10 files changed, 769 insertions, 0 deletions
diff --git a/Linux-PAM/conf/Makefile b/Linux-PAM/conf/Makefile
new file mode 100644
index 00000000..a668607b
--- /dev/null
+++ b/Linux-PAM/conf/Makefile
@@ -0,0 +1,34 @@
+#
+# $Id: Makefile,v 1.1.1.1 2001/04/29 04:16:25 hartmans Exp $
+#
+#
+
+dummy:
+	@echo "*** This is not a top level Makefile!"
+
+##########################################################
+
+all:
+	$(MAKE) -C pam_conv1 all
+
+install: $(FAKEROOT)$(CONFIGED)/pam.conf
+	$(MAKE) -C pam_conv1 install
+
+$(FAKEROOT)$(CONFIGED)/pam.conf: ./pam.conf
+	bash -f ./install_conf
+
+remove:
+	rm -f $(FAKEROOT)$(CONFIGED)/pam.conf
+	$(MAKE) -C pam_conv1 remove
+
+check:
+	bash -f ./md5itall
+
+lclean:
+	rm -f core *~ .ignore_age
+
+clean: lclean
+	$(MAKE) -C pam_conv1 clean
+
+extraclean: lclean
+	$(MAKE) -C pam_conv1 extraclean
diff --git a/Linux-PAM/conf/install b/Linux-PAM/conf/install
new file mode 100755
index 00000000..2eae3671
--- /dev/null
+++ b/Linux-PAM/conf/install
@@ -0,0 +1,178 @@
+#!/bin/sh
+#
+# [This file was lifted from an X distribution. There was no explicit
+# copyright in the file, but the following text was associated with it.
+# should anyone from the X Consortium wish to alter the following
+# text. Please email <morgan@parc.power.net> Thanks. ]
+#
+# --------------------------
+# The X Consortium maintains and distributes the X Window System and
+# related software and documentation in coordinated releases. A release
+# consists of two distinct parts:
+# 
+# 1) Specifications and Sample implementations of X Consortium
+# standards, and
+# 
+# 2) software and documentation contributed by the general X Consortium
+# community.
+# 
+# The timing and contents of a release are determined by the Consortium
+# staff based on the needs and desires of the Members and the advice of
+# the Advisory Board, tempered by the resource constraints of the
+# Consortium.
+# 
+# Members have access to all X Consortium produced software and
+# documentation prior to release to the public. Each Member can receive
+# pre-releases and public releases at no charge. In addition, Members
+# have access to software and documentation while it is under
+# development, and can periodically request snapshots of the development
+# system at no charge.
+# 
+# The X Consortium also maintains an electronic mail system for
+# reporting problems with X Consortium produced software and
+# documentation. Members have access to all bug reports, as well as all
+# software patches as they are incrementally developed by the Consortium
+# staff between releases.
+# 
+# In general, all materials included in X Consortium releases are
+# copyrighted and contain permission notices granting unrestricted use,
+# sales and redistribution rights provided that the copyrights and the
+# permission notices are left intact. All materials are provided "as
+# is," without express or implied warranty.
+# --------------------------
+#
+# This accepts bsd-style install arguments and makes the appropriate calls
+# to the System V install.
+#
+
+flags=""
+dst=""
+src=""
+dostrip=""
+owner=""
+mode=""
+
+while [ x$1 != x ]; do
+    case $1 in 
+	-c) shift
+	    continue;;
+
+	-m) flags="$flags $1 $2 "
+	    mode="$2"
+	    shift
+	    shift
+	    continue;;
+
+	-o) flags="$flags -u $2 "
+	    owner="$2"
+	    shift
+	    shift
+	    continue;;
+
+	-g) flags="$flags $1 $2 "
+	    shift
+	    shift
+	    continue;;
+
+	-s) dostrip="strip"
+	    shift
+	    continue;;
+
+	*)  if [ x$src = x ] 
+	    then
+		src=$1
+	    else
+		dst=$1
+	    fi
+	    shift
+	    continue;;
+    esac
+done
+
+case "$mode" in
+"")
+	;;
+*)
+	case "$owner" in
+	"")
+		flags="$flags -u root"
+		;;
+	esac
+	;;
+esac
+
+if [ x$src = x ] 
+then
+	echo "$0:  no input file specified"
+	exit 1
+fi
+
+if [ x$dst = x ] 
+then
+	echo "$0:  no destination specified"
+	exit 1
+fi
+
+
+# set up some variable to be used later
+
+rmcmd=""
+srcdir="."
+
+# if the destination isn't a directory we'll need to copy it first
+
+if [ ! -d $dst ]
+then
+	dstbase=`basename $dst`
+	cp $src /tmp/$dstbase
+	rmcmd="rm -f /tmp/$dstbase"
+	src=$dstbase
+	srcdir=/tmp
+	dst="`echo $dst | sed 's,^\(.*\)/.*$,\1,'`"
+	if [ x$dst = x ]
+	then
+		dst="."
+	fi
+fi
+
+
+# If the src file has a directory, copy it to /tmp to make install happy
+
+srcbase=`basename $src`
+
+if [ "$src" != "$srcbase" -a "$src" != "./$srcbase" ] 
+then
+	cp $src /tmp/$srcbase
+	src=$srcbase
+	srcdir=/tmp
+	rmcmd="rm -f /tmp/$srcbase"
+fi
+
+# do the actual install
+
+if [ -f /usr/sbin/install ]
+then
+	installcmd=/usr/sbin/install
+elif [ -f /etc/install ]
+then
+	installcmd=/etc/install
+else
+	installcmd=install
+fi
+
+# This rm is commented out because some people want to be able to
+# install through symbolic links.  Uncomment it if it offends you.
+rm -f $dst/$srcbase
+(cd $srcdir ; $installcmd -f $dst $flags $src)
+
+if [ x$dostrip = xstrip ]
+then
+	strip $dst/$srcbase
+fi
+
+# and clean up
+
+$rmcmd
+
+exit
+
diff --git a/Linux-PAM/conf/install_conf b/Linux-PAM/conf/install_conf
new file mode 100755
index 00000000..7a2acd98
--- /dev/null
+++ b/Linux-PAM/conf/install_conf
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+CONFILE="$FAKEROOT"$CONFIGED/pam.conf
+IGNORE_AGE=./.ignore_age
+CONF=./pam.conf
+
+echo
+
+if [ -f "$IGNORE_AGE" ]; then
+	echo "you don't want to be bothered with the age of your $CONFILE file"
+	yes="n"
+elif [ ! -f "$CONFILE" ] || [ "$CONF" -nt "$CONFILE" ]; then
+	if [ -f "$CONFILE" ]; then
+		echo "\
+An older Linux-PAM configuration file already exists ($CONFILE)"
+		WRITE=overwrite
+	fi
+	echo -n "\
+Do you wish to copy the $CONF file in this distribution
+to $CONFILE ? (y/n) [n] "
+	read yes
+else
+	yes=n
+fi
+
+if [ "$yes" = "y" ]; then
+	echo "  copying $CONF to $CONFILE"
+	cp $CONF $CONFILE
+else
+	touch "$IGNORE_AGE"
+	echo "  Skipping $CONF installation"
+fi
+
+echo
+
+exit 0
diff --git a/Linux-PAM/conf/md5itall b/Linux-PAM/conf/md5itall
new file mode 100755
index 00000000..2f532b31
--- /dev/null
+++ b/Linux-PAM/conf/md5itall
@@ -0,0 +1,43 @@
+#!/bin/bash
+#
+# $Id: md5itall,v 1.1.1.1 2001/04/29 04:16:26 hartmans Exp $
+#
+# Created by Andrew G. Morgan (morgan@parc.power.net)
+#
+
+MD5SUM=md5sum
+CHKFILE1=./.md5sum
+CHKFILE2=./.md5sum-new
+
+which $MD5SUM > /dev/null
+result=$?
+
+if [ -x "$MD5SUM" ] || [ $result -eq 0 ]; then
+	rm -f $CHKFILE2
+	echo -n "computing md5 checksums."
+	for x in `cat ../.filelist` ; do
+		(cd ../.. ; $MD5SUM $x) >> $CHKFILE2
+		echo -n "."
+	done
+	echo
+	if [ -f "$CHKFILE1" ]; then
+		echo "\
+---> Note, since the last \`make check', the following file(s) have changed:
+==========================================================================="
+		diff $CHKFILE1 $CHKFILE2
+		if [ $? -eq 0 ]; then
+			echo "\
+--------------------------- Nothing has changed ---------------------------"
+		fi
+		echo "\
+==========================================================================="
+	fi
+	rm -f "$CHKFILE1"
+	mv "$CHKFILE2" "$CHKFILE1"
+	chmod 400 "$CHKFILE1"
+else
+	echo "\
+Please install \`$MD5SUM'.
+[It is used to check the integrity of this distribution]
+---> no check done."
+fi
diff --git a/Linux-PAM/conf/mkdirp b/Linux-PAM/conf/mkdirp
new file mode 100755
index 00000000..b0e04b05
--- /dev/null
+++ b/Linux-PAM/conf/mkdirp
@@ -0,0 +1,50 @@
+#!/bin/sh
+#
+# this is a wrapper for difficult mkdir programs...
+#
+
+for d in $*
+do
+	if [ ! -d $d ]; then
+		mkdir -p $d
+		if [ $? -ne 0 ]; then exit $? ; fi
+	fi
+done
+
+exit 0
+
+##########################################################################
+# if your mkdir does not support the -p option delete the above lines and
+# use what follows:
+--------------------
+#!/bin/sh
+
+#VERBOSE=yes
+Cwd=`pwd`
+
+for d in $*
+do
+	if [ "`echo $d|cut -c1`" != "/" ]; then 
+		x=`pwd`/$d
+	else
+		x=$d
+	fi
+	x="`echo $x|sed -e 'yX/X X'`"
+	cd /
+	for s in $x
+	do
+		if [ -d $s ]; then
+			if [ -n "$VERBOSE" ]; then echo -n "[$s/]"; fi
+			cd $s
+		else
+			mkdir $s
+			if [ $? -ne 0 ]; then exit $? ; fi
+			if [ -n "$VERBOSE" ]; then echo -n "$s/"; fi
+			cd $s
+		fi
+	done
+	if [ -n "$VERBOSE" ]; then echo ; fi
+	cd $Cwd
+done
+
+exit 0
diff --git a/Linux-PAM/conf/pam.conf b/Linux-PAM/conf/pam.conf
new file mode 100644
index 00000000..395b7ba3
--- /dev/null
+++ b/Linux-PAM/conf/pam.conf
@@ -0,0 +1,126 @@
+# ---------------------------------------------------------------------------#
+# /etc/pam.conf								     #
+#									     #
+# Last modified by Andrew G. Morgan <morgan@kernel.org>		             #
+# ---------------------------------------------------------------------------#
+# $Id: pam.conf,v 1.1.1.1 2001/04/29 04:16:26 hartmans Exp $
+# ---------------------------------------------------------------------------#
+# serv.	module	   ctrl	      module [path]	...[args..]		     #
+# name	type	   flag							     #
+# ---------------------------------------------------------------------------#
+#
+# The PAM configuration file for the `chfn' service
+#
+chfn	auth       required   pam_unix.so
+chfn	account    required   pam_unix.so
+chfn	password   required   pam_cracklib.so retry=3
+chfn	password   required   pam_unix.so shadow md5 use_authtok
+#
+# The PAM configuration file for the `chsh' service
+#
+chsh	auth       required   pam_unix.so
+chsh	account    required   pam_unix.so
+chsh	password   required   pam_cracklib.so retry=3
+chsh	password   required   pam_unix.so shadow md5 use_authtok
+#
+# The PAM configuration file for the `ftp' service
+#
+ftp	auth       requisite  pam_listfile.so \
+		item=user sense=deny file=/etc/ftpusers onerr=succeed
+ftp	auth       requisite  pam_shells.so
+ftp	auth       required   pam_unix.so
+ftp	account    required   pam_unix.so
+#
+# The PAM configuration file for the `imap' service
+#
+imap	auth       required   pam_unix.so
+imap	account    required   pam_unix.so
+#
+# The PAM configuration file for the `login' service
+#
+login	auth       requisite  pam_securetty.so
+login	auth       required   pam_unix.so
+login	auth       optional   pam_group.so
+login	account    requisite  pam_time.so
+login	account    required   pam_unix.so
+login	password   required   pam_cracklib.so retry=3
+login	password   required   pam_unix.so shadow md5 use_authtok
+login	session    required   pam_unix.so
+#
+# The PAM configuration file for the `netatalk' service
+#
+netatalk	auth       required   pam_unix.so
+netatalk	account    required   pam_unix.so
+#
+# The PAM configuration file for the `other' service
+#
+other	auth       required   pam_deny.so
+other	auth       required   pam_warn.so
+other	account    required   pam_deny.so
+other	password   required   pam_deny.so
+other	password   required   pam_warn.so
+other	session    required   pam_deny.so
+#
+# The PAM configuration file for the `passwd' service
+#
+passwd	password   requisite  pam_cracklib.so retry=3
+passwd	password   required   pam_unix.so shadow md5 use_authtok
+#
+# The PAM configuration file for the `rexec' service
+#
+rexec	auth       requisite  pam_securetty.so
+rexec	auth       requisite  pam_nologin.so
+rexec	auth       sufficient pam_rhosts_auth.so
+rexec	auth       required   pam_unix.so
+rexec	account    required   pam_unix.so
+rexec	session    required   pam_unix.so
+rexec	session    required   pam_limits.so
+#
+# The PAM configuration file for the `rlogin' service
+# this application passes control to `login' if it fails
+#
+rlogin	auth       requisite  pam_securetty.so
+rlogin	auth       requisite  pam_nologin.so
+rlogin	auth       required   pam_rhosts_auth.so
+rlogin	account    required   pam_unix.so
+rlogin	password   required   pam_cracklib.so retry=3
+rlogin	password   required   pam_unix.so shadow md5 use_authtok
+rlogin	session    required   pam_unix.so
+rlogin	session    required   pam_limits.so
+#
+# The PAM configuration file for the `rsh' service
+#
+rsh	auth       requisite  pam_securetty.so
+rsh	auth       requisite  pam_nologin.so
+rsh	auth       sufficient pam_rhosts_auth.so
+rsh	auth       required   pam_unix.so
+rsh	account    required   pam_unix.so
+rsh	session    required   pam_unix.so
+rsh	session    required   pam_limits.so
+#
+# The PAM configuration file for the `samba' service
+#
+samba	auth       required   pam_unix.so
+samba	account    required   pam_unix.so
+#
+# The PAM configuration file for the `su' service
+#
+su	auth       required   pam_wheel.so
+su	auth       sufficient pam_rootok.so
+su	auth       required   pam_unix.so
+su	account    required   pam_unix.so
+su	session    required   pam_unix.so
+#
+# The PAM configuration file for the `vlock' service
+#
+vlock	auth       required   pam_unix.so
+#
+# The PAM configuration file for the `xdm' service
+#
+xdm	auth       required   pam_unix.so
+xdm	account    required   pam_unix.so
+#
+# The PAM configuration file for the `xlock' service
+#
+xlock	auth       required   pam_unix.so
+
diff --git a/Linux-PAM/conf/pam_conv1/Makefile b/Linux-PAM/conf/pam_conv1/Makefile
new file mode 100644
index 00000000..f23c8aa6
--- /dev/null
+++ b/Linux-PAM/conf/pam_conv1/Makefile
@@ -0,0 +1,46 @@
+#
+# $Id: Makefile,v 1.1.1.2 2002/09/15 20:08:22 hartmans Exp $
+#
+
+include ../../Make.Rules
+
+#
+ifeq ($(OS),solaris)
+
+clean:
+      @echo not available in Solaris
+
+all:
+      @echo not available in Solaris
+
+install:
+      @echo not available in Solaris
+
+else
+
+all: pam_conv1
+
+pam_conv1: pam_conv.tab.c lex.yy.c
+	$(CC) -o pam_conv1 pam_conv.tab.c $(LINK_LIBLEX)
+
+pam_conv.tab.c: pam_conv.y lex.yy.c
+	bison pam_conv.y
+
+lex.yy.c: pam_conv.lex
+	flex pam_conv.lex
+
+lclean:
+	rm -f core pam_conv1 lex.yy.c pam_conv.tab.c *.o *~
+	rm -rf ./pam.d pam_conv.output
+
+clean: lclean
+
+install: pam_conv1
+	cp -f ./pam_conv1 ../../bin
+
+endif
+
+remove:
+	rm -f ../../bin/pam_conv1
+
+extraclean: remove clean
diff --git a/Linux-PAM/conf/pam_conv1/README b/Linux-PAM/conf/pam_conv1/README
new file mode 100644
index 00000000..3a750d73
--- /dev/null
+++ b/Linux-PAM/conf/pam_conv1/README
@@ -0,0 +1,10 @@
+$Id: README,v 1.1.1.1 2001/04/29 04:16:26 hartmans Exp $
+
+This directory contains a untility to convert pam.conf files to a pam.d/
+tree. The conversion program takes pam.conf from the standard input and
+creates the pam.d/ directory in the current directory.
+
+The program will fail if ./pam.d/ already exists.
+
+Andrew Morgan, February 1997
+
diff --git a/Linux-PAM/conf/pam_conv1/pam_conv.lex b/Linux-PAM/conf/pam_conv1/pam_conv.lex
new file mode 100644
index 00000000..addc60ae
--- /dev/null
+++ b/Linux-PAM/conf/pam_conv1/pam_conv.lex
@@ -0,0 +1,42 @@
+
+%{
+/*
+ * $Id: pam_conv.lex,v 1.1.1.1 2001/04/29 04:16:26 hartmans Exp $
+ *
+ * Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>
+ *
+ * This file is covered by the Linux-PAM License (which should be
+ * distributed with this file.)
+ */
+
+    const static char lexid[]=
+	"$Id: pam_conv.lex,v 1.1.1.1 2001/04/29 04:16:26 hartmans Exp $\n"
+	"Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>\n";
+
+    extern int current_line;
+%}
+
+%%
+
+"#"[^\n]*         ; /* skip comments (sorry) */
+
+"\\\n" {
+    ++current_line;
+}
+
+([^\n\t ]|[\\][^\n])+ {
+    return TOK;
+}
+
+[ \t]+      ; /* Ignore */
+
+<<EOF>> {
+    return EOFILE;
+}
+
+[\n] {
+    ++current_line;
+    return NL;
+}
+
+%%
diff --git a/Linux-PAM/conf/pam_conv1/pam_conv.y b/Linux-PAM/conf/pam_conv1/pam_conv.y
new file mode 100644
index 00000000..0cbfa5f8
--- /dev/null
+++ b/Linux-PAM/conf/pam_conv1/pam_conv.y
@@ -0,0 +1,204 @@
+%{
+
+/*
+ * $Id: pam_conv.y,v 1.1.1.2 2002/09/15 20:08:22 hartmans Exp $
+ *
+ * Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>
+ *
+ * This file is covered by the Linux-PAM License (which should be
+ * distributed with this file.)
+ */
+
+    const static char bisonid[]=
+	"$Id: pam_conv.y,v 1.1.1.2 2002/09/15 20:08:22 hartmans Exp $\n"
+	"Copyright (c) Andrew G. Morgan 1997-8 <morgan@linux.kernel.org>\n";
+
+#include <string.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+
+    int current_line=1;
+    extern char *yytext;
+
+/* XXX - later we'll change this to be the specific conf file(s) */
+#define newpamf stderr
+
+#define PAM_D                "./pam.d"
+#define PAM_D_MODE           0755
+#define PAM_D_MAGIC_HEADER   \
+    "#%PAM-1.0\n" \
+    "#[For version 1.0 syntax, the above header is optional]\n"
+
+#define PAM_D_FILE_FMT       PAM_D "/%s"
+
+    const char *old_to_new_ctrl_flag(const char *old);
+    void yyerror(const char *format, ...);
+%}
+
+%union {
+    int def;
+    char *string;
+}
+
+%token NL EOFILE TOK
+
+%type <string> tok path tokenls
+
+%start complete
+
+%%
+
+complete
+:
+| complete NL
+| complete line
+| complete EOFILE {
+    return 0;
+}
+;
+
+line
+: tok tok tok path tokenls NL {
+    char *filename;
+    FILE *conf;
+    int i;
+
+    /* make sure we have lower case */
+    for (i=0; $1[i]; ++i) {
+	$1[i] = tolower($1[i]);
+    }
+
+    /* $1 = service-name */
+    yyerror("Appending to " PAM_D "/%s", $1);
+
+    filename = malloc(strlen($1) + sizeof(PAM_D) + 6);
+    sprintf(filename, PAM_D_FILE_FMT, $1);
+    conf = fopen(filename, "r");
+    if (conf == NULL) {
+	/* new file */
+	conf = fopen(filename, "w");
+	if (conf != NULL) {
+	    fprintf(conf, PAM_D_MAGIC_HEADER);
+	    fprintf(conf,
+		    "#\n"
+		    "# The PAM configuration file for the `%s' service\n"
+		    "#\n", $1);
+	}
+    } else {
+	fclose(conf);
+	conf = fopen(filename, "a");
+    }
+    if (conf == NULL) {
+	yyerror("trouble opening %s - aborting", filename);
+	exit(1);
+    }
+    free(filename);
+
+    /* $2 = module-type */
+    fprintf(conf, "%-10s", $2);
+    free($2);
+
+    /* $3 = required etc. */
+    {
+	const char *trans;
+
+	trans = old_to_new_ctrl_flag($3);
+	free($3);
+	fprintf(conf, " %-10s", trans);
+    }
+
+    /* $4 = module-path */
+    fprintf(conf, " %s", $4);
+    free($4);
+
+    /* $5 = arguments */
+    if ($5 != NULL) {
+	fprintf(conf, " \\\n\t\t%s", $5);
+	free($5);
+    }
+
+    /* end line */
+    fprintf(conf, "\n");
+
+    fclose(conf);
+}
+| error NL {
+    yyerror("malformed line");
+}
+;
+
+tokenls
+: {
+    $$=NULL;
+}
+| tokenls tok {
+    int len;
+
+    if ($1) {
+	len = strlen($1) + strlen($2) + 2;
+	$$ = malloc(len);
+	sprintf($$,"%s %s",$1,$2);
+	free($1);
+	free($2);
+    } else {
+	$$ = $2;
+    }
+}
+;
+
+path
+: TOK {
+    /* XXX - this could be used to check if file present */
+    $$ = strdup(yytext);
+}
+
+tok
+: TOK {
+    $$ = strdup(yytext);
+}
+
+%%
+
+#include "lex.yy.c"
+
+const char *old_to_new_ctrl_flag(const char *old)
+{
+    static const char *clist[] = {
+	"requisite",
+	"required",
+	"sufficient",
+	"optional",
+	NULL,
+    };
+    int i;
+
+    for (i=0; clist[i]; ++i) {
+	if (strcasecmp(clist[i], old) == 0) {
+	    break;
+	}
+    }
+
+    return clist[i];
+}
+
+void yyerror(const char *format, ...)
+{
+    va_list args;
+
+    fprintf(stderr, "line %d: ", current_line);
+    va_start(args, format);
+    vfprintf(stderr, format, args);
+    va_end(args);
+    fprintf(stderr, "\n");
+}
+
+int main(int argc, char *argv[])
+{
+    if (mkdir(PAM_D, PAM_D_MODE) != 0) {
+	yyerror(PAM_D " already exists.. aborting");
+	exit(1);
+    }
+    yyparse();
+    exit(0);
+}