summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorSteve Langasek <steve.langasek@ubuntu.com>2019-01-03 16:26:05 -0800
committerSteve Langasek <steve.langasek@ubuntu.com>2019-01-03 17:26:38 -0800
commit9c52e721044e7501c3d4567b36d222dc7326224a (patch)
tree9011790770130c60a712a6f125ad50d60e07cc74 /modules
parent9727ff2a3fa0e94a42b34a579027bacf4146d571 (diff)
parent186ff16e8d12ff15d518000c17f115ccab5275a4 (diff)
New upstream version 1.0.1
Diffstat (limited to 'modules')
-rw-r--r--modules/Makefile.am16
-rw-r--r--modules/Makefile.in555
-rw-r--r--modules/modules.map11
-rw-r--r--modules/pam_access/Makefile.am37
-rw-r--r--modules/pam_access/Makefile.in740
-rw-r--r--modules/pam_access/README120
-rw-r--r--modules/pam_access/README.xml39
-rw-r--r--modules/pam_access/access.conf122
-rw-r--r--modules/pam_access/access.conf.5170
-rw-r--r--modules/pam_access/access.conf.5.xml203
-rw-r--r--modules/pam_access/pam_access.8112
-rw-r--r--modules/pam_access/pam_access.8.xml253
-rw-r--r--modules/pam_access/pam_access.c922
-rwxr-xr-xmodules/pam_access/tst-pam_access2
-rw-r--r--modules/pam_cracklib/Makefile.am38
-rw-r--r--modules/pam_cracklib/Makefile.in672
-rw-r--r--modules/pam_cracklib/README220
-rw-r--r--modules/pam_cracklib/README.xml41
-rw-r--r--modules/pam_cracklib/pam_cracklib.8309
-rw-r--r--modules/pam_cracklib/pam_cracklib.8.xml513
-rw-r--r--modules/pam_cracklib/pam_cracklib.c842
-rwxr-xr-xmodules/pam_cracklib/tst-pam_cracklib2
-rw-r--r--modules/pam_debug/Makefile.am31
-rw-r--r--modules/pam_debug/Makefile.in667
-rw-r--r--modules/pam_debug/README64
-rw-r--r--modules/pam_debug/README.xml41
-rw-r--r--modules/pam_debug/pam_debug.8126
-rw-r--r--modules/pam_debug/pam_debug.8.xml231
-rw-r--r--modules/pam_debug/pam_debug.c167
-rwxr-xr-xmodules/pam_debug/tst-pam_debug2
-rw-r--r--modules/pam_deny/Makefile.am34
-rw-r--r--modules/pam_deny/Makefile.in669
-rw-r--r--modules/pam_deny/README31
-rw-r--r--modules/pam_deny/README.xml36
-rw-r--r--modules/pam_deny/pam_deny.882
-rw-r--r--modules/pam_deny/pam_deny.8.xml135
-rw-r--r--modules/pam_deny/pam_deny.c89
-rwxr-xr-xmodules/pam_deny/tst-pam_deny2
-rw-r--r--modules/pam_echo/Makefile.am31
-rw-r--r--modules/pam_echo/Makefile.in667
-rw-r--r--modules/pam_echo/README50
-rw-r--r--modules/pam_echo/README.xml36
-rw-r--r--modules/pam_echo/pam_echo.8108
-rw-r--r--modules/pam_echo/pam_echo.8.xml168
-rw-r--r--modules/pam_echo/pam_echo.c269
-rwxr-xr-xmodules/pam_echo/tst-pam_echo2
-rw-r--r--modules/pam_env/Makefile.am35
-rw-r--r--modules/pam_env/Makefile.in759
-rw-r--r--modules/pam_env/README74
-rw-r--r--modules/pam_env/README.xml39
-rw-r--r--modules/pam_env/environment5
-rw-r--r--modules/pam_env/pam_env.8109
-rw-r--r--modules/pam_env/pam_env.8.xml206
-rw-r--r--modules/pam_env/pam_env.c832
-rw-r--r--modules/pam_env/pam_env.conf73
-rw-r--r--modules/pam_env/pam_env.conf.587
-rw-r--r--modules/pam_env/pam_env.conf.5.xml123
-rwxr-xr-xmodules/pam_env/tst-pam_env2
-rw-r--r--modules/pam_exec/Makefile.am34
-rw-r--r--modules/pam_exec/Makefile.in669
-rw-r--r--modules/pam_exec/README52
-rw-r--r--modules/pam_exec/README.xml41
-rw-r--r--modules/pam_exec/pam_exec.8116
-rw-r--r--modules/pam_exec/pam_exec.8.xml217
-rw-r--r--modules/pam_exec/pam_exec.c341
-rwxr-xr-xmodules/pam_exec/tst-pam_exec2
-rw-r--r--modules/pam_faildelay/Makefile.am31
-rw-r--r--modules/pam_faildelay/Makefile.in667
-rw-r--r--modules/pam_faildelay/README33
-rw-r--r--modules/pam_faildelay/README.xml41
-rw-r--r--modules/pam_faildelay/pam_faildelay.873
-rw-r--r--modules/pam_faildelay/pam_faildelay.8.xml136
-rw-r--r--modules/pam_faildelay/pam_faildelay.c231
-rwxr-xr-xmodules/pam_faildelay/tst-pam_faildelay2
-rw-r--r--modules/pam_filter/Makefile.am34
-rw-r--r--modules/pam_filter/Makefile.in807
-rw-r--r--modules/pam_filter/README78
-rw-r--r--modules/pam_filter/README.xml41
-rw-r--r--modules/pam_filter/pam_filter.8154
-rw-r--r--modules/pam_filter/pam_filter.8.xml261
-rw-r--r--modules/pam_filter/pam_filter.c744
-rw-r--r--modules/pam_filter/pam_filter.h32
-rwxr-xr-xmodules/pam_filter/tst-pam_filter2
-rw-r--r--modules/pam_filter/upperLOWER/Makefile.am15
-rw-r--r--modules/pam_filter/upperLOWER/Makefile.in529
-rw-r--r--modules/pam_filter/upperLOWER/upperLOWER.c141
-rw-r--r--modules/pam_ftp/Makefile.am31
-rw-r--r--modules/pam_ftp/Makefile.in667
-rw-r--r--modules/pam_ftp/README52
-rw-r--r--modules/pam_ftp/README.xml41
-rw-r--r--modules/pam_ftp/pam_ftp.8105
-rw-r--r--modules/pam_ftp/pam_ftp.8.xml183
-rw-r--r--modules/pam_ftp/pam_ftp.c237
-rwxr-xr-xmodules/pam_ftp/tst-pam_ftp2
-rw-r--r--modules/pam_group/Makefile.am34
-rw-r--r--modules/pam_group/Makefile.in738
-rw-r--r--modules/pam_group/README45
-rw-r--r--modules/pam_group/README.xml34
-rw-r--r--modules/pam_group/group.conf99
-rw-r--r--modules/pam_group/group.conf.583
-rw-r--r--modules/pam_group/group.conf.5.xml131
-rw-r--r--modules/pam_group/pam_group.894
-rw-r--r--modules/pam_group/pam_group.8.xml162
-rw-r--r--modules/pam_group/pam_group.c842
-rwxr-xr-xmodules/pam_group/tst-pam_group2
-rw-r--r--modules/pam_issue/Makefile.am31
-rw-r--r--modules/pam_issue/Makefile.in667
-rw-r--r--modules/pam_issue/README79
-rw-r--r--modules/pam_issue/README.xml41
-rw-r--r--modules/pam_issue/pam_issue.8138
-rw-r--r--modules/pam_issue/pam_issue.8.xml234
-rw-r--r--modules/pam_issue/pam_issue.c310
-rwxr-xr-xmodules/pam_issue/tst-pam_issue2
-rw-r--r--modules/pam_keyinit/Makefile.am33
-rw-r--r--modules/pam_keyinit/Makefile.in669
-rw-r--r--modules/pam_keyinit/README68
-rw-r--r--modules/pam_keyinit/README.xml41
-rw-r--r--modules/pam_keyinit/pam_keyinit.8124
-rw-r--r--modules/pam_keyinit/pam_keyinit.8.xml241
-rw-r--r--modules/pam_keyinit/pam_keyinit.c269
-rwxr-xr-xmodules/pam_keyinit/tst-pam_keyinit2
-rw-r--r--modules/pam_lastlog/Makefile.am31
-rw-r--r--modules/pam_lastlog/Makefile.in667
-rw-r--r--modules/pam_lastlog/README57
-rw-r--r--modules/pam_lastlog/README.xml41
-rw-r--r--modules/pam_lastlog/pam_lastlog.8113
-rw-r--r--modules/pam_lastlog/pam_lastlog.8.xml231
-rw-r--r--modules/pam_lastlog/pam_lastlog.c452
-rwxr-xr-xmodules/pam_lastlog/tst-pam_lastlog2
-rw-r--r--modules/pam_limits/Makefile.am38
-rw-r--r--modules/pam_limits/Makefile.in744
-rw-r--r--modules/pam_limits/README64
-rw-r--r--modules/pam_limits/README.xml39
-rw-r--r--modules/pam_limits/limits.conf50
-rw-r--r--modules/pam_limits/limits.conf.5219
-rw-r--r--modules/pam_limits/limits.conf.5.xml287
-rw-r--r--modules/pam_limits/pam_limits.8132
-rw-r--r--modules/pam_limits/pam_limits.8.xml256
-rw-r--r--modules/pam_limits/pam_limits.c777
-rwxr-xr-xmodules/pam_limits/tst-pam_limits2
-rw-r--r--modules/pam_listfile/Makefile.am31
-rw-r--r--modules/pam_listfile/Makefile.in667
-rw-r--r--modules/pam_listfile/README101
-rw-r--r--modules/pam_listfile/README.xml41
-rw-r--r--modules/pam_listfile/pam_listfile.8189
-rw-r--r--modules/pam_listfile/pam_listfile.8.xml297
-rw-r--r--modules/pam_listfile/pam_listfile.c462
-rwxr-xr-xmodules/pam_listfile/tst-pam_listfile2
-rw-r--r--modules/pam_localuser/Makefile.am31
-rw-r--r--modules/pam_localuser/Makefile.in667
-rw-r--r--modules/pam_localuser/README38
-rw-r--r--modules/pam_localuser/README.xml41
-rw-r--r--modules/pam_localuser/pam_localuser.888
-rw-r--r--modules/pam_localuser/pam_localuser.8.xml173
-rw-r--r--modules/pam_localuser/pam_localuser.c174
-rwxr-xr-xmodules/pam_localuser/tst-pam_localuser2
-rw-r--r--modules/pam_loginuid/Makefile.am34
-rw-r--r--modules/pam_loginuid/Makefile.in669
-rw-r--r--modules/pam_loginuid/README29
-rw-r--r--modules/pam_loginuid/README.xml36
-rw-r--r--modules/pam_loginuid/pam_loginuid.863
-rw-r--r--modules/pam_loginuid/pam_loginuid.8.xml125
-rw-r--r--modules/pam_loginuid/pam_loginuid.c239
-rwxr-xr-xmodules/pam_loginuid/tst-pam_loginuid2
-rw-r--r--modules/pam_mail/Makefile.am31
-rw-r--r--modules/pam_mail/Makefile.in667
-rw-r--r--modules/pam_mail/README71
-rw-r--r--modules/pam_mail/README.xml41
-rw-r--r--modules/pam_mail/pam_mail.8139
-rw-r--r--modules/pam_mail/pam_mail.8.xml279
-rw-r--r--modules/pam_mail/pam_mail.c489
-rwxr-xr-xmodules/pam_mail/tst-pam_mail2
-rw-r--r--modules/pam_mkhomedir/Makefile.am33
-rw-r--r--modules/pam_mkhomedir/Makefile.in668
-rw-r--r--modules/pam_mkhomedir/README36
-rw-r--r--modules/pam_mkhomedir/README.xml36
-rw-r--r--modules/pam_mkhomedir/pam_mkhomedir.8109
-rw-r--r--modules/pam_mkhomedir/pam_mkhomedir.8.xml203
-rw-r--r--modules/pam_mkhomedir/pam_mkhomedir.c511
-rwxr-xr-xmodules/pam_mkhomedir/tst-pam_mkhomedir2
-rw-r--r--modules/pam_motd/Makefile.am31
-rw-r--r--modules/pam_motd/Makefile.in667
-rw-r--r--modules/pam_motd/README27
-rw-r--r--modules/pam_motd/README.xml41
-rw-r--r--modules/pam_motd/pam_motd.864
-rw-r--r--modules/pam_motd/pam_motd.8.xml114
-rw-r--r--modules/pam_motd/pam_motd.c130
-rwxr-xr-xmodules/pam_motd/tst-pam_motd2
-rw-r--r--modules/pam_namespace/Makefile.am42
-rw-r--r--modules/pam_namespace/Makefile.in798
-rw-r--r--modules/pam_namespace/README203
-rw-r--r--modules/pam_namespace/README.xml44
-rw-r--r--modules/pam_namespace/argv_parse.c165
-rw-r--r--modules/pam_namespace/argv_parse.h43
-rw-r--r--modules/pam_namespace/md5.c260
-rw-r--r--modules/pam_namespace/md5.h28
-rw-r--r--modules/pam_namespace/namespace.conf28
-rw-r--r--modules/pam_namespace/namespace.conf.5139
-rw-r--r--modules/pam_namespace/namespace.conf.5.xml210
-rwxr-xr-xmodules/pam_namespace/namespace.init24
-rw-r--r--modules/pam_namespace/pam_namespace.8157
-rw-r--r--modules/pam_namespace/pam_namespace.8.xml390
-rw-r--r--modules/pam_namespace/pam_namespace.c1913
-rw-r--r--modules/pam_namespace/pam_namespace.h168
-rwxr-xr-xmodules/pam_namespace/tst-pam_namespace2
-rw-r--r--modules/pam_nologin/Makefile.am31
-rw-r--r--modules/pam_nologin/Makefile.in667
-rw-r--r--modules/pam_nologin/README41
-rw-r--r--modules/pam_nologin/README.xml46
-rw-r--r--modules/pam_nologin/pam_nologin.8110
-rw-r--r--modules/pam_nologin/pam_nologin.8.xml174
-rw-r--r--modules/pam_nologin/pam_nologin.c180
-rwxr-xr-xmodules/pam_nologin/tst-pam_nologin2
-rw-r--r--modules/pam_permit/Makefile.am31
-rw-r--r--modules/pam_permit/Makefile.in667
-rw-r--r--modules/pam_permit/README30
-rw-r--r--modules/pam_permit/README.xml41
-rw-r--r--modules/pam_permit/pam_permit.864
-rw-r--r--modules/pam_permit/pam_permit.8.xml105
-rw-r--r--modules/pam_permit/pam_permit.c116
-rwxr-xr-xmodules/pam_permit/tst-pam_permit2
-rw-r--r--modules/pam_rhosts/Makefile.am32
-rw-r--r--modules/pam_rhosts/Makefile.in667
-rw-r--r--modules/pam_rhosts/README56
-rw-r--r--modules/pam_rhosts/README.xml41
-rw-r--r--modules/pam_rhosts/pam_rhosts.8108
-rw-r--r--modules/pam_rhosts/pam_rhosts.8.xml171
-rw-r--r--modules/pam_rhosts/pam_rhosts.c155
-rwxr-xr-xmodules/pam_rhosts/tst-pam_rhosts2
-rw-r--r--modules/pam_rootok/Makefile.am33
-rw-r--r--modules/pam_rootok/Makefile.in669
-rw-r--r--modules/pam_rootok/README33
-rw-r--r--modules/pam_rootok/README.xml41
-rw-r--r--modules/pam_rootok/pam_rootok.883
-rw-r--r--modules/pam_rootok/pam_rootok.8.xml130
-rw-r--r--modules/pam_rootok/pam_rootok.c106
-rwxr-xr-xmodules/pam_rootok/tst-pam_rootok2
-rw-r--r--modules/pam_securetty/Makefile.am30
-rw-r--r--modules/pam_securetty/Makefile.in667
-rw-r--r--modules/pam_securetty/README33
-rw-r--r--modules/pam_securetty/README.xml41
-rw-r--r--modules/pam_securetty/pam_securetty.897
-rw-r--r--modules/pam_securetty/pam_securetty.8.xml167
-rw-r--r--modules/pam_securetty/pam_securetty.c219
-rwxr-xr-xmodules/pam_securetty/tst-pam_securetty2
-rw-r--r--modules/pam_selinux/Makefile.am43
-rw-r--r--modules/pam_selinux/Makefile.in702
-rw-r--r--modules/pam_selinux/README66
-rw-r--r--modules/pam_selinux/README.xml41
-rw-r--r--modules/pam_selinux/pam_selinux.8101
-rw-r--r--modules/pam_selinux/pam_selinux.8.xml220
-rw-r--r--modules/pam_selinux/pam_selinux.c722
-rw-r--r--modules/pam_selinux/pam_selinux_check.835
-rw-r--r--modules/pam_selinux/pam_selinux_check.c161
-rwxr-xr-xmodules/pam_selinux/tst-pam_selinux2
-rw-r--r--modules/pam_sepermit/Makefile.am43
-rw-r--r--modules/pam_sepermit/Makefile.in723
-rw-r--r--modules/pam_sepermit/README51
-rw-r--r--modules/pam_sepermit/README.xml41
-rw-r--r--modules/pam_sepermit/pam_sepermit.8110
-rw-r--r--modules/pam_sepermit/pam_sepermit.8.xml189
-rw-r--r--modules/pam_sepermit/pam_sepermit.c408
-rw-r--r--modules/pam_sepermit/sepermit.conf11
-rwxr-xr-xmodules/pam_sepermit/tst-pam_sepermit2
-rw-r--r--modules/pam_shells/Makefile.am31
-rw-r--r--modules/pam_shells/Makefile.in667
-rw-r--r--modules/pam_shells/README24
-rw-r--r--modules/pam_shells/README.xml41
-rw-r--r--modules/pam_shells/pam_shells.873
-rw-r--r--modules/pam_shells/pam_shells.8.xml117
-rw-r--r--modules/pam_shells/pam_shells.c146
-rwxr-xr-xmodules/pam_shells/tst-pam_shells2
-rw-r--r--modules/pam_stress/Makefile.am20
-rw-r--r--modules/pam_stress/Makefile.in609
-rw-r--r--modules/pam_stress/README64
-rw-r--r--modules/pam_stress/pam_stress.c570
-rwxr-xr-xmodules/pam_stress/tst-pam_stress2
-rw-r--r--modules/pam_succeed_if/Makefile.am31
-rw-r--r--modules/pam_succeed_if/Makefile.in667
-rw-r--r--modules/pam_succeed_if/README124
-rw-r--r--modules/pam_succeed_if/README.xml41
-rw-r--r--modules/pam_succeed_if/pam_succeed_if.8191
-rw-r--r--modules/pam_succeed_if/pam_succeed_if.8.xml297
-rw-r--r--modules/pam_succeed_if/pam_succeed_if.c552
-rwxr-xr-xmodules/pam_succeed_if/tst-pam_succeed_if2
-rw-r--r--modules/pam_tally/Makefile.am36
-rw-r--r--modules/pam_tally/Makefile.in718
-rw-r--r--modules/pam_tally/README132
-rw-r--r--modules/pam_tally/README.xml41
-rw-r--r--modules/pam_tally/faillog.h55
-rw-r--r--modules/pam_tally/pam_tally.8221
-rw-r--r--modules/pam_tally/pam_tally.8.xml427
-rw-r--r--modules/pam_tally/pam_tally.c867
-rw-r--r--modules/pam_tally/pam_tally_app.c7
-rwxr-xr-xmodules/pam_tally/tst-pam_tally2
-rw-r--r--modules/pam_time/Makefile.am32
-rw-r--r--modules/pam_time/Makefile.in738
-rw-r--r--modules/pam_time/README36
-rw-r--r--modules/pam_time/README.xml34
-rw-r--r--modules/pam_time/pam_time.895
-rw-r--r--modules/pam_time/pam_time.8.xml183
-rw-r--r--modules/pam_time/pam_time.c687
-rw-r--r--modules/pam_time/time.conf65
-rw-r--r--modules/pam_time/time.conf.591
-rw-r--r--modules/pam_time/time.conf.5.xml143
-rwxr-xr-xmodules/pam_time/tst-pam_time2
-rw-r--r--modules/pam_tty_audit/Makefile.am30
-rw-r--r--modules/pam_tty_audit/Makefile.in592
-rw-r--r--modules/pam_tty_audit/README48
-rw-r--r--modules/pam_tty_audit/README.xml41
-rw-r--r--modules/pam_tty_audit/pam_tty_audit.880
-rw-r--r--modules/pam_tty_audit/pam_tty_audit.8.xml145
-rw-r--r--modules/pam_tty_audit/pam_tty_audit.c346
-rw-r--r--modules/pam_umask/Makefile.am32
-rw-r--r--modules/pam_umask/Makefile.in667
-rw-r--r--modules/pam_umask/README58
-rw-r--r--modules/pam_umask/README.xml41
-rw-r--r--modules/pam_umask/pam_umask.8116
-rw-r--r--modules/pam_umask/pam_umask.8.xml220
-rw-r--r--modules/pam_umask/pam_umask.c319
-rwxr-xr-xmodules/pam_umask/tst-pam_umask2
-rw-r--r--modules/pam_unix/CHANGELOG55
-rw-r--r--modules/pam_unix/Makefile.am66
-rw-r--r--modules/pam_unix/Makefile.in974
-rw-r--r--modules/pam_unix/README159
-rw-r--r--modules/pam_unix/README.xml41
-rw-r--r--modules/pam_unix/bigcrypt.c148
-rw-r--r--modules/pam_unix/bigcrypt.h1
-rw-r--r--modules/pam_unix/bigcrypt_main.c18
-rw-r--r--modules/pam_unix/lckpwdf.-c142
-rw-r--r--modules/pam_unix/md5.c256
-rw-r--r--modules/pam_unix/md5.h31
-rw-r--r--modules/pam_unix/md5_broken.c4
-rw-r--r--modules/pam_unix/md5_crypt.c154
-rw-r--r--modules/pam_unix/md5_good.c5
-rw-r--r--modules/pam_unix/pam_unix.8189
-rw-r--r--modules/pam_unix/pam_unix.8.xml379
-rw-r--r--modules/pam_unix/pam_unix_acct.c297
-rw-r--r--modules/pam_unix/pam_unix_auth.c229
-rw-r--r--modules/pam_unix/pam_unix_passwd.c790
-rw-r--r--modules/pam_unix/pam_unix_sess.c143
-rw-r--r--modules/pam_unix/passverify.c1129
-rw-r--r--modules/pam_unix/passverify.h124
-rw-r--r--modules/pam_unix/support.c893
-rw-r--r--modules/pam_unix/support.h162
-rwxr-xr-xmodules/pam_unix/tst-pam_unix2
-rw-r--r--modules/pam_unix/unix_chkpwd.838
-rw-r--r--modules/pam_unix/unix_chkpwd.8.xml67
-rw-r--r--modules/pam_unix/unix_chkpwd.c187
-rw-r--r--modules/pam_unix/unix_update.837
-rw-r--r--modules/pam_unix/unix_update.8.xml67
-rw-r--r--modules/pam_unix/unix_update.c188
-rw-r--r--modules/pam_unix/yppasswd.h51
-rw-r--r--modules/pam_unix/yppasswd_xdr.c38
-rw-r--r--modules/pam_userdb/Makefile.am34
-rw-r--r--modules/pam_userdb/Makefile.in673
-rw-r--r--modules/pam_userdb/README74
-rw-r--r--modules/pam_userdb/README.xml41
-rw-r--r--modules/pam_userdb/create.pl23
-rw-r--r--modules/pam_userdb/pam_userdb.8136
-rw-r--r--modules/pam_userdb/pam_userdb.8.xml292
-rw-r--r--modules/pam_userdb/pam_userdb.c517
-rw-r--r--modules/pam_userdb/pam_userdb.h62
-rwxr-xr-xmodules/pam_userdb/tst-pam_userdb2
-rw-r--r--modules/pam_warn/Makefile.am31
-rw-r--r--modules/pam_warn/Makefile.in667
-rw-r--r--modules/pam_warn/README36
-rw-r--r--modules/pam_warn/README.xml41
-rw-r--r--modules/pam_warn/pam_warn.869
-rw-r--r--modules/pam_warn/pam_warn.8.xml104
-rw-r--r--modules/pam_warn/pam_warn.c123
-rwxr-xr-xmodules/pam_warn/tst-pam_warn2
-rw-r--r--modules/pam_wheel/Makefile.am31
-rw-r--r--modules/pam_wheel/Makefile.in667
-rw-r--r--modules/pam_wheel/README61
-rw-r--r--modules/pam_wheel/README.xml41
-rw-r--r--modules/pam_wheel/pam_wheel.8127
-rw-r--r--modules/pam_wheel/pam_wheel.8.xml242
-rw-r--r--modules/pam_wheel/pam_wheel.c316
-rwxr-xr-xmodules/pam_wheel/tst-pam_wheel2
-rw-r--r--modules/pam_xauth/Makefile.am31
-rw-r--r--modules/pam_xauth/Makefile.in667
-rw-r--r--modules/pam_xauth/README90
-rw-r--r--modules/pam_xauth/README.xml46
-rw-r--r--modules/pam_xauth/pam_xauth.8163
-rw-r--r--modules/pam_xauth/pam_xauth.8.xml293
-rw-r--r--modules/pam_xauth/pam_xauth.c686
-rwxr-xr-xmodules/pam_xauth/tst-pam_xauth2
388 files changed, 76125 insertions, 0 deletions
diff --git a/modules/Makefile.am b/modules/Makefile.am
new file mode 100644
index 00000000..c79f5957
--- /dev/null
+++ b/modules/Makefile.am
@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@thkukuk.de>
+#
+
+SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
+ pam_env pam_filter pam_ftp pam_group pam_issue pam_keyinit \
+ pam_lastlog pam_limits pam_listfile pam_localuser pam_mail \
+ pam_mkhomedir pam_motd pam_nologin pam_permit pam_rhosts pam_rootok \
+ pam_securetty pam_selinux pam_sepermit pam_shells pam_stress \
+ pam_succeed_if pam_tally pam_time pam_tty_audit pam_umask \
+ pam_unix pam_userdb pam_warn pam_wheel pam_xauth pam_exec \
+ pam_namespace pam_loginuid pam_faildelay
+
+CLEANFILES = *~
+
+EXTRA_DIST = modules.map
diff --git a/modules/Makefile.in b/modules/Makefile.in
new file mode 100644
index 00000000..1bd72c77
--- /dev/null
+++ b/modules/Makefile.in
@@ -0,0 +1,555 @@
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@thkukuk.de>
+#
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = modules
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \
+ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+FO2PDF = @FO2PDF@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNSL = @LIBNSL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NMEDIT = @NMEDIT@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PAM_READ_BOTH_CONFS = @PAM_READ_BOTH_CONFS@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WITH_DEBUG = @WITH_DEBUG@
+WITH_PAMLOCKING = @WITH_PAMLOCKING@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libc_cv_fpie = @libc_cv_fpie@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
+ pam_env pam_filter pam_ftp pam_group pam_issue pam_keyinit \
+ pam_lastlog pam_limits pam_listfile pam_localuser pam_mail \
+ pam_mkhomedir pam_motd pam_nologin pam_permit pam_rhosts pam_rootok \
+ pam_securetty pam_selinux pam_sepermit pam_shells pam_stress \
+ pam_succeed_if pam_tally pam_time pam_tty_audit pam_umask \
+ pam_unix pam_userdb pam_warn pam_wheel pam_xauth pam_exec \
+ pam_namespace pam_loginuid pam_faildelay
+
+CLEANFILES = *~
+EXTRA_DIST = modules.map
+all: all-recursive
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu modules/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ distdir=`$(am__cd) $(distdir) && pwd`; \
+ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+ (cd $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$top_distdir" \
+ distdir="$$distdir/$$subdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-recursive
+all-am: Makefile
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-exec-am:
+
+install-html: install-html-recursive
+
+install-info: install-info-recursive
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-ps: install-ps-recursive
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
+ install-strip
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am check check-am clean clean-generic clean-libtool \
+ ctags ctags-recursive distclean distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
+ uninstall uninstall-am
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/modules/modules.map b/modules/modules.map
new file mode 100644
index 00000000..2234aa40
--- /dev/null
+++ b/modules/modules.map
@@ -0,0 +1,11 @@
+{
+ global:
+ pam_sm_acct_mgmt;
+ pam_sm_authenticate;
+ pam_sm_chauthtok;
+ pam_sm_close_session;
+ pam_sm_open_session;
+ pam_sm_setcred;
+ local: *;
+};
+
diff --git a/modules/pam_access/Makefile.am b/modules/pam_access/Makefile.am
new file mode 100644
index 00000000..9b58e81e
--- /dev/null
+++ b/modules/pam_access/Makefile.am
@@ -0,0 +1,37 @@
+#
+# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@thkukuk.de>
+#
+
+CLEANFILES = *~
+
+EXTRA_DIST = README access.conf $(MANS) $(XMLS) tst-pam_access
+
+man_MANS = access.conf.5 pam_access.8
+
+XMLS = README.xml access.conf.5.xml pam_access.8.xml
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\"
+AM_LDFLAGS = -no-undefined -avoid-version -module
+if HAVE_VERSIONING
+ AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+
+securelib_LTLIBRARIES = pam_access.la
+pam_access_la_LIBADD = -L$(top_builddir)/libpam -lpam @LIBNSL@
+
+secureconf_DATA = access.conf
+
+if ENABLE_REGENERATE_MAN
+
+noinst_DATA = README
+
+README: pam_access.8.xml access.conf.5.xml
+
+-include $(top_srcdir)/Make.xml.rules
+endif
+
+TESTS = tst-pam_access
diff --git a/modules/pam_access/Makefile.in b/modules/pam_access/Makefile.in
new file mode 100644
index 00000000..a75e4529
--- /dev/null
+++ b/modules/pam_access/Makefile.in
@@ -0,0 +1,740 @@
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@thkukuk.de>
+#
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+subdir = modules/pam_access
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \
+ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" \
+ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)"
+securelibLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(securelib_LTLIBRARIES)
+pam_access_la_DEPENDENCIES =
+pam_access_la_SOURCES = pam_access.c
+pam_access_la_OBJECTS = pam_access.lo
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = pam_access.c
+DIST_SOURCES = pam_access.c
+man5dir = $(mandir)/man5
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+secureconfDATA_INSTALL = $(INSTALL_DATA)
+DATA = $(noinst_DATA) $(secureconf_DATA)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+FO2PDF = @FO2PDF@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNSL = @LIBNSL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NMEDIT = @NMEDIT@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PAM_READ_BOTH_CONFS = @PAM_READ_BOTH_CONFS@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WITH_DEBUG = @WITH_DEBUG@
+WITH_PAMLOCKING = @WITH_PAMLOCKING@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libc_cv_fpie = @libc_cv_fpie@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+CLEANFILES = *~
+EXTRA_DIST = README access.conf $(MANS) $(XMLS) tst-pam_access
+man_MANS = access.conf.5 pam_access.8
+XMLS = README.xml access.conf.5.xml pam_access.8.xml
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\"
+
+AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
+securelib_LTLIBRARIES = pam_access.la
+pam_access_la_LIBADD = -L$(top_builddir)/libpam -lpam @LIBNSL@
+secureconf_DATA = access.conf
+@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+TESTS = tst-pam_access
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_access/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu modules/pam_access/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)"
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(securelibdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(securelibdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-securelibLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$p'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$p"; \
+ done
+
+clean-securelibLTLIBRARIES:
+ -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+pam_access.la: $(pam_access_la_OBJECTS) $(pam_access_la_DEPENDENCIES)
+ $(LINK) -rpath $(securelibdir) $(pam_access_la_OBJECTS) $(pam_access_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_access.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man5: $(man5_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
+ @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.5*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 5*) ;; \
+ *) ext='5' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \
+ done
+uninstall-man5:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.5*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 5*) ;; \
+ *) ext='5' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man5dir)/$$inst"; \
+ done
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+install-secureconfDATA: $(secureconf_DATA)
+ @$(NORMAL_INSTALL)
+ test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)"
+ @list='$(secureconf_DATA)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(secureconfDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(secureconfdir)/$$f'"; \
+ $(secureconfDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(secureconfdir)/$$f"; \
+ done
+
+uninstall-secureconfDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(secureconf_DATA)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(secureconfdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(secureconfdir)/$$f"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
+installdirs:
+ for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man install-secureconfDATA \
+ install-securelibLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man uninstall-secureconfDATA \
+ uninstall-securelibLTLIBRARIES
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \
+ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man5 install-man8 \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-secureconfDATA install-securelibLTLIBRARIES \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-man \
+ uninstall-man5 uninstall-man8 uninstall-secureconfDATA \
+ uninstall-securelibLTLIBRARIES
+
+
+@ENABLE_REGENERATE_MAN_TRUE@README: pam_access.8.xml access.conf.5.xml
+
+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/modules/pam_access/README b/modules/pam_access/README
new file mode 100644
index 00000000..ec0d67e0
--- /dev/null
+++ b/modules/pam_access/README
@@ -0,0 +1,120 @@
+pam_access — PAM module for logdaemon style login access control
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+The pam_access PAM module is mainly for access management. It provides
+logdaemon style login access control based on login names, host or domain
+names, internet addresses or network numbers, or on terminal line names in case
+of non-networked logins.
+
+By default rules for access management are taken from config file /etc/security
+/access.conf if you don't specify another file.
+
+If Linux PAM is compiled with audit support the module will report when it
+denies access based on origin (host or tty).
+
+OPTIONS
+
+accessfile=/path/to/access.conf
+
+ Indicate an alternative access.conf style configuration file to override
+ the default. This can be useful when different services need different
+ access lists.
+
+debug
+
+ A lot of debug informations are printed with syslog(3).
+
+noaudit
+
+ Do not report logins from disallowed hosts and ttys to the audit subsystem.
+
+fieldsep=separators
+
+ This option modifies the field separator character that pam_access will
+ recognize when parsing the access configuration file. For example: fieldsep
+ =| will cause the default `:' character to be treated as part of a field
+ value and `|' becomes the field separator. Doing this may be useful in
+ conjuction with a system that wants to use pam_access with X based
+ applications, since the PAM_TTY item is likely to be of the form
+ "hostname:0" which includes a `:' character in its value. But you should
+ not need this.
+
+listsep=separators
+
+ This option modifies the list separator character that pam_access will
+ recognize when parsing the access configuration file. For example: listsep
+ =, will cause the default ` ' (space) and `\t' (tab) characters to be
+ treated as part of a list element value and `,' becomes the only list
+ element separator. Doing this may be useful on a system with group
+ information obtained from a Windows domain, where the default built-in
+ groups "Domain Users", "Domain Admins" contain a space.
+
+nodefgroup
+
+ The group database will not be used for tokens not identified as account
+ name.
+
+EXAMPLES
+
+These are some example lines which might be specified in /etc/security/
+access.conf.
+
+User root should be allowed to get access via cron, X11 terminal :0, tty1, ...,
+tty5, tty6.
+
++ : root : crond :0 tty1 tty2 tty3 tty4 tty5 tty6
+
+User root should be allowed to get access from hosts which own the IPv4
+addresses. This does not mean that the connection have to be a IPv4 one, a IPv6
+connection from a host with one of this IPv4 addresses does work, too.
+
++ : root : 192.168.200.1 192.168.200.4 192.168.200.9
+
++ : root : 127.0.0.1
+
+User root should get access from network 192.168.201. where the term will be
+evaluated by string matching. But it might be better to use network/netmask
+instead. The same meaning of 192.168.201. is 192.168.201.0/24 or 192.168.201.0/
+255.255.255.0.
+
++ : root : 192.168.201.
+
+User root should be able to have access from hosts foo1.bar.org and
+foo2.bar.org (uses string matching also).
+
++ : root : foo1.bar.org foo2.bar.org
+
+User root should be able to have access from domain foo.bar.org (uses string
+matching also).
+
++ : root : .foo.bar.org
+
+User root should be denied to get access from all other sources.
+
+- : root : ALL
+
+User foo and members of netgroup admins should be allowed to get access from
+all sources. This will only work if netgroup service is available.
+
++ : @admins foo : ALL
+
+User john and foo should get access from IPv6 host address.
+
++ : john foo : 2001:4ca0:0:101::1
+
+User john should get access from IPv6 net/mask.
+
++ : john : 2001:4ca0:0:101::/64
+
+Disallow console logins to all but the shutdown, sync and all other accounts,
+which are a member of the wheel group.
+
+-:ALL EXCEPT (wheel) shutdown sync:LOCAL
+
+All other users should be denied to get access from all sources.
+
+- : ALL : ALL
+
diff --git a/modules/pam_access/README.xml b/modules/pam_access/README.xml
new file mode 100644
index 00000000..8c7d078b
--- /dev/null
+++ b/modules/pam_access/README.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_access.8.xml">
+-->
+<!--
+<!ENTITY accessconf SYSTEM "access.conf.5.xml">
+-->
+]>
+
+<article>
+
+ <articleinfo>
+
+ <title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_access.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_access-name"]/*)'/>
+ </title>
+
+ </articleinfo>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_access.8.xml" xpointer='xpointer(//refsect1[@id = "pam_access-description"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_access.8.xml" xpointer='xpointer(//refsect1[@id = "pam_access-options"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="access.conf.5.xml" xpointer='xpointer(//refsect1[@id = "access.conf-examples"]/*)'/>
+ </section>
+
+</article>
diff --git a/modules/pam_access/access.conf b/modules/pam_access/access.conf
new file mode 100644
index 00000000..74c5fbe8
--- /dev/null
+++ b/modules/pam_access/access.conf
@@ -0,0 +1,122 @@
+# Login access control table.
+#
+# Comment line must start with "#", no space at front.
+# Order of lines is important.
+#
+# When someone logs in, the table is scanned for the first entry that
+# matches the (user, host) combination, or, in case of non-networked
+# logins, the first entry that matches the (user, tty) combination. The
+# permissions field of that table entry determines whether the login will
+# be accepted or refused.
+#
+# Format of the login access control table is three fields separated by a
+# ":" character:
+#
+# [Note, if you supply a 'fieldsep=|' argument to the pam_access.so
+# module, you can change the field separation character to be
+# '|'. This is useful for configurations where you are trying to use
+# pam_access with X applications that provide PAM_TTY values that are
+# the display variable like "host:0".]
+#
+# permission : users : origins
+#
+# The first field should be a "+" (access granted) or "-" (access denied)
+# character.
+#
+# The second field should be a list of one or more login names, group
+# names, or ALL (always matches). A pattern of the form user@host is
+# matched when the login name matches the "user" part, and when the
+# "host" part matches the local machine name.
+#
+# The third field should be a list of one or more tty names (for
+# non-networked logins), host names, domain names (begin with "."), host
+# addresses, internet network numbers (end with "."), ALL (always
+# matches), NONE (matches no tty on non-networked logins) or
+# LOCAL (matches any string that does not contain a "." character).
+#
+# You can use @netgroupname in host or user patterns; this even works
+# for @usergroup@@hostgroup patterns.
+#
+# The EXCEPT operator makes it possible to write very compact rules.
+#
+# The group file is searched only when a name does not match that of the
+# logged-in user. Both the user's primary group is matched, as well as
+# groups in which users are explicitly listed.
+# To avoid problems with accounts, which have the same name as a group,
+# you can use brackets around group names '(group)' to differentiate.
+# In this case, you should also set the "nodefgroup" option.
+#
+# TTY NAMES: Must be in the form returned by ttyname(3) less the initial
+# "/dev" (e.g. tty1 or vc/1)
+#
+##############################################################################
+#
+# Disallow non-root logins on tty1
+#
+#-:ALL EXCEPT root:tty1
+#
+# Disallow console logins to all but a few accounts.
+#
+#-:ALL EXCEPT wheel shutdown sync:LOCAL
+#
+# Same, but make sure that really the group wheel and not the user
+# wheel is used (use nodefgroup argument, too):
+#
+#-:ALL EXCEPT (wheel) shutdown sync:LOCAL
+#
+# Disallow non-local logins to privileged accounts (group wheel).
+#
+#-:wheel:ALL EXCEPT LOCAL .win.tue.nl
+#
+# Some accounts are not allowed to login from anywhere:
+#
+#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
+#
+# All other accounts are allowed to login from anywhere.
+#
+##############################################################################
+# All lines from here up to the end are building a more complex example.
+##############################################################################
+#
+# User "root" should be allowed to get access via cron .. tty5 tty6.
+#+ : root : cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6
+#
+# User "root" should be allowed to get access from hosts with ip addresses.
+#+ : root : 192.168.200.1 192.168.200.4 192.168.200.9
+#+ : root : 127.0.0.1
+#
+# User "root" should get access from network 192.168.201.
+# This term will be evaluated by string matching.
+# comment: It might be better to use network/netmask instead.
+# The same is 192.168.201.0/24 or 192.168.201.0/255.255.255.0
+#+ : root : 192.168.201.
+#
+# User "root" should be able to have access from domain.
+# Uses string matching also.
+#+ : root : .foo.bar.org
+#
+# User "root" should be denied to get access from all other sources.
+#- : root : ALL
+#
+# User "foo" and members of netgroup "nis_group" should be
+# allowed to get access from all sources.
+# This will only work if netgroup service is available.
+#+ : @nis_group foo : ALL
+#
+# User "john" should get access from ipv4 net/mask
+#+ : john : 127.0.0.0/24
+#
+# User "john" should get access from ipv4 as ipv6 net/mask
+#+ : john : ::ffff:127.0.0.0/127
+#
+# User "john" should get access from ipv6 host address
+#+ : john : 2001:4ca0:0:101::1
+#
+# User "john" should get access from ipv6 host address (same as above)
+#+ : john : 2001:4ca0:0:101:0:0:0:1
+#
+# User "john" should get access from ipv6 net/mask
+#+ : john : 2001:4ca0:0:101::/64
+#
+# All other users should be denied to get access from all sources.
+#- : ALL : ALL
diff --git a/modules/pam_access/access.conf.5 b/modules/pam_access/access.conf.5
new file mode 100644
index 00000000..4221ccfc
--- /dev/null
+++ b/modules/pam_access/access.conf.5
@@ -0,0 +1,170 @@
+.\" Title: access.conf
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
+.\" Date: 04/16/2008
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\"
+.TH "ACCESS\.CONF" "5" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+access.conf - the login access control table file
+.SH "DESCRIPTION"
+.PP
+The
+\fI/etc/security/access\.conf\fR
+file specifies (\fIuser/group\fR,
+\fIhost\fR), (\fIuser/group\fR,
+\fInetwork/netmask\fR) or (\fIuser/group\fR,
+\fItty\fR) combinations for which a login will be either accepted or refused\.
+.PP
+When someone logs in, the file
+\fIaccess\.conf\fR
+is scanned for the first entry that matches the (\fIuser/group\fR,
+\fIhost\fR) or (\fIuser/group\fR,
+\fInetwork/netmask\fR) combination, or, in case of non\-networked logins, the first entry that matches the (\fIuser/group\fR,
+\fItty\fR) combination\. The permissions field of that table entry determines whether the login will be accepted or refused\.
+.PP
+Each line of the login access control table has three fields separated by a ":" character (colon):
+.PP
+
+\fIpermission\fR:\fIusers/groups\fR:\fIorigins\fR
+.PP
+The first field, the
+\fIpermission\fR
+field, can be either a "\fI+\fR" character (plus) for access granted or a "\fI\-\fR" character (minus) for access denied\.
+.PP
+The second field, the
+\fIusers\fR/\fIgroup\fR
+field, should be a list of one or more login names, group names, or
+\fIALL\fR
+(which always matches)\. To differentiate user entries from group entries, group entries should be written with brackets, e\.g\.
+\fI(group)\fR\.
+.PP
+The third field, the
+\fIorigins\fR
+field, should be a list of one or more tty names (for non\-networked logins), host names, domain names (begin with "\."), host addresses, internet network numbers (end with "\."), internet network addresses with network mask (where network mask can be a decimal number or an internet address also),
+\fIALL\fR
+(which always matches) or
+\fILOCAL\fR
+(which matches any string that does not contain a "\." character)\. If supported by the system you can use
+\fI@netgroupname\fR
+in host or user patterns\.
+.PP
+The
+\fIEXCEPT\fR
+operator makes it possible to write very compact rules\.
+.PP
+If the
+\fBnodefgroup\fR
+is not set, the group file is searched when a name does not match that of the logged\-in user\. Only groups are matched in which users are explicitly listed\. However the PAM module does not look at the primary group id of a user\.
+.PP
+The "\fI#\fR" character at start of line (no space at front) can be used to mark this line as a comment line\.
+.SH "EXAMPLES"
+.PP
+These are some example lines which might be specified in
+\fI/etc/security/access\.conf\fR\.
+.PP
+User
+\fIroot\fR
+should be allowed to get access via
+\fIcron\fR, X11 terminal
+\fI:0\fR,
+\fItty1\fR, \.\.\.,
+\fItty5\fR,
+\fItty6\fR\.
+.PP
++ : root : crond :0 tty1 tty2 tty3 tty4 tty5 tty6
+.PP
+User
+\fIroot\fR
+should be allowed to get access from hosts which own the IPv4 addresses\. This does not mean that the connection have to be a IPv4 one, a IPv6 connection from a host with one of this IPv4 addresses does work, too\.
+.PP
++ : root : 192\.168\.200\.1 192\.168\.200\.4 192\.168\.200\.9
+.PP
++ : root : 127\.0\.0\.1
+.PP
+User
+\fIroot\fR
+should get access from network
+192\.168\.201\.
+where the term will be evaluated by string matching\. But it might be better to use network/netmask instead\. The same meaning of
+192\.168\.201\.
+is
+\fI192\.168\.201\.0/24\fR
+or
+\fI192\.168\.201\.0/255\.255\.255\.0\fR\.
+.PP
++ : root : 192\.168\.201\.
+.PP
+User
+\fIroot\fR
+should be able to have access from hosts
+\fIfoo1\.bar\.org\fR
+and
+\fIfoo2\.bar\.org\fR
+(uses string matching also)\.
+.PP
++ : root : foo1\.bar\.org foo2\.bar\.org
+.PP
+User
+\fIroot\fR
+should be able to have access from domain
+\fIfoo\.bar\.org\fR
+(uses string matching also)\.
+.PP
++ : root : \.foo\.bar\.org
+.PP
+User
+\fIroot\fR
+should be denied to get access from all other sources\.
+.PP
+\- : root : ALL
+.PP
+User
+\fIfoo\fR
+and members of netgroup
+\fIadmins\fR
+should be allowed to get access from all sources\. This will only work if netgroup service is available\.
+.PP
++ : @admins foo : ALL
+.PP
+User
+\fIjohn\fR
+and
+\fIfoo\fR
+should get access from IPv6 host address\.
+.PP
++ : john foo : 2001:4ca0:0:101::1
+.PP
+User
+\fIjohn\fR
+should get access from IPv6 net/mask\.
+.PP
++ : john : 2001:4ca0:0:101::/64
+.PP
+Disallow console logins to all but the shutdown, sync and all other accounts, which are a member of the wheel group\.
+.PP
+\-:ALL EXCEPT (wheel) shutdown sync:LOCAL
+.PP
+All other users should be denied to get access from all sources\.
+.PP
+\- : ALL : ALL
+.SH "SEE ALSO"
+.PP
+
+\fBpam_access\fR(8),
+\fBpam.d\fR(5),
+\fBpam\fR(8)
+.SH "AUTHORS"
+.PP
+Original
+\fBlogin.access\fR(5)
+manual was provided by Guido van Rooij which was renamed to
+\fBaccess.conf\fR(5)
+to reflect relation to default config file\.
+.PP
+Network address / netmask description and example text was introduced by Mike Becher <mike\.becher@lrz\-muenchen\.de>\.
diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml
new file mode 100644
index 00000000..f8eb7a4e
--- /dev/null
+++ b/modules/pam_access/access.conf.5.xml
@@ -0,0 +1,203 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
+ "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
+
+<refentry id="access.conf">
+
+ <refmeta>
+ <refentrytitle>access.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname>access.conf</refname>
+ <refpurpose>the login access control table file</refpurpose>
+ </refnamediv>
+
+
+ <refsect1 id='access.conf-description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <filename>/etc/security/access.conf</filename> file specifies
+ (<replaceable>user/group</replaceable>, <replaceable>host</replaceable>),
+ (<replaceable>user/group</replaceable>, <replaceable>network/netmask</replaceable>) or
+ (<replaceable>user/group</replaceable>, <replaceable>tty</replaceable>)
+ combinations for which a login will be either accepted or refused.
+ </para>
+ <para>
+ When someone logs in, the file <filename>access.conf</filename> is
+ scanned for the first entry that matches the
+ (<replaceable>user/group</replaceable>, <replaceable>host</replaceable>) or
+ (<replaceable>user/group</replaceable>, <replaceable>network/netmask</replaceable>)
+ combination, or, in case of non-networked logins, the first entry
+ that matches the
+ (<replaceable>user/group</replaceable>, <replaceable>tty</replaceable>)
+ combination. The permissions field of that table entry determines
+ whether the login will be accepted or refused.
+ </para>
+
+ <para>
+ Each line of the login access control table has three fields separated
+ by a ":" character (colon):
+ </para>
+
+ <para>
+ <replaceable>permission</replaceable>:<replaceable>users/groups</replaceable>:<replaceable>origins</replaceable>
+ </para>
+
+
+ <para>
+ The first field, the <replaceable>permission</replaceable> field, can be either a
+ "<emphasis>+</emphasis>" character (plus) for access granted or a
+ "<emphasis>-</emphasis>" character (minus) for access denied.
+ </para>
+
+ <para>
+ The second field, the
+ <replaceable>users</replaceable>/<replaceable>group</replaceable>
+ field, should be a list of one or more login names, group names, or
+ <emphasis>ALL</emphasis> (which always matches). To differentiate
+ user entries from group entries, group entries should be written
+ with brackets, e.g. <emphasis>(group)</emphasis>.
+ </para>
+
+ <para>
+ The third field, the <replaceable>origins</replaceable>
+ field, should be a list of one or more tty names (for non-networked
+ logins), host names, domain names (begin with "."), host addresses,
+ internet network numbers (end with "."), internet network addresses
+ with network mask (where network mask can be a decimal number or an
+ internet address also), <emphasis>ALL</emphasis> (which always matches)
+ or <emphasis>LOCAL</emphasis> (which matches any string that does not
+ contain a "." character). If supported by the system you can use
+ <emphasis>@netgroupname</emphasis> in host or user patterns.
+ </para>
+
+ <para>
+ The <replaceable>EXCEPT</replaceable> operator makes it possible to
+ write very compact rules.
+ </para>
+
+ <para>
+ If the <option>nodefgroup</option> is not set, the group file
+ is searched when a name does not match that of the logged-in
+ user. Only groups are matched in which users are explicitly listed.
+ However the PAM module does not look at the primary group id of a user.
+ </para>
+
+
+ <para>
+ The "<emphasis>#</emphasis>" character at start of line (no space
+ at front) can be used to mark this line as a comment line.
+ </para>
+
+ </refsect1>
+
+ <refsect1 id="access.conf-examples">
+ <title>EXAMPLES</title>
+ <para>
+ These are some example lines which might be specified in
+ <filename>/etc/security/access.conf</filename>.
+ </para>
+
+ <para>
+ User <emphasis>root</emphasis> should be allowed to get access via
+ <emphasis>cron</emphasis>, X11 terminal <emphasis remap='I'>:0</emphasis>,
+ <emphasis>tty1</emphasis>, ..., <emphasis>tty5</emphasis>,
+ <emphasis>tty6</emphasis>.
+ </para>
+ <para>+ : root : crond :0 tty1 tty2 tty3 tty4 tty5 tty6</para>
+
+ <para>
+ User <emphasis>root</emphasis> should be allowed to get access from
+ hosts which own the IPv4 addresses. This does not mean that the
+ connection have to be a IPv4 one, a IPv6 connection from a host with
+ one of this IPv4 addresses does work, too.
+ </para>
+ <para>+ : root : 192.168.200.1 192.168.200.4 192.168.200.9</para>
+ <para>+ : root : 127.0.0.1</para>
+
+ <para>
+ User <emphasis>root</emphasis> should get access from network
+ <literal>192.168.201.</literal> where the term will be evaluated by
+ string matching. But it might be better to use network/netmask instead.
+ The same meaning of <literal>192.168.201.</literal> is
+ <emphasis>192.168.201.0/24</emphasis> or
+ <emphasis>192.168.201.0/255.255.255.0</emphasis>.
+ </para>
+ <para>+ : root : 192.168.201.</para>
+
+ <para>
+ User <emphasis>root</emphasis> should be able to have access from hosts
+ <emphasis>foo1.bar.org</emphasis> and <emphasis>foo2.bar.org</emphasis>
+ (uses string matching also).
+ </para>
+ <para>+ : root : foo1.bar.org foo2.bar.org</para>
+
+ <para>
+ User <emphasis>root</emphasis> should be able to have access from
+ domain <emphasis>foo.bar.org</emphasis> (uses string matching also).
+ </para>
+ <para>+ : root : .foo.bar.org</para>
+
+ <para>
+ User <emphasis>root</emphasis> should be denied to get access
+ from all other sources.
+ </para>
+ <para>- : root : ALL</para>
+
+ <para>
+ User <emphasis>foo</emphasis> and members of netgroup
+ <emphasis>admins</emphasis> should be allowed to get access
+ from all sources. This will only work if netgroup service is available.
+ </para>
+ <para>+ : @admins foo : ALL</para>
+
+ <para>
+ User <emphasis>john</emphasis> and <emphasis>foo</emphasis>
+ should get access from IPv6 host address.
+ </para>
+ <para>+ : john foo : 2001:4ca0:0:101::1</para>
+
+ <para>
+ User <emphasis>john</emphasis> should get access from IPv6 net/mask.
+ </para>
+ <para>+ : john : 2001:4ca0:0:101::/64</para>
+
+ <para>
+ Disallow console logins to all but the shutdown, sync and all
+ other accounts, which are a member of the wheel group.
+ </para>
+ <para>-:ALL EXCEPT (wheel) shutdown sync:LOCAL</para>
+
+ <para>
+ All other users should be denied to get access from all sources.
+ </para>
+ <para>- : ALL : ALL</para>
+
+ </refsect1>
+
+ <refsect1 id="access.conf-see_also">
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry><refentrytitle>pam_access</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id="access.conf-author">
+ <title>AUTHORS</title>
+ <para>
+ Original <citerefentry><refentrytitle>login.access</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ manual was provided by Guido van Rooij which was renamed to
+ <citerefentry><refentrytitle>access.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ to reflect relation to default config file.
+ </para>
+ <para>
+ Network address / netmask description and example text was
+ introduced by Mike Becher &lt;mike.becher@lrz-muenchen.de&gt;.
+ </para>
+ </refsect1>
+</refentry>
diff --git a/modules/pam_access/pam_access.8 b/modules/pam_access/pam_access.8
new file mode 100644
index 00000000..ef907492
--- /dev/null
+++ b/modules/pam_access/pam_access.8
@@ -0,0 +1,112 @@
+.\" Title: pam_access
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
+.\" Date: 04/16/2008
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\"
+.TH "PAM_ACCESS" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_access - PAM module for logdaemon style login access control
+.SH "SYNOPSIS"
+.HP 14
+\fBpam_access\.so\fR [debug] [nodefgroup] [noaudit] [accessfile=\fIfile\fR] [fieldsep=\fIsep\fR] [listsep=\fIsep\fR]
+.SH "DESCRIPTION"
+.PP
+The pam_access PAM module is mainly for access management\. It provides logdaemon style login access control based on login names, host or domain names, internet addresses or network numbers, or on terminal line names in case of non\-networked logins\.
+.PP
+By default rules for access management are taken from config file
+\fI/etc/security/access\.conf\fR
+if you don\'t specify another file\.
+.PP
+If Linux PAM is compiled with audit support the module will report when it denies access based on origin (host or tty)\.
+.SH "OPTIONS"
+.PP
+\fBaccessfile=\fR\fB\fI/path/to/access\.conf\fR\fR
+.RS 4
+Indicate an alternative
+\fIaccess\.conf\fR
+style configuration file to override the default\. This can be useful when different services need different access lists\.
+.RE
+.PP
+\fBdebug\fR
+.RS 4
+A lot of debug informations are printed with
+\fBsyslog\fR(3)\.
+.RE
+.PP
+\fBnoaudit\fR
+.RS 4
+Do not report logins from disallowed hosts and ttys to the audit subsystem\.
+.RE
+.PP
+\fBfieldsep=\fR\fB\fIseparators\fR\fR
+.RS 4
+This option modifies the field separator character that pam_access will recognize when parsing the access configuration file\. For example:
+\fBfieldsep=|\fR
+will cause the default `:\' character to be treated as part of a field value and `|\' becomes the field separator\. Doing this may be useful in conjuction with a system that wants to use pam_access with X based applications, since the
+\fBPAM_TTY\fR
+item is likely to be of the form "hostname:0" which includes a `:\' character in its value\. But you should not need this\.
+.RE
+.PP
+\fBlistsep=\fR\fB\fIseparators\fR\fR
+.RS 4
+This option modifies the list separator character that pam_access will recognize when parsing the access configuration file\. For example:
+\fBlistsep=,\fR
+will cause the default ` \' (space) and `\et\' (tab) characters to be treated as part of a list element value and `,\' becomes the only list element separator\. Doing this may be useful on a system with group information obtained from a Windows domain, where the default built\-in groups "Domain Users", "Domain Admins" contain a space\.
+.RE
+.PP
+\fBnodefgroup\fR
+.RS 4
+The group database will not be used for tokens not identified as account name\.
+.RE
+.SH "MODULE SERVICES PROVIDED"
+.PP
+All services are supported\.
+.SH "RETURN VALUES"
+.PP
+PAM_SUCCESS
+.RS 4
+Access was granted\.
+.RE
+.PP
+PAM_PERM_DENIED
+.RS 4
+Access was not granted\.
+.RE
+.PP
+PAM_IGNORE
+.RS 4
+
+\fBpam_setcred\fR
+was called which does nothing\.
+.RE
+.PP
+PAM_ABORT
+.RS 4
+Not all relevant data or options could be gotten\.
+.RE
+.PP
+PAM_USER_UNKNOWN
+.RS 4
+The user is not known to the system\.
+.RE
+.SH "FILES"
+.PP
+\fI/etc/security/access\.conf\fR
+.RS 4
+Default configuration file
+.RE
+.SH "SEE ALSO"
+.PP
+
+\fBaccess.conf\fR(5),
+\fBpam.d\fR(8),
+\fBpam\fR(8)\.
+.SH "AUTHORS"
+.PP
+The logdaemon style login access control scheme was designed and implemented by Wietse Venema\. The pam_access PAM module was developed by Alexei Nogin <alexei@nogin\.dnttm\.ru>\. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher <mike\.becher@lrz\-muenchen\.de>\.
diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml
new file mode 100644
index 00000000..21970d49
--- /dev/null
+++ b/modules/pam_access/pam_access.8.xml
@@ -0,0 +1,253 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+
+<refentry id='pam_access'>
+
+ <refmeta>
+ <refentrytitle>pam_access</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id='pam_access-name'>
+ <refname>pam_access</refname>
+ <refpurpose>
+ PAM module for logdaemon style login access control
+ </refpurpose>
+ </refnamediv>
+
+<!-- body begins here -->
+
+ <refsynopsisdiv>
+ <cmdsynopsis id="pam_access-cmdsynopsis">
+ <command>pam_access.so</command>
+ <arg choice="opt">
+ debug
+ </arg>
+ <arg choice="opt">
+ nodefgroup
+ </arg>
+ <arg choice="opt">
+ noaudit
+ </arg>
+ <arg choice="opt">
+ accessfile=<replaceable>file</replaceable>
+ </arg>
+ <arg choice="opt">
+ fieldsep=<replaceable>sep</replaceable>
+ </arg>
+ <arg choice="opt">
+ listsep=<replaceable>sep</replaceable>
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+
+ <refsect1 id="pam_access-description">
+ <title>DESCRIPTION</title>
+ <para>
+ The pam_access PAM module is mainly for access management.
+ It provides logdaemon style login access control based on login
+ names, host or domain names, internet addresses or network numbers,
+ or on terminal line names in case of non-networked logins.
+ </para>
+ <para>
+ By default rules for access management are taken from config file
+ <filename>/etc/security/access.conf</filename> if you don't specify
+ another file.
+ </para>
+ <para>
+ If Linux PAM is compiled with audit support the module will report
+ when it denies access based on origin (host or tty).
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_access-options">
+ <title>OPTIONS</title>
+ <variablelist>
+
+ <varlistentry>
+ <term>
+ <option>accessfile=<replaceable>/path/to/access.conf</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Indicate an alternative <filename>access.conf</filename>
+ style configuration file to override the default. This can
+ be useful when different services need different access lists.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>debug</option>
+ </term>
+ <listitem>
+ <para>
+ A lot of debug informations are printed with
+ <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>noaudit</option>
+ </term>
+ <listitem>
+ <para>
+ Do not report logins from disallowed hosts and ttys to the audit subsystem.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>fieldsep=<replaceable>separators</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ This option modifies the field separator character that
+ pam_access will recognize when parsing the access
+ configuration file. For example:
+ <emphasis remap='B'>fieldsep=|</emphasis> will cause the
+ default `:' character to be treated as part of a field value
+ and `|' becomes the field separator. Doing this may be
+ useful in conjuction with a system that wants to use
+ pam_access with X based applications, since the
+ <emphasis remap='B'>PAM_TTY</emphasis> item is likely to be
+ of the form "hostname:0" which includes a `:' character in
+ its value. But you should not need this.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>listsep=<replaceable>separators</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ This option modifies the list separator character that
+ pam_access will recognize when parsing the access
+ configuration file. For example:
+ <emphasis remap='B'>listsep=,</emphasis> will cause the
+ default ` ' (space) and `\t' (tab) characters to be treated
+ as part of a list element value and `,' becomes the only
+ list element separator. Doing this may be useful on a system
+ with group information obtained from a Windows domain,
+ where the default built-in groups "Domain Users",
+ "Domain Admins" contain a space.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>nodefgroup</option>
+ </term>
+ <listitem>
+ <para>
+ The group database will not be used for tokens not
+ identified as account name.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_access-services">
+ <title>MODULE SERVICES PROVIDED</title>
+ <para>
+ All services are supported.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_access-return_values">
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ Access was granted.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_PERM_DENIED</term>
+ <listitem>
+ <para>
+ Access was not granted.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_IGNORE</term>
+ <listitem>
+ <para>
+ <function>pam_setcred</function> was called which does nothing.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_ABORT</term>
+ <listitem>
+ <para>
+ Not all relevant data or options could be gotten.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_USER_UNKNOWN</term>
+ <listitem>
+ <para>
+ The user is not known to the system.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_access-files">
+ <title>FILES</title>
+ <variablelist>
+ <varlistentry>
+ <term><filename>/etc/security/access.conf</filename></term>
+ <listitem>
+ <para>Default configuration file</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_access-see_also">
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>access.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_access-authors">
+ <title>AUTHORS</title>
+ <para>
+ The logdaemon style login access control scheme was designed and implemented by
+ Wietse Venema.
+ The pam_access PAM module was developed by
+ Alexei Nogin &lt;alexei@nogin.dnttm.ru&gt;.
+ The IPv6 support and the network(address) / netmask feature
+ was developed and provided by Mike Becher &lt;mike.becher@lrz-muenchen.de&gt;.
+ </para>
+ </refsect1>
+</refentry>
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
new file mode 100644
index 00000000..edb8fb0a
--- /dev/null
+++ b/modules/pam_access/pam_access.c
@@ -0,0 +1,922 @@
+/* pam_access module */
+
+/*
+ * Written by Alexei Nogin <alexei@nogin.dnttm.ru> 1997/06/15
+ * (I took login_access from logdaemon-5.6 and converted it to PAM
+ * using parts of pam_time code.)
+ *
+ ************************************************************************
+ * Copyright message from logdaemon-5.6 (original file name DISCLAIMER)
+ ************************************************************************
+ * Copyright 1995 by Wietse Venema. All rights reserved. Individual files
+ * may be covered by other copyrights (as noted in the file itself.)
+ *
+ * This material was originally written and compiled by Wietse Venema at
+ * Eindhoven University of Technology, The Netherlands, in 1990, 1991,
+ * 1992, 1993, 1994 and 1995.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this entire copyright notice is duplicated in all such
+ * copies.
+ *
+ * This software is provided "as is" and without any expressed or implied
+ * warranties, including, without limitation, the implied warranties of
+ * merchantibility and fitness for any particular purpose.
+ *************************************************************************
+ */
+
+#include "config.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <stdarg.h>
+#include <syslog.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <pwd.h>
+#include <grp.h>
+#include <errno.h>
+#include <ctype.h>
+#include <sys/utsname.h>
+#include <rpcsvc/ypclnt.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <sys/socket.h>
+
+#ifdef HAVE_LIBAUDIT
+#include <libaudit.h>
+#endif
+
+/*
+ * here, we make definitions for the externally accessible functions
+ * in this file (these definitions are required for static modules
+ * but strongly encouraged generally) they are used to instruct the
+ * modules include file to define their prototypes.
+ */
+
+#define PAM_SM_AUTH
+#define PAM_SM_ACCOUNT
+#define PAM_SM_SESSION
+#define PAM_SM_PASSWORD
+
+#include <security/_pam_macros.h>
+#include <security/pam_modules.h>
+#include <security/pam_modutil.h>
+#include <security/pam_ext.h>
+
+/* login_access.c from logdaemon-5.6 with several changes by A.Nogin: */
+
+ /*
+ * This module implements a simple but effective form of login access
+ * control based on login names and on host (or domain) names, internet
+ * addresses (or network numbers), or on terminal line names in case of
+ * non-networked logins. Diagnostics are reported through syslog(3).
+ *
+ * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
+ */
+
+#if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64)
+#undef MAXHOSTNAMELEN
+#define MAXHOSTNAMELEN 256
+#endif
+
+ /* Delimiters for fields and for lists of users, ttys or hosts. */
+
+
+#define ALL 2
+#define YES 1
+#define NO 0
+
+ /*
+ * A structure to bundle up all login-related information to keep the
+ * functional interfaces as generic as possible.
+ */
+struct login_info {
+ const struct passwd *user;
+ const char *from;
+ const char *config_file;
+ int debug; /* Print debugging messages. */
+ int only_new_group_syntax; /* Only allow group entries of the form "(xyz)" */
+ int noaudit; /* Do not audit denials */
+ const char *fs; /* field separator */
+ const char *sep; /* list-element separator */
+};
+
+/* Parse module config arguments */
+
+static int
+parse_args(pam_handle_t *pamh, struct login_info *loginfo,
+ int argc, const char **argv)
+{
+ int i;
+
+ loginfo->noaudit = NO;
+ loginfo->debug = NO;
+ loginfo->only_new_group_syntax = NO;
+ loginfo->fs = ":";
+ loginfo->sep = ", \t";
+ for (i=0; i<argc; ++i) {
+ if (!strncmp("fieldsep=", argv[i], 9)) {
+
+ /* the admin wants to override the default field separators */
+ loginfo->fs = argv[i]+9;
+
+ } else if (!strncmp("listsep=", argv[i], 8)) {
+
+ /* the admin wants to override the default list separators */
+ loginfo->sep = argv[i]+8;
+
+ } else if (!strncmp("accessfile=", argv[i], 11)) {
+ FILE *fp = fopen(11 + argv[i], "r");
+
+ if (fp) {
+ loginfo->config_file = 11 + argv[i];
+ fclose(fp);
+ } else {
+ pam_syslog(pamh, LOG_ERR,
+ "failed to open accessfile=[%s]: %m", 11 + argv[i]);
+ return 0;
+ }
+
+ } else if (strcmp (argv[i], "debug") == 0) {
+ loginfo->debug = YES;
+ } else if (strcmp (argv[i], "nodefgroup") == 0) {
+ loginfo->only_new_group_syntax = YES;
+ } else if (strcmp (argv[i], "noaudit") == 0) {
+ loginfo->noaudit = YES;
+ } else {
+ pam_syslog(pamh, LOG_ERR, "unrecognized option [%s]", argv[i]);
+ }
+ }
+
+ return 1; /* OK */
+}
+
+/* --- static functions for checking whether the user should be let in --- */
+
+typedef int match_func (pam_handle_t *, char *, struct login_info *);
+
+static int list_match (pam_handle_t *, char *, char *, struct login_info *,
+ match_func *);
+static int user_match (pam_handle_t *, char *, struct login_info *);
+static int group_match (pam_handle_t *, const char *, const char *, int);
+static int from_match (pam_handle_t *, char *, struct login_info *);
+static int string_match (pam_handle_t *, const char *, const char *, int);
+static int network_netmask_match (pam_handle_t *, const char *, const char *, int);
+
+
+/* isipaddr - find out if string provided is an IP address or not */
+
+static int
+isipaddr (const char *string, int *addr_type,
+ struct sockaddr_storage *addr)
+{
+ struct sockaddr_storage local_addr;
+ int is_ip;
+
+ /* We use struct sockaddr_storage addr because
+ * struct in_addr/in6_addr is an integral part
+ * of struct sockaddr and we doesn't want to
+ * use its value.
+ */
+
+ if (addr == NULL)
+ addr = &local_addr;
+
+ memset(addr, 0, sizeof(struct sockaddr_storage));
+
+ /* first ipv4 */
+ if (inet_pton(AF_INET, string, addr) > 0)
+ {
+ if (addr_type != NULL)
+ *addr_type = AF_INET;
+
+ is_ip = YES;
+ }
+ else if (inet_pton(AF_INET6, string, addr) > 0)
+ { /* then ipv6 */
+ if (addr_type != NULL) {
+ *addr_type = AF_INET6;
+ }
+ is_ip = YES;
+ }
+ else
+ is_ip = NO;
+
+ return is_ip;
+}
+
+
+/* are_addresses_equal - translate IP address strings to real IP
+ * addresses and compare them to find out if they are equal.
+ * If netmask was provided it will be used to focus comparation to
+ * relevant bits.
+ */
+static int
+are_addresses_equal (const char *ipaddr0, const char *ipaddr1,
+ const char *netmask)
+{
+ struct sockaddr_storage addr0;
+ struct sockaddr_storage addr1;
+ int addr_type0 = 0;
+ int addr_type1 = 0;
+
+ if (isipaddr (ipaddr0, &addr_type0, &addr0) == NO)
+ return NO;
+
+ if (isipaddr (ipaddr1, &addr_type1, &addr1) == NO)
+ return NO;
+
+ if (addr_type0 != addr_type1)
+ /* different address types */
+ return NO;
+
+ if (netmask != NULL) {
+ /* Got a netmask, so normalize addresses? */
+ struct sockaddr_storage nmask;
+ unsigned char *byte_a, *byte_nm;
+
+ memset(&nmask, 0, sizeof(struct sockaddr_storage));
+ if (inet_pton(addr_type0, netmask, (void *)&nmask) > 0) {
+ unsigned int i;
+ byte_a = (unsigned char *)(&addr0);
+ byte_nm = (unsigned char *)(&nmask);
+ for (i=0; i<sizeof(struct sockaddr_storage); i++) {
+ byte_a[i] = byte_a[i] & byte_nm[i];
+ }
+
+ byte_a = (unsigned char *)(&addr1);
+ byte_nm = (unsigned char *)(&nmask);
+ for (i=0; i<sizeof(struct sockaddr_storage); i++) {
+ byte_a[i] = byte_a[i] & byte_nm[i];
+ }
+ }
+ }
+
+
+ /* Are the two addresses equal? */
+ if (memcmp((void *)&addr0, (void *)&addr1,
+ sizeof(struct sockaddr_storage)) == 0) {
+ return(YES);
+ }
+
+ return(NO);
+}
+
+static char *
+number_to_netmask (long netmask, int addr_type,
+ char *ipaddr_buf, size_t ipaddr_buf_len)
+{
+ /* We use struct sockaddr_storage addr because
+ * struct in_addr/in6_addr is an integral part
+ * of struct sockaddr and we doesn't want to
+ * use its value.
+ */
+ struct sockaddr_storage nmask;
+ unsigned char *byte_nm;
+ const char *ipaddr_dst = NULL;
+ int i, ip_bytes;
+
+ if (netmask == 0) {
+ /* mask 0 is the same like no mask */
+ return(NULL);
+ }
+
+ memset(&nmask, 0, sizeof(struct sockaddr_storage));
+ if (addr_type == AF_INET6) {
+ /* ipv6 address mask */
+ ip_bytes = 16;
+ } else {
+ /* default might be an ipv4 address mask */
+ addr_type = AF_INET;
+ ip_bytes = 4;
+ }
+
+ byte_nm = (unsigned char *)(&nmask);
+ /* translate number to mask */
+ for (i=0; i<ip_bytes; i++) {
+ if (netmask >= 8) {
+ byte_nm[i] = 0xff;
+ netmask -= 8;
+ } else
+ if (netmask > 0) {
+ byte_nm[i] = 0xff << (8 - netmask);
+ break;
+ } else
+ if (netmask <= 0) {
+ break;
+ }
+ }
+
+ /* now generate netmask address string */
+ ipaddr_dst = inet_ntop(addr_type, &nmask, ipaddr_buf, ipaddr_buf_len);
+ if (ipaddr_dst == ipaddr_buf) {
+ return (ipaddr_buf);
+ }
+
+ return (NULL);
+}
+
+/* login_access - match username/group and host/tty with access control file */
+
+static int
+login_access (pam_handle_t *pamh, struct login_info *item)
+{
+ FILE *fp;
+ char line[BUFSIZ];
+ char *perm; /* becomes permission field */
+ char *users; /* becomes list of login names */
+ char *froms; /* becomes list of terminals or hosts */
+ int match = NO;
+ int nonall_match = NO;
+ int end;
+ int lineno = 0; /* for diagnostics */
+ char *sptr;
+
+ if (item->debug)
+ pam_syslog (pamh, LOG_DEBUG,
+ "login_access: user=%s, from=%s, file=%s",
+ item->user->pw_name,
+ item->from, item->config_file);
+
+ /*
+ * Process the table one line at a time and stop at the first match.
+ * Blank lines and lines that begin with a '#' character are ignored.
+ * Non-comment lines are broken at the ':' character. All fields are
+ * mandatory. The first field should be a "+" or "-" character. A
+ * non-existing table means no access control.
+ */
+
+ if ((fp = fopen(item->config_file, "r"))!=NULL) {
+ while (!match && fgets(line, sizeof(line), fp)) {
+ lineno++;
+ if (line[end = strlen(line) - 1] != '\n') {
+ pam_syslog(pamh, LOG_ERR,
+ "%s: line %d: missing newline or line too long",
+ item->config_file, lineno);
+ continue;
+ }
+ if (line[0] == '#')
+ continue; /* comment line */
+ while (end > 0 && isspace(line[end - 1]))
+ end--;
+ line[end] = 0; /* strip trailing whitespace */
+ if (line[0] == 0) /* skip blank lines */
+ continue;
+
+ /* Allow field seperator in last field of froms */
+ if (!(perm = strtok_r(line, item->fs, &sptr))
+ || !(users = strtok_r(NULL, item->fs, &sptr))
+ || !(froms = strtok_r(NULL, "\n", &sptr))) {
+ pam_syslog(pamh, LOG_ERR, "%s: line %d: bad field count",
+ item->config_file, lineno);
+ continue;
+ }
+ if (perm[0] != '+' && perm[0] != '-') {
+ pam_syslog(pamh, LOG_ERR, "%s: line %d: bad first field",
+ item->config_file, lineno);
+ continue;
+ }
+ if (item->debug)
+ pam_syslog (pamh, LOG_DEBUG,
+ "line %d: %s : %s : %s", lineno, perm, users, froms);
+ match = list_match(pamh, users, NULL, item, user_match);
+ if (item->debug)
+ pam_syslog (pamh, LOG_DEBUG, "user_match=%d, \"%s\"",
+ match, item->user->pw_name);
+ if (match) {
+ match = list_match(pamh, froms, NULL, item, from_match);
+ if (!match && perm[0] == '+') {
+ nonall_match = YES;
+ }
+ if (item->debug)
+ pam_syslog (pamh, LOG_DEBUG,
+ "from_match=%d, \"%s\"", match, item->from);
+ }
+ }
+ (void) fclose(fp);
+ } else if (errno == ENOENT) {
+ /* This is no error. */
+ pam_syslog(pamh, LOG_WARNING, "warning: cannot open %s: %m",
+ item->config_file);
+ } else {
+ pam_syslog(pamh, LOG_ERR, "cannot open %s: %m", item->config_file);
+ return NO;
+ }
+#ifdef HAVE_LIBAUDIT
+ if (!item->noaudit && line[0] == '-' && (match == YES || (match == ALL &&
+ nonall_match == YES))) {
+ pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_LOCATION,
+ "pam_access", 0);
+ }
+#endif
+ return (match == NO || (line[0] == '+'));
+}
+
+
+/* list_match - match an item against a list of tokens with exceptions */
+
+static int
+list_match(pam_handle_t *pamh, char *list, char *sptr,
+ struct login_info *item, match_func *match_fn)
+{
+ char *tok;
+ int match = NO;
+
+ if (item->debug && list != NULL)
+ pam_syslog (pamh, LOG_DEBUG,
+ "list_match: list=%s, item=%s", list, item->user->pw_name);
+
+ /*
+ * Process tokens one at a time. We have exhausted all possible matches
+ * when we reach an "EXCEPT" token or the end of the list. If we do find
+ * a match, look for an "EXCEPT" list and recurse to determine whether
+ * the match is affected by any exceptions.
+ */
+
+ for (tok = strtok_r(list, item->sep, &sptr); tok != 0;
+ tok = strtok_r(NULL, item->sep, &sptr)) {
+ if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */
+ break;
+ if ((match = (*match_fn) (pamh, tok, item))) /* YES */
+ break;
+ }
+ /* Process exceptions to matches. */
+
+ if (match != NO) {
+ while ((tok = strtok_r(NULL, item->sep, &sptr)) && strcasecmp(tok, "EXCEPT"))
+ /* VOID */ ;
+ if (tok == 0)
+ return match;
+ if (list_match(pamh, NULL, sptr, item, match_fn) == NO)
+ return YES; /* drop special meaning of ALL */
+ }
+ return (NO);
+}
+
+/* myhostname - figure out local machine name */
+
+static char *myhostname(void)
+{
+ static char name[MAXHOSTNAMELEN + 1];
+
+ if (gethostname(name, MAXHOSTNAMELEN) == 0) {
+ name[MAXHOSTNAMELEN] = 0;
+ return (name);
+ }
+ return NULL;
+}
+
+/* netgroup_match - match group against machine or user */
+
+static int
+netgroup_match (pam_handle_t *pamh, const char *netgroup,
+ const char *machine, const char *user, int debug)
+{
+ char *mydomain = NULL;
+ int retval;
+
+ yp_get_default_domain(&mydomain);
+
+
+ retval = innetgr (netgroup, machine, user, mydomain);
+ if (debug == YES)
+ pam_syslog (pamh, LOG_DEBUG,
+ "netgroup_match: %d (netgroup=%s, machine=%s, user=%s, domain=%s)",
+ retval, netgroup ? netgroup : "NULL",
+ machine ? machine : "NULL",
+ user ? user : "NULL", mydomain ? mydomain : "NULL");
+ return retval;
+
+}
+
+/* user_match - match a username against one token */
+
+static int
+user_match (pam_handle_t *pamh, char *tok, struct login_info *item)
+{
+ char *string = item->user->pw_name;
+ struct login_info fake_item;
+ char *at;
+ int rv;
+
+ if (item->debug)
+ pam_syslog (pamh, LOG_DEBUG,
+ "user_match: tok=%s, item=%s", tok, string);
+
+ /*
+ * If a token has the magic value "ALL" the match always succeeds.
+ * Otherwise, return YES if the token fully matches the username, if the
+ * token is a group that contains the username, or if the token is the
+ * name of the user's primary group.
+ */
+
+ if ((at = strchr(tok + 1, '@')) != 0) { /* split user@host pattern */
+ *at = 0;
+ fake_item.from = myhostname();
+ if (fake_item.from == NULL)
+ return NO;
+ return (user_match (pamh, tok, item) &&
+ from_match (pamh, at + 1, &fake_item));
+ } else if (tok[0] == '@') /* netgroup */
+ return (netgroup_match (pamh, tok + 1, (char *) 0, string, item->debug));
+ else if (tok[0] == '(' && tok[strlen(tok) - 1] == ')')
+ return (group_match (pamh, tok, string, item->debug));
+ else if ((rv=string_match (pamh, tok, string, item->debug)) != NO) /* ALL or exact match */
+ return rv;
+ else if (item->only_new_group_syntax == NO &&
+ pam_modutil_user_in_group_nam_nam (pamh,
+ item->user->pw_name, tok))
+ /* try group membership */
+ return YES;
+
+ return NO;
+}
+
+
+/* group_match - match a username against token named group */
+
+static int
+group_match (pam_handle_t *pamh, const char *tok, const char* usr,
+ int debug)
+{
+ char grptok[BUFSIZ];
+
+ if (debug)
+ pam_syslog (pamh, LOG_DEBUG,
+ "group_match: grp=%s, user=%s", grptok, usr);
+
+ if (strlen(tok) < 3)
+ return NO;
+
+ /* token is recieved under the format '(...)' */
+ memset(grptok, 0, BUFSIZ);
+ strncpy(grptok, tok + 1, strlen(tok) - 2);
+
+ if (pam_modutil_user_in_group_nam_nam(pamh, usr, grptok))
+ return YES;
+
+ return NO;
+}
+
+
+/* from_match - match a host or tty against a list of tokens */
+
+static int
+from_match (pam_handle_t *pamh UNUSED, char *tok, struct login_info *item)
+{
+ const char *string = item->from;
+ int tok_len;
+ int str_len;
+ int rv;
+
+ if (item->debug)
+ pam_syslog (pamh, LOG_DEBUG,
+ "from_match: tok=%s, item=%s", tok, string);
+
+ /*
+ * If a token has the magic value "ALL" the match always succeeds. Return
+ * YES if the token fully matches the string. If the token is a domain
+ * name, return YES if it matches the last fields of the string. If the
+ * token has the magic value "LOCAL", return YES if the string does not
+ * contain a "." character. If the token is a network number, return YES
+ * if it matches the head of the string.
+ */
+
+ if (string == NULL) {
+ return NO;
+ } else if (tok[0] == '@') { /* netgroup */
+ return (netgroup_match (pamh, tok + 1, string, (char *) 0, item->debug));
+ } else if ((rv = string_match(pamh, tok, string, item->debug)) != NO) {
+ /* ALL or exact match */
+ return rv;
+ } else if (tok[0] == '.') { /* domain: match last fields */
+ if ((str_len = strlen(string)) > (tok_len = strlen(tok))
+ && strcasecmp(tok, string + str_len - tok_len) == 0)
+ return (YES);
+ } else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */
+ if (strchr(string, '.') == 0)
+ return (YES);
+ } else if (tok[(tok_len = strlen(tok)) - 1] == '.') {
+ struct addrinfo *res;
+ struct addrinfo hint;
+
+ memset (&hint, '\0', sizeof (hint));
+ hint.ai_flags = AI_CANONNAME;
+ hint.ai_family = AF_INET;
+
+ if (getaddrinfo (string, NULL, &hint, &res) != 0)
+ return NO;
+ else
+ {
+ struct addrinfo *runp = res;
+
+ while (runp != NULL)
+ {
+ char buf[INET_ADDRSTRLEN+2];
+
+ if (runp->ai_family == AF_INET)
+ {
+ inet_ntop (runp->ai_family,
+ &((struct sockaddr_in *) runp->ai_addr)->sin_addr,
+ buf, sizeof (buf));
+
+ strcat (buf, ".");
+
+ if (strncmp(tok, buf, tok_len) == 0)
+ {
+ freeaddrinfo (res);
+ return YES;
+ }
+ }
+ runp = runp->ai_next;
+ }
+ freeaddrinfo (res);
+ }
+ } else if (isipaddr(string, NULL, NULL) == YES) {
+ /* Assume network/netmask with a IP of a host. */
+ if (network_netmask_match(pamh, tok, string, item->debug))
+ return YES;
+ } else {
+ /* Assume network/netmask with a name of a host. */
+ struct addrinfo *res;
+ struct addrinfo hint;
+
+ memset (&hint, '\0', sizeof (hint));
+ hint.ai_flags = AI_CANONNAME;
+ hint.ai_family = AF_UNSPEC;
+
+ if (getaddrinfo (string, NULL, &hint, &res) != 0)
+ return NO;
+ else
+ {
+ struct addrinfo *runp = res;
+
+ while (runp != NULL)
+ {
+ char buf[INET6_ADDRSTRLEN];
+
+ inet_ntop (runp->ai_family,
+ runp->ai_family == AF_INET
+ ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr
+ : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr,
+ buf, sizeof (buf));
+
+ if (network_netmask_match(pamh, tok, buf, item->debug))
+ {
+ freeaddrinfo (res);
+ return YES;
+ }
+ runp = runp->ai_next;
+ }
+ freeaddrinfo (res);
+ }
+ }
+
+ return NO;
+}
+
+/* string_match - match a string against one token */
+
+static int
+string_match (pam_handle_t *pamh, const char *tok, const char *string,
+ int debug)
+{
+
+ if (debug)
+ pam_syslog (pamh, LOG_DEBUG,
+ "string_match: tok=%s, item=%s", tok, string);
+
+ /*
+ * If the token has the magic value "ALL" the match always succeeds.
+ * Otherwise, return YES if the token fully matches the string.
+ * "NONE" token matches NULL string.
+ */
+
+ if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */
+ return (ALL);
+ } else if (string != NULL) {
+ if (strcasecmp(tok, string) == 0) { /* try exact match */
+ return (YES);
+ }
+ } else if (strcasecmp(tok, "NONE") == 0) {
+ return (YES);
+ }
+ return (NO);
+}
+
+
+/* network_netmask_match - match a string against one token
+ * where string is an ip (v4,v6) address and tok represents
+ * whether a single ip (v4,v6) address or a network/netmask
+ */
+static int
+network_netmask_match (pam_handle_t *pamh,
+ const char *tok, const char *string, int debug)
+{
+ if (debug)
+ pam_syslog (pamh, LOG_DEBUG,
+ "network_netmask_match: tok=%s, item=%s", tok, string);
+
+ if (isipaddr(string, NULL, NULL) == YES)
+ {
+ char *netmask_ptr = NULL;
+ static char netmask_string[MAXHOSTNAMELEN + 1] = "";
+ int addr_type;
+
+ /* OK, check if tok is of type addr/mask */
+ if ((netmask_ptr = strchr(tok, '/')) != NULL)
+ {
+ long netmask = 0;
+
+ /* YES */
+ *netmask_ptr = 0;
+ netmask_ptr++;
+
+ if (isipaddr(tok, &addr_type, NULL) == NO)
+ { /* no netaddr */
+ return(NO);
+ }
+
+ /* check netmask */
+ if (isipaddr(netmask_ptr, NULL, NULL) == NO)
+ { /* netmask as integre value */
+ char *endptr = NULL;
+ netmask = strtol(netmask_ptr, &endptr, 0);
+ if ((endptr == NULL) || (*endptr != '\0'))
+ { /* invalid netmask value */
+ return(NO);
+ }
+ if ((netmask < 0) || (netmask >= 128))
+ { /* netmask value out of range */
+ return(NO);
+ }
+
+ netmask_ptr = number_to_netmask(netmask, addr_type,
+ netmask_string, MAXHOSTNAMELEN);
+ }
+
+ /* Netmask is now an ipv4/ipv6 address.
+ * This works also if netmask_ptr is NULL.
+ */
+ return (are_addresses_equal(string, tok, netmask_ptr));
+ }
+ else
+ /* NO, then check if it is only an addr */
+ if (isipaddr(tok, NULL, NULL) == YES)
+ { /* check if they are the same, no netmask */
+ return(are_addresses_equal(string, tok, NULL));
+ }
+ }
+
+ return (NO);
+}
+
+
+/* --- public PAM management functions --- */
+
+PAM_EXTERN int
+pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ struct login_info loginfo;
+ const char *user=NULL;
+ const void *void_from=NULL;
+ const char *from;
+ struct passwd *user_pw;
+
+ /* set username */
+
+ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL
+ || *user == '\0') {
+ pam_syslog(pamh, LOG_ERR, "cannot determine the user's name");
+ return PAM_USER_UNKNOWN;
+ }
+
+ if ((user_pw=pam_modutil_getpwnam(pamh, user))==NULL)
+ return (PAM_USER_UNKNOWN);
+
+ /*
+ * Bundle up the arguments to avoid unnecessary clumsiness later on.
+ */
+ loginfo.user = user_pw;
+ loginfo.config_file = PAM_ACCESS_CONFIG;
+
+ /* parse the argument list */
+
+ if (!parse_args(pamh, &loginfo, argc, argv)) {
+ pam_syslog(pamh, LOG_ERR, "failed to parse the module arguments");
+ return PAM_ABORT;
+ }
+
+ /* remote host name */
+
+ if (pam_get_item(pamh, PAM_RHOST, &void_from)
+ != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_ERR, "cannot find the remote host name");
+ return PAM_ABORT;
+ }
+ from = void_from;
+
+ if ((from==NULL) || (*from=='\0')) {
+
+ /* local login, set tty name */
+
+ if (pam_get_item(pamh, PAM_TTY, &void_from) != PAM_SUCCESS
+ || void_from == NULL) {
+ D(("PAM_TTY not set, probing stdin"));
+ from = ttyname(STDIN_FILENO);
+ if (from != NULL) {
+ if (pam_set_item(pamh, PAM_TTY, from) != PAM_SUCCESS)
+ pam_syslog(pamh, LOG_WARNING, "couldn't set tty name");
+ } else {
+ if (pam_get_item(pamh, PAM_SERVICE, &void_from) != PAM_SUCCESS
+ || void_from == NULL) {
+ pam_syslog (pamh, LOG_ERR,
+ "cannot determine remote host, tty or service name");
+ return PAM_ABORT;
+ }
+ from = void_from;
+ if (loginfo.debug)
+ pam_syslog (pamh, LOG_DEBUG,
+ "cannot determine tty or remote hostname, using service %s",
+ from);
+ }
+ }
+ else
+ from = void_from;
+
+ if (from[0] == '/') { /* full path, remove device path. */
+ const char *f;
+ from++;
+ if ((f = strchr(from, '/')) != NULL) {
+ from = f + 1;
+ }
+ }
+ }
+
+ loginfo.from = from;
+
+ if (login_access(pamh, &loginfo)) {
+ return (PAM_SUCCESS);
+ } else {
+ pam_syslog(pamh, LOG_ERR,
+ "access denied for user `%s' from `%s'",user,from);
+ return (PAM_PERM_DENIED);
+ }
+}
+
+PAM_EXTERN int
+pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ return PAM_IGNORE;
+}
+
+PAM_EXTERN int
+pam_sm_acct_mgmt (pam_handle_t *pamh, int flags,
+ int argc, const char **argv)
+{
+ return pam_sm_authenticate (pamh, flags, argc, argv);
+}
+
+PAM_EXTERN int
+pam_sm_open_session(pam_handle_t *pamh, int flags,
+ int argc, const char **argv)
+{
+ return pam_sm_authenticate(pamh, flags, argc, argv);
+}
+
+PAM_EXTERN int
+pam_sm_close_session(pam_handle_t *pamh, int flags,
+ int argc, const char **argv)
+{
+ return pam_sm_authenticate(pamh, flags, argc, argv);
+}
+
+PAM_EXTERN int
+pam_sm_chauthtok(pam_handle_t *pamh, int flags,
+ int argc, const char **argv)
+{
+ return pam_sm_authenticate(pamh, flags, argc, argv);
+}
+
+/* end of module definition */
+
+#ifdef PAM_STATIC
+
+/* static module data */
+
+struct pam_module _pam_access_modstruct = {
+ "pam_access",
+ pam_sm_authenticate,
+ pam_sm_setcred,
+ pam_sm_acct_mgmt,
+ pam_sm_open_session,
+ pam_sm_close_session,
+ pam_sm_chauthtok
+};
+#endif
diff --git a/modules/pam_access/tst-pam_access b/modules/pam_access/tst-pam_access
new file mode 100755
index 00000000..271e69fe
--- /dev/null
+++ b/modules/pam_access/tst-pam_access
@@ -0,0 +1,2 @@
+#!/bin/sh
+../../tests/tst-dlopen .libs/pam_access.so
diff --git a/modules/pam_cracklib/Makefile.am b/modules/pam_cracklib/Makefile.am
new file mode 100644
index 00000000..619ffc93
--- /dev/null
+++ b/modules/pam_cracklib/Makefile.am
@@ -0,0 +1,38 @@
+#
+# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
+#
+
+CLEANFILES = *~
+
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_cracklib
+
+man_MANS = pam_cracklib.8
+
+XMLS = README.xml pam_cracklib.8.xml
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -no-undefined -avoid-version -module
+if HAVE_VERSIONING
+ AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+
+if HAVE_LIBCRACK
+securelib_LTLIBRARIES = pam_cracklib.la
+
+TESTS = tst-pam_cracklib
+endif
+
+pam_cracklib_la_LIBADD = -L$(top_builddir)/libpam -lpam \
+ @LIBCRACK@ @LIBCRYPT@
+
+if ENABLE_REGENERATE_MAN
+
+noinst_DATA = README
+
+README: pam_cracklib.8.xml
+
+-include $(top_srcdir)/Make.xml.rules
+endif
diff --git a/modules/pam_cracklib/Makefile.in b/modules/pam_cracklib/Makefile.in
new file mode 100644
index 00000000..01daaf8e
--- /dev/null
+++ b/modules/pam_cracklib/Makefile.in
@@ -0,0 +1,672 @@
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
+#
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+subdir = modules/pam_cracklib
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \
+ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"
+securelibLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(securelib_LTLIBRARIES)
+pam_cracklib_la_DEPENDENCIES =
+pam_cracklib_la_SOURCES = pam_cracklib.c
+pam_cracklib_la_OBJECTS = pam_cracklib.lo
+@HAVE_LIBCRACK_TRUE@am_pam_cracklib_la_rpath = -rpath $(securelibdir)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = pam_cracklib.c
+DIST_SOURCES = pam_cracklib.c
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DATA = $(noinst_DATA)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+FO2PDF = @FO2PDF@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNSL = @LIBNSL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NMEDIT = @NMEDIT@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PAM_READ_BOTH_CONFS = @PAM_READ_BOTH_CONFS@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WITH_DEBUG = @WITH_DEBUG@
+WITH_PAMLOCKING = @WITH_PAMLOCKING@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libc_cv_fpie = @libc_cv_fpie@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+CLEANFILES = *~
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_cracklib
+man_MANS = pam_cracklib.8
+XMLS = README.xml pam_cracklib.8.xml
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
+@HAVE_LIBCRACK_TRUE@securelib_LTLIBRARIES = pam_cracklib.la
+@HAVE_LIBCRACK_TRUE@TESTS = tst-pam_cracklib
+pam_cracklib_la_LIBADD = -L$(top_builddir)/libpam -lpam \
+ @LIBCRACK@ @LIBCRYPT@
+
+@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_cracklib/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu modules/pam_cracklib/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)"
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(securelibdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(securelibdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-securelibLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$p'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$p"; \
+ done
+
+clean-securelibLTLIBRARIES:
+ -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+pam_cracklib.la: $(pam_cracklib_la_OBJECTS) $(pam_cracklib_la_DEPENDENCIES)
+ $(LINK) $(am_pam_cracklib_la_rpath) $(pam_cracklib_la_OBJECTS) $(pam_cracklib_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_cracklib.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
+installdirs:
+ for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man install-securelibLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES
+
+uninstall-man: uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \
+ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am \
+ install-securelibLTLIBRARIES install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-man uninstall-man8 \
+ uninstall-securelibLTLIBRARIES
+
+
+@ENABLE_REGENERATE_MAN_TRUE@README: pam_cracklib.8.xml
+
+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/modules/pam_cracklib/README b/modules/pam_cracklib/README
new file mode 100644
index 00000000..25ec00b4
--- /dev/null
+++ b/modules/pam_cracklib/README
@@ -0,0 +1,220 @@
+pam_cracklib — PAM module to check the password against dictionary words
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+This module can be plugged into the password stack of a given application to
+provide some plug-in strength-checking for passwords.
+
+The action of this module is to prompt the user for a password and check its
+strength against a system dictionary and a set of rules for identifying poor
+choices.
+
+The first action is to prompt for a single password, check its strength and
+then, if it is considered strong, prompt for the password a second time (to
+verify that it was typed correctly on the first occasion). All being well, the
+password is passed on to subsequent modules to be installed as the new
+authentication token.
+
+The strength checks works in the following manner: at first the Cracklib
+routine is called to check if the password is part of a dictionary; if this is
+not the case an additional set of strength checks is done. These checks are:
+
+Palindrome
+
+ Is the new password a palindrome of the old one?
+
+Case Change Only
+
+ Is the new password the the old one with only a change of case?
+
+Similar
+
+ Is the new password too much like the old one? This is primarily controlled
+ by one argument, difok which is a number of characters that if different
+ between the old and new are enough to accept the new password, this
+ defaults to 10 or 1/2 the size of the new password whichever is smaller.
+
+ To avoid the lockup associated with trying to change a long and complicated
+ password, difignore is available. This argument can be used to specify the
+ minimum length a new password needs to be before the difok value is
+ ignored. The default value for difignore is 23.
+
+Simple
+
+ Is the new password too small? This is controlled by 5 arguments minlen,
+ dcredit, ucredit, lcredit, and ocredit. See the section on the arguments
+ for the details of how these work and there defaults.
+
+Rotated
+
+ Is the new password a rotated version of the old password?
+
+Already used
+
+ Was the password used in the past? Previously used passwords are to be
+ found in /etc/security/opasswd.
+
+This module with no arguments will work well for standard unix password
+encryption. With md5 encryption, passwords can be longer than 8 characters and
+the default settings for this module can make it hard for the user to choose a
+satisfactory new password. Notably, the requirement that the new password
+contain no more than 1/2 of the characters in the old password becomes a
+non-trivial constraint. For example, an old password of the form "the quick
+brown fox jumped over the lazy dogs" would be difficult to change... In
+addition, the default action is to allow passwords as small as 5 characters in
+length. For a md5 systems it can be a good idea to increase the required
+minimum size of a password. One can then allow more credit for different kinds
+of characters but accept that the new password may share most of these
+characters with the old password.
+
+OPTIONS
+
+debug
+
+ This option makes the module write information to syslog(3) indicating the
+ behavior of the module (this option does not write password information to
+ the log file).
+
+type=XXX
+
+ The default action is for the module to use the following prompts when
+ requesting passwords: "New UNIX password: " and "Retype UNIX password: ".
+ The default word UNIX can be replaced with this option.
+
+retry=N
+
+ Prompt user at most N times before returning with error. The default is 1
+
+difok=N
+
+ This argument will change the default of 5 for the number of characters in
+ the new password that must not be present in the old password. In addition,
+ if 1/2 of the characters in the new password are different then the new
+ password will be accepted anyway.
+
+difignore=N
+
+ How many characters should the password have before difok will be ignored.
+ The default is 23.
+
+minlen=N
+
+ The minimum acceptable size for the new password (plus one if credits are
+ not disabled which is the default). In addition to the number of characters
+ in the new password, credit (of +1 in length) is given for each different
+ kind of character (other, upper, lower and digit). The default for this
+ parameter is 9 which is good for a old style UNIX password all of the same
+ type of character but may be too low to exploit the added security of a md5
+ system. Note that there is a pair of length limits in Cracklib itself, a
+ "way too short" limit of 4 which is hard coded in and a defined limit (6)
+ that will be checked without reference to minlen. If you want to allow
+ passwords as short as 5 characters you should not use this module.
+
+dcredit=N
+
+ (N >= 0) This is the maximum credit for having digits in the new password.
+ If you have less than or N digits, each digit will count +1 towards meeting
+ the current minlen value. The default for dcredit is 1 which is the
+ recommended value for minlen less than 10.
+
+ (N < 0) This is the minimum number of digits that must be met for a new
+ password.
+
+ucredit=N
+
+ (N >= 0) This is the maximum credit for having upper case letters in the
+ new password. If you have less than or N upper case letters each letter
+ will count +1 towards meeting the current minlen value. The default for
+ ucredit is 1 which is the recommended value for minlen less than 10.
+
+ (N > 0) This is the minimum number of upper case letters that must be met
+ for a new password.
+
+lcredit=N
+
+ (N >= 0) This is the maximum credit for having lower case letters in the
+ new password. If you have less than or N lower case letters, each letter
+ will count +1 towards meeting the current minlen value. The default for
+ lcredit is 1 which is the recommended value for minlen less than 10.
+
+ (N < 0) This is the minimum number of lower case letters that must be met
+ for a new password.
+
+ocredit=N
+
+ (N >= 0) This is the maximum credit for having other characters in the new
+ password. If you have less than or N other characters, each character will
+ count +1 towards meeting the current minlen value. The default for ocredit
+ is 1 which is the recommended value for minlen less than 10.
+
+ (N < 0) This is the minimum number of other characters that must be met for
+ a new password.
+
+minclass=N
+
+ The minimum number of required classes of characters for the new password.
+ The default number is zero. The four classes are digits, upper and lower
+ letters and other characters. The difference to the credit check is that a
+ specific class if of characters is not required. Instead N out of four of
+ the classes are required.
+
+use_authtok
+
+ This argument is used to force the module to not prompt the user for a new
+ password but use the one provided by the previously stacked password
+ module.
+
+dictpath=/path/to/dict
+
+ Path to the cracklib dictionaries.
+
+EXAMPLES
+
+For an example of the use of this module, we show how it may be stacked with
+the password component of pam_unix(8)
+
+#
+# These lines stack two password type modules. In this example the
+# user is given 3 opportunities to enter a strong password. The
+# "use_authtok" argument ensures that the pam_unix module does not
+# prompt for a password, but instead uses the one provided by
+# pam_cracklib.
+#
+passwd password required pam_cracklib.so retry=3
+passwd password required pam_unix.so use_authtok
+
+
+Another example (in the /etc/pam.d/passwd format) is for the case that you want
+to use md5 password encryption:
+
+#%PAM-1.0
+#
+# These lines allow a md5 systems to support passwords of at least 14
+# bytes with extra credit of 2 for digits and 2 for others the new
+# password must have at least three bytes that are not present in the
+# old password
+#
+password required pam_cracklib.so \
+ difok=3 minlen=15 dcredit= 2 ocredit=2
+password required pam_unix.so use_authtok nullok md5
+
+
+And here is another example in case you don't want to use credits:
+
+#%PAM-1.0
+#
+# These lines require the user to select a password with a minimum
+# length of 8 and with at least 1 digit number, 1 upper case letter,
+# and 1 other character
+#
+password required pam_cracklib.so \
+ dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8
+password required pam_unix.so use_authtok nullok md5
+
+
+AUTHOR
+
+pam_cracklib was written by Cristian Gafton <gafton@redhat.com>
+
diff --git a/modules/pam_cracklib/README.xml b/modules/pam_cracklib/README.xml
new file mode 100644
index 00000000..c4a7b54c
--- /dev/null
+++ b/modules/pam_cracklib/README.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_cracklib.8.xml">
+-->
+]>
+
+<article>
+
+ <articleinfo>
+
+ <title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_cracklib.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_cracklib-name"]/*)'/>
+ </title>
+
+ </articleinfo>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_cracklib.8.xml" xpointer='xpointer(//refsect1[@id = "pam_cracklib-description"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_cracklib.8.xml" xpointer='xpointer(//refsect1[@id = "pam_cracklib-options"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_cracklib.8.xml" xpointer='xpointer(//refsect1[@id = "pam_cracklib-examples"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_cracklib.8.xml" xpointer='xpointer(//refsect1[@id = "pam_cracklib-author"]/*)'/>
+ </section>
+
+</article>
diff --git a/modules/pam_cracklib/pam_cracklib.8 b/modules/pam_cracklib/pam_cracklib.8
new file mode 100644
index 00000000..b772f747
--- /dev/null
+++ b/modules/pam_cracklib/pam_cracklib.8
@@ -0,0 +1,309 @@
+.\" Title: pam_cracklib
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
+.\" Date: 04/16/2008
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\"
+.TH "PAM_CRACKLIB" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_cracklib - PAM module to check the password against dictionary words
+.SH "SYNOPSIS"
+.HP 16
+\fBpam_cracklib\.so\fR [\fI\.\.\.\fR]
+.SH "DESCRIPTION"
+.PP
+This module can be plugged into the
+\fIpassword\fR
+stack of a given application to provide some plug\-in strength\-checking for passwords\.
+.PP
+The action of this module is to prompt the user for a password and check its strength against a system dictionary and a set of rules for identifying poor choices\.
+.PP
+The first action is to prompt for a single password, check its strength and then, if it is considered strong, prompt for the password a second time (to verify that it was typed correctly on the first occasion)\. All being well, the password is passed on to subsequent modules to be installed as the new authentication token\.
+.PP
+The strength checks works in the following manner: at first the
+\fBCracklib\fR
+routine is called to check if the password is part of a dictionary; if this is not the case an additional set of strength checks is done\. These checks are:
+.PP
+Palindrome
+.RS 4
+Is the new password a palindrome of the old one?
+.RE
+.PP
+Case Change Only
+.RS 4
+Is the new password the the old one with only a change of case?
+.RE
+.PP
+Similar
+.RS 4
+Is the new password too much like the old one? This is primarily controlled by one argument,
+\fBdifok\fR
+which is a number of characters that if different between the old and new are enough to accept the new password, this defaults to 10 or 1/2 the size of the new password whichever is smaller\.
+.sp
+To avoid the lockup associated with trying to change a long and complicated password,
+\fBdifignore\fR
+is available\. This argument can be used to specify the minimum length a new password needs to be before the
+\fBdifok\fR
+value is ignored\. The default value for
+\fBdifignore\fR
+is 23\.
+.RE
+.PP
+Simple
+.RS 4
+Is the new password too small? This is controlled by 5 arguments
+\fBminlen\fR,
+\fBdcredit\fR,
+\fBucredit\fR,
+\fBlcredit\fR, and
+\fBocredit\fR\. See the section on the arguments for the details of how these work and there defaults\.
+.RE
+.PP
+Rotated
+.RS 4
+Is the new password a rotated version of the old password?
+.RE
+.PP
+Already used
+.RS 4
+Was the password used in the past? Previously used passwords are to be found in
+\fI/etc/security/opasswd\fR\.
+.RE
+.PP
+This module with no arguments will work well for standard unix password encryption\. With md5 encryption, passwords can be longer than 8 characters and the default settings for this module can make it hard for the user to choose a satisfactory new password\. Notably, the requirement that the new password contain no more than 1/2 of the characters in the old password becomes a non\-trivial constraint\. For example, an old password of the form "the quick brown fox jumped over the lazy dogs" would be difficult to change\.\.\. In addition, the default action is to allow passwords as small as 5 characters in length\. For a md5 systems it can be a good idea to increase the required minimum size of a password\. One can then allow more credit for different kinds of characters but accept that the new password may share most of these characters with the old password\.
+.SH "OPTIONS"
+.PP
+.PP
+\fBdebug\fR
+.RS 4
+This option makes the module write information to
+\fBsyslog\fR(3)
+indicating the behavior of the module (this option does not write password information to the log file)\.
+.RE
+.PP
+\fBtype=\fR\fB\fIXXX\fR\fR
+.RS 4
+The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\. The default word
+\fIUNIX\fR
+can be replaced with this option\.
+.RE
+.PP
+\fBretry=\fR\fB\fIN\fR\fR
+.RS 4
+Prompt user at most
+\fIN\fR
+times before returning with error\. The default is
+\fI1\fR
+.RE
+.PP
+\fBdifok=\fR\fB\fIN\fR\fR
+.RS 4
+This argument will change the default of
+\fI5\fR
+for the number of characters in the new password that must not be present in the old password\. In addition, if 1/2 of the characters in the new password are different then the new password will be accepted anyway\.
+.RE
+.PP
+\fBdifignore=\fR\fB\fIN\fR\fR
+.RS 4
+How many characters should the password have before difok will be ignored\. The default is
+\fI23\fR\.
+.RE
+.PP
+\fBminlen=\fR\fB\fIN\fR\fR
+.RS 4
+The minimum acceptable size for the new password (plus one if credits are not disabled which is the default)\. In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (\fIother\fR,
+\fIupper\fR,
+\fIlower\fR
+and
+\fIdigit\fR)\. The default for this parameter is
+\fI9\fR
+which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system\. Note that there is a pair of length limits in
+\fICracklib\fR
+itself, a "way too short" limit of 4 which is hard coded in and a defined limit (6) that will be checked without reference to
+\fBminlen\fR\. If you want to allow passwords as short as 5 characters you should not use this module\.
+.RE
+.PP
+\fBdcredit=\fR\fB\fIN\fR\fR
+.RS 4
+(N >= 0) This is the maximum credit for having digits in the new password\. If you have less than or
+\fIN\fR
+digits, each digit will count +1 towards meeting the current
+\fBminlen\fR
+value\. The default for
+\fBdcredit\fR
+is 1 which is the recommended value for
+\fBminlen\fR
+less than 10\.
+.sp
+(N < 0) This is the minimum number of digits that must be met for a new password\.
+.RE
+.PP
+\fBucredit=\fR\fB\fIN\fR\fR
+.RS 4
+(N >= 0) This is the maximum credit for having upper case letters in the new password\. If you have less than or
+\fIN\fR
+upper case letters each letter will count +1 towards meeting the current
+\fBminlen\fR
+value\. The default for
+\fBucredit\fR
+is
+\fI1\fR
+which is the recommended value for
+\fBminlen\fR
+less than 10\.
+.sp
+(N > 0) This is the minimum number of upper case letters that must be met for a new password\.
+.RE
+.PP
+\fBlcredit=\fR\fB\fIN\fR\fR
+.RS 4
+(N >= 0) This is the maximum credit for having lower case letters in the new password\. If you have less than or
+\fIN\fR
+lower case letters, each letter will count +1 towards meeting the current
+\fBminlen\fR
+value\. The default for
+\fBlcredit\fR
+is 1 which is the recommended value for
+\fBminlen\fR
+less than 10\.
+.sp
+(N < 0) This is the minimum number of lower case letters that must be met for a new password\.
+.RE
+.PP
+\fBocredit=\fR\fB\fIN\fR\fR
+.RS 4
+(N >= 0) This is the maximum credit for having other characters in the new password\. If you have less than or
+\fIN\fR
+other characters, each character will count +1 towards meeting the current
+\fBminlen\fR
+value\. The default for
+\fBocredit\fR
+is 1 which is the recommended value for
+\fBminlen\fR
+less than 10\.
+.sp
+(N < 0) This is the minimum number of other characters that must be met for a new password\.
+.RE
+.PP
+\fBminclass=\fR\fB\fIN\fR\fR
+.RS 4
+The minimum number of required classes of characters for the new password\. The default number is zero\. The four classes are digits, upper and lower letters and other characters\. The difference to the
+\fBcredit\fR
+check is that a specific class if of characters is not required\. Instead
+\fIN\fR
+out of four of the classes are required\.
+.RE
+.PP
+\fBuse_authtok\fR
+.RS 4
+This argument is used to
+\fIforce\fR
+the module to not prompt the user for a new password but use the one provided by the previously stacked
+\fIpassword\fR
+module\.
+.RE
+.PP
+\fBdictpath=\fR\fB\fI/path/to/dict\fR\fR
+.RS 4
+Path to the cracklib dictionaries\.
+.RE
+.SH "MODULE SERVICES PROVIDED"
+.PP
+Only he
+\fBpassword\fR
+service is supported\.
+.SH "RETURN VALUES"
+.PP
+.PP
+PAM_SUCCESS
+.RS 4
+The new password passes all checks\.
+.RE
+.PP
+PAM_AUTHTOK_ERR
+.RS 4
+No new password was entered, the username could not be determined or the new password fails the strength checks\.
+.RE
+.PP
+PAM_AUTHTOK_RECOVERY_ERR
+.RS 4
+The old password was not supplied by a previous stacked module or got not requested from the user\. The first error can happen if
+\fBuse_authtok\fR
+is specified\.
+.RE
+.PP
+PAM_SERVICE_ERR
+.RS 4
+A internal error occured\.
+.RE
+.SH "EXAMPLES"
+.PP
+For an example of the use of this module, we show how it may be stacked with the password component of
+\fBpam_unix\fR(8)
+.sp
+.RS 4
+.nf
+#
+# These lines stack two password type modules\. In this example the
+# user is given 3 opportunities to enter a strong password\. The
+# "use_authtok" argument ensures that the pam_unix module does not
+# prompt for a password, but instead uses the one provided by
+# pam_cracklib\.
+#
+passwd password required pam_cracklib\.so retry=3
+passwd password required pam_unix\.so use_authtok
+
+.fi
+.RE
+.PP
+Another example (in the
+\fI/etc/pam\.d/passwd\fR
+format) is for the case that you want to use md5 password encryption:
+.sp
+.RS 4
+.nf
+#%PAM\-1\.0
+#
+# These lines allow a md5 systems to support passwords of at least 14
+# bytes with extra credit of 2 for digits and 2 for others the new
+# password must have at least three bytes that are not present in the
+# old password
+#
+password required pam_cracklib\.so \e
+ difok=3 minlen=15 dcredit= 2 ocredit=2
+password required pam_unix\.so use_authtok nullok md5
+
+.fi
+.RE
+.PP
+And here is another example in case you don\'t want to use credits:
+.sp
+.RS 4
+.nf
+#%PAM\-1\.0
+#
+# These lines require the user to select a password with a minimum
+# length of 8 and with at least 1 digit number, 1 upper case letter,
+# and 1 other character
+#
+password required pam_cracklib\.so \e
+ dcredit=\-1 ucredit=\-1 ocredit=\-1 lcredit=0 minlen=8
+password required pam_unix\.so use_authtok nullok md5
+
+.fi
+.RE
+.sp
+.SH "SEE ALSO"
+.PP
+
+\fBpam.conf\fR(5),
+\fBpam.d\fR(8),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_cracklib was written by Cristian Gafton <gafton@redhat\.com>
diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml
new file mode 100644
index 00000000..589e7b44
--- /dev/null
+++ b/modules/pam_cracklib/pam_cracklib.8.xml
@@ -0,0 +1,513 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_cracklib">
+
+ <refmeta>
+ <refentrytitle>pam_cracklib</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_cracklib-name">
+ <refname>pam_cracklib</refname>
+ <refpurpose>PAM module to check the password against dictionary words</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis id="pam_cracklib-cmdsynopsis">
+ <command>pam_cracklib.so</command>
+ <arg choice="opt">
+ <replaceable>...</replaceable>
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id="pam_cracklib-description">
+
+ <title>DESCRIPTION</title>
+
+ <para>
+ This module can be plugged into the <emphasis>password</emphasis> stack of
+ a given application to provide some plug-in strength-checking for passwords.
+ </para>
+
+ <para>
+ The action of this module is to prompt the user for a password and
+ check its strength against a system dictionary and a set of rules for
+ identifying poor choices.
+ </para>
+
+ <para>
+ The first action is to prompt for a single password, check its
+ strength and then, if it is considered strong, prompt for the password
+ a second time (to verify that it was typed correctly on the first
+ occasion). All being well, the password is passed on to subsequent
+ modules to be installed as the new authentication token.
+ </para>
+
+ <para>
+ The strength checks works in the following manner: at first the
+ <function>Cracklib</function> routine is called to check if the password
+ is part of a dictionary; if this is not the case an additional set of
+ strength checks is done. These checks are:
+ </para>
+
+ <variablelist>
+ <varlistentry>
+ <term>Palindrome</term>
+ <listitem>
+ <para>
+ Is the new password a palindrome of the old one?
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Case Change Only</term>
+ <listitem>
+ <para>
+ Is the new password the the old one with only a change of case?
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Similar</term>
+ <listitem>
+ <para>
+ Is the new password too much like the old one?
+ This is primarily controlled by one argument,
+ <option>difok</option> which is a number of characters
+ that if different between the old and new are enough to accept
+ the new password, this defaults to 10 or 1/2 the size of the
+ new password whichever is smaller.
+ </para>
+ <para>
+ To avoid the lockup associated with trying to change a long and
+ complicated password, <option>difignore</option> is available.
+ This argument can be used to specify the minimum length a new
+ password needs to be before the <option>difok</option> value is
+ ignored. The default value for <option>difignore</option> is 23.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Simple</term>
+ <listitem>
+ <para>
+ Is the new password too small?
+ This is controlled by 5 arguments <option>minlen</option>,
+ <option>dcredit</option>, <option>ucredit</option>,
+ <option>lcredit</option>, and <option>ocredit</option>. See the section
+ on the arguments for the details of how these work and there defaults.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Rotated</term>
+ <listitem>
+ <para>
+ Is the new password a rotated version of the old password?
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Already used</term>
+ <listitem>
+ <para>
+ Was the password used in the past? Previously used passwords
+ are to be found in <filename>/etc/security/opasswd</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <para>
+ This module with no arguments will work well for standard unix
+ password encryption. With md5 encryption, passwords can be longer
+ than 8 characters and the default settings for this module can make it
+ hard for the user to choose a satisfactory new password. Notably, the
+ requirement that the new password contain no more than 1/2 of the
+ characters in the old password becomes a non-trivial constraint. For
+ example, an old password of the form "the quick brown fox jumped over
+ the lazy dogs" would be difficult to change... In addition, the
+ default action is to allow passwords as small as 5 characters in
+ length. For a md5 systems it can be a good idea to increase the
+ required minimum size of a password. One can then allow more credit
+ for different kinds of characters but accept that the new password may
+ share most of these characters with the old password.
+ </para>
+
+ </refsect1>
+
+ <refsect1 id="pam_cracklib-options">
+
+ <title>OPTIONS</title>
+ <para>
+ <variablelist>
+
+ <varlistentry>
+ <term>
+ <option>debug</option>
+ </term>
+ <listitem>
+ <para>
+ This option makes the module write information to
+ <citerefentry>
+ <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>
+ indicating the behavior of the module (this option does
+ not write password information to the log file).
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>type=<replaceable>XXX</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The default action is for the module to use the
+ following prompts when requesting passwords:
+ "New UNIX password: " and "Retype UNIX password: ".
+ The default word <emphasis>UNIX</emphasis> can
+ be replaced with this option.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>retry=<replaceable>N</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Prompt user at most <replaceable>N</replaceable> times
+ before returning with error. The default is
+ <emphasis>1</emphasis>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>difok=<replaceable>N</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ This argument will change the default of
+ <emphasis>5</emphasis> for the number of characters in
+ the new password that must not be present in the old
+ password. In addition, if 1/2 of the characters in the
+ new password are different then the new password will
+ be accepted anyway.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>difignore=<replaceable>N</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ How many characters should the password have before
+ difok will be ignored. The default is
+ <emphasis>23</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>minlen=<replaceable>N</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The minimum acceptable size for the new password (plus
+ one if credits are not disabled which is the default).
+ In addition to the number of characters in the new password,
+ credit (of +1 in length) is given for each different kind
+ of character (<emphasis>other</emphasis>,
+ <emphasis>upper</emphasis>, <emphasis>lower</emphasis> and
+ <emphasis>digit</emphasis>). The default for this parameter
+ is <emphasis>9</emphasis> which is good for a old style UNIX
+ password all of the same type of character but may be too low
+ to exploit the added security of a md5 system. Note that
+ there is a pair of length limits in
+ <emphasis>Cracklib</emphasis> itself, a "way too short" limit
+ of 4 which is hard coded in and a defined limit (6) that will
+ be checked without reference to <option>minlen</option>.
+ If you want to allow passwords as short as 5 characters you
+ should not use this module.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>dcredit=<replaceable>N</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ (N &gt;= 0) This is the maximum credit for having digits in
+ the new password. If you have less than or
+ <replaceable>N</replaceable>
+ digits, each digit will count +1 towards meeting the current
+ <option>minlen</option> value. The default for
+ <option>dcredit</option> is 1 which is the recommended
+ value for <option>minlen</option> less than 10.
+ </para>
+ <para>
+ (N &lt; 0) This is the minimum number of digits that must
+ be met for a new password.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>ucredit=<replaceable>N</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ (N &gt;= 0) This is the maximum credit for having upper
+ case letters in the new password. If you have less than
+ or <replaceable>N</replaceable> upper case letters each
+ letter will count +1 towards meeting the current
+ <option>minlen</option> value. The default for
+ <option>ucredit</option> is <emphasis>1</emphasis> which
+ is the recommended value for <option>minlen</option> less
+ than 10.
+ </para>
+ <para>
+ (N &gt; 0) This is the minimum number of upper
+ case letters that must be met for a new password.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>lcredit=<replaceable>N</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ (N &gt;= 0) This is the maximum credit for having
+ lower case letters in the new password. If you have
+ less than or <replaceable>N</replaceable> lower case
+ letters, each letter will count +1 towards meeting the
+ current <option>minlen</option> value. The default for
+ <option>lcredit</option> is 1 which is the recommended
+ value for <option>minlen</option> less than 10.
+ </para>
+ <para>
+ (N &lt; 0) This is the minimum number of lower
+ case letters that must be met for a new password.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>ocredit=<replaceable>N</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ (N &gt;= 0) This is the maximum credit for having other
+ characters in the new password. If you have less than or
+ <replaceable>N</replaceable> other characters, each
+ character will count +1 towards meeting the current
+ <option>minlen</option> value. The default for
+ <option>ocredit</option> is 1 which is the recommended
+ value for <option>minlen</option> less than 10.
+ </para>
+ <para>
+ (N &lt; 0) This is the minimum number of other
+ characters that must be met for a new password.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>minclass=<replaceable>N</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The minimum number of required classes of characters for
+ the new password. The default number is zero. The four
+ classes are digits, upper and lower letters and other
+ characters.
+ The difference to the <option>credit</option> check is
+ that a specific class if of characters is not required.
+ Instead <replaceable>N</replaceable> out of four of the
+ classes are required.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>use_authtok</option>
+ </term>
+ <listitem>
+ <para>
+ This argument is used to <emphasis>force</emphasis> the
+ module to not prompt the user for a new password but use
+ the one provided by the previously stacked
+ <emphasis>password</emphasis> module.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>dictpath=<replaceable>/path/to/dict</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Path to the cracklib dictionaries.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_cracklib-services">
+ <title>MODULE SERVICES PROVIDED</title>
+ <para>
+ Only he <option>password</option> service is supported.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_cracklib-return_values'>
+ <title>RETURN VALUES</title>
+ <para>
+ <variablelist>
+
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ The new password passes all checks.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_AUTHTOK_ERR</term>
+ <listitem>
+ <para>
+ No new password was entered,
+ the username could not be determined or the new
+ password fails the strength checks.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_AUTHTOK_RECOVERY_ERR</term>
+ <listitem>
+ <para>
+ The old password was not supplied by a previous stacked
+ module or got not requested from the user.
+ The first error can happen if <option>use_authtok</option>
+ is specified.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_SERVICE_ERR</term>
+ <listitem>
+ <para>
+ A internal error occured.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_cracklib-examples'>
+ <title>EXAMPLES</title>
+ <para>
+ For an example of the use of this module, we show how it may be
+ stacked with the password component of
+ <citerefentry>
+ <refentrytitle>pam_unix</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ <programlisting>
+#
+# These lines stack two password type modules. In this example the
+# user is given 3 opportunities to enter a strong password. The
+# "use_authtok" argument ensures that the pam_unix module does not
+# prompt for a password, but instead uses the one provided by
+# pam_cracklib.
+#
+passwd password required pam_cracklib.so retry=3
+passwd password required pam_unix.so use_authtok
+ </programlisting>
+ </para>
+
+ <para>
+ Another example (in the <filename>/etc/pam.d/passwd</filename> format)
+ is for the case that you want to use md5 password encryption:
+ <programlisting>
+#%PAM-1.0
+#
+# These lines allow a md5 systems to support passwords of at least 14
+# bytes with extra credit of 2 for digits and 2 for others the new
+# password must have at least three bytes that are not present in the
+# old password
+#
+password required pam_cracklib.so \
+ difok=3 minlen=15 dcredit= 2 ocredit=2
+password required pam_unix.so use_authtok nullok md5
+ </programlisting>
+ </para>
+
+ <para>
+ And here is another example in case you don't want to use credits:
+ <programlisting>
+#%PAM-1.0
+#
+# These lines require the user to select a password with a minimum
+# length of 8 and with at least 1 digit number, 1 upper case letter,
+# and 1 other character
+#
+password required pam_cracklib.so \
+ dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8
+password required pam_unix.so use_authtok nullok md5
+ </programlisting>
+ </para>
+
+ </refsect1>
+
+ <refsect1 id='pam_cracklib-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_cracklib-author'>
+ <title>AUTHOR</title>
+ <para>
+ pam_cracklib was written by Cristian Gafton &lt;gafton@redhat.com&gt;
+ </para>
+ </refsect1>
+
+</refentry>
diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c
new file mode 100644
index 00000000..0c39f89d
--- /dev/null
+++ b/modules/pam_cracklib/pam_cracklib.c
@@ -0,0 +1,842 @@
+/*
+ * pam_cracklib module
+ */
+
+/*
+ * 0.9. switch to using a distance algorithm in similar()
+ * 0.86. added support for setting minimum numbers of digits, uppers,
+ * lowers, and others
+ * 0.85. added six new options to use this with long passwords.
+ * 0.8. tidied output and improved D(()) usage for debugging.
+ * 0.7. added support for more obscure checks for new passwd.
+ * 0.6. root can reset user passwd to any values (it's only warned)
+ * 0.5. supports retries - 'retry=N' argument
+ * 0.4. added argument 'type=XXX' for 'New XXX password' prompt
+ * 0.3. Added argument 'debug'
+ * 0.2. new password is feeded to cracklib for verify after typed once
+ * 0.1. First release
+ */
+
+/*
+ * Written by Cristian Gafton <gafton@redhat.com> 1996/09/10
+ * Long password support by Philip W. Dalrymple <pwd@mdtsoft.com> 1997/07/18
+ * See the end of the file for Copyright Information
+ *
+ * Modification for long password systems (>8 chars). The original
+ * module had problems when used in a md5 password system in that it
+ * allowed too short passwords but required that at least half of the
+ * bytes in the new password did not appear in the old one. this
+ * action is still the default and the changes should not break any
+ * current user. This modification adds 6 new options, one to set the
+ * number of bytes in the new password that are not in the old one,
+ * the other five to control the length checking, these are all
+ * documented (or will be before anyone else sees this code) in the PAM
+ * S.A.G. in the section on the cracklib module.
+ */
+
+#include "config.h"
+
+#include <stdio.h>
+#ifdef HAVE_CRYPT_H
+# include <crypt.h>
+#endif
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <stdarg.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <ctype.h>
+#include <limits.h>
+
+#ifdef HAVE_CRACK_H
+#include <crack.h>
+#else
+extern char *FascistCheck(char *pw, const char *dictpath);
+#endif
+
+#ifndef CRACKLIB_DICTS
+#define CRACKLIB_DICTS NULL
+#endif
+
+/* For Translators: "%s%s" could be replaced with "<service> " or "". */
+#define PROMPT1 _("New %s%spassword: ")
+/* For Translators: "%s%s" could be replaced with "<service> " or "". */
+#define PROMPT2 _("Retype new %s%spassword: ")
+#define MISTYPED_PASS _("Sorry, passwords do not match.")
+
+#ifdef MIN
+#undef MIN
+#endif
+#define MIN(_a, _b) (((_a) < (_b)) ? (_a) : (_b))
+
+/*
+ * here, we make a definition for the externally accessible function
+ * in this file (this definition is required for static a module
+ * but strongly encouraged generally) it is used to instruct the
+ * modules include file to define the function prototypes.
+ */
+
+#define PAM_SM_PASSWORD
+
+#include <security/pam_modules.h>
+#include <security/_pam_macros.h>
+#include <security/pam_ext.h>
+
+/* argument parsing */
+#define PAM_DEBUG_ARG 0x0001
+
+struct cracklib_options {
+ int retry_times;
+ int diff_ok;
+ int diff_ignore;
+ int min_length;
+ int dig_credit;
+ int up_credit;
+ int low_credit;
+ int oth_credit;
+ int min_class;
+ int use_authtok;
+ char prompt_type[BUFSIZ];
+ const char *cracklib_dictpath;
+};
+
+#define CO_RETRY_TIMES 1
+#define CO_DIFF_OK 5
+#define CO_DIFF_IGNORE 23
+#define CO_MIN_LENGTH 9
+# define CO_MIN_LENGTH_BASE 5
+#define CO_DIG_CREDIT 1
+#define CO_UP_CREDIT 1
+#define CO_LOW_CREDIT 1
+#define CO_OTH_CREDIT 1
+#define CO_USE_AUTHTOK 0
+
+static int
+_pam_parse (pam_handle_t *pamh, struct cracklib_options *opt,
+ int argc, const char **argv)
+{
+ int ctrl=0;
+
+ /* step through arguments */
+ for (ctrl=0; argc-- > 0; ++argv) {
+ char *ep = NULL;
+
+ /* generic options */
+
+ if (!strcmp(*argv,"debug"))
+ ctrl |= PAM_DEBUG_ARG;
+ else if (!strncmp(*argv,"type=",5))
+ strncpy(opt->prompt_type, *argv+5, sizeof(opt->prompt_type) - 1);
+ else if (!strncmp(*argv,"retry=",6)) {
+ opt->retry_times = strtol(*argv+6,&ep,10);
+ if (!ep || (opt->retry_times < 1))
+ opt->retry_times = CO_RETRY_TIMES;
+ } else if (!strncmp(*argv,"difok=",6)) {
+ opt->diff_ok = strtol(*argv+6,&ep,10);
+ if (!ep || (opt->diff_ok < 0))
+ opt->diff_ok = CO_DIFF_OK;
+ } else if (!strncmp(*argv,"difignore=",10)) {
+ opt->diff_ignore = strtol(*argv+10,&ep,10);
+ if (!ep || (opt->diff_ignore < 0))
+ opt->diff_ignore = CO_DIFF_IGNORE;
+ } else if (!strncmp(*argv,"minlen=",7)) {
+ opt->min_length = strtol(*argv+7,&ep,10);
+ if (!ep || (opt->min_length < CO_MIN_LENGTH_BASE))
+ opt->min_length = CO_MIN_LENGTH_BASE;
+ } else if (!strncmp(*argv,"dcredit=",8)) {
+ opt->dig_credit = strtol(*argv+8,&ep,10);
+ if (!ep)
+ opt->dig_credit = 0;
+ } else if (!strncmp(*argv,"ucredit=",8)) {
+ opt->up_credit = strtol(*argv+8,&ep,10);
+ if (!ep)
+ opt->up_credit = 0;
+ } else if (!strncmp(*argv,"lcredit=",8)) {
+ opt->low_credit = strtol(*argv+8,&ep,10);
+ if (!ep)
+ opt->low_credit = 0;
+ } else if (!strncmp(*argv,"ocredit=",8)) {
+ opt->oth_credit = strtol(*argv+8,&ep,10);
+ if (!ep)
+ opt->oth_credit = 0;
+ } else if (!strncmp(*argv,"minclass=",9)) {
+ opt->min_class = strtol(*argv+9,&ep,10);
+ if (!ep)
+ opt->min_class = 0;
+ if (opt->min_class > 4)
+ opt->min_class = 4 ;
+ } else if (!strncmp(*argv,"use_authtok",11)) {
+ opt->use_authtok = 1;
+ } else if (!strncmp(*argv,"dictpath=",9)) {
+ opt->cracklib_dictpath = *argv+9;
+ if (!*(opt->cracklib_dictpath)) {
+ opt->cracklib_dictpath = CRACKLIB_DICTS;
+ }
+ } else {
+ pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv);
+ }
+ }
+ opt->prompt_type[sizeof(opt->prompt_type) - 1] = '\0';
+
+ return ctrl;
+}
+
+/* Helper functions */
+
+/* use this to free strings. ESPECIALLY password strings */
+static char *_pam_delete(register char *xx)
+{
+ _pam_overwrite(xx);
+ free(xx);
+ return NULL;
+}
+
+/*
+ * can't be a palindrome - like `R A D A R' or `M A D A M'
+ */
+static int palindrome(const char *new)
+{
+ int i, j;
+
+ i = strlen (new);
+
+ for (j = 0;j < i;j++)
+ if (new[i - j - 1] != new[j])
+ return 0;
+
+ return 1;
+}
+
+/*
+ * Calculate how different two strings are in terms of the number of
+ * character removals, additions, and changes needed to go from one to
+ * the other
+ */
+
+static int distdifferent(const char *old, const char *new,
+ size_t i, size_t j)
+{
+ char c, d;
+
+ if ((i == 0) || (strlen(old) < i)) {
+ c = 0;
+ } else {
+ c = old[i - 1];
+ }
+ if ((j == 0) || (strlen(new) < j)) {
+ d = 0;
+ } else {
+ d = new[j - 1];
+ }
+ return (c != d);
+}
+
+static int distcalculate(int **distances, const char *old, const char *new,
+ size_t i, size_t j)
+{
+ int tmp = 0;
+
+ if (distances[i][j] != -1) {
+ return distances[i][j];
+ }
+
+ tmp = distcalculate(distances, old, new, i - 1, j - 1);
+ tmp = MIN(tmp, distcalculate(distances, old, new, i, j - 1));
+ tmp = MIN(tmp, distcalculate(distances, old, new, i - 1, j));
+ tmp += distdifferent(old, new, i, j);
+
+ distances[i][j] = tmp;
+
+ return tmp;
+}
+
+static int distance(const char *old, const char *new)
+{
+ int **distances = NULL;
+ size_t m, n, i, j, r;
+
+ m = strlen(old);
+ n = strlen(new);
+ distances = malloc(sizeof(int*) * (m + 1));
+
+ for (i = 0; i <= m; i++) {
+ distances[i] = malloc(sizeof(int) * (n + 1));
+ for(j = 0; j <= n; j++) {
+ distances[i][j] = -1;
+ }
+ }
+ for (i = 0; i <= m; i++) {
+ distances[i][0] = i;
+ }
+ for (j = 0; j <= n; j++) {
+ distances[0][j] = j;
+ }
+ distances[0][0] = 0;
+
+ r = distcalculate(distances, old, new, m, n);
+
+ for (i = 0; i <= m; i++) {
+ memset(distances[i], 0, sizeof(int) * (n + 1));
+ free(distances[i]);
+ }
+ free(distances);
+
+ return r;
+}
+
+static int similar(struct cracklib_options *opt,
+ const char *old, const char *new)
+{
+ if (distance(old, new) >= opt->diff_ok) {
+ return 0;
+ }
+
+ if (strlen(new) >= (strlen(old) * 2)) {
+ return 0;
+ }
+
+ /* passwords are too similar */
+ return 1;
+}
+
+/*
+ * enough classes of charecters
+ */
+
+static int minclass (struct cracklib_options *opt,
+ const char *new)
+{
+ int digits = 0;
+ int uppers = 0;
+ int lowers = 0;
+ int others = 0;
+ int total_class;
+ int i;
+ int retval;
+
+ D(( "called" ));
+ for (i = 0; new[i]; i++)
+ {
+ if (isdigit (new[i]))
+ digits = 1;
+ else if (isupper (new[i]))
+ uppers = 1;
+ else if (islower (new[i]))
+ lowers = 1;
+ else
+ others = 1;
+ }
+
+ total_class = digits + uppers + lowers + others;
+
+ D (("total class: %d\tmin_class: %d", total_class, opt->min_class));
+
+ if (total_class >= opt->min_class)
+ retval = 0;
+ else
+ retval = 1;
+
+ return retval;
+}
+
+
+/*
+ * a nice mix of characters.
+ */
+static int simple(struct cracklib_options *opt, const char *new)
+{
+ int digits = 0;
+ int uppers = 0;
+ int lowers = 0;
+ int others = 0;
+ int size;
+ int i;
+
+ for (i = 0;new[i];i++) {
+ if (isdigit (new[i]))
+ digits++;
+ else if (isupper (new[i]))
+ uppers++;
+ else if (islower (new[i]))
+ lowers++;
+ else
+ others++;
+ }
+
+ /*
+ * The scam was this - a password of only one character type
+ * must be 8 letters long. Two types, 7, and so on.
+ * This is now changed, the base size and the credits or defaults
+ * see the docs on the module for info on these parameters, the
+ * defaults cause the effect to be the same as before the change
+ */
+
+ if ((opt->dig_credit >= 0) && (digits > opt->dig_credit))
+ digits = opt->dig_credit;
+
+ if ((opt->up_credit >= 0) && (uppers > opt->up_credit))
+ uppers = opt->up_credit;
+
+ if ((opt->low_credit >= 0) && (lowers > opt->low_credit))
+ lowers = opt->low_credit;
+
+ if ((opt->oth_credit >= 0) && (others > opt->oth_credit))
+ others = opt->oth_credit;
+
+ size = opt->min_length;
+
+ if (opt->dig_credit >= 0)
+ size -= digits;
+ else if (digits < opt->dig_credit * -1)
+ return 1;
+
+ if (opt->up_credit >= 0)
+ size -= uppers;
+ else if (uppers < opt->up_credit * -1)
+ return 1;
+
+ if (opt->low_credit >= 0)
+ size -= lowers;
+ else if (lowers < opt->low_credit * -1)
+ return 1;
+
+ if (opt->oth_credit >= 0)
+ size -= others;
+ else if (others < opt->oth_credit * -1)
+ return 1;
+
+ if (size <= i)
+ return 0;
+
+ return 1;
+}
+
+static char * str_lower(char *string)
+{
+ char *cp;
+
+ for (cp = string; *cp; cp++)
+ *cp = tolower(*cp);
+ return string;
+}
+
+static const char *password_check(struct cracklib_options *opt,
+ const char *old, const char *new)
+{
+ const char *msg = NULL;
+ char *oldmono = NULL, *newmono, *wrapped = NULL;
+
+ if (old && strcmp(new, old) == 0) {
+ msg = _("is the same as the old one");
+ return msg;
+ }
+
+ newmono = str_lower(x_strdup(new));
+ if (old) {
+ oldmono = str_lower(x_strdup(old));
+ wrapped = malloc(strlen(oldmono) * 2 + 1);
+ strcpy (wrapped, oldmono);
+ strcat (wrapped, oldmono);
+ }
+
+ if (palindrome(newmono))
+ msg = _("is a palindrome");
+
+ if (!msg && oldmono && strcmp(oldmono, newmono) == 0)
+ msg = _("case changes only");
+
+ if (!msg && oldmono && similar(opt, oldmono, newmono))
+ msg = _("is too similar to the old one");
+
+ if (!msg && simple(opt, new))
+ msg = _("is too simple");
+
+ if (!msg && wrapped && strstr(wrapped, newmono))
+ msg = _("is rotated");
+
+ if (!msg && minclass (opt, new))
+ msg = _("not enough character classes");
+
+ memset(newmono, 0, strlen(newmono));
+ free(newmono);
+ if (old) {
+ memset(oldmono, 0, strlen(oldmono));
+ memset(wrapped, 0, strlen(wrapped));
+ free(oldmono);
+ free(wrapped);
+ }
+
+ return msg;
+}
+
+
+#define OLD_PASSWORDS_FILE "/etc/security/opasswd"
+
+static const char * check_old_password(const char *forwho, const char *newpass)
+{
+ static char buf[16384];
+ char *s_luser, *s_uid, *s_npas, *s_pas;
+ const char *msg = NULL;
+ FILE *opwfile;
+
+ opwfile = fopen(OLD_PASSWORDS_FILE, "r");
+ if (opwfile == NULL)
+ return NULL;
+
+ while (fgets(buf, 16380, opwfile)) {
+ if (!strncmp(buf, forwho, strlen(forwho))) {
+ char *sptr;
+ buf[strlen(buf)-1] = '\0';
+ s_luser = strtok_r(buf, ":,", &sptr);
+ s_uid = strtok_r(NULL, ":,", &sptr);
+ s_npas = strtok_r(NULL, ":,", &sptr);
+ s_pas = strtok_r(NULL, ":,", &sptr);
+ while (s_pas != NULL) {
+ if (!strcmp(crypt(newpass, s_pas), s_pas)) {
+ msg = _("has been already used");
+ break;
+ }
+ s_pas = strtok_r(NULL, ":,", &sptr);
+ }
+ break;
+ }
+ }
+ fclose(opwfile);
+
+ return msg;
+}
+
+
+static int _pam_unix_approve_pass(pam_handle_t *pamh,
+ unsigned int ctrl,
+ struct cracklib_options *opt,
+ const char *pass_old,
+ const char *pass_new)
+{
+ const char *msg = NULL;
+ const void *user;
+ int retval;
+
+ if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) {
+ if (ctrl & PAM_DEBUG_ARG)
+ pam_syslog(pamh, LOG_DEBUG, "bad authentication token");
+ pam_error(pamh, "%s", pass_new == NULL ?
+ _("No password supplied"):_("Password unchanged"));
+ return PAM_AUTHTOK_ERR;
+ }
+
+ /*
+ * if one wanted to hardwire authentication token strength
+ * checking this would be the place
+ */
+ msg = password_check(opt, pass_old, pass_new);
+ if (!msg) {
+ retval = pam_get_item(pamh, PAM_USER, &user);
+ if (retval != PAM_SUCCESS || user == NULL) {
+ if (ctrl & PAM_DEBUG_ARG)
+ pam_syslog(pamh,LOG_ERR,"Can not get username");
+ return PAM_AUTHTOK_ERR;
+ }
+ msg = check_old_password(user, pass_new);
+ }
+
+ if (msg) {
+ if (ctrl & PAM_DEBUG_ARG)
+ pam_syslog(pamh, LOG_NOTICE,
+ "new passwd fails strength check: %s", msg);
+ pam_error(pamh, _("BAD PASSWORD: %s"), msg);
+ return PAM_AUTHTOK_ERR;
+ };
+ return PAM_SUCCESS;
+
+}
+
+/* The Main Thing (by Cristian Gafton, CEO at this module :-)
+ * (stolen from http://home.netscape.com)
+ */
+PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
+ int argc, const char **argv)
+{
+ unsigned int ctrl;
+ struct cracklib_options options;
+
+ D(("called."));
+
+ memset(&options, 0, sizeof(options));
+ options.retry_times = CO_RETRY_TIMES;
+ options.diff_ok = CO_DIFF_OK;
+ options.diff_ignore = CO_DIFF_IGNORE;
+ options.min_length = CO_MIN_LENGTH;
+ options.dig_credit = CO_DIG_CREDIT;
+ options.up_credit = CO_UP_CREDIT;
+ options.low_credit = CO_LOW_CREDIT;
+ options.oth_credit = CO_OTH_CREDIT;
+ options.use_authtok = CO_USE_AUTHTOK;
+ memset(options.prompt_type, 0, BUFSIZ);
+ strcpy(options.prompt_type,"UNIX");
+ options.cracklib_dictpath = CRACKLIB_DICTS;
+
+ ctrl = _pam_parse(pamh, &options, argc, argv);
+
+ if (flags & PAM_PRELIM_CHECK) {
+ /* Check for passwd dictionary */
+ /* We cannot do that, since the original path is compiled
+ into the cracklib library and we don't know it. */
+ return PAM_SUCCESS;
+ } else if (flags & PAM_UPDATE_AUTHTOK) {
+ int retval;
+ char *token1, *token2, *resp;
+ const void *oldtoken;
+
+ D(("do update"));
+ retval = pam_get_item(pamh, PAM_OLDAUTHTOK, &oldtoken);
+ if (retval != PAM_SUCCESS) {
+ if (ctrl & PAM_DEBUG_ARG)
+ pam_syslog(pamh,LOG_ERR,"Can not get old passwd");
+ oldtoken=NULL;
+ retval = PAM_SUCCESS;
+ }
+
+ do {
+ /*
+ * make sure nothing inappropriate gets returned
+ */
+ token1 = token2 = NULL;
+
+ if (!options.retry_times) {
+ D(("returning %s because maxtries reached",
+ pam_strerror(pamh, retval)));
+ return retval;
+ }
+
+ /* Planned modus operandi:
+ * Get a passwd.
+ * Verify it against cracklib.
+ * If okay get it a second time.
+ * Check to be the same with the first one.
+ * set PAM_AUTHTOK and return
+ */
+
+ if (options.use_authtok == 1) {
+ const void *item = NULL;
+
+ retval = pam_get_item(pamh, PAM_AUTHTOK, &item);
+ if (retval != PAM_SUCCESS) {
+ /* very strange. */
+ pam_syslog(pamh, LOG_ALERT,
+ "pam_get_item returned error to pam_cracklib");
+ } else if (item != NULL) { /* we have a password! */
+ token1 = x_strdup(item);
+ item = NULL;
+ } else {
+ retval = PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */
+ }
+
+ } else {
+ /* Prepare to ask the user for the first time */
+ resp = NULL;
+ retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp,
+ PROMPT1, options.prompt_type,
+ options.prompt_type[0]?" ":"");
+
+ if (retval == PAM_SUCCESS) { /* a good conversation */
+ token1 = resp;
+ if (token1 == NULL) {
+ pam_syslog(pamh, LOG_NOTICE,
+ "could not recover authentication token 1");
+ retval = PAM_AUTHTOK_RECOVERY_ERR;
+ }
+ } else {
+ retval = (retval == PAM_SUCCESS) ?
+ PAM_AUTHTOK_RECOVERY_ERR:retval ;
+ }
+ }
+
+ if (retval != PAM_SUCCESS) {
+ if (ctrl & PAM_DEBUG_ARG)
+ pam_syslog(pamh,LOG_DEBUG,"unable to obtain a password");
+ continue;
+ }
+
+ D(("testing password, retval = %s", pam_strerror(pamh, retval)));
+ /* now test this passwd against cracklib */
+ {
+ const char *crack_msg;
+
+ D(("against cracklib"));
+ if ((crack_msg = FascistCheck(token1,options.cracklib_dictpath))) {
+ if (ctrl & PAM_DEBUG_ARG)
+ pam_syslog(pamh,LOG_DEBUG,"bad password: %s",crack_msg);
+ pam_error(pamh, _("BAD PASSWORD: %s"), crack_msg);
+ if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
+ retval = PAM_AUTHTOK_ERR;
+ else
+ retval = PAM_SUCCESS;
+ } else {
+ /* check it for strength too... */
+ D(("for strength"));
+ retval = _pam_unix_approve_pass (pamh, ctrl, &options,
+ oldtoken, token1);
+ if (retval != PAM_SUCCESS) {
+ if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
+ retval = PAM_AUTHTOK_ERR;
+ else
+ retval = PAM_SUCCESS;
+ }
+ }
+ }
+
+ D(("after testing: retval = %s", pam_strerror(pamh, retval)));
+ /* if cracklib/strength check said it is a bad passwd... */
+ if ((retval != PAM_SUCCESS) && (retval != PAM_IGNORE)) {
+ int temp_unused;
+
+ temp_unused = pam_set_item(pamh, PAM_AUTHTOK, NULL);
+ token1 = _pam_delete(token1);
+ continue;
+ }
+
+ /* Now we have a good passwd. Ask for it once again */
+
+ if (options.use_authtok == 0) {
+ resp = NULL;
+ retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp,
+ PROMPT2, options.prompt_type,
+ options.prompt_type[0]?" ":"");
+ if (retval == PAM_SUCCESS) { /* a good conversation */
+ token2 = resp;
+ if (token2 == NULL) {
+ pam_syslog(pamh,LOG_NOTICE,
+ "could not recover authentication token 2");
+ retval = PAM_AUTHTOK_RECOVERY_ERR;
+ }
+ }
+
+ /* No else, the a retval == PAM_SUCCESS path can change retval
+ to a failure code. */
+ if (retval != PAM_SUCCESS) {
+ if (ctrl & PAM_DEBUG_ARG)
+ pam_syslog(pamh,LOG_DEBUG,"unable to obtain retyped password");
+ continue;
+ }
+
+ /* Hopefully now token1 and token2 the same password ... */
+ if (strcmp(token1,token2) != 0) {
+ /* tell the user */
+ pam_error(pamh, "%s", MISTYPED_PASS);
+ token1 = _pam_delete(token1);
+ token2 = _pam_delete(token2);
+ pam_set_item(pamh, PAM_AUTHTOK, NULL);
+ if (ctrl & PAM_DEBUG_ARG)
+ pam_syslog(pamh,LOG_NOTICE,"Password mistyped");
+ retval = PAM_AUTHTOK_RECOVERY_ERR;
+ continue;
+ }
+
+ /* Yes, the password was typed correct twice
+ * we store this password as an item
+ */
+
+ {
+ const void *item = NULL;
+
+ retval = pam_set_item(pamh, PAM_AUTHTOK, token1);
+
+ /* clean up */
+ token1 = _pam_delete(token1);
+ token2 = _pam_delete(token2);
+
+ if ( (retval != PAM_SUCCESS) ||
+ ((retval = pam_get_item(pamh, PAM_AUTHTOK, &item)
+ ) != PAM_SUCCESS) ) {
+ pam_syslog(pamh, LOG_CRIT, "error manipulating password");
+ continue;
+ }
+ item = NULL; /* break link to password */
+ return PAM_SUCCESS;
+ }
+ }
+
+ } while (options.retry_times--);
+
+ } else {
+ if (ctrl & PAM_DEBUG_ARG)
+ pam_syslog(pamh, LOG_NOTICE, "UNKNOWN flags setting %02X",flags);
+ return PAM_SERVICE_ERR;
+ }
+
+ /* Not reached */
+ return PAM_SERVICE_ERR;
+}
+
+
+
+#ifdef PAM_STATIC
+/* static module data */
+struct pam_module _pam_cracklib_modstruct = {
+ "pam_cracklib",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ pam_sm_chauthtok
+};
+#endif
+
+/*
+ * Copyright (c) Cristian Gafton <gafton@redhat.com>, 1996.
+ * All rights reserved
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * The following copyright was appended for the long password support
+ * added with the libpam 0.58 release:
+ *
+ * Modificaton Copyright (c) Philip W. Dalrymple III <pwd@mdtsoft.com>
+ * 1997. All rights reserved
+ *
+ * THE MODIFICATION THAT PROVIDES SUPPORT FOR LONG PASSWORD TYPE CHECKING TO
+ * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
diff --git a/modules/pam_cracklib/tst-pam_cracklib b/modules/pam_cracklib/tst-pam_cracklib
new file mode 100755
index 00000000..46a7060d
--- /dev/null
+++ b/modules/pam_cracklib/tst-pam_cracklib
@@ -0,0 +1,2 @@
+#!/bin/sh
+../../tests/tst-dlopen .libs/pam_cracklib.so
diff --git a/modules/pam_debug/Makefile.am b/modules/pam_debug/Makefile.am
new file mode 100644
index 00000000..0b798516
--- /dev/null
+++ b/modules/pam_debug/Makefile.am
@@ -0,0 +1,31 @@
+#
+# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@thkukuk.de>
+#
+
+CLEANFILES = *~
+
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_debug
+
+man_MANS = pam_debug.8
+XMLS = README.xml pam_debug.8.xml
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -no-undefined -avoid-version -module
+if HAVE_VERSIONING
+ AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+
+securelib_LTLIBRARIES = pam_debug.la
+pam_debug_la_LIBADD = -L$(top_builddir)/libpam -lpam
+
+TESTS = tst-pam_debug
+
+if ENABLE_REGENERATE_MAN
+noinst_DATA = README
+README: pam_debug.8.xml
+-include $(top_srcdir)/Make.xml.rules
+endif
+
diff --git a/modules/pam_debug/Makefile.in b/modules/pam_debug/Makefile.in
new file mode 100644
index 00000000..6e1b8bb0
--- /dev/null
+++ b/modules/pam_debug/Makefile.in
@@ -0,0 +1,667 @@
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@thkukuk.de>
+#
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+subdir = modules/pam_debug
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \
+ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"
+securelibLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(securelib_LTLIBRARIES)
+pam_debug_la_DEPENDENCIES =
+pam_debug_la_SOURCES = pam_debug.c
+pam_debug_la_OBJECTS = pam_debug.lo
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = pam_debug.c
+DIST_SOURCES = pam_debug.c
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DATA = $(noinst_DATA)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+FO2PDF = @FO2PDF@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNSL = @LIBNSL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NMEDIT = @NMEDIT@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PAM_READ_BOTH_CONFS = @PAM_READ_BOTH_CONFS@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WITH_DEBUG = @WITH_DEBUG@
+WITH_PAMLOCKING = @WITH_PAMLOCKING@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libc_cv_fpie = @libc_cv_fpie@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+CLEANFILES = *~
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_debug
+man_MANS = pam_debug.8
+XMLS = README.xml pam_debug.8.xml
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
+securelib_LTLIBRARIES = pam_debug.la
+pam_debug_la_LIBADD = -L$(top_builddir)/libpam -lpam
+TESTS = tst-pam_debug
+@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_debug/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu modules/pam_debug/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)"
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(securelibdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(securelibdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-securelibLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$p'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$p"; \
+ done
+
+clean-securelibLTLIBRARIES:
+ -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+pam_debug.la: $(pam_debug_la_OBJECTS) $(pam_debug_la_DEPENDENCIES)
+ $(LINK) -rpath $(securelibdir) $(pam_debug_la_OBJECTS) $(pam_debug_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_debug.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
+installdirs:
+ for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man install-securelibLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES
+
+uninstall-man: uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \
+ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am \
+ install-securelibLTLIBRARIES install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-man uninstall-man8 \
+ uninstall-securelibLTLIBRARIES
+
+@ENABLE_REGENERATE_MAN_TRUE@README: pam_debug.8.xml
+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/modules/pam_debug/README b/modules/pam_debug/README
new file mode 100644
index 00000000..4afff114
--- /dev/null
+++ b/modules/pam_debug/README
@@ -0,0 +1,64 @@
+pam_debug — PAM module to debug the PAM stack
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+The pam_debug PAM module is intended as a debugging aide for determining how
+the PAM stack is operating. This module returns what its module arguments tell
+it to return.
+
+OPTIONS
+
+auth=value
+
+ The pam_sm_authenticate(3) function will return value.
+
+cred=value
+
+ The pam_sm_setcred(3) function will return value.
+
+acct=value
+
+ The pam_sm_acct_mgmt(3) function will return value.
+
+prechauthtok=value
+
+ The pam_sm_chauthtok(3) function will return value if the PAM_PRELIM_CHECK
+ flag is set.
+
+chauthtok=value
+
+ The pam_sm_chauthtok(3) function will return value if the PAM_PRELIM_CHECK
+ flag is not set.
+
+open_session=value
+
+ The pam_sm_open_session(3) function will return value.
+
+close_session=value
+
+ The pam_sm_close_session(3) function will return value.
+
+Where value can be one of: success, open_err, symbol_err, service_err,
+system_err, buf_err, perm_denied, auth_err, cred_insufficient,
+authinfo_unavail, user_unknown, maxtries, new_authtok_reqd, acct_expired,
+session_err, cred_unavail, cred_expired, cred_err, no_module_data, conv_err,
+authtok_err, authtok_recover_err, authtok_lock_busy, authtok_disable_aging,
+try_again, ignore, abort, authtok_expired, module_unknown, bad_item,
+conv_again, incomplete.
+
+EXAMPLES
+
+auth requisite pam_permit.so
+auth [success=2 default=ok] pam_debug.so auth=perm_denied cred=success
+auth [default=reset] pam_debug.so auth=success cred=perm_denied
+auth [success=done default=die] pam_debug.so
+auth optional pam_debug.so auth=perm_denied cred=perm_denied
+auth sufficient pam_debug.so auth=success cred=success
+
+
+AUTHOR
+
+pam_debug was written by Andrew G. Morgan <morgan@kernel.org>.
+
diff --git a/modules/pam_debug/README.xml b/modules/pam_debug/README.xml
new file mode 100644
index 00000000..ef41911b
--- /dev/null
+++ b/modules/pam_debug/README.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_debug.8.xml">
+-->
+]>
+
+<article>
+
+ <articleinfo>
+
+ <title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_debug.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_debug-name"]/*)'/>
+ </title>
+
+ </articleinfo>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_debug.8.xml" xpointer='xpointer(//refsect1[@id = "pam_debug-description"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_debug.8.xml" xpointer='xpointer(//refsect1[@id = "pam_debug-options"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_debug.8.xml" xpointer='xpointer(//refsect1[@id = "pam_debug-examples"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_debug.8.xml" xpointer='xpointer(//refsect1[@id = "pam_debug-author"]/*)'/>
+ </section>
+
+</article>
diff --git a/modules/pam_debug/pam_debug.8 b/modules/pam_debug/pam_debug.8
new file mode 100644
index 00000000..4d0a9091
--- /dev/null
+++ b/modules/pam_debug/pam_debug.8
@@ -0,0 +1,126 @@
+.\" Title: pam_debug
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
+.\" Date: 04/16/2008
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\"
+.TH "PAM_DEBUG" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_debug - PAM module to debug the PAM stack
+.SH "SYNOPSIS"
+.HP 13
+\fBpam_debug\.so\fR [auth=\fIvalue\fR] [cred=\fIvalue\fR] [acct=\fIvalue\fR] [prechauthtok=\fIvalue\fR] [chauthtok=\fIvalue\fR] [auth=\fIvalue\fR] [open_session=\fIvalue\fR] [close_session=\fIvalue\fR]
+.SH "DESCRIPTION"
+.PP
+The pam_debug PAM module is intended as a debugging aide for determining how the PAM stack is operating\. This module returns what its module arguments tell it to return\.
+.SH "OPTIONS"
+.PP
+\fBauth=\fR\fB\fIvalue\fR\fR
+.RS 4
+The
+\fBpam_sm_authenticate\fR(3)
+function will return
+\fIvalue\fR\.
+.RE
+.PP
+\fBcred=\fR\fB\fIvalue\fR\fR
+.RS 4
+The
+\fBpam_sm_setcred\fR(3)
+function will return
+\fIvalue\fR\.
+.RE
+.PP
+\fBacct=\fR\fB\fIvalue\fR\fR
+.RS 4
+The
+\fBpam_sm_acct_mgmt\fR(3)
+function will return
+\fIvalue\fR\.
+.RE
+.PP
+\fBprechauthtok=\fR\fB\fIvalue\fR\fR
+.RS 4
+The
+\fBpam_sm_chauthtok\fR(3)
+function will return
+\fIvalue\fR
+if the
+\fIPAM_PRELIM_CHECK\fR
+flag is set\.
+.RE
+.PP
+\fBchauthtok=\fR\fB\fIvalue\fR\fR
+.RS 4
+The
+\fBpam_sm_chauthtok\fR(3)
+function will return
+\fIvalue\fR
+if the
+\fIPAM_PRELIM_CHECK\fR
+flag is
+\fBnot\fR
+set\.
+.RE
+.PP
+\fBopen_session=\fR\fB\fIvalue\fR\fR
+.RS 4
+The
+\fBpam_sm_open_session\fR(3)
+function will return
+\fIvalue\fR\.
+.RE
+.PP
+\fBclose_session=\fR\fB\fIvalue\fR\fR
+.RS 4
+The
+\fBpam_sm_close_session\fR(3)
+function will return
+\fIvalue\fR\.
+.RE
+.PP
+Where
+\fIvalue\fR
+can be one of: success, open_err, symbol_err, service_err, system_err, buf_err, perm_denied, auth_err, cred_insufficient, authinfo_unavail, user_unknown, maxtries, new_authtok_reqd, acct_expired, session_err, cred_unavail, cred_expired, cred_err, no_module_data, conv_err, authtok_err, authtok_recover_err, authtok_lock_busy, authtok_disable_aging, try_again, ignore, abort, authtok_expired, module_unknown, bad_item, conv_again, incomplete\.
+.SH "MODULE SERVICES PROVIDED"
+.PP
+The services
+\fBauth\fR,
+\fBaccount\fR,
+\fBpassword\fR
+and
+\fBsession\fR
+are supported\.
+.SH "RETURN VALUES"
+.PP
+PAM_SUCCESS
+.RS 4
+Default return code if no other value was specified, else specified return value\.
+.RE
+.SH "EXAMPLES"
+.sp
+.RS 4
+.nf
+auth requisite pam_permit\.so
+auth [success=2 default=ok] pam_debug\.so auth=perm_denied cred=success
+auth [default=reset] pam_debug\.so auth=success cred=perm_denied
+auth [success=done default=die] pam_debug\.so
+auth optional pam_debug\.so auth=perm_denied cred=perm_denied
+auth sufficient pam_debug\.so auth=success cred=success
+
+.fi
+.RE
+.SH "SEE ALSO"
+.PP
+
+\fBpam.conf\fR(5),
+\fBpam.d\fR(8),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_debug was written by Andrew G\. Morgan <morgan@kernel\.org>\.
diff --git a/modules/pam_debug/pam_debug.8.xml b/modules/pam_debug/pam_debug.8.xml
new file mode 100644
index 00000000..65519852
--- /dev/null
+++ b/modules/pam_debug/pam_debug.8.xml
@@ -0,0 +1,231 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_debug">
+
+ <refmeta>
+ <refentrytitle>pam_debug</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_debug-name">
+ <refname>pam_debug</refname>
+ <refpurpose>PAM module to debug the PAM stack</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis id="pam_debug-cmdsynopsis">
+ <command>pam_debug.so</command>
+ <arg choice="opt">
+ auth=<replaceable>value</replaceable>
+ </arg>
+ <arg choice="opt">
+ cred=<replaceable>value</replaceable>
+ </arg>
+ <arg choice="opt">
+ acct=<replaceable>value</replaceable>
+ </arg>
+ <arg choice="opt">
+ prechauthtok=<replaceable>value</replaceable>
+ </arg>
+ <arg choice="opt">
+ chauthtok=<replaceable>value</replaceable>
+ </arg>
+ <arg choice="opt">
+ auth=<replaceable>value</replaceable>
+ </arg>
+ <arg choice="opt">
+ open_session=<replaceable>value</replaceable>
+ </arg>
+ <arg choice="opt">
+ close_session=<replaceable>value</replaceable>
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id="pam_debug-description">
+ <title>DESCRIPTION</title>
+ <para>
+ The pam_debug PAM module is intended as a debugging aide for
+ determining how the PAM stack is operating. This module returns
+ what its module arguments tell it to return.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_debug-options">
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>auth=<replaceable>value</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_sm_authenticate</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> function will return
+ <replaceable>value</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>cred=<replaceable>value</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_sm_setcred</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> function will return
+ <replaceable>value</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>acct=<replaceable>value</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_sm_acct_mgmt</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> function will return
+ <replaceable>value</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>prechauthtok=<replaceable>value</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> function will return
+ <replaceable>value</replaceable> if the
+ <emphasis>PAM_PRELIM_CHECK</emphasis> flag is set.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>chauthtok=<replaceable>value</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> function will return
+ <replaceable>value</replaceable> if the
+ <emphasis>PAM_PRELIM_CHECK</emphasis> flag is
+ <emphasis remap='B'>not</emphasis> set.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>open_session=<replaceable>value</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_sm_open_session</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> function will return
+ <replaceable>value</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>close_session=<replaceable>value</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_sm_close_session</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> function will return
+ <replaceable>value</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <para>
+ Where <replaceable>value</replaceable> can be one of: success,
+ open_err, symbol_err, service_err, system_err, buf_err, perm_denied,
+ auth_err, cred_insufficient, authinfo_unavail, user_unknown,
+ maxtries, new_authtok_reqd, acct_expired, session_err, cred_unavail,
+ cred_expired, cred_err, no_module_data, conv_err, authtok_err,
+ authtok_recover_err, authtok_lock_busy, authtok_disable_aging,
+ try_again, ignore, abort, authtok_expired, module_unknown,
+ bad_item, conv_again, incomplete.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_debug-services">
+ <title>MODULE SERVICES PROVIDED</title>
+ <para>
+ The services <option>auth</option>, <option>account</option>,
+ <option>password</option> and <option>session</option> are supported.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_debug-return_values'>
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ Default return code if no other value was specified,
+ else specified return value.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_debug-examples'>
+ <title>EXAMPLES</title>
+ <programlisting>
+auth requisite pam_permit.so
+auth [success=2 default=ok] pam_debug.so auth=perm_denied cred=success
+auth [default=reset] pam_debug.so auth=success cred=perm_denied
+auth [success=done default=die] pam_debug.so
+auth optional pam_debug.so auth=perm_denied cred=perm_denied
+auth sufficient pam_debug.so auth=success cred=success
+ </programlisting>
+ </refsect1>
+
+ <refsect1 id='pam_debug-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_debug-author'>
+ <title>AUTHOR</title>
+ <para>
+ pam_debug was written by Andrew G. Morgan &lt;morgan@kernel.org&gt;.
+ </para>
+ </refsect1>
+
+</refentry>
diff --git a/modules/pam_debug/pam_debug.c b/modules/pam_debug/pam_debug.c
new file mode 100644
index 00000000..b0f5bf59
--- /dev/null
+++ b/modules/pam_debug/pam_debug.c
@@ -0,0 +1,167 @@
+/* pam_permit module */
+
+/*
+ * $Id: pam_debug.c,v 1.5 2006/01/24 09:42:46 kukuk Exp $
+ *
+ * Written by Andrew Morgan <morgan@kernel.org> 2001/02/04
+ *
+ */
+
+#define DEFAULT_USER "nobody"
+
+#include "config.h"
+
+#include <stdio.h>
+
+/*
+ * This module is intended as a debugging aide for determining how
+ * the PAM stack is operating.
+ *
+ * here, we make definitions for the externally accessible functions
+ * in this file (these definitions are required for static modules
+ * but strongly encouraged generally) they are used to instruct the
+ * modules include file to define their prototypes.
+ */
+
+#define PAM_SM_AUTH
+#define PAM_SM_ACCOUNT
+#define PAM_SM_SESSION
+#define PAM_SM_PASSWORD
+
+#include <security/pam_modules.h>
+#include <security/_pam_macros.h>
+#include <security/pam_ext.h>
+
+#define _PAM_ACTION_UNDEF (-10)
+#include "../../libpam/pam_tokens.h"
+
+/* --- authentication management functions --- */
+
+static int state(pam_handle_t *pamh, const char *text)
+{
+ int retval;
+
+ retval = pam_info (pamh, "%s", text);
+
+ if (retval != PAM_SUCCESS) {
+ D(("pam_info failed"));
+ }
+
+ return retval;
+}
+
+static int parse_args(int retval, const char *event,
+ pam_handle_t *pamh, int argc, const char **argv)
+{
+ int i;
+
+ for (i=0; i<argc; ++i) {
+ int length = strlen(event);
+ if (!strncmp(event, argv[i], length) && (argv[i][length] == '=')) {
+ int j;
+ const char *return_string = argv[i] + (length+1);
+
+ for (j=0; j<_PAM_RETURN_VALUES; ++j) {
+ if (!strcmp(return_string, _pam_token_returns[j])) {
+ retval = j;
+ state(pamh, argv[i]);
+ break;
+ }
+ }
+ break;
+ }
+ }
+
+ return retval;
+}
+
+PAM_EXTERN
+int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ int retval;
+ const char *user=NULL;
+
+ /*
+ * authentication requires we know who the user wants to be
+ */
+ retval = pam_get_user(pamh, &user, NULL);
+ if (retval != PAM_SUCCESS) {
+ D(("get user returned error: %s", pam_strerror(pamh,retval)));
+ return retval;
+ }
+ if (user == NULL || *user == '\0') {
+ D(("username not known"));
+ retval = pam_set_item(pamh, PAM_USER, (const void *) DEFAULT_USER);
+ if (retval != PAM_SUCCESS)
+ return retval;
+ }
+ user = NULL; /* clean up */
+
+ retval = parse_args(PAM_SUCCESS, "auth", pamh, argc, argv);
+
+ return retval;
+}
+
+PAM_EXTERN
+int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ return parse_args(PAM_SUCCESS, "cred", pamh, argc, argv);
+}
+
+/* --- account management functions --- */
+
+PAM_EXTERN
+int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ return parse_args(PAM_SUCCESS, "acct", pamh, argc, argv);
+}
+
+/* --- password management --- */
+
+PAM_EXTERN
+int pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ if (flags & PAM_PRELIM_CHECK) {
+ return parse_args(PAM_SUCCESS, "prechauthtok", pamh, argc, argv);
+ } else {
+ return parse_args(PAM_SUCCESS, "chauthtok", pamh, argc, argv);
+ }
+}
+
+/* --- session management --- */
+
+PAM_EXTERN
+int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ return parse_args(PAM_SUCCESS, "open_session", pamh, argc, argv);
+}
+
+PAM_EXTERN
+int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ return parse_args(PAM_SUCCESS, "close_session", pamh, argc, argv);
+}
+
+/* end of module definition */
+
+#ifdef PAM_STATIC
+
+/* static module data */
+
+struct pam_module _pam_debug_modstruct = {
+ "pam_debug",
+ pam_sm_authenticate,
+ pam_sm_setcred,
+ pam_sm_acct_mgmt,
+ pam_sm_open_session,
+ pam_sm_close_session,
+ pam_sm_chauthtok
+};
+
+#endif
diff --git a/modules/pam_debug/tst-pam_debug b/modules/pam_debug/tst-pam_debug
new file mode 100755
index 00000000..f07ff640
--- /dev/null
+++ b/modules/pam_debug/tst-pam_debug
@@ -0,0 +1,2 @@
+#!/bin/sh
+../../tests/tst-dlopen .libs/pam_debug.so
diff --git a/modules/pam_deny/Makefile.am b/modules/pam_deny/Makefile.am
new file mode 100644
index 00000000..94b5f0f6
--- /dev/null
+++ b/modules/pam_deny/Makefile.am
@@ -0,0 +1,34 @@
+#
+# Copyright (c) 2005 Thorsten Kukuk <kukuk@suse.de>
+#
+
+CLEANFILES = *~
+
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_deny
+
+man_MANS = pam_deny.8
+
+XMLS = README.xml pam_deny.8.xml
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -no-undefined -avoid-version -module
+if HAVE_VERSIONING
+ AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+
+securelib_LTLIBRARIES = pam_deny.la
+pam_deny_la_LIBADD = -L$(top_builddir)/libpam -lpam
+
+if ENABLE_REGENERATE_MAN
+
+noinst_DATA = README
+
+README: pam_deny.8.xml
+
+-include $(top_srcdir)/Make.xml.rules
+endif
+
+TESTS = tst-pam_deny
diff --git a/modules/pam_deny/Makefile.in b/modules/pam_deny/Makefile.in
new file mode 100644
index 00000000..17cecda4
--- /dev/null
+++ b/modules/pam_deny/Makefile.in
@@ -0,0 +1,669 @@
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2005 Thorsten Kukuk <kukuk@suse.de>
+#
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+subdir = modules/pam_deny
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \
+ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"
+securelibLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(securelib_LTLIBRARIES)
+pam_deny_la_DEPENDENCIES =
+pam_deny_la_SOURCES = pam_deny.c
+pam_deny_la_OBJECTS = pam_deny.lo
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = pam_deny.c
+DIST_SOURCES = pam_deny.c
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DATA = $(noinst_DATA)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+FO2PDF = @FO2PDF@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNSL = @LIBNSL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NMEDIT = @NMEDIT@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PAM_READ_BOTH_CONFS = @PAM_READ_BOTH_CONFS@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WITH_DEBUG = @WITH_DEBUG@
+WITH_PAMLOCKING = @WITH_PAMLOCKING@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libc_cv_fpie = @libc_cv_fpie@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+CLEANFILES = *~
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_deny
+man_MANS = pam_deny.8
+XMLS = README.xml pam_deny.8.xml
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
+securelib_LTLIBRARIES = pam_deny.la
+pam_deny_la_LIBADD = -L$(top_builddir)/libpam -lpam
+@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+TESTS = tst-pam_deny
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_deny/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu modules/pam_deny/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)"
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(securelibdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(securelibdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-securelibLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$p'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$p"; \
+ done
+
+clean-securelibLTLIBRARIES:
+ -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+pam_deny.la: $(pam_deny_la_OBJECTS) $(pam_deny_la_DEPENDENCIES)
+ $(LINK) -rpath $(securelibdir) $(pam_deny_la_OBJECTS) $(pam_deny_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_deny.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
+installdirs:
+ for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man install-securelibLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES
+
+uninstall-man: uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \
+ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am \
+ install-securelibLTLIBRARIES install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-man uninstall-man8 \
+ uninstall-securelibLTLIBRARIES
+
+
+@ENABLE_REGENERATE_MAN_TRUE@README: pam_deny.8.xml
+
+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/modules/pam_deny/README b/modules/pam_deny/README
new file mode 100644
index 00000000..6b3a86f8
--- /dev/null
+++ b/modules/pam_deny/README
@@ -0,0 +1,31 @@
+pam_deny — The locking-out PAM module
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+This module can be used to deny access. It always indicates a failure to the
+application through the PAM framework. It might be suitable for using for
+default (the OTHER) entries.
+
+EXAMPLES
+
+#%PAM-1.0
+#
+# If we don't have config entries for a service, the
+# OTHER entries are used. To be secure, warn and deny
+# access to everything.
+other auth required pam_warn.so
+other auth required pam_deny.so
+other account required pam_warn.so
+other account required pam_deny.so
+other password required pam_warn.so
+other password required pam_deny.so
+other session required pam_warn.so
+other session required pam_deny.so
+
+
+AUTHOR
+
+pam_deny was written by Andrew G. Morgan <morgan@kernel.org>
+
diff --git a/modules/pam_deny/README.xml b/modules/pam_deny/README.xml
new file mode 100644
index 00000000..ff2e82b0
--- /dev/null
+++ b/modules/pam_deny/README.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_deny.8.xml">
+-->
+]>
+
+<article>
+
+ <articleinfo>
+
+ <title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_deny.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_deny-name"]/*)'/>
+ </title>
+
+ </articleinfo>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_deny.8.xml" xpointer='xpointer(//refsect1[@id = "pam_deny-description"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_deny.8.xml" xpointer='xpointer(//refsect1[@id = "pam_deny-examples"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_deny.8.xml" xpointer='xpointer(//refsect1[@id = "pam_deny-author"]/*)'/>
+ </section>
+
+</article>
diff --git a/modules/pam_deny/pam_deny.8 b/modules/pam_deny/pam_deny.8
new file mode 100644
index 00000000..a9ae410a
--- /dev/null
+++ b/modules/pam_deny/pam_deny.8
@@ -0,0 +1,82 @@
+.\" Title: pam_deny
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
+.\" Date: 04/16/2008
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\"
+.TH "PAM_DENY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_deny - The locking-out PAM module
+.SH "SYNOPSIS"
+.HP 12
+\fBpam_deny\.so\fR
+.SH "DESCRIPTION"
+.PP
+This module can be used to deny access\. It always indicates a failure to the application through the PAM framework\. It might be suitable for using for default (the
+\fIOTHER\fR) entries\.
+.SH "OPTIONS"
+.PP
+This module does not recognise any options\.
+.SH "MODULE SERVICES PROVIDED"
+.PP
+All services (\fBaccount\fR,
+\fBauth\fR,
+\fBpassword\fR
+and
+\fBsession\fR) are supported\.
+.SH "RETURN VALUES"
+.PP
+.PP
+PAM_AUTH_ERR
+.RS 4
+This is returned by the account and auth services\.
+.RE
+.PP
+PAM_CRED_ERR
+.RS 4
+This is returned by the setcred function\.
+.RE
+.PP
+PAM_AUTHTOK_ERR
+.RS 4
+This is returned by the password service\.
+.RE
+.PP
+PAM_SESSION_ERR
+.RS 4
+This is returned by the session service\.
+.RE
+.SH "EXAMPLES"
+.sp
+.RS 4
+.nf
+#%PAM\-1\.0
+#
+# If we don\'t have config entries for a service, the
+# OTHER entries are used\. To be secure, warn and deny
+# access to everything\.
+other auth required pam_warn\.so
+other auth required pam_deny\.so
+other account required pam_warn\.so
+other account required pam_deny\.so
+other password required pam_warn\.so
+other password required pam_deny\.so
+other session required pam_warn\.so
+other session required pam_deny\.so
+
+.fi
+.RE
+.SH "SEE ALSO"
+.PP
+
+\fBpam.conf\fR(5),
+\fBpam.d\fR(8),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_deny was written by Andrew G\. Morgan <morgan@kernel\.org>
diff --git a/modules/pam_deny/pam_deny.8.xml b/modules/pam_deny/pam_deny.8.xml
new file mode 100644
index 00000000..e50beb2d
--- /dev/null
+++ b/modules/pam_deny/pam_deny.8.xml
@@ -0,0 +1,135 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_deny">
+
+ <refmeta>
+ <refentrytitle>pam_deny</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_deny-name">
+ <refname>pam_deny</refname>
+ <refpurpose>The locking-out PAM module</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis id="pam_deny-cmdsynopsis">
+ <command>pam_deny.so</command>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id="pam_deny-description">
+
+ <title>DESCRIPTION</title>
+
+ <para>
+ This module can be used to deny access. It always indicates a failure
+ to the application through the PAM framework. It might be suitable
+ for using for default (the <emphasis>OTHER</emphasis>) entries.
+ </para>
+
+ </refsect1>
+
+ <refsect1 id="pam_deny-options">
+ <title>OPTIONS</title>
+ <para>This module does not recognise any options.</para>
+ </refsect1>
+
+ <refsect1 id="pam_deny-services">
+ <title>MODULE SERVICES PROVIDED</title>
+ <para>
+ All services (<option>account</option>, <option>auth</option>,
+ <option>password</option> and <option>session</option>) are supported.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_deny-return_values'>
+ <title>RETURN VALUES</title>
+ <para>
+ <variablelist>
+
+ <varlistentry>
+ <term>PAM_AUTH_ERR</term>
+ <listitem>
+ <para>
+ This is returned by the account and auth services.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_CRED_ERR</term>
+ <listitem>
+ <para>
+ This is returned by the setcred function.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_AUTHTOK_ERR</term>
+ <listitem>
+ <para>
+ This is returned by the password service.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_SESSION_ERR</term>
+ <listitem>
+ <para>
+ This is returned by the session service.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_deny-examples'>
+ <title>EXAMPLES</title>
+ <programlisting>
+#%PAM-1.0
+#
+# If we don't have config entries for a service, the
+# OTHER entries are used. To be secure, warn and deny
+# access to everything.
+other auth required pam_warn.so
+other auth required pam_deny.so
+other account required pam_warn.so
+other account required pam_deny.so
+other password required pam_warn.so
+other password required pam_deny.so
+other session required pam_warn.so
+other session required pam_deny.so
+ </programlisting>
+ </refsect1>
+
+ <refsect1 id='pam_deny-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_deny-author'>
+ <title>AUTHOR</title>
+ <para>
+ pam_deny was written by Andrew G. Morgan &lt;morgan@kernel.org&gt;
+ </para>
+ </refsect1>
+
+</refentry>
diff --git a/modules/pam_deny/pam_deny.c b/modules/pam_deny/pam_deny.c
new file mode 100644
index 00000000..83524802
--- /dev/null
+++ b/modules/pam_deny/pam_deny.c
@@ -0,0 +1,89 @@
+/* pam_deny module */
+
+/*
+ * $Id: pam_deny.c,v 1.4 2005/12/14 09:58:32 kukuk Exp $
+ *
+ * Written by Andrew Morgan <morgan@parc.power.net> 1996/3/11
+ *
+ */
+
+/*
+ * here, we make definitions for the externally accessible functions
+ * in this file (these definitions are required for static modules
+ * but strongly encouraged generally) they are used to instruct the
+ * modules include file to define their prototypes.
+ */
+
+#include "config.h"
+
+#define PAM_SM_AUTH
+#define PAM_SM_ACCOUNT
+#define PAM_SM_SESSION
+#define PAM_SM_PASSWORD
+
+#include <security/pam_modules.h>
+
+/* --- authentication management functions --- */
+
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ return PAM_AUTH_ERR;
+}
+
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ return PAM_CRED_ERR;
+}
+
+/* --- account management functions --- */
+
+PAM_EXTERN int
+pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ return PAM_AUTH_ERR;
+}
+
+/* --- password management --- */
+
+PAM_EXTERN int
+pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ return PAM_AUTHTOK_ERR;
+}
+
+/* --- session management --- */
+
+PAM_EXTERN int
+pam_sm_open_session(pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ return PAM_SESSION_ERR;
+}
+
+PAM_EXTERN int
+pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ return PAM_SESSION_ERR;
+}
+
+/* end of module definition */
+
+/* static module data */
+#ifdef PAM_STATIC
+struct pam_module _pam_deny_modstruct = {
+ "pam_deny",
+ pam_sm_authenticate,
+ pam_sm_setcred,
+ pam_sm_acct_mgmt,
+ pam_sm_open_session,
+ pam_sm_close_session,
+ pam_sm_chauthtok
+};
+#endif
diff --git a/modules/pam_deny/tst-pam_deny b/modules/pam_deny/tst-pam_deny
new file mode 100755
index 00000000..7d9d6bad
--- /dev/null
+++ b/modules/pam_deny/tst-pam_deny
@@ -0,0 +1,2 @@
+#!/bin/sh
+../../tests/tst-dlopen .libs/pam_deny.so
diff --git a/modules/pam_echo/Makefile.am b/modules/pam_echo/Makefile.am
new file mode 100644
index 00000000..d004e8f4
--- /dev/null
+++ b/modules/pam_echo/Makefile.am
@@ -0,0 +1,31 @@
+#
+# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@thkukuk.de>
+#
+
+CLEANFILES = *~
+
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_echo
+
+man_MANS = pam_echo.8
+
+XMLS = README.xml pam_echo.8.xml
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -no-undefined -avoid-version -module
+if HAVE_VERSIONING
+ AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+
+securelib_LTLIBRARIES = pam_echo.la
+pam_echo_la_LIBADD = -L$(top_builddir)/libpam -lpam
+
+if ENABLE_REGENERATE_MAN
+noinst_DATA = README
+README: pam_echo.8.xml
+-include $(top_srcdir)/Make.xml.rules
+endif
+
+TESTS = tst-pam_echo
diff --git a/modules/pam_echo/Makefile.in b/modules/pam_echo/Makefile.in
new file mode 100644
index 00000000..9e03f2a5
--- /dev/null
+++ b/modules/pam_echo/Makefile.in
@@ -0,0 +1,667 @@
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@thkukuk.de>
+#
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+subdir = modules/pam_echo
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \
+ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"
+securelibLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(securelib_LTLIBRARIES)
+pam_echo_la_DEPENDENCIES =
+pam_echo_la_SOURCES = pam_echo.c
+pam_echo_la_OBJECTS = pam_echo.lo
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = pam_echo.c
+DIST_SOURCES = pam_echo.c
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DATA = $(noinst_DATA)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+FO2PDF = @FO2PDF@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNSL = @LIBNSL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NMEDIT = @NMEDIT@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PAM_READ_BOTH_CONFS = @PAM_READ_BOTH_CONFS@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WITH_DEBUG = @WITH_DEBUG@
+WITH_PAMLOCKING = @WITH_PAMLOCKING@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libc_cv_fpie = @libc_cv_fpie@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+CLEANFILES = *~
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_echo
+man_MANS = pam_echo.8
+XMLS = README.xml pam_echo.8.xml
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
+securelib_LTLIBRARIES = pam_echo.la
+pam_echo_la_LIBADD = -L$(top_builddir)/libpam -lpam
+@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+TESTS = tst-pam_echo
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_echo/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu modules/pam_echo/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)"
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(securelibdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(securelibdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-securelibLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$p'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$p"; \
+ done
+
+clean-securelibLTLIBRARIES:
+ -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+pam_echo.la: $(pam_echo_la_OBJECTS) $(pam_echo_la_DEPENDENCIES)
+ $(LINK) -rpath $(securelibdir) $(pam_echo_la_OBJECTS) $(pam_echo_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_echo.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
+installdirs:
+ for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man install-securelibLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES
+
+uninstall-man: uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \
+ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am \
+ install-securelibLTLIBRARIES install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-man uninstall-man8 \
+ uninstall-securelibLTLIBRARIES
+
+@ENABLE_REGENERATE_MAN_TRUE@README: pam_echo.8.xml
+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/modules/pam_echo/README b/modules/pam_echo/README
new file mode 100644
index 00000000..fca26b77
--- /dev/null
+++ b/modules/pam_echo/README
@@ -0,0 +1,50 @@
+pam_echo — PAM module for printing text messages
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+The pam_echo PAM module is for printing text messages to inform user about
+special things. Sequences starting with the % character are interpreted in the
+following way:
+
+%H
+
+ The name of the remote host (PAM_RHOST).
+
+%h
+
+ The name of the local host.
+
+%s
+
+ The service name (PAM_SERVICE).
+
+%t
+
+ The name of the controlling terminal (PAM_TTY).
+
+%U
+
+ The remote user name (PAM_RUSER).
+
+%u
+
+ The local user name (PAM_USER).
+
+All other sequences beginning with % expands to the characters following the %
+character.
+
+EXAMPLES
+
+For an example of the use of this module, we show how it may be used to print
+informations about good passwords:
+
+password optional pam_echo.so file=/usr/share/doc/good-password.txt
+password required pam_unix.so
+
+
+AUTHOR
+
+Thorsten Kukuk <kukuk@thkukuk.de>
+
diff --git a/modules/pam_echo/README.xml b/modules/pam_echo/README.xml
new file mode 100644
index 00000000..b1556e38
--- /dev/null
+++ b/modules/pam_echo/README.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_echo.8.xml">
+-->
+]>
+
+<article>
+
+ <articleinfo>
+
+ <title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_echo.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_echo-name"]/*)'/>
+ </title>
+
+ </articleinfo>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_echo.8.xml" xpointer='xpointer(//refsect1[@id = "pam_echo-description"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_echo.8.xml" xpointer='xpointer(//refsect1[@id = "pam_echo-examples"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_echo.8.xml" xpointer='xpointer(//refsect1[@id = "pam_echo-author"]/*)'/>
+ </section>
+
+</article>
diff --git a/modules/pam_echo/pam_echo.8 b/modules/pam_echo/pam_echo.8
new file mode 100644
index 00000000..3e50afb5
--- /dev/null
+++ b/modules/pam_echo/pam_echo.8
@@ -0,0 +1,108 @@
+.\" Title: pam_echo
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
+.\" Date: 04/16/2008
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\"
+.TH "PAM_ECHO" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_echo - PAM module for printing text messages
+.SH "SYNOPSIS"
+.HP 12
+\fBpam_echo\.so\fR [file=\fI/path/message\fR]
+.SH "DESCRIPTION"
+.PP
+The
+\fIpam_echo\fR
+PAM module is for printing text messages to inform user about special things\. Sequences starting with the
+\fI%\fR
+character are interpreted in the following way:
+.PP
+\fI%H\fR
+.RS 4
+The name of the remote host (PAM_RHOST)\.
+.RE
+.PP
+\fB%h\fR
+.RS 4
+The name of the local host\.
+.RE
+.PP
+\fI%s\fR
+.RS 4
+The service name (PAM_SERVICE)\.
+.RE
+.PP
+\fI%t\fR
+.RS 4
+The name of the controlling terminal (PAM_TTY)\.
+.RE
+.PP
+\fI%U\fR
+.RS 4
+The remote user name (PAM_RUSER)\.
+.RE
+.PP
+\fI%u\fR
+.RS 4
+The local user name (PAM_USER)\.
+.RE
+.PP
+All other sequences beginning with
+\fI%\fR
+expands to the characters following the
+\fI%\fR
+character\.
+.SH "OPTIONS"
+.PP
+\fBfile=\fR\fB\fI/path/message\fR\fR
+.RS 4
+The content of the file
+\fI/path/message\fR
+will be printed with the PAM conversion function as PAM_TEXT_INFO\.
+.RE
+.SH "MODULE SERVICES PROVIDED"
+.PP
+All services are supported\.
+.SH "RETURN VALUES"
+.PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\.
+.RE
+.PP
+PAM_SUCCESS
+.RS 4
+Message was successful printed\.
+.RE
+.PP
+PAM_IGNORE
+.RS 4
+PAM_SILENT flag was given or message file does not exist, no message printed\.
+.RE
+.SH "EXAMPLES"
+.PP
+For an example of the use of this module, we show how it may be used to print informations about good passwords:
+.sp
+.RS 4
+.nf
+password optional pam_echo\.so file=/usr/share/doc/good\-password\.txt
+password required pam_unix\.so
+
+.fi
+.RE
+.sp
+.SH "SEE ALSO"
+.PP
+
+\fBpam.conf\fR(8),
+\fBpam.d\fR(8),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+Thorsten Kukuk <kukuk@thkukuk\.de>
diff --git a/modules/pam_echo/pam_echo.8.xml b/modules/pam_echo/pam_echo.8.xml
new file mode 100644
index 00000000..4a495195
--- /dev/null
+++ b/modules/pam_echo/pam_echo.8.xml
@@ -0,0 +1,168 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+
+<refentry id='pam_echo'>
+ <refmeta>
+ <refentrytitle>pam_echo</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id='pam_echo-name'>
+ <refname>pam_echo</refname>
+ <refpurpose>PAM module for printing text messages</refpurpose>
+ </refnamediv>
+
+<!-- body begins here -->
+
+ <refsynopsisdiv>
+ <cmdsynopsis id="pam_echo-cmdsynopsis">
+ <command>pam_echo.so</command>
+ <arg choice="opt">
+ file=<replaceable>/path/message</replaceable>
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id='pam_echo-description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <emphasis>pam_echo</emphasis> PAM module is for printing
+ text messages to inform user about special things. Sequences
+ starting with the <emphasis>%</emphasis> character are
+ interpreted in the following way:
+ </para>
+ <variablelist>
+ <varlistentry>
+ <term><emphasis>%H</emphasis></term>
+ <listitem>
+ <para>The name of the remote host (PAM_RHOST).</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis remap='B'>%h</emphasis></term>
+ <listitem>
+ <para>The name of the local host.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis>%s</emphasis></term>
+ <listitem>
+ <para>The service name (PAM_SERVICE).</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis>%t</emphasis></term>
+ <listitem>
+ <para>The name of the controlling terminal (PAM_TTY).</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis>%U</emphasis></term>
+ <listitem>
+ <para>The remote user name (PAM_RUSER).</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis>%u</emphasis></term>
+ <listitem>
+ <para>The local user name (PAM_USER).</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>
+ All other sequences beginning with <emphasis>%</emphasis>
+ expands to the characters following the <emphasis>%</emphasis>
+ character.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_echo-options'>
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>file=<replaceable>/path/message</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The content of the file <filename>/path/message</filename>
+ will be printed with the PAM conversion function as PAM_TEXT_INFO.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_echo-services">
+ <title>MODULE SERVICES PROVIDED</title>
+ <para>
+ All services are supported.
+ </para>
+ </refsect1>
+
+
+ <refsect1 id="pam_echo-return_values">
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_BUF_ERR</term>
+ <listitem>
+ <para>
+ Memory buffer error.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ Message was successful printed.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_IGNORE</term>
+ <listitem>
+ <para>
+ PAM_SILENT flag was given or message file does not
+ exist, no message printed.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_echo-examples'>
+ <title>EXAMPLES</title>
+ <para>
+ For an example of the use of this module, we show how it may be
+ used to print informations about good passwords:
+ <programlisting>
+password optional pam_echo.so file=/usr/share/doc/good-password.txt
+password required pam_unix.so
+ </programlisting>
+ </para>
+ </refsect1>
+
+
+ <refsect1 id='pam_echo-see_also'><title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry></para>
+ </refsect1>
+
+ <refsect1 id='pam_echo-author'>
+ <title>AUTHOR</title>
+ <para>Thorsten Kukuk &lt;kukuk@thkukuk.de&gt;</para>
+ </refsect1>
+</refentry>
diff --git a/modules/pam_echo/pam_echo.c b/modules/pam_echo/pam_echo.c
new file mode 100644
index 00000000..31ebca22
--- /dev/null
+++ b/modules/pam_echo/pam_echo.c
@@ -0,0 +1,269 @@
+/*
+ * Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if defined(HAVE_CONFIG_H)
+#include "config.h"
+#endif
+
+#include <errno.h>
+#include <stdio.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <limits.h>
+#include <syslog.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#ifndef HOST_NAME_MAX
+#define HOST_NAME_MAX 255
+#endif
+
+#define PAM_SM_ACCOUNT
+#define PAM_SM_AUTH
+#define PAM_SM_PASSWORD
+#define PAM_SM_SESSION
+
+#include <security/pam_modules.h>
+#include <security/pam_modutil.h>
+#include <security/_pam_macros.h>
+#include <security/pam_ext.h>
+
+static int
+replace_and_print (pam_handle_t *pamh, const char *mesg)
+{
+ char *output;
+ size_t length = strlen (mesg) + PAM_MAX_MSG_SIZE;
+ char myhostname[HOST_NAME_MAX+1];
+ const void *str = NULL;
+ const char *p, *q;
+ int item;
+ size_t len;
+
+ output = malloc (length);
+ if (output == NULL)
+ {
+ pam_syslog (pamh, LOG_ERR, "running out of memory");
+ return PAM_BUF_ERR;
+ }
+
+ for (p = mesg, len = 0; *p != '\0' && len < length - 1; ++p)
+ {
+ if (*p != '%' || p[1] == '\0')
+ {
+ output[len++] = *p;
+ continue;
+ }
+ switch (*++p)
+ {
+ case 'H':
+ item = PAM_RHOST;
+ break;
+ case 'h':
+ item = -2; /* aka PAM_LOCALHOST */
+ break;
+ case 's':
+ item = PAM_SERVICE;
+ break;
+ case 't':
+ item = PAM_TTY;
+ break;
+ case 'U':
+ item = PAM_RUSER;
+ break;
+ case 'u':
+ item = PAM_USER;
+ break;
+ default:
+ output[len++] = *p;
+ continue;
+ }
+ if (item == -2)
+ {
+ if (gethostname (myhostname, sizeof (myhostname)) == -1)
+ str = NULL;
+ else
+ str = &myhostname;
+ }
+ else
+ pam_get_item (pamh, item, &str);
+ if (str == NULL)
+ str = "(null)";
+ for (q = str; *q != '\0' && len < length - 1; ++q)
+ output[len++] = *q;
+ }
+ output[len] = '\0';
+
+ pam_info (pamh, "%s", output);
+ free (output);
+
+ return PAM_SUCCESS;
+}
+
+static int
+pam_echo (pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+ int fd;
+ int orig_argc = argc;
+ const char **orig_argv = argv;
+ const char *file = NULL;
+ int retval;
+
+ if (flags & PAM_SILENT)
+ return PAM_IGNORE;
+
+ for (; argc-- > 0; ++argv)
+ {
+ if (!strncmp (*argv, "file=", 5))
+ file = (5 + *argv);
+ }
+
+ /* No file= option, use argument for output. */
+ if (file == NULL || file[0] == '\0')
+ {
+ char msg[PAM_MAX_MSG_SIZE];
+ const char *p;
+ int i;
+ size_t len;
+
+ for (i = 0, len = 0; i < orig_argc && len < sizeof (msg) - 1; ++i)
+ {
+ if (i > 0)
+ msg[len++] = ' ';
+ for (p = orig_argv[i]; *p != '\0' && len < sizeof(msg) - 1; ++p)
+ msg[len++] = *p;
+ }
+ msg[len] = '\0';
+
+ retval = replace_and_print (pamh, msg);
+ }
+ else if ((fd = open (file, O_RDONLY, 0)) >= 0)
+ {
+ char *mtmp = NULL;
+ struct stat st;
+
+ /* load file into message buffer. */
+ if ((fstat (fd, &st) < 0) || !st.st_size)
+ return PAM_IGNORE;
+
+ mtmp = malloc (st.st_size + 1);
+ if (!mtmp)
+ return PAM_BUF_ERR;
+
+ if (pam_modutil_read (fd, mtmp, st.st_size) == -1)
+ {
+ pam_syslog (pamh, LOG_ERR, "Error while reading %s: %m", file);
+ free (mtmp);
+ return PAM_IGNORE;
+ }
+
+ if (mtmp[st.st_size - 1] == '\n')
+ mtmp[st.st_size - 1] = '\0';
+ else
+ mtmp[st.st_size] = '\0';
+
+ close (fd);
+ retval = replace_and_print (pamh, mtmp);
+ free (mtmp);
+ }
+ else
+ {
+ pam_syslog (pamh, LOG_ERR, "Cannot open %s: %m", file);
+ retval = PAM_IGNORE;
+ }
+ return retval;
+}
+
+int
+pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc,
+ const char **argv)
+{
+ return pam_echo (pamh, flags, argc, argv);
+}
+
+int
+pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ return PAM_IGNORE;
+}
+
+int
+pam_sm_acct_mgmt (pam_handle_t *pamh, int flags, int argc,
+ const char **argv)
+{
+ return pam_echo (pamh, flags, argc, argv);
+}
+
+int
+pam_sm_open_session (pam_handle_t *pamh, int flags, int argc,
+ const char **argv)
+{
+ return pam_echo (pamh, flags, argc, argv);
+}
+
+int
+pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ return PAM_IGNORE;
+}
+
+int
+pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc,
+ const char **argv)
+{
+ if (flags & PAM_PRELIM_CHECK)
+ return pam_echo (pamh, flags, argc, argv);
+ else
+ return PAM_IGNORE;
+}
+
+#ifdef PAM_STATIC
+
+/* static module data */
+
+struct pam_module _pam_echo_modstruct = {
+ "pam_echo",
+ pam_sm_authenticate,
+ pam_sm_setcred,
+ pam_sm_acct_mgmt,
+ pam_sm_open_session,
+ pam_sm_close_session,
+ pam_sm_chauthtok,
+};
+
+#endif
diff --git a/modules/pam_echo/tst-pam_echo b/modules/pam_echo/tst-pam_echo
new file mode 100755
index 00000000..483a2c23
--- /dev/null
+++ b/modules/pam_echo/tst-pam_echo
@@ -0,0 +1,2 @@
+#!/bin/sh
+../../tests/tst-dlopen .libs/pam_echo.so
diff --git a/modules/pam_env/Makefile.am b/modules/pam_env/Makefile.am
new file mode 100644
index 00000000..87813688
--- /dev/null
+++ b/modules/pam_env/Makefile.am
@@ -0,0 +1,35 @@
+#
+# Copyright (c) 2005 Thorsten Kukuk <kukuk@suse.de>
+#
+
+CLEANFILES = *~
+
+EXTRA_DIST = README pam_env.conf $(MANS) $(XMLS) tst-pam_env environment
+
+man_MANS = pam_env.conf.5 pam_env.8
+
+XMLS = README.xml pam_env.conf.5.xml pam_env.8.xml
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ -DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\"
+AM_LDFLAGS = -no-undefined -avoid-version -module
+if HAVE_VERSIONING
+ AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+
+securelib_LTLIBRARIES = pam_env.la
+pam_env_la_LIBADD = -L$(top_builddir)/libpam -lpam
+
+secureconf_DATA = pam_env.conf
+sysconf_DATA = environment
+
+if ENABLE_REGENERATE_MAN
+noinst_DATA = README
+README: pam_env.8.xml pam_env.conf.5.xml
+-include $(top_srcdir)/Make.xml.rules
+endif
+
+TESTS = tst-pam_env
diff --git a/modules/pam_env/Makefile.in b/modules/pam_env/Makefile.in
new file mode 100644
index 00000000..9cec9c26
--- /dev/null
+++ b/modules/pam_env/Makefile.in
@@ -0,0 +1,759 @@
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2005 Thorsten Kukuk <kukuk@suse.de>
+#
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+subdir = modules/pam_env
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \
+ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" \
+ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)" \
+ "$(DESTDIR)$(sysconfdir)"
+securelibLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(securelib_LTLIBRARIES)
+pam_env_la_DEPENDENCIES =
+pam_env_la_SOURCES = pam_env.c
+pam_env_la_OBJECTS = pam_env.lo
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = pam_env.c
+DIST_SOURCES = pam_env.c
+man5dir = $(mandir)/man5
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+secureconfDATA_INSTALL = $(INSTALL_DATA)
+sysconfDATA_INSTALL = $(INSTALL_DATA)
+DATA = $(noinst_DATA) $(secureconf_DATA) $(sysconf_DATA)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+FO2PDF = @FO2PDF@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNSL = @LIBNSL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NMEDIT = @NMEDIT@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PAM_READ_BOTH_CONFS = @PAM_READ_BOTH_CONFS@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WITH_DEBUG = @WITH_DEBUG@
+WITH_PAMLOCKING = @WITH_PAMLOCKING@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libc_cv_fpie = @libc_cv_fpie@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+CLEANFILES = *~
+EXTRA_DIST = README pam_env.conf $(MANS) $(XMLS) tst-pam_env environment
+man_MANS = pam_env.conf.5 pam_env.8
+XMLS = README.xml pam_env.conf.5.xml pam_env.8.xml
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ -DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\"
+
+AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
+securelib_LTLIBRARIES = pam_env.la
+pam_env_la_LIBADD = -L$(top_builddir)/libpam -lpam
+secureconf_DATA = pam_env.conf
+sysconf_DATA = environment
+@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+TESTS = tst-pam_env
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_env/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu modules/pam_env/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)"
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(securelibdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(securelibdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-securelibLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$p'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$p"; \
+ done
+
+clean-securelibLTLIBRARIES:
+ -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+pam_env.la: $(pam_env_la_OBJECTS) $(pam_env_la_DEPENDENCIES)
+ $(LINK) -rpath $(securelibdir) $(pam_env_la_OBJECTS) $(pam_env_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_env.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man5: $(man5_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
+ @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.5*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 5*) ;; \
+ *) ext='5' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \
+ done
+uninstall-man5:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.5*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 5*) ;; \
+ *) ext='5' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man5dir)/$$inst"; \
+ done
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+install-secureconfDATA: $(secureconf_DATA)
+ @$(NORMAL_INSTALL)
+ test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)"
+ @list='$(secureconf_DATA)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(secureconfDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(secureconfdir)/$$f'"; \
+ $(secureconfDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(secureconfdir)/$$f"; \
+ done
+
+uninstall-secureconfDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(secureconf_DATA)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(secureconfdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(secureconfdir)/$$f"; \
+ done
+install-sysconfDATA: $(sysconf_DATA)
+ @$(NORMAL_INSTALL)
+ test -z "$(sysconfdir)" || $(MKDIR_P) "$(DESTDIR)$(sysconfdir)"
+ @list='$(sysconf_DATA)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(sysconfDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(sysconfdir)/$$f'"; \
+ $(sysconfDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(sysconfdir)/$$f"; \
+ done
+
+uninstall-sysconfDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(sysconf_DATA)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(sysconfdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(sysconfdir)/$$f"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
+installdirs:
+ for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)" "$(DESTDIR)$(sysconfdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man install-secureconfDATA \
+ install-securelibLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-sysconfDATA
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man uninstall-secureconfDATA \
+ uninstall-securelibLTLIBRARIES uninstall-sysconfDATA
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \
+ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man5 install-man8 \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-secureconfDATA install-securelibLTLIBRARIES \
+ install-strip install-sysconfDATA installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
+ uninstall-am uninstall-man uninstall-man5 uninstall-man8 \
+ uninstall-secureconfDATA uninstall-securelibLTLIBRARIES \
+ uninstall-sysconfDATA
+
+@ENABLE_REGENERATE_MAN_TRUE@README: pam_env.8.xml pam_env.conf.5.xml
+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/modules/pam_env/README b/modules/pam_env/README
new file mode 100644
index 00000000..81c63154
--- /dev/null
+++ b/modules/pam_env/README
@@ -0,0 +1,74 @@
+pam_env — PAM module to set/unset environment variables
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+The pam_env PAM module allows the (un)setting of environment variables.
+Supported is the use of previously set environment variables as well as
+PAM_ITEMs such as PAM_RHOST.
+
+By default rules for (un)setting of variables is taken from the config file /
+etc/security/pam_env.conf if no other file is specified.
+
+This module can also parse a file with simple KEY=VAL pairs on seperate lines
+(/etc/environment by default). You can change the default file to parse, with
+the envfile flag and turn it on or off by setting the readenv flag to 1 or 0
+respectively.
+
+OPTIONS
+
+conffile=/path/to/pam_env.conf
+
+ Indicate an alternative pam_env.conf style configuration file to override
+ the default. This can be useful when different services need different
+ environments.
+
+debug
+
+ A lot of debug informations are printed with syslog(3).
+
+envfile=/path/to/environment
+
+ Indicate an alternative environment file to override the default. This can
+ be useful when different services need different environments.
+
+readenv=0|1
+
+ Turns on or off the reading of the file specified by envfile (0 is off, 1
+ is on). By default this option is on.
+
+EXAMPLES
+
+These are some example lines which might be specified in /etc/security/
+pam_env.conf.
+
+Set the REMOTEHOST variable for any hosts that are remote, default to
+"localhost" rather than not being set at all
+
+ REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
+
+
+Set the DISPLAY variable if it seems reasonable
+
+ DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
+
+
+Now some simple variables
+
+ PAGER DEFAULT=less
+ MANPAGER DEFAULT=less
+ LESS DEFAULT="M q e h15 z23 b80"
+ NNTPSERVER DEFAULT=localhost
+ PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
+ :/usr/bin:/usr/local/bin/X11:/usr/bin/X11
+
+
+Silly examples of escaped variables, just to show how they work.
+
+ DOLLAR DEFAULT=\$
+ DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR}
+ DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST}
+ ATSIGN DEFAULT="" OVERRIDE=\@
+
+
diff --git a/modules/pam_env/README.xml b/modules/pam_env/README.xml
new file mode 100644
index 00000000..21a9b855
--- /dev/null
+++ b/modules/pam_env/README.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_env.8.xml">
+-->
+<!--
+<!ENTITY accessconf SYSTEM "pam_env.conf.5.xml">
+-->
+]>
+
+<article>
+
+ <articleinfo>
+
+ <title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_env.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_env-name"]/*)'/>
+ </title>
+
+ </articleinfo>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_env.8.xml" xpointer='xpointer(//refsect1[@id = "pam_env-description"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_env.8.xml" xpointer='xpointer(//refsect1[@id = "pam_env-options"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_env.conf.5.xml" xpointer='xpointer(//refsect1[@id = "pam_env.conf-examples"]/*)'/>
+ </section>
+
+</article>
diff --git a/modules/pam_env/environment b/modules/pam_env/environment
new file mode 100644
index 00000000..f46b8d94
--- /dev/null
+++ b/modules/pam_env/environment
@@ -0,0 +1,5 @@
+#
+# This file is parsed by pam_env module
+#
+# Syntax: simple "KEY=VAL" pairs on seperate lines
+#
diff --git a/modules/pam_env/pam_env.8 b/modules/pam_env/pam_env.8
new file mode 100644
index 00000000..3fce01cf
--- /dev/null
+++ b/modules/pam_env/pam_env.8
@@ -0,0 +1,109 @@
+.\" Title: pam_env
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
+.\" Date: 04/16/2008
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\"
+.TH "PAM_ENV" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_env - PAM module to set/unset environment variables
+.SH "SYNOPSIS"
+.HP 11
+\fBpam_env\.so\fR [debug] [conffile=\fIconf\-file\fR] [envfile=\fIenv\-file\fR] [readenv=\fI0|1\fR]
+.SH "DESCRIPTION"
+.PP
+The pam_env PAM module allows the (un)setting of environment variables\. Supported is the use of previously set environment variables as well as
+\fIPAM_ITEM\fRs such as
+\fIPAM_RHOST\fR\.
+.PP
+By default rules for (un)setting of variables is taken from the config file
+\fI/etc/security/pam_env\.conf\fR
+if no other file is specified\.
+.PP
+This module can also parse a file with simple
+\fIKEY=VAL\fR
+pairs on seperate lines (\fI/etc/environment\fR
+by default)\. You can change the default file to parse, with the
+\fIenvfile\fR
+flag and turn it on or off by setting the
+\fIreadenv\fR
+flag to 1 or 0 respectively\.
+.SH "OPTIONS"
+.PP
+\fBconffile=\fR\fB\fI/path/to/pam_env\.conf\fR\fR
+.RS 4
+Indicate an alternative
+\fIpam_env\.conf\fR
+style configuration file to override the default\. This can be useful when different services need different environments\.
+.RE
+.PP
+\fBdebug\fR
+.RS 4
+A lot of debug informations are printed with
+\fBsyslog\fR(3)\.
+.RE
+.PP
+\fBenvfile=\fR\fB\fI/path/to/environment\fR\fR
+.RS 4
+Indicate an alternative
+\fIenvironment\fR
+file to override the default\. This can be useful when different services need different environments\.
+.RE
+.PP
+\fBreadenv=\fR\fB\fI0|1\fR\fR
+.RS 4
+Turns on or off the reading of the file specified by envfile (0 is off, 1 is on)\. By default this option is on\.
+.RE
+.SH "MODULE SERVICES PROVIDED"
+.PP
+The
+\fBauth\fR
+and
+\fBsession\fR
+services are supported\.
+.SH "RETURN VALUES"
+.PP
+PAM_ABORT
+.RS 4
+Not all relevant data or options could be gotten\.
+.RE
+.PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\.
+.RE
+.PP
+PAM_IGNORE
+.RS 4
+No pam_env\.conf and environment file was found\.
+.RE
+.PP
+PAM_SUCCESS
+.RS 4
+Environment variables were set\.
+.RE
+.SH "FILES"
+.PP
+\fI/etc/security/pam_env\.conf\fR
+.RS 4
+Default configuration file
+.RE
+.PP
+\fI/etc/environment\fR
+.RS 4
+Default environment file
+.RE
+.SH "SEE ALSO"
+.PP
+
+\fBpam_env.conf\fR(5),
+\fBpam.d\fR(8),
+\fBpam\fR(8)\.
+.SH "AUTHOR"
+.PP
+pam_env was written by Dave Kinchlea <kinch@kinch\.ark\.com>\.
diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml
new file mode 100644
index 00000000..731c20b2
--- /dev/null
+++ b/modules/pam_env/pam_env.8.xml
@@ -0,0 +1,206 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+
+<refentry id='pam_env'>
+
+ <refmeta>
+ <refentrytitle>pam_env</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id='pam_env-name'>
+ <refname>pam_env</refname>
+ <refpurpose>
+ PAM module to set/unset environment variables
+ </refpurpose>
+ </refnamediv>
+
+<!-- body begins here -->
+
+ <refsynopsisdiv>
+ <cmdsynopsis id="pam_env-cmdsynopsis">
+ <command>pam_env.so</command>
+ <arg choice="opt">
+ debug
+ </arg>
+ <arg choice="opt">
+ conffile=<replaceable>conf-file</replaceable>
+ </arg>
+ <arg choice="opt">
+ envfile=<replaceable>env-file</replaceable>
+ </arg>
+ <arg choice="opt">
+ readenv=<replaceable>0|1</replaceable>
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+
+ <refsect1 id="pam_env-description">
+ <title>DESCRIPTION</title>
+ <para>
+ The pam_env PAM module allows the (un)setting of environment
+ variables. Supported is the use of previously set environment
+ variables as well as <emphasis>PAM_ITEM</emphasis>s such as
+ <emphasis>PAM_RHOST</emphasis>.
+ </para>
+ <para>
+ By default rules for (un)setting of variables is taken from the
+ config file <filename>/etc/security/pam_env.conf</filename> if
+ no other file is specified.
+ </para>
+ <para>
+ This module can also parse a file with simple
+ <emphasis>KEY=VAL</emphasis> pairs on seperate lines
+ (<filename>/etc/environment</filename> by default). You can
+ change the default file to parse, with the <emphasis>envfile</emphasis>
+ flag and turn it on or off by setting the <emphasis>readenv</emphasis>
+ flag to 1 or 0 respectively.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_env-options">
+ <title>OPTIONS</title>
+ <variablelist>
+
+ <varlistentry>
+ <term>
+ <option>conffile=<replaceable>/path/to/pam_env.conf</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Indicate an alternative <filename>pam_env.conf</filename>
+ style configuration file to override the default. This can
+ be useful when different services need different environments.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>debug</option>
+ </term>
+ <listitem>
+ <para>
+ A lot of debug informations are printed with
+ <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>envfile=<replaceable>/path/to/environment</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Indicate an alternative <filename>environment</filename>
+ file to override the default. This can be useful when different
+ services need different environments.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>readenv=<replaceable>0|1</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Turns on or off the reading of the file specified by envfile
+ (0 is off, 1 is on). By default this option is on.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_env-services">
+ <title>MODULE SERVICES PROVIDED</title>
+ <para>
+ The <option>auth</option> and <option>session</option> services
+ are supported.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_env-return_values">
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_ABORT</term>
+ <listitem>
+ <para>
+ Not all relevant data or options could be gotten.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_BUF_ERR</term>
+ <listitem>
+ <para>
+ Memory buffer error.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_IGNORE</term>
+ <listitem>
+ <para>
+ No pam_env.conf and environment file was found.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ Environment variables were set.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_env-files">
+ <title>FILES</title>
+ <variablelist>
+ <varlistentry>
+ <term><filename>/etc/security/pam_env.conf</filename></term>
+ <listitem>
+ <para>Default configuration file</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><filename>/etc/environment</filename></term>
+ <listitem>
+ <para>Default environment file</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_env-see_also">
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam_env.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_env-authors">
+ <title>AUTHOR</title>
+ <para>
+ pam_env was written by Dave Kinchlea &lt;kinch@kinch.ark.com&gt;.
+ </para>
+ </refsect1>
+</refentry>
diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c
new file mode 100644
index 00000000..1a41833c
--- /dev/null
+++ b/modules/pam_env/pam_env.c
@@ -0,0 +1,832 @@
+/* pam_env module */
+
+/*
+ * $Id: pam_env.c,v 1.13 2005/12/12 14:45:00 ldv Exp $
+ *
+ * Written by Dave Kinchlea <kinch@kinch.ark.com> 1997/01/31
+ * Inspired by Andrew Morgan <morgan@kernel.org>, who also supplied the
+ * template for this file (via pam_mail)
+ */
+
+#define DEFAULT_ETC_ENVFILE "/etc/environment"
+#define DEFAULT_READ_ENVFILE 1
+
+#include "config.h"
+
+#include <ctype.h>
+#include <errno.h>
+#include <pwd.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+/*
+ * here, we make a definition for the externally accessible function
+ * in this file (this definition is required for static a module
+ * but strongly encouraged generally) it is used to instruct the
+ * modules include file to define the function prototypes.
+ */
+
+#define PAM_SM_AUTH /* This is primarily a AUTH_SETCRED module */
+#define PAM_SM_SESSION /* But I like to be friendly */
+#define PAM_SM_PASSWORD /* "" */
+#define PAM_SM_ACCOUNT /* "" */
+
+#include <security/pam_modules.h>
+#include <security/_pam_macros.h>
+#include <security/pam_ext.h>
+
+/* This little structure makes it easier to keep variables together */
+
+typedef struct var {
+ char *name;
+ char *value;
+ char *defval;
+ char *override;
+} VAR;
+
+#define BUF_SIZE 1024
+#define MAX_ENV 8192
+
+#define GOOD_LINE 0
+#define BAD_LINE 100 /* This must be > the largest PAM_* error code */
+
+#define DEFINE_VAR 101
+#define UNDEFINE_VAR 102
+#define ILLEGAL_VAR 103
+
+static int _assemble_line(FILE *, char *, int);
+static int _parse_line(const pam_handle_t *, char *, VAR *);
+static int _check_var(pam_handle_t *, VAR *); /* This is the real meat */
+static void _clean_var(VAR *);
+static int _expand_arg(pam_handle_t *, char **);
+static const char * _pam_get_item_byname(pam_handle_t *, const char *);
+static int _define_var(pam_handle_t *, VAR *);
+static int _undefine_var(pam_handle_t *, VAR *);
+
+/* This is a flag used to designate an empty string */
+static char quote='Z';
+
+/* argument parsing */
+
+#define PAM_DEBUG_ARG 0x01
+#define PAM_NEW_CONF_FILE 0x02
+#define PAM_ENV_SILENT 0x04
+#define PAM_NEW_ENV_FILE 0x10
+
+static int
+_pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
+ const char **conffile, const char **envfile, int *readenv)
+{
+ int ctrl=0;
+
+
+ /* step through arguments */
+ for (; argc-- > 0; ++argv) {
+
+ /* generic options */
+
+ if (!strcmp(*argv,"debug"))
+ ctrl |= PAM_DEBUG_ARG;
+ else if (!strncmp(*argv,"conffile=",9)) {
+ *conffile = 9 + *argv;
+ if (**conffile != '\0') {
+ D(("new Configuration File: %s", *conffile));
+ ctrl |= PAM_NEW_CONF_FILE;
+ } else {
+ pam_syslog(pamh, LOG_ERR,
+ "conffile= specification missing argument - ignored");
+ }
+ } else if (!strncmp(*argv,"envfile=",8)) {
+ *envfile = 8 + *argv;
+ if (**envfile != '\0') {
+ D(("new Env File: %s", *envfile));
+ ctrl |= PAM_NEW_ENV_FILE;
+ } else {
+ pam_syslog (pamh, LOG_ERR,
+ "envfile= specification missing argument - ignored");
+ }
+ } else if (!strncmp(*argv,"readenv=",8))
+ *readenv = atoi(8+*argv);
+ else
+ pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
+ }
+
+ return ctrl;
+}
+
+static int
+_parse_config_file(pam_handle_t *pamh, int ctrl, const char *conffile)
+{
+ int retval;
+ const char *file;
+ char buffer[BUF_SIZE];
+ FILE *conf;
+ VAR Var, *var=&Var;
+
+ var->name=NULL; var->defval=NULL; var->override=NULL;
+ D(("Called."));
+
+ if (ctrl & PAM_NEW_CONF_FILE) {
+ file = conffile;
+ } else {
+ file = DEFAULT_CONF_FILE;
+ }
+
+ D(("Config file name is: %s", file));
+
+ /*
+ * Lets try to open the config file, parse it and process
+ * any variables found.
+ */
+
+ if ((conf = fopen(file,"r")) == NULL) {
+ pam_syslog(pamh, LOG_ERR, "Unable to open config file: %s: %m", file);
+ return PAM_IGNORE;
+ }
+
+ /* _pam_assemble_line will provide a complete line from the config file,
+ * with all comments removed and any escaped newlines fixed up
+ */
+
+ while (( retval = _assemble_line(conf, buffer, BUF_SIZE)) > 0) {
+ D(("Read line: %s", buffer));
+
+ if ((retval = _parse_line(pamh, buffer, var)) == GOOD_LINE) {
+ retval = _check_var(pamh, var);
+
+ if (DEFINE_VAR == retval) {
+ retval = _define_var(pamh, var);
+
+ } else if (UNDEFINE_VAR == retval) {
+ retval = _undefine_var(pamh, var);
+ }
+ }
+ if (PAM_SUCCESS != retval && ILLEGAL_VAR != retval
+ && BAD_LINE != retval && PAM_BAD_ITEM != retval) break;
+
+ _clean_var(var);
+
+ } /* while */
+
+ (void) fclose(conf);
+
+ /* tidy up */
+ _clean_var(var); /* We could have got here prematurely,
+ * this is safe though */
+ D(("Exit."));
+ return (retval != 0 ? PAM_ABORT : PAM_SUCCESS);
+}
+
+static int
+_parse_env_file(pam_handle_t *pamh, int ctrl, const char *env_file)
+{
+ int retval=PAM_SUCCESS, i, t;
+ const char *file;
+ char buffer[BUF_SIZE], *key, *mark;
+ FILE *conf;
+
+ if (ctrl & PAM_NEW_ENV_FILE)
+ file = env_file;
+ else
+ file = DEFAULT_ETC_ENVFILE;
+
+ D(("Env file name is: %s", file));
+
+ if ((conf = fopen(file,"r")) == NULL) {
+ pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s: %m", file);
+ return PAM_IGNORE;
+ }
+
+ while (_assemble_line(conf, buffer, BUF_SIZE) > 0) {
+ D(("Read line: %s", buffer));
+ key = buffer;
+
+ /* skip leading white space */
+ key += strspn(key, " \n\t");
+
+ /* skip blanks lines and comments */
+ if (!key || key[0] == '#')
+ continue;
+
+ /* skip over "export " if present so we can be compat with
+ bash type declarations */
+ if (strncmp(key, "export ", (size_t) 7) == 0)
+ key += 7;
+
+ /* now find the end of value */
+ mark = key;
+ while(mark[0] != '\n' && mark[0] != '#' && mark[0] != '\0')
+ mark++;
+ if (mark[0] != '\0')
+ mark[0] = '\0';
+
+ /*
+ * sanity check, the key must be alpha-numeric
+ */
+
+ for ( i = 0 ; key[i] != '=' && key[i] != '\0' ; i++ )
+ if (!isalnum(key[i]) && key[i] != '_') {
+ D(("key is not alpha numeric - '%s', ignoring", key));
+ continue;
+ }
+
+ /* now we try to be smart about quotes around the value,
+ but not too smart, we can't get all fancy with escaped
+ values like bash */
+ if (key[i] == '=' && (key[++i] == '\"' || key[i] == '\'')) {
+ for ( t = i+1 ; key[t] != '\0' ; t++)
+ if (key[t] != '\"' && key[t] != '\'')
+ key[i++] = key[t];
+ else if (key[t+1] != '\0')
+ key[i++] = key[t];
+ key[i] = '\0';
+ }
+
+ /* set the env var, if it fails, we break out of the loop */
+ retval = pam_putenv(pamh, key);
+ if (retval != PAM_SUCCESS) {
+ D(("error setting env \"%s\"", key));
+ break;
+ }
+ }
+
+ (void) fclose(conf);
+
+ /* tidy up */
+ D(("Exit."));
+ return retval;
+}
+
+/*
+ * This is where we read a line of the PAM config file. The line may be
+ * preceeded by lines of comments and also extended with "\\\n"
+ */
+
+static int _assemble_line(FILE *f, char *buffer, int buf_len)
+{
+ char *p = buffer;
+ char *s, *os;
+ int used = 0;
+
+ /* loop broken with a 'break' when a non-'\\n' ended line is read */
+
+ D(("called."));
+ for (;;) {
+ if (used >= buf_len) {
+ /* Overflow */
+ D(("_assemble_line: overflow"));
+ return -1;
+ }
+ if (fgets(p, buf_len - used, f) == NULL) {
+ if (used) {
+ /* Incomplete read */
+ return -1;
+ } else {
+ /* EOF */
+ return 0;
+ }
+ }
+
+ /* skip leading spaces --- line may be blank */
+
+ s = p + strspn(p, " \n\t");
+ if (*s && (*s != '#')) {
+ os = s;
+
+ /*
+ * we are only interested in characters before the first '#'
+ * character
+ */
+
+ while (*s && *s != '#')
+ ++s;
+ if (*s == '#') {
+ *s = '\0';
+ used += strlen(os);
+ break; /* the line has been read */
+ }
+
+ s = os;
+
+ /*
+ * Check for backslash by scanning back from the end of
+ * the entered line, the '\n' has been included since
+ * normally a line is terminated with this
+ * character. fgets() should only return one though!
+ */
+
+ s += strlen(s);
+ while (s > os && ((*--s == ' ') || (*s == '\t')
+ || (*s == '\n')));
+
+ /* check if it ends with a backslash */
+ if (*s == '\\') {
+ *s = '\0'; /* truncate the line here */
+ used += strlen(os);
+ p = s; /* there is more ... */
+ } else {
+ /* End of the line! */
+ used += strlen(os);
+ break; /* this is the complete line */
+ }
+
+ } else {
+ /* Nothing in this line */
+ /* Don't move p */
+ }
+ }
+
+ return used;
+}
+
+static int
+_parse_line (const pam_handle_t *pamh, char *buffer, VAR *var)
+{
+ /*
+ * parse buffer into var, legal syntax is
+ * VARIABLE [DEFAULT=[[string]] [OVERRIDE=[value]]
+ *
+ * Any other options defined make this a bad line,
+ * error logged and no var set
+ */
+
+ int length, quoteflg=0;
+ char *ptr, **valptr, *tmpptr;
+
+ D(("Called buffer = <%s>", buffer));
+
+ length = strcspn(buffer," \t\n");
+
+ if ((var->name = malloc(length + 1)) == NULL) {
+ pam_syslog(pamh, LOG_ERR, "Couldn't malloc %d bytes", length+1);
+ return PAM_BUF_ERR;
+ }
+
+ /*
+ * The first thing on the line HAS to be the variable name,
+ * it may be the only thing though.
+ */
+ strncpy(var->name, buffer, length);
+ var->name[length] = '\0';
+ D(("var->name = <%s>, length = %d", var->name, length));
+
+ /*
+ * Now we check for arguments, we only support two kinds and ('cause I am lazy)
+ * each one can actually be listed any number of times
+ */
+
+ ptr = buffer+length;
+ while ((length = strspn(ptr, " \t")) > 0) {
+ ptr += length; /* remove leading whitespace */
+ D((ptr));
+ if (strncmp(ptr,"DEFAULT=",8) == 0) {
+ ptr+=8;
+ D(("Default arg found: <%s>", ptr));
+ valptr=&(var->defval);
+ } else if (strncmp(ptr, "OVERRIDE=", 9) == 0) {
+ ptr+=9;
+ D(("Override arg found: <%s>", ptr));
+ valptr=&(var->override);
+ } else {
+ D(("Unrecognized options: <%s> - ignoring line", ptr));
+ pam_syslog(pamh, LOG_ERR, "Unrecognized Option: %s - ignoring line", ptr);
+ return BAD_LINE;
+ }
+
+ if ('"' != *ptr) { /* Escaped quotes not supported */
+ length = strcspn(ptr, " \t\n");
+ tmpptr = ptr+length;
+ } else {
+ tmpptr = strchr(++ptr, '"');
+ if (!tmpptr) {
+ D(("Unterminated quoted string: %s", ptr-1));
+ pam_syslog(pamh, LOG_ERR, "Unterminated quoted string: %s", ptr-1);
+ return BAD_LINE;
+ }
+ length = tmpptr - ptr;
+ if (*++tmpptr && ' ' != *tmpptr && '\t' != *tmpptr && '\n' != *tmpptr) {
+ D(("Quotes must cover the entire string: <%s>", ptr));
+ pam_syslog(pamh, LOG_ERR, "Quotes must cover the entire string: <%s>", ptr);
+ return BAD_LINE;
+ }
+ quoteflg++;
+ }
+ if (length) {
+ if ((*valptr = malloc(length + 1)) == NULL) {
+ D(("Couldn't malloc %d bytes", length+1));
+ pam_syslog(pamh, LOG_ERR, "Couldn't malloc %d bytes", length+1);
+ return PAM_BUF_ERR;
+ }
+ (void)strncpy(*valptr,ptr,length);
+ (*valptr)[length]='\0';
+ } else if (quoteflg--) {
+ *valptr = &quote; /* a quick hack to handle the empty string */
+ }
+ ptr = tmpptr; /* Start the search where we stopped */
+ } /* while */
+
+ /*
+ * The line is parsed, all is well.
+ */
+
+ D(("Exit."));
+ ptr = NULL; tmpptr = NULL; valptr = NULL;
+ return GOOD_LINE;
+}
+
+static int _check_var(pam_handle_t *pamh, VAR *var)
+{
+ /*
+ * Examine the variable and determine what action to take.
+ * Returns DEFINE_VAR, UNDEFINE_VAR depending on action to take
+ * or a PAM_* error code if passed back from other routines
+ *
+ * if no DEFAULT provided, the empty string is assumed
+ * if no OVERRIDE provided, the empty string is assumed
+ * if DEFAULT= and OVERRIDE evaluates to the empty string,
+ * this variable should be undefined
+ * if DEFAULT="" and OVERRIDE evaluates to the empty string,
+ * this variable should be defined with no value
+ * if OVERRIDE=value and value turns into the empty string, DEFAULT is used
+ *
+ * If DEFINE_VAR is to be returned, the correct value to define will
+ * be pointed to by var->value
+ */
+
+ int retval;
+
+ D(("Called."));
+
+ /*
+ * First thing to do is to expand any arguments, but only
+ * if they are not the special quote values (cause expand_arg
+ * changes memory).
+ */
+
+ if (var->defval && (&quote != var->defval) &&
+ ((retval = _expand_arg(pamh, &(var->defval))) != PAM_SUCCESS)) {
+ return retval;
+ }
+ if (var->override && (&quote != var->override) &&
+ ((retval = _expand_arg(pamh, &(var->override))) != PAM_SUCCESS)) {
+ return retval;
+ }
+
+ /* Now its easy */
+
+ if (var->override && *(var->override) && &quote != var->override) {
+ /* if there is a non-empty string in var->override, we use it */
+ D(("OVERRIDE variable <%s> being used: <%s>", var->name, var->override));
+ var->value = var->override;
+ retval = DEFINE_VAR;
+ } else {
+
+ var->value = var->defval;
+ if (&quote == var->defval) {
+ /*
+ * This means that the empty string was given for defval value
+ * which indicates that a variable should be defined with no value
+ */
+ *var->defval = '\0';
+ D(("An empty variable: <%s>", var->name));
+ retval = DEFINE_VAR;
+ } else if (var->defval) {
+ D(("DEFAULT variable <%s> being used: <%s>", var->name, var->defval));
+ retval = DEFINE_VAR;
+ } else {
+ D(("UNDEFINE variable <%s>", var->name));
+ retval = UNDEFINE_VAR;
+ }
+ }
+
+ D(("Exit."));
+ return retval;
+}
+
+static int _expand_arg(pam_handle_t *pamh, char **value)
+{
+ const char *orig=*value, *tmpptr=NULL;
+ char *ptr; /*
+ * Sure would be nice to use tmpptr but it needs to be
+ * a constant so that the compiler will shut up when I
+ * call pam_getenv and _pam_get_item_byname -- sigh
+ */
+
+ /* No unexpanded variable can be bigger than BUF_SIZE */
+ char type, tmpval[BUF_SIZE];
+
+ /* I know this shouldn't be hard-coded but it's so much easier this way */
+ char tmp[MAX_ENV];
+
+ D(("Remember to initialize tmp!"));
+ memset(tmp, 0, MAX_ENV);
+
+ /*
+ * (possibly non-existent) environment variables can be used as values
+ * by prepending a "$" and wrapping in {} (ie: ${HOST}), can escape with "\"
+ * (possibly non-existent) PAM items can be used as values
+ * by prepending a "@" and wrapping in {} (ie: @{PAM_RHOST}, can escape
+ *
+ */
+ D(("Expanding <%s>",orig));
+ while (*orig) { /* while there is some input to deal with */
+ if ('\\' == *orig) {
+ ++orig;
+ if ('$' != *orig && '@' != *orig) {
+ D(("Unrecognized escaped character: <%c> - ignoring", *orig));
+ pam_syslog(pamh, LOG_ERR,
+ "Unrecognized escaped character: <%c> - ignoring",
+ *orig);
+ } else if ((strlen(tmp) + 1) < MAX_ENV) {
+ tmp[strlen(tmp)] = *orig++; /* Note the increment */
+ } else {
+ /* is it really a good idea to try to log this? */
+ D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
+ pam_syslog (pamh, LOG_ERR, "Variable buffer overflow: <%s> + <%s>",
+ tmp, tmpptr);
+ }
+ continue;
+ }
+ if ('$' == *orig || '@' == *orig) {
+ if ('{' != *(orig+1)) {
+ D(("Expandable variables must be wrapped in {}"
+ " <%s> - ignoring", orig));
+ pam_syslog(pamh, LOG_ERR, "Expandable variables must be wrapped in {}"
+ " <%s> - ignoring", orig);
+ if ((strlen(tmp) + 1) < MAX_ENV) {
+ tmp[strlen(tmp)] = *orig++; /* Note the increment */
+ }
+ continue;
+ } else {
+ D(("Expandable argument: <%s>", orig));
+ type = *orig;
+ orig+=2; /* skip the ${ or @{ characters */
+ ptr = strchr(orig, '}');
+ if (ptr) {
+ *ptr++ = '\0';
+ } else {
+ D(("Unterminated expandable variable: <%s>", orig-2));
+ pam_syslog(pamh, LOG_ERR,
+ "Unterminated expandable variable: <%s>", orig-2);
+ return PAM_ABORT;
+ }
+ strncpy(tmpval, orig, sizeof(tmpval));
+ tmpval[sizeof(tmpval)-1] = '\0';
+ orig=ptr;
+ /*
+ * so, we know we need to expand tmpval, it is either
+ * an environment variable or a PAM_ITEM. type will tell us which
+ */
+ switch (type) {
+
+ case '$':
+ D(("Expanding env var: <%s>",tmpval));
+ tmpptr = pam_getenv(pamh, tmpval);
+ D(("Expanded to <%s>", tmpptr));
+ break;
+
+ case '@':
+ D(("Expanding pam item: <%s>",tmpval));
+ tmpptr = _pam_get_item_byname(pamh, tmpval);
+ D(("Expanded to <%s>", tmpptr));
+ break;
+
+ default:
+ D(("Impossible error, type == <%c>", type));
+ pam_syslog(pamh, LOG_CRIT, "Impossible error, type == <%c>", type);
+ return PAM_ABORT;
+ } /* switch */
+
+ if (tmpptr) {
+ if ((strlen(tmp) + strlen(tmpptr)) < MAX_ENV) {
+ strcat(tmp, tmpptr);
+ } else {
+ /* is it really a good idea to try to log this? */
+ D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
+ pam_syslog (pamh, LOG_ERR,
+ "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr);
+ }
+ }
+ } /* if ('{' != *orig++) */
+ } else { /* if ( '$' == *orig || '@' == *orig) */
+ if ((strlen(tmp) + 1) < MAX_ENV) {
+ tmp[strlen(tmp)] = *orig++; /* Note the increment */
+ } else {
+ /* is it really a good idea to try to log this? */
+ D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
+ pam_syslog(pamh, LOG_ERR,
+ "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr);
+ }
+ }
+ } /* for (;*orig;) */
+
+ if (strlen(tmp) > strlen(*value)) {
+ free(*value);
+ if ((*value = malloc(strlen(tmp) +1)) == NULL) {
+ D(("Couldn't malloc %d bytes for expanded var", strlen(tmp)+1));
+ pam_syslog (pamh, LOG_ERR, "Couldn't malloc %lu bytes for expanded var",
+ (unsigned long)strlen(tmp)+1);
+ return PAM_BUF_ERR;
+ }
+ }
+ strcpy(*value, tmp);
+ memset(tmp,'\0',sizeof(tmp));
+ D(("Exit."));
+
+ return PAM_SUCCESS;
+}
+
+static const char * _pam_get_item_byname(pam_handle_t *pamh, const char *name)
+{
+ /*
+ * This function just allows me to use names as given in the config
+ * file and translate them into the appropriate PAM_ITEM macro
+ */
+
+ int item;
+ const void *itemval;
+
+ D(("Called."));
+ if (strcmp(name, "PAM_USER") == 0) {
+ item = PAM_USER;
+ } else if (strcmp(name, "PAM_USER_PROMPT") == 0) {
+ item = PAM_USER_PROMPT;
+ } else if (strcmp(name, "PAM_TTY") == 0) {
+ item = PAM_TTY;
+ } else if (strcmp(name, "PAM_RUSER") == 0) {
+ item = PAM_RUSER;
+ } else if (strcmp(name, "PAM_RHOST") == 0) {
+ item = PAM_RHOST;
+ } else {
+ D(("Unknown PAM_ITEM: <%s>", name));
+ pam_syslog (pamh, LOG_ERR, "Unknown PAM_ITEM: <%s>", name);
+ return NULL;
+ }
+
+ if (pam_get_item(pamh, item, &itemval) != PAM_SUCCESS) {
+ D(("pam_get_item failed"));
+ return NULL; /* let pam_get_item() log the error */
+ }
+ D(("Exit."));
+ return itemval;
+}
+
+static int _define_var(pam_handle_t *pamh, VAR *var)
+{
+ /* We have a variable to define, this is a simple function */
+
+ char *envvar;
+ int retval = PAM_SUCCESS;
+
+ D(("Called."));
+ if (asprintf(&envvar, "%s=%s", var->name, var->value) < 0) {
+ pam_syslog(pamh, LOG_ERR, "out of memory");
+ return PAM_BUF_ERR;
+ }
+
+ retval = pam_putenv(pamh, envvar);
+ _pam_drop(envvar);
+ D(("Exit."));
+ return retval;
+}
+
+static int _undefine_var(pam_handle_t *pamh, VAR *var)
+{
+ /* We have a variable to undefine, this is a simple function */
+
+ D(("Called and exit."));
+ return pam_putenv(pamh, var->name);
+}
+
+static void _clean_var(VAR *var)
+{
+ if (var->name) {
+ free(var->name);
+ }
+ if (var->defval && (&quote != var->defval)) {
+ free(var->defval);
+ }
+ if (var->override && (&quote != var->override)) {
+ free(var->override);
+ }
+ var->name = NULL;
+ var->value = NULL; /* never has memory specific to it */
+ var->defval = NULL;
+ var->override = NULL;
+ return;
+}
+
+
+
+/* --- authentication management functions (only) --- */
+
+PAM_EXTERN int
+pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ return PAM_IGNORE;
+}
+
+PAM_EXTERN int
+pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ int retval, ctrl, readenv=DEFAULT_READ_ENVFILE;
+ const char *conf_file = NULL, *env_file = NULL;
+
+ /*
+ * this module sets environment variables read in from a file
+ */
+
+ D(("Called."));
+ ctrl = _pam_parse(pamh, argc, argv, &conf_file, &env_file, &readenv);
+
+ retval = _parse_config_file(pamh, ctrl, conf_file);
+
+ if(readenv && retval == PAM_SUCCESS) {
+ retval = _parse_env_file(pamh, ctrl, env_file);
+ if (retval == PAM_IGNORE)
+ retval = PAM_SUCCESS;
+ }
+
+ /* indicate success or failure */
+
+ D(("Exit."));
+ return retval;
+}
+
+PAM_EXTERN int
+pam_sm_acct_mgmt (pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ pam_syslog (pamh, LOG_NOTICE, "pam_sm_acct_mgmt called inappropriately");
+ return PAM_SERVICE_ERR;
+}
+
+PAM_EXTERN int
+pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ int retval, ctrl, readenv=DEFAULT_READ_ENVFILE;
+ const char *conf_file = NULL, *env_file = NULL;
+
+ /*
+ * this module sets environment variables read in from a file
+ */
+
+ D(("Called."));
+ ctrl = _pam_parse(pamh, argc, argv, &conf_file, &env_file, &readenv);
+
+ retval = _parse_config_file(pamh, ctrl, conf_file);
+
+ if(readenv && retval == PAM_SUCCESS) {
+ retval = _parse_env_file(pamh, ctrl, env_file);
+ if (retval == PAM_IGNORE)
+ retval = PAM_SUCCESS;
+ }
+
+ /* indicate success or failure */
+
+ D(("Exit."));
+ return retval;
+}
+
+PAM_EXTERN int
+pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ D(("Called and Exit"));
+ return PAM_SUCCESS;
+}
+
+PAM_EXTERN int
+pam_sm_chauthtok (pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ pam_syslog (pamh, LOG_NOTICE, "pam_sm_chauthtok called inappropriately");
+ return PAM_SERVICE_ERR;
+}
+
+#ifdef PAM_STATIC
+
+/* static module data */
+
+struct pam_module _pam_env_modstruct = {
+ "pam_env",
+ pam_sm_authenticate,
+ pam_sm_setcred,
+ pam_sm_acct_mgmt,
+ pam_sm_open_session,
+ pam_sm_close_session,
+ pam_sm_chauthtok,
+};
+
+#endif
+
+/* end of module definition */
diff --git a/modules/pam_env/pam_env.conf b/modules/pam_env/pam_env.conf
new file mode 100644
index 00000000..d0ba35c2
--- /dev/null
+++ b/modules/pam_env/pam_env.conf
@@ -0,0 +1,73 @@
+#
+# This is the configuration file for pam_env, a PAM module to load in
+# a configurable list of environment variables for a
+#
+# The original idea for this came from Andrew G. Morgan ...
+#<quote>
+# Mmm. Perhaps you might like to write a pam_env module that reads a
+# default environment from a file? I can see that as REALLY
+# useful... Note it would be an "auth" module that returns PAM_IGNORE
+# for the auth part and sets the environment returning PAM_SUCCESS in
+# the setcred function...
+#</quote>
+#
+# What I wanted was the REMOTEHOST variable set, purely for selfish
+# reasons, and AGM didn't want it added to the SimpleApps login
+# program (which is where I added the patch). So, my first concern is
+# that variable, from there there are numerous others that might/would
+# be useful to be set: NNTPSERVER, LESS, PATH, PAGER, MANPAGER .....
+#
+# Of course, these are a different kind of variable than REMOTEHOST in
+# that they are things that are likely to be configured by
+# administrators rather than set by logging in, how to treat them both
+# in the same config file?
+#
+# Here is my idea:
+#
+# Each line starts with the variable name, there are then two possible
+# options for each variable DEFAULT and OVERRIDE.
+# DEFAULT allows and administrator to set the value of the
+# variable to some default value, if none is supplied then the empty
+# string is assumed. The OVERRIDE option tells pam_env that it should
+# enter in its value (overriding the default value) if there is one
+# to use. OVERRIDE is not used, "" is assumed and no override will be
+# done.
+#
+# VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]]
+#
+# (Possibly non-existent) environment variables may be used in values
+# using the ${string} syntax and (possibly non-existent) PAM_ITEMs may
+# be used in values using the @{string} syntax. Both the $ and @
+# characters can be backslash escaped to be used as literal values
+# values can be delimited with "", escaped " not supported.
+# Note that many environment variables that you would like to use
+# may not be set by the time the module is called.
+# For example, HOME is used below several times, but
+# many PAM applications don't make it available by the time you need it.
+#
+#
+# First, some special variables
+#
+# Set the REMOTEHOST variable for any hosts that are remote, default
+# to "localhost" rather than not being set at all
+#REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
+#
+# Set the DISPLAY variable if it seems reasonable
+#DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
+#
+#
+# Now some simple variables
+#
+#PAGER DEFAULT=less
+#MANPAGER DEFAULT=less
+#LESS DEFAULT="M q e h15 z23 b80"
+#NNTPSERVER DEFAULT=localhost
+#PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
+#:/usr/bin:/usr/local/bin/X11:/usr/bin/X11
+#
+# silly examples of escaped variables, just to show how they work.
+#
+#DOLLAR DEFAULT=\$
+#DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR}
+#DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST}
+#ATSIGN DEFAULT="" OVERRIDE=\@
diff --git a/modules/pam_env/pam_env.conf.5 b/modules/pam_env/pam_env.conf.5
new file mode 100644
index 00000000..3870f3ec
--- /dev/null
+++ b/modules/pam_env/pam_env.conf.5
@@ -0,0 +1,87 @@
+.\" Title: pam_env.conf
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
+.\" Date: 04/16/2008
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\"
+.TH "PAM_ENV\.CONF" "5" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_env.conf - the environment variables config file
+.SH "DESCRIPTION"
+.PP
+The
+\fI/etc/security/pam_env\.conf\fR
+file specifies the environment variables to be set, unset or modified by
+\fBpam_env\fR(8)\. When someone logs in, this file is read and the environment variables are set according\.
+.PP
+Each line starts with the variable name, there are then two possible options for each variable DEFAULT and OVERRIDE\. DEFAULT allows and administrator to set the value of the variable to some default value, if none is supplied then the empty string is assumed\. The OVERRIDE option tells pam_env that it should enter in its value (overriding the default value) if there is one to use\. OVERRIDE is not used, "" is assumed and no override will be done\.
+.PP
+
+\fIVARIABLE\fR
+[\fIDEFAULT=[value]\fR] [\fIOVERRIDE=[value]\fR]
+.PP
+(Possibly non\-existent) environment variables may be used in values using the ${string} syntax and (possibly non\-existent) PAM_ITEMs may be used in values using the @{string} syntax\. Both the $ and @ characters can be backslash escaped to be used as literal values values can be delimited with "", escaped " not supported\. Note that many environment variables that you would like to use may not be set by the time the module is called\. For example, HOME is used below several times, but many PAM applications don\'t make it available by the time you need it\.
+.PP
+The "\fI#\fR" character at start of line (no space at front) can be used to mark this line as a comment line\.
+.SH "EXAMPLES"
+.PP
+These are some example lines which might be specified in
+\fI/etc/security/pam_env\.conf\fR\.
+.PP
+Set the REMOTEHOST variable for any hosts that are remote, default to "localhost" rather than not being set at all
+.sp
+.RS 4
+.nf
+ REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
+
+.fi
+.RE
+.PP
+Set the DISPLAY variable if it seems reasonable
+.sp
+.RS 4
+.nf
+ DISPLAY DEFAULT=${REMOTEHOST}:0\.0 OVERRIDE=${DISPLAY}
+
+.fi
+.RE
+.PP
+Now some simple variables
+.sp
+.RS 4
+.nf
+ PAGER DEFAULT=less
+ MANPAGER DEFAULT=less
+ LESS DEFAULT="M q e h15 z23 b80"
+ NNTPSERVER DEFAULT=localhost
+ PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\e
+ :/usr/bin:/usr/local/bin/X11:/usr/bin/X11
+
+.fi
+.RE
+.PP
+Silly examples of escaped variables, just to show how they work\.
+.sp
+.RS 4
+.nf
+ DOLLAR DEFAULT=\e$
+ DOLLARDOLLAR DEFAULT= OVERRIDE=\e$${DOLLAR}
+ DOLLARPLUS DEFAULT=\e${REMOTEHOST}${REMOTEHOST}
+ ATSIGN DEFAULT="" OVERRIDE=\e@
+
+.fi
+.RE
+.SH "SEE ALSO"
+.PP
+
+\fBpam_env\fR(8),
+\fBpam.d\fR(5),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_env was written by Dave Kinchlea <kinch@kinch\.ark\.com>\.
diff --git a/modules/pam_env/pam_env.conf.5.xml b/modules/pam_env/pam_env.conf.5.xml
new file mode 100644
index 00000000..090e0e75
--- /dev/null
+++ b/modules/pam_env/pam_env.conf.5.xml
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_env.conf">
+
+ <refmeta>
+ <refentrytitle>pam_env.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname>pam_env.conf</refname>
+ <refpurpose>the environment variables config file</refpurpose>
+ </refnamediv>
+
+
+ <refsect1 id='pam_env.conf-description'>
+ <title>DESCRIPTION</title>
+
+ <para>
+ The <filename>/etc/security/pam_env.conf</filename> file specifies
+ the environment variables to be set, unset or modified by
+ <citerefentry><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+ When someone logs in, this file is read and the environment
+ variables are set according.
+ </para>
+ <para>
+ Each line starts with the variable name, there are then two possible
+ options for each variable DEFAULT and OVERRIDE. DEFAULT allows and
+ administrator to set the value of the variable to some default
+ value, if none is supplied then the empty string is assumed. The
+ OVERRIDE option tells pam_env that it should enter in its value
+ (overriding the default value) if there is one to use. OVERRIDE is
+ not used, "" is assumed and no override will be done.
+ </para>
+ <para>
+ <replaceable>VARIABLE</replaceable>
+ [<replaceable>DEFAULT=[value]</replaceable>]
+ [<replaceable>OVERRIDE=[value]</replaceable>]
+ </para>
+
+ <para>
+ (Possibly non-existent) environment variables may be used in values
+ using the ${string} syntax and (possibly non-existent) PAM_ITEMs may
+ be used in values using the @{string} syntax. Both the $ and @
+ characters can be backslash escaped to be used as literal values
+ values can be delimited with "", escaped " not supported.
+ Note that many environment variables that you would like to use
+ may not be set by the time the module is called.
+ For example, HOME is used below several times, but
+ many PAM applications don't make it available by the time you need it.
+ </para>
+
+ <para>
+ The "<emphasis>#</emphasis>" character at start of line (no space
+ at front) can be used to mark this line as a comment line.
+ </para>
+
+ </refsect1>
+
+ <refsect1 id="pam_env.conf-examples">
+ <title>EXAMPLES</title>
+ <para>
+ These are some example lines which might be specified in
+ <filename>/etc/security/pam_env.conf</filename>.
+ </para>
+
+ <para>
+ Set the REMOTEHOST variable for any hosts that are remote, default
+ to "localhost" rather than not being set at all
+ </para>
+ <programlisting>
+ REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
+ </programlisting>
+
+ <para>
+ Set the DISPLAY variable if it seems reasonable
+ </para>
+ <programlisting>
+ DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
+ </programlisting>
+
+ <para>
+ Now some simple variables
+ </para>
+ <programlisting>
+ PAGER DEFAULT=less
+ MANPAGER DEFAULT=less
+ LESS DEFAULT="M q e h15 z23 b80"
+ NNTPSERVER DEFAULT=localhost
+ PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
+ :/usr/bin:/usr/local/bin/X11:/usr/bin/X11
+ </programlisting>
+
+ <para>
+ Silly examples of escaped variables, just to show how they work.
+ </para>
+ <programlisting>
+ DOLLAR DEFAULT=\$
+ DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR}
+ DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST}
+ ATSIGN DEFAULT="" OVERRIDE=\@
+ </programlisting>
+ </refsect1>
+
+ <refsect1 id="pam_env.conf-see_also">
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_env.conf-author">
+ <title>AUTHOR</title>
+ <para>
+ pam_env was written by Dave Kinchlea &lt;kinch@kinch.ark.com&gt;.
+ </para>
+ </refsect1>
+</refentry>
diff --git a/modules/pam_env/tst-pam_env b/modules/pam_env/tst-pam_env
new file mode 100755
index 00000000..c40e70a8
--- /dev/null
+++ b/modules/pam_env/tst-pam_env
@@ -0,0 +1,2 @@
+#!/bin/sh
+../../tests/tst-dlopen .libs/pam_env.so
diff --git a/modules/pam_exec/Makefile.am b/modules/pam_exec/Makefile.am
new file mode 100644
index 00000000..55fe9297
--- /dev/null
+++ b/modules/pam_exec/Makefile.am
@@ -0,0 +1,34 @@
+#
+# Copyright (c) 2006 Thorsten Kukuk <kukuk@suse.de>
+#
+
+CLEANFILES = *~
+
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_exec
+
+man_MANS = pam_exec.8
+
+XMLS = README.xml pam_exec.8.xml
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -no-undefined -avoid-version -module
+if HAVE_VERSIONING
+ AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+
+securelib_LTLIBRARIES = pam_exec.la
+pam_exec_la_LIBADD = -L$(top_builddir)/libpam -lpam
+
+if ENABLE_REGENERATE_MAN
+
+noinst_DATA = README
+
+README: pam_exec.8.xml
+
+-include $(top_srcdir)/Make.xml.rules
+endif
+
+TESTS = tst-pam_exec
diff --git a/modules/pam_exec/Makefile.in b/modules/pam_exec/Makefile.in
new file mode 100644
index 00000000..fac7a4e6
--- /dev/null
+++ b/modules/pam_exec/Makefile.in
@@ -0,0 +1,669 @@
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2006 Thorsten Kukuk <kukuk@suse.de>
+#
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+subdir = modules/pam_exec
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \
+ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"
+securelibLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(securelib_LTLIBRARIES)
+pam_exec_la_DEPENDENCIES =
+pam_exec_la_SOURCES = pam_exec.c
+pam_exec_la_OBJECTS = pam_exec.lo
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = pam_exec.c
+DIST_SOURCES = pam_exec.c
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DATA = $(noinst_DATA)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+FO2PDF = @FO2PDF@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNSL = @LIBNSL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NMEDIT = @NMEDIT@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PAM_READ_BOTH_CONFS = @PAM_READ_BOTH_CONFS@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WITH_DEBUG = @WITH_DEBUG@
+WITH_PAMLOCKING = @WITH_PAMLOCKING@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libc_cv_fpie = @libc_cv_fpie@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+CLEANFILES = *~
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_exec
+man_MANS = pam_exec.8
+XMLS = README.xml pam_exec.8.xml
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
+securelib_LTLIBRARIES = pam_exec.la
+pam_exec_la_LIBADD = -L$(top_builddir)/libpam -lpam
+@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+TESTS = tst-pam_exec
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_exec/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu modules/pam_exec/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)"
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(securelibdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(securelibdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-securelibLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$p'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$p"; \
+ done
+
+clean-securelibLTLIBRARIES:
+ -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+pam_exec.la: $(pam_exec_la_OBJECTS) $(pam_exec_la_DEPENDENCIES)
+ $(LINK) -rpath $(securelibdir) $(pam_exec_la_OBJECTS) $(pam_exec_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_exec.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
+installdirs:
+ for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man install-securelibLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES
+
+uninstall-man: uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \
+ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am \
+ install-securelibLTLIBRARIES install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-man uninstall-man8 \
+ uninstall-securelibLTLIBRARIES
+
+
+@ENABLE_REGENERATE_MAN_TRUE@README: pam_exec.8.xml
+
+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/modules/pam_exec/README b/modules/pam_exec/README
new file mode 100644
index 00000000..f0845205
--- /dev/null
+++ b/modules/pam_exec/README
@@ -0,0 +1,52 @@
+pam_exec — PAM module which calls an external command
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+pam_exec is a PAM module that can be used to run an external command.
+
+The child's environment is set to the current PAM environment list, as returned
+by pam_getenvlist(3) In addition, the following PAM items are exported as
+environment variables: PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_TTY, and PAM_USER
+.
+
+OPTIONS
+
+debug
+
+ Print debug information.
+
+log=file
+
+ The output of the command is appended to file
+
+quiet
+
+ Per default pam_exec.so will echo the exit status of the external command
+ if it fails. Specifying this option will suppress the message.
+
+seteuid
+
+ Per default pam_exec.so will execute the external command with the real
+ user ID of the calling process. Specifying this option means the command is
+ run with the effective user ID.
+
+EXAMPLES
+
+Add the following line to /etc/pam.d/passwd to rebuild the NIS database after
+each local password change:
+
+ passwd optional pam_exec.so seteuid make -C /var/yp
+
+
+This will execute the command
+
+make -C /var/yp
+
+with effective user ID.
+
+AUTHOR
+
+pam_exec was written by Thorsten Kukuk <kukuk@thkukuk.de>.
+
diff --git a/modules/pam_exec/README.xml b/modules/pam_exec/README.xml
new file mode 100644
index 00000000..5e76cab3
--- /dev/null
+++ b/modules/pam_exec/README.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_exec.8.xml">
+-->
+]>
+
+<article>
+
+ <articleinfo>
+
+ <title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_exec.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_exec-name"]/*)'/>
+ </title>
+
+ </articleinfo>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_exec.8.xml" xpointer='xpointer(//refsect1[@id = "pam_exec-description"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_exec.8.xml" xpointer='xpointer(//refsect1[@id = "pam_exec-options"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_exec.8.xml" xpointer='xpointer(//refsect1[@id = "pam_exec-examples"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_exec.8.xml" xpointer='xpointer(//refsect1[@id = "pam_exec-author"]/*)'/>
+ </section>
+
+</article>
diff --git a/modules/pam_exec/pam_exec.8 b/modules/pam_exec/pam_exec.8
new file mode 100644
index 00000000..da7c7830
--- /dev/null
+++ b/modules/pam_exec/pam_exec.8
@@ -0,0 +1,116 @@
+.\" Title: pam_exec
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
+.\" Date: 04/16/2008
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\"
+.TH "PAM_EXEC" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_exec - PAM module which calls an external command
+.SH "SYNOPSIS"
+.HP 12
+\fBpam_exec\.so\fR [debug] [seteuid] [quiet] [log=\fIfile\fR] \fIcommand\fR [\fI\.\.\.\fR]
+.SH "DESCRIPTION"
+.PP
+pam_exec is a PAM module that can be used to run an external command\.
+.PP
+The child\'s environment is set to the current PAM environment list, as returned by
+\fBpam_getenvlist\fR(3)
+In addition, the following PAM items are exported as environment variables:
+\fIPAM_RHOST\fR,
+\fIPAM_RUSER\fR,
+\fIPAM_SERVICE\fR,
+\fIPAM_TTY\fR, and
+\fIPAM_USER\fR\.
+.SH "OPTIONS"
+.PP
+.PP
+\fBdebug\fR
+.RS 4
+Print debug information\.
+.RE
+.PP
+\fBlog=\fR\fB\fIfile\fR\fR
+.RS 4
+The output of the command is appended to
+\fIfile\fR
+.RE
+.PP
+\fBquiet\fR
+.RS 4
+Per default pam_exec\.so will echo the exit status of the external command if it fails\. Specifying this option will suppress the message\.
+.RE
+.PP
+\fBseteuid\fR
+.RS 4
+Per default pam_exec\.so will execute the external command with the real user ID of the calling process\. Specifying this option means the command is run with the effective user ID\.
+.RE
+.SH "MODULE SERVICES PROVIDED"
+.PP
+The services
+\fBauth\fR,
+\fBaccount\fR,
+\fBpassword\fR
+and
+\fBsession\fR
+are supported\.
+.SH "RETURN VALUES"
+.PP
+.PP
+PAM_SUCCESS
+.RS 4
+The external command runs successfull\.
+.RE
+.PP
+PAM_SERVICE_ERR
+.RS 4
+No argument or a wrong number of arguments were given\.
+.RE
+.PP
+PAM_SYSTEM_ERR
+.RS 4
+A system error occured or the command to execute failed\.
+.RE
+.PP
+PAM_IGNORE
+.RS 4
+
+\fBpam_setcred\fR
+was called, which does not execute the command\.
+.RE
+.SH "EXAMPLES"
+.PP
+Add the following line to
+\fI/etc/pam\.d/passwd\fR
+to rebuild the NIS database after each local password change:
+.sp
+.RS 4
+.nf
+ passwd optional pam_exec\.so seteuid make \-C /var/yp
+
+.fi
+.RE
+.sp
+This will execute the command
+.sp
+.RS 4
+.nf
+make \-C /var/yp
+.fi
+.RE
+.sp
+with effective user ID\.
+.SH "SEE ALSO"
+.PP
+
+\fBpam.conf\fR(5),
+\fBpam.d\fR(8),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_exec was written by Thorsten Kukuk <kukuk@thkukuk\.de>\.
diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml
new file mode 100644
index 00000000..f4dc1e15
--- /dev/null
+++ b/modules/pam_exec/pam_exec.8.xml
@@ -0,0 +1,217 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_exec">
+
+ <refmeta>
+ <refentrytitle>pam_exec</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_exec-name">
+ <refname>pam_exec</refname>
+ <refpurpose>PAM module which calls an external command</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis id="pam_exec-cmdsynopsis">
+ <command>pam_exec.so</command>
+ <arg choice="opt">
+ debug
+ </arg>
+ <arg choice="opt">
+ seteuid
+ </arg>
+ <arg choice="opt">
+ quiet
+ </arg>
+ <arg choice="opt">
+ log=<replaceable>file</replaceable>
+ </arg>
+ <arg choice="plain">
+ <replaceable>command</replaceable>
+ </arg>
+ <arg choice="opt">
+ <replaceable>...</replaceable>
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id="pam_exec-description">
+
+ <title>DESCRIPTION</title>
+
+ <para>
+ pam_exec is a PAM module that can be used to run
+ an external command.
+ </para>
+
+ <para>
+ The child's environment is set to the current PAM environment list, as
+ returned by
+ <citerefentry>
+ <refentrytitle>pam_getenvlist</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>
+ In addition, the following PAM items are
+ exported as environment variables: <emphasis>PAM_RHOST</emphasis>,
+ <emphasis>PAM_RUSER</emphasis>, <emphasis>PAM_SERVICE</emphasis>,
+ <emphasis>PAM_TTY</emphasis>, and <emphasis>PAM_USER</emphasis>.
+ </para>
+
+ </refsect1>
+
+ <refsect1 id="pam_exec-options">
+
+ <title>OPTIONS</title>
+ <para>
+ <variablelist>
+
+ <varlistentry>
+ <term>
+ <option>debug</option>
+ </term>
+ <listitem>
+ <para>
+ Print debug information.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>log=<replaceable>file</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The output of the command is appended to
+ <filename>file</filename>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>quiet</option>
+ </term>
+ <listitem>
+ <para>
+ Per default pam_exec.so will echo the exit status of the
+ external command if it fails.
+ Specifying this option will suppress the message.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>seteuid</option>
+ </term>
+ <listitem>
+ <para>
+ Per default pam_exec.so will execute the external command
+ with the real user ID of the calling process.
+ Specifying this option means the command is run
+ with the effective user ID.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_exec-services">
+ <title>MODULE SERVICES PROVIDED</title>
+ <para>
+ The services <option>auth</option>, <option>account</option>,
+ <option>password</option> and <option>session</option> are supported.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_exec-return_values'>
+ <title>RETURN VALUES</title>
+ <para>
+ <variablelist>
+
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ The external command runs successfull.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_SERVICE_ERR</term>
+ <listitem>
+ <para>
+ No argument or a wrong number of arguments were given.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_SYSTEM_ERR</term>
+ <listitem>
+ <para>
+ A system error occured or the command to execute failed.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_IGNORE</term>
+ <listitem>
+ <para>
+ <function>pam_setcred</function> was called, which
+ does not execute the command.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_exec-examples'>
+ <title>EXAMPLES</title>
+ <para>
+ Add the following line to <filename>/etc/pam.d/passwd</filename> to
+ rebuild the NIS database after each local password change:
+ <programlisting>
+ passwd optional pam_exec.so seteuid make -C /var/yp
+ </programlisting>
+
+ This will execute the command
+ <programlisting>make -C /var/yp</programlisting>
+ with effective user ID.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_exec-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_exec-author'>
+ <title>AUTHOR</title>
+ <para>
+ pam_exec was written by Thorsten Kukuk &lt;kukuk@thkukuk.de&gt;.
+ </para>
+ </refsect1>
+
+</refentry>
diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c
new file mode 100644
index 00000000..14dddd54
--- /dev/null
+++ b/modules/pam_exec/pam_exec.c
@@ -0,0 +1,341 @@
+/*
+ * Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if defined(HAVE_CONFIG_H)
+#include "config.h"
+#endif
+
+#include <time.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <syslog.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+
+
+#define PAM_SM_AUTH
+#define PAM_SM_ACCOUNT
+#define PAM_SM_SESSION
+#define PAM_SM_PASSWORD
+
+#include <security/pam_modules.h>
+#include <security/pam_modutil.h>
+#include <security/pam_ext.h>
+
+#define ENV_ITEM(n) { (n), #n }
+static struct {
+ int item;
+ const char *name;
+} env_items[] = {
+ ENV_ITEM(PAM_SERVICE),
+ ENV_ITEM(PAM_USER),
+ ENV_ITEM(PAM_TTY),
+ ENV_ITEM(PAM_RHOST),
+ ENV_ITEM(PAM_RUSER),
+};
+
+static int
+call_exec (pam_handle_t *pamh, int argc, const char **argv)
+{
+ int debug = 0;
+ int call_setuid = 0;
+ int quiet = 0;
+ int optargc;
+ const char *logfile = NULL;
+ pid_t pid;
+
+ if (argc < 1) {
+ pam_syslog (pamh, LOG_ERR,
+ "This module needs at least one argument");
+ return PAM_SERVICE_ERR;
+ }
+
+ for (optargc = 0; optargc < argc; optargc++)
+ {
+ if (argv[optargc][0] == '/') /* paths starts with / */
+ break;
+
+ if (strcasecmp (argv[optargc], "debug") == 0)
+ debug = 1;
+ else if (strncasecmp (argv[optargc], "log=", 4) == 0)
+ logfile = &argv[optargc][4];
+ else if (strcasecmp (argv[optargc], "seteuid") == 0)
+ call_setuid = 1;
+ else if (strcasecmp (argv[optargc], "quiet") == 0)
+ quiet = 1;
+ else
+ break; /* Unknown option, assume program to execute. */
+ }
+
+
+ if (optargc >= argc) {
+ pam_syslog (pamh, LOG_ERR, "No path given as argument");
+ return PAM_SERVICE_ERR;
+ }
+
+ pid = fork();
+ if (pid == -1)
+ return PAM_SYSTEM_ERR;
+ if (pid > 0) /* parent */
+ {
+ int status = 0;
+ pid_t retval;
+ while ((retval = waitpid (pid, &status, 0)) == -1 &&
+ errno == EINTR);
+ if (retval == (pid_t)-1)
+ {
+ pam_syslog (pamh, LOG_ERR, "waitpid returns with -1: %m");
+ return PAM_SYSTEM_ERR;
+ }
+ else if (status != 0)
+ {
+ if (WIFEXITED(status))
+ {
+ pam_syslog (pamh, LOG_ERR, "%s failed: exit code %d",
+ argv[optargc], WEXITSTATUS(status));
+ if (!quiet)
+ pam_error (pamh, _("%s failed: exit code %d"),
+ argv[optargc], WEXITSTATUS(status));
+ }
+ else if (WIFSIGNALED(status))
+ {
+ pam_syslog (pamh, LOG_ERR, "%s failed: caught signal %d%s",
+ argv[optargc], WTERMSIG(status),
+ WCOREDUMP(status) ? " (core dumped)" : "");
+ if (!quiet)
+ pam_error (pamh, _("%s failed: caught signal %d%s"),
+ argv[optargc], WTERMSIG(status),
+ WCOREDUMP(status) ? " (core dumped)" : "");
+ }
+ else
+ {
+ pam_syslog (pamh, LOG_ERR, "%s failed: unknown status 0x%x",
+ argv[optargc], status);
+ if (!quiet)
+ pam_error (pamh, _("%s failed: unknown status 0x%x"),
+ argv[optargc], status);
+ }
+ return PAM_SYSTEM_ERR;
+ }
+ return PAM_SUCCESS;
+ }
+ else /* child */
+ {
+ char **arggv;
+ int i;
+
+ for (i = 0; i < sysconf (_SC_OPEN_MAX); i++)
+ close (i);
+
+ /* New stdin. */
+ if ((i = open ("/dev/null", O_RDWR)) < 0)
+ {
+ int err = errno;
+ pam_syslog (pamh, LOG_ERR, "open of /dev/null failed: %m");
+ exit (err);
+ }
+ /* New stdout and stderr. */
+ if (logfile)
+ {
+ time_t tm = time (NULL);
+ char *buffer = NULL;
+
+ if ((i = open (logfile, O_CREAT|O_APPEND|O_WRONLY,
+ S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1)
+ {
+ int err = errno;
+ pam_syslog (pamh, LOG_ERR, "open of %s failed: %m",
+ logfile);
+ exit (err);
+ }
+ if (asprintf (&buffer, "*** %s", ctime (&tm)) > 0)
+ {
+ pam_modutil_write (i, buffer, strlen (buffer));
+ free (buffer);
+ }
+ }
+ else
+ if (dup (i) == -1)
+ {
+ int err = errno;
+ pam_syslog (pamh, LOG_ERR, "dup failed: %m");
+ exit (err);
+ }
+ if (dup (i) == -1)
+ {
+ int err = errno;
+ pam_syslog (pamh, LOG_ERR, "dup failed: %m");
+ exit (err);
+ }
+
+ if (call_setuid)
+ if (setuid (geteuid ()) == -1)
+ {
+ int err = errno;
+ pam_syslog (pamh, LOG_ERR, "setuid(%lu) failed: %m",
+ (unsigned long) geteuid ());
+ exit (err);
+ }
+
+ if (setsid () == -1)
+ {
+ int err = errno;
+ pam_syslog (pamh, LOG_ERR, "setsid failed: %m");
+ exit (err);
+ }
+
+ arggv = calloc (argc + 4, sizeof (char *));
+ if (arggv == NULL)
+ exit (ENOMEM);
+
+ for (i = 0; i < (argc - optargc); i++)
+ arggv[i] = strdup(argv[i+optargc]);
+ arggv[i] = NULL;
+
+ char **envlist, **tmp;
+ int envlen, nitems;
+
+ /*
+ * Set up the child's environment list. It consists of the PAM
+ * environment, plus a few hand-picked PAM items.
+ */
+ envlist = pam_getenvlist(pamh);
+ for (envlen = 0; envlist[envlen] != NULL; ++envlen)
+ /* nothing */ ;
+ nitems = sizeof(env_items) / sizeof(*env_items);
+ tmp = realloc(envlist, (envlen + nitems + 1) * sizeof(*envlist));
+ if (tmp == NULL)
+ {
+ free(envlist);
+ pam_syslog (pamh, LOG_ERR, "realloc environment failed: %m");
+ exit (ENOMEM);
+ }
+ envlist = tmp;
+ for (i = 0; i < nitems; ++i)
+ {
+ const void *item;
+ char *envstr;
+
+ if (pam_get_item(pamh, env_items[i].item, &item) != PAM_SUCCESS || item == NULL)
+ continue;
+ if (asprintf(&envstr, "%s=%s", env_items[i].name, (const char *)item) < 0)
+ {
+ free(envlist);
+ pam_syslog (pamh, LOG_ERR, "prepare environment failed: %m");
+ exit (ENOMEM);
+ }
+ envlist[envlen++] = envstr;
+ envlist[envlen] = NULL;
+ }
+
+ if (debug)
+ pam_syslog (pamh, LOG_DEBUG, "Calling %s ...", arggv[0]);
+
+ if (execve (arggv[0], arggv, envlist) == -1)
+ {
+ int err = errno;
+ pam_syslog (pamh, LOG_ERR, "execve(%s,...) failed: %m",
+ arggv[0]);
+ free(envlist);
+ exit (err);
+ }
+ free(envlist);
+ exit (1); /* should never be reached. */
+ }
+ return PAM_SYSTEM_ERR; /* will never be reached. */
+}
+
+PAM_EXTERN int
+pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ return call_exec (pamh, argc, argv);
+}
+
+PAM_EXTERN int
+pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ return PAM_IGNORE;
+}
+
+/* password updating functions */
+
+PAM_EXTERN int
+pam_sm_chauthtok(pam_handle_t *pamh, int flags,
+ int argc, const char **argv)
+{
+ if (flags & PAM_PRELIM_CHECK)
+ return PAM_SUCCESS;
+ return call_exec (pamh, argc, argv);
+}
+
+PAM_EXTERN int
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ return call_exec (pamh, argc, argv);
+}
+
+PAM_EXTERN int
+pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ return call_exec (pamh, argc, argv);
+}
+
+PAM_EXTERN int
+pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ return call_exec (pamh, argc, argv);
+}
+
+#ifdef PAM_STATIC
+struct pam_module _pam_exec_modstruct = {
+ "pam_exec",
+ pam_sm_authenticate,
+ pam_sm_setcred,
+ pam_sm_acct_mgmt,
+ pam_sm_open_session,
+ pam_sm_close_session,
+ pam_sm_chauthtok,
+};
+#endif
diff --git a/modules/pam_exec/tst-pam_exec b/modules/pam_exec/tst-pam_exec
new file mode 100755
index 00000000..a0b00393
--- /dev/null
+++ b/modules/pam_exec/tst-pam_exec
@@ -0,0 +1,2 @@
+#!/bin/sh
+../../tests/tst-dlopen .libs/pam_exec.so
diff --git a/modules/pam_faildelay/Makefile.am b/modules/pam_faildelay/Makefile.am
new file mode 100644
index 00000000..2796018c
--- /dev/null
+++ b/modules/pam_faildelay/Makefile.am
@@ -0,0 +1,31 @@
+#
+# Copyright (c) 2006 Thorsten Kukuk <kukuk@suse.de>
+#
+
+CLEANFILES = *~
+
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_faildelay
+
+man_MANS = pam_faildelay.8
+XMLS = README.xml pam_faildelay.8.xml
+
+TESTS = tst-pam_faildelay
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -no-undefined -avoid-version -module
+if HAVE_VERSIONING
+ AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+
+securelib_LTLIBRARIES = pam_faildelay.la
+pam_faildelay_la_LIBADD = -L$(top_builddir)/libpam -lpam
+
+if ENABLE_REGENERATE_MAN
+noinst_DATA = README
+README: pam_faildelay.8.xml
+-include $(top_srcdir)/Make.xml.rules
+endif
+
diff --git a/modules/pam_faildelay/Makefile.in b/modules/pam_faildelay/Makefile.in
new file mode 100644
index 00000000..f2c2a672
--- /dev/null
+++ b/modules/pam_faildelay/Makefile.in
@@ -0,0 +1,667 @@
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2006 Thorsten Kukuk <kukuk@suse.de>
+#
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+subdir = modules/pam_faildelay
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \
+ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"
+securelibLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(securelib_LTLIBRARIES)
+pam_faildelay_la_DEPENDENCIES =
+pam_faildelay_la_SOURCES = pam_faildelay.c
+pam_faildelay_la_OBJECTS = pam_faildelay.lo
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = pam_faildelay.c
+DIST_SOURCES = pam_faildelay.c
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DATA = $(noinst_DATA)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+FO2PDF = @FO2PDF@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNSL = @LIBNSL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NMEDIT = @NMEDIT@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PAM_READ_BOTH_CONFS = @PAM_READ_BOTH_CONFS@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WITH_DEBUG = @WITH_DEBUG@
+WITH_PAMLOCKING = @WITH_PAMLOCKING@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libc_cv_fpie = @libc_cv_fpie@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+CLEANFILES = *~
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_faildelay
+man_MANS = pam_faildelay.8
+XMLS = README.xml pam_faildelay.8.xml
+TESTS = tst-pam_faildelay
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
+securelib_LTLIBRARIES = pam_faildelay.la
+pam_faildelay_la_LIBADD = -L$(top_builddir)/libpam -lpam
+@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_faildelay/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu modules/pam_faildelay/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)"
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(securelibdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(securelibdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-securelibLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$p'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$p"; \
+ done
+
+clean-securelibLTLIBRARIES:
+ -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+pam_faildelay.la: $(pam_faildelay_la_OBJECTS) $(pam_faildelay_la_DEPENDENCIES)
+ $(LINK) -rpath $(securelibdir) $(pam_faildelay_la_OBJECTS) $(pam_faildelay_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_faildelay.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
+installdirs:
+ for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man install-securelibLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES
+
+uninstall-man: uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \
+ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am \
+ install-securelibLTLIBRARIES install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-man uninstall-man8 \
+ uninstall-securelibLTLIBRARIES
+
+@ENABLE_REGENERATE_MAN_TRUE@README: pam_faildelay.8.xml
+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/modules/pam_faildelay/README b/modules/pam_faildelay/README
new file mode 100644
index 00000000..a06d7e3f
--- /dev/null
+++ b/modules/pam_faildelay/README
@@ -0,0 +1,33 @@
+pam_faildelay — Change the delay on failure per-application
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+pam_faildelay is a PAM module that can be used to set the delay on failure
+per-application.
+
+If no delay is given, pam_faildelay will use the value of FAIL_DELAY from /etc/
+login.defs.
+
+OPTIONS
+
+debug
+
+ Turns on debugging messages sent to syslog.
+
+delay=N
+
+ Set the delay on failure to N microseconds.
+
+EXAMPLES
+
+The following example will set the delay on failure to 10 seconds:
+
+auth optional pam_faildelay.so delay=10000000
+
+
+AUTHOR
+
+pam_faildelay was written by Darren Tucker <dtucker@zip.com.au>.
+
diff --git a/modules/pam_faildelay/README.xml b/modules/pam_faildelay/README.xml
new file mode 100644
index 00000000..64d4accc
--- /dev/null
+++ b/modules/pam_faildelay/README.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
+"http://www.docbook.org/xml/4.4/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_faildelay.8.xml">
+-->
+]>
+
+<article>
+
+ <articleinfo>
+
+ <title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_faildelay.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_faildelay-name"]/*)'/>
+ </title>
+
+ </articleinfo>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_faildelay.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faildelay-description"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_faildelay.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faildelay-options"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_faildelay.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faildelay-examples"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_faildelay.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faildelay-author"]/*)'/>
+ </section>
+
+</article>
diff --git a/modules/pam_faildelay/pam_faildelay.8 b/modules/pam_faildelay/pam_faildelay.8
new file mode 100644
index 00000000..10e310a0
--- /dev/null
+++ b/modules/pam_faildelay/pam_faildelay.8
@@ -0,0 +1,73 @@
+.\" Title: pam_faildelay
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
+.\" Date: 04/16/2008
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\"
+.TH "PAM_FAILDELAY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_faildelay - Change the delay on failure per-application
+.SH "SYNOPSIS"
+.HP 17
+\fBpam_faildelay\.so\fR [debug] [delay=\fImicroseconds\fR]
+.SH "DESCRIPTION"
+.PP
+pam_faildelay is a PAM module that can be used to set the delay on failure per\-application\.
+.PP
+If no
+\fBdelay\fR
+is given, pam_faildelay will use the value of FAIL_DELAY from
+\fI/etc/login\.defs\fR\.
+.SH "OPTIONS"
+.PP
+\fBdebug\fR
+.RS 4
+Turns on debugging messages sent to syslog\.
+.RE
+.PP
+\fBdelay=\fR\fB\fIN\fR\fR
+.RS 4
+Set the delay on failure to N microseconds\.
+.RE
+.SH "MODULE SERVICES PROVIDED"
+.PP
+Only the
+\fBauth\fR
+service is supported\.
+.SH "RETURN VALUES"
+.PP
+PAM_IGNORE
+.RS 4
+Delay was successful adjusted\.
+.RE
+.PP
+PAM_SYSTEM_ERR
+.RS 4
+The specified delay was not valid\.
+.RE
+.SH "EXAMPLES"
+.PP
+The following example will set the delay on failure to 10 seconds:
+.sp
+.RS 4
+.nf
+auth optional pam_faildelay\.so delay=10000000
+
+.fi
+.RE
+.sp
+.SH "SEE ALSO"
+.PP
+
+\fBpam_fail_delay\fR(3),
+\fBpam.conf\fR(5),
+\fBpam.d\fR(8),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_faildelay was written by Darren Tucker <dtucker@zip\.com\.au>\.
diff --git a/modules/pam_faildelay/pam_faildelay.8.xml b/modules/pam_faildelay/pam_faildelay.8.xml
new file mode 100644
index 00000000..d2dfd266
--- /dev/null
+++ b/modules/pam_faildelay/pam_faildelay.8.xml
@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
+ "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
+
+<refentry id="pam_faildelay">
+
+ <refmeta>
+ <refentrytitle>pam_faildelay</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_faildelay-name">
+ <refname>pam_faildelay</refname>
+ <refpurpose>Change the delay on failure per-application</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis id="pam_faildelay-cmdsynopsis">
+ <command>pam_faildelay.so</command>
+ <arg choice="opt">
+ debug
+ </arg>
+ <arg choice="opt">
+ delay=<replaceable>microseconds</replaceable>
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id="pam_faildelay-description">
+
+ <title>DESCRIPTION</title>
+
+ <para>
+ pam_faildelay is a PAM module that can be used to set
+ the delay on failure per-application.
+ </para>
+ <para>
+ If no <option>delay</option> is given, pam_faildelay will
+ use the value of FAIL_DELAY from <filename>/etc/login.defs</filename>.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_faildelay-options">
+
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>debug</option>
+ </term>
+ <listitem>
+ <para>
+ Turns on debugging messages sent to syslog.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>delay=<replaceable>N</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Set the delay on failure to N microseconds.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_faildelay-services">
+ <title>MODULE SERVICES PROVIDED</title>
+ <para>
+ Only the <option>auth</option> service is supported.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_faildelay-return_values'>
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_IGNORE</term>
+ <listitem>
+ <para>
+ Delay was successful adjusted.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SYSTEM_ERR</term>
+ <listitem>
+ <para>
+ The specified delay was not valid.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_faildelay-examples'>
+ <title>EXAMPLES</title>
+ <para>
+ The following example will set the delay on failure to
+ 10 seconds:
+ <programlisting>
+auth optional pam_faildelay.so delay=10000000
+ </programlisting>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_faildelay-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam_fail_delay</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_faildelay-author'>
+ <title>AUTHOR</title>
+ <para>
+ pam_faildelay was written by Darren Tucker &lt;dtucker@zip.com.au&gt;.
+ </para>
+ </refsect1>
+
+</refentry>
diff --git a/modules/pam_faildelay/pam_faildelay.c b/modules/pam_faildelay/pam_faildelay.c
new file mode 100644
index 00000000..072b7dd3
--- /dev/null
+++ b/modules/pam_faildelay/pam_faildelay.c
@@ -0,0 +1,231 @@
+/* pam_faildelay module */
+
+/*
+ * Allows an admin to set the delay on failure per-application.
+ * Provides "auth" interface only.
+ *
+ * Use by putting something like this in the relevant pam config:
+ * auth required pam_faildelay.so delay=[microseconds]
+ *
+ * eg:
+ * auth required pam_faildelay.so delay=10000000
+ * will set the delay on failure to 10 seconds.
+ *
+ * If no delay option was given, pam_faildelay.so will use the
+ * FAIL_DELAY value of /etc/login.defs.
+ *
+ * Based on pam_rootok and parts of pam_unix both by Andrew Morgan
+ * <morgan@linux.kernel.org>
+ *
+ * Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de>
+ * - Rewrite to use extended PAM functions
+ * - Add /etc/login.defs support
+ *
+ * Portions Copyright (c) 2005 Darren Tucker <dtucker at zip com au>.
+ *
+ * Redistribution and use in source and binary forms of, with
+ * or without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * 1. Redistributions of source code must retain any existing copyright
+ * notice, and this entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ *
+ * 2. Redistributions in binary form must reproduce all prior and current
+ * copyright notices, this list of conditions, and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * 3. The name of any author may not be used to endorse or promote
+ * products derived from this software without their specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of the
+ * GNU General Public License, in which case the provisions of the GNU
+ * GPL are required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential conflict between the GNU GPL and the
+ * restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
+ * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ */
+
+#include "config.h"
+
+#include <errno.h>
+#include <ctype.h>
+#include <stdio.h>
+#include <limits.h>
+#include <unistd.h>
+#include <syslog.h>
+#include <string.h>
+#include <stdlib.h>
+
+
+#define PAM_SM_AUTH
+
+#include <security/pam_modules.h>
+#include <security/pam_ext.h>
+
+
+#define BUF_SIZE 8192
+#define LOGIN_DEFS "/etc/login.defs"
+
+static char *
+search_key (const char *filename)
+{
+ FILE *fp;
+ char *buf = NULL;
+ size_t buflen = 0;
+ char *retval = NULL;
+
+ fp = fopen (filename, "r");
+ if (NULL == fp)
+ return NULL;
+
+ while (!feof (fp))
+ {
+ char *tmp, *cp;
+#if defined(HAVE_GETLINE)
+ ssize_t n = getline (&buf, &buflen, fp);
+#elif defined (HAVE_GETDELIM)
+ ssize_t n = getdelim (&buf, &buflen, '\n', fp);
+#else
+ ssize_t n;
+
+ if (buf == NULL)
+ {
+ buflen = BUF_SIZE;
+ buf = malloc (buflen);
+ }
+ buf[0] = '\0';
+ if (fgets (buf, buflen - 1, fp) == NULL)
+ break;
+ else if (buf != NULL)
+ n = strlen (buf);
+ else
+ n = 0;
+#endif /* HAVE_GETLINE / HAVE_GETDELIM */
+ cp = buf;
+
+ if (n < 1)
+ break;
+
+ tmp = strchr (cp, '#'); /* remove comments */
+ if (tmp)
+ *tmp = '\0';
+ while (isspace ((int)*cp)) /* remove spaces and tabs */
+ ++cp;
+ if (*cp == '\0') /* ignore empty lines */
+ continue;
+
+ if (cp[strlen (cp) - 1] == '\n')
+ cp[strlen (cp) - 1] = '\0';
+
+ tmp = strsep (&cp, " \t=");
+ if (cp != NULL)
+ while (isspace ((int)*cp) || *cp == '=')
+ ++cp;
+
+ if (strcasecmp (tmp, "FAIL_DELAY") == 0)
+ {
+ retval = strdup (cp);
+ break;
+ }
+ }
+ fclose (fp);
+
+ free (buf);
+
+ return retval;
+}
+
+
+/* --- authentication management functions (only) --- */
+
+PAM_EXTERN
+int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ int i, debug_flag = 0;
+ long int delay = -1;
+
+ /* step through arguments */
+ for (i = 0; i < argc; i++) {
+ if (sscanf(argv[i], "delay=%ld", &delay) == 1) {
+ /* sscanf did already everything necessary */
+ } else if (strcmp (argv[i], "debug") == 0)
+ debug_flag = 1;
+ else
+ pam_syslog (pamh, LOG_ERR, "unknown option; %s", argv[i]);
+ }
+
+ if (delay == -1)
+ {
+ char *endptr;
+ char *val = search_key (LOGIN_DEFS);
+ const char *val_orig = val;
+
+ if (val == NULL)
+ return PAM_IGNORE;
+
+ errno = 0;
+ delay = strtol (val, &endptr, 10) & 0777;
+ if (((delay == 0) && (val_orig == endptr)) ||
+ ((delay == LONG_MIN || delay == LONG_MAX) && (errno == ERANGE)))
+ {
+ pam_syslog (pamh, LOG_ERR, "FAIL_DELAY=%s in %s not valid",
+ val, LOGIN_DEFS);
+ free (val);
+ return PAM_IGNORE;
+ }
+
+ free (val);
+ /* delay is in seconds, convert to microseconds. */
+ delay *= 1000000;
+ }
+
+ if (debug_flag)
+ pam_syslog (pamh, LOG_DEBUG, "setting fail delay to %ld", delay);
+
+ i = pam_fail_delay(pamh, delay);
+ if (i == PAM_SUCCESS)
+ return PAM_IGNORE;
+ else
+ return i;
+}
+
+PAM_EXTERN
+int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ return PAM_IGNORE;
+}
+
+
+#ifdef PAM_STATIC
+
+/* static module data */
+
+struct pam_module _pam_faildelay_modstruct = {
+ "pam_faildelay",
+ pam_sm_authenticate,
+ pam_sm_setcred,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+};
+
+#endif
+
+/* end of module definition */
diff --git a/modules/pam_faildelay/tst-pam_faildelay b/modules/pam_faildelay/tst-pam_faildelay
new file mode 100755
index 00000000..87f7fd44
--- /dev/null
+++ b/modules/pam_faildelay/tst-pam_faildelay
@@ -0,0 +1,2 @@
+#!/bin/sh
+../../tests/tst-dlopen .libs/pam_faildelay.so
diff --git a/modules/pam_filter/Makefile.am b/modules/pam_filter/Makefile.am
new file mode 100644
index 00000000..ab2ceee9
--- /dev/null
+++ b/modules/pam_filter/Makefile.am
@@ -0,0 +1,34 @@
+#
+# Copyright (c) 2005, 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de>
+#
+
+SUBDIRS = upperLOWER
+
+CLEANFILES = *~
+
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_filter
+
+man_MANS = pam_filter.8
+XMLS = README.xml pam_filter.8.xml
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -no-undefined -avoid-version -module
+if HAVE_VERSIONING
+ AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+
+include_HEADERS=pam_filter.h
+pam_filter_la_LIBADD = -L$(top_builddir)/libpam -lpam
+
+securelib_LTLIBRARIES = pam_filter.la
+TESTS = tst-pam_filter
+
+if ENABLE_REGENERATE_MAN
+noinst_DATA = README
+README: pam_filter.8.xml
+-include $(top_srcdir)/Make.xml.rules
+endif
+
diff --git a/modules/pam_filter/Makefile.in b/modules/pam_filter/Makefile.in
new file mode 100644
index 00000000..d0f1573d
--- /dev/null
+++ b/modules/pam_filter/Makefile.in
@@ -0,0 +1,807 @@
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2005, 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de>
+#
+
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+subdir = modules/pam_filter
+DIST_COMMON = README $(include_HEADERS) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \
+ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" \
+ "$(DESTDIR)$(includedir)"
+securelibLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(securelib_LTLIBRARIES)
+pam_filter_la_DEPENDENCIES =
+pam_filter_la_SOURCES = pam_filter.c
+pam_filter_la_OBJECTS = pam_filter.lo
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = pam_filter.c
+DIST_SOURCES = pam_filter.c
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DATA = $(noinst_DATA)
+includeHEADERS_INSTALL = $(INSTALL_HEADER)
+HEADERS = $(include_HEADERS)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+FO2PDF = @FO2PDF@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNSL = @LIBNSL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NMEDIT = @NMEDIT@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PAM_READ_BOTH_CONFS = @PAM_READ_BOTH_CONFS@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WITH_DEBUG = @WITH_DEBUG@
+WITH_PAMLOCKING = @WITH_PAMLOCKING@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libc_cv_fpie = @libc_cv_fpie@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUBDIRS = upperLOWER
+CLEANFILES = *~
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_filter
+man_MANS = pam_filter.8
+XMLS = README.xml pam_filter.8.xml
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
+include_HEADERS = pam_filter.h
+pam_filter_la_LIBADD = -L$(top_builddir)/libpam -lpam
+securelib_LTLIBRARIES = pam_filter.la
+TESTS = tst-pam_filter
+@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+all: all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_filter/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu modules/pam_filter/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)"
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(securelibdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(securelibdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-securelibLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$p'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$p"; \
+ done
+
+clean-securelibLTLIBRARIES:
+ -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+ @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+pam_filter.la: $(pam_filter_la_OBJECTS) $(pam_filter_la_DEPENDENCIES)
+ $(LINK) -rpath $(securelibdir) $(pam_filter_la_OBJECTS) $(pam_filter_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_filter.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+install-includeHEADERS: $(include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ distdir=`$(am__cd) $(distdir) && pwd`; \
+ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+ (cd $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$top_distdir" \
+ distdir="$$distdir/$$subdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-recursive
+all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
+installdirs: installdirs-recursive
+installdirs-am:
+ for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(includedir)"; do \
+ test -z "$$dir" || $(MKDI