_limits
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
+limits_conf_dir = $(SCONFIGDIR)/limits.d
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ -DLIMITS_FILE_DIR=\"$(limits_conf_dir)/*.conf\" \
-DLIMITS_FILE=\"$(SCONFIGDIR)/limits.conf\"
AM_LDFLAGS = -no-undefined -avoid-version -module \
-L$(top_builddir)/libpam -lpam
@@ -32,3 +34,5 @@ README: pam_limits.8.xml limits.conf.5.xml
-include $(top_srcdir)/Make.xml.rules
endif
+install-data-local:
+ mkdir -p $(DESTDIR)$(limits_conf_dir)
diff --git a/Linux-PAM/modules/pam_limits/README b/Linux-PAM/modules/pam_limits/README
index adab19df..26336711 100644
--- a/Linux-PAM/modules/pam_limits/README
+++ b/Linux-PAM/modules/pam_limits/README
@@ -8,6 +8,13 @@ The pam_limits PAM module sets limits on the system resources that can be
obtained in a user-session. Users of uid=0 are affected by this limits, too.
By default limits are taken from the /etc/security/limits.conf config file.
+Then individual files from the /etc/security/limits.d/ directory are read. The
+files are parsed one after another in the order of "C" locale. The effect of
+the individual files is the same as if all the files were concatenated together
+in the order of parsing. If a config file is explicitely specified with a
+module option then the files in the above directory are not parsed.
+
+The module must not be called by a multithreaded application.
OPTIONS
diff --git a/Linux-PAM/modules/pam_limits/limits.conf b/Linux-PAM/modules/pam_limits/limits.conf
index c52778b1..d3463638 100644
--- a/Linux-PAM/modules/pam_limits/limits.conf
+++ b/Linux-PAM/modules/pam_limits/limits.conf
@@ -26,7 +26,7 @@
# - stack - max stack size (KB)
# - cpu - max CPU time (MIN)
# - nproc - max number of processes
-# - as - address space limit
+# - as - address space limit (KB)
# - maxlogins - max number of logins for this user
# - maxsyslogins - max number of logins on the system
# - priority - the priority to run user process with
diff --git a/Linux-PAM/modules/pam_limits/limits.conf.5 b/Linux-PAM/modules/pam_limits/limits.conf.5
index e6ba853f..3cf62f26 100644
--- a/Linux-PAM/modules/pam_limits/limits.conf.5
+++ b/Linux-PAM/modules/pam_limits/limits.conf.5
@@ -1,11 +1,11 @@
.\" Title: limits.conf
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/22/2006
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: 04/30/2007
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "LIMITS.CONF" "5" "06/22/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "LIMITS.CONF" "5" "04/30/2007" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -23,38 +23,44 @@ The syntax of the lines is as follows:
\fI<value>\fR
.PP
The fields listed above should be filled as follows:
-.TP 3n
+.PP
\fB<domain>\fR
-.RS 3n
-.TP 3n
+.RS 4
+.RS 4
+.TP 4
\(bu
a username
-.TP 3n
+.TP 4
\(bu
a groupname, with
\fB@group\fR
syntax. This should not be confused with netgroups.
-.TP 3n
+.TP 4
\(bu
the wildcard
\fB*\fR, for default entry.
-.TP 3n
+.TP 4
\(bu
the wildcard
\fB%\fR, for maxlogins limit only, can also be used with
\fI%group\fR
syntax.
.RE
-.TP 3n
+.RE
+.PP
\fB<type>\fR
-.RS 3n
-.TP 3n
+.RS 4
+.RS 4
+.PP
\fBhard\fR
+.RS 4
for enforcing
\fBhard\fR
resource limits. These limits are set by the superuser and enforced by the Kernel. The user cannot raise his requirement of system resources above such values.
-.TP 3n
+.RE
+.PP
\fBsoft\fR
+.RS 4
for enforcing
\fBsoft\fR
resource limits. These limits are ones that the user can move up or down within the permitted range by any pre\-exisiting
@@ -62,8 +68,10 @@ resource limits. These limits are ones that the user can move up or down within
limits. The values specified with this token can be thought of as
\fIdefault\fR
values, for normal system usage.
-.TP 3n
+.RE
+.PP
\fB\-\fR
+.RS 4
for enforcing both
\fBsoft\fR
and
@@ -72,64 +80,104 @@ resource limits together.
.sp
Note, if you specify a type of '\-' but neglect to supply the item and value fields then the module will never enforce any limits on the specified user/group etc. .
.RE
-.TP 3n
+.RE
+.RE
+.PP
\fB<item>\fR
-.RS 3n
-.TP 3n
+.RS 4
+.RS 4
+.PP
\fBcore\fR
+.RS 4
limits the core file size (KB)
-.TP 3n
+.RE
+.PP
\fBdata\fR
+.RS 4
maximum data size (KB)
-.TP 3n
+.RE
+.PP
\fBfsize\fR
+.RS 4
maximum filesize (KB)
-.TP 3n
+.RE
+.PP
\fBmemlock\fR
+.RS 4
maximum locked\-in\-memory address space (KB)
-.TP 3n
+.RE
+.PP
\fBnofile\fR
+.RS 4
maximum number of open files
-.TP 3n
+.RE
+.PP
\fBrss\fR
+.RS 4
maximum resident set size (KB)
-.TP 3n
+.RE
+.PP
\fBstack\fR
+.RS 4
maximum stack size (KB)
-.TP 3n
+.RE
+.PP
\fBcpu\fR
+.RS 4
maximum CPU time (minutes)
-.TP 3n
+.RE
+.PP
\fBnproc\fR
+.RS 4
maximum number of processes
-.TP 3n
+.RE
+.PP
\fBas\fR
-address space limit
-.TP 3n
+.RS 4
+address space limit (KB)
+.RE
+.PP
\fBmaxlogins\fR
+.RS 4
maximum number of logins for this user
-.TP 3n
+.RE
+.PP
\fBmaxsyslogins\fR
+.RS 4
maximum number of logins on system
-.TP 3n
+.RE
+.PP
\fBpriority\fR
+.RS 4
the priority to run user process with (negative values boost process priority)
-.TP 3n
+.RE
+.PP
\fBlocks\fR
+.RS 4
maximum locked files (Linux 2.4 and higher)
-.TP 3n
+.RE
+.PP
\fBsigpending\fR
+.RS 4
maximum number of pending signals (Linux 2.6 and higher)
-.TP 3n
+.RE
+.PP
\fBmsqqueue\fR
+.RS 4
maximum memory used by POSIX message queues (bytes) (Linux 2.6 and higher)
-.TP 3n
+.RE
+.PP
\fBnice\fR
+.RS 4
maximum nice priority allowed to raise to (Linux 2.6.12 and higher)
-.TP 3n
+.RE
+.PP
\fBrtprio\fR
+.RS 4
maximum realtime priority allowed for non\-privileged processes (Linux 2.6.12 and higher)
.RE
+.RE
+.RE
.PP
In general, individual limits have priority over group limits, so if you impose no limits for
\fIadmin\fR
@@ -149,7 +197,7 @@ The pam_limits module does its best to report configuration problems found in it
These are some example lines which might be specified in
\fI/etc/security/limits.conf\fR.
.sp
-.RS 3n
+.RS 4
.nf
* soft core 0
* hard rss 10000
diff --git a/Linux-PAM/modules/pam_limits/limits.conf.5.xml b/Linux-PAM/modules/pam_limits/limits.conf.5.xml
index 28df7381..830aa022 100644
--- a/Linux-PAM/modules/pam_limits/limits.conf.5.xml
+++ b/Linux-PAM/modules/pam_limits/limits.conf.5.xml
@@ -169,7 +169,7 @@
<varlistentry>
<term><option>as</option></term>
<listitem>
- <para>address space limit</para>
+ <para>address space limit (KB)</para>
</listitem>
</varlistentry>
<varlistentry>
diff --git a/Linux-PAM/modules/pam_limits/pam_limits.8 b/Linux-PAM/modules/pam_limits/pam_limits.8
index 9083e14d..4f01e4cf 100644
--- a/Linux-PAM/modules/pam_limits/pam_limits.8
+++ b/Linux-PAM/modules/pam_limits/pam_limits.8
@@ -1,11 +1,11 @@
.\" Title: pam_limits
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/17/2006
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: 04/30/2007
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_LIMITS" "8" "06/17/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_LIMITS" "8" "04/30/2007" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -23,58 +23,86 @@ are affected by this limits, too.
.PP
By default limits are taken from the
\fI/etc/security/limits.conf\fR
-config file.
+config file. Then individual files from the
+\fI/etc/security/limits.d/\fR
+directory are read. The files are parsed one after another in the order of "C" locale. The effect of the individual files is the same as if all the files were concatenated together in the order of parsing. If a config file is explicitely specified with a module option then the files in the above directory are not parsed.
+.PP
+The module must not be called by a multithreaded application.
.SH "OPTIONS"
-.TP 3n
+.PP
\fBchange_uid\fR
+.RS 4
Change real uid to the user for who the limits are set up. Use this option if you have problems like login not forking a shell for user who has no processes. Be warned that something else may break when you do this.
-.TP 3n
+.RE
+.PP
\fBconf=\fR\fB\fI/path/to/limits.conf\fR\fR
+.RS 4
Indicate an alternative limits.conf style configuration file to override the default.
-.TP 3n
+.RE
+.PP
\fBdebug\fR
+.RS 4
Print debug information.
-.TP 3n
+.RE
+.PP
\fButmp_early\fR
+.RS 4
Some broken applications actually allocate a utmp entry for the user before the user is admitted to the system. If some of the services you are configuring PAM for do this, you can selectively use this module argument to compensate for this behavior and at the same time maintain system\-wide consistency with a single limits.conf file.
+.RE
.SH "MODULE SERVICES PROVIDED"
.PP
Only the
\fBsession\fR
service is supported.
.SH "RETURN VALUES"
-.TP 3n
+.PP
PAM_ABORT
+.RS 4
Cannot get current limits.
-.TP 3n
+.RE
+.PP
PAM_IGNORE
+.RS 4
No limits found for this user.
-.TP 3n
+.RE
+.PP
PAM_PERM_DENIED
+.RS 4
New limits could not be set.
-.TP 3n
+.RE
+.PP
PAM_SERVICE_ERR
+.RS 4
Cannot read config file.
-.TP 3n
+.RE
+.PP
PAM_SESSEION_ERR
+.RS 4
Error recovering account name.
-.TP 3n
+.RE
+.PP
PAM_SUCCESS
+.RS 4
Limits were changed.
-.TP 3n
+.RE
+.PP
PAM_USER_UNKNOWN
+.RS 4
The user is not known to the system.
+.RE
.SH "FILES"
-.TP 3n
+.PP
\fI/etc/security/limits.conf\fR
+.RS 4
Default configuration file
+.RE
.SH "EXAMPLES"
.PP
For the services you need resources limits (login for example) put a the following line in
\fI/etc/pam.d/login\fR
as the last line for that service (usually after the pam_unix session line):
.sp
-.RS 3n
+.RS 4
.nf
#%PAM\-1.0
#
diff --git a/Linux-PAM/modules/pam_limits/pam_limits.8.xml b/Linux-PAM/modules/pam_limits/pam_limits.8.xml
index 78060a20..9f13bb68 100644
--- a/Linux-PAM/modules/pam_limits/pam_limits.8.xml
+++ b/Linux-PAM/modules/pam_limits/pam_limits.8.xml
@@ -47,7 +47,15 @@
</para>
<para>
By default limits are taken from the <filename>/etc/security/limits.conf</filename>
- config file.
+ config file. Then individual files from the <filename>/etc/security/limits.d/</filename>
+ directory are read. The files are parsed one after another in the order of "C" locale.
+ The effect of the individual files is the same as if all the files were
+ concatenated together in the order of parsing.
+ If a config file is explicitely specified with a module option then the
+ files in the above directory are not parsed.
+ </para>
+ <para>
+ The module must not be called by a multithreaded application.
</para>
</refsect1>
diff --git a/Linux-PAM/modules/pam_limits/pam_limits.c b/Linux-PAM/modules/pam_limits/pam_limits.c
index 20aa794a..a4bc727f 100644
--- a/Linux-PAM/modules/pam_limits/pam_limits.c
+++ b/Linux-PAM/modules/pam_limits/pam_limits.c
@@ -31,7 +31,7 @@
#include <sys/stat.h>
#include <sys/resource.h>
#include <limits.h>
-
+#include <glob.h>
#include <utmp.h>
#ifndef UT_USER /* some systems have ut_name instead of ut_user */
#define UT_USER ut_user
@@ -39,6 +39,7 @@
#include <grp.h>
#include <pwd.h>
+#include <locale.h>
/* Module defines */
#define LINE_LENGTH 1024
@@ -75,7 +76,7 @@ struct pam_limit_s {
specific user or to count all logins */
int priority; /* the priority to run user process with */
struct user_limits_struct limits[RLIM_NLIMITS];
- char conf_file[BUFSIZ];
+ const char *conf_file;
int utmp_after_pam_call;
char login_group[LINE_LENGTH];
};
@@ -101,6 +102,11 @@ struct pam_limit_s {
#define PAM_DO_SETREUID 0x0002
#define PAM_UTMP_EARLY 0x0004
+/* Limits from globbed files. */
+#define LIMITS_CONF_GLOB LIMITS_FILE_DIR
+
+#define CONF_FILE (pl->conf_file != NULL)?pl->conf_file:LIMITS_FILE
+
static int
_pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
struct pam_limit_s *pl)
@@ -115,7 +121,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
if (!strcmp(*argv,"debug")) {
ctrl |= PAM_DEBUG_ARG;
} else if (!strncmp(*argv,"conf=",5)) {
- strncpy(pl->conf_file,*argv+5,sizeof(pl->conf_file)-1);
+ pl->conf_file = *argv+5;
} else if (!strncmp(*argv,"change_uid",10)) {
ctrl |= PAM_DO_SETREUID;
} else if (!strcmp(*argv,"utmp_early")) {
@@ -124,7 +130,6 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
}
}
- pl->conf_file[sizeof(pl->conf_file) - 1] = '\0';
return ctrl;
}
@@ -370,8 +375,13 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
switch(limit_item) {
case RLIMIT_CPU:
- if (rlimit_value != RLIM_INFINITY)
- rlimit_value *= 60;
+ if (rlimit_value != RLIM_INFINITY)
+ {
+ if (rlimit_value >= RLIM_INFINITY/60)
+ rlimit_value = RLIM_INFINITY;
+ else
+ rlimit_value *= 60;
+ }
break;
case RLIMIT_FSIZE:
case RLIMIT_DATA:
@@ -381,13 +391,20 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
case RLIMIT_MEMLOCK:
case RLIMIT_AS:
if (rlimit_value != RLIM_INFINITY)
- rlimit_value *= 1024;
+ {
+ if (rlimit_value >= RLIM_INFINITY/1024)
+ rlimit_value = RLIM_INFINITY;
+ else
+ rlimit_value *= 1024;
+ }
break;
#ifdef RLIMIT_NICE
case RLIMIT_NICE:
if (int_value > 19)
int_value = 19;
- rlimit_value = 19 - int_value;
+ if (int_value < -20)
+ int_value = -20;
+ rlimit_value = 20 - int_value;
#endif
break;
}
@@ -434,7 +451,6 @@ static int parse_config_file(pam_handle_t *pamh, const char *uname, int ctrl,
FILE *fil;
char buf[LINE_LENGTH];
-#define CONF_FILE (pl->conf_file[0])?pl->conf_file:LIMITS_FILE
/* check for the LIMITS_FILE */
if (ctrl & PAM_DEBUG_ARG)
pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", CONF_FILE);
@@ -444,7 +460,6 @@ static int parse_config_file(pam_handle_t *pamh, const char *uname, int ctrl,
"cannot read settings from %s: %m", CONF_FILE);
return PAM_SERVICE_ERR;
}
-#undef CONF_FILE
/* init things */
memset(buf, 0, sizeof(buf));
@@ -599,16 +614,22 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
int argc, const char **argv)
{
int retval;
+ int i;
+ int glob_rc;
char *user_name;
struct passwd *pwd;
int ctrl;
- struct pam_limit_s pl;
+ struct pam_limit_s plstruct;
+ struct pam_limit_s *pl = &plstruct;
+ glob_t globbuf;
+ const char *oldlocale;
D(("called."));
- memset(&pl, 0, sizeof(pl));
+ memset(pl, 0, sizeof(*pl));
+ memset(&globbuf, 0, sizeof(globbuf));
- ctrl = _pam_parse(pamh, argc, argv, &pl);
+ ctrl = _pam_parse(pamh, argc, argv, pl);
retval = pam_get_item( pamh, PAM_USER, (void*) &user_name );
if ( user_name == NULL || retval != PAM_SUCCESS ) {
pam_syslog(pamh, LOG_CRIT, "open_session - error recovering username");
@@ -623,26 +644,60 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
return PAM_USER_UNKNOWN;
}
- retval = init_limits(&pl);
+ retval = init_limits(pl);
if (retval != PAM_SUCCESS) {
pam_syslog(pamh, LOG_WARNING, "cannot initialize");
return PAM_ABORT;
}
- retval = parse_config_file(pamh, pwd->pw_name, ctrl, &pl);
+ retval = parse_config_file(pamh, pwd->pw_name, ctrl, pl);
if (retval == PAM_IGNORE) {
- D(("the configuration file has an applicable '<domain> -' entry"));
+ D(("the configuration file ('%s') has an applicable '<domain> -' entry", CONF_FILE));
return PAM_SUCCESS;
}
- if (retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_WARNING, "error parsing the configuration file");
- return retval;
+ if (retval != PAM_SUCCESS || pl->conf_file != NULL)
+ /* skip reading limits.d if config file explicitely specified */
+ goto out;
+
+ /* Read subsequent *.conf files, if they exist. */
+
+ /* set the LC_COLLATE so the sorting order doesn't depend
+ on system locale */
+
+ oldlocale = setlocale(LC_COLLATE, "C");
+ glob_rc = glob(LIMITS_CONF_GLOB, GLOB_ERR, NULL, &globbuf);
+
+ if (oldlocale != NULL)
+ setlocale (LC_COLLATE, oldlocale);
+
+ if (!glob_rc) {
+ /* Parse the *.conf files. */
+ for (i = 0; globbuf.gl_pathv[i] != NULL; i++) {
+ pl->conf_file = globbuf.gl_pathv[i];
+ retval = parse_config_file(pamh, pwd->pw_name, ctrl, pl);
+ if (retval == PAM_IGNORE) {
+ D(("the configuration file ('%s') has an applicable '<domain> -' entry", pl->conf_file));
+ globfree(&globbuf);
+ return PAM_SUCCESS;
+ }
+ if (retval != PAM_SUCCESS)
+ goto out;
+ }
+ }
+
+out:
+ globfree(&globbuf);
+ if (retval != PAM_SUCCESS)
+ {
+ pam_syslog(pamh, LOG_WARNING, "error parsing the configuration file: '%s' ",CONF_FILE);
+ return retval;
}
if (ctrl & PAM_DO_SETREUID) {
setreuid(pwd->pw_uid, -1);
}
- retval = setup_limits(pamh, pwd->pw_name, pwd->pw_uid, ctrl, &pl);
+
+ retval = setup_limits(pamh, pwd->pw_name, pwd->pw_uid, ctrl, pl);
if (retval & LOGIN_ERR)
pam_error(pamh, _("Too many logins for '%s'."), pwd->pw_name);
if (retval != LIMITED_OK) {
diff --git a/Linux-PAM/modules/pam_loginuid/pam_loginuid.c b/Linux-PAM/modules/pam_loginuid/pam_loginuid.c
index 13d915e3..13509e7e 100644
--- a/Linux-PAM/modules/pam_loginuid/pam_loginuid.c
+++ b/Linux-PAM/modules/pam_loginuid/pam_loginuid.c
@@ -56,12 +56,11 @@ static int set_loginuid(pam_handle_t *pamh, uid_t uid)
count = snprintf(loginuid, sizeof(loginuid), "%d", uid);
fd = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC);
if (fd < 0) {
- int loglevel = LOG_DEBUG;
if (errno != ENOENT) {
rc = 1;
- loglevel = LOG_ERR;
+ pam_syslog(pamh, LOG_ERR,
+ "Cannot open /proc/self/loginuid: %m");
}
- pam_syslog(pamh, loglevel, "set_loginuid failed opening loginuid");
return rc;
}
if (pam_modutil_write(fd, loginuid, count) != count)
diff --git a/Linux-PAM/modules/pam_mail/pam_mail.c b/Linux-PAM/modules/pam_mail/pam_mail.c
index 7d43d5e0..46395b53 100644
--- a/Linux-PAM/modules/pam_mail/pam_mail.c
+++ b/Linux-PAM/modules/pam_mail/pam_mail.c
@@ -411,11 +411,6 @@ static int _do_mail(pam_handle_t *pamh, int flags, int argc,
ctrl = _pam_parse(pamh, flags, argc, argv, &path_mail, &hashcount);
- /* Do we have anything to do? */
-
- if (flags & PAM_SILENT)
- return PAM_SUCCESS;
-
/* which folder? */
retval = get_folder(pamh, ctrl, path_mail, &folder, hashcount);
diff --git a/Linux-PAM/modules/pam_mkhomedir/pam_mkhomedir.c b/Linux-PAM/modules/pam_mkhomedir/pam_mkhomedir.c
index e5901a8f..44b092c1 100644
--- a/Linux-PAM/modules/pam_mkhomedir/pam_mkhomedir.c
+++ b/Linux-PAM/modules/pam_mkhomedir/pam_mkhomedir.c
@@ -58,7 +58,7 @@
/* argument parsing */
-#define MKHOMEDIR_DEBUG 020 /* keep quiet about things */
+#define MKHOMEDIR_DEBUG 020 /* be verbose about things */
#define MKHOMEDIR_QUIET 040 /* keep quiet about things */
static unsigned int UMask = 0022;
@@ -78,6 +78,8 @@ _pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv)
{
if (!strcmp(*argv, "silent")) {
ctrl |= MKHOMEDIR_QUIET;
+ } else if (!strcmp(*argv, "debug")) {
+ ctrl |= MKHOMEDIR_DEBUG;
} else if (!strncmp(*argv,"umask=",6)) {
UMask = strtol(*argv+6,0,0);
} else if (!strncmp(*argv,"skel=",5)) {
diff --git a/Linux-PAM/modules/pam_namespace/README b/Linux-PAM/modules/pam_namespace/README
index c47ba232..cf5814e3 100644
--- a/Linux-PAM/modules/pam_namespace/README
+++ b/Linux-PAM/modules/pam_namespace/README
@@ -2,128 +2,167 @@ pam_namespace — PAM module for configuring namespace for a session
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+DESCRIPTION
-pam_namespace module:
-Setup a private namespace with polyinstantiated directories.
-
-THEORY OF OPERATION:
-The pam namespace module consults /etc/security/namespace.conf
-configuration file and sets up a private namespace with polyinstantiated
-directories for a session managed by PAM. A skeleton namespace.conf
-installed by default provides example for polyinstantiating /tmp, /var/tmp
-and users' home directory.
-
-If an executable script /etc/security/namespace.init exists, it
-is used to initialize the namespace every time a new instance directory
-is setup. The script receives the polyinstantiated directory path
-and the instance directory path as its arguments.
-
-Each line in namespace.conf describes a limit for a user in the form:
-
-<polydir> <instance_prefix> <method> <list_of_uids>
-
-Where:
-<polydir> - is the absolute pathname of the directory to polyinstantiate
- Special entry $HOME is supported to designate user's home directory.
- This field cannot be blank.
-
-<instance_prefix> - is the string prefix used to build the pathname for the
- instantiation of <polydir>. The directory security context, or
- optionally its md5sum string (32 hex characters), is appended to
- the prefix to generate the final instance directory path.
- This directory is created if it did not exist already, and is then
- bind mounted on the <polydir> to provide an instance of <polydir>
- based on the <method> column. The special string $HOME is replaced with
- the user's home directory, and $USER with the username.
- This field cannot be blank.
-
-<method> - is the method used for polyinstantiation. It can take 3 different
- values; "user" for polyinstantiation based on user name, "context"
- for polyinstantiation based on process security context, and "both"
- for polyinstantiation based on both user name and security context.
- Methods "context" and "both" are only available with SELinux. This
- field cannot be blank.
-
-<list_of_uids> - is a comma separated list of user names for whom the
- polyinstantiation is not performed. If left blank, polyinstantiation
- will be performed for all users.
-
-EXAMPLE /etc/security/namespace.conf configuration file:
-=======================================================
-# Following three lines will polyinstantiate /tmp, /var/tmp and user's home
-# directories. /tmp and /var/tmp will be polyinstantiated based on both
-# security context as well as user name, whereas home directory will
-# be polyinstantiated based on security context only. Polyinstantiation
-# will not be performed for user root and adm for directories /tmp and
-# /var/tmp, whereas home directories will be polyinstantiated for all
-# users. The user name and/or context is appended to the instance prefix.
-#
-# Note that instance directories do not have to reside inside the
-# polyinstantiated directory. In the examples below, instances of /tmp
-# will be created in /tmp-inst directory, where as instances of /var/tmp
-# and users home directories will reside within the directories that
-# are being polyinstantiated.
-#
-# Instance parent directories must exist for the polyinstantiation
-# mechanism to work. By default, they should be created with the mode
-# of 000. pam_namespace module will enforce this mode unless it
-# is explicitly called with an argument to ignore the mode of the
-# instance parent. System administrators should use this argument with
-# caution, as it will reduce security and isolation achieved by
-# polyinstantiation.
-#
-/tmp /tmp-inst/ both root,adm
-/var/tmp /var/tmp/tmp-inst/ both root,adm
-$HOME $HOME/$USER.inst/inst- context
-
-ARGUMENTS RECOGNIZED:
- debug
- Verbose logging by syslog
-
- unmnt_remnt
- For programs such as su and newrole, the login session has
- already setup a polyinstantiated namespace. For these programs,
- polyinstantiation is performed based on new user id or security
- context, however the command first needs to undo the
- polyinstantiation performed by login. This argument instructs
- the command to first undo previous polyinstantiation before
- proceeding with new polyinstantiation based on new id/context.
-
- unmnt_only
- For trusted programs that want to undo any existing bind mounts
- and process instance directories on their own, this argument
- allows them to unmount currently mounted instance directories.
-
- require_selinux
- If selinux is not enabled, return failure.
-
- gen_hash
- Instead of using the security context string for the instance
- name, generate and use its md5 hash.
-
- ignore_config_error
- If a line in the configuration file corresponding to a
- polyinstantiated directory contains format error, skip that
- line process the next line. Without this option, pam will return
- an error to the calling program resulting in termination
- of the session.
-
- ignore_instance_parent_mode
- Instance parent directories by default are expected to have
- the restrictive mode of 000. Using this option, an administrator
- can choose to ignore the mode of the instance parent.
-
-MODULE SERVICES PROVIDED:
- session open_session and close_session
-
-USAGE:
- For the <service>s you need polyinstantiation (login for example)
- put the following line in /etc/pam.d/<service> as the last line for
- session group:
-
- session required pam_namespace.so [arguments]
-
- This module also depends on pam_selinux.so setting the context.
+The pam_namespace PAM module sets up a private namespace for a session with
+polyinstantiated directories. A polyinstantiated directory provides a different
+instance of itself based on user name, or when using SELinux, user name,
+security context or both. If an executable script /etc/security/namespace.init
+exists, it is used to initialize the namespace every time a new instance
+directory is setup. The script receives the polyinstantiated directory path and
+the instance directory path as its arguments.
+The pam_namespace module disassociates the session namespace from the parent
+namespace. Any mounts/unmounts performed in the parent namespace, such as
+mounting of devices, are not reflected in the session namespace. To propagate
+selected mount/unmount events from the parent namespace into the disassociated
+session namespace, an administrator may use the special shared-subtree feature.
+For additional information on shared-subtree feature, please refer to the mount
+(8) man page and the shared-subtree description at http://lwn.net/Articles/
+159077 and http://lwn.net/Articles/159092.
+OPTIONS
+
+debug
+
+ A lot of debug information is logged using syslog
+
+unmnt_remnt
+
+ For programs such as su and newrole, the login session has already setup a
+ polyinstantiated namespace. For these programs, polyinstantiation is
+ performed based on new user id or security context, however the command
+ first needs to undo the polyinstantiation performed by login. This argument
+ instructs the command to first undo previous polyinstantiation before
+ proceeding with new polyinstantiation based on new id/context
+
+unmnt_only
+
+ For trusted programs that want to undo any existing bind mounts and process
+ instance directories on their own, this argument allows them to unmount
+ currently mounted instance directories
+
+require_selinux
+
+ If selinux is not enabled, return failure
+
+gen_hash
+
+ Instead of using the security context string for the instance name,
+ generate and use its md5 hash.
+
+ignore_config_error
+
+ If a line in the configuration file corresponding to a polyinstantiated
+ directory contains format error, skip that line process the next line.
+ Without this option, pam will return an error to the calling program
+ resulting in termination of the session.
+
+ignore_instance_parent_mode
+
+ Instance parent directories by default are expected to have the restrictive
+ mode of 000. Using this option, an administrator can choose to ignore the
+ mode of the instance parent. This option should be used with caution as it
+ will reduce security and isolation goals of the polyinstantiation
+ mechanism.
+
+no_unmount_on_close
+
+ For certain trusted programs such as newrole, open session is called from a
+ child process while the parent perfoms close session and pam end functions.
+ For these commands use this option to instruct pam_close_session to not
+ unmount the bind mounted polyinstantiated directory in the parent.
+
+DESCRIPTION
+
+This module allows setup of private namespaces with polyinstantiated
+directories. Directories can be polyinstantiated based on user name or, in the
+case of SELinux, user name, sensitivity level or complete security context. If
+an executable script /etc/security/namespace.init exists, it is used to
+initialize the namespace every time a new instance directory is setup. The
+script receives the polyinstantiated directory path and the instance directory
+path as its arguments.
+
+The /etc/security/namespace.conf file specifies which directories are
+polyinstantiated, how they are polyinstantiated, how instance directories would
+be named, and any users for whom polyinstantiation would not be performed.
+
+When someone logs in, the file namespace.conf is scanned where each non comment
+line represents one polyinstantiated directory with space separated fields as
+follows:
+
+polydir instance_prefix method list_of_uids
+
+The first field, polydir, is the absolute pathname of the directory to
+polyinstantiate. Special entry $HOME is supported to designate user's home
+directory. This field cannot be blank.
+
+The second field, instance_prefix is the string prefix used to build the
+pathname for the instantiation of <polydir>. Depending on the polyinstantiation
+method it is then appended with "instance differentiation string" to generate
+the final instance directory path. This directory is created if it did not
+exist already, and is then bind mounted on the <polydir> to provide an instance
+of <polydir> based on the <method> column. The special string $HOME is replaced
+with the user's home directory, and $USER with the username. This field cannot
+be blank. The directory where polyinstantiated instances are to be created,
+must exist and must have, by default, the mode of 000. The requirement that the
+instance parent be of mode 000 can be overridden with the command line option
+ignore_instance_parent_mode
+
+The third field, method, is the method used for polyinstantiation. It can take
+3 different values; "user" for polyinstantiation based on user name, "level"
+for polyinstantiation based on process MLS level and user name, and "context"
+for polyinstantiation based on process security context and user name Methods
+"context" and "level" are only available with SELinux. This field cannot be
+blank.
+
+The fourth field, list_of_uids, is a comma separated list of user names for
+whom the polyinstantiation is not performed. If left blank, polyinstantiation
+will be performed for all users.
+
+In case of context or level polyinstantiation the SELinux context which is used
+for polyinstantiation is the context used for executing a new process as
+obtained by getexeccon. This context must be set by the calling application or
+pam_selinux.so module. If this context is not set the polyinstatiation will be
+based just on user name.
+
+The "instance differentiation string" is <user name> for "user" method and
+<user name>_<raw directory context> for "context" and "level" methods. If the
+whole string is too long the end of it is replaced with md5sum of itself. Also
+when command line option gen_hash is used the whole string is replaced with
+md5sum of itself.
+
+EXAMPLES
+
+These are some example lines which might be specified in /etc/security/
+namespace.conf.
+
+
+      # The following three lines will polyinstantiate /tmp,
+      # /var/tmp and user's home directories. /tmp and /var/tmp
+      # will be polyinstantiated based on the security level
+      # as well as user name, whereas home directory will be
+      # polyinstantiated based on the full security context and user name.
+      # Polyinstantiation will not be performed for user root
+      # and adm for directories /tmp and /var/tmp, whereas home
+      # directories will be polyinstantiated for all users.
+      #
+      # Note that instance directories do not have to reside inside
+      # the polyinstantiated directory. In the examples below,
+      # instances of /tmp will be created in /tmp-inst directory,
+      # where as instances of /var/tmp and users home directories
+      # will reside within the directories that are being
+      # polyinstantiated.
+      #
+      /tmp     /tmp-inst/               level      root,adm
+      /var/tmp /var/tmp/tmp-inst/    level      root,adm
+      $HOME    $HOME/$USER.inst/inst- context
+    
+
+For the <service>s you need polyinstantiation (login for example) put the
+following line in /etc/pam.d/<service> as the last line for session group:
+
+session required pam_namespace.so [arguments]
+
+This module also depends on pam_selinux.so setting the context.
diff --git a/Linux-PAM/modules/pam_namespace/README.xml b/Linux-PAM/modules/pam_namespace/README.xml
index 98ab7532..4ef99c9f 100644
--- a/Linux-PAM/modules/pam_namespace/README.xml
+++ b/Linux-PAM/modules/pam_namespace/README.xml
@@ -1,139 +1,44 @@
<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
-"http://www.docbook.org/xml/4.4/docbookx.dtd">
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamns SYSTEM "pam_namespace.8.xml">
+-->
+<!--
+<!ENTITY nsconf SYSTEM "namespace.conf.5.xml">
+-->
+]>
+
<article>
+
<articleinfo>
+
<title>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_namespace.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_namespace-name"]/*)'/>
</title>
- </articleinfo>
- <section>
- <programlisting><![CDATA[
-
-pam_namespace module:
-Setup a private namespace with polyinstantiated directories.
-
-THEORY OF OPERATION:
-The pam namespace module consults /etc/security/namespace.conf
-configuration file and sets up a private namespace with polyinstantiated
-directories for a session managed by PAM. A skeleton namespace.conf
-installed by default provides example for polyinstantiating /tmp, /var/tmp
-and users' home directory.
-
-If an executable script /etc/security/namespace.init exists, it
-is used to initialize the namespace every time a new instance directory
-is setup. The script receives the polyinstantiated directory path
-and the instance directory path as its arguments.
-
-Each line in namespace.conf describes a limit for a user in the form:
-
-<polydir> <instance_prefix> <method> <list_of_uids>
-
-Where:
-<polydir> - is the absolute pathname of the directory to polyinstantiate
- Special entry $HOME is supported to designate user's home directory.
- This field cannot be blank.
-
-<instance_prefix> - is the string prefix used to build the pathname for the
- instantiation of <polydir>. The directory security context, or
- optionally its md5sum string (32 hex characters), is appended to
- the prefix to generate the final instance directory path.
- This directory is created if it did not exist already, and is then
- bind mounted on the <polydir> to provide an instance of <polydir>
- based on the <method> column. The special string $HOME is replaced with
- the user's home directory, and $USER with the username.
- This field cannot be blank.
-
-<method> - is the method used for polyinstantiation. It can take 3 different
- values; "user" for polyinstantiation based on user name, "context"
- for polyinstantiation based on process security context, and "both"
- for polyinstantiation based on both user name and security context.
- Methods "context" and "both" are only available with SELinux. This
- field cannot be blank.
-
-<list_of_uids> - is a comma separated list of user names for whom the
- polyinstantiation is not performed. If left blank, polyinstantiation
- will be performed for all users.
-
-EXAMPLE /etc/security/namespace.conf configuration file:
-=======================================================
-# Following three lines will polyinstantiate /tmp, /var/tmp and user's home
-# directories. /tmp and /var/tmp will be polyinstantiated based on both
-# security context as well as user name, whereas home directory will
-# be polyinstantiated based on security context only. Polyinstantiation
-# will not be performed for user root and adm for directories /tmp and
-# /var/tmp, whereas home directories will be polyinstantiated for all
-# users. The user name and/or context is appended to the instance prefix.
-#
-# Note that instance directories do not have to reside inside the
-# polyinstantiated directory. In the examples below, instances of /tmp
-# will be created in /tmp-inst directory, where as instances of /var/tmp
-# and users home directories will reside within the directories that
-# are being polyinstantiated.
-#
-# Instance parent directories must exist for the polyinstantiation
-# mechanism to work. By default, they should be created with the mode
-# of 000. pam_namespace module will enforce this mode unless it
-# is explicitly called with an argument to ignore the mode of the
-# instance parent. System administrators should use this argument with
-# caution, as it will reduce security and isolation achieved by
-# polyinstantiation.
-#
-/tmp /tmp-inst/ both root,adm
-/var/tmp /var/tmp/tmp-inst/ both root,adm
-$HOME $HOME/$USER.inst/inst- context
-
-ARGUMENTS RECOGNIZED:
- debug
- Verbose logging by syslog
- unmnt_remnt
- For programs such as su and newrole, the login session has
- already setup a polyinstantiated namespace. For these programs,
- polyinstantiation is performed based on new user id or security
- context, however the command first needs to undo the
- polyinstantiation performed by login. This argument instructs
- the command to first undo previous polyinstantiation before
- proceeding with new polyinstantiation based on new id/context.
-
- unmnt_only
- For trusted programs that want to undo any existing bind mounts
- and process instance directories on their own, this argument
- allows them to unmount currently mounted instance directories.
-
- require_selinux
- If selinux is not enabled, return failure.
-
- gen_hash
- Instead of using the security context string for the instance
- name, generate and use its md5 hash.
-
- ignore_config_error
- If a line in the configuration file corresponding to a
- polyinstantiated directory contains format error, skip that
- line process the next line. Without this option, pam will return
- an error to the calling program resulting in termination
- of the session.
-
- ignore_instance_parent_mode
- Instance parent directories by default are expected to have
- the restrictive mode of 000. Using this option, an administrator
- can choose to ignore the mode of the instance parent.
+ </articleinfo>
-MODULE SERVICES PROVIDED:
- session open_session and close_session
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_namespace.8.xml" xpointer='xpointer(//refsect1[@id = "pam_namespace-description"]/*)'/>
+ </section>
-USAGE:
- For the <service>s you need polyinstantiation (login for example)
- put the following line in /etc/pam.d/<service> as the last line for
- session group:
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_namespace.8.xml" xpointer='xpointer(//refsect1[@id = "pam_namespace-options"]/*)'/>
+ </section>
- session required pam_namespace.so [arguments]
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="namespace.conf.5.xml" xpointer='xpointer(//refsect1[@id = "namespace.conf-description"]/*)'/>
+ </section>
- This module also depends on pam_selinux.so setting the context.
-]]>
- </programlisting>
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="namespace.conf.5.xml" xpointer='xpointer(//refsect1[@id = "namespace.conf-examples"]/*)'/>
</section>
-</article>
+</article>
diff --git a/Linux-PAM/modules/pam_namespace/namespace.conf b/Linux-PAM/modules/pam_namespace/namespace.conf
index c7305ffe..f973225f 100644
--- a/Linux-PAM/modules/pam_namespace/namespace.conf
+++ b/Linux-PAM/modules/pam_namespace/namespace.conf
@@ -4,12 +4,10 @@
#
# Uncommenting the following three lines will polyinstantiate
# /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will
-# be polyinstantiated based on both security context as well as user
-# name, whereas home directory will be polyinstantiated based on
-# security context only. Polyinstantion will not be performed for
-# user root and adm for directories /tmp and /var/tmp, whereas home
-# directories will be polyinstantiated for all users. The user name
-# and/or context is appended to the instance prefix.
+# be polyinstantiated based on the MLS level part of the security context as well as user
+# name, Polyinstantion will not be performed for user root and adm for directories
+# /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users.
+# The user name and context is appended to the instance prefix.
#
# Note that instance directories do not have to reside inside the
# polyinstantiated directory. In the examples below, instances of /tmp
@@ -25,6 +23,6 @@
# caution, as it will reduce security and isolation achieved by
# polyinstantiation.
#
-#/tmp /tmp-inst/ both root,adm
-#/var/tmp /var/tmp/tmp-inst/ both root,adm
-#$HOME $HOME/$USER.inst/inst- context
+#/tmp /tmp-inst/ level root,adm
+#/var/tmp /var/tmp/tmp-inst/ level root,adm
+#$HOME $HOME/$USER.inst/ level
diff --git a/Linux-PAM/modules/pam_namespace/namespace.conf.5 b/Linux-PAM/modules/pam_namespace/namespace.conf.5
index ff325a21..0a4d98e4 100644
--- a/Linux-PAM/modules/pam_namespace/namespace.conf.5
+++ b/Linux-PAM/modules/pam_namespace/namespace.conf.5
@@ -1,96 +1,101 @@
-.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.de Sh \" Subsection
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.TH "NAMESPACE.CONF" 5 "" "" ""
-.SH NAME
+.\" Title: namespace.conf
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: 06/20/2007
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "NAMESPACE.CONF" "5" "06/20/2007" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
namespace.conf \- the namespace configuration file
.SH "DESCRIPTION"
-
.PP
-This module allows setup of private namespaces with polyinstantiated directories\&. Directories can be polyinstantiated based on user name or, in the case of SELinux, user name, security context or both\&. If an executable script \fI/etc/security/namespace\&.init\fR exists, it is used to initialize the namespace every time a new instance directory is setup\&. The script receives the polyinstantiated directory path and the instance directory path as its arguments\&.
-
+This module allows setup of private namespaces with polyinstantiated directories. Directories can be polyinstantiated based on user name or, in the case of SELinux, user name, sensitivity level or complete security context. If an executable script
+\fI/etc/security/namespace.init\fR
+exists, it is used to initialize the namespace every time a new instance directory is setup. The script receives the polyinstantiated directory path and the instance directory path as its arguments.
.PP
-The \fI/etc/security/namespace\&.conf\fR file specifies which directories are polyinstantiated, how they are polyinstantiated, how instance directories would be named, and any users for whom polyinstantiation would not be performed\&.
-
+The
+\fI/etc/security/namespace.conf\fR
+file specifies which directories are polyinstantiated, how they are polyinstantiated, how instance directories would be named, and any users for whom polyinstantiation would not be performed.
.PP
-When someone logs in, the file \fInamespace\&.conf\fR is scanned where each non comment line represents one polyinstantiated directory with space separated fields as follows:
-
+When someone logs in, the file
+\fInamespace.conf\fR
+is scanned where each non comment line represents one polyinstantiated directory with space separated fields as follows:
.PP
- \fIpolydir\fR \fI instance_prefix\fR \fI method\fR \fI list_of_uids\fR
+\fIpolydir\fR
+\fI instance_prefix\fR
+\fI method\fR
+\fI list_of_uids\fR
.PP
-The first field, \fIpolydir\fR, is the absolute pathname of the directory to polyinstantiate\&. Special entry $HOME is supported to designate user's home directory\&. This field cannot be blank\&.
-
+The first field,
+\fIpolydir\fR, is the absolute pathname of the directory to polyinstantiate. Special entry $HOME is supported to designate user's home directory. This field cannot be blank.
.PP
-The second field, \fIinstance_prefix\fR is the string prefix used to build the pathname for the instantiation of <polydir>\&. The directory security context, or optionally its md5sum string (32 hex characters), is appended to the prefix to generate the final instance directory path\&. This directory is created if it did not exist already, and is then bind mounted on the <polydir> to provide an instance of <polydir> based on the <method> column\&. The special string $HOME is replaced with the user's home directory, and $USER with the username\&. This field cannot be blank\&. The directory where polyinstantiated instances are to be created, must exist and must have, by default, the mode of 000\&. The requirement that the instance parent be of mode 000 can be overridden with the command line option <ignore_instance_parent_mode>
-
+The second field,
+\fIinstance_prefix\fR
+is the string prefix used to build the pathname for the instantiation of <polydir>. Depending on the polyinstantiation
+\fImethod\fR
+it is then appended with "instance differentiation string" to generate the final instance directory path. This directory is created if it did not exist already, and is then bind mounted on the <polydir> to provide an instance of <polydir> based on the <method> column. The special string $HOME is replaced with the user's home directory, and $USER with the username. This field cannot be blank. The directory where polyinstantiated instances are to be created, must exist and must have, by default, the mode of 000. The requirement that the instance parent be of mode 000 can be overridden with the command line option
+\fIignore_instance_parent_mode\fR
.PP
-The third field, \fImethod\fR, is the method used for polyinstantiation\&. It can take 3 different values; "user" for polyinstantiation based on user name, "context" for polyinstantiation based on process security context, and "both" for polyinstantiation based on both user name and security context\&. Methods "context" and "both" are only available with SELinux\&. This field cannot be blank\&.
-
+The third field,
+\fImethod\fR, is the method used for polyinstantiation. It can take 3 different values; "user" for polyinstantiation based on user name, "level" for polyinstantiation based on process MLS level and user name, and "context" for polyinstantiation based on process security context and user name Methods "context" and "level" are only available with SELinux. This field cannot be blank.
.PP
-The fourth field, \fIlist_of_uids\fR, is a comma separated list of user names for whom the polyinstantiation is not performed\&. If left blank, polyinstantiation will be performed for all users\&.
-
+The fourth field,
+\fIlist_of_uids\fR, is a comma separated list of user names for whom the polyinstantiation is not performed. If left blank, polyinstantiation will be performed for all users.
+.PP
+In case of context or level polyinstantiation the SELinux context which is used for polyinstantiation is the context used for executing a new process as obtained by getexeccon. This context must be set by the calling application or
+\fIpam_selinux.so\fR
+module. If this context is not set the polyinstatiation will be based just on user name.
+.PP
+The "instance differentiation string" is <user name> for "user" method and <user name>_<raw directory context> for "context" and "level" methods. If the whole string is too long the end of it is replaced with md5sum of itself. Also when command line option
+\fIgen_hash\fR
+is used the whole string is replaced with md5sum of itself.
.SH "EXAMPLES"
-
.PP
-These are some example lines which might be specified in \fI/etc/security/namespace\&.conf\fR\&.
-
+These are some example lines which might be specified in
+\fI/etc/security/namespace.conf\fR.
+.sp
+.RS 4
.nf
-
# The following three lines will polyinstantiate /tmp,
- # /var/tmp and user's home directories\&. /tmp and /var/tmp
- # will be polyinstantiated based on both security context
+ # /var/tmp and user's home directories. /tmp and /var/tmp
+ # will be polyinstantiated based on the security level
# as well as user name, whereas home directory will be
- # polyinstantiated based on security context only\&.
+ # polyinstantiated based on the full security context and user name.
# Polyinstantiation will not be performed for user root
# and adm for directories /tmp and /var/tmp, whereas home
- # directories will be polyinstantiated for all users\&.
+ # directories will be polyinstantiated for all users.
#
# Note that instance directories do not have to reside inside
- # the polyinstantiated directory\&. In the examples below,
+ # the polyinstantiated directory. In the examples below,
# instances of /tmp will be created in /tmp\-inst directory,
# where as instances of /var/tmp and users home directories
# will reside within the directories that are being
- # polyinstantiated\&.
+ # polyinstantiated.
#
- /tmp /tmp\-inst/ both root,adm
- /var/tmp /var/tmp/tmp\-inst/ both root,adm
- $HOME $HOME/$USER\&.inst/inst\- context
+ /tmp /tmp\-inst/ level root,adm
+ /var/tmp /var/tmp/tmp\-inst/ level root,adm
+ $HOME $HOME/$USER.inst/inst\- context
.fi
-
+.RE
.PP
-For the <service>s you need polyinstantiation (login for example) put the following line in /etc/pam\&.d/<service> as the last line for session group:
-
+For the <service>s you need polyinstantiation (login for example) put the following line in /etc/pam.d/<service> as the last line for session group:
.PP
-session required pam_namespace\&.so [arguments]
-
+session required pam_namespace.so [arguments]
.PP
-This module also depends on pam_selinux\&.so setting the context\&.
-
+This module also depends on pam_selinux.so setting the context.
.SH "SEE ALSO"
-
.PP
- \fBpam_namespace\fR(8), \fBpam\&.d\fR(5), \fBpam\fR(8)
+\fBpam_namespace\fR(8),
+\fBpam.d\fR(5),
+\fBpam\fR(8)
.SH "AUTHORS"
-
.PP
-The namespace\&.conf manual page was written by Janak Desai <janak@us\&.ibm\&.com>\&.
-
+The namespace.conf manual page was written by Janak Desai <janak@us.ibm.com>.
diff --git a/Linux-PAM/modules/pam_namespace/namespace.conf.5.xml b/Linux-PAM/modules/pam_namespace/namespace.conf.5.xml
index 36a1a085..db48cdcb 100644
--- a/Linux-PAM/modules/pam_namespace/namespace.conf.5.xml
+++ b/Linux-PAM/modules/pam_namespace/namespace.conf.5.xml
@@ -22,7 +22,7 @@
<para>
This module allows setup of private namespaces with polyinstantiated
directories. Directories can be polyinstantiated based on user name
- or, in the case of SELinux, user name, security context or both. If an
+ or, in the case of SELinux, user name, sensitivity level or complete security context. If an
executable script <filename>/etc/security/namespace.init</filename>
exists, it is used to initialize the namespace every time a new instance
directory is setup. The script receives the polyinstantiated
@@ -56,26 +56,27 @@
<para>
The second field, <replaceable>instance_prefix</replaceable> is
the string prefix used to build the pathname for the instantiation
- of &lt;polydir&gt;. The directory security context, or optionally its
- md5sum string (32 hex characters), is appended to the prefix to
- generate the final instance directory path. This directory is
- created if it did not exist already, and is then bind mounted on the
- &lt;polydir&gt; to provide an instance of &lt;polydir&gt; based on the
- &lt;method&gt; column. The special string $HOME is replaced with the
- user's home directory, and $USER with the username. This field cannot
- be blank. The directory where polyinstantiated instances are to be
+ of &lt;polydir&gt;. Depending on the polyinstantiation
+ <replaceable>method</replaceable> it is then appended with
+ "instance differentiation string" to generate the final
+ instance directory path. This directory is created if it did not exist
+ already, and is then bind mounted on the &lt;polydir&gt; to provide an
+ instance of &lt;polydir&gt; based on the &lt;method&gt; column.
+ The special string $HOME is replaced with the user's home directory,
+ and $USER with the username. This field cannot be blank.
+ The directory where polyinstantiated instances are to be
created, must exist and must have, by default, the mode of 000. The
requirement that the instance parent be of mode 000 can be overridden
- with the command line option &lt;ignore_instance_parent_mode&gt;
+ with the command line option <replaceable>ignore_instance_parent_mode</replaceable>
</para>
<para>
The third field, <replaceable>method</replaceable>, is the method
used for polyinstantiation. It can take 3 different values; "user"
- for polyinstantiation based on user name, "context" for
- polyinstantiation based on process security context, and "both"
- for polyinstantiation based on both user name and security context.
- Methods "context" and "both" are only available with SELinux. This
+ for polyinstantiation based on user name, "level" for
+ polyinstantiation based on process MLS level and user name, and "context" for
+ polyinstantiation based on process security context and user name
+ Methods "context" and "level" are only available with SELinux. This
field cannot be blank.
</para>
@@ -86,6 +87,24 @@
for all users.
</para>
+ <para>
+ In case of context or level polyinstantiation the SELinux context
+ which is used for polyinstantiation is the context used for executing
+ a new process as obtained by getexeccon. This context must be set
+ by the calling application or <filename>pam_selinux.so</filename>
+ module. If this context is not set the polyinstatiation will be
+ based just on user name.
+ </para>
+
+ <para>
+ The "instance differentiation string" is &lt;user name&gt; for "user"
+ method and &lt;user name&gt;_&lt;raw directory context&gt; for "context"
+ and "level" methods. If the whole string is too long the end of it is
+ replaced with md5sum of itself. Also when command line option
+ <replaceable>gen_hash</replaceable> is used the whole string is replaced
+ with md5sum of itself.
+ </para>
+
</refsect1>
<refsect1 id="namespace.conf-examples">
@@ -98,9 +117,9 @@
<literallayout>
# The following three lines will polyinstantiate /tmp,
# /var/tmp and user's home directories. /tmp and /var/tmp
- # will be polyinstantiated based on both security context
+ # will be polyinstantiated based on the security level
# as well as user name, whereas home directory will be
- # polyinstantiated based on security context only.
+ # polyinstantiated based on the full security context and user name.
# Polyinstantiation will not be performed for user root
# and adm for directories /tmp and /var/tmp, whereas home
# directories will be polyinstantiated for all users.
@@ -112,8 +131,8 @@
# will reside within the directories that are being
# polyinstantiated.
#
- /tmp /tmp-inst/ both root,adm
- /var/tmp /var/tmp/tmp-inst/ both root,adm
+ /tmp /tmp-inst/ level root,adm
+ /var/tmp /var/tmp/tmp-inst/ level root,adm
$HOME $HOME/$USER.inst/inst- context
</literallayout>
diff --git a/Linux-PAM/modules/pam_namespace/namespace.init b/Linux-PAM/modules/pam_namespace/namespace.init
index 62f8e6e4..0e9be68f 100755
--- a/Linux-PAM/modules/pam_namespace/namespace.init
+++ b/Linux-PAM/modules/pam_namespace/namespace.init
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/sh -p
# This is only a boilerplate for the instance initialization script.
# It receives polydir path as $1 and the instance path as $2.
#
diff --git a/Linux-PAM/modules/pam_namespace/pam_namespace.8 b/Linux-PAM/modules/pam_namespace/pam_namespace.8
index 126cfc88..8d136c99 100644
--- a/Linux-PAM/modules/pam_namespace/pam_namespace.8
+++ b/Linux-PAM/modules/pam_namespace/pam_namespace.8
@@ -1,11 +1,11 @@
.\" Title: pam_namespace
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/27/2006
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: 06/20/2007
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_NAMESPACE" "8" "06/27/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_NAMESPACE" "8" "06/20/2007" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -14,7 +14,7 @@
pam_namespace \- PAM module for configuring namespace for a session
.SH "SYNOPSIS"
.HP 17
-\fBpam_namespace.so\fR [debug] [unmnt_remnt] [unmnt_only] [require_selinux] [gen_hash] [ignore_config_error] [ignore_instance_parent_mode]
+\fBpam_namespace.so\fR [debug] [unmnt_remnt] [unmnt_only] [require_selinux] [gen_hash] [ignore_config_error] [ignore_instance_parent_mode] [no_unmount_on_close]
.SH "DESCRIPTION"
.PP
The pam_namespace PAM module sets up a private namespace for a session with polyinstantiated directories. A polyinstantiated directory provides a different instance of itself based on user name, or when using SELinux, user name, security context or both. If an executable script
@@ -23,46 +23,73 @@ exists, it is used to initialize the namespace every time a new instance directo
.PP
The pam_namespace module disassociates the session namespace from the parent namespace. Any mounts/unmounts performed in the parent namespace, such as mounting of devices, are not reflected in the session namespace. To propagate selected mount/unmount events from the parent namespace into the disassociated session namespace, an administrator may use the special shared\-subtree feature. For additional information on shared\-subtree feature, please refer to the mount(8) man page and the shared\-subtree description at http://lwn.net/Articles/159077 and http://lwn.net/Articles/159092.
.SH "OPTIONS"
-.TP 3n
+.PP
\fBdebug\fR
+.RS 4
A lot of debug information is logged using syslog
-.TP 3n
+.RE
+.PP
\fBunmnt_remnt\fR
+.RS 4
For programs such as su and newrole, the login session has already setup a polyinstantiated namespace. For these programs, polyinstantiation is performed based on new user id or security context, however the command first needs to undo the polyinstantiation performed by login. This argument instructs the command to first undo previous polyinstantiation before proceeding with new polyinstantiation based on new id/context
-.TP 3n
+.RE
+.PP
\fBunmnt_only\fR
+.RS 4
For trusted programs that want to undo any existing bind mounts and process instance directories on their own, this argument allows them to unmount currently mounted instance directories
-.TP 3n
+.RE
+.PP
\fBrequire_selinux\fR
+.RS 4
If selinux is not enabled, return failure
-.TP 3n
+.RE
+.PP
\fBgen_hash\fR
+.RS 4
Instead of using the security context string for the instance name, generate and use its md5 hash.
-.TP 3n
+.RE
+.PP
\fBignore_config_error\fR
+.RS 4
If a line in the configuration file corresponding to a polyinstantiated directory contains format error, skip that line process the next line. Without this option, pam will return an error to the calling program resulting in termination of the session.
-.TP 3n
+.RE
+.PP
\fBignore_instance_parent_mode\fR
+.RS 4
Instance parent directories by default are expected to have the restrictive mode of 000. Using this option, an administrator can choose to ignore the mode of the instance parent. This option should be used with caution as it will reduce security and isolation goals of the polyinstantiation mechanism.
+.RE
+.PP
+\fBno_unmount_on_close\fR
+.RS 4
+For certain trusted programs such as newrole, open session is called from a child process while the parent perfoms close session and pam end functions. For these commands use this option to instruct pam_close_session to not unmount the bind mounted polyinstantiated directory in the parent.
+.RE
.SH "MODULE SERVICES PROVIDED"
.PP
The
\fBsession\fR
service is supported.
.SH "RETURN VALUES"
-.TP 3n
+.PP
PAM_SUCCESS
+.RS 4
Namespace setup was successful.
-.TP 3n
+.RE
+.PP
PAM_SERVICE_ERR
+.RS 4
Unexpected system error occurred while setting up namespace.
-.TP 3n
+.RE
+.PP
PAM_SESSION_ERR
+.RS 4
Unexpected namespace configuration error occurred.
+.RE
.SH "FILES"
-.TP 3n
+.PP
\fI/etc/security/namespace.conf\fR
+.RS 4
Configuration file
+.RE
.SH "EXAMPLES"
.PP
For the <service>s you need polyinstantiation (login for example) put the following line in /etc/pam.d/<service> as the last line for session group:
@@ -80,7 +107,7 @@ to ensure that the X server and its clients can appropriately access the communi
.PP
.sp
-.RS 3n
+.RS 4
.nf
1. Disable the use of font server by commenting out "FontPath"
line in /etc/X11/xorg.conf. If you do want to use the font server
diff --git a/Linux-PAM/modules/pam_namespace/pam_namespace.8.xml b/Linux-PAM/modules/pam_namespace/pam_namespace.8.xml
index 4c93ecf0..e1b307ae 100644
--- a/Linux-PAM/modules/pam_namespace/pam_namespace.8.xml
+++ b/Linux-PAM/modules/pam_namespace/pam_namespace.8.xml
@@ -43,6 +43,9 @@
<arg choice="opt">
ignore_instance_parent_mode
</arg>
+ <arg choice="opt">
+ no_unmount_on_close
+ </arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -179,6 +182,22 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <option>no_unmount_on_close</option>
+ </term>
+ <listitem>
+ <para>
+ For certain trusted programs such as newrole, open session
+ is called from a child process while the parent perfoms
+ close session and pam end functions. For these commands
+ use this option to instruct pam_close_session to not
+ unmount the bind mounted polyinstantiated directory in the
+ parent.
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
diff --git a/Linux-PAM/modules/pam_namespace/pam_namespace.c b/Linux-PAM/modules/pam_namespace/pam_namespace.c
index e4e4a5d8..73d8e591 100644
--- a/Linux-PAM/modules/pam_namespace/pam_namespace.c
+++ b/Linux-PAM/modules/pam_namespace/pam_namespace.c
@@ -244,23 +244,29 @@ static int process_line(char *line, const char *home,
}
strcpy(poly.dir, dir);
strcpy(poly.instance_prefix, instance_prefix);
- if (strcmp(method, "user") == 0)
- poly.method = USER;
+
+ poly.method = NONE;
+ if (strcmp(method, "user") == 0)
+ poly.method = USER;
+
#ifdef WITH_SELINUX
- else if (strcmp(method, "context") == 0) {
+ if (strcmp(method, "level") == 0) {
if (idata->flags & PAMNS_CTXT_BASED_INST)
- poly.method = CONTEXT;
+ poly.method = LEVEL;
else
poly.method = USER;
- } else if (strcmp(method, "both") == 0) {
+ }
+
+ if (strcmp(method, "context") == 0) {
if (idata->flags & PAMNS_CTXT_BASED_INST)
- poly.method = BOTH;
+ poly.method = CONTEXT;
else
poly.method = USER;
}
#endif
- else {
+
+ if ( poly.method == NONE) {
pam_syslog(idata->pamh, LOG_NOTICE, "Illegal method");
goto skipping;
}
@@ -296,11 +302,14 @@ static int process_line(char *line, const char *home,
*tptr = '\0';
pwd = pam_modutil_getpwnam(idata->pamh, ustr);
- *uidptr = pwd->pw_uid;
- if (i < count - 1) {
- ustr = tptr + 1;
+ if (pwd == NULL) {
+ pam_syslog(idata->pamh, LOG_ERR, "Unknown user %s in configuration", ustr);
+ poly.num_uids--;
+ } else {
+ *uidptr = pwd->pw_uid;
uidptr++;
}
+ ustr = tptr + 1;
}
}
@@ -411,17 +420,18 @@ static int parse_config_file(struct instance_data *idata)
* uids for the polyinstantiated directory, polyinstantiation is not
* performed for that user for that directory.
*/
-static int ns_override(struct polydir_s *polyptr, struct instance_data *idata)
+static int ns_override(struct polydir_s *polyptr, struct instance_data *idata,
+ uid_t uid)
{
unsigned int i;
if (idata->flags & PAMNS_DEBUG)
pam_syslog(idata->pamh, LOG_DEBUG,
"Checking for ns override in dir %s for uid %d",
- polyptr->dir, idata->uid);
+ polyptr->dir, uid);
for (i = 0; i < polyptr->num_uids; i++) {
- if (idata->uid == polyptr->uid[i]) {
+ if (uid == polyptr->uid[i]) {
return 1;
}
}
@@ -429,6 +439,36 @@ static int ns_override(struct polydir_s *polyptr, struct instance_data *idata)
return 0;
}
+/*
+ * md5hash generates a hash of the passed in instance directory name.
+ */
+static char *md5hash(const char *instname, struct instance_data *idata)
+{
+ int i;
+ char *md5inst = NULL;
+ char *to;
+ unsigned char inst_digest[MD5_DIGEST_LENGTH];
+
+ /*
+ * Create MD5 hashes for instance pathname.
+ */
+
+ MD5((const unsigned char *)instname, strlen(instname), inst_digest);
+
+ if ((md5inst = malloc(MD5_DIGEST_LENGTH * 2 + 1)) == NULL) {
+ pam_syslog(idata->pamh, LOG_ERR, "Unable to allocate buffer");
+ return NULL;
+ }
+
+ to = md5inst;
+ for (i = 0; i < MD5_DIGEST_LENGTH; i++) {
+ snprintf(to, 3, "%02x", (unsigned int)inst_digest[i]);
+ to += 2;
+ }
+
+ return md5inst;
+}
+
#ifdef WITH_SELINUX
static int form_context(const struct polydir_s *polyptr,
security_context_t *i_context, security_context_t *origcon,
@@ -448,19 +488,23 @@ static int form_context(const struct polydir_s *polyptr,
return PAM_SESSION_ERR;
}
+ if (polyptr->method == USER) return PAM_SUCCESS;
+
+ rc = getexeccon(&scon);
+ if (rc < 0 || scon == NULL) {
+ pam_syslog(idata->pamh, LOG_ERR,
+ "Error getting exec context, %m");
+ return PAM_SESSION_ERR;
+ }
+
/*
* If polyinstantiating based on security context, get current
* process security context, get security class for directories,
* and ask the policy to provide security context of the
* polyinstantiated instance directory.
*/
- if ((polyptr->method == CONTEXT) || (polyptr->method == BOTH)) {
- rc = getexeccon(&scon);
- if (rc < 0 || scon == NULL) {
- pam_syslog(idata->pamh, LOG_ERR,
- "Error getting exec context, %m");
- return PAM_SESSION_ERR;
- }
+
+ if (polyptr->method == CONTEXT) {
tclass = string_to_security_class("dir");
if (security_compute_member(scon, *origcon, tclass,
@@ -473,7 +517,48 @@ static int form_context(const struct polydir_s *polyptr,
pam_syslog(idata->pamh, LOG_DEBUG,
"member context returned by policy %s", *i_context);
freecon(scon);
+ return PAM_SUCCESS;
}
+
+ /*
+ * If polyinstantiating based on security level, get current
+ * process security context, get security class for directories,
+ * and change the directories MLS Level to match process.
+ */
+
+ if (polyptr->method == LEVEL) {
+ context_t scontext = NULL;
+ context_t fcontext = NULL;
+ rc = PAM_SESSION_ERR;
+
+ scontext = context_new(scon);
+ if (! scontext) {
+ pam_syslog(idata->pamh, LOG_ERR, "out of memory");
+ goto fail;
+ }
+ fcontext = context_new(*origcon);
+ if (! fcontext) {
+ pam_syslog(idata->pamh, LOG_ERR, "out of memory");
+ goto fail;
+ }
+ if (context_range_set(fcontext, context_range_get(scontext)) != 0) {
+ pam_syslog(idata->pamh, LOG_ERR, "Unable to set MLS Componant of context");
+ goto fail;
+ }
+ *i_context=strdup(context_str(fcontext));
+ if (! *i_context) {
+ pam_syslog(idata->pamh, LOG_ERR, "out of memory");
+ goto fail;
+ }
+
+ rc = PAM_SUCCESS;
+ fail:
+ context_free(scontext);
+ context_free(fcontext);
+ freecon(scon);
+ return rc;
+ }
+ /* Should never get here */
return PAM_SUCCESS;
}
#endif
@@ -495,12 +580,21 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name,
#endif
{
int rc;
+ char *hash = NULL;
+#ifdef WITH_SELINUX
+ security_context_t rawcon = NULL;
+#endif
-# ifdef WITH_SELINUX
- rc = form_context(polyptr, i_context, origcon, idata);
+ *i_name = NULL;
+#ifdef WITH_SELINUX
+ *i_context = NULL;
+ *origcon = NULL;
+ if ((rc=form_context(polyptr, i_context, origcon, idata)) != PAM_SUCCESS) {
+ return rc;
+ }
#endif
- rc = PAM_SUCCESS;
+ rc = PAM_SESSION_ERR;
/*
* Set the name of the polyinstantiated instance dir based on the
* polyinstantiation method.
@@ -509,35 +603,70 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name,
case USER:
if (asprintf(i_name, "%s", idata->user) < 0) {
*i_name = NULL;
- rc = PAM_SESSION_ERR;
- }
+ goto fail;
+ }
break;
#ifdef WITH_SELINUX
+ case LEVEL:
case CONTEXT:
- if (asprintf(i_name, "%s", *i_context) < 0) {
+ if (selinux_trans_to_raw_context(*i_context, &rawcon) < 0) {
+ pam_syslog(idata->pamh, LOG_ERR, "Error translating directory context");
+ goto fail;
+ }
+ if (asprintf(i_name, "%s_%s", rawcon, idata->user) < 0) {
*i_name = NULL;
- rc = PAM_SESSION_ERR;
+ goto fail;
}
break;
- case BOTH:
- if (asprintf(i_name, "%s_%s", *i_context, idata->user) < 0) {
- *i_name = NULL;
- rc = PAM_SESSION_ERR;
- }
- break;
#endif /* WITH_SELINUX */
default:
if (idata->flags & PAMNS_DEBUG)
pam_syslog(idata->pamh, LOG_ERR, "Unknown method");
- rc = PAM_SESSION_ERR;
+ goto fail;
}
- if ((idata->flags & PAMNS_DEBUG) && rc == PAM_SUCCESS)
+ if (idata->flags & PAMNS_DEBUG)
pam_syslog(idata->pamh, LOG_DEBUG, "poly_name %s", *i_name);
+ if ((idata->flags & PAMNS_GEN_HASH) || strlen(*i_name) > NAMESPACE_MAX_DIR_LEN) {
+ hash = md5hash(*i_name, idata);
+ if (hash == NULL) {
+ goto fail;
+ }
+ if (idata->flags & PAMNS_GEN_HASH) {
+ free(*i_name);
+ *i_name = hash;
+ hash = NULL;
+ } else {
+ char *newname;
+ if (asprintf(&newname, "%.*s_%s", NAMESPACE_MAX_DIR_LEN-1-strlen(hash),
+ *i_name, hash) < 0) {
+ goto fail;
+ }
+ free(*i_name);
+ *i_name = newname;
+ }
+ }
+ rc = PAM_SUCCESS;
+
+fail:
+ free(hash);
+#ifdef WITH_SELINUX
+ freecon(rawcon);
+#endif
+ if (rc != PAM_SUCCESS) {
+#ifdef WITH_SELINUX
+ freecon(*i_context);
+ *i_context = NULL;
+ freecon(*origcon);
+ *origcon = NULL;
+#endif
+ free(*i_name);
+ *i_name = NULL;
+ }
return rc;
}
@@ -785,39 +914,6 @@ inst_init:
/*
- * md5hash generates a hash of the passed in instance directory name.
- */
-static int md5hash(char **instname, struct instance_data *idata)
-{
- int i;
- char *md5inst = NULL;
- char *to;
- unsigned char inst_digest[MD5_DIGEST_LENGTH];
-
- /*
- * Create MD5 hashes for instance pathname.
- */
-
- MD5((unsigned char *)*instname, strlen(*instname), inst_digest);
-
- if ((md5inst = malloc(MD5_DIGEST_LENGTH * 2 + 1)) == NULL) {
- pam_syslog(idata->pamh, LOG_ERR, "Unable to allocate buffer");
- return PAM_SESSION_ERR;
- }
-
- to = md5inst;
- for (i = 0; i < MD5_DIGEST_LENGTH; i++) {
- snprintf(to, 3, "%02x", (unsigned int)inst_digest[i]);
- to += 3;
- }
-
- free(*instname);
- *instname = md5inst;
-
- return PAM_SUCCESS;
-}
-
-/*
* This function performs the namespace setup for a particular directory
* that is being polyinstantiated. It creates an MD5 hash of instance
* directory, calls create_dirs to create it with appropriate
@@ -867,14 +963,6 @@ static int ns_setup(const struct polydir_s *polyptr,
#endif
}
- if (idata->flags & PAMNS_GEN_HASH) {
- retval = md5hash(&instname, idata);
- if (retval < 0) {
- pam_syslog(idata->pamh, LOG_ERR, "Error generating md5 hash");
- goto error_out;
- }
- }
-
if (asprintf(&inst_dir, "%s%s", polyptr->instance_prefix, instname) < 0)
goto error_out;
@@ -967,21 +1055,46 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt)
int retval = 0, need_poly = 0, changing_dir = 0;
char *cptr, *fptr, poly_parent[PATH_MAX];
struct polydir_s *pptr;
+ uid_t req_uid;
+ const void *ruser_name;
+ struct passwd *pwd;
if (idata->flags & PAMNS_DEBUG)
pam_syslog(idata->pamh, LOG_DEBUG, "Set up namespace for pid %d",
getpid());
+ retval = pam_get_item(idata->pamh, PAM_RUSER, &ruser_name);
+ if (ruser_name == NULL || retval != PAM_SUCCESS) {
+ retval = PAM_SUCCESS;
+ req_uid = getuid();
+ } else {
+ pwd = pam_modutil_getpwnam(idata->pamh, ruser_name);
+ if (pwd != NULL) {
+ req_uid = pwd->pw_uid;
+ } else {
+ req_uid = getuid();
+ }
+ }
+
/*
* Cycle through all polyinstantiated directory entries to see if
* polyinstantiation is needed at all.
*/
for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) {
- if (ns_override(pptr, idata)) {
- if (idata->flags & PAMNS_DEBUG)
- pam_syslog(idata->pamh, LOG_DEBUG,
+ if (ns_override(pptr, idata, idata->uid)) {
+ if (unmnt == NO_UNMNT || ns_override(pptr, idata, req_uid)) {
+ if (idata->flags & PAMNS_DEBUG)
+ pam_syslog(idata->pamh, LOG_DEBUG,
"Overriding poly for user %d for dir %s",
idata->uid, pptr->dir);
+ } else {
+ if (idata->flags & PAMNS_DEBUG)
+ pam_syslog(idata->pamh, LOG_DEBUG,
+ "Need unmount ns for user %d for dir %s",
+ idata->uid, pptr->dir);
+ need_poly = 1;
+ break;
+ }
continue;
} else {
if (idata->flags & PAMNS_DEBUG)
@@ -1011,15 +1124,20 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt)
* call ns_setup to setup polyinstantiation for a particular entry.
*/
for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) {
- if (ns_override(pptr, idata))
- continue;
- else {
- if (idata->flags & PAMNS_DEBUG)
+ enum unmnt_op dir_unmnt = unmnt;
+ if (ns_override(pptr, idata, idata->uid)) {
+ if (unmnt == NO_UNMNT || ns_override(pptr, idata, req_uid)) {
+ continue;
+ } else {
+ dir_unmnt = UNMNT_ONLY;
+ }
+ }
+ if (idata->flags & PAMNS_DEBUG)
pam_syslog(idata->pamh, LOG_DEBUG,
"Setting poly ns for user %d for dir %s",
idata->uid, pptr->dir);
- if ((unmnt == UNMNT_REMNT) || (unmnt == UNMNT_ONLY)) {
+ if ((dir_unmnt == UNMNT_REMNT) || (dir_unmnt == UNMNT_ONLY)) {
/*
* Check to see if process current directory is in the
* bind mounted instance_parent directory that we are trying to
@@ -1059,13 +1177,12 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt)
} else if (idata->flags & PAMNS_DEBUG)
pam_syslog(idata->pamh, LOG_DEBUG, "Umount succeeded %s",
pptr->dir);
- }
+ }
- if (unmnt != UNMNT_ONLY) {
+ if (dir_unmnt != UNMNT_ONLY) {
retval = ns_setup(pptr, idata);
if (retval != PAM_SUCCESS)
break;
- }
}
}
@@ -1092,7 +1209,7 @@ static int orig_namespace(struct instance_data *idata)
* appropriate polyinstantiated instance directories.
*/
for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) {
- if (ns_override(pptr, idata))
+ if (ns_override(pptr, idata, idata->uid))
continue;
else {
if (idata->flags & PAMNS_DEBUG)
@@ -1158,7 +1275,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
#ifdef WITH_SELINUX
if (is_selinux_enabled())
idata.flags |= PAMNS_SELINUX_ENABLED;
- if (ctxt_based_inst_needed())
+ if (ctxt_based_inst_needed())
idata.flags |= PAMNS_CTXT_BASED_INST;
#endif
@@ -1266,12 +1383,30 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
idata.flags |= PAMNS_DEBUG;
if (strcmp(argv[i], "ignore_config_error") == 0)
idata.flags |= PAMNS_IGN_CONFIG_ERR;
+ if (strcmp(argv[i], "no_unmount_on_close") == 0)
+ idata.flags |= PAMNS_NO_UNMOUNT_ON_CLOSE;
}
if (idata.flags & PAMNS_DEBUG)
pam_syslog(idata.pamh, LOG_DEBUG, "close_session - start");
/*
+ * For certain trusted programs such as newrole, open session
+ * is called from a child process while the parent perfoms
+ * close session and pam end functions. For these commands
+ * pam_close_session should not perform the unmount of the
+ * polyinstantiatied directory because it will result in
+ * undoing of parents polyinstantiatiaion. These commands
+ * will invoke pam_namespace with the "no_unmount_on_close"
+ * argument.
+ */
+ if (idata.flags & PAMNS_NO_UNMOUNT_ON_CLOSE) {
+ if (idata.flags & PAMNS_DEBUG)
+ pam_syslog(idata.pamh, LOG_DEBUG, "close_session - sucessful");
+ return PAM_SUCCESS;
+ }
+
+ /*
* Lookup user and fill struct items
*/
retval = pam_get_item(idata.pamh, PAM_USER, (void*) &user_name );
diff --git a/Linux-PAM/modules/pam_namespace/pam_namespace.h b/Linux-PAM/modules/pam_namespace/pam_namespace.h
index c918cff3..0847ec08 100644
--- a/Linux-PAM/modules/pam_namespace/pam_namespace.h
+++ b/Linux-PAM/modules/pam_namespace/pam_namespace.h
@@ -63,6 +63,7 @@
#ifdef WITH_SELINUX
#include <selinux/selinux.h>
+#include <selinux/context.h>
#endif
#ifndef CLONE_NEWNS
@@ -86,15 +87,19 @@
#define PAMNS_GEN_HASH 0x00002000 /* Generate md5 hash for inst names */
#define PAMNS_IGN_CONFIG_ERR 0x00004000 /* Ignore format error in conf file */
#define PAMNS_IGN_INST_PARENT_MODE 0x00008000 /* Ignore instance parent mode */
+#define PAMNS_NO_UNMOUNT_ON_CLOSE 0x00010000 /* no unmount at session close */
+
+#define NAMESPACE_MAX_DIR_LEN 80
/*
* Polyinstantiation method options, based on user, security context
* or both
*/
enum polymethod {
+ NONE,
USER,
CONTEXT,
- BOTH,
+ LEVEL,
};
/*
diff --git a/Linux-PAM/modules/pam_selinux/README b/Linux-PAM/modules/pam_selinux/README
index 4268d3fb..9e841f2e 100644
--- a/Linux-PAM/modules/pam_selinux/README
+++ b/Linux-PAM/modules/pam_selinux/README
@@ -31,11 +31,6 @@ debug
Turns on debugging via syslog(3).
-multiple
-
- Tells pam_selinux.so to allow the user to select the security context they
- will login with, if the user has more than one role.
-
open
Only execute the open_session portion of the module.
@@ -48,6 +43,16 @@ verbose
attempt to inform the user when security context is set.
+select_context
+
+ Attempt to ask the user for a custom security context role. If MLS is on
+ ask also for sensitivity level.
+
+use_current_range
+
+ Use the sensitivity range of the process for the user context. This option
+ and the select_context option are mutually exclusive.
+
EXAMPLES
auth required pam_unix.so
diff --git a/Linux-PAM/modules/pam_selinux/pam_selinux.8 b/Linux-PAM/modules/pam_selinux/pam_selinux.8
index f44fc684..6709ac9c 100644
--- a/Linux-PAM/modules/pam_selinux/pam_selinux.8
+++ b/Linux-PAM/modules/pam_selinux/pam_selinux.8
@@ -1,11 +1,11 @@
.\" Title: pam_selinux
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/18/2006
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: 06/20/2007
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_SELINUX" "8" "06/18/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SELINUX" "8" "06/20/2007" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -14,7 +14,7 @@
pam_selinux \- PAM module to set the default security context
.SH "SYNOPSIS"
.HP 15
-\fBpam_selinux.so\fR [close] [debug] [multiple] [open] [nottys] [verbose]
+\fBpam_selinux.so\fR [close] [debug] [open] [nottys] [verbose] [select_context] [use_current_range]
.SH "DESCRIPTION"
.PP
In a nutshell, pam_selinux sets up the default security context for the next execed shell.
@@ -23,43 +23,66 @@ When an application opens a session using pam_selinux, the shell that gets execu
.PP
Adding pam_selinux into a pam file could cause other pam modules to change their behavior if the exec another application. The close and open option help mitigate this problem. close option will only cause the close portion of the pam_selinux to execute, and open will only cause the open portion to run. You can add pam_selinux to the config file twice. Add the pam_selinux close as the executes the open pass through the modules, pam_selinux open_session will happen last. When PAM executes the close pass through the modules pam_selinux close_session will happen first.
.SH "OPTIONS"
-.TP 3n
+.PP
\fBclose\fR
+.RS 4
Only execute the close_session portion of the module.
-.TP 3n
+.RE
+.PP
\fBdebug\fR
+.RS 4
Turns on debugging via
\fBsyslog\fR(3).
-.TP 3n
-\fBmultiple\fR
-Tells pam_selinux.so to allow the user to select the security context they will login with, if the user has more than one role.
-.TP 3n
+.RE
+.PP
\fBopen\fR
+.RS 4
Only execute the open_session portion of the module.
-.TP 3n
+.RE
+.PP
\fBnottys\fR
+.RS 4
Do not try to setup the ttys security context.
-.TP 3n
+.RE
+.PP
\fBverbose\fR
+.RS 4
attempt to inform the user when security context is set.
+.RE
+.PP
+\fBselect_context\fR
+.RS 4
+Attempt to ask the user for a custom security context role. If MLS is on ask also for sensitivity level.
+.RE
+.PP
+\fBuse_current_range\fR
+.RS 4
+Use the sensitivity range of the process for the user context. This option and the select_context option are mutually exclusive.
+.RE
.SH "MODULE SERVICES PROVIDED"
.PP
Only the
\fBsession\fR
service is supported.
.SH "RETURN VALUES"
-.TP 3n
+.PP
PAM_AUTH_ERR
+.RS 4
Unable to get or set a valid context.
-.TP 3n
+.RE
+.PP
PAM_SUCCESS
+.RS 4
The security context was set successfull.
-.TP 3n
+.RE
+.PP
PAM_USER_UNKNOWN
+.RS 4
The user is not known to the system.
+.RE
.SH "EXAMPLES"
.sp
-.RS 3n
+.RS 4
.nf
auth required pam_unix.so
session required pam_permit.so
diff --git a/Linux-PAM/modules/pam_selinux/pam_selinux.8.xml b/Linux-PAM/modules/pam_selinux/pam_selinux.8.xml
index 1f00f082..3acd1322 100644
--- a/Linux-PAM/modules/pam_selinux/pam_selinux.8.xml
+++ b/Linux-PAM/modules/pam_selinux/pam_selinux.8.xml
@@ -25,9 +25,6 @@
debug
</arg>
<arg choice="opt">
- multiple
- </arg>
- <arg choice="opt">
open
</arg>
<arg choice="opt">
@@ -36,6 +33,12 @@
<arg choice="opt">
verbose
</arg>
+ <arg choice="opt">
+ select_context
+ </arg>
+ <arg choice="opt">
+ use_current_range
+ </arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -93,43 +96,53 @@
</varlistentry>
<varlistentry>
<term>
- <option>multiple</option>
+ <option>open</option>
</term>
<listitem>
<para>
- Tells pam_selinux.so to allow the user to select the
- security context they will login with, if the user has
- more than one role.
+ Only execute the open_session portion of the module.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
- <option>open</option>
+ <option>nottys</option>
</term>
<listitem>
<para>
- Only execute the open_session portion of the module.
+ Do not try to setup the ttys security context.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
- <option>nottys</option>
+ <option>verbose</option>
</term>
<listitem>
<para>
- Do not try to setup the ttys security context.
+ attempt to inform the user when security context is set.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
- <option>verbose</option>
+ <option>select_context</option>
</term>
<listitem>
<para>
- attempt to inform the user when security context is set.
+ Attempt to ask the user for a custom security context role.
+ If MLS is on ask also for sensitivity level.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>use_current_range</option>
+ </term>
+ <listitem>
+ <para>
+ Use the sensitivity range of the process for the user context.
+ This option and the select_context option are mutually exclusive.
</para>
</listitem>
</varlistentry>
diff --git a/Linux-PAM/modules/pam_selinux/pam_selinux.c b/Linux-PAM/modules/pam_selinux/pam_selinux.c
index 5aaec2e7..f0935896 100644
--- a/Linux-PAM/modules/pam_selinux/pam_selinux.c
+++ b/Linux-PAM/modules/pam_selinux/pam_selinux.c
@@ -63,9 +63,67 @@
#include <selinux/selinux.h>
#include <selinux/get_context_list.h>
#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
#include <selinux/selinux.h>
#include <selinux/context.h>
+#include <selinux/get_default_type.h>
+#ifdef HAVE_LIBAUDIT
+#include <libaudit.h>
+#include <sys/select.h>
+#include <errno.h>
+#endif
+
+/* Send audit message */
+static
+
+int send_audit_message(pam_handle_t *pamh, int success, security_context_t default_context,
+ security_context_t selected_context)
+{
+ int rc=0;
+#ifdef HAVE_LIBAUDIT
+ char *msg = NULL;
+ int audit_fd = audit_open();
+ security_context_t default_raw=NULL;
+ security_context_t selected_raw=NULL;
+ rc = -1;
+ if (audit_fd < 0) {
+ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
+ errno == EAFNOSUPPORT)
+ return 0; /* No audit support in kernel */
+ pam_syslog(pamh, LOG_ERR, _("Error connecting to audit system."));
+ return rc;
+ }
+ if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) {
+ pam_syslog(pamh, LOG_ERR, _("Error translating default context."));
+ default_raw = NULL;
+ }
+ if (selinux_trans_to_raw_context(selected_context, &selected_raw) < 0) {
+ pam_syslog(pamh, LOG_ERR, _("Error translating selected context."));
+ selected_raw = NULL;
+ }
+ if (asprintf(&msg, "pam: default-context=%s selected-context=%s",
+ default_raw ? default_raw : (default_context ? default_context : "?"),
+ selected_raw ? selected_raw : (selected_context ? selected_context : "?")) < 0) {
+ pam_syslog(pamh, LOG_ERR, ("Error allocating memory."));
+ goto out;
+ }
+ if (audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
+ msg, NULL, NULL, NULL, success) <= 0) {
+ pam_syslog(pamh, LOG_ERR, _("Error sending audit message."));
+ goto out;
+ }
+ rc = 0;
+ out:
+ free(msg);
+ freecon(default_raw);
+ freecon(selected_raw);
+ close(audit_fd);
+#else
+ pam_syslog(pamh, LOG_NOTICE, "pam: default-context=%s selected-context=%s success %d", default_context, selected_context, success);
+#endif
+ return rc;
+}
static int
send_text (pam_handle_t *pamh, const char *text, int debug)
{
@@ -79,119 +137,64 @@ send_text (pam_handle_t *pamh, const char *text, int debug)
* is responsible for freeing the responses.
*/
static int
-query_response (pam_handle_t *pamh, const char *text,
+query_response (pam_handle_t *pamh, const char *text, const char *def,
char **responses, int debug)
{
+ int rc;
+ if (def)
+ rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s [%s] ", text, def);
+ else
+ rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s ", text);
if (debug)
- pam_syslog(pamh, LOG_NOTICE, "%s", text);
-
- return pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s", text);
-}
-
-static security_context_t
-select_context (pam_handle_t *pamh, security_context_t* contextlist,
- int debug)
-{
- char *responses;
- char *text=calloc(PATH_MAX,1);
-
- if (text == NULL)
- return (security_context_t) strdup(contextlist[0]);
-
- snprintf(text, PATH_MAX,
- _("Your default context is %s. \n"), contextlist[0]);
- send_text(pamh,text,debug);
- free(text);
- query_response(pamh,_("Do you want to choose a different one? [n]"),
- &responses,debug);
- if (responses && ((responses[0] == 'y') ||
- (responses[0] == 'Y')))
- {
- int choice=0;
- int i;
- const char *prompt=_("Enter number of choice: ");
- int len=strlen(prompt);
- char buf[PATH_MAX];
-
- _pam_drop(responses);
- for (i = 0; contextlist[i]; i++) {
- len+=strlen(contextlist[i]) + 10;
- }
- text=calloc(len,1);
- for (i = 0; contextlist[i]; i++) {
- snprintf(buf, PATH_MAX,
- "[%d] %s\n", i+1, contextlist[i]);
- strncat(text,buf,len);
- }
- strcat(text,prompt);
- while ((choice < 1) || (choice > i)) {
- query_response(pamh,text,&responses,debug);
- choice = strtol (responses, NULL, 10);
- _pam_drop(responses);
- }
- free(text);
- return (security_context_t) strdup(contextlist[choice-1]);
- }
- else if (responses)
- _pam_drop(responses);
-
- return (security_context_t) strdup(contextlist[0]);
+ pam_syslog(pamh, LOG_NOTICE, "%s %s", text, responses[0]);
+ return rc;
}
static security_context_t
manual_context (pam_handle_t *pamh, const char *user, int debug)
{
- security_context_t newcon;
+ security_context_t newcon=NULL;
context_t new_context;
int mls_enabled = is_selinux_mls_enabled();
-
- char *responses;
+ char *type=NULL;
+ char *responses=NULL;
while (1) {
query_response(pamh,
- _("Would you like to enter a security context? [y] "),
+ _("Would you like to enter a security context? [N] "), NULL,
&responses,debug);
- if ((responses[0] == 'y') || (responses[0] == 'Y') ||
- (responses[0] == '\0') )
+ if ((responses[0] == 'y') || (responses[0] == 'Y'))
{
if (mls_enabled)
new_context = context_new ("user:role:type:level");
else
new_context = context_new ("user:role:type");
- _pam_drop(responses);
- /* Allow the user to enter each field of the context individually */
+ if (!new_context)
+ goto fail_set;
+
if (context_user_set (new_context, user))
- {
- context_free (new_context);
- return NULL;
- }
- query_response(pamh,_("role: "),&responses,debug);
- if (context_role_set (new_context, responses))
- {
- _pam_drop(responses);
- context_free (new_context);
- return NULL;
- }
+ goto fail_set;
+
_pam_drop(responses);
- query_response(pamh,_("type: "),&responses,debug);
- if (context_type_set (new_context, responses))
- {
- _pam_drop(responses);
- context_free (new_context);
- return NULL;
- }
+ /* Allow the user to enter each field of the context individually */
+ query_response(pamh,_("role:"), NULL, &responses,debug);
+ if (responses[0] != '\0') {
+ if (context_role_set (new_context, responses))
+ goto fail_set;
+ if (get_default_type(responses, &type))
+ goto fail_set;
+ if (context_type_set (new_context, type))
+ goto fail_set;
+ }
_pam_drop(responses);
if (mls_enabled)
{
- query_response(pamh,_("level: "),&responses,debug);
- if (context_range_set (new_context, responses))
- {
- _pam_drop(responses);
- context_free (new_context);
- return NULL;
- }
- _pam_drop(responses);
+ query_response(pamh,_("level:"), NULL, &responses,debug);
+ if (responses[0] != '\0') {
+ if (context_range_set (new_context, responses))
+ goto fail_set;
+ }
}
/* Get the string value of the context and see if it is valid. */
if (!security_check_context(context_str(new_context))) {
@@ -201,14 +204,129 @@ manual_context (pam_handle_t *pamh, const char *user, int debug)
}
else
send_text(pamh,_("Not a valid security context"),debug);
+ context_free (new_context);
}
else {
_pam_drop(responses);
return NULL;
}
} /* end while */
+ fail_set:
+ free(type);
+ _pam_drop(responses);
+ context_free (new_context);
+ return NULL;
+}
+
+static int mls_range_allowed(pam_handle_t *pamh, security_context_t src, security_context_t dst, int debug)
+{
+ struct av_decision avd;
+ int retval;
+ unsigned int bit = CONTEXT__CONTAINS;
+ context_t src_context = context_new (src);
+ context_t dst_context = context_new (dst);
+ context_range_set(dst_context, context_range_get(src_context));
+ if (debug)
+ pam_syslog(pamh, LOG_NOTICE, "Checking if %s mls range valid for %s", dst, context_str(dst_context));
+
+ retval = security_compute_av(context_str(dst_context), dst, SECCLASS_CONTEXT, bit, &avd);
+ context_free(src_context);
+ context_free(dst_context);
+ if (retval || ((bit & avd.allowed) != bit))
+ return 0;
+
+ return 1;
+}
+
+static security_context_t
+config_context (pam_handle_t *pamh, security_context_t puser_context, int debug)
+{
+ security_context_t newcon=NULL;
+ context_t new_context;
+ int mls_enabled = is_selinux_mls_enabled();
+ char *responses=NULL;
+ char *type=NULL;
+ char resp_val = 0;
+
+ pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), puser_context);
+
+ while (1) {
+ query_response(pamh,
+ _("Would you like to enter a different role or level?"), "n",
+ &responses,debug);
+
+ resp_val = responses[0];
+ _pam_drop(responses);
+ if ((resp_val == 'y') || (resp_val == 'Y'))
+ {
+ new_context = context_new(puser_context);
+
+ /* Allow the user to enter role and level individually */
+ query_response(pamh,_("role:"), context_role_get(new_context),
+ &responses, debug);
+ if (responses[0]) {
+ if (get_default_type(responses, &type)) {
+ pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), responses);
+ _pam_drop(responses);
+ continue;
+ } else {
+ if (context_role_set(new_context, responses))
+ goto fail_set;
+ if (context_type_set (new_context, type))
+ goto fail_set;
+ }
+ }
+ _pam_drop(responses);
+ if (mls_enabled)
+ {
+ query_response(pamh,_("level:"), context_range_get(new_context),
+ &responses, debug);
+ if (responses[0]) {
+ if (context_range_set(new_context, responses))
+ goto fail_set;
+ }
+ _pam_drop(responses);
+ }
+ if (debug)
+ pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", context_str(new_context));
+
+ /* Get the string value of the context and see if it is valid. */
+ if (!security_check_context(context_str(new_context))) {
+ newcon = strdup(context_str(new_context));
+ context_free (new_context);
+
+ /* we have to check that this user is allowed to go into the
+ range they have specified ... role is tied to an seuser, so that'll
+ be checked at setexeccon time */
+ if (mls_enabled && !mls_range_allowed(pamh, puser_context, newcon, debug)) {
+ pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", puser_context, newcon);
+
+ send_audit_message(pamh, 0, puser_context, newcon);
+
+ free(newcon);
+ goto fail_range;
+ }
+ return newcon;
+ }
+ else {
+ send_audit_message(pamh, 0, puser_context, context_str(new_context));
+ send_text(pamh,_("Not a valid security context"),debug);
+ }
+ context_free(new_context); /* next time around allocates another */
+ }
+ else
+ return strdup(puser_context);
+ } /* end while */
return NULL;
+
+ fail_set:
+ free(type);
+ _pam_drop(responses);
+ context_free (new_context);
+ send_audit_message(pamh, 0, puser_context, NULL);
+ fail_range:
+ return NULL;
}
static void
@@ -322,12 +440,17 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
int argc, const char **argv)
{
int i, debug = 0, ttys=1, has_tty=isatty(0);
- int verbose=0, multiple=0, close_session=0;
+ int verbose=0, close_session=0;
+ int select_context = 0;
+ int use_current_range = 0;
int ret = 0;
security_context_t* contextlist = NULL;
int num_contexts = 0;
- const void *username = NULL;
+ const char *username = NULL;
const void *tty = NULL;
+ char *seuser=NULL;
+ char *level=NULL;
+ security_context_t default_user_context=NULL;
/* Parse arguments. */
for (i = 0; i < argc; i++) {
@@ -340,17 +463,25 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
if (strcmp(argv[i], "verbose") == 0) {
verbose = 1;
}
- if (strcmp(argv[i], "multiple") == 0) {
- multiple = 1;
- }
if (strcmp(argv[i], "close") == 0) {
close_session = 1;
}
+ if (strcmp(argv[i], "select_context") == 0) {
+ select_context = 1;
+ }
+ if (strcmp(argv[i], "use_current_range") == 0) {
+ use_current_range = 1;
+ }
}
-
+
if (debug)
pam_syslog(pamh, LOG_NOTICE, "Open Session");
+ if (select_context && use_current_range) {
+ pam_syslog(pamh, LOG_ERR, "select_context cannot be used with use_current_range");
+ select_context = 0;
+ }
+
/* this module is only supposed to execute close_session */
if (close_session)
return PAM_SUCCESS;
@@ -358,34 +489,110 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
if (!(selinux_enabled = is_selinux_enabled()>0) )
return PAM_SUCCESS;
- if (pam_get_item(pamh, PAM_USER, &username) != PAM_SUCCESS ||
+ if (pam_get_item(pamh, PAM_USER, (void *) &username) != PAM_SUCCESS ||
username == NULL) {
return PAM_USER_UNKNOWN;
}
- num_contexts = get_ordered_context_list(username, 0, &contextlist);
+
+ if (getseuserbyname(username, &seuser, &level)==0) {
+ num_contexts = get_ordered_context_list_with_level(seuser,
+ level,
+ NULL,
+ &contextlist);
+ if (debug)
+ pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s",
+ username, seuser, level);
+ free(seuser);
+ free(level);
+ }
if (num_contexts > 0) {
- if (multiple && (num_contexts > 1) && has_tty) {
- user_context = select_context(pamh,contextlist, debug);
- freeconary(contextlist);
- } else {
- user_context = (security_context_t) strdup(contextlist[0]);
- freeconary(contextlist);
+ default_user_context=strdup(contextlist[0]);
+ freeconary(contextlist);
+ if (default_user_context == NULL) {
+ pam_syslog(pamh, LOG_ERR, _("Out of memory"));
+ return PAM_AUTH_ERR;
}
- } else {
+ user_context = default_user_context;
+ if (select_context && has_tty) {
+ user_context = config_context(pamh, default_user_context, debug);
+ if (user_context == NULL) {
+ freecon(default_user_context);
+ pam_syslog(pamh, LOG_ERR, _("Unable to get valid context for %s"),
+ username);
+ pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("Unable to get valid context for %s"), username);
+ if (security_getenforce() == 1)
+ return PAM_AUTH_ERR;
+ else
+ return PAM_SUCCESS;
+ }
+ }
+ }
+ else {
if (has_tty) {
- user_context = manual_context(pamh,username,debug);
+ user_context = manual_context(pamh,seuser,debug);
if (user_context == NULL) {
pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s",
- (const char *)username);
- return PAM_AUTH_ERR;
+ username);
+ if (security_getenforce() == 1)
+ return PAM_AUTH_ERR;
+ else
+ return PAM_SUCCESS;
}
} else {
pam_syslog (pamh, LOG_ERR,
"Unable to get valid context for %s, No valid tty",
- (const char *)username);
+ username);
+ if (security_getenforce() == 1)
+ return PAM_AUTH_ERR;
+ else
+ return PAM_SUCCESS;
+ }
+ }
+
+ if (use_current_range && is_selinux_mls_enabled()) {
+ security_context_t process_context=NULL;
+ if (getcon(&process_context) == 0) {
+ context_t pcon, ucon;
+ char *process_level=NULL;
+ security_context_t orig_context;
+
+ if (user_context)
+ orig_context = user_context;
+ else
+ orig_context = default_user_context;
+
+ pcon = context_new(process_context);
+ freecon(process_context);
+ process_level = strdup(context_range_get(pcon));
+ context_free(pcon);
+
+ if (debug)
+ pam_syslog (pamh, LOG_DEBUG, "process level=%s", process_level);
+
+ ucon = context_new(orig_context);
+
+ context_range_set(ucon, process_level);
+ free(process_level);
+
+ if (!mls_range_allowed(pamh, orig_context, context_str(ucon), debug)) {
+ send_text(pamh, _("Requested MLS level not in permitted range"), debug);
+ /* even if default_user_context is NULL audit that anyway */
+ send_audit_message(pamh, 0, default_user_context, context_str(ucon));
+ context_free(ucon);
return PAM_AUTH_ERR;
+ }
+
+ if (debug)
+ pam_syslog (pamh, LOG_DEBUG, "adjusted context=%s", context_str(ucon));
+
+ /* replace the user context with the level adjusted one */
+ freecon(user_context);
+ user_context = strdup(context_str(ucon));
+
+ context_free(ucon);
}
}
+
if (getexeccon(&prev_user_context)<0) {
prev_user_context=NULL;
}
@@ -410,6 +617,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
ttyn=strdup(tty);
ttyn_context=security_label_tty(pamh,ttyn,user_context);
}
+ send_audit_message(pamh, 1, default_user_context, user_context);
+ if (default_user_context != user_context) {
+ freecon(default_user_context);
+ }
ret = setexeccon(user_context);
if (ret==0 && verbose) {
char msg[PATH_MAX];
@@ -420,14 +631,38 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
if (ret) {
pam_syslog(pamh, LOG_ERR,
"Error! Unable to set %s executable context %s.",
- (const char *)username, user_context);
- freecon(user_context);
- return PAM_AUTH_ERR;
+ username, user_context);
+ if (security_getenforce() == 1) {
+ freecon(user_context);
+ return PAM_AUTH_ERR;
+ }
} else {
if (debug)
pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s",
- (const char *)username, user_context);
+ username, user_context);
+ }
+#ifdef HAVE_SETKEYCREATECON
+ ret = setkeycreatecon(user_context);
+ if (ret==0 && verbose) {
+ char msg[PATH_MAX];
+ snprintf(msg, sizeof(msg),
+ _("Key Creation Context %s Assigned"), user_context);
+ verbose_message(pamh, msg, debug);
+ }
+ if (ret) {
+ pam_syslog(pamh, LOG_ERR,
+ "Error! Unable to set %s key creation context %s.",
+ username, user_context);
+ if (security_getenforce() == 1) {
+ freecon(user_context);
+ return PAM_AUTH_ERR;
+ }
+ } else {
+ if (debug)
+ pam_syslog(pamh, LOG_NOTICE, "set %s key creation context to %s",
+ username, user_context);
}
+#endif
freecon(user_context);
return PAM_SUCCESS;
@@ -472,7 +707,10 @@ pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
if (status) {
pam_syslog(pamh, LOG_ERR, "Error! Unable to set executable context %s.",
prev_user_context);
- return PAM_AUTH_ERR;
+ if (security_getenforce() == 1)
+ return PAM_AUTH_ERR;
+ else
+ return PAM_SUCCESS;
}
if (debug)
diff --git a/Linux-PAM/modules/pam_umask/pam_umask.c b/Linux-PAM/modules/pam_umask/pam_umask.c
index fdeb3c51..eb88c1ac 100644
--- a/Linux-PAM/modules/pam_umask/pam_umask.c
+++ b/Linux-PAM/modules/pam_umask/pam_umask.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@thkukuk.de>
+ * Copyright (c) 2005, 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -181,7 +181,7 @@ set_umask (const char *value)
mask = strtoul (value, &endptr, 8) & 0777;
if (((mask == 0) && (value_orig == endptr)) ||
- ((mask == ULONG_MAX) && (errno == ERANGE)))
+ ((mask == UINT_MAX) && (errno == ERANGE)))
return;
umask (mask);
return;
diff --git a/Linux-PAM/modules/pam_unix/pam_unix_passwd.c b/Linux-PAM/modules/pam_unix/pam_unix_passwd.c
index 8921d1cc..c8ee5492 100644
--- a/Linux-PAM/modules/pam_unix/pam_unix_passwd.c
+++ b/Linux-PAM/modules/pam_unix/pam_unix_passwd.c
@@ -330,11 +330,12 @@ static int check_old_password(const char *forwho, const char *newpass)
while (fgets(buf, 16380, opwfile)) {
if (!strncmp(buf, forwho, strlen(forwho))) {
+ char *sptr;
buf[strlen(buf) - 1] = '\0';
- s_luser = strtok(buf, ":,");
- s_uid = strtok(NULL, ":,");
- s_npas = strtok(NULL, ":,");
- s_pas = strtok(NULL, ":,");
+ s_luser = strtok_r(buf, ":,", &sptr);
+ s_uid = strtok_r(NULL, ":,", &sptr);
+ s_npas = strtok_r(NULL, ":,", &sptr);
+ s_pas = strtok_r(NULL, ":,", &sptr);
while (s_pas != NULL) {
char *md5pass = Goodcrypt_md5(newpass, s_pas);
if (!strcmp(md5pass, s_pas)) {
@@ -342,7 +343,7 @@ static int check_old_password(const char *forwho, const char *newpass)
retval = PAM_AUTHTOK_ERR;
break;
}
- s_pas = strtok(NULL, ":,");
+ s_pas = strtok_r(NULL, ":,", &sptr);
_pam_delete(md5pass);
}
break;
@@ -432,11 +433,12 @@ static int save_old_password(pam_handle_t *pamh,
while (fgets(buf, 16380, opwfile)) {
if (!strncmp(buf, forwho, strlen(forwho))) {
+ char *sptr;
buf[strlen(buf) - 1] = '\0';
- s_luser = strtok(buf, ":");
- s_uid = strtok(NULL, ":");
- s_npas = strtok(NULL, ":");
- s_pas = strtok(NULL, ":");
+ s_luser = strtok_r(buf, ":", &sptr);
+ s_uid = strtok_r(NULL, ":", &sptr);
+ s_npas = strtok_r(NULL, ":", &sptr);
+ s_pas = strtok_r(NULL, ":", &sptr);
npas = strtol(s_npas, NULL, 10) + 1;
while (npas > howmany) {
s_pas = strpbrk(s_pas, ",");
@@ -1077,13 +1079,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
user);
return PAM_USER_UNKNOWN;
}
- if (!_unix_shadowed(pwd) &&
- (strchr(pwd->pw_passwd, '*') != NULL)) {
- pam_syslog(pamh, LOG_DEBUG,
- "user \"%s\" does not have modifiable password",
- user);
- return PAM_USER_UNKNOWN;
- }
}
/*
diff --git a/Linux-PAM/modules/pam_unix/support.c b/Linux-PAM/modules/pam_unix/support.c
index 954f2c73..fc95f2c0 100644
--- a/Linux-PAM/modules/pam_unix/support.c
+++ b/Linux-PAM/modules/pam_unix/support.c
@@ -679,7 +679,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
}
}
} else {
- int salt_len = strlen(salt);
+ size_t salt_len = strlen(salt);
if (!salt_len) {
/* the stored password is NULL */
if (off(UNIX__NONULL, ctrl)) {/* this means we've succeeded */
@@ -689,19 +689,19 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
D(("user has empty password - access denied"));
retval = PAM_AUTH_ERR;
}
- } else if (!p || (*salt == '*')) {
+ } else if (!p || *salt == '*' || *salt == '!') {
retval = PAM_AUTH_ERR;
} else {
if (!strncmp(salt, "$1$", 3)) {
pp = Goodcrypt_md5(p, salt);
- if (strcmp(pp, salt) != 0) {
+ if (pp && strcmp(pp, salt) != 0) {
_pam_delete(pp);
pp = Brokencrypt_md5(p, salt);
}
} else if (*salt != '$' && salt_len >= 13) {
pp = bigcrypt(p, salt);
- if (strlen(pp) > salt_len) {
- pp[salt_len] = '\0';
+ if (pp && salt_len == 13 && strlen(pp) > salt_len) {
+ _pam_overwrite(pp + salt_len);
}
} else {
/*
@@ -715,7 +715,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
/* the moment of truth -- do we agree with the password? */
D(("comparing state of pp[%s] and salt[%s]", pp, salt));
- if (strcmp(pp, salt) == 0) {
+ if (pp && strcmp(pp, salt) == 0) {
retval = PAM_SUCCESS;
} else {
retval = PAM_AUTH_ERR;
diff --git a/Linux-PAM/modules/pam_unix/unix_chkpwd.c b/Linux-PAM/modules/pam_unix/unix_chkpwd.c
index 87d29256..236ad5c2 100644
--- a/Linux-PAM/modules/pam_unix/unix_chkpwd.c
+++ b/Linux-PAM/modules/pam_unix/unix_chkpwd.c
@@ -144,7 +144,7 @@ static int _unix_verify_password(const char *name, const char *p, int nullok)
char *salt = NULL;
char *pp = NULL;
int retval = PAM_AUTH_ERR;
- int salt_len;
+ size_t salt_len;
/* UNIX passwords area */
setpwent();
@@ -189,6 +189,8 @@ static int _unix_verify_password(const char *name, const char *p, int nullok)
return (nullok == 0) ? PAM_AUTH_ERR : PAM_SUCCESS;
}
if (p == NULL || strlen(p) == 0) {
+ _pam_overwrite(salt);
+ _pam_drop(salt);
return PAM_AUTHTOK_ERR;
}
@@ -196,11 +198,13 @@ static int _unix_verify_password(const char *name, const char *p, int nullok)
retval = PAM_AUTH_ERR;
if (!strncmp(salt, "$1$", 3)) {
pp = Goodcrypt_md5(p, salt);
- if (strcmp(pp, salt) == 0) {
+ if (pp && strcmp(pp, salt) == 0) {
retval = PAM_SUCCESS;
} else {
+ _pam_overwrite(pp);
+ _pam_drop(pp);
pp = Brokencrypt_md5(p, salt);
- if (strcmp(pp, salt) == 0)
+ if (pp && strcmp(pp, salt) == 0)
retval = PAM_SUCCESS;
}
} else if (*salt == '$') {
@@ -209,10 +213,10 @@ static int _unix_verify_password(const char *name, const char *p, int nullok)
* libcrypt nows about it? We should try it.
*/
pp = x_strdup (crypt(p, salt));
- if (strcmp(pp, salt) == 0) {
+ if (pp && strcmp(pp, salt) == 0) {
retval = PAM_SUCCESS;
}
- } else if ((*salt == '*') || (salt_len < 13)) {
+ } else if (*salt == '*' || *salt == '!' || salt_len < 13) {
retval = PAM_AUTH_ERR;
} else {
pp = bigcrypt(p, salt);
@@ -223,24 +227,21 @@ static int _unix_verify_password(const char *name, const char *p, int nullok)
* have been truncated for storage relative to the output
* of bigcrypt here. As such we need to compare only the
* stored string with the subset of bigcrypt's result.
- * Bug 521314: the strncmp comparison is for legacy support.
+ * Bug 521314.
*/
- if (strncmp(pp, salt, salt_len) == 0) {
+ if (pp && salt_len == 13 && strlen(pp) > salt_len) {
+ _pam_overwrite(pp+salt_len);
+ }
+
+ if (pp && strcmp(pp, salt) == 0) {
retval = PAM_SUCCESS;
}
}
p = NULL; /* no longer needed here */
/* clean up */
- {
- char *tp = pp;
- if (pp != NULL) {
- while (tp && *tp)
- *tp++ = '\0';
- free(pp);
- }
- pp = tp = NULL;
- }
+ _pam_overwrite(pp);
+ _pam_drop(pp);
return retval;
}
diff --git a/Linux-PAM/po/LINGUAS b/Linux-PAM/po/LINGUAS
index 65a9c6e9..8bb4bd84 100644
--- a/Linux-PAM/po/LINGUAS
+++ b/Linux-PAM/po/LINGUAS
@@ -1,4 +1,7 @@
+ar
+ca
cs
+da
de
es
fi
@@ -11,9 +14,12 @@ nb
nl
pa
pl
-pt_BR
pt
+pt_BR
+ru
+sv
tr
uk
zh_CN
zh_TW
+zu
diff --git a/Linux-PAM/po/Linux-PAM.pot b/Linux-PAM/po/Linux-PAM.pot
index 4348fd6a..093b77f2 100644
--- a/Linux-PAM/po/Linux-PAM.pot
+++ b/Linux-PAM/po/Linux-PAM.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -180,46 +180,50 @@ msgstr ""
msgid "Sorry, passwords do not match."
msgstr ""
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr ""
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr ""
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr ""
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr ""
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr ""
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr ""
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr ""
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr ""
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr ""
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr ""
@@ -266,7 +270,7 @@ msgstr ""
msgid "Welcome to your new account!"
msgstr ""
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr ""
@@ -307,54 +311,85 @@ msgstr ""
msgid "You have mail in folder %s."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
+#: modules/pam_selinux/pam_selinux.c:98
+msgid "Error translating default context."
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:164
+msgid "Would you like to enter a security context? [N] "
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+msgid "role:"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+msgid "level:"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, c-format
+msgid "Default Security Context %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:255
+msgid "Would you like to enter a different role or level?"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr ""
+#: modules/pam_selinux/pam_selinux.c:649
+#, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr ""
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -454,35 +489,35 @@ msgstr ""
msgid "Password: "
msgstr ""
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr ""
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr ""
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr ""
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, c-format
msgid "Changing password for %s."
msgstr ""
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr ""
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr ""
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr ""
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr ""
diff --git a/Linux-PAM/po/ar.po b/Linux-PAM/po/ar.po
new file mode 100644
index 00000000..75759354
--- /dev/null
+++ b/Linux-PAM/po/ar.po
@@ -0,0 +1,540 @@
+# @TITLE@
+# Copyright (C) 2006, SUSE Linux GmbH, Nuremberg
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+# This file is distributed under the same license as @PACKAGE@ package. FIRST
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: @PACKAGE@\n"
+"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
+"PO-Revision-Date: 2001-07-13 15:36+0200\n"
+"Last-Translator: Novell Language <language@novell.com>\n"
+"Language-Team: Novell Language <language@novell.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: libpam_misc/misc_conv.c:33
+msgid "...Time is running out...\n"
+msgstr "...الوقت ينفد...\n"
+
+#: libpam_misc/misc_conv.c:34
+msgid "...Sorry, your time is up!\n"
+msgstr "...عذرًا، انتهى الوقت!\n"
+
+#: libpam_misc/misc_conv.c:343
+#, c-format
+msgid "erroneous conversation (%d)\n"
+msgstr "محادثة خاطئة (%d)\n"
+
+#: libpam/pam_item.c:271
+msgid "login:"
+msgstr "تسجيل الدخول:"
+
+#: libpam/pam_strerror.c:40
+msgid "Success"
+msgstr "نجاح"
+
+#: libpam/pam_strerror.c:42
+msgid "Critical error - immediate abort"
+msgstr "خطأ جسيم - إيقاف فوري"
+
+#: libpam/pam_strerror.c:44
+msgid "Failed to load module"
+msgstr ""
+
+#: libpam/pam_strerror.c:46
+msgid "Symbol not found"
+msgstr "الرمز غير موجود"
+
+#: libpam/pam_strerror.c:48
+msgid "Error in service module"
+msgstr "خطأ في الوحدة النمطية للخدمة"
+
+#: libpam/pam_strerror.c:50
+msgid "System error"
+msgstr "خطأ بالنظام"
+
+#: libpam/pam_strerror.c:52
+msgid "Memory buffer error"
+msgstr "خطأ في الذاكرة الوسيطة"
+
+#: libpam/pam_strerror.c:54
+msgid "Permission denied"
+msgstr "الإذن مرفوض"
+
+#: libpam/pam_strerror.c:56
+msgid "Authentication failure"
+msgstr "فشل التصديق"
+
+#: libpam/pam_strerror.c:58
+msgid "Insufficient credentials to access authentication data"
+msgstr "صلاحيات غير كافية للوصول إلى بيانات التصديق"
+
+#: libpam/pam_strerror.c:60
+msgid "Authentication service cannot retrieve authentication info"
+msgstr "تعذر على خدمة التصديق استرجاع معلومات التصديق"
+
+#: libpam/pam_strerror.c:62
+msgid "User not known to the underlying authentication module"
+msgstr "المستخدم مجهول بالنسبة لوحدة التصديق النمطية الأساسية"
+
+#: libpam/pam_strerror.c:64
+msgid "Have exhausted maximum number of retries for service"
+msgstr "تم استنفاذ الحد الأقصى للمحاولة بالنسبة لهذه الخدمة"
+
+#: libpam/pam_strerror.c:66
+msgid "Authentication token is no longer valid; new one required"
+msgstr "لم يعد الرمز المميز للتصديق صالحًا، مطلوب رمز مميز جديد"
+
+#: libpam/pam_strerror.c:68
+msgid "User account has expired"
+msgstr "انتهت صلاحية حساب المستخدم"
+
+#: libpam/pam_strerror.c:70
+msgid "Cannot make/remove an entry for the specified session"
+msgstr "لا يمكن إنشاء/إزالة إدخال بالنسبة للجلسة المحددة"
+
+#: libpam/pam_strerror.c:72
+msgid "Authentication service cannot retrieve user credentials"
+msgstr "لا يمكن لخدمة التصديق استرجاع صلاحيات المستخدم"
+
+#: libpam/pam_strerror.c:74
+msgid "User credentials expired"
+msgstr "صلاحيات المستخدم منتهية الصلاحية"
+
+#: libpam/pam_strerror.c:76
+msgid "Failure setting user credentials"
+msgstr "فشل تعيين صلاحيات المستخدم"
+
+#: libpam/pam_strerror.c:78
+msgid "No module specific data is present"
+msgstr "لا يوجد بيانات خاصة بالوحدات النمطية"
+
+#: libpam/pam_strerror.c:80
+msgid "Bad item passed to pam_*_item()"
+msgstr "تم تمرير عنصر سيء إلى pam_*_item()"
+
+#: libpam/pam_strerror.c:82
+msgid "Conversation error"
+msgstr "خطأ في المحادثة"
+
+#: libpam/pam_strerror.c:84
+msgid "Authentication token manipulation error"
+msgstr "خطأ في معالجة الرمز المميز للتصديق"
+
+#: libpam/pam_strerror.c:86
+msgid "Authentication information cannot be recovered"
+msgstr "لا يمكن استعادة معلومات التصديق"
+
+#: libpam/pam_strerror.c:88
+msgid "Authentication token lock busy"
+msgstr "قفل الرمز المميز للتصديق مشغول"
+
+#: libpam/pam_strerror.c:90
+msgid "Authentication token aging disabled"
+msgstr "تم تعطيل تقادم الرمز المميز للتصديق"
+
+#: libpam/pam_strerror.c:92
+msgid "Failed preliminary check by password service"
+msgstr "فشل التحقق الأولي بواسطة خدمة كلمة السر"
+
+#: libpam/pam_strerror.c:94
+msgid "The return value should be ignored by PAM dispatch"
+msgstr "يجب تجاهل القيمة الناتجة بواسطة إرسال PAM"
+
+#: libpam/pam_strerror.c:96
+msgid "Module is unknown"
+msgstr "الوحدة النمطية غير معروفة"
+
+#: libpam/pam_strerror.c:98
+msgid "Authentication token expired"
+msgstr "انتهت صلاحية الرمز المميز للتصديق"
+
+#: libpam/pam_strerror.c:100
+msgid "Conversation is waiting for event"
+msgstr "المحادثة تنتظر الحدث"
+
+#: libpam/pam_strerror.c:102
+msgid "Application needs to call libpam again"
+msgstr "يحتاج التطبيق إلى استدعاء libpam مرة أخرى"
+
+#: libpam/pam_strerror.c:105
+msgid "Unknown PAM error"
+msgstr "خطأ PAM غير معروف"
+
+#: modules/pam_cracklib/pam_cracklib.c:60
+#, c-format
+msgid "New %s%spassword: "
+msgstr "كلمة سر %s%s الجديدة: "
+
+#: modules/pam_cracklib/pam_cracklib.c:62
+#, c-format
+msgid "Retype new %s%spassword: "
+msgstr "أعد كتابة كلمة سر %s%s الجديدة: "
+
+#: modules/pam_cracklib/pam_cracklib.c:63
+msgid "Sorry, passwords do not match."
+msgstr "عذرًا، يوجد عدم تطابق بين كلمات السر."
+
+#: modules/pam_cracklib/pam_cracklib.c:427
+msgid "is the same as the old one"
+msgstr "لا يوجد اختلاف عن كلمة السر القديمة"
+
+#: modules/pam_cracklib/pam_cracklib.c:440
+msgid "is a palindrome"
+msgstr "كلمة سر يمكن قراءتها من الجهتين"
+
+#: modules/pam_cracklib/pam_cracklib.c:443
+msgid "case changes only"
+msgstr "لم يتم سوى تغيير حالة الأحرف"
+
+#: modules/pam_cracklib/pam_cracklib.c:446
+msgid "is too similar to the old one"
+msgstr "كلمة السر الجديدة شديدة الشبه بكلمة السر القديمة"
+
+#: modules/pam_cracklib/pam_cracklib.c:449
+msgid "is too simple"
+msgstr "كلمة السر شديدة البساطة"
+
+#: modules/pam_cracklib/pam_cracklib.c:452
+msgid "is rotated"
+msgstr "كلمة مرور ملتفة"
+
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
+msgid "has been already used"
+msgstr "كلمة السر مستخدمة بالفعل"
+
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
+msgid "No password supplied"
+msgstr "لم يتم إدخال كلمة السر"
+
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
+msgid "Password unchanged"
+msgstr "لم يتم تغيير كلمة السر"
+
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
+#, c-format
+msgid "BAD PASSWORD: %s"
+msgstr "كلمة سر سيئة: %s"
+
+#: modules/pam_exec/pam_exec.c:118
+#, c-format
+msgid "%s failed: exit code %d"
+msgstr ""
+
+#: modules/pam_exec/pam_exec.c:126
+#, c-format
+msgid "%s failed: caught signal %d%s"
+msgstr ""
+
+#: modules/pam_exec/pam_exec.c:134
+#, c-format
+msgid "%s failed: unknown status 0x%x"
+msgstr ""
+
+#. TRANSLATORS: "strftime options for date of last login"
+#: modules/pam_lastlog/pam_lastlog.c:190
+msgid " %a %b %e %H:%M:%S %Z %Y"
+msgstr "%a %b %e %H:%M:%S %Z %Y"
+
+#. TRANSLATORS: " from <host>"
+#: modules/pam_lastlog/pam_lastlog.c:199
+#, c-format
+msgid " from %.*s"
+msgstr "من %.*s"
+
+#. TRANSLATORS: " on <terminal>"
+#: modules/pam_lastlog/pam_lastlog.c:211
+#, c-format
+msgid " on %.*s"
+msgstr "في %.*s"
+
+#. TRANSLATORS: "Last login: <date> from <host> on <terminal>"
+#: modules/pam_lastlog/pam_lastlog.c:220
+#, c-format
+msgid "Last login:%s%s%s"
+msgstr "تسجيل الدخول الأخير:%s%s%s"
+
+#: modules/pam_lastlog/pam_lastlog.c:226
+msgid "Welcome to your new account!"
+msgstr "مرحبًا بك في حسابك الجديد!"
+
+#: modules/pam_limits/pam_limits.c:702
+#, c-format
+msgid "Too many logins for '%s'."
+msgstr "مرات تسجيل دخول كثيرة جدًا لـ '%s'."
+
+#: modules/pam_mail/pam_mail.c:313
+msgid "No mail."
+msgstr "لا يوجد بريد."
+
+#: modules/pam_mail/pam_mail.c:316
+msgid "You have new mail."
+msgstr "لديك بريد جديد."
+
+#: modules/pam_mail/pam_mail.c:319
+msgid "You have old mail."
+msgstr "لديك بريد قديم."
+
+#: modules/pam_mail/pam_mail.c:323
+msgid "You have mail."
+msgstr "لديك بريد."
+
+#: modules/pam_mail/pam_mail.c:330
+#, c-format
+msgid "You have no mail in folder %s."
+msgstr "ليس لديك بريد في مجلد %s."
+
+#: modules/pam_mail/pam_mail.c:334
+#, c-format
+msgid "You have new mail in folder %s."
+msgstr "لديك بريد جديد في مجلد %s."
+
+#: modules/pam_mail/pam_mail.c:338
+#, c-format
+msgid "You have old mail in folder %s."
+msgstr "لديك بريد قديم في مجلد %s."
+
+#: modules/pam_mail/pam_mail.c:343
+#, c-format
+msgid "You have mail in folder %s."
+msgstr "لديك بريد في مجلد %s."
+
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
+#, c-format
+msgid "Creating directory '%s'."
+msgstr ""
+
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
+#, c-format
+msgid "Unable to create directory %s: %m"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
+msgstr "السياق الافتراضي لك هو %s. \n"
+
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
+msgstr "هل ترغب في إدخال سياق أمان؟ [نعم]"
+
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
+msgstr "الدور: "
+
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
+msgstr "المستوى: "
+
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
+msgid "Not a valid security context"
+msgstr "لا يصلح كسياق أمان"
+
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "تم تخصيص سياق الأمان %s"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "هل ترغب في إدخال سياق أمان؟ [نعم]"
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
+#, c-format
+msgid "Security Context %s Assigned"
+msgstr "تم تخصيص سياق الأمان %s"
+
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "تم تخصيص سياق الأمان %s"
+
+#: modules/pam_selinux/pam_selinux_check.c:99
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "فشلت تهيئة PAM\n"
+
+#: modules/pam_selinux/pam_selinux_check.c:105
+#, c-format
+msgid "failed to pam_set_item()\n"
+msgstr "فشل pam_set_item()\n"
+
+#: modules/pam_selinux/pam_selinux_check.c:133
+#, c-format
+msgid "login: failure forking: %m"
+msgstr "تسجيل الدخول: فشل تشعيب: %m"
+
+#: modules/pam_stress/pam_stress.c:476
+#, fuzzy, c-format
+msgid "Changing STRESS password for %s."
+msgstr "تغيير كلمة سر STRESS لـ"
+
+#: modules/pam_stress/pam_stress.c:490
+msgid "Enter new STRESS password: "
+msgstr "أدخل كلمة سر STRESS الجديدة: "
+
+#: modules/pam_stress/pam_stress.c:493
+msgid "Retype new STRESS password: "
+msgstr "أعد كتابة كلمة سر STRESS الجديدة: "
+
+#: modules/pam_stress/pam_stress.c:522
+msgid "Verification mis-typed; password unchanged"
+msgstr "إعادة كتابة كلمة السر غير صحيحة؛ كلمة السر لم تتغير"
+
+#: modules/pam_tally/pam_tally.c:741
+msgid "Authentication error"
+msgstr "خطأ في التصديق"
+
+#: modules/pam_tally/pam_tally.c:742
+msgid "Service error"
+msgstr "خطأ في الخدمة"
+
+#: modules/pam_tally/pam_tally.c:743
+msgid "Unknown user"
+msgstr "مستخدم غير معروف"
+
+#: modules/pam_tally/pam_tally.c:744
+msgid "Unknown error"
+msgstr "خطأ غير معروف"
+
+#: modules/pam_tally/pam_tally.c:760
+#, c-format
+msgid "%s: Bad number given to --reset=\n"
+msgstr "%s: تم إعطاء رقم خطأ لـ --reset=\n"
+
+#: modules/pam_tally/pam_tally.c:764
+#, c-format
+msgid "%s: Unrecognised option %s\n"
+msgstr "%s: خيار غير معروف %s\n"
+
+#: modules/pam_tally/pam_tally.c:776
+#, c-format
+msgid ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_tally/pam_tally.c:850
+#, c-format
+msgid "%s: Can't reset all users to non-zero\n"
+msgstr "%s: لا يمكن إعادة تعيين كافة المستخدمين إلى رقم غير الصفر\n"
+
+#: modules/pam_unix/pam_unix_acct.c:274 modules/pam_unix/pam_unix_acct.c:301
+msgid "Your account has expired; please contact your system administrator"
+msgstr "انتهت مدة صلاحية الحساب الخاص بك؛ الرجاء الاتصال بمسؤول النظام"
+
+#: modules/pam_unix/pam_unix_acct.c:283
+msgid "You are required to change your password immediately (root enforced)"
+msgstr "مطلوب منك تغيير كلمة السر على الفور (مفروض بواسطة المسؤول)"
+
+#: modules/pam_unix/pam_unix_acct.c:310
+msgid "You are required to change your password immediately (password aged)"
+msgstr "مطلوب منك تغيير كلمة السر على الفور (كلمة السر قديمة جدًا)"
+
+#: modules/pam_unix/pam_unix_acct.c:323 modules/pam_unix/pam_unix_acct.c:330
+#, fuzzy, c-format
+msgid "Warning: your password will expire in %d day"
+msgid_plural "Warning: your password will expire in %d days"
+msgstr[0] "تحذير: سوف تنتهي مدة صلاحية كلمة السر الخاصة بك خلال %d يوم%.2s"
+msgstr[1] "تحذير: سوف تنتهي مدة صلاحية كلمة السر الخاصة بك خلال %d يوم%.2s"
+
+#. TRANSLATORS: only used if dngettext is not support
+#. ed
+#: modules/pam_unix/pam_unix_acct.c:336
+#, fuzzy, c-format
+msgid "Warning: your password will expire in %d days"
+msgstr "تحذير: سوف تنتهي مدة صلاحية كلمة السر الخاصة بك خلال %d يوم%.2s"
+
+#: modules/pam_unix/pam_unix_auth.c:159 modules/pam_userdb/pam_userdb.c:61
+msgid "Password: "
+msgstr "كلمة السر: "
+
+#: modules/pam_unix/pam_unix_passwd.c:821
+msgid "NIS password could not be changed."
+msgstr "تعذر تغيير كلمة السر الخاصة بـ NIS."
+
+#: modules/pam_unix/pam_unix_passwd.c:998
+msgid "You must choose a longer password"
+msgstr "يجب اختيار كلمة سر أطول"
+
+#: modules/pam_unix/pam_unix_passwd.c:1003
+msgid "Password has been already used. Choose another."
+msgstr "كلمة السر التي تم إدخالها مستخدمة بالفعل. اختر كلمة سر أخرى."
+
+#: modules/pam_unix/pam_unix_passwd.c:1103
+#, fuzzy, c-format
+msgid "Changing password for %s."
+msgstr "تغيير كلمة سر STRESS لـ"
+
+#: modules/pam_unix/pam_unix_passwd.c:1114
+msgid "(current) UNIX password: "
+msgstr "كلمة سر UNIX (الحالية): "
+
+#: modules/pam_unix/pam_unix_passwd.c:1149
+msgid "You must wait longer to change your password"
+msgstr "يجب الانتظار فترة أطول لتغيير كلمة السر"
+
+#: modules/pam_unix/pam_unix_passwd.c:1209
+msgid "Enter new UNIX password: "
+msgstr "أدخل كلمة سر UNIX الجديدة: "
+
+#: modules/pam_unix/pam_unix_passwd.c:1210
+msgid "Retype new UNIX password: "
+msgstr "أعد كتابة كلمة سر UNIX الجديدة: "
+
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "هل ترغب في اختيار سياق مختلف؟ [لا]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "أدخل رقم الاختيار: "
+
+#~ msgid "type: "
+#~ msgstr "النوع: "
+
+#~ msgid "dlopen() failure"
+#~ msgstr "خطأ dlopen()"
diff --git a/Linux-PAM/po/ca.po b/Linux-PAM/po/ca.po
new file mode 100644
index 00000000..e50482dc
--- /dev/null
+++ b/Linux-PAM/po/ca.po
@@ -0,0 +1,544 @@
+# @TITLE@
+# Copyright (C) 2006, SUSE Linux GmbH, Nuremberg
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+# This file is distributed under the same license as @PACKAGE@ package. FIRST
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: @PACKAGE@\n"
+"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
+"PO-Revision-Date: 2007-02-22 20:57+0100\n"
+"Last-Translator: Anna <blabla@blabla.es>\n"
+"Language-Team: Catalan\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: libpam_misc/misc_conv.c:33
+msgid "...Time is running out...\n"
+msgstr "...S'acaba el temps...\n"
+
+#: libpam_misc/misc_conv.c:34
+msgid "...Sorry, your time is up!\n"
+msgstr "...S'ha acabat el temps.\n"
+
+#: libpam_misc/misc_conv.c:343
+#, c-format
+msgid "erroneous conversation (%d)\n"
+msgstr "conversa errònia (%d)\n"
+
+#: libpam/pam_item.c:271
+msgid "login:"
+msgstr "entrada:"
+
+#: libpam/pam_strerror.c:40
+msgid "Success"
+msgstr "Correcte"
+
+#: libpam/pam_strerror.c:42
+msgid "Critical error - immediate abort"
+msgstr "Error greu - s'avortarà l'operació immediatament"
+
+#: libpam/pam_strerror.c:44
+msgid "Failed to load module"
+msgstr ""
+
+#: libpam/pam_strerror.c:46
+msgid "Symbol not found"
+msgstr "No es troba el símbol"
+
+#: libpam/pam_strerror.c:48
+msgid "Error in service module"
+msgstr "Error en el mòdul del servei"
+
+#: libpam/pam_strerror.c:50
+msgid "System error"
+msgstr "Error del sistema"
+
+#: libpam/pam_strerror.c:52
+msgid "Memory buffer error"
+msgstr "Error de la memòria intermèdia"
+
+#: libpam/pam_strerror.c:54
+msgid "Permission denied"
+msgstr "Permís denegat"
+
+#: libpam/pam_strerror.c:56
+msgid "Authentication failure"
+msgstr "Error d'autenticació"
+
+#: libpam/pam_strerror.c:58
+msgid "Insufficient credentials to access authentication data"
+msgstr ""
+"No teniu suficients credencials per a accedir a les dades d'autenticació"
+
+#: libpam/pam_strerror.c:60
+msgid "Authentication service cannot retrieve authentication info"
+msgstr "El servei d'autenticació no pot recuperar la informació corresponent"
+
+#: libpam/pam_strerror.c:62
+msgid "User not known to the underlying authentication module"
+msgstr "Usuari desconegut per al mòdul d'autenticació subjacent"
+
+#: libpam/pam_strerror.c:64
+msgid "Have exhausted maximum number of retries for service"
+msgstr "S'ha exhaurit el nombre màxim d'intents per al servei"
+
+#: libpam/pam_strerror.c:66
+msgid "Authentication token is no longer valid; new one required"
+msgstr "El testimoni d'autenticació ja no és vàlid; se'n necessita un de nou"
+
+#: libpam/pam_strerror.c:68
+msgid "User account has expired"
+msgstr "El compte d'usuari ha caducat"
+
+#: libpam/pam_strerror.c:70
+msgid "Cannot make/remove an entry for the specified session"
+msgstr "No es pot crear/suprimir una entrada per a la sessió especificada"
+
+#: libpam/pam_strerror.c:72
+msgid "Authentication service cannot retrieve user credentials"
+msgstr "El servei d'autenticació no pot recuperar les credencials d'usuari"
+
+#: libpam/pam_strerror.c:74
+msgid "User credentials expired"
+msgstr "Les credencials d'usuari han caducat"
+
+#: libpam/pam_strerror.c:76
+msgid "Failure setting user credentials"
+msgstr "S'ha produït un error en definir les credencials d'usuari"
+
+#: libpam/pam_strerror.c:78
+msgid "No module specific data is present"
+msgstr "No hi ha cap dada específica del mòdul"
+
+#: libpam/pam_strerror.c:80
+msgid "Bad item passed to pam_*_item()"
+msgstr "S'ha transmès un element incorrecte a pam_*_item()"
+
+#: libpam/pam_strerror.c:82
+msgid "Conversation error"
+msgstr "Error de conversa"
+
+#: libpam/pam_strerror.c:84
+msgid "Authentication token manipulation error"
+msgstr "Error de manipulació del testimoni d'autenticació"
+
+#: libpam/pam_strerror.c:86
+msgid "Authentication information cannot be recovered"
+msgstr "No es pot recuperar la informació d'autenticació"
+
+#: libpam/pam_strerror.c:88
+msgid "Authentication token lock busy"
+msgstr "El bloqueig del testimoni d'autenticació està ocupat"
+
+#: libpam/pam_strerror.c:90
+msgid "Authentication token aging disabled"
+msgstr "L'envelliment del testimoni d'autenticació està inhabilitat"
+
+#: libpam/pam_strerror.c:92
+msgid "Failed preliminary check by password service"
+msgstr "Error durant la comprovació preliminar del servei de contrasenyes"
+
+#: libpam/pam_strerror.c:94
+msgid "The return value should be ignored by PAM dispatch"
+msgstr "El lliurament de PAM hauria d'ignorar el valor de retorn"
+
+#: libpam/pam_strerror.c:96
+msgid "Module is unknown"
+msgstr "El mòdul és desconegut"
+
+#: libpam/pam_strerror.c:98
+msgid "Authentication token expired"
+msgstr "El testimoni d'autenticació ha caducat"
+
+#: libpam/pam_strerror.c:100
+msgid "Conversation is waiting for event"
+msgstr "La conversa està esperant un esdeveniment"
+
+#: libpam/pam_strerror.c:102
+msgid "Application needs to call libpam again"
+msgstr "L'aplicació necessita cridar novament libpam"
+
+#: libpam/pam_strerror.c:105
+msgid "Unknown PAM error"
+msgstr "Error de PAM desconegut"
+
+#: modules/pam_cracklib/pam_cracklib.c:60
+#, c-format
+msgid "New %s%spassword: "
+msgstr "Nova contrasenya de %s%s: "
+
+#: modules/pam_cracklib/pam_cracklib.c:62
+#, c-format
+msgid "Retype new %s%spassword: "
+msgstr "Torneu a escriure la nova contrasenya de %s%s: "
+
+#: modules/pam_cracklib/pam_cracklib.c:63
+msgid "Sorry, passwords do not match."
+msgstr "Les contrasenyes no coincideixen."
+
+#: modules/pam_cracklib/pam_cracklib.c:427
+msgid "is the same as the old one"
+msgstr "és la mateixa que l'antiga"
+
+#: modules/pam_cracklib/pam_cracklib.c:440
+msgid "is a palindrome"
+msgstr "és un palíndrom"
+
+#: modules/pam_cracklib/pam_cracklib.c:443
+msgid "case changes only"
+msgstr "només canvien les majúscules i minúscules"
+
+#: modules/pam_cracklib/pam_cracklib.c:446
+msgid "is too similar to the old one"
+msgstr "és massa semblant a l'antiga"
+
+#: modules/pam_cracklib/pam_cracklib.c:449
+msgid "is too simple"
+msgstr "és massa senzilla"
+
+#: modules/pam_cracklib/pam_cracklib.c:452
+msgid "is rotated"
+msgstr "està girada"
+
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
+msgid "has been already used"
+msgstr "ja s'ha fet servir"
+
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
+msgid "No password supplied"
+msgstr "No s'ha proporcionat cap contrasenya"
+
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
+msgid "Password unchanged"
+msgstr "No s'ha canviat la contrasenya"
+
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
+#, c-format
+msgid "BAD PASSWORD: %s"
+msgstr "CONTRASENYA INCORRECTA: %s"
+
+#: modules/pam_exec/pam_exec.c:118
+#, c-format
+msgid "%s failed: exit code %d"
+msgstr ""
+
+#: modules/pam_exec/pam_exec.c:126
+#, c-format
+msgid "%s failed: caught signal %d%s"
+msgstr ""
+
+#: modules/pam_exec/pam_exec.c:134
+#, c-format
+msgid "%s failed: unknown status 0x%x"
+msgstr ""
+
+#. TRANSLATORS: "strftime options for date of last login"
+#: modules/pam_lastlog/pam_lastlog.c:190
+msgid " %a %b %e %H:%M:%S %Z %Y"
+msgstr " %a %b %e %H:%M:%S %Z %Y"
+
+#. TRANSLATORS: " from <host>"
+#: modules/pam_lastlog/pam_lastlog.c:199
+#, c-format
+msgid " from %.*s"
+msgstr " de %.*s"
+
+#. TRANSLATORS: " on <terminal>"
+#: modules/pam_lastlog/pam_lastlog.c:211
+#, c-format
+msgid " on %.*s"
+msgstr " a %.*s"
+
+#. TRANSLATORS: "Last login: <date> from <host> on <terminal>"
+#: modules/pam_lastlog/pam_lastlog.c:220
+#, c-format
+msgid "Last login:%s%s%s"
+msgstr "Darrera entrada:%s%s%s"
+
+#: modules/pam_lastlog/pam_lastlog.c:226
+msgid "Welcome to your new account!"
+msgstr "Benvingut al vostre nou compte."
+
+#: modules/pam_limits/pam_limits.c:702
+#, c-format
+msgid "Too many logins for '%s'."
+msgstr "Massa entrades per a '%s'."
+
+#: modules/pam_mail/pam_mail.c:313
+msgid "No mail."
+msgstr "Sense correu."
+
+#: modules/pam_mail/pam_mail.c:316
+msgid "You have new mail."
+msgstr "Teniu correu nou."
+
+#: modules/pam_mail/pam_mail.c:319
+msgid "You have old mail."
+msgstr "Teniu correu antic."
+
+#: modules/pam_mail/pam_mail.c:323
+msgid "You have mail."
+msgstr "Teniu correu."
+
+#: modules/pam_mail/pam_mail.c:330
+#, c-format
+msgid "You have no mail in folder %s."
+msgstr "No teniu cap correu a la carpeta %s."
+
+#: modules/pam_mail/pam_mail.c:334
+#, c-format
+msgid "You have new mail in folder %s."
+msgstr "Teniu nou correu a la carpeta %s."
+
+#: modules/pam_mail/pam_mail.c:338
+#, c-format
+msgid "You have old mail in folder %s."
+msgstr "Teniu correu antic a la carpeta %s."
+
+#: modules/pam_mail/pam_mail.c:343
+#, c-format
+msgid "You have mail in folder %s."
+msgstr "Teniu correu a la carpeta %s."
+
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
+#, c-format
+msgid "Creating directory '%s'."
+msgstr ""
+
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
+#, c-format
+msgid "Unable to create directory %s: %m"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
+msgstr "El context per defecte és %s. \n"
+
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
+msgstr "Voleu introduir un context de seguretat? [y] "
+
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
+msgstr "rol: "
+
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
+msgstr "nivell: "
+
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
+msgid "Not a valid security context"
+msgstr "No és un context de seguretat vàlid"
+
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "Context de seguretat %s assignat"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "Voleu introduir un context de seguretat? [y] "
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
+#, c-format
+msgid "Security Context %s Assigned"
+msgstr "Context de seguretat %s assignat"
+
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "Context de seguretat %s assignat"
+
+#: modules/pam_selinux/pam_selinux_check.c:99
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "s'ha produït un error en inicialitzar PAM\n"
+
+#: modules/pam_selinux/pam_selinux_check.c:105
+#, c-format
+msgid "failed to pam_set_item()\n"
+msgstr "s'ha produït un error en pam_set_item()\n"
+
+#: modules/pam_selinux/pam_selinux_check.c:133
+#, c-format
+msgid "login: failure forking: %m"
+msgstr "entrada: ha fallat la bifurcació: %m"
+
+#: modules/pam_stress/pam_stress.c:476
+#, fuzzy, c-format
+msgid "Changing STRESS password for %s."
+msgstr "S'està canviant la contrasenya d'STRESS per a "
+
+#: modules/pam_stress/pam_stress.c:490
+msgid "Enter new STRESS password: "
+msgstr "Introduïu la nova contrasenya d'STRESS: "
+
+#: modules/pam_stress/pam_stress.c:493
+msgid "Retype new STRESS password: "
+msgstr "Torneu a escriure la nova contrasenya d'STRESS: "
+
+#: modules/pam_stress/pam_stress.c:522
+msgid "Verification mis-typed; password unchanged"
+msgstr "Error d'escriptura a la verificació; no s'ha canviat la contrasenya"
+
+#: modules/pam_tally/pam_tally.c:741
+msgid "Authentication error"
+msgstr "Error d'autenticació"
+
+#: modules/pam_tally/pam_tally.c:742
+msgid "Service error"
+msgstr "Error del servei"
+
+#: modules/pam_tally/pam_tally.c:743
+msgid "Unknown user"
+msgstr "Usuari desconegut"
+
+#: modules/pam_tally/pam_tally.c:744
+msgid "Unknown error"
+msgstr "Error desconegut"
+
+#: modules/pam_tally/pam_tally.c:760
+#, c-format
+msgid "%s: Bad number given to --reset=\n"
+msgstr "%s: número incorrecte assignat a --reset=\n"
+
+#: modules/pam_tally/pam_tally.c:764
+#, c-format
+msgid "%s: Unrecognised option %s\n"
+msgstr "%s: opció %s no reconeguda\n"
+
+#: modules/pam_tally/pam_tally.c:776
+#, c-format
+msgid ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+msgstr ""
+"%s: [--file nom_fitxer_arrel] [--user nom_usuari] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_tally/pam_tally.c:850
+#, c-format
+msgid "%s: Can't reset all users to non-zero\n"
+msgstr ""
+"%s: no es poden restablir tots els usuaris a un valor diferent de zero\n"
+
+#: modules/pam_unix/pam_unix_acct.c:274 modules/pam_unix/pam_unix_acct.c:301
+msgid "Your account has expired; please contact your system administrator"
+msgstr "El vostre compte ha caducat. Contacteu amb l'administrador del sistema"
+
+#: modules/pam_unix/pam_unix_acct.c:283
+msgid "You are required to change your password immediately (root enforced)"
+msgstr ""
+"Heu de canviar la contrasenya immediatament (us hi obliga l'usuari primari)"
+
+#: modules/pam_unix/pam_unix_acct.c:310
+msgid "You are required to change your password immediately (password aged)"
+msgstr "Heu de canviar la contrasenya immediatament (la contrasenya és antiga)"
+
+#: modules/pam_unix/pam_unix_acct.c:323 modules/pam_unix/pam_unix_acct.c:330
+#, fuzzy, c-format
+msgid "Warning: your password will expire in %d day"
+msgid_plural "Warning: your password will expire in %d days"
+msgstr[0] "Atenció: la contrasenya venç d'aquí a %d dia%.2s"
+msgstr[1] "Atenció: la contrasenya venç d'aquí a %d dia%.2s"
+
+#. TRANSLATORS: only used if dngettext is not support
+#. ed
+#: modules/pam_unix/pam_unix_acct.c:336
+#, fuzzy, c-format
+msgid "Warning: your password will expire in %d days"
+msgstr "Atenció: la contrasenya venç d'aquí a %d dia%.2s"
+
+#: modules/pam_unix/pam_unix_auth.c:159 modules/pam_userdb/pam_userdb.c:61
+msgid "Password: "
+msgstr "Contrasenya: "
+
+#: modules/pam_unix/pam_unix_passwd.c:821
+msgid "NIS password could not be changed."
+msgstr "No s'ha pogut canviar la contrasenya NIS."
+
+#: modules/pam_unix/pam_unix_passwd.c:998
+msgid "You must choose a longer password"
+msgstr "Heu de triar una contrasenya més llarga"
+
+#: modules/pam_unix/pam_unix_passwd.c:1003
+msgid "Password has been already used. Choose another."
+msgstr "Aquesta contrasenya ja s'ha fet servir. Trieu-ne una altra."
+
+#: modules/pam_unix/pam_unix_passwd.c:1103
+#, fuzzy, c-format
+msgid "Changing password for %s."
+msgstr "S'està canviant la contrasenya d'STRESS per a "
+
+#: modules/pam_unix/pam_unix_passwd.c:1114
+msgid "(current) UNIX password: "
+msgstr "contrasenya (actual) d'UNIX: "
+
+#: modules/pam_unix/pam_unix_passwd.c:1149
+msgid "You must wait longer to change your password"
+msgstr "Heu d'esperar més temps abans de canviar la contrasenya"
+
+#: modules/pam_unix/pam_unix_passwd.c:1209
+msgid "Enter new UNIX password: "
+msgstr "Introduïu la nova contrasenya d'UNIX: "
+
+#: modules/pam_unix/pam_unix_passwd.c:1210
+msgid "Retype new UNIX password: "
+msgstr "Torneu a escriure la nova contrasenya d'UNIX: "
+
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "Voleu triar-ne un altre? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Introduïu el número que vulgueu: "
+
+#~ msgid "type: "
+#~ msgstr "tipus: "
+
+#~ msgid "dlopen() failure"
+#~ msgstr "error de dlopen()"
diff --git a/Linux-PAM/po/cs.po b/Linux-PAM/po/cs.po
index 53427890..fea9c755 100644
--- a/Linux-PAM/po/cs.po
+++ b/Linux-PAM/po/cs.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Linux-PAM\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: 2007-01-17 11:54+0100\n"
"Last-Translator: Tomas Mraz <t8m@centrum.cz>\n"
"Language-Team: cs_CZ <cs@li.org>\n"
@@ -180,46 +180,50 @@ msgstr "Opakujte nové %s%sheslo: "
msgid "Sorry, passwords do not match."
msgstr "Hesla se neshodují."
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr "je stejné jako předcházející"
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr "je palindrom"
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr "pouze mění velikost"
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr "je příliš podobné předcházejícímu"
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr "je příliš jednoduché"
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr "je posunuté"
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr "již bylo použito"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "Nezadáno heslo"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "Heslo nebylo změněno"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr "ŠPATNÉ HESLO: %s"
@@ -266,7 +270,7 @@ msgstr "Poslední přihlášení:%s%s%s"
msgid "Welcome to your new account!"
msgstr "Vítejte na vašem novém účtu!"
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr "Příliš mnoho přihlášení pro '%s'."
@@ -307,54 +311,90 @@ msgstr "Máte starou poštu ve složce %s."
msgid "You have mail in folder %s."
msgstr "Máte poštu ve složce %s."
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr "Vytváření adresáře '%s'."
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr "Nezdařilo se vytvořit adresář %s: %m"
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
msgstr "Váš výchozí kontext je %s. \n"
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "Chcete zvolit jiný? [n]"
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "Zadejte číslo volby: "
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
msgstr "Chcete zadat bezpečnostní kontext? [y]"
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
msgstr "role: "
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "typ: "
-
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
msgstr "úroveň: "
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "Neplatný bezpečnostní kontext"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "Bezpečnostní kontext %s přidělen"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "Chcete zadat bezpečnostní kontext? [y]"
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, fuzzy, c-format
+msgid "Unable to get valid context for %s"
+msgstr "Nezdařilo se vytvořit adresář %s: %m"
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr "Bezpečnostní kontext %s přidělen"
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "Bezpečnostní kontext %s přidělen"
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -457,35 +497,44 @@ msgstr "Varování: Počet dní do vypršení hesla: %d"
msgid "Password: "
msgstr "Heslo: "
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "NIS heslo se nepodařilo změnit."
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "Musíte zvolit delší heslo"
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr "Heslo již bylo použito. Zvolte jiné."
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, c-format
msgid "Changing password for %s."
msgstr "Změna hesla pro %s."
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr "(současné) UNIX heslo: "
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr "Na změnu svého hesla musíte počkat déle"
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr "Zadejte nové UNIX heslo: "
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr "Opakujte nové UNIX heslo: "
+
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "Chcete zvolit jiný? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Zadejte číslo volby: "
+
+#~ msgid "type: "
+#~ msgstr "typ: "
diff --git a/Linux-PAM/po/da.po b/Linux-PAM/po/da.po
new file mode 100644
index 00000000..b9a44d5b
--- /dev/null
+++ b/Linux-PAM/po/da.po
@@ -0,0 +1,547 @@
+# @TITLE@
+# Copyright (C) 2006, SUSE Linux GmbH, Nuremberg
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+# This file is distributed under the same license as @PACKAGE@ package. FIRST
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: @PACKAGE@\n"
+"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
+"PO-Revision-Date: 2005-08-16 20:00+0200\n"
+"Last-Translator: Novell Language <language@novell.com>\n"
+"Language-Team: Novell Language <language@novell.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.10.1\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: libpam_misc/misc_conv.c:33
+msgid "...Time is running out...\n"
+msgstr "...Tiden er ved at udløbe...\n"
+
+#: libpam_misc/misc_conv.c:34
+msgid "...Sorry, your time is up!\n"
+msgstr "...Din tid er desværre gået!\n"
+
+#: libpam_misc/misc_conv.c:343
+#, c-format
+msgid "erroneous conversation (%d)\n"
+msgstr "konversationsfejl (%d)\n"
+
+#: libpam/pam_item.c:271
+msgid "login:"
+msgstr "login:"
+
+#: libpam/pam_strerror.c:40
+msgid "Success"
+msgstr "Udført"
+
+#: libpam/pam_strerror.c:42
+msgid "Critical error - immediate abort"
+msgstr "Alvorlig fejl - afbryder omgående"
+
+#: libpam/pam_strerror.c:44
+#, fuzzy
+msgid "Failed to load module"
+msgstr "Kunne ikke indlæse \"%s\" modulet."
+
+#: libpam/pam_strerror.c:46
+msgid "Symbol not found"
+msgstr "Symbolet blev ikke fundet"
+
+#: libpam/pam_strerror.c:48
+msgid "Error in service module"
+msgstr "Der opstod en fejl i tjenestemodulet"
+
+#
+#: libpam/pam_strerror.c:50
+msgid "System error"
+msgstr "Systemfejl"
+
+#: libpam/pam_strerror.c:52
+msgid "Memory buffer error"
+msgstr "Fejl i hukommelsesbuffer"
+
+#: libpam/pam_strerror.c:54
+msgid "Permission denied"
+msgstr "Rettigheder nægtet"
+
+#
+#: libpam/pam_strerror.c:56
+msgid "Authentication failure"
+msgstr "Fejl ved godkendelse"
+
+#: libpam/pam_strerror.c:58
+msgid "Insufficient credentials to access authentication data"
+msgstr "Utilstrækkelige oplysninger for at få adgang til godkendelsesdata"
+
+#: libpam/pam_strerror.c:60
+msgid "Authentication service cannot retrieve authentication info"
+msgstr "Godkendelsestjenesten kan ikke hente godkendelsesoplysningerne"
+
+#: libpam/pam_strerror.c:62
+msgid "User not known to the underlying authentication module"
+msgstr "Ukendt bruger for det underliggende godkendelsesmodul"
+
+#: libpam/pam_strerror.c:64
+msgid "Have exhausted maximum number of retries for service"
+msgstr "Antal forsøg på at få adgang til tjenesten er udløbet"
+
+#: libpam/pam_strerror.c:66
+msgid "Authentication token is no longer valid; new one required"
+msgstr "Godkendelses-token er ikke længere gyldig. Der kræves en ny"
+
+#: libpam/pam_strerror.c:68
+msgid "User account has expired"
+msgstr "Brugerkontoen er udløbet"
+
+#: libpam/pam_strerror.c:70
+msgid "Cannot make/remove an entry for the specified session"
+msgstr "Angivelsen til den specificerede session kan ikke indsættes/fjernes"
+
+#: libpam/pam_strerror.c:72
+msgid "Authentication service cannot retrieve user credentials"
+msgstr "Godkendelsestjenesten kan ikke hente brugeroplysninger."
+
+#: libpam/pam_strerror.c:74
+msgid "User credentials expired"
+msgstr "Brugeroplysningerne er udløbet"
+
+#: libpam/pam_strerror.c:76
+msgid "Failure setting user credentials"
+msgstr "Der opstod en fejl ved angivelse af brugeroplysninger"
+
+#: libpam/pam_strerror.c:78
+msgid "No module specific data is present"
+msgstr "Der er ingen modulspecifikke data"
+
+#: libpam/pam_strerror.c:80
+msgid "Bad item passed to pam_*_item()"
+msgstr "Ugyldigt punkt blev overført til pam_*_item()"
+
+#: libpam/pam_strerror.c:82
+msgid "Conversation error"
+msgstr "Konversationsfejl"
+
+#: libpam/pam_strerror.c:84
+msgid "Authentication token manipulation error"
+msgstr "Fejl ved håndtering af godkendelsestoken"
+
+#: libpam/pam_strerror.c:86
+msgid "Authentication information cannot be recovered"
+msgstr "Godkendelsesoplysningerne kan ikke gendannes"
+
+#: libpam/pam_strerror.c:88
+msgid "Authentication token lock busy"
+msgstr "Lås til godkendelsestoken er optaget"
+
+#: libpam/pam_strerror.c:90
+msgid "Authentication token aging disabled"
+msgstr "Udløb af godkendelsestoken er deaktiveret"
+
+#: libpam/pam_strerror.c:92
+msgid "Failed preliminary check by password service"
+msgstr "Indledende kontrol af adgangskodetjenesten mislykkedes"
+
+#: libpam/pam_strerror.c:94
+msgid "The return value should be ignored by PAM dispatch"
+msgstr "Returværdien bør ignoreres af PAM-afsendelse"
+
+#: libpam/pam_strerror.c:96
+msgid "Module is unknown"
+msgstr "Ukendt modul"
+
+#: libpam/pam_strerror.c:98
+msgid "Authentication token expired"
+msgstr "Godkendelsestoken er udløbet"
+
+#: libpam/pam_strerror.c:100
+msgid "Conversation is waiting for event"
+msgstr "Konversation venter på hændelse"
+
+#: libpam/pam_strerror.c:102
+msgid "Application needs to call libpam again"
+msgstr "Programmet skal kalde libpam igen"
+
+#: libpam/pam_strerror.c:105
+msgid "Unknown PAM error"
+msgstr "Ukendt PAM-fejl"
+
+#: modules/pam_cracklib/pam_cracklib.c:60
+#, c-format
+msgid "New %s%spassword: "
+msgstr "Ny %s%sadgangskode: "
+
+#: modules/pam_cracklib/pam_cracklib.c:62
+#, c-format
+msgid "Retype new %s%spassword: "
+msgstr "Genindtast ny %s%sadgangskode: "
+
+#: modules/pam_cracklib/pam_cracklib.c:63
+msgid "Sorry, passwords do not match."
+msgstr "Adgangskoderne stemmer desværre ikke overens."
+
+#: modules/pam_cracklib/pam_cracklib.c:427
+msgid "is the same as the old one"
+msgstr "er den samme som den gamle"
+
+#: modules/pam_cracklib/pam_cracklib.c:440
+msgid "is a palindrome"
+msgstr "det staves ens forfra og bagfra"
+
+#: modules/pam_cracklib/pam_cracklib.c:443
+msgid "case changes only"
+msgstr "kun forskel i store/små bogstaver"
+
+#: modules/pam_cracklib/pam_cracklib.c:446
+msgid "is too similar to the old one"
+msgstr "ligner for meget den gamle"
+
+#: modules/pam_cracklib/pam_cracklib.c:449
+msgid "is too simple"
+msgstr "er for enkel"
+
+#: modules/pam_cracklib/pam_cracklib.c:452
+msgid "is rotated"
+msgstr "er roteret"
+
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
+msgid "has been already used"
+msgstr "er allerede blevet brugt"
+
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
+msgid "No password supplied"
+msgstr "Der er ikke angivet nogen adgangskode"
+
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
+msgid "Password unchanged"
+msgstr "Adgangskoden er uændret"
+
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
+#, c-format
+msgid "BAD PASSWORD: %s"
+msgstr "DÅRLIG ADGANGSKODE: %s"
+
+#: modules/pam_exec/pam_exec.c:118
+#, fuzzy, c-format
+msgid "%s failed: exit code %d"
+msgstr "'{0}' script mislykkedes med afslutningskode '{1}'"
+
+#: modules/pam_exec/pam_exec.c:126
+#, c-format
+msgid "%s failed: caught signal %d%s"
+msgstr ""
+
+#: modules/pam_exec/pam_exec.c:134
+#, c-format
+msgid "%s failed: unknown status 0x%x"
+msgstr ""
+
+#. TRANSLATORS: "strftime options for date of last login"
+#: modules/pam_lastlog/pam_lastlog.c:190
+msgid " %a %b %e %H:%M:%S %Z %Y"
+msgstr "%a %b %e %H:%M:%S %Z %Y"
+
+#. TRANSLATORS: " from <host>"
+#: modules/pam_lastlog/pam_lastlog.c:199
+#, c-format
+msgid " from %.*s"
+msgstr "fra %.*s"
+
+#. TRANSLATORS: " on <terminal>"
+#: modules/pam_lastlog/pam_lastlog.c:211
+#, c-format
+msgid " on %.*s"
+msgstr "på %.*s"
+
+#. TRANSLATORS: "Last login: <date> from <host> on <terminal>"
+#: modules/pam_lastlog/pam_lastlog.c:220
+#, c-format
+msgid "Last login:%s%s%s"
+msgstr "Sidste login:%s%s%s"
+
+#: modules/pam_lastlog/pam_lastlog.c:226
+msgid "Welcome to your new account!"
+msgstr "Velkommen til din nye konto!"
+
+#: modules/pam_limits/pam_limits.c:702
+#, c-format
+msgid "Too many logins for '%s'."
+msgstr "Der er for mange logins til '%s'."
+
+#: modules/pam_mail/pam_mail.c:313
+msgid "No mail."
+msgstr "Ingen e-mail."
+
+#: modules/pam_mail/pam_mail.c:316
+msgid "You have new mail."
+msgstr "Du har ny e-mail."
+
+#: modules/pam_mail/pam_mail.c:319
+msgid "You have old mail."
+msgstr "Du har gammel e-mail."
+
+#: modules/pam_mail/pam_mail.c:323
+msgid "You have mail."
+msgstr "Du har e-mail."
+
+#: modules/pam_mail/pam_mail.c:330
+#, c-format
+msgid "You have no mail in folder %s."
+msgstr "Du har ingen e-mail i mappe %s."
+
+#: modules/pam_mail/pam_mail.c:334
+#, c-format
+msgid "You have new mail in folder %s."
+msgstr "Du har ny e-mail i mappe %s."
+
+#: modules/pam_mail/pam_mail.c:338
+#, c-format
+msgid "You have old mail in folder %s."
+msgstr "Du har gammel e-mail i mappe %s."
+
+#: modules/pam_mail/pam_mail.c:343
+#, c-format
+msgid "You have mail in folder %s."
+msgstr "Du har e-mail i mappe %s."
+
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
+#, c-format
+msgid "Creating directory '%s'."
+msgstr ""
+
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
+#, c-format
+msgid "Unable to create directory %s: %m"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
+msgstr "Din standardkontekst er %s. \n"
+
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
+
+# power-off message
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
+msgstr "Vil du angive en sikkerhedskontekst? [y]"
+
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
+msgstr "rolle: "
+
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
+msgstr "niveau: "
+
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
+msgid "Not a valid security context"
+msgstr "Ikke en gyldig sikkerhedskontekst"
+
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "Sikkerhedskontekst %s tildelt"
+
+# power-off message
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "Vil du angive en sikkerhedskontekst? [y]"
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
+#, c-format
+msgid "Security Context %s Assigned"
+msgstr "Sikkerhedskontekst %s tildelt"
+
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "Sikkerhedskontekst %s tildelt"
+
+#: modules/pam_selinux/pam_selinux_check.c:99
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "PAM kunne ikke initialiseres\n"
+
+#: modules/pam_selinux/pam_selinux_check.c:105
+#, c-format
+msgid "failed to pam_set_item()\n"
+msgstr "pam_set_item() mislykkedes\n"
+
+#: modules/pam_selinux/pam_selinux_check.c:133
+#, c-format
+msgid "login: failure forking: %m"
+msgstr "login: fejl ved forking: %m"
+
+#: modules/pam_stress/pam_stress.c:476
+#, fuzzy, c-format
+msgid "Changing STRESS password for %s."
+msgstr "Ændrer STRESS-adgangskode for"
+
+#: modules/pam_stress/pam_stress.c:490
+msgid "Enter new STRESS password: "
+msgstr "Indtast ny STRESS-adgangskode: "
+
+#: modules/pam_stress/pam_stress.c:493
+msgid "Retype new STRESS password: "
+msgstr "Genindtast ny STRESS-adgangskode: "
+
+#: modules/pam_stress/pam_stress.c:522
+msgid "Verification mis-typed; password unchanged"
+msgstr "Bekræftelsen blev angivet forkert. Adgangskoden forbliver uændret"
+
+#: modules/pam_tally/pam_tally.c:741
+msgid "Authentication error"
+msgstr "Fejl ved godkendelse"
+
+#: modules/pam_tally/pam_tally.c:742
+msgid "Service error"
+msgstr "Fejl ved tjeneste"
+
+#: modules/pam_tally/pam_tally.c:743
+msgid "Unknown user"
+msgstr "Ukendt bruger"
+
+#: modules/pam_tally/pam_tally.c:744
+msgid "Unknown error"
+msgstr "Ukendt fejl"
+
+#: modules/pam_tally/pam_tally.c:760
+#, c-format
+msgid "%s: Bad number given to --reset=\n"
+msgstr "%s: Der er angivet et forkert tal til --reset=\n"
+
+#: modules/pam_tally/pam_tally.c:764
+#, c-format
+msgid "%s: Unrecognised option %s\n"
+msgstr "%s: Ukendt indstilling %s\n"
+
+#: modules/pam_tally/pam_tally.c:776
+#, c-format
+msgid ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_tally/pam_tally.c:850
+#, c-format
+msgid "%s: Can't reset all users to non-zero\n"
+msgstr "%s: Alle brugere kunne ikke nulstilles til ikke-nul\n"
+
+#: modules/pam_unix/pam_unix_acct.c:274 modules/pam_unix/pam_unix_acct.c:301
+msgid "Your account has expired; please contact your system administrator"
+msgstr "Din konto er udløbet. Kontakt din systemadministrator"
+
+#: modules/pam_unix/pam_unix_acct.c:283
+msgid "You are required to change your password immediately (root enforced)"
+msgstr "Du skal omgående ændre din adgangskode (gennemtvunget af roden)"
+
+#: modules/pam_unix/pam_unix_acct.c:310
+msgid "You are required to change your password immediately (password aged)"
+msgstr "Du skal omgående ændre din adgangskode (for gammel adgangskode)"
+
+#: modules/pam_unix/pam_unix_acct.c:323 modules/pam_unix/pam_unix_acct.c:330
+#, fuzzy, c-format
+msgid "Warning: your password will expire in %d day"
+msgid_plural "Warning: your password will expire in %d days"
+msgstr[0] "Advarsel: Din adgangskode udløber om %d dage%.2s"
+msgstr[1] "Advarsel: Din adgangskode udløber om %d dage%.2s"
+
+#. TRANSLATORS: only used if dngettext is not support
+#. ed
+#: modules/pam_unix/pam_unix_acct.c:336
+#, fuzzy, c-format
+msgid "Warning: your password will expire in %d days"
+msgstr "Advarsel: Din adgangskode udløber om %d dage%.2s"
+
+#: modules/pam_unix/pam_unix_auth.c:159 modules/pam_userdb/pam_userdb.c:61
+msgid "Password: "
+msgstr "Adgangskode: "
+
+#: modules/pam_unix/pam_unix_passwd.c:821
+msgid "NIS password could not be changed."
+msgstr "NIS-adgangskoden kunne ikke ændres."
+
+#: modules/pam_unix/pam_unix_passwd.c:998
+msgid "You must choose a longer password"
+msgstr "Du skal vælge en længere adgangskode"
+
+#: modules/pam_unix/pam_unix_passwd.c:1003
+msgid "Password has been already used. Choose another."
+msgstr "Adgangskoden er allerede blevet brugt. Vælg en anden."
+
+#: modules/pam_unix/pam_unix_passwd.c:1103
+#, fuzzy, c-format
+msgid "Changing password for %s."
+msgstr "Ændrer STRESS-adgangskode for"
+
+#: modules/pam_unix/pam_unix_passwd.c:1114
+msgid "(current) UNIX password: "
+msgstr "(nuværende) UNIX-adgangskode: "
+
+#: modules/pam_unix/pam_unix_passwd.c:1149
+msgid "You must wait longer to change your password"
+msgstr "Du skal vente lidt længere for at ændre din adgangskode"
+
+#: modules/pam_unix/pam_unix_passwd.c:1209
+msgid "Enter new UNIX password: "
+msgstr "Indtast ny UNIX-adgangskode: "
+
+#: modules/pam_unix/pam_unix_passwd.c:1210
+msgid "Retype new UNIX password: "
+msgstr "Genindtast ny UNIX-adgangskode: "
+
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "Vil du vælge en anden? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Angiv nummer for valg: "
+
+#~ msgid "type: "
+#~ msgstr "type: "
+
+#~ msgid "dlopen() failure"
+#~ msgstr "dlopen() fejl"
diff --git a/Linux-PAM/po/de.po b/Linux-PAM/po/de.po
index 5878ba1e..3f22f8fb 100644
--- a/Linux-PAM/po/de.po
+++ b/Linux-PAM/po/de.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Linux-PAM\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: 2006-12-18 15:50+01:00\n"
"Last-Translator: Novell Language <language@novell.com>\n"
"Language-Team: Novell Language <language@novell.com>\n"
@@ -183,46 +183,50 @@ msgstr "Geben sie das neue %s%sPasswort erneut ein: "
msgid "Sorry, passwords do not match."
msgstr "Die Passwörter stimmen nicht überein."
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr "ist das gleiche wie das Alte"
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr "ist ein Palindrome"
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr "nur Änderungen bei der Groß-/Kleinschreibung"
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr "ist dem alten zu ähnlich"
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr "ist zu einfach"
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr "wurde gedreht"
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr "Nicht genug unterschiedliche Arten von Zeichen"
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr "es wurde bereits verwendet"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "Kein Passwort angegeben"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "Passwort nicht geändert"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr "Schlechtes Passwort: %s"
@@ -269,7 +273,7 @@ msgstr "Letzte Anmeldung:%s%s%s"
msgid "Welcome to your new account!"
msgstr "Willkommen in Ihrem neuen Account!"
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr "Zu viele Anmeldungen für '%s'."
@@ -310,54 +314,87 @@ msgstr "Sie haben alte Nachrichten in %s."
msgid "You have mail in folder %s."
msgstr "Sie haben Nachrichten in %s."
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr "Erstelle Verzeichnis '%s'."
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr "Verzeichnis %s kann nicht erstellt werden: %m"
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
-msgstr "Ihr Standardkontext lautet %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "Möchten Sie einen anderen auswählen? [n]"
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
+msgstr "Ihr Standardkontext lautet %s. \n"
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "Geben Sie die gewünschte Nummer ein: "
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
-msgstr "Möchten Sie einen Sicherheitskontext eingeben? [j] "
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
-msgstr "Funktion: "
+#: modules/pam_selinux/pam_selinux.c:164
+msgid "Would you like to enter a security context? [N] "
+msgstr "Möchten Sie einen Sicherheitskontext eingeben? [N] "
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "Typ: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+msgid "role:"
+msgstr "Funktion:"
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
-msgstr "Stufe: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+msgid "level:"
+msgstr "Stufe:"
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "Kein gültiger Sicherheitskontext"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "Sicherheitskontext %s zugewiesen"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "Möchten Sie einen Sicherheitskontext eingeben? [j] "
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, fuzzy, c-format
+msgid "Unable to get valid context for %s"
+msgstr "Verzeichnis %s kann nicht erstellt werden: %m"
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr "Sicherheitskontext %s zugewiesen"
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "Sicherheitskontext %s zugewiesen"
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -459,35 +496,44 @@ msgstr "Warnung: Ihr Passwort läuft in %d Tagen ab."
msgid "Password: "
msgstr "Passwort: "
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "Änderung des NIS-Passworts nicht möglich."
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "Sie müssen ein längeres Passwort auswählen."
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr "Passwort wurde bereits verwendet. Wählen Sie ein anderes aus."
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, c-format
msgid "Changing password for %s."
msgstr "Ändern des Passworts für %s."
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr "(aktuelles) UNIX Passwort: "
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr "Sie können Ihr Passwort noch nicht ändern"
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr "Geben Sie ein neues UNIX Passwort ein: "
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr "Geben Sie das neue UNIX Passwort erneut ein: "
+
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "Möchten Sie einen anderen auswählen? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Geben Sie die gewünschte Nummer ein: "
+
+#~ msgid "type: "
+#~ msgstr "Typ: "
diff --git a/Linux-PAM/po/es.po b/Linux-PAM/po/es.po
index 312d8dcd..520c8169 100644
--- a/Linux-PAM/po/es.po
+++ b/Linux-PAM/po/es.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Linux-PAM\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: 2006-05-04 08:32+0200\n"
"Last-Translator: Novell Language <language@novell.com>\n"
"Language-Team: Novell Language <language@novell.com>\n"
@@ -181,46 +181,50 @@ msgstr "Vuelva a escribir la nueva %s%scontraseña:"
msgid "Sorry, passwords do not match."
msgstr "Las contraseñas no coinciden."
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr "es igual que la antigua"
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr "es un palíndromo"
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr "sólo hay cambios de minúsculas y mayúsculas"
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr "es demasiado similar a la antigua"
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr "es demasiado sencilla"
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr "es igual pero al revés"
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr "ya se ha utilizado"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "No se ha proporcionado ninguna contraseña"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "La contraseña no ha cambiado"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr "CONTRASEÑA INCORRECTA: %s"
@@ -267,7 +271,7 @@ msgstr "Último inicio de sesión:%s%s%s"
msgid "Welcome to your new account!"
msgstr "¡Bienvenido a su nueva cuenta!"
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr "Hay demasiados inicios de sesión para \"%s\"."
@@ -308,54 +312,90 @@ msgstr "Tiene correo antiguo en la carpeta %s."
msgid "You have mail in folder %s."
msgstr "Tiene correo en la carpeta %s."
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
msgstr "El contexto predeterminado es %s. \n"
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "¿Desea seleccionar uno distinto? [n]"
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "Introduzca el número de su elección:"
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
msgstr "¿Desea introducir un contexto de seguridad? [s]"
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
msgstr "función:"
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "tipo:"
-
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
msgstr "nivel:"
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "No es un contexto de seguridad válido"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "Contexto de seguridad %s asignado"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "¿Desea introducir un contexto de seguridad? [s]"
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr "Contexto de seguridad %s asignado"
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "Contexto de seguridad %s asignado"
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -461,39 +501,48 @@ msgstr "Advertencia: la contraseña caducará dentro de %d día%.2s"
msgid "Password: "
msgstr "Contraseña:"
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "No es posible cambiar la contraseña NIS."
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "Debe elegir una contraseña más larga"
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr "La contraseña ya se ha utilizado. Seleccione otra."
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, fuzzy, c-format
msgid "Changing password for %s."
msgstr "Cambiando la contraseña STRESS para"
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr "(actual) contraseña de UNIX:"
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr "Debe esperar más tiempo para cambiar la contraseña"
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr "Introduzca la nueva contraseña de UNIX:"
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr "Vuelva a escribir la nueva contraseña de UNIX:"
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "¿Desea seleccionar uno distinto? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Introduzca el número de su elección:"
+
+#~ msgid "type: "
+#~ msgstr "tipo:"
+
#, fuzzy
#~ msgid "Warning: your password will expire in one day"
#~ msgstr "Advertencia: la contraseña caducará dentro de %d día%.2s"
diff --git a/Linux-PAM/po/fi.po b/Linux-PAM/po/fi.po
index a0a154e2..a7438e27 100644
--- a/Linux-PAM/po/fi.po
+++ b/Linux-PAM/po/fi.po
@@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Linux-PAM\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: 2006-05-04 08:30+0200\n"
"Last-Translator: Jyri Palokangas <jmp@netti.fi>\n"
"Language-Team: <yast-trans-fi@kotoistaminen.novell.fi>\n"
@@ -182,46 +182,50 @@ msgstr "Anna uudelleen uusi %s%ssalasana: "
msgid "Sorry, passwords do not match."
msgstr "Salasanat eivät täsmää."
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr "on sama kuin vanha"
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr "on palindromi"
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr "vain kirjainkoko muutos"
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr "on liian samankaltainen vanhan kanssa"
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr "on liian yksinkertainen"
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr "on kierrätetty"
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr "on jo käytetty"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "Et antanut salasanaa"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "Salasanaa ei vaihdettu"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr "HUONO SALASANA: %s"
@@ -268,7 +272,7 @@ msgstr "Viimeinen kirjautuminen:%s%s%s"
msgid "Welcome to your new account!"
msgstr "Tervetuloa uudella käyttäjätilillä!"
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr "Liian monta kirjautumista '%s'."
@@ -309,54 +313,90 @@ msgstr "Sinulla on vanhaa postia kansiossa %s."
msgid "You have mail in folder %s."
msgstr "Sinulla on postia kansiossa %s."
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
msgstr "Oletusympäristösi on %s. \n"
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "Haluatko valita toisen? [n]"
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "Anna valinnan numero: "
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
msgstr "Haluatko valita tietoturvaympäristön? [y] "
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
msgstr "rooli: "
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "tyyppi: "
-
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
msgstr "taso: "
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "Ei kelvollinen tietoturvaympäristö"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "Tietoturvaympäristö %s asetettiin"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "Haluatko valita tietoturvaympäristön? [y] "
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr "Tietoturvaympäristö %s asetettiin"
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "Tietoturvaympäristö %s asetettiin"
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -458,39 +498,48 @@ msgstr "Varoitus: salasanasi vanhenee %d päivässä%.2s"
msgid "Password: "
msgstr "Salasana: "
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "NIS-salasanaa ei voitu vaihtaa."
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "Salasanan tulee olla pidempi"
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr "Salasana on jo käytetty. Valitse toinen."
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, fuzzy, c-format
msgid "Changing password for %s."
msgstr "Vaihdetaan STRESS-salasana "
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr "(nykyinen) UNIX salasana: "
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr "Sinun täytyy odottaa kauemmin vaihtaaksesi salasanan"
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr "Anna uusi UNIX-salasana: "
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr "Anna uusi UNIX-salasana uudelleen: "
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "Haluatko valita toisen? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Anna valinnan numero: "
+
+#~ msgid "type: "
+#~ msgstr "tyyppi: "
+
#, fuzzy
#~ msgid "Warning: your password will expire in one day"
#~ msgstr "Varoitus: salasanasi vanhenee %d päivässä%.2s"
diff --git a/Linux-PAM/po/fr.po b/Linux-PAM/po/fr.po
index 7eda0589..e21b4ef0 100644
--- a/Linux-PAM/po/fr.po
+++ b/Linux-PAM/po/fr.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Linux-PAM\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: 2006-05-04 08:29+0200\n"
"Last-Translator: Novell Language <language@novell.com>\n"
"Language-Team: Novell Language <language@novell.com>\n"
@@ -186,46 +186,50 @@ msgstr "Retapez le nouveau %s%smot de passe : "
msgid "Sorry, passwords do not match."
msgstr "Les mots de passe ne correspondent pas."
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr "est identique à l'ancien"
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr "est un palindrome"
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr "changement de casse uniquement"
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr "ressemble trop à l'ancien"
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr "est trop simple"
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr "est inversé"
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr "a déjà été utilisé"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "Aucun mot de passe fourni"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "Mot de passe inchangé"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr "MOT DE PASSE INCORRECT : %s"
@@ -272,7 +276,7 @@ msgstr "Dernière connexion :%s%s%s"
msgid "Welcome to your new account!"
msgstr "Bienvenue sur votre nouveau compte !"
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr "Trop de connexions pour '%s'."
@@ -313,54 +317,90 @@ msgstr "Vous avez un ancien message dans le dossier %s."
msgid "You have mail in folder %s."
msgstr "Vous avez des messages dans le dossier %s."
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
msgstr "Votre contexte par défaut est %s. \n"
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "Voulez-vous en choisir un autre ? [n]"
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "Entrer le numéro du choix :"
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
msgstr "Voulez-vous entrer un contexte de sécurité ? [o]"
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
msgstr "rôle :"
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "type :"
-
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
msgstr "niveau :"
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "Contexte de sécurité non valide"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "Contexte de sécurité %s attribué"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "Voulez-vous entrer un contexte de sécurité ? [o]"
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr "Contexte de sécurité %s attribué"
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "Contexte de sécurité %s attribué"
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -462,39 +502,48 @@ msgstr "Avertissement : votre mot de passe expire dans %d jour%.2s"
msgid "Password: "
msgstr "Mot de passe : "
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "Le mot de passe NIS n'a pas pu être changé."
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "Vous devez choisir un mot de passe plus long"
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr "Mot de passe déjà utilisé. Choisissez-en un autre."
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, fuzzy, c-format
msgid "Changing password for %s."
msgstr "Changement du mot de passe STRESS pour "
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr "Mot de passe UNIX (actuel) : "
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr "Vous devez encore attendre avant de changer votre mot de passe"
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr "Entrez le nouveau mot de passe UNIX : "
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr "Retapez le nouveau mot de passe UNIX : "
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "Voulez-vous en choisir un autre ? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Entrer le numéro du choix :"
+
+#~ msgid "type: "
+#~ msgstr "type :"
+
#, fuzzy
#~ msgid "Warning: your password will expire in one day"
#~ msgstr "Avertissement : votre mot de passe expire dans %d jour%.2s"
diff --git a/Linux-PAM/po/hu.po b/Linux-PAM/po/hu.po
index 0ec72ab7..eafd0d6c 100644
--- a/Linux-PAM/po/hu.po
+++ b/Linux-PAM/po/hu.po
@@ -1,24 +1,25 @@
+# translation of hu.new.po to
# translation of Linux-pam.po to
# translation of hu.po to
# This file is distributed under the same license as the PACKAGE package.
# Copyright (C) YEAR Linux-PAM Project.
+#
# Papp Zsolt <zpapp@novell.com>, 2006.
# Keresztes Ákos <xsak@c2.hu>, 2006.
-# Kalman Kemenczy <kkemenczy@novell.com>, 2006.
-#
+# Kalman Kemenczy <kkemenczy@novell.com>, 2006, 2007.
msgid ""
msgstr ""
-"Project-Id-Version: Linux-pam\n"
+"Project-Id-Version: hu.new\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
-"PO-Revision-Date: 2006-10-06 13:54+0200\n"
-"Last-Translator: \n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
+"PO-Revision-Date: 2007-02-15 17:40+0100\n"
+"Last-Translator: Kalman Kemenczy <kkemenczy@novell.com>\n"
"Language-Team: <hu@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: KBabel 1.11.4\n"
-"Plural-Forms: nplurals=1; plural=0;\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
#: libpam_misc/misc_conv.c:33
msgid "...Time is running out...\n"
@@ -186,46 +187,50 @@ msgstr "Írja be újra az új %s%sjelszót: "
msgid "Sorry, passwords do not match."
msgstr "Sajnálom, de a jelszavak nem egyeznek."
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr "ugyanaz, mint a régi"
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr "A jelszó egy palindrom"
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr "A jelszó csak a kis/nagybetűkben változott"
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr "A jelszó túl hasonló a régihez"
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr "A jelszó túl egyszerű"
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr "A jelszó át lett forgatva"
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr "A jelszót már használta. Válasszon egy másikat."
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "Nem lett megadva jelszó"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "A jelszó nem változott"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr "ROSSZ JELSZÓ: %s"
@@ -272,7 +277,7 @@ msgstr "Utolsó belépés:%s%s%s"
msgid "Welcome to your new account!"
msgstr "Üdvözöljük az új fiókjában!"
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr "Túl sok belépés '%s' részéről."
@@ -313,54 +318,90 @@ msgstr "%s könyvtárban régi levél van."
msgid "You have mail in folder %s."
msgstr "%s könyvtárban levelek vannak."
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
msgstr "Az Ön alapértelmezett kontextusa: %s. \n"
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "Kíván másikat választani? [n]"
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "Adja meg a kívánt lehetőség számát: "
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
msgstr "Kíván megadni egy biztonsági kontextust? [y] "
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
msgstr "szerep: "
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "típus: "
-
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
msgstr "szint: "
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "Nem érvényes biztonsági kontextus"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "%s biztonsági kontextus hozzárendelve"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "Kíván megadni egy biztonsági kontextust? [y] "
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr "%s biztonsági kontextus hozzárendelve"
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "%s biztonsági kontextus hozzárendelve"
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -448,6 +489,7 @@ msgstr "Azonnal meg kell változtatnia a jelszavát (a jelszó elévült)"
msgid "Warning: your password will expire in %d day"
msgid_plural "Warning: your password will expire in %d days"
msgstr[0] "Figyelmeztetés: a jelszava lejár %d nap múlva"
+msgstr[1] "Figyelmeztetés: a jelszava lejár %d nap múlva"
#. TRANSLATORS: only used if dngettext is not support
#. ed
@@ -460,35 +502,44 @@ msgstr "Figyelmeztetés: a jelszava lejár %d nap múlva"
msgid "Password: "
msgstr "Jelszó: "
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "A NIS-jelszó nem módosítható."
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "Hosszabb jelszót kell választania"
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr "A jelszót már használta. Válasszon egy másikat."
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, fuzzy, c-format
msgid "Changing password for %s."
msgstr "STRESS jelszó megváltoztatása - "
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr "A (jelenlegi) UNIX jelszó: "
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr "Tovább kell várnia a jelszó módosítására"
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr "Adja meg az új UNIX jelszót: "
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr "Írja be újra a UNIX jelszót: "
+
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "Kíván másikat választani? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Adja meg a kívánt lehetőség számát: "
+
+#~ msgid "type: "
+#~ msgstr "típus: "
diff --git a/Linux-PAM/po/it.po b/Linux-PAM/po/it.po
index 84fb8e63..f2889d4d 100644
--- a/Linux-PAM/po/it.po
+++ b/Linux-PAM/po/it.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Linux-PAM\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: 2006-05-03 22:05+0200\n"
"Last-Translator: Novell Language <language@novell.com>\n"
"Language-Team: Novell Language <language@novell.com>\n"
@@ -183,46 +183,50 @@ msgstr "Reimmettere la nuova parola d'ordine%s%s:"
msgid "Sorry, passwords do not match."
msgstr "Le parole d'ordine non corrispondono."
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr "è la stessa di quella precedente"
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr "è un palindromo"
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr "cambiano solo le maiuscole/minuscole"
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr "è troppo simile alla precedente"
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr "è troppo semplice"
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr "è alternata"
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr "è già stata utilizzata"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "Nessuna parola d'ordine fornita"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "Parola d'ordine non modificata"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr "PAROLA D'ORDINE ERRTATA: %s"
@@ -269,7 +273,7 @@ msgstr "Ultimo login:%s%s%s"
msgid "Welcome to your new account!"
msgstr "Nuovo conto."
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr "Ci sono troppi login per '%s'."
@@ -310,54 +314,90 @@ msgstr "La cartella %s non contiene alcuna e-mail vecchia."
msgid "You have mail in folder %s."
msgstr "La cartella %s contiene e-mail."
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
msgstr "Il contesto di default è %s. \n"
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "Sceglierne un altro? [n]"
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "Immettere il numero di scelta:"
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
msgstr "Immettere un contesto di sicurezza? [s]"
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
msgstr "ruolo:"
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "tipo:"
-
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
msgstr "livello:"
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "Non è un contesto di sicurezza valido"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "Contesto di sicurezza %s assegnato"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "Immettere un contesto di sicurezza? [s]"
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr "Contesto di sicurezza %s assegnato"
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "Contesto di sicurezza %s assegnato"
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -462,39 +502,48 @@ msgstr "Avviso: la parola d'ordine scadrà tra %d giorni%.2s"
msgid "Password: "
msgstr "Parola d'ordine:"
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "[f1]Impossibile modificare parola d'ordine NIS."
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "Scegliere una parola d'ordine più lunga"
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr "Parola d'ordine già utilizzata. Sceglierne un'altra."
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, fuzzy, c-format
msgid "Changing password for %s."
msgstr "Cambio parola d'ordine STRESS per"
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr "Parola d'ordine UNIX (corrente):"
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr "Attendere ancora per cambiare la parola d'ordine "
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr "Immettere nuova parola d'ordine UNIX:"
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr "Reimmettere la nuova parola d'ordine UNIX:"
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "Sceglierne un altro? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Immettere il numero di scelta:"
+
+#~ msgid "type: "
+#~ msgstr "tipo:"
+
#, fuzzy
#~ msgid "Warning: your password will expire in one day"
#~ msgstr "Avviso: la parola d'ordine scadrà tra %d giorni%.2s"
diff --git a/Linux-PAM/po/ja.po b/Linux-PAM/po/ja.po
index 53f48966..080d8b01 100644
--- a/Linux-PAM/po/ja.po
+++ b/Linux-PAM/po/ja.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Linux-PAM\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: 2006-05-03 22:00+0200\n"
"Last-Translator: Novell Language <language@novell.com>\n"
"Language-Team: Novell Language <language@novell.com>\n"
@@ -178,46 +178,50 @@ msgstr "新しい%s%sパスワードを再入力してください:"
msgid "Sorry, passwords do not match."
msgstr "パスワードが一致しません。"
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr "パスワードが古いものと同じです。"
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr "前後どちらから読んでも同じパスワードです。"
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr "大文字小文字を変えただけのパスワード"
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr "古いものと似ています"
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr "簡単すぎます"
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr "回転しています"
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr "パスワードはすでに使用されています。"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "パスワードが与えられていません"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "パスワードが変更されていません"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr "よくないパスワード: %s"
@@ -264,7 +268,7 @@ msgstr "最終ログイン:%s%s%s"
msgid "Welcome to your new account!"
msgstr "新しいアカウントへようこそ。"
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr "'%s'のログイン数が多すぎます。"
@@ -305,54 +309,90 @@ msgstr "フォルダ%sに古いメールがあります。"
msgid "You have mail in folder %s."
msgstr "フォルダ%sにメールがあります。"
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
msgstr "デフォルトのコンテキストは%sです。 \n"
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "異なるコンテキストを選択しますか? [n]"
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "選択の番号を入力してください:"
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
msgstr "セキュリティコンテキストを入力しますか? [y]"
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
msgstr "役割:"
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "タイプ:"
-
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
msgstr "レベル:"
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "有効なセキュリティコンテキストでありません"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "割り当てられたセキュリティコンテキスト%s"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "セキュリティコンテキストを入力しますか? [y]"
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr "割り当てられたセキュリティコンテキスト%s"
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "割り当てられたセキュリティコンテキスト%s"
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -454,40 +494,49 @@ msgstr "警告: パスワードは%d日で有効期限が切れます。%.2s"
msgid "Password: "
msgstr "パスワード:"
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "NISパスワードを変更できませんでした。"
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "長いパスワードを選択する必要があります"
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr ""
"パスワードはすでに使用されています。 別のパスワードを選択してください。"
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, fuzzy, c-format
msgid "Changing password for %s."
msgstr "STRESSパスワードの変更元"
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr "現在のUNIXパスワード:"
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr "パスワードを変更するには長く待つ必要があります"
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr "新しいUNIXパスワードを入力してください:"
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr "新しいUNIX パスワードを再入力してください:"
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "異なるコンテキストを選択しますか? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "選択の番号を入力してください:"
+
+#~ msgid "type: "
+#~ msgstr "タイプ:"
+
#, fuzzy
#~ msgid "Warning: your password will expire in one day"
#~ msgstr "警告: パスワードは%d日で有効期限が切れます。%.2s"
diff --git a/Linux-PAM/po/km.po b/Linux-PAM/po/km.po
index af03b8ea..c186a093 100644
--- a/Linux-PAM/po/km.po
+++ b/Linux-PAM/po/km.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Linux-PAM\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: 2006-03-17 10:32+0700\n"
"Last-Translator: Khoem Sokhem <khoemsokhem@khmeros.info>\n"
"Language-Team: Khmer <support@khmeros.info>\n"
@@ -183,46 +183,50 @@ msgstr "វាយ​ពាក្យ​សម្ងាត់ %s%s ថ្មី​
msgid "Sorry, passwords do not match."
msgstr "សូម​ទោស ពាក្យ​សម្ងាត់​មិន​ដូច​គ្នា​ឡើយ ។"
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr "ដូច​គ្នា​នឹង​ពាក្យ​សម្ងាត់​ចាស់"
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr "ត្រឡប់​ចុះ​ឡើង"
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr "គ្រាន់​តែ​ផ្លាស់ប្ដូរ​លក្ខណៈ​អក្សរ​ប៉ុណ្ណោះ​"
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr "ស្រដៀង​គ្នា​ណាស់​នឹង​ពាក្យ​សម្ងាត់​ចាស់"
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr "សាមញ្ញ​ពេក"
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr "បាន​បង្វិល"
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr "បាន​ប្រើ​រួច​ហើយ"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "មិន​បាន​ផ្ដល់​ពាក្យសម្ងាត់"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "ពាក្យសម្ងាត់​មិន​បាន​ផ្លាស់ប្ដូរ​ឡើយ"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr "ពាក្យ​សម្ងាត់​មិន​ល្អ ៖ %s"
@@ -269,7 +273,7 @@ msgstr "ចូល​ចុងក្រោយ ៖%s%s%s"
msgid "Welcome to your new account!"
msgstr "សូម​ស្វាគមន៍​មក​កាន់​គណនី​ថ្មី​របស់​អ្នក !"
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr "មាន​ការ​ចូល​ច្រើន​ពេក​សម្រាប់ '%s' ។"
@@ -310,54 +314,90 @@ msgstr "អ្នក​មាន​សំបុត្រ​ចាស់​នៅ
msgid "You have mail in folder %s."
msgstr "អ្នក​មាន​សំបុត្រ​នៅ​ក្នុង​ថត %s ។"
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
msgstr "បរិបទ​លំនាំដើម​របស់​អ្នក​គឺ %s ។ \n"
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "តើ​អ្នក​ចង់​ជ្រើស​មួយ​ទៀត​ទេ ? [n]"
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "បញ្ចូល​លេខ​ជម្រើស ៖ "
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
msgstr "តើ​អ្នក​ចង់​បញ្ចូល​បរិបទ​សុវត្ថិភាព​មួយ​ឬ​ទេ ? [y] "
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
msgstr "តួនាទី ៖ "
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "ប្រភេទ ៖ "
-
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
msgstr "កម្រិត ៖ "
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "មិន​មែន​ជា​បរិបទ​សុវត្ថិភាព​ត្រឹមត្រូវ​មួយឡើយ"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "បរិបទ​សុវត្ថិភាព %s បាន​ផ្ដល់​តម្លៃ​"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "តើ​អ្នក​ចង់​បញ្ចូល​បរិបទ​សុវត្ថិភាព​មួយ​ឬ​ទេ ? [y] "
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr "បរិបទ​សុវត្ថិភាព %s បាន​ផ្ដល់​តម្លៃ​"
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "បរិបទ​សុវត្ថិភាព %s បាន​ផ្ដល់​តម្លៃ​"
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -458,39 +498,48 @@ msgstr "ការ​ព្រមាន ៖ ពាក្យសម្ងាត់
msgid "Password: "
msgstr "ពាក្យសម្ងាត់ ៖ "
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "មិន​អាច​ផ្លាស់ប្ដូរ​ពាក្យសម្ងាត់ NIS បាន​ឡើយ ។"
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "អ្នក​ត្រូវ​តែ​ជ្រើស​ពាក្យសម្ងាត់​វែង​ជាង​នេះ"
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr "ពាក្យសម្ងាត់​ត្រូវ​បាន​ប្រើ​រួច​ហើយ ។ សូម​ជ្រើស​មួយ​ទៀត ។"
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, fuzzy, c-format
msgid "Changing password for %s."
msgstr "ការ​ផ្លាស់ប្ដូរ​ពាក្យ​សម្ងាត់ STRESS សម្រាប់ "
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr "(បច្ចុប្បន្ន) ពាក្យ​សម្ងាត់ UNIX ៖"
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr "អ្នក​ត្រូវ​តែ​រង់ចាំ​បន្តិច ដើម្បី​ផ្លាស់ប្ដូរ​ពាក្យសម្ងាត់​របស់​អ្នក"
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr "បញ្ចូល​ពាក្យ​សម្ងាត់ UNIX ថ្មី ៖ "
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr "វាយ​ពាក្យ​សម្ងាត់ UNIX ថ្មី​ម្ដង​ទៀត ៖ "
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "តើ​អ្នក​ចង់​ជ្រើស​មួយ​ទៀត​ទេ ? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "បញ្ចូល​លេខ​ជម្រើស ៖ "
+
+#~ msgid "type: "
+#~ msgstr "ប្រភេទ ៖ "
+
#, fuzzy
#~ msgid "Warning: your password will expire in one day"
#~ msgstr "ការ​ព្រមាន ៖ ពាក្យសម្ងាត់​របស់​អ្នក​នឹង​ផុតកំណត់​ក្នុង​រយៈពេល %d ថ្ងៃ %.2s ។"
diff --git a/Linux-PAM/po/nb.po b/Linux-PAM/po/nb.po
index f260c5b4..004c71bc 100644
--- a/Linux-PAM/po/nb.po
+++ b/Linux-PAM/po/nb.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Linux-PAM\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: 2006-05-03 22:04+0200\n"
"Last-Translator: Olav Pettershagen <olav.pet@online.no>\n"
"Language-Team: <nb@li.org>\n"
@@ -178,46 +178,50 @@ msgstr "Bekreft nytt %s%s-passord: "
msgid "Sorry, passwords do not match."
msgstr "Beklager, ikke samsvar mellom passord."
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr "er det samme som det gamle"
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr "er et palindrom"
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr "kun endring av små/store bokstaver"
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr "er for likt det gamle"
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr "er for enkelt"
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr "er rotert"
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr "er allerede benyttet"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "Passord ikke angitt"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "Passord uendret"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr "SVAKT PASSORD: %s"
@@ -264,7 +268,7 @@ msgstr "Siste innlogging:%s%s%s"
msgid "Welcome to your new account!"
msgstr "Velkommen til din nye konto!"
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr "For mange innlogginger for '%s'."
@@ -305,54 +309,90 @@ msgstr "Du har ulest e-post i mappen %s."
msgid "You have mail in folder %s."
msgstr "Du har e-post i mappen %s."
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
msgstr "Din standardkontekst er %s. \n"
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "Vil du velge en annen? [n]"
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "Angi et tall: "
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
msgstr "Vil du angi en sikkerhetskontekst? [y] "
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
msgstr "rolle: "
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "type: "
-
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
msgstr "nivå: "
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "Ikke en gyldig sikkerhetskontekst"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "Sikkerhetskontekst %s tilordnet"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "Vil du angi en sikkerhetskontekst? [y] "
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr "Sikkerhetskontekst %s tilordnet"
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "Sikkerhetskontekst %s tilordnet"
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -453,39 +493,48 @@ msgstr "Advarsel: passordet ditt vil utløpe om %d dager%.2s"
msgid "Password: "
msgstr "Passord: "
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "NIS-passord kunne ikke endres."
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "Du må velge et lengre passord"
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr "Passordet er allerede benyttet. Velg et annet."
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, fuzzy, c-format
msgid "Changing password for %s."
msgstr "Endrer STRESS-passord for "
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr "(gjeldende) UNIX-passord: "
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr "Du må vente lenger før du kan endre passordet"
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr "Angi nytt UNIX-passord: "
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr "Bekreft nytt UNIX-passord: "
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "Vil du velge en annen? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Angi et tall: "
+
+#~ msgid "type: "
+#~ msgstr "type: "
+
#, fuzzy
#~ msgid "Warning: your password will expire in one day"
#~ msgstr "Advarsel: passordet ditt vil utløpe om %d dager%.2s"
diff --git a/Linux-PAM/po/nl.po b/Linux-PAM/po/nl.po
index 5f11c4ee..b4caac18 100644
--- a/Linux-PAM/po/nl.po
+++ b/Linux-PAM/po/nl.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Linux-PAM.nl\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: 2006-05-03 22:02+0200\n"
"Last-Translator: Rinse de Vries <rinsedevries@kde.nl>\n"
"Language-Team: Dutch <kde-i18n-nl@kde.org>\n"
@@ -181,46 +181,50 @@ msgstr "Nieuw %s%s-wachtwoord herhalen: "
msgid "Sorry, passwords do not match."
msgstr "Helaas, wachtwoorden komen niet overeen."
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr "is hetzelfde als het oude wachtwoord."
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr "is een palindrome"
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr "alleen gebruik hoofd/kleine letters gewijzigd"
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr "lijkt teveel op oud wachtwoord"
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr "is te eenvoudig"
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr "is omgedraaid"
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr "is al gebruikt"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "Geen wachtwoord opgegeven"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "Wachtwoord is niet gewijzigd"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr "SLECHT WACHTWOORD: %s"
@@ -267,7 +271,7 @@ msgstr "Laatste keer aangemeld: %s%s%s"
msgid "Welcome to your new account!"
msgstr "Welkom bij uw nieuwe account!"
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr "Te vaak aangemeld met '%s'."
@@ -308,54 +312,90 @@ msgstr "U hebt oude e-mail in map %s."
msgid "You have mail in folder %s."
msgstr "U hebt e-mail in map %s."
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
msgstr "Uw standaardcontext is %s. \n"
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "Wilt u een andere kiezen? [n]"
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "Voer het gekozen getal in: "
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
msgstr "Wilt u een beveiligingscontext invoeren? [y] "
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
msgstr "rol: "
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "type: "
-
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
msgstr "niveau: "
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "Geen geldige beveiligingscontext"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "Beveilgingscontext %s toegewezen"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "Wilt u een beveiligingscontext invoeren? [y] "
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr "Beveilgingscontext %s toegewezen"
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "Beveilgingscontext %s toegewezen"
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -459,38 +499,47 @@ msgstr "Waarschuwing: uw wachtwoord zal over %d day%.2s verlopen"
msgid "Password: "
msgstr "Wachtwoord: "
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "NIS-wachtwoord kon niet worden gewijzigd."
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "Kies een langer wachtwoord"
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr "Dit wachtwoord is al gebruikt. Kies een ander wachtwoord."
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, fuzzy, c-format
msgid "Changing password for %s."
msgstr "STRESS-wachtwoord wijzigen voor "
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr "(huidig) UNIX-wachtwoord: "
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr "U moet langer wachten om uw wachtwoord te wijzigen"
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr "Nieuw UNIX-wachtwoord invoeren: "
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr "Nieuw UNIX-wachtwoord herhalen: "
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "Wilt u een andere kiezen? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Voer het gekozen getal in: "
+
+#~ msgid "type: "
+#~ msgstr "type: "
+
#~ msgid "dlopen() failure"
#~ msgstr "dlopen() failure"
diff --git a/Linux-PAM/po/pa.po b/Linux-PAM/po/pa.po
index fc8b5c0b..3bf63135 100644
--- a/Linux-PAM/po/pa.po
+++ b/Linux-PAM/po/pa.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Linux-PAM.pa\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: 2005-08-06 08:34+0530\n"
"Last-Translator: Amanpreet Singh Alam[ਆਲਮ] <amanpreetalam@yahoo.com>\n"
"Language-Team: Panjabi <pa@li.org>\n"
@@ -183,47 +183,51 @@ msgstr "ਨਵਾਂ STRESS ਗੁਪਤ-ਕੋਡ ਮੁੜ-ਲਿਖੋ: "
msgid "Sorry, passwords do not match."
msgstr "NIS ਗੁਪਤ-ਕੋਡ ਤਬਦੀਲ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਿਆ ਹੈ।"
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr ""
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr ""
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr ""
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr ""
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr ""
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr ""
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
#, fuzzy
msgid "has been already used"
msgstr "ਗੁਪਤ-ਕੋਡ ਪਹਿਲਾਂ ਵੀ ਵਰਤਿਆ ਗਿਆ ਹੈ। ਵੱਖਰਾ ਚੁਣੋ।"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "ਕੋਈ ਗੁਪਤ-ਕੋਡ ਨਹੀਂ ਦਿੱਤਾ ਗਿਆ"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "ਗੁਪਤ-ਕੋਡ ਨਾ-ਤਬਦੀਲ ਹੈ"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr ""
@@ -270,7 +274,7 @@ msgstr ""
msgid "Welcome to your new account!"
msgstr ""
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr ""
@@ -311,54 +315,90 @@ msgstr ""
msgid "You have mail in folder %s."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
msgstr "ਤੁਹਾਡਾ ਮੁੱਲ ਪਰਸੰਗ %s ਹੈ \n"
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "ਕੀ ਤੁਸੀਂ ਵੱਖਰੇ ਦੀ ਚੋਣ ਕਰਨੀ ਚਾਹੁੰਦੇ ਹੋ? [n]"
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "ਚੋਣ ਦਾ ਨੰਬਰ ਦਿਓ: "
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
msgstr "ਕੀ ਤੁਸੀਂ ਇੱਕ ਸੁਰੱਖਿਆ ਪਰਸੰਗ ਦੇਣਾ ਚਾਹੁੰਦੇ ਹੋ? [y] "
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
msgstr "ਰੋਲ: "
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "ਕਿਸਮ: "
-
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
msgstr "ਪੱਧਰ: "
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "ਇੱਕ ਠੀਕ ਸੁਰੱਖਿਆ ਪਰਸੰਗ ਨਹੀਂ"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "ਇੱਕ ਠੀਕ ਸੁਰੱਖਿਆ ਪਰਸੰਗ ਨਹੀਂ"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "ਕੀ ਤੁਸੀਂ ਇੱਕ ਸੁਰੱਖਿਆ ਪਰਸੰਗ ਦੇਣਾ ਚਾਹੁੰਦੇ ਹੋ? [y] "
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr ""
+#: modules/pam_selinux/pam_selinux.c:649
+#, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr ""
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -460,48 +500,53 @@ msgstr "ਸਾਵਧਾਨ: ਤੁਹਾਡਾ ਗੁਪਤ-ਕੋਡ ਦੀ ਮ
msgid "Password: "
msgstr "ਗੁਪਤ-ਕੋਡ ਨਾ-ਤਬਦੀਲ ਹੈ"
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "NIS ਗੁਪਤ-ਕੋਡ ਤਬਦੀਲ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਿਆ ਹੈ।"
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "ਤੁਹਾਨੂੰ ਲੰਮੇ ਗੁਪਤ-ਕੋਡ ਦੀ ਚੋਣ ਕਰਨੀ ਚਾਹੀਦੀ ਹੈ"
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr "ਗੁਪਤ-ਕੋਡ ਪਹਿਲਾਂ ਵੀ ਵਰਤਿਆ ਗਿਆ ਹੈ। ਵੱਖਰਾ ਚੁਣੋ।"
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, c-format
msgid "Changing password for %s."
msgstr ""
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr ""
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr ""
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
#, fuzzy
msgid "Enter new UNIX password: "
msgstr "ਨਵਾਂ STRESS ਗੁਪਤ-ਕੋਡ ਦਿਓ: "
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
#, fuzzy
msgid "Retype new UNIX password: "
msgstr "ਨਵਾਂ STRESS ਗੁਪਤ-ਕੋਡ ਮੁੜ-ਲਿਖੋ: "
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "ਕੀ ਤੁਸੀਂ ਵੱਖਰੇ ਦੀ ਚੋਣ ਕਰਨੀ ਚਾਹੁੰਦੇ ਹੋ? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "ਚੋਣ ਦਾ ਨੰਬਰ ਦਿਓ: "
+
+#~ msgid "type: "
+#~ msgstr "ਕਿਸਮ: "
+
#, fuzzy
#~ msgid "Warning: your password will expire in one day"
#~ msgstr "ਸਾਵਧਾਨ: ਤੁਹਾਡਾ ਗੁਪਤ-ਕੋਡ ਦੀ ਮਿਆਦ %d ਦਿਨ%.2s 'ਚ ਪੁੱਗ ਜਾਵੇਗੀ।"
#~ msgid "dlopen() failure"
#~ msgstr "dlopen() ਫੇਲ"
-
-#, fuzzy
-#~ msgid "%s: set %s security context to %s"
-#~ msgstr "ਇੱਕ ਠੀਕ ਸੁਰੱਖਿਆ ਪਰਸੰਗ ਨਹੀਂ"
diff --git a/Linux-PAM/po/pl.po b/Linux-PAM/po/pl.po
index 45f867e7..ecf522d9 100644
--- a/Linux-PAM/po/pl.po
+++ b/Linux-PAM/po/pl.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Linux-PAM\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: 2006-05-03 21:58+0200\n"
"Last-Translator: Wojciech Kapusta <wojciech@aviary.pl>\n"
"Language-Team: <pl@li.org>\n"
@@ -183,46 +183,50 @@ msgstr "Powtórzenie nowego hasła %s%s: "
msgid "Sorry, passwords do not match."
msgstr "Podane hasła nie są zgodne."
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr "jest identyczne ze starym"
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr "jest palindromem"
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr "ma zmienioną tylko wielkość znaków"
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr "jest zbyt podobne do poprzedniego"
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr "jest zbyt proste"
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr "jest obrócone"
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr "było już używane"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "Nie podano hasła"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "Hasło nie zmienione"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr "ZŁE HASŁO: %s"
@@ -269,7 +273,7 @@ msgstr "Ostatnie logowanie:%s%s%s"
msgid "Welcome to your new account!"
msgstr "Witaj na swoim nowym koncie!"
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr "Zbyt wiele prób zalogowania na '%s'."
@@ -310,54 +314,90 @@ msgstr "Stare wiadomości katalogu %s."
msgid "You have mail in folder %s."
msgstr "Wiadomości w katalogu %s."
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
msgstr "Domyślny kontekst: %s. \n"
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "Czy powtórzyć wybieranie? [n]"
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "Wybrana liczba: "
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
msgstr "Czy wejść w kontekst bezpieczeństwa? [y]"
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
msgstr "rola: "
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "typ:"
-
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
msgstr "poziom: "
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "Nieważny kontekst bezpieczeństwa"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "Kontekst bezpieczeństwa %s przypisany"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "Czy wejść w kontekst bezpieczeństwa? [y]"
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr "Kontekst bezpieczeństwa %s przypisany"
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "Kontekst bezpieczeństwa %s przypisany"
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -459,39 +499,48 @@ msgstr "Ostrzeżenie: hasło wygaśnie za %d dni%.2s"
msgid "Password: "
msgstr "Hasło: "
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "Nie można zmienić hasła NIS."
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "Proszę podać dłuższe hasło"
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr "Hasło było już używane. Proszę wybrać inne."
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, fuzzy, c-format
msgid "Changing password for %s."
msgstr "Zmiana hasła STRESS dla "
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr "Bieżące hasło UNIX:"
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr "Proszę poczekać dłużej aby zmienić hasło"
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr "Nowe hasło UNIX: "
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr "Powtórzenie hasła UNIX: "
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "Czy powtórzyć wybieranie? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Wybrana liczba: "
+
+#~ msgid "type: "
+#~ msgstr "typ:"
+
#, fuzzy
#~ msgid "Warning: your password will expire in one day"
#~ msgstr "Ostrzeżenie: hasło wygaśnie za %d dni%.2s"
diff --git a/Linux-PAM/po/pt.po b/Linux-PAM/po/pt.po
index 5b4e9ecc..932b0878 100644
--- a/Linux-PAM/po/pt.po
+++ b/Linux-PAM/po/pt.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Linux-PAM.pt\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: 2006-05-03 21:54+0200\n"
"Last-Translator: Antonio Cardoso Martins <digiplan@netvisao.pt>\n"
"Language-Team: portuguese\n"
@@ -180,46 +180,50 @@ msgstr "Digite novamente a nova %s%spalavra passe: "
msgid "Sorry, passwords do not match."
msgstr "Lamento, as palavras passe não coincidem."
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr "é igual à anterior"
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr "é um palíndrome"
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr "apenas muda a capitulação"
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr "é demasiado similar à anterior"
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr "é demasiado simples"
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr "é rodada"
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr "já foi utilizada"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "Não foi fornecida uma palavra passe"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "Palavra passe inalterada"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr "MÁ PALAVRA PASSE: %s"
@@ -266,7 +270,7 @@ msgstr "Último início de sessão: %s%s%s"
msgid "Welcome to your new account!"
msgstr "Bemvindo à sua nova conta!"
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr "Demasiados inícios de sessão para '%s'."
@@ -307,54 +311,90 @@ msgstr "Tem correio electrónico antigo na pasta %s."
msgid "You have mail in folder %s."
msgstr "Tem correio electrónico na pasta %s."
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
msgstr "O seu contexto pré-definido é %s: \n"
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "Pretende escolher um diferente? [n]"
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "Digite o número da escolha: "
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
msgstr "Pretende introduzir um contexto de segurança? [y]"
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
msgstr "papel: "
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "tipo: "
-
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
msgstr "nível: "
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "Não é um contexto de segurança válido"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "Contexto de Segurança %s Atribuído"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "Pretende introduzir um contexto de segurança? [y]"
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr "Contexto de Segurança %s Atribuído"
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "Contexto de Segurança %s Atribuído"
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -459,39 +499,48 @@ msgstr "Aviso: a sua palavra passe expira em %d dia%.2s"
msgid "Password: "
msgstr "Palavra passe: "
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "A palavra passe de NIS não pode ser alterada."
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "Deve escolher uma palavra passe mais longa"
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr "A palavra passe já foi anteriormente utilizada. Escolha outra."
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, fuzzy, c-format
msgid "Changing password for %s."
msgstr "A alterar a palavra passe de STRESS para "
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr "palavra passe UNIX (actual): "
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr "Tem de esperar mais antes de poder alterar a sua palavra passe"
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr "Digite a nova palavra passe UNIX: "
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr "Digite novamente a nova palavra passe UNIX: "
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "Pretende escolher um diferente? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Digite o número da escolha: "
+
+#~ msgid "type: "
+#~ msgstr "tipo: "
+
#, fuzzy
#~ msgid "Warning: your password will expire in one day"
#~ msgstr "Aviso: a sua palavra passe expira em %d dia%.2s"
diff --git a/Linux-PAM/po/pt_BR.po b/Linux-PAM/po/pt_BR.po
index a7f97884..d47fd147 100644
--- a/Linux-PAM/po/pt_BR.po
+++ b/Linux-PAM/po/pt_BR.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Linux-PAM\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: 2006-05-03 21:55+0200\n"
"Last-Translator: Novell Language <language@novell.com>\n"
"Language-Team: Novell Language <language@novell.com>\n"
@@ -178,46 +178,50 @@ msgstr "Redigite a nova %s%ssenha:"
msgid "Sorry, passwords do not match."
msgstr "As senhas não são iguais."
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr "é igual à antiga senha"
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr "é um palíndromo"
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr "mudou apenas maiúsculas/minúsculas"
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr "é muito semelhante à antiga"
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr "é simples demais"
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr "foi invertida"
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr "já foi usada"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "Nenhuma senha informada"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "Senha inalterada"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr "SENHA INCORRETA: %s"
@@ -264,7 +268,7 @@ msgstr "Último login:%s%s%s"
msgid "Welcome to your new account!"
msgstr "Bem-vindo à sua nova conta!"
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr "Há logins demais para '%s'."
@@ -305,54 +309,90 @@ msgstr "Há mensagens antigas na pasta %s."
msgid "You have mail in folder %s."
msgstr "Há mensagens na pasta %s."
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
msgstr "Seu contexto padrão é %s. \n"
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "Deseja escolher um diferente? [n]"
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "Digite o número escolhido:"
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
msgstr "Deseja digitar um contexto de segurança? [s]"
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
msgstr "função:"
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "digite:"
-
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
msgstr "nível:"
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "Não é um contexto de segurança válido"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "Contexto de Segurança %s Atribuído"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "Deseja digitar um contexto de segurança? [s]"
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr "Contexto de Segurança %s Atribuído"
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "Contexto de Segurança %s Atribuído"
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -453,39 +493,48 @@ msgstr "Aviso: sua senha expirará em %d dia%.2s"
msgid "Password: "
msgstr "Senha:"
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "A senha NIS não pôde ser mudada."
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "Escolha uma senha mais longa"
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr "A senha já foi usada. Escolha outra."
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, fuzzy, c-format
msgid "Changing password for %s."
msgstr "Mudando senha STRESS para"
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr "Senha UNIX (atual):"
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr "Aguarde mais tempo para mudar a senha"
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr "Digite a nova senha UNIX:"
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr "Redigite a nova senha UNIX:"
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "Deseja escolher um diferente? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Digite o número escolhido:"
+
+#~ msgid "type: "
+#~ msgstr "digite:"
+
#, fuzzy
#~ msgid "Warning: your password will expire in one day"
#~ msgstr "Aviso: sua senha expirará em %d dia%.2s"
diff --git a/Linux-PAM/po/ru.po b/Linux-PAM/po/ru.po
new file mode 100644
index 00000000..aa18bccb
--- /dev/null
+++ b/Linux-PAM/po/ru.po
@@ -0,0 +1,560 @@
+# @TITLE@
+# Copyright (C) 2006, SUSE Linux GmbH, Nuremberg
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+# This file is distributed under the same license as @PACKAGE@ package. FIRST
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: @PACKAGE@\n"
+"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
+"PO-Revision-Date: 2006-01-04 08:58+0100\n"
+"Last-Translator: Novell Language <language@novell.com>\n"
+"Language-Team: Novell Language <language@novell.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%"
+"10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
+
+#: libpam_misc/misc_conv.c:33
+msgid "...Time is running out...\n"
+msgstr "...Время истекает...\n"
+
+#: libpam_misc/misc_conv.c:34
+msgid "...Sorry, your time is up!\n"
+msgstr "...Извините, ваше время истекло!\n"
+
+#: libpam_misc/misc_conv.c:343
+#, c-format
+msgid "erroneous conversation (%d)\n"
+msgstr "ошибочный диалог (%d)\n"
+
+#: libpam/pam_item.c:271
+msgid "login:"
+msgstr "регистрация:"
+
+#: libpam/pam_strerror.c:40
+msgid "Success"
+msgstr "Успех"
+
+#: libpam/pam_strerror.c:42
+msgid "Critical error - immediate abort"
+msgstr "Критическая ошибка - незамедлительное прерывание операции"
+
+#: libpam/pam_strerror.c:44
+#, fuzzy
+msgid "Failed to load module"
+msgstr "Не удалось загрузить модуль \"%s\"."
+
+#: libpam/pam_strerror.c:46
+msgid "Symbol not found"
+msgstr "Символ не найден"
+
+# Translators: error message
+#: libpam/pam_strerror.c:48
+msgid "Error in service module"
+msgstr "Ошибка в модуле службы"
+
+#: libpam/pam_strerror.c:50
+msgid "System error"
+msgstr "Системная ошибка"
+
+#: libpam/pam_strerror.c:52
+msgid "Memory buffer error"
+msgstr "Ошибка буфера памяти"
+
+#: libpam/pam_strerror.c:54
+msgid "Permission denied"
+msgstr "Доступ запрещен"
+
+#: libpam/pam_strerror.c:56
+msgid "Authentication failure"
+msgstr "Сбой при проверке подлинности"
+
+#: libpam/pam_strerror.c:58
+msgid "Insufficient credentials to access authentication data"
+msgstr "Недостаточно учетных данных для доступа к данным проверки подлинности"
+
+#: libpam/pam_strerror.c:60
+msgid "Authentication service cannot retrieve authentication info"
+msgstr ""
+"Службе проверки подлинности не удается загрузить сведения аутентификации"
+
+#: libpam/pam_strerror.c:62
+msgid "User not known to the underlying authentication module"
+msgstr "Пользователь не известен базовому модулю проверки подлинности"
+
+#: libpam/pam_strerror.c:64
+msgid "Have exhausted maximum number of retries for service"
+msgstr "Использовано максимальное число попыток, заданное для службы"
+
+#: libpam/pam_strerror.c:66
+#, fuzzy
+msgid "Authentication token is no longer valid; new one required"
+msgstr "Маркер проверки подлинности более недействителен; требуется новый."
+
+#: libpam/pam_strerror.c:68
+msgid "User account has expired"
+msgstr "Срок действия учетной записи пользователя истек"
+
+#: libpam/pam_strerror.c:70
+msgid "Cannot make/remove an entry for the specified session"
+msgstr "Не удалось создать/удалить запись для указанного сеанса"
+
+#: libpam/pam_strerror.c:72
+msgid "Authentication service cannot retrieve user credentials"
+msgstr ""
+"Службе проверки подлинности не удается загрузить учетные данные пользователя"
+
+#: libpam/pam_strerror.c:74
+msgid "User credentials expired"
+msgstr "Срок действия учетных данных пользователя истек"
+
+#: libpam/pam_strerror.c:76
+msgid "Failure setting user credentials"
+msgstr "Сбой при настройке учетных данных пользователя"
+
+#: libpam/pam_strerror.c:78
+msgid "No module specific data is present"
+msgstr "Отсутствуют данные, специфичные для модуля"
+
+#: libpam/pam_strerror.c:80
+msgid "Bad item passed to pam_*_item()"
+msgstr "В pam_*_item() передан неверный элемент"
+
+#: libpam/pam_strerror.c:82
+msgid "Conversation error"
+msgstr "Ошибка диалога"
+
+#: libpam/pam_strerror.c:84
+msgid "Authentication token manipulation error"
+msgstr "Ошибка при операциях с маркером проверки подлинности"
+
+#: libpam/pam_strerror.c:86
+msgid "Authentication information cannot be recovered"
+msgstr "Не удается восстановить сведения аутентификации"
+
+#: libpam/pam_strerror.c:88
+msgid "Authentication token lock busy"
+msgstr "Блокировка маркера проверки подлинности занята"
+
+#: libpam/pam_strerror.c:90
+msgid "Authentication token aging disabled"
+msgstr "Ограничение срока действия маркера проверки подлинности отключено"
+
+#: libpam/pam_strerror.c:92
+msgid "Failed preliminary check by password service"
+msgstr "Службе паролей не удалось выполнить предварительную проверку"
+
+#: libpam/pam_strerror.c:94
+msgid "The return value should be ignored by PAM dispatch"
+msgstr "Возвращенное значение не должно учитываться при передаче в PAM"
+
+#: libpam/pam_strerror.c:96
+msgid "Module is unknown"
+msgstr "Неизвестный модуль"
+
+#: libpam/pam_strerror.c:98
+msgid "Authentication token expired"
+msgstr "Срок действия маркера проверки подлинности истек"
+
+#: libpam/pam_strerror.c:100
+msgid "Conversation is waiting for event"
+msgstr "Процесс диалога ожидает событие"
+
+#: libpam/pam_strerror.c:102
+msgid "Application needs to call libpam again"
+msgstr "Приложение должно повторно вызвать libpam"
+
+#: libpam/pam_strerror.c:105
+msgid "Unknown PAM error"
+msgstr "Неизвестная ошибка PAM"
+
+#: modules/pam_cracklib/pam_cracklib.c:60
+#, c-format
+msgid "New %s%spassword: "
+msgstr "Новый пароль %s%s: "
+
+# Keep the newlines and spaces after ':'!
+#: modules/pam_cracklib/pam_cracklib.c:62
+#, c-format
+msgid "Retype new %s%spassword: "
+msgstr "Повторите ввод нового пароля %s%s: "
+
+#: modules/pam_cracklib/pam_cracklib.c:63
+msgid "Sorry, passwords do not match."
+msgstr "Извините, но пароли не совпадают."
+
+#: modules/pam_cracklib/pam_cracklib.c:427
+msgid "is the same as the old one"
+msgstr "совпадает со старым"
+
+#: modules/pam_cracklib/pam_cracklib.c:440
+msgid "is a palindrome"
+msgstr "является палиндромом"
+
+#: modules/pam_cracklib/pam_cracklib.c:443
+msgid "case changes only"
+msgstr "изменения только в регистре"
+
+#: modules/pam_cracklib/pam_cracklib.c:446
+msgid "is too similar to the old one"
+msgstr "слишком похож на старый"
+
+#: modules/pam_cracklib/pam_cracklib.c:449
+msgid "is too simple"
+msgstr "слишком простой"
+
+#: modules/pam_cracklib/pam_cracklib.c:452
+msgid "is rotated"
+msgstr "является результатом чередования"
+
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
+msgid "has been already used"
+msgstr "уже был использован"
+
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
+msgid "No password supplied"
+msgstr "Пароль не указан"
+
+# password dialog title
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
+msgid "Password unchanged"
+msgstr "Пароль не изменен"
+
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
+#, c-format
+msgid "BAD PASSWORD: %s"
+msgstr "НЕВЕРНЫЙ ПАРОЛЬ: %s"
+
+#: modules/pam_exec/pam_exec.c:118
+#, fuzzy, c-format
+msgid "%s failed: exit code %d"
+msgstr "Ошибочное выполнение скрипта '{0}' с кодом '{1}'"
+
+#: modules/pam_exec/pam_exec.c:126
+#, c-format
+msgid "%s failed: caught signal %d%s"
+msgstr ""
+
+#: modules/pam_exec/pam_exec.c:134
+#, c-format
+msgid "%s failed: unknown status 0x%x"
+msgstr ""
+
+#. TRANSLATORS: "strftime options for date of last login"
+#: modules/pam_lastlog/pam_lastlog.c:190
+msgid " %a %b %e %H:%M:%S %Z %Y"
+msgstr "%a %b %e %H:%M:%S %Z %Y"
+
+#. TRANSLATORS: " from <host>"
+#: modules/pam_lastlog/pam_lastlog.c:199
+#, c-format
+msgid " from %.*s"
+msgstr "с %.*s"
+
+#. TRANSLATORS: " on <terminal>"
+#: modules/pam_lastlog/pam_lastlog.c:211
+#, c-format
+msgid " on %.*s"
+msgstr "на %.*s"
+
+#. TRANSLATORS: "Last login: <date> from <host> on <terminal>"
+#: modules/pam_lastlog/pam_lastlog.c:220
+#, c-format
+msgid "Last login:%s%s%s"
+msgstr "Последний вход в систему:%s%s%s"
+
+#: modules/pam_lastlog/pam_lastlog.c:226
+msgid "Welcome to your new account!"
+msgstr "Добро пожаловать в новую учетную запись!"
+
+#: modules/pam_limits/pam_limits.c:702
+#, c-format
+msgid "Too many logins for '%s'."
+msgstr "Слишком много регистраций в системе для '%s'."
+
+#: modules/pam_mail/pam_mail.c:313
+msgid "No mail."
+msgstr "Почты нет."
+
+#: modules/pam_mail/pam_mail.c:316
+msgid "You have new mail."
+msgstr "Есть новая почта."
+
+#: modules/pam_mail/pam_mail.c:319
+msgid "You have old mail."
+msgstr "Есть старая почта."
+
+#: modules/pam_mail/pam_mail.c:323
+msgid "You have mail."
+msgstr "Есть почта."
+
+#: modules/pam_mail/pam_mail.c:330
+#, c-format
+msgid "You have no mail in folder %s."
+msgstr "Нет почты в папке %s."
+
+#: modules/pam_mail/pam_mail.c:334
+#, c-format
+msgid "You have new mail in folder %s."
+msgstr "Есть новая почта в папке %s."
+
+#: modules/pam_mail/pam_mail.c:338
+#, c-format
+msgid "You have old mail in folder %s."
+msgstr "Есть старая почта в папке %s."
+
+#: modules/pam_mail/pam_mail.c:343
+#, c-format
+msgid "You have mail in folder %s."
+msgstr "Есть почта в папке %s."
+
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
+#, c-format
+msgid "Creating directory '%s'."
+msgstr ""
+
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
+#, c-format
+msgid "Unable to create directory %s: %m"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
+msgstr "Контекст по умолчанию - %s. \n"
+
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
+
+# power-off message
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
+msgstr "Хотите ввести контекст безопасности? [y]"
+
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
+msgstr "роль: "
+
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
+msgstr "уровень: "
+
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
+msgid "Not a valid security context"
+msgstr "Неверный контекст безопасности"
+
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "Контекст безопасности %s назначен"
+
+# power-off message
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "Хотите ввести контекст безопасности? [y]"
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
+#, c-format
+msgid "Security Context %s Assigned"
+msgstr "Контекст безопасности %s назначен"
+
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "Контекст безопасности %s назначен"
+
+#: modules/pam_selinux/pam_selinux_check.c:99
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "не удалось инициировать PAM\n"
+
+#: modules/pam_selinux/pam_selinux_check.c:105
+#, c-format
+msgid "failed to pam_set_item()\n"
+msgstr "не удалось выполнить pam_set_item()\n"
+
+#: modules/pam_selinux/pam_selinux_check.c:133
+#, c-format
+msgid "login: failure forking: %m"
+msgstr "регистрация: сбой при создании нового процесса: %m"
+
+#: modules/pam_stress/pam_stress.c:476
+#, fuzzy, c-format
+msgid "Changing STRESS password for %s."
+msgstr "Смена пароля STRESS для"
+
+#: modules/pam_stress/pam_stress.c:490
+msgid "Enter new STRESS password: "
+msgstr "Введите новый пароль STRESS: "
+
+# Keep the newlines and spaces after ':'!
+#: modules/pam_stress/pam_stress.c:493
+msgid "Retype new STRESS password: "
+msgstr "Повторите ввод нового пароля STRESS: "
+
+#: modules/pam_stress/pam_stress.c:522
+msgid "Verification mis-typed; password unchanged"
+msgstr "Подтверждение введено неправильно; пароль не изменен"
+
+#: modules/pam_tally/pam_tally.c:741
+msgid "Authentication error"
+msgstr "Ошибка при проверке подлинности"
+
+#: modules/pam_tally/pam_tally.c:742
+msgid "Service error"
+msgstr "Ошибка службы"
+
+#: modules/pam_tally/pam_tally.c:743
+msgid "Unknown user"
+msgstr "Неизвестный пользователь"
+
+#: modules/pam_tally/pam_tally.c:744
+msgid "Unknown error"
+msgstr "Неизвестная ошибка"
+
+#: modules/pam_tally/pam_tally.c:760
+#, c-format
+msgid "%s: Bad number given to --reset=\n"
+msgstr "%s: указано неверное число для --reset=\n"
+
+#: modules/pam_tally/pam_tally.c:764
+#, c-format
+msgid "%s: Unrecognised option %s\n"
+msgstr "%s: неопознанный параметр %s\n"
+
+#: modules/pam_tally/pam_tally.c:776
+#, c-format
+msgid ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+msgstr ""
+"%s: [--file имя_корневого_файла] [--user имя_пользователя] [--reset[=n]] [--"
+"quiet]\n"
+
+#: modules/pam_tally/pam_tally.c:850
+#, c-format
+msgid "%s: Can't reset all users to non-zero\n"
+msgstr ""
+"%s: не удается выполнить сброс всех пользователей в ненулевое значение\n"
+
+#: modules/pam_unix/pam_unix_acct.c:274 modules/pam_unix/pam_unix_acct.c:301
+msgid "Your account has expired; please contact your system administrator"
+msgstr ""
+"Срок действия учетной записи истек; обратитесь к системному администратору"
+
+#: modules/pam_unix/pam_unix_acct.c:283
+msgid "You are required to change your password immediately (root enforced)"
+msgstr ""
+"Вам необходимо немедленно сменить пароль (по требованию пользователя root)"
+
+#: modules/pam_unix/pam_unix_acct.c:310
+msgid "You are required to change your password immediately (password aged)"
+msgstr "Вам необходимо немедленно сменить пароль (пароль устарел)"
+
+#: modules/pam_unix/pam_unix_acct.c:323 modules/pam_unix/pam_unix_acct.c:330
+#, fuzzy, c-format
+msgid "Warning: your password will expire in %d day"
+msgid_plural "Warning: your password will expire in %d days"
+msgstr[0] "Предупреждение: срок действия пароля истекает через %d дней"
+msgstr[1] "Предупреждение: срок действия пароля истекает через %d дней"
+msgstr[2] "Предупреждение: срок действия пароля истекает через %d дней"
+
+#. TRANSLATORS: only used if dngettext is not support
+#. ed
+#: modules/pam_unix/pam_unix_acct.c:336
+#, fuzzy, c-format
+msgid "Warning: your password will expire in %d days"
+msgstr "Предупреждение: срок действия пароля истекает через %d дней"
+
+#: modules/pam_unix/pam_unix_auth.c:159 modules/pam_userdb/pam_userdb.c:61
+msgid "Password: "
+msgstr "Пароль: "
+
+# password dialog title
+#: modules/pam_unix/pam_unix_passwd.c:821
+msgid "NIS password could not be changed."
+msgstr "Пароль NIS изменить нельзя."
+
+#: modules/pam_unix/pam_unix_passwd.c:998
+msgid "You must choose a longer password"
+msgstr "Выберите пароль большей длины"
+
+#: modules/pam_unix/pam_unix_passwd.c:1003
+msgid "Password has been already used. Choose another."
+msgstr "Этот пароль уже был использован. Выберите другой."
+
+#: modules/pam_unix/pam_unix_passwd.c:1103
+#, fuzzy, c-format
+msgid "Changing password for %s."
+msgstr "Смена пароля STRESS для"
+
+# Keep the newlines and spaces after ':'!
+#: modules/pam_unix/pam_unix_passwd.c:1114
+msgid "(current) UNIX password: "
+msgstr "(текущий) пароль UNIX: "
+
+#: modules/pam_unix/pam_unix_passwd.c:1149
+msgid "You must wait longer to change your password"
+msgstr "До смены пароля должно пройти больше времени"
+
+#: modules/pam_unix/pam_unix_passwd.c:1209
+msgid "Enter new UNIX password: "
+msgstr "Введите новый пароль UNIX: "
+
+# Keep the newlines and spaces after ':'!
+#: modules/pam_unix/pam_unix_passwd.c:1210
+msgid "Retype new UNIX password: "
+msgstr "Повторите ввод нового пароля UNIX: "
+
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "Выбрать другой? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Введите выбранный номер: "
+
+#~ msgid "type: "
+#~ msgstr "тип: "
+
+#~ msgid "dlopen() failure"
+#~ msgstr "сбой dlopen()"
diff --git a/Linux-PAM/po/sv.po b/Linux-PAM/po/sv.po
new file mode 100644
index 00000000..ce7df15d
--- /dev/null
+++ b/Linux-PAM/po/sv.po
@@ -0,0 +1,547 @@
+# @TITLE@
+# Copyright (C) 2006, SUSE Linux GmbH, Nuremberg
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+# This file is distributed under the same license as @PACKAGE@ package. FIRST
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: @PACKAGE@\n"
+"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
+"PO-Revision-Date: 2005-09-18 19:09+0200\n"
+"Last-Translator: Novell Language <language@novell.com>\n"
+"Language-Team: Novell Language <language@novell.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.10.1\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: libpam_misc/misc_conv.c:33
+msgid "...Time is running out...\n"
+msgstr "...Tiden är nästan slut...\n"
+
+#: libpam_misc/misc_conv.c:34
+msgid "...Sorry, your time is up!\n"
+msgstr "...Tiden är ute!\n"
+
+#: libpam_misc/misc_conv.c:343
+#, c-format
+msgid "erroneous conversation (%d)\n"
+msgstr "felaktigt samtal (%d)\n"
+
+#: libpam/pam_item.c:271
+msgid "login:"
+msgstr "inloggning:"
+
+#: libpam/pam_strerror.c:40
+msgid "Success"
+msgstr "Lyckades"
+
+#: libpam/pam_strerror.c:42
+msgid "Critical error - immediate abort"
+msgstr "Kritiskt fel - omedelbart avbrott"
+
+#: libpam/pam_strerror.c:44
+#, fuzzy
+msgid "Failed to load module"
+msgstr "Misslyckades med att ladda modulen \"%s\"."
+
+#: libpam/pam_strerror.c:46
+msgid "Symbol not found"
+msgstr "Det gick inte att hitta symbolen"
+
+#: libpam/pam_strerror.c:48
+msgid "Error in service module"
+msgstr "Fel i tjänstmodulen"
+
+#: libpam/pam_strerror.c:50
+msgid "System error"
+msgstr "Systemfel"
+
+#: libpam/pam_strerror.c:52
+msgid "Memory buffer error"
+msgstr "Minnesbuffertfel."
+
+#: libpam/pam_strerror.c:54
+msgid "Permission denied"
+msgstr "Åtkomst nekas"
+
+#: libpam/pam_strerror.c:56
+msgid "Authentication failure"
+msgstr "Autentiseringen misslyckades"
+
+#: libpam/pam_strerror.c:58
+msgid "Insufficient credentials to access authentication data"
+msgstr ""
+"Identifieringsuppgifterna är otillräckliga för åtkomst av autentiseringsdata"
+
+#: libpam/pam_strerror.c:60
+msgid "Authentication service cannot retrieve authentication info"
+msgstr "Autentiseringstjänsten kan inte hämta autentiseringsinformation"
+
+#: libpam/pam_strerror.c:62
+msgid "User not known to the underlying authentication module"
+msgstr "Den underliggande autentiseringsmodulen känner inte till användaren"
+
+#: libpam/pam_strerror.c:64
+msgid "Have exhausted maximum number of retries for service"
+msgstr "Det maximala antalet nya försök för tjänsten har uppnåtts"
+
+#: libpam/pam_strerror.c:66
+msgid "Authentication token is no longer valid; new one required"
+msgstr "Autentiseringstoken är inte längre tillräcklig. En ny token krävs"
+
+#: libpam/pam_strerror.c:68
+msgid "User account has expired"
+msgstr "Användarkontot har upphört att gälla"
+
+#: libpam/pam_strerror.c:70
+msgid "Cannot make/remove an entry for the specified session"
+msgstr "Det går inte att skapa/ta bort en post för den angivna sessionen"
+
+#: libpam/pam_strerror.c:72
+msgid "Authentication service cannot retrieve user credentials"
+msgstr "Autentiseringstjänsten kan inte hämta användaruppgifter"
+
+#: libpam/pam_strerror.c:74
+msgid "User credentials expired"
+msgstr "Användaruppgifterna har upphört att gälla"
+
+#: libpam/pam_strerror.c:76
+msgid "Failure setting user credentials"
+msgstr "Det gick inte att ange användaruppgifter"
+
+#: libpam/pam_strerror.c:78
+msgid "No module specific data is present"
+msgstr "Det finns inga modulspecifika data"
+
+#: libpam/pam_strerror.c:80
+msgid "Bad item passed to pam_*_item()"
+msgstr "Ett ogiltigt objekt har skickats till pam_*_item() "
+
+#: libpam/pam_strerror.c:82
+msgid "Conversation error"
+msgstr "Samtalsfel"
+
+#: libpam/pam_strerror.c:84
+msgid "Authentication token manipulation error"
+msgstr "Fel på ändring av autentiseringstoken"
+
+#: libpam/pam_strerror.c:86
+msgid "Authentication information cannot be recovered"
+msgstr "Det går inte att återställa autentiseringsinformationen"
+
+#: libpam/pam_strerror.c:88
+msgid "Authentication token lock busy"
+msgstr "Autentiseringstokens lås är upptaget"
+
+#: libpam/pam_strerror.c:90
+msgid "Authentication token aging disabled"
+msgstr "Åldrande av autentiseringstoken har inaktiverats"
+
+#: libpam/pam_strerror.c:92
+msgid "Failed preliminary check by password service"
+msgstr "Lösenordstjänstens preliminära kontroll misslyckades"
+
+#: libpam/pam_strerror.c:94
+msgid "The return value should be ignored by PAM dispatch"
+msgstr "Returvärdet ska ignoreras av PAM-sändningen"
+
+#: libpam/pam_strerror.c:96
+msgid "Module is unknown"
+msgstr "Modulen är okänd"
+
+#: libpam/pam_strerror.c:98
+msgid "Authentication token expired"
+msgstr "Autentiseringstoken har upphört att gälla"
+
+#: libpam/pam_strerror.c:100
+msgid "Conversation is waiting for event"
+msgstr "Samtalet väntar för händelsen"
+
+#: libpam/pam_strerror.c:102
+msgid "Application needs to call libpam again"
+msgstr "Programmet måste anropa libpam på nytt"
+
+#: libpam/pam_strerror.c:105
+msgid "Unknown PAM error"
+msgstr "Okänt PAM-fel"
+
+#: modules/pam_cracklib/pam_cracklib.c:60
+#, c-format
+msgid "New %s%spassword: "
+msgstr "Nytt lösenord för %s%s: "
+
+#: modules/pam_cracklib/pam_cracklib.c:62
+#, c-format
+msgid "Retype new %s%spassword: "
+msgstr "Ange det nya %s%s-lösenordet igen: "
+
+#: modules/pam_cracklib/pam_cracklib.c:63
+msgid "Sorry, passwords do not match."
+msgstr "Lösenorden stämmer inte överens."
+
+#: modules/pam_cracklib/pam_cracklib.c:427
+msgid "is the same as the old one"
+msgstr "är identiskt med det gamla"
+
+#: modules/pam_cracklib/pam_cracklib.c:440
+msgid "is a palindrome"
+msgstr "är en palindrom"
+
+#: modules/pam_cracklib/pam_cracklib.c:443
+msgid "case changes only"
+msgstr "endast ändringar i skiftläget"
+
+#: modules/pam_cracklib/pam_cracklib.c:446
+msgid "is too similar to the old one"
+msgstr "är för likt det gamla"
+
+#: modules/pam_cracklib/pam_cracklib.c:449
+msgid "is too simple"
+msgstr "är för enkelt"
+
+#: modules/pam_cracklib/pam_cracklib.c:452
+msgid "is rotated"
+msgstr "är roterat"
+
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
+msgid "has been already used"
+msgstr "har redan använts"
+
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
+msgid "No password supplied"
+msgstr "Inget lösenord har angetts"
+
+# password dialog title
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
+msgid "Password unchanged"
+msgstr "Lösenordet har inte ändrats"
+
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
+#, c-format
+msgid "BAD PASSWORD: %s"
+msgstr "DÅLIGT LÖSENORD: %s"
+
+#: modules/pam_exec/pam_exec.c:118
+#, c-format
+msgid "%s failed: exit code %d"
+msgstr ""
+
+#: modules/pam_exec/pam_exec.c:126
+#, c-format
+msgid "%s failed: caught signal %d%s"
+msgstr ""
+
+#: modules/pam_exec/pam_exec.c:134
+#, c-format
+msgid "%s failed: unknown status 0x%x"
+msgstr ""
+
+#. TRANSLATORS: "strftime options for date of last login"
+#: modules/pam_lastlog/pam_lastlog.c:190
+msgid " %a %b %e %H:%M:%S %Z %Y"
+msgstr "%a %b %e %H:%M:%S %Z %Y"
+
+#. TRANSLATORS: " from <host>"
+#: modules/pam_lastlog/pam_lastlog.c:199
+#, c-format
+msgid " from %.*s"
+msgstr "från %.*s"
+
+#. TRANSLATORS: " on <terminal>"
+#: modules/pam_lastlog/pam_lastlog.c:211
+#, c-format
+msgid " on %.*s"
+msgstr "på %.*s"
+
+#. TRANSLATORS: "Last login: <date> from <host> on <terminal>"
+#: modules/pam_lastlog/pam_lastlog.c:220
+#, c-format
+msgid "Last login:%s%s%s"
+msgstr "Senaste inloggningen:%s%s%s"
+
+#: modules/pam_lastlog/pam_lastlog.c:226
+msgid "Welcome to your new account!"
+msgstr "Välkommen till ditt nya konto!"
+
+#: modules/pam_limits/pam_limits.c:702
+#, c-format
+msgid "Too many logins for '%s'."
+msgstr "För många inloggningar för %s."
+
+#: modules/pam_mail/pam_mail.c:313
+msgid "No mail."
+msgstr "Inga e-postmeddelanden."
+
+#: modules/pam_mail/pam_mail.c:316
+msgid "You have new mail."
+msgstr "Du har nya e-postmeddelanden."
+
+#: modules/pam_mail/pam_mail.c:319
+msgid "You have old mail."
+msgstr "Du har gamla e-postmeddelanden."
+
+#: modules/pam_mail/pam_mail.c:323
+msgid "You have mail."
+msgstr "Du har e-postmeddelanden."
+
+#: modules/pam_mail/pam_mail.c:330
+#, c-format
+msgid "You have no mail in folder %s."
+msgstr "Du har inga e-postmeddelanden i mappen %s."
+
+#: modules/pam_mail/pam_mail.c:334
+#, c-format
+msgid "You have new mail in folder %s."
+msgstr "Du har nya e-postmeddelanden i mappen %s."
+
+#: modules/pam_mail/pam_mail.c:338
+#, c-format
+msgid "You have old mail in folder %s."
+msgstr "Du har gamla e-postmeddelanden i mappen %s."
+
+#: modules/pam_mail/pam_mail.c:343
+#, c-format
+msgid "You have mail in folder %s."
+msgstr "Du har e-postmeddelanden i mappen %s."
+
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
+#, c-format
+msgid "Creating directory '%s'."
+msgstr ""
+
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
+#, c-format
+msgid "Unable to create directory %s: %m"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
+msgstr "Standardkontexten är %s. \n"
+
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
+msgstr "Vill du ange en säkerhetskontext? [j]"
+
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
+msgstr "roll: "
+
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
+msgstr "nivå: "
+
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
+msgid "Not a valid security context"
+msgstr "Säkerhetskontexten är ogiltig"
+
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "Säkerhetskontexten %s har tilldelats"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "Vill du ange en säkerhetskontext? [j]"
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
+#, c-format
+msgid "Security Context %s Assigned"
+msgstr "Säkerhetskontexten %s har tilldelats"
+
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "Säkerhetskontexten %s har tilldelats"
+
+#: modules/pam_selinux/pam_selinux_check.c:99
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "Det gick inte att initiera PAM\n"
+
+#: modules/pam_selinux/pam_selinux_check.c:105
+#, c-format
+msgid "failed to pam_set_item()\n"
+msgstr "pam_set_item() misslyckades\n"
+
+#: modules/pam_selinux/pam_selinux_check.c:133
+#, c-format
+msgid "login: failure forking: %m"
+msgstr "inloggning: forking misslyckades: %m"
+
+#: modules/pam_stress/pam_stress.c:476
+#, fuzzy, c-format
+msgid "Changing STRESS password for %s."
+msgstr "STRESS-lösenordet ändras för"
+
+#: modules/pam_stress/pam_stress.c:490
+msgid "Enter new STRESS password: "
+msgstr "Ange ett nytt STRESS-lösenord: "
+
+#: modules/pam_stress/pam_stress.c:493
+msgid "Retype new STRESS password: "
+msgstr "Ange det nya STRESS-lösenordet igen: "
+
+#: modules/pam_stress/pam_stress.c:522
+msgid "Verification mis-typed; password unchanged"
+msgstr "Verifieringen misslyckades. Lösenordet har inte ändrats"
+
+#: modules/pam_tally/pam_tally.c:741
+msgid "Authentication error"
+msgstr "Autentiseringsfel"
+
+#: modules/pam_tally/pam_tally.c:742
+msgid "Service error"
+msgstr "Fel på tjänst"
+
+#: modules/pam_tally/pam_tally.c:743
+msgid "Unknown user"
+msgstr "Okänd användare"
+
+#: modules/pam_tally/pam_tally.c:744
+msgid "Unknown error"
+msgstr "Okänt fel"
+
+#: modules/pam_tally/pam_tally.c:760
+#, c-format
+msgid "%s: Bad number given to --reset=\n"
+msgstr "%s: Ett ogiltigt nummer skickades till --reset=\n"
+
+#: modules/pam_tally/pam_tally.c:764
+#, c-format
+msgid "%s: Unrecognised option %s\n"
+msgstr "%s: Alternativet %s är okänt\n"
+
+#: modules/pam_tally/pam_tally.c:776
+#, c-format
+msgid ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+msgstr ""
+"%s: [--file filnamn-med-rot] [--user användarnamn] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_tally/pam_tally.c:850
+#, c-format
+msgid "%s: Can't reset all users to non-zero\n"
+msgstr ""
+"%s: Det går inte att återställa alla användare till något annat än noll\n"
+
+#: modules/pam_unix/pam_unix_acct.c:274 modules/pam_unix/pam_unix_acct.c:301
+msgid "Your account has expired; please contact your system administrator"
+msgstr "Ditt konto har upphört att gälla. Kontakta systemadministratören."
+
+#: modules/pam_unix/pam_unix_acct.c:283
+msgid "You are required to change your password immediately (root enforced)"
+msgstr "Du måste ändra lösenord omedelbart (tvingad av root)"
+
+#: modules/pam_unix/pam_unix_acct.c:310
+msgid "You are required to change your password immediately (password aged)"
+msgstr "Du måste ändra lösenord omedelbart (lösenordet är för gammalt)"
+
+#: modules/pam_unix/pam_unix_acct.c:323 modules/pam_unix/pam_unix_acct.c:330
+#, fuzzy, c-format
+msgid "Warning: your password will expire in %d day"
+msgid_plural "Warning: your password will expire in %d days"
+msgstr[0] "Varning: lösenordet upphör att gälla om %d dag%.2ar"
+msgstr[1] "Varning: lösenordet upphör att gälla om %d dag%.2ar"
+
+#. TRANSLATORS: only used if dngettext is not support
+#. ed
+#: modules/pam_unix/pam_unix_acct.c:336
+#, fuzzy, c-format
+msgid "Warning: your password will expire in %d days"
+msgstr "Varning: lösenordet upphör att gälla om %d dag%.2ar"
+
+#: modules/pam_unix/pam_unix_auth.c:159 modules/pam_userdb/pam_userdb.c:61
+msgid "Password: "
+msgstr "Lösenord: "
+
+# password dialog title
+#: modules/pam_unix/pam_unix_passwd.c:821
+msgid "NIS password could not be changed."
+msgstr "Det gick inte att ändra NIS-lösenordet"
+
+#: modules/pam_unix/pam_unix_passwd.c:998
+msgid "You must choose a longer password"
+msgstr "Du måste välja ett längre lösenord"
+
+#: modules/pam_unix/pam_unix_passwd.c:1003
+msgid "Password has been already used. Choose another."
+msgstr "Lösenordet har redan använts. Välj ett annat."
+
+#: modules/pam_unix/pam_unix_passwd.c:1103
+#, fuzzy, c-format
+msgid "Changing password for %s."
+msgstr "STRESS-lösenordet ändras för"
+
+#: modules/pam_unix/pam_unix_passwd.c:1114
+msgid "(current) UNIX password: "
+msgstr "(aktuellt) UNIX-lösenord: "
+
+#: modules/pam_unix/pam_unix_passwd.c:1149
+msgid "You must wait longer to change your password"
+msgstr "Du måste vänta längre innan du ändrar ditt lösenord"
+
+#: modules/pam_unix/pam_unix_passwd.c:1209
+msgid "Enter new UNIX password: "
+msgstr "Ange ett nytt UNIX-lösenord: "
+
+#: modules/pam_unix/pam_unix_passwd.c:1210
+msgid "Retype new UNIX password: "
+msgstr "Ange det nya UNIX-lösenordet igen: "
+
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "Vill du välja en annan? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Ange önskat nummer: "
+
+#~ msgid "type: "
+#~ msgstr "typ: "
+
+#~ msgid "dlopen() failure"
+#~ msgstr "dlopen() misslyckades"
diff --git a/Linux-PAM/po/tr.po b/Linux-PAM/po/tr.po
index 5635cbb6..1a13389f 100644
--- a/Linux-PAM/po/tr.po
+++ b/Linux-PAM/po/tr.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Linux-PAM\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: 2006-05-03 19:00+0200\n"
"Last-Translator: Koray Löker <loker@pardus.org.tr>\n"
"Language-Team: Türkçe <tr@li.org>\n"
@@ -180,46 +180,50 @@ msgstr "Yeni %s%sparolasını tekrar girin: "
msgid "Sorry, passwords do not match."
msgstr "Üzgünüm, parolalar birbirine uymuyor."
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr "eskisi ile aynı"
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr "bir palindrom (iki yönden aynı şekilde okunuyor)"
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr "sadece büyük-küçük harf değişimi"
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr "eskisi ile çok benziyor"
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr "çok basit"
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr "çevrilmiş"
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr "daha önce kullanıldı"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "Parola girilmedi"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "Parola değiştirilmedi"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr "YANLIŞ PAROLA: %s"
@@ -266,7 +270,7 @@ msgstr "Son giriş: %s%s%s"
msgid "Welcome to your new account!"
msgstr "Yeni hesabınıza hoşgeldiniz"
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr "%s için fazla giriş "
@@ -307,54 +311,90 @@ msgstr "%s dizininde okunmuş iletiniz var"
msgid "You have mail in folder %s."
msgstr "%s dizininde iletiniz var"
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
msgstr "Öntanımlı bağlamınız %s \n"
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "Başka bir seçim yapmak ister misiniz? [h]"
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "Seçenek sayısını girin: "
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
msgstr "Güvenlik bağlamı girmek ister misiniz? [e]"
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
msgstr "rol: "
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "tip: "
-
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
msgstr "seviye: "
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "Geçerli bir güvenlik bağlamı değil"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "Güvenlik Bağlamı %s Atandı"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "Güvenlik bağlamı girmek ister misiniz? [e]"
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr "Güvenlik Bağlamı %s Atandı"
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "Güvenlik Bağlamı %s Atandı"
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -454,39 +494,48 @@ msgstr "Dikkat: Parolanızın geçerlilik süresi %d gün%.2s sonra doluyor"
msgid "Password: "
msgstr "Parola: "
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "NIS parolası değiştirilemiyor"
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "Daha uzun bir parola girmelisiniz"
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr "Parola kullanımda. Lütfen başka bir parola seçin."
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, fuzzy, c-format
msgid "Changing password for %s."
msgstr "STRESS parolası değiştiriliyor "
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr "(geçerli) parola: "
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr "Parolanızı değiştirmek için daha sonra denemelisiniz"
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr "Yeni parolayı girin: "
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr "Yeni parolayı tekrar girin: "
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "Başka bir seçim yapmak ister misiniz? [h]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Seçenek sayısını girin: "
+
+#~ msgid "type: "
+#~ msgstr "tip: "
+
#, fuzzy
#~ msgid "Warning: your password will expire in one day"
#~ msgstr "Dikkat: Parolanızın geçerlilik süresi %d gün%.2s sonra doluyor"
diff --git a/Linux-PAM/po/uk.po b/Linux-PAM/po/uk.po
index f7577c04..23c47344 100644
--- a/Linux-PAM/po/uk.po
+++ b/Linux-PAM/po/uk.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Linux-PAM.uk\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: 2006-05-03 18:59+0200\n"
"Last-Translator: Ivan Petrouchtchak <ivanpetrouchtchak@yahoo.com>\n"
"Language-Team: Ukrainian <translation@linux.org.ua>\n"
@@ -181,46 +181,50 @@ msgstr "Повторіть новий пароль %s%s: "
msgid "Sorry, passwords do not match."
msgstr "Ваші нові паролі не співпадають."
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr "такий самий як і старий"
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr "- це паліндром"
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr "тільки зміни в регістрі"
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr "занадто подібний до старого"
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr "занадто простий"
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr "чергується"
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr "вже вживався"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "Не встановлений пароль"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "Пароль не змінено"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr "ПОГАНИЙ ПАРОЛЬ: %s"
@@ -267,7 +271,7 @@ msgstr "Останній вхід: %s%s%s"
msgid "Welcome to your new account!"
msgstr "Ласкаво просимо до вашого нового рахунку!"
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr "Забагато входів в для \"%s\"."
@@ -308,54 +312,90 @@ msgstr "Ви маєте стару пошту в теці %s."
msgid "You have mail in folder %s."
msgstr "Ви маєте пошту в теці %s."
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
msgstr "Ваш типовий контекст - %s. \n"
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "Хочете вибрати якийсь інший? [n]"
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "Вкажіть номер вибору: "
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
msgstr "Хочете ввести контекст безпеки? [y] "
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
msgstr "роль: "
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "тип: "
-
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
msgstr "рівень: "
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "Непридатний контекст безпеки"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "Призначено контекст безпеки %s"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "Хочете ввести контекст безпеки? [y] "
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr "Призначено контекст безпеки %s"
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "Призначено контекст безпеки %s"
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -460,39 +500,48 @@ msgstr "Попередження: ваш пароль застаріє чере
msgid "Password: "
msgstr "Пароль: "
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "Не вдалося змінити пароль NIS."
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "Необхідно вибрати довший пароль"
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr "Пароль вже вживається. Виберіть інший."
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, fuzzy, c-format
msgid "Changing password for %s."
msgstr "Зміна пароля STRESS для "
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr "(поточний) пароль UNIX: "
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr "Ви повинні зачекати довше, щоб змінити ваш пароль"
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr "Введіть новий пароль UNIX: "
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr "Повторіть новий пароль UNIX: "
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "Хочете вибрати якийсь інший? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Вкажіть номер вибору: "
+
+#~ msgid "type: "
+#~ msgstr "тип: "
+
#, fuzzy
#~ msgid "Warning: your password will expire in one day"
#~ msgstr "Попередження: ваш пароль застаріє через %d дні(в) %.2s"
diff --git a/Linux-PAM/po/zh_CN.po b/Linux-PAM/po/zh_CN.po
index 89c96fba..dffd7bfa 100644
--- a/Linux-PAM/po/zh_CN.po
+++ b/Linux-PAM/po/zh_CN.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Linux_PAM\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: 2006-05-03 18:59+0200\n"
"Last-Translator: Novell Language <language@novell.com>\n"
"Language-Team: Novell Language <language@novell.com>\n"
@@ -178,46 +178,50 @@ msgstr "重新输入新的 %s%s口令:"
msgid "Sorry, passwords do not match."
msgstr "抱歉,口令不匹配。"
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr "与旧口令相同"
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr "是回文"
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr "仅更改了大小写"
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr "与旧口令过于相似"
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr "过于简单"
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr "是旧口令的循环"
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr "已使用"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "口令未提供"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "口令未更改"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr "无效的口令: %s"
@@ -264,7 +268,7 @@ msgstr "上一次登录:%s%s%s"
msgid "Welcome to your new account!"
msgstr "欢迎使用新帐户!"
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr "'%s'登录过多。"
@@ -305,54 +309,90 @@ msgstr "您在文件夹 %s 中有旧邮件。"
msgid "You have mail in folder %s."
msgstr "您在文件夹 %s 中有邮件。"
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
msgstr "您的默认环境为 %s。\n"
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "是否想要选择另一个?[n]"
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "输入选项的数字:"
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
msgstr "是否愿意输入安全性环境?[y]"
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
msgstr "职能:"
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "类型:"
-
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
msgstr "级别:"
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "不是有效的安全性环境"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "已指派安全性环境 %s"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "是否愿意输入安全性环境?[y]"
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr "已指派安全性环境 %s"
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "已指派安全性环境 %s"
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -452,39 +492,48 @@ msgstr ""
msgid "Password: "
msgstr "口令:"
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "无法更改 NIS 口令。"
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "必须选择更长的口令"
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr "口令已使用。请选择其他口令。"
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, fuzzy, c-format
msgid "Changing password for %s."
msgstr "更改 STRESS 口令以"
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr "(当前)UNIX 口令:"
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr "您必须等待更长时间以更改口令"
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr "输入新的 UNIX 口令:"
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr "重新输入新的 UNIX 口令:"
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "是否想要选择另一个?[n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "输入选项的数字:"
+
+#~ msgid "type: "
+#~ msgstr "类型:"
+
#~ msgid "dlopen() failure"
#~ msgstr "dlopen() 故障"
diff --git a/Linux-PAM/po/zh_TW.po b/Linux-PAM/po/zh_TW.po
index 12317b04..30886a94 100644
--- a/Linux-PAM/po/zh_TW.po
+++ b/Linux-PAM/po/zh_TW.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Linux_PAM\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2007-01-17 11:53+0100\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
"PO-Revision-Date: 2006-05-03 18:55+0200\n"
"Last-Translator: Novell Language <language@novell.com>\n"
"Language-Team: Novell Language <language@novell.com>\n"
@@ -178,46 +178,50 @@ msgstr "再次輸入新的 %s%s密碼:"
msgid "Sorry, passwords do not match."
msgstr "抱歉,密碼不符合。"
-#: modules/pam_cracklib/pam_cracklib.c:378
+#: modules/pam_cracklib/pam_cracklib.c:427
msgid "is the same as the old one"
msgstr "與舊的密碼相同"
-#: modules/pam_cracklib/pam_cracklib.c:389
+#: modules/pam_cracklib/pam_cracklib.c:440
msgid "is a palindrome"
msgstr "是一個回文"
-#: modules/pam_cracklib/pam_cracklib.c:392
+#: modules/pam_cracklib/pam_cracklib.c:443
msgid "case changes only"
msgstr "僅變更大小寫"
-#: modules/pam_cracklib/pam_cracklib.c:395
+#: modules/pam_cracklib/pam_cracklib.c:446
msgid "is too similar to the old one"
msgstr "與舊的密碼太相似"
-#: modules/pam_cracklib/pam_cracklib.c:398
+#: modules/pam_cracklib/pam_cracklib.c:449
msgid "is too simple"
msgstr "太簡單"
-#: modules/pam_cracklib/pam_cracklib.c:401
+#: modules/pam_cracklib/pam_cracklib.c:452
msgid "is rotated"
msgstr "已旋轉"
-#: modules/pam_cracklib/pam_cracklib.c:436
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
msgid "has been already used"
msgstr "已經由其他使用者使用"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "No password supplied"
msgstr "未提供密碼"
-#: modules/pam_cracklib/pam_cracklib.c:464
-#: modules/pam_unix/pam_unix_passwd.c:975
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
msgid "Password unchanged"
msgstr "密碼未變更"
-#: modules/pam_cracklib/pam_cracklib.c:487
-#: modules/pam_cracklib/pam_cracklib.c:615
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
#, c-format
msgid "BAD PASSWORD: %s"
msgstr "不良的密碼: %s"
@@ -264,7 +268,7 @@ msgstr "上一次登入:%s%s%s"
msgid "Welcome to your new account!"
msgstr "歡迎使用您的新帳號!"
-#: modules/pam_limits/pam_limits.c:647
+#: modules/pam_limits/pam_limits.c:702
#, c-format
msgid "Too many logins for '%s'."
msgstr "對 '%s' 進行太多次登入。"
@@ -305,54 +309,90 @@ msgstr "資料夾 %s 中有您的舊郵件。"
msgid "You have mail in folder %s."
msgstr "資料夾 %s 中有您的郵件。"
-#: modules/pam_mkhomedir/pam_mkhomedir.c:140
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
#, c-format
msgid "Creating directory '%s'."
msgstr ""
-#: modules/pam_mkhomedir/pam_mkhomedir.c:145
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
#, c-format
msgid "Unable to create directory %s: %m"
msgstr ""
-#: modules/pam_selinux/pam_selinux.c:102
-#, c-format
-msgid "Your default context is %s. \n"
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
msgstr "您的預設網路位置為 %s。\n"
-#: modules/pam_selinux/pam_selinux.c:105
-msgid "Do you want to choose a different one? [n]"
-msgstr "您要選擇不同的網路位置嗎? [否]"
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:112
-msgid "Enter number of choice: "
-msgstr "輸入選擇的密碼:"
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
-#: modules/pam_selinux/pam_selinux.c:152
-msgid "Would you like to enter a security context? [y] "
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
msgstr "您是否要輸入安全網路位置? [是]"
-#: modules/pam_selinux/pam_selinux.c:169
-msgid "role: "
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
msgstr "職能:"
-#: modules/pam_selinux/pam_selinux.c:177
-msgid "type: "
-msgstr "類型:"
-
-#: modules/pam_selinux/pam_selinux.c:187
-msgid "level: "
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
msgstr "層級:"
-#: modules/pam_selinux/pam_selinux.c:203
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
msgid "Not a valid security context"
msgstr "不是有效的安全網路位置"
-#: modules/pam_selinux/pam_selinux.c:417
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "已指定安全網路位置 %s"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "您是否要輸入安全網路位置? [是]"
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
#, c-format
msgid "Security Context %s Assigned"
msgstr "已指定安全網路位置 %s"
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "已指定安全網路位置 %s"
+
#: modules/pam_selinux/pam_selinux_check.c:99
#, c-format
msgid "failed to initialize PAM\n"
@@ -453,39 +493,48 @@ msgstr "警告:您的密碼將在 %d 天之後逾期。%2s"
msgid "Password: "
msgstr "密碼:"
-#: modules/pam_unix/pam_unix_passwd.c:819
+#: modules/pam_unix/pam_unix_passwd.c:821
msgid "NIS password could not be changed."
msgstr "無法變更 NIS 密碼。"
-#: modules/pam_unix/pam_unix_passwd.c:996
+#: modules/pam_unix/pam_unix_passwd.c:998
msgid "You must choose a longer password"
msgstr "您必須選擇更長的密碼"
-#: modules/pam_unix/pam_unix_passwd.c:1001
+#: modules/pam_unix/pam_unix_passwd.c:1003
msgid "Password has been already used. Choose another."
msgstr "密碼已經由其他使用者使用。請選擇其他密碼。"
-#: modules/pam_unix/pam_unix_passwd.c:1108
+#: modules/pam_unix/pam_unix_passwd.c:1103
#, fuzzy, c-format
msgid "Changing password for %s."
msgstr "正在變更 STRESS 密碼"
-#: modules/pam_unix/pam_unix_passwd.c:1119
+#: modules/pam_unix/pam_unix_passwd.c:1114
msgid "(current) UNIX password: "
msgstr "(目前) UNIX 密碼:"
-#: modules/pam_unix/pam_unix_passwd.c:1154
+#: modules/pam_unix/pam_unix_passwd.c:1149
msgid "You must wait longer to change your password"
msgstr "您必須久候,以變更您的密碼。"
-#: modules/pam_unix/pam_unix_passwd.c:1214
+#: modules/pam_unix/pam_unix_passwd.c:1209
msgid "Enter new UNIX password: "
msgstr "輸入新的 UNIX 密碼:"
-#: modules/pam_unix/pam_unix_passwd.c:1215
+#: modules/pam_unix/pam_unix_passwd.c:1210
msgid "Retype new UNIX password: "
msgstr "再次輸入新的 UNIX 密碼:"
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "您要選擇不同的網路位置嗎? [否]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "輸入選擇的密碼:"
+
+#~ msgid "type: "
+#~ msgstr "類型:"
+
#, fuzzy
#~ msgid "Warning: your password will expire in one day"
#~ msgstr "警告:您的密碼將在 %d 天之後逾期。%2s"
diff --git a/Linux-PAM/po/zu.po b/Linux-PAM/po/zu.po
new file mode 100644
index 00000000..d6582be2
--- /dev/null
+++ b/Linux-PAM/po/zu.po
@@ -0,0 +1,544 @@
+# Copyright (C) 2006 SuSE Linux Products GmbH, Nuernberg
+# This file is distributed under the same license as the package.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Linux-PAM\n"
+"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
+"POT-Creation-Date: 2007-07-18 10:59+0200\n"
+"PO-Revision-Date: 2006-11-03 12:03\n"
+"Last-Translator: Novell Language <language@novell.com>\n"
+"Language-Team: Novell Language <language@novell.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: libpam_misc/misc_conv.c:33
+msgid "...Time is running out...\n"
+msgstr "...Isikhathi siyaphela...\n"
+
+#: libpam_misc/misc_conv.c:34
+msgid "...Sorry, your time is up!\n"
+msgstr "...Uxolo, isikhathi sakho sesiphelile!\n"
+
+#: libpam_misc/misc_conv.c:343
+#, c-format
+msgid "erroneous conversation (%d)\n"
+msgstr "ingxoxo enephutha (%d)\n"
+
+#: libpam/pam_item.c:271
+msgid "login:"
+msgstr "ngena:"
+
+#: libpam/pam_strerror.c:40
+msgid "Success"
+msgstr "Impumelelo"
+
+#: libpam/pam_strerror.c:42
+msgid "Critical error - immediate abort"
+msgstr "Iphutha elibucayi - yeka ngokushesha"
+
+#: libpam/pam_strerror.c:44
+msgid "Failed to load module"
+msgstr "Ihlulekile ukunezela umkhiqizo owenezelwayo"
+
+#: libpam/pam_strerror.c:46
+msgid "Symbol not found"
+msgstr "Uphawu alutholakali"
+
+#: libpam/pam_strerror.c:48
+msgid "Error in service module"
+msgstr "Iphutha kwimoduli yesevisi"
+
+#: libpam/pam_strerror.c:50
+msgid "System error"
+msgstr "Iphutha lesistimu"
+
+#: libpam/pam_strerror.c:52
+msgid "Memory buffer error"
+msgstr "Iphutha lengobo yesikhashana yememori"
+
+#: libpam/pam_strerror.c:54
+msgid "Permission denied"
+msgstr "Imvume inqatshiwe"
+
+#: libpam/pam_strerror.c:56
+msgid "Authentication failure"
+msgstr "Ukwehluleka kokugunyaza"
+
+#: libpam/pam_strerror.c:58
+msgid "Insufficient credentials to access authentication data"
+msgstr "Izinhlamvu zamagama ezinganele zokungena ekwazisweni kokugunyaza"
+
+#: libpam/pam_strerror.c:60
+msgid "Authentication service cannot retrieve authentication info"
+msgstr "Isevisi yokugunyaza ayikwazi ukulanda ukwaziswa kokugunyaza"
+
+#: libpam/pam_strerror.c:62
+msgid "User not known to the underlying authentication module"
+msgstr "Umsebenzisi akaziwa kwimoduli yokugunyaza engabonakali"
+
+#: libpam/pam_strerror.c:64
+msgid "Have exhausted maximum number of retries for service"
+msgstr "Isifinyelele ekugcineni kwezikhathi ezivumelekile zokuzama le sevisi"
+
+#: libpam/pam_strerror.c:66
+msgid "Authentication token is no longer valid; new one required"
+msgstr "Isiqinisekiso sokugunyaza asisasebenzi, kudingeka esisha"
+
+#: libpam/pam_strerror.c:68
+msgid "User account has expired"
+msgstr "I-akhawunti yomsebenzisi iphelelwe isikhathi"
+
+#: libpam/pam_strerror.c:70
+msgid "Cannot make/remove an entry for the specified session"
+msgstr "Ayikwazi ukwakha/ukususa okufakiwe kohlelo olubonisiwe"
+
+#: libpam/pam_strerror.c:72
+msgid "Authentication service cannot retrieve user credentials"
+msgstr "Isevisi yokugunyaza ayikwazi ukulanda izinhlamvu zomsebenzisi"
+
+#: libpam/pam_strerror.c:74
+msgid "User credentials expired"
+msgstr "Izinhlamvu zomsebenzisi ziphelelwe isikhathi"
+
+#: libpam/pam_strerror.c:76
+msgid "Failure setting user credentials"
+msgstr "Ukwehluleka ukusetha izinhlamvu zomsebenzisi"
+
+#: libpam/pam_strerror.c:78
+msgid "No module specific data is present"
+msgstr "Akukho ukwaziswa okuthile kwemoduli okutholakalayo"
+
+#: libpam/pam_strerror.c:80
+msgid "Bad item passed to pam_*_item()"
+msgstr "Into embi idluliselwe kwi-pam_*_item()"
+
+#: libpam/pam_strerror.c:82
+msgid "Conversation error"
+msgstr "Iphutha lengxoxo"
+
+#: libpam/pam_strerror.c:84
+msgid "Authentication token manipulation error"
+msgstr "Iphutha lokufaka isiqinisekiso sokugunyaza"
+
+#: libpam/pam_strerror.c:86
+msgid "Authentication information cannot be recovered"
+msgstr "Ukwaziswa kokugunyaza akukwazi ukubuyiseka"
+
+#: libpam/pam_strerror.c:88
+msgid "Authentication token lock busy"
+msgstr "Isihluthulelo sesiqinisekiso sokugunyaza simatasa"
+
+#: libpam/pam_strerror.c:90
+msgid "Authentication token aging disabled"
+msgstr "Ukuphela kwesikhathi sesiqinisekiso sokugunyaza kucishiwe"
+
+#: libpam/pam_strerror.c:92
+msgid "Failed preliminary check by password service"
+msgstr "Ukuhlola kokuqala okuhlulekile ngesevisi yephasiwedi"
+
+#: libpam/pam_strerror.c:94
+msgid "The return value should be ignored by PAM dispatch"
+msgstr "I-value yokubuyisa kufanele inganakwa ukuthumela kwe-PAM "
+
+#: libpam/pam_strerror.c:96
+msgid "Module is unknown"
+msgstr "Imoduli ayaziwa"
+
+#: libpam/pam_strerror.c:98
+msgid "Authentication token expired"
+msgstr "Isiqinisekiso sokugunyaza siphelelwe isikhathi"
+
+#: libpam/pam_strerror.c:100
+msgid "Conversation is waiting for event"
+msgstr "Ingxoxo ilinde isenzakalo"
+
+#: libpam/pam_strerror.c:102
+msgid "Application needs to call libpam again"
+msgstr "Uhlelo ludinga ukubiza i-libpam futhi"
+
+#: libpam/pam_strerror.c:105
+msgid "Unknown PAM error"
+msgstr "Iphutha le-PAM elingaziwa"
+
+#: modules/pam_cracklib/pam_cracklib.c:60
+#, c-format
+msgid "New %s%spassword: "
+msgstr "%s%siphasiwedi entsha: "
+
+#: modules/pam_cracklib/pam_cracklib.c:62
+#, c-format
+msgid "Retype new %s%spassword: "
+msgstr "Thayipha kabusha %s%siphasiwedi entsha: "
+
+#: modules/pam_cracklib/pam_cracklib.c:63
+msgid "Sorry, passwords do not match."
+msgstr "Uxolo, amaphasiwedi awahambelani."
+
+#: modules/pam_cracklib/pam_cracklib.c:427
+msgid "is the same as the old one"
+msgstr "iyafana nendala"
+
+#: modules/pam_cracklib/pam_cracklib.c:440
+msgid "is a palindrome"
+msgstr "iyi-palindrome"
+
+#: modules/pam_cracklib/pam_cracklib.c:443
+msgid "case changes only"
+msgstr "kushintshe onobumba kuphela"
+
+#: modules/pam_cracklib/pam_cracklib.c:446
+msgid "is too similar to the old one"
+msgstr "ifana kakhulu nendala"
+
+#: modules/pam_cracklib/pam_cracklib.c:449
+msgid "is too simple"
+msgstr "ilula kakhulu"
+
+#: modules/pam_cracklib/pam_cracklib.c:452
+msgid "is rotated"
+msgstr "ijikelezisiwe"
+
+#: modules/pam_cracklib/pam_cracklib.c:455
+msgid "not enough character classes"
+msgstr ""
+
+#: modules/pam_cracklib/pam_cracklib.c:493
+msgid "has been already used"
+msgstr "isisetshenziswe ngothile."
+
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
+msgid "No password supplied"
+msgstr "Ayikho iphasiwedi enikeziwe"
+
+#: modules/pam_cracklib/pam_cracklib.c:521
+#: modules/pam_unix/pam_unix_passwd.c:977
+msgid "Password unchanged"
+msgstr "Iphasiwedi ayishintshwanga"
+
+#: modules/pam_cracklib/pam_cracklib.c:544
+#: modules/pam_cracklib/pam_cracklib.c:672
+#, c-format
+msgid "BAD PASSWORD: %s"
+msgstr "IPHASIWEDI ENGASEBENZI: %s"
+
+#: modules/pam_exec/pam_exec.c:118
+#, c-format
+msgid "%s failed: exit code %d"
+msgstr ""
+
+#: modules/pam_exec/pam_exec.c:126
+#, c-format
+msgid "%s failed: caught signal %d%s"
+msgstr ""
+
+#: modules/pam_exec/pam_exec.c:134
+#, c-format
+msgid "%s failed: unknown status 0x%x"
+msgstr ""
+
+#. TRANSLATORS: "strftime options for date of last login"
+#: modules/pam_lastlog/pam_lastlog.c:190
+msgid " %a %b %e %H:%M:%S %Z %Y"
+msgstr "%a %b %e %H:%M:%S %Z %Y"
+
+#. TRANSLATORS: " from <host>"
+#: modules/pam_lastlog/pam_lastlog.c:199
+#, c-format
+msgid " from %.*s"
+msgstr "kusukela %.*s"
+
+#. TRANSLATORS: " on <terminal>"
+#: modules/pam_lastlog/pam_lastlog.c:211
+#, c-format
+msgid " on %.*s"
+msgstr "ku-%.*s"
+
+#. TRANSLATORS: "Last login: <date> from <host> on <terminal>"
+#: modules/pam_lastlog/pam_lastlog.c:220
+#, c-format
+msgid "Last login:%s%s%s"
+msgstr "Ukungena kokugcina:%s%s%s"
+
+#: modules/pam_lastlog/pam_lastlog.c:226
+msgid "Welcome to your new account!"
+msgstr "Uyamukelwa kwi-akhawunti yakho entsha!"
+
+#: modules/pam_limits/pam_limits.c:702
+#, c-format
+msgid "Too many logins for '%s'."
+msgstr "Kuningi kakhulu ukungena kwi- '%s' osekwenziwe."
+
+#: modules/pam_mail/pam_mail.c:313
+msgid "No mail."
+msgstr "Ayikho imeyili."
+
+#: modules/pam_mail/pam_mail.c:316
+msgid "You have new mail."
+msgstr "Unemeyili entsha."
+
+#: modules/pam_mail/pam_mail.c:319
+msgid "You have old mail."
+msgstr "Unemeyili endala."
+
+#: modules/pam_mail/pam_mail.c:323
+msgid "You have mail."
+msgstr "Unemeyili."
+
+#: modules/pam_mail/pam_mail.c:330
+#, c-format
+msgid "You have no mail in folder %s."
+msgstr "Akukho meyili onayo kwifolda %s."
+
+#: modules/pam_mail/pam_mail.c:334
+#, c-format
+msgid "You have new mail in folder %s."
+msgstr "Unemeyili entsha kwifolda %s."
+
+#: modules/pam_mail/pam_mail.c:338
+#, c-format
+msgid "You have old mail in folder %s."
+msgstr "Unemeyili endala kwifolda %s."
+
+#: modules/pam_mail/pam_mail.c:343
+#, c-format
+msgid "You have mail in folder %s."
+msgstr "Unemeyili kwifolda %s."
+
+#: modules/pam_mkhomedir/pam_mkhomedir.c:142
+#, c-format
+msgid "Creating directory '%s'."
+msgstr ""
+
+#: modules/pam_mkhomedir/pam_mkhomedir.c:147
+#, c-format
+msgid "Unable to create directory %s: %m"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:94
+msgid "Error connecting to audit system."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:98
+#, fuzzy
+msgid "Error translating default context."
+msgstr "Indawo okuyo yohlelo ingu-%s. \n"
+
+#: modules/pam_selinux/pam_selinux.c:102
+msgid "Error translating selected context."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:113
+msgid "Error sending audit message."
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:164
+#, fuzzy
+msgid "Would you like to enter a security context? [N] "
+msgstr "Ungathanda ukufaka indawo yokuphepha (security context) [y]"
+
+#: modules/pam_selinux/pam_selinux.c:181 modules/pam_selinux/pam_selinux.c:265
+#, fuzzy
+msgid "role:"
+msgstr "indima: "
+
+#: modules/pam_selinux/pam_selinux.c:193 modules/pam_selinux/pam_selinux.c:282
+#, fuzzy
+msgid "level:"
+msgstr "Izinga: "
+
+#: modules/pam_selinux/pam_selinux.c:206 modules/pam_selinux/pam_selinux.c:313
+msgid "Not a valid security context"
+msgstr "Akuyona indawo yokuphepha esemthethweni"
+
+#: modules/pam_selinux/pam_selinux.c:251
+#, fuzzy, c-format
+msgid "Default Security Context %s\n"
+msgstr "Indawo %s Yokuphepha Yabelwe"
+
+#: modules/pam_selinux/pam_selinux.c:255
+#, fuzzy
+msgid "Would you like to enter a different role or level?"
+msgstr "Ungathanda ukufaka indawo yokuphepha (security context) [y]"
+
+#: modules/pam_selinux/pam_selinux.c:269
+#, c-format
+msgid "No default type for role %s\n"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:512
+msgid "Out of memory"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:520 modules/pam_selinux/pam_selinux.c:522
+#, c-format
+msgid "Unable to get valid context for %s"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:578
+msgid "Requested MLS level not in permitted range"
+msgstr ""
+
+#: modules/pam_selinux/pam_selinux.c:628
+#, c-format
+msgid "Security Context %s Assigned"
+msgstr "Indawo %s Yokuphepha Yabelwe"
+
+#: modules/pam_selinux/pam_selinux.c:649
+#, fuzzy, c-format
+msgid "Key Creation Context %s Assigned"
+msgstr "Indawo %s Yokuphepha Yabelwe"
+
+#: modules/pam_selinux/pam_selinux_check.c:99
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "Ihlulekile ukulungiselela ukuqalisa i-PAM \n"
+
+#: modules/pam_selinux/pam_selinux_check.c:105
+#, c-format
+msgid "failed to pam_set_item()\n"
+msgstr "Ihlulekile ukwenza i-pam_set_item()\n"
+
+#: modules/pam_selinux/pam_selinux_check.c:133
+#, c-format
+msgid "login: failure forking: %m"
+msgstr "ngena: Ihlulekile ukuhlukanisa: %m"
+
+#: modules/pam_stress/pam_stress.c:476
+#, fuzzy, c-format
+msgid "Changing STRESS password for %s."
+msgstr "Ukushintsha iphasiwedi ye-STRESS ye-"
+
+#: modules/pam_stress/pam_stress.c:490
+msgid "Enter new STRESS password: "
+msgstr "Faka iphasiwedi entsha ye-STRESS: "
+
+#: modules/pam_stress/pam_stress.c:493
+msgid "Retype new STRESS password: "
+msgstr "Thayipha iphasiwedi entsha ye-STRESS: "
+
+#: modules/pam_stress/pam_stress.c:522
+msgid "Verification mis-typed; password unchanged"
+msgstr "Ukufakazela akuthayiphiwanga kahle; iphasiwedi ayishintshwanga"
+
+#: modules/pam_tally/pam_tally.c:741
+msgid "Authentication error"
+msgstr "Iphutha lokugunyaza"
+
+#: modules/pam_tally/pam_tally.c:742
+msgid "Service error"
+msgstr "Iphutha lesevisi"
+
+#: modules/pam_tally/pam_tally.c:743
+msgid "Unknown user"
+msgstr "Umsebenzisi ongaziwa"
+
+#: modules/pam_tally/pam_tally.c:744
+msgid "Unknown error"
+msgstr "Iphutha elingaziwa"
+
+#: modules/pam_tally/pam_tally.c:760
+#, c-format
+msgid "%s: Bad number given to --reset=\n"
+msgstr "%s: Inombolo eyiphutha enikeziwe ukuba --uqale kabusha=\n"
+
+#: modules/pam_tally/pam_tally.c:764
+#, c-format
+msgid "%s: Unrecognised option %s\n"
+msgstr "%s: Okukhethile okungaziwa %s\n"
+
+#: modules/pam_tally/pam_tally.c:776
+#, c-format
+msgid ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+msgstr ""
+"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
+
+#: modules/pam_tally/pam_tally.c:850
+#, c-format
+msgid "%s: Can't reset all users to non-zero\n"
+msgstr ""
+"%s: Ayikwazi ukusetha kabusha bonke abasebenzisi ibase enombolweni ongelona "
+"iqanda\n"
+
+#: modules/pam_unix/pam_unix_acct.c:274 modules/pam_unix/pam_unix_acct.c:301
+msgid "Your account has expired; please contact your system administrator"
+msgstr ""
+"I-akhawunti yakho isiphelelwe isikhathi, sicela uthintana nomqondisi "
+"wesistimu yakho"
+
+#: modules/pam_unix/pam_unix_acct.c:283
+msgid "You are required to change your password immediately (root enforced)"
+msgstr ""
+"Kudingeka ukuba ushintshe iphasiwedi yakho ngokushesha (iphoqelelwa "
+"ngumqondisi)"
+
+#: modules/pam_unix/pam_unix_acct.c:310
+msgid "You are required to change your password immediately (password aged)"
+msgstr ""
+"Kudingeka ukuba ushintshe iphasiwedi yakho ngokushesha (iphasiwedi indala)"
+
+#: modules/pam_unix/pam_unix_acct.c:323 modules/pam_unix/pam_unix_acct.c:330
+#, fuzzy, c-format
+msgid "Warning: your password will expire in %d day"
+msgid_plural "Warning: your password will expire in %d days"
+msgstr[0] "Isexwayiso: Iphasiwedi yakho izophelelwa isikhathi %d usuku%.2s[T1]"
+msgstr[1] "Isexwayiso: Iphasiwedi yakho izophelelwa isikhathi %d usuku%.2s[T1]"
+
+#. TRANSLATORS: only used if dngettext is not support
+#. ed
+#: modules/pam_unix/pam_unix_acct.c:336
+#, fuzzy, c-format
+msgid "Warning: your password will expire in %d days"
+msgstr "Isexwayiso: Iphasiwedi yakho izophelelwa isikhathi %d usuku%.2s[T1]"
+
+#: modules/pam_unix/pam_unix_auth.c:159 modules/pam_userdb/pam_userdb.c:61
+msgid "Password: "
+msgstr "Iphasiwedi: "
+
+#: modules/pam_unix/pam_unix_passwd.c:821
+msgid "NIS password could not be changed."
+msgstr "Iphasiwedi ye-NIS ayivumanga ukushintshwa."
+
+#: modules/pam_unix/pam_unix_passwd.c:998
+msgid "You must choose a longer password"
+msgstr "Kumelwe ukhethe iphasiwedi ethe ukuba yinjana"
+
+#: modules/pam_unix/pam_unix_passwd.c:1003
+msgid "Password has been already used. Choose another."
+msgstr "Le phasiwedi isetshenziswa ngothile. Khetha enye."
+
+#: modules/pam_unix/pam_unix_passwd.c:1103
+#, fuzzy, c-format
+msgid "Changing password for %s."
+msgstr "Ukushintsha iphasiwedi ye-STRESS ye-"
+
+#: modules/pam_unix/pam_unix_passwd.c:1114
+msgid "(current) UNIX password: "
+msgstr "Iphasiwedi ye-UNIX (yamanje): "
+
+#: modules/pam_unix/pam_unix_passwd.c:1149
+msgid "You must wait longer to change your password"
+msgstr "Kumelwe ulinde isikhashana ukuze ushintshe iphasiwedi yakho"
+
+#: modules/pam_unix/pam_unix_passwd.c:1209
+msgid "Enter new UNIX password: "
+msgstr "Faka iphasiwedi entsha ye-UNIX: "
+
+#: modules/pam_unix/pam_unix_passwd.c:1210
+msgid "Retype new UNIX password: "
+msgstr "Thayipha iphasiwedi entsha ye-UNIX: "
+
+#~ msgid "Do you want to choose a different one? [n]"
+#~ msgstr "Ingabe ufuna ukukhetha ehlukile? [n]"
+
+#~ msgid "Enter number of choice: "
+#~ msgstr "Faka inombolo oyikhethile: "
+
+#~ msgid "type: "
+#~ msgstr "uhlobo: "
+
+#~ msgid "dlopen() failure"
+#~ msgstr "ukwehluleka kwe-dlopen()"
diff --git a/Linux-PAM/xtests/Makefile.am b/Linux-PAM/xtests/Makefile.am
index ac6e2954..f2e48c5e 100644
--- a/Linux-PAM/xtests/Makefile.am
+++ b/Linux-PAM/xtests/Makefile.am
@@ -11,12 +11,22 @@ CLEANFILES = *~
EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \
tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd \
- tst-pam_cracklib1.pamd
+ tst-pam_cracklib1.pamd tst-pam_cracklib2.pamd \
+ tst-pam_unix1.pamd tst-pam_unix2.pamd tst-pam_unix3.pamd \
+ tst-pam_unix1.sh tst-pam_unix2.sh tst-pam_unix3.sh \
+ access.conf tst-pam_access1.pamd tst-pam_access1.sh \
+ tst-pam_access2.pamd tst-pam_access2.sh \
+ tst-pam_access3.pamd tst-pam_access3.sh \
+ tst-pam_access4.pamd tst-pam_access4.sh \
+ limits.conf tst-pam_limits1.pamd tst-pam_limits1.sh
XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \
- tst-pam_dispatch4 tst-pam_cracklib1
+ tst-pam_dispatch4 tst-pam_cracklib1 tst-pam_cracklib2 \
+ tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 \
+ tst-pam_access1 tst-pam_access2 tst-pam_access3 \
+ tst-pam_access4 tst-pam_limits1
noinst_PROGRAMS = $(XTESTS)
xtests: $(XTESTS) run-xtests.sh
- $(srcdir)/run-xtests.sh
+ "$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS}
diff --git a/Linux-PAM/xtests/access.conf b/Linux-PAM/xtests/access.conf
new file mode 100644
index 00000000..8088ec61
--- /dev/null
+++ b/Linux-PAM/xtests/access.conf
@@ -0,0 +1,2 @@
+
+-:ALL EXCEPT (tstpamaccess) tstpamaccess3 :LOCAL
diff --git a/Linux-PAM/xtests/limits.conf b/Linux-PAM/xtests/limits.conf
new file mode 100644
index 00000000..41a3ea3c
--- /dev/null
+++ b/Linux-PAM/xtests/limits.conf
@@ -0,0 +1,2 @@
+* soft nice 19
+* hard nice -20
diff --git a/Linux-PAM/xtests/run-xtests.sh b/Linux-PAM/xtests/run-xtests.sh
index 9c8c3571..76daba22 100755
--- a/Linux-PAM/xtests/run-xtests.sh
+++ b/Linux-PAM/xtests/run-xtests.sh
@@ -1,20 +1,32 @@
#!/bin/bash
+SRCDIR=$1
+shift 1
+[ -z "${SRCDIR}" ] && SRCDIR='.'
+
if test `id -u` -ne 0 ; then
echo "You need to be root to run the tests"
exit 1
fi
-XTESTS="tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \
- tst-pam_dispatch4 tst-pam_cracklib1"
+XTESTS="$@"
failed=0
pass=0
all=0
+mkdir -p /etc/security
+cp /etc/security/access.conf /etc/security/access.conf-pam-xtests
+install -m 644 "${SRCDIR}"/access.conf /etc/security/access.conf
+cp /etc/security/limits.conf /etc/security/limits.conf-pam-xtests
+install -m 644 "${SRCDIR}"/limits.conf /etc/security/limits.conf
for testname in $XTESTS ; do
- install -m 644 $testname.pamd /etc/pam.d/$testname
- ./$testname > /dev/null
+ install -m 644 "${SRCDIR}"/$testname.pamd /etc/pam.d/$testname
+ if test -x "${SRCDIR}"/$testname.sh ; then
+ "${SRCDIR}"/$testname.sh > /dev/null
+ else
+ ./$testname > /dev/null
+ fi
if test $? -ne 0 ; then
echo "FAIL: $testname"
failed=`expr $failed + 1`
@@ -24,15 +36,17 @@ for testname in $XTESTS ; do
fi
all=`expr $all + 1`
rm -f /etc/pam.d/$testname
- done
- if test "$failed" -ne 0; then
+done
+mv /etc/security/access.conf-pam-xtests /etc/security/access.conf
+mv /etc/security/limits.conf-pam-xtests /etc/security/limits.conf
+if test "$failed" -ne 0; then
echo "==================="
echo "$failed of $all tests failed"
echo "==================="
exit 1
- else
+else
echo "=================="
echo "All $all tests passed"
echo "=================="
- fi
+fi
exit 0
diff --git a/Linux-PAM/xtests/tst-pam_access1.c b/Linux-PAM/xtests/tst-pam_access1.c
new file mode 100644
index 00000000..06b65f0c
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_access1.c
@@ -0,0 +1,131 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in access.conf:
+ -:ALL EXCEPT (tstpamaccess):LOCAL
+
+ User is member of group tstpamaccess, pam_authenticate should pass.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh = NULL;
+ const char *user="tstpamaccess";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_access1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_access1: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/Linux-PAM/xtests/tst-pam_access1.pamd b/Linux-PAM/xtests/tst-pam_access1.pamd
new file mode 100644
index 00000000..f47ec34f
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_access1.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_access.so nodefgroup
+account required pam_permit.so
+password required pam_permit.so
+session required pam_permit.so
+
diff --git a/Linux-PAM/xtests/tst-pam_access1.sh b/Linux-PAM/xtests/tst-pam_access1.sh
new file mode 100755
index 00000000..48d8cb3e
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_access1.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+/usr/sbin/groupadd -p '!!' tstpamaccess
+/usr/sbin/useradd -G tstpamaccess -p '!!' tstpamaccess
+./tst-pam_access1
+RET=$?
+/usr/sbin/userdel -r tstpamaccess 2> /dev/null
+/usr/sbin/groupdel tstpamaccess 2> /dev/null
+exit $RET
diff --git a/Linux-PAM/xtests/tst-pam_access2.c b/Linux-PAM/xtests/tst-pam_access2.c
new file mode 100644
index 00000000..194d07d7
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_access2.c
@@ -0,0 +1,131 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in access.conf:
+ -:ALL EXCEPT (tstpamaccess):LOCAL
+
+ User is not member of group tstpamaccess, pam_authenticate should fail.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh = NULL;
+ const char *user="tstpamaccess";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_access2", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access2: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_access2: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_PERM_DENIED)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access2: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access2: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/Linux-PAM/xtests/tst-pam_access2.pamd b/Linux-PAM/xtests/tst-pam_access2.pamd
new file mode 100644
index 00000000..f47ec34f
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_access2.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_access.so nodefgroup
+account required pam_permit.so
+password required pam_permit.so
+session required pam_permit.so
+
diff --git a/Linux-PAM/xtests/tst-pam_access2.sh b/Linux-PAM/xtests/tst-pam_access2.sh
new file mode 100755
index 00000000..c1b3c992
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_access2.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+/usr/sbin/groupadd -p '!!' tstpamaccess
+/usr/sbin/useradd -p '!!' tstpamaccess
+./tst-pam_access2
+RET=$?
+/usr/sbin/userdel -r tstpamaccess 2> /dev/null
+/usr/sbin/groupdel tstpamaccess 2> /dev/null
+exit $RET
diff --git a/Linux-PAM/xtests/tst-pam_access3.c b/Linux-PAM/xtests/tst-pam_access3.c
new file mode 100644
index 00000000..cd989bb3
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_access3.c
@@ -0,0 +1,131 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in access.conf:
+ -:ALL EXCEPT tstpamaccess3 :LOCAL
+
+ pam_authenticate should pass for user tstpamaccess3
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh = NULL;
+ const char *user="tstpamaccess3";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_access3", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access3: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_access3: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access3: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access3: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/Linux-PAM/xtests/tst-pam_access3.pamd b/Linux-PAM/xtests/tst-pam_access3.pamd
new file mode 100644
index 00000000..f47ec34f
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_access3.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_access.so nodefgroup
+account required pam_permit.so
+password required pam_permit.so
+session required pam_permit.so
+
diff --git a/Linux-PAM/xtests/tst-pam_access3.sh b/Linux-PAM/xtests/tst-pam_access3.sh
new file mode 100755
index 00000000..348e0c3c
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_access3.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+/usr/sbin/useradd -p '!!' tstpamaccess3
+./tst-pam_access3
+RET=$?
+/usr/sbin/userdel -r tstpamaccess3 2> /dev/null
+exit $RET
diff --git a/Linux-PAM/xtests/tst-pam_access4.c b/Linux-PAM/xtests/tst-pam_access4.c
new file mode 100644
index 00000000..1e53a364
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_access4.c
@@ -0,0 +1,149 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in access.conf:
+ -:ALL EXCEPT tstpamaccess3 :LOCAL
+
+ pam_authenticate should fail for /dev/tty1 and pass for www.example.com
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh = NULL;
+ const char *user="tstpamaccess";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_access4", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access4: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_access4-1: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_PERM_DENIED)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access4-1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "www.example.com");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_access4-2: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access4-2: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access4: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/Linux-PAM/xtests/tst-pam_access4.pamd b/Linux-PAM/xtests/tst-pam_access4.pamd
new file mode 100644
index 00000000..f47ec34f
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_access4.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_access.so nodefgroup
+account required pam_permit.so
+password required pam_permit.so
+session required pam_permit.so
+
diff --git a/Linux-PAM/xtests/tst-pam_access4.sh b/Linux-PAM/xtests/tst-pam_access4.sh
new file mode 100755
index 00000000..58bf260d
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_access4.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+/usr/sbin/useradd -p '!!' tstpamaccess
+./tst-pam_access4
+RET=$?
+/usr/sbin/userdel -r tstpamaccess 2> /dev/null
+exit $RET
diff --git a/Linux-PAM/xtests/tst-pam_cracklib1.c b/Linux-PAM/xtests/tst-pam_cracklib1.c
index 6c0ec321..1600df97 100644
--- a/Linux-PAM/xtests/tst-pam_cracklib1.c
+++ b/Linux-PAM/xtests/tst-pam_cracklib1.c
@@ -83,8 +83,7 @@ static struct pam_conv conv = {
};
-/* Check that errors of optional modules are ignored and that
- required modules after a sufficient one are not executed. */
+/* Check that pam_cracklib does not seg.fault on empty passwords. */
int
main(int argc, char *argv[])
@@ -114,7 +113,7 @@ main(int argc, char *argv[])
return 1;
}
- /* Try two, first input is NULL */
+ /* Try two, second input is NULL */
retval = pam_chauthtok (pamh, 0);
if (retval != PAM_AUTHTOK_RECOVERY_ERR)
{
diff --git a/Linux-PAM/xtests/tst-pam_cracklib2.c b/Linux-PAM/xtests/tst-pam_cracklib2.c
new file mode 100644
index 00000000..49166a4e
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_cracklib2.c
@@ -0,0 +1,140 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* This test case checks
+ Patch 1688777: pam_cracklib support for minimum character classes */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <unistd.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ static int calls = 0;
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ /* first tow calls get a correct password, second a too
+ easy one. */
+ if (calls > 1)
+ reply[count].resp = strdup ("too easy");
+ else
+ {
+ ++calls;
+ reply[count].resp = strdup ("1a9C*8dK");
+ }
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="root";
+ int retval;
+ int debug = 0;
+
+ /* Simulate passwd call by normal user */
+ setuid (65534);
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_cracklib2", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib2: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try one, first input is correct, second is NULL */
+ retval = pam_chauthtok (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib2-1: pam_chauthtok returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try two, second input is NULL */
+ retval = pam_chauthtok (pamh, 0);
+ if (retval != PAM_AUTHTOK_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib2-2: pam_chauthtok returned %d\n", retval);
+ return 1;
+ }
+
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib2: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/Linux-PAM/xtests/tst-pam_cracklib2.pamd b/Linux-PAM/xtests/tst-pam_cracklib2.pamd
new file mode 100644
index 00000000..5915aecd
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_cracklib2.pamd
@@ -0,0 +1,2 @@
+#%PAM-1.0
+password required pam_cracklib.so minclass=4
diff --git a/Linux-PAM/xtests/tst-pam_limits1.c b/Linux-PAM/xtests/tst-pam_limits1.c
new file mode 100644
index 00000000..cf025d3d
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_limits1.c
@@ -0,0 +1,148 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in limits.conf:
+ * soft nice 19
+ * hard nice -20
+
+ getrlimit should return soft=1 and hard=40.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh = NULL;
+ const char *user="tstpamlimits";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_limits1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_limits1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_limits1: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_open_session (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_limits1: pam_open_session returned %d\n",
+ retval);
+ return 1;
+ }
+
+ struct rlimit rlim;
+
+ getrlimit (RLIMIT_NICE, &rlim);
+
+ if (rlim.rlim_cur != 1 && rlim.rlim_max != 40)
+ {
+ if (debug)
+ fprintf (stderr, "pam_limits1: getrlimit failed, soft=%u, hard=%u\n",
+ (unsigned int) rlim.rlim_cur, (unsigned int) rlim.rlim_max);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_limits1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/Linux-PAM/xtests/tst-pam_limits1.pamd b/Linux-PAM/xtests/tst-pam_limits1.pamd
new file mode 100644
index 00000000..206ef1f7
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_limits1.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_permit.so
+account required pam_permit.so
+password required pam_permit.so
+session required pam_limits.so
+
diff --git a/Linux-PAM/xtests/tst-pam_limits1.sh b/Linux-PAM/xtests/tst-pam_limits1.sh
new file mode 100755
index 00000000..4faa8223
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_limits1.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+/usr/sbin/useradd -p '!!' tstpamlimits
+./tst-pam_limits1
+RET=$?
+/usr/sbin/userdel -r tstpamlimits 2> /dev/null
+exit $RET
diff --git a/Linux-PAM/xtests/tst-pam_unix1.c b/Linux-PAM/xtests/tst-pam_unix1.c
new file mode 100644
index 00000000..7b884997
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_unix1.c
@@ -0,0 +1,121 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Test case: '!!' as password should not allow login
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+
+/* Check that errors of optional modules are ignored and that
+ required modules after a sufficient one are not executed. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="tstpamunix";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_unix1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_unix1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ /* !! as password should not allow login */
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_AUTH_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "pam_unix1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_unix1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/Linux-PAM/xtests/tst-pam_unix1.pamd b/Linux-PAM/xtests/tst-pam_unix1.pamd
new file mode 100644
index 00000000..1a2990c7
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_unix1.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_unix.so
+account required pam_unix.so
+password required pam_unix.so
+session required pam_unix.so
+
diff --git a/Linux-PAM/xtests/tst-pam_unix1.sh b/Linux-PAM/xtests/tst-pam_unix1.sh
new file mode 100755
index 00000000..f75bd842
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_unix1.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+/usr/sbin/useradd -p '!!' tstpamunix
+./tst-pam_unix1
+RET=$?
+/usr/sbin/userdel -r tstpamunix 2> /dev/null
+exit $RET
diff --git a/Linux-PAM/xtests/tst-pam_unix2.c b/Linux-PAM/xtests/tst-pam_unix2.c
new file mode 100644
index 00000000..bf6cd8e7
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_unix2.c
@@ -0,0 +1,153 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Check crypt handling
+ * First use exact password, 8 characters (13 characters crypt)
+ * Second use longer password, 9 characters
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+static int in_test;
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ /* first call get a password, second one a too long one */
+ if (in_test == 1)
+ reply[count].resp = strdup ("pamunix0");
+ else if (in_test == 2)
+ reply[count].resp = strdup ("pamunix01");
+ else
+ reply[count].resp = strdup ("pamunix1");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+
+/* Check that errors of optional modules are ignored and that
+ required modules after a sufficient one are not executed. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="tstpamunix";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_unix2", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix2: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try one, first input is correct, second is NULL */
+ in_test = 1;
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix2-1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try two, second input is too long */
+ in_test = 2;
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix2-2: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ /* Third try, third input is wrong */
+ in_test = 3;
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_AUTH_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "unix2-3: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix2: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/Linux-PAM/xtests/tst-pam_unix2.pamd b/Linux-PAM/xtests/tst-pam_unix2.pamd
new file mode 100644
index 00000000..1a2990c7
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_unix2.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_unix.so
+account required pam_unix.so
+password required pam_unix.so
+session required pam_unix.so
+
diff --git a/Linux-PAM/xtests/tst-pam_unix2.sh b/Linux-PAM/xtests/tst-pam_unix2.sh
new file mode 100755
index 00000000..7093155f
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_unix2.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# pamunix0 = 0aXKZztA.d1KY
+/usr/sbin/useradd -p 0aXKZztA.d1KY tstpamunix
+./tst-pam_unix2
+RET=$?
+/usr/sbin/userdel -r tstpamunix 2> /dev/null
+exit $RET
diff --git a/Linux-PAM/xtests/tst-pam_unix3.c b/Linux-PAM/xtests/tst-pam_unix3.c
new file mode 100644
index 00000000..bd5ffca4
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_unix3.c
@@ -0,0 +1,154 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Check bigcrypt handling
+ * First use exact password, 9 characters (24 characters crypt)
+ * Second use shorter password, 8 characters
+ * Third use wrong password, 9 characters
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+static int in_test;
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ /* first call get a password, second one a too short one */
+ if (in_test == 1)
+ reply[count].resp = strdup ("pamunix01");
+ else if (in_test == 2)
+ reply[count].resp = strdup ("pamunix0");
+ else
+ reply[count].resp = strdup ("pamunix11");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+
+/* Check that errors of optional modules are ignored and that
+ required modules after a sufficient one are not executed. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="tstpamunix";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_unix3", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix3: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try one, first input is correct, second is NULL */
+ in_test = 1;
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix3-1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try two, second input is too short */
+ in_test = 2;
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_AUTH_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "unix3-2: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ /* Third try, third input is wrong */
+ in_test = 3;
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_AUTH_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "unix3-3: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix3: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/Linux-PAM/xtests/tst-pam_unix3.pamd b/Linux-PAM/xtests/tst-pam_unix3.pamd
new file mode 100644
index 00000000..1a2990c7
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_unix3.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_unix.so
+account required pam_unix.so
+password required pam_unix.so
+session required pam_unix.so
+
diff --git a/Linux-PAM/xtests/tst-pam_unix3.sh b/Linux-PAM/xtests/tst-pam_unix3.sh
new file mode 100755
index 00000000..ef4a07cd
--- /dev/null
+++ b/Linux-PAM/xtests/tst-pam_unix3.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# pamunix01 = 0aXKZztA.d1KYIuFXArmd2jU
+/usr/sbin/useradd -p 0aXKZztA.d1KYIuFXArmd2jU tstpamunix
+./tst-pam_unix3
+RET=$?
+/usr/sbin/userdel -r tstpamunix 2> /dev/null
+exit $RET