New upstream version 1.0.1

12 files changed, 2838 insertions, 0 deletions

diff --git a/modules/pam_filter/Makefile.am b/modules/pam_filter/Makefile.am
new file mode 100644
index 00000000..ab2ceee9
--- /dev/null
+++ b/modules/pam_filter/Makefile.am
@@ -0,0 +1,34 @@
+#
+# Copyright (c) 2005, 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de>
+#
+
+SUBDIRS = upperLOWER
+
+CLEANFILES = *~
+
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_filter
+
+man_MANS = pam_filter.8
+XMLS = README.xml pam_filter.8.xml
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -no-undefined -avoid-version -module
+if HAVE_VERSIONING
+  AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+
+include_HEADERS=pam_filter.h
+pam_filter_la_LIBADD = -L$(top_builddir)/libpam -lpam
+
+securelib_LTLIBRARIES = pam_filter.la
+TESTS = tst-pam_filter
+
+if ENABLE_REGENERATE_MAN
+noinst_DATA = README
+README: pam_filter.8.xml
+-include $(top_srcdir)/Make.xml.rules
+endif
+
diff --git a/modules/pam_filter/Makefile.in b/modules/pam_filter/Makefile.in
new file mode 100644
index 00000000..d0f1573d
--- /dev/null
+++ b/modules/pam_filter/Makefile.in
@@ -0,0 +1,807 @@
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008  Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2005, 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de>
+#
+
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+subdir = modules/pam_filter
+DIST_COMMON = README $(include_HEADERS) $(srcdir)/Makefile.am \
+	$(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+	$(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" \
+	"$(DESTDIR)$(includedir)"
+securelibLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(securelib_LTLIBRARIES)
+pam_filter_la_DEPENDENCIES =
+pam_filter_la_SOURCES = pam_filter.c
+pam_filter_la_OBJECTS = pam_filter.lo
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+SOURCES = pam_filter.c
+DIST_SOURCES = pam_filter.c
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DATA = $(noinst_DATA)
+includeHEADERS_INSTALL = $(INSTALL_HEADER)
+HEADERS = $(include_HEADERS)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+FO2PDF = @FO2PDF@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNSL = @LIBNSL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NMEDIT = @NMEDIT@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PAM_READ_BOTH_CONFS = @PAM_READ_BOTH_CONFS@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WITH_DEBUG = @WITH_DEBUG@
+WITH_PAMLOCKING = @WITH_PAMLOCKING@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libc_cv_fpie = @libc_cv_fpie@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUBDIRS = upperLOWER
+CLEANFILES = *~
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_filter
+man_MANS = pam_filter.8
+XMLS = README.xml pam_filter.8.xml
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
+include_HEADERS = pam_filter.h
+pam_filter_la_LIBADD = -L$(top_builddir)/libpam -lpam
+securelib_LTLIBRARIES = pam_filter.la
+TESTS = tst-pam_filter
+@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+all: all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu  modules/pam_filter/Makefile'; \
+	cd $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu  modules/pam_filter/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)"
+	@list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+	  if test -f $$p; then \
+	    f=$(am__strip_dir) \
+	    echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(securelibdir)/$$f'"; \
+	    $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(securelibdir)/$$f"; \
+	  else :; fi; \
+	done
+
+uninstall-securelibLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+	  p=$(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$p'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$p"; \
+	done
+
+clean-securelibLTLIBRARIES:
+	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+	@list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+pam_filter.la: $(pam_filter_la_OBJECTS) $(pam_filter_la_DEPENDENCIES) 
+	$(LINK) -rpath $(securelibdir) $(pam_filter_la_OBJECTS) $(pam_filter_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_filter.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+install-man8: $(man8_MANS) $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+	for i in $$l2; do \
+	  case "$$i" in \
+	    *.8*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+	  else file=$$i; fi; \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  case "$$ext" in \
+	    8*) ;; \
+	    *) ext='8' ;; \
+	  esac; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+	done
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+	for i in $$l2; do \
+	  case "$$i" in \
+	    *.8*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  case "$$ext" in \
+	    8*) ;; \
+	    *) ext='8' ;; \
+	  esac; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+	  rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+	done
+install-includeHEADERS: $(include_HEADERS)
+	@$(NORMAL_INSTALL)
+	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+	@list='$(include_HEADERS)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+	  $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+	done
+
+uninstall-includeHEADERS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(include_HEADERS)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
+	done
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$tags$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$tags $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
+	srcdir=$(srcdir); export srcdir; \
+	list=' $(TESTS) '; \
+	if test -n "$$list"; then \
+	  for tst in $$list; do \
+	    if test -f ./$$tst; then dir=./; \
+	    elif test -f $$tst; then dir=; \
+	    else dir="$(srcdir)/"; fi; \
+	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+	      all=`expr $$all + 1`; \
+	      case " $(XFAIL_TESTS) " in \
+	      *$$ws$$tst$$ws*) \
+		xpass=`expr $$xpass + 1`; \
+		failed=`expr $$failed + 1`; \
+		echo "XPASS: $$tst"; \
+	      ;; \
+	      *) \
+		echo "PASS: $$tst"; \
+	      ;; \
+	      esac; \
+	    elif test $$? -ne 77; then \
+	      all=`expr $$all + 1`; \
+	      case " $(XFAIL_TESTS) " in \
+	      *$$ws$$tst$$ws*) \
+		xfail=`expr $$xfail + 1`; \
+		echo "XFAIL: $$tst"; \
+	      ;; \
+	      *) \
+		failed=`expr $$failed + 1`; \
+		echo "FAIL: $$tst"; \
+	      ;; \
+	      esac; \
+	    else \
+	      skip=`expr $$skip + 1`; \
+	      echo "SKIP: $$tst"; \
+	    fi; \
+	  done; \
+	  if test "$$failed" -eq 0; then \
+	    if test "$$xfail" -eq 0; then \
+	      banner="All $$all tests passed"; \
+	    else \
+	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+	    fi; \
+	  else \
+	    if test "$$xpass" -eq 0; then \
+	      banner="$$failed of $$all tests failed"; \
+	    else \
+	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+	    fi; \
+	  fi; \
+	  dashes="$$banner"; \
+	  skipped=""; \
+	  if test "$$skip" -ne 0; then \
+	    skipped="($$skip tests were not run)"; \
+	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+	      dashes="$$skipped"; \
+	  fi; \
+	  report=""; \
+	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+	    report="Please report to $(PACKAGE_BUGREPORT)"; \
+	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+	      dashes="$$report"; \
+	  fi; \
+	  dashes=`echo "$$dashes" | sed s/./=/g`; \
+	  echo "$$dashes"; \
+	  echo "$$banner"; \
+	  test -z "$$skipped" || echo "$$skipped"; \
+	  test -z "$$report" || echo "$$report"; \
+	  echo "$$dashes"; \
+	  test "$$failed" -eq 0; \
+	else :; fi
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+	    fi; \
+	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	    distdir=`$(am__cd) $(distdir) && pwd`; \
+	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+	    (cd $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$top_distdir" \
+	        distdir="$$distdir/$$subdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-recursive
+all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
+installdirs: installdirs-recursive
+installdirs-am:
+	for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(includedir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
+	mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+info: info-recursive
+
+info-am:
+
+install-data-am: install-includeHEADERS install-man \
+	install-securelibLTLIBRARIES
+
+install-dvi: install-dvi-recursive
+
+install-exec-am:
+
+install-html: install-html-recursive
+
+install-info: install-info-recursive
+
+install-man: install-man8
+
+install-pdf: install-pdf-recursive
+
+install-ps: install-ps-recursive
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-includeHEADERS uninstall-man \
+	uninstall-securelibLTLIBRARIES
+
+uninstall-man: uninstall-man8
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
+	install-strip
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am check check-TESTS check-am clean clean-generic \
+	clean-libtool clean-securelibLTLIBRARIES ctags ctags-recursive \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am \
+	install-includeHEADERS install-info install-info-am \
+	install-man install-man8 install-pdf install-pdf-am install-ps \
+	install-ps-am install-securelibLTLIBRARIES install-strip \
+	installcheck installcheck-am installdirs installdirs-am \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags tags-recursive uninstall uninstall-am \
+	uninstall-includeHEADERS uninstall-man uninstall-man8 \
+	uninstall-securelibLTLIBRARIES
+
+@ENABLE_REGENERATE_MAN_TRUE@README: pam_filter.8.xml
+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/modules/pam_filter/README b/modules/pam_filter/README
new file mode 100644
index 00000000..4d4e2194
--- /dev/null
+++ b/modules/pam_filter/README
@@ -0,0 +1,78 @@
+pam_filter — PAM filter module
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+This module is intended to be a platform for providing access to all of the
+input/output that passes between the user and the application. It is only
+suitable for tty-based and (stdin/stdout) applications.
+
+To function this module requires filters to be installed on the system. The
+single filter provided with the module simply transposes upper and lower case
+letters in the input and output streams. (This can be very annoying and is not
+kind to termcap based editors).
+
+Each component of the module has the potential to invoke the desired filter.
+The filter is always execv(2) with the privilege of the calling application and
+not that of the user. For this reason it cannot usually be killed by the user
+without closing their session.
+
+OPTIONS
+
+debug
+
+    Print debug information.
+
+new_term
+
+    The default action of the filter is to set the PAM_TTY item to indicate the
+    terminal that the user is using to connect to the application. This
+    argument indicates that the filter should set PAM_TTY to the filtered
+    pseudo-terminal.
+
+non_term
+
+    don't try to set the PAM_TTY item.
+
+runX
+
+    In order that the module can invoke a filter it should know when to invoke
+    it. This argument is required to tell the filter when to do this.
+
+    Permitted values for X are 1 and 2. These indicate the precise time that
+    the filter is to be run. To understand this concept it will be useful to
+    have read the pam(3) manual page. Basically, for each management group
+    there are up to two ways of calling the module's functions. In the case of
+    the authentication and session components there are actually two separate
+    functions. For the case of authentication, these functions are
+    pam_authenticate(3) and pam_setcred(3), here run1 means run the filter from
+    the pam_authenticate function and run2 means run the filter from
+    pam_setcred. In the case of the session modules, run1 implies that the
+    filter is invoked at the pam_open_session(3) stage, and run2 for
+    pam_close_session(3).
+
+    For the case of the account component. Either run1 or run2 may be used.
+
+    For the case of the password component, run1 is used to indicate that the
+    filter is run on the first occasion of pam_chauthtok(3) (the
+    PAM_PRELIM_CHECK phase) and run2 is used to indicate that the filter is run
+    on the second occasion (the PAM_UPDATE_AUTHTOK phase).
+
+filter
+
+    The full pathname of the filter to be run and any command line arguments
+    that the filter might expect.
+
+EXAMPLES
+
+Add the following line to /etc/pam.d/login to see how to configure login to
+transpose upper and lower case letters once the user has logged in:
+
+        session required pam_filter.so run1 /lib/security/pam_filter/upperLOWER
+
+
+AUTHOR
+
+pam_filter was written by Andrew G. Morgan <morgan@kernel.org>.
+
diff --git a/modules/pam_filter/README.xml b/modules/pam_filter/README.xml
new file mode 100644
index 00000000..b76cb743
--- /dev/null
+++ b/modules/pam_filter/README.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_filter.8.xml">
+-->
+]>
+
+<article>
+
+  <articleinfo>
+
+    <title>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_filter.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_filter-name"]/*)'/>
+    </title>
+
+  </articleinfo>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_filter.8.xml" xpointer='xpointer(//refsect1[@id = "pam_filter-description"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_filter.8.xml" xpointer='xpointer(//refsect1[@id = "pam_filter-options"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_filter.8.xml" xpointer='xpointer(//refsect1[@id = "pam_filter-examples"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_filter.8.xml" xpointer='xpointer(//refsect1[@id = "pam_filter-author"]/*)'/>
+  </section>
+
+</article>
diff --git a/modules/pam_filter/pam_filter.8 b/modules/pam_filter/pam_filter.8
new file mode 100644
index 00000000..eec58fe7
--- /dev/null
+++ b/modules/pam_filter/pam_filter.8
@@ -0,0 +1,154 @@
+.\"     Title: pam_filter
+.\"    Author: 
+.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
+.\"      Date: 04/16/2008
+.\"    Manual: Linux-PAM Manual
+.\"    Source: Linux-PAM Manual
+.\"
+.TH "PAM_FILTER" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_filter - PAM filter module
+.SH "SYNOPSIS"
+.HP 14
+\fBpam_filter\.so\fR [debug] [new_term] [non_term] run1|run2 \fIfilter\fR [\fI\.\.\.\fR]
+.SH "DESCRIPTION"
+.PP
+This module is intended to be a platform for providing access to all of the input/output that passes between the user and the application\. It is only suitable for tty\-based and (stdin/stdout) applications\.
+.PP
+To function this module requires
+\fIfilters\fR
+to be installed on the system\. The single filter provided with the module simply transposes upper and lower case letters in the input and output streams\. (This can be very annoying and is not kind to termcap based editors)\.
+.PP
+Each component of the module has the potential to invoke the desired filter\. The filter is always
+\fBexecv\fR(2)
+with the privilege of the calling application and
+\fInot\fR
+that of the user\. For this reason it cannot usually be killed by the user without closing their session\.
+.SH "OPTIONS"
+.PP
+.PP
+\fBdebug\fR
+.RS 4
+Print debug information\.
+.RE
+.PP
+\fBnew_term\fR
+.RS 4
+The default action of the filter is to set the
+\fIPAM_TTY\fR
+item to indicate the terminal that the user is using to connect to the application\. This argument indicates that the filter should set
+\fIPAM_TTY\fR
+to the filtered pseudo\-terminal\.
+.RE
+.PP
+\fBnon_term\fR
+.RS 4
+don\'t try to set the
+\fIPAM_TTY\fR
+item\.
+.RE
+.PP
+\fBrunX\fR
+.RS 4
+In order that the module can invoke a filter it should know when to invoke it\. This argument is required to tell the filter when to do this\.
+.sp
+Permitted values for
+\fIX\fR
+are
+\fI1\fR
+and
+\fI2\fR\. These indicate the precise time that the filter is to be run\. To understand this concept it will be useful to have read the
+\fBpam\fR(3)
+manual page\. Basically, for each management group there are up to two ways of calling the module\'s functions\. In the case of the
+\fIauthentication\fR
+and
+\fIsession\fR
+components there are actually two separate functions\. For the case of authentication, these functions are
+\fBpam_authenticate\fR(3)
+and
+\fBpam_setcred\fR(3), here
+\fBrun1\fR
+means run the filter from the
+\fBpam_authenticate\fR
+function and
+\fBrun2\fR
+means run the filter from
+\fBpam_setcred\fR\. In the case of the session modules,
+\fIrun1\fR
+implies that the filter is invoked at the
+\fBpam_open_session\fR(3)
+stage, and
+\fIrun2\fR
+for
+\fBpam_close_session\fR(3)\.
+.sp
+For the case of the account component\. Either
+\fIrun1\fR
+or
+\fIrun2\fR
+may be used\.
+.sp
+For the case of the password component,
+\fIrun1\fR
+is used to indicate that the filter is run on the first occasion of
+\fBpam_chauthtok\fR(3)
+(the
+\fIPAM_PRELIM_CHECK\fR
+phase) and
+\fIrun2\fR
+is used to indicate that the filter is run on the second occasion (the
+\fIPAM_UPDATE_AUTHTOK\fR
+phase)\.
+.RE
+.PP
+\fBfilter\fR
+.RS 4
+The full pathname of the filter to be run and any command line arguments that the filter might expect\.
+.RE
+.SH "MODULE SERVICES PROVIDED"
+.PP
+The services
+\fBauth\fR,
+\fBaccount\fR,
+\fBpassword\fR
+and
+\fBsession\fR
+are supported\.
+.SH "RETURN VALUES"
+.PP
+.PP
+PAM_SUCCESS
+.RS 4
+The new filter was set successfull\.
+.RE
+.PP
+PAM_ABORT
+.RS 4
+Critical error, immediate abort\.
+.RE
+.SH "EXAMPLES"
+.PP
+Add the following line to
+\fI/etc/pam\.d/login\fR
+to see how to configure login to transpose upper and lower case letters once the user has logged in:
+.sp
+.RS 4
+.nf
+        session required pam_filter\.so run1 /lib/security/pam_filter/upperLOWER
+      
+.fi
+.RE
+.sp
+.SH "SEE ALSO"
+.PP
+
+\fBpam.conf\fR(5),
+\fBpam.d\fR(8),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_filter was written by Andrew G\. Morgan <morgan@kernel\.org>\.
diff --git a/modules/pam_filter/pam_filter.8.xml b/modules/pam_filter/pam_filter.8.xml
new file mode 100644
index 00000000..d15d7e97
--- /dev/null
+++ b/modules/pam_filter/pam_filter.8.xml
@@ -0,0 +1,261 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_filter">
+
+  <refmeta>
+    <refentrytitle>pam_filter</refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id="pam_filter-name">
+    <refname>pam_filter</refname>
+    <refpurpose>PAM filter module</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis id="pam_filter-cmdsynopsis">
+      <command>pam_filter.so</command>
+      <arg choice="opt">
+	debug
+      </arg>
+      <arg choice="opt">
+        new_term
+      </arg>
+      <arg choice="opt">
+        non_term
+      </arg>
+      <arg choice="plain">
+        run1|run2
+      </arg>
+      <arg choice="plain">
+        <replaceable>filter</replaceable>
+      </arg>
+      <arg choice="opt">
+        <replaceable>...</replaceable>
+      </arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="pam_filter-description">
+
+    <title>DESCRIPTION</title>
+
+    <para>
+      This module is intended to be a platform for providing access to all
+      of the input/output that passes between the user and the application.
+      It is only suitable for tty-based and (stdin/stdout) applications.
+    </para>
+    <para>
+      To function this module requires <emphasis>filters</emphasis> to be
+      installed on the system.
+      The single filter provided with the module simply transposes upper and
+      lower case letters in the input and output streams. (This can be very
+      annoying and is not kind to termcap based editors).
+    </para>
+    <para>
+      Each component of the module has the potential to invoke the
+      desired filter. The filter is always
+      <citerefentry>
+        <refentrytitle>execv</refentrytitle><manvolnum>2</manvolnum>
+      </citerefentry> with the privilege of the calling application
+      and <emphasis>not</emphasis> that of the user. For this reason it
+      cannot usually be killed by the user without closing their session.
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_filter-options">
+
+    <title>OPTIONS</title>
+    <para>
+      <variablelist>
+
+        <varlistentry>
+          <term>
+            <option>debug</option>
+          </term>
+          <listitem>
+            <para>
+	      Print debug information.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>
+            <option>new_term</option>
+          </term>
+          <listitem>
+            <para>
+              The default action of the filter is to set the
+              <emphasis>PAM_TTY</emphasis> item to indicate the
+              terminal that the user is using to connect to the
+              application. This argument indicates that the filter
+              should set <emphasis>PAM_TTY</emphasis> to the filtered
+              pseudo-terminal.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>
+            <option>non_term</option>
+          </term>
+          <listitem>
+            <para>
+              don't try to set the <emphasis>PAM_TTY</emphasis> item.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>
+            <option>runX</option>
+          </term>
+          <listitem>
+            <para>
+              In order that the module can invoke a filter it should
+              know when to invoke it. This argument is required to tell
+              the filter when to do this.
+            </para>
+            <para>
+              Permitted values for <emphasis>X</emphasis> are
+              <emphasis>1</emphasis> and <emphasis>2</emphasis>. These
+              indicate the precise time that the filter is to be run.
+              To understand this concept it will be useful to have read
+              the <citerefentry>
+                <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum>
+              </citerefentry> manual page.
+              Basically, for each management group there are up to two ways
+              of calling the module's functions.
+              In the case of the <emphasis>authentication</emphasis> and
+              <emphasis>session</emphasis> components there are actually
+              two separate functions. For the case of authentication, these
+              functions are
+              <citerefentry>
+                <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
+              </citerefentry> and
+              <citerefentry>
+                <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
+              </citerefentry>, here <option>run1</option> means run the
+              filter from the <function>pam_authenticate</function> function
+              and <option>run2</option> means run the filter from
+              <function>pam_setcred</function>. In the case of the
+              session modules, <emphasis>run1</emphasis> implies
+              that the filter is invoked at the
+              <citerefentry>
+                <refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum>
+              </citerefentry> stage, and <emphasis>run2</emphasis> for
+              <citerefentry>
+                <refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum>
+              </citerefentry>.
+            </para>
+            <para>
+              For the case of the account component. Either
+              <emphasis>run1</emphasis> or <emphasis>run2</emphasis>
+              may be used.
+            </para>
+            <para>
+              For the case of the password component, <emphasis>run1</emphasis>
+              is used to indicate that the filter is run on the first
+              occasion of
+              <citerefentry>
+                <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum>
+              </citerefentry> (the <emphasis>PAM_PRELIM_CHECK</emphasis>
+              phase) and <emphasis>run2</emphasis> is used to indicate
+              that the filter is run on the second occasion (the
+              <emphasis>PAM_UPDATE_AUTHTOK</emphasis> phase).
+
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>
+            <option>filter</option>
+          </term>
+          <listitem>
+            <para>
+              The full pathname of the filter to be run and any command line
+              arguments that the filter might expect.
+            </para>
+          </listitem>
+        </varlistentry>
+      </variablelist>
+
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_filter-services">
+    <title>MODULE SERVICES PROVIDED</title>
+    <para>
+      The services <option>auth</option>, <option>account</option>,
+      <option>password</option> and <option>session</option> are supported.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_filter-return_values'>
+    <title>RETURN VALUES</title>
+    <para>
+      <variablelist>
+
+        <varlistentry>
+          <term>PAM_SUCCESS</term>
+          <listitem>
+            <para>
+              The new filter was set successfull.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_ABORT</term>
+          <listitem>
+            <para>
+	      Critical error, immediate abort.
+            </para>
+          </listitem>
+        </varlistentry>
+
+      </variablelist>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_filter-examples'>
+    <title>EXAMPLES</title>
+    <para>
+      Add the following line to <filename>/etc/pam.d/login</filename> to
+      see how to configure login to transpose upper and lower case letters
+      once the user has logged in:
+
+      <programlisting>
+        session required pam_filter.so run1 /lib/security/pam_filter/upperLOWER
+      </programlisting>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_filter-see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_filter-author'>
+    <title>AUTHOR</title>
+      <para>
+        pam_filter was written by Andrew G. Morgan &lt;morgan@kernel.org&gt;.
+      </para>
+  </refsect1>
+
+</refentry>
diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c
new file mode 100644
index 00000000..1c7731b3
--- /dev/null
+++ b/modules/pam_filter/pam_filter.c
@@ -0,0 +1,744 @@
+/*
+ * $Id: pam_filter.c,v 1.12 2005/12/12 14:45:00 ldv Exp $
+ *
+ * written by Andrew Morgan <morgan@transmeta.com> with much help from
+ * Richard Stevens' UNIX Network Programming book.
+ */
+
+#include "config.h"
+
+#include <stdlib.h>
+#include <syslog.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <sys/time.h>
+#include <sys/file.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <termios.h>
+
+#include <signal.h>
+
+#define PAM_SM_AUTH
+#define PAM_SM_ACCOUNT
+#define PAM_SM_SESSION
+#define PAM_SM_PASSWORD
+
+#include <security/pam_modules.h>
+#include <security/pam_ext.h>
+#include "pam_filter.h"
+
+/* ------ some tokens used for convenience throughout this file ------- */
+
+#define FILTER_DEBUG     01
+#define FILTER_RUN1      02
+#define FILTER_RUN2      04
+#define NEW_TERM        010
+#define NON_TERM        020
+
+/* -------------------------------------------------------------------- */
+
+/* log errors */
+
+#include <stdarg.h>
+
+#define TERMINAL_LEN 12
+
+static int
+master (const pam_handle_t *pamh, char *terminal)
+/*
+ * try to open all of the terminals in sequence return first free one,
+ * or -1
+ */
+{
+     const char ptys[] = "pqrs", *pty = ptys;
+     const char hexs[] = "0123456789abcdef", *hex;
+     struct stat tstat;
+     int fd;
+
+     strcpy(terminal, "/dev/pty??");
+
+     while (*pty) {                   /* step through four types */
+	  terminal[8] = *pty++;
+	  terminal[9] = '0';
+	  if (stat(terminal,&tstat) < 0) {
+	       pam_syslog(pamh, LOG_WARNING,
+			  "unknown pseudo terminal: %s", terminal);
+	       break;
+	  }
+	  for (hex = hexs; *hex; ) {  /* step through 16 of these */
+	       terminal[9] = *hex++;
+	       if ((fd = open(terminal, O_RDWR)) >= 0) {
+		    return fd;
+	       }
+	  }
+     }
+
+     /* no terminal found */
+
+     return -1;
+}
+
+static int process_args(pam_handle_t *pamh
+			, int argc, const char **argv, const char *type
+			, char ***evp, const char **filtername)
+{
+    int ctrl=0;
+
+    while (argc-- > 0) {
+	if (strcmp("debug",*argv) == 0) {
+	    ctrl |= FILTER_DEBUG;
+	} else if (strcmp("new_term",*argv) == 0) {
+	    ctrl |= NEW_TERM;
+	} else if (strcmp("non_term",*argv) == 0) {
+	    ctrl |= NON_TERM;
+	} else if (strcmp("run1",*argv) == 0) {
+	    ctrl |= FILTER_RUN1;
+	    if (argc <= 0) {
+		pam_syslog(pamh, LOG_ALERT, "no run filter supplied");
+	    } else
+		break;
+	} else if (strcmp("run2",*argv) == 0) {
+	    ctrl |= FILTER_RUN2;
+	    if (argc <= 0) {
+		pam_syslog(pamh, LOG_ALERT, "no run filter supplied");
+	    } else
+		break;
+	} else {
+	    pam_syslog(pamh, LOG_ERR, "unrecognized option: %s", *argv);
+	}
+	++argv;                   /* step along list */
+    }
+
+    if (argc < 0) {
+	/* there was no reference to a filter */
+	*filtername = NULL;
+	*evp = NULL;
+    } else {
+	char **levp;
+	const char *user = NULL;
+	const void *tmp;
+	int i,size, retval;
+
+	*filtername = *++argv;
+	if (ctrl & FILTER_DEBUG) {
+	    pam_syslog(pamh, LOG_DEBUG, "will run filter %s", *filtername);
+	}
+
+	levp = (char **) malloc(5*sizeof(char *));
+	if (levp == NULL) {
+	    pam_syslog(pamh, LOG_CRIT, "no memory for environment of filter");
+	    return -1;
+	}
+
+	for (size=i=0; i<argc; ++i) {
+	    size += strlen(argv[i])+1;
+	}
+
+	/* the "ARGS" variable */
+
+#define ARGS_OFFSET    5                          /*  strlen('ARGS=');  */
+#define ARGS_NAME      "ARGS="
+
+	size += ARGS_OFFSET;
+
+	levp[0] = (char *) malloc(size);
+	if (levp[0] == NULL) {
+	    pam_syslog(pamh, LOG_CRIT, "no memory for filter arguments");
+	    if (levp) {
+		free(levp);
+	    }
+	    return -1;
+	}
+
+	strncpy(levp[0],ARGS_NAME,ARGS_OFFSET);
+	for (i=0,size=ARGS_OFFSET; i<argc; ++i) {
+	    strcpy(levp[0]+size, argv[i]);
+	    size += strlen(argv[i]);
+	    levp[0][size++] = ' ';
+	}
+	levp[0][--size] = '\0';                    /* <NUL> terminate */
+
+	/* the "SERVICE" variable */
+
+#define SERVICE_OFFSET    8                    /*  strlen('SERVICE=');  */
+#define SERVICE_NAME      "SERVICE="
+
+	retval = pam_get_item(pamh, PAM_SERVICE, &tmp);
+	if (retval != PAM_SUCCESS || tmp == NULL) {
+	    pam_syslog(pamh, LOG_CRIT, "service name not found");
+	    if (levp) {
+		free(levp[0]);
+		free(levp);
+	    }
+	    return -1;
+	}
+	size = SERVICE_OFFSET+strlen(tmp);
+
+	levp[1] = (char *) malloc(size+1);
+	if (levp[1] == NULL) {
+	    pam_syslog(pamh, LOG_CRIT, "no memory for service name");
+	    if (levp) {
+		free(levp[0]);
+		free(levp);
+	    }
+	    return -1;
+	}
+
+	strncpy(levp[1],SERVICE_NAME,SERVICE_OFFSET);
+	strcpy(levp[1]+SERVICE_OFFSET, tmp);
+	levp[1][size] = '\0';                      /* <NUL> terminate */
+
+	/* the "USER" variable */
+
+#define USER_OFFSET    5                          /*  strlen('USER=');  */
+#define USER_NAME      "USER="
+
+	pam_get_user(pamh, &user, NULL);
+	if (user == NULL) {
+	    user = "<unknown>";
+	}
+	size = USER_OFFSET+strlen(user);
+
+	levp[2] = (char *) malloc(size+1);
+	if (levp[2] == NULL) {
+	    pam_syslog(pamh, LOG_CRIT, "no memory for user's name");
+	    if (levp) {
+		free(levp[1]);
+		free(levp[0]);
+		free(levp);
+	    }
+	    return -1;
+	}
+
+	strncpy(levp[2],USER_NAME,USER_OFFSET);
+	strcpy(levp[2]+USER_OFFSET, user);
+	levp[2][size] = '\0';                      /* <NUL> terminate */
+
+	/* the "USER" variable */
+
+#define TYPE_OFFSET    5                          /*  strlen('TYPE=');  */
+#define TYPE_NAME      "TYPE="
+
+	size = TYPE_OFFSET+strlen(type);
+
+	levp[3] = (char *) malloc(size+1);
+	if (levp[3] == NULL) {
+	    pam_syslog(pamh, LOG_CRIT, "no memory for type");
+	    if (levp) {
+		free(levp[2]);
+		free(levp[1]);
+		free(levp[0]);
+		free(levp);
+	    }
+	    return -1;
+	}
+
+	strncpy(levp[3],TYPE_NAME,TYPE_OFFSET);
+	strcpy(levp[3]+TYPE_OFFSET, type);
+	levp[3][size] = '\0';                      /* <NUL> terminate */
+
+	levp[4] = NULL;	                     /* end list */
+
+	*evp = levp;
+    }
+
+    if ((ctrl & FILTER_DEBUG) && *filtername) {
+	char **e;
+
+	pam_syslog(pamh, LOG_DEBUG, "filter[%s]: %s", type, *filtername);
+	pam_syslog(pamh, LOG_DEBUG, "environment:");
+	for (e=*evp; e && *e; ++e) {
+	    pam_syslog(pamh, LOG_DEBUG, "  %s", *e);
+	}
+    }
+
+    return ctrl;
+}
+
+static void free_evp(char *evp[])
+{
+    int i;
+
+    if (evp)
+	for (i=0; i<4; ++i) {
+	    if (evp[i])
+		free(evp[i]);
+	}
+    free(evp);
+}
+
+static int
+set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
+	    const char **evp, const char *filtername)
+{
+    int status=-1;
+    char terminal[TERMINAL_LEN];
+    struct termios stored_mode;           /* initial terminal mode settings */
+    int fd[2], child=0, child2=0, aterminal;
+
+    if (filtername == NULL || *filtername != '/') {
+	pam_syslog(pamh, LOG_ALERT,
+		   "filtername not permitted; full pathname required");
+	return PAM_ABORT;
+    }
+
+    if (!isatty(STDIN_FILENO) || !isatty(STDOUT_FILENO)) {
+	aterminal = 0;
+    } else {
+	aterminal = 1;
+    }
+
+    if (aterminal) {
+
+	/* open the master pseudo terminal */
+
+	fd[0] = master(pamh,terminal);
+	if (fd[0] < 0) {
+	    pam_syslog(pamh, LOG_CRIT, "no master terminal");
+	    return PAM_AUTH_ERR;
+	}
+
+	/* set terminal into raw mode.. remember old mode so that we can
+	   revert to it after the child has quit. */
+
+	/* this is termios terminal handling... */
+
+	if ( tcgetattr(STDIN_FILENO, &stored_mode) < 0 ) {
+	    pam_syslog(pamh, LOG_CRIT, "couldn't copy terminal mode: %m");
+	    /* in trouble, so close down */
+	    close(fd[0]);
+	    return PAM_ABORT;
+	} else {
+	    struct termios t_mode = stored_mode;
+
+	    t_mode.c_iflag = 0;            /* no input control */
+	    t_mode.c_oflag &= ~OPOST;      /* no ouput post processing */
+
+	    /* no signals, canonical input, echoing, upper/lower output */
+#ifdef XCASE
+	    t_mode.c_lflag &= ~(XCASE);
+#endif
+	    t_mode.c_lflag &= ~(ISIG|ICANON|ECHO);
+	    t_mode.c_cflag &= ~(CSIZE|PARENB);  /* no parity */
+	    t_mode.c_cflag |= CS8;              /* 8 bit chars */
+
+	    t_mode.c_cc[VMIN] = 1; /* number of chars to satisfy a read */
+	    t_mode.c_cc[VTIME] = 0;          /* 0/10th second for chars */
+
+	    if ( tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_mode) < 0 ) {
+		pam_syslog(pamh, LOG_WARNING,
+			   "couldn't put terminal in RAW mode: %m");
+		close(fd[0]);
+		return PAM_ABORT;
+	    }
+
+	    /*
+	     * NOTE: Unlike the stream socket case here the child
+	     * opens the slave terminal as fd[1] *after* the fork...
+	     */
+	}
+    } else {
+
+	/*
+	 * not a terminal line so just open a stream socket fd[0-1]
+	 * both set...
+	 */
+
+	if ( socketpair(AF_UNIX, SOCK_STREAM, 0, fd) < 0 ) {
+	    pam_syslog(pamh, LOG_CRIT, "couldn't open a stream pipe: %m");
+	    return PAM_ABORT;
+	}
+    }
+
+    /* start child process */
+
+    if ( (child = fork()) < 0 ) {
+
+	pam_syslog(pamh, LOG_WARNING, "first fork failed: %m");
+	if (aterminal) {
+		(void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stored_mode);
+	}
+
+	return PAM_AUTH_ERR;
+    }
+
+    if ( child == 0 ) {                  /* child process *is* application */
+
+	if (aterminal) {
+
+	    /* close the controlling tty */
+
+#if defined(__hpux) && defined(O_NOCTTY)
+	    int t = open("/dev/tty", O_RDWR|O_NOCTTY);
+#else
+	    int t = open("/dev/tty",O_RDWR);
+	    if (t > 0) {
+		(void) ioctl(t, TIOCNOTTY, NULL);
+		close(t);
+	    }
+#endif /* defined(__hpux) && defined(O_NOCTTY) */
+
+	    /* make this process it's own process leader */
+	    if (setsid() == -1) {
+		pam_syslog(pamh, LOG_WARNING,
+			   "child cannot become new session: %m");
+		return PAM_ABORT;
+	    }
+
+	    /* find slave's name */
+	    terminal[5] = 't';             /* want to open slave terminal */
+	    fd[1] = open(terminal, O_RDWR);
+	    close(fd[0]);      /* process is the child -- uses line fd[1] */
+
+	    if (fd[1] < 0) {
+		pam_syslog(pamh, LOG_WARNING,
+			   "cannot open slave terminal: %s: %m", terminal);
+		return PAM_ABORT;
+	    }
+
+	    /* initialize the child's terminal to be the way the
+	       parent's was before we set it into RAW mode */
+
+	    if ( tcsetattr(fd[1], TCSANOW, &stored_mode) < 0 ) {
+		pam_syslog(pamh, LOG_WARNING,
+			   "cannot set slave terminal mode: %s: %m", terminal);
+		close(fd[1]);
+		return PAM_ABORT;
+	    }
+
+	} else {
+
+	    /* nothing to do for a simple stream socket */
+
+	}
+
+	/* re-assign the stdin/out to fd[1] <- (talks to filter). */
+
+	if ( dup2(fd[1],STDIN_FILENO) != STDIN_FILENO ||
+	     dup2(fd[1],STDOUT_FILENO) != STDOUT_FILENO ||
+	     dup2(fd[1],STDERR_FILENO) != STDERR_FILENO )  {
+	    pam_syslog(pamh, LOG_WARNING,
+		       "unable to re-assign STDIN/OUT/ERR: %m");
+	    close(fd[1]);
+	    return PAM_ABORT;
+	}
+
+	/* make sure that file descriptors survive 'exec's */
+
+	if ( fcntl(STDIN_FILENO, F_SETFD, 0) ||
+	     fcntl(STDOUT_FILENO,F_SETFD, 0) ||
+	     fcntl(STDERR_FILENO,F_SETFD, 0) ) {
+	    pam_syslog(pamh, LOG_WARNING,
+		       "unable to re-assign STDIN/OUT/ERR: %m");
+	    return PAM_ABORT;
+	}
+
+	/* now the user input is read from the parent/filter: forget fd */
+
+	close(fd[1]);
+
+	/* the current process is now aparently working with filtered
+	   stdio/stdout/stderr --- success! */
+
+	return PAM_SUCCESS;
+    }
+
+    /*
+     * process is the parent here. So we can close the application's
+     * input/output
+     */
+
+    close(fd[1]);
+
+    /* Clear out passwords... there is a security problem here in
+     * that this process never executes pam_end.  Consequently, any
+     * other sensitive data in this process is *not* explicitly
+     * overwritten, before the process terminates */
+
+    (void) pam_set_item(pamh, PAM_AUTHTOK, NULL);
+    (void) pam_set_item(pamh, PAM_OLDAUTHTOK, NULL);
+
+    /* fork a copy of process to run the actual filter executable */
+
+    if ( (child2 = fork()) < 0 ) {
+
+	pam_syslog(pamh, LOG_WARNING, "filter fork failed: %m");
+	child2 = 0;
+
+    } else if ( child2 == 0 ) {              /* exec the child filter */
+
+	if ( dup2(fd[0],APPIN_FILENO) != APPIN_FILENO ||
+	     dup2(fd[0],APPOUT_FILENO) != APPOUT_FILENO ||
+	     dup2(fd[0],APPERR_FILENO) != APPERR_FILENO )  {
+	    pam_syslog(pamh, LOG_WARNING,
+		       "unable to re-assign APPIN/OUT/ERR: %m");
+	    close(fd[0]);
+	    exit(1);
+	}
+
+	/* make sure that file descriptors survive 'exec's */
+
+	if ( fcntl(APPIN_FILENO, F_SETFD, 0) == -1 ||
+	     fcntl(APPOUT_FILENO,F_SETFD, 0) == -1 ||
+	     fcntl(APPERR_FILENO,F_SETFD, 0) == -1 ) {
+	    pam_syslog(pamh, LOG_WARNING,
+		       "unable to retain APPIN/OUT/ERR: %m");
+	    close(APPIN_FILENO);
+	    close(APPOUT_FILENO);
+	    close(APPERR_FILENO);
+	    exit(1);
+	}
+
+	/* now the user input is read from the parent through filter */
+
+	execle(filtername, "<pam_filter>", NULL, evp);
+
+	/* getting to here is an error */
+
+	pam_syslog(pamh, LOG_ALERT, "filter: %s: %m", filtername);
+
+    } else {           /* wait for either of the two children to exit */
+
+	while (child && child2) {    /* loop if there are two children */
+	    int lstatus=0;
+	    int chid;
+
+	    chid = wait(&lstatus);
+	    if (chid == child) {
+
+		if (WIFEXITED(lstatus)) {            /* exited ? */
+		    status = WEXITSTATUS(lstatus);
+		} else if (WIFSIGNALED(lstatus)) {   /* killed ? */
+		    status = -1;
+		} else
+		    continue;             /* just stopped etc.. */
+		child = 0;        /* the child has exited */
+
+	    } else if (chid == child2) {
+		/*
+		 * if the filter has exited. Let the child die
+		 * naturally below
+		 */
+		if (WIFEXITED(lstatus) || WIFSIGNALED(lstatus))
+		    child2 = 0;
+	    } else {
+
+		pam_syslog(pamh, LOG_ALERT,
+			   "programming error <chid=%d,lstatus=%x> "
+			   "in file %s at line %d",
+			   chid, lstatus, __FILE__, __LINE__);
+		child = child2 = 0;
+		status = -1;
+
+	    }
+	}
+    }
+
+    close(fd[0]);
+
+    /* if there is something running, wait for it to exit */
+
+    while (child || child2) {
+	int lstatus=0;
+	int chid;
+
+	chid = wait(&lstatus);
+
+	if (child && chid == child) {
+
+	    if (WIFEXITED(lstatus)) {            /* exited ? */
+		status = WEXITSTATUS(lstatus);
+	    } else if (WIFSIGNALED(lstatus)) {   /* killed ? */
+		status = -1;
+	    } else
+		continue;             /* just stopped etc.. */
+	    child = 0;        /* the child has exited */
+
+	} else if (child2 && chid == child2) {
+
+	    if (WIFEXITED(lstatus) || WIFSIGNALED(lstatus))
+		child2 = 0;
+
+	} else {
+
+	    pam_syslog(pamh, LOG_ALERT,
+		       "programming error <chid=%d,lstatus=%x> "
+		       "in file %s at line %d",
+		       chid, lstatus, __FILE__, __LINE__);
+	    child = child2 = 0;
+	    status = -1;
+
+	}
+    }
+
+    if (aterminal) {
+	/* reset to initial terminal mode */
+	    (void) tcsetattr(STDIN_FILENO, TCSANOW, &stored_mode);
+    }
+
+    if (ctrl & FILTER_DEBUG) {
+	pam_syslog(pamh, LOG_DEBUG, "parent process exited");      /* clock off */
+    }
+
+    /* quit the parent process, returning the child's exit status */
+
+    exit(status);
+    return status; /* never reached, to make gcc happy */
+}
+
+static int set_the_terminal(pam_handle_t *pamh)
+{
+    const void *tty;
+
+    if (pam_get_item(pamh, PAM_TTY, &tty) != PAM_SUCCESS
+	|| tty == NULL) {
+	tty = ttyname(STDIN_FILENO);
+	if (tty == NULL) {
+	    pam_syslog(pamh, LOG_ERR, "couldn't get the tty name");
+	    return PAM_ABORT;
+	}
+	if (pam_set_item(pamh, PAM_TTY, tty) != PAM_SUCCESS) {
+	    pam_syslog(pamh, LOG_ERR, "couldn't set tty name");
+	    return PAM_ABORT;
+	}
+    }
+    return PAM_SUCCESS;
+}
+
+static int need_a_filter(pam_handle_t *pamh
+			 , int flags, int argc, const char **argv
+			 , const char *name, int which_run)
+{
+    int ctrl;
+    char **evp;
+    const char *filterfile;
+    int retval;
+
+    ctrl = process_args(pamh, argc, argv, name, &evp, &filterfile);
+    if (ctrl == -1) {
+	return PAM_AUTHINFO_UNAVAIL;
+    }
+
+    /* set the tty to the old or the new one? */
+
+    if (!(ctrl & NON_TERM) && !(ctrl & NEW_TERM)) {
+	retval = set_the_terminal(pamh);
+	if (retval != PAM_SUCCESS) {
+	    pam_syslog(pamh, LOG_ERR, "tried and failed to set PAM_TTY");
+	}
+    } else {
+	retval = PAM_SUCCESS;  /* nothing to do which is always a success */
+    }
+
+    if (retval == PAM_SUCCESS && (ctrl & which_run)) {
+	retval = set_filter(pamh, flags, ctrl
+			    , (const char **)evp, filterfile);
+    }
+
+    if (retval == PAM_SUCCESS
+	&& !(ctrl & NON_TERM) && (ctrl & NEW_TERM)) {
+	retval = set_the_terminal(pamh);
+	if (retval != PAM_SUCCESS) {
+	    pam_syslog(pamh, LOG_ERR,
+		       "tried and failed to set new terminal as PAM_TTY");
+	}
+    }
+
+    free_evp(evp);
+
+    if (ctrl & FILTER_DEBUG) {
+	pam_syslog(pamh, LOG_DEBUG, "filter/%s, returning %d", name, retval);
+	pam_syslog(pamh, LOG_DEBUG, "[%s]", pam_strerror(pamh, retval));
+    }
+
+    return retval;
+}
+
+/* ----------------- public functions ---------------- */
+
+/*
+ * here are the advertised access points ...
+ */
+
+/* ------------------ authentication ----------------- */
+
+PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh
+				   , int flags, int argc, const char **argv)
+{
+    return need_a_filter(pamh, flags, argc, argv
+			 , "authenticate", FILTER_RUN1);
+}
+
+PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags
+			      , int argc, const char **argv)
+{
+    return need_a_filter(pamh, flags, argc, argv, "setcred", FILTER_RUN2);
+}
+
+/* --------------- account management ---------------- */
+
+PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc,
+                              const char **argv)
+{
+    return need_a_filter(pamh, flags, argc, argv
+			 , "setcred", FILTER_RUN1|FILTER_RUN2 );
+}
+
+/* --------------- session management ---------------- */
+
+PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags
+				   , int argc, const char **argv)
+{
+    return need_a_filter(pamh, flags, argc, argv
+			 , "open_session", FILTER_RUN1);
+}
+
+PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags
+			      , int argc, const char **argv)
+{
+    return need_a_filter(pamh, flags, argc, argv
+			 , "close_session", FILTER_RUN2);
+}
+
+/* --------- updating authentication tokens --------- */
+
+
+PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags
+				, int argc, const char **argv)
+{
+    int runN;
+
+    if (flags & PAM_PRELIM_CHECK)
+	runN = FILTER_RUN1;
+    else if (flags & PAM_UPDATE_AUTHTOK)
+	runN = FILTER_RUN2;
+    else {
+	pam_syslog(pamh, LOG_ERR, "unknown flags for chauthtok (0x%X)", flags);
+	return PAM_TRY_AGAIN;
+    }
+
+    return need_a_filter(pamh, flags, argc, argv, "chauthtok", runN);
+}
+
+#ifdef PAM_STATIC
+
+/* ------------ stuff for static modules ------------ */
+
+struct pam_module _pam_filter_modstruct = {
+    "pam_filter",
+    pam_sm_authenticate,
+    pam_sm_setcred,
+    pam_sm_acct_mgmt,
+    pam_sm_open_session,
+    pam_sm_close_session,
+    pam_sm_chauthtok,
+};
+
+#endif
diff --git a/modules/pam_filter/pam_filter.h b/modules/pam_filter/pam_filter.h
new file mode 100644
index 00000000..d15d113c
--- /dev/null
+++ b/modules/pam_filter/pam_filter.h
@@ -0,0 +1,32 @@
+/*
+ * $Id: pam_filter.h,v 1.1 2005/08/16 12:27:42 kukuk Exp $
+ *
+ * this file is associated with the Linux-PAM filter module.
+ * it was written by Andrew G. Morgan <morgan@linux.kernel.org>
+ *
+ */
+
+#ifndef PAM_FILTER_H
+#define PAM_FILTER_H
+
+#include <sys/file.h>
+
+/*
+ * this will fail if there is some problem with these file descriptors
+ * being allocated by the pam_filter Linux-PAM module. The numbers
+ * here are thought safe, but the filter developer should use the
+ * macros, as these numbers are subject to change.
+ *
+ * The APPXXX_FILENO file descriptors are the STDIN/OUT/ERR_FILENO of the
+ * application. The filter uses the STDIN/OUT/ERR_FILENO's to converse
+ * with the user, passes (modified) user input to the application via
+ * APPIN_FILENO, and receives application output from APPOUT_FILENO/ERR.
+ */
+
+#define APPIN_FILENO    3           /* write here to give application input */
+#define APPOUT_FILENO   4           /* read here to get application output */
+#define APPERR_FILENO   5           /* read here to get application errors */
+
+#define APPTOP_FILE   6                                  /* used by select */
+
+#endif
diff --git a/modules/pam_filter/tst-pam_filter b/modules/pam_filter/tst-pam_filter
new file mode 100755
index 00000000..56a5d083
--- /dev/null
+++ b/modules/pam_filter/tst-pam_filter
@@ -0,0 +1,2 @@
+#!/bin/sh
+../../tests/tst-dlopen .libs/pam_filter.so
diff --git a/modules/pam_filter/upperLOWER/Makefile.am b/modules/pam_filter/upperLOWER/Makefile.am
new file mode 100644
index 00000000..93d24ff5
--- /dev/null
+++ b/modules/pam_filter/upperLOWER/Makefile.am
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2005 Thorsten Kukuk <kukuk@suse.de>
+#
+
+CLEANFILES = *~
+
+securelibfilterdir = $(SECUREDIR)/pam_filter
+
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	-I$(srcdir)/.. @PIE_CFLAGS@
+AM_LDFLAGS = @PIE_LDFLAGS@
+LDADD = -L$(top_builddir)/libpam -lpam
+
+securelibfilter_PROGRAMS = upperLOWER
diff --git a/modules/pam_filter/upperLOWER/Makefile.in b/modules/pam_filter/upperLOWER/Makefile.in
new file mode 100644
index 00000000..5112980c
--- /dev/null
+++ b/modules/pam_filter/upperLOWER/Makefile.in
@@ -0,0 +1,529 @@
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008  Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2005 Thorsten Kukuk <kukuk@suse.de>
+#
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+securelibfilter_PROGRAMS = upperLOWER$(EXEEXT)
+subdir = modules/pam_filter/upperLOWER
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+	$(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(securelibfilterdir)"
+securelibfilterPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(securelibfilter_PROGRAMS)
+upperLOWER_SOURCES = upperLOWER.c
+upperLOWER_OBJECTS = upperLOWER.$(OBJEXT)
+upperLOWER_LDADD = $(LDADD)
+upperLOWER_DEPENDENCIES =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+SOURCES = upperLOWER.c
+DIST_SOURCES = upperLOWER.c
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+FO2PDF = @FO2PDF@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNSL = @LIBNSL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NMEDIT = @NMEDIT@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PAM_READ_BOTH_CONFS = @PAM_READ_BOTH_CONFS@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WITH_DEBUG = @WITH_DEBUG@
+WITH_PAMLOCKING = @WITH_PAMLOCKING@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libc_cv_fpie = @libc_cv_fpie@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+CLEANFILES = *~
+securelibfilterdir = $(SECUREDIR)/pam_filter
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	-I$(srcdir)/.. @PIE_CFLAGS@
+
+AM_LDFLAGS = @PIE_LDFLAGS@
+LDADD = -L$(top_builddir)/libpam -lpam
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu  modules/pam_filter/upperLOWER/Makefile'; \
+	cd $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu  modules/pam_filter/upperLOWER/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-securelibfilterPROGRAMS: $(securelibfilter_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	test -z "$(securelibfilterdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibfilterdir)"
+	@list='$(securelibfilter_PROGRAMS)'; for p in $$list; do \
+	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+	  if test -f $$p \
+	     || test -f $$p1 \
+	  ; then \
+	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibfilterPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(securelibfilterdir)/$$f'"; \
+	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibfilterPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(securelibfilterdir)/$$f" || exit 1; \
+	  else :; fi; \
+	done
+
+uninstall-securelibfilterPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(securelibfilter_PROGRAMS)'; for p in $$list; do \
+	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+	  echo " rm -f '$(DESTDIR)$(securelibfilterdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(securelibfilterdir)/$$f"; \
+	done
+
+clean-securelibfilterPROGRAMS:
+	@list='$(securelibfilter_PROGRAMS)'; for p in $$list; do \
+	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+	  echo " rm -f $$p $$f"; \
+	  rm -f $$p $$f ; \
+	done
+upperLOWER$(EXEEXT): $(upperLOWER_OBJECTS) $(upperLOWER_DEPENDENCIES) 
+	@rm -f upperLOWER$(EXEEXT)
+	$(LINK) $(upperLOWER_OBJECTS) $(upperLOWER_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/upperLOWER.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$tags$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$tags $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+	    fi; \
+	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+	for dir in "$(DESTDIR)$(securelibfilterdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-securelibfilterPROGRAMS \
+	mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-securelibfilterPROGRAMS
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-securelibfilterPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-libtool clean-securelibfilterPROGRAMS ctags distclean \
+	distclean-compile distclean-generic distclean-libtool \
+	distclean-tags distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-securelibfilterPROGRAMS install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	tags uninstall uninstall-am uninstall-securelibfilterPROGRAMS
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/modules/pam_filter/upperLOWER/upperLOWER.c b/modules/pam_filter/upperLOWER/upperLOWER.c
new file mode 100644
index 00000000..0ede4a0d
--- /dev/null
+++ b/modules/pam_filter/upperLOWER/upperLOWER.c
@@ -0,0 +1,141 @@
+/*
+ * This is a sample filter program, for use with pam_filter (a module
+ * provided with Linux-PAM). This filter simply transposes upper and
+ * lower case letters, it is intended for demonstration purposes and
+ * it serves no purpose other than to annoy the user...
+ */
+
+#include "config.h"
+
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "pam_filter.h"
+#include <security/pam_modutil.h>
+
+/* ---------------------------------------------------------------- */
+
+static void do_transpose(char *buffer,int len)
+{
+     int i;
+     for (i=0; i<len; ++i) {
+	  if (islower(buffer[i])) {
+	       buffer[i] = toupper(buffer[i]);
+	  } else {
+	       buffer[i] = tolower(buffer[i]);
+	  }
+     }
+}
+
+extern char **environ;
+
+int main(int argc, char **argv UNUSED)
+{
+     char buffer[BUFSIZ];
+     fd_set readers;
+     void (*before_user)(char *,int);
+     void (*before_app)(char *,int);
+
+     openlog("upperLOWER", LOG_CONS|LOG_PID, LOG_AUTHPRIV);
+
+#ifdef DEBUG
+     {
+	  int i;
+
+	  fprintf(stderr,"environment :[\r\n");
+	  for (i=0; environ[i]; ++i) {
+	       fprintf(stderr,"-> %s\r\n",environ[i]);
+	  }
+	  fprintf(stderr,"]: end\r\n");
+     }
+#endif
+
+     if (argc != 1) {
+#ifdef DEBUG
+	  fprintf(stderr,"filter invoked as conventional executable\n");
+#else
+	  syslog(LOG_ERR, "filter invoked as conventional executable");
+#endif
+	  exit(1);
+     }
+
+     before_user = before_app = do_transpose;   /* assign filter functions */
+
+     /* enter a loop that deals with the input and output of the
+        user.. passing it to and from the application */
+
+     FD_ZERO(&readers);                    /* initialize reading mask */
+
+     for (;;) {
+
+	  FD_SET(APPOUT_FILENO, &readers);              /* wake for output */
+	  FD_SET(APPERR_FILENO, &readers);               /* wake for error */
+	  FD_SET(STDIN_FILENO, &readers);                /* wake for input */
+
+	  if ( select(APPTOP_FILE,&readers,NULL,NULL,NULL) < 0 ) {
+#ifdef DEBUG
+	       fprintf(stderr,"select failed\n");
+#else
+	       syslog(LOG_WARNING,"select failed");
+#endif
+	       break;
+	  }
+
+	  /* application errors */
+
+	  if ( FD_ISSET(APPERR_FILENO,&readers) ) {
+	       int got = pam_modutil_read(APPERR_FILENO, buffer, BUFSIZ);
+	       if (got <= 0) {
+		    break;
+	       } else {
+		    /* translate to give to real terminal */
+		    if (before_user != NULL)
+			 before_user(buffer, got);
+		    if (pam_modutil_write(STDERR_FILENO, buffer, got) != got ) {
+			 syslog(LOG_WARNING,"couldn't write %d bytes?!",got);
+			 break;
+		    }
+	       }
+	  } else if ( FD_ISSET(APPOUT_FILENO,&readers) ) {    /* app output */
+	       int got = pam_modutil_read(APPOUT_FILENO, buffer, BUFSIZ);
+	       if (got <= 0) {
+		    break;
+	       } else {
+		    /* translate to give to real terminal */
+		    if (before_user != NULL)
+			 before_user(buffer, got);
+		    if (pam_modutil_write(STDOUT_FILENO, buffer, got) != got ) {
+			 syslog(LOG_WARNING,"couldn't write %d bytes!?",got);
+			 break;
+		    }
+	       }
+	  }
+
+	  if ( FD_ISSET(STDIN_FILENO, &readers) ) {  /* user input */
+	       int got = pam_modutil_read(STDIN_FILENO, buffer, BUFSIZ);
+	       if (got < 0) {
+		    syslog(LOG_WARNING,"user input junked");
+		    break;
+	       } else if (got) {
+		    /* translate to give to application */
+		    if (before_app != NULL)
+			 before_app(buffer, got);
+		    if (pam_modutil_write(APPIN_FILENO, buffer, got) != got ) {
+			 syslog(LOG_WARNING,"couldn't pass %d bytes!?",got);
+			 break;
+		    }
+	       } else {
+		    /* nothing received -- an error? */
+		    syslog(LOG_WARNING,"user input null?");
+		    break;
+	       }
+	  }
+     }
+
+     exit(0);
+}