summaryrefslogtreecommitdiff
path: root/modules/pam_access
diff options
context:
space:
mode:
authorSteve Langasek <steve.langasek@canonical.com>2020-08-11 14:54:29 -0700
committerSteve Langasek <steve.langasek@canonical.com>2020-08-11 14:54:29 -0700
commitf6d08ed47a3da3c08345bce2ca366e961c52ad7c (patch)
treedcbd0efb229b17f696f7195671f05b354b4f70fc /modules/pam_access
parent668b13da8f830c38388cecac45539972e80cb246 (diff)
parent9e5bea9e146dee574796259ca464ad2435be3590 (diff)
New upstream version 1.4.0
Diffstat (limited to 'modules/pam_access')
-rw-r--r--modules/pam_access/Makefile.am21
-rw-r--r--modules/pam_access/Makefile.in146
-rw-r--r--modules/pam_access/README4
-rw-r--r--modules/pam_access/access.conf.512
-rw-r--r--modules/pam_access/access.conf.5.xml6
-rw-r--r--modules/pam_access/pam_access.86
-rw-r--r--modules/pam_access/pam_access.c66
7 files changed, 153 insertions, 108 deletions
diff --git a/modules/pam_access/Makefile.am b/modules/pam_access/Makefile.am
index 924b7219..5723dd59 100644
--- a/modules/pam_access/Makefile.am
+++ b/modules/pam_access/Makefile.am
@@ -5,18 +5,21 @@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README access.conf $(MANS) $(XMLS) tst-pam_access
-
-man_MANS = access.conf.5 pam_access.8
+EXTRA_DIST = $(XMLS)
+if HAVE_DOC
+dist_man_MANS = access.conf.5 pam_access.8
+endif
XMLS = README.xml access.conf.5.xml pam_access.8.xml
+dist_check_SCRIPTS = tst-pam_access
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" \
- -DACCESS_CONF_GLOB=\"$(SCONFIGDIR)/access.d/*.conf\"
+ -DACCESS_CONF_GLOB=\"$(SCONFIGDIR)/access.d/*.conf\" $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -25,15 +28,9 @@ endif
securelib_LTLIBRARIES = pam_access.la
pam_access_la_LIBADD = $(top_builddir)/libpam/libpam.la
-secureconf_DATA = access.conf
+dist_secureconf_DATA = access.conf
if ENABLE_REGENERATE_MAN
-
-noinst_DATA = README
-
-README: pam_access.8.xml access.conf.5.xml
-
+dist_noinst_DATA = README
-include $(top_srcdir)/Make.xml.rules
endif
-
-TESTS = tst-pam_access
diff --git a/modules/pam_access/Makefile.in b/modules/pam_access/Makefile.in
index 02a35cb0..dc7db3c3 100644
--- a/modules/pam_access/Makefile.in
+++ b/modules/pam_access/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
host_triplet = @host@
@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
subdir = modules/pam_access
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(dist_secureconf_DATA) \
+ $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -158,7 +168,8 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_access.Plo
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -188,8 +199,9 @@ am__can_run_installinfo = \
man5dir = $(mandir)/man5
man8dir = $(mandir)/man8
NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA) $(secureconf_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA) $(dist_secureconf_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -386,6 +398,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -414,6 +429,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -422,7 +439,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -458,6 +474,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -494,11 +511,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -567,21 +586,22 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README access.conf $(MANS) $(XMLS) tst-pam_access
-man_MANS = access.conf.5 pam_access.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = access.conf.5 pam_access.8
XMLS = README.xml access.conf.5.xml pam_access.8.xml
+dist_check_SCRIPTS = tst-pam_access
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" \
- -DACCESS_CONF_GLOB=\"$(SCONFIGDIR)/access.d/*.conf\"
+ -DACCESS_CONF_GLOB=\"$(SCONFIGDIR)/access.d/*.conf\" $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
securelib_LTLIBRARIES = pam_access.la
pam_access_la_LIBADD = $(top_builddir)/libpam/libpam.la
-secureconf_DATA = access.conf
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
-TESTS = tst-pam_access
+dist_secureconf_DATA = access.conf
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
all: all-am
.SUFFIXES:
@@ -598,14 +618,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_access/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/pam_access/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -661,21 +680,27 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_access.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_access.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -689,10 +714,10 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man5: $(man_MANS)
+install-man5: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man5dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -727,15 +752,15 @@ uninstall-man5:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man5dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.5[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -770,14 +795,14 @@ uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-install-secureconfDATA: $(secureconf_DATA)
+install-dist_secureconfDATA: $(dist_secureconf_DATA)
@$(NORMAL_INSTALL)
- @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+ @list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \
@@ -791,9 +816,9 @@ install-secureconfDATA: $(secureconf_DATA)
$(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \
done
-uninstall-secureconfDATA:
+uninstall-dist_secureconfDATA:
@$(NORMAL_UNINSTALL)
- @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+ @list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir)
@@ -879,7 +904,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
if test -n "$$am__remaking_logs"; then \
echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
"recursion detected" >&2; \
- else \
+ elif test -n "$$redo_logs"; then \
am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
fi; \
if $(am__make_dryrun); then :; else \
@@ -969,7 +994,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -979,7 +1004,7 @@ check-TESTS:
log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
exit $$?;
-recheck: all
+recheck: all $(dist_check_SCRIPTS)
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
bases=`for i in $$bases; do echo $$i; done \
@@ -1012,7 +1037,10 @@ tst-pam_access.log: tst-pam_access
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -1043,6 +1071,7 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1091,7 +1120,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_access.Plo
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1108,7 +1137,7 @@ info: info-am
info-am:
-install-data-am: install-man install-secureconfDATA \
+install-data-am: install-dist_secureconfDATA install-man \
install-securelibLTLIBRARIES
install-dvi: install-dvi-am
@@ -1138,7 +1167,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_access.Plo
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1155,33 +1184,32 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-man uninstall-secureconfDATA \
+uninstall-am: uninstall-dist_secureconfDATA uninstall-man \
uninstall-securelibLTLIBRARIES
uninstall-man: uninstall-man5 uninstall-man8
.MAKE: check-am install-am install-strip
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-generic clean-libtool clean-securelibLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-man5 \
- install-man8 install-pdf install-pdf-am install-ps \
- install-ps-am install-secureconfDATA \
- install-securelibLTLIBRARIES install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- recheck tags tags-am uninstall uninstall-am uninstall-man \
- uninstall-man5 uninstall-man8 uninstall-secureconfDATA \
- uninstall-securelibLTLIBRARIES
-
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am clean clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dist_secureconfDATA install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-man5 install-man8 install-pdf install-pdf-am \
+ install-ps install-ps-am install-securelibLTLIBRARIES \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am recheck tags tags-am uninstall \
+ uninstall-am uninstall-dist_secureconfDATA uninstall-man \
+ uninstall-man5 uninstall-man8 uninstall-securelibLTLIBRARIES
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_access.8.xml access.conf.5.xml
+.PRECIOUS: Makefile
@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
diff --git a/modules/pam_access/README b/modules/pam_access/README
index 0e16c0d8..26aad33e 100644
--- a/modules/pam_access/README
+++ b/modules/pam_access/README
@@ -116,6 +116,10 @@ User john should get access from IPv6 net/mask.
+:john:2001:db8:0:101::/64
+Members of group wheel should be allowed to get access from all sources.
+
++:(wheel):ALL
+
Disallow console logins to all but the shutdown, sync and all other accounts,
which are a member of the wheel group.
diff --git a/modules/pam_access/access.conf.5 b/modules/pam_access/access.conf.5
index 8e7ea4cf..1c217b9f 100644
--- a/modules/pam_access/access.conf.5
+++ b/modules/pam_access/access.conf.5
@@ -1,13 +1,13 @@
'\" t
.\" Title: access.conf
.\" Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2018
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "ACCESS\&.CONF" "5" "05/18/2018" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "ACCESS\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -188,6 +188,12 @@ should get access from IPv6 net/mask\&.
.PP
+:john:2001:db8:0:101::/64
.PP
+Members of group
+\fIwheel\fR
+should be allowed to get access from all sources\&.
+.PP
++:(wheel):ALL
+.PP
Disallow console logins to all but the shutdown, sync and all other accounts, which are a member of the wheel group\&.
.PP
\-:ALL EXCEPT (wheel) shutdown sync:LOCAL
diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml
index 386346b9..8fdbc31d 100644
--- a/modules/pam_access/access.conf.5.xml
+++ b/modules/pam_access/access.conf.5.xml
@@ -198,6 +198,12 @@
<para>+:john:2001:db8:0:101::/64</para>
<para>
+ Members of group <emphasis>wheel</emphasis> should be allowed to get access
+ from all sources.
+ </para>
+ <para>+:(wheel):ALL</para>
+
+ <para>
Disallow console logins to all but the shutdown, sync and all
other accounts, which are a member of the wheel group.
</para>
diff --git a/modules/pam_access/pam_access.8 b/modules/pam_access/pam_access.8
index 138c3c48..c091642d 100644
--- a/modules/pam_access/pam_access.8
+++ b/modules/pam_access/pam_access.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_access
.\" Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2018
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_ACCESS" "8" "05/18/2018" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_ACCESS" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index 80d885dd..98848c54 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -1,6 +1,6 @@
-/* pam_access module */
-
/*
+ * pam_access module
+ *
* Written by Alexei Nogin <alexei@nogin.dnttm.ru> 1997/06/15
* (I took login_access from logdaemon-5.6 and converted it to PAM
* using parts of pam_time code.)
@@ -21,7 +21,7 @@
*
* This software is provided "as is" and without any expressed or implied
* warranties, including, without limitation, the implied warranties of
- * merchantibility and fitness for any particular purpose.
+ * merchantability and fitness for any particular purpose.
*************************************************************************
*/
@@ -49,22 +49,12 @@
#include <libaudit.h>
#endif
-/*
- * here, we make definitions for the externally accessible functions
- * in this file (these definitions are required for static modules
- * but strongly encouraged generally) they are used to instruct the
- * modules include file to define their prototypes.
- */
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_SESSION
-#define PAM_SM_PASSWORD
-
#include <security/_pam_macros.h>
#include <security/pam_modules.h>
#include <security/pam_modutil.h>
#include <security/pam_ext.h>
+#include "pam_cc_compat.h"
+#include "pam_inline.h"
/* login_access.c from logdaemon-5.6 with several changes by A.Nogin: */
@@ -123,25 +113,27 @@ parse_args(pam_handle_t *pamh, struct login_info *loginfo,
loginfo->fs = ":";
loginfo->sep = ", \t";
for (i=0; i<argc; ++i) {
- if (!strncmp("fieldsep=", argv[i], 9)) {
+ const char *str;
+
+ if ((str = pam_str_skip_prefix(argv[i], "fieldsep=")) != NULL) {
/* the admin wants to override the default field separators */
- loginfo->fs = argv[i]+9;
+ loginfo->fs = str;
- } else if (!strncmp("listsep=", argv[i], 8)) {
+ } else if ((str = pam_str_skip_prefix(argv[i], "listsep=")) != NULL) {
/* the admin wants to override the default list separators */
- loginfo->sep = argv[i]+8;
+ loginfo->sep = str;
- } else if (!strncmp("accessfile=", argv[i], 11)) {
- FILE *fp = fopen(11 + argv[i], "r");
+ } else if ((str = pam_str_skip_prefix(argv[i], "accessfile=")) != NULL) {
+ FILE *fp = fopen(str, "r");
if (fp) {
- loginfo->config_file = 11 + argv[i];
+ loginfo->config_file = str;
fclose(fp);
} else {
pam_syslog(pamh, LOG_ERR,
- "failed to open accessfile=[%s]: %m", 11 + argv[i]);
+ "failed to open accessfile=[%s]: %m", str);
return 0;
}
@@ -216,7 +208,7 @@ isipaddr (const char *string, int *addr_type,
/* are_addresses_equal - translate IP address strings to real IP
* addresses and compare them to find out if they are equal.
- * If netmask was provided it will be used to focus comparation to
+ * If netmask was provided it will be used to focus comparison to
* relevant bits.
*/
static int
@@ -335,7 +327,9 @@ login_access (pam_handle_t *pamh, struct login_info *item)
char *users; /* becomes list of login names */
char *froms; /* becomes list of terminals or hosts */
int match = NO;
+#ifdef HAVE_LIBAUDIT
int nonall_match = NO;
+#endif
int end;
int lineno = 0; /* for diagnostics */
char *sptr;
@@ -371,7 +365,7 @@ login_access (pam_handle_t *pamh, struct login_info *item)
if (line[0] == 0) /* skip blank lines */
continue;
- /* Allow field seperator in last field of froms */
+ /* Allow field separator in last field of froms */
if (!(perm = strtok_r(line, item->fs, &sptr))
|| !(users = strtok_r(NULL, item->fs, &sptr))
|| !(froms = strtok_r(NULL, "\n", &sptr))) {
@@ -393,9 +387,11 @@ login_access (pam_handle_t *pamh, struct login_info *item)
match, item->user->pw_name);
if (match) {
match = list_match(pamh, froms, NULL, item, from_match);
+#ifdef HAVE_LIBAUDIT
if (!match && perm[0] == '+') {
nonall_match = YES;
}
+#endif
if (item->debug)
pam_syslog (pamh, LOG_DEBUG,
"from_match=%d, \"%s\"", match, item->from);
@@ -473,6 +469,8 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup,
{
int retval;
char *mydomain = NULL;
+
+#ifdef HAVE_GETDOMAINNAME
char domainname_res[256];
if (getdomainname (domainname_res, sizeof (domainname_res)) == 0)
@@ -482,6 +480,7 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup,
mydomain = domainname_res;
}
}
+#endif
#ifdef HAVE_INNETGR
retval = innetgr (netgroup, machine, user, mydomain);
@@ -576,7 +575,7 @@ group_match (pam_handle_t *pamh, const char *tok, const char* usr,
if (strlen(tok) < 3)
return NO;
- /* token is recieved under the format '(...)' */
+ /* token is received under the format '(...)' */
memset(grptok, 0, BUFSIZ);
strncpy(grptok, tok + 1, strlen(tok) - 2);
@@ -646,9 +645,11 @@ from_match (pam_handle_t *pamh UNUSED, char *tok, struct login_info *item)
if (runp->ai_family == AF_INET)
{
+ DIAG_PUSH_IGNORE_CAST_ALIGN;
inet_ntop (runp->ai_family,
&((struct sockaddr_in *) runp->ai_addr)->sin_addr,
buf, sizeof (buf));
+ DIAG_POP_IGNORE_CAST_ALIGN;
strcat (buf, ".");
@@ -737,7 +738,9 @@ network_netmask_match (pam_handle_t *pamh,
{ /* invalid netmask value */
return NO;
}
- if ((netmask < 0) || (netmask >= 128))
+ if ((netmask < 0)
+ || (addr_type == AF_INET && netmask > 32)
+ || (addr_type == AF_INET6 && netmask > 128))
{ /* netmask value out of range */
return NO;
}
@@ -775,11 +778,13 @@ network_netmask_match (pam_handle_t *pamh,
{
char buf[INET6_ADDRSTRLEN];
+ DIAG_PUSH_IGNORE_CAST_ALIGN;
inet_ntop (runp->ai_family,
runp->ai_family == AF_INET
? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr
: (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr,
buf, sizeof (buf));
+ DIAG_POP_IGNORE_CAST_ALIGN;
if (are_addresses_equal(buf, tok, netmask_ptr))
{
@@ -806,7 +811,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
const char *user=NULL;
const void *void_from=NULL;
const char *from;
- const char const *default_config = PAM_ACCESS_CONFIG;
+ const char *default_config = PAM_ACCESS_CONFIG;
struct passwd *user_pw;
char hostname[MAXHOSTNAMELEN + 1];
int rv;
@@ -814,9 +819,8 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
/* set username */
- if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL
- || *user == '\0') {
- pam_syslog(pamh, LOG_ERR, "cannot determine the user's name");
+ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
return PAM_USER_UNKNOWN;
}